github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

CRI: Create DefaultCRIAnnotations helper

Browse Source 
All of the CRI sandbox and container specs all get assigned
almost the exact same default annotations (sandboxID, name, metadata,
container type etc.) so lets make a helper to return the right set for
a sandbox or regular workload container.

Signed-off-by: Danny Canter <danny@dcantah.dev>
This commit is contained in:
Danny Canter 2023-02-11 07:46:26 -08:00
parent 5aab634e14
commit 646bc3a94e
11 changed files with 61 additions and 98 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
pkg/cri/annotations/annotations.go
View File

@ -16,6 +16,12 @@
package annotations package annotations
import (
"github.com/containerd/containerd/oci"
customopts "github.com/containerd/containerd/pkg/cri/opts"
runtime "k8s.io/cri-api/pkg/apis/runtime/v1"
)
// ContainerType values // ContainerType values
// Following OCI annotations are used by katacontainers now. // Following OCI annotations are used by katacontainers now.
// We'll switch to standard secure pod API after it is defined in CRI. // We'll switch to standard secure pod API after it is defined in CRI.
@ -85,3 +91,35 @@ const (
// WindowsHostProcess is used by hcsshim to identify windows pods that are running HostProcesses // WindowsHostProcess is used by hcsshim to identify windows pods that are running HostProcesses
WindowsHostProcess = "microsoft.com/hostprocess-container" WindowsHostProcess = "microsoft.com/hostprocess-container"
) )
// DefaultCRIAnnotations are the default set of CRI annotations to
// pass to sandboxes and containers.
func DefaultCRIAnnotations(
sandboxID string,
containerName string,
imageName string,
config *runtime.PodSandboxConfig,
sandbox bool,
) []oci.SpecOpts {
opts := []oci.SpecOpts{
customopts.WithAnnotation(SandboxID, sandboxID),
customopts.WithAnnotation(SandboxNamespace, config.GetMetadata().GetNamespace()),
customopts.WithAnnotation(SandboxUID, config.GetMetadata().GetUid()),
customopts.WithAnnotation(SandboxName, config.GetMetadata().GetName()),
}
ctrType := ContainerTypeContainer
if sandbox {
ctrType = ContainerTypeSandbox
// Sandbox log dir only gets passed for sandboxes, the other metadata always
// gets sent however.
opts = append(opts, customopts.WithAnnotation(SandboxLogDir, config.GetLogDirectory()))
} else {
// Image name and container name only get passed for containers.s
opts = append(
opts,
customopts.WithAnnotation(ContainerName, containerName),
customopts.WithAnnotation(ImageName, imageName),
)
}
return append(opts, customopts.WithAnnotation(ContainerType, ctrType))
}

29
pkg/cri/sbserver/container_create.go
View File

@ -696,13 +696,10 @@ func (c *criService) buildLinuxSpec(
customopts.WithOOMScoreAdj(config, c.config.RestrictOOMScoreAdj), customopts.WithOOMScoreAdj(config, c.config.RestrictOOMScoreAdj),
customopts.WithPodNamespaces(securityContext, sandboxPid, targetPid, uids, gids), customopts.WithPodNamespaces(securityContext, sandboxPid, targetPid, uids, gids),
customopts.WithSupplementalGroups(supplementalGroups), customopts.WithSupplementalGroups(supplementalGroups),
customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeContainer), )
customopts.WithAnnotation(annotations.SandboxID, sandboxID), specOpts = append(
customopts.WithAnnotation(annotations.SandboxNamespace, sandboxConfig.GetMetadata().GetNamespace()), specOpts,
customopts.WithAnnotation(annotations.SandboxUID, sandboxConfig.GetMetadata().GetUid()), annotations.DefaultCRIAnnotations(sandboxID, containerName, imageName, sandboxConfig, false)...,
customopts.WithAnnotation(annotations.SandboxName, sandboxConfig.GetMetadata().GetName()),
customopts.WithAnnotation(annotations.ContainerName, containerName),
customopts.WithAnnotation(annotations.ImageName, imageName),
) )
// cgroupns is used for hiding /sys/fs/cgroup from containers. // cgroupns is used for hiding /sys/fs/cgroup from containers.
@ -805,15 +802,9 @@ func (c *criService) buildWindowsSpec(
specOpts = append(specOpts, customopts.WithAnnotation(pKey, pValue)) specOpts = append(specOpts, customopts.WithAnnotation(pKey, pValue))
} }
specOpts = append(specOpts, customopts.WithAnnotation(annotations.WindowsHostProcess, strconv.FormatBool(sandboxHpc)))
specOpts = append(specOpts, specOpts = append(specOpts,
customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeContainer), annotations.DefaultCRIAnnotations(sandboxID, containerName, imageName, sandboxConfig, false)...,
customopts.WithAnnotation(annotations.SandboxID, sandboxID),
customopts.WithAnnotation(annotations.SandboxNamespace, sandboxConfig.GetMetadata().GetNamespace()),
customopts.WithAnnotation(annotations.SandboxUID, sandboxConfig.GetMetadata().GetUid()),
customopts.WithAnnotation(annotations.SandboxName, sandboxConfig.GetMetadata().GetName()),
customopts.WithAnnotation(annotations.ContainerName, containerName),
customopts.WithAnnotation(annotations.ImageName, imageName),
customopts.WithAnnotation(annotations.WindowsHostProcess, strconv.FormatBool(sandboxHpc)),
) )
return specOpts, nil return specOpts, nil
@ -865,13 +856,7 @@ func (c *criService) buildDarwinSpec(
} }
specOpts = append(specOpts, specOpts = append(specOpts,
customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeContainer), annotations.DefaultCRIAnnotations(sandboxID, containerName, imageName, sandboxConfig, false)...,
customopts.WithAnnotation(annotations.SandboxID, sandboxID),
customopts.WithAnnotation(annotations.SandboxNamespace, sandboxConfig.GetMetadata().GetNamespace()),
customopts.WithAnnotation(annotations.SandboxUID, sandboxConfig.GetMetadata().GetUid()),
customopts.WithAnnotation(annotations.SandboxName, sandboxConfig.GetMetadata().GetName()),
customopts.WithAnnotation(annotations.ContainerName, containerName),
customopts.WithAnnotation(annotations.ImageName, imageName),
) )
return specOpts, nil return specOpts, nil

9
pkg/cri/sbserver/podsandbox/sandbox_run_linux.go
View File

@ -175,14 +175,7 @@ func (c *Controller) sandboxContainerSpec(id string, config *runtime.PodSandboxC
specOpts = append(specOpts, customopts.WithAnnotation(pKey, pValue)) specOpts = append(specOpts, customopts.WithAnnotation(pKey, pValue))
} }
specOpts = append(specOpts, specOpts = append(specOpts, annotations.DefaultCRIAnnotations(id, "", "", config, true)...)
customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeSandbox),
customopts.WithAnnotation(annotations.SandboxID, id),
customopts.WithAnnotation(annotations.SandboxNamespace, config.GetMetadata().GetNamespace()),
customopts.WithAnnotation(annotations.SandboxUID, config.GetMetadata().GetUid()),
customopts.WithAnnotation(annotations.SandboxName, config.GetMetadata().GetName()),
customopts.WithAnnotation(annotations.SandboxLogDir, config.GetLogDirectory()),
)
return c.runtimeSpec(id, "", specOpts...) return c.runtimeSpec(id, "", specOpts...)
} }

11
pkg/cri/sbserver/podsandbox/sandbox_run_other.go
View File

@ -22,7 +22,6 @@ import (
"github.com/containerd/containerd" "github.com/containerd/containerd"
"github.com/containerd/containerd/oci" "github.com/containerd/containerd/oci"
"github.com/containerd/containerd/pkg/cri/annotations" "github.com/containerd/containerd/pkg/cri/annotations"
customopts "github.com/containerd/containerd/pkg/cri/opts"
imagespec "github.com/opencontainers/image-spec/specs-go/v1" imagespec "github.com/opencontainers/image-spec/specs-go/v1"
runtimespec "github.com/opencontainers/runtime-spec/specs-go" runtimespec "github.com/opencontainers/runtime-spec/specs-go"
runtime "k8s.io/cri-api/pkg/apis/runtime/v1" runtime "k8s.io/cri-api/pkg/apis/runtime/v1"
@ -30,15 +29,7 @@ import (
func (c *Controller) sandboxContainerSpec(id string, config *runtime.PodSandboxConfig, func (c *Controller) sandboxContainerSpec(id string, config *runtime.PodSandboxConfig,
imageConfig *imagespec.ImageConfig, nsPath string, runtimePodAnnotations []string) (_ *runtimespec.Spec, retErr error) { imageConfig *imagespec.ImageConfig, nsPath string, runtimePodAnnotations []string) (_ *runtimespec.Spec, retErr error) {
specOpts := []oci.SpecOpts{ return c.runtimeSpec(id, "", annotations.DefaultCRIAnnotations(id, "", "", config, true)...)
customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeSandbox),
customopts.WithAnnotation(annotations.SandboxID, id),
customopts.WithAnnotation(annotations.SandboxNamespace, config.GetMetadata().GetNamespace()),
customopts.WithAnnotation(annotations.SandboxUID, config.GetMetadata().GetUid()),
customopts.WithAnnotation(annotations.SandboxName, config.GetMetadata().GetName()),
customopts.WithAnnotation(annotations.SandboxLogDir, config.GetLogDirectory()),
}
return c.runtimeSpec(id, "", specOpts...)
} }
// sandboxContainerSpecOpts generates OCI spec options for // sandboxContainerSpecOpts generates OCI spec options for

9
pkg/cri/sbserver/podsandbox/sandbox_run_windows.go
View File

@ -80,14 +80,9 @@ func (c *Controller) sandboxContainerSpec(id string, config *runtime.PodSandboxC
specOpts = append(specOpts, customopts.WithAnnotation(pKey, pValue)) specOpts = append(specOpts, customopts.WithAnnotation(pKey, pValue))
} }
specOpts = append(specOpts, customopts.WithAnnotation(annotations.WindowsHostProcess, strconv.FormatBool(config.GetWindows().GetSecurityContext().GetHostProcess())))
specOpts = append(specOpts, specOpts = append(specOpts,
customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeSandbox), annotations.DefaultCRIAnnotations(id, "", "", config, true)...,
customopts.WithAnnotation(annotations.SandboxID, id),
customopts.WithAnnotation(annotations.SandboxNamespace, config.GetMetadata().GetNamespace()),
customopts.WithAnnotation(annotations.SandboxUID, config.GetMetadata().GetUid()),
customopts.WithAnnotation(annotations.SandboxName, config.GetMetadata().GetName()),
customopts.WithAnnotation(annotations.SandboxLogDir, config.GetLogDirectory()),
customopts.WithAnnotation(annotations.WindowsHostProcess, strconv.FormatBool(config.GetWindows().GetSecurityContext().GetHostProcess())),
) )
return c.runtimeSpec(id, "", specOpts...) return c.runtimeSpec(id, "", specOpts...)

10
pkg/cri/server/container_create_linux.go
View File

@ -327,13 +327,9 @@ func (c *criService) containerSpec(
customopts.WithOOMScoreAdj(config, c.config.RestrictOOMScoreAdj), customopts.WithOOMScoreAdj(config, c.config.RestrictOOMScoreAdj),
customopts.WithPodNamespaces(securityContext, sandboxPid, targetPid, uids, gids), customopts.WithPodNamespaces(securityContext, sandboxPid, targetPid, uids, gids),
customopts.WithSupplementalGroups(supplementalGroups), customopts.WithSupplementalGroups(supplementalGroups),
customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeContainer), )
customopts.WithAnnotation(annotations.SandboxID, sandboxID), specOpts = append(specOpts,
customopts.WithAnnotation(annotations.SandboxNamespace, sandboxConfig.GetMetadata().GetNamespace()), annotations.DefaultCRIAnnotations(sandboxID, containerName, imageName, sandboxConfig, false)...,
customopts.WithAnnotation(annotations.SandboxUID, sandboxConfig.GetMetadata().GetUid()),
customopts.WithAnnotation(annotations.SandboxName, sandboxConfig.GetMetadata().GetName()),
customopts.WithAnnotation(annotations.ContainerName, containerName),
customopts.WithAnnotation(annotations.ImageName, imageName),
) )
// cgroupns is used for hiding /sys/fs/cgroup from containers. // cgroupns is used for hiding /sys/fs/cgroup from containers.
// For compatibility, cgroupns is not used when running in cgroup v1 mode or in privileged. // For compatibility, cgroupns is not used when running in cgroup v1 mode or in privileged.

13
pkg/cri/server/container_create_other.go
View File

@ -27,7 +27,6 @@ import (
"github.com/containerd/containerd/pkg/cri/annotations" "github.com/containerd/containerd/pkg/cri/annotations"
"github.com/containerd/containerd/pkg/cri/config" "github.com/containerd/containerd/pkg/cri/config"
customopts "github.com/containerd/containerd/pkg/cri/opts"
) )
// containerMounts sets up necessary container system file mounts // containerMounts sets up necessary container system file mounts
@ -49,16 +48,8 @@ func (c *criService) containerSpec(
extraMounts []*runtime.Mount, extraMounts []*runtime.Mount,
ociRuntime config.Runtime, ociRuntime config.Runtime,
) (_ *runtimespec.Spec, retErr error) { ) (_ *runtimespec.Spec, retErr error) {
specOpts := []oci.SpecOpts{ specOpts := annotations.DefaultCRIAnnotations(id, containerName, imageName, sandboxConfig, false)
customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeContainer), return c.runtimeSpec(sandboxID, ociRuntime.BaseRuntimeSpec, specOpts...)
customopts.WithAnnotation(annotations.SandboxID, sandboxID),
customopts.WithAnnotation(annotations.SandboxNamespace, sandboxConfig.GetMetadata().GetNamespace()),
customopts.WithAnnotation(annotations.SandboxUID, sandboxConfig.GetMetadata().GetUid()),
customopts.WithAnnotation(annotations.SandboxName, sandboxConfig.GetMetadata().GetName()),
customopts.WithAnnotation(annotations.ContainerName, containerName),
customopts.WithAnnotation(annotations.ImageName, imageName),
}
return c.runtimeSpec(id, ociRuntime.BaseRuntimeSpec, specOpts...)
} }
func (c *criService) containerSpecOpts(config *runtime.ContainerConfig, imageConfig *imagespec.ImageConfig) ([]oci.SpecOpts, error) { func (c *criService) containerSpecOpts(config *runtime.ContainerConfig, imageConfig *imagespec.ImageConfig) ([]oci.SpecOpts, error) {

11
pkg/cri/server/container_create_windows.go
View File

@ -127,16 +127,11 @@ func (c *criService) containerSpec(
specOpts = append(specOpts, customopts.WithAnnotation(pKey, pValue)) specOpts = append(specOpts, customopts.WithAnnotation(pKey, pValue))
} }
specOpts = append(specOpts, customopts.WithAnnotation(annotations.WindowsHostProcess, strconv.FormatBool(sandboxHpc)))
specOpts = append(specOpts, specOpts = append(specOpts,
customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeContainer), annotations.DefaultCRIAnnotations(sandboxID, containerName, imageName, sandboxConfig, false)...,
customopts.WithAnnotation(annotations.SandboxID, sandboxID),
customopts.WithAnnotation(annotations.SandboxNamespace, sandboxConfig.GetMetadata().GetNamespace()),
customopts.WithAnnotation(annotations.SandboxUID, sandboxConfig.GetMetadata().GetUid()),
customopts.WithAnnotation(annotations.SandboxName, sandboxConfig.GetMetadata().GetName()),
customopts.WithAnnotation(annotations.ContainerName, containerName),
customopts.WithAnnotation(annotations.ImageName, imageName),
customopts.WithAnnotation(annotations.WindowsHostProcess, strconv.FormatBool(sandboxHpc)),
) )
return c.runtimeSpec(id, ociRuntime.BaseRuntimeSpec, specOpts...) return c.runtimeSpec(id, ociRuntime.BaseRuntimeSpec, specOpts...)
} }

9
pkg/cri/server/sandbox_run_linux.go
View File

@ -193,14 +193,7 @@ func (c *criService) sandboxContainerSpec(id string, config *runtime.PodSandboxC
specOpts = append(specOpts, customopts.WithAnnotation(pKey, pValue)) specOpts = append(specOpts, customopts.WithAnnotation(pKey, pValue))
} }
specOpts = append(specOpts, specOpts = append(specOpts, annotations.DefaultCRIAnnotations(id, "", "", config, true)...)
customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeSandbox),
customopts.WithAnnotation(annotations.SandboxID, id),
customopts.WithAnnotation(annotations.SandboxNamespace, config.GetMetadata().GetNamespace()),
customopts.WithAnnotation(annotations.SandboxUID, config.GetMetadata().GetUid()),
customopts.WithAnnotation(annotations.SandboxName, config.GetMetadata().GetName()),
customopts.WithAnnotation(annotations.SandboxLogDir, config.GetLogDirectory()),
)
return c.runtimeSpec(id, "", specOpts...) return c.runtimeSpec(id, "", specOpts...)
} }

11
pkg/cri/server/sandbox_run_other.go
View File

@ -22,7 +22,6 @@ import (
"github.com/containerd/containerd" "github.com/containerd/containerd"
"github.com/containerd/containerd/oci" "github.com/containerd/containerd/oci"
"github.com/containerd/containerd/pkg/cri/annotations" "github.com/containerd/containerd/pkg/cri/annotations"
customopts "github.com/containerd/containerd/pkg/cri/opts"
"github.com/containerd/containerd/snapshots" "github.com/containerd/containerd/snapshots"
imagespec "github.com/opencontainers/image-spec/specs-go/v1" imagespec "github.com/opencontainers/image-spec/specs-go/v1"
runtimespec "github.com/opencontainers/runtime-spec/specs-go" runtimespec "github.com/opencontainers/runtime-spec/specs-go"
@ -31,15 +30,7 @@ import (
func (c *criService) sandboxContainerSpec(id string, config *runtime.PodSandboxConfig, func (c *criService) sandboxContainerSpec(id string, config *runtime.PodSandboxConfig,
imageConfig *imagespec.ImageConfig, nsPath string, runtimePodAnnotations []string) (_ *runtimespec.Spec, retErr error) { imageConfig *imagespec.ImageConfig, nsPath string, runtimePodAnnotations []string) (_ *runtimespec.Spec, retErr error) {
specOpts := []oci.SpecOpts{ return c.runtimeSpec(id, "", annotations.DefaultCRIAnnotations(id, "", "", config, true)...)
customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeSandbox),
customopts.WithAnnotation(annotations.SandboxID, id),
customopts.WithAnnotation(annotations.SandboxNamespace, config.GetMetadata().GetNamespace()),
customopts.WithAnnotation(annotations.SandboxUID, config.GetMetadata().GetUid()),
customopts.WithAnnotation(annotations.SandboxName, config.GetMetadata().GetName()),
customopts.WithAnnotation(annotations.SandboxLogDir, config.GetLogDirectory()),
}
return c.runtimeSpec(id, "", specOpts...)
} }
// sandboxContainerSpecOpts generates OCI spec options for // sandboxContainerSpecOpts generates OCI spec options for

9
pkg/cri/server/sandbox_run_windows.go
View File

@ -81,14 +81,9 @@ func (c *criService) sandboxContainerSpec(id string, config *runtime.PodSandboxC
specOpts = append(specOpts, customopts.WithAnnotation(pKey, pValue)) specOpts = append(specOpts, customopts.WithAnnotation(pKey, pValue))
} }
specOpts = append(specOpts, customopts.WithAnnotation(annotations.WindowsHostProcess, strconv.FormatBool(config.GetWindows().GetSecurityContext().GetHostProcess())))
specOpts = append(specOpts, specOpts = append(specOpts,
customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeSandbox), annotations.DefaultCRIAnnotations(id, "", "", config, true)...,
customopts.WithAnnotation(annotations.SandboxID, id),
customopts.WithAnnotation(annotations.SandboxNamespace, config.GetMetadata().GetNamespace()),
customopts.WithAnnotation(annotations.SandboxUID, config.GetMetadata().GetUid()),
customopts.WithAnnotation(annotations.SandboxName, config.GetMetadata().GetName()),
customopts.WithAnnotation(annotations.SandboxLogDir, config.GetLogDirectory()),
customopts.WithAnnotation(annotations.WindowsHostProcess, strconv.FormatBool(config.GetWindows().GetSecurityContext().GetHostProcess())),
) )
return c.runtimeSpec(id, "", specOpts...) return c.runtimeSpec(id, "", specOpts...)