summaryrefslogtreecommitdiffhomepage
path: root/runsc/sandbox/network.go
diff options
context:
space:
mode:
authorNicolas Lacasse <nlacasse@google.com>2018-05-08 11:10:53 -0700
committerShentubot <shentubot@google.com>2018-05-08 11:11:50 -0700
commit32cabad8dab689fd94d6f2d19d4db10285a94e60 (patch)
treeaa4ffbf9de685d49affb48682ba1dde224e39bbb /runsc/sandbox/network.go
parente1b412d6609c848ff09356ead133b51cd0589731 (diff)
Use the containerd annotation instead of detecting the "pause" application.
FIXED=72380268 PiperOrigin-RevId: 195846596 Change-Id: Ic87fed1433482a514631e1e72f5ee208e11290d1
Diffstat (limited to 'runsc/sandbox/network.go')
-rw-r--r--runsc/sandbox/network.go18
1 files changed, 9 insertions, 9 deletions
diff --git a/runsc/sandbox/network.go b/runsc/sandbox/network.go
index 1b6a1d9a6..d0ff64067 100644
--- a/runsc/sandbox/network.go
+++ b/runsc/sandbox/network.go
@@ -31,6 +31,13 @@ import (
"gvisor.googlesource.com/gvisor/runsc/boot"
)
+const (
+ // Annotations used to indicate whether the container corresponds to a
+ // pod or a container within a pod.
+ crioContainerTypeAnnotation = "io.kubernetes.cri-o.ContainerType"
+ containerdContainerTypeAnnotation = "io.kubernetes.cri.container-type"
+)
+
// setupNetwork configures the network stack to mimic the local network
// configuration. Docker uses network namespaces with vnets to configure the
// network for the container. The untrusted app expects to see the same network
@@ -68,17 +75,10 @@ func setupNetwork(conn *urpc.Client, pid int, spec *specs.Spec, conf *boot.Confi
// For now the following HACK disables networking for the "pause"
// sandbox, allowing the second sandbox to start up successfully.
//
- // Cri-o helpfully adds the "ContainerType" annotation that we can use
- // to detect whether we are a pod or container. Cri-containerd will
- // support this eventually, but does not currently
- // (https://github.com/kubernetes-incubator/cri-containerd/issues/512).
- //
- // Thus, to support cri-containerd, we check if the exec args is
- // "/pause", which is pretty gross.
- //
// TODO: Remove this once multiple containers per sandbox
// is properly supported.
- if spec.Annotations["io.kubernetes.cri-o.ContainerType"] == "sandbox" || spec.Process.Args[0] == "/pause" {
+ if spec.Annotations[crioContainerTypeAnnotation] == "sandbox" ||
+ spec.Annotations[containerdContainerTypeAnnotation] == "sandbox" {
log.Warningf("HACK: Disabling network")
conf.Network = boot.NetworkNone
}