openshift · openshift-merge-robot · Sep 26, 2017 · Sep 20, 2017 · rajatchopra · Sep 21, 2017
diff --git a/pkg/cmd/server/kubernetes/network/sdn_linux.go b/pkg/cmd/server/kubernetes/network/sdn_linux.go
@@ -1,6 +1,8 @@
 package network
 
 import (
+	"strings"
+
 	"k8s.io/kubernetes/pkg/apis/componentconfig"
 	kclientset "k8s.io/kubernetes/pkg/client/clientset_generated/internalclientset"
 	kinternalinformers "k8s.io/kubernetes/pkg/client/informers/informers_generated/internalversion"
@@ -22,6 +24,11 @@ func NewSDNInterfaces(options configapi.NodeConfig, originClient *osclient.Clien
 		}
 	}
 
+	// dockershim + kube CNI driver delegates hostport handling to plugins,
+	// while CRI-O handles hostports itself. Thus we need to disable the
+	// SDN's hostport handling when run under CRI-O.
+	enableHostports := !strings.Contains(runtimeEndpoint, "crio")
+
 	node, err := sdnnode.New(&sdnnode.OsdnNodeConfig{
 		PluginName:         options.NetworkConfig.NetworkPluginName,
 		Hostname:           options.NodeName,
@@ -33,6 +40,7 @@ func NewSDNInterfaces(options configapi.NodeConfig, originClient *osclient.Clien
 		KubeInformers:      internalKubeInformers,
 		IPTablesSyncPeriod: proxyconfig.IPTables.SyncPeriod.Duration,
 		ProxyMode:          proxyconfig.Mode,
+		EnableHostports:    enableHostports,
 	})
 	if err != nil {
 		return nil, nil, err

diff --git a/pkg/network/node/node.go b/pkg/network/node/node.go
@@ -70,6 +70,7 @@ type OsdnNodeConfig struct {
 	SelfIP          string
 	RuntimeEndpoint string
 	MTU             uint32
+	EnableHostports bool
 
 	OSClient *osclient.Client
 	KClient  kclientset.Interface
@@ -178,7 +179,7 @@ func New(c *OsdnNodeConfig) (network.NodeInterface, error) {
 		kClient:            c.KClient,
 		osClient:           c.OSClient,
 		oc:                 oc,
-		podManager:         newPodManager(c.KClient, policy, c.MTU, oc),
+		podManager:         newPodManager(c.KClient, policy, c.MTU, oc, c.EnableHostports),
 		localIP:            c.SelfIP,
 		hostName:           c.Hostname,
 		useConnTrack:       useConnTrack,

diff --git a/pkg/network/node/pod.go b/pkg/network/node/pod.go
@@ -67,20 +67,23 @@ type podManager struct {
 	mtu     uint32
 	ovs     *ovsController
 
+	enableHostports bool
+
 	// Things only accessed through the processCNIRequests() goroutine
 	// and thus can be set from Start()
 	ipamConfig     []byte
 	hostportSyncer kubehostport.HostportSyncer
 }
 
 // Creates a new live podManager; used by node code0
-func newPodManager(kClient kclientset.Interface, policy osdnPolicy, mtu uint32, ovs *ovsController) *podManager {
+func newPodManager(kClient kclientset.Interface, policy osdnPolicy, mtu uint32, ovs *ovsController, enableHostports bool) *podManager {
 	pm := newDefaultPodManager()
 	pm.kClient = kClient
 	pm.policy = policy
 	pm.mtu = mtu
 	pm.podHandler = pm
 	pm.ovs = ovs
+	pm.enableHostports = enableHostports
 	return pm
 }
 
@@ -150,7 +153,9 @@ func getIPAMConfig(clusterNetwork *net.IPNet, localSubnet string) ([]byte, error
 
 // Start the CNI server and start processing requests from it
 func (m *podManager) Start(socketPath string, localSubnetCIDR string, clusterNetwork *net.IPNet) error {
-	m.hostportSyncer = kubehostport.NewHostportSyncer()
+	if m.enableHostports {
+		m.hostportSyncer = kubehostport.NewHostportSyncer()
+	}
 
 	var err error
 	if m.ipamConfig, err = getIPAMConfig(clusterNetwork, localSubnetCIDR); err != nil {
@@ -499,8 +504,10 @@ func (m *podManager) setup(req *cniserver.PodRequest) (cnitypes.Result, *running
 	defer func() {
 		if !success {
 			m.ipamDel(req.SandboxID)
-			if err := m.hostportSyncer.SyncHostports(Tun0, m.getRunningPods()); err != nil {
-				glog.Warningf("failed syncing hostports: %v", err)
+			if m.hostportSyncer != nil {
+				if err := m.hostportSyncer.SyncHostports(Tun0, m.getRunningPods()); err != nil {
+					glog.Warningf("failed syncing hostports: %v", err)
+				}
 			}
 		}
 	}()
@@ -511,8 +518,10 @@ func (m *podManager) setup(req *cniserver.PodRequest) (cnitypes.Result, *running
 		return nil, nil, err
 	}
 	podPortMapping := kubehostport.ConstructPodPortMapping(&v1Pod, podIP)
-	if err := m.hostportSyncer.OpenPodHostportsAndSync(podPortMapping, Tun0, m.getRunningPods()); err != nil {
-		return nil, nil, err
+	if m.hostportSyncer != nil {
+		if err := m.hostportSyncer.OpenPodHostportsAndSync(podPortMapping, Tun0, m.getRunningPods()); err != nil {
+			return nil, nil, err
+		}
 	}
 
 	var hostVethName, contVethMac string
@@ -631,8 +640,10 @@ func (m *podManager) teardown(req *cniserver.PodRequest) error {
 		errList = append(errList, err)
 	}
 
-	if err := m.hostportSyncer.SyncHostports(Tun0, m.getRunningPods()); err != nil {
-		errList = append(errList, err)
+	if m.hostportSyncer != nil {
+		if err := m.hostportSyncer.SyncHostports(Tun0, m.getRunningPods()); err != nil {
+			errList = append(errList, err)
+		}
 	}
 
 	return kerrors.NewAggregate(errList)