Merge f41bf4688c into 54e76afc03
This commit is contained in:
W. Trevor King
GitHub
commit
43e0f1d296
3 changed files with 60 additions and 69 deletions
|
|
@ -168,9 +168,6 @@ const (
|
|||
// NsRunDir is the default directory in which running network namespaces
|
||||
// are stored
|
||||
NsRunDir = "/var/run/netns"
|
||||
// PodInfraCommand is the default command when starting a pod infrastructure
|
||||
// container
|
||||
PodInfraCommand = "/pause"
|
||||
)
|
||||
|
||||
var (
|
||||
|
|
|
|||
|
|
@ -376,7 +376,7 @@ func addDevices(sb *sandbox.Sandbox, containerConfig *pb.ContainerConfig, specge
|
|||
}
|
||||
|
||||
// buildOCIProcessArgs build an OCI compatible process arguments slice.
|
||||
func buildOCIProcessArgs(containerKubeConfig *pb.ContainerConfig, imageOCIConfig *v1.Image) ([]string, error) {
|
||||
func buildOCIProcessArgs(containerKubeConfig *pb.ContainerConfig, ociConfig *v1.ImageConfig) ([]string, error) {
|
||||
//# Start the nginx container using the default command, but use custom
|
||||
//arguments (arg1 .. argN) for that command.
|
||||
//kubectl run nginx --image=nginx -- <arg1> <arg2> ... <argN>
|
||||
|
|
@ -388,34 +388,14 @@ func buildOCIProcessArgs(containerKubeConfig *pb.ContainerConfig, imageOCIConfig
|
|||
kubeArgs := containerKubeConfig.Args
|
||||
|
||||
// merge image config and kube config
|
||||
// same as docker does today...
|
||||
if imageOCIConfig != nil {
|
||||
if len(kubeCommands) == 0 {
|
||||
if ociConfig != nil && len(kubeCommands) == 0 {
|
||||
kubeCommands = ociConfig.Entrypoint
|
||||
if len(kubeArgs) == 0 {
|
||||
kubeArgs = imageOCIConfig.Config.Cmd
|
||||
}
|
||||
if kubeCommands == nil {
|
||||
kubeCommands = imageOCIConfig.Config.Entrypoint
|
||||
}
|
||||
kubeArgs = ociConfig.Cmd
|
||||
}
|
||||
}
|
||||
|
||||
if len(kubeCommands) == 0 && len(kubeArgs) == 0 {
|
||||
return nil, fmt.Errorf("no command specified")
|
||||
}
|
||||
|
||||
// create entrypoint and args
|
||||
var entrypoint string
|
||||
var args []string
|
||||
if len(kubeCommands) != 0 {
|
||||
entrypoint = kubeCommands[0]
|
||||
args = append(kubeCommands[1:], kubeArgs...)
|
||||
} else {
|
||||
entrypoint = kubeArgs[0]
|
||||
args = kubeArgs[1:]
|
||||
}
|
||||
|
||||
processArgs := append([]string{entrypoint}, args...)
|
||||
processArgs := append(kubeCommands, kubeArgs...)
|
||||
|
||||
logrus.Debugf("OCI process args %v", processArgs)
|
||||
|
||||
|
|
@ -1179,10 +1159,18 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
|
|||
return nil, err
|
||||
}
|
||||
|
||||
processArgs, err := buildOCIProcessArgs(containerConfig, containerImageConfig)
|
||||
processArgs := []string{}
|
||||
if containerImageConfig == nil {
|
||||
processArgs, err = buildOCIProcessArgs(containerConfig, nil)
|
||||
} else {
|
||||
processArgs, err = buildOCIProcessArgs(containerConfig, &containerImageConfig.Config)
|
||||
}
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if len(processArgs) == 0 {
|
||||
specgen.Spec().Process = nil
|
||||
} else {
|
||||
specgen.SetProcessArgs(processArgs)
|
||||
|
||||
envs := mergeEnvs(containerImageConfig, containerConfig.GetEnvs())
|
||||
|
|
@ -1212,6 +1200,14 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
|
|||
return nil, err
|
||||
}
|
||||
|
||||
// Setup user and groups
|
||||
if linux != nil {
|
||||
if err = setupContainerUser(&specgen, mountPoint, linux.GetSecurityContext(), containerImageConfig); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
var secretMounts []rspec.Mount
|
||||
if len(s.config.DefaultMounts) > 0 {
|
||||
var err error
|
||||
|
|
@ -1242,13 +1238,6 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
|
|||
return nil, err
|
||||
}
|
||||
|
||||
// Setup user and groups
|
||||
if linux != nil {
|
||||
if err = setupContainerUser(&specgen, mountPoint, linux.GetSecurityContext(), containerImageConfig); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
}
|
||||
|
||||
// Set up pids limit if pids cgroup is mounted
|
||||
_, err = cgroups.FindCgroupMountpoint("pids")
|
||||
if err == nil {
|
||||
|
|
|
|||
|
|
@ -186,15 +186,6 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
|
|||
|
||||
// setup defaults for the pod sandbox
|
||||
g.SetRootReadonly(true)
|
||||
if s.config.PauseCommand == "" {
|
||||
if podContainer.Config != nil {
|
||||
g.SetProcessArgs(podContainer.Config.Config.Cmd)
|
||||
} else {
|
||||
g.SetProcessArgs([]string{sandbox.PodInfraCommand})
|
||||
}
|
||||
} else {
|
||||
g.SetProcessArgs([]string{s.config.PauseCommand})
|
||||
}
|
||||
|
||||
// set DNS options
|
||||
if req.GetConfig().GetDnsConfig() != nil {
|
||||
|
|
@ -286,6 +277,20 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
|
|||
g.SetProcessSelinuxLabel(processLabel)
|
||||
g.SetLinuxMountLabel(mountLabel)
|
||||
|
||||
containerKubeConfig := &pb.ContainerConfig{}
|
||||
if s.config.PauseCommand != "" {
|
||||
containerKubeConfig.Command = []string{s.config.PauseCommand}
|
||||
}
|
||||
processArgs, err := buildOCIProcessArgs(containerKubeConfig, &podContainer.Config.Config)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if len(processArgs) == 0 {
|
||||
g.Spec().Process = nil
|
||||
} else {
|
||||
g.SetProcessArgs(processArgs)
|
||||
}
|
||||
|
||||
// create shm mount for the pod containers.
|
||||
var shmPath string
|
||||
if securityContext.GetNamespaceOptions().GetHostIpc() {
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue