pkg/annotations: Export CRI-O annotations namespace
Some runtimes like Clear Containers need to interpret the CRI-O annotations, to distinguish the infra container from the regular one. Here we export those annotations and use a more standard dotted namespace for them. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
This commit is contained in:
Samuel Ortiz
parent
36255b8663
commit
f15859c79f
|
|
@ -0,0 +1,66 @@
|
|||
package annotations
|
||||
|
||||
const (
|
||||
// Annotations carries the received Kubelet annotations
|
||||
Annotations = "io.kubernetes.cri-o.Annotations"
|
||||
|
||||
// ContainerID is the container ID annotation
|
||||
ContainerID = "io.kubernetes.cri-o.ContainerID"
|
||||
|
||||
// ContainerName is the container name annotation
|
||||
ContainerName = "io.kubernetes.cri-o.ContainerName"
|
||||
|
||||
// ContainerType is the container type (sandbox or container) annotation
|
||||
ContainerType = "io.kubernetes.cri-o.ContainerType"
|
||||
|
||||
// Created is the container creation time annotation
|
||||
Created = "io.kubernetes.cri-o.Created"
|
||||
|
||||
// HostName is the container host name annotation
|
||||
HostName = "io.kubernetes.cri-o.HostName"
|
||||
|
||||
// Image is the container image ID annotation
|
||||
Image = "io.kubernetes.cri-o.Image"
|
||||
|
||||
// KubeName is the kubernetes name annotation
|
||||
KubeName = "io.kubernetes.cri-o.KubeName"
|
||||
|
||||
// Labels are the kubernetes labels annotation
|
||||
Labels = "io.kubernetes.cri-o.Labels"
|
||||
|
||||
// LogPath is the container logging path annotation
|
||||
LogPath = "io.kubernetes.cri-o.LogPath"
|
||||
|
||||
// Metadata is the container metadata annotation
|
||||
Metadata = "io.kubernetes.cri-o.Metadata"
|
||||
|
||||
// Name is the pod name annotation
|
||||
Name = "io.kubernetes.cri-o.Name"
|
||||
|
||||
// PrivilegedRuntime is the annotation for the privileged runtime path
|
||||
PrivilegedRuntime = "io.kubernetes.cri-o.PrivilegedRuntime"
|
||||
|
||||
// ResolvPath is the resolver configuration path annotation
|
||||
ResolvPath = "io.kubernetes.cri-o.ResolvPath"
|
||||
|
||||
// SandboxID is the sandbox ID annotation
|
||||
SandboxID = "io.kubernetes.cri-o.SandboxID"
|
||||
|
||||
// SandboxName is the sandbox name annotation
|
||||
SandboxName = "io.kubernetes.cri-o.SandboxName"
|
||||
|
||||
// ShmPath is the shared memory path annotation
|
||||
ShmPath = "io.kubernetes.cri-o.ShmPath"
|
||||
|
||||
// TTY is the terminal path annotation
|
||||
TTY = "io.kubernetes.cri-o.TTY"
|
||||
)
|
||||
|
||||
// ContainerType values
|
||||
const (
|
||||
// ContainerTypeSandbox represents a pod sandbox container
|
||||
ContainerTypeSandbox = "sandbox"
|
||||
|
||||
// ContainerTypeContainer represents a container running within a pod
|
||||
ContainerTypeContainer = "container"
|
||||
)
|
||||
|
|
@ -6,13 +6,6 @@ import (
|
|||
"github.com/kubernetes-incubator/cri-o/oci"
|
||||
)
|
||||
|
||||
const (
|
||||
// containerTypeSandbox represents a pod sandbox container
|
||||
containerTypeSandbox = "sandbox"
|
||||
// containerTypeContainer represents a container running within a pod
|
||||
containerTypeContainer = "container"
|
||||
)
|
||||
|
||||
func (s *Server) getContainerFromRequest(cid string) (*oci.Container, error) {
|
||||
if cid == "" {
|
||||
return nil, fmt.Errorf("container ID should not be empty")
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ import (
|
|||
"github.com/docker/docker/pkg/stringid"
|
||||
"github.com/docker/docker/pkg/symlink"
|
||||
"github.com/kubernetes-incubator/cri-o/oci"
|
||||
"github.com/kubernetes-incubator/cri-o/pkg/annotations"
|
||||
"github.com/kubernetes-incubator/cri-o/server/apparmor"
|
||||
"github.com/kubernetes-incubator/cri-o/server/seccomp"
|
||||
"github.com/opencontainers/image-spec/specs-go/v1"
|
||||
|
|
@ -348,9 +349,9 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
|
|||
|
||||
metadata := containerConfig.GetMetadata()
|
||||
|
||||
annotations := containerConfig.GetAnnotations()
|
||||
if annotations != nil {
|
||||
for k, v := range annotations {
|
||||
kubeAnnotations := containerConfig.GetAnnotations()
|
||||
if kubeAnnotations != nil {
|
||||
for k, v := range kubeAnnotations {
|
||||
specgen.AddAnnotation(k, v)
|
||||
}
|
||||
}
|
||||
|
|
@ -543,34 +544,34 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
|
|||
specgen.SetHostname(sb.hostname)
|
||||
}
|
||||
|
||||
specgen.AddAnnotation("crio/name", containerName)
|
||||
specgen.AddAnnotation("crio/sandbox_id", sb.id)
|
||||
specgen.AddAnnotation("crio/sandbox_name", sb.infraContainer.Name())
|
||||
specgen.AddAnnotation("crio/container_type", containerTypeContainer)
|
||||
specgen.AddAnnotation("crio/log_path", logPath)
|
||||
specgen.AddAnnotation("crio/tty", fmt.Sprintf("%v", containerConfig.Tty))
|
||||
specgen.AddAnnotation("crio/image", image)
|
||||
specgen.AddAnnotation(annotations.Name, containerName)
|
||||
specgen.AddAnnotation(annotations.SandboxID, sb.id)
|
||||
specgen.AddAnnotation(annotations.SandboxName, sb.infraContainer.Name())
|
||||
specgen.AddAnnotation(annotations.ContainerType, annotations.ContainerTypeContainer)
|
||||
specgen.AddAnnotation(annotations.LogPath, logPath)
|
||||
specgen.AddAnnotation(annotations.TTY, fmt.Sprintf("%v", containerConfig.Tty))
|
||||
specgen.AddAnnotation(annotations.Image, image)
|
||||
|
||||
created := time.Now()
|
||||
specgen.AddAnnotation("crio/created", created.Format(time.RFC3339Nano))
|
||||
specgen.AddAnnotation(annotations.Created, created.Format(time.RFC3339Nano))
|
||||
|
||||
metadataJSON, err := json.Marshal(metadata)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
specgen.AddAnnotation("crio/metadata", string(metadataJSON))
|
||||
specgen.AddAnnotation(annotations.Metadata, string(metadataJSON))
|
||||
|
||||
labelsJSON, err := json.Marshal(labels)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
specgen.AddAnnotation("crio/labels", string(labelsJSON))
|
||||
specgen.AddAnnotation(annotations.Labels, string(labelsJSON))
|
||||
|
||||
annotationsJSON, err := json.Marshal(annotations)
|
||||
kubeAnnotationsJSON, err := json.Marshal(kubeAnnotations)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
specgen.AddAnnotation("crio/annotations", string(annotationsJSON))
|
||||
specgen.AddAnnotation(annotations.Annotations, string(kubeAnnotationsJSON))
|
||||
|
||||
if err = s.setupSeccomp(&specgen, containerName, sb.annotations); err != nil {
|
||||
return nil, err
|
||||
|
|
@ -675,7 +676,7 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
|
|||
return nil, err
|
||||
}
|
||||
|
||||
container, err := oci.NewContainer(containerID, containerName, containerInfo.RunDir, logPath, sb.netNs(), labels, annotations, imageSpec, metadata, sb.id, containerConfig.Tty, sb.privileged, containerInfo.Dir, created, containerImageConfig.Config.StopSignal)
|
||||
container, err := oci.NewContainer(containerID, containerName, containerInfo.RunDir, logPath, sb.netNs(), labels, kubeAnnotations, imageSpec, metadata, sb.id, containerConfig.Tty, sb.privileged, containerInfo.Dir, created, containerImageConfig.Config.StopSignal)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -14,6 +14,7 @@ import (
|
|||
"github.com/Sirupsen/logrus"
|
||||
"github.com/containers/storage"
|
||||
"github.com/kubernetes-incubator/cri-o/oci"
|
||||
"github.com/kubernetes-incubator/cri-o/pkg/annotations"
|
||||
"github.com/opencontainers/runc/libcontainer/cgroups/systemd"
|
||||
"github.com/opencontainers/runtime-tools/generate"
|
||||
"github.com/opencontainers/selinux/go-selinux/label"
|
||||
|
|
@ -203,8 +204,8 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
|
|||
}
|
||||
|
||||
// add annotations
|
||||
annotations := req.GetConfig().GetAnnotations()
|
||||
annotationsJSON, err := json.Marshal(annotations)
|
||||
kubeAnnotations := req.GetConfig().GetAnnotations()
|
||||
kubeAnnotationsJSON, err := json.Marshal(kubeAnnotations)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -276,27 +277,27 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
|
|||
}
|
||||
|
||||
privileged := s.privilegedSandbox(req)
|
||||
g.AddAnnotation("crio/metadata", string(metadataJSON))
|
||||
g.AddAnnotation("crio/labels", string(labelsJSON))
|
||||
g.AddAnnotation("crio/annotations", string(annotationsJSON))
|
||||
g.AddAnnotation("crio/log_path", logPath)
|
||||
g.AddAnnotation("crio/name", name)
|
||||
g.AddAnnotation("crio/container_type", containerTypeSandbox)
|
||||
g.AddAnnotation("crio/sandbox_id", id)
|
||||
g.AddAnnotation("crio/container_name", containerName)
|
||||
g.AddAnnotation("crio/container_id", id)
|
||||
g.AddAnnotation("crio/shm_path", shmPath)
|
||||
g.AddAnnotation("crio/privileged_runtime", fmt.Sprintf("%v", privileged))
|
||||
g.AddAnnotation("crio/resolv_path", resolvPath)
|
||||
g.AddAnnotation("crio/hostname", hostname)
|
||||
g.AddAnnotation("crio/kube_name", kubeName)
|
||||
g.AddAnnotation(annotations.Metadata, string(metadataJSON))
|
||||
g.AddAnnotation(annotations.Labels, string(labelsJSON))
|
||||
g.AddAnnotation(annotations.Annotations, string(kubeAnnotationsJSON))
|
||||
g.AddAnnotation(annotations.LogPath, logPath)
|
||||
g.AddAnnotation(annotations.Name, name)
|
||||
g.AddAnnotation(annotations.ContainerType, annotations.ContainerTypeSandbox)
|
||||
g.AddAnnotation(annotations.SandboxID, id)
|
||||
g.AddAnnotation(annotations.ContainerName, containerName)
|
||||
g.AddAnnotation(annotations.ContainerID, id)
|
||||
g.AddAnnotation(annotations.ShmPath, shmPath)
|
||||
g.AddAnnotation(annotations.PrivilegedRuntime, fmt.Sprintf("%v", privileged))
|
||||
g.AddAnnotation(annotations.ResolvPath, resolvPath)
|
||||
g.AddAnnotation(annotations.HostName, hostname)
|
||||
g.AddAnnotation(annotations.KubeName, kubeName)
|
||||
if podContainer.Config.Config.StopSignal != "" {
|
||||
// this key is defined in image-spec conversion document at https://github.com/opencontainers/image-spec/pull/492/files#diff-8aafbe2c3690162540381b8cdb157112R57
|
||||
g.AddAnnotation("org.opencontainers.image.stopSignal", podContainer.Config.Config.StopSignal)
|
||||
}
|
||||
|
||||
created := time.Now()
|
||||
g.AddAnnotation("crio/created", created.Format(time.RFC3339Nano))
|
||||
g.AddAnnotation(annotations.Created, created.Format(time.RFC3339Nano))
|
||||
|
||||
sb := &sandbox{
|
||||
id: id,
|
||||
|
|
@ -305,7 +306,7 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
|
|||
kubeName: kubeName,
|
||||
logDir: logDir,
|
||||
labels: labels,
|
||||
annotations: annotations,
|
||||
annotations: kubeAnnotations,
|
||||
containers: oci.NewMemoryStore(),
|
||||
processLabel: processLabel,
|
||||
mountLabel: mountLabel,
|
||||
|
|
@ -335,12 +336,12 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
|
|||
}
|
||||
}()
|
||||
|
||||
for k, v := range annotations {
|
||||
for k, v := range kubeAnnotations {
|
||||
g.AddAnnotation(k, v)
|
||||
}
|
||||
|
||||
// extract linux sysctls from annotations and pass down to oci runtime
|
||||
safe, unsafe, err := SysctlsFromPodAnnotations(annotations)
|
||||
safe, unsafe, err := SysctlsFromPodAnnotations(kubeAnnotations)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
@ -437,7 +438,7 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
|
|||
return nil, fmt.Errorf("failed to write runtime configuration for pod sandbox %s(%s): %v", sb.name, id, err)
|
||||
}
|
||||
|
||||
container, err := oci.NewContainer(id, containerName, podContainer.RunDir, logPath, sb.netNs(), labels, annotations, nil, nil, id, false, sb.privileged, podContainer.Dir, created, podContainer.Config.Config.StopSignal)
|
||||
container, err := oci.NewContainer(id, containerName, podContainer.RunDir, logPath, sb.netNs(), labels, kubeAnnotations, nil, nil, id, false, sb.privileged, podContainer.Dir, created, podContainer.Config.Config.StopSignal)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ import (
|
|||
"github.com/docker/docker/pkg/registrar"
|
||||
"github.com/docker/docker/pkg/truncindex"
|
||||
"github.com/kubernetes-incubator/cri-o/oci"
|
||||
"github.com/kubernetes-incubator/cri-o/pkg/annotations"
|
||||
"github.com/kubernetes-incubator/cri-o/pkg/ocicni"
|
||||
"github.com/kubernetes-incubator/cri-o/pkg/storage"
|
||||
"github.com/kubernetes-incubator/cri-o/server/apparmor"
|
||||
|
|
@ -89,10 +90,10 @@ func (s *Server) loadContainer(id string) error {
|
|||
return err
|
||||
}
|
||||
labels := make(map[string]string)
|
||||
if err = json.Unmarshal([]byte(m.Annotations["crio/labels"]), &labels); err != nil {
|
||||
if err = json.Unmarshal([]byte(m.Annotations[annotations.Labels]), &labels); err != nil {
|
||||
return err
|
||||
}
|
||||
name := m.Annotations["crio/name"]
|
||||
name := m.Annotations[annotations.Name]
|
||||
name, err = s.reserveContainerName(id, name)
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
@ -105,16 +106,16 @@ func (s *Server) loadContainer(id string) error {
|
|||
}()
|
||||
|
||||
var metadata pb.ContainerMetadata
|
||||
if err = json.Unmarshal([]byte(m.Annotations["crio/metadata"]), &metadata); err != nil {
|
||||
if err = json.Unmarshal([]byte(m.Annotations[annotations.Metadata]), &metadata); err != nil {
|
||||
return err
|
||||
}
|
||||
sb := s.getSandbox(m.Annotations["crio/sandbox_id"])
|
||||
sb := s.getSandbox(m.Annotations[annotations.SandboxID])
|
||||
if sb == nil {
|
||||
return fmt.Errorf("could not get sandbox with id %s, skipping", m.Annotations["crio/sandbox_id"])
|
||||
return fmt.Errorf("could not get sandbox with id %s, skipping", m.Annotations[annotations.SandboxID])
|
||||
}
|
||||
|
||||
var tty bool
|
||||
if v := m.Annotations["crio/tty"]; v == "true" {
|
||||
if v := m.Annotations[annotations.TTY]; v == "true" {
|
||||
tty = true
|
||||
}
|
||||
containerPath, err := s.store.ContainerRunDirectory(id)
|
||||
|
|
@ -128,24 +129,24 @@ func (s *Server) loadContainer(id string) error {
|
|||
}
|
||||
|
||||
var img *pb.ImageSpec
|
||||
image, ok := m.Annotations["crio/image"]
|
||||
image, ok := m.Annotations[annotations.Image]
|
||||
if ok {
|
||||
img = &pb.ImageSpec{
|
||||
Image: image,
|
||||
}
|
||||
}
|
||||
|
||||
annotations := make(map[string]string)
|
||||
if err = json.Unmarshal([]byte(m.Annotations["crio/annotations"]), &annotations); err != nil {
|
||||
kubeAnnotations := make(map[string]string)
|
||||
if err = json.Unmarshal([]byte(m.Annotations[annotations.Annotations]), &kubeAnnotations); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
created, err := time.Parse(time.RFC3339Nano, m.Annotations["crio/created"])
|
||||
created, err := time.Parse(time.RFC3339Nano, m.Annotations[annotations.Created])
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
ctr, err := oci.NewContainer(id, name, containerPath, m.Annotations["crio/log_path"], sb.netNs(), labels, annotations, img, &metadata, sb.id, tty, sb.privileged, containerDir, created, m.Annotations["org.opencontainers.image.stopSignal"])
|
||||
ctr, err := oci.NewContainer(id, name, containerPath, m.Annotations[annotations.LogPath], sb.netNs(), labels, kubeAnnotations, img, &metadata, sb.id, tty, sb.privileged, containerDir, created, m.Annotations["org.opencontainers.image.stopSignal"])
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -207,10 +208,10 @@ func (s *Server) loadSandbox(id string) error {
|
|||
return err
|
||||
}
|
||||
labels := make(map[string]string)
|
||||
if err = json.Unmarshal([]byte(m.Annotations["crio/labels"]), &labels); err != nil {
|
||||
if err = json.Unmarshal([]byte(m.Annotations[annotations.Labels]), &labels); err != nil {
|
||||
return err
|
||||
}
|
||||
name := m.Annotations["crio/name"]
|
||||
name := m.Annotations[annotations.Name]
|
||||
name, err = s.reservePodName(id, name)
|
||||
if err != nil {
|
||||
return err
|
||||
|
|
@ -221,7 +222,7 @@ func (s *Server) loadSandbox(id string) error {
|
|||
}
|
||||
}()
|
||||
var metadata pb.PodSandboxMetadata
|
||||
if err = json.Unmarshal([]byte(m.Annotations["crio/metadata"]), &metadata); err != nil {
|
||||
if err = json.Unmarshal([]byte(m.Annotations[annotations.Metadata]), &metadata); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
|
|
@ -230,27 +231,27 @@ func (s *Server) loadSandbox(id string) error {
|
|||
return err
|
||||
}
|
||||
|
||||
annotations := make(map[string]string)
|
||||
if err = json.Unmarshal([]byte(m.Annotations["crio/annotations"]), &annotations); err != nil {
|
||||
kubeAnnotations := make(map[string]string)
|
||||
if err = json.Unmarshal([]byte(m.Annotations[annotations.Annotations]), &kubeAnnotations); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
privileged := m.Annotations["crio/privileged_runtime"] == "true"
|
||||
privileged := m.Annotations[annotations.PrivilegedRuntime] == "true"
|
||||
|
||||
sb := &sandbox{
|
||||
id: id,
|
||||
name: name,
|
||||
kubeName: m.Annotations["crio/kube_name"],
|
||||
logDir: filepath.Dir(m.Annotations["crio/log_path"]),
|
||||
kubeName: m.Annotations[annotations.KubeName],
|
||||
logDir: filepath.Dir(m.Annotations[annotations.LogPath]),
|
||||
labels: labels,
|
||||
containers: oci.NewMemoryStore(),
|
||||
processLabel: processLabel,
|
||||
mountLabel: mountLabel,
|
||||
annotations: annotations,
|
||||
annotations: kubeAnnotations,
|
||||
metadata: &metadata,
|
||||
shmPath: m.Annotations["crio/shm_path"],
|
||||
shmPath: m.Annotations[annotations.ShmPath],
|
||||
privileged: privileged,
|
||||
resolvPath: m.Annotations["crio/resolv_path"],
|
||||
resolvPath: m.Annotations[annotations.ResolvPath],
|
||||
}
|
||||
|
||||
// We add a netNS only if we can load a permanent one.
|
||||
|
|
@ -286,7 +287,7 @@ func (s *Server) loadSandbox(id string) error {
|
|||
return err
|
||||
}
|
||||
|
||||
cname, err := s.reserveContainerName(m.Annotations["crio/container_id"], m.Annotations["crio/container_name"])
|
||||
cname, err := s.reserveContainerName(m.Annotations[annotations.ContainerID], m.Annotations[annotations.ContainerName])
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
@ -296,12 +297,12 @@ func (s *Server) loadSandbox(id string) error {
|
|||
}
|
||||
}()
|
||||
|
||||
created, err := time.Parse(time.RFC3339Nano, m.Annotations["crio/created"])
|
||||
created, err := time.Parse(time.RFC3339Nano, m.Annotations[annotations.Created])
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
scontainer, err := oci.NewContainer(m.Annotations["crio/container_id"], cname, sandboxPath, m.Annotations["crio/log_path"], sb.netNs(), labels, annotations, nil, nil, id, false, privileged, sandboxDir, created, m.Annotations["org.opencontainers.image.stopSignal"])
|
||||
scontainer, err := oci.NewContainer(m.Annotations[annotations.ContainerID], cname, sandboxPath, m.Annotations[annotations.LogPath], sb.netNs(), labels, kubeAnnotations, nil, nil, id, false, privileged, sandboxDir, created, m.Annotations["org.opencontainers.image.stopSignal"])
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue