github/kata-containers
1
0
Fork 1
mirror of https://github.com/kata-containers/kata-containers.git synced 2025-06-24 22:43:05 +00:00
Code Issues Projects Releases Wiki Activity

katautils: Pass the nerdctl netns annotation to the OCI hooks

Browse Source 
We need to let nerdctl know which namespace to use when calling the
selected CNI plugin.
See https://github.com/containerd/nerdctl/issues/787

Fixes: #1935

Signed-off-by: Samuel Ortiz <s.ortiz@apple.com>
This commit is contained in:
Samuel Ortiz 2022-02-14 10:23:34 +01:00
parent a871a33b65
commit 4f96e3eae3
2 changed files with 46 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/runtime/pkg/katautils/create.go
View File

@ -155,6 +155,12 @@ func CreateSandbox(ctx context.Context, vci vc.VC, ociSpec specs.Spec, runtimeCo
} }
}() }()
if ociSpec.Annotations == nil {
ociSpec.Annotations = make(map[string]string)
}
ociSpec.Annotations["nerdctl/network-namespace"] = sandboxConfig.NetworkConfig.NetworkID
sandboxConfig.Annotations["nerdctl/network-namespace"] = ociSpec.Annotations["nerdctl/network-namespace"]
// Run pre-start OCI hooks, in the runtime namespace. // Run pre-start OCI hooks, in the runtime namespace.
if err := PreStartHooks(ctx, ociSpec, containerID, bundlePath); err != nil { if err := PreStartHooks(ctx, ociSpec, containerID, bundlePath); err != nil {
return nil, vc.Process{}, err return nil, vc.Process{}, err

40
src/runtime/pkg/katautils/create_test.go
View File

@ -264,6 +264,46 @@ func TestCreateSandboxFail(t *testing.T) {
assert.True(vcmock.IsMockError(err)) assert.True(vcmock.IsMockError(err))
} }
func TestCreateSandboxAnnotations(t *testing.T) {
if tc.NotValid(ktu.NeedRoot()) {
t.Skip(ktu.TestDisabledNeedRoot)
}
assert := assert.New(t)
tmpdir, bundlePath, _ := ktu.SetupOCIConfigFile(t)
defer os.RemoveAll(tmpdir)
runtimeConfig, err := newTestRuntimeConfig(tmpdir, testConsole, true)
assert.NoError(err)
spec, err := compatoci.ParseConfigJSON(bundlePath)
assert.NoError(err)
rootFs := vc.RootFs{Mounted: true}
testingImpl.CreateSandboxFunc = func(ctx context.Context, sandboxConfig vc.SandboxConfig) (vc.VCSandbox, error) {
return &vcmock.Sandbox{
MockID: testSandboxID,
MockContainers: []*vcmock.Container{
{MockID: testContainerID},
},
MockAnnotations: sandboxConfig.Annotations,
}, nil
}
defer func() {
testingImpl.CreateSandboxFunc = nil
}()
sandbox, _, err := CreateSandbox(context.Background(), testingImpl, spec, runtimeConfig, rootFs, testContainerID, bundlePath, testConsole, true, true)
assert.NoError(err)
netNsPath, err := sandbox.Annotations("nerdctl/network-namespace")
assert.NoError(err)
assert.Equal(path.Dir(netNsPath), "/var/run/netns")
}
func TestCheckForFips(t *testing.T) { func TestCheckForFips(t *testing.T) {
assert := assert.New(t) assert := assert.New(t)