From 2703043fa11827ca1e8e34732abde794711e365e Mon Sep 17 00:00:00 2001
From: Zhonghu Xu <xuzhonghu@huawei.com>
Date: Thu, 25 Jul 2024 14:42:42 +0800
Subject: [PATCH] preclude pod with host network to be managed by kmesh

Signed-off-by: Zhonghu Xu <xuzhonghu@huawei.com>
---
 pkg/utils/enroll.go      |  5 +++++
 pkg/utils/enroll_test.go | 31 +++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+)

diff --git a/pkg/utils/enroll.go b/pkg/utils/enroll.go
index 347143b29..648c519a4 100644
--- a/pkg/utils/enroll.go
+++ b/pkg/utils/enroll.go
@@ -42,6 +42,11 @@ func ShouldEnroll(pod *corev1.Pod, ns *corev1.Namespace) bool {
 		return false
 	}
 
+	// exclude pod with host network set, otherwise it will cause other pods with host network to be managed by kmesh
+	if pod.Spec.HostNetwork {
+		return false
+	}
+
 	// If it is a Pod of waypoint, it should not be managed by Kmesh
 	// Exclude istio managed gateway
 	if gateway, ok := pod.Labels["gateway.istio.io/managed"]; ok {
diff --git a/pkg/utils/enroll_test.go b/pkg/utils/enroll_test.go
index 77147cbdc..1a233a1e9 100644
--- a/pkg/utils/enroll_test.go
+++ b/pkg/utils/enroll_test.go
@@ -69,6 +69,37 @@ func TestShouldEnroll(t *testing.T) {
 			},
 			want: true,
 		},
+		{
+			name: "pod with hostnetwork",
+			args: args{
+				namespace: &corev1.Namespace{
+					TypeMeta: metav1.TypeMeta{
+						Kind:       "Namespace",
+						APIVersion: "v1",
+					},
+					ObjectMeta: metav1.ObjectMeta{
+						Name: "ut-test",
+					},
+				},
+				pod: &corev1.Pod{
+					TypeMeta: metav1.TypeMeta{
+						Kind:       "Pod",
+						APIVersion: "v1",
+					},
+					ObjectMeta: metav1.ObjectMeta{
+						Namespace: "ut-test",
+						Name:      "ut-pod",
+						Labels: map[string]string{
+							constants.DataPlaneModeLabel: constants.DataPlaneModeKmesh,
+						},
+					},
+					Spec: corev1.PodSpec{
+						HostNetwork: true,
+					},
+				},
+			},
+			want: false,
+		},
 		{
 			name: "sidecar misconfigured label",
 			args: args{