agent: support bind mounts between containers

This feature supports creating bind mounts directly between containers through annotations. Fixes: #6715 Signed-off-by: HanZiyao <h56983577@126.com>
2025-10-22 20:39:41 +00:00 · 2023-10-12 18:09:46 +08:00
parent 4c3a664358
commit a3b003c345
19 changed files with 598 additions and 11 deletions
--- a/src/runtime-rs/crates/agent/src/kata/trans.rs
+++ b/src/runtime-rs/crates/agent/src/kata/trans.rs
@@ -22,10 +22,10 @@ use crate::{
        MemoryStats, MetricsResponse, NetworkStats, OnlineCPUMemRequest, PidsStats,
        ReadStreamRequest, ReadStreamResponse, RemoveContainerRequest, ReseedRandomDevRequest,
        ResizeVolumeRequest, Route, Routes, SetGuestDateTimeRequest, SetIPTablesRequest,
-        SetIPTablesResponse, SignalProcessRequest, StatsContainerResponse, Storage, StringUser,
-        ThrottlingData, TtyWinResizeRequest, UpdateContainerRequest, UpdateInterfaceRequest,
-        UpdateRoutesRequest, VersionCheckResponse, VolumeStatsRequest, VolumeStatsResponse,
-        WaitProcessRequest, WriteStreamRequest,
+        SetIPTablesResponse, SharedMount, SignalProcessRequest, StatsContainerResponse, Storage,
+        StringUser, ThrottlingData, TtyWinResizeRequest, UpdateContainerRequest,
+        UpdateInterfaceRequest, UpdateRoutesRequest, VersionCheckResponse, VolumeStatsRequest,
+        VolumeStatsResponse, WaitProcessRequest, WriteStreamRequest,
    },
    OomEventResponse, WaitProcessResponse, WriteStreamResponse,
 };
@@ -117,6 +117,19 @@ impl From<Storage> for agent::Storage {
    }
 }

+impl From<SharedMount> for agent::SharedMount {
+    fn from(from: SharedMount) -> Self {
+        Self {
+            name: from.name,
+            src_ctr: from.src_ctr,
+            src_path: from.src_path,
+            dst_ctr: from.dst_ctr,
+            dst_path: from.dst_path,
+            ..Default::default()
+        }
+    }
+}
+
 impl From<KernelModule> for agent::KernelModule {
    fn from(from: KernelModule) -> Self {
        Self {
@@ -260,6 +273,7 @@ impl From<CreateContainerRequest> for agent::CreateContainerRequest {
            storages: trans_vec(from.storages),
            OCI: from_option(from.oci),
            sandbox_pidns: from.sandbox_pidns,
+            shared_mounts: trans_vec(from.shared_mounts),
            ..Default::default()
        }
    }
--- a/src/runtime-rs/crates/agent/src/types.rs
+++ b/src/runtime-rs/crates/agent/src/types.rs
@@ -60,6 +60,15 @@ pub struct Storage {
    pub mount_point: String,
 }

+#[derive(PartialEq, Clone, Default)]
+pub struct SharedMount {
+    pub name: String,
+    pub src_ctr: String,
+    pub src_path: String,
+    pub dst_ctr: String,
+    pub dst_path: String,
+}
+
 #[derive(Deserialize, Default, Clone, PartialEq, Eq, Debug, Hash)]
 pub enum IPFamily {
    #[default]
@@ -118,6 +127,7 @@ pub struct CreateContainerRequest {
    pub oci: Option<oci::Spec>,
    pub sandbox_pidns: bool,
    pub rootfs_mounts: Vec<oci::Mount>,
+    pub shared_mounts: Vec<SharedMount>,
 }

 #[derive(PartialEq, Clone, Default)]
--- a/src/runtime-rs/crates/runtimes/virt_container/src/container_manager/container.rs
+++ b/src/runtime-rs/crates/runtimes/virt_container/src/container_manager/container.rs
@@ -17,6 +17,7 @@ use common::{
    },
 };
 use kata_sys_util::k8s::update_ephemeral_storage_type;
+use kata_types::k8s;

 use oci::{LinuxResources, Process as OCIProcess};
 use resource::{ResourceManager, ResourceUpdateOp};
@@ -168,6 +169,21 @@ impl Container {
            linux.resources = resources;
        }

+        let container_name = k8s::container_name(&spec);
+        let mut shared_mounts = Vec::new();
+        for shared_mount in &toml_config.runtime.shared_mounts {
+            if shared_mount.dst_ctr == container_name {
+                let m = agent::types::SharedMount {
+                    name: shared_mount.name.clone(),
+                    src_ctr: shared_mount.src_ctr.clone(),
+                    src_path: shared_mount.src_path.clone(),
+                    dst_ctr: shared_mount.dst_ctr.clone(),
+                    dst_path: shared_mount.dst_path.clone(),
+                };
+                shared_mounts.push(m);
+            }
+        }
+
        // create container
        let r = agent::CreateContainerRequest {
            process_id: agent::ContainerProcessID::new(&config.container_id, ""),
@@ -175,6 +191,7 @@ impl Container {
            oci: Some(spec),
            sandbox_pidns,
            devices: devices_agent,
+            shared_mounts,
            ..Default::default()
        };