server: Reduce createSandboxContainer complexity
By factorizing the bind mounts generation code. Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
This commit is contained in:
Samuel Ortiz
parent
2ec696be41
commit
f7eee71792
1 changed files with 33 additions and 25 deletions
|
|
@ -25,6 +25,37 @@ const (
|
||||||
seccompLocalhostPrefix = "localhost/"
|
seccompLocalhostPrefix = "localhost/"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
func addOciBindMounts(sb *sandbox, containerConfig *pb.ContainerConfig, specgen *generate.Generator) error {
|
||||||
|
mounts := containerConfig.GetMounts()
|
||||||
|
for _, mount := range mounts {
|
||||||
|
dest := mount.ContainerPath
|
||||||
|
if dest == "" {
|
||||||
|
return fmt.Errorf("Mount.ContainerPath is empty")
|
||||||
|
}
|
||||||
|
|
||||||
|
src := mount.HostPath
|
||||||
|
if src == "" {
|
||||||
|
return fmt.Errorf("Mount.HostPath is empty")
|
||||||
|
}
|
||||||
|
|
||||||
|
options := []string{"rw"}
|
||||||
|
if mount.Readonly {
|
||||||
|
options = []string{"ro"}
|
||||||
|
}
|
||||||
|
|
||||||
|
if mount.SelinuxRelabel {
|
||||||
|
// Need a way in kubernetes to determine if the volume is shared or private
|
||||||
|
if err := label.Relabel(src, sb.mountLabel, true); err != nil && err != syscall.ENOTSUP {
|
||||||
|
return fmt.Errorf("relabel failed %s: %v", src, err)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
specgen.AddBindMount(src, dest, options)
|
||||||
|
}
|
||||||
|
|
||||||
|
return nil
|
||||||
|
}
|
||||||
|
|
||||||
// CreateContainer creates a new container in specified PodSandbox
|
// CreateContainer creates a new container in specified PodSandbox
|
||||||
func (s *Server) CreateContainer(ctx context.Context, req *pb.CreateContainerRequest) (res *pb.CreateContainerResponse, err error) {
|
func (s *Server) CreateContainer(ctx context.Context, req *pb.CreateContainerRequest) (res *pb.CreateContainerResponse, err error) {
|
||||||
logrus.Debugf("CreateContainerRequest %+v", req)
|
logrus.Debugf("CreateContainerRequest %+v", req)
|
||||||
|
|
@ -145,31 +176,8 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
mounts := containerConfig.GetMounts()
|
if err := addOciBindMounts(sb, containerConfig, &specgen); err != nil {
|
||||||
for _, mount := range mounts {
|
return nil, err
|
||||||
dest := mount.ContainerPath
|
|
||||||
if dest == "" {
|
|
||||||
return nil, fmt.Errorf("Mount.ContainerPath is empty")
|
|
||||||
}
|
|
||||||
|
|
||||||
src := mount.HostPath
|
|
||||||
if src == "" {
|
|
||||||
return nil, fmt.Errorf("Mount.HostPath is empty")
|
|
||||||
}
|
|
||||||
|
|
||||||
options := []string{"rw"}
|
|
||||||
if mount.Readonly {
|
|
||||||
options = []string{"ro"}
|
|
||||||
}
|
|
||||||
|
|
||||||
if mount.SelinuxRelabel {
|
|
||||||
// Need a way in kubernetes to determine if the volume is shared or private
|
|
||||||
if err := label.Relabel(src, sb.mountLabel, true); err != nil && err != syscall.ENOTSUP {
|
|
||||||
return nil, fmt.Errorf("relabel failed %s: %v", src, err)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
specgen.AddBindMount(src, dest, options)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
labels := containerConfig.GetLabels()
|
labels := containerConfig.GetLabels()
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue