Merge pull request #1046 from tomlanyon:crio
PiperOrigin-RevId: 276172466
This commit is contained in:
commit
6122b413f1
|
@ -1149,7 +1149,7 @@ func maybeLockRootContainer(spec *specs.Spec, rootDir string) (func() error, err
|
|||
}
|
||||
|
||||
func isRoot(spec *specs.Spec) bool {
|
||||
return specutils.ShouldCreateSandbox(spec)
|
||||
return specutils.SpecContainerType(spec) != specutils.ContainerTypeContainer
|
||||
}
|
||||
|
||||
// runInCgroup executes fn inside the specified cgroup. If cg is nil, execute
|
||||
|
@ -1198,7 +1198,7 @@ func adjustSandboxOOMScoreAdj(s *sandbox.Sandbox, rootDir string, destroy bool)
|
|||
// Get the lowest score for all containers.
|
||||
var lowScore int
|
||||
scoreFound := false
|
||||
if len(containers) == 1 && len(containers[0].Spec.Annotations[specutils.ContainerdContainerTypeAnnotation]) == 0 {
|
||||
if len(containers) == 1 && specutils.SpecContainerType(containers[0].Spec) == specutils.ContainerTypeUnspecified {
|
||||
// This is a single-container sandbox. Set the oom_score_adj to
|
||||
// the value specified in the OCI bundle.
|
||||
if containers[0].Spec.Process.OOMScoreAdj != nil {
|
||||
|
@ -1214,7 +1214,7 @@ func adjustSandboxOOMScoreAdj(s *sandbox.Sandbox, rootDir string, destroy bool)
|
|||
//
|
||||
// We will use OOMScoreAdj in the single-container case where the
|
||||
// containerd container-type annotation is not present.
|
||||
if container.Spec.Annotations[specutils.ContainerdContainerTypeAnnotation] == specutils.ContainerdContainerTypeSandbox {
|
||||
if specutils.SpecContainerType(container.Spec) == specutils.ContainerTypeSandbox {
|
||||
continue
|
||||
}
|
||||
|
||||
|
|
|
@ -5,6 +5,7 @@ package(licenses = ["notice"])
|
|||
go_library(
|
||||
name = "specutils",
|
||||
srcs = [
|
||||
"cri.go",
|
||||
"fs.go",
|
||||
"namespace.go",
|
||||
"specutils.go",
|
||||
|
|
|
@ -0,0 +1,110 @@
|
|||
// Copyright 2018 The gVisor Authors.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package specutils
|
||||
|
||||
import (
|
||||
specs "github.com/opencontainers/runtime-spec/specs-go"
|
||||
)
|
||||
|
||||
const (
|
||||
// ContainerdContainerTypeAnnotation is the OCI annotation set by
|
||||
// containerd to indicate whether the container to create should have
|
||||
// its own sandbox or a container within an existing sandbox.
|
||||
ContainerdContainerTypeAnnotation = "io.kubernetes.cri.container-type"
|
||||
// ContainerdContainerTypeContainer is the container type value
|
||||
// indicating the container should be created in an existing sandbox.
|
||||
ContainerdContainerTypeContainer = "container"
|
||||
// ContainerdContainerTypeSandbox is the container type value
|
||||
// indicating the container should be created in a new sandbox.
|
||||
ContainerdContainerTypeSandbox = "sandbox"
|
||||
|
||||
// ContainerdSandboxIDAnnotation is the OCI annotation set to indicate
|
||||
// which sandbox the container should be created in when the container
|
||||
// is not the first container in the sandbox.
|
||||
ContainerdSandboxIDAnnotation = "io.kubernetes.cri.sandbox-id"
|
||||
|
||||
// CRIOContainerTypeAnnotation is the OCI annotation set by
|
||||
// CRI-O to indicate whether the container to create should have
|
||||
// its own sandbox or a container within an existing sandbox.
|
||||
CRIOContainerTypeAnnotation = "io.kubernetes.cri-o.ContainerType"
|
||||
|
||||
// CRIOContainerTypeContainer is the container type value
|
||||
// indicating the container should be created in an existing sandbox.
|
||||
CRIOContainerTypeContainer = "container"
|
||||
// CRIOContainerTypeSandbox is the container type value
|
||||
// indicating the container should be created in a new sandbox.
|
||||
CRIOContainerTypeSandbox = "sandbox"
|
||||
|
||||
// CRIOSandboxIDAnnotation is the OCI annotation set to indicate
|
||||
// which sandbox the container should be created in when the container
|
||||
// is not the first container in the sandbox.
|
||||
CRIOSandboxIDAnnotation = "io.kubernetes.cri-o.SandboxID"
|
||||
)
|
||||
|
||||
// ContainerType represents the type of container requested by the calling container manager.
|
||||
type ContainerType int
|
||||
|
||||
const (
|
||||
// ContainerTypeUnspecified indicates that no known container type
|
||||
// annotation was found in the spec.
|
||||
ContainerTypeUnspecified ContainerType = iota
|
||||
// ContainerTypeUnknown indicates that a container type was specified
|
||||
// but is unknown to us.
|
||||
ContainerTypeUnknown
|
||||
// ContainerTypeSandbox indicates that the container should be run in a
|
||||
// new sandbox.
|
||||
ContainerTypeSandbox
|
||||
// ContainerTypeContainer indicates that the container should be run in
|
||||
// an existing sandbox.
|
||||
ContainerTypeContainer
|
||||
)
|
||||
|
||||
// SpecContainerType tries to determine the type of container specified by the
|
||||
// container manager using well-known container annotations.
|
||||
func SpecContainerType(spec *specs.Spec) ContainerType {
|
||||
if t, ok := spec.Annotations[ContainerdContainerTypeAnnotation]; ok {
|
||||
switch t {
|
||||
case ContainerdContainerTypeSandbox:
|
||||
return ContainerTypeSandbox
|
||||
case ContainerdContainerTypeContainer:
|
||||
return ContainerTypeContainer
|
||||
default:
|
||||
return ContainerTypeUnknown
|
||||
}
|
||||
}
|
||||
if t, ok := spec.Annotations[CRIOContainerTypeAnnotation]; ok {
|
||||
switch t {
|
||||
case CRIOContainerTypeSandbox:
|
||||
return ContainerTypeSandbox
|
||||
case CRIOContainerTypeContainer:
|
||||
return ContainerTypeContainer
|
||||
default:
|
||||
return ContainerTypeUnknown
|
||||
}
|
||||
}
|
||||
return ContainerTypeUnspecified
|
||||
}
|
||||
|
||||
// SandboxID returns the ID of the sandbox to join and whether an ID was found
|
||||
// in the spec.
|
||||
func SandboxID(spec *specs.Spec) (string, bool) {
|
||||
if id, ok := spec.Annotations[ContainerdSandboxIDAnnotation]; ok {
|
||||
return id, true
|
||||
}
|
||||
if id, ok := spec.Annotations[CRIOSandboxIDAnnotation]; ok {
|
||||
return id, true
|
||||
}
|
||||
return "", false
|
||||
}
|
|
@ -108,23 +108,18 @@ func ValidateSpec(spec *specs.Spec) error {
|
|||
}
|
||||
}
|
||||
|
||||
// Two annotations are use by containerd to support multi-container pods.
|
||||
// "io.kubernetes.cri.container-type"
|
||||
// "io.kubernetes.cri.sandbox-id"
|
||||
containerType, hasContainerType := spec.Annotations[ContainerdContainerTypeAnnotation]
|
||||
_, hasSandboxID := spec.Annotations[ContainerdSandboxIDAnnotation]
|
||||
switch {
|
||||
// Non-containerd use won't set a container type.
|
||||
case !hasContainerType:
|
||||
case containerType == ContainerdContainerTypeSandbox:
|
||||
// When starting a container in an existing sandbox, the sandbox ID
|
||||
// must be set.
|
||||
case containerType == ContainerdContainerTypeContainer:
|
||||
if !hasSandboxID {
|
||||
return fmt.Errorf("spec has container-type of %s, but no sandbox ID set", containerType)
|
||||
// CRI specifies whether a container should start a new sandbox, or run
|
||||
// another container in an existing sandbox.
|
||||
switch SpecContainerType(spec) {
|
||||
case ContainerTypeContainer:
|
||||
// When starting a container in an existing sandbox, the
|
||||
// sandbox ID must be set.
|
||||
if _, ok := SandboxID(spec); !ok {
|
||||
return fmt.Errorf("spec has container-type of container, but no sandbox ID set")
|
||||
}
|
||||
case ContainerTypeUnknown:
|
||||
return fmt.Errorf("unknown container-type")
|
||||
default:
|
||||
return fmt.Errorf("unknown container-type: %s", containerType)
|
||||
}
|
||||
|
||||
return nil
|
||||
|
@ -338,39 +333,6 @@ func IsSupportedDevMount(m specs.Mount) bool {
|
|||
return true
|
||||
}
|
||||
|
||||
const (
|
||||
// ContainerdContainerTypeAnnotation is the OCI annotation set by
|
||||
// containerd to indicate whether the container to create should have
|
||||
// its own sandbox or a container within an existing sandbox.
|
||||
ContainerdContainerTypeAnnotation = "io.kubernetes.cri.container-type"
|
||||
// ContainerdContainerTypeContainer is the container type value
|
||||
// indicating the container should be created in an existing sandbox.
|
||||
ContainerdContainerTypeContainer = "container"
|
||||
// ContainerdContainerTypeSandbox is the container type value
|
||||
// indicating the container should be created in a new sandbox.
|
||||
ContainerdContainerTypeSandbox = "sandbox"
|
||||
|
||||
// ContainerdSandboxIDAnnotation is the OCI annotation set to indicate
|
||||
// which sandbox the container should be created in when the container
|
||||
// is not the first container in the sandbox.
|
||||
ContainerdSandboxIDAnnotation = "io.kubernetes.cri.sandbox-id"
|
||||
)
|
||||
|
||||
// ShouldCreateSandbox returns true if the spec indicates that a new sandbox
|
||||
// should be created for the container. If false, the container should be
|
||||
// started in an existing sandbox.
|
||||
func ShouldCreateSandbox(spec *specs.Spec) bool {
|
||||
t, ok := spec.Annotations[ContainerdContainerTypeAnnotation]
|
||||
return !ok || t == ContainerdContainerTypeSandbox
|
||||
}
|
||||
|
||||
// SandboxID returns the ID of the sandbox to join and whether an ID was found
|
||||
// in the spec.
|
||||
func SandboxID(spec *specs.Spec) (string, bool) {
|
||||
id, ok := spec.Annotations[ContainerdSandboxIDAnnotation]
|
||||
return id, ok
|
||||
}
|
||||
|
||||
// WaitForReady waits for a process to become ready. The process is ready when
|
||||
// the 'ready' function returns true. It continues to wait if 'ready' returns
|
||||
// false. It returns error on timeout, if the process stops or if 'ready' fails.
|
||||
|
|
Loading…
Reference in New Issue