summaryrefslogtreecommitdiffhomepage
path: root/pkg/shim/v1/utils
diff options
context:
space:
mode:
Diffstat (limited to 'pkg/shim/v1/utils')
-rw-r--r--pkg/shim/v1/utils/BUILD27
-rw-r--r--pkg/shim/v1/utils/annotations.go25
-rw-r--r--pkg/shim/v1/utils/utils.go57
-rw-r--r--pkg/shim/v1/utils/volumes.go155
-rw-r--r--pkg/shim/v1/utils/volumes_test.go308
5 files changed, 0 insertions, 572 deletions
diff --git a/pkg/shim/v1/utils/BUILD b/pkg/shim/v1/utils/BUILD
deleted file mode 100644
index 54a0aabb7..000000000
--- a/pkg/shim/v1/utils/BUILD
+++ /dev/null
@@ -1,27 +0,0 @@
-load("//tools:defs.bzl", "go_library", "go_test")
-
-package(licenses = ["notice"])
-
-go_library(
- name = "utils",
- srcs = [
- "annotations.go",
- "utils.go",
- "volumes.go",
- ],
- visibility = [
- "//pkg/shim:__subpackages__",
- "//shim:__subpackages__",
- ],
- deps = [
- "@com_github_opencontainers_runtime_spec//specs-go:go_default_library",
- ],
-)
-
-go_test(
- name = "utils_test",
- size = "small",
- srcs = ["volumes_test.go"],
- library = ":utils",
- deps = ["@com_github_opencontainers_runtime_spec//specs-go:go_default_library"],
-)
diff --git a/pkg/shim/v1/utils/annotations.go b/pkg/shim/v1/utils/annotations.go
deleted file mode 100644
index 1e9d3f365..000000000
--- a/pkg/shim/v1/utils/annotations.go
+++ /dev/null
@@ -1,25 +0,0 @@
-// Copyright 2018 The gVisor Authors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// https://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package utils
-
-// Annotations from the CRI annotations package.
-//
-// These are vendor due to import conflicts.
-const (
- sandboxLogDirAnnotation = "io.kubernetes.cri.sandbox-log-directory"
- containerTypeAnnotation = "io.kubernetes.cri.container-type"
- containerTypeSandbox = "sandbox"
- containerTypeContainer = "container"
-)
diff --git a/pkg/shim/v1/utils/utils.go b/pkg/shim/v1/utils/utils.go
deleted file mode 100644
index 21e75d16d..000000000
--- a/pkg/shim/v1/utils/utils.go
+++ /dev/null
@@ -1,57 +0,0 @@
-// Copyright 2018 The gVisor Authors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// https://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-// Package utils contains utility functions.
-package utils
-
-import (
- "encoding/json"
- "io/ioutil"
- "os"
- "path/filepath"
-
- specs "github.com/opencontainers/runtime-spec/specs-go"
-)
-
-// ReadSpec reads OCI spec from the bundle directory.
-func ReadSpec(bundle string) (*specs.Spec, error) {
- f, err := os.Open(filepath.Join(bundle, "config.json"))
- if err != nil {
- return nil, err
- }
- b, err := ioutil.ReadAll(f)
- if err != nil {
- return nil, err
- }
- var spec specs.Spec
- if err := json.Unmarshal(b, &spec); err != nil {
- return nil, err
- }
- return &spec, nil
-}
-
-// IsSandbox checks whether a container is a sandbox container.
-func IsSandbox(spec *specs.Spec) bool {
- t, ok := spec.Annotations[containerTypeAnnotation]
- return !ok || t == containerTypeSandbox
-}
-
-// UserLogPath gets user log path from OCI annotation.
-func UserLogPath(spec *specs.Spec) string {
- sandboxLogDir := spec.Annotations[sandboxLogDirAnnotation]
- if sandboxLogDir == "" {
- return ""
- }
- return filepath.Join(sandboxLogDir, "gvisor.log")
-}
diff --git a/pkg/shim/v1/utils/volumes.go b/pkg/shim/v1/utils/volumes.go
deleted file mode 100644
index 52a428179..000000000
--- a/pkg/shim/v1/utils/volumes.go
+++ /dev/null
@@ -1,155 +0,0 @@
-// Copyright 2018 The gVisor Authors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// https://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package utils
-
-import (
- "encoding/json"
- "fmt"
- "io/ioutil"
- "path/filepath"
- "strings"
-
- specs "github.com/opencontainers/runtime-spec/specs-go"
-)
-
-const volumeKeyPrefix = "dev.gvisor.spec.mount."
-
-var kubeletPodsDir = "/var/lib/kubelet/pods"
-
-// volumeName gets volume name from volume annotation key, example:
-// dev.gvisor.spec.mount.NAME.share
-func volumeName(k string) string {
- return strings.SplitN(strings.TrimPrefix(k, volumeKeyPrefix), ".", 2)[0]
-}
-
-// volumeFieldName gets volume field name from volume annotation key, example:
-// `type` is the field of dev.gvisor.spec.mount.NAME.type
-func volumeFieldName(k string) string {
- parts := strings.Split(strings.TrimPrefix(k, volumeKeyPrefix), ".")
- return parts[len(parts)-1]
-}
-
-// podUID gets pod UID from the pod log path.
-func podUID(s *specs.Spec) (string, error) {
- sandboxLogDir := s.Annotations[sandboxLogDirAnnotation]
- if sandboxLogDir == "" {
- return "", fmt.Errorf("no sandbox log path annotation")
- }
- fields := strings.Split(filepath.Base(sandboxLogDir), "_")
- switch len(fields) {
- case 1: // This is the old CRI logging path.
- return fields[0], nil
- case 3: // This is the new CRI logging path.
- return fields[2], nil
- }
- return "", fmt.Errorf("unexpected sandbox log path %q", sandboxLogDir)
-}
-
-// isVolumeKey checks whether an annotation key is for volume.
-func isVolumeKey(k string) bool {
- return strings.HasPrefix(k, volumeKeyPrefix)
-}
-
-// volumeSourceKey constructs the annotation key for volume source.
-func volumeSourceKey(volume string) string {
- return volumeKeyPrefix + volume + ".source"
-}
-
-// volumePath searches the volume path in the kubelet pod directory.
-func volumePath(volume, uid string) (string, error) {
- // TODO: Support subpath when gvisor supports pod volume bind mount.
- volumeSearchPath := fmt.Sprintf("%s/%s/volumes/*/%s", kubeletPodsDir, uid, volume)
- dirs, err := filepath.Glob(volumeSearchPath)
- if err != nil {
- return "", err
- }
- if len(dirs) != 1 {
- return "", fmt.Errorf("unexpected matched volume list %v", dirs)
- }
- return dirs[0], nil
-}
-
-// isVolumePath checks whether a string is the volume path.
-func isVolumePath(volume, path string) (bool, error) {
- // TODO: Support subpath when gvisor supports pod volume bind mount.
- volumeSearchPath := fmt.Sprintf("%s/*/volumes/*/%s", kubeletPodsDir, volume)
- return filepath.Match(volumeSearchPath, path)
-}
-
-// UpdateVolumeAnnotations add necessary OCI annotations for gvisor
-// volume optimization.
-func UpdateVolumeAnnotations(bundle string, s *specs.Spec) error {
- var (
- uid string
- err error
- )
- if IsSandbox(s) {
- uid, err = podUID(s)
- if err != nil {
- // Skip if we can't get pod UID, because this doesn't work
- // for containerd 1.1.
- return nil
- }
- }
- var updated bool
- for k, v := range s.Annotations {
- if !isVolumeKey(k) {
- continue
- }
- if volumeFieldName(k) != "type" {
- continue
- }
- volume := volumeName(k)
- if uid != "" {
- // This is a sandbox.
- path, err := volumePath(volume, uid)
- if err != nil {
- return fmt.Errorf("get volume path for %q: %w", volume, err)
- }
- s.Annotations[volumeSourceKey(volume)] = path
- updated = true
- } else {
- // This is a container.
- for i := range s.Mounts {
- // An error is returned for sandbox if source
- // annotation is not successfully applied, so
- // it is guaranteed that the source annotation
- // for sandbox has already been successfully
- // applied at this point.
- //
- // The volume name is unique inside a pod, so
- // matching without podUID is fine here.
- //
- // TODO: Pass podUID down to shim for containers to do
- // more accurate matching.
- if yes, _ := isVolumePath(volume, s.Mounts[i].Source); yes {
- // gVisor requires the container mount type to match
- // sandbox mount type.
- s.Mounts[i].Type = v
- updated = true
- }
- }
- }
- }
- if !updated {
- return nil
- }
- // Update bundle.
- b, err := json.Marshal(s)
- if err != nil {
- return err
- }
- return ioutil.WriteFile(filepath.Join(bundle, "config.json"), b, 0666)
-}
diff --git a/pkg/shim/v1/utils/volumes_test.go b/pkg/shim/v1/utils/volumes_test.go
deleted file mode 100644
index 3e02c6151..000000000
--- a/pkg/shim/v1/utils/volumes_test.go
+++ /dev/null
@@ -1,308 +0,0 @@
-// Copyright 2019 The gVisor Authors.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-// https://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package utils
-
-import (
- "encoding/json"
- "fmt"
- "io/ioutil"
- "os"
- "path/filepath"
- "reflect"
- "testing"
-
- specs "github.com/opencontainers/runtime-spec/specs-go"
-)
-
-func TestUpdateVolumeAnnotations(t *testing.T) {
- dir, err := ioutil.TempDir("", "test-update-volume-annotations")
- if err != nil {
- t.Fatalf("create tempdir: %v", err)
- }
- defer os.RemoveAll(dir)
- kubeletPodsDir = dir
-
- const (
- testPodUID = "testuid"
- testVolumeName = "testvolume"
- testLogDirPath = "/var/log/pods/testns_testname_" + testPodUID
- testLegacyLogDirPath = "/var/log/pods/" + testPodUID
- )
- testVolumePath := fmt.Sprintf("%s/%s/volumes/kubernetes.io~empty-dir/%s", dir, testPodUID, testVolumeName)
-
- if err := os.MkdirAll(testVolumePath, 0755); err != nil {
- t.Fatalf("Create test volume: %v", err)
- }
-
- for _, test := range []struct {
- desc string
- spec *specs.Spec
- expected *specs.Spec
- expectErr bool
- expectUpdate bool
- }{
- {
- desc: "volume annotations for sandbox",
- spec: &specs.Spec{
- Annotations: map[string]string{
- sandboxLogDirAnnotation: testLogDirPath,
- containerTypeAnnotation: containerTypeSandbox,
- "dev.gvisor.spec.mount." + testVolumeName + ".share": "pod",
- "dev.gvisor.spec.mount." + testVolumeName + ".type": "tmpfs",
- "dev.gvisor.spec.mount." + testVolumeName + ".options": "ro",
- },
- },
- expected: &specs.Spec{
- Annotations: map[string]string{
- sandboxLogDirAnnotation: testLogDirPath,
- containerTypeAnnotation: containerTypeSandbox,
- "dev.gvisor.spec.mount." + testVolumeName + ".share": "pod",
- "dev.gvisor.spec.mount." + testVolumeName + ".type": "tmpfs",
- "dev.gvisor.spec.mount." + testVolumeName + ".options": "ro",
- "dev.gvisor.spec.mount." + testVolumeName + ".source": testVolumePath,
- },
- },
- expectUpdate: true,
- },
- {
- desc: "volume annotations for sandbox with legacy log path",
- spec: &specs.Spec{
- Annotations: map[string]string{
- sandboxLogDirAnnotation: testLegacyLogDirPath,
- containerTypeAnnotation: containerTypeSandbox,
- "dev.gvisor.spec.mount." + testVolumeName + ".share": "pod",
- "dev.gvisor.spec.mount." + testVolumeName + ".type": "tmpfs",
- "dev.gvisor.spec.mount." + testVolumeName + ".options": "ro",
- },
- },
- expected: &specs.Spec{
- Annotations: map[string]string{
- sandboxLogDirAnnotation: testLegacyLogDirPath,
- containerTypeAnnotation: containerTypeSandbox,
- "dev.gvisor.spec.mount." + testVolumeName + ".share": "pod",
- "dev.gvisor.spec.mount." + testVolumeName + ".type": "tmpfs",
- "dev.gvisor.spec.mount." + testVolumeName + ".options": "ro",
- "dev.gvisor.spec.mount." + testVolumeName + ".source": testVolumePath,
- },
- },
- expectUpdate: true,
- },
- {
- desc: "tmpfs: volume annotations for container",
- spec: &specs.Spec{
- Mounts: []specs.Mount{
- {
- Destination: "/test",
- Type: "bind",
- Source: testVolumePath,
- Options: []string{"ro"},
- },
- {
- Destination: "/random",
- Type: "bind",
- Source: "/random",
- Options: []string{"ro"},
- },
- },
- Annotations: map[string]string{
- containerTypeAnnotation: containerTypeContainer,
- "dev.gvisor.spec.mount." + testVolumeName + ".share": "pod",
- "dev.gvisor.spec.mount." + testVolumeName + ".type": "tmpfs",
- "dev.gvisor.spec.mount." + testVolumeName + ".options": "ro",
- },
- },
- expected: &specs.Spec{
- Mounts: []specs.Mount{
- {
- Destination: "/test",
- Type: "tmpfs",
- Source: testVolumePath,
- Options: []string{"ro"},
- },
- {
- Destination: "/random",
- Type: "bind",
- Source: "/random",
- Options: []string{"ro"},
- },
- },
- Annotations: map[string]string{
- containerTypeAnnotation: containerTypeContainer,
- "dev.gvisor.spec.mount." + testVolumeName + ".share": "pod",
- "dev.gvisor.spec.mount." + testVolumeName + ".type": "tmpfs",
- "dev.gvisor.spec.mount." + testVolumeName + ".options": "ro",
- },
- },
- expectUpdate: true,
- },
- {
- desc: "bind: volume annotations for container",
- spec: &specs.Spec{
- Mounts: []specs.Mount{
- {
- Destination: "/test",
- Type: "bind",
- Source: testVolumePath,
- Options: []string{"ro"},
- },
- },
- Annotations: map[string]string{
- containerTypeAnnotation: containerTypeContainer,
- "dev.gvisor.spec.mount." + testVolumeName + ".share": "container",
- "dev.gvisor.spec.mount." + testVolumeName + ".type": "bind",
- "dev.gvisor.spec.mount." + testVolumeName + ".options": "ro",
- },
- },
- expected: &specs.Spec{
- Mounts: []specs.Mount{
- {
- Destination: "/test",
- Type: "bind",
- Source: testVolumePath,
- Options: []string{"ro"},
- },
- },
- Annotations: map[string]string{
- containerTypeAnnotation: containerTypeContainer,
- "dev.gvisor.spec.mount." + testVolumeName + ".share": "container",
- "dev.gvisor.spec.mount." + testVolumeName + ".type": "bind",
- "dev.gvisor.spec.mount." + testVolumeName + ".options": "ro",
- },
- },
- expectUpdate: true,
- },
- {
- desc: "should not return error without pod log directory",
- spec: &specs.Spec{
- Annotations: map[string]string{
- containerTypeAnnotation: containerTypeSandbox,
- "dev.gvisor.spec.mount." + testVolumeName + ".share": "pod",
- "dev.gvisor.spec.mount." + testVolumeName + ".type": "tmpfs",
- "dev.gvisor.spec.mount." + testVolumeName + ".options": "ro",
- },
- },
- expected: &specs.Spec{
- Annotations: map[string]string{
- containerTypeAnnotation: containerTypeSandbox,
- "dev.gvisor.spec.mount." + testVolumeName + ".share": "pod",
- "dev.gvisor.spec.mount." + testVolumeName + ".type": "tmpfs",
- "dev.gvisor.spec.mount." + testVolumeName + ".options": "ro",
- },
- },
- },
- {
- desc: "should return error if volume path does not exist",
- spec: &specs.Spec{
- Annotations: map[string]string{
- sandboxLogDirAnnotation: testLogDirPath,
- containerTypeAnnotation: containerTypeSandbox,
- "dev.gvisor.spec.mount.notexist.share": "pod",
- "dev.gvisor.spec.mount.notexist.type": "tmpfs",
- "dev.gvisor.spec.mount.notexist.options": "ro",
- },
- },
- expectErr: true,
- },
- {
- desc: "no volume annotations for sandbox",
- spec: &specs.Spec{
- Annotations: map[string]string{
- sandboxLogDirAnnotation: testLogDirPath,
- containerTypeAnnotation: containerTypeSandbox,
- },
- },
- expected: &specs.Spec{
- Annotations: map[string]string{
- sandboxLogDirAnnotation: testLogDirPath,
- containerTypeAnnotation: containerTypeSandbox,
- },
- },
- },
- {
- desc: "no volume annotations for container",
- spec: &specs.Spec{
- Mounts: []specs.Mount{
- {
- Destination: "/test",
- Type: "bind",
- Source: "/test",
- Options: []string{"ro"},
- },
- {
- Destination: "/random",
- Type: "bind",
- Source: "/random",
- Options: []string{"ro"},
- },
- },
- Annotations: map[string]string{
- containerTypeAnnotation: containerTypeContainer,
- },
- },
- expected: &specs.Spec{
- Mounts: []specs.Mount{
- {
- Destination: "/test",
- Type: "bind",
- Source: "/test",
- Options: []string{"ro"},
- },
- {
- Destination: "/random",
- Type: "bind",
- Source: "/random",
- Options: []string{"ro"},
- },
- },
- Annotations: map[string]string{
- containerTypeAnnotation: containerTypeContainer,
- },
- },
- },
- } {
- t.Run(test.desc, func(t *testing.T) {
- bundle, err := ioutil.TempDir(dir, "test-bundle")
- if err != nil {
- t.Fatalf("Create test bundle: %v", err)
- }
- err = UpdateVolumeAnnotations(bundle, test.spec)
- if test.expectErr {
- if err == nil {
- t.Fatal("Expected error, but got nil")
- }
- return
- }
- if err != nil {
- t.Fatalf("Unexpected error: %v", err)
- }
- if !reflect.DeepEqual(test.expected, test.spec) {
- t.Fatalf("Expected %+v, got %+v", test.expected, test.spec)
- }
- if test.expectUpdate {
- b, err := ioutil.ReadFile(filepath.Join(bundle, "config.json"))
- if err != nil {
- t.Fatalf("Read spec from bundle: %v", err)
- }
- var spec specs.Spec
- if err := json.Unmarshal(b, &spec); err != nil {
- t.Fatalf("Unmarshal spec: %v", err)
- }
- if !reflect.DeepEqual(test.expected, &spec) {
- t.Fatalf("Expected %+v, got %+v", test.expected, &spec)
- }
- }
- })
- }
-}