-
Notifications
You must be signed in to change notification settings - Fork 38.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
kubelet manages /etc/hosts file #16052
Conversation
} | ||
|
||
func makeHostsMount(podDir, podIP, podName string) (*kubecontainer.Mount, error) { | ||
hostsFilePath := path.Join(podDir, "hosts") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can we call the file "etc-hosts" ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed, added container name to it as well
nice fix. Waiting for e2e |
Labelling this PR as size/M |
GCE e2e test build/test passed for commit 77d170ac19a9d09d307da242e896d45a23039731. |
@@ -955,8 +958,11 @@ func (kl *Kubelet) syncNodeStatus() { | |||
} | |||
} | |||
|
|||
func makeMounts(container *api.Container, podVolumes kubecontainer.VolumeMap) (mounts []kubecontainer.Mount) { | |||
func (kl *Kubelet) makeMounts(pod *api.Pod, container *api.Container, podVolumes kubecontainer.VolumeMap) ([]kubecontainer.Mount, error) { | |||
mountEtcHostsFile := !pod.Spec.SecurityContext.HostNetwork |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What does Docker do with /etc/hosts in the case of net=host?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It mounts the the host's /etc/hosts
On Wed, Oct 21, 2015 at 1:42 PM, Brian Grant notifications@github.com
wrote:
In pkg/kubelet/kubelet.go
#16052 (comment)
:@@ -955,8 +958,11 @@ func (kl *Kubelet) syncNodeStatus() {
}
}-func makeMounts(container *api.Container, podVolumes kubecontainer.VolumeMap) (mounts []kubecontainer.Mount) {
+func (kl *Kubelet) makeMounts(pod *api.Pod, container *api.Container, podVolumes kubecontainer.VolumeMap) ([]kubecontainer.Mount, error) {
- mountEtcHostsFile := !pod.Spec.SecurityContext.HostNetwork
What does Docker do with /etc/hosts in the case of net=host?
—
Reply to this email directly or view it on GitHub
https://github.com/kubernetes/kubernetes/pull/16052/files#r42679420.
77d170a
to
c942009
Compare
etchosts is per-container |
The current implementation is like this way: for a given pod, we re-write pod's /etc/hosts file completely when every container start / restart. Also at network container creation stage, there is no PodIP information yet. I am not sure this is the best solution. What I proposed yesterday:
|
Ok, talked to @ArtfulCoder offline. He changed this to per container based, not pod based, so that Kubelet won't overwrite the single file every container start / restart. The side effect is that we create an extra file for each container. I guess this should be ok. |
Labelling this PR as size/L |
GCE e2e test build/test passed for commit c9420095e3a2844db8591d3d02fb2f8c6620116f. |
c942009
to
716ea07
Compare
e2e added |
} | ||
|
||
func makeHostsMount(podDir, podIP, podName, containerName string) (*kubecontainer.Mount, error) { | ||
hostsFilePath := path.Join(podDir, fmt.Sprintf("%s-etc-hosts", containerName)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we should not need a file per container - can we make the hosts file once after the pod is created and then use that for all of the container mounts?
A few small points, then LGTM |
GCE e2e test build/test passed for commit 716ea07b90fc4513edbdebb0783e4ed5ddec4c5d. |
716ea07
to
5b2f28d
Compare
feedback incorporated. |
GCE e2e test build/test passed for commit 5b2f28d35ee913ad4541ee023b027c8f6c7d62c4. |
fixing test issue found by shippable |
|
||
func ensureHostsFile(fileName string, hostIP, hostName string) error { | ||
if _, err := os.Stat(fileName); os.IsExist(err) { | ||
glog.Errorf("File exits: %q", fileName) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: Shouldn't be Errorf here, right?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
s/exits/exists
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
but I agree with dawn - is this log line useful? It seems like V(4) at best
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
@@ -955,8 +958,12 @@ func (kl *Kubelet) syncNodeStatus() { | |||
} | |||
} | |||
|
|||
func makeMounts(container *api.Container, podVolumes kubecontainer.VolumeMap) (mounts []kubecontainer.Mount) { | |||
func (kl *Kubelet) makeMounts(pod *api.Pod, container *api.Container, podVolumes kubecontainer.VolumeMap) ([]kubecontainer.Mount, error) { | |||
mountEtcHostsFile := !pod.Spec.SecurityContext.HostNetwork && len(pod.Status.PodIP) > 0 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please comment here: You only create etc_hosts file for containers meeting both requirements:
- not using host network. This is pretty straight-forward. But worth a comment to make sure other maintainer won't break this logic in the future.
- podIP is available already. This means network infrastructure container's etc_hosts file is different from rest of containers. It should be ok since that is a hidden container, and not used by the users anyway. But it is confusing. I did stair at it for a couple of minutes to figure it out. :-)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done
LGTM overall.Just some nits and comments. |
cc/ @yifan-gu on rkt side. Now Kubelet takes over container's /etc/hosts file, not sure if it breaks rkt's logic here. |
5b2f28d
to
ba6469d
Compare
feedback addressed. |
cc @jonboulle |
GCE e2e test build/test passed for commit ba6469d. |
LGTM, shouldn't break rkt |
LGTM |
kubelet manages /etc/hosts file
waiting on #16174 before cherry-picking |
@@ -312,22 +312,6 @@ type containerStatusResult struct { | |||
|
|||
const podIPDownwardAPISelector = "status.podIP" | |||
|
|||
// podDependsOnIP returns whether any containers in a pod depend on using the pod IP via |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@ArtfulCoder why did this change?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
because all pods depend on IP now.
was the change to the downward API logic part of this PR? i don't understand. |
@pmorie We need the container's hostname and ip so that it can be included in the /etc/hosts file. Hope that answers your question. |
Thanks for the clarification @thockin |
This implementation relies on moby/moby#14613