diff --git a/pkg/cri/annotations/annotations.go b/pkg/cri/annotations/annotations.go index c8d7ae582..d8477486a 100644 --- a/pkg/cri/annotations/annotations.go +++ b/pkg/cri/annotations/annotations.go @@ -16,6 +16,12 @@ package annotations +import ( + "github.com/containerd/containerd/oci" + customopts "github.com/containerd/containerd/pkg/cri/opts" + runtime "k8s.io/cri-api/pkg/apis/runtime/v1" +) + // ContainerType values // Following OCI annotations are used by katacontainers now. // We'll switch to standard secure pod API after it is defined in CRI. @@ -85,3 +91,35 @@ const ( // WindowsHostProcess is used by hcsshim to identify windows pods that are running HostProcesses WindowsHostProcess = "microsoft.com/hostprocess-container" ) + +// DefaultCRIAnnotations are the default set of CRI annotations to +// pass to sandboxes and containers. +func DefaultCRIAnnotations( + sandboxID string, + containerName string, + imageName string, + config *runtime.PodSandboxConfig, + sandbox bool, +) []oci.SpecOpts { + opts := []oci.SpecOpts{ + customopts.WithAnnotation(SandboxID, sandboxID), + customopts.WithAnnotation(SandboxNamespace, config.GetMetadata().GetNamespace()), + customopts.WithAnnotation(SandboxUID, config.GetMetadata().GetUid()), + customopts.WithAnnotation(SandboxName, config.GetMetadata().GetName()), + } + ctrType := ContainerTypeContainer + if sandbox { + ctrType = ContainerTypeSandbox + // Sandbox log dir only gets passed for sandboxes, the other metadata always + // gets sent however. + opts = append(opts, customopts.WithAnnotation(SandboxLogDir, config.GetLogDirectory())) + } else { + // Image name and container name only get passed for containers.s + opts = append( + opts, + customopts.WithAnnotation(ContainerName, containerName), + customopts.WithAnnotation(ImageName, imageName), + ) + } + return append(opts, customopts.WithAnnotation(ContainerType, ctrType)) +} diff --git a/pkg/cri/sbserver/container_create.go b/pkg/cri/sbserver/container_create.go index a49e38e08..9ab6a3c6b 100644 --- a/pkg/cri/sbserver/container_create.go +++ b/pkg/cri/sbserver/container_create.go @@ -696,13 +696,10 @@ func (c *criService) buildLinuxSpec( customopts.WithOOMScoreAdj(config, c.config.RestrictOOMScoreAdj), customopts.WithPodNamespaces(securityContext, sandboxPid, targetPid, uids, gids), customopts.WithSupplementalGroups(supplementalGroups), - customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeContainer), - customopts.WithAnnotation(annotations.SandboxID, sandboxID), - customopts.WithAnnotation(annotations.SandboxNamespace, sandboxConfig.GetMetadata().GetNamespace()), - customopts.WithAnnotation(annotations.SandboxUID, sandboxConfig.GetMetadata().GetUid()), - customopts.WithAnnotation(annotations.SandboxName, sandboxConfig.GetMetadata().GetName()), - customopts.WithAnnotation(annotations.ContainerName, containerName), - customopts.WithAnnotation(annotations.ImageName, imageName), + ) + specOpts = append( + specOpts, + annotations.DefaultCRIAnnotations(sandboxID, containerName, imageName, sandboxConfig, false)..., ) // cgroupns is used for hiding /sys/fs/cgroup from containers. @@ -805,15 +802,9 @@ func (c *criService) buildWindowsSpec( specOpts = append(specOpts, customopts.WithAnnotation(pKey, pValue)) } + specOpts = append(specOpts, customopts.WithAnnotation(annotations.WindowsHostProcess, strconv.FormatBool(sandboxHpc))) specOpts = append(specOpts, - customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeContainer), - customopts.WithAnnotation(annotations.SandboxID, sandboxID), - customopts.WithAnnotation(annotations.SandboxNamespace, sandboxConfig.GetMetadata().GetNamespace()), - customopts.WithAnnotation(annotations.SandboxUID, sandboxConfig.GetMetadata().GetUid()), - customopts.WithAnnotation(annotations.SandboxName, sandboxConfig.GetMetadata().GetName()), - customopts.WithAnnotation(annotations.ContainerName, containerName), - customopts.WithAnnotation(annotations.ImageName, imageName), - customopts.WithAnnotation(annotations.WindowsHostProcess, strconv.FormatBool(sandboxHpc)), + annotations.DefaultCRIAnnotations(sandboxID, containerName, imageName, sandboxConfig, false)..., ) return specOpts, nil @@ -865,13 +856,7 @@ func (c *criService) buildDarwinSpec( } specOpts = append(specOpts, - customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeContainer), - customopts.WithAnnotation(annotations.SandboxID, sandboxID), - customopts.WithAnnotation(annotations.SandboxNamespace, sandboxConfig.GetMetadata().GetNamespace()), - customopts.WithAnnotation(annotations.SandboxUID, sandboxConfig.GetMetadata().GetUid()), - customopts.WithAnnotation(annotations.SandboxName, sandboxConfig.GetMetadata().GetName()), - customopts.WithAnnotation(annotations.ContainerName, containerName), - customopts.WithAnnotation(annotations.ImageName, imageName), + annotations.DefaultCRIAnnotations(sandboxID, containerName, imageName, sandboxConfig, false)..., ) return specOpts, nil diff --git a/pkg/cri/sbserver/podsandbox/sandbox_run_linux.go b/pkg/cri/sbserver/podsandbox/sandbox_run_linux.go index 179b46238..437d792ce 100644 --- a/pkg/cri/sbserver/podsandbox/sandbox_run_linux.go +++ b/pkg/cri/sbserver/podsandbox/sandbox_run_linux.go @@ -175,14 +175,7 @@ func (c *Controller) sandboxContainerSpec(id string, config *runtime.PodSandboxC specOpts = append(specOpts, customopts.WithAnnotation(pKey, pValue)) } - specOpts = append(specOpts, - customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeSandbox), - customopts.WithAnnotation(annotations.SandboxID, id), - customopts.WithAnnotation(annotations.SandboxNamespace, config.GetMetadata().GetNamespace()), - customopts.WithAnnotation(annotations.SandboxUID, config.GetMetadata().GetUid()), - customopts.WithAnnotation(annotations.SandboxName, config.GetMetadata().GetName()), - customopts.WithAnnotation(annotations.SandboxLogDir, config.GetLogDirectory()), - ) + specOpts = append(specOpts, annotations.DefaultCRIAnnotations(id, "", "", config, true)...) return c.runtimeSpec(id, "", specOpts...) } diff --git a/pkg/cri/sbserver/podsandbox/sandbox_run_other.go b/pkg/cri/sbserver/podsandbox/sandbox_run_other.go index 584ccc21a..6cadc76d9 100644 --- a/pkg/cri/sbserver/podsandbox/sandbox_run_other.go +++ b/pkg/cri/sbserver/podsandbox/sandbox_run_other.go @@ -22,7 +22,6 @@ import ( "github.com/containerd/containerd" "github.com/containerd/containerd/oci" "github.com/containerd/containerd/pkg/cri/annotations" - customopts "github.com/containerd/containerd/pkg/cri/opts" imagespec "github.com/opencontainers/image-spec/specs-go/v1" runtimespec "github.com/opencontainers/runtime-spec/specs-go" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" @@ -30,15 +29,7 @@ import ( func (c *Controller) sandboxContainerSpec(id string, config *runtime.PodSandboxConfig, imageConfig *imagespec.ImageConfig, nsPath string, runtimePodAnnotations []string) (_ *runtimespec.Spec, retErr error) { - specOpts := []oci.SpecOpts{ - customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeSandbox), - customopts.WithAnnotation(annotations.SandboxID, id), - customopts.WithAnnotation(annotations.SandboxNamespace, config.GetMetadata().GetNamespace()), - customopts.WithAnnotation(annotations.SandboxUID, config.GetMetadata().GetUid()), - customopts.WithAnnotation(annotations.SandboxName, config.GetMetadata().GetName()), - customopts.WithAnnotation(annotations.SandboxLogDir, config.GetLogDirectory()), - } - return c.runtimeSpec(id, "", specOpts...) + return c.runtimeSpec(id, "", annotations.DefaultCRIAnnotations(id, "", "", config, true)...) } // sandboxContainerSpecOpts generates OCI spec options for diff --git a/pkg/cri/sbserver/podsandbox/sandbox_run_windows.go b/pkg/cri/sbserver/podsandbox/sandbox_run_windows.go index 0dce2c0b3..48f6bd4e0 100644 --- a/pkg/cri/sbserver/podsandbox/sandbox_run_windows.go +++ b/pkg/cri/sbserver/podsandbox/sandbox_run_windows.go @@ -80,14 +80,9 @@ func (c *Controller) sandboxContainerSpec(id string, config *runtime.PodSandboxC specOpts = append(specOpts, customopts.WithAnnotation(pKey, pValue)) } + specOpts = append(specOpts, customopts.WithAnnotation(annotations.WindowsHostProcess, strconv.FormatBool(config.GetWindows().GetSecurityContext().GetHostProcess()))) specOpts = append(specOpts, - customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeSandbox), - customopts.WithAnnotation(annotations.SandboxID, id), - customopts.WithAnnotation(annotations.SandboxNamespace, config.GetMetadata().GetNamespace()), - customopts.WithAnnotation(annotations.SandboxUID, config.GetMetadata().GetUid()), - customopts.WithAnnotation(annotations.SandboxName, config.GetMetadata().GetName()), - customopts.WithAnnotation(annotations.SandboxLogDir, config.GetLogDirectory()), - customopts.WithAnnotation(annotations.WindowsHostProcess, strconv.FormatBool(config.GetWindows().GetSecurityContext().GetHostProcess())), + annotations.DefaultCRIAnnotations(id, "", "", config, true)..., ) return c.runtimeSpec(id, "", specOpts...) diff --git a/pkg/cri/server/container_create_linux.go b/pkg/cri/server/container_create_linux.go index a93c71881..d4e41b508 100644 --- a/pkg/cri/server/container_create_linux.go +++ b/pkg/cri/server/container_create_linux.go @@ -327,13 +327,9 @@ func (c *criService) containerSpec( customopts.WithOOMScoreAdj(config, c.config.RestrictOOMScoreAdj), customopts.WithPodNamespaces(securityContext, sandboxPid, targetPid, uids, gids), customopts.WithSupplementalGroups(supplementalGroups), - customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeContainer), - customopts.WithAnnotation(annotations.SandboxID, sandboxID), - customopts.WithAnnotation(annotations.SandboxNamespace, sandboxConfig.GetMetadata().GetNamespace()), - customopts.WithAnnotation(annotations.SandboxUID, sandboxConfig.GetMetadata().GetUid()), - customopts.WithAnnotation(annotations.SandboxName, sandboxConfig.GetMetadata().GetName()), - customopts.WithAnnotation(annotations.ContainerName, containerName), - customopts.WithAnnotation(annotations.ImageName, imageName), + ) + specOpts = append(specOpts, + annotations.DefaultCRIAnnotations(sandboxID, containerName, imageName, sandboxConfig, false)..., ) // cgroupns is used for hiding /sys/fs/cgroup from containers. // For compatibility, cgroupns is not used when running in cgroup v1 mode or in privileged. diff --git a/pkg/cri/server/container_create_other.go b/pkg/cri/server/container_create_other.go index c3a561b7d..84b56e407 100644 --- a/pkg/cri/server/container_create_other.go +++ b/pkg/cri/server/container_create_other.go @@ -27,7 +27,6 @@ import ( "github.com/containerd/containerd/pkg/cri/annotations" "github.com/containerd/containerd/pkg/cri/config" - customopts "github.com/containerd/containerd/pkg/cri/opts" ) // containerMounts sets up necessary container system file mounts @@ -49,16 +48,8 @@ func (c *criService) containerSpec( extraMounts []*runtime.Mount, ociRuntime config.Runtime, ) (_ *runtimespec.Spec, retErr error) { - specOpts := []oci.SpecOpts{ - customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeContainer), - customopts.WithAnnotation(annotations.SandboxID, sandboxID), - customopts.WithAnnotation(annotations.SandboxNamespace, sandboxConfig.GetMetadata().GetNamespace()), - customopts.WithAnnotation(annotations.SandboxUID, sandboxConfig.GetMetadata().GetUid()), - customopts.WithAnnotation(annotations.SandboxName, sandboxConfig.GetMetadata().GetName()), - customopts.WithAnnotation(annotations.ContainerName, containerName), - customopts.WithAnnotation(annotations.ImageName, imageName), - } - return c.runtimeSpec(id, ociRuntime.BaseRuntimeSpec, specOpts...) + specOpts := annotations.DefaultCRIAnnotations(id, containerName, imageName, sandboxConfig, false) + return c.runtimeSpec(sandboxID, ociRuntime.BaseRuntimeSpec, specOpts...) } func (c *criService) containerSpecOpts(config *runtime.ContainerConfig, imageConfig *imagespec.ImageConfig) ([]oci.SpecOpts, error) { diff --git a/pkg/cri/server/container_create_windows.go b/pkg/cri/server/container_create_windows.go index 8116c5d3a..c5ba138c4 100644 --- a/pkg/cri/server/container_create_windows.go +++ b/pkg/cri/server/container_create_windows.go @@ -127,16 +127,11 @@ func (c *criService) containerSpec( specOpts = append(specOpts, customopts.WithAnnotation(pKey, pValue)) } + specOpts = append(specOpts, customopts.WithAnnotation(annotations.WindowsHostProcess, strconv.FormatBool(sandboxHpc))) specOpts = append(specOpts, - customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeContainer), - customopts.WithAnnotation(annotations.SandboxID, sandboxID), - customopts.WithAnnotation(annotations.SandboxNamespace, sandboxConfig.GetMetadata().GetNamespace()), - customopts.WithAnnotation(annotations.SandboxUID, sandboxConfig.GetMetadata().GetUid()), - customopts.WithAnnotation(annotations.SandboxName, sandboxConfig.GetMetadata().GetName()), - customopts.WithAnnotation(annotations.ContainerName, containerName), - customopts.WithAnnotation(annotations.ImageName, imageName), - customopts.WithAnnotation(annotations.WindowsHostProcess, strconv.FormatBool(sandboxHpc)), + annotations.DefaultCRIAnnotations(sandboxID, containerName, imageName, sandboxConfig, false)..., ) + return c.runtimeSpec(id, ociRuntime.BaseRuntimeSpec, specOpts...) } diff --git a/pkg/cri/server/sandbox_run_linux.go b/pkg/cri/server/sandbox_run_linux.go index ee5d3fb10..381b38b89 100644 --- a/pkg/cri/server/sandbox_run_linux.go +++ b/pkg/cri/server/sandbox_run_linux.go @@ -193,14 +193,7 @@ func (c *criService) sandboxContainerSpec(id string, config *runtime.PodSandboxC specOpts = append(specOpts, customopts.WithAnnotation(pKey, pValue)) } - specOpts = append(specOpts, - customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeSandbox), - customopts.WithAnnotation(annotations.SandboxID, id), - customopts.WithAnnotation(annotations.SandboxNamespace, config.GetMetadata().GetNamespace()), - customopts.WithAnnotation(annotations.SandboxUID, config.GetMetadata().GetUid()), - customopts.WithAnnotation(annotations.SandboxName, config.GetMetadata().GetName()), - customopts.WithAnnotation(annotations.SandboxLogDir, config.GetLogDirectory()), - ) + specOpts = append(specOpts, annotations.DefaultCRIAnnotations(id, "", "", config, true)...) return c.runtimeSpec(id, "", specOpts...) } diff --git a/pkg/cri/server/sandbox_run_other.go b/pkg/cri/server/sandbox_run_other.go index fa575be70..16faf6229 100644 --- a/pkg/cri/server/sandbox_run_other.go +++ b/pkg/cri/server/sandbox_run_other.go @@ -22,7 +22,6 @@ import ( "github.com/containerd/containerd" "github.com/containerd/containerd/oci" "github.com/containerd/containerd/pkg/cri/annotations" - customopts "github.com/containerd/containerd/pkg/cri/opts" "github.com/containerd/containerd/snapshots" imagespec "github.com/opencontainers/image-spec/specs-go/v1" runtimespec "github.com/opencontainers/runtime-spec/specs-go" @@ -31,15 +30,7 @@ import ( func (c *criService) sandboxContainerSpec(id string, config *runtime.PodSandboxConfig, imageConfig *imagespec.ImageConfig, nsPath string, runtimePodAnnotations []string) (_ *runtimespec.Spec, retErr error) { - specOpts := []oci.SpecOpts{ - customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeSandbox), - customopts.WithAnnotation(annotations.SandboxID, id), - customopts.WithAnnotation(annotations.SandboxNamespace, config.GetMetadata().GetNamespace()), - customopts.WithAnnotation(annotations.SandboxUID, config.GetMetadata().GetUid()), - customopts.WithAnnotation(annotations.SandboxName, config.GetMetadata().GetName()), - customopts.WithAnnotation(annotations.SandboxLogDir, config.GetLogDirectory()), - } - return c.runtimeSpec(id, "", specOpts...) + return c.runtimeSpec(id, "", annotations.DefaultCRIAnnotations(id, "", "", config, true)...) } // sandboxContainerSpecOpts generates OCI spec options for diff --git a/pkg/cri/server/sandbox_run_windows.go b/pkg/cri/server/sandbox_run_windows.go index 10b9b2faf..2fea7513a 100644 --- a/pkg/cri/server/sandbox_run_windows.go +++ b/pkg/cri/server/sandbox_run_windows.go @@ -81,14 +81,9 @@ func (c *criService) sandboxContainerSpec(id string, config *runtime.PodSandboxC specOpts = append(specOpts, customopts.WithAnnotation(pKey, pValue)) } + specOpts = append(specOpts, customopts.WithAnnotation(annotations.WindowsHostProcess, strconv.FormatBool(config.GetWindows().GetSecurityContext().GetHostProcess()))) specOpts = append(specOpts, - customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeSandbox), - customopts.WithAnnotation(annotations.SandboxID, id), - customopts.WithAnnotation(annotations.SandboxNamespace, config.GetMetadata().GetNamespace()), - customopts.WithAnnotation(annotations.SandboxUID, config.GetMetadata().GetUid()), - customopts.WithAnnotation(annotations.SandboxName, config.GetMetadata().GetName()), - customopts.WithAnnotation(annotations.SandboxLogDir, config.GetLogDirectory()), - customopts.WithAnnotation(annotations.WindowsHostProcess, strconv.FormatBool(config.GetWindows().GetSecurityContext().GetHostProcess())), + annotations.DefaultCRIAnnotations(id, "", "", config, true)..., ) return c.runtimeSpec(id, "", specOpts...)