Move exec.go from dockertools to dockershim
This commit is contained in:
Yu-Ju Hong
@@ -939,18 +939,6 @@ func RunDockershim(c *componentconfig.KubeletConfiguration, dockershimRootDir st
|
|||||||
dockerClient := dockertools.ConnectToDockerOrDie(c.DockerEndpoint, c.RuntimeRequestTimeout.Duration,
|
dockerClient := dockertools.ConnectToDockerOrDie(c.DockerEndpoint, c.RuntimeRequestTimeout.Duration,
|
||||||
c.ImagePullProgressDeadline.Duration)
|
c.ImagePullProgressDeadline.Duration)
|
||||||
|
|
||||||
// Initialize docker exec handler.
|
|
||||||
var dockerExecHandler dockertools.ExecHandler
|
|
||||||
switch c.DockerExecHandlerName {
|
|
||||||
case "native":
|
|
||||||
dockerExecHandler = &dockertools.NativeExecHandler{}
|
|
||||||
case "nsenter":
|
|
||||||
dockerExecHandler = &dockertools.NsenterExecHandler{}
|
|
||||||
default:
|
|
||||||
glog.Warningf("Unknown Docker exec handler %q; defaulting to native", c.DockerExecHandlerName)
|
|
||||||
dockerExecHandler = &dockertools.NativeExecHandler{}
|
|
||||||
}
|
|
||||||
|
|
||||||
// Initialize network plugin settings.
|
// Initialize network plugin settings.
|
||||||
binDir := c.CNIBinDir
|
binDir := c.CNIBinDir
|
||||||
if binDir == "" {
|
if binDir == "" {
|
||||||
@@ -976,7 +964,7 @@ func RunDockershim(c *componentconfig.KubeletConfiguration, dockershimRootDir st
|
|||||||
}
|
}
|
||||||
|
|
||||||
ds, err := dockershim.NewDockerService(dockerClient, c.SeccompProfileRoot, c.PodInfraContainerImage,
|
ds, err := dockershim.NewDockerService(dockerClient, c.SeccompProfileRoot, c.PodInfraContainerImage,
|
||||||
streamingConfig, &pluginSettings, c.RuntimeCgroups, c.CgroupDriver, dockerExecHandler, dockershimRootDir,
|
streamingConfig, &pluginSettings, c.RuntimeCgroups, c.CgroupDriver, c.DockerExecHandlerName, dockershimRootDir,
|
||||||
!c.DockerEnableSharedPID)
|
!c.DockerEnableSharedPID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
|
|||||||
@@ -147,12 +147,23 @@ var internalLabelKeys []string = []string{containerTypeLabelKey, containerLogPat
|
|||||||
|
|
||||||
// NOTE: Anything passed to DockerService should be eventually handled in another way when we switch to running the shim as a different process.
|
// NOTE: Anything passed to DockerService should be eventually handled in another way when we switch to running the shim as a different process.
|
||||||
func NewDockerService(client dockertools.DockerInterface, seccompProfileRoot string, podSandboxImage string, streamingConfig *streaming.Config,
|
func NewDockerService(client dockertools.DockerInterface, seccompProfileRoot string, podSandboxImage string, streamingConfig *streaming.Config,
|
||||||
pluginSettings *NetworkPluginSettings, cgroupsName string, kubeCgroupDriver string, execHandler dockertools.ExecHandler, dockershimRootDir string, disableSharedPID bool) (DockerService, error) {
|
pluginSettings *NetworkPluginSettings, cgroupsName string, kubeCgroupDriver string, execHandlerName, dockershimRootDir string, disableSharedPID bool) (DockerService, error) {
|
||||||
c := dockertools.NewInstrumentedDockerInterface(client)
|
c := dockertools.NewInstrumentedDockerInterface(client)
|
||||||
checkpointHandler, err := NewPersistentCheckpointHandler(dockershimRootDir)
|
checkpointHandler, err := NewPersistentCheckpointHandler(dockershimRootDir)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
var execHandler ExecHandler
|
||||||
|
switch execHandlerName {
|
||||||
|
case "native":
|
||||||
|
execHandler = &NativeExecHandler{}
|
||||||
|
case "nsenter":
|
||||||
|
execHandler = &NsenterExecHandler{}
|
||||||
|
default:
|
||||||
|
glog.Warningf("Unknown Docker exec handler %q; defaulting to native", execHandlerName)
|
||||||
|
execHandler = &NativeExecHandler{}
|
||||||
|
}
|
||||||
|
|
||||||
ds := &dockerService{
|
ds := &dockerService{
|
||||||
seccompProfileRoot: seccompProfileRoot,
|
seccompProfileRoot: seccompProfileRoot,
|
||||||
client: c,
|
client: c,
|
||||||
|
|||||||
@@ -33,7 +33,7 @@ import (
|
|||||||
|
|
||||||
type streamingRuntime struct {
|
type streamingRuntime struct {
|
||||||
client dockertools.DockerInterface
|
client dockertools.DockerInterface
|
||||||
execHandler dockertools.ExecHandler
|
execHandler ExecHandler
|
||||||
}
|
}
|
||||||
|
|
||||||
var _ streaming.Runtime = &streamingRuntime{}
|
var _ streaming.Runtime = &streamingRuntime{}
|
||||||
|
|||||||
@@ -14,7 +14,7 @@ See the License for the specific language governing permissions and
|
|||||||
limitations under the License.
|
limitations under the License.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
package dockertools
|
package dockershim
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"fmt"
|
"fmt"
|
||||||
@@ -25,22 +25,44 @@ import (
|
|||||||
|
|
||||||
dockertypes "github.com/docker/engine-api/types"
|
dockertypes "github.com/docker/engine-api/types"
|
||||||
"github.com/golang/glog"
|
"github.com/golang/glog"
|
||||||
|
|
||||||
"k8s.io/kubernetes/pkg/client/unversioned/remotecommand"
|
"k8s.io/kubernetes/pkg/client/unversioned/remotecommand"
|
||||||
kubecontainer "k8s.io/kubernetes/pkg/kubelet/container"
|
kubecontainer "k8s.io/kubernetes/pkg/kubelet/container"
|
||||||
|
"k8s.io/kubernetes/pkg/kubelet/dockertools"
|
||||||
utilexec "k8s.io/kubernetes/pkg/util/exec"
|
utilexec "k8s.io/kubernetes/pkg/util/exec"
|
||||||
"k8s.io/kubernetes/pkg/util/term"
|
"k8s.io/kubernetes/pkg/util/term"
|
||||||
)
|
)
|
||||||
|
|
||||||
// ExecHandler knows how to execute a command in a running Docker container.
|
// ExecHandler knows how to execute a command in a running Docker container.
|
||||||
type ExecHandler interface {
|
type ExecHandler interface {
|
||||||
ExecInContainer(client DockerInterface, container *dockertypes.ContainerJSON, cmd []string, stdin io.Reader, stdout, stderr io.WriteCloser, tty bool, resize <-chan remotecommand.TerminalSize, timeout time.Duration) error
|
ExecInContainer(client dockertools.DockerInterface, container *dockertypes.ContainerJSON, cmd []string, stdin io.Reader, stdout, stderr io.WriteCloser, tty bool, resize <-chan remotecommand.TerminalSize, timeout time.Duration) error
|
||||||
}
|
}
|
||||||
|
|
||||||
// NsenterExecHandler executes commands in Docker containers using nsenter.
|
// NsenterExecHandler executes commands in Docker containers using nsenter.
|
||||||
type NsenterExecHandler struct{}
|
type NsenterExecHandler struct{}
|
||||||
|
|
||||||
|
type dockerExitError struct {
|
||||||
|
Inspect *dockertypes.ContainerExecInspect
|
||||||
|
}
|
||||||
|
|
||||||
|
func (d *dockerExitError) String() string {
|
||||||
|
return d.Error()
|
||||||
|
}
|
||||||
|
|
||||||
|
func (d *dockerExitError) Error() string {
|
||||||
|
return fmt.Sprintf("Error executing in Docker Container: %d", d.Inspect.ExitCode)
|
||||||
|
}
|
||||||
|
|
||||||
|
func (d *dockerExitError) Exited() bool {
|
||||||
|
return !d.Inspect.Running
|
||||||
|
}
|
||||||
|
|
||||||
|
func (d *dockerExitError) ExitStatus() int {
|
||||||
|
return d.Inspect.ExitCode
|
||||||
|
}
|
||||||
|
|
||||||
// TODO should we support nsenter in a container, running with elevated privs and --pid=host?
|
// TODO should we support nsenter in a container, running with elevated privs and --pid=host?
|
||||||
func (*NsenterExecHandler) ExecInContainer(client DockerInterface, container *dockertypes.ContainerJSON, cmd []string, stdin io.Reader, stdout, stderr io.WriteCloser, tty bool, resize <-chan remotecommand.TerminalSize, timeout time.Duration) error {
|
func (*NsenterExecHandler) ExecInContainer(client dockertools.DockerInterface, container *dockertypes.ContainerJSON, cmd []string, stdin io.Reader, stdout, stderr io.WriteCloser, tty bool, resize <-chan remotecommand.TerminalSize, timeout time.Duration) error {
|
||||||
nsenter, err := exec.LookPath("nsenter")
|
nsenter, err := exec.LookPath("nsenter")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return fmt.Errorf("exec unavailable - unable to locate nsenter")
|
return fmt.Errorf("exec unavailable - unable to locate nsenter")
|
||||||
@@ -111,7 +133,7 @@ func (*NsenterExecHandler) ExecInContainer(client DockerInterface, container *do
|
|||||||
// NativeExecHandler executes commands in Docker containers using Docker's exec API.
|
// NativeExecHandler executes commands in Docker containers using Docker's exec API.
|
||||||
type NativeExecHandler struct{}
|
type NativeExecHandler struct{}
|
||||||
|
|
||||||
func (*NativeExecHandler) ExecInContainer(client DockerInterface, container *dockertypes.ContainerJSON, cmd []string, stdin io.Reader, stdout, stderr io.WriteCloser, tty bool, resize <-chan remotecommand.TerminalSize, timeout time.Duration) error {
|
func (*NativeExecHandler) ExecInContainer(client dockertools.DockerInterface, container *dockertypes.ContainerJSON, cmd []string, stdin io.Reader, stdout, stderr io.WriteCloser, tty bool, resize <-chan remotecommand.TerminalSize, timeout time.Duration) error {
|
||||||
createOpts := dockertypes.ExecConfig{
|
createOpts := dockertypes.ExecConfig{
|
||||||
Cmd: cmd,
|
Cmd: cmd,
|
||||||
AttachStdin: stdin != nil,
|
AttachStdin: stdin != nil,
|
||||||
@@ -131,7 +153,7 @@ func (*NativeExecHandler) ExecInContainer(client DockerInterface, container *doc
|
|||||||
})
|
})
|
||||||
|
|
||||||
startOpts := dockertypes.ExecStartCheck{Detach: false, Tty: tty}
|
startOpts := dockertypes.ExecStartCheck{Detach: false, Tty: tty}
|
||||||
streamOpts := StreamOptions{
|
streamOpts := dockertools.StreamOptions{
|
||||||
InputStream: stdin,
|
InputStream: stdin,
|
||||||
OutputStream: stdout,
|
OutputStream: stdout,
|
||||||
ErrorStream: stderr,
|
ErrorStream: stderr,
|
||||||
@@ -287,26 +287,6 @@ func GetUserFromImageUser(id string) string {
|
|||||||
return id
|
return id
|
||||||
}
|
}
|
||||||
|
|
||||||
type dockerExitError struct {
|
|
||||||
Inspect *dockertypes.ContainerExecInspect
|
|
||||||
}
|
|
||||||
|
|
||||||
func (d *dockerExitError) String() string {
|
|
||||||
return d.Error()
|
|
||||||
}
|
|
||||||
|
|
||||||
func (d *dockerExitError) Error() string {
|
|
||||||
return fmt.Sprintf("Error executing in Docker Container: %d", d.Inspect.ExitCode)
|
|
||||||
}
|
|
||||||
|
|
||||||
func (d *dockerExitError) Exited() bool {
|
|
||||||
return !d.Inspect.Running
|
|
||||||
}
|
|
||||||
|
|
||||||
func (d *dockerExitError) ExitStatus() int {
|
|
||||||
return d.Inspect.ExitCode
|
|
||||||
}
|
|
||||||
|
|
||||||
// RewriteResolvFile rewrites resolv.conf file generated by docker.
|
// RewriteResolvFile rewrites resolv.conf file generated by docker.
|
||||||
// Exported for reusing in dockershim.
|
// Exported for reusing in dockershim.
|
||||||
func RewriteResolvFile(resolvFilePath string, dns []string, dnsSearch []string, useClusterFirstPolicy bool) error {
|
func RewriteResolvFile(resolvFilePath string, dns []string, dnsSearch []string, useClusterFirstPolicy bool) error {
|
||||||
|
|||||||
@@ -364,17 +364,6 @@ func NewMainKubelet(kubeCfg *componentconfig.KubeletConfiguration, kubeDeps *Kub
|
|||||||
KernelMemcgNotification: kubeCfg.ExperimentalKernelMemcgNotification,
|
KernelMemcgNotification: kubeCfg.ExperimentalKernelMemcgNotification,
|
||||||
}
|
}
|
||||||
|
|
||||||
var dockerExecHandler dockertools.ExecHandler
|
|
||||||
switch kubeCfg.DockerExecHandlerName {
|
|
||||||
case "native":
|
|
||||||
dockerExecHandler = &dockertools.NativeExecHandler{}
|
|
||||||
case "nsenter":
|
|
||||||
dockerExecHandler = &dockertools.NsenterExecHandler{}
|
|
||||||
default:
|
|
||||||
glog.Warningf("Unknown Docker exec handler %q; defaulting to native", kubeCfg.DockerExecHandlerName)
|
|
||||||
dockerExecHandler = &dockertools.NativeExecHandler{}
|
|
||||||
}
|
|
||||||
|
|
||||||
serviceIndexer := cache.NewIndexer(cache.MetaNamespaceKeyFunc, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc})
|
serviceIndexer := cache.NewIndexer(cache.MetaNamespaceKeyFunc, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc})
|
||||||
if kubeDeps.KubeClient != nil {
|
if kubeDeps.KubeClient != nil {
|
||||||
serviceLW := cache.NewListWatchFromClient(kubeDeps.KubeClient.Core().RESTClient(), "services", metav1.NamespaceAll, fields.Everything())
|
serviceLW := cache.NewListWatchFromClient(kubeDeps.KubeClient.Core().RESTClient(), "services", metav1.NamespaceAll, fields.Everything())
|
||||||
@@ -556,7 +545,7 @@ func NewMainKubelet(kubeCfg *componentconfig.KubeletConfiguration, kubeDeps *Kub
|
|||||||
// Create and start the CRI shim running as a grpc server.
|
// Create and start the CRI shim running as a grpc server.
|
||||||
streamingConfig := getStreamingConfig(kubeCfg, kubeDeps)
|
streamingConfig := getStreamingConfig(kubeCfg, kubeDeps)
|
||||||
ds, err := dockershim.NewDockerService(klet.dockerClient, kubeCfg.SeccompProfileRoot, kubeCfg.PodInfraContainerImage,
|
ds, err := dockershim.NewDockerService(klet.dockerClient, kubeCfg.SeccompProfileRoot, kubeCfg.PodInfraContainerImage,
|
||||||
streamingConfig, &pluginSettings, kubeCfg.RuntimeCgroups, kubeCfg.CgroupDriver, dockerExecHandler, dockershimRootDir,
|
streamingConfig, &pluginSettings, kubeCfg.RuntimeCgroups, kubeCfg.CgroupDriver, kubeCfg.DockerExecHandlerName, dockershimRootDir,
|
||||||
!kubeCfg.DockerEnableSharedPID)
|
!kubeCfg.DockerEnableSharedPID)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
|
|||||||
Reference in New Issue
Block a user