From 2b4956c20832eb6a8d5cfa369e64e1029e9a291a Mon Sep 17 00:00:00 2001 From: Pengfei Ni Date: Fri, 12 May 2017 15:41:27 +0800 Subject: [PATCH] dockershim: get sysctls from sandbox config instead of annotations --- pkg/kubelet/dockershim/BUILD | 1 - pkg/kubelet/dockershim/docker_sandbox.go | 10 ++---- pkg/kubelet/dockershim/helpers.go | 22 ------------- pkg/kubelet/dockershim/helpers_test.go | 40 ------------------------ 4 files changed, 3 insertions(+), 70 deletions(-) diff --git a/pkg/kubelet/dockershim/BUILD b/pkg/kubelet/dockershim/BUILD index 83cfe97c64c..b4a0f96d720 100644 --- a/pkg/kubelet/dockershim/BUILD +++ b/pkg/kubelet/dockershim/BUILD @@ -30,7 +30,6 @@ go_library( tags = ["automanaged"], deps = [ "//pkg/api/v1:go_default_library", - "//pkg/api/v1/helper:go_default_library", "//pkg/apis/componentconfig:go_default_library", "//pkg/client/unversioned/remotecommand:go_default_library", "//pkg/kubelet/apis/cri:go_default_library", diff --git a/pkg/kubelet/dockershim/docker_sandbox.go b/pkg/kubelet/dockershim/docker_sandbox.go index d89e1e0ea4a..22f0dea9c8d 100644 --- a/pkg/kubelet/dockershim/docker_sandbox.go +++ b/pkg/kubelet/dockershim/docker_sandbox.go @@ -477,6 +477,9 @@ func (ds *dockerService) applySandboxLinuxOptions(hc *dockercontainer.HostConfig return err } + // Set sysctls. + hc.Sysctls = lc.Sysctls + return nil } @@ -508,13 +511,6 @@ func (ds *dockerService) makeSandboxDockerConfig(c *runtimeapi.PodSandboxConfig, HostConfig: hc, } - // Set sysctls if requested - sysctls, err := getSysctlsFromAnnotations(c.Annotations) - if err != nil { - return nil, fmt.Errorf("failed to get sysctls from annotations %v for sandbox %q: %v", c.Annotations, c.Metadata.Name, err) - } - hc.Sysctls = sysctls - // Apply linux-specific options. if lc := c.GetLinux(); lc != nil { if err := ds.applySandboxLinuxOptions(hc, lc, createConfig, image, securityOptSep); err != nil { diff --git a/pkg/kubelet/dockershim/helpers.go b/pkg/kubelet/dockershim/helpers.go index 51339d9236e..bb4acd53cbc 100644 --- a/pkg/kubelet/dockershim/helpers.go +++ b/pkg/kubelet/dockershim/helpers.go @@ -34,7 +34,6 @@ import ( "github.com/golang/glog" "k8s.io/kubernetes/pkg/api/v1" - v1helper "k8s.io/kubernetes/pkg/api/v1/helper" runtimeapi "k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1" "k8s.io/kubernetes/pkg/kubelet/types" "k8s.io/kubernetes/pkg/security/apparmor" @@ -274,27 +273,6 @@ func getNetworkNamespace(c *dockertypes.ContainerJSON) string { return fmt.Sprintf(dockerNetNSFmt, c.State.Pid) } -// getSysctlsFromAnnotations gets sysctls from annotations. -func getSysctlsFromAnnotations(annotations map[string]string) (map[string]string, error) { - var results map[string]string - - sysctls, unsafeSysctls, err := v1helper.SysctlsFromPodAnnotations(annotations) - if err != nil { - return nil, err - } - if len(sysctls)+len(unsafeSysctls) > 0 { - results = make(map[string]string, len(sysctls)+len(unsafeSysctls)) - for _, c := range sysctls { - results[c.Name] = c.Value - } - for _, c := range unsafeSysctls { - results[c.Name] = c.Value - } - } - - return results, nil -} - // dockerFilter wraps around dockerfilters.Args and provides methods to modify // the filter easily. type dockerFilter struct { diff --git a/pkg/kubelet/dockershim/helpers_test.go b/pkg/kubelet/dockershim/helpers_test.go index dd0eeb1ec71..19ca1c48a95 100644 --- a/pkg/kubelet/dockershim/helpers_test.go +++ b/pkg/kubelet/dockershim/helpers_test.go @@ -175,46 +175,6 @@ func TestGetApparmorSecurityOpts(t *testing.T) { } } -// TestGetSystclsFromAnnotations tests the logic of getting sysctls from annotations. -func TestGetSystclsFromAnnotations(t *testing.T) { - tests := []struct { - annotations map[string]string - expectedSysctls map[string]string - }{{ - annotations: map[string]string{ - v1.SysctlsPodAnnotationKey: "kernel.shmmni=32768,kernel.shmmax=1000000000", - v1.UnsafeSysctlsPodAnnotationKey: "knet.ipv4.route.min_pmtu=1000", - }, - expectedSysctls: map[string]string{ - "kernel.shmmni": "32768", - "kernel.shmmax": "1000000000", - "knet.ipv4.route.min_pmtu": "1000", - }, - }, { - annotations: map[string]string{ - v1.SysctlsPodAnnotationKey: "kernel.shmmni=32768,kernel.shmmax=1000000000", - }, - expectedSysctls: map[string]string{ - "kernel.shmmni": "32768", - "kernel.shmmax": "1000000000", - }, - }, { - annotations: map[string]string{ - v1.UnsafeSysctlsPodAnnotationKey: "knet.ipv4.route.min_pmtu=1000", - }, - expectedSysctls: map[string]string{ - "knet.ipv4.route.min_pmtu": "1000", - }, - }} - - for i, test := range tests { - actual, err := getSysctlsFromAnnotations(test.annotations) - assert.NoError(t, err, "TestCase[%d]", i) - assert.Len(t, actual, len(test.expectedSysctls), "TestCase[%d]", i) - assert.Equal(t, test.expectedSysctls, actual, "TestCase[%d]", i) - } -} - // TestGetUserFromImageUser tests the logic of getting image uid or user name of image user. func TestGetUserFromImageUser(t *testing.T) { newI64 := func(i int64) *int64 { return &i }