diff --git a/vendor/k8s.io/kubernetes/pkg/kubelet/dockershim/docker_checkpoint.go b/vendor/k8s.io/kubernetes/pkg/kubelet/dockershim/docker_checkpoint.go index 6d0136c56fa6..6ad1d794169f 100644 --- a/vendor/k8s.io/kubernetes/pkg/kubelet/dockershim/docker_checkpoint.go +++ b/vendor/k8s.io/kubernetes/pkg/kubelet/dockershim/docker_checkpoint.go @@ -50,6 +50,7 @@ type PortMapping struct { // CheckpointData contains all types of data that can be stored in the checkpoint. type CheckpointData struct { PortMappings []*PortMapping `json:"port_mappings,omitempty"` + HostNetwork bool `json:"host_network,omitempty"` } // PodSandboxCheckpoint is the checkpoint structure for a sandbox diff --git a/vendor/k8s.io/kubernetes/pkg/kubelet/dockershim/docker_checkpoint_test.go b/vendor/k8s.io/kubernetes/pkg/kubelet/dockershim/docker_checkpoint_test.go index 477c9204d90b..c10b8f1e5027 100644 --- a/vendor/k8s.io/kubernetes/pkg/kubelet/dockershim/docker_checkpoint_test.go +++ b/vendor/k8s.io/kubernetes/pkg/kubelet/dockershim/docker_checkpoint_test.go @@ -48,18 +48,22 @@ func TestPersistentCheckpointHandler(t *testing.T) { &port443, }, } + checkpoint1.Data.HostNetwork = true checkpoints := []struct { - podSandboxID string - checkpoint *PodSandboxCheckpoint + podSandboxID string + checkpoint *PodSandboxCheckpoint + expectHostNetwork bool }{ { "id1", checkpoint1, + true, }, { "id2", NewPodSandboxCheckpoint("ns2", "sandbox2"), + false, }, } @@ -72,6 +76,7 @@ func TestPersistentCheckpointHandler(t *testing.T) { checkpoint, err := handler.GetCheckpoint(tc.podSandboxID) assert.NoError(t, err) assert.Equal(t, *checkpoint, *tc.checkpoint) + assert.Equal(t, checkpoint.Data.HostNetwork, tc.expectHostNetwork) } // Test ListCheckpoints keys, err := handler.ListCheckpoints() diff --git a/vendor/k8s.io/kubernetes/pkg/kubelet/dockershim/docker_sandbox.go b/vendor/k8s.io/kubernetes/pkg/kubelet/dockershim/docker_sandbox.go index d1215bc1b150..4a8183e855cd 100644 --- a/vendor/k8s.io/kubernetes/pkg/kubelet/dockershim/docker_sandbox.go +++ b/vendor/k8s.io/kubernetes/pkg/kubelet/dockershim/docker_sandbox.go @@ -171,14 +171,14 @@ func (ds *dockerService) RunPodSandbox(config *runtimeapi.PodSandboxConfig) (id // after us? func (ds *dockerService) StopPodSandbox(podSandboxID string) error { var namespace, name string + var hostNetwork bool var checkpointErr, statusErr error - needNetworkTearDown := false // Try to retrieve sandbox information from docker daemon or sandbox checkpoint status, statusErr := ds.PodSandboxStatus(podSandboxID) if statusErr == nil { nsOpts := status.GetLinux().GetNamespaces().GetOptions() - needNetworkTearDown = nsOpts != nil && !nsOpts.HostNetwork + hostNetwork = nsOpts != nil && nsOpts.HostNetwork m := status.GetMetadata() namespace = m.Namespace name = m.Name @@ -211,10 +211,8 @@ func (ds *dockerService) StopPodSandbox(podSandboxID string) error { } else { namespace = checkpoint.Namespace name = checkpoint.Name + hostNetwork = checkpoint.Data != nil && checkpoint.Data.HostNetwork } - - // Always trigger network plugin to tear down - needNetworkTearDown = true } // WARNING: The following operations made the following assumption: @@ -227,7 +225,7 @@ func (ds *dockerService) StopPodSandbox(podSandboxID string) error { // effort clean up and will not return error. errList := []error{} ready, ok := ds.getNetworkReady(podSandboxID) - if needNetworkTearDown && (ready || !ok) { + if !hostNetwork && (ready || !ok) { // Only tear down the pod network if we haven't done so already cID := kubecontainer.BuildContainerID(runtimeName, podSandboxID) err := ds.network.TearDownPod(namespace, name, cID) @@ -647,6 +645,9 @@ func constructPodSandboxCheckpoint(config *runtimeapi.PodSandboxConfig) *PodSand Protocol: &proto, }) } + if nsOptions := config.GetLinux().GetSecurityContext().GetNamespaceOptions(); nsOptions != nil { + checkpoint.Data.HostNetwork = nsOptions.HostNetwork + } return checkpoint }