github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #55026 from dashpole/network_mock_docker 

Automatic merge from submit-queue (batch tested with PRs 55893, 55906, 55026). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

[Test Fix] Mock docker network dependencies and fix filtering bug

This PR only affects the mocked docker runtime, and has no impact on the kubelet.

Issue #53327 

When kubernetes creates a pod using the docker shim, it creates a container which contains the pod's network namespace, and then creates containers which specify that namespace.
The current mocked docker does not mock this interaction, and thus allows a container to be created even when the container whose network it is joining does not exist.
This allows the mocked kubelet to end up in a state where the pod does not exist, but a container in the pod does, and this breaks pod deletion.

This fixes the above by only allowing containers to be started if the container whose network it is trying to join is running.

Additionally, this PR fixes a filtering bug where we were incorrectly comparing docker container statuses.

/assign @shyamjvs 
can you test this to see if it fixes the issue?
/assign @Random-Liu 
for approval after @shyamjvs confirms this works.
pull/6/head
Kubernetes Submit Queue 2017-11-28 18:24:56 -08:00 committed by GitHub
parent 8cc6729d90 63f7836d39
commit 4480204070
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 26 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
pkg/kubelet/dockershim/libdocker/fake_client.go
View File

@ -410,7 +410,7 @@ func (f *FakeDockerClient) ListContainers(options dockertypes.ContainerListOptio
var filtered []dockertypes.Container
for _, container := range containerList {
for _, statusFilter := range statusFilters {
if container.Status == statusFilter {
if toDockerContainerStatus(container.Status) == statusFilter {
filtered = append(filtered, container)
break
}
@ -443,6 +443,19 @@ func (f *FakeDockerClient) ListContainers(options dockertypes.ContainerListOptio
return containerList, err
}
func toDockerContainerStatus(state string) string {
switch {
case strings.HasPrefix(state, StatusCreatedPrefix):
return "created"
case strings.HasPrefix(state, StatusRunningPrefix):
return "running"
case strings.HasPrefix(state, StatusExitedPrefix):
return "exited"
default:
return "unknown"
}
}
// InspectContainer is a test-spy implementation of Interface.InspectContainer.
// It adds an entry "inspect" to the internal method call record.
func (f *FakeDockerClient) InspectContainer(id string) (*dockertypes.ContainerJSON, error) {
@ -565,6 +578,18 @@ func (f *FakeDockerClient) StartContainer(id string) error {
}
f.appendContainerTrace("Started", id)
container, ok := f.ContainerMap[id]
if container.HostConfig.NetworkMode.IsContainer() {
hostContainerID := container.HostConfig.NetworkMode.ConnectedContainer()
found := false
for _, container := range f.RunningContainerList {
if container.ID == hostContainerID {
found = true
}
}
if !found {
return fmt.Errorf("failed to start container \"%s\": Error response from daemon: cannot join network of a non running container: %s", id, hostContainerID)
}
}
timestamp := f.Clock.Now()
if !ok {
container = convertFakeContainer(&FakeContainer{ID: id, Name: id, CreatedAt: timestamp})