github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #39158 from feiskyer/cri-proto3

Browse Source 
Automatic merge from submit-queue (batch tested with PRs 40168, 40165, 39158, 39966, 40190)

CRI: upgrade protobuf to v3

For #38854, this PR upgrades CRI protobuf version to v3, and also updated related packages for confirming to new api.  

**Release note**:

```
CRI: upgrade protobuf version to v3.
```
This commit is contained in:
Kubernetes Submit Queue
2017-01-20 08:28:49 -08:00
committed by GitHub
parent 9841162445 b962580224
commit 0e1a166c4d
43 changed files with 1325 additions and 2282 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
hack/verify-flags/exceptions.txt
View File

@@ -67,7 +67,6 @@ cluster/saltbase/salt/kubelet/default:{% if grains['feature_gates'] is defined -
cluster/saltbase/salt/kubelet/default:{% if pillar.get('non_masquerade_cidr','') -%}
cluster/saltbase/salt/opencontrail-networking-master/init.sls: - 'SERVICE_CLUSTER_IP_RANGE': '{{ pillar.get('service_cluster_ip_range') }}'
cluster/saltbase/salt/opencontrail-networking-minion/init.sls: - 'SERVICE_CLUSTER_IP_RANGE': '{{ pillar.get('service_cluster_ip_range') }}'
cluster/saltbase/salt/supervisor/kubelet-checker.sh: {% set kubelet_port = pillar['kubelet_port'] -%}
cluster/saltbase/salt/supervisor/supervisor_watcher.sh:# Apply oom_score_adj: -901 to processes
cluster/ubuntu/util.sh: local node_ip=${1}
cluster/vagrant/provision-utils.sh: api_servers: '$(echo "$MASTER_IP" | sed -e "s/'/''/g")'
@@ -105,14 +104,14 @@ hack/test-update-storage-objects.sh: local storage_media_type=${3:-""}
hack/test-update-storage-objects.sh: local storage_versions=${2:-""}
hack/test-update-storage-objects.sh: source_file=${test_data[0]}
hack/test-update-storage-objects.sh:# source_file,resource,namespace,name,old_version,new_version
pkg/kubelet/api/v1alpha1/runtime/api.pb.go: ContainerPort *int32 `protobuf:"varint,2,opt,name=container_port,json=containerPort" json:"container_port,omitempty"`
pkg/kubelet/api/v1alpha1/runtime/api.pb.go: OomScoreAdj *int64 `protobuf:"varint,5,opt,name=oom_score_adj,json=oomScoreAdj" json:"oom_score_adj,omitempty"`
pkg/kubelet/api/v1alpha1/runtime/api.pb.go: PodCidr *string `protobuf:"bytes,1,opt,name=pod_cidr,json=podCidr" json:"pod_cidr,omitempty"`
pkg/kubelet/api/v1alpha1/runtime/api.pb.go: RuntimeConfig *RuntimeConfig `protobuf:"bytes,1,opt,name=runtime_config,json=runtimeConfig" json:"runtime_config,omitempty"`
pkg/kubelet/api/v1alpha1/runtime/api.proto: optional RuntimeConfig runtime_config = 1;
pkg/kubelet/api/v1alpha1/runtime/api.proto: optional int32 container_port = 2;
pkg/kubelet/api/v1alpha1/runtime/api.proto: optional int64 oom_score_adj = 5;
pkg/kubelet/api/v1alpha1/runtime/api.proto: optional string pod_cidr = 1;
pkg/kubelet/api/v1alpha1/runtime/api.pb.go: ContainerPort int32 `protobuf:"varint,2,opt,name=container_port,json=containerPort,proto3" json:"container_port,omitempty"`
pkg/kubelet/api/v1alpha1/runtime/api.pb.go: OomScoreAdj int64 `protobuf:"varint,5,opt,name=oom_score_adj,json=oomScoreAdj,proto3" json:"oom_score_adj,omitempty"`
pkg/kubelet/api/v1alpha1/runtime/api.pb.go: PodCidr string `protobuf:"bytes,1,opt,name=pod_cidr,json=podCidr,proto3" json:"pod_cidr,omitempty"`
pkg/kubelet/api/v1alpha1/runtime/api.pb.go: RuntimeConfig *RuntimeConfig `protobuf:"bytes,1,opt,name=runtime_config,json=runtimeConfig" json:"runtime_config,omitempty"`
pkg/kubelet/api/v1alpha1/runtime/api.proto: RuntimeConfig runtime_config = 1;
pkg/kubelet/api/v1alpha1/runtime/api.proto: int32 container_port = 2;
pkg/kubelet/api/v1alpha1/runtime/api.proto: int64 oom_score_adj = 5;
pkg/kubelet/api/v1alpha1/runtime/api.proto: string pod_cidr = 1;
pkg/kubelet/cm/container_manager_linux.go: glog.V(3).Infof("Failed to apply oom_score_adj %d for pid %d: %v", oomScoreAdj, pid, err)
pkg/kubelet/cm/container_manager_linux.go: glog.V(5).Infof("attempting to apply oom_score_adj of %d to pid %d", oomScoreAdj, pid)
pkg/kubelet/network/hairpin/hairpin.go: hairpinModeRelativePath = "hairpin_mode"

14
pkg/kubelet/api/testing/fake_image_service.go
View File

@@ -57,8 +57,8 @@ func NewFakeImageService() *FakeImageService {
func (r *FakeImageService) makeFakeImage(image string) *runtimeapi.Image {
return &runtimeapi.Image{
Id: &image,
Size_: &r.FakeImageSize,
Id: image,
Size_: r.FakeImageSize,
RepoTags: []string{image},
}
}
@@ -72,7 +72,7 @@ func (r *FakeImageService) ListImages(filter *runtimeapi.ImageFilter) ([]*runtim
images := make([]*runtimeapi.Image, 0)
for _, img := range r.Images {
if filter != nil && filter.Image != nil {
if !sliceutils.StringInSlice(filter.Image.GetImage(), img.RepoTags) {
if !sliceutils.StringInSlice(filter.Image.Image, img.RepoTags) {
continue
}
}
@@ -88,7 +88,7 @@ func (r *FakeImageService) ImageStatus(image *runtimeapi.ImageSpec) (*runtimeapi
r.Called = append(r.Called, "ImageStatus")
return r.Images[image.GetImage()], nil
return r.Images[image.Image], nil
}
func (r *FakeImageService) PullImage(image *runtimeapi.ImageSpec, auth *runtimeapi.AuthConfig) (string, error) {
@@ -99,9 +99,9 @@ func (r *FakeImageService) PullImage(image *runtimeapi.ImageSpec, auth *runtimea
// ImageID should be randomized for real container runtime, but here just use
// image's name for easily making fake images.
imageID := image.GetImage()
imageID := image.Image
if _, ok := r.Images[imageID]; !ok {
r.Images[imageID] = r.makeFakeImage(image.GetImage())
r.Images[imageID] = r.makeFakeImage(image.Image)
}
return imageID, nil
@@ -114,7 +114,7 @@ func (r *FakeImageService) RemoveImage(image *runtimeapi.ImageSpec) error {
r.Called = append(r.Called, "RemoveImage")
// Remove the image
delete(r.Images, image.GetImage())
delete(r.Images, image.Image)
return nil
}

56
pkg/kubelet/api/testing/fake_runtime_service.go
View File

@@ -61,7 +61,7 @@ func (r *FakeRuntimeService) SetFakeSandboxes(sandboxes []*FakePodSandbox) {
r.Sandboxes = make(map[string]*FakePodSandbox)
for _, sandbox := range sandboxes {
sandboxID := sandbox.GetId()
sandboxID := sandbox.Id
r.Sandboxes[sandboxID] = sandbox
}
}
@@ -72,7 +72,7 @@ func (r *FakeRuntimeService) SetFakeContainers(containers []*FakeContainer) {
r.Containers = make(map[string]*FakeContainer)
for _, c := range containers {
containerID := c.GetId()
containerID := c.Id
r.Containers[containerID] = c
}
@@ -103,10 +103,10 @@ func (r *FakeRuntimeService) Version(apiVersion string) (*runtimeapi.VersionResp
r.Called = append(r.Called, "Version")
return &runtimeapi.VersionResponse{
Version: &version,
RuntimeName: &FakeRuntimeName,
RuntimeVersion: &version,
RuntimeApiVersion: &version,
Version: version,
RuntimeName: FakeRuntimeName,
RuntimeVersion: version,
RuntimeApiVersion: version,
}, nil
}
@@ -129,15 +129,14 @@ func (r *FakeRuntimeService) RunPodSandbox(config *runtimeapi.PodSandboxConfig)
// fixed name from BuildSandboxName() for easily making fake sandboxes.
podSandboxID := BuildSandboxName(config.Metadata)
createdAt := time.Now().Unix()
readyState := runtimeapi.PodSandboxState_SANDBOX_READY
r.Sandboxes[podSandboxID] = &FakePodSandbox{
PodSandboxStatus: runtimeapi.PodSandboxStatus{
Id: &podSandboxID,
Id: podSandboxID,
Metadata: config.Metadata,
State: &readyState,
CreatedAt: &createdAt,
State: runtimeapi.PodSandboxState_SANDBOX_READY,
CreatedAt: createdAt,
Network: &runtimeapi.PodSandboxNetworkStatus{
Ip: &FakePodSandboxIP,
Ip: FakePodSandboxIP,
},
Labels: config.Labels,
Annotations: config.Annotations,
@@ -153,9 +152,8 @@ func (r *FakeRuntimeService) StopPodSandbox(podSandboxID string) error {
r.Called = append(r.Called, "StopPodSandbox")
notReadyState := runtimeapi.PodSandboxState_SANDBOX_NOTREADY
if s, ok := r.Sandboxes[podSandboxID]; ok {
s.State = &notReadyState
s.State = runtimeapi.PodSandboxState_SANDBOX_NOTREADY
} else {
return fmt.Errorf("pod sandbox %s not found", podSandboxID)
}
@@ -199,10 +197,10 @@ func (r *FakeRuntimeService) ListPodSandbox(filter *runtimeapi.PodSandboxFilter)
result := make([]*runtimeapi.PodSandbox, 0)
for id, s := range r.Sandboxes {
if filter != nil {
if filter.Id != nil && filter.GetId() != id {
if filter.Id != "" && filter.Id != id {
continue
}
if filter.State != nil && filter.GetState() != s.GetState() {
if filter.State != nil && filter.GetState().State != s.State {
continue
}
if filter.LabelSelector != nil && !filterInLabels(filter.LabelSelector, s.GetLabels()) {
@@ -242,15 +240,15 @@ func (r *FakeRuntimeService) CreateContainer(podSandboxID string, config *runtim
containerID := BuildContainerName(config.Metadata, podSandboxID)
createdAt := time.Now().Unix()
createdState := runtimeapi.ContainerState_CONTAINER_CREATED
imageRef := config.Image.GetImage()
imageRef := config.Image.Image
r.Containers[containerID] = &FakeContainer{
ContainerStatus: runtimeapi.ContainerStatus{
Id: &containerID,
Id: containerID,
Metadata: config.Metadata,
Image: config.Image,
ImageRef: &imageRef,
CreatedAt: &createdAt,
State: &createdState,
ImageRef: imageRef,
CreatedAt: createdAt,
State: createdState,
Labels: config.Labels,
Annotations: config.Annotations,
},
@@ -272,10 +270,8 @@ func (r *FakeRuntimeService) StartContainer(containerID string) error {
}
// Set container to running.
startedAt := time.Now().Unix()
runningState := runtimeapi.ContainerState_CONTAINER_RUNNING
c.State = &runningState
c.StartedAt = &startedAt
c.State = runtimeapi.ContainerState_CONTAINER_RUNNING
c.StartedAt = time.Now().Unix()
return nil
}
@@ -294,8 +290,8 @@ func (r *FakeRuntimeService) StopContainer(containerID string, timeout int64) er
// Set container to exited state.
finishedAt := time.Now().Unix()
exitedState := runtimeapi.ContainerState_CONTAINER_EXITED
c.State = &exitedState
c.FinishedAt = &finishedAt
c.State = exitedState
c.FinishedAt = finishedAt
return nil
}
@@ -321,13 +317,13 @@ func (r *FakeRuntimeService) ListContainers(filter *runtimeapi.ContainerFilter)
result := make([]*runtimeapi.Container, 0)
for _, s := range r.Containers {
if filter != nil {
if filter.Id != nil && filter.GetId() != s.GetId() {
if filter.Id != "" && filter.Id != s.Id {
continue
}
if filter.PodSandboxId != nil && filter.GetPodSandboxId() != s.SandboxID {
if filter.PodSandboxId != "" && filter.PodSandboxId != s.SandboxID {
continue
}
if filter.State != nil && filter.GetState() != s.GetState() {
if filter.State != nil && filter.GetState().State != s.State {
continue
}
if filter.LabelSelector != nil && !filterInLabels(filter.LabelSelector, s.GetLabels()) {
@@ -338,7 +334,7 @@ func (r *FakeRuntimeService) ListContainers(filter *runtimeapi.ContainerFilter)
result = append(result, &runtimeapi.Container{
Id: s.Id,
CreatedAt: s.CreatedAt,
PodSandboxId: &s.SandboxID,
PodSandboxId: s.SandboxID,
Metadata: s.Metadata,
State: s.State,
Image: s.Image,

4
pkg/kubelet/api/testing/utils.go
View File

@@ -24,11 +24,11 @@ import (
func BuildContainerName(metadata *runtimeapi.ContainerMetadata, sandboxID string) string {
// include the sandbox ID to make the container ID unique.
return fmt.Sprintf("%s_%s_%d", sandboxID, metadata.GetName(), metadata.GetAttempt())
return fmt.Sprintf("%s_%s_%d", sandboxID, metadata.Name, metadata.Attempt)
}
func BuildSandboxName(metadata *runtimeapi.PodSandboxMetadata) string {
return fmt.Sprintf("%s_%s_%s_%d", metadata.GetName(), metadata.GetNamespace(), metadata.GetUid(), metadata.GetAttempt())
return fmt.Sprintf("%s_%s_%s_%d", metadata.Name, metadata.Namespace, metadata.Uid, metadata.Attempt)
}
func filterInLabels(filter, labels map[string]string) bool {

2030
pkg/kubelet/api/v1alpha1/runtime/api.pb.go
View File

File diff suppressed because it is too large Load Diff

389
pkg/kubelet/api/v1alpha1/runtime/api.proto
View File

@@ -1,5 +1,5 @@
// To regenerate api.pb.go run hack/update-generated-runtime.sh
syntax = 'proto2';
syntax = 'proto3';
package runtime;
@@ -84,20 +84,20 @@ service ImageService {
message VersionRequest {
// Version of the kubelet runtime API.
optional string version = 1;
string version = 1;
}
message VersionResponse {
// Version of the kubelet runtime API.
optional string version = 1;
string version = 1;
// Name of the container runtime.
optional string runtime_name = 2;
string runtime_name = 2;
// Version of the container runtime. The string must be
// semver-compatible.
optional string runtime_version = 3;
string runtime_version = 3;
// API version of the container runtime. The string must be
// semver-compatible.
optional string runtime_api_version = 4;
string runtime_api_version = 4;
}
// DNSConfig specifies the DNS servers and search domains of a sandbox.
@@ -119,35 +119,41 @@ enum Protocol {
// PortMapping specifies the port mapping configurations of a sandbox.
message PortMapping {
// Protocol of the port mapping.
optional Protocol protocol = 1;
// Port number within the container.
optional int32 container_port = 2;
// Port number on the host.
optional int32 host_port = 3;
Protocol protocol = 1;
// Port number within the container. Default: 0 (not specified).
int32 container_port = 2;
// Port number on the host. Default: 0 (not specified).
int32 host_port = 3;
// Host IP.
optional string host_ip = 4;
string host_ip = 4;
}
// Mount specifies a host volume to mount into a container.
message Mount {
// Path of the mount within the container.
optional string container_path = 1;
string container_path = 1;
// Path of the mount on the host.
optional string host_path = 2;
string host_path = 2;
// If set, the mount is read-only.
optional bool readonly = 3;
bool readonly = 3;
// If set, the mount needs SELinux relabeling.
optional bool selinux_relabel = 4;
bool selinux_relabel = 4;
}
// NamespaceOption provides options for Linux namespaces.
message NamespaceOption {
// If set, use the host's network namespace.
optional bool host_network = 1;
bool host_network = 1;
// If set, use the host's PID namespace.
optional bool host_pid = 2;
bool host_pid = 2;
// If set, use the host's IPC namespace.
optional bool host_ipc = 3;
bool host_ipc = 3;
}
// Int64Value is the wrapper of int64.
message Int64Value {
// The value.
int64 value = 1;
}
// LinuxSandboxSecurityContext holds linux security configuration that will be
@@ -158,13 +164,13 @@ message NamespaceOption {
message LinuxSandboxSecurityContext {
// Configurations for the sandbox's namespaces.
// This will be used only if the PodSandbox uses namespace for isolation.
optional NamespaceOption namespace_options = 1;
NamespaceOption namespace_options = 1;
// Optional SELinux context to be applied.
optional SELinuxOption selinux_options = 2;
SELinuxOption selinux_options = 2;
// UID to run sandbox processes as, when applicable.
optional int64 run_as_user = 3;
Int64Value run_as_user = 3;
// If set, the root filesystem of the sandbox is read-only.
optional bool readonly_rootfs = 4;
bool readonly_rootfs = 4;
// List of groups applied to the first process run in the sandbox, in
// addition to the sandbox's primary GID.
repeated int64 supplemental_groups = 5;
@@ -173,7 +179,7 @@ message LinuxSandboxSecurityContext {
// MUST be true.
// This allows a sandbox to take additional security precautions if no
// privileged containers are expected to be run.
optional bool privileged = 6;
bool privileged = 6;
}
// LinuxPodSandboxConfig holds platform-specific configurations for Linux
@@ -182,9 +188,9 @@ message LinuxPodSandboxConfig {
// Parent cgroup of the PodSandbox.
// The cgroupfs style syntax will be used, but the container runtime can
// convert it to systemd semantics if needed.
optional string cgroup_parent = 1;
string cgroup_parent = 1;
// LinuxSandboxSecurityContext holds sandbox security attributes.
optional LinuxSandboxSecurityContext security_context = 2;
LinuxSandboxSecurityContext security_context = 2;
}
// PodSandboxMetadata holds all necessary information for building the sandbox name.
@@ -193,13 +199,13 @@ message LinuxPodSandboxConfig {
// the runtime can construct a unique PodSandboxName based on the metadata.
message PodSandboxMetadata {
// Pod name of the sandbox. Same as the pod name in the PodSpec.
optional string name = 1;
string name = 1;
// Pod UID of the sandbox. Same as the pod UID in the PodSpec.
optional string uid = 2;
string uid = 2;
// Pod namespace of the sandbox. Same as the pod namespace in the PodSpec.
optional string namespace = 3;
// Attempt number of creating the sandbox.
optional uint32 attempt = 4;
string namespace = 3;
// Attempt number of creating the sandbox. Default: 0.
uint32 attempt = 4;
}
// PodSandboxConfig holds all the required and optional fields for creating a
@@ -209,9 +215,9 @@ message PodSandboxConfig {
// sandbox, and the runtime should leverage this to ensure correct
// operation. The runtime may also use this information to improve UX, such
// as by constructing a readable name.
optional PodSandboxMetadata metadata = 1;
PodSandboxMetadata metadata = 1;
// Hostname of the sandbox.
optional string hostname = 2;
string hostname = 2;
// Path to the directory on the host in which container log files are
// stored.
// By default the log of a container going into the LogDirectory will be
@@ -227,9 +233,9 @@ message PodSandboxConfig {
// container logs are under active discussion in
// https://issues.k8s.io/24677. There *may* be future change of direction
// for logging as the discussion carries on.
optional string log_directory = 3;
string log_directory = 3;
// DNS config for the sandbox.
optional DNSConfig dns_config = 4;
DNSConfig dns_config = 4;
// Port mappings for the sandbox.
repeated PortMapping port_mappings = 5;
// Key-value pairs that may be used to scope and select individual resources.
@@ -292,77 +298,77 @@ message PodSandboxConfig {
//
map<string, string> annotations = 7;
// Optional configurations specific to Linux hosts.
optional LinuxPodSandboxConfig linux = 8;
LinuxPodSandboxConfig linux = 8;
}
message RunPodSandboxRequest {
// Configuration for creating a PodSandbox.
optional PodSandboxConfig config = 1;
PodSandboxConfig config = 1;
}
message RunPodSandboxResponse {
// ID of the PodSandbox to run.
optional string pod_sandbox_id = 1;
string pod_sandbox_id = 1;
}
message StopPodSandboxRequest {
// ID of the PodSandbox to stop.
optional string pod_sandbox_id = 1;
string pod_sandbox_id = 1;
}
message StopPodSandboxResponse {}
message RemovePodSandboxRequest {
// ID of the PodSandbox to remove.
optional string pod_sandbox_id = 1;
string pod_sandbox_id = 1;
}
message RemovePodSandboxResponse {}
message PodSandboxStatusRequest {
// ID of the PodSandbox for which to retrieve status.
optional string pod_sandbox_id = 1;
string pod_sandbox_id = 1;
}
// PodSandboxNetworkStatus is the status of the network for a PodSandbox.
message PodSandboxNetworkStatus {
// IP address of the PodSandbox.
optional string ip = 1;
string ip = 1;
}
// Namespace contains paths to the namespaces.
message Namespace {
// Path to the network namespace.
optional string network = 1;
string network = 1;
// Namespace options for Linux namespaces.
optional NamespaceOption options = 2;
NamespaceOption options = 2;
}
// LinuxSandboxStatus contains status specific to Linux sandboxes.
message LinuxPodSandboxStatus {
// Paths to the sandbox's namespaces.
optional Namespace namespaces = 1;
Namespace namespaces = 1;
}
enum PodSandboxState {
SANDBOX_READY = 0;
SANDBOX_READY = 0;
SANDBOX_NOTREADY = 1;
}
// PodSandboxStatus contains the status of the PodSandbox.
message PodSandboxStatus {
// ID of the sandbox.
optional string id = 1;
string id = 1;
// Metadata of the sandbox.
optional PodSandboxMetadata metadata = 2;
PodSandboxMetadata metadata = 2;
// State of the sandbox.
optional PodSandboxState state = 3;
// Creation timestamp of the sandbox in nanoseconds.
optional int64 created_at = 4;
PodSandboxState state = 3;
// Creation timestamp of the sandbox in nanoseconds. Must be > 0.
int64 created_at = 4;
// Network contains network status if network is handled by the runtime.
optional PodSandboxNetworkStatus network = 5;
PodSandboxNetworkStatus network = 5;
// Linux-specific status to a pod sandbox.
optional LinuxPodSandboxStatus linux = 6;
LinuxPodSandboxStatus linux = 6;
// Labels are key-value pairs that may be used to scope and select individual resources.
map<string, string> labels = 7;
// Unstructured key-value map holding arbitrary metadata.
@@ -374,16 +380,22 @@ message PodSandboxStatus {
message PodSandboxStatusResponse {
// Status of the PodSandbox.
optional PodSandboxStatus status = 1;
PodSandboxStatus status = 1;
}
// PodSandboxStateValue is the wrapper of PodSandboxState.
message PodSandboxStateValue {
// State of the sandbox.
PodSandboxState state = 1;
}
// PodSandboxFilter is used to filter a list of PodSandboxes.
// All those fields are combined with 'AND'
message PodSandboxFilter {
// ID of the sandbox.
optional string id = 1;
string id = 1;
// State of the sandbox.
optional PodSandboxState state = 2;
PodSandboxStateValue state = 2;
// LabelSelector to select matches.
// Only api.MatchLabels is supported for now and the requirements
// are ANDed. MatchExpressions is not supported yet.
@@ -392,20 +404,20 @@ message PodSandboxFilter {
message ListPodSandboxRequest {
// PodSandboxFilter to filter a list of PodSandboxes.
optional PodSandboxFilter filter = 1;
PodSandboxFilter filter = 1;
}
// PodSandbox contains minimal information about a sandbox.
message PodSandbox {
// ID of the PodSandbox.
optional string id = 1;
string id = 1;
// Metadata of the PodSandbox.
optional PodSandboxMetadata metadata = 2;
PodSandboxMetadata metadata = 2;
// State of the PodSandbox.
optional PodSandboxState state = 3;
// Creation timestamps of the PodSandbox in nanoseconds.
optional int64 created_at = 4;
PodSandboxState state = 3;
// Creation timestamps of the PodSandbox in nanoseconds. Must be > 0.
int64 created_at = 4;
// Labels of the PodSandbox.
map<string, string> labels = 5;
// Unstructured key-value map holding arbitrary metadata.
@@ -424,12 +436,12 @@ message ListPodSandboxResponse {
// value of a Container's Image field (e.g. imageID or imageDigest), but in the
// future it will include more detailed information about the different image types.
message ImageSpec {
optional string image = 1;
string image = 1;
}
message KeyValue {
optional string key = 1;
optional string value = 2;
string key = 1;
string value = 2;
}
// LinuxContainerResources specifies Linux specific configuration for
@@ -437,24 +449,24 @@ message KeyValue {
// TODO: Consider using Resources from opencontainers/runtime-spec/specs-go
// directly.
message LinuxContainerResources {
// CPU CFS (Completely Fair Scheduler) period.
optional int64 cpu_period = 1;
// CPU CFS (Completely Fair Scheduler) quota.
optional int64 cpu_quota = 2;
// CPU shares (relative weight vs. other containers).
optional int64 cpu_shares = 3;
// Memory limit in bytes.
optional int64 memory_limit_in_bytes = 4;
// OOMScoreAdj adjusts the oom-killer score.
optional int64 oom_score_adj = 5;
// CPU CFS (Completely Fair Scheduler) period. Default: 0 (not specified).
int64 cpu_period = 1;
// CPU CFS (Completely Fair Scheduler) quota. Default: 0 (not specified).
int64 cpu_quota = 2;
// CPU shares (relative weight vs. other containers). Default: 0 (not specified).
int64 cpu_shares = 3;
// Memory limit in bytes. Default: 0 (not specified).
int64 memory_limit_in_bytes = 4;
// OOMScoreAdj adjusts the oom-killer score. Default: 0 (not specified).
int64 oom_score_adj = 5;
}
// SELinuxOption are the labels to be applied to the container.
message SELinuxOption {
optional string user = 1;
optional string role = 2;
optional string type = 3;
optional string level = 4;
string user = 1;
string role = 2;
string type = 3;
string level = 4;
}
// Capability contains the container capabilities to add or drop
@@ -468,7 +480,7 @@ message Capability {
// LinuxContainerSecurityContext holds linux security configuration that will be applied to a container.
message LinuxContainerSecurityContext {
// Capabilities to add or drop.
optional Capability capabilities = 1;
Capability capabilities = 1;
// If set, run container in privileged mode.
// Privileged mode is incompatible with the following options. If
// privileged is set, the following features MAY have no effect:
@@ -486,21 +498,21 @@ message LinuxContainerSecurityContext {
// 6. The device cgroup does not restrict access to any devices.
// 7. All devices from the host's /dev are available within the container.
// 8. SELinux restrictions are not applied (e.g. label=disabled).
optional bool privileged = 2;
bool privileged = 2;
// Configurations for the container's namespaces.
// Only used if the container uses namespace for isolation.
optional NamespaceOption namespace_options = 3;
NamespaceOption namespace_options = 3;
// SELinux context to be optionally applied.
optional SELinuxOption selinux_options = 4;
SELinuxOption selinux_options = 4;
// UID to run the container process as. Only one of run_as_user and
// run_as_username can be specified at a time.
optional int64 run_as_user = 5;
Int64Value run_as_user = 5;
// User name to run the container process as. If specified, the user MUST
// exist in the container image (i.e. in the /etc/passwd inside the image),
// and be resolved there by the runtime; otherwise, the runtime MUST error.
optional string run_as_username = 6;
string run_as_username = 6;
// If set, the root filesystem of the container is read-only.
optional bool readonly_rootfs = 7;
bool readonly_rootfs = 7;
// List of groups applied to the first process run in the container, in
// addition to the container's primary GID.
repeated int64 supplemental_groups = 8;
@@ -510,9 +522,9 @@ message LinuxContainerSecurityContext {
// Linux-based containers.
message LinuxContainerConfig {
// Resources specification for the container.
optional LinuxContainerResources resources = 1;
LinuxContainerResources resources = 1;
// LinuxContainerSecurityContext configuration for the container.
optional LinuxContainerSecurityContext security_context = 2;
LinuxContainerSecurityContext security_context = 2;
}
// ContainerMetadata holds all necessary information for building the container
@@ -522,22 +534,22 @@ message LinuxContainerConfig {
// within a sandbox for the entire lifetime of the sandbox.
message ContainerMetadata {
// Name of the container. Same as the container name in the PodSpec.
optional string name = 1;
// Attempt number of creating the container.
optional uint32 attempt = 2;
string name = 1;
// Attempt number of creating the container. Default: 0.
uint32 attempt = 2;
}
// Device specifies a host device to mount into a container.
message Device {
// Path of the device within the container.
optional string container_path = 1;
string container_path = 1;
// Path of the device on the host.
optional string host_path = 2;
string host_path = 2;
// Cgroups permissions of the device, candidates are one or more of
// * r - allows container to read from the specified device.
// * w - allows container to write to the specified device.
// * m - allows container to create device files that do not yet exist.
optional string permissions = 3;
string permissions = 3;
}
// ContainerConfig holds all the required and optional fields for creating a
@@ -547,15 +559,15 @@ message ContainerConfig {
// container, and the runtime should leverage this to ensure correct
// operation. The runtime may also use this information to improve UX, such
// as by constructing a readable name.
optional ContainerMetadata metadata = 1 ;
ContainerMetadata metadata = 1 ;
// Image to use.
optional ImageSpec image = 2;
ImageSpec image = 2;
// Command to execute (i.e., entrypoint for docker)
repeated string command = 3;
// Args for the Command (i.e., command for docker)
repeated string args = 4;
// Current working directory of the command.
optional string working_dir = 5;
string working_dir = 5;
// List of environment variable to set in the container.
repeated KeyValue envs = 6;
// Mounts for the container.
@@ -590,56 +602,57 @@ message ContainerConfig {
// container logs are under active discussion in
// https://issues.k8s.io/24677. There *may* be future change of direction
// for logging as the discussion carries on.
optional string log_path = 11;
string log_path = 11;
// Variables for interactive containers, these have very specialized
// use-cases (e.g. debugging).
// TODO: Determine if we need to continue supporting these fields that are
// part of Kubernetes's Container Spec.
optional bool stdin = 12;
optional bool stdin_once = 13;
optional bool tty = 14;
bool stdin = 12;
bool stdin_once = 13;
bool tty = 14;
// Configuration specific to Linux containers.
optional LinuxContainerConfig linux = 15;
LinuxContainerConfig linux = 15;
}
message CreateContainerRequest {
// ID of the PodSandbox in which the container should be created.
optional string pod_sandbox_id = 1;
string pod_sandbox_id = 1;
// Config of the container.
optional ContainerConfig config = 2;
ContainerConfig config = 2;
// Config of the PodSandbox. This is the same config that was passed
// to RunPodSandboxRequest to create the PodSandbox. It is passed again
// here just for easy reference. The PodSandboxConfig is immutable and
// remains the same throughout the lifetime of the pod.
optional PodSandboxConfig sandbox_config = 3;
PodSandboxConfig sandbox_config = 3;
}
message CreateContainerResponse {
// ID of the created container.
optional string container_id = 1;
string container_id = 1;
}
message StartContainerRequest {
// ID of the container to start.
optional string container_id = 1;
string container_id = 1;
}
message StartContainerResponse {}
message StopContainerRequest {
// ID of the container to stop.
optional string container_id = 1;
// Timeout, in seconds, to stop the container.
optional int64 timeout = 2;
string container_id = 1;
// Timeout in seconds to wait for the container to stop before forcibly
// terminating it. Default: 0 (forcibly terminate the container immediately)
int64 timeout = 2;
}
message StopContainerResponse {}
message RemoveContainerRequest {
// ID of the container to remove.
optional string container_id = 1;
string container_id = 1;
}
message RemoveContainerResponse {}
@@ -651,15 +664,21 @@ enum ContainerState {
CONTAINER_UNKNOWN = 3;
}
// ContainerStateValue is the wrapper of ContainerState.
message ContainerStateValue {
// State of the container.
ContainerState state = 1;
}
// ContainerFilter is used to filter containers.
// All those fields are combined with 'AND'
message ContainerFilter {
// ID of the container.
optional string id = 1;
string id = 1;
// State of the container.
optional ContainerState state = 2;
ContainerStateValue state = 2;
// ID of the PodSandbox.
optional string pod_sandbox_id = 3;
string pod_sandbox_id = 3;
// LabelSelector to select matches.
// Only api.MatchLabels is supported for now and the requirements
// are ANDed. MatchExpressions is not supported yet.
@@ -667,7 +686,7 @@ message ContainerFilter {
}
message ListContainersRequest {
optional ContainerFilter filter = 1;
ContainerFilter filter = 1;
}
// Container provides the runtime information for a container, such as ID, hash,
@@ -675,20 +694,20 @@ message ListContainersRequest {
message Container {
// ID of the container, used by the container runtime to identify
// a container.
optional string id = 1;
string id = 1;
// ID of the sandbox to which this container belongs.
optional string pod_sandbox_id = 2;
string pod_sandbox_id = 2;
// Metadata of the container.
optional ContainerMetadata metadata = 3;
ContainerMetadata metadata = 3;
// Spec of the image.
optional ImageSpec image = 4;
ImageSpec image = 4;
// Reference to the image in use. For most runtimes, this should be an
// image ID.
optional string image_ref = 5;
string image_ref = 5;
// State of the container.
optional ContainerState state = 6;
ContainerState state = 6;
// Creation time of the container in nanoseconds.
optional int64 created_at = 7;
int64 created_at = 7;
// Key-value pairs that may be used to scope and select individual resources.
map<string, string> labels = 8;
// Unstructured key-value map holding arbitrary metadata.
@@ -705,35 +724,35 @@ message ListContainersResponse {
message ContainerStatusRequest {
// ID of the container for which to retrieve status.
optional string container_id = 1;
string container_id = 1;
}
// ContainerStatus represents the status of a container.
message ContainerStatus {
// ID of the container.
optional string id = 1;
string id = 1;
// Metadata of the container.
optional ContainerMetadata metadata = 2;
ContainerMetadata metadata = 2;
// Status of the container.
optional ContainerState state = 3;
ContainerState state = 3;
// Creation time of the container in nanoseconds.
optional int64 created_at = 4;
// Start time of the container in nanoseconds.
optional int64 started_at = 5;
// Finish time of the container in nanoseconds.
optional int64 finished_at = 6;
// Exit code of the container.
optional int32 exit_code = 7;
int64 created_at = 4;
// Start time of the container in nanoseconds. Default: 0 (not specified).
int64 started_at = 5;
// Finish time of the container in nanoseconds. Default: 0 (not specified).
int64 finished_at = 6;
// Exit code of the container. Only required when finished_at != 0. Default: 0.
int32 exit_code = 7;
// Spec of the image.
optional ImageSpec image = 8;
ImageSpec image = 8;
// Reference to the image in use. For most runtimes, this should be an
// image ID
optional string image_ref = 9;
string image_ref = 9;
// Brief CamelCase string explaining why container is in its current state.
optional string reason = 10;
string reason = 10;
// Human-readable message indicating details about why container is in its
// current state.
optional string message = 11;
string message = 11;
// Key-value pairs that may be used to scope and select individual resources.
map<string,string> labels = 12;
// Unstructured key-value map holding arbitrary metadata.
@@ -747,97 +766,97 @@ message ContainerStatus {
message ContainerStatusResponse {
// Status of the container.
optional ContainerStatus status = 1;
ContainerStatus status = 1;
}
message ExecSyncRequest {
// ID of the container.
optional string container_id = 1;
string container_id = 1;
// Command to execute.
repeated string cmd = 2;
// Timeout in seconds to stop the command. Default: run forever.
optional int64 timeout = 3;
// Timeout in seconds to stop the command. Default: 0 (run forever).
int64 timeout = 3;
}
message ExecSyncResponse {
// Captured command stdout output.
optional bytes stdout = 1;
bytes stdout = 1;
// Captured command stderr output.
optional bytes stderr = 2;
// Exit code the command finished with.
optional int32 exit_code = 3;
bytes stderr = 2;
// Exit code the command finished with. Default: 0 (success).
int32 exit_code = 3;
}
message ExecRequest {
// ID of the container in which to execute the command.
optional string container_id = 1;
string container_id = 1;
// Command to execute.
repeated string cmd = 2;
// Whether to exec the command in a TTY.
optional bool tty = 3;
bool tty = 3;
// Whether to stream stdin.
optional bool stdin = 4;
bool stdin = 4;
}
message ExecResponse {
// Fully qualified URL of the exec streaming server.
optional string url = 1;
string url = 1;
}
message AttachRequest {
// ID of the container to which to attach.
optional string container_id = 1;
string container_id = 1;
// Whether to stream stdin.
optional bool stdin = 2;
bool stdin = 2;
// Whether the process being attached is running in a TTY.
// This must match the TTY setting in the ContainerConfig.
optional bool tty = 3;
bool tty = 3;
}
message AttachResponse {
// Fully qualified URL of the attach streaming server.
optional string url = 1;
string url = 1;
}
message PortForwardRequest {
// ID of the container to which to forward the port.
optional string pod_sandbox_id = 1;
string pod_sandbox_id = 1;
// Port to forward.
repeated int32 port = 2;
}
message PortForwardResponse {
// Fully qualified URL of the port-forward streaming server.
optional string url = 1;
string url = 1;
}
message ImageFilter {
// Spec of the image.
optional ImageSpec image = 1;
ImageSpec image = 1;
}
message ListImagesRequest {
// Filter to list images.
optional ImageFilter filter = 1;
ImageFilter filter = 1;
}
// Basic information about a container image.
message Image {
// ID of the image.
optional string id = 1;
string id = 1;
// Other names by which this image is known.
repeated string repo_tags = 2;
// Digests by which this image is known.
repeated string repo_digests = 3;
// Size of the image in bytes.
optional uint64 size = 4;
// Size of the image in bytes. Must be > 0.
uint64 size = 4;
// UID that will run the command(s). This is used as a default if no user is
// specified when creating the container. UID and the following user name
// are mutually exclusive.
optional int64 uid = 5;
Int64Value uid = 5;
// User name that will run the command(s). This is used if UID is not set
// and no user is specified when creating container.
optional string username = 6;
string username = 6;
}
message ListImagesResponse {
@@ -847,67 +866,67 @@ message ListImagesResponse {
message ImageStatusRequest {
// Spec of the image.
optional ImageSpec image = 1;
ImageSpec image = 1;
}
message ImageStatusResponse {
// Status of the image.
optional Image image = 1;
Image image = 1;
}
// AuthConfig contains authorization information for connecting to a registry.
message AuthConfig {
optional string username = 1;
optional string password = 2;
optional string auth = 3;
optional string server_address = 4;
string username = 1;
string password = 2;
string auth = 3;
string server_address = 4;
// IdentityToken is used to authenticate the user and get
// an access token for the registry.
optional string identity_token = 5;
string identity_token = 5;
// RegistryToken is a bearer token to be sent to a registry
optional string registry_token = 6;
string registry_token = 6;
}
message PullImageRequest {
// Spec of the image.
optional ImageSpec image = 1;
ImageSpec image = 1;
// Authentication configuration for pulling the image.
optional AuthConfig auth = 2;
AuthConfig auth = 2;
// Config of the PodSandbox, which is used to pull image in PodSandbox context.
optional PodSandboxConfig sandbox_config = 3;
PodSandboxConfig sandbox_config = 3;
}
message PullImageResponse {
// Reference to the image in use. For most runtimes, this should be an
// image ID or digest.
optional string image_ref = 1;
string image_ref = 1;
}
message RemoveImageRequest {
// Spec of the image to remove.
optional ImageSpec image = 1;
ImageSpec image = 1;
}
message RemoveImageResponse {}
message NetworkConfig {
// CIDR to use for pod IP addresses.
optional string pod_cidr = 1;
string pod_cidr = 1;
}
message RuntimeConfig {
optional NetworkConfig network_config = 1;
NetworkConfig network_config = 1;
}
message UpdateRuntimeConfigRequest {
optional RuntimeConfig runtime_config = 1;
RuntimeConfig runtime_config = 1;
}
message UpdateRuntimeConfigResponse {}
// RuntimeCondition contains condition information for the runtime.
// There are 2 kinds of runtime conditions:
// 1. Required condtitions: Conditions are required for kubelet to work
// 1. Required conditions: Conditions are required for kubelet to work
// properly. If any required condition is unmet, the node will be not ready.
// The required conditions include:
// * RuntimeReady: RuntimeReady means the runtime is up and ready to accept
@@ -920,13 +939,13 @@ message UpdateRuntimeConfigResponse {}
// them understand the status of the system.
message RuntimeCondition {
// Type of runtime condition.
optional string type = 1;
// Status of the condition, one of true/false.
optional bool status = 2;
string type = 1;
// Status of the condition, one of true/false. Default: false.
bool status = 2;
// Brief CamelCase string containing reason for the condition's last transition.
optional string reason = 3;
string reason = 3;
// Human-readable message indicating details about last transition.
optional string message = 4;
string message = 4;
}
// RuntimeStatus is information about the current status of the runtime.
@@ -939,5 +958,5 @@ message StatusRequest {}
message StatusResponse {
// Status of the Runtime.
optional RuntimeStatus status = 1;
RuntimeStatus status = 1;
}

6
pkg/kubelet/container/helpers.go
View File

@@ -197,14 +197,14 @@ func ConvertPodStatusToRunningPod(runtimeName string, podStatus *PodStatus) Pod
// Populate sandboxes in kubecontainer.Pod
for _, sandbox := range podStatus.SandboxStatuses {
runningPod.Sandboxes = append(runningPod.Sandboxes, &Container{
ID: ContainerID{Type: runtimeName, ID: *sandbox.Id},
State: SandboxToContainerState(*sandbox.State),
ID: ContainerID{Type: runtimeName, ID: sandbox.Id},
State: SandboxToContainerState(sandbox.State),
})
}
return runningPod
}
// sandboxToContainerState converts runtimeApi.PodSandboxState to
// SandboxToContainerState converts runtimeapi.PodSandboxState to
// kubecontainer.ContainerState.
// This is only needed because we need to return sandboxes as if they were
// kubecontainer.Containers to avoid substantial changes to PLEG.

1
pkg/kubelet/dockershim/BUILD
View File

@@ -49,7 +49,6 @@ go_library(
"//vendor:github.com/docker/engine-api/types/versions",
"//vendor:github.com/docker/go-connections/nat",
"//vendor:github.com/golang/glog",
"//vendor:github.com/golang/protobuf/proto",
],
)

32
pkg/kubelet/dockershim/convert.go
View File

@@ -43,10 +43,10 @@ func imageToRuntimeAPIImage(image *dockertypes.Image) (*runtimeapi.Image, error)
size := uint64(image.VirtualSize)
return &runtimeapi.Image{
Id: &image.ID,
Id: image.ID,
RepoTags: image.RepoTags,
RepoDigests: image.RepoDigests,
Size_: &size,
Size_: size,
}, nil
}
@@ -57,13 +57,17 @@ func imageInspectToRuntimeAPIImage(image *dockertypes.ImageInspect) (*runtimeapi
size := uint64(image.VirtualSize)
runtimeImage := &runtimeapi.Image{
Id: &image.ID,
Id: image.ID,
RepoTags: image.RepoTags,
RepoDigests: image.RepoDigests,
Size_: &size,
Size_: size,
}
runtimeImage.Uid, runtimeImage.Username = getUserFromImageUser(image.Config.User)
uid, username := getUserFromImageUser(image.Config.User)
if uid != nil {
runtimeImage.Uid = &runtimeapi.Int64Value{Value: *uid}
}
runtimeImage.Username = username
return runtimeImage, nil
}
@@ -91,13 +95,13 @@ func toRuntimeAPIContainer(c *dockertypes.Container) (*runtimeapi.Container, err
// The timestamp in dockertypes.Container is in seconds.
createdAt := c.Created * int64(time.Second)
return &runtimeapi.Container{
Id: &c.ID,
PodSandboxId: &sandboxID,
Id: c.ID,
PodSandboxId: sandboxID,
Metadata: metadata,
Image: &runtimeapi.ImageSpec{Image: &c.Image},
ImageRef: &c.ImageID,
State: &state,
CreatedAt: &createdAt,
Image: &runtimeapi.ImageSpec{Image: c.Image},
ImageRef: c.ImageID,
State: state,
CreatedAt: createdAt,
Labels: labels,
Annotations: annotations,
}, nil
@@ -157,10 +161,10 @@ func toRuntimeAPISandbox(c *dockertypes.Container) (*runtimeapi.PodSandbox, erro
// The timestamp in dockertypes.Container is in seconds.
createdAt := c.Created * int64(time.Second)
return &runtimeapi.PodSandbox{
Id: &c.ID,
Id: c.ID,
Metadata: metadata,
State: &state,
CreatedAt: &createdAt,
State: state,
CreatedAt: createdAt,
Labels: labels,
Annotations: annotations,
}, nil

78
pkg/kubelet/dockershim/docker_container.go
View File

@@ -42,14 +42,14 @@ func (ds *dockerService) ListContainers(filter *runtimeapi.ContainerFilter) ([]*
f.AddLabel(containerTypeLabelKey, containerTypeLabelContainer)
if filter != nil {
if filter.Id != nil {
f.Add("id", filter.GetId())
if filter.Id != "" {
f.Add("id", filter.Id)
}
if filter.State != nil {
f.Add("status", toDockerContainerStatus(filter.GetState()))
f.Add("status", toDockerContainerStatus(filter.GetState().State))
}
if filter.PodSandboxId != nil {
f.AddLabel(sandboxIDLabelKey, *filter.PodSandboxId)
if filter.PodSandboxId != "" {
f.AddLabel(sandboxIDLabelKey, filter.PodSandboxId)
}
if filter.LabelSelector != nil {
@@ -87,35 +87,35 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeapi
return "", fmt.Errorf("container config is nil")
}
if sandboxConfig == nil {
return "", fmt.Errorf("sandbox config is nil for container %q", config.Metadata.GetName())
return "", fmt.Errorf("sandbox config is nil for container %q", config.Metadata.Name)
}
labels := makeLabels(config.GetLabels(), config.GetAnnotations())
// Apply a the container type label.
labels[containerTypeLabelKey] = containerTypeLabelContainer
// Write the container log path in the labels.
labels[containerLogPathLabelKey] = filepath.Join(sandboxConfig.GetLogDirectory(), config.GetLogPath())
labels[containerLogPathLabelKey] = filepath.Join(sandboxConfig.LogDirectory, config.LogPath)
// Write the sandbox ID in the labels.
labels[sandboxIDLabelKey] = podSandboxID
image := ""
if iSpec := config.GetImage(); iSpec != nil {
image = iSpec.GetImage()
image = iSpec.Image
}
createConfig := dockertypes.ContainerCreateConfig{
Name: makeContainerName(sandboxConfig, config),
Config: &dockercontainer.Config{
// TODO: set User.
Entrypoint: dockerstrslice.StrSlice(config.GetCommand()),
Cmd: dockerstrslice.StrSlice(config.GetArgs()),
Entrypoint: dockerstrslice.StrSlice(config.Command),
Cmd: dockerstrslice.StrSlice(config.Args),
Env: generateEnvList(config.GetEnvs()),
Image: image,
WorkingDir: config.GetWorkingDir(),
WorkingDir: config.WorkingDir,
Labels: labels,
// Interactive containers:
OpenStdin: config.GetStdin(),
StdinOnce: config.GetStdinOnce(),
Tty: config.GetTty(),
OpenStdin: config.Stdin,
StdinOnce: config.StdinOnce,
Tty: config.Tty,
},
}
@@ -132,13 +132,13 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeapi
rOpts := lc.GetResources()
if rOpts != nil {
hc.Resources = dockercontainer.Resources{
Memory: rOpts.GetMemoryLimitInBytes(),
Memory: rOpts.MemoryLimitInBytes,
MemorySwap: dockertools.DefaultMemorySwap(),
CPUShares: rOpts.GetCpuShares(),
CPUQuota: rOpts.GetCpuQuota(),
CPUPeriod: rOpts.GetCpuPeriod(),
CPUShares: rOpts.CpuShares,
CPUQuota: rOpts.CpuQuota,
CPUPeriod: rOpts.CpuPeriod,
}
hc.OomScoreAdj = int(rOpts.GetOomScoreAdj())
hc.OomScoreAdj = int(rOpts.OomScoreAdj)
}
// Note: ShmSize is handled in kube_docker_client.go
@@ -149,9 +149,9 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeapi
// Apply cgroupsParent derived from the sandbox config.
if lc := sandboxConfig.GetLinux(); lc != nil {
// Apply Cgroup options.
cgroupParent, err := ds.GenerateExpectedCgroupParent(lc.GetCgroupParent())
cgroupParent, err := ds.GenerateExpectedCgroupParent(lc.CgroupParent)
if err != nil {
return "", fmt.Errorf("failed to generate cgroup parent in expected syntax for container %q: %v", config.Metadata.GetName(), err)
return "", fmt.Errorf("failed to generate cgroup parent in expected syntax for container %q: %v", config.Metadata.Name, err)
}
hc.CgroupParent = cgroupParent
}
@@ -160,17 +160,17 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeapi
devices := make([]dockercontainer.DeviceMapping, len(config.Devices))
for i, device := range config.Devices {
devices[i] = dockercontainer.DeviceMapping{
PathOnHost: device.GetHostPath(),
PathInContainer: device.GetContainerPath(),
CgroupPermissions: device.GetPermissions(),
PathOnHost: device.HostPath,
PathInContainer: device.ContainerPath,
CgroupPermissions: device.Permissions,
}
}
hc.Resources.Devices = devices
// Apply appArmor and seccomp options.
securityOpts, err := getContainerSecurityOpts(config.Metadata.GetName(), sandboxConfig, ds.seccompProfileRoot)
securityOpts, err := getContainerSecurityOpts(config.Metadata.Name, sandboxConfig, ds.seccompProfileRoot)
if err != nil {
return "", fmt.Errorf("failed to generate container security options for container %q: %v", config.Metadata.GetName(), err)
return "", fmt.Errorf("failed to generate container security options for container %q: %v", config.Metadata.Name, err)
}
hc.SecurityOpt = append(hc.SecurityOpt, securityOpts...)
@@ -310,9 +310,9 @@ func (ds *dockerService) ContainerStatus(containerID string) (*runtimeapi.Contai
m := r.Mounts[i]
readonly := !m.RW
mounts = append(mounts, &runtimeapi.Mount{
HostPath: &m.Source,
ContainerPath: &m.Destination,
Readonly: &readonly,
HostPath: m.Source,
ContainerPath: m.Destination,
Readonly: readonly,
// Note: Can't set SeLinuxRelabel
})
}
@@ -369,18 +369,18 @@ func (ds *dockerService) ContainerStatus(containerID string) (*runtimeapi.Contai
imageName = ir.RepoTags[0]
}
return &runtimeapi.ContainerStatus{
Id: &r.ID,
Id: r.ID,
Metadata: metadata,
Image: &runtimeapi.ImageSpec{Image: &imageName},
ImageRef: &imageID,
Image: &runtimeapi.ImageSpec{Image: imageName},
ImageRef: imageID,
Mounts: mounts,
ExitCode: &exitCode,
State: &state,
CreatedAt: &ct,
StartedAt: &st,
FinishedAt: &ft,
Reason: &reason,
Message: &message,
ExitCode: exitCode,
State: state,
CreatedAt: ct,
StartedAt: st,
FinishedAt: ft,
Reason: reason,
Message: message,
Labels: labels,
Annotations: annotations,
}, nil

50
pkg/kubelet/dockershim/docker_container_test.go
View File

@@ -32,10 +32,10 @@ import (
func makeContainerConfig(sConfig *runtimeapi.PodSandboxConfig, name, image string, attempt uint32, labels, annotations map[string]string) *runtimeapi.ContainerConfig {
return &runtimeapi.ContainerConfig{
Metadata: &runtimeapi.ContainerMetadata{
Name: &name,
Attempt: &attempt,
Name: name,
Attempt: attempt,
},
Image: &runtimeapi.ImageSpec{Image: &image},
Image: &runtimeapi.ImageSpec{Image: image},
Labels: labels,
Annotations: annotations,
}
@@ -77,12 +77,12 @@ func TestListContainers(t *testing.T) {
// the most recent containers first.
expected = append([]*runtimeapi.Container{{
Metadata: configs[i].Metadata,
Id: &id,
PodSandboxId: &sandboxID,
State: &state,
CreatedAt: &createdAt,
Id: id,
PodSandboxId: sandboxID,
State: state,
CreatedAt: createdAt,
Image: configs[i].Image,
ImageRef: &imageRef,
ImageRef: imageRef,
Labels: configs[i].Labels,
Annotations: configs[i].Annotations,
}}, expected...)
@@ -112,16 +112,16 @@ func TestContainerStatus(t *testing.T) {
var reason, message string
expected := &runtimeapi.ContainerStatus{
State: &state,
CreatedAt: &ct,
StartedAt: &st,
FinishedAt: &ft,
State: state,
CreatedAt: ct,
StartedAt: st,
FinishedAt: ft,
Metadata: config.Metadata,
Image: config.Image,
ImageRef: &imageRef,
ExitCode: &exitCode,
Reason: &reason,
Message: &message,
ImageRef: imageRef,
ExitCode: exitCode,
Reason: reason,
Message: message,
Mounts: []*runtimeapi.Mount{},
Labels: config.Labels,
Annotations: config.Annotations,
@@ -129,7 +129,7 @@ func TestContainerStatus(t *testing.T) {
// Create the container.
fClock.SetTime(time.Now().Add(-1 * time.Hour))
*expected.CreatedAt = fClock.Now().UnixNano()
expected.CreatedAt = fClock.Now().UnixNano()
const sandboxId = "sandboxid"
id, err := ds.CreateContainer(sandboxId, config, sConfig)
@@ -140,7 +140,7 @@ func TestContainerStatus(t *testing.T) {
assert.Equal(t, c.Config.Labels[sandboxIDLabelKey], sandboxId)
// Set the id manually since we don't know the id until it's created.
expected.Id = &id
expected.Id = id
assert.NoError(t, err)
status, err := ds.ContainerStatus(id)
assert.NoError(t, err)
@@ -148,8 +148,8 @@ func TestContainerStatus(t *testing.T) {
// Advance the clock and start the container.
fClock.SetTime(time.Now())
*expected.StartedAt = fClock.Now().UnixNano()
*expected.State = runtimeapi.ContainerState_CONTAINER_RUNNING
expected.StartedAt = fClock.Now().UnixNano()
expected.State = runtimeapi.ContainerState_CONTAINER_RUNNING
err = ds.StartContainer(id)
assert.NoError(t, err)
@@ -158,9 +158,9 @@ func TestContainerStatus(t *testing.T) {
// Advance the clock and stop the container.
fClock.SetTime(time.Now().Add(1 * time.Hour))
*expected.FinishedAt = fClock.Now().UnixNano()
*expected.State = runtimeapi.ContainerState_CONTAINER_EXITED
*expected.Reason = "Completed"
expected.FinishedAt = fClock.Now().UnixNano()
expected.State = runtimeapi.ContainerState_CONTAINER_EXITED
expected.Reason = "Completed"
err = ds.StopContainer(id, 0)
assert.NoError(t, err)
@@ -181,9 +181,9 @@ func TestContainerLogPath(t *testing.T) {
containerLogPath := "0"
kubeletContainerLogPath := filepath.Join(podLogPath, containerLogPath)
sConfig := makeSandboxConfig("foo", "bar", "1", 0)
sConfig.LogDirectory = &podLogPath
sConfig.LogDirectory = podLogPath
config := makeContainerConfig(sConfig, "pause", "iamimage", 0, nil, nil)
config.LogPath = &containerLogPath
config.LogPath = containerLogPath
const sandboxId = "sandboxid"
id, err := ds.CreateContainer(sandboxId, config, sConfig)

28
pkg/kubelet/dockershim/docker_image.go
View File

@@ -29,7 +29,7 @@ func (ds *dockerService) ListImages(filter *runtimeapi.ImageFilter) ([]*runtimea
opts := dockertypes.ImageListOptions{}
if filter != nil {
if imgSpec := filter.GetImage(); imgSpec != nil {
opts.MatchName = imgSpec.GetImage()
opts.MatchName = imgSpec.Image
}
}
@@ -52,7 +52,7 @@ func (ds *dockerService) ListImages(filter *runtimeapi.ImageFilter) ([]*runtimea
// ImageStatus returns the status of the image, returns nil if the image doesn't present.
func (ds *dockerService) ImageStatus(image *runtimeapi.ImageSpec) (*runtimeapi.Image, error) {
imageInspect, err := ds.client.InspectImageByRef(image.GetImage())
imageInspect, err := ds.client.InspectImageByRef(image.Image)
if err != nil {
if dockertools.IsImageNotFoundError(err) {
return nil, nil
@@ -64,21 +64,23 @@ func (ds *dockerService) ImageStatus(image *runtimeapi.ImageSpec) (*runtimeapi.I
// PullImage pulls an image with authentication config.
func (ds *dockerService) PullImage(image *runtimeapi.ImageSpec, auth *runtimeapi.AuthConfig) (string, error) {
err := ds.client.PullImage(image.GetImage(),
dockertypes.AuthConfig{
Username: auth.GetUsername(),
Password: auth.GetPassword(),
ServerAddress: auth.GetServerAddress(),
IdentityToken: auth.GetIdentityToken(),
RegistryToken: auth.GetRegistryToken(),
},
authConfig := dockertypes.AuthConfig{}
if auth != nil {
authConfig.Username = auth.Username
authConfig.Password = auth.Password
authConfig.ServerAddress = auth.ServerAddress
authConfig.IdentityToken = auth.IdentityToken
authConfig.RegistryToken = auth.RegistryToken
}
err := ds.client.PullImage(image.Image,
authConfig,
dockertypes.ImagePullOptions{},
)
if err != nil {
return "", err
}
return dockertools.GetImageRef(ds.client, image.GetImage())
return dockertools.GetImageRef(ds.client, image.Image)
}
// RemoveImage removes the image.
@@ -86,7 +88,7 @@ func (ds *dockerService) RemoveImage(image *runtimeapi.ImageSpec) error {
// If the image has multiple tags, we need to remove all the tags
// TODO: We assume image.Image is image ID here, which is true in the current implementation
// of kubelet, but we should still clarify this in CRI.
imageInspect, err := ds.client.InspectImageByID(image.GetImage())
imageInspect, err := ds.client.InspectImageByID(image.Image)
if err == nil && imageInspect != nil && len(imageInspect.RepoTags) > 1 {
for _, tag := range imageInspect.RepoTags {
if _, err := ds.client.RemoveImage(tag, dockertypes.ImageRemoveOptions{PruneChildren: true}); err != nil {
@@ -96,6 +98,6 @@ func (ds *dockerService) RemoveImage(image *runtimeapi.ImageSpec) error {
return nil
}
_, err = ds.client.RemoveImage(image.GetImage(), dockertypes.ImageRemoveOptions{PruneChildren: true})
_, err = ds.client.RemoveImage(image.Image, dockertypes.ImageRemoveOptions{PruneChildren: true})
return err
}

4
pkg/kubelet/dockershim/docker_image_test.go
View File

@@ -29,7 +29,7 @@ func TestRemoveImage(t *testing.T) {
ds, fakeDocker, _ := newTestDockerService()
id := "1111"
fakeDocker.Image = &dockertypes.ImageInspect{ID: id, RepoTags: []string{"foo"}}
ds.RemoveImage(&runtimeapi.ImageSpec{Image: &id})
ds.RemoveImage(&runtimeapi.ImageSpec{Image: id})
fakeDocker.AssertCallDetails(dockertools.NewCalledDetail("inspect_image", nil),
dockertools.NewCalledDetail("remove_image", []interface{}{id, dockertypes.ImageRemoveOptions{PruneChildren: true}}))
}
@@ -38,7 +38,7 @@ func TestRemoveImageWithMultipleTags(t *testing.T) {
ds, fakeDocker, _ := newTestDockerService()
id := "1111"
fakeDocker.Image = &dockertypes.ImageInspect{ID: id, RepoTags: []string{"foo", "bar"}}
ds.RemoveImage(&runtimeapi.ImageSpec{Image: &id})
ds.RemoveImage(&runtimeapi.ImageSpec{Image: id})
fakeDocker.AssertCallDetails(dockertools.NewCalledDetail("inspect_image", nil),
dockertools.NewCalledDetail("remove_image", []interface{}{"foo", dockertypes.ImageRemoveOptions{PruneChildren: true}}),
dockertools.NewCalledDetail("remove_image", []interface{}{"bar", dockertypes.ImageRemoveOptions{PruneChildren: true}}))

54
pkg/kubelet/dockershim/docker_sandbox.go
View File

@@ -66,13 +66,13 @@ func (ds *dockerService) RunPodSandbox(config *runtimeapi.PodSandboxConfig) (str
// Step 2: Create the sandbox container.
createConfig, err := ds.makeSandboxDockerConfig(config, image)
if err != nil {
return "", fmt.Errorf("failed to make sandbox docker config for pod %q: %v", config.Metadata.GetName(), err)
return "", fmt.Errorf("failed to make sandbox docker config for pod %q: %v", config.Metadata.Name, err)
}
createResp, err := ds.client.CreateContainer(*createConfig)
recoverFromConflictIfNeeded(ds.client, err)
if err != nil || createResp == nil {
return "", fmt.Errorf("failed to create a sandbox for pod %q: %v", config.Metadata.GetName(), err)
return "", fmt.Errorf("failed to create a sandbox for pod %q: %v", config.Metadata.Name, err)
}
// Step 3: Start the sandbox container.
@@ -80,9 +80,9 @@ func (ds *dockerService) RunPodSandbox(config *runtimeapi.PodSandboxConfig) (str
// startContainer failed.
err = ds.client.StartContainer(createResp.ID)
if err != nil {
return createResp.ID, fmt.Errorf("failed to start sandbox container for pod %q: %v", config.Metadata.GetName(), err)
return createResp.ID, fmt.Errorf("failed to start sandbox container for pod %q: %v", config.Metadata.Name, err)
}
if config.GetLinux().GetSecurityContext().GetNamespaceOptions().GetHostNetwork() {
if nsOptions := config.GetLinux().GetSecurityContext().GetNamespaceOptions(); nsOptions != nil && nsOptions.HostNetwork {
return createResp.ID, nil
}
@@ -94,7 +94,7 @@ func (ds *dockerService) RunPodSandbox(config *runtimeapi.PodSandboxConfig) (str
// on the host as well, to satisfy parts of the pod spec that aren't
// recognized by the CNI standard yet.
cID := kubecontainer.BuildContainerID(runtimeName, createResp.ID)
err = ds.networkPlugin.SetUpPod(config.GetMetadata().GetNamespace(), config.GetMetadata().GetName(), cID)
err = ds.networkPlugin.SetUpPod(config.GetMetadata().Namespace, config.GetMetadata().Name, cID)
// TODO: Do we need to teardown on failure or can we rely on a StopPodSandbox call with the given ID?
return createResp.ID, err
}
@@ -109,16 +109,16 @@ func (ds *dockerService) StopPodSandbox(podSandboxID string) error {
if err != nil {
return fmt.Errorf("Failed to get sandbox status: %v", err)
}
if !status.GetLinux().GetNamespaces().GetOptions().GetHostNetwork() {
if nsOpts := status.GetLinux().GetNamespaces().GetOptions(); nsOpts != nil && !nsOpts.HostNetwork {
m := status.GetMetadata()
cID := kubecontainer.BuildContainerID(runtimeName, podSandboxID)
if err := ds.networkPlugin.TearDownPod(m.GetNamespace(), m.GetName(), cID); err != nil {
if err := ds.networkPlugin.TearDownPod(m.Namespace, m.Name, cID); err != nil {
// TODO: Figure out a way to retry this error. We can't
// right now because the plugin throws errors when it doesn't find
// eth0, which might not exist for various reasons (setup failed,
// conf changed etc). In theory, it should teardown everything else
// so there's no need to retry.
glog.Errorf("Failed to teardown sandbox %v for pod %v/%v: %v", m.GetNamespace(), m.GetName(), podSandboxID, err)
glog.Errorf("Failed to teardown sandbox %v for pod %v/%v: %v", m.Namespace, m.Name, podSandboxID, err)
}
}
return ds.client.StopContainer(podSandboxID, defaultSandboxGracePeriod)
@@ -138,12 +138,12 @@ func (ds *dockerService) getIPFromPlugin(sandbox *dockertypes.ContainerJSON) (st
if err != nil {
return "", err
}
msg := fmt.Sprintf("Couldn't find network status for %s/%s through plugin", *metadata.Namespace, *metadata.Name)
msg := fmt.Sprintf("Couldn't find network status for %s/%s through plugin", metadata.Namespace, metadata.Name)
if sharesHostNetwork(sandbox) {
return "", fmt.Errorf("%v: not responsible for host-network sandboxes", msg)
}
cID := kubecontainer.BuildContainerID(runtimeName, sandbox.ID)
networkStatus, err := ds.networkPlugin.GetPodNetworkStatus(*metadata.Namespace, *metadata.Name, cID)
networkStatus, err := ds.networkPlugin.GetPodNetworkStatus(metadata.Namespace, metadata.Name, cID)
if err != nil {
// This might be a sandbox that somehow ended up without a default
// interface (eth0). We can't distinguish this from a more serious
@@ -203,7 +203,7 @@ func (ds *dockerService) PodSandboxStatus(podSandboxID string) (*runtimeapi.PodS
if err != nil {
return nil, err
}
network := &runtimeapi.PodSandboxNetworkStatus{Ip: &IP}
network := &runtimeapi.PodSandboxNetworkStatus{Ip: IP}
netNS := getNetworkNamespace(r)
metadata, err := parseSandboxName(r.Name)
@@ -213,18 +213,18 @@ func (ds *dockerService) PodSandboxStatus(podSandboxID string) (*runtimeapi.PodS
hostNetwork := sharesHostNetwork(r)
labels, annotations := extractLabels(r.Config.Labels)
return &runtimeapi.PodSandboxStatus{
Id: &r.ID,
State: &state,
CreatedAt: &ct,
Id: r.ID,
State: state,
CreatedAt: ct,
Metadata: metadata,
Labels: labels,
Annotations: annotations,
Network: network,
Linux: &runtimeapi.LinuxPodSandboxStatus{
Namespaces: &runtimeapi.Namespace{
Network: &netNS,
Network: netNS,
Options: &runtimeapi.NamespaceOption{
HostNetwork: &hostNetwork,
HostNetwork: hostNetwork,
},
},
},
@@ -243,11 +243,11 @@ func (ds *dockerService) ListPodSandbox(filter *runtimeapi.PodSandboxFilter) ([]
f.AddLabel(containerTypeLabelKey, containerTypeLabelSandbox)
if filter != nil {
if filter.Id != nil {
f.Add("id", filter.GetId())
if filter.Id != "" {
f.Add("id", filter.Id)
}
if filter.State != nil {
if filter.GetState() == runtimeapi.PodSandboxState_SANDBOX_READY {
if filter.GetState().State == runtimeapi.PodSandboxState_SANDBOX_READY {
// Only list running containers.
opts.All = false
} else {
@@ -280,7 +280,7 @@ func (ds *dockerService) ListPodSandbox(filter *runtimeapi.PodSandboxFilter) ([]
glog.V(4).Infof("Unable to convert docker to runtime API sandbox: %v", err)
continue
}
if filterOutReadySandboxes && converted.GetState() == runtimeapi.PodSandboxState_SANDBOX_READY {
if filterOutReadySandboxes && converted.State == runtimeapi.PodSandboxState_SANDBOX_READY {
continue
}
@@ -292,7 +292,7 @@ func (ds *dockerService) ListPodSandbox(filter *runtimeapi.PodSandboxFilter) ([]
// applySandboxLinuxOptions applies LinuxPodSandboxConfig to dockercontainer.HostConfig and dockercontainer.ContainerCreateConfig.
func (ds *dockerService) applySandboxLinuxOptions(hc *dockercontainer.HostConfig, lc *runtimeapi.LinuxPodSandboxConfig, createConfig *dockertypes.ContainerCreateConfig, image string) error {
// Apply Cgroup options.
cgroupParent, err := ds.GenerateExpectedCgroupParent(lc.GetCgroupParent())
cgroupParent, err := ds.GenerateExpectedCgroupParent(lc.CgroupParent)
if err != nil {
return err
}
@@ -317,7 +317,7 @@ func (ds *dockerService) makeSandboxDockerConfig(c *runtimeapi.PodSandboxConfig,
createConfig := &dockertypes.ContainerCreateConfig{
Name: makeSandboxName(c),
Config: &dockercontainer.Config{
Hostname: c.GetHostname(),
Hostname: c.Hostname,
// TODO: Handle environment variables.
Image: image,
Labels: labels,
@@ -328,7 +328,7 @@ func (ds *dockerService) makeSandboxDockerConfig(c *runtimeapi.PodSandboxConfig,
// Set sysctls if requested
sysctls, err := getSysctlsFromAnnotations(c.Annotations)
if err != nil {
return nil, fmt.Errorf("failed to get sysctls from annotations %v for sandbox %q: %v", c.Annotations, c.Metadata.GetName(), err)
return nil, fmt.Errorf("failed to get sysctls from annotations %v for sandbox %q: %v", c.Annotations, c.Metadata.Name, err)
}
hc.Sysctls = sysctls
@@ -346,9 +346,9 @@ func (ds *dockerService) makeSandboxDockerConfig(c *runtimeapi.PodSandboxConfig,
// Set DNS options.
if dnsConfig := c.GetDnsConfig(); dnsConfig != nil {
hc.DNS = dnsConfig.GetServers()
hc.DNSSearch = dnsConfig.GetSearches()
hc.DNSOptions = dnsConfig.GetOptions()
hc.DNS = dnsConfig.Servers
hc.DNSSearch = dnsConfig.Searches
hc.DNSOptions = dnsConfig.Options
}
// Apply resource options.
@@ -357,7 +357,7 @@ func (ds *dockerService) makeSandboxDockerConfig(c *runtimeapi.PodSandboxConfig,
// Set security options.
securityOpts, err := getSandboxSecurityOpts(c, ds.seccompProfileRoot)
if err != nil {
return nil, fmt.Errorf("failed to generate sandbox security options for sandbox %q: %v", c.Metadata.GetName(), err)
return nil, fmt.Errorf("failed to generate sandbox security options for sandbox %q: %v", c.Metadata.Name, err)
}
hc.SecurityOpt = append(hc.SecurityOpt, securityOpts...)
return createConfig, nil

30
pkg/kubelet/dockershim/docker_sandbox_test.go
View File

@@ -37,10 +37,10 @@ func makeSandboxConfig(name, namespace, uid string, attempt uint32) *runtimeapi.
func makeSandboxConfigWithLabelsAndAnnotations(name, namespace, uid string, attempt uint32, labels, annotations map[string]string) *runtimeapi.PodSandboxConfig {
return &runtimeapi.PodSandboxConfig{
Metadata: &runtimeapi.PodSandboxMetadata{
Name: &name,
Namespace: &namespace,
Uid: &uid,
Attempt: &attempt,
Name: name,
Namespace: namespace,
Uid: uid,
Attempt: attempt,
},
Labels: labels,
Annotations: annotations,
@@ -72,9 +72,9 @@ func TestListSandboxes(t *testing.T) {
// the most recent sandbox first.
expected = append([]*runtimeapi.PodSandbox{{
Metadata: configs[i].Metadata,
Id: &id,
State: &state,
CreatedAt: &createdAt,
Id: id,
State: state,
CreatedAt: createdAt,
Labels: configs[i].Labels,
Annotations: configs[i].Annotations,
}}, expected...)
@@ -102,18 +102,18 @@ func TestSandboxStatus(t *testing.T) {
ct := int64(0)
hostNetwork := false
expected := &runtimeapi.PodSandboxStatus{
State: &state,
CreatedAt: &ct,
State: state,
CreatedAt: ct,
Metadata: config.Metadata,
Network: &runtimeapi.PodSandboxNetworkStatus{Ip: &fakeIP},
Linux: &runtimeapi.LinuxPodSandboxStatus{Namespaces: &runtimeapi.Namespace{Network: &fakeNS, Options: &runtimeapi.NamespaceOption{HostNetwork: &hostNetwork}}},
Network: &runtimeapi.PodSandboxNetworkStatus{Ip: fakeIP},
Linux: &runtimeapi.LinuxPodSandboxStatus{Namespaces: &runtimeapi.Namespace{Network: fakeNS, Options: &runtimeapi.NamespaceOption{HostNetwork: hostNetwork}}},
Labels: labels,
Annotations: annotations,
}
// Create the sandbox.
fClock.SetTime(time.Now())
*expected.CreatedAt = fClock.Now().UnixNano()
expected.CreatedAt = fClock.Now().UnixNano()
id, err := ds.RunPodSandbox(config)
// Check internal labels
@@ -122,13 +122,13 @@ func TestSandboxStatus(t *testing.T) {
assert.Equal(t, c.Config.Labels[containerTypeLabelKey], containerTypeLabelSandbox)
assert.Equal(t, c.Config.Labels[types.KubernetesContainerNameLabel], sandboxContainerName)
expected.Id = &id // ID is only known after the creation.
expected.Id = id // ID is only known after the creation.
status, err := ds.PodSandboxStatus(id)
assert.NoError(t, err)
assert.Equal(t, expected, status)
// Stop the sandbox.
*expected.State = runtimeapi.PodSandboxState_SANDBOX_NOTREADY
expected.State = runtimeapi.PodSandboxState_SANDBOX_NOTREADY
err = ds.StopPodSandbox(id)
assert.NoError(t, err)
status, err = ds.PodSandboxStatus(id)
@@ -189,7 +189,7 @@ func TestHostNetworkPluginInvocation(t *testing.T) {
c.Linux = &runtimeapi.LinuxPodSandboxConfig{
SecurityContext: &runtimeapi.LinuxSandboxSecurityContext{
NamespaceOptions: &runtimeapi.NamespaceOption{
HostNetwork: &hostNetwork,
HostNetwork: hostNetwork,
},
},
}

33
pkg/kubelet/dockershim/docker_service.go
View File

@@ -21,7 +21,6 @@ import (
"net/http"
"github.com/golang/glog"
"github.com/golang/protobuf/proto"
"k8s.io/kubernetes/pkg/apis/componentconfig"
internalapi "k8s.io/kubernetes/pkg/kubelet/api"
@@ -191,10 +190,10 @@ func (ds *dockerService) Version(_ string) (*runtimeapi.VersionResponse, error)
// suffix to remedy this.
apiVersion := fmt.Sprintf("%s.0", v.APIVersion)
return &runtimeapi.VersionResponse{
Version: &runtimeAPIVersion,
RuntimeName: &name,
RuntimeVersion: &v.Version,
RuntimeApiVersion: &apiVersion,
Version: runtimeAPIVersion,
RuntimeName: name,
RuntimeVersion: v.Version,
RuntimeApiVersion: apiVersion,
}, nil
}
@@ -204,9 +203,9 @@ func (ds *dockerService) UpdateRuntimeConfig(runtimeConfig *runtimeapi.RuntimeCo
return
}
glog.Infof("docker cri received runtime config %+v", runtimeConfig)
if ds.networkPlugin != nil && runtimeConfig.NetworkConfig.PodCidr != nil {
if ds.networkPlugin != nil && runtimeConfig.NetworkConfig.PodCidr != "" {
event := make(map[string]interface{})
event[network.NET_PLUGIN_EVENT_POD_CIDR_CHANGE_DETAIL_CIDR] = *runtimeConfig.NetworkConfig.PodCidr
event[network.NET_PLUGIN_EVENT_POD_CIDR_CHANGE_DETAIL_CIDR] = runtimeConfig.NetworkConfig.PodCidr
ds.networkPlugin.Event(network.NET_PLUGIN_EVENT_POD_CIDR_CHANGE, event)
}
return
@@ -246,23 +245,23 @@ func (ds *dockerService) Start() error {
// TODO(random-liu): Set network condition accordingly here.
func (ds *dockerService) Status() (*runtimeapi.RuntimeStatus, error) {
runtimeReady := &runtimeapi.RuntimeCondition{
Type: proto.String(runtimeapi.RuntimeReady),
Status: proto.Bool(true),
Type: runtimeapi.RuntimeReady,
Status: true,
}
networkReady := &runtimeapi.RuntimeCondition{
Type: proto.String(runtimeapi.NetworkReady),
Status: proto.Bool(true),
Type: runtimeapi.NetworkReady,
Status: true,
}
conditions := []*runtimeapi.RuntimeCondition{runtimeReady, networkReady}
if _, err := ds.client.Version(); err != nil {
runtimeReady.Status = proto.Bool(false)
runtimeReady.Reason = proto.String("DockerDaemonNotReady")
runtimeReady.Message = proto.String(fmt.Sprintf("docker: failed to get docker version: %v", err))
runtimeReady.Status = false
runtimeReady.Reason = "DockerDaemonNotReady"
runtimeReady.Message = fmt.Sprintf("docker: failed to get docker version: %v", err)
}
if err := ds.networkPlugin.Status(); err != nil {
networkReady.Status = proto.Bool(false)
networkReady.Reason = proto.String("NetworkPluginNotReady")
networkReady.Message = proto.String(fmt.Sprintf("docker: network plugin is not ready: %v", err))
networkReady.Status = false
networkReady.Reason = "NetworkPluginNotReady"
networkReady.Message = fmt.Sprintf("docker: network plugin is not ready: %v", err)
}
return &runtimeapi.RuntimeStatus{Conditions: conditions}, nil
}

4
pkg/kubelet/dockershim/docker_service_test.go
View File

@@ -53,8 +53,8 @@ func TestStatus(t *testing.T) {
assert.Equal(t, len(expected), len(conditions))
for k, v := range expected {
for _, c := range conditions {
if k == c.GetType() {
assert.Equal(t, v, c.GetStatus())
if k == c.Type {
assert.Equal(t, v, c.Status)
}
}
}

6
pkg/kubelet/dockershim/docker_streaming.go
View File

@@ -86,7 +86,7 @@ func (ds *dockerService) Exec(req *runtimeapi.ExecRequest) (*runtimeapi.ExecResp
if ds.streamingServer == nil {
return nil, streaming.ErrorStreamingDisabled("exec")
}
_, err := checkContainerStatus(ds.client, req.GetContainerId())
_, err := checkContainerStatus(ds.client, req.ContainerId)
if err != nil {
return nil, err
}
@@ -98,7 +98,7 @@ func (ds *dockerService) Attach(req *runtimeapi.AttachRequest) (*runtimeapi.Atta
if ds.streamingServer == nil {
return nil, streaming.ErrorStreamingDisabled("attach")
}
_, err := checkContainerStatus(ds.client, req.GetContainerId())
_, err := checkContainerStatus(ds.client, req.ContainerId)
if err != nil {
return nil, err
}
@@ -110,7 +110,7 @@ func (ds *dockerService) PortForward(req *runtimeapi.PortForwardRequest) (*runti
if ds.streamingServer == nil {
return nil, streaming.ErrorStreamingDisabled("port forward")
}
_, err := checkContainerStatus(ds.client, req.GetPodSandboxId())
_, err := checkContainerStatus(ds.client, req.PodSandboxId)
if err != nil {
return nil, err
}

24
pkg/kubelet/dockershim/helpers.go
View File

@@ -64,7 +64,7 @@ func (v apiVersion) Compare(other string) (int, error) {
// '<key>=<value>', which can be understood by docker.
func generateEnvList(envs []*runtimeapi.KeyValue) (result []string) {
for _, env := range envs {
result = append(result, fmt.Sprintf("%s=%s", env.GetKey(), env.GetValue()))
result = append(result, fmt.Sprintf("%s=%s", env.Key, env.Value))
}
return
}
@@ -129,8 +129,8 @@ func extractLabels(input map[string]string) (map[string]string, map[string]strin
// relabeling and the pod provides an SELinux label
func generateMountBindings(mounts []*runtimeapi.Mount) (result []string) {
for _, m := range mounts {
bind := fmt.Sprintf("%s:%s", m.GetHostPath(), m.GetContainerPath())
readOnly := m.GetReadonly()
bind := fmt.Sprintf("%s:%s", m.HostPath, m.ContainerPath)
readOnly := m.Readonly
if readOnly {
bind += ":ro"
}
@@ -138,7 +138,7 @@ func generateMountBindings(mounts []*runtimeapi.Mount) (result []string) {
// does not provide an SELinux context relabeling will label the volume with
// the container's randomly allocated MCS label. This would restrict access
// to the volume to the container which mounts it first.
if m.GetSelinuxRelabel() {
if m.SelinuxRelabel {
if readOnly {
bind += ",Z"
} else {
@@ -154,16 +154,16 @@ func makePortsAndBindings(pm []*runtimeapi.PortMapping) (map[dockernat.Port]stru
exposedPorts := map[dockernat.Port]struct{}{}
portBindings := map[dockernat.Port][]dockernat.PortBinding{}
for _, port := range pm {
exteriorPort := port.GetHostPort()
exteriorPort := port.HostPort
if exteriorPort == 0 {
// No need to do port binding when HostPort is not specified
continue
}
interiorPort := port.GetContainerPort()
interiorPort := port.ContainerPort
// Some of this port stuff is under-documented voodoo.
// See http://stackoverflow.com/questions/20428302/binding-a-port-to-a-host-interface-using-the-rest-api
var protocol string
switch strings.ToUpper(string(port.GetProtocol())) {
switch strings.ToUpper(string(port.Protocol)) {
case "UDP":
protocol = "/udp"
case "TCP":
@@ -178,7 +178,7 @@ func makePortsAndBindings(pm []*runtimeapi.PortMapping) (map[dockernat.Port]stru
hostBinding := dockernat.PortBinding{
HostPort: strconv.Itoa(int(exteriorPort)),
HostIP: port.GetHostIp(),
HostIP: port.HostIp,
}
// Allow multiple host ports bind to same docker port
@@ -272,20 +272,20 @@ func (f *dockerFilter) AddLabel(key, value string) {
// getUserFromImageUser gets uid or user name of the image user.
// If user is numeric, it will be treated as uid; or else, it is treated as user name.
func getUserFromImageUser(imageUser string) (*int64, *string) {
func getUserFromImageUser(imageUser string) (*int64, string) {
user := dockertools.GetUserFromImageUser(imageUser)
// return both nil if user is not specified in the image.
if user == "" {
return nil, nil
return nil, ""
}
// user could be either uid or user name. Try to interpret as numeric uid.
uid, err := strconv.ParseInt(user, 10, 64)
if err != nil {
// If user is non numeric, assume it's user name.
return nil, &user
return nil, user
}
// If user is a numeric uid.
return &uid, nil
return &uid, ""
}
// See #33189. If the previous attempt to create a sandbox container name FOO

7
pkg/kubelet/dockershim/helpers_test.go
View File

@@ -192,11 +192,10 @@ func TestGetSystclsFromAnnotations(t *testing.T) {
// TestGetUserFromImageUser tests the logic of getting image uid or user name of image user.
func TestGetUserFromImageUser(t *testing.T) {
newI64 := func(i int64) *int64 { return &i }
newStr := func(s string) *string { return &s }
for c, test := range map[string]struct {
user string
uid *int64
name *string
name string
}{
"no gid": {
user: "0",
@@ -215,11 +214,11 @@ func TestGetUserFromImageUser(t *testing.T) {
},
"root username": {
user: "root:root",
name: newStr("root"),
name: "root",
},
"username": {
user: "test:test",
name: newStr("test"),
name: "test",
},
} {
t.Logf("TestCase - %q", c)

36
pkg/kubelet/dockershim/naming.go
View File

@@ -57,23 +57,23 @@ const (
func makeSandboxName(s *runtimeapi.PodSandboxConfig) string {
return strings.Join([]string{
kubePrefix, // 0
sandboxContainerName, // 1
s.Metadata.GetName(), // 2
s.Metadata.GetNamespace(), // 3
s.Metadata.GetUid(), // 4
fmt.Sprintf("%d", s.Metadata.GetAttempt()), // 5
kubePrefix, // 0
sandboxContainerName, // 1
s.Metadata.Name, // 2
s.Metadata.Namespace, // 3
s.Metadata.Uid, // 4
fmt.Sprintf("%d", s.Metadata.Attempt), // 5
}, nameDelimiter)
}
func makeContainerName(s *runtimeapi.PodSandboxConfig, c *runtimeapi.ContainerConfig) string {
return strings.Join([]string{
kubePrefix, // 0
c.Metadata.GetName(), // 1:
s.Metadata.GetName(), // 2: sandbox name
s.Metadata.GetNamespace(), // 3: sandbox namesapce
s.Metadata.GetUid(), // 4 sandbox uid
fmt.Sprintf("%d", c.Metadata.GetAttempt()), // 5
kubePrefix, // 0
c.Metadata.Name, // 1:
s.Metadata.Name, // 2: sandbox name
s.Metadata.Namespace, // 3: sandbox namesapce
s.Metadata.Uid, // 4 sandbox uid
fmt.Sprintf("%d", c.Metadata.Attempt), // 5
}, nameDelimiter)
}
@@ -105,10 +105,10 @@ func parseSandboxName(name string) (*runtimeapi.PodSandboxMetadata, error) {
}
return &runtimeapi.PodSandboxMetadata{
Name: &parts[2],
Namespace: &parts[3],
Uid: &parts[4],
Attempt: &attempt,
Name: parts[2],
Namespace: parts[3],
Uid: parts[4],
Attempt: attempt,
}, nil
}
@@ -131,7 +131,7 @@ func parseContainerName(name string) (*runtimeapi.ContainerMetadata, error) {
}
return &runtimeapi.ContainerMetadata{
Name: &parts[1],
Attempt: &attempt,
Name: parts[1],
Attempt: attempt,
}, nil
}

4
pkg/kubelet/dockershim/naming_test.go
View File

@@ -55,8 +55,8 @@ func TestContainerNameRoundTrip(t *testing.T) {
name, attempt := "pause", uint32(5)
config := &runtimeapi.ContainerConfig{
Metadata: &runtimeapi.ContainerMetadata{
Name: &name,
Attempt: &attempt,
Name: name,
Attempt: attempt,
},
}
actualName := makeContainerName(sConfig, config)

28
pkg/kubelet/dockershim/remote/docker_service.go
View File

@@ -47,7 +47,7 @@ func NewDockerService(s dockershim.DockerService) DockerService {
}
func (d *dockerService) Version(ctx context.Context, r *runtimeapi.VersionRequest) (*runtimeapi.VersionResponse, error) {
return d.runtimeService.Version(r.GetVersion())
return d.runtimeService.Version(r.Version)
}
func (d *dockerService) Status(ctx context.Context, r *runtimeapi.StatusRequest) (*runtimeapi.StatusResponse, error) {
@@ -63,11 +63,11 @@ func (d *dockerService) RunPodSandbox(ctx context.Context, r *runtimeapi.RunPodS
if err != nil {
return nil, err
}
return &runtimeapi.RunPodSandboxResponse{PodSandboxId: &podSandboxId}, nil
return &runtimeapi.RunPodSandboxResponse{PodSandboxId: podSandboxId}, nil
}
func (d *dockerService) StopPodSandbox(ctx context.Context, r *runtimeapi.StopPodSandboxRequest) (*runtimeapi.StopPodSandboxResponse, error) {
err := d.runtimeService.StopPodSandbox(r.GetPodSandboxId())
err := d.runtimeService.StopPodSandbox(r.PodSandboxId)
if err != nil {
return nil, err
}
@@ -75,7 +75,7 @@ func (d *dockerService) StopPodSandbox(ctx context.Context, r *runtimeapi.StopPo
}
func (d *dockerService) RemovePodSandbox(ctx context.Context, r *runtimeapi.RemovePodSandboxRequest) (*runtimeapi.RemovePodSandboxResponse, error) {
err := d.runtimeService.RemovePodSandbox(r.GetPodSandboxId())
err := d.runtimeService.RemovePodSandbox(r.PodSandboxId)
if err != nil {
return nil, err
}
@@ -83,7 +83,7 @@ func (d *dockerService) RemovePodSandbox(ctx context.Context, r *runtimeapi.Remo
}
func (d *dockerService) PodSandboxStatus(ctx context.Context, r *runtimeapi.PodSandboxStatusRequest) (*runtimeapi.PodSandboxStatusResponse, error) {
podSandboxStatus, err := d.runtimeService.PodSandboxStatus(r.GetPodSandboxId())
podSandboxStatus, err := d.runtimeService.PodSandboxStatus(r.PodSandboxId)
if err != nil {
return nil, err
}
@@ -99,15 +99,15 @@ func (d *dockerService) ListPodSandbox(ctx context.Context, r *runtimeapi.ListPo
}
func (d *dockerService) CreateContainer(ctx context.Context, r *runtimeapi.CreateContainerRequest) (*runtimeapi.CreateContainerResponse, error) {
containerId, err := d.runtimeService.CreateContainer(r.GetPodSandboxId(), r.GetConfig(), r.GetSandboxConfig())
containerId, err := d.runtimeService.CreateContainer(r.PodSandboxId, r.GetConfig(), r.GetSandboxConfig())
if err != nil {
return nil, err
}
return &runtimeapi.CreateContainerResponse{ContainerId: &containerId}, nil
return &runtimeapi.CreateContainerResponse{ContainerId: containerId}, nil
}
func (d *dockerService) StartContainer(ctx context.Context, r *runtimeapi.StartContainerRequest) (*runtimeapi.StartContainerResponse, error) {
err := d.runtimeService.StartContainer(r.GetContainerId())
err := d.runtimeService.StartContainer(r.ContainerId)
if err != nil {
return nil, err
}
@@ -115,7 +115,7 @@ func (d *dockerService) StartContainer(ctx context.Context, r *runtimeapi.StartC
}
func (d *dockerService) StopContainer(ctx context.Context, r *runtimeapi.StopContainerRequest) (*runtimeapi.StopContainerResponse, error) {
err := d.runtimeService.StopContainer(r.GetContainerId(), r.GetTimeout())
err := d.runtimeService.StopContainer(r.ContainerId, r.Timeout)
if err != nil {
return nil, err
}
@@ -123,7 +123,7 @@ func (d *dockerService) StopContainer(ctx context.Context, r *runtimeapi.StopCon
}
func (d *dockerService) RemoveContainer(ctx context.Context, r *runtimeapi.RemoveContainerRequest) (*runtimeapi.RemoveContainerResponse, error) {
err := d.runtimeService.RemoveContainer(r.GetContainerId())
err := d.runtimeService.RemoveContainer(r.ContainerId)
if err != nil {
return nil, err
}
@@ -139,7 +139,7 @@ func (d *dockerService) ListContainers(ctx context.Context, r *runtimeapi.ListCo
}
func (d *dockerService) ContainerStatus(ctx context.Context, r *runtimeapi.ContainerStatusRequest) (*runtimeapi.ContainerStatusResponse, error) {
status, err := d.runtimeService.ContainerStatus(r.GetContainerId())
status, err := d.runtimeService.ContainerStatus(r.ContainerId)
if err != nil {
return nil, err
}
@@ -147,7 +147,7 @@ func (d *dockerService) ContainerStatus(ctx context.Context, r *runtimeapi.Conta
}
func (d *dockerService) ExecSync(ctx context.Context, r *runtimeapi.ExecSyncRequest) (*runtimeapi.ExecSyncResponse, error) {
stdout, stderr, err := d.runtimeService.ExecSync(r.GetContainerId(), r.GetCmd(), time.Duration(r.GetTimeout())*time.Second)
stdout, stderr, err := d.runtimeService.ExecSync(r.ContainerId, r.Cmd, time.Duration(r.Timeout)*time.Second)
var exitCode int32
if err != nil {
exitError, ok := err.(utilexec.ExitError)
@@ -159,7 +159,7 @@ func (d *dockerService) ExecSync(ctx context.Context, r *runtimeapi.ExecSyncRequ
return &runtimeapi.ExecSyncResponse{
Stdout: stdout,
Stderr: stderr,
ExitCode: &exitCode,
ExitCode: exitCode,
}, nil
}
@@ -204,7 +204,7 @@ func (d *dockerService) PullImage(ctx context.Context, r *runtimeapi.PullImageRe
if err != nil {
return nil, err
}
return &runtimeapi.PullImageResponse{ImageRef: &image}, nil
return &runtimeapi.PullImageResponse{ImageRef: image}, nil
}
func (d *dockerService) RemoveImage(ctx context.Context, r *runtimeapi.RemoveImageRequest) (*runtimeapi.RemoveImageResponse, error) {

38
pkg/kubelet/dockershim/security_context.go
View File

@@ -69,10 +69,10 @@ func modifyContainerConfig(sc *runtimeapi.LinuxContainerSecurityContext, config
return
}
if sc.RunAsUser != nil {
config.User = strconv.FormatInt(sc.GetRunAsUser(), 10)
config.User = strconv.FormatInt(sc.GetRunAsUser().Value, 10)
}
if sc.RunAsUsername != nil {
config.User = sc.GetRunAsUsername()
if sc.RunAsUsername != "" {
config.User = sc.RunAsUsername
}
}
@@ -88,24 +88,20 @@ func modifyHostConfig(sc *runtimeapi.LinuxContainerSecurityContext, hostConfig *
}
// Apply security context for the container.
if sc.Privileged != nil {
hostConfig.Privileged = sc.GetPrivileged()
}
if sc.ReadonlyRootfs != nil {
hostConfig.ReadonlyRootfs = sc.GetReadonlyRootfs()
}
hostConfig.Privileged = sc.Privileged
hostConfig.ReadonlyRootfs = sc.ReadonlyRootfs
if sc.Capabilities != nil {
hostConfig.CapAdd = sc.GetCapabilities().GetAddCapabilities()
hostConfig.CapDrop = sc.GetCapabilities().GetDropCapabilities()
hostConfig.CapAdd = sc.GetCapabilities().AddCapabilities
hostConfig.CapDrop = sc.GetCapabilities().DropCapabilities
}
if sc.SelinuxOptions != nil {
hostConfig.SecurityOpt = securitycontext.ModifySecurityOptions(
hostConfig.SecurityOpt,
&v1.SELinuxOptions{
User: sc.SelinuxOptions.GetUser(),
Role: sc.SelinuxOptions.GetRole(),
Type: sc.SelinuxOptions.GetType(),
Level: sc.SelinuxOptions.GetLevel(),
User: sc.SelinuxOptions.User,
Role: sc.SelinuxOptions.Role,
Type: sc.SelinuxOptions.Type,
Level: sc.SelinuxOptions.Level,
},
)
}
@@ -114,22 +110,26 @@ func modifyHostConfig(sc *runtimeapi.LinuxContainerSecurityContext, hostConfig *
// modifySandboxNamespaceOptions apply namespace options for sandbox
func modifySandboxNamespaceOptions(nsOpts *runtimeapi.NamespaceOption, hostConfig *dockercontainer.HostConfig, networkPlugin network.NetworkPlugin) {
modifyCommonNamespaceOptions(nsOpts, hostConfig)
modifyHostNetworkOptionForSandbox(nsOpts.GetHostNetwork(), networkPlugin, hostConfig)
modifyHostNetworkOptionForSandbox(nsOpts.HostNetwork, networkPlugin, hostConfig)
}
// modifyContainerNamespaceOptions apply namespace options for container
func modifyContainerNamespaceOptions(nsOpts *runtimeapi.NamespaceOption, sandboxID string, hostConfig *dockercontainer.HostConfig) {
hostNetwork := false
if nsOpts != nil {
hostNetwork = nsOpts.HostNetwork
}
modifyCommonNamespaceOptions(nsOpts, hostConfig)
modifyHostNetworkOptionForContainer(nsOpts.GetHostNetwork(), sandboxID, hostConfig)
modifyHostNetworkOptionForContainer(hostNetwork, sandboxID, hostConfig)
}
// modifyCommonNamespaceOptions apply common namespace options for sandbox and container
func modifyCommonNamespaceOptions(nsOpts *runtimeapi.NamespaceOption, hostConfig *dockercontainer.HostConfig) {
if nsOpts != nil {
if nsOpts.GetHostPid() {
if nsOpts.HostPid {
hostConfig.PidMode = namespaceModeHost
}
if nsOpts.GetHostIpc() {
if nsOpts.HostIpc {
hostConfig.IpcMode = namespaceModeHost
}
}

34
pkg/kubelet/dockershim/security_context_test.go
View File

@@ -30,7 +30,7 @@ import (
func TestModifyContainerConfig(t *testing.T) {
var uid int64 = 123
var username string = "testuser"
var username = "testuser"
cases := []struct {
name string
@@ -40,7 +40,7 @@ func TestModifyContainerConfig(t *testing.T) {
{
name: "container.SecurityContext.RunAsUser set",
sc: &runtimeapi.LinuxContainerSecurityContext{
RunAsUser: &uid,
RunAsUser: &runtimeapi.Int64Value{Value: uid},
},
expected: &dockercontainer.Config{
User: strconv.FormatInt(uid, 10),
@@ -49,7 +49,7 @@ func TestModifyContainerConfig(t *testing.T) {
{
name: "container.SecurityContext.RunAsUsername set",
sc: &runtimeapi.LinuxContainerSecurityContext{
RunAsUsername: &username,
RunAsUsername: username,
},
expected: &dockercontainer.Config{
User: username,
@@ -70,10 +70,9 @@ func TestModifyContainerConfig(t *testing.T) {
}
func TestModifyHostConfig(t *testing.T) {
priv := true
setNetworkHC := &dockercontainer.HostConfig{}
setPrivSC := &runtimeapi.LinuxContainerSecurityContext{}
setPrivSC.Privileged = &priv
setPrivSC.Privileged = true
setPrivHC := &dockercontainer.HostConfig{
Privileged: true,
}
@@ -168,7 +167,7 @@ func TestModifyHostConfigAndNamespaceOptionsForContainer(t *testing.T) {
sandboxID := "sandbox"
sandboxNSMode := fmt.Sprintf("container:%v", sandboxID)
setPrivSC := &runtimeapi.LinuxContainerSecurityContext{}
setPrivSC.Privileged = &priv
setPrivSC.Privileged = priv
setPrivHC := &dockercontainer.HostConfig{
Privileged: true,
IpcMode: dockercontainer.IpcMode(sandboxNSMode),
@@ -235,7 +234,7 @@ func TestModifySandboxNamespaceOptions(t *testing.T) {
{
name: "NamespaceOption.HostNetwork",
nsOpt: &runtimeapi.NamespaceOption{
HostNetwork: &set,
HostNetwork: set,
},
expected: &dockercontainer.HostConfig{
NetworkMode: namespaceModeHost,
@@ -244,7 +243,7 @@ func TestModifySandboxNamespaceOptions(t *testing.T) {
{
name: "NamespaceOption.HostIpc",
nsOpt: &runtimeapi.NamespaceOption{
HostIpc: &set,
HostIpc: set,
},
expected: &dockercontainer.HostConfig{
IpcMode: namespaceModeHost,
@@ -254,7 +253,7 @@ func TestModifySandboxNamespaceOptions(t *testing.T) {
{
name: "NamespaceOption.HostPid",
nsOpt: &runtimeapi.NamespaceOption{
HostPid: &set,
HostPid: set,
},
expected: &dockercontainer.HostConfig{
PidMode: namespaceModeHost,
@@ -281,7 +280,7 @@ func TestModifyContainerNamespaceOptions(t *testing.T) {
{
name: "NamespaceOption.HostNetwork",
nsOpt: &runtimeapi.NamespaceOption{
HostNetwork: &set,
HostNetwork: set,
},
expected: &dockercontainer.HostConfig{
NetworkMode: dockercontainer.NetworkMode(sandboxNSMode),
@@ -292,7 +291,7 @@ func TestModifyContainerNamespaceOptions(t *testing.T) {
{
name: "NamespaceOption.HostIpc",
nsOpt: &runtimeapi.NamespaceOption{
HostIpc: &set,
HostIpc: set,
},
expected: &dockercontainer.HostConfig{
NetworkMode: dockercontainer.NetworkMode(sandboxNSMode),
@@ -302,7 +301,7 @@ func TestModifyContainerNamespaceOptions(t *testing.T) {
{
name: "NamespaceOption.HostPid",
nsOpt: &runtimeapi.NamespaceOption{
HostPid: &set,
HostPid: set,
},
expected: &dockercontainer.HostConfig{
NetworkMode: dockercontainer.NetworkMode(sandboxNSMode),
@@ -318,9 +317,8 @@ func TestModifyContainerNamespaceOptions(t *testing.T) {
}
func fullValidSecurityContext() *runtimeapi.LinuxContainerSecurityContext {
priv := true
return &runtimeapi.LinuxContainerSecurityContext{
Privileged: &priv,
Privileged: true,
Capabilities: inputCapabilities(),
SelinuxOptions: inputSELinuxOptions(),
}
@@ -340,10 +338,10 @@ func inputSELinuxOptions() *runtimeapi.SELinuxOption {
level := "level"
return &runtimeapi.SELinuxOption{
User: &user,
Role: &role,
Type: &stype,
Level: &level,
User: user,
Role: role,
Type: stype,
Level: level,
}
}

2
pkg/kubelet/kuberuntime/fake_kuberuntime_manager.go
View File

@@ -113,7 +113,7 @@ func NewFakeKubeRuntimeManager(runtimeService internalapi.RuntimeService, imageS
}
kubeRuntimeManager.containerGC = NewContainerGC(runtimeService, newFakePodGetter(), kubeRuntimeManager)
kubeRuntimeManager.runtimeName = typedVersion.GetRuntimeName()
kubeRuntimeManager.runtimeName = typedVersion.RuntimeName
kubeRuntimeManager.imagePuller = images.NewImageManager(
kubecontainer.FilterEventRecorder(recorder),
kubeRuntimeManager,

48
pkg/kubelet/kuberuntime/helpers.go
View File

@@ -61,7 +61,7 @@ type podSandboxByCreated []*runtimeapi.PodSandbox
func (p podSandboxByCreated) Len() int { return len(p) }
func (p podSandboxByCreated) Swap(i, j int) { p[i], p[j] = p[j], p[i] }
func (p podSandboxByCreated) Less(i, j int) bool { return p[i].GetCreatedAt() > p[j].GetCreatedAt() }
func (p podSandboxByCreated) Less(i, j int) bool { return p[i].CreatedAt > p[j].CreatedAt }
type containerStatusByCreated []*kubecontainer.ContainerStatus
@@ -100,18 +100,18 @@ func toRuntimeProtocol(protocol v1.Protocol) runtimeapi.Protocol {
// toKubeContainer converts runtimeapi.Container to kubecontainer.Container.
func (m *kubeGenericRuntimeManager) toKubeContainer(c *runtimeapi.Container) (*kubecontainer.Container, error) {
if c == nil || c.Id == nil || c.Image == nil || c.State == nil {
if c == nil || c.Id == "" || c.Image == nil {
return nil, fmt.Errorf("unable to convert a nil pointer to a runtime container")
}
labeledInfo := getContainerInfoFromLabels(c.Labels)
annotatedInfo := getContainerInfoFromAnnotations(c.Annotations)
return &kubecontainer.Container{
ID: kubecontainer.ContainerID{Type: m.runtimeName, ID: c.GetId()},
ID: kubecontainer.ContainerID{Type: m.runtimeName, ID: c.Id},
Name: labeledInfo.ContainerName,
Image: c.Image.GetImage(),
Image: c.Image.Image,
Hash: annotatedInfo.Hash,
State: toKubeContainerState(c.GetState()),
State: toKubeContainerState(c.State),
}, nil
}
@@ -120,34 +120,36 @@ func (m *kubeGenericRuntimeManager) toKubeContainer(c *runtimeapi.Container) (*k
// kubecontainer.Containers to avoid substantial changes to PLEG.
// TODO: Remove this once it becomes obsolete.
func (m *kubeGenericRuntimeManager) sandboxToKubeContainer(s *runtimeapi.PodSandbox) (*kubecontainer.Container, error) {
if s == nil || s.Id == nil || s.State == nil {
if s == nil || s.Id == "" {
return nil, fmt.Errorf("unable to convert a nil pointer to a runtime container")
}
return &kubecontainer.Container{
ID: kubecontainer.ContainerID{Type: m.runtimeName, ID: s.GetId()},
State: kubecontainer.SandboxToContainerState(s.GetState()),
ID: kubecontainer.ContainerID{Type: m.runtimeName, ID: s.Id},
State: kubecontainer.SandboxToContainerState(s.State),
}, nil
}
// getImageUser gets uid or user name that will run the command(s) from image. The function
// guarantees that only one of them is set.
func (m *kubeGenericRuntimeManager) getImageUser(image string) (*int64, *string, error) {
imageStatus, err := m.imageService.ImageStatus(&runtimeapi.ImageSpec{Image: &image})
func (m *kubeGenericRuntimeManager) getImageUser(image string) (*int64, string, error) {
imageStatus, err := m.imageService.ImageStatus(&runtimeapi.ImageSpec{Image: image})
if err != nil {
return nil, nil, err
return nil, "", err
}
if imageStatus != nil && imageStatus.Uid != nil {
// If uid is set, return uid.
return imageStatus.Uid, nil, nil
}
if imageStatus != nil && imageStatus.Username != nil {
// If uid is not set, but user name is set, return user name.
return nil, imageStatus.Username, nil
if imageStatus != nil {
if imageStatus.Uid != nil {
return &imageStatus.GetUid().Value, "", nil
}
if imageStatus.Username != "" {
return nil, imageStatus.Username, nil
}
}
// If non of them is set, treat it as root.
return new(int64), nil, nil
return new(int64), "", nil
}
// isContainerFailed returns true if container has exited and exitcode is not zero.
@@ -226,10 +228,10 @@ func toKubeRuntimeStatus(status *runtimeapi.RuntimeStatus) *kubecontainer.Runtim
conditions := []kubecontainer.RuntimeCondition{}
for _, c := range status.GetConditions() {
conditions = append(conditions, kubecontainer.RuntimeCondition{
Type: kubecontainer.RuntimeConditionType(c.GetType()),
Status: c.GetStatus(),
Reason: c.GetReason(),
Message: c.GetMessage(),
Type: kubecontainer.RuntimeConditionType(c.Type),
Status: c.Status,
Reason: c.Reason,
Message: c.Message,
})
}
return &kubecontainer.RuntimeStatus{Conditions: conditions}

112
pkg/kubelet/kuberuntime/kuberuntime_container.go
View File

@@ -102,9 +102,9 @@ func (m *kubeGenericRuntimeManager) startContainer(podSandboxID string, podSandb
// TODO(random-liu): Remove this after cluster logging supports CRI container log path.
containerMeta := containerConfig.GetMetadata()
sandboxMeta := podSandboxConfig.GetMetadata()
legacySymlink := legacyLogSymlink(containerID, containerMeta.GetName(), sandboxMeta.GetName(),
sandboxMeta.GetNamespace())
containerLog := filepath.Join(podSandboxConfig.GetLogDirectory(), containerConfig.GetLogPath())
legacySymlink := legacyLogSymlink(containerID, containerMeta.Name, sandboxMeta.Name,
sandboxMeta.Namespace)
containerLog := filepath.Join(podSandboxConfig.LogDirectory, containerConfig.LogPath)
if err := m.osInterface.Symlink(containerLog, legacySymlink); err != nil {
glog.Errorf("Failed to create legacy symbolic link %q to container %q log %q: %v",
legacySymlink, containerID, containerLog, err)
@@ -144,8 +144,8 @@ func (m *kubeGenericRuntimeManager) generateContainerConfig(container *v1.Contai
if err := verifyRunAsNonRoot(pod, container, *uid); err != nil {
return nil, err
}
} else {
glog.Warningf("Non-root verification doesn't support non-numeric user (%s)", *username)
} else if username != "" {
glog.Warningf("Non-root verification doesn't support non-numeric user (%s)", username)
}
command, args := kubecontainer.ExpandContainerCommandAndArgs(container, opts.Envs)
@@ -153,21 +153,21 @@ func (m *kubeGenericRuntimeManager) generateContainerConfig(container *v1.Contai
restartCountUint32 := uint32(restartCount)
config := &runtimeapi.ContainerConfig{
Metadata: &runtimeapi.ContainerMetadata{
Name: &container.Name,
Attempt: &restartCountUint32,
Name: container.Name,
Attempt: restartCountUint32,
},
Image: &runtimeapi.ImageSpec{Image: &imageRef},
Image: &runtimeapi.ImageSpec{Image: imageRef},
Command: command,
Args: args,
WorkingDir: &container.WorkingDir,
WorkingDir: container.WorkingDir,
Labels: newContainerLabels(container, pod),
Annotations: newContainerAnnotations(container, pod, restartCount),
Devices: makeDevices(opts),
Mounts: m.makeMounts(opts, container),
LogPath: &containerLogsPath,
Stdin: &container.Stdin,
StdinOnce: &container.StdinOnce,
Tty: &container.TTY,
LogPath: containerLogsPath,
Stdin: container.Stdin,
StdinOnce: container.StdinOnce,
Tty: container.TTY,
Linux: m.generateLinuxContainerConfig(container, pod, uid, username),
}
@@ -176,8 +176,8 @@ func (m *kubeGenericRuntimeManager) generateContainerConfig(container *v1.Contai
for idx := range opts.Envs {
e := opts.Envs[idx]
envs[idx] = &runtimeapi.KeyValue{
Key: &e.Name,
Value: &e.Value,
Key: e.Name,
Value: e.Value,
}
}
config.Envs = envs
@@ -186,7 +186,7 @@ func (m *kubeGenericRuntimeManager) generateContainerConfig(container *v1.Contai
}
// generateLinuxContainerConfig generates linux container config for kubelet runtime v1.
func (m *kubeGenericRuntimeManager) generateLinuxContainerConfig(container *v1.Container, pod *v1.Pod, uid *int64, username *string) *runtimeapi.LinuxContainerConfig {
func (m *kubeGenericRuntimeManager) generateLinuxContainerConfig(container *v1.Container, pod *v1.Pod, uid *int64, username string) *runtimeapi.LinuxContainerConfig {
lc := &runtimeapi.LinuxContainerConfig{
Resources: &runtimeapi.LinuxContainerResources{},
SecurityContext: m.determineEffectiveSecurityContext(pod, container, uid, username),
@@ -209,20 +209,20 @@ func (m *kubeGenericRuntimeManager) generateLinuxContainerConfig(container *v1.C
// of CPU shares.
cpuShares = milliCPUToShares(cpuRequest.MilliValue())
}
lc.Resources.CpuShares = &cpuShares
lc.Resources.CpuShares = cpuShares
if memoryLimit != 0 {
lc.Resources.MemoryLimitInBytes = &memoryLimit
lc.Resources.MemoryLimitInBytes = memoryLimit
}
// Set OOM score of the container based on qos policy. Processes in lower-priority pods should
// be killed first if the system runs out of memory.
lc.Resources.OomScoreAdj = &oomScoreAdj
lc.Resources.OomScoreAdj = oomScoreAdj
if m.cpuCFSQuota {
// if cpuLimit.Amount is nil, then the appropriate default value is returned
// to allow full usage of cpu resource.
cpuQuota, cpuPeriod := milliCPUToQuota(cpuLimit.MilliValue())
lc.Resources.CpuQuota = &cpuQuota
lc.Resources.CpuPeriod = &cpuPeriod
lc.Resources.CpuQuota = cpuQuota
lc.Resources.CpuPeriod = cpuPeriod
}
return lc
@@ -235,9 +235,9 @@ func makeDevices(opts *kubecontainer.RunContainerOptions) []*runtimeapi.Device {
for idx := range opts.Devices {
device := opts.Devices[idx]
devices[idx] = &runtimeapi.Device{
HostPath: &device.PathOnHost,
ContainerPath: &device.PathInContainer,
Permissions: &device.Permissions,
HostPath: device.PathOnHost,
ContainerPath: device.PathInContainer,
Permissions: device.Permissions,
}
}
@@ -252,10 +252,10 @@ func (m *kubeGenericRuntimeManager) makeMounts(opts *kubecontainer.RunContainerO
v := opts.Mounts[idx]
selinuxRelabel := v.SELinuxRelabel && selinux.SELinuxEnabled()
mount := &runtimeapi.Mount{
HostPath: &v.HostPath,
ContainerPath: &v.ContainerPath,
Readonly: &v.ReadOnly,
SelinuxRelabel: &selinuxRelabel,
HostPath: v.HostPath,
ContainerPath: v.ContainerPath,
Readonly: v.ReadOnly,
SelinuxRelabel: selinuxRelabel,
}
volumeMounts = append(volumeMounts, mount)
@@ -277,9 +277,9 @@ func (m *kubeGenericRuntimeManager) makeMounts(opts *kubecontainer.RunContainerO
fs.Close()
selinuxRelabel := selinux.SELinuxEnabled()
volumeMounts = append(volumeMounts, &runtimeapi.Mount{
HostPath: &containerLogPath,
ContainerPath: &container.TerminationMessagePath,
SelinuxRelabel: &selinuxRelabel,
HostPath: containerLogPath,
ContainerPath: container.TerminationMessagePath,
SelinuxRelabel: selinuxRelabel,
})
}
}
@@ -296,7 +296,9 @@ func (m *kubeGenericRuntimeManager) getKubeletContainers(allContainers bool) ([]
}
if !allContainers {
runningState := runtimeapi.ContainerState_CONTAINER_RUNNING
filter.State = &runningState
filter.State = &runtimeapi.ContainerStateValue{
State: runningState,
}
}
containers, err := m.getContainersHelper(filter)
@@ -333,8 +335,8 @@ func getTerminationMessage(status *runtimeapi.ContainerStatus, kubeStatus *kubec
}
for _, mount := range status.Mounts {
if mount.GetContainerPath() == terminationMessagePath {
path := mount.GetHostPath()
if mount.ContainerPath == terminationMessagePath {
path := mount.HostPath
if data, err := ioutil.ReadFile(path); err != nil {
message = fmt.Sprintf("Error on reading termination-log %s: %v", path, err)
} else {
@@ -362,9 +364,9 @@ func (m *kubeGenericRuntimeManager) getPodContainerStatuses(uid kubetypes.UID, n
statuses := make([]*kubecontainer.ContainerStatus, len(containers))
// TODO: optimization: set maximum number of containers per container name to examine.
for i, c := range containers {
status, err := m.runtimeService.ContainerStatus(c.GetId())
status, err := m.runtimeService.ContainerStatus(c.Id)
if err != nil {
glog.Errorf("ContainerStatus for %s error: %v", c.GetId(), err)
glog.Errorf("ContainerStatus for %s error: %v", c.Id, err)
return nil, err
}
@@ -373,24 +375,24 @@ func (m *kubeGenericRuntimeManager) getPodContainerStatuses(uid kubetypes.UID, n
cStatus := &kubecontainer.ContainerStatus{
ID: kubecontainer.ContainerID{
Type: m.runtimeName,
ID: c.GetId(),
ID: c.Id,
},
Name: labeledInfo.ContainerName,
Image: status.Image.GetImage(),
ImageID: status.GetImageRef(),
Image: status.Image.Image,
ImageID: status.ImageRef,
Hash: annotatedInfo.Hash,
RestartCount: annotatedInfo.RestartCount,
State: toKubeContainerState(c.GetState()),
CreatedAt: time.Unix(0, status.GetCreatedAt()),
State: toKubeContainerState(c.State),
CreatedAt: time.Unix(0, status.CreatedAt),
}
if c.GetState() == runtimeapi.ContainerState_CONTAINER_RUNNING {
cStatus.StartedAt = time.Unix(0, status.GetStartedAt())
if c.State == runtimeapi.ContainerState_CONTAINER_RUNNING {
cStatus.StartedAt = time.Unix(0, status.StartedAt)
} else {
cStatus.Reason = status.GetReason()
cStatus.Message = status.GetMessage()
cStatus.ExitCode = int(status.GetExitCode())
cStatus.FinishedAt = time.Unix(0, status.GetFinishedAt())
cStatus.Reason = status.Reason
cStatus.Message = status.Message
cStatus.ExitCode = int(status.ExitCode)
cStatus.FinishedAt = time.Unix(0, status.FinishedAt)
}
tMessage := getTerminationMessage(status, cStatus, annotatedInfo.TerminationMessagePath)
@@ -670,31 +672,31 @@ func (m *kubeGenericRuntimeManager) GetContainerLogs(pod *v1.Pod, containerID ku
// GetExec gets the endpoint the runtime will serve the exec request from.
func (m *kubeGenericRuntimeManager) GetExec(id kubecontainer.ContainerID, cmd []string, stdin, stdout, stderr, tty bool) (*url.URL, error) {
req := &runtimeapi.ExecRequest{
ContainerId: &id.ID,
ContainerId: id.ID,
Cmd: cmd,
Tty: &tty,
Stdin: &stdin,
Tty: tty,
Stdin: stdin,
}
resp, err := m.runtimeService.Exec(req)
if err != nil {
return nil, err
}
return url.Parse(resp.GetUrl())
return url.Parse(resp.Url)
}
// GetAttach gets the endpoint the runtime will serve the attach request from.
func (m *kubeGenericRuntimeManager) GetAttach(id kubecontainer.ContainerID, stdin, stdout, stderr, tty bool) (*url.URL, error) {
req := &runtimeapi.AttachRequest{
ContainerId: &id.ID,
Stdin: &stdin,
Tty: &tty,
ContainerId: id.ID,
Stdin: stdin,
Tty: tty,
}
resp, err := m.runtimeService.Attach(req)
if err != nil {
return nil, err
}
return url.Parse(resp.GetUrl())
return url.Parse(resp.Url)
}
// RunInContainer synchronously executes the command in the container, and returns the output.

4
pkg/kubelet/kuberuntime/kuberuntime_container_test.go
View File

@@ -51,7 +51,7 @@ func TestRemoveContainer(t *testing.T) {
_, fakeContainers := makeAndSetFakePod(t, m, fakeRuntime, pod)
assert.Equal(t, len(fakeContainers), 1)
containerId := fakeContainers[0].GetId()
containerId := fakeContainers[0].Id
fakeOS := m.osInterface.(*containertest.FakeOS)
err = m.removeContainer(containerId)
assert.NoError(t, err)
@@ -61,7 +61,7 @@ func TestRemoveContainer(t *testing.T) {
assert.Equal(t, fakeOS.Removes, []string{expectedContainerLogPath, expectedContainerLogSymlink})
// Verify container is removed
fakeRuntime.AssertCalls([]string{"RemoveContainer"})
containers, err := fakeRuntime.ListContainers(&runtimeapi.ContainerFilter{Id: &containerId})
containers, err := fakeRuntime.ListContainers(&runtimeapi.ContainerFilter{Id: containerId})
assert.NoError(t, err)
assert.Empty(t, containers)
}

18
pkg/kubelet/kuberuntime/kuberuntime_gc.go
View File

@@ -161,21 +161,21 @@ func (cgc *containerGC) evictableContainers(minAge time.Duration) (containersByE
newestGCTime := time.Now().Add(-minAge)
for _, container := range containers {
// Prune out running containers.
if container.GetState() == runtimeapi.ContainerState_CONTAINER_RUNNING {
if container.State == runtimeapi.ContainerState_CONTAINER_RUNNING {
continue
}
createdAt := time.Unix(0, container.GetCreatedAt())
createdAt := time.Unix(0, container.CreatedAt)
if newestGCTime.Before(createdAt) {
continue
}
labeledInfo := getContainerInfoFromLabels(container.Labels)
containerInfo := containerGCInfo{
id: container.GetId(),
name: container.Metadata.GetName(),
id: container.Id,
name: container.Metadata.Name,
createTime: createdAt,
sandboxID: container.GetPodSandboxId(),
sandboxID: container.PodSandboxId,
}
key := evictUnit{
uid: labeledInfo.PodUID,
@@ -256,15 +256,15 @@ func (cgc *containerGC) evictSandboxes(minAge time.Duration) error {
newestGCTime := time.Now().Add(-minAge)
for _, sandbox := range sandboxes {
// Prune out ready sandboxes.
if sandbox.GetState() == runtimeapi.PodSandboxState_SANDBOX_READY {
if sandbox.State == runtimeapi.PodSandboxState_SANDBOX_READY {
continue
}
// Prune out sandboxes that still have containers.
found := false
sandboxID := sandbox.GetId()
sandboxID := sandbox.Id
for _, container := range containers {
if container.GetPodSandboxId() == sandboxID {
if container.PodSandboxId == sandboxID {
found = true
break
}
@@ -274,7 +274,7 @@ func (cgc *containerGC) evictSandboxes(minAge time.Duration) error {
}
// Only garbage collect sandboxes older than sandboxMinGCAge.
createdAt := time.Unix(0, sandbox.GetCreatedAt())
createdAt := time.Unix(0, sandbox.CreatedAt)
if createdAt.After(newestGCTime) {
continue
}

4
pkg/kubelet/kuberuntime/kuberuntime_gc_test.go
View File

@@ -115,7 +115,7 @@ func TestSandboxGC(t *testing.T) {
assert.NoError(t, err)
assert.Len(t, realRemain, len(test.remain))
for _, remain := range test.remain {
status, err := fakeRuntime.PodSandboxStatus(fakeSandboxes[remain].GetId())
status, err := fakeRuntime.PodSandboxStatus(fakeSandboxes[remain].Id)
assert.NoError(t, err)
assert.Equal(t, &fakeSandboxes[remain].PodSandboxStatus, status)
}
@@ -288,7 +288,7 @@ func TestContainerGC(t *testing.T) {
assert.NoError(t, err)
assert.Len(t, realRemain, len(test.remain))
for _, remain := range test.remain {
status, err := fakeRuntime.ContainerStatus(fakeContainers[remain].GetId())
status, err := fakeRuntime.ContainerStatus(fakeContainers[remain].Id)
assert.NoError(t, err)
assert.Equal(t, &fakeContainers[remain].ContainerStatus, status)
}

26
pkg/kubelet/kuberuntime/kuberuntime_image.go
View File

@@ -40,7 +40,7 @@ func (m *kubeGenericRuntimeManager) PullImage(image kubecontainer.ImageSpec, pul
return "", err
}
imgSpec := &runtimeapi.ImageSpec{Image: &img}
imgSpec := &runtimeapi.ImageSpec{Image: img}
creds, withCredentials := keyring.Lookup(repoToPull)
if !withCredentials {
glog.V(3).Infof("Pulling image %q without credentials", img)
@@ -58,12 +58,12 @@ func (m *kubeGenericRuntimeManager) PullImage(image kubecontainer.ImageSpec, pul
for _, currentCreds := range creds {
authConfig := credentialprovider.LazyProvide(currentCreds)
auth := &runtimeapi.AuthConfig{
Username: &authConfig.Username,
Password: &authConfig.Password,
Auth: &authConfig.Auth,
ServerAddress: &authConfig.ServerAddress,
IdentityToken: &authConfig.IdentityToken,
RegistryToken: &authConfig.RegistryToken,
Username: authConfig.Username,
Password: authConfig.Password,
Auth: authConfig.Auth,
ServerAddress: authConfig.ServerAddress,
IdentityToken: authConfig.IdentityToken,
RegistryToken: authConfig.RegistryToken,
}
imageRef, err := m.imageService.PullImage(imgSpec, auth)
@@ -81,7 +81,7 @@ func (m *kubeGenericRuntimeManager) PullImage(image kubecontainer.ImageSpec, pul
// GetImageRef gets the reference (digest or ID) of the image which has already been in
// the local storage. It returns ("", nil) if the image isn't in the local storage.
func (m *kubeGenericRuntimeManager) GetImageRef(image kubecontainer.ImageSpec) (string, error) {
status, err := m.imageService.ImageStatus(&runtimeapi.ImageSpec{Image: &image.Image})
status, err := m.imageService.ImageStatus(&runtimeapi.ImageSpec{Image: image.Image})
if err != nil {
glog.Errorf("ImageStatus for image %q failed: %v", image, err)
return "", err
@@ -90,7 +90,7 @@ func (m *kubeGenericRuntimeManager) GetImageRef(image kubecontainer.ImageSpec) (
return "", nil
}
imageRef := status.GetId()
imageRef := status.Id
if len(status.RepoDigests) > 0 {
imageRef = status.RepoDigests[0]
}
@@ -109,8 +109,8 @@ func (m *kubeGenericRuntimeManager) ListImages() ([]kubecontainer.Image, error)
for _, img := range allImages {
images = append(images, kubecontainer.Image{
ID: img.GetId(),
Size: int64(img.GetSize_()),
ID: img.Id,
Size: int64(img.Size_),
RepoTags: img.RepoTags,
RepoDigests: img.RepoDigests,
})
@@ -121,7 +121,7 @@ func (m *kubeGenericRuntimeManager) ListImages() ([]kubecontainer.Image, error)
// RemoveImage removes the specified image.
func (m *kubeGenericRuntimeManager) RemoveImage(image kubecontainer.ImageSpec) error {
err := m.imageService.RemoveImage(&runtimeapi.ImageSpec{Image: &image.Image})
err := m.imageService.RemoveImage(&runtimeapi.ImageSpec{Image: image.Image})
if err != nil {
glog.Errorf("Remove image %q failed: %v", image.Image, err)
return err
@@ -142,7 +142,7 @@ func (m *kubeGenericRuntimeManager) ImageStats() (*kubecontainer.ImageStats, err
}
stats := &kubecontainer.ImageStats{}
for _, img := range allImages {
stats.TotalStorageBytes += img.GetSize_()
stats.TotalStorageBytes += img.Size_
}
return stats, nil
}

44
pkg/kubelet/kuberuntime/kuberuntime_manager.go
View File

@@ -156,18 +156,18 @@ func NewKubeGenericRuntimeManager(
// Only matching kubeRuntimeAPIVersion is supported now
// TODO: Runtime API machinery is under discussion at https://github.com/kubernetes/kubernetes/issues/28642
if typedVersion.GetVersion() != kubeRuntimeAPIVersion {
if typedVersion.Version != kubeRuntimeAPIVersion {
glog.Errorf("Runtime api version %s is not supported, only %s is supported now",
typedVersion.GetVersion(),
typedVersion.Version,
kubeRuntimeAPIVersion)
return nil, ErrVersionNotSupported
}
kubeRuntimeManager.runtimeName = typedVersion.GetRuntimeName()
kubeRuntimeManager.runtimeName = typedVersion.RuntimeName
glog.Infof("Container runtime %s initialized, version: %s, apiVersion: %s",
typedVersion.GetRuntimeName(),
typedVersion.GetRuntimeVersion(),
typedVersion.GetRuntimeApiVersion())
typedVersion.RuntimeName,
typedVersion.RuntimeVersion,
typedVersion.RuntimeApiVersion)
// If the container logs directory does not exist, create it.
// TODO: create podLogsRootDirectory at kubelet.go when kubelet is refactored to
@@ -224,7 +224,7 @@ func (m *kubeGenericRuntimeManager) Version() (kubecontainer.Version, error) {
return nil, err
}
return newRuntimeVersion(typedVersion.GetVersion())
return newRuntimeVersion(typedVersion.Version)
}
// APIVersion returns the cached API version information of the container
@@ -237,7 +237,7 @@ func (m *kubeGenericRuntimeManager) APIVersion() (kubecontainer.Version, error)
}
typedVersion := versionObject.(*runtimeapi.VersionResponse)
return newRuntimeVersion(typedVersion.GetRuntimeApiVersion())
return newRuntimeVersion(typedVersion.RuntimeApiVersion)
}
// Status returns the status of the runtime. An error is returned if the Status
@@ -265,12 +265,12 @@ func (m *kubeGenericRuntimeManager) GetPods(all bool) ([]*kubecontainer.Pod, err
glog.V(4).Infof("Sandbox does not have metadata: %+v", s)
continue
}
podUID := kubetypes.UID(s.Metadata.GetUid())
podUID := kubetypes.UID(s.Metadata.Uid)
if _, ok := pods[podUID]; !ok {
pods[podUID] = &kubecontainer.Pod{
ID: podUID,
Name: s.Metadata.GetName(),
Namespace: s.Metadata.GetNamespace(),
Name: s.Metadata.Name,
Namespace: s.Metadata.Namespace,
}
}
p := pods[podUID]
@@ -372,26 +372,26 @@ func (m *kubeGenericRuntimeManager) podSandboxChanged(pod *v1.Pod, podStatus *ku
readySandboxCount := 0
for _, s := range podStatus.SandboxStatuses {
if s.GetState() == runtimeapi.PodSandboxState_SANDBOX_READY {
if s.State == runtimeapi.PodSandboxState_SANDBOX_READY {
readySandboxCount++
}
}
// Needs to create a new sandbox when readySandboxCount > 1 or the ready sandbox is not the latest one.
sandboxStatus := podStatus.SandboxStatuses[0]
if readySandboxCount > 1 || sandboxStatus.GetState() != runtimeapi.PodSandboxState_SANDBOX_READY {
if readySandboxCount > 1 || sandboxStatus.State != runtimeapi.PodSandboxState_SANDBOX_READY {
glog.V(2).Infof("No ready sandbox for pod %q can be found. Need to start a new one", format.Pod(pod))
return true, sandboxStatus.Metadata.GetAttempt() + 1, sandboxStatus.GetId()
return true, sandboxStatus.Metadata.Attempt + 1, sandboxStatus.Id
}
// Needs to create a new sandbox when network namespace changed.
if sandboxStatus.Linux != nil && sandboxStatus.Linux.Namespaces.Options != nil &&
sandboxStatus.Linux.Namespaces.Options.GetHostNetwork() != kubecontainer.IsHostNetworkPod(pod) {
sandboxStatus.Linux.Namespaces.Options.HostNetwork != kubecontainer.IsHostNetworkPod(pod) {
glog.V(2).Infof("Sandbox for pod %q has changed. Need to start a new one", format.Pod(pod))
return true, sandboxStatus.Metadata.GetAttempt() + 1, ""
return true, sandboxStatus.Metadata.Attempt + 1, ""
}
return false, sandboxStatus.Metadata.GetAttempt(), sandboxStatus.GetId()
return false, sandboxStatus.Metadata.Attempt, sandboxStatus.Id
}
// checkAndKeepInitContainers keeps all successfully completed init containers. If there
@@ -794,10 +794,8 @@ func (m *kubeGenericRuntimeManager) isHostNetwork(podSandBoxID string, pod *v1.P
return false, err
}
if podStatus.Linux != nil && podStatus.Linux.Namespaces != nil && podStatus.Linux.Namespaces.Options != nil {
if podStatus.Linux.Namespaces.Options.HostNetwork != nil {
return podStatus.Linux.Namespaces.Options.GetHostNetwork(), nil
}
if nsOpts := podStatus.GetLinux().GetNamespaces().GetOptions(); nsOpts != nil {
return nsOpts.HostNetwork, nil
}
return false, nil
@@ -844,7 +842,7 @@ func (m *kubeGenericRuntimeManager) GetPodStatus(uid kubetypes.UID, name, namesp
sandboxStatuses[idx] = podSandboxStatus
// Only get pod IP from latest sandbox
if idx == 0 && podSandboxStatus.GetState() == runtimeapi.PodSandboxState_SANDBOX_READY {
if idx == 0 && podSandboxStatus.State == runtimeapi.PodSandboxState_SANDBOX_READY {
podIP = m.determinePodSandboxIP(namespace, name, podSandboxStatus)
}
}
@@ -900,7 +898,7 @@ func (m *kubeGenericRuntimeManager) UpdatePodCIDR(podCIDR string) error {
return m.runtimeService.UpdateRuntimeConfig(
&runtimeapi.RuntimeConfig{
NetworkConfig: &runtimeapi.NetworkConfig{
PodCidr: &podCIDR,
PodCidr: podCIDR,
},
})
}

44
pkg/kubelet/kuberuntime/kuberuntime_manager_test.go
View File

@@ -119,12 +119,12 @@ func makeFakePodSandbox(t *testing.T, m *kubeGenericRuntimeManager, template san
podSandboxID := apitest.BuildSandboxName(config.Metadata)
return &apitest.FakePodSandbox{
PodSandboxStatus: runtimeapi.PodSandboxStatus{
Id: &podSandboxID,
Id: podSandboxID,
Metadata: config.Metadata,
State: &template.state,
CreatedAt: &template.createdAt,
State: template.state,
CreatedAt: template.createdAt,
Network: &runtimeapi.PodSandboxNetworkStatus{
Ip: &apitest.FakePodSandboxIP,
Ip: apitest.FakePodSandboxIP,
},
Labels: config.Labels,
},
@@ -151,15 +151,15 @@ func makeFakeContainer(t *testing.T, m *kubeGenericRuntimeManager, template cont
podSandboxID := apitest.BuildSandboxName(sandboxConfig.Metadata)
containerID := apitest.BuildContainerName(containerConfig.Metadata, podSandboxID)
imageRef := containerConfig.Image.GetImage()
imageRef := containerConfig.Image.Image
return &apitest.FakeContainer{
ContainerStatus: runtimeapi.ContainerStatus{
Id: &containerID,
Id: containerID,
Metadata: containerConfig.Metadata,
Image: containerConfig.Image,
ImageRef: &imageRef,
CreatedAt: &template.createdAt,
State: &template.state,
ImageRef: imageRef,
CreatedAt: template.createdAt,
State: template.state,
Labels: containerConfig.Labels,
Annotations: containerConfig.Annotations,
},
@@ -223,7 +223,7 @@ func verifyPods(a, b []*kubecontainer.Pod) bool {
func verifyFakeContainerList(fakeRuntime *apitest.FakeRuntimeService, expected []string) ([]string, bool) {
actual := []string{}
for _, c := range fakeRuntime.Containers {
actual = append(actual, c.GetId())
actual = append(actual, c.Id)
}
sort.Sort(sort.StringSlice(actual))
sort.Sort(sort.StringSlice(expected))
@@ -411,7 +411,7 @@ func TestGetPodContainerID(t *testing.T) {
Sandboxes: []*kubecontainer.Container{sandbox},
}
actual, err := m.GetPodContainerID(expectedPod)
assert.Equal(t, fakeSandbox.GetId(), actual.ID)
assert.Equal(t, fakeSandbox.Id, actual.ID)
}
func TestGetNetNS(t *testing.T) {
@@ -441,7 +441,7 @@ func TestGetNetNS(t *testing.T) {
// Set fake sandbox and fake containers to fakeRuntime.
sandbox, _ := makeAndSetFakePod(t, m, fakeRuntime, pod)
actual, err := m.GetNetNS(kubecontainer.ContainerID{ID: sandbox.GetId()})
actual, err := m.GetNetNS(kubecontainer.ContainerID{ID: sandbox.Id})
assert.Equal(t, "", actual)
assert.Equal(t, "not supported", err.Error())
}
@@ -498,7 +498,7 @@ func TestKillPod(t *testing.T) {
Sandboxes: []*kubecontainer.Container{
{
ID: kubecontainer.ContainerID{
ID: fakeSandbox.GetId(),
ID: fakeSandbox.Id,
Type: apitest.FakeRuntimeName,
},
},
@@ -510,10 +510,10 @@ func TestKillPod(t *testing.T) {
assert.Equal(t, 2, len(fakeRuntime.Containers))
assert.Equal(t, 1, len(fakeRuntime.Sandboxes))
for _, sandbox := range fakeRuntime.Sandboxes {
assert.Equal(t, runtimeapi.PodSandboxState_SANDBOX_NOTREADY, sandbox.GetState())
assert.Equal(t, runtimeapi.PodSandboxState_SANDBOX_NOTREADY, sandbox.State)
}
for _, c := range fakeRuntime.Containers {
assert.Equal(t, runtimeapi.ContainerState_CONTAINER_EXITED, c.GetState())
assert.Equal(t, runtimeapi.ContainerState_CONTAINER_EXITED, c.State)
}
}
@@ -551,10 +551,10 @@ func TestSyncPod(t *testing.T) {
assert.Equal(t, 2, len(fakeImage.Images))
assert.Equal(t, 1, len(fakeRuntime.Sandboxes))
for _, sandbox := range fakeRuntime.Sandboxes {
assert.Equal(t, runtimeapi.PodSandboxState_SANDBOX_READY, sandbox.GetState())
assert.Equal(t, runtimeapi.PodSandboxState_SANDBOX_READY, sandbox.State)
}
for _, c := range fakeRuntime.Containers {
assert.Equal(t, runtimeapi.ContainerState_CONTAINER_RUNNING, c.GetState())
assert.Equal(t, runtimeapi.ContainerState_CONTAINER_RUNNING, c.State)
}
}
@@ -589,7 +589,7 @@ func TestPruneInitContainers(t *testing.T) {
keep := map[kubecontainer.ContainerID]int{}
m.pruneInitContainersBeforeStart(pod, podStatus, keep)
expectedContainers := []string{fakes[0].GetId(), fakes[2].GetId()}
expectedContainers := []string{fakes[0].Id, fakes[2].Id}
if actual, ok := verifyFakeContainerList(fakeRuntime, expectedContainers); !ok {
t.Errorf("expected %q, got %q", expectedContainers, actual)
}
@@ -635,11 +635,11 @@ func TestSyncPodWithInitContainers(t *testing.T) {
buildContainerID := func(pod *v1.Pod, container v1.Container) string {
uid := string(pod.UID)
sandboxID := apitest.BuildSandboxName(&runtimeapi.PodSandboxMetadata{
Name: &pod.Name,
Uid: &uid,
Namespace: &pod.Namespace,
Name: pod.Name,
Uid: uid,
Namespace: pod.Namespace,
})
return apitest.BuildContainerName(&runtimeapi.ContainerMetadata{Name: &container.Name}, sandboxID)
return apitest.BuildContainerName(&runtimeapi.ContainerMetadata{Name: container.Name}, sandboxID)
}
backOff := flowcontrol.NewBackOff(time.Second, time.Minute)

74
pkg/kubelet/kuberuntime/kuberuntime_sandbox.go
View File

@@ -41,7 +41,7 @@ func (m *kubeGenericRuntimeManager) createPodSandbox(pod *v1.Pod, attempt uint32
}
// Create pod logs directory
err = m.osInterface.MkdirAll(podSandboxConfig.GetLogDirectory(), 0755)
err = m.osInterface.MkdirAll(podSandboxConfig.LogDirectory, 0755)
if err != nil {
message := fmt.Sprintf("Create pod log directory for pod %q failed: %v", format.Pod(pod), err)
glog.Errorf(message)
@@ -65,10 +65,10 @@ func (m *kubeGenericRuntimeManager) generatePodSandboxConfig(pod *v1.Pod, attemp
podUID := string(pod.UID)
podSandboxConfig := &runtimeapi.PodSandboxConfig{
Metadata: &runtimeapi.PodSandboxMetadata{
Name: &pod.Name,
Namespace: &pod.Namespace,
Uid: &podUID,
Attempt: &attempt,
Name: pod.Name,
Namespace: pod.Namespace,
Uid: podUID,
Attempt: attempt,
},
Labels: newPodLabels(pod),
Annotations: newPodAnnotations(pod),
@@ -89,11 +89,11 @@ func (m *kubeGenericRuntimeManager) generatePodSandboxConfig(pod *v1.Pod, attemp
if err != nil {
return nil, err
}
podSandboxConfig.Hostname = &hostname
podSandboxConfig.Hostname = hostname
}
logDir := buildPodLogsDirectory(pod.UID)
podSandboxConfig.LogDirectory = &logDir
podSandboxConfig.LogDirectory = logDir
cgroupParent := ""
portMappings := []*runtimeapi.PortMapping{}
@@ -110,10 +110,10 @@ func (m *kubeGenericRuntimeManager) generatePodSandboxConfig(pod *v1.Pod, attemp
containerPort := int32(port.ContainerPort)
protocol := toRuntimeProtocol(port.Protocol)
portMappings = append(portMappings, &runtimeapi.PortMapping{
HostIp: &port.HostIP,
HostPort: &hostPort,
ContainerPort: &containerPort,
Protocol: &protocol,
HostIp: port.HostIP,
HostPort: hostPort,
ContainerPort: containerPort,
Protocol: protocol,
})
}
@@ -131,20 +131,21 @@ func (m *kubeGenericRuntimeManager) generatePodSandboxConfig(pod *v1.Pod, attemp
// generatePodSandboxLinuxConfig generates LinuxPodSandboxConfig from v1.Pod.
func (m *kubeGenericRuntimeManager) generatePodSandboxLinuxConfig(pod *v1.Pod, cgroupParent string) *runtimeapi.LinuxPodSandboxConfig {
lc := &runtimeapi.LinuxPodSandboxConfig{
SecurityContext: &runtimeapi.LinuxSandboxSecurityContext{},
}
if cgroupParent != "" {
lc.CgroupParent = &cgroupParent
CgroupParent: cgroupParent,
SecurityContext: &runtimeapi.LinuxSandboxSecurityContext{
Privileged: kubecontainer.HasPrivilegedContainer(pod),
},
}
if pod.Spec.SecurityContext != nil {
sc := pod.Spec.SecurityContext
lc.SecurityContext.RunAsUser = sc.RunAsUser
if sc.RunAsUser != nil {
lc.SecurityContext.RunAsUser = &runtimeapi.Int64Value{Value: *sc.RunAsUser}
}
lc.SecurityContext.NamespaceOptions = &runtimeapi.NamespaceOption{
HostNetwork: &pod.Spec.HostNetwork,
HostIpc: &pod.Spec.HostIPC,
HostPid: &pod.Spec.HostPID,
HostNetwork: pod.Spec.HostNetwork,
HostIpc: pod.Spec.HostIPC,
HostPid: pod.Spec.HostPID,
}
if sc.FSGroup != nil {
@@ -158,19 +159,14 @@ func (m *kubeGenericRuntimeManager) generatePodSandboxLinuxConfig(pod *v1.Pod, c
}
if sc.SELinuxOptions != nil {
lc.SecurityContext.SelinuxOptions = &runtimeapi.SELinuxOption{
User: &sc.SELinuxOptions.User,
Role: &sc.SELinuxOptions.Role,
Type: &sc.SELinuxOptions.Type,
Level: &sc.SELinuxOptions.Level,
User: sc.SELinuxOptions.User,
Role: sc.SELinuxOptions.Role,
Type: sc.SELinuxOptions.Type,
Level: sc.SELinuxOptions.Level,
}
}
}
if kubecontainer.HasPrivilegedContainer(pod) {
privileged := true
lc.SecurityContext.Privileged = &privileged
}
return lc
}
@@ -180,7 +176,9 @@ func (m *kubeGenericRuntimeManager) getKubeletSandboxes(all bool) ([]*runtimeapi
if !all {
readyState := runtimeapi.PodSandboxState_SANDBOX_READY
filter = &runtimeapi.PodSandboxFilter{
State: &readyState,
State: &runtimeapi.PodSandboxStateValue{
State: readyState,
},
}
}
@@ -194,7 +192,7 @@ func (m *kubeGenericRuntimeManager) getKubeletSandboxes(all bool) ([]*runtimeapi
for _, s := range resp {
if !isManagedByKubelet(s.Labels) {
glog.V(5).Infof("Sandbox %s is not managed by kubelet", kubecontainer.BuildPodFullName(
s.Metadata.GetName(), s.Metadata.GetNamespace()))
s.Metadata.Name, s.Metadata.Namespace))
continue
}
@@ -210,7 +208,7 @@ func (m *kubeGenericRuntimeManager) determinePodSandboxIP(podNamespace, podName
glog.Warningf("Pod Sandbox status doesn't have network information, cannot report IP")
return ""
}
ip := podSandbox.Network.GetIp()
ip := podSandbox.Network.Ip
if net.ParseIP(ip) == nil {
glog.Warningf("Pod Sandbox reported an unparseable IP %v", ip)
return ""
@@ -222,9 +220,13 @@ func (m *kubeGenericRuntimeManager) determinePodSandboxIP(podNamespace, podName
// Param state could be nil in order to get all sandboxes belonging to same pod.
func (m *kubeGenericRuntimeManager) getSandboxIDByPodUID(podUID kubetypes.UID, state *runtimeapi.PodSandboxState) ([]string, error) {
filter := &runtimeapi.PodSandboxFilter{
State: state,
LabelSelector: map[string]string{types.KubernetesPodUIDLabel: string(podUID)},
}
if state != nil {
filter.State = &runtimeapi.PodSandboxStateValue{
State: *state,
}
}
sandboxes, err := m.runtimeService.ListPodSandbox(filter)
if err != nil {
glog.Errorf("ListPodSandbox with pod UID %q failed: %v", podUID, err)
@@ -239,7 +241,7 @@ func (m *kubeGenericRuntimeManager) getSandboxIDByPodUID(podUID kubetypes.UID, s
sandboxIDs := make([]string, len(sandboxes))
sort.Sort(podSandboxByCreated(sandboxes))
for i, s := range sandboxes {
sandboxIDs[i] = s.GetId()
sandboxIDs[i] = s.Id
}
return sandboxIDs, nil
@@ -256,11 +258,11 @@ func (m *kubeGenericRuntimeManager) GetPortForward(podName, podNamespace string,
}
// TODO: Port is unused for now, but we may need it in the future.
req := &runtimeapi.PortForwardRequest{
PodSandboxId: &sandboxIDs[0],
PodSandboxId: sandboxIDs[0],
}
resp, err := m.runtimeService.PortForward(req)
if err != nil {
return nil, err
}
return url.Parse(resp.GetUrl())
return url.Parse(resp.Url)
}

2
pkg/kubelet/kuberuntime/kuberuntime_sandbox_test.go
View File

@@ -58,7 +58,7 @@ func TestCreatePodSandbox(t *testing.T) {
id, _, err := m.createPodSandbox(pod, 1)
assert.NoError(t, err)
fakeRuntime.AssertCalls([]string{"RunPodSandbox"})
sandboxes, err := fakeRuntime.ListPodSandbox(&runtimeapi.PodSandboxFilter{Id: &id})
sandboxes, err := fakeRuntime.ListPodSandbox(&runtimeapi.PodSandboxFilter{Id: id})
assert.NoError(t, err)
assert.Equal(t, len(sandboxes), 1)
// TODO Check pod sandbox configuration

36
pkg/kubelet/kuberuntime/security_context.go
View File

@@ -25,7 +25,7 @@ import (
)
// determineEffectiveSecurityContext gets container's security context from v1.Pod and v1.Container.
func (m *kubeGenericRuntimeManager) determineEffectiveSecurityContext(pod *v1.Pod, container *v1.Container, uid *int64, username *string) *runtimeapi.LinuxContainerSecurityContext {
func (m *kubeGenericRuntimeManager) determineEffectiveSecurityContext(pod *v1.Pod, container *v1.Container, uid *int64, username string) *runtimeapi.LinuxContainerSecurityContext {
effectiveSc := securitycontext.DetermineEffectiveSecurityContext(pod, container)
synthesized := convertToRuntimeSecurityContext(effectiveSc)
if synthesized == nil {
@@ -34,7 +34,9 @@ func (m *kubeGenericRuntimeManager) determineEffectiveSecurityContext(pod *v1.Po
// set RunAsUser.
if synthesized.RunAsUser == nil {
synthesized.RunAsUser = uid
if uid != nil {
synthesized.RunAsUser = &runtimeapi.Int64Value{Value: *uid}
}
synthesized.RunAsUsername = username
}
@@ -44,9 +46,9 @@ func (m *kubeGenericRuntimeManager) determineEffectiveSecurityContext(pod *v1.Po
return synthesized
}
synthesized.NamespaceOptions = &runtimeapi.NamespaceOption{
HostNetwork: &pod.Spec.HostNetwork,
HostIpc: &pod.Spec.HostIPC,
HostPid: &pod.Spec.HostPID,
HostNetwork: pod.Spec.HostNetwork,
HostIpc: pod.Spec.HostIPC,
HostPid: pod.Spec.HostPID,
}
if podSc.FSGroup != nil {
synthesized.SupplementalGroups = append(synthesized.SupplementalGroups, *podSc.FSGroup)
@@ -88,13 +90,21 @@ func convertToRuntimeSecurityContext(securityContext *v1.SecurityContext) *runti
return nil
}
return &runtimeapi.LinuxContainerSecurityContext{
RunAsUser: securityContext.RunAsUser,
Privileged: securityContext.Privileged,
ReadonlyRootfs: securityContext.ReadOnlyRootFilesystem,
sc := &runtimeapi.LinuxContainerSecurityContext{
Capabilities: convertToRuntimeCapabilities(securityContext.Capabilities),
SelinuxOptions: convertToRuntimeSELinuxOption(securityContext.SELinuxOptions),
}
if securityContext.RunAsUser != nil {
sc.RunAsUser = &runtimeapi.Int64Value{Value: *securityContext.RunAsUser}
}
if securityContext.Privileged != nil {
sc.Privileged = *securityContext.Privileged
}
if securityContext.ReadOnlyRootFilesystem != nil {
sc.ReadonlyRootfs = *securityContext.ReadOnlyRootFilesystem
}
return sc
}
// convertToRuntimeSELinuxOption converts v1.SELinuxOptions to runtimeapi.SELinuxOption.
@@ -104,10 +114,10 @@ func convertToRuntimeSELinuxOption(opts *v1.SELinuxOptions) *runtimeapi.SELinuxO
}
return &runtimeapi.SELinuxOption{
User: &opts.User,
Role: &opts.Role,
Type: &opts.Type,
Level: &opts.Level,
User: opts.User,
Role: opts.Role,
Type: opts.Type,
Level: opts.Level,
}
}

8
pkg/kubelet/remote/remote_image.go
View File

@@ -71,7 +71,7 @@ func (r *RemoteImageService) ImageStatus(image *runtimeapi.ImageSpec) (*runtimea
Image: image,
})
if err != nil {
glog.Errorf("ImageStatus %q from image service failed: %v", image.GetImage(), err)
glog.Errorf("ImageStatus %q from image service failed: %v", image.Image, err)
return nil, err
}
@@ -88,11 +88,11 @@ func (r *RemoteImageService) PullImage(image *runtimeapi.ImageSpec, auth *runtim
Auth: auth,
})
if err != nil {
glog.Errorf("PullImage %q from image service failed: %v", image.GetImage(), err)
glog.Errorf("PullImage %q from image service failed: %v", image.Image, err)
return "", err
}
return resp.GetImageRef(), nil
return resp.ImageRef, nil
}
// RemoveImage removes the image.
@@ -104,7 +104,7 @@ func (r *RemoteImageService) RemoveImage(image *runtimeapi.ImageSpec) error {
Image: image,
})
if err != nil {
glog.Errorf("RemoveImage %q from image service failed: %v", image.GetImage(), err)
glog.Errorf("RemoveImage %q from image service failed: %v", image.Image, err)
return err
}

42
pkg/kubelet/remote/remote_runtime.go
View File

@@ -55,7 +55,7 @@ func (r *RemoteRuntimeService) Version(apiVersion string) (*runtimeapi.VersionRe
defer cancel()
typedVersion, err := r.runtimeClient.Version(ctx, &runtimeapi.VersionRequest{
Version: &apiVersion,
Version: apiVersion,
})
if err != nil {
glog.Errorf("Version from runtime service failed: %v", err)
@@ -79,7 +79,7 @@ func (r *RemoteRuntimeService) RunPodSandbox(config *runtimeapi.PodSandboxConfig
return "", err
}
return resp.GetPodSandboxId(), nil
return resp.PodSandboxId, nil
}
// StopPodSandbox stops the sandbox. If there are any running containers in the
@@ -89,7 +89,7 @@ func (r *RemoteRuntimeService) StopPodSandbox(podSandBoxID string) error {
defer cancel()
_, err := r.runtimeClient.StopPodSandbox(ctx, &runtimeapi.StopPodSandboxRequest{
PodSandboxId: &podSandBoxID,
PodSandboxId: podSandBoxID,
})
if err != nil {
glog.Errorf("StopPodSandbox %q from runtime service failed: %v", podSandBoxID, err)
@@ -106,7 +106,7 @@ func (r *RemoteRuntimeService) RemovePodSandbox(podSandBoxID string) error {
defer cancel()
_, err := r.runtimeClient.RemovePodSandbox(ctx, &runtimeapi.RemovePodSandboxRequest{
PodSandboxId: &podSandBoxID,
PodSandboxId: podSandBoxID,
})
if err != nil {
glog.Errorf("RemovePodSandbox %q from runtime service failed: %v", podSandBoxID, err)
@@ -122,7 +122,7 @@ func (r *RemoteRuntimeService) PodSandboxStatus(podSandBoxID string) (*runtimeap
defer cancel()
resp, err := r.runtimeClient.PodSandboxStatus(ctx, &runtimeapi.PodSandboxStatusRequest{
PodSandboxId: &podSandBoxID,
PodSandboxId: podSandBoxID,
})
if err != nil {
glog.Errorf("PodSandboxStatus %q from runtime service failed: %v", podSandBoxID, err)
@@ -154,7 +154,7 @@ func (r *RemoteRuntimeService) CreateContainer(podSandBoxID string, config *runt
defer cancel()
resp, err := r.runtimeClient.CreateContainer(ctx, &runtimeapi.CreateContainerRequest{
PodSandboxId: &podSandBoxID,
PodSandboxId: podSandBoxID,
Config: config,
SandboxConfig: sandboxConfig,
})
@@ -163,7 +163,7 @@ func (r *RemoteRuntimeService) CreateContainer(podSandBoxID string, config *runt
return "", err
}
return resp.GetContainerId(), nil
return resp.ContainerId, nil
}
// StartContainer starts the container.
@@ -172,7 +172,7 @@ func (r *RemoteRuntimeService) StartContainer(containerID string) error {
defer cancel()
_, err := r.runtimeClient.StartContainer(ctx, &runtimeapi.StartContainerRequest{
ContainerId: &containerID,
ContainerId: containerID,
})
if err != nil {
glog.Errorf("StartContainer %q from runtime service failed: %v", containerID, err)
@@ -188,8 +188,8 @@ func (r *RemoteRuntimeService) StopContainer(containerID string, timeout int64)
defer cancel()
_, err := r.runtimeClient.StopContainer(ctx, &runtimeapi.StopContainerRequest{
ContainerId: &containerID,
Timeout: &timeout,
ContainerId: containerID,
Timeout: timeout,
})
if err != nil {
glog.Errorf("StopContainer %q from runtime service failed: %v", containerID, err)
@@ -206,7 +206,7 @@ func (r *RemoteRuntimeService) RemoveContainer(containerID string) error {
defer cancel()
_, err := r.runtimeClient.RemoveContainer(ctx, &runtimeapi.RemoveContainerRequest{
ContainerId: &containerID,
ContainerId: containerID,
})
if err != nil {
glog.Errorf("RemoveContainer %q from runtime service failed: %v", containerID, err)
@@ -238,7 +238,7 @@ func (r *RemoteRuntimeService) ContainerStatus(containerID string) (*runtimeapi.
defer cancel()
resp, err := r.runtimeClient.ContainerStatus(ctx, &runtimeapi.ContainerStatusRequest{
ContainerId: &containerID,
ContainerId: containerID,
})
if err != nil {
glog.Errorf("ContainerStatus %q from runtime service failed: %v", containerID, err)
@@ -256,9 +256,9 @@ func (r *RemoteRuntimeService) ExecSync(containerID string, cmd []string, timeou
timeoutSeconds := int64(timeout.Seconds())
req := &runtimeapi.ExecSyncRequest{
ContainerId: &containerID,
ContainerId: containerID,
Cmd: cmd,
Timeout: &timeoutSeconds,
Timeout: timeoutSeconds,
}
resp, err := r.runtimeClient.ExecSync(ctx, req)
if err != nil {
@@ -267,14 +267,14 @@ func (r *RemoteRuntimeService) ExecSync(containerID string, cmd []string, timeou
}
err = nil
if resp.GetExitCode() != 0 {
if resp.ExitCode != 0 {
err = utilexec.CodeExitError{
Err: fmt.Errorf("command '%s' exited with %d: %s", strings.Join(cmd, " "), resp.GetExitCode(), resp.GetStderr()),
Code: int(resp.GetExitCode()),
Err: fmt.Errorf("command '%s' exited with %d: %s", strings.Join(cmd, " "), resp.ExitCode, resp.Stderr),
Code: int(resp.ExitCode),
}
}
return resp.GetStdout(), resp.GetStderr(), err
return resp.Stdout, resp.Stderr, err
}
// Exec prepares a streaming endpoint to execute a command in the container, and returns the address.
@@ -284,7 +284,7 @@ func (r *RemoteRuntimeService) Exec(req *runtimeapi.ExecRequest) (*runtimeapi.Ex
resp, err := r.runtimeClient.Exec(ctx, req)
if err != nil {
glog.Errorf("Exec %s '%s' from runtime service failed: %v", req.GetContainerId(), strings.Join(req.GetCmd(), " "), err)
glog.Errorf("Exec %s '%s' from runtime service failed: %v", req.ContainerId, strings.Join(req.Cmd, " "), err)
return nil, err
}
@@ -298,7 +298,7 @@ func (r *RemoteRuntimeService) Attach(req *runtimeapi.AttachRequest) (*runtimeap
resp, err := r.runtimeClient.Attach(ctx, req)
if err != nil {
glog.Errorf("Attach %s from runtime service failed: %v", req.GetContainerId(), err)
glog.Errorf("Attach %s from runtime service failed: %v", req.ContainerId, err)
return nil, err
}
@@ -312,7 +312,7 @@ func (r *RemoteRuntimeService) PortForward(req *runtimeapi.PortForwardRequest) (
resp, err := r.runtimeClient.PortForward(ctx, req)
if err != nil {
glog.Errorf("PortForward %s from runtime service failed: %v", req.GetPodSandboxId(), err)
glog.Errorf("PortForward %s from runtime service failed: %v", req.PodSandboxId, err)
return nil, err
}

18
pkg/kubelet/rktshim/fake-app-interface.go
View File

@@ -90,16 +90,14 @@ type fakeContainer struct {
func (c *fakeContainer) Start() {
c.State = runtimeapi.ContainerState_CONTAINER_RUNNING
c.Status.State = &c.State
c.Status.State = c.State
}
func (c *fakeContainer) Stop() {
c.State = runtimeapi.ContainerState_CONTAINER_EXITED
c.Status.State = &c.State
exitSuccess := int32(0)
c.Status.ExitCode = &exitSuccess
c.Status.State = c.State
c.Status.ExitCode = 0
// c.Status.Reason
}
@@ -191,7 +189,7 @@ func (r *FakeRuntime) ListContainers(*runtimeapi.ContainerFilter) ([]*runtimeapi
Metadata: c.Config.Metadata,
Labels: c.Config.Labels,
ImageRef: c.Status.ImageRef,
State: &c.State,
State: c.State,
})
}
@@ -226,15 +224,15 @@ func (r *FakeRuntime) ExecSync(containerID string, cmd []string, timeout time.Du
}
func (r *FakeRuntime) Exec(req *runtimeapi.ExecRequest) (*runtimeapi.ExecResponse, error) {
url := "http://" + FakeStreamingHost + ":" + FakeStreamingPort + "/exec/" + req.GetContainerId()
url := "http://" + FakeStreamingHost + ":" + FakeStreamingPort + "/exec/" + req.ContainerId
return &runtimeapi.ExecResponse{
Url: &url,
Url: url,
}, nil
}
func (r *FakeRuntime) Attach(req *runtimeapi.AttachRequest) (*runtimeapi.AttachResponse, error) {
url := "http://" + FakeStreamingHost + ":" + FakeStreamingPort + "/attach/" + req.GetContainerId()
url := "http://" + FakeStreamingHost + ":" + FakeStreamingPort + "/attach/" + req.ContainerId
return &runtimeapi.AttachResponse{
Url: &url,
Url: url,
}, nil
}

10
pkg/kubelet/rktshim/imagestore_test.go
View File

@@ -63,19 +63,19 @@ var (
var testImgSpecs = map[string]imageTestCase{
"non-existent-image": {
&runtimeapi.ImageSpec{
Image: &gibberishStr,
Image: gibberishStr,
},
nil,
},
"busybox": {
&runtimeapi.ImageSpec{
Image: &busyboxStr,
Image: busyboxStr,
},
&runtimeapi.Image{
Id: nil,
Id: "",
RepoTags: []string{},
RepoDigests: []string{},
Size_: nil,
Size_: 0,
},
},
}
@@ -201,7 +201,7 @@ func TestListsImages(t *testing.T) {
}
for _, img := range imgs {
expectedImg := *testImgSpecs[*img.Id].ExpectedStatus
expectedImg := *testImgSpecs[img.Id].ExpectedStatus
if err := compareContainerImages(img, expectedImg); err != nil {
t.Errorf("rktshim.ImageStore.List() for %q, %v", img.Id, err)

31
pkg/kubelet/server/streaming/server.go
View File

@@ -146,7 +146,7 @@ type server struct {
}
func (s *server) GetExec(req *runtimeapi.ExecRequest) (*runtimeapi.ExecResponse, error) {
if req.GetContainerId() == "" {
if req.ContainerId == "" {
return nil, grpc.Errorf(codes.InvalidArgument, "missing required container_id")
}
token, err := s.cache.Insert(req)
@@ -159,7 +159,7 @@ func (s *server) GetExec(req *runtimeapi.ExecRequest) (*runtimeapi.ExecResponse,
}
func (s *server) GetAttach(req *runtimeapi.AttachRequest) (*runtimeapi.AttachResponse, error) {
if req.GetContainerId() == "" {
if req.ContainerId == "" {
return nil, grpc.Errorf(codes.InvalidArgument, "missing required container_id")
}
token, err := s.cache.Insert(req)
@@ -172,7 +172,7 @@ func (s *server) GetAttach(req *runtimeapi.AttachRequest) (*runtimeapi.AttachRes
}
func (s *server) GetPortForward(req *runtimeapi.PortForwardRequest) (*runtimeapi.PortForwardResponse, error) {
if req.GetPodSandboxId() == "" {
if req.PodSandboxId == "" {
return nil, grpc.Errorf(codes.InvalidArgument, "missing required pod_sandbox_id")
}
token, err := s.cache.Insert(req)
@@ -211,11 +211,10 @@ func (s *server) ServeHTTP(w http.ResponseWriter, r *http.Request) {
s.handler.ServeHTTP(w, r)
}
func (s *server) buildURL(method, token string) *string {
loc := s.config.BaseURL.ResolveReference(&url.URL{
func (s *server) buildURL(method, token string) string {
return s.config.BaseURL.ResolveReference(&url.URL{
Path: path.Join(method, token),
}).String()
return &loc
}
func (s *server) serveExec(req *restful.Request, resp *restful.Response) {
@@ -232,10 +231,10 @@ func (s *server) serveExec(req *restful.Request, resp *restful.Response) {
}
streamOpts := &remotecommand.Options{
Stdin: exec.GetStdin(),
Stdin: exec.Stdin,
Stdout: true,
Stderr: !exec.GetTty(),
TTY: exec.GetTty(),
Stderr: !exec.Tty,
TTY: exec.Tty,
}
remotecommand.ServeExec(
@@ -244,8 +243,8 @@ func (s *server) serveExec(req *restful.Request, resp *restful.Response) {
s.runtime,
"", // unused: podName
"", // unusued: podUID
exec.GetContainerId(),
exec.GetCmd(),
exec.ContainerId,
exec.Cmd,
streamOpts,
s.config.StreamIdleTimeout,
s.config.StreamCreationTimeout,
@@ -266,10 +265,10 @@ func (s *server) serveAttach(req *restful.Request, resp *restful.Response) {
}
streamOpts := &remotecommand.Options{
Stdin: attach.GetStdin(),
Stdin: attach.Stdin,
Stdout: true,
Stderr: !attach.GetTty(),
TTY: attach.GetTty(),
Stderr: !attach.Tty,
TTY: attach.Tty,
}
remotecommand.ServeAttach(
resp.ResponseWriter,
@@ -277,7 +276,7 @@ func (s *server) serveAttach(req *restful.Request, resp *restful.Response) {
s.runtime,
"", // unused: podName
"", // unusued: podUID
attach.GetContainerId(),
attach.ContainerId,
streamOpts,
s.config.StreamIdleTimeout,
s.config.StreamCreationTimeout,
@@ -301,7 +300,7 @@ func (s *server) servePortForward(req *restful.Request, resp *restful.Response)
resp.ResponseWriter,
req.Request,
s.runtime,
pf.GetPodSandboxId(),
pf.PodSandboxId,
"", // unused: podUID
s.config.StreamIdleTimeout,
s.config.StreamCreationTimeout)

77
pkg/kubelet/server/streaming/server_test.go
View File

@@ -82,25 +82,25 @@ func TestGetExec(t *testing.T) {
assertRequestToken := func(test testcase, cache *requestCache, token string) {
req, ok := cache.Consume(token)
require.True(t, ok, "token %s not found! testcase=%+v", token, test)
assert.Equal(t, testContainerID, req.(*runtimeapi.ExecRequest).GetContainerId(), "testcase=%+v", test)
assert.Equal(t, test.cmd, req.(*runtimeapi.ExecRequest).GetCmd(), "testcase=%+v", test)
assert.Equal(t, test.tty, req.(*runtimeapi.ExecRequest).GetTty(), "testcase=%+v", test)
assert.Equal(t, test.stdin, req.(*runtimeapi.ExecRequest).GetStdin(), "testcase=%+v", test)
assert.Equal(t, testContainerID, req.(*runtimeapi.ExecRequest).ContainerId, "testcase=%+v", test)
assert.Equal(t, test.cmd, req.(*runtimeapi.ExecRequest).Cmd, "testcase=%+v", test)
assert.Equal(t, test.tty, req.(*runtimeapi.ExecRequest).Tty, "testcase=%+v", test)
assert.Equal(t, test.stdin, req.(*runtimeapi.ExecRequest).Stdin, "testcase=%+v", test)
}
containerID := testContainerID
for _, test := range testcases {
request := &runtimeapi.ExecRequest{
ContainerId: &containerID,
ContainerId: containerID,
Cmd: test.cmd,
Tty: &test.tty,
Stdin: &test.stdin,
Tty: test.tty,
Stdin: test.stdin,
}
{ // Non-TLS
resp, err := serv.GetExec(request)
assert.NoError(t, err, "testcase=%+v", test)
expectedURL := "http://" + testAddr + "/exec/"
assert.Contains(t, resp.GetUrl(), expectedURL, "testcase=%+v", test)
token := strings.TrimPrefix(resp.GetUrl(), expectedURL)
assert.Contains(t, resp.Url, expectedURL, "testcase=%+v", test)
token := strings.TrimPrefix(resp.Url, expectedURL)
assertRequestToken(test, serv.(*server).cache, token)
}
@@ -108,8 +108,8 @@ func TestGetExec(t *testing.T) {
resp, err := tlsServer.GetExec(request)
assert.NoError(t, err, "testcase=%+v", test)
expectedURL := "https://" + testAddr + "/exec/"
assert.Contains(t, resp.GetUrl(), expectedURL, "testcase=%+v", test)
token := strings.TrimPrefix(resp.GetUrl(), expectedURL)
assert.Contains(t, resp.Url, expectedURL, "testcase=%+v", test)
token := strings.TrimPrefix(resp.Url, expectedURL)
assertRequestToken(test, tlsServer.(*server).cache, token)
}
@@ -117,8 +117,8 @@ func TestGetExec(t *testing.T) {
resp, err := prefixServer.GetExec(request)
assert.NoError(t, err, "testcase=%+v", test)
expectedURL := "http://" + testAddr + "/" + pathPrefix + "/exec/"
assert.Contains(t, resp.GetUrl(), expectedURL, "testcase=%+v", test)
token := strings.TrimPrefix(resp.GetUrl(), expectedURL)
assert.Contains(t, resp.Url, expectedURL, "testcase=%+v", test)
token := strings.TrimPrefix(resp.Url, expectedURL)
assertRequestToken(test, prefixServer.(*server).cache, token)
}
}
@@ -149,23 +149,23 @@ func TestGetAttach(t *testing.T) {
assertRequestToken := func(test testcase, cache *requestCache, token string) {
req, ok := cache.Consume(token)
require.True(t, ok, "token %s not found! testcase=%+v", token, test)
assert.Equal(t, testContainerID, req.(*runtimeapi.AttachRequest).GetContainerId(), "testcase=%+v", test)
assert.Equal(t, test.tty, req.(*runtimeapi.AttachRequest).GetTty(), "testcase=%+v", test)
assert.Equal(t, test.stdin, req.(*runtimeapi.AttachRequest).GetStdin(), "testcase=%+v", test)
assert.Equal(t, testContainerID, req.(*runtimeapi.AttachRequest).ContainerId, "testcase=%+v", test)
assert.Equal(t, test.tty, req.(*runtimeapi.AttachRequest).Tty, "testcase=%+v", test)
assert.Equal(t, test.stdin, req.(*runtimeapi.AttachRequest).Stdin, "testcase=%+v", test)
}
containerID := testContainerID
for _, test := range testcases {
request := &runtimeapi.AttachRequest{
ContainerId: &containerID,
Stdin: &test.stdin,
Tty: &test.tty,
ContainerId: containerID,
Stdin: test.stdin,
Tty: test.tty,
}
{ // Non-TLS
resp, err := serv.GetAttach(request)
assert.NoError(t, err, "testcase=%+v", test)
expectedURL := "http://" + testAddr + "/attach/"
assert.Contains(t, resp.GetUrl(), expectedURL, "testcase=%+v", test)
token := strings.TrimPrefix(resp.GetUrl(), expectedURL)
assert.Contains(t, resp.Url, expectedURL, "testcase=%+v", test)
token := strings.TrimPrefix(resp.Url, expectedURL)
assertRequestToken(test, serv.(*server).cache, token)
}
@@ -173,8 +173,8 @@ func TestGetAttach(t *testing.T) {
resp, err := tlsServer.GetAttach(request)
assert.NoError(t, err, "testcase=%+v", test)
expectedURL := "https://" + testAddr + "/attach/"
assert.Contains(t, resp.GetUrl(), expectedURL, "testcase=%+v", test)
token := strings.TrimPrefix(resp.GetUrl(), expectedURL)
assert.Contains(t, resp.Url, expectedURL, "testcase=%+v", test)
token := strings.TrimPrefix(resp.Url, expectedURL)
assertRequestToken(test, tlsServer.(*server).cache, token)
}
}
@@ -183,7 +183,7 @@ func TestGetAttach(t *testing.T) {
func TestGetPortForward(t *testing.T) {
podSandboxID := testPodSandboxID
request := &runtimeapi.PortForwardRequest{
PodSandboxId: &podSandboxID,
PodSandboxId: podSandboxID,
Port: []int32{1, 2, 3, 4},
}
@@ -195,11 +195,11 @@ func TestGetPortForward(t *testing.T) {
resp, err := serv.GetPortForward(request)
assert.NoError(t, err)
expectedURL := "http://" + testAddr + "/portforward/"
assert.True(t, strings.HasPrefix(resp.GetUrl(), expectedURL))
token := strings.TrimPrefix(resp.GetUrl(), expectedURL)
assert.True(t, strings.HasPrefix(resp.Url, expectedURL))
token := strings.TrimPrefix(resp.Url, expectedURL)
req, ok := serv.(*server).cache.Consume(token)
require.True(t, ok, "token %s not found!", token)
assert.Equal(t, testPodSandboxID, req.(*runtimeapi.PortForwardRequest).GetPodSandboxId())
assert.Equal(t, testPodSandboxID, req.(*runtimeapi.PortForwardRequest).PodSandboxId)
}
{ // TLS
@@ -211,11 +211,11 @@ func TestGetPortForward(t *testing.T) {
resp, err := tlsServer.GetPortForward(request)
assert.NoError(t, err)
expectedURL := "https://" + testAddr + "/portforward/"
assert.True(t, strings.HasPrefix(resp.GetUrl(), expectedURL))
token := strings.TrimPrefix(resp.GetUrl(), expectedURL)
assert.True(t, strings.HasPrefix(resp.Url, expectedURL))
token := strings.TrimPrefix(resp.Url, expectedURL)
req, ok := tlsServer.(*server).cache.Consume(token)
require.True(t, ok, "token %s not found!", token)
assert.Equal(t, testPodSandboxID, req.(*runtimeapi.PortForwardRequest).GetPodSandboxId())
assert.Equal(t, testPodSandboxID, req.(*runtimeapi.PortForwardRequest).PodSandboxId)
}
}
@@ -231,12 +231,11 @@ func TestServePortForward(t *testing.T) {
s, testServer := startTestServer(t)
defer testServer.Close()
podSandboxID := testPodSandboxID
resp, err := s.GetPortForward(&runtimeapi.PortForwardRequest{
PodSandboxId: &podSandboxID,
PodSandboxId: testPodSandboxID,
})
require.NoError(t, err)
reqURL, err := url.Parse(resp.GetUrl())
reqURL, err := url.Parse(resp.Url)
require.NoError(t, err)
exec, err := remotecommand.NewExecutor(&restclient.Config{}, "POST", reqURL)
@@ -273,20 +272,20 @@ func runRemoteCommandTest(t *testing.T, commandType string) {
switch commandType {
case "exec":
resp, err := s.GetExec(&runtimeapi.ExecRequest{
ContainerId: &containerID,
ContainerId: containerID,
Cmd: []string{"echo"},
Stdin: &stdin,
Stdin: stdin,
})
require.NoError(t, err)
reqURL, err = url.Parse(resp.GetUrl())
reqURL, err = url.Parse(resp.Url)
require.NoError(t, err)
case "attach":
resp, err := s.GetAttach(&runtimeapi.AttachRequest{
ContainerId: &containerID,
Stdin: &stdin,
ContainerId: containerID,
Stdin: stdin,
})
require.NoError(t, err)
reqURL, err = url.Parse(resp.GetUrl())
reqURL, err = url.Parse(resp.Url)
require.NoError(t, err)
}