pkg/annotations: Export CRI-O annotations namespace

Some runtimes like Clear Containers need to interpret the CRI-O
annotations, to distinguish the infra container from the regular one.
Here we export those annotations and use a more standard dotted
namespace for them.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
This commit is contained in:
Samuel Ortiz 2017-06-01 18:40:33 +02:00
parent 36255b8663
commit f15859c79f
5 changed files with 131 additions and 69 deletions

View file

@ -0,0 +1,66 @@
package annotations
const (
// Annotations carries the received Kubelet annotations
Annotations = "io.kubernetes.cri-o.Annotations"
// ContainerID is the container ID annotation
ContainerID = "io.kubernetes.cri-o.ContainerID"
// ContainerName is the container name annotation
ContainerName = "io.kubernetes.cri-o.ContainerName"
// ContainerType is the container type (sandbox or container) annotation
ContainerType = "io.kubernetes.cri-o.ContainerType"
// Created is the container creation time annotation
Created = "io.kubernetes.cri-o.Created"
// HostName is the container host name annotation
HostName = "io.kubernetes.cri-o.HostName"
// Image is the container image ID annotation
Image = "io.kubernetes.cri-o.Image"
// KubeName is the kubernetes name annotation
KubeName = "io.kubernetes.cri-o.KubeName"
// Labels are the kubernetes labels annotation
Labels = "io.kubernetes.cri-o.Labels"
// LogPath is the container logging path annotation
LogPath = "io.kubernetes.cri-o.LogPath"
// Metadata is the container metadata annotation
Metadata = "io.kubernetes.cri-o.Metadata"
// Name is the pod name annotation
Name = "io.kubernetes.cri-o.Name"
// PrivilegedRuntime is the annotation for the privileged runtime path
PrivilegedRuntime = "io.kubernetes.cri-o.PrivilegedRuntime"
// ResolvPath is the resolver configuration path annotation
ResolvPath = "io.kubernetes.cri-o.ResolvPath"
// SandboxID is the sandbox ID annotation
SandboxID = "io.kubernetes.cri-o.SandboxID"
// SandboxName is the sandbox name annotation
SandboxName = "io.kubernetes.cri-o.SandboxName"
// ShmPath is the shared memory path annotation
ShmPath = "io.kubernetes.cri-o.ShmPath"
// TTY is the terminal path annotation
TTY = "io.kubernetes.cri-o.TTY"
)
// ContainerType values
const (
// ContainerTypeSandbox represents a pod sandbox container
ContainerTypeSandbox = "sandbox"
// ContainerTypeContainer represents a container running within a pod
ContainerTypeContainer = "container"
)

View file

@ -6,13 +6,6 @@ import (
"github.com/kubernetes-incubator/cri-o/oci" "github.com/kubernetes-incubator/cri-o/oci"
) )
const (
// containerTypeSandbox represents a pod sandbox container
containerTypeSandbox = "sandbox"
// containerTypeContainer represents a container running within a pod
containerTypeContainer = "container"
)
func (s *Server) getContainerFromRequest(cid string) (*oci.Container, error) { func (s *Server) getContainerFromRequest(cid string) (*oci.Container, error) {
if cid == "" { if cid == "" {
return nil, fmt.Errorf("container ID should not be empty") return nil, fmt.Errorf("container ID should not be empty")

View file

@ -16,6 +16,7 @@ import (
"github.com/docker/docker/pkg/stringid" "github.com/docker/docker/pkg/stringid"
"github.com/docker/docker/pkg/symlink" "github.com/docker/docker/pkg/symlink"
"github.com/kubernetes-incubator/cri-o/oci" "github.com/kubernetes-incubator/cri-o/oci"
"github.com/kubernetes-incubator/cri-o/pkg/annotations"
"github.com/kubernetes-incubator/cri-o/server/apparmor" "github.com/kubernetes-incubator/cri-o/server/apparmor"
"github.com/kubernetes-incubator/cri-o/server/seccomp" "github.com/kubernetes-incubator/cri-o/server/seccomp"
"github.com/opencontainers/image-spec/specs-go/v1" "github.com/opencontainers/image-spec/specs-go/v1"
@ -348,9 +349,9 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
metadata := containerConfig.GetMetadata() metadata := containerConfig.GetMetadata()
annotations := containerConfig.GetAnnotations() kubeAnnotations := containerConfig.GetAnnotations()
if annotations != nil { if kubeAnnotations != nil {
for k, v := range annotations { for k, v := range kubeAnnotations {
specgen.AddAnnotation(k, v) specgen.AddAnnotation(k, v)
} }
} }
@ -543,34 +544,34 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
specgen.SetHostname(sb.hostname) specgen.SetHostname(sb.hostname)
} }
specgen.AddAnnotation("crio/name", containerName) specgen.AddAnnotation(annotations.Name, containerName)
specgen.AddAnnotation("crio/sandbox_id", sb.id) specgen.AddAnnotation(annotations.SandboxID, sb.id)
specgen.AddAnnotation("crio/sandbox_name", sb.infraContainer.Name()) specgen.AddAnnotation(annotations.SandboxName, sb.infraContainer.Name())
specgen.AddAnnotation("crio/container_type", containerTypeContainer) specgen.AddAnnotation(annotations.ContainerType, annotations.ContainerTypeContainer)
specgen.AddAnnotation("crio/log_path", logPath) specgen.AddAnnotation(annotations.LogPath, logPath)
specgen.AddAnnotation("crio/tty", fmt.Sprintf("%v", containerConfig.Tty)) specgen.AddAnnotation(annotations.TTY, fmt.Sprintf("%v", containerConfig.Tty))
specgen.AddAnnotation("crio/image", image) specgen.AddAnnotation(annotations.Image, image)
created := time.Now() created := time.Now()
specgen.AddAnnotation("crio/created", created.Format(time.RFC3339Nano)) specgen.AddAnnotation(annotations.Created, created.Format(time.RFC3339Nano))
metadataJSON, err := json.Marshal(metadata) metadataJSON, err := json.Marshal(metadata)
if err != nil { if err != nil {
return nil, err return nil, err
} }
specgen.AddAnnotation("crio/metadata", string(metadataJSON)) specgen.AddAnnotation(annotations.Metadata, string(metadataJSON))
labelsJSON, err := json.Marshal(labels) labelsJSON, err := json.Marshal(labels)
if err != nil { if err != nil {
return nil, err return nil, err
} }
specgen.AddAnnotation("crio/labels", string(labelsJSON)) specgen.AddAnnotation(annotations.Labels, string(labelsJSON))
annotationsJSON, err := json.Marshal(annotations) kubeAnnotationsJSON, err := json.Marshal(kubeAnnotations)
if err != nil { if err != nil {
return nil, err return nil, err
} }
specgen.AddAnnotation("crio/annotations", string(annotationsJSON)) specgen.AddAnnotation(annotations.Annotations, string(kubeAnnotationsJSON))
if err = s.setupSeccomp(&specgen, containerName, sb.annotations); err != nil { if err = s.setupSeccomp(&specgen, containerName, sb.annotations); err != nil {
return nil, err return nil, err
@ -675,7 +676,7 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
return nil, err return nil, err
} }
container, err := oci.NewContainer(containerID, containerName, containerInfo.RunDir, logPath, sb.netNs(), labels, annotations, imageSpec, metadata, sb.id, containerConfig.Tty, sb.privileged, containerInfo.Dir, created, containerImageConfig.Config.StopSignal) container, err := oci.NewContainer(containerID, containerName, containerInfo.RunDir, logPath, sb.netNs(), labels, kubeAnnotations, imageSpec, metadata, sb.id, containerConfig.Tty, sb.privileged, containerInfo.Dir, created, containerImageConfig.Config.StopSignal)
if err != nil { if err != nil {
return nil, err return nil, err
} }

View file

@ -14,6 +14,7 @@ import (
"github.com/Sirupsen/logrus" "github.com/Sirupsen/logrus"
"github.com/containers/storage" "github.com/containers/storage"
"github.com/kubernetes-incubator/cri-o/oci" "github.com/kubernetes-incubator/cri-o/oci"
"github.com/kubernetes-incubator/cri-o/pkg/annotations"
"github.com/opencontainers/runc/libcontainer/cgroups/systemd" "github.com/opencontainers/runc/libcontainer/cgroups/systemd"
"github.com/opencontainers/runtime-tools/generate" "github.com/opencontainers/runtime-tools/generate"
"github.com/opencontainers/selinux/go-selinux/label" "github.com/opencontainers/selinux/go-selinux/label"
@ -203,8 +204,8 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
} }
// add annotations // add annotations
annotations := req.GetConfig().GetAnnotations() kubeAnnotations := req.GetConfig().GetAnnotations()
annotationsJSON, err := json.Marshal(annotations) kubeAnnotationsJSON, err := json.Marshal(kubeAnnotations)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -276,27 +277,27 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
} }
privileged := s.privilegedSandbox(req) privileged := s.privilegedSandbox(req)
g.AddAnnotation("crio/metadata", string(metadataJSON)) g.AddAnnotation(annotations.Metadata, string(metadataJSON))
g.AddAnnotation("crio/labels", string(labelsJSON)) g.AddAnnotation(annotations.Labels, string(labelsJSON))
g.AddAnnotation("crio/annotations", string(annotationsJSON)) g.AddAnnotation(annotations.Annotations, string(kubeAnnotationsJSON))
g.AddAnnotation("crio/log_path", logPath) g.AddAnnotation(annotations.LogPath, logPath)
g.AddAnnotation("crio/name", name) g.AddAnnotation(annotations.Name, name)
g.AddAnnotation("crio/container_type", containerTypeSandbox) g.AddAnnotation(annotations.ContainerType, annotations.ContainerTypeSandbox)
g.AddAnnotation("crio/sandbox_id", id) g.AddAnnotation(annotations.SandboxID, id)
g.AddAnnotation("crio/container_name", containerName) g.AddAnnotation(annotations.ContainerName, containerName)
g.AddAnnotation("crio/container_id", id) g.AddAnnotation(annotations.ContainerID, id)
g.AddAnnotation("crio/shm_path", shmPath) g.AddAnnotation(annotations.ShmPath, shmPath)
g.AddAnnotation("crio/privileged_runtime", fmt.Sprintf("%v", privileged)) g.AddAnnotation(annotations.PrivilegedRuntime, fmt.Sprintf("%v", privileged))
g.AddAnnotation("crio/resolv_path", resolvPath) g.AddAnnotation(annotations.ResolvPath, resolvPath)
g.AddAnnotation("crio/hostname", hostname) g.AddAnnotation(annotations.HostName, hostname)
g.AddAnnotation("crio/kube_name", kubeName) g.AddAnnotation(annotations.KubeName, kubeName)
if podContainer.Config.Config.StopSignal != "" { if podContainer.Config.Config.StopSignal != "" {
// this key is defined in image-spec conversion document at https://github.com/opencontainers/image-spec/pull/492/files#diff-8aafbe2c3690162540381b8cdb157112R57 // this key is defined in image-spec conversion document at https://github.com/opencontainers/image-spec/pull/492/files#diff-8aafbe2c3690162540381b8cdb157112R57
g.AddAnnotation("org.opencontainers.image.stopSignal", podContainer.Config.Config.StopSignal) g.AddAnnotation("org.opencontainers.image.stopSignal", podContainer.Config.Config.StopSignal)
} }
created := time.Now() created := time.Now()
g.AddAnnotation("crio/created", created.Format(time.RFC3339Nano)) g.AddAnnotation(annotations.Created, created.Format(time.RFC3339Nano))
sb := &sandbox{ sb := &sandbox{
id: id, id: id,
@ -305,7 +306,7 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
kubeName: kubeName, kubeName: kubeName,
logDir: logDir, logDir: logDir,
labels: labels, labels: labels,
annotations: annotations, annotations: kubeAnnotations,
containers: oci.NewMemoryStore(), containers: oci.NewMemoryStore(),
processLabel: processLabel, processLabel: processLabel,
mountLabel: mountLabel, mountLabel: mountLabel,
@ -335,12 +336,12 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
} }
}() }()
for k, v := range annotations { for k, v := range kubeAnnotations {
g.AddAnnotation(k, v) g.AddAnnotation(k, v)
} }
// extract linux sysctls from annotations and pass down to oci runtime // extract linux sysctls from annotations and pass down to oci runtime
safe, unsafe, err := SysctlsFromPodAnnotations(annotations) safe, unsafe, err := SysctlsFromPodAnnotations(kubeAnnotations)
if err != nil { if err != nil {
return nil, err return nil, err
} }
@ -437,7 +438,7 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
return nil, fmt.Errorf("failed to write runtime configuration for pod sandbox %s(%s): %v", sb.name, id, err) return nil, fmt.Errorf("failed to write runtime configuration for pod sandbox %s(%s): %v", sb.name, id, err)
} }
container, err := oci.NewContainer(id, containerName, podContainer.RunDir, logPath, sb.netNs(), labels, annotations, nil, nil, id, false, sb.privileged, podContainer.Dir, created, podContainer.Config.Config.StopSignal) container, err := oci.NewContainer(id, containerName, podContainer.RunDir, logPath, sb.netNs(), labels, kubeAnnotations, nil, nil, id, false, sb.privileged, podContainer.Dir, created, podContainer.Config.Config.StopSignal)
if err != nil { if err != nil {
return nil, err return nil, err
} }

View file

@ -16,6 +16,7 @@ import (
"github.com/docker/docker/pkg/registrar" "github.com/docker/docker/pkg/registrar"
"github.com/docker/docker/pkg/truncindex" "github.com/docker/docker/pkg/truncindex"
"github.com/kubernetes-incubator/cri-o/oci" "github.com/kubernetes-incubator/cri-o/oci"
"github.com/kubernetes-incubator/cri-o/pkg/annotations"
"github.com/kubernetes-incubator/cri-o/pkg/ocicni" "github.com/kubernetes-incubator/cri-o/pkg/ocicni"
"github.com/kubernetes-incubator/cri-o/pkg/storage" "github.com/kubernetes-incubator/cri-o/pkg/storage"
"github.com/kubernetes-incubator/cri-o/server/apparmor" "github.com/kubernetes-incubator/cri-o/server/apparmor"
@ -89,10 +90,10 @@ func (s *Server) loadContainer(id string) error {
return err return err
} }
labels := make(map[string]string) labels := make(map[string]string)
if err = json.Unmarshal([]byte(m.Annotations["crio/labels"]), &labels); err != nil { if err = json.Unmarshal([]byte(m.Annotations[annotations.Labels]), &labels); err != nil {
return err return err
} }
name := m.Annotations["crio/name"] name := m.Annotations[annotations.Name]
name, err = s.reserveContainerName(id, name) name, err = s.reserveContainerName(id, name)
if err != nil { if err != nil {
return err return err
@ -105,16 +106,16 @@ func (s *Server) loadContainer(id string) error {
}() }()
var metadata pb.ContainerMetadata var metadata pb.ContainerMetadata
if err = json.Unmarshal([]byte(m.Annotations["crio/metadata"]), &metadata); err != nil { if err = json.Unmarshal([]byte(m.Annotations[annotations.Metadata]), &metadata); err != nil {
return err return err
} }
sb := s.getSandbox(m.Annotations["crio/sandbox_id"]) sb := s.getSandbox(m.Annotations[annotations.SandboxID])
if sb == nil { if sb == nil {
return fmt.Errorf("could not get sandbox with id %s, skipping", m.Annotations["crio/sandbox_id"]) return fmt.Errorf("could not get sandbox with id %s, skipping", m.Annotations[annotations.SandboxID])
} }
var tty bool var tty bool
if v := m.Annotations["crio/tty"]; v == "true" { if v := m.Annotations[annotations.TTY]; v == "true" {
tty = true tty = true
} }
containerPath, err := s.store.ContainerRunDirectory(id) containerPath, err := s.store.ContainerRunDirectory(id)
@ -128,24 +129,24 @@ func (s *Server) loadContainer(id string) error {
} }
var img *pb.ImageSpec var img *pb.ImageSpec
image, ok := m.Annotations["crio/image"] image, ok := m.Annotations[annotations.Image]
if ok { if ok {
img = &pb.ImageSpec{ img = &pb.ImageSpec{
Image: image, Image: image,
} }
} }
annotations := make(map[string]string) kubeAnnotations := make(map[string]string)
if err = json.Unmarshal([]byte(m.Annotations["crio/annotations"]), &annotations); err != nil { if err = json.Unmarshal([]byte(m.Annotations[annotations.Annotations]), &kubeAnnotations); err != nil {
return err return err
} }
created, err := time.Parse(time.RFC3339Nano, m.Annotations["crio/created"]) created, err := time.Parse(time.RFC3339Nano, m.Annotations[annotations.Created])
if err != nil { if err != nil {
return err return err
} }
ctr, err := oci.NewContainer(id, name, containerPath, m.Annotations["crio/log_path"], sb.netNs(), labels, annotations, img, &metadata, sb.id, tty, sb.privileged, containerDir, created, m.Annotations["org.opencontainers.image.stopSignal"]) ctr, err := oci.NewContainer(id, name, containerPath, m.Annotations[annotations.LogPath], sb.netNs(), labels, kubeAnnotations, img, &metadata, sb.id, tty, sb.privileged, containerDir, created, m.Annotations["org.opencontainers.image.stopSignal"])
if err != nil { if err != nil {
return err return err
} }
@ -207,10 +208,10 @@ func (s *Server) loadSandbox(id string) error {
return err return err
} }
labels := make(map[string]string) labels := make(map[string]string)
if err = json.Unmarshal([]byte(m.Annotations["crio/labels"]), &labels); err != nil { if err = json.Unmarshal([]byte(m.Annotations[annotations.Labels]), &labels); err != nil {
return err return err
} }
name := m.Annotations["crio/name"] name := m.Annotations[annotations.Name]
name, err = s.reservePodName(id, name) name, err = s.reservePodName(id, name)
if err != nil { if err != nil {
return err return err
@ -221,7 +222,7 @@ func (s *Server) loadSandbox(id string) error {
} }
}() }()
var metadata pb.PodSandboxMetadata var metadata pb.PodSandboxMetadata
if err = json.Unmarshal([]byte(m.Annotations["crio/metadata"]), &metadata); err != nil { if err = json.Unmarshal([]byte(m.Annotations[annotations.Metadata]), &metadata); err != nil {
return err return err
} }
@ -230,27 +231,27 @@ func (s *Server) loadSandbox(id string) error {
return err return err
} }
annotations := make(map[string]string) kubeAnnotations := make(map[string]string)
if err = json.Unmarshal([]byte(m.Annotations["crio/annotations"]), &annotations); err != nil { if err = json.Unmarshal([]byte(m.Annotations[annotations.Annotations]), &kubeAnnotations); err != nil {
return err return err
} }
privileged := m.Annotations["crio/privileged_runtime"] == "true" privileged := m.Annotations[annotations.PrivilegedRuntime] == "true"
sb := &sandbox{ sb := &sandbox{
id: id, id: id,
name: name, name: name,
kubeName: m.Annotations["crio/kube_name"], kubeName: m.Annotations[annotations.KubeName],
logDir: filepath.Dir(m.Annotations["crio/log_path"]), logDir: filepath.Dir(m.Annotations[annotations.LogPath]),
labels: labels, labels: labels,
containers: oci.NewMemoryStore(), containers: oci.NewMemoryStore(),
processLabel: processLabel, processLabel: processLabel,
mountLabel: mountLabel, mountLabel: mountLabel,
annotations: annotations, annotations: kubeAnnotations,
metadata: &metadata, metadata: &metadata,
shmPath: m.Annotations["crio/shm_path"], shmPath: m.Annotations[annotations.ShmPath],
privileged: privileged, privileged: privileged,
resolvPath: m.Annotations["crio/resolv_path"], resolvPath: m.Annotations[annotations.ResolvPath],
} }
// We add a netNS only if we can load a permanent one. // We add a netNS only if we can load a permanent one.
@ -286,7 +287,7 @@ func (s *Server) loadSandbox(id string) error {
return err return err
} }
cname, err := s.reserveContainerName(m.Annotations["crio/container_id"], m.Annotations["crio/container_name"]) cname, err := s.reserveContainerName(m.Annotations[annotations.ContainerID], m.Annotations[annotations.ContainerName])
if err != nil { if err != nil {
return err return err
} }
@ -296,12 +297,12 @@ func (s *Server) loadSandbox(id string) error {
} }
}() }()
created, err := time.Parse(time.RFC3339Nano, m.Annotations["crio/created"]) created, err := time.Parse(time.RFC3339Nano, m.Annotations[annotations.Created])
if err != nil { if err != nil {
return err return err
} }
scontainer, err := oci.NewContainer(m.Annotations["crio/container_id"], cname, sandboxPath, m.Annotations["crio/log_path"], sb.netNs(), labels, annotations, nil, nil, id, false, privileged, sandboxDir, created, m.Annotations["org.opencontainers.image.stopSignal"]) scontainer, err := oci.NewContainer(m.Annotations[annotations.ContainerID], cname, sandboxPath, m.Annotations[annotations.LogPath], sb.netNs(), labels, kubeAnnotations, nil, nil, id, false, privileged, sandboxDir, created, m.Annotations["org.opencontainers.image.stopSignal"])
if err != nil { if err != nil {
return err return err
} }