Add volumes to container object at container create time
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
This commit is contained in:
Mrunal Patel
Mrunal Patel
parent
5ab6ec3046
commit
fa317b41fd
2 changed files with 37 additions and 7 deletions
|
|
@ -355,6 +355,18 @@ func (c *ContainerServer) LoadSandbox(id string) error {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if m.Annotations[annotations.Volumes] != "" {
|
||||||
|
containerVolumes := []oci.ContainerVolume{}
|
||||||
|
if err = json.Unmarshal([]byte(m.Annotations[annotations.Volumes]), &containerVolumes); err != nil {
|
||||||
|
return fmt.Errorf("failed to unmarshal container volumes: %v", err)
|
||||||
|
}
|
||||||
|
if containerVolumes != nil {
|
||||||
|
for _, cv := range containerVolumes {
|
||||||
|
scontainer.AddVolume(cv)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
c.ContainerStateFromDisk(scontainer)
|
c.ContainerStateFromDisk(scontainer)
|
||||||
|
|
||||||
if err = label.ReserveLabel(processLabel); err != nil {
|
if err = label.ReserveLabel(processLabel); err != nil {
|
||||||
|
|
|
||||||
|
|
@ -40,22 +40,23 @@ const (
|
||||||
seccompLocalhostPrefix = "localhost/"
|
seccompLocalhostPrefix = "localhost/"
|
||||||
)
|
)
|
||||||
|
|
||||||
func addOCIBindMounts(sb *sandbox.Sandbox, containerConfig *pb.ContainerConfig, specgen *generate.Generator) error {
|
func addOCIBindMounts(sb *sandbox.Sandbox, containerConfig *pb.ContainerConfig, specgen *generate.Generator) ([]oci.ContainerVolume, error) {
|
||||||
|
volumes := []oci.ContainerVolume{}
|
||||||
mounts := containerConfig.GetMounts()
|
mounts := containerConfig.GetMounts()
|
||||||
for _, mount := range mounts {
|
for _, mount := range mounts {
|
||||||
dest := mount.ContainerPath
|
dest := mount.ContainerPath
|
||||||
if dest == "" {
|
if dest == "" {
|
||||||
return fmt.Errorf("Mount.ContainerPath is empty")
|
return nil, fmt.Errorf("Mount.ContainerPath is empty")
|
||||||
}
|
}
|
||||||
|
|
||||||
src := mount.HostPath
|
src := mount.HostPath
|
||||||
if src == "" {
|
if src == "" {
|
||||||
return fmt.Errorf("Mount.HostPath is empty")
|
return nil, fmt.Errorf("Mount.HostPath is empty")
|
||||||
}
|
}
|
||||||
|
|
||||||
if _, err := os.Stat(src); err != nil && os.IsNotExist(err) {
|
if _, err := os.Stat(src); err != nil && os.IsNotExist(err) {
|
||||||
if err1 := os.MkdirAll(src, 0644); err1 != nil {
|
if err1 := os.MkdirAll(src, 0644); err1 != nil {
|
||||||
return fmt.Errorf("Failed to mkdir %s: %s", src, err)
|
return nil, fmt.Errorf("Failed to mkdir %s: %s", src, err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -68,14 +69,20 @@ func addOCIBindMounts(sb *sandbox.Sandbox, containerConfig *pb.ContainerConfig,
|
||||||
if mount.SelinuxRelabel {
|
if mount.SelinuxRelabel {
|
||||||
// Need a way in kubernetes to determine if the volume is shared or private
|
// Need a way in kubernetes to determine if the volume is shared or private
|
||||||
if err := label.Relabel(src, sb.MountLabel(), true); err != nil && err != unix.ENOTSUP {
|
if err := label.Relabel(src, sb.MountLabel(), true); err != nil && err != unix.ENOTSUP {
|
||||||
return fmt.Errorf("relabel failed %s: %v", src, err)
|
return nil, fmt.Errorf("relabel failed %s: %v", src, err)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
volumes = append(volumes, oci.ContainerVolume{
|
||||||
|
ContainerPath: dest,
|
||||||
|
HostPath: src,
|
||||||
|
Readonly: mount.Readonly,
|
||||||
|
})
|
||||||
|
|
||||||
specgen.AddBindMount(src, dest, options)
|
specgen.AddBindMount(src, dest, options)
|
||||||
}
|
}
|
||||||
|
|
||||||
return nil
|
return volumes, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func addImageVolumes(rootfs string, s *Server, containerInfo *storage.ContainerInfo, specgen *generate.Generator, mountLabel string) error {
|
func addImageVolumes(rootfs string, s *Server, containerInfo *storage.ContainerInfo, specgen *generate.Generator, mountLabel string) error {
|
||||||
|
|
@ -361,10 +368,17 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
|
||||||
specgen.HostSpecific = true
|
specgen.HostSpecific = true
|
||||||
specgen.ClearProcessRlimits()
|
specgen.ClearProcessRlimits()
|
||||||
|
|
||||||
if err := addOCIBindMounts(sb, containerConfig, &specgen); err != nil {
|
containerVolumes, err := addOCIBindMounts(sb, containerConfig, &specgen)
|
||||||
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
volumesJSON, err := json.Marshal(containerVolumes)
|
||||||
|
if err != nil {
|
||||||
|
return nil, err
|
||||||
|
}
|
||||||
|
specgen.AddAnnotation(annotations.Volumes, string(volumesJSON))
|
||||||
|
|
||||||
// Add cgroup mount so container process can introspect its own limits
|
// Add cgroup mount so container process can introspect its own limits
|
||||||
specgen.AddCgroupsMount("ro")
|
specgen.AddCgroupsMount("ro")
|
||||||
|
|
||||||
|
|
@ -768,6 +782,10 @@ func (s *Server) createSandboxContainer(ctx context.Context, containerID string,
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
|
|
||||||
|
for _, cv := range containerVolumes {
|
||||||
|
container.AddVolume(cv)
|
||||||
|
}
|
||||||
|
|
||||||
return container, nil
|
return container, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue