diff --git a/pkg/cmd/server/kubernetes/network/sdn_linux.go b/pkg/cmd/server/kubernetes/network/sdn_linux.go index 155dda9297d9..def367c72870 100644 --- a/pkg/cmd/server/kubernetes/network/sdn_linux.go +++ b/pkg/cmd/server/kubernetes/network/sdn_linux.go @@ -1,6 +1,8 @@ package network import ( + "strings" + "k8s.io/kubernetes/pkg/apis/componentconfig" kclientset "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset" kinternalinformers "k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion" @@ -22,6 +24,11 @@ func NewSDNInterfaces(options configapi.NodeConfig, originClient *osclient.Clien } } + // dockershim + kube CNI driver delegates hostport handling to plugins, + // while CRI-O handles hostports itself. Thus we need to disable the + // SDN's hostport handling when run under CRI-O. + enableHostports := !strings.Contains(runtimeEndpoint, "crio") + node, err := sdnnode.New(&sdnnode.OsdnNodeConfig{ PluginName: options.NetworkConfig.NetworkPluginName, Hostname: options.NodeName, @@ -33,6 +40,7 @@ func NewSDNInterfaces(options configapi.NodeConfig, originClient *osclient.Clien KubeInformers: internalKubeInformers, IPTablesSyncPeriod: proxyconfig.IPTables.SyncPeriod.Duration, ProxyMode: proxyconfig.Mode, + EnableHostports: enableHostports, }) if err != nil { return nil, nil, err diff --git a/pkg/network/node/node.go b/pkg/network/node/node.go index f00faa023891..21995160b11a 100644 --- a/pkg/network/node/node.go +++ b/pkg/network/node/node.go @@ -70,6 +70,7 @@ type OsdnNodeConfig struct { SelfIP string RuntimeEndpoint string MTU uint32 + EnableHostports bool OSClient *osclient.Client KClient kclientset.Interface @@ -178,7 +179,7 @@ func New(c *OsdnNodeConfig) (network.NodeInterface, error) { kClient: c.KClient, osClient: c.OSClient, oc: oc, - podManager: newPodManager(c.KClient, policy, c.MTU, oc), + podManager: newPodManager(c.KClient, policy, c.MTU, oc, c.EnableHostports), localIP: c.SelfIP, hostName: c.Hostname, useConnTrack: useConnTrack, diff --git a/pkg/network/node/pod.go b/pkg/network/node/pod.go index fbb5c9f22f11..5db7abd8d772 100644 --- a/pkg/network/node/pod.go +++ b/pkg/network/node/pod.go @@ -67,6 +67,8 @@ type podManager struct { mtu uint32 ovs *ovsController + enableHostports bool + // Things only accessed through the processCNIRequests() goroutine // and thus can be set from Start() ipamConfig []byte @@ -74,13 +76,14 @@ type podManager struct { } // Creates a new live podManager; used by node code0 -func newPodManager(kClient kclientset.Interface, policy osdnPolicy, mtu uint32, ovs *ovsController) *podManager { +func newPodManager(kClient kclientset.Interface, policy osdnPolicy, mtu uint32, ovs *ovsController, enableHostports bool) *podManager { pm := newDefaultPodManager() pm.kClient = kClient pm.policy = policy pm.mtu = mtu pm.podHandler = pm pm.ovs = ovs + pm.enableHostports = enableHostports return pm } @@ -150,7 +153,9 @@ func getIPAMConfig(clusterNetwork *net.IPNet, localSubnet string) ([]byte, error // Start the CNI server and start processing requests from it func (m *podManager) Start(socketPath string, localSubnetCIDR string, clusterNetwork *net.IPNet) error { - m.hostportSyncer = kubehostport.NewHostportSyncer() + if m.enableHostports { + m.hostportSyncer = kubehostport.NewHostportSyncer() + } var err error if m.ipamConfig, err = getIPAMConfig(clusterNetwork, localSubnetCIDR); err != nil { @@ -499,8 +504,10 @@ func (m *podManager) setup(req *cniserver.PodRequest) (cnitypes.Result, *running defer func() { if !success { m.ipamDel(req.SandboxID) - if err := m.hostportSyncer.SyncHostports(Tun0, m.getRunningPods()); err != nil { - glog.Warningf("failed syncing hostports: %v", err) + if m.hostportSyncer != nil { + if err := m.hostportSyncer.SyncHostports(Tun0, m.getRunningPods()); err != nil { + glog.Warningf("failed syncing hostports: %v", err) + } } } }() @@ -511,8 +518,10 @@ func (m *podManager) setup(req *cniserver.PodRequest) (cnitypes.Result, *running return nil, nil, err } podPortMapping := kubehostport.ConstructPodPortMapping(&v1Pod, podIP) - if err := m.hostportSyncer.OpenPodHostportsAndSync(podPortMapping, Tun0, m.getRunningPods()); err != nil { - return nil, nil, err + if m.hostportSyncer != nil { + if err := m.hostportSyncer.OpenPodHostportsAndSync(podPortMapping, Tun0, m.getRunningPods()); err != nil { + return nil, nil, err + } } var hostVethName, contVethMac string @@ -631,8 +640,10 @@ func (m *podManager) teardown(req *cniserver.PodRequest) error { errList = append(errList, err) } - if err := m.hostportSyncer.SyncHostports(Tun0, m.getRunningPods()); err != nil { - errList = append(errList, err) + if m.hostportSyncer != nil { + if err := m.hostportSyncer.SyncHostports(Tun0, m.getRunningPods()); err != nil { + errList = append(errList, err) + } } return kerrors.NewAggregate(errList)