grafana · roobre · Jul 20, 2023 · Jul 20, 2023 · Jul 20, 2023
@@ -124,6 +124,10 @@ func (d *podDisruptor) InjectHTTPFaults(
 			return nil, fmt.Errorf("pod %q does not expose port %d", pod.Name, fault.Port)
 		}
 
+		if utils.HasHostNetwork(pod) {
+			return nil, fmt.Errorf("pod %q cannot be safely injected as it has hostNetwork set to true", pod.Name)
+		}
+
 		targetAddress, err := utils.PodIP(pod)
 		if err != nil {
 			return nil, err

@@ -247,6 +247,36 @@ func Test_PodHTTPFaultInjection(t *testing.T) {
 			opts:     HTTPDisruptionOptions{},
 			duration: 60,
 		},
+		{
+			title: "Pod with hostNetwork",
+			selector: PodSelector{
+				Namespace: "testns",
+				Select: PodAttributes{
+					Labels: map[string]string{
+						"app": "myapp",
+					},
+				},
+			},
+			target: builders.NewPodBuilder("hostnet").
+				WithNamespace("test-ns").
+				WithLabels(map[string]string{
+					"app": "myapp",
+				}).
+				WithHostNetwork(true).
+				WithIP("192.0.2.6").
+				WithContainer(
+					*builders.NewContainerBuilder("myapp").
+						WithPort("http", 80).
+						Build(),
+				).
+				Build(),
+			expectError: true,
+			fault: HTTPFault{
+				Port: 80,
+			},
+			opts:     HTTPDisruptionOptions{},
+			duration: 60,
+		},
 	}
 
 	for _, tc := range testCases {

@@ -96,6 +96,10 @@ func (d *serviceDisruptor) InjectHTTPFaults(
 			return nil, err
 		}
 
+		if utils.HasHostNetwork(pod) {
+			return nil, fmt.Errorf("pod %q cannot be safely injected as it has hostNetwork set to true", pod.Name)
+		}
+
 		// copy fault to change target port for the pod
 		podFault := fault
 		podFault.Port = port

@@ -17,18 +17,21 @@ type PodBuilder interface {
 	WithPhase(status corev1.PodPhase) PodBuilder
 	// WithIP sets the IP address for the pod to be built
 	WithIP(ip string) PodBuilder
+	// WithHostNetwork sets the hostNetwork property of the pod to be built
+	WithHostNetwork(hostNetwork bool) PodBuilder
 	// WithContainer add a container to the pod
 	WithContainer(c corev1.Container) PodBuilder
 }
 
 // podBuilder defines the attributes for building a pod
 type podBuilder struct {
-	name       string
-	namespace  string
-	labels     map[string]string
-	phase      corev1.PodPhase
-	ip         string
-	containers []corev1.Container
+	name        string
+	namespace   string
+	labels      map[string]string
+	phase       corev1.PodPhase
+	ip          string
+	hostNetwork bool
+	containers  []corev1.Container
 }
 
 // NewPodBuilder creates a new instance of PodBuilder with the given pod name
@@ -59,6 +62,11 @@ func (b *podBuilder) WithLabels(labels map[string]string) PodBuilder {
 	return b
 }
 
+func (b *podBuilder) WithHostNetwork(hostNetwork bool) PodBuilder {
+	b.hostNetwork = hostNetwork
+	return b
+}
+
 func (b *podBuilder) WithContainer(c corev1.Container) PodBuilder {
 	b.containers = append(b.containers, c)
 	return b
@@ -77,6 +85,7 @@ func (b *podBuilder) Build() *corev1.Pod {
 		},
 		Spec: corev1.PodSpec{
 			Containers:          b.containers,
+			HostNetwork:         b.hostNetwork,
 			EphemeralContainers: nil,
 		},
 		Status: corev1.PodStatus{

@@ -69,6 +69,11 @@ func HasPort(pod corev1.Pod, port uint) bool {
 	return false
 }
 
+// HasHostNetwork returns whether a pod has HostNetwork enabled, i.e. it shares the host's network namespace.
+func HasHostNetwork(pod corev1.Pod) bool {
+	return pod.Spec.HostNetwork
+}
+
 // PodIP returns the pod IP for the supplied pod, or an error if it has no IP (yet).
 func PodIP(pod corev1.Pod) (string, error) {
 	// PodIP must be set if len(PodIPs > 0).