Merge remote-tracking branch 'upstream/master'

2021-05-13 15:55:53 -05:00 · 2021-05-13 15:55:53 -05:00 · b9c403e79a
commit b9c403e79a
parent 74c7d66dfb fc4da9728e
16 changed files with 76 additions and 99 deletions
--- a/integration/addition_gids_test.go
+++ b/integration/addition_gids_test.go
@ -49,12 +49,8 @@ func TestAdditionalGids(t *testing.T) {
 		testImage     = GetImage(BusyBox)
 		containerName = "test-container"
 	)
-	t.Logf("Pull test image %q", testImage)
-	img, err := imageService.PullImage(&runtime.ImageSpec{Image: testImage}, nil, sbConfig)
-	require.NoError(t, err)
-	defer func() {
-		assert.NoError(t, imageService.RemoveImage(&runtime.ImageSpec{Image: img}))
-	}()
+
+	EnsureImageExists(t, testImage)

 	t.Log("Create a container to print id")
 	cnConfig := ContainerConfig(
--- a/integration/client/container_linux_test.go
+++ b/integration/client/container_linux_test.go
@ -55,7 +55,7 @@ import (
 	"golang.org/x/sys/unix"
 )

-const testUserNSImage = "mirror.gcr.io/library/alpine:latest"
+const testUserNSImage = "mirror.gcr.io/library/alpine:3.13"

 // TestRegressionIssue4769 verifies the number of task exit events.
 //
--- a/integration/common.go
+++ b/integration/common.go
@ -21,10 +21,13 @@ package integration
 import (
 	"fmt"
 	"io/ioutil"
+	"testing"

 	"github.com/pelletier/go-toml"
 	"github.com/sirupsen/logrus"
+	"github.com/stretchr/testify/require"
 	cri "k8s.io/cri-api/pkg/apis"
+	runtime "k8s.io/cri-api/pkg/apis/runtime/v1alpha2"
 )

 // ImageList holds public image references
@ -104,3 +107,20 @@ func initImageMap(imageList ImageList) map[int]string {
 func GetImage(image int) string {
 	return imageMap[image]
 }
+
+// EnsureImageExists pulls the given image, ensures that no error was encountered
+// while pulling it.
+func EnsureImageExists(t *testing.T, imageName string) string {
+	img, err := imageService.ImageStatus(&runtime.ImageSpec{Image: imageName})
+	require.NoError(t, err)
+	if img != nil {
+		t.Logf("Image %q already exists, not pulling.", imageName)
+		return img.Id
+	}
+
+	t.Logf("Pull test image %q", imageName)
+	imgID, err := imageService.PullImage(&runtime.ImageSpec{Image: imageName}, nil, nil)
+	require.NoError(t, err)
+
+	return imgID
+}
--- a/integration/container_log_test.go
+++ b/integration/container_log_test.go
@ -52,12 +52,8 @@ func TestContainerLogWithoutTailingNewLine(t *testing.T) {
 		testImage     = GetImage(BusyBox)
 		containerName = "test-container"
 	)
-	t.Logf("Pull test image %q", testImage)
-	img, err := imageService.PullImage(&runtime.ImageSpec{Image: testImage}, nil, sbConfig)
-	require.NoError(t, err)
-	defer func() {
-		assert.NoError(t, imageService.RemoveImage(&runtime.ImageSpec{Image: img}))
-	}()
+
+	EnsureImageExists(t, testImage)

 	t.Log("Create a container with log path")
 	cnConfig := ContainerConfig(
@ -112,12 +108,8 @@ func TestLongContainerLog(t *testing.T) {
 		testImage     = GetImage(BusyBox)
 		containerName = "test-container"
 	)
-	t.Logf("Pull test image %q", testImage)
-	img, err := imageService.PullImage(&runtime.ImageSpec{Image: testImage}, nil, sbConfig)
-	require.NoError(t, err)
-	defer func() {
-		assert.NoError(t, imageService.RemoveImage(&runtime.ImageSpec{Image: img}))
-	}()
+
+	EnsureImageExists(t, testImage)

 	t.Log("Create a container with log path")
 	config, err := CRIConfig()
--- a/integration/container_stop_test.go
+++ b/integration/container_stop_test.go
@ -46,12 +46,8 @@ func TestSharedPidMultiProcessContainerStop(t *testing.T) {
 				testImage     = GetImage(BusyBox)
 				containerName = "test-container"
 			)
-			t.Logf("Pull test image %q", testImage)
-			img, err := imageService.PullImage(&runtime.ImageSpec{Image: testImage}, nil, sbConfig)
-			require.NoError(t, err)
-			defer func() {
-				assert.NoError(t, imageService.RemoveImage(&runtime.ImageSpec{Image: img}))
-			}()
+
+			EnsureImageExists(t, testImage)

 			t.Log("Create a multi-process container")
 			cnConfig := ContainerConfig(
@ -90,12 +86,8 @@ func TestContainerStopCancellation(t *testing.T) {
 		testImage     = GetImage(BusyBox)
 		containerName = "test-container"
 	)
-	t.Logf("Pull test image %q", testImage)
-	img, err := imageService.PullImage(&runtime.ImageSpec{Image: testImage}, nil, sbConfig)
-	require.NoError(t, err)
-	defer func() {
-		assert.NoError(t, imageService.RemoveImage(&runtime.ImageSpec{Image: img}))
-	}()
+
+	EnsureImageExists(t, testImage)

 	t.Log("Create a container which traps sigterm")
 	cnConfig := ContainerConfig(
--- a/integration/container_without_image_ref_test.go
+++ b/integration/container_without_image_ref_test.go
@ -41,12 +41,8 @@ func TestContainerLifecycleWithoutImageRef(t *testing.T) {
 		testImage     = GetImage(BusyBox)
 		containerName = "test-container"
 	)
-	t.Log("Pull test image")
-	img, err := imageService.PullImage(&runtime.ImageSpec{Image: testImage}, nil, sbConfig)
-	require.NoError(t, err)
-	defer func() {
-		assert.NoError(t, imageService.RemoveImage(&runtime.ImageSpec{Image: img}))
-	}()
+
+	img := EnsureImageExists(t, testImage)

 	t.Log("Create test container")
 	cnConfig := ContainerConfig(
--- a/integration/containerd_image_test.go
+++ b/integration/containerd_image_test.go
@ -185,13 +185,8 @@ func TestContainerdImageInOtherNamespaces(t *testing.T) {
 	}
 	require.NoError(t, Consistently(checkImage, 100*time.Millisecond, time.Second))

-	sbConfig := PodSandboxConfig("sandbox", "test")
-	t.Logf("pull the image into cri plugin")
-	id, err := imageService.PullImage(&runtime.ImageSpec{Image: testImage}, nil, sbConfig)
-	require.NoError(t, err)
-	defer func() {
-		assert.NoError(t, imageService.RemoveImage(&runtime.ImageSpec{Image: id}))
-	}()
+	PodSandboxConfig("sandbox", "test")
+	EnsureImageExists(t, testImage)

 	t.Logf("cri plugin should see the image now")
 	img, err := imageService.ImageStatus(&runtime.ImageSpec{Image: testImage})
--- a/integration/imagefs_info_test.go
+++ b/integration/imagefs_info_test.go
@ -33,12 +33,8 @@ func TestImageFSInfo(t *testing.T) {
 	config := PodSandboxConfig("running-pod", "imagefs")

 	t.Logf("Pull an image to make sure image fs is not empty")
-	img, err := imageService.PullImage(&runtime.ImageSpec{Image: GetImage(BusyBox)}, nil, config)
-	require.NoError(t, err)
-	defer func() {
-		err := imageService.RemoveImage(&runtime.ImageSpec{Image: img})
-		assert.NoError(t, err)
-	}()
+	EnsureImageExists(t, GetImage(BusyBox))
+
 	t.Logf("Create a sandbox to make sure there is an active snapshot")
 	sb, err := runtimeService.RunPodSandbox(config, *runtimeHandler)
 	require.NoError(t, err)
--- a/integration/pod_dualstack_test.go
+++ b/integration/pod_dualstack_test.go
@ -50,12 +50,8 @@ func TestPodDualStack(t *testing.T) {
 		testImage     = GetImage(BusyBox)
 		containerName = "test-container"
 	)
-	t.Logf("Pull test image %q", testImage)
-	img, err := imageService.PullImage(&runtime.ImageSpec{Image: testImage}, nil, sbConfig)
-	require.NoError(t, err)
-	defer func() {
-		assert.NoError(t, imageService.RemoveImage(&runtime.ImageSpec{Image: img}))
-	}()
+
+	EnsureImageExists(t, testImage)

 	t.Log("Create a container to print env")
 	cnConfig := ContainerConfig(
--- a/integration/pod_hostname_test.go
+++ b/integration/pod_hostname_test.go
@ -86,12 +86,8 @@ func TestPodHostname(t *testing.T) {
 				testImage     = GetImage(BusyBox)
 				containerName = "test-container"
 			)
-			t.Logf("Pull test image %q", testImage)
-			img, err := imageService.PullImage(&runtime.ImageSpec{Image: testImage}, nil, sbConfig)
-			require.NoError(t, err)
-			defer func() {
-				assert.NoError(t, imageService.RemoveImage(&runtime.ImageSpec{Image: img}))
-			}()
+
+			EnsureImageExists(t, testImage)

 			t.Log("Create a container to print env")
 			cnConfig := ContainerConfig(
--- a/integration/restart_test.go
+++ b/integration/restart_test.go
@ -135,11 +135,7 @@ func TestContainerdRestart(t *testing.T) {

 	t.Logf("Pull test images")
 	for _, image := range []string{GetImage(BusyBox), GetImage(Alpine)} {
-		img, err := imageService.PullImage(&runtime.ImageSpec{Image: image}, nil, nil)
-		require.NoError(t, err)
-		defer func() {
-			assert.NoError(t, imageService.RemoveImage(&runtime.ImageSpec{Image: img}))
-		}()
+		EnsureImageExists(t, image)
 	}
 	imagesBeforeRestart, err := imageService.ListImages(nil)
 	assert.NoError(t, err)
--- a/integration/truncindex_test.go
+++ b/integration/truncindex_test.go
@ -35,12 +35,9 @@ func TestTruncIndex(t *testing.T) {

 	t.Logf("Pull an image")
 	var appImage = GetImage(BusyBox)
-	imgID, err := imageService.PullImage(&runtimeapi.ImageSpec{Image: appImage}, nil, sbConfig)
-	require.NoError(t, err)
+
+	imgID := EnsureImageExists(t, appImage)
 	imgTruncID := genTruncIndex(imgID)
-	defer func() {
-		assert.NoError(t, imageService.RemoveImage(&runtimeapi.ImageSpec{Image: imgTruncID}))
-	}()

 	t.Logf("Get image status by truncindex, truncID: %s", imgTruncID)
 	res, err := imageService.ImageStatus(&runtimeapi.ImageSpec{Image: imgTruncID})
--- a/integration/volume_copy_up_test.go
+++ b/integration/volume_copy_up_test.go
@ -26,7 +26,6 @@ import (

 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	runtime "k8s.io/cri-api/pkg/apis/runtime/v1alpha2"
 )

 func TestVolumeCopyUp(t *testing.T) {
@ -44,9 +43,7 @@ func TestVolumeCopyUp(t *testing.T) {
 		assert.NoError(t, runtimeService.RemovePodSandbox(sb))
 	}()

-	t.Logf("Pull test image")
-	_, err = imageService.PullImage(&runtime.ImageSpec{Image: testImage}, nil, sbConfig)
-	require.NoError(t, err)
+	EnsureImageExists(t, testImage)

 	t.Logf("Create a container with volume-copy-up test image")
 	cnConfig := ContainerConfig(
@ -106,9 +103,7 @@ func TestVolumeOwnership(t *testing.T) {
 		assert.NoError(t, runtimeService.RemovePodSandbox(sb))
 	}()

-	t.Logf("Pull test image")
-	_, err = imageService.PullImage(&runtime.ImageSpec{Image: testImage}, nil, sbConfig)
-	require.NoError(t, err)
+	EnsureImageExists(t, testImage)

 	t.Logf("Create a container with volume-ownership test image")
 	cnConfig := ContainerConfig(
--- a/metadata/leases.go
+++ b/metadata/leases.go
@ -33,22 +33,22 @@ import (
 	bolt "go.etcd.io/bbolt"
 )

-// LeaseManager manages the create/delete lifecycle of leases
+// leaseManager manages the create/delete lifecycle of leases
 // and also returns existing leases
-type LeaseManager struct {
+type leaseManager struct {
 	db *DB
 }

 // NewLeaseManager creates a new lease manager for managing leases using
 // the provided database transaction.
-func NewLeaseManager(db *DB) *LeaseManager {
-	return &LeaseManager{
+func NewLeaseManager(db *DB) leases.Manager {
+	return &leaseManager{
 		db: db,
 	}
 }

 // Create creates a new lease using the provided lease
-func (lm *LeaseManager) Create(ctx context.Context, opts ...leases.Opt) (leases.Lease, error) {
+func (lm *leaseManager) Create(ctx context.Context, opts ...leases.Opt) (leases.Lease, error) {
 	var l leases.Lease
 	for _, opt := range opts {
 		if err := opt(&l); err != nil {
@ -102,7 +102,7 @@ func (lm *LeaseManager) Create(ctx context.Context, opts ...leases.Opt) (leases.
 }

 // Delete deletes the lease with the provided lease ID
-func (lm *LeaseManager) Delete(ctx context.Context, lease leases.Lease, _ ...leases.DeleteOpt) error {
+func (lm *leaseManager) Delete(ctx context.Context, lease leases.Lease, _ ...leases.DeleteOpt) error {
 	namespace, err := namespaces.NamespaceRequired(ctx)
 	if err != nil {
 		return err
@ -127,7 +127,7 @@ func (lm *LeaseManager) Delete(ctx context.Context, lease leases.Lease, _ ...lea
 }

 // List lists all active leases
-func (lm *LeaseManager) List(ctx context.Context, fs ...string) ([]leases.Lease, error) {
+func (lm *leaseManager) List(ctx context.Context, fs ...string) ([]leases.Lease, error) {
 	namespace, err := namespaces.NamespaceRequired(ctx)
 	if err != nil {
 		return nil, err
@ -183,7 +183,7 @@ func (lm *LeaseManager) List(ctx context.Context, fs ...string) ([]leases.Lease,
 }

 // AddResource references the resource by the provided lease.
-func (lm *LeaseManager) AddResource(ctx context.Context, lease leases.Lease, r leases.Resource) error {
+func (lm *leaseManager) AddResource(ctx context.Context, lease leases.Lease, r leases.Resource) error {
 	namespace, err := namespaces.NamespaceRequired(ctx)
 	if err != nil {
 		return err
@ -212,7 +212,7 @@ func (lm *LeaseManager) AddResource(ctx context.Context, lease leases.Lease, r l
 }

 // DeleteResource dereferences the resource by the provided lease.
-func (lm *LeaseManager) DeleteResource(ctx context.Context, lease leases.Lease, r leases.Resource) error {
+func (lm *leaseManager) DeleteResource(ctx context.Context, lease leases.Lease, r leases.Resource) error {
 	namespace, err := namespaces.NamespaceRequired(ctx)
 	if err != nil {
 		return err
@ -250,7 +250,7 @@ func (lm *LeaseManager) DeleteResource(ctx context.Context, lease leases.Lease,
 }

 // ListResources lists all the resources referenced by the lease.
-func (lm *LeaseManager) ListResources(ctx context.Context, lease leases.Lease) ([]leases.Resource, error) {
+func (lm *leaseManager) ListResources(ctx context.Context, lease leases.Lease) ([]leases.Resource, error) {
 	namespace, err := namespaces.NamespaceRequired(ctx)
 	if err != nil {
 		return nil, err
--- a/pkg/cri/server/image_pull.go
+++ b/pkg/cri/server/image_pull.go
@ -373,6 +373,9 @@ func (c *criService) registryHosts(ctx context.Context, auth *runtime.AuthConfig
 				if err != nil {
 					return nil, errors.Wrapf(err, "get TLSConfig for registry %q", e)
 				}
+			} else if isLocalHost(host) && u.Scheme == "http" {
+				// Skipping TLS verification for localhost
+				transport.TLSClientConfig.InsecureSkipVerify = true
 			}

 			// Make a copy of `auth`, so that different authorizers would not reference
@ -406,15 +409,26 @@ func (c *criService) registryHosts(ctx context.Context, auth *runtime.AuthConfig

 // defaultScheme returns the default scheme for a registry host.
 func defaultScheme(host string) string {
-	if h, _, err := net.SplitHostPort(host); err == nil {
-		host = h
-	}
-	if host == "localhost" || host == "127.0.0.1" || host == "::1" {
+	if isLocalHost(host) {
 		return "http"
 	}
 	return "https"
 }

+// isLocalHost checks if the registry host is local.
+func isLocalHost(host string) bool {
+	if h, _, err := net.SplitHostPort(host); err == nil {
+		host = h
+	}
+
+	if host == "localhost" {
+		return true
+	}
+
+	ip := net.ParseIP(host)
+	return ip.IsLoopback()
+}
+
 // addDefaultScheme returns the endpoint with default scheme
 func addDefaultScheme(endpoint string) (string, error) {
 	if strings.Contains(endpoint, "://") {
--- a/plugin/plugin.go
+++ b/plugin/plugin.go
@ -171,15 +171,11 @@ func Register(r *Registration) {
 		panic(err)
 	}

-	var last bool
 	for _, requires := range r.Requires {
-		if requires == "*" {
-			last = true
-		}
-	}
-	if last && len(r.Requires) != 1 {
+		if requires == "*" && len(r.Requires) != 1 {
 			panic(ErrInvalidRequires)
 		}
+	}

 	register.r = append(register.r, r)
 }