Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix container hostPid settings #44097

Merged
merged 2 commits into from
Apr 5, 2017
Merged

Fix container hostPid settings #44097

merged 2 commits into from
Apr 5, 2017

Conversation

feiskyer
Copy link
Member

@feiskyer feiskyer commented Apr 5, 2017

What this PR does / why we need it:

HostPid is not set correctly for containers.

Which issue this PR fixes

Fixes #44041.

Special notes for your reviewer:

Should be cherry-picked into v1.6 branch.

Release note:

Fix container hostPid settings.

cc @yujuhong @derekwaynecarr @unclejack @kubernetes/sig-node-pr-reviews

@k8s-ci-robot k8s-ci-robot added the cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. label Apr 5, 2017
@k8s-reviewable
Copy link

This change is Reviewable

@feiskyer feiskyer changed the title Hostpid Fix container hostPid settings Apr 5, 2017
@k8s-github-robot k8s-github-robot added size/S Denotes a PR that changes 10-29 lines, ignoring generated files. release-note Denotes a PR that will be considered when it comes time to generate release notes. labels Apr 5, 2017
@feiskyer feiskyer mentioned this pull request Apr 5, 2017
Closed
@bboreham
Copy link
Contributor

bboreham commented Apr 5, 2017

Do tests need improving to catch this?

@feiskyer
Copy link
Member Author

feiskyer commented Apr 5, 2017

Do tests need improving to catch this?

I think so. We should add hostnetwork/hostpid testings to node e2e tests. I will add them in a separate PR.

@derekwaynecarr
Copy link
Member

would like a node e2e test before merge.

@derekwaynecarr derekwaynecarr self-assigned this Apr 5, 2017
@k8s-cherrypick-bot
Copy link

Removing label cherrypick-candidate because no release milestone was set. This is an invalid state and thus this PR is not being considered for cherry-pick to any release branch. Please add an appropriate release milestone and then re-add the label.

@yujuhong yujuhong added this to the v1.6 milestone Apr 5, 2017
@yujuhong yujuhong self-assigned this Apr 5, 2017
@yujuhong yujuhong added kind/bug Categorizes issue or PR as related to a bug. queue/critical-fix labels Apr 5, 2017
yujuhong
yujuhong reviewed Apr 5, 2017
View reviewed changes
pkg/kubelet/dockershim/security_context_test.go
@@ -306,6 +306,7 @@ func TestModifyContainerNamespaceOptions(t *testing.T) {
expected: &dockercontainer.HostConfig{
NetworkMode: dockercontainer.NetworkMode(sandboxNSMode),
IpcMode: dockercontainer.IpcMode(sandboxNSMode),
PidMode: namespaceModeHost,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does the test fail without the fix?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes

@yujuhong
Copy link
Contributor

yujuhong commented Apr 5, 2017

/cc @enisoc, this fix should be included in 1.6.2.

@yujuhong
Copy link
Contributor

yujuhong commented Apr 5, 2017

would like a node e2e test before merge.

A node e2e test would be good.

On the other hand, we do have security context tests, but they are not running anywhere in our builds: #16456 (comment)
@derekwaynecarr @pmorie, I thought OpenShift ran these tests. Did it not catch this bug?

@derekwaynecarr
Copy link
Member

@yujuhong we are still rebasing on top Kubernetes 1.6, it's possible that it was not caught yet.

@yujuhong
Copy link
Contributor

yujuhong commented Apr 5, 2017

@yujuhong we are still rebasing on top Kubernetes 1.6, it's possible that it was not caught yet.

:-(

@ncdc
Copy link
Member

ncdc commented Apr 5, 2017

@sttts we'll need to pick this

@derekwaynecarr
Copy link
Member

I manually verified the fix as well and things worked well.

@derekwaynecarr
Copy link
Member

/approve
/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Apr 5, 2017
@k8s-github-robot
Copy link

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: derekwaynecarr, feiskyer

Needs approval from an approver in each of these OWNERS Files:

You can indicate your approval by writing /approve in a comment
You can cancel your approval by writing /approve cancel in a comment

@k8s-github-robot k8s-github-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 5, 2017
@k8s-github-robot
Copy link

Automatic merge from submit-queue

@k8s-github-robot k8s-github-robot merged commit 7b7257a into kubernetes:master Apr 5, 2017
@feiskyer feiskyer mentioned this pull request Apr 5, 2017
Merged
@feiskyer feiskyer deleted the hostpid branch April 5, 2017 23:30
@k8s-ci-robot
Copy link
Contributor

@feiskyer: The following test(s) failed:

Test name Commit Details Rerun command
Jenkins non-CRI GCE e2e 023fe48 link @k8s-bot non-cri e2e test this

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@feiskyer feiskyer mentioned this pull request Apr 5, 2017
Closed
10 tasks
@liggitt liggitt mentioned this pull request Apr 6, 2017
Merged
13 tasks
k8s-github-robot pushed a commit that referenced this pull request Apr 10, 2017
Merge pull request #44116 from feiskyer/release-1.6
b309323 
Automatic merge from submit-queue

Automated cherry pick of #44097 and #44119

Cherry pick #44097 and #44119  for release-1.6.

Fix container hostPid settings.

**Release note**:

```release-note
Fix container hostPid settings when CRI is enabled.
```
@k8s-cherrypick-bot
Copy link

Commit found in the "release-1.6" branch appears to be this PR. Removing the "cherrypick-candidate" label. If this is an error find help to get your PR picked.

@dchen1107 dchen1107 mentioned this pull request Apr 11, 2017
Closed
@feiskyer feiskyer mentioned this pull request Apr 21, 2017
Closed
mintzhao pushed a commit to mintzhao/kubernetes that referenced this pull request Jun 1, 2017
Merge pull request kubernetes#44116 from feiskyer/release-1.6
30b49be 
Automatic merge from submit-queue

Automated cherry pick of kubernetes#44097 and kubernetes#44119

Cherry pick kubernetes#44097 and kubernetes#44119  for release-1.6.

Fix container hostPid settings.

**Release note**:

```release-note
Fix container hostPid settings when CRI is enabled.
```
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@yujuhong yujuhong yujuhong left review comments

Assignees

@Random-Liu Random-Liu

@derekwaynecarr derekwaynecarr

@yujuhong yujuhong

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/bug Categorizes issue or PR as related to a bug. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/S Denotes a PR that changes 10-29 lines, ignoring generated files.
Projects
None yet
Milestone
v1.6
Development

Successfully merging this pull request may close these issues.

hostPID doesn't seem to work on Kubernetes 1.6
10 participants
@feiskyer @k8s-reviewable @bboreham @derekwaynecarr @k8s-cherrypick-bot @yujuhong @ncdc @k8s-github-robot @k8s-ci-robot @Random-Liu