From d704144f530bd473556a018349e13d082bff4676 Mon Sep 17 00:00:00 2001 From: Tyler Ramer Date: Fri, 27 Mar 2020 13:33:37 -0400 Subject: [PATCH] Sanitize port parsing for pods in play kube The logic used in parsing the ports to be utilized in a kubenetes api defined pod did not fully adhere to the kubenetes spec, nor did it map well to a podman context. This fix sanitizes the input of container ports to meet the following rules: - A defined containerPort with no defined hostPort does nothing in a podman context, or is informational. This is line with [usage in Kubernetes.](https://github.com/kubernetes/kubernetes/issues/4332) - A defined hostPort with no defined containerPort acts like a publish [hostPort]:[hostPort] - A defined containerPort and defined hostPort works like it does in kubernetes, as in a publish [hostPort]:[containerPort] Addresses https://github.com/containers/libpod/issues/5610 Signed-off-by: Tyler Ramer --- pkg/adapter/pods.go | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/pkg/adapter/pods.go b/pkg/adapter/pods.go index 1417bd2b9b..102eabd8b5 100644 --- a/pkg/adapter/pods.go +++ b/pkg/adapter/pods.go @@ -768,6 +768,12 @@ func getPodPorts(containers []v1.Container) []ocicni.PortMapping { var infraPorts []ocicni.PortMapping for _, container := range containers { for _, p := range container.Ports { + if p.HostPort != 0 && p.ContainerPort == 0 { + p.ContainerPort = p.HostPort + } + if p.Protocol == "" { + p.Protocol = "tcp" + } portBinding := ocicni.PortMapping{ HostPort: p.HostPort, ContainerPort: p.ContainerPort, @@ -776,7 +782,12 @@ func getPodPorts(containers []v1.Container) []ocicni.PortMapping { if p.HostIP != "" { logrus.Debug("HostIP on port bindings is not supported") } - infraPorts = append(infraPorts, portBinding) + // only hostPort is utilized in podman context, all container ports + // are accessible inside the shared network namespace + if p.HostPort != 0 { + infraPorts = append(infraPorts, portBinding) + } + } } return infraPorts