Container runtimes like CRI-O and containerd reuse the code by copying
it from Kubernetes. To have a single source of truth for the streaming
server we now move the already isolated implementation to the
k8s.io/kubelet staging repository. This way runtimes can re-use the code
without copying the parts.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
The if and else branches have the exactly same code, which looks
confusing and doesn't make sense. According to the comment, the else
branch should log the error and podUID only.
Signed-off-by: Quan Tian <qtian@vmware.com>
Right now container runtimes have no way to provide additional context
to the pull errors. We now loosen the constraints and check for
additional messages after the actual CRI errors, which allows to enrich
the verbosity of the warning events, for example:
```
Warning Failed 2s (x3 over 43s) kubelet Failed to pull image "localhost:5000/foo": RegistryUnavailable: pinging container registry localhost:5000: Get "http://localhost:5000/v2/": dial tcp [::1]:5000: connect: connection refused
```
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
Every component that uses a pod.Manager should use a stub interface
(like we do for podWorker) that explicitly describes what methods
they use. This will allow podWorker to implement the minimum set
of manager interfaces.
The two are not coupled except accidentally. Separate them and
update callsites. This will reduce the scope of PodManager interface
to make exposing the pod worker cleaner.
The HandlePod* methods are all structurally similar, but accrued
subtle differences. In general the only point for Handle is to
process admission and to update the pod worker with the desired
state of the kubelet's config (so that pod worker can make it
the actual state).
Add a new GetPodAndMirrorPod() method that handles when the config
pod is ambiguous (pod or mirror pod) and inline the structure.
Add comments on questionable additions in the config methods for
future improvement.
Move the metric observation of container count closer to where
pods are actually started (in the pod worker). A future change
can likely move it to syncPod.
There is only one caller and both sets of data are part of the
resync operation between kubelet's desired state and the actual
state of the pod workers. Reduces the size of the interface so
that it is easier to create another pod manager.
The unit tests are currently failing due to missing imports. This commit
addresses this issue.
Additionally, TestIsUnixDomainSocket expects an error to be raised by
IsUnixDomainSocket if the file does not exist, but on Windows we do not
raise such error.
This issue is addressed by Stat-ing the file, and checking
if the file exists or not. We're also handling the case in which the given
filePath is a named pipe, returning false immediately, instead of trying to
dial it as a Unix domain socket.
This allows container runtimes to propagate an image signature
verification error through the CRI and display that to the end user
during image pull. There is no other behavioral difference compared to a
regular image pull failure.
Signed-off-by: Sascha Grunert <sgrunert@redhat.com>
