diff options
author | Nicolas Lacasse <nlacasse@google.com> | 2018-05-08 11:10:53 -0700 |
---|---|---|
committer | Shentubot <shentubot@google.com> | 2018-05-08 11:11:50 -0700 |
commit | 32cabad8dab689fd94d6f2d19d4db10285a94e60 (patch) | |
tree | aa4ffbf9de685d49affb48682ba1dde224e39bbb /runsc/sandbox | |
parent | e1b412d6609c848ff09356ead133b51cd0589731 (diff) |
Use the containerd annotation instead of detecting the "pause" application.
FIXED=72380268
PiperOrigin-RevId: 195846596
Change-Id: Ic87fed1433482a514631e1e72f5ee208e11290d1
Diffstat (limited to 'runsc/sandbox')
-rw-r--r-- | runsc/sandbox/network.go | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/runsc/sandbox/network.go b/runsc/sandbox/network.go index 1b6a1d9a6..d0ff64067 100644 --- a/runsc/sandbox/network.go +++ b/runsc/sandbox/network.go @@ -31,6 +31,13 @@ import ( "gvisor.googlesource.com/gvisor/runsc/boot" ) +const ( + // Annotations used to indicate whether the container corresponds to a + // pod or a container within a pod. + crioContainerTypeAnnotation = "io.kubernetes.cri-o.ContainerType" + containerdContainerTypeAnnotation = "io.kubernetes.cri.container-type" +) + // setupNetwork configures the network stack to mimic the local network // configuration. Docker uses network namespaces with vnets to configure the // network for the container. The untrusted app expects to see the same network @@ -68,17 +75,10 @@ func setupNetwork(conn *urpc.Client, pid int, spec *specs.Spec, conf *boot.Confi // For now the following HACK disables networking for the "pause" // sandbox, allowing the second sandbox to start up successfully. // - // Cri-o helpfully adds the "ContainerType" annotation that we can use - // to detect whether we are a pod or container. Cri-containerd will - // support this eventually, but does not currently - // (https://github.com/kubernetes-incubator/cri-containerd/issues/512). - // - // Thus, to support cri-containerd, we check if the exec args is - // "/pause", which is pretty gross. - // // TODO: Remove this once multiple containers per sandbox // is properly supported. - if spec.Annotations["io.kubernetes.cri-o.ContainerType"] == "sandbox" || spec.Process.Args[0] == "/pause" { + if spec.Annotations[crioContainerTypeAnnotation] == "sandbox" || + spec.Annotations[containerdContainerTypeAnnotation] == "sandbox" { log.Warningf("HACK: Disabling network") conf.Network = boot.NetworkNone } |