From 6d07fc2f4494f7e1020be356ee730c3c80a26b24 Mon Sep 17 00:00:00 2001 From: Dong Liu Date: Sat, 27 May 2017 23:06:46 -0500 Subject: [PATCH] Add updateCreateConfig. --- pkg/kubelet/dockershim/docker_container.go | 46 +++---------------- pkg/kubelet/dockershim/helpers_linux.go | 45 ++++++++++++++++++ pkg/kubelet/dockershim/helpers_unsupported.go | 11 +++++ pkg/kubelet/dockershim/helpers_windows.go | 17 +++++++ 4 files changed, 79 insertions(+), 40 deletions(-) diff --git a/pkg/kubelet/dockershim/docker_container.go b/pkg/kubelet/dockershim/docker_container.go index f48373d2d7..cab84f449e 100644 --- a/pkg/kubelet/dockershim/docker_container.go +++ b/pkg/kubelet/dockershim/docker_container.go @@ -132,47 +132,12 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeapi StdinOnce: config.StdinOnce, Tty: config.Tty, }, + HostConfig: &dockercontainer.HostConfig{ + Binds: generateMountBindings(config.GetMounts()), + }, } - // Fill the HostConfig. - hc := &dockercontainer.HostConfig{ - Binds: generateMountBindings(config.GetMounts()), - } - - // Apply Linux-specific options if applicable. - if lc := config.GetLinux(); lc != nil { - // TODO: Check if the units are correct. - // TODO: Can we assume the defaults are sane? - rOpts := lc.GetResources() - if rOpts != nil { - hc.Resources = dockercontainer.Resources{ - Memory: rOpts.MemoryLimitInBytes, - MemorySwap: DefaultMemorySwap(), - CPUShares: rOpts.CpuShares, - CPUQuota: rOpts.CpuQuota, - CPUPeriod: rOpts.CpuPeriod, - } - hc.OomScoreAdj = int(rOpts.OomScoreAdj) - } - // Note: ShmSize is handled in kube_docker_client.go - - // Apply security context. - if err = applyContainerSecurityContext(lc, podSandboxID, createConfig.Config, hc, securityOptSep); err != nil { - return "", fmt.Errorf("failed to apply container security context for container %q: %v", config.Metadata.Name, err) - } - modifyPIDNamespaceOverrides(ds.disableSharedPID, apiVersion, hc) - } - - // Apply cgroupsParent derived from the sandbox config. - if lc := sandboxConfig.GetLinux(); lc != nil { - // Apply Cgroup options. - cgroupParent, err := ds.GenerateExpectedCgroupParent(lc.CgroupParent) - if err != nil { - return "", fmt.Errorf("failed to generate cgroup parent in expected syntax for container %q: %v", config.Metadata.Name, err) - } - hc.CgroupParent = cgroupParent - } - + hc := createConfig.HostConfig // Set devices for container. devices := make([]dockercontainer.DeviceMapping, len(config.Devices)) for i, device := range config.Devices { @@ -183,6 +148,7 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeapi } } hc.Resources.Devices = devices + ds.updateCreateConfig(&createConfig, config, sandboxConfig, podSandboxID, securityOptSep, apiVersion) securityOpts, err := ds.getSecurityOpts(config.Metadata.Name, sandboxConfig, securityOptSep) if err != nil { @@ -190,7 +156,7 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeapi } hc.SecurityOpt = append(hc.SecurityOpt, securityOpts...) - createConfig.HostConfig = hc + createResp, err := ds.client.CreateContainer(createConfig) if err != nil { createResp, err = recoverFromCreationConflictIfNeeded(ds.client, createConfig, err) diff --git a/pkg/kubelet/dockershim/helpers_linux.go b/pkg/kubelet/dockershim/helpers_linux.go index 4b46376a56..4952d862ad 100644 --- a/pkg/kubelet/dockershim/helpers_linux.go +++ b/pkg/kubelet/dockershim/helpers_linux.go @@ -21,6 +21,9 @@ package dockershim import ( "fmt" + "github.com/blang/semver" + dockertypes "github.com/docker/engine-api/types" + dockercontainer "github.com/docker/engine-api/types/container" runtimeapi "k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1" ) @@ -37,3 +40,45 @@ func (ds *dockerService) getSecurityOpts(containerName string, sandboxConfig *ru return seccompSecurityOpts, nil } + +func (ds *dockerService) updateCreateConfig( + createConfig *dockertypes.ContainerCreateConfig, + config *runtimeapi.ContainerConfig, + sandboxConfig *runtimeapi.PodSandboxConfig, + podSandboxID string, securityOptSep rune, apiVersion *semver.Version) error { + // Apply Linux-specific options if applicable. + if lc := config.GetLinux(); lc != nil { + // TODO: Check if the units are correct. + // TODO: Can we assume the defaults are sane? + rOpts := lc.GetResources() + if rOpts != nil { + createConfig.HostConfig.Resources = dockercontainer.Resources{ + Memory: rOpts.MemoryLimitInBytes, + MemorySwap: DefaultMemorySwap(), + CPUShares: rOpts.CpuShares, + CPUQuota: rOpts.CpuQuota, + CPUPeriod: rOpts.CpuPeriod, + } + createConfig.HostConfig.OomScoreAdj = int(rOpts.OomScoreAdj) + } + // Note: ShmSize is handled in kube_docker_client.go + + // Apply security context. + if err := applyContainerSecurityContext(lc, podSandboxID, createConfig.Config, createConfig.HostConfig, securityOptSep); err != nil { + return fmt.Errorf("failed to apply container security context for container %q: %v", config.Metadata.Name, err) + } + modifyPIDNamespaceOverrides(ds.disableSharedPID, apiVersion, createConfig.HostConfig) + } + + // Apply cgroupsParent derived from the sandbox config. + if lc := sandboxConfig.GetLinux(); lc != nil { + // Apply Cgroup options. + cgroupParent, err := ds.GenerateExpectedCgroupParent(lc.CgroupParent) + if err != nil { + return fmt.Errorf("failed to generate cgroup parent in expected syntax for container %q: %v", config.Metadata.Name, err) + } + createConfig.HostConfig.CgroupParent = cgroupParent + } + + return nil +} diff --git a/pkg/kubelet/dockershim/helpers_unsupported.go b/pkg/kubelet/dockershim/helpers_unsupported.go index e707046cb5..36fd97a1f9 100644 --- a/pkg/kubelet/dockershim/helpers_unsupported.go +++ b/pkg/kubelet/dockershim/helpers_unsupported.go @@ -19,6 +19,8 @@ limitations under the License. package dockershim import ( + "github.com/blang/semver" + dockertypes "github.com/docker/engine-api/types" "github.com/golang/glog" runtimeapi "k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1" ) @@ -31,3 +33,12 @@ func (ds *dockerService) getSecurityOpts(containerName string, sandboxConfig *ru glog.Warningf("getSecurityOpts is unsupported in this build") return nil, nil } + +func (ds *dockerService) updateCreateConfig( + createConfig *dockertypes.ContainerCreateConfig, + config *runtimeapi.ContainerConfig, + sandboxConfig *runtimeapi.PodSandboxConfig, + podSandboxID string, securityOptSep rune, apiVersion *semver.Version) error { + glog.Warningf("updateCreateConfig is unsupported in this build") + return nil +} diff --git a/pkg/kubelet/dockershim/helpers_windows.go b/pkg/kubelet/dockershim/helpers_windows.go index a8687b7ea4..0ced8e7936 100644 --- a/pkg/kubelet/dockershim/helpers_windows.go +++ b/pkg/kubelet/dockershim/helpers_windows.go @@ -19,6 +19,11 @@ limitations under the License. package dockershim import ( + "os" + + "github.com/blang/semver" + dockertypes "github.com/docker/engine-api/types" + dockercontainer "github.com/docker/engine-api/types/container" "github.com/golang/glog" "k8s.io/kubernetes/pkg/api/v1" runtimeapi "k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1" @@ -43,3 +48,15 @@ func (ds *dockerService) getSecurityOpts(containerName string, sandboxConfig *ru return nil, nil } + +func (ds *dockerService) updateCreateConfig( + createConfig *dockertypes.ContainerCreateConfig, + config *runtimeapi.ContainerConfig, + sandboxConfig *runtimeapi.PodSandboxConfig, + podSandboxID string, securityOptSep rune, apiVersion *semver.Version) error { + if networkMode := os.Getenv("CONTAINER_NETWORK"); networkMode != "" { + createConfig.HostConfig.NetworkMode = dockercontainer.NetworkMode(networkMode) + } + + return nil +}