mirror of https://github.com/k3s-io/k3s
Add updateCreateConfig.
Dong Liu
parent
9c2309b7cb
commit
6d07fc2f44
|
|
@ -132,47 +132,12 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeapi
|
|||
StdinOnce: config.StdinOnce,
|
||||
Tty: config.Tty,
|
||||
},
|
||||
HostConfig: &dockercontainer.HostConfig{
|
||||
Binds: generateMountBindings(config.GetMounts()),
|
||||
},
|
||||
}
|
||||
|
||||
// Fill the HostConfig.
|
||||
hc := &dockercontainer.HostConfig{
|
||||
Binds: generateMountBindings(config.GetMounts()),
|
||||
}
|
||||
|
||||
// Apply Linux-specific options if applicable.
|
||||
if lc := config.GetLinux(); lc != nil {
|
||||
// TODO: Check if the units are correct.
|
||||
// TODO: Can we assume the defaults are sane?
|
||||
rOpts := lc.GetResources()
|
||||
if rOpts != nil {
|
||||
hc.Resources = dockercontainer.Resources{
|
||||
Memory: rOpts.MemoryLimitInBytes,
|
||||
MemorySwap: DefaultMemorySwap(),
|
||||
CPUShares: rOpts.CpuShares,
|
||||
CPUQuota: rOpts.CpuQuota,
|
||||
CPUPeriod: rOpts.CpuPeriod,
|
||||
}
|
||||
hc.OomScoreAdj = int(rOpts.OomScoreAdj)
|
||||
}
|
||||
// Note: ShmSize is handled in kube_docker_client.go
|
||||
|
||||
// Apply security context.
|
||||
if err = applyContainerSecurityContext(lc, podSandboxID, createConfig.Config, hc, securityOptSep); err != nil {
|
||||
return "", fmt.Errorf("failed to apply container security context for container %q: %v", config.Metadata.Name, err)
|
||||
}
|
||||
modifyPIDNamespaceOverrides(ds.disableSharedPID, apiVersion, hc)
|
||||
}
|
||||
|
||||
// Apply cgroupsParent derived from the sandbox config.
|
||||
if lc := sandboxConfig.GetLinux(); lc != nil {
|
||||
// Apply Cgroup options.
|
||||
cgroupParent, err := ds.GenerateExpectedCgroupParent(lc.CgroupParent)
|
||||
if err != nil {
|
||||
return "", fmt.Errorf("failed to generate cgroup parent in expected syntax for container %q: %v", config.Metadata.Name, err)
|
||||
}
|
||||
hc.CgroupParent = cgroupParent
|
||||
}
|
||||
|
||||
hc := createConfig.HostConfig
|
||||
// Set devices for container.
|
||||
devices := make([]dockercontainer.DeviceMapping, len(config.Devices))
|
||||
for i, device := range config.Devices {
|
||||
|
|
@ -183,6 +148,7 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeapi
|
|||
}
|
||||
}
|
||||
hc.Resources.Devices = devices
|
||||
ds.updateCreateConfig(&createConfig, config, sandboxConfig, podSandboxID, securityOptSep, apiVersion)
|
||||
|
||||
securityOpts, err := ds.getSecurityOpts(config.Metadata.Name, sandboxConfig, securityOptSep)
|
||||
if err != nil {
|
||||
|
|
@ -190,7 +156,7 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeapi
|
|||
}
|
||||
|
||||
hc.SecurityOpt = append(hc.SecurityOpt, securityOpts...)
|
||||
createConfig.HostConfig = hc
|
||||
|
||||
createResp, err := ds.client.CreateContainer(createConfig)
|
||||
if err != nil {
|
||||
createResp, err = recoverFromCreationConflictIfNeeded(ds.client, createConfig, err)
|
||||
|
|
|
|||
|
|
@ -21,6 +21,9 @@ package dockershim
|
|||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/blang/semver"
|
||||
dockertypes "github.com/docker/engine-api/types"
|
||||
dockercontainer "github.com/docker/engine-api/types/container"
|
||||
runtimeapi "k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1"
|
||||
)
|
||||
|
||||
|
|
@ -37,3 +40,45 @@ func (ds *dockerService) getSecurityOpts(containerName string, sandboxConfig *ru
|
|||
|
||||
return seccompSecurityOpts, nil
|
||||
}
|
||||
|
||||
func (ds *dockerService) updateCreateConfig(
|
||||
createConfig *dockertypes.ContainerCreateConfig,
|
||||
config *runtimeapi.ContainerConfig,
|
||||
sandboxConfig *runtimeapi.PodSandboxConfig,
|
||||
podSandboxID string, securityOptSep rune, apiVersion *semver.Version) error {
|
||||
// Apply Linux-specific options if applicable.
|
||||
if lc := config.GetLinux(); lc != nil {
|
||||
// TODO: Check if the units are correct.
|
||||
// TODO: Can we assume the defaults are sane?
|
||||
rOpts := lc.GetResources()
|
||||
if rOpts != nil {
|
||||
createConfig.HostConfig.Resources = dockercontainer.Resources{
|
||||
Memory: rOpts.MemoryLimitInBytes,
|
||||
MemorySwap: DefaultMemorySwap(),
|
||||
CPUShares: rOpts.CpuShares,
|
||||
CPUQuota: rOpts.CpuQuota,
|
||||
CPUPeriod: rOpts.CpuPeriod,
|
||||
}
|
||||
createConfig.HostConfig.OomScoreAdj = int(rOpts.OomScoreAdj)
|
||||
}
|
||||
// Note: ShmSize is handled in kube_docker_client.go
|
||||
|
||||
// Apply security context.
|
||||
if err := applyContainerSecurityContext(lc, podSandboxID, createConfig.Config, createConfig.HostConfig, securityOptSep); err != nil {
|
||||
return fmt.Errorf("failed to apply container security context for container %q: %v", config.Metadata.Name, err)
|
||||
}
|
||||
modifyPIDNamespaceOverrides(ds.disableSharedPID, apiVersion, createConfig.HostConfig)
|
||||
}
|
||||
|
||||
// Apply cgroupsParent derived from the sandbox config.
|
||||
if lc := sandboxConfig.GetLinux(); lc != nil {
|
||||
// Apply Cgroup options.
|
||||
cgroupParent, err := ds.GenerateExpectedCgroupParent(lc.CgroupParent)
|
||||
if err != nil {
|
||||
return fmt.Errorf("failed to generate cgroup parent in expected syntax for container %q: %v", config.Metadata.Name, err)
|
||||
}
|
||||
createConfig.HostConfig.CgroupParent = cgroupParent
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,6 +19,8 @@ limitations under the License.
|
|||
package dockershim
|
||||
|
||||
import (
|
||||
"github.com/blang/semver"
|
||||
dockertypes "github.com/docker/engine-api/types"
|
||||
"github.com/golang/glog"
|
||||
runtimeapi "k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1"
|
||||
)
|
||||
|
|
@ -31,3 +33,12 @@ func (ds *dockerService) getSecurityOpts(containerName string, sandboxConfig *ru
|
|||
glog.Warningf("getSecurityOpts is unsupported in this build")
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
func (ds *dockerService) updateCreateConfig(
|
||||
createConfig *dockertypes.ContainerCreateConfig,
|
||||
config *runtimeapi.ContainerConfig,
|
||||
sandboxConfig *runtimeapi.PodSandboxConfig,
|
||||
podSandboxID string, securityOptSep rune, apiVersion *semver.Version) error {
|
||||
glog.Warningf("updateCreateConfig is unsupported in this build")
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,6 +19,11 @@ limitations under the License.
|
|||
package dockershim
|
||||
|
||||
import (
|
||||
"os"
|
||||
|
||||
"github.com/blang/semver"
|
||||
dockertypes "github.com/docker/engine-api/types"
|
||||
dockercontainer "github.com/docker/engine-api/types/container"
|
||||
"github.com/golang/glog"
|
||||
"k8s.io/kubernetes/pkg/api/v1"
|
||||
runtimeapi "k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1"
|
||||
|
|
@ -43,3 +48,15 @@ func (ds *dockerService) getSecurityOpts(containerName string, sandboxConfig *ru
|
|||
|
||||
return nil, nil
|
||||
}
|
||||
|
||||
func (ds *dockerService) updateCreateConfig(
|
||||
createConfig *dockertypes.ContainerCreateConfig,
|
||||
config *runtimeapi.ContainerConfig,
|
||||
sandboxConfig *runtimeapi.PodSandboxConfig,
|
||||
podSandboxID string, securityOptSep rune, apiVersion *semver.Version) error {
|
||||
if networkMode := os.Getenv("CONTAINER_NETWORK"); networkMode != "" {
|
||||
createConfig.HostConfig.NetworkMode = dockercontainer.NetworkMode(networkMode)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue