github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

cri: add pause image name to annotations

Browse Source 
We are currently in the process of developing a feature to facilitate guest image pulling
on confidential-containers, and we would be grateful for containerd's support in this endeavor.
It would greatly assist our efforts if containerd could provide the pause image name and
add it into the annotations.

Fixes: #9418

Signed-off-by: ChengyuZhu6 <chengyu.zhu@intel.com>
This commit is contained in:
ChengyuZhu6 2023-11-23 15:43:24 +08:00
parent 406e9e84b4
commit b6e3616949
5 changed files with 27 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
internal/cri/annotations/annotations.go
View File

@ -78,6 +78,9 @@ const (
// ImageName is the name of the image used to create the container // ImageName is the name of the image used to create the container
ImageName = "io.kubernetes.cri.image-name" ImageName = "io.kubernetes.cri.image-name"
// SandboxImageName is the name of the sandbox image
SandboxImageName = "io.kubernetes.cri.podsandbox.image-name"
// PodAnnotations are the annotations of the pod // PodAnnotations are the annotations of the pod
PodAnnotations = "io.kubernetes.cri.pod-annotations" PodAnnotations = "io.kubernetes.cri.pod-annotations"
@ -110,11 +113,15 @@ func DefaultCRIAnnotations(
ctrType := ContainerTypeContainer ctrType := ContainerTypeContainer
if sandbox { if sandbox {
ctrType = ContainerTypeSandbox ctrType = ContainerTypeSandbox
// Sandbox log dir only gets passed for sandboxes, the other metadata always // Sandbox log dir and sandbox image name get passed for sandboxes, the other metadata always
// gets sent however. // gets sent however.
opts = append(opts, customopts.WithAnnotation(SandboxLogDir, config.GetLogDirectory())) opts = append(
opts,
customopts.WithAnnotation(SandboxLogDir, config.GetLogDirectory()),
customopts.WithAnnotation(SandboxImageName, imageName),
)
} else { } else {
// Image name and container name only get passed for containers.s // Image name and container name get passed for containers.
opts = append( opts = append(
opts, opts,
customopts.WithAnnotation(ContainerName, containerName), customopts.WithAnnotation(ContainerName, containerName),

17
internal/cri/server/podsandbox/sandbox_run.go
View File

@ -75,10 +75,7 @@ func (c *Controller) Start(ctx context.Context, id string) (cin sandbox.Controll
labels = map[string]string{} labels = map[string]string{}
) )
sandboxImage := c.imageService.PinnedImage("sandbox") sandboxImage := c.getSandboxImageName()
if sandboxImage == "" {
sandboxImage = criconfig.DefaultSandboxImage
}
// Ensure sandbox container image snapshot. // Ensure sandbox container image snapshot.
image, err := c.ensureImageExists(ctx, sandboxImage, config, metadata.RuntimeHandler) image, err := c.ensureImageExists(ctx, sandboxImage, config, metadata.RuntimeHandler)
if err != nil { if err != nil {
@ -321,3 +318,15 @@ func (c *Controller) ensureImageExists(ctx context.Context, ref string, config *
} }
return &newImage, nil return &newImage, nil
} }
func (c *Controller) getSandboxImageName() string {
// returns the name of the sandbox image used to scope pod shared resources used by the pod's containers,
// if empty return the default sandbox image.
if c.imageService != nil {
sandboxImage := c.imageService.PinnedImage("sandbox")
if sandboxImage != "" {
return sandboxImage
}
}
return criconfig.DefaultSandboxImage
}

2
internal/cri/server/podsandbox/sandbox_run_linux.go
View File

@ -193,7 +193,7 @@ func (c *Controller) sandboxContainerSpec(id string, config *runtime.PodSandboxC
specOpts = append(specOpts, customopts.WithAnnotation(pKey, pValue)) specOpts = append(specOpts, customopts.WithAnnotation(pKey, pValue))
} }
specOpts = append(specOpts, annotations.DefaultCRIAnnotations(id, "", "", config, true)...) specOpts = append(specOpts, annotations.DefaultCRIAnnotations(id, "", c.getSandboxImageName(), config, true)...)
return c.runtimeSpec(id, "", specOpts...) return c.runtimeSpec(id, "", specOpts...)
} }

2
internal/cri/server/podsandbox/sandbox_run_other.go
View File

@ -29,7 +29,7 @@ import (
func (c *Controller) sandboxContainerSpec(id string, config *runtime.PodSandboxConfig, func (c *Controller) sandboxContainerSpec(id string, config *runtime.PodSandboxConfig,
imageConfig *imagespec.ImageConfig, nsPath string, runtimePodAnnotations []string) (_ *runtimespec.Spec, retErr error) { imageConfig *imagespec.ImageConfig, nsPath string, runtimePodAnnotations []string) (_ *runtimespec.Spec, retErr error) {
return c.runtimeSpec(id, "", annotations.DefaultCRIAnnotations(id, "", "", config, true)...) return c.runtimeSpec(id, "", annotations.DefaultCRIAnnotations(id, "", c.getSandboxImageName(), config, true)...)
} }
// sandboxContainerSpecOpts generates OCI spec options for // sandboxContainerSpecOpts generates OCI spec options for

3
internal/cri/server/podsandbox/sandbox_run_windows.go
View File

@ -81,8 +81,9 @@ func (c *Controller) sandboxContainerSpec(id string, config *runtime.PodSandboxC
} }
specOpts = append(specOpts, customopts.WithAnnotation(annotations.WindowsHostProcess, strconv.FormatBool(config.GetWindows().GetSecurityContext().GetHostProcess()))) specOpts = append(specOpts, customopts.WithAnnotation(annotations.WindowsHostProcess, strconv.FormatBool(config.GetWindows().GetSecurityContext().GetHostProcess())))
specOpts = append(specOpts, specOpts = append(specOpts,
annotations.DefaultCRIAnnotations(id, "", "", config, true)..., annotations.DefaultCRIAnnotations(id, "", c.getSandboxImageName(), config, true)...,
) )
return c.runtimeSpec(id, "", specOpts...) return c.runtimeSpec(id, "", specOpts...)