Add updateCreateConfig.

2017-05-27 23:06:46 -05:00 · 2017-05-27 23:06:46 -05:00 · 6d07fc2f44
parent 9c2309b7cb
commit 6d07fc2f44
4 changed files with 79 additions and 40 deletions
--- a/pkg/kubelet/dockershim/docker_container.go
+++ b/pkg/kubelet/dockershim/docker_container.go
@ -132,47 +132,12 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeapi
 			StdinOnce: config.StdinOnce,
 			Tty:       config.Tty,
 		},
-	}
-
-	// Fill the HostConfig.
-	hc := &dockercontainer.HostConfig{
+		HostConfig: &dockercontainer.HostConfig{
 			Binds: generateMountBindings(config.GetMounts()),
+		},
 	}

-	// Apply Linux-specific options if applicable.
-	if lc := config.GetLinux(); lc != nil {
-		// TODO: Check if the units are correct.
-		// TODO: Can we assume the defaults are sane?
-		rOpts := lc.GetResources()
-		if rOpts != nil {
-			hc.Resources = dockercontainer.Resources{
-				Memory:     rOpts.MemoryLimitInBytes,
-				MemorySwap: DefaultMemorySwap(),
-				CPUShares:  rOpts.CpuShares,
-				CPUQuota:   rOpts.CpuQuota,
-				CPUPeriod:  rOpts.CpuPeriod,
-			}
-			hc.OomScoreAdj = int(rOpts.OomScoreAdj)
-		}
-		// Note: ShmSize is handled in kube_docker_client.go
-
-		// Apply security context.
-		if err = applyContainerSecurityContext(lc, podSandboxID, createConfig.Config, hc, securityOptSep); err != nil {
-			return "", fmt.Errorf("failed to apply container security context for container %q: %v", config.Metadata.Name, err)
-		}
-		modifyPIDNamespaceOverrides(ds.disableSharedPID, apiVersion, hc)
-	}
-
-	// Apply cgroupsParent derived from the sandbox config.
-	if lc := sandboxConfig.GetLinux(); lc != nil {
-		// Apply Cgroup options.
-		cgroupParent, err := ds.GenerateExpectedCgroupParent(lc.CgroupParent)
-		if err != nil {
-			return "", fmt.Errorf("failed to generate cgroup parent in expected syntax for container %q: %v", config.Metadata.Name, err)
-		}
-		hc.CgroupParent = cgroupParent
-	}
-
+	hc := createConfig.HostConfig
 	// Set devices for container.
 	devices := make([]dockercontainer.DeviceMapping, len(config.Devices))
 	for i, device := range config.Devices {
@ -183,6 +148,7 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeapi
 		}
 	}
 	hc.Resources.Devices = devices
+	ds.updateCreateConfig(&createConfig, config, sandboxConfig, podSandboxID, securityOptSep, apiVersion)

 	securityOpts, err := ds.getSecurityOpts(config.Metadata.Name, sandboxConfig, securityOptSep)
 	if err != nil {
@ -190,7 +156,7 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeapi
 	}

 	hc.SecurityOpt = append(hc.SecurityOpt, securityOpts...)
-	createConfig.HostConfig = hc
+
 	createResp, err := ds.client.CreateContainer(createConfig)
 	if err != nil {
 		createResp, err = recoverFromCreationConflictIfNeeded(ds.client, createConfig, err)
--- a/pkg/kubelet/dockershim/helpers_linux.go
+++ b/pkg/kubelet/dockershim/helpers_linux.go
@ -21,6 +21,9 @@ package dockershim
 import (
 	"fmt"

+	"github.com/blang/semver"
+	dockertypes "github.com/docker/engine-api/types"
+	dockercontainer "github.com/docker/engine-api/types/container"
 	runtimeapi "k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1"
 )

@ -37,3 +40,45 @@ func (ds *dockerService) getSecurityOpts(containerName string, sandboxConfig *ru

 	return seccompSecurityOpts, nil
 }
+
+func (ds *dockerService) updateCreateConfig(
+	createConfig *dockertypes.ContainerCreateConfig,
+	config *runtimeapi.ContainerConfig,
+	sandboxConfig *runtimeapi.PodSandboxConfig,
+	podSandboxID string, securityOptSep rune, apiVersion *semver.Version) error {
+	// Apply Linux-specific options if applicable.
+	if lc := config.GetLinux(); lc != nil {
+		// TODO: Check if the units are correct.
+		// TODO: Can we assume the defaults are sane?
+		rOpts := lc.GetResources()
+		if rOpts != nil {
+			createConfig.HostConfig.Resources = dockercontainer.Resources{
+				Memory:     rOpts.MemoryLimitInBytes,
+				MemorySwap: DefaultMemorySwap(),
+				CPUShares:  rOpts.CpuShares,
+				CPUQuota:   rOpts.CpuQuota,
+				CPUPeriod:  rOpts.CpuPeriod,
+			}
+			createConfig.HostConfig.OomScoreAdj = int(rOpts.OomScoreAdj)
+		}
+		// Note: ShmSize is handled in kube_docker_client.go
+
+		// Apply security context.
+		if err := applyContainerSecurityContext(lc, podSandboxID, createConfig.Config, createConfig.HostConfig, securityOptSep); err != nil {
+			return fmt.Errorf("failed to apply container security context for container %q: %v", config.Metadata.Name, err)
+		}
+		modifyPIDNamespaceOverrides(ds.disableSharedPID, apiVersion, createConfig.HostConfig)
+	}
+
+	// Apply cgroupsParent derived from the sandbox config.
+	if lc := sandboxConfig.GetLinux(); lc != nil {
+		// Apply Cgroup options.
+		cgroupParent, err := ds.GenerateExpectedCgroupParent(lc.CgroupParent)
+		if err != nil {
+			return fmt.Errorf("failed to generate cgroup parent in expected syntax for container %q: %v", config.Metadata.Name, err)
+		}
+		createConfig.HostConfig.CgroupParent = cgroupParent
+	}
+
+	return nil
+}
--- a/pkg/kubelet/dockershim/helpers_unsupported.go
+++ b/pkg/kubelet/dockershim/helpers_unsupported.go
@ -19,6 +19,8 @@ limitations under the License.
 package dockershim

 import (
+	"github.com/blang/semver"
+	dockertypes "github.com/docker/engine-api/types"
 	"github.com/golang/glog"
 	runtimeapi "k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1"
 )
@ -31,3 +33,12 @@ func (ds *dockerService) getSecurityOpts(containerName string, sandboxConfig *ru
 	glog.Warningf("getSecurityOpts is unsupported in this build")
 	return nil, nil
 }
+
+func (ds *dockerService) updateCreateConfig(
+	createConfig *dockertypes.ContainerCreateConfig,
+	config *runtimeapi.ContainerConfig,
+	sandboxConfig *runtimeapi.PodSandboxConfig,
+	podSandboxID string, securityOptSep rune, apiVersion *semver.Version) error {
+	glog.Warningf("updateCreateConfig is unsupported in this build")
+	return nil
+}
--- a/pkg/kubelet/dockershim/helpers_windows.go
+++ b/pkg/kubelet/dockershim/helpers_windows.go
@ -19,6 +19,11 @@ limitations under the License.
 package dockershim

 import (
+	"os"
+
+	"github.com/blang/semver"
+	dockertypes "github.com/docker/engine-api/types"
+	dockercontainer "github.com/docker/engine-api/types/container"
 	"github.com/golang/glog"
 	"k8s.io/kubernetes/pkg/api/v1"
 	runtimeapi "k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1"
@ -43,3 +48,15 @@ func (ds *dockerService) getSecurityOpts(containerName string, sandboxConfig *ru

 	return nil, nil
 }
+
+func (ds *dockerService) updateCreateConfig(
+	createConfig *dockertypes.ContainerCreateConfig,
+	config *runtimeapi.ContainerConfig,
+	sandboxConfig *runtimeapi.PodSandboxConfig,
+	podSandboxID string, securityOptSep rune, apiVersion *semver.Version) error {
+	if networkMode := os.Getenv("CONTAINER_NETWORK"); networkMode != "" {
+		createConfig.HostConfig.NetworkMode = dockercontainer.NetworkMode(networkMode)
+	}
+
+	return nil
+}