cri: propagate deprecation list to runtime status

Propagate the deprecation list to CRI runtime conditions.

The propagated conditions are visible via `crictl info`,
but not visible via `kubectl get nodes -o yaml` yet, although
the CRI API says "These conditions will be exposed to users to help
them understand the status of the system".

https://github.com/kubernetes/cri-api/blob/v0.29.1/pkg/apis/runtime/v1/api.proto#L1505-L1509

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
This commit is contained in:
Akihiro Suda 2024-02-06 15:11:12 +09:00
parent dd725fae25
commit 1b3a96da6c
No known key found for this signature in database
GPG Key ID: 49524C6F9F638F1A
3 changed files with 102 additions and 0 deletions

View File

@ -394,6 +394,10 @@ type RuntimeConfig struct {
//
// For example, the value can be '5h', '2h30m', '10s'.
DrainExecSyncIOTimeout string `toml:"drain_exec_sync_io_timeout" json:"drainExecSyncIOTimeout"`
// IgnoreDeprecationWarnings is the list of the deprecation IDs (such as "io.containerd.deprecation/pull-schema-1-image")
// that should be ignored for checking "ContainerdHasNoDeprecationWarnings" condition.
IgnoreDeprecationWarnings []string `toml:"ignore_deprecation_warnings" json:"ignoreDeprecationWarnings"`
}
// X509KeyPairStreaming contains the x509 configuration for streaming

View File

@ -22,6 +22,8 @@ import (
"fmt"
goruntime "runtime"
"github.com/containerd/containerd/v2/api/services/introspection/v1"
ptypes "github.com/containerd/containerd/v2/protobuf/types"
"github.com/containerd/log"
runtime "k8s.io/cri-api/pkg/apis/runtime/v1"
)
@ -94,5 +96,51 @@ func (c *criService) Status(ctx context.Context, r *runtime.StatusRequest) (*run
}
resp.Info["lastCNILoadStatus"] = defaultStatus
}
intro, err := c.client.IntrospectionService().Server(ctx, &ptypes.Empty{})
if err != nil {
return nil, err
}
cond, err := runtimeConditionContainerdHasNoDeprecationWarnings(intro.Deprecations, c.config.IgnoreDeprecationWarnings)
if err != nil {
return nil, err
}
resp.Status.Conditions = append(resp.Status.Conditions, cond)
return resp, nil
}
func runtimeConditionContainerdHasNoDeprecationWarnings(deprecations []*introspection.DeprecationWarning, ignore []string) (*runtime.RuntimeCondition, error) {
cond := &runtime.RuntimeCondition{
Type: ContainerdHasNoDeprecationWarnings,
Status: true,
}
ignoreM := make(map[string]struct{})
for _, f := range ignore {
ignoreM[f] = struct{}{}
}
messages := make(map[string]string) // key: id, value: message
for _, d := range deprecations {
if _, ok := ignoreM[d.ID]; !ok {
messages[d.ID] = d.Message
}
}
if len(messages) > 0 {
cond.Status = false
cond.Reason = ContainerdHasDeprecationWarnings
messageJ, err := json.Marshal(messages)
if err != nil {
return nil, err
}
cond.Message = string(messageJ) // Arbitrary string
}
return cond, nil
}
const (
// ContainerdHasNoDeprecationWarnings is a string for [runtime.RuntimeCondition.Type].
ContainerdHasNoDeprecationWarnings = "ContainerdHasNoDeprecationWarnings"
// ContainerdHasDeprecationWarnings is a string for [runtime.RuntimeCondition.Reason].
// CamelCase is demanded by the spec.
// https://github.com/kubernetes/cri-api/blob/v0.29.1/pkg/apis/runtime/v1/api.proto#L1514
ContainerdHasDeprecationWarnings = "ContainerdHasDeprecationWarnings"
)

View File

@ -0,0 +1,50 @@
/*
Copyright The containerd Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package server
import (
"testing"
"github.com/containerd/containerd/v2/api/services/introspection/v1"
"github.com/stretchr/testify/assert"
runtime "k8s.io/cri-api/pkg/apis/runtime/v1"
)
func TestRuntimeConditionContainerdHasNoDeprecationWarnings(t *testing.T) {
deprecations := []*introspection.DeprecationWarning{
{
ID: "io.containerd.deprecation/foo",
Message: "foo",
},
}
cond, err := runtimeConditionContainerdHasNoDeprecationWarnings(deprecations, nil)
assert.NoError(t, err)
assert.Equal(t, &runtime.RuntimeCondition{
Type: ContainerdHasNoDeprecationWarnings,
Status: false,
Reason: ContainerdHasDeprecationWarnings,
Message: `{"io.containerd.deprecation/foo":"foo"}`,
}, cond)
cond, err = runtimeConditionContainerdHasNoDeprecationWarnings(deprecations, []string{"io.containerd.deprecation/foo"})
assert.NoError(t, err)
assert.Equal(t, &runtime.RuntimeCondition{
Type: ContainerdHasNoDeprecationWarnings,
Status: true,
}, cond)
}