server: Add special k8s label to infra containers

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-01 08:49:57 -07:00 · 2017-09-01 08:49:57 -07:00 · 138a40540f
parent 49c1fd27ac
commit 138a40540f
8 changed files with 359 additions and 1 deletions
--- a/server/sandbox_remove.go
+++ b/server/sandbox_remove.go
@ -71,7 +71,7 @@ func (s *Server) RemovePodSandbox(ctx context.Context, req *pb.RemovePodSandboxR
 		}
 	}

-	s.removeContainer(podInfraContainer)
+	s.removeInfraContainer(podInfraContainer)

 	// Remove the files related to the sandbox
 	if err := s.StorageRuntimeServer().StopContainer(sb.ID()); err != nil && errors.Cause(err) != storage.ErrContainerUnknown {
--- a/server/sandbox_run.go
+++ b/server/sandbox_run.go
@ -24,7 +24,9 @@ import (
 	"golang.org/x/sys/unix"
 	"k8s.io/kubernetes/pkg/api/v1"
 	pb "k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime"
+	"k8s.io/kubernetes/pkg/kubelet/leaky"
 	"k8s.io/kubernetes/pkg/kubelet/network/hostport"
+	"k8s.io/kubernetes/pkg/kubelet/types"
 )

 const (
@ -217,6 +219,9 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest

 	// add labels
 	labels := req.GetConfig().GetLabels()
+
+	// Add special container name label for the infra container
+	labels[types.KubernetesContainerNameLabel] = leaky.PodInfraContainerName
 	labelsJSON, err := json.Marshal(labels)
 	if err != nil {
 		return nil, err
@ -493,6 +498,8 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
 		return nil, err
 	}

+	s.addInfraContainer(container)
+
 	s.ContainerStateToDisk(container)

 	resp = &pb.RunPodSandboxResponse{PodSandboxId: id}
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/leaky/leaky.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/leaky/leaky.go
@ -0,0 +1,25 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package leaky holds bits of kubelet that should be internal but have leaked
+// out through bad abstractions.  TODO: delete all of this.
+package leaky
+
+const (
+	// This is used in a few places outside of Kubelet, such as indexing
+	// into the container info.
+	PodInfraContainerName = "POD"
+)
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/types/constants.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/types/constants.go
@ -0,0 +1,22 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package types
+
+const (
+	// system default DNS resolver configuration
+	ResolvConfDefault = "/etc/resolv.conf"
+)
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/types/doc.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/types/doc.go
@ -0,0 +1,18 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Common types in the Kubelet.
+package types // import "k8s.io/kubernetes/pkg/kubelet/types"
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/types/labels.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/types/labels.go
@ -0,0 +1,40 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package types
+
+const (
+	KubernetesPodNameLabel       = "io.kubernetes.pod.name"
+	KubernetesPodNamespaceLabel  = "io.kubernetes.pod.namespace"
+	KubernetesPodUIDLabel        = "io.kubernetes.pod.uid"
+	KubernetesContainerNameLabel = "io.kubernetes.container.name"
+)
+
+func GetContainerName(labels map[string]string) string {
+	return labels[KubernetesContainerNameLabel]
+}
+
+func GetPodName(labels map[string]string) string {
+	return labels[KubernetesPodNameLabel]
+}
+
+func GetPodUID(labels map[string]string) string {
+	return labels[KubernetesPodUIDLabel]
+}
+
+func GetPodNamespace(labels map[string]string) string {
+	return labels[KubernetesPodNamespaceLabel]
+}
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/types/pod_update.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/types/pod_update.go
@ -0,0 +1,153 @@
+/*
+Copyright 2014 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package types
+
+import (
+	"fmt"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	kubeapi "k8s.io/kubernetes/pkg/api"
+	"k8s.io/kubernetes/pkg/api/v1"
+)
+
+const (
+	ConfigSourceAnnotationKey    = "kubernetes.io/config.source"
+	ConfigMirrorAnnotationKey    = v1.MirrorPodAnnotationKey
+	ConfigFirstSeenAnnotationKey = "kubernetes.io/config.seen"
+	ConfigHashAnnotationKey      = "kubernetes.io/config.hash"
+	CriticalPodAnnotationKey     = "scheduler.alpha.kubernetes.io/critical-pod"
+)
+
+// PodOperation defines what changes will be made on a pod configuration.
+type PodOperation int
+
+const (
+	// This is the current pod configuration
+	SET PodOperation = iota
+	// Pods with the given ids are new to this source
+	ADD
+	// Pods with the given ids are gracefully deleted from this source
+	DELETE
+	// Pods with the given ids have been removed from this source
+	REMOVE
+	// Pods with the given ids have been updated in this source
+	UPDATE
+	// Pods with the given ids have unexpected status in this source,
+	// kubelet should reconcile status with this source
+	RECONCILE
+
+	// These constants identify the sources of pods
+	// Updates from a file
+	FileSource = "file"
+	// Updates from querying a web page
+	HTTPSource = "http"
+	// Updates from Kubernetes API Server
+	ApiserverSource = "api"
+	// Updates from all sources
+	AllSource = "*"
+
+	NamespaceDefault = metav1.NamespaceDefault
+)
+
+// PodUpdate defines an operation sent on the channel. You can add or remove single services by
+// sending an array of size one and Op == ADD|REMOVE (with REMOVE, only the ID is required).
+// For setting the state of the system to a given state for this source configuration, set
+// Pods as desired and Op to SET, which will reset the system state to that specified in this
+// operation for this source channel. To remove all pods, set Pods to empty object and Op to SET.
+//
+// Additionally, Pods should never be nil - it should always point to an empty slice. While
+// functionally similar, this helps our unit tests properly check that the correct PodUpdates
+// are generated.
+type PodUpdate struct {
+	Pods   []*v1.Pod
+	Op     PodOperation
+	Source string
+}
+
+// Gets all validated sources from the specified sources.
+func GetValidatedSources(sources []string) ([]string, error) {
+	validated := make([]string, 0, len(sources))
+	for _, source := range sources {
+		switch source {
+		case AllSource:
+			return []string{FileSource, HTTPSource, ApiserverSource}, nil
+		case FileSource, HTTPSource, ApiserverSource:
+			validated = append(validated, source)
+			break
+		case "":
+			break
+		default:
+			return []string{}, fmt.Errorf("unknown pod source %q", source)
+		}
+	}
+	return validated, nil
+}
+
+// GetPodSource returns the source of the pod based on the annotation.
+func GetPodSource(pod *v1.Pod) (string, error) {
+	if pod.Annotations != nil {
+		if source, ok := pod.Annotations[ConfigSourceAnnotationKey]; ok {
+			return source, nil
+		}
+	}
+	return "", fmt.Errorf("cannot get source of pod %q", pod.UID)
+}
+
+// SyncPodType classifies pod updates, eg: create, update.
+type SyncPodType int
+
+const (
+	// SyncPodSync is when the pod is synced to ensure desired state
+	SyncPodSync SyncPodType = iota
+	// SyncPodUpdate is when the pod is updated from source
+	SyncPodUpdate
+	// SyncPodCreate is when the pod is created from source
+	SyncPodCreate
+	// SyncPodKill is when the pod is killed based on a trigger internal to the kubelet for eviction.
+	// If a SyncPodKill request is made to pod workers, the request is never dropped, and will always be processed.
+	SyncPodKill
+)
+
+func (sp SyncPodType) String() string {
+	switch sp {
+	case SyncPodCreate:
+		return "create"
+	case SyncPodUpdate:
+		return "update"
+	case SyncPodSync:
+		return "sync"
+	case SyncPodKill:
+		return "kill"
+	default:
+		return "unknown"
+	}
+}
+
+// IsCriticalPod returns true if the pod bears the critical pod annotation
+// key. Both the rescheduler and the kubelet use this key to make admission
+// and scheduling decisions.
+func IsCriticalPod(pod *v1.Pod) bool {
+	// Critical pods are restricted to "kube-system" namespace as of now.
+	if pod.Namespace != kubeapi.NamespaceSystem {
+		return false
+	}
+	val, ok := pod.Annotations[CriticalPodAnnotationKey]
+	if ok && val == "" {
+		return true
+	}
+	return false
+}
--- a/vendor/k8s.io/kubernetes/pkg/kubelet/types/types.go
+++ b/vendor/k8s.io/kubernetes/pkg/kubelet/types/types.go
@ -0,0 +1,93 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package types
+
+import (
+	"net/http"
+	"time"
+
+	"k8s.io/kubernetes/pkg/api/v1"
+)
+
+// TODO: Reconcile custom types in kubelet/types and this subpackage
+
+type HttpGetter interface {
+	Get(url string) (*http.Response, error)
+}
+
+// Timestamp wraps around time.Time and offers utilities to format and parse
+// the time using RFC3339Nano
+type Timestamp struct {
+	time time.Time
+}
+
+// NewTimestamp returns a Timestamp object using the current time.
+func NewTimestamp() *Timestamp {
+	return &Timestamp{time.Now()}
+}
+
+// ConvertToTimestamp takes a string, parses it using the RFC3339Nano layout,
+// and converts it to a Timestamp object.
+func ConvertToTimestamp(timeString string) *Timestamp {
+	parsed, _ := time.Parse(time.RFC3339Nano, timeString)
+	return &Timestamp{parsed}
+}
+
+// Get returns the time as time.Time.
+func (t *Timestamp) Get() time.Time {
+	return t.time
+}
+
+// GetString returns the time in the string format using the RFC3339Nano
+// layout.
+func (t *Timestamp) GetString() string {
+	return t.time.Format(time.RFC3339Nano)
+}
+
+// A type to help sort container statuses based on container names.
+type SortedContainerStatuses []v1.ContainerStatus
+
+func (s SortedContainerStatuses) Len() int      { return len(s) }
+func (s SortedContainerStatuses) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
+
+func (s SortedContainerStatuses) Less(i, j int) bool {
+	return s[i].Name < s[j].Name
+}
+
+// SortInitContainerStatuses ensures that statuses are in the order that their
+// init container appears in the pod spec
+func SortInitContainerStatuses(p *v1.Pod, statuses []v1.ContainerStatus) {
+	containers := p.Spec.InitContainers
+	current := 0
+	for _, container := range containers {
+		for j := current; j < len(statuses); j++ {
+			if container.Name == statuses[j].Name {
+				statuses[current], statuses[j] = statuses[j], statuses[current]
+				current++
+				break
+			}
+		}
+	}
+}
+
+// Reservation represents reserved resources for non-pod components.
+type Reservation struct {
+	// System represents resources reserved for non-kubernetes components.
+	System v1.ResourceList
+	// Kubernetes represents resources reserved for kubernetes system components.
+	Kubernetes v1.ResourceList
+}