2016-08-04 16:29:19 +00:00
|
|
|
/*
|
|
|
|
|
Copyright 2016 The Kubernetes Authors.
|
|
|
|
|
|
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
|
you may not use this file except in compliance with the License.
|
|
|
|
|
You may obtain a copy of the License at
|
|
|
|
|
|
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
|
|
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
|
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
|
See the License for the specific language governing permissions and
|
|
|
|
|
limitations under the License.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
package kuberuntime
|
|
|
|
|
|
|
|
|
|
import (
|
2016-08-31 23:44:07 +00:00
|
|
|
"fmt"
|
2016-10-29 00:08:40 +00:00
|
|
|
"net"
|
2016-11-03 00:42:00 +00:00
|
|
|
"net/url"
|
2016-08-13 07:12:40 +00:00
|
|
|
"sort"
|
|
|
|
|
|
2016-08-13 07:01:38 +00:00
|
|
|
"github.com/golang/glog"
|
2016-08-04 16:29:19 +00:00
|
|
|
"k8s.io/kubernetes/pkg/api"
|
|
|
|
|
runtimeApi "k8s.io/kubernetes/pkg/kubelet/api/v1alpha1/runtime"
|
|
|
|
|
kubecontainer "k8s.io/kubernetes/pkg/kubelet/container"
|
2016-08-13 07:12:40 +00:00
|
|
|
"k8s.io/kubernetes/pkg/kubelet/types"
|
2016-08-31 23:44:07 +00:00
|
|
|
"k8s.io/kubernetes/pkg/kubelet/util/format"
|
2016-11-03 00:42:00 +00:00
|
|
|
kubetypes "k8s.io/kubernetes/pkg/types"
|
2016-08-04 16:29:19 +00:00
|
|
|
)
|
|
|
|
|
|
2016-08-31 23:44:07 +00:00
|
|
|
// createPodSandbox creates a pod sandbox and returns (podSandBoxID, message, error).
|
|
|
|
|
func (m *kubeGenericRuntimeManager) createPodSandbox(pod *api.Pod, attempt uint32) (string, string, error) {
|
|
|
|
|
podSandboxConfig, err := m.generatePodSandboxConfig(pod, attempt)
|
|
|
|
|
if err != nil {
|
|
|
|
|
message := fmt.Sprintf("GeneratePodSandboxConfig for pod %q failed: %v", format.Pod(pod), err)
|
|
|
|
|
glog.Error(message)
|
|
|
|
|
return "", message, err
|
|
|
|
|
}
|
|
|
|
|
|
2016-10-14 18:52:18 +00:00
|
|
|
// Create pod logs directory
|
|
|
|
|
err = m.osInterface.MkdirAll(podSandboxConfig.GetLogDirectory(), 0755)
|
|
|
|
|
if err != nil {
|
|
|
|
|
message := fmt.Sprintf("Create pod log directory for pod %q failed: %v", format.Pod(pod), err)
|
|
|
|
|
glog.Errorf(message)
|
|
|
|
|
return "", message, err
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-31 23:44:07 +00:00
|
|
|
podSandBoxID, err := m.runtimeService.RunPodSandbox(podSandboxConfig)
|
|
|
|
|
if err != nil {
|
|
|
|
|
message := fmt.Sprintf("CreatePodSandbox for pod %q failed: %v", format.Pod(pod), err)
|
|
|
|
|
glog.Error(message)
|
|
|
|
|
return "", message, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return podSandBoxID, "", nil
|
|
|
|
|
}
|
|
|
|
|
|
2016-08-04 16:29:19 +00:00
|
|
|
// generatePodSandboxConfig generates pod sandbox config from api.Pod.
|
2016-08-31 23:44:07 +00:00
|
|
|
func (m *kubeGenericRuntimeManager) generatePodSandboxConfig(pod *api.Pod, attempt uint32) (*runtimeApi.PodSandboxConfig, error) {
|
2016-08-04 16:29:19 +00:00
|
|
|
// TODO: deprecating podsandbox resource requirements in favor of the pod level cgroup
|
|
|
|
|
// Refer https://github.com/kubernetes/kubernetes/issues/29871
|
2016-08-17 08:04:25 +00:00
|
|
|
podUID := string(pod.UID)
|
2016-08-04 16:29:19 +00:00
|
|
|
podSandboxConfig := &runtimeApi.PodSandboxConfig{
|
2016-08-17 08:04:25 +00:00
|
|
|
Metadata: &runtimeApi.PodSandboxMetadata{
|
|
|
|
|
Name: &pod.Name,
|
|
|
|
|
Namespace: &pod.Namespace,
|
|
|
|
|
Uid: &podUID,
|
|
|
|
|
Attempt: &attempt,
|
|
|
|
|
},
|
2016-08-04 16:29:19 +00:00
|
|
|
Labels: newPodLabels(pod),
|
|
|
|
|
Annotations: newPodAnnotations(pod),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if !kubecontainer.IsHostNetworkPod(pod) {
|
|
|
|
|
dnsServers, dnsSearches, err := m.runtimeHelper.GetClusterDNS(pod)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
2016-09-29 01:37:23 +00:00
|
|
|
podSandboxConfig.DnsConfig = &runtimeApi.DNSConfig{
|
2016-08-04 16:29:19 +00:00
|
|
|
Servers: dnsServers,
|
|
|
|
|
Searches: dnsSearches,
|
2016-09-29 01:37:23 +00:00
|
|
|
Options: defaultDNSOptions,
|
2016-08-04 16:29:19 +00:00
|
|
|
}
|
|
|
|
|
// TODO: Add domain support in new runtime interface
|
|
|
|
|
hostname, _, err := m.runtimeHelper.GeneratePodHostNameAndDomain(pod)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
podSandboxConfig.Hostname = &hostname
|
|
|
|
|
}
|
|
|
|
|
|
2016-10-14 18:52:18 +00:00
|
|
|
logDir := buildPodLogsDirectory(pod.UID)
|
|
|
|
|
podSandboxConfig.LogDirectory = &logDir
|
|
|
|
|
|
2016-08-04 16:29:19 +00:00
|
|
|
cgroupParent := ""
|
|
|
|
|
portMappings := []*runtimeApi.PortMapping{}
|
|
|
|
|
for _, c := range pod.Spec.Containers {
|
2016-08-31 23:44:07 +00:00
|
|
|
// TODO: use a separate interface to only generate portmappings
|
|
|
|
|
opts, err := m.runtimeHelper.GenerateRunContainerOptions(pod, &c, "")
|
2016-08-04 16:29:19 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for idx := range opts.PortMappings {
|
|
|
|
|
port := opts.PortMappings[idx]
|
|
|
|
|
hostPort := int32(port.HostPort)
|
|
|
|
|
containerPort := int32(port.ContainerPort)
|
|
|
|
|
protocol := toRuntimeProtocol(port.Protocol)
|
|
|
|
|
portMappings = append(portMappings, &runtimeApi.PortMapping{
|
|
|
|
|
HostIp: &port.HostIP,
|
|
|
|
|
HostPort: &hostPort,
|
|
|
|
|
ContainerPort: &containerPort,
|
|
|
|
|
Protocol: &protocol,
|
|
|
|
|
})
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// TODO: refactor kubelet to get cgroup parent for pod instead of containers
|
|
|
|
|
cgroupParent = opts.CgroupParent
|
|
|
|
|
}
|
2016-11-04 11:53:19 +00:00
|
|
|
podSandboxConfig.Linux = m.generatePodSandboxLinuxConfig(pod, cgroupParent)
|
2016-08-04 16:29:19 +00:00
|
|
|
if len(portMappings) > 0 {
|
|
|
|
|
podSandboxConfig.PortMappings = portMappings
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return podSandboxConfig, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// generatePodSandboxLinuxConfig generates LinuxPodSandboxConfig from api.Pod.
|
2016-11-04 11:53:19 +00:00
|
|
|
func (m *kubeGenericRuntimeManager) generatePodSandboxLinuxConfig(pod *api.Pod, cgroupParent string) *runtimeApi.LinuxPodSandboxConfig {
|
2016-08-04 16:29:19 +00:00
|
|
|
if pod.Spec.SecurityContext == nil && cgroupParent == "" {
|
|
|
|
|
return nil
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-04 11:53:19 +00:00
|
|
|
lc := &runtimeApi.LinuxPodSandboxConfig{}
|
|
|
|
|
if cgroupParent != "" {
|
|
|
|
|
lc.CgroupParent = &cgroupParent
|
|
|
|
|
}
|
2016-08-04 16:29:19 +00:00
|
|
|
if pod.Spec.SecurityContext != nil {
|
2016-11-04 11:53:19 +00:00
|
|
|
sc := pod.Spec.SecurityContext
|
|
|
|
|
lc.SecurityContext = &runtimeApi.LinuxSandboxSecurityContext{
|
|
|
|
|
NamespaceOptions: &runtimeApi.NamespaceOption{
|
|
|
|
|
HostNetwork: &sc.HostNetwork,
|
|
|
|
|
HostIpc: &sc.HostIPC,
|
|
|
|
|
HostPid: &sc.HostPID,
|
|
|
|
|
},
|
|
|
|
|
RunAsUser: sc.RunAsUser,
|
2016-08-04 16:29:19 +00:00
|
|
|
}
|
|
|
|
|
|
2016-11-04 11:53:19 +00:00
|
|
|
if groups := m.runtimeHelper.GetExtraSupplementalGroupsForPod(pod); len(groups) > 0 {
|
|
|
|
|
lc.SecurityContext.SupplementalGroups = append(lc.SecurityContext.SupplementalGroups, groups...)
|
|
|
|
|
}
|
|
|
|
|
if sc.SupplementalGroups != nil {
|
|
|
|
|
lc.SecurityContext.SupplementalGroups = append(lc.SecurityContext.SupplementalGroups, sc.SupplementalGroups...)
|
|
|
|
|
}
|
|
|
|
|
if sc.SELinuxOptions != nil {
|
|
|
|
|
lc.SecurityContext.SelinuxOptions = &runtimeApi.SELinuxOption{
|
|
|
|
|
User: &sc.SELinuxOptions.User,
|
|
|
|
|
Role: &sc.SELinuxOptions.Role,
|
|
|
|
|
Type: &sc.SELinuxOptions.Type,
|
|
|
|
|
Level: &sc.SELinuxOptions.Level,
|
|
|
|
|
}
|
|
|
|
|
}
|
2016-08-04 16:29:19 +00:00
|
|
|
}
|
|
|
|
|
|
2016-11-04 11:53:19 +00:00
|
|
|
return lc
|
2016-08-04 16:29:19 +00:00
|
|
|
}
|
2016-08-13 07:01:38 +00:00
|
|
|
|
|
|
|
|
// getKubeletSandboxes lists all (or just the running) sandboxes managed by kubelet.
|
|
|
|
|
func (m *kubeGenericRuntimeManager) getKubeletSandboxes(all bool) ([]*runtimeApi.PodSandbox, error) {
|
|
|
|
|
var filter *runtimeApi.PodSandboxFilter
|
|
|
|
|
if !all {
|
2016-11-01 19:58:04 +00:00
|
|
|
readyState := runtimeApi.PodSandboxState_SANDBOX_READY
|
2016-08-13 07:01:38 +00:00
|
|
|
filter = &runtimeApi.PodSandboxFilter{
|
|
|
|
|
State: &readyState,
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
resp, err := m.runtimeService.ListPodSandbox(filter)
|
|
|
|
|
if err != nil {
|
|
|
|
|
glog.Errorf("ListPodSandbox failed: %v", err)
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
result := []*runtimeApi.PodSandbox{}
|
|
|
|
|
for _, s := range resp {
|
|
|
|
|
if !isManagedByKubelet(s.Labels) {
|
2016-08-17 08:04:25 +00:00
|
|
|
glog.V(5).Infof("Sandbox %s is not managed by kubelet", kubecontainer.BuildPodFullName(
|
|
|
|
|
s.Metadata.GetName(), s.Metadata.GetNamespace()))
|
2016-08-13 07:01:38 +00:00
|
|
|
continue
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
result = append(result, s)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return result, nil
|
|
|
|
|
}
|
2016-08-13 07:12:40 +00:00
|
|
|
|
|
|
|
|
// determinePodSandboxIP determines the IP address of the given pod sandbox.
|
|
|
|
|
func (m *kubeGenericRuntimeManager) determinePodSandboxIP(podNamespace, podName string, podSandbox *runtimeApi.PodSandboxStatus) string {
|
2016-10-29 00:08:40 +00:00
|
|
|
if podSandbox.Network == nil {
|
|
|
|
|
glog.Warningf("Pod Sandbox status doesn't have network information, cannot report IP")
|
|
|
|
|
return ""
|
2016-08-13 07:12:40 +00:00
|
|
|
}
|
2016-10-29 00:08:40 +00:00
|
|
|
ip := podSandbox.Network.GetIp()
|
|
|
|
|
if net.ParseIP(ip) == nil {
|
|
|
|
|
glog.Warningf("Pod Sandbox reported an unparseable IP %v", ip)
|
|
|
|
|
return ""
|
2016-08-13 07:12:40 +00:00
|
|
|
}
|
|
|
|
|
return ip
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// getPodSandboxID gets the sandbox id by podUID and returns ([]sandboxID, error).
|
|
|
|
|
// Param state could be nil in order to get all sandboxes belonging to same pod.
|
2016-11-03 00:42:00 +00:00
|
|
|
func (m *kubeGenericRuntimeManager) getSandboxIDByPodUID(podUID kubetypes.UID, state *runtimeApi.PodSandboxState) ([]string, error) {
|
2016-08-13 07:12:40 +00:00
|
|
|
filter := &runtimeApi.PodSandboxFilter{
|
|
|
|
|
State: state,
|
2016-11-03 00:42:00 +00:00
|
|
|
LabelSelector: map[string]string{types.KubernetesPodUIDLabel: string(podUID)},
|
2016-08-13 07:12:40 +00:00
|
|
|
}
|
|
|
|
|
sandboxes, err := m.runtimeService.ListPodSandbox(filter)
|
|
|
|
|
if err != nil {
|
|
|
|
|
glog.Errorf("ListPodSandbox with pod UID %q failed: %v", podUID, err)
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(sandboxes) == 0 {
|
|
|
|
|
return nil, nil
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Sort with newest first.
|
|
|
|
|
sandboxIDs := make([]string, len(sandboxes))
|
|
|
|
|
sort.Sort(podSandboxByCreated(sandboxes))
|
|
|
|
|
for i, s := range sandboxes {
|
|
|
|
|
sandboxIDs[i] = s.GetId()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return sandboxIDs, nil
|
|
|
|
|
}
|
2016-11-03 00:42:00 +00:00
|
|
|
|
|
|
|
|
// GetPortForward gets the endpoint the runtime will serve the port-forward request from.
|
|
|
|
|
func (m *kubeGenericRuntimeManager) GetPortForward(podName, podNamespace string, podUID kubetypes.UID) (*url.URL, error) {
|
|
|
|
|
sandboxIDs, err := m.getSandboxIDByPodUID(podUID, nil)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, fmt.Errorf("failed to find sandboxID for pod %s: %v", format.PodDesc(podName, podNamespace, podUID), err)
|
|
|
|
|
}
|
|
|
|
|
if len(sandboxIDs) == 0 {
|
|
|
|
|
return nil, fmt.Errorf("failed to find sandboxID for pod %s", format.PodDesc(podName, podNamespace, podUID))
|
|
|
|
|
}
|
|
|
|
|
// TODO: Port is unused for now, but we may need it in the future.
|
|
|
|
|
req := &runtimeApi.PortForwardRequest{
|
|
|
|
|
PodSandboxId: &sandboxIDs[0],
|
|
|
|
|
}
|
|
|
|
|
resp, err := m.runtimeService.PortForward(req)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
return url.Parse(resp.GetUrl())
|
|
|
|
|
}
|
