kubernetes-sigs · feiskyer · Apr 18, 2018 · Apr 17, 2018
diff --git a/images/hostnet-nginx/Dockerfile b/images/hostnet-nginx/Dockerfile
@@ -0,0 +1,17 @@
+# Copyright 2018 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FROM nginx
+ARG PORT
+RUN sed -i "s/listen\s*80;/listen ${PORT};/g" /etc/nginx/conf.d/default.conf
diff --git a/images/hostnet-nginx/Makefile b/images/hostnet-nginx/Makefile
@@ -0,0 +1,21 @@
+# Copyright 2018 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+.PHONY: all
+
+all: hostnet-nginx
+
+hostnet-nginx:
+	docker build . -t gcr.io/cri-tools/$@ --build-arg PORT=12003
+	gcloud docker -- push gcr.io/cri-tools/$@
diff --git a/pkg/validate/networking.go b/pkg/validate/networking.go
@@ -30,14 +30,19 @@ import (
 )
 
 const (
-	defaultDNSServer            string = "10.10.10.10"
-	defaultDNSSearch            string = "google.com"
-	defaultDNSOption            string = "ndots:8"
-	resolvConfigPath            string = "/etc/resolv.conf"
-	nginxImage                  string = "nginx"
-	nginxContainerPort          int32  = 80
-	nginxHostPortForPortMapping int32  = 8000
-	nginxHostPortForPortForward int32  = 8001
+	defaultDNSServer   string = "10.10.10.10"
+	defaultDNSSearch   string = "google.com"
+	defaultDNSOption   string = "ndots:8"
+	resolvConfigPath   string = "/etc/resolv.conf"
+	nginxImage         string = "nginx"
+	hostNetNginxImage  string = "gcr.io/cri-tools/hostnet-nginx"
+	nginxContainerPort int32  = 80
+	// The following host ports must not be in-use when running the test.
+	nginxHostPortForPortMapping        int32 = 12000
+	nginxHostPortForPortForward        int32 = 12001
+	nginxHostPortForHostNetPortFroward int32 = 12002
+	// The port used in hostNetNginxImage (See images/hostnet-nginx/)
+	nginxHostNetContainerPort int32 = 12003
 )
 
 var _ = framework.KubeDescribe("Networking", func() {
@@ -89,7 +94,7 @@ var _ = framework.KubeDescribe("Networking", func() {
 					ContainerPort: nginxContainerPort,
 				},
 			}
-			podID, podConfig = createPodSandboxWithPortMapping(rc, portMappings)
+			podID, podConfig = createPodSandboxWithPortMapping(rc, portMappings, false)
 
 			By("create a nginx container")
 			containerID := createNginxContainer(rc, ic, podID, podConfig, "container-for-container-port")
@@ -110,7 +115,7 @@ var _ = framework.KubeDescribe("Networking", func() {
 					HostPort:      nginxHostPortForPortMapping,
 				},
 			}
-			podID, podConfig = createPodSandboxWithPortMapping(rc, portMappings)
+			podID, podConfig = createPodSandboxWithPortMapping(rc, portMappings, false)
 
 			By("create a nginx container")
 			containerID := createNginxContainer(rc, ic, podID, podConfig, "container-for-host-port")
@@ -144,7 +149,7 @@ func createPodSandWithDNSConfig(c internalapi.RuntimeService) (string, *runtimea
 }
 
 // createPodSandboxWithPortMapping create a PodSandbox with port mapping.
-func createPodSandboxWithPortMapping(c internalapi.RuntimeService, portMappings []*runtimeapi.PortMapping) (string, *runtimeapi.PodSandboxConfig) {
+func createPodSandboxWithPortMapping(c internalapi.RuntimeService, portMappings []*runtimeapi.PortMapping, hostNet bool) (string, *runtimeapi.PodSandboxConfig) {
 	podSandboxName := "create-PodSandbox-with-port-mapping" + framework.NewUUID()
 	uid := framework.DefaultUIDPrefix + framework.NewUUID()
 	namespace := framework.DefaultNamespacePrefix + framework.NewUUID()
@@ -153,6 +158,13 @@ func createPodSandboxWithPortMapping(c internalapi.RuntimeService, portMappings
 		PortMappings: portMappings,
 		Linux:        &runtimeapi.LinuxPodSandboxConfig{},
 	}
+	if hostNet {
+		config.Linux.SecurityContext = &runtimeapi.LinuxSandboxSecurityContext{
+			NamespaceOptions: &runtimeapi.NamespaceOption{
+				Network: runtimeapi.NamespaceMode_NODE,
+			},
+		}
+	}
 
 	podID := framework.RunPodSandbox(c, config)
 	return podID, config
@@ -182,6 +194,17 @@ func createNginxContainer(rc internalapi.RuntimeService, ic internalapi.ImageMan
 	return framework.CreateContainer(rc, ic, containerConfig, podID, podConfig)
 }
 
+// createHostNetNginxContainer creates a nginx container using nginxHostNetContainerPort.
+func createHostNetNginxContainer(rc internalapi.RuntimeService, ic internalapi.ImageManagerService, podID string, podConfig *runtimeapi.PodSandboxConfig, prefix string) string {
+	containerName := prefix + framework.NewUUID()
+	containerConfig := &runtimeapi.ContainerConfig{
+		Metadata: framework.BuildContainerMetadata(containerName, framework.DefaultAttempt),
+		Image:    &runtimeapi.ImageSpec{Image: hostNetNginxImage},
+		Linux:    &runtimeapi.LinuxContainerConfig{},
+	}
+	return framework.CreateContainer(rc, ic, containerConfig, podID, podConfig)
+}
+
 // checkNginxMainPage check if the we can get the main page of nginx via given IP:port.
 func checkNginxMainPage(c internalapi.RuntimeService, podID string, hostPort int32) {
 	By("get the IP:port needed to be checked")

diff --git a/pkg/validate/streaming.go b/pkg/validate/streaming.go
@@ -124,14 +124,14 @@ var _ = framework.KubeDescribe("Streaming", func() {
 		})
 
 		It("runtime should support portforward [Conformance]", func() {
-			By("create a PodSandbox with host port and container port port mapping")
+			By("create a PodSandbox with container port port mapping")
 			var podConfig *runtimeapi.PodSandboxConfig
 			portMappings := []*runtimeapi.PortMapping{
 				{
 					ContainerPort: nginxContainerPort,
 				},
 			}
-			podID, podConfig = createPodSandboxWithPortMapping(rc, portMappings)
+			podID, podConfig = createPodSandboxWithPortMapping(rc, portMappings, false)
 
 			By("create a nginx container")
 			containerID := createNginxContainer(rc, ic, podID, podConfig, "container-for-portforward-test")
@@ -142,8 +142,31 @@ var _ = framework.KubeDescribe("Streaming", func() {
 			req := createDefaultPortForward(rc, podID)
 
 			By("check the output of portforward")
-			checkPortForward(rc, req)
+			checkPortForward(rc, req, nginxHostPortForPortForward, nginxContainerPort)
 		})
+
+		It("runtime should support portforward in host network", func() {
+			By("create a PodSandbox with container port port mapping in host network")
+			var podConfig *runtimeapi.PodSandboxConfig
+			portMappings := []*runtimeapi.PortMapping{
+				{
+					ContainerPort: nginxHostNetContainerPort,
+				},
+			}
+			podID, podConfig = createPodSandboxWithPortMapping(rc, portMappings, true)
+
+			By("create a nginx container")
+			containerID := createHostNetNginxContainer(rc, ic, podID, podConfig, "container-for-host-net-portforward-test")
+
+			By("start the nginx container")
+			startContainer(rc, containerID)
+
+			req := createDefaultPortForward(rc, podID)
+
+			By("check the output of portforward")
+			checkPortForward(rc, req, nginxHostPortForHostNetPortFroward, nginxHostNetContainerPort)
+		})
+
 	})
 })
 
@@ -300,7 +323,7 @@ func createDefaultPortForward(c internalapi.RuntimeService, podID string) string
 	return resp.Url
 }
 
-func checkPortForward(c internalapi.RuntimeService, portForwardSeverURL string) {
+func checkPortForward(c internalapi.RuntimeService, portForwardSeverURL string, hostPort, containerPort int32) {
 	stopChan := make(chan struct{}, 1)
 	readyChan := make(chan struct{})
 	defer close(stopChan)
@@ -309,7 +332,7 @@ func checkPortForward(c internalapi.RuntimeService, portForwardSeverURL string)
 	framework.ExpectNoError(err, "failed to create spdy round tripper")
 	url := parseURL(c, portForwardSeverURL)
 	dialer := spdy.NewDialer(upgrader, &http.Client{Transport: transport}, "POST", url)
-	pf, err := portforward.New(dialer, []string{fmt.Sprintf("%d:80", nginxHostPortForPortForward)}, stopChan, readyChan, os.Stdout, os.Stderr)
+	pf, err := portforward.New(dialer, []string{fmt.Sprintf("%d:%d", hostPort, containerPort)}, stopChan, readyChan, os.Stdout, os.Stderr)
 	framework.ExpectNoError(err, "failed to create port forward for %q", portForwardSeverURL)
 
 	go func() {
@@ -319,7 +342,7 @@ func checkPortForward(c internalapi.RuntimeService, portForwardSeverURL string)
 		framework.ExpectNoError(err, "failed to start port forward for %q", portForwardSeverURL)
 	}()
 
-	By(fmt.Sprintf("check if we can get nginx main page via localhost:%d", nginxHostPortForPortForward))
-	checkNginxMainPage(c, "", nginxHostPortForPortForward)
+	By(fmt.Sprintf("check if we can get nginx main page via localhost:%d", hostPort))
+	checkNginxMainPage(c, "", hostPort)
 	framework.Logf("Check port forward url %q succeed", portForwardSeverURL)
 }