Merge pull request #40190 from yujuhong/nsenter_exec

Automatic merge from submit-queue (batch tested with PRs 40168, 40165, 39158, 39966, 40190)

dockershim: add support for the 'nsenter' exec handler

This change simply plumbs the kubelet configuration
(--docker-exec-handler) to DockerService.

This fixes #35747.

pkg/kubelet/dockershim/docker_service.go

@@ -101,7 +101,7 @@ var internalLabelKeys []string = []string{containerTypeLabelKey, containerLogPat
 
 // NOTE: Anything passed to DockerService should be eventually handled in another way when we switch to running the shim as a different process.
 func NewDockerService(client dockertools.DockerInterface, seccompProfileRoot string, podSandboxImage string, streamingConfig *streaming.Config,
-	pluginSettings *NetworkPluginSettings, cgroupsName string, kubeCgroupDriver string) (DockerService, error) {
+	pluginSettings *NetworkPluginSettings, cgroupsName string, kubeCgroupDriver string, execHandler dockertools.ExecHandler) (DockerService, error) {
 	c := dockertools.NewInstrumentedDockerInterface(client)
 	ds := &dockerService{
 		seccompProfileRoot: seccompProfileRoot,
@@ -109,10 +109,8 @@ func NewDockerService(client dockertools.DockerInterface, seccompProfileRoot str
 		os:                 kubecontainer.RealOS{},
 		podSandboxImage:    podSandboxImage,
 		streamingRuntime: &streamingRuntime{
-			client: client,
-			// Only the native exec handling is supported for now.
-			// TODO(#35747) - Either deprecate nsenter exec handling, or add support for it here.
-			execHandler: &dockertools.NativeExecHandler{},
+			client:      client,
+			execHandler: execHandler,
 		},
 		containerManager: cm.NewContainerManager(cgroupsName, client),
 	}

pkg/kubelet/kubelet.go

@@ -551,7 +551,7 @@ func NewMainKubelet(kubeCfg *componentconfig.KubeletConfiguration, kubeDeps *Kub
 			streamingConfig := getStreamingConfig(kubeCfg, kubeDeps)
 			// Use the new CRI shim for docker.
 			ds, err := dockershim.NewDockerService(klet.dockerClient, kubeCfg.SeccompProfileRoot, kubeCfg.PodInfraContainerImage,
-				streamingConfig, &pluginSettings, kubeCfg.RuntimeCgroups, kubeCfg.CgroupDriver)
+				streamingConfig, &pluginSettings, kubeCfg.RuntimeCgroups, kubeCfg.CgroupDriver, dockerExecHandler)
 			if err != nil {
 				return nil, err
 			}