runtime: support different cri container type check

To support handle image-guest-pull block volume from different CRIs, including cri-o and containerd. Signed-off-by: ChengyuZhu6 <chengyu.zhu@intel.com>
2025-06-28 16:27:50 +00:00 · 2023-11-27 13:48:00 +08:00 · 2023-11-27 13:48:00 +08:00 · ba242b0198
commit ba242b0198
parent 874d83b510
2 changed files with 64 additions and 15 deletions
--- a/src/agent/src/image.rs
+++ b/src/agent/src/image.rs
@ -26,6 +26,11 @@ const KATA_IMAGE_WORK_DIR: &str = "/run/kata-containers/image/";
 const CONFIG_JSON: &str = "config.json";
 const KATA_PAUSE_BUNDLE: &str = "/pause_bundle";

+const K8S_CONTAINER_TYPE_KEYS: [&str; 2] = [
+    "io.kubernetes.cri.container-type",
+    "io.kubernetes.cri-o.ContainerType",
+];
+
 #[rustfmt::skip]
 lazy_static! {
    pub static ref IMAGE_SERVICE: Mutex<Option<ImageService>> = Mutex::new(None);
@ -130,6 +135,25 @@ impl ImageService {
        info!(sl(), "image metadata: {image_metadata:?}");
        Self::set_proxy_env_vars();

+        //Check whether the image is for sandbox or for container.
+        let mut is_sandbox = false;
+        for key in K8S_CONTAINER_TYPE_KEYS.iter() {
+            if let Some(value) = image_metadata.get(key as &str) {
+                if value == "sandbox" {
+                    is_sandbox = true;
+                    break;
+                }
+            }
+        }
+
+        if is_sandbox {
+            let mount_path = Self::unpack_pause_image(cid, "pause")?;
+            self.add_image(String::from(image), String::from(cid)).await;
+            return Ok(mount_path);
+        }
+
+        // Image layers will store at KATA_IMAGE_WORK_DIR, generated bundles
+        // with rootfs and config.json will store under CONTAINER_BASE/cid/images.
        let bundle_base_dir = scoped_join(CONTAINER_BASE, cid)?;
        fs::create_dir_all(&bundle_base_dir)?;
        let bundle_path = scoped_join(&bundle_base_dir, "images")?;
--- a/src/runtime/virtcontainers/kata_agent.go
+++ b/src/runtime/virtcontainers/kata_agent.go
@ -36,6 +36,8 @@ import (

 	"context"

+	ctrAnnotations "github.com/containerd/containerd/pkg/cri/annotations"
+	podmanAnnotations "github.com/containers/podman/v4/pkg/annotations"
 	"github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/opencontainers/selinux/go-selinux"
 	"github.com/sirupsen/logrus"
@ -1580,25 +1582,48 @@ func handleBlockVolume(c *Container, device api.Device) (*grpc.Storage, error) {
 	return vol, nil
 }

+// getContainerTypeforCRI get container type from different CRI annotations
+func getContainerTypeforCRI(c *Container) (string, string) {
+
+	// CRIContainerTypeKeyList lists all the CRI keys that could define
+	// the container type from annotations in the config.json.
+	CRIContainerTypeKeyList := []string{ctrAnnotations.ContainerType, podmanAnnotations.ContainerType}
+	containerType := c.config.Annotations[vcAnnotations.ContainerTypeKey]
+	for _, key := range CRIContainerTypeKeyList {
+		_, ok := c.config.CustomSpec.Annotations[key]
+		if ok {
+			return containerType, key
+		}
+	}
+	return "", ""
+}
+
 func handleImageGuestPullBlockVolume(c *Container, virtualVolumeInfo *types.KataVirtualVolume, vol *grpc.Storage) (*grpc.Storage, error) {
 	container_annotations := c.GetAnnotations()
-	container_type := container_annotations["io.kubernetes.cri.container-type"]
-	if virtualVolumeInfo.Source == "" {
-		var image_ref string
-		if container_type == "sandbox" {
-			image_ref = "pause"
-		} else {
-			image_ref = container_annotations["io.kubernetes.cri.image-name"]
-			if image_ref == "" {
-				return nil, fmt.Errorf("Failed to get image name from annotations")
-			}
-		}
-		virtualVolumeInfo.Source = image_ref
+	containerType, criContainerType := getContainerTypeforCRI(c)

-		//merge virtualVolumeInfo.ImagePull.Metadata and container_annotations
-		for k, v := range container_annotations {
-			virtualVolumeInfo.ImagePull.Metadata[k] = v
+	var image_ref string
+	if containerType == string(PodSandbox) {
+		image_ref = "pause"
+	} else {
+		switch criContainerType {
+		case ctrAnnotations.ContainerType:
+			image_ref = container_annotations["io.kubernetes.cri.image-name"]
+		case podmanAnnotations.ContainerType:
+			image_ref = container_annotations["io.kubernetes.cri-o.ImageName"]
+		default:
+			image_ref = ""
 		}
+
+		if image_ref == "" {
+			return nil, fmt.Errorf("Failed to get image name from annotations")
+		}
+	}
+	virtualVolumeInfo.Source = image_ref
+
+	//merge virtualVolumeInfo.ImagePull.Metadata and container_annotations
+	for k, v := range container_annotations {
+		virtualVolumeInfo.ImagePull.Metadata[k] = v
 	}

 	no, err := json.Marshal(virtualVolumeInfo.ImagePull)