diff --git a/internal/cri/annotations/annotations.go b/internal/cri/annotations/annotations.go index a6aa15109..c1fae1944 100644 --- a/internal/cri/annotations/annotations.go +++ b/internal/cri/annotations/annotations.go @@ -78,6 +78,9 @@ const ( // ImageName is the name of the image used to create the container ImageName = "io.kubernetes.cri.image-name" + // SandboxImageName is the name of the sandbox image + SandboxImageName = "io.kubernetes.cri.podsandbox.image-name" + // PodAnnotations are the annotations of the pod PodAnnotations = "io.kubernetes.cri.pod-annotations" @@ -110,11 +113,15 @@ func DefaultCRIAnnotations( ctrType := ContainerTypeContainer if sandbox { ctrType = ContainerTypeSandbox - // Sandbox log dir only gets passed for sandboxes, the other metadata always + // Sandbox log dir and sandbox image name get passed for sandboxes, the other metadata always // gets sent however. - opts = append(opts, customopts.WithAnnotation(SandboxLogDir, config.GetLogDirectory())) + opts = append( + opts, + customopts.WithAnnotation(SandboxLogDir, config.GetLogDirectory()), + customopts.WithAnnotation(SandboxImageName, imageName), + ) } else { - // Image name and container name only get passed for containers.s + // Image name and container name get passed for containers. opts = append( opts, customopts.WithAnnotation(ContainerName, containerName), diff --git a/internal/cri/server/podsandbox/sandbox_run.go b/internal/cri/server/podsandbox/sandbox_run.go index ae2fc6a9d..389689703 100644 --- a/internal/cri/server/podsandbox/sandbox_run.go +++ b/internal/cri/server/podsandbox/sandbox_run.go @@ -75,10 +75,7 @@ func (c *Controller) Start(ctx context.Context, id string) (cin sandbox.Controll labels = map[string]string{} ) - sandboxImage := c.imageService.PinnedImage("sandbox") - if sandboxImage == "" { - sandboxImage = criconfig.DefaultSandboxImage - } + sandboxImage := c.getSandboxImageName() // Ensure sandbox container image snapshot. image, err := c.ensureImageExists(ctx, sandboxImage, config, metadata.RuntimeHandler) if err != nil { @@ -321,3 +318,15 @@ func (c *Controller) ensureImageExists(ctx context.Context, ref string, config * } return &newImage, nil } + +func (c *Controller) getSandboxImageName() string { + // returns the name of the sandbox image used to scope pod shared resources used by the pod's containers, + // if empty return the default sandbox image. + if c.imageService != nil { + sandboxImage := c.imageService.PinnedImage("sandbox") + if sandboxImage != "" { + return sandboxImage + } + } + return criconfig.DefaultSandboxImage +} diff --git a/internal/cri/server/podsandbox/sandbox_run_linux.go b/internal/cri/server/podsandbox/sandbox_run_linux.go index 125756b31..e7fd1c941 100644 --- a/internal/cri/server/podsandbox/sandbox_run_linux.go +++ b/internal/cri/server/podsandbox/sandbox_run_linux.go @@ -193,7 +193,7 @@ func (c *Controller) sandboxContainerSpec(id string, config *runtime.PodSandboxC specOpts = append(specOpts, customopts.WithAnnotation(pKey, pValue)) } - specOpts = append(specOpts, annotations.DefaultCRIAnnotations(id, "", "", config, true)...) + specOpts = append(specOpts, annotations.DefaultCRIAnnotations(id, "", c.getSandboxImageName(), config, true)...) return c.runtimeSpec(id, "", specOpts...) } diff --git a/internal/cri/server/podsandbox/sandbox_run_other.go b/internal/cri/server/podsandbox/sandbox_run_other.go index 9aef21b8b..e0ef284f6 100644 --- a/internal/cri/server/podsandbox/sandbox_run_other.go +++ b/internal/cri/server/podsandbox/sandbox_run_other.go @@ -29,7 +29,7 @@ import ( func (c *Controller) sandboxContainerSpec(id string, config *runtime.PodSandboxConfig, imageConfig *imagespec.ImageConfig, nsPath string, runtimePodAnnotations []string) (_ *runtimespec.Spec, retErr error) { - return c.runtimeSpec(id, "", annotations.DefaultCRIAnnotations(id, "", "", config, true)...) + return c.runtimeSpec(id, "", annotations.DefaultCRIAnnotations(id, "", c.getSandboxImageName(), config, true)...) } // sandboxContainerSpecOpts generates OCI spec options for diff --git a/internal/cri/server/podsandbox/sandbox_run_windows.go b/internal/cri/server/podsandbox/sandbox_run_windows.go index cf8cad493..a7ad590df 100644 --- a/internal/cri/server/podsandbox/sandbox_run_windows.go +++ b/internal/cri/server/podsandbox/sandbox_run_windows.go @@ -81,8 +81,9 @@ func (c *Controller) sandboxContainerSpec(id string, config *runtime.PodSandboxC } specOpts = append(specOpts, customopts.WithAnnotation(annotations.WindowsHostProcess, strconv.FormatBool(config.GetWindows().GetSecurityContext().GetHostProcess()))) + specOpts = append(specOpts, - annotations.DefaultCRIAnnotations(id, "", "", config, true)..., + annotations.DefaultCRIAnnotations(id, "", c.getSandboxImageName(), config, true)..., ) return c.runtimeSpec(id, "", specOpts...)