From f15859c79feec34e615fcd59b3a23470536f77f9 Mon Sep 17 00:00:00 2001 From: Samuel Ortiz Date: Thu, 1 Jun 2017 18:40:33 +0200 Subject: [PATCH] pkg/annotations: Export CRI-O annotations namespace Some runtimes like Clear Containers need to interpret the CRI-O annotations, to distinguish the infra container from the regular one. Here we export those annotations and use a more standard dotted namespace for them. Signed-off-by: Samuel Ortiz --- pkg/annotations/annotations.go | 66 ++++++++++++++++++++++++++++++++++ server/container.go | 7 ---- server/container_create.go | 33 ++++++++--------- server/sandbox_run.go | 43 +++++++++++----------- server/server.go | 51 +++++++++++++------------- 5 files changed, 131 insertions(+), 69 deletions(-) create mode 100644 pkg/annotations/annotations.go diff --git a/pkg/annotations/annotations.go b/pkg/annotations/annotations.go new file mode 100644 index 00000000..5f85a204 --- /dev/null +++ b/pkg/annotations/annotations.go @@ -0,0 +1,66 @@ +package annotations + +const ( + // Annotations carries the received Kubelet annotations + Annotations = "io.kubernetes.cri-o.Annotations" + + // ContainerID is the container ID annotation + ContainerID = "io.kubernetes.cri-o.ContainerID" + + // ContainerName is the container name annotation + ContainerName = "io.kubernetes.cri-o.ContainerName" + + // ContainerType is the container type (sandbox or container) annotation + ContainerType = "io.kubernetes.cri-o.ContainerType" + + // Created is the container creation time annotation + Created = "io.kubernetes.cri-o.Created" + + // HostName is the container host name annotation + HostName = "io.kubernetes.cri-o.HostName" + + // Image is the container image ID annotation + Image = "io.kubernetes.cri-o.Image" + + // KubeName is the kubernetes name annotation + KubeName = "io.kubernetes.cri-o.KubeName" + + // Labels are the kubernetes labels annotation + Labels = "io.kubernetes.cri-o.Labels" + + // LogPath is the container logging path annotation + LogPath = "io.kubernetes.cri-o.LogPath" + + // Metadata is the container metadata annotation + Metadata = "io.kubernetes.cri-o.Metadata" + + // Name is the pod name annotation + Name = "io.kubernetes.cri-o.Name" + + // PrivilegedRuntime is the annotation for the privileged runtime path + PrivilegedRuntime = "io.kubernetes.cri-o.PrivilegedRuntime" + + // ResolvPath is the resolver configuration path annotation + ResolvPath = "io.kubernetes.cri-o.ResolvPath" + + // SandboxID is the sandbox ID annotation + SandboxID = "io.kubernetes.cri-o.SandboxID" + + // SandboxName is the sandbox name annotation + SandboxName = "io.kubernetes.cri-o.SandboxName" + + // ShmPath is the shared memory path annotation + ShmPath = "io.kubernetes.cri-o.ShmPath" + + // TTY is the terminal path annotation + TTY = "io.kubernetes.cri-o.TTY" +) + +// ContainerType values +const ( + // ContainerTypeSandbox represents a pod sandbox container + ContainerTypeSandbox = "sandbox" + + // ContainerTypeContainer represents a container running within a pod + ContainerTypeContainer = "container" +) diff --git a/server/container.go b/server/container.go index 96cfe517..1a10cfa4 100644 --- a/server/container.go +++ b/server/container.go @@ -6,13 +6,6 @@ import ( "github.com/kubernetes-incubator/cri-o/oci" ) -const ( - // containerTypeSandbox represents a pod sandbox container - containerTypeSandbox = "sandbox" - // containerTypeContainer represents a container running within a pod - containerTypeContainer = "container" -) - func (s *Server) getContainerFromRequest(cid string) (*oci.Container, error) { if cid == "" { return nil, fmt.Errorf("container ID should not be empty") diff --git a/server/container_create.go b/server/container_create.go index 263443bd..afa46704 100644 --- a/server/container_create.go +++ b/server/container_create.go @@ -16,6 +16,7 @@ import ( "github.com/docker/docker/pkg/stringid" "github.com/docker/docker/pkg/symlink" "github.com/kubernetes-incubator/cri-o/oci" + "github.com/kubernetes-incubator/cri-o/pkg/annotations" "github.com/kubernetes-incubator/cri-o/server/apparmor" "github.com/kubernetes-incubator/cri-o/server/seccomp" "github.com/opencontainers/image-spec/specs-go/v1" @@ -348,9 +349,9 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string, metadata := containerConfig.GetMetadata() - annotations := containerConfig.GetAnnotations() - if annotations != nil { - for k, v := range annotations { + kubeAnnotations := containerConfig.GetAnnotations() + if kubeAnnotations != nil { + for k, v := range kubeAnnotations { specgen.AddAnnotation(k, v) } } @@ -543,34 +544,34 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string, specgen.SetHostname(sb.hostname) } - specgen.AddAnnotation("crio/name", containerName) - specgen.AddAnnotation("crio/sandbox_id", sb.id) - specgen.AddAnnotation("crio/sandbox_name", sb.infraContainer.Name()) - specgen.AddAnnotation("crio/container_type", containerTypeContainer) - specgen.AddAnnotation("crio/log_path", logPath) - specgen.AddAnnotation("crio/tty", fmt.Sprintf("%v", containerConfig.Tty)) - specgen.AddAnnotation("crio/image", image) + specgen.AddAnnotation(annotations.Name, containerName) + specgen.AddAnnotation(annotations.SandboxID, sb.id) + specgen.AddAnnotation(annotations.SandboxName, sb.infraContainer.Name()) + specgen.AddAnnotation(annotations.ContainerType, annotations.ContainerTypeContainer) + specgen.AddAnnotation(annotations.LogPath, logPath) + specgen.AddAnnotation(annotations.TTY, fmt.Sprintf("%v", containerConfig.Tty)) + specgen.AddAnnotation(annotations.Image, image) created := time.Now() - specgen.AddAnnotation("crio/created", created.Format(time.RFC3339Nano)) + specgen.AddAnnotation(annotations.Created, created.Format(time.RFC3339Nano)) metadataJSON, err := json.Marshal(metadata) if err != nil { return nil, err } - specgen.AddAnnotation("crio/metadata", string(metadataJSON)) + specgen.AddAnnotation(annotations.Metadata, string(metadataJSON)) labelsJSON, err := json.Marshal(labels) if err != nil { return nil, err } - specgen.AddAnnotation("crio/labels", string(labelsJSON)) + specgen.AddAnnotation(annotations.Labels, string(labelsJSON)) - annotationsJSON, err := json.Marshal(annotations) + kubeAnnotationsJSON, err := json.Marshal(kubeAnnotations) if err != nil { return nil, err } - specgen.AddAnnotation("crio/annotations", string(annotationsJSON)) + specgen.AddAnnotation(annotations.Annotations, string(kubeAnnotationsJSON)) if err = s.setupSeccomp(&specgen, containerName, sb.annotations); err != nil { return nil, err @@ -675,7 +676,7 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string, return nil, err } - container, err := oci.NewContainer(containerID, containerName, containerInfo.RunDir, logPath, sb.netNs(), labels, annotations, imageSpec, metadata, sb.id, containerConfig.Tty, sb.privileged, containerInfo.Dir, created, containerImageConfig.Config.StopSignal) + container, err := oci.NewContainer(containerID, containerName, containerInfo.RunDir, logPath, sb.netNs(), labels, kubeAnnotations, imageSpec, metadata, sb.id, containerConfig.Tty, sb.privileged, containerInfo.Dir, created, containerImageConfig.Config.StopSignal) if err != nil { return nil, err } diff --git a/server/sandbox_run.go b/server/sandbox_run.go index 6d1135dd..dd9379ed 100644 --- a/server/sandbox_run.go +++ b/server/sandbox_run.go @@ -14,6 +14,7 @@ import ( "github.com/Sirupsen/logrus" "github.com/containers/storage" "github.com/kubernetes-incubator/cri-o/oci" + "github.com/kubernetes-incubator/cri-o/pkg/annotations" "github.com/opencontainers/runc/libcontainer/cgroups/systemd" "github.com/opencontainers/runtime-tools/generate" "github.com/opencontainers/selinux/go-selinux/label" @@ -203,8 +204,8 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest } // add annotations - annotations := req.GetConfig().GetAnnotations() - annotationsJSON, err := json.Marshal(annotations) + kubeAnnotations := req.GetConfig().GetAnnotations() + kubeAnnotationsJSON, err := json.Marshal(kubeAnnotations) if err != nil { return nil, err } @@ -276,27 +277,27 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest } privileged := s.privilegedSandbox(req) - g.AddAnnotation("crio/metadata", string(metadataJSON)) - g.AddAnnotation("crio/labels", string(labelsJSON)) - g.AddAnnotation("crio/annotations", string(annotationsJSON)) - g.AddAnnotation("crio/log_path", logPath) - g.AddAnnotation("crio/name", name) - g.AddAnnotation("crio/container_type", containerTypeSandbox) - g.AddAnnotation("crio/sandbox_id", id) - g.AddAnnotation("crio/container_name", containerName) - g.AddAnnotation("crio/container_id", id) - g.AddAnnotation("crio/shm_path", shmPath) - g.AddAnnotation("crio/privileged_runtime", fmt.Sprintf("%v", privileged)) - g.AddAnnotation("crio/resolv_path", resolvPath) - g.AddAnnotation("crio/hostname", hostname) - g.AddAnnotation("crio/kube_name", kubeName) + g.AddAnnotation(annotations.Metadata, string(metadataJSON)) + g.AddAnnotation(annotations.Labels, string(labelsJSON)) + g.AddAnnotation(annotations.Annotations, string(kubeAnnotationsJSON)) + g.AddAnnotation(annotations.LogPath, logPath) + g.AddAnnotation(annotations.Name, name) + g.AddAnnotation(annotations.ContainerType, annotations.ContainerTypeSandbox) + g.AddAnnotation(annotations.SandboxID, id) + g.AddAnnotation(annotations.ContainerName, containerName) + g.AddAnnotation(annotations.ContainerID, id) + g.AddAnnotation(annotations.ShmPath, shmPath) + g.AddAnnotation(annotations.PrivilegedRuntime, fmt.Sprintf("%v", privileged)) + g.AddAnnotation(annotations.ResolvPath, resolvPath) + g.AddAnnotation(annotations.HostName, hostname) + g.AddAnnotation(annotations.KubeName, kubeName) if podContainer.Config.Config.StopSignal != "" { // this key is defined in image-spec conversion document at https://github.com/opencontainers/image-spec/pull/492/files#diff-8aafbe2c3690162540381b8cdb157112R57 g.AddAnnotation("org.opencontainers.image.stopSignal", podContainer.Config.Config.StopSignal) } created := time.Now() - g.AddAnnotation("crio/created", created.Format(time.RFC3339Nano)) + g.AddAnnotation(annotations.Created, created.Format(time.RFC3339Nano)) sb := &sandbox{ id: id, @@ -305,7 +306,7 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest kubeName: kubeName, logDir: logDir, labels: labels, - annotations: annotations, + annotations: kubeAnnotations, containers: oci.NewMemoryStore(), processLabel: processLabel, mountLabel: mountLabel, @@ -335,12 +336,12 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest } }() - for k, v := range annotations { + for k, v := range kubeAnnotations { g.AddAnnotation(k, v) } // extract linux sysctls from annotations and pass down to oci runtime - safe, unsafe, err := SysctlsFromPodAnnotations(annotations) + safe, unsafe, err := SysctlsFromPodAnnotations(kubeAnnotations) if err != nil { return nil, err } @@ -437,7 +438,7 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest return nil, fmt.Errorf("failed to write runtime configuration for pod sandbox %s(%s): %v", sb.name, id, err) } - container, err := oci.NewContainer(id, containerName, podContainer.RunDir, logPath, sb.netNs(), labels, annotations, nil, nil, id, false, sb.privileged, podContainer.Dir, created, podContainer.Config.Config.StopSignal) + container, err := oci.NewContainer(id, containerName, podContainer.RunDir, logPath, sb.netNs(), labels, kubeAnnotations, nil, nil, id, false, sb.privileged, podContainer.Dir, created, podContainer.Config.Config.StopSignal) if err != nil { return nil, err } diff --git a/server/server.go b/server/server.go index 53e91d7c..4961e493 100644 --- a/server/server.go +++ b/server/server.go @@ -16,6 +16,7 @@ import ( "github.com/docker/docker/pkg/registrar" "github.com/docker/docker/pkg/truncindex" "github.com/kubernetes-incubator/cri-o/oci" + "github.com/kubernetes-incubator/cri-o/pkg/annotations" "github.com/kubernetes-incubator/cri-o/pkg/ocicni" "github.com/kubernetes-incubator/cri-o/pkg/storage" "github.com/kubernetes-incubator/cri-o/server/apparmor" @@ -89,10 +90,10 @@ func (s *Server) loadContainer(id string) error { return err } labels := make(map[string]string) - if err = json.Unmarshal([]byte(m.Annotations["crio/labels"]), &labels); err != nil { + if err = json.Unmarshal([]byte(m.Annotations[annotations.Labels]), &labels); err != nil { return err } - name := m.Annotations["crio/name"] + name := m.Annotations[annotations.Name] name, err = s.reserveContainerName(id, name) if err != nil { return err @@ -105,16 +106,16 @@ func (s *Server) loadContainer(id string) error { }() var metadata pb.ContainerMetadata - if err = json.Unmarshal([]byte(m.Annotations["crio/metadata"]), &metadata); err != nil { + if err = json.Unmarshal([]byte(m.Annotations[annotations.Metadata]), &metadata); err != nil { return err } - sb := s.getSandbox(m.Annotations["crio/sandbox_id"]) + sb := s.getSandbox(m.Annotations[annotations.SandboxID]) if sb == nil { - return fmt.Errorf("could not get sandbox with id %s, skipping", m.Annotations["crio/sandbox_id"]) + return fmt.Errorf("could not get sandbox with id %s, skipping", m.Annotations[annotations.SandboxID]) } var tty bool - if v := m.Annotations["crio/tty"]; v == "true" { + if v := m.Annotations[annotations.TTY]; v == "true" { tty = true } containerPath, err := s.store.ContainerRunDirectory(id) @@ -128,24 +129,24 @@ func (s *Server) loadContainer(id string) error { } var img *pb.ImageSpec - image, ok := m.Annotations["crio/image"] + image, ok := m.Annotations[annotations.Image] if ok { img = &pb.ImageSpec{ Image: image, } } - annotations := make(map[string]string) - if err = json.Unmarshal([]byte(m.Annotations["crio/annotations"]), &annotations); err != nil { + kubeAnnotations := make(map[string]string) + if err = json.Unmarshal([]byte(m.Annotations[annotations.Annotations]), &kubeAnnotations); err != nil { return err } - created, err := time.Parse(time.RFC3339Nano, m.Annotations["crio/created"]) + created, err := time.Parse(time.RFC3339Nano, m.Annotations[annotations.Created]) if err != nil { return err } - ctr, err := oci.NewContainer(id, name, containerPath, m.Annotations["crio/log_path"], sb.netNs(), labels, annotations, img, &metadata, sb.id, tty, sb.privileged, containerDir, created, m.Annotations["org.opencontainers.image.stopSignal"]) + ctr, err := oci.NewContainer(id, name, containerPath, m.Annotations[annotations.LogPath], sb.netNs(), labels, kubeAnnotations, img, &metadata, sb.id, tty, sb.privileged, containerDir, created, m.Annotations["org.opencontainers.image.stopSignal"]) if err != nil { return err } @@ -207,10 +208,10 @@ func (s *Server) loadSandbox(id string) error { return err } labels := make(map[string]string) - if err = json.Unmarshal([]byte(m.Annotations["crio/labels"]), &labels); err != nil { + if err = json.Unmarshal([]byte(m.Annotations[annotations.Labels]), &labels); err != nil { return err } - name := m.Annotations["crio/name"] + name := m.Annotations[annotations.Name] name, err = s.reservePodName(id, name) if err != nil { return err @@ -221,7 +222,7 @@ func (s *Server) loadSandbox(id string) error { } }() var metadata pb.PodSandboxMetadata - if err = json.Unmarshal([]byte(m.Annotations["crio/metadata"]), &metadata); err != nil { + if err = json.Unmarshal([]byte(m.Annotations[annotations.Metadata]), &metadata); err != nil { return err } @@ -230,27 +231,27 @@ func (s *Server) loadSandbox(id string) error { return err } - annotations := make(map[string]string) - if err = json.Unmarshal([]byte(m.Annotations["crio/annotations"]), &annotations); err != nil { + kubeAnnotations := make(map[string]string) + if err = json.Unmarshal([]byte(m.Annotations[annotations.Annotations]), &kubeAnnotations); err != nil { return err } - privileged := m.Annotations["crio/privileged_runtime"] == "true" + privileged := m.Annotations[annotations.PrivilegedRuntime] == "true" sb := &sandbox{ id: id, name: name, - kubeName: m.Annotations["crio/kube_name"], - logDir: filepath.Dir(m.Annotations["crio/log_path"]), + kubeName: m.Annotations[annotations.KubeName], + logDir: filepath.Dir(m.Annotations[annotations.LogPath]), labels: labels, containers: oci.NewMemoryStore(), processLabel: processLabel, mountLabel: mountLabel, - annotations: annotations, + annotations: kubeAnnotations, metadata: &metadata, - shmPath: m.Annotations["crio/shm_path"], + shmPath: m.Annotations[annotations.ShmPath], privileged: privileged, - resolvPath: m.Annotations["crio/resolv_path"], + resolvPath: m.Annotations[annotations.ResolvPath], } // We add a netNS only if we can load a permanent one. @@ -286,7 +287,7 @@ func (s *Server) loadSandbox(id string) error { return err } - cname, err := s.reserveContainerName(m.Annotations["crio/container_id"], m.Annotations["crio/container_name"]) + cname, err := s.reserveContainerName(m.Annotations[annotations.ContainerID], m.Annotations[annotations.ContainerName]) if err != nil { return err } @@ -296,12 +297,12 @@ func (s *Server) loadSandbox(id string) error { } }() - created, err := time.Parse(time.RFC3339Nano, m.Annotations["crio/created"]) + created, err := time.Parse(time.RFC3339Nano, m.Annotations[annotations.Created]) if err != nil { return err } - scontainer, err := oci.NewContainer(m.Annotations["crio/container_id"], cname, sandboxPath, m.Annotations["crio/log_path"], sb.netNs(), labels, annotations, nil, nil, id, false, privileged, sandboxDir, created, m.Annotations["org.opencontainers.image.stopSignal"]) + scontainer, err := oci.NewContainer(m.Annotations[annotations.ContainerID], cname, sandboxPath, m.Annotations[annotations.LogPath], sb.netNs(), labels, kubeAnnotations, nil, nil, id, false, privileged, sandboxDir, created, m.Annotations["org.opencontainers.image.stopSignal"]) if err != nil { return err }