summaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorFabricio Voznika <fvoznika@google.com>2018-09-06 10:58:58 -0700
committerShentubot <shentubot@google.com>2018-09-06 11:00:08 -0700
commitefac28976c6dbf40627d02753fee1467c8272b45 (patch)
tree7e1f4c3ac4250bb0dc6c4e2ee40e50dcb5aae0e9
parentd95663a6b9831b56602c09f33a9679fa15175b97 (diff)
Enable network for multi-container
PiperOrigin-RevId: 211834411 Change-Id: I52311a6c5407f984e5069359d9444027084e4d2a
-rw-r--r--runsc/sandbox/network.go52
1 files changed, 27 insertions, 25 deletions
diff --git a/runsc/sandbox/network.go b/runsc/sandbox/network.go
index 8694ba755..60cbbfcdb 100644
--- a/runsc/sandbox/network.go
+++ b/runsc/sandbox/network.go
@@ -57,31 +57,33 @@ const (
func setupNetwork(conn *urpc.Client, pid int, spec *specs.Spec, conf *boot.Config) error {
log.Infof("Setting up network")
- // HACK!
- //
- // When kubernetes starts a pod, it first creates a sandbox with an
- // application that just pauses forever. Later, when a container is
- // added to the pod, kubernetes will create another sandbox with a
- // config that corresponds to the containerized application, and add it
- // to the same namespaces as the pause sandbox.
- //
- // Running a second sandbox currently breaks because the two sandboxes
- // have the same network namespace and configuration, and try to create
- // a tap device on the same host device which fails.
- //
- // Runsc will eventually need to detect that this container is meant to
- // be run in the same sandbox as the pausing application, and somehow
- // make that happen.
- //
- // For now the following HACK disables networking for the "pause"
- // sandbox, allowing the second sandbox to start up successfully.
- //
- // TODO: Remove this once multiple containers per sandbox
- // is properly supported.
- if spec.Annotations[crioContainerTypeAnnotation] == "sandbox" ||
- spec.Annotations[containerdContainerTypeAnnotation] == "sandbox" {
- log.Warningf("HACK: Disabling network")
- conf.Network = boot.NetworkNone
+ if !conf.MultiContainer {
+ // HACK!
+ //
+ // When kubernetes starts a pod, it first creates a sandbox with an
+ // application that just pauses forever. Later, when a container is
+ // added to the pod, kubernetes will create another sandbox with a
+ // config that corresponds to the containerized application, and add it
+ // to the same namespaces as the pause sandbox.
+ //
+ // Running a second sandbox currently breaks because the two sandboxes
+ // have the same network namespace and configuration, and try to create
+ // a tap device on the same host device which fails.
+ //
+ // Runsc will eventually need to detect that this container is meant to
+ // be run in the same sandbox as the pausing application, and somehow
+ // make that happen.
+ //
+ // For now the following HACK disables networking for the "pause"
+ // sandbox, allowing the second sandbox to start up successfully.
+ //
+ // TODO: Remove this once multiple containers per sandbox
+ // is properly supported.
+ if spec.Annotations[crioContainerTypeAnnotation] == "sandbox" ||
+ spec.Annotations[containerdContainerTypeAnnotation] == "sandbox" {
+ log.Warningf("HACK: Disabling network")
+ conf.Network = boot.NetworkNone
+ }
}
switch conf.Network {