cri: add annotations for pod name and namespace

cri-o has annotations for pod name, namespace and container name: https://github.com/containers/podman/blob/master/pkg/annotations/annotations.go But so far containerd had only the container name. This patch will be useful for seccomp agents to have a different behaviour depending on the pod (see runtime-spec PR 1074 and runc PR 2682). This should simplify the code in: b2d423695d/pkg/kuberesolver/kuberesolver.go (L16-L27) Signed-off-by: Alban Crequy <alban@kinvolk.io>
2021-01-11 13:44:09 +01:00
parent 20346607b9
commit 28e4fb25f4
9 changed files with 39 additions and 1 deletions
--- a/pkg/cri/server/container_create_linux.go
+++ b/pkg/cri/server/container_create_linux.go
@@ -260,6 +260,8 @@ func (c *criService) containerSpec(id string, sandboxID string, sandboxPid uint3
 		customopts.WithSupplementalGroups(supplementalGroups),
 		customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeContainer),
 		customopts.WithAnnotation(annotations.SandboxID, sandboxID),
+		customopts.WithAnnotation(annotations.SandboxNamespace, sandboxConfig.GetMetadata().GetNamespace()),
+		customopts.WithAnnotation(annotations.SandboxName, sandboxConfig.GetMetadata().GetName()),
 		customopts.WithAnnotation(annotations.ContainerName, containerName),
 	)
 	// cgroupns is used for hiding /sys/fs/cgroup from containers.