pkg/cri/server: experimental NRI integration for CRI.

Implement the adaptation interface required by the NRI service plugin to handle CRI sandboxes and containers. Hook the NRI service plugin into CRI request processing. Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
2021-03-24 17:17:38 +02:00
parent 43704ca888
commit b27ef6f169
20 changed files with 1675 additions and 21 deletions
--- a/pkg/cri/server/container_create.go
+++ b/pkg/cri/server/container_create.go
@@ -246,6 +246,19 @@ func (c *criService) CreateContainer(ctx context.Context, r *runtime.CreateConta
 		containerd.WithRuntime(sandboxInfo.Runtime.Name, runtimeOptions),
 		containerd.WithContainerLabels(containerLabels),
 		containerd.WithContainerExtension(containerMetadataExtension, &meta))
+
+	if c.nri.isEnabled() {
+		opts = append(opts, c.nri.WithContainerAdjustment())
+
+		defer func() {
+			if retErr != nil {
+				deferCtx, deferCancel := ctrdutil.DeferContext()
+				defer deferCancel()
+				c.nri.undoCreateContainer(deferCtx, &sandbox, id, spec)
+			}
+		}()
+	}
+
 	var cntr containerd.Container
 	if cntr, err = c.client.NewContainer(ctx, id, opts...); err != nil {
 		return nil, fmt.Errorf("failed to create containerd container: %w", err)
@@ -284,6 +297,13 @@ func (c *criService) CreateContainer(ctx context.Context, r *runtime.CreateConta
 		return nil, fmt.Errorf("failed to add container %q into store: %w", id, err)
 	}

+	if c.nri.isEnabled() {
+		err = c.nri.postCreateContainer(ctx, &sandbox, &container)
+		if err != nil {
+			log.G(ctx).WithError(err).Errorf("NRI post-create notification failed")
+		}
+	}
+
 	containerCreateTimer.WithValues(ociRuntime.Type).UpdateSince(start)

 	return &runtime.CreateContainerResponse{ContainerId: id}, nil