mirror of https://github.com/k3s-io/k3s
319 lines
13 KiB
Go
319 lines
13 KiB
Go
/*
|
|
Copyright 2016 The Kubernetes Authors.
|
|
|
|
Licensed under the Apache License, Version 2.0 (the "License");
|
|
you may not use this file except in compliance with the License.
|
|
You may obtain a copy of the License at
|
|
|
|
http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
Unless required by applicable law or agreed to in writing, software
|
|
distributed under the License is distributed on an "AS IS" BASIS,
|
|
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
See the License for the specific language governing permissions and
|
|
limitations under the License.
|
|
*/
|
|
|
|
package kuberuntime
|
|
|
|
import (
|
|
"encoding/json"
|
|
"runtime"
|
|
"strconv"
|
|
|
|
v1 "k8s.io/api/core/v1"
|
|
kubetypes "k8s.io/apimachinery/pkg/types"
|
|
utilfeature "k8s.io/apiserver/pkg/util/feature"
|
|
"k8s.io/klog/v2"
|
|
"k8s.io/kubernetes/pkg/features"
|
|
kubecontainer "k8s.io/kubernetes/pkg/kubelet/container"
|
|
"k8s.io/kubernetes/pkg/kubelet/types"
|
|
sc "k8s.io/kubernetes/pkg/securitycontext"
|
|
)
|
|
|
|
const (
|
|
// TODO: change those label names to follow kubernetes's format
|
|
podDeletionGracePeriodLabel = "io.kubernetes.pod.deletionGracePeriod"
|
|
podTerminationGracePeriodLabel = "io.kubernetes.pod.terminationGracePeriod"
|
|
|
|
containerHashLabel = "io.kubernetes.container.hash"
|
|
containerRestartCountLabel = "io.kubernetes.container.restartCount"
|
|
containerTerminationMessagePathLabel = "io.kubernetes.container.terminationMessagePath"
|
|
containerTerminationMessagePolicyLabel = "io.kubernetes.container.terminationMessagePolicy"
|
|
containerPreStopHandlerLabel = "io.kubernetes.container.preStopHandler"
|
|
containerPortsLabel = "io.kubernetes.container.ports"
|
|
|
|
// TODO: remove this annotation when moving to beta for Windows hostprocess containers
|
|
// xref: https://github.com/kubernetes/kubernetes/pull/99576/commits/42fb66073214eed6fe43fa8b1586f396e30e73e3#r635392090
|
|
// Currently, ContainerD on Windows does not yet fully support HostProcess containers
|
|
// but will pass annotations to hcsshim which does have support.
|
|
windowsHostProcessContainer = "microsoft.com/hostprocess-container"
|
|
)
|
|
|
|
type labeledPodSandboxInfo struct {
|
|
// Labels from v1.Pod
|
|
Labels map[string]string
|
|
PodName string
|
|
PodNamespace string
|
|
PodUID kubetypes.UID
|
|
}
|
|
|
|
type annotatedPodSandboxInfo struct {
|
|
// Annotations from v1.Pod
|
|
Annotations map[string]string
|
|
}
|
|
|
|
type labeledContainerInfo struct {
|
|
ContainerName string
|
|
PodName string
|
|
PodNamespace string
|
|
PodUID kubetypes.UID
|
|
}
|
|
|
|
type annotatedContainerInfo struct {
|
|
Hash uint64
|
|
RestartCount int
|
|
PodDeletionGracePeriod *int64
|
|
PodTerminationGracePeriod *int64
|
|
TerminationMessagePath string
|
|
TerminationMessagePolicy v1.TerminationMessagePolicy
|
|
PreStopHandler *v1.Handler
|
|
ContainerPorts []v1.ContainerPort
|
|
}
|
|
|
|
// newPodLabels creates pod labels from v1.Pod.
|
|
func newPodLabels(pod *v1.Pod) map[string]string {
|
|
labels := map[string]string{}
|
|
|
|
// Get labels from v1.Pod
|
|
for k, v := range pod.Labels {
|
|
labels[k] = v
|
|
}
|
|
|
|
labels[types.KubernetesPodNameLabel] = pod.Name
|
|
labels[types.KubernetesPodNamespaceLabel] = pod.Namespace
|
|
labels[types.KubernetesPodUIDLabel] = string(pod.UID)
|
|
|
|
return labels
|
|
}
|
|
|
|
// newPodAnnotations creates pod annotations from v1.Pod.
|
|
func newPodAnnotations(pod *v1.Pod) map[string]string {
|
|
annotations := map[string]string{}
|
|
|
|
// Get annotations from v1.Pod
|
|
for k, v := range pod.Annotations {
|
|
annotations[k] = v
|
|
}
|
|
|
|
if runtime.GOOS == "windows" && utilfeature.DefaultFeatureGate.Enabled(features.WindowsHostProcessContainers) {
|
|
if kubecontainer.HasWindowsHostProcessContainer(pod) {
|
|
// While WindowsHostProcessContainers is in alpha pass 'microsoft.com/hostprocess-container' annotation
|
|
// to pod sandbox creations request. ContainerD on Windows does not yet fully support HostProcess
|
|
// containers but will pass annotations to hcsshim which does have support.
|
|
annotations[windowsHostProcessContainer] = "true"
|
|
}
|
|
}
|
|
|
|
return annotations
|
|
}
|
|
|
|
// newContainerLabels creates container labels from v1.Container and v1.Pod.
|
|
func newContainerLabels(container *v1.Container, pod *v1.Pod) map[string]string {
|
|
labels := map[string]string{}
|
|
labels[types.KubernetesPodNameLabel] = pod.Name
|
|
labels[types.KubernetesPodNamespaceLabel] = pod.Namespace
|
|
labels[types.KubernetesPodUIDLabel] = string(pod.UID)
|
|
labels[types.KubernetesContainerNameLabel] = container.Name
|
|
|
|
return labels
|
|
}
|
|
|
|
// newContainerAnnotations creates container annotations from v1.Container and v1.Pod.
|
|
func newContainerAnnotations(container *v1.Container, pod *v1.Pod, restartCount int, opts *kubecontainer.RunContainerOptions) map[string]string {
|
|
annotations := map[string]string{}
|
|
|
|
// Kubelet always overrides device plugin annotations if they are conflicting
|
|
for _, a := range opts.Annotations {
|
|
annotations[a.Name] = a.Value
|
|
}
|
|
|
|
annotations[containerHashLabel] = strconv.FormatUint(kubecontainer.HashContainer(container), 16)
|
|
annotations[containerRestartCountLabel] = strconv.Itoa(restartCount)
|
|
annotations[containerTerminationMessagePathLabel] = container.TerminationMessagePath
|
|
annotations[containerTerminationMessagePolicyLabel] = string(container.TerminationMessagePolicy)
|
|
|
|
if pod.DeletionGracePeriodSeconds != nil {
|
|
annotations[podDeletionGracePeriodLabel] = strconv.FormatInt(*pod.DeletionGracePeriodSeconds, 10)
|
|
}
|
|
if pod.Spec.TerminationGracePeriodSeconds != nil {
|
|
annotations[podTerminationGracePeriodLabel] = strconv.FormatInt(*pod.Spec.TerminationGracePeriodSeconds, 10)
|
|
}
|
|
|
|
if container.Lifecycle != nil && container.Lifecycle.PreStop != nil {
|
|
// Using json encoding so that the PreStop handler object is readable after writing as a label
|
|
rawPreStop, err := json.Marshal(container.Lifecycle.PreStop)
|
|
if err != nil {
|
|
klog.ErrorS(err, "Unable to marshal lifecycle PreStop handler for container", "containerName", container.Name, "pod", klog.KObj(pod))
|
|
} else {
|
|
annotations[containerPreStopHandlerLabel] = string(rawPreStop)
|
|
}
|
|
}
|
|
|
|
if len(container.Ports) > 0 {
|
|
rawContainerPorts, err := json.Marshal(container.Ports)
|
|
if err != nil {
|
|
klog.ErrorS(err, "Unable to marshal container ports for container", "containerName", container.Name, "pod", klog.KObj(pod))
|
|
} else {
|
|
annotations[containerPortsLabel] = string(rawContainerPorts)
|
|
}
|
|
}
|
|
|
|
if runtime.GOOS == "windows" && utilfeature.DefaultFeatureGate.Enabled(features.WindowsHostProcessContainers) {
|
|
if sc.HasWindowsHostProcessRequest(pod, container) {
|
|
// While WindowsHostProcessContainers is in alpha pass 'microsoft.com/hostprocess-container' annotation
|
|
// to create containers request. ContainerD on Windows does not yet fully support HostProcess containers
|
|
// but will pass annotations to hcsshim which does have support.
|
|
annotations[windowsHostProcessContainer] = "true"
|
|
}
|
|
}
|
|
|
|
return annotations
|
|
}
|
|
|
|
// getPodSandboxInfoFromLabels gets labeledPodSandboxInfo from labels.
|
|
func getPodSandboxInfoFromLabels(labels map[string]string) *labeledPodSandboxInfo {
|
|
podSandboxInfo := &labeledPodSandboxInfo{
|
|
Labels: make(map[string]string),
|
|
PodName: getStringValueFromLabel(labels, types.KubernetesPodNameLabel),
|
|
PodNamespace: getStringValueFromLabel(labels, types.KubernetesPodNamespaceLabel),
|
|
PodUID: kubetypes.UID(getStringValueFromLabel(labels, types.KubernetesPodUIDLabel)),
|
|
}
|
|
|
|
// Remain only labels from v1.Pod
|
|
for k, v := range labels {
|
|
if k != types.KubernetesPodNameLabel && k != types.KubernetesPodNamespaceLabel && k != types.KubernetesPodUIDLabel {
|
|
podSandboxInfo.Labels[k] = v
|
|
}
|
|
}
|
|
|
|
return podSandboxInfo
|
|
}
|
|
|
|
// getPodSandboxInfoFromAnnotations gets annotatedPodSandboxInfo from annotations.
|
|
func getPodSandboxInfoFromAnnotations(annotations map[string]string) *annotatedPodSandboxInfo {
|
|
return &annotatedPodSandboxInfo{
|
|
Annotations: annotations,
|
|
}
|
|
}
|
|
|
|
// getContainerInfoFromLabels gets labeledContainerInfo from labels.
|
|
func getContainerInfoFromLabels(labels map[string]string) *labeledContainerInfo {
|
|
return &labeledContainerInfo{
|
|
PodName: getStringValueFromLabel(labels, types.KubernetesPodNameLabel),
|
|
PodNamespace: getStringValueFromLabel(labels, types.KubernetesPodNamespaceLabel),
|
|
PodUID: kubetypes.UID(getStringValueFromLabel(labels, types.KubernetesPodUIDLabel)),
|
|
ContainerName: getStringValueFromLabel(labels, types.KubernetesContainerNameLabel),
|
|
}
|
|
}
|
|
|
|
// getContainerInfoFromAnnotations gets annotatedContainerInfo from annotations.
|
|
func getContainerInfoFromAnnotations(annotations map[string]string) *annotatedContainerInfo {
|
|
var err error
|
|
containerInfo := &annotatedContainerInfo{
|
|
TerminationMessagePath: getStringValueFromLabel(annotations, containerTerminationMessagePathLabel),
|
|
TerminationMessagePolicy: v1.TerminationMessagePolicy(getStringValueFromLabel(annotations, containerTerminationMessagePolicyLabel)),
|
|
}
|
|
|
|
if containerInfo.Hash, err = getUint64ValueFromLabel(annotations, containerHashLabel); err != nil {
|
|
klog.ErrorS(err, "Unable to get label value from annotations", "label", containerHashLabel, "annotations", annotations)
|
|
}
|
|
if containerInfo.RestartCount, err = getIntValueFromLabel(annotations, containerRestartCountLabel); err != nil {
|
|
klog.ErrorS(err, "Unable to get label value from annotations", "label", containerRestartCountLabel, "annotations", annotations)
|
|
}
|
|
if containerInfo.PodDeletionGracePeriod, err = getInt64PointerFromLabel(annotations, podDeletionGracePeriodLabel); err != nil {
|
|
klog.ErrorS(err, "Unable to get label value from annotations", "label", podDeletionGracePeriodLabel, "annotations", annotations)
|
|
}
|
|
if containerInfo.PodTerminationGracePeriod, err = getInt64PointerFromLabel(annotations, podTerminationGracePeriodLabel); err != nil {
|
|
klog.ErrorS(err, "Unable to get label value from annotations", "label", podTerminationGracePeriodLabel, "annotations", annotations)
|
|
}
|
|
|
|
preStopHandler := &v1.Handler{}
|
|
if found, err := getJSONObjectFromLabel(annotations, containerPreStopHandlerLabel, preStopHandler); err != nil {
|
|
klog.ErrorS(err, "Unable to get label value from annotations", "label", containerPreStopHandlerLabel, "annotations", annotations)
|
|
} else if found {
|
|
containerInfo.PreStopHandler = preStopHandler
|
|
}
|
|
|
|
containerPorts := []v1.ContainerPort{}
|
|
if found, err := getJSONObjectFromLabel(annotations, containerPortsLabel, &containerPorts); err != nil {
|
|
klog.ErrorS(err, "Unable to get label value from annotations", "label", containerPortsLabel, "annotations", annotations)
|
|
} else if found {
|
|
containerInfo.ContainerPorts = containerPorts
|
|
}
|
|
|
|
return containerInfo
|
|
}
|
|
|
|
func getStringValueFromLabel(labels map[string]string, label string) string {
|
|
if value, found := labels[label]; found {
|
|
return value
|
|
}
|
|
// Do not report error, because there should be many old containers without label now.
|
|
klog.V(3).InfoS("Container doesn't have requested label, it may be an old or invalid container", "label", label)
|
|
// Return empty string "" for these containers, the caller will get value by other ways.
|
|
return ""
|
|
}
|
|
|
|
func getIntValueFromLabel(labels map[string]string, label string) (int, error) {
|
|
if strValue, found := labels[label]; found {
|
|
intValue, err := strconv.Atoi(strValue)
|
|
if err != nil {
|
|
// This really should not happen. Just set value to 0 to handle this abnormal case
|
|
return 0, err
|
|
}
|
|
return intValue, nil
|
|
}
|
|
// Do not report error, because there should be many old containers without label now.
|
|
klog.V(3).InfoS("Container doesn't have requested label, it may be an old or invalid container", "label", label)
|
|
// Just set the value to 0
|
|
return 0, nil
|
|
}
|
|
|
|
func getUint64ValueFromLabel(labels map[string]string, label string) (uint64, error) {
|
|
if strValue, found := labels[label]; found {
|
|
intValue, err := strconv.ParseUint(strValue, 16, 64)
|
|
if err != nil {
|
|
// This really should not happen. Just set value to 0 to handle this abnormal case
|
|
return 0, err
|
|
}
|
|
return intValue, nil
|
|
}
|
|
// Do not report error, because there should be many old containers without label now.
|
|
klog.V(3).InfoS("Container doesn't have requested label, it may be an old or invalid container", "label", label)
|
|
// Just set the value to 0
|
|
return 0, nil
|
|
}
|
|
|
|
func getInt64PointerFromLabel(labels map[string]string, label string) (*int64, error) {
|
|
if strValue, found := labels[label]; found {
|
|
int64Value, err := strconv.ParseInt(strValue, 10, 64)
|
|
if err != nil {
|
|
return nil, err
|
|
}
|
|
return &int64Value, nil
|
|
}
|
|
// If the label is not found, return pointer nil.
|
|
return nil, nil
|
|
}
|
|
|
|
// getJSONObjectFromLabel returns a bool value indicating whether an object is found.
|
|
func getJSONObjectFromLabel(labels map[string]string, label string, value interface{}) (bool, error) {
|
|
if strValue, found := labels[label]; found {
|
|
err := json.Unmarshal([]byte(strValue), value)
|
|
return found, err
|
|
}
|
|
// If the label is not found, return not found.
|
|
return false, nil
|
|
}
|