diff options
author | Fabricio Voznika <fvoznika@google.com> | 2018-09-06 10:58:58 -0700 |
---|---|---|
committer | Shentubot <shentubot@google.com> | 2018-09-06 11:00:08 -0700 |
commit | efac28976c6dbf40627d02753fee1467c8272b45 (patch) | |
tree | 7e1f4c3ac4250bb0dc6c4e2ee40e50dcb5aae0e9 | |
parent | d95663a6b9831b56602c09f33a9679fa15175b97 (diff) |
Enable network for multi-container
PiperOrigin-RevId: 211834411
Change-Id: I52311a6c5407f984e5069359d9444027084e4d2a
-rw-r--r-- | runsc/sandbox/network.go | 52 |
1 files changed, 27 insertions, 25 deletions
diff --git a/runsc/sandbox/network.go b/runsc/sandbox/network.go index 8694ba755..60cbbfcdb 100644 --- a/runsc/sandbox/network.go +++ b/runsc/sandbox/network.go @@ -57,31 +57,33 @@ const ( func setupNetwork(conn *urpc.Client, pid int, spec *specs.Spec, conf *boot.Config) error { log.Infof("Setting up network") - // HACK! - // - // When kubernetes starts a pod, it first creates a sandbox with an - // application that just pauses forever. Later, when a container is - // added to the pod, kubernetes will create another sandbox with a - // config that corresponds to the containerized application, and add it - // to the same namespaces as the pause sandbox. - // - // Running a second sandbox currently breaks because the two sandboxes - // have the same network namespace and configuration, and try to create - // a tap device on the same host device which fails. - // - // Runsc will eventually need to detect that this container is meant to - // be run in the same sandbox as the pausing application, and somehow - // make that happen. - // - // For now the following HACK disables networking for the "pause" - // sandbox, allowing the second sandbox to start up successfully. - // - // TODO: Remove this once multiple containers per sandbox - // is properly supported. - if spec.Annotations[crioContainerTypeAnnotation] == "sandbox" || - spec.Annotations[containerdContainerTypeAnnotation] == "sandbox" { - log.Warningf("HACK: Disabling network") - conf.Network = boot.NetworkNone + if !conf.MultiContainer { + // HACK! + // + // When kubernetes starts a pod, it first creates a sandbox with an + // application that just pauses forever. Later, when a container is + // added to the pod, kubernetes will create another sandbox with a + // config that corresponds to the containerized application, and add it + // to the same namespaces as the pause sandbox. + // + // Running a second sandbox currently breaks because the two sandboxes + // have the same network namespace and configuration, and try to create + // a tap device on the same host device which fails. + // + // Runsc will eventually need to detect that this container is meant to + // be run in the same sandbox as the pausing application, and somehow + // make that happen. + // + // For now the following HACK disables networking for the "pause" + // sandbox, allowing the second sandbox to start up successfully. + // + // TODO: Remove this once multiple containers per sandbox + // is properly supported. + if spec.Annotations[crioContainerTypeAnnotation] == "sandbox" || + spec.Annotations[containerdContainerTypeAnnotation] == "sandbox" { + log.Warningf("HACK: Disabling network") + conf.Network = boot.NetworkNone + } } switch conf.Network { |