summaryrefslogtreecommitdiff
path: root/libpod
diff options
context:
space:
mode:
authorMiloslav Trmač <mitr@redhat.com>2021-11-19 09:52:23 +0100
committerMiloslav Trmač <mitr@redhat.com>2021-11-30 22:13:52 +0100
commitec686d68ddf326c8f4e50f2770be3ed7d250c6d0 (patch)
tree51971fe466cf0f282c76c076c2655ed14f8fc4de /libpod
parentd48c00418ae7f6efcfe45d92f3c5e08b9c8afacd (diff)
downloadpodman-ec686d68ddf326c8f4e50f2770be3ed7d250c6d0.tar.gz
podman-ec686d68ddf326c8f4e50f2770be3ed7d250c6d0.tar.bz2
podman-ec686d68ddf326c8f4e50f2770be3ed7d250c6d0.zip
Don't use the global math/rand RNG for service ports
Use a private RNG with the desired seed, don't interfere with the other uses. Introducing the servicePortState type is rather overkill for the single member, but we'll add another one immediately. Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Diffstat (limited to 'libpod')
-rw-r--r--libpod/kube.go27
1 files changed, 19 insertions, 8 deletions
diff --git a/libpod/kube.go b/libpod/kube.go
index 30a3b069c..73d219fbc 100644
--- a/libpod/kube.go
+++ b/libpod/kube.go
@@ -79,7 +79,8 @@ func (p *Pod) GenerateForKube(ctx context.Context) (*v1.Pod, []v1.ServicePort, e
if err != nil {
return nil, servicePorts, err
}
- servicePorts = containerPortsToServicePorts(ports)
+ spState := newServicePortState()
+ servicePorts = spState.containerPortsToServicePorts(ports)
hostNetwork = infraContainer.NetworkMode() == string(namespaces.NetworkMode(specgen.Host))
}
pod, err := p.podWithContainers(ctx, allContainers, ports, hostNetwork)
@@ -265,13 +266,26 @@ func GenerateKubeServiceFromV1Pod(pod *v1.Pod, servicePorts []v1.ServicePort) YA
return service
}
+// servicePortState allows calling containerPortsToServicePorts for a single service
+type servicePortState struct {
+ // A program using the shared math/rand state with the default seed will produce the same sequence of pseudo-random numbers
+ // for each execution. Use a private RNG state not to interfere with other users.
+ rng *rand.Rand
+}
+
+func newServicePortState() servicePortState {
+ return servicePortState{
+ rng: rand.New(rand.NewSource(time.Now().UnixNano())),
+ }
+}
+
// containerPortsToServicePorts takes a slice of containerports and generates a
// slice of service ports
-func containerPortsToServicePorts(containerPorts []v1.ContainerPort) []v1.ServicePort {
+func (state *servicePortState) containerPortsToServicePorts(containerPorts []v1.ContainerPort) []v1.ServicePort {
sps := make([]v1.ServicePort, 0, len(containerPorts))
for _, cp := range containerPorts {
// Legal nodeport range is 30000-32767
- nodePort := 30000 + rand.Intn(32767-30000+1)
+ nodePort := 30000 + state.rng.Intn(32767-30000+1)
servicePort := v1.ServicePort{
Protocol: cp.Protocol,
Port: cp.ContainerPort,
@@ -287,13 +301,10 @@ func containerPortsToServicePorts(containerPorts []v1.ContainerPort) []v1.Servic
// containersToServicePorts takes a slice of v1.Containers and generates an
// inclusive list of serviceports to expose
func containersToServicePorts(containers []v1.Container) []v1.ServicePort {
- // Without the call to rand.Seed, a program will produce the same sequence of pseudo-random numbers
- // for each execution.
- rand.Seed(time.Now().UnixNano())
-
+ state := newServicePortState()
sps := make([]v1.ServicePort, 0, len(containers))
for _, ctr := range containers {
- sps = append(sps, containerPortsToServicePorts(ctr.Ports)...)
+ sps = append(sps, state.containerPortsToServicePorts(ctr.Ports)...)
}
return sps
}