cri: propagate deprecation list to runtime status

Propagate the deprecation list to CRI runtime conditions. The propagated conditions are visible via `crictl info`, but not visible via `kubectl get nodes -o yaml` yet, although the CRI API says "These conditions will be exposed to users to help them understand the status of the system". https://github.com/kubernetes/cri-api/blob/v0.29.1/pkg/apis/runtime/v1/api.proto#L1505-L1509 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
2024-02-06 15:11:12 +09:00 · 2024-02-06 15:11:12 +09:00 · 1b3a96da6c
commit 1b3a96da6c
parent dd725fae25
3 changed files with 102 additions and 0 deletions
--- a/internal/cri/config/config.go
+++ b/internal/cri/config/config.go
@ -394,6 +394,10 @@ type RuntimeConfig struct {
 	//
 	// For example, the value can be '5h', '2h30m', '10s'.
 	DrainExecSyncIOTimeout string `toml:"drain_exec_sync_io_timeout" json:"drainExecSyncIOTimeout"`
+
+	// IgnoreDeprecationWarnings is the list of the deprecation IDs (such as "io.containerd.deprecation/pull-schema-1-image")
+	// that should be ignored for checking "ContainerdHasNoDeprecationWarnings" condition.
+	IgnoreDeprecationWarnings []string `toml:"ignore_deprecation_warnings" json:"ignoreDeprecationWarnings"`
 }

 // X509KeyPairStreaming contains the x509 configuration for streaming
--- a/internal/cri/server/status.go
+++ b/internal/cri/server/status.go
@ -22,6 +22,8 @@ import (
 	"fmt"
 	goruntime "runtime"

+	"github.com/containerd/containerd/v2/api/services/introspection/v1"
+	ptypes "github.com/containerd/containerd/v2/protobuf/types"
 	"github.com/containerd/log"
 	runtime "k8s.io/cri-api/pkg/apis/runtime/v1"
 )
@ -94,5 +96,51 @@ func (c *criService) Status(ctx context.Context, r *runtime.StatusRequest) (*run
 		}
 		resp.Info["lastCNILoadStatus"] = defaultStatus
 	}
+	intro, err := c.client.IntrospectionService().Server(ctx, &ptypes.Empty{})
+	if err != nil {
+		return nil, err
+	}
+	cond, err := runtimeConditionContainerdHasNoDeprecationWarnings(intro.Deprecations, c.config.IgnoreDeprecationWarnings)
+	if err != nil {
+		return nil, err
+	}
+	resp.Status.Conditions = append(resp.Status.Conditions, cond)
 	return resp, nil
 }
+
+func runtimeConditionContainerdHasNoDeprecationWarnings(deprecations []*introspection.DeprecationWarning, ignore []string) (*runtime.RuntimeCondition, error) {
+	cond := &runtime.RuntimeCondition{
+		Type:   ContainerdHasNoDeprecationWarnings,
+		Status: true,
+	}
+	ignoreM := make(map[string]struct{})
+	for _, f := range ignore {
+		ignoreM[f] = struct{}{}
+	}
+	messages := make(map[string]string) // key: id, value: message
+	for _, d := range deprecations {
+		if _, ok := ignoreM[d.ID]; !ok {
+			messages[d.ID] = d.Message
+		}
+	}
+	if len(messages) > 0 {
+		cond.Status = false
+		cond.Reason = ContainerdHasDeprecationWarnings
+		messageJ, err := json.Marshal(messages)
+		if err != nil {
+			return nil, err
+		}
+		cond.Message = string(messageJ) // Arbitrary string
+	}
+	return cond, nil
+}
+
+const (
+	// ContainerdHasNoDeprecationWarnings is a string for [runtime.RuntimeCondition.Type].
+	ContainerdHasNoDeprecationWarnings = "ContainerdHasNoDeprecationWarnings"
+
+	// ContainerdHasDeprecationWarnings is a string for [runtime.RuntimeCondition.Reason].
+	// CamelCase is demanded by the spec.
+	// https://github.com/kubernetes/cri-api/blob/v0.29.1/pkg/apis/runtime/v1/api.proto#L1514
+	ContainerdHasDeprecationWarnings = "ContainerdHasDeprecationWarnings"
+)
--- a/internal/cri/server/status_test.go
+++ b/internal/cri/server/status_test.go
@ -0,0 +1,50 @@
+/*
+   Copyright The containerd Authors.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+package server
+
+import (
+	"testing"
+
+	"github.com/containerd/containerd/v2/api/services/introspection/v1"
+	"github.com/stretchr/testify/assert"
+	runtime "k8s.io/cri-api/pkg/apis/runtime/v1"
+)
+
+func TestRuntimeConditionContainerdHasNoDeprecationWarnings(t *testing.T) {
+	deprecations := []*introspection.DeprecationWarning{
+		{
+			ID:      "io.containerd.deprecation/foo",
+			Message: "foo",
+		},
+	}
+
+	cond, err := runtimeConditionContainerdHasNoDeprecationWarnings(deprecations, nil)
+	assert.NoError(t, err)
+	assert.Equal(t, &runtime.RuntimeCondition{
+		Type:    ContainerdHasNoDeprecationWarnings,
+		Status:  false,
+		Reason:  ContainerdHasDeprecationWarnings,
+		Message: `{"io.containerd.deprecation/foo":"foo"}`,
+	}, cond)
+
+	cond, err = runtimeConditionContainerdHasNoDeprecationWarnings(deprecations, []string{"io.containerd.deprecation/foo"})
+	assert.NoError(t, err)
+	assert.Equal(t, &runtime.RuntimeCondition{
+		Type:   ContainerdHasNoDeprecationWarnings,
+		Status: true,
+	}, cond)
+}