diff options
author | Miloslav Trmač <mitr@redhat.com> | 2021-11-19 09:52:23 +0100 |
---|---|---|
committer | Matthew Heon <mheon@redhat.com> | 2021-12-06 15:48:38 -0500 |
commit | 25e5e8f89ecbc7a56c1bb893aa5b26ed854bd091 (patch) | |
tree | c3a47802ee3191c9193216a33c197e3af457facb /libpod | |
parent | d2602039e77300d9e5c76786aac997ed586d5038 (diff) | |
download | podman-25e5e8f89ecbc7a56c1bb893aa5b26ed854bd091.tar.gz podman-25e5e8f89ecbc7a56c1bb893aa5b26ed854bd091.tar.bz2 podman-25e5e8f89ecbc7a56c1bb893aa5b26ed854bd091.zip |
Don't use the global math/rand RNG for service ports
Use a private RNG with the desired seed, don't interfere
with the other uses.
Introducing the servicePortState type is rather overkill
for the single member, but we'll add another one immediately.
Signed-off-by: Miloslav Trmač <mitr@redhat.com>
Diffstat (limited to 'libpod')
-rw-r--r-- | libpod/kube.go | 27 |
1 files changed, 19 insertions, 8 deletions
diff --git a/libpod/kube.go b/libpod/kube.go index 4be31bd4b..7afa7be3a 100644 --- a/libpod/kube.go +++ b/libpod/kube.go @@ -78,7 +78,8 @@ func (p *Pod) GenerateForKube(ctx context.Context) (*v1.Pod, []v1.ServicePort, e if err != nil { return nil, servicePorts, err } - servicePorts = containerPortsToServicePorts(ports) + spState := newServicePortState() + servicePorts = spState.containerPortsToServicePorts(ports) hostNetwork = infraContainer.NetworkMode() == string(namespaces.NetworkMode(specgen.Host)) } pod, err := p.podWithContainers(ctx, allContainers, ports, hostNetwork) @@ -264,13 +265,26 @@ func GenerateKubeServiceFromV1Pod(pod *v1.Pod, servicePorts []v1.ServicePort) YA return service } +// servicePortState allows calling containerPortsToServicePorts for a single service +type servicePortState struct { + // A program using the shared math/rand state with the default seed will produce the same sequence of pseudo-random numbers + // for each execution. Use a private RNG state not to interfere with other users. + rng *rand.Rand +} + +func newServicePortState() servicePortState { + return servicePortState{ + rng: rand.New(rand.NewSource(time.Now().UnixNano())), + } +} + // containerPortsToServicePorts takes a slice of containerports and generates a // slice of service ports -func containerPortsToServicePorts(containerPorts []v1.ContainerPort) []v1.ServicePort { +func (state *servicePortState) containerPortsToServicePorts(containerPorts []v1.ContainerPort) []v1.ServicePort { sps := make([]v1.ServicePort, 0, len(containerPorts)) for _, cp := range containerPorts { // Legal nodeport range is 30000-32767 - nodePort := 30000 + rand.Intn(32767-30000+1) + nodePort := 30000 + state.rng.Intn(32767-30000+1) servicePort := v1.ServicePort{ Protocol: cp.Protocol, Port: cp.ContainerPort, @@ -286,13 +300,10 @@ func containerPortsToServicePorts(containerPorts []v1.ContainerPort) []v1.Servic // containersToServicePorts takes a slice of v1.Containers and generates an // inclusive list of serviceports to expose func containersToServicePorts(containers []v1.Container) []v1.ServicePort { - // Without the call to rand.Seed, a program will produce the same sequence of pseudo-random numbers - // for each execution. - rand.Seed(time.Now().UnixNano()) - + state := newServicePortState() sps := make([]v1.ServicePort, 0, len(containers)) for _, ctr := range containers { - sps = append(sps, containerPortsToServicePorts(ctr.Ports)...) + sps = append(sps, state.containerPortsToServicePorts(ctr.Ports)...) } return sps } |