Setup docker hostconfig for windows containers

2018-02-11 15:00:27 +08:00 · 2018-02-11 15:00:27 +08:00 · 18c55a1d8e
parent 3c5e493482
commit 18c55a1d8e
1 changed files with 18 additions and 22 deletions
--- a/pkg/kubelet/dockershim/helpers_windows.go
+++ b/pkg/kubelet/dockershim/helpers_windows.go
@ -27,18 +27,10 @@ import (
 	dockerfilters "github.com/docker/docker/api/types/filters"
 	"github.com/golang/glog"
-	utilfeature "k8s.io/apiserver/pkg/util/feature"
+	kubeletapis "k8s.io/kubernetes/pkg/kubelet/apis"
 	"k8s.io/kubernetes/pkg/features"
 	runtimeapi "k8s.io/kubernetes/pkg/kubelet/apis/cri/runtime/v1alpha2"
 )
 const (
 	hypervIsolationAnnotationKey = "experimental.windows.kubernetes.io/isolation-type"
 	// Refer https://aka.ms/hyperv-container.
 	hypervIsolation = "hyperv"
 )
 func DefaultMemorySwap() int64 {
 	return 0
 }
@ -50,19 +42,10 @@ func (ds *dockerService) getSecurityOpts(seccompProfile string, separator rune)
 	return nil, nil
 }
 func shouldIsolatedByHyperV(annotations map[string]string) bool {
 	if !utilfeature.DefaultFeatureGate.Enabled(features.HyperVContainer) {
 		return false
 	}
 	v, ok := annotations[hypervIsolationAnnotationKey]
 	return ok && v == hypervIsolation
 }
 // applyExperimentalCreateConfig applys experimental configures from sandbox annotations.
 func applyExperimentalCreateConfig(createConfig *dockertypes.ContainerCreateConfig, annotations map[string]string) {
-	if shouldIsolatedByHyperV(annotations) {
+	if kubeletapis.ShouldIsolatedByHyperV(annotations) {
-		createConfig.HostConfig.Isolation = hypervIsolation
+		createConfig.HostConfig.Isolation = kubeletapis.HypervIsolationValue
 		if networkMode := os.Getenv("CONTAINER_NETWORK"); networkMode == "" {
 			createConfig.HostConfig.NetworkMode = dockercontainer.NetworkMode("none")
@ -77,11 +60,24 @@ func (ds *dockerService) updateCreateConfig(
 	podSandboxID string, securityOptSep rune, apiVersion *semver.Version) error {
 	if networkMode := os.Getenv("CONTAINER_NETWORK"); networkMode != "" {
 		createConfig.HostConfig.NetworkMode = dockercontainer.NetworkMode(networkMode)
-	} else if !shouldIsolatedByHyperV(sandboxConfig.Annotations) {
+	} else if !kubeletapis.ShouldIsolatedByHyperV(sandboxConfig.Annotations) {
 		// Todo: Refactor this call in future for calling methods directly in security_context.go
 		modifyHostOptionsForContainer(nil, podSandboxID, createConfig.HostConfig)
 	}
 	// Apply Windows-specific options if applicable.
 	if wc := config.GetWindows(); wc != nil {
 		rOpts := wc.GetResources()
 		if rOpts != nil {
 			createConfig.HostConfig.Resources = dockercontainer.Resources{
 				Memory:     rOpts.MemoryLimitInBytes,
 				CPUShares:  rOpts.CpuShares,
 				CPUCount:   rOpts.CpuCount,
 				CPUPercent: rOpts.CpuMaximum,
 			}
 		}
 	}
 	applyExperimentalCreateConfig(createConfig, sandboxConfig.Annotations)
 	return nil
@ -119,7 +115,7 @@ func (ds *dockerService) determinePodIPBySandboxID(sandboxID string) string {
 		// Todo: Add a kernel version check for more validation
 		if networkMode := os.Getenv("CONTAINER_NETWORK"); networkMode == "" {
-			if r.HostConfig.Isolation == hypervIsolation {
+			if r.HostConfig.Isolation == kubeletapis.HypervIsolationValue {
 				// Hyper-V only supports one container per Pod yet and the container will have a different
 				// IP address from sandbox. Return the first non-sandbox container IP as POD IP.
 				// TODO(feiskyer): remove this workaround after Hyper-V supports multiple containers per Pod.