diff --git a/src/agent/src/image.rs b/src/agent/src/image.rs index cc6952bbb5..a186f4b653 100644 --- a/src/agent/src/image.rs +++ b/src/agent/src/image.rs @@ -26,6 +26,11 @@ const KATA_IMAGE_WORK_DIR: &str = "/run/kata-containers/image/"; const CONFIG_JSON: &str = "config.json"; const KATA_PAUSE_BUNDLE: &str = "/pause_bundle"; +const K8S_CONTAINER_TYPE_KEYS: [&str; 2] = [ + "io.kubernetes.cri.container-type", + "io.kubernetes.cri-o.ContainerType", +]; + #[rustfmt::skip] lazy_static! { pub static ref IMAGE_SERVICE: Mutex> = Mutex::new(None); @@ -130,6 +135,25 @@ impl ImageService { info!(sl(), "image metadata: {image_metadata:?}"); Self::set_proxy_env_vars(); + //Check whether the image is for sandbox or for container. + let mut is_sandbox = false; + for key in K8S_CONTAINER_TYPE_KEYS.iter() { + if let Some(value) = image_metadata.get(key as &str) { + if value == "sandbox" { + is_sandbox = true; + break; + } + } + } + + if is_sandbox { + let mount_path = Self::unpack_pause_image(cid, "pause")?; + self.add_image(String::from(image), String::from(cid)).await; + return Ok(mount_path); + } + + // Image layers will store at KATA_IMAGE_WORK_DIR, generated bundles + // with rootfs and config.json will store under CONTAINER_BASE/cid/images. let bundle_base_dir = scoped_join(CONTAINER_BASE, cid)?; fs::create_dir_all(&bundle_base_dir)?; let bundle_path = scoped_join(&bundle_base_dir, "images")?; diff --git a/src/runtime/virtcontainers/kata_agent.go b/src/runtime/virtcontainers/kata_agent.go index 59e7bed65d..2de9297da9 100644 --- a/src/runtime/virtcontainers/kata_agent.go +++ b/src/runtime/virtcontainers/kata_agent.go @@ -36,6 +36,8 @@ import ( "context" + ctrAnnotations "github.com/containerd/containerd/pkg/cri/annotations" + podmanAnnotations "github.com/containers/podman/v4/pkg/annotations" "github.com/opencontainers/runtime-spec/specs-go" "github.com/opencontainers/selinux/go-selinux" "github.com/sirupsen/logrus" @@ -1580,25 +1582,48 @@ func handleBlockVolume(c *Container, device api.Device) (*grpc.Storage, error) { return vol, nil } +// getContainerTypeforCRI get container type from different CRI annotations +func getContainerTypeforCRI(c *Container) (string, string) { + + // CRIContainerTypeKeyList lists all the CRI keys that could define + // the container type from annotations in the config.json. + CRIContainerTypeKeyList := []string{ctrAnnotations.ContainerType, podmanAnnotations.ContainerType} + containerType := c.config.Annotations[vcAnnotations.ContainerTypeKey] + for _, key := range CRIContainerTypeKeyList { + _, ok := c.config.CustomSpec.Annotations[key] + if ok { + return containerType, key + } + } + return "", "" +} + func handleImageGuestPullBlockVolume(c *Container, virtualVolumeInfo *types.KataVirtualVolume, vol *grpc.Storage) (*grpc.Storage, error) { container_annotations := c.GetAnnotations() - container_type := container_annotations["io.kubernetes.cri.container-type"] - if virtualVolumeInfo.Source == "" { - var image_ref string - if container_type == "sandbox" { - image_ref = "pause" - } else { - image_ref = container_annotations["io.kubernetes.cri.image-name"] - if image_ref == "" { - return nil, fmt.Errorf("Failed to get image name from annotations") - } - } - virtualVolumeInfo.Source = image_ref + containerType, criContainerType := getContainerTypeforCRI(c) - //merge virtualVolumeInfo.ImagePull.Metadata and container_annotations - for k, v := range container_annotations { - virtualVolumeInfo.ImagePull.Metadata[k] = v + var image_ref string + if containerType == string(PodSandbox) { + image_ref = "pause" + } else { + switch criContainerType { + case ctrAnnotations.ContainerType: + image_ref = container_annotations["io.kubernetes.cri.image-name"] + case podmanAnnotations.ContainerType: + image_ref = container_annotations["io.kubernetes.cri-o.ImageName"] + default: + image_ref = "" } + + if image_ref == "" { + return nil, fmt.Errorf("Failed to get image name from annotations") + } + } + virtualVolumeInfo.Source = image_ref + + //merge virtualVolumeInfo.ImagePull.Metadata and container_annotations + for k, v := range container_annotations { + virtualVolumeInfo.ImagePull.Metadata[k] = v } no, err := json.Marshal(virtualVolumeInfo.ImagePull)