Kubelet manage hosts file for HostNetwork Pods instead of Docker #49140
Conversation
k8s-ci-robot
added
kind/feature
|
Hi @rickypai. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
k8s-ci-robot
added
the
needs-ok-to-test
|
@rickypai: Reiterating the mentions to trigger a notification: In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-github-robot
added
size/M
|
I'd like to see this happen since it improves consistency, eliminating the burden for integration. Marking this 1.8 tentatively. |
pkg/kubelet/kubelet_pods.go
Outdated
|
|
||
| if useHostNetwork { | ||
| // if Pod is using host network, read hosts file from the node's filesystem. | ||
| hostsFileContent, err = nodeHostsFileContent() |
There was a problem hiding this comment.
Also add hostAliases for host-networked containers?
There was a problem hiding this comment.
i plan to do this as a follow-up. this is to keep the change and relevant discussions focused
There was a problem hiding this comment.
the work is covered in: #48398
|
/ok-to-test |
k8s-ci-robot
removed
the
needs-ok-to-test
|
/test pull-kubernetes-e2e-gce-etcd3 |
|
can i get more reviews on this? thanks a lot |
|
For testing we should probably have a param to define which file to read. You can pass "/etc/hosts" in real code and you can write a bogus file in test code. /approve |
k8s-github-robot
added
the
approved
pkg/kubelet/kubelet_pods_test.go
Outdated
| @@ -264,8 +264,8 @@ fe00::2 ip6-allrouters | |||
| } | |||
|
|
|||
| for _, testCase := range testCases { | |||
| actualContent := string(hostsFileContent(testCase.hostIP, testCase.hostName, testCase.hostDomainName, testCase.hostAliases)) | |||
| assert.Equal(t, testCase.expectedContent, actualContent, "hosts file content not expected") | |||
| actualContent, _ := managedHostsFileContent(testCase.hostIP, testCase.hostName, testCase.hostDomainName, testCase.hostAliases) | |||
There was a problem hiding this comment.
Also adds a test case for nodeHostsFileContent?
pkg/kubelet/kubelet_pods.go
Outdated
| mountEtcHostsFile := !pod.Spec.HostNetwork && len(podIP) > 0 && runtime.GOOS != "windows" | ||
| // - OS is not Windows | ||
| // Kubernetes will not mount /etc/hosts if: | ||
| // - when the pause container is being created, its IP is still unknown. Hence, PodIP will not have been set. |
There was a problem hiding this comment.
Change the comment to reflect the current status since you are touching it:
s/when the pause container/when the pod sandbox
There was a problem hiding this comment.
didn't know the pause container was changed. will update the comment
pkg/kubelet/kubelet_pods.go
Outdated
| func hostsFileContent(hostIP, hostName, hostDomainName string, hostAliases []v1.HostAlias) []byte { | ||
| // managedHostsFileContent generates the content of the managed etc hosts based on Pod IP and other | ||
| // information. | ||
| func managedHostsFileContent(hostIP, hostName, hostDomainName string, hostAliases []v1.HostAlias) ([]byte, error) { |
There was a problem hiding this comment.
Don't think returning the error is necessary since it's always nil. I think it's ok to not add it.
There was a problem hiding this comment.
i added it so it'd have the same return as nodeHostsFileContent. i can remove it
There was a problem hiding this comment.
removed extra error
|
/test pull-kubernetes-bazel |
1 similar comment
|
/test pull-kubernetes-bazel |
evie404
force-pushed
the
rpai/hostnetwork_etc_hosts
branch
from
2e863c9 to
7bf79ea
Compare
evie404
force-pushed
the
rpai/hostnetwork_etc_hosts
branch
from
7bf79ea to
a5fb7e0
Compare
|
squashed all commits |
|
/retest |
|
can i get another review? thanks a lot! |
pkg/kubelet/kubelet_pods.go
Outdated
|
|
||
| // nodeHostsFileContent reads the content of node's hosts file. | ||
| func nodeHostsFileContent(hostsFilePath string) ([]byte, error) { | ||
| // `etcHostsPath` references the location of the hosts file on the node. |
There was a problem hiding this comment.
Move the comment to where the variable is used (line 234)
pkg/kubelet/hosts_test_file1
Outdated
| @@ -0,0 +1,8 @@ | |||
| # hosts file for testing. | |||
There was a problem hiding this comment.
Can we not add test files in the pkg/kubelet? The test itself should write a temporary file and clean up after itself.
There was a problem hiding this comment.
i think it's brittle to try to write files during a test. what if the test run fails unexpectedly? then the file stays there and you end up potentially polluting the testing infrastructure :/
There was a problem hiding this comment.
Better to create the test file dynamically when running tests, e.g. under /tmp dir. The test could be useful when hostAliases is introduced.
There was a problem hiding this comment.
Yes, it should be written to a temp directory, or you can mock the filesystem call. I don't have a strong opinion since many of existing unit tests write to disk already. I don't want test data checked in the non-testing directory though
evie404
force-pushed
the
rpai/hostnetwork_etc_hosts
branch
from
a5fb7e0 to
f0e2ad1
Compare
|
@yujuhong can you take a look again? thanks a lot |
pkg/kubelet/kubelet_pods_test.go
Outdated
| } | ||
|
|
||
| for _, testCase := range testCases { | ||
| hostsFilePath := path.Join("/", "tmp", testCase.hostsFileName) |
There was a problem hiding this comment.
Suggestion: use ioutil.TempDir and ioutil.WriteFile to simplify the code and write to an OS specific temp directory.
Example: https://github.com/kubernetes/kubernetes/blob/v1.8.0-alpha.2/pkg/kubelet/dockershim/helpers_test.go#L161
evie404
force-pushed
the
rpai/hostnetwork_etc_hosts
branch
from
f0e2ad1 to
fb4bff0
Compare
|
/retest |
|
Is this going in for 1.8? |
|
@thockin it should be. i make an effort to respond to code review comments within 24hrs. is there a deadline i'm working against? i presume sept 1st? |
|
@yujuhong can you take a look again? thanks a lot |
This PR alone doesn't (or shouldn't) have user-facing impact and is not really a feature, so I am treating it as a consistency cleanup for the code. /lgtm |
k8s-ci-robot
added
the
lgtm
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: rickypai, thockin, yujuhong Associated issue: 48397 The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
|
Automatic merge from submit-queue (batch tested with PRs 50094, 48966, 49478, 50593, 49140) |
Automatic merge from submit-queue Support HostAlias for HostNetwork Pods **What this PR does / why we need it**: Currently, HostAlias does not support HostNetwork pods because historically, kubelet only manages hosts file for non-HostNetwork pods. With the recent change in #49140, kubelet now manages hosts file for all Pods, which enables HostAlias support also. **Which issue this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*: fixes #48398 **Special notes for your reviewer**: might be easier to review commit-by-commit **Release note**: ```release-note HostAlias is now supported for both non-HostNetwork Pods and HostNetwork Pods. ``` @yujuhong @hongchaodeng @thockin
What this PR does / why we need it: Currently, Docker manages the hosts file for containers inside Pods using hostNetwork. It creates discrepancy between how we treat hostNetwork and non-hostNetwork Pods. Kubelet should manage the file regardless of the network setup.
Which issue this PR fixes: fixes #48397 more context in #43632 (comment)
Special notes for your reviewer: Because the new logic relies on reading the node filesystem, I'm not sure how to write a proper unit test. I was thinking about using a node e2e test to cover the case, but suggestions are greatly welcomed.
Release note:
/kind feature
/sig node
@yujuhong @hongchaodeng @thockin
@kubernetes/sig-network-feature-requests @kubernetes/sig-node-feature-requests