Mrunal Patel
GitHub
commit
7ea255fcea
52 changed files with 677 additions and 677 deletions
|
|
@ -2,7 +2,7 @@ package apparmor
|
|||
|
||||
const (
|
||||
// DefaultApparmorProfile is the name of default apparmor profile name.
|
||||
DefaultApparmorProfile = "ocid-default"
|
||||
DefaultApparmorProfile = "crio-default"
|
||||
|
||||
// ContainerAnnotationKeyPrefix is the prefix to an annotation key specifying a container profile.
|
||||
ContainerAnnotationKeyPrefix = "container.apparmor.security.beta.kubernetes.io/"
|
||||
|
|
|
|||
|
|
@ -10,14 +10,14 @@ import (
|
|||
|
||||
// Default paths if none are specified
|
||||
const (
|
||||
ocidRoot = "/var/lib/containers/storage"
|
||||
ocidRunRoot = "/var/run/containers/storage"
|
||||
conmonPath = "/usr/local/libexec/ocid/conmon"
|
||||
crioRoot = "/var/lib/containers/storage"
|
||||
crioRunRoot = "/var/run/containers/storage"
|
||||
conmonPath = "/usr/local/libexec/crio/conmon"
|
||||
pauseImage = "kubernetes/pause"
|
||||
pauseCommand = "/pause"
|
||||
defaultTransport = "docker://"
|
||||
seccompProfilePath = "/etc/ocid/seccomp.json"
|
||||
apparmorProfileName = "ocid-default"
|
||||
seccompProfilePath = "/etc/crio/seccomp.json"
|
||||
apparmorProfileName = "crio-default"
|
||||
cniConfigDir = "/etc/cni/net.d/"
|
||||
cniBinDir = "/opt/cni/bin/"
|
||||
cgroupManager = "cgroupfs"
|
||||
|
|
@ -37,7 +37,7 @@ type Config struct {
|
|||
// while also not requiring a bunch of layered structs for no good
|
||||
// reason.
|
||||
|
||||
// RootConfig represents the root of the "ocid" TOML config table.
|
||||
// RootConfig represents the root of the "crio" TOML config table.
|
||||
type RootConfig struct {
|
||||
// Root is a path to the "root directory" where data not
|
||||
// explicitly handled by other options will be stored.
|
||||
|
|
@ -59,7 +59,7 @@ type RootConfig struct {
|
|||
LogDir string `toml:"log_dir"`
|
||||
}
|
||||
|
||||
// APIConfig represents the "ocid.api" TOML config table.
|
||||
// APIConfig represents the "crio.api" TOML config table.
|
||||
type APIConfig struct {
|
||||
// Listen is the path to the AF_LOCAL socket on which cri-o will listen.
|
||||
// This may support proto://addr formats later, but currently this is just
|
||||
|
|
@ -67,14 +67,14 @@ type APIConfig struct {
|
|||
Listen string `toml:"listen"`
|
||||
}
|
||||
|
||||
// RuntimeConfig represents the "ocid.runtime" TOML config table.
|
||||
// RuntimeConfig represents the "crio.runtime" TOML config table.
|
||||
type RuntimeConfig struct {
|
||||
// Runtime is a path to the OCI runtime which ocid will be using. Currently
|
||||
// Runtime is a path to the OCI runtime which crio will be using. Currently
|
||||
// the only known working choice is runC, simply because the OCI has not
|
||||
// yet merged a CLI API (so we assume runC's API here).
|
||||
Runtime string `toml:"runtime"`
|
||||
|
||||
// RuntimeHostPrivileged is a path to the OCI runtime which ocid will be
|
||||
// RuntimeHostPrivileged is a path to the OCI runtime which crio will be
|
||||
// using for host privileged operations.
|
||||
RuntimeHostPrivileged string `toml:"runtime_host_privileged"`
|
||||
|
||||
|
|
@ -100,7 +100,7 @@ type RuntimeConfig struct {
|
|||
CgroupManager string `toml:"cgroup_manager"`
|
||||
}
|
||||
|
||||
// ImageConfig represents the "ocid.image" TOML config table.
|
||||
// ImageConfig represents the "crio.image" TOML config table.
|
||||
type ImageConfig struct {
|
||||
// DefaultTransport is a value we prefix to image names that fail to
|
||||
// validate source references.
|
||||
|
|
@ -119,7 +119,7 @@ type ImageConfig struct {
|
|||
SignaturePolicyPath string `toml:"signature_policy"`
|
||||
}
|
||||
|
||||
// NetworkConfig represents the "ocid.network" TOML config table
|
||||
// NetworkConfig represents the "crio.network" TOML config table
|
||||
type NetworkConfig struct {
|
||||
// NetworkDir is where CNI network configuration files are stored.
|
||||
NetworkDir string `toml:"network_dir"`
|
||||
|
|
@ -138,7 +138,7 @@ type tomlConfig struct {
|
|||
Runtime struct{ RuntimeConfig } `toml:"runtime"`
|
||||
Image struct{ ImageConfig } `toml:"image"`
|
||||
Network struct{ NetworkConfig } `toml:"network"`
|
||||
} `toml:"ocid"`
|
||||
} `toml:"crio"`
|
||||
}
|
||||
|
||||
func (t *tomlConfig) toConfig(c *Config) {
|
||||
|
|
@ -195,16 +195,16 @@ func (c *Config) ToFile(path string) error {
|
|||
return ioutil.WriteFile(path, w.Bytes(), 0644)
|
||||
}
|
||||
|
||||
// DefaultConfig returns the default configuration for ocid.
|
||||
// DefaultConfig returns the default configuration for crio.
|
||||
func DefaultConfig() *Config {
|
||||
return &Config{
|
||||
RootConfig: RootConfig{
|
||||
Root: ocidRoot,
|
||||
RunRoot: ocidRunRoot,
|
||||
LogDir: "/var/log/ocid/pods",
|
||||
Root: crioRoot,
|
||||
RunRoot: crioRunRoot,
|
||||
LogDir: "/var/log/crio/pods",
|
||||
},
|
||||
APIConfig: APIConfig{
|
||||
Listen: "/var/run/ocid.sock",
|
||||
Listen: "/var/run/crio.sock",
|
||||
},
|
||||
RuntimeConfig: RuntimeConfig{
|
||||
Runtime: "/usr/bin/runc",
|
||||
|
|
|
|||
|
|
@ -425,7 +425,7 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
|
|||
|
||||
if sb.cgroupParent != "" {
|
||||
if s.config.CgroupManager == "systemd" {
|
||||
cgPath := sb.cgroupParent + ":" + "ocid" + ":" + containerID
|
||||
cgPath := sb.cgroupParent + ":" + "crio" + ":" + containerID
|
||||
specgen.SetLinuxCgroupsPath(cgPath)
|
||||
} else {
|
||||
specgen.SetLinuxCgroupsPath(sb.cgroupParent + "/" + containerID)
|
||||
|
|
@ -532,31 +532,31 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
|
|||
specgen.SetHostname(sb.hostname)
|
||||
}
|
||||
|
||||
specgen.AddAnnotation("ocid/name", containerName)
|
||||
specgen.AddAnnotation("ocid/sandbox_id", sb.id)
|
||||
specgen.AddAnnotation("ocid/sandbox_name", sb.infraContainer.Name())
|
||||
specgen.AddAnnotation("ocid/container_type", containerTypeContainer)
|
||||
specgen.AddAnnotation("ocid/log_path", logPath)
|
||||
specgen.AddAnnotation("ocid/tty", fmt.Sprintf("%v", containerConfig.Tty))
|
||||
specgen.AddAnnotation("ocid/image", image)
|
||||
specgen.AddAnnotation("crio/name", containerName)
|
||||
specgen.AddAnnotation("crio/sandbox_id", sb.id)
|
||||
specgen.AddAnnotation("crio/sandbox_name", sb.infraContainer.Name())
|
||||
specgen.AddAnnotation("crio/container_type", containerTypeContainer)
|
||||
specgen.AddAnnotation("crio/log_path", logPath)
|
||||
specgen.AddAnnotation("crio/tty", fmt.Sprintf("%v", containerConfig.Tty))
|
||||
specgen.AddAnnotation("crio/image", image)
|
||||
|
||||
metadataJSON, err := json.Marshal(metadata)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
specgen.AddAnnotation("ocid/metadata", string(metadataJSON))
|
||||
specgen.AddAnnotation("crio/metadata", string(metadataJSON))
|
||||
|
||||
labelsJSON, err := json.Marshal(labels)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
specgen.AddAnnotation("ocid/labels", string(labelsJSON))
|
||||
specgen.AddAnnotation("crio/labels", string(labelsJSON))
|
||||
|
||||
annotationsJSON, err := json.Marshal(annotations)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
specgen.AddAnnotation("ocid/annotations", string(annotationsJSON))
|
||||
specgen.AddAnnotation("crio/annotations", string(annotationsJSON))
|
||||
|
||||
if err = s.setupSeccomp(&specgen, containerName, sb.annotations); err != nil {
|
||||
return nil, err
|
||||
|
|
|
|||
|
|
@ -252,20 +252,20 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
|
|||
}
|
||||
|
||||
privileged := s.privilegedSandbox(req)
|
||||
g.AddAnnotation("ocid/metadata", string(metadataJSON))
|
||||
g.AddAnnotation("ocid/labels", string(labelsJSON))
|
||||
g.AddAnnotation("ocid/annotations", string(annotationsJSON))
|
||||
g.AddAnnotation("ocid/log_path", logPath)
|
||||
g.AddAnnotation("ocid/name", name)
|
||||
g.AddAnnotation("ocid/container_type", containerTypeSandbox)
|
||||
g.AddAnnotation("ocid/sandbox_id", id)
|
||||
g.AddAnnotation("ocid/container_name", containerName)
|
||||
g.AddAnnotation("ocid/container_id", id)
|
||||
g.AddAnnotation("ocid/shm_path", shmPath)
|
||||
g.AddAnnotation("ocid/privileged_runtime", fmt.Sprintf("%v", privileged))
|
||||
g.AddAnnotation("ocid/resolv_path", resolvPath)
|
||||
g.AddAnnotation("ocid/hostname", hostname)
|
||||
g.AddAnnotation("ocid/kube_name", kubeName)
|
||||
g.AddAnnotation("crio/metadata", string(metadataJSON))
|
||||
g.AddAnnotation("crio/labels", string(labelsJSON))
|
||||
g.AddAnnotation("crio/annotations", string(annotationsJSON))
|
||||
g.AddAnnotation("crio/log_path", logPath)
|
||||
g.AddAnnotation("crio/name", name)
|
||||
g.AddAnnotation("crio/container_type", containerTypeSandbox)
|
||||
g.AddAnnotation("crio/sandbox_id", id)
|
||||
g.AddAnnotation("crio/container_name", containerName)
|
||||
g.AddAnnotation("crio/container_id", id)
|
||||
g.AddAnnotation("crio/shm_path", shmPath)
|
||||
g.AddAnnotation("crio/privileged_runtime", fmt.Sprintf("%v", privileged))
|
||||
g.AddAnnotation("crio/resolv_path", resolvPath)
|
||||
g.AddAnnotation("crio/hostname", hostname)
|
||||
g.AddAnnotation("crio/kube_name", kubeName)
|
||||
|
||||
sb := &sandbox{
|
||||
id: id,
|
||||
|
|
@ -319,7 +319,7 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
|
|||
cgroupParent := req.GetConfig().GetLinux().CgroupParent
|
||||
if cgroupParent != "" {
|
||||
if s.config.CgroupManager == "systemd" {
|
||||
cgPath := cgroupParent + ":" + "ocid" + ":" + id
|
||||
cgPath := cgroupParent + ":" + "crio" + ":" + id
|
||||
g.SetLinuxCgroupsPath(cgPath)
|
||||
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -26,7 +26,7 @@ import (
|
|||
|
||||
const (
|
||||
runtimeAPIVersion = "v1alpha1"
|
||||
shutdownFile = "/var/lib/ocid/ocid.shutdown"
|
||||
shutdownFile = "/var/lib/crio/crio.shutdown"
|
||||
)
|
||||
|
||||
// streamService implements streaming.Runtime.
|
||||
|
|
@ -87,10 +87,10 @@ func (s *Server) loadContainer(id string) error {
|
|||
return err
|
||||
}
|
||||
labels := make(map[string]string)
|
||||
if err = json.Unmarshal([]byte(m.Annotations["ocid/labels"]), &labels); err != nil {
|
||||
if err = json.Unmarshal([]byte(m.Annotations["crio/labels"]), &labels); err != nil {
|
||||
return err
|
||||
}
|
||||
name := m.Annotations["ocid/name"]
|
||||
name := m.Annotations["crio/name"]
|
||||
name, err = s.reserveContainerName(id, name)
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
@ -103,16 +103,16 @@ func (s *Server) loadContainer(id string) error {
|
|||
}()
|
||||
|
||||
var metadata pb.ContainerMetadata
|
||||
if err = json.Unmarshal([]byte(m.Annotations["ocid/metadata"]), &metadata); err != nil {
|
||||
if err = json.Unmarshal([]byte(m.Annotations["crio/metadata"]), &metadata); err != nil {
|
||||
return err
|
||||
}
|
||||
sb := s.getSandbox(m.Annotations["ocid/sandbox_id"])
|
||||
sb := s.getSandbox(m.Annotations["crio/sandbox_id"])
|
||||
if sb == nil {
|
||||
return fmt.Errorf("could not get sandbox with id %s, skipping", m.Annotations["ocid/sandbox_id"])
|
||||
return fmt.Errorf("could not get sandbox with id %s, skipping", m.Annotations["crio/sandbox_id"])
|
||||
}
|
||||
|
||||
var tty bool
|
||||
if v := m.Annotations["ocid/tty"]; v == "true" {
|
||||
if v := m.Annotations["crio/tty"]; v == "true" {
|
||||
tty = true
|
||||
}
|
||||
containerPath, err := s.store.GetContainerRunDirectory(id)
|
||||
|
|
@ -121,7 +121,7 @@ func (s *Server) loadContainer(id string) error {
|
|||
}
|
||||
|
||||
var img *pb.ImageSpec
|
||||
image, ok := m.Annotations["ocid/image"]
|
||||
image, ok := m.Annotations["crio/image"]
|
||||
if ok {
|
||||
img = &pb.ImageSpec{
|
||||
Image: image,
|
||||
|
|
@ -129,11 +129,11 @@ func (s *Server) loadContainer(id string) error {
|
|||
}
|
||||
|
||||
annotations := make(map[string]string)
|
||||
if err = json.Unmarshal([]byte(m.Annotations["ocid/annotations"]), &annotations); err != nil {
|
||||
if err = json.Unmarshal([]byte(m.Annotations["crio/annotations"]), &annotations); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
ctr, err := oci.NewContainer(id, name, containerPath, m.Annotations["ocid/log_path"], sb.netNs(), labels, annotations, img, &metadata, sb.id, tty, sb.privileged)
|
||||
ctr, err := oci.NewContainer(id, name, containerPath, m.Annotations["crio/log_path"], sb.netNs(), labels, annotations, img, &metadata, sb.id, tty, sb.privileged)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -170,10 +170,10 @@ func (s *Server) loadSandbox(id string) error {
|
|||
return err
|
||||
}
|
||||
labels := make(map[string]string)
|
||||
if err = json.Unmarshal([]byte(m.Annotations["ocid/labels"]), &labels); err != nil {
|
||||
if err = json.Unmarshal([]byte(m.Annotations["crio/labels"]), &labels); err != nil {
|
||||
return err
|
||||
}
|
||||
name := m.Annotations["ocid/name"]
|
||||
name := m.Annotations["crio/name"]
|
||||
name, err = s.reservePodName(id, name)
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
@ -184,7 +184,7 @@ func (s *Server) loadSandbox(id string) error {
|
|||
}
|
||||
}()
|
||||
var metadata pb.PodSandboxMetadata
|
||||
if err = json.Unmarshal([]byte(m.Annotations["ocid/metadata"]), &metadata); err != nil {
|
||||
if err = json.Unmarshal([]byte(m.Annotations["crio/metadata"]), &metadata); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
|
|
@ -194,26 +194,26 @@ func (s *Server) loadSandbox(id string) error {
|
|||
}
|
||||
|
||||
annotations := make(map[string]string)
|
||||
if err = json.Unmarshal([]byte(m.Annotations["ocid/annotations"]), &annotations); err != nil {
|
||||
if err = json.Unmarshal([]byte(m.Annotations["crio/annotations"]), &annotations); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
privileged := m.Annotations["ocid/privileged_runtime"] == "true"
|
||||
privileged := m.Annotations["crio/privileged_runtime"] == "true"
|
||||
|
||||
sb := &sandbox{
|
||||
id: id,
|
||||
name: name,
|
||||
kubeName: m.Annotations["ocid/kube_name"],
|
||||
logDir: filepath.Dir(m.Annotations["ocid/log_path"]),
|
||||
kubeName: m.Annotations["crio/kube_name"],
|
||||
logDir: filepath.Dir(m.Annotations["crio/log_path"]),
|
||||
labels: labels,
|
||||
containers: oci.NewMemoryStore(),
|
||||
processLabel: processLabel,
|
||||
mountLabel: mountLabel,
|
||||
annotations: annotations,
|
||||
metadata: &metadata,
|
||||
shmPath: m.Annotations["ocid/shm_path"],
|
||||
shmPath: m.Annotations["crio/shm_path"],
|
||||
privileged: privileged,
|
||||
resolvPath: m.Annotations["ocid/resolv_path"],
|
||||
resolvPath: m.Annotations["crio/resolv_path"],
|
||||
}
|
||||
|
||||
// We add a netNS only if we can load a permanent one.
|
||||
|
|
@ -244,7 +244,7 @@ func (s *Server) loadSandbox(id string) error {
|
|||
return err
|
||||
}
|
||||
|
||||
cname, err := s.reserveContainerName(m.Annotations["ocid/container_id"], m.Annotations["ocid/container_name"])
|
||||
cname, err := s.reserveContainerName(m.Annotations["crio/container_id"], m.Annotations["crio/container_name"])
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -254,7 +254,7 @@ func (s *Server) loadSandbox(id string) error {
|
|||
}
|
||||
}()
|
||||
|
||||
scontainer, err := oci.NewContainer(m.Annotations["ocid/container_id"], cname, sandboxPath, m.Annotations["ocid/log_path"], sb.netNs(), labels, annotations, nil, nil, id, false, privileged)
|
||||
scontainer, err := oci.NewContainer(m.Annotations["crio/container_id"], cname, sandboxPath, m.Annotations["crio/log_path"], sb.netNs(), labels, annotations, nil, nil, id, false, privileged)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue