github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-27 12:31:23 +00:00
Code Issues Projects Releases Wiki Activity

Add updateCreateConfig.

Browse Source
This commit is contained in:
Dong Liu 2017-05-27 23:06:46 -05:00
parent 9c2309b7cb
commit 6d07fc2f44
4 changed files with 79 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
pkg/kubelet/dockershim/docker_container.go
View File

@ -132,47 +132,12 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeapi
StdinOnce: config.StdinOnce, StdinOnce: config.StdinOnce,
Tty: config.Tty, Tty: config.Tty,
}, },
HostConfig: &dockercontainer.HostConfig{
Binds: generateMountBindings(config.GetMounts()),
},
} }
// Fill the HostConfig. hc := createConfig.HostConfig
hc := &dockercontainer.HostConfig{
Binds: generateMountBindings(config.GetMounts()),
}
// Apply Linux-specific options if applicable.
if lc := config.GetLinux(); lc != nil {
// TODO: Check if the units are correct.
// TODO: Can we assume the defaults are sane?
rOpts := lc.GetResources()
if rOpts != nil {
hc.Resources = dockercontainer.Resources{
Memory: rOpts.MemoryLimitInBytes,
MemorySwap: DefaultMemorySwap(),
CPUShares: rOpts.CpuShares,
CPUQuota: rOpts.CpuQuota,
CPUPeriod: rOpts.CpuPeriod,
}
hc.OomScoreAdj = int(rOpts.OomScoreAdj)
}
// Note: ShmSize is handled in kube_docker_client.go
// Apply security context.
if err = applyContainerSecurityContext(lc, podSandboxID, createConfig.Config, hc, securityOptSep); err != nil {
return "", fmt.Errorf("failed to apply container security context for container %q: %v", config.Metadata.Name, err)
}
modifyPIDNamespaceOverrides(ds.disableSharedPID, apiVersion, hc)
}
// Apply cgroupsParent derived from the sandbox config.
if lc := sandboxConfig.GetLinux(); lc != nil {
// Apply Cgroup options.
cgroupParent, err := ds.GenerateExpectedCgroupParent(lc.CgroupParent)
if err != nil {
return "", fmt.Errorf("failed to generate cgroup parent in expected syntax for container %q: %v", config.Metadata.Name, err)
}
hc.CgroupParent = cgroupParent
}
// Set devices for container. // Set devices for container.
devices := make([]dockercontainer.DeviceMapping, len(config.Devices)) devices := make([]dockercontainer.DeviceMapping, len(config.Devices))
for i, device := range config.Devices { for i, device := range config.Devices {
@ -183,6 +148,7 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeapi
} }
} }
hc.Resources.Devices = devices hc.Resources.Devices = devices
ds.updateCreateConfig(&createConfig, config, sandboxConfig, podSandboxID, securityOptSep, apiVersion)
securityOpts, err := ds.getSecurityOpts(config.Metadata.Name, sandboxConfig, securityOptSep) securityOpts, err := ds.getSecurityOpts(config.Metadata.Name, sandboxConfig, securityOptSep)
if err != nil { if err != nil {
@ -190,7 +156,7 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeapi
} }
hc.SecurityOpt = append(hc.SecurityOpt, securityOpts...) hc.SecurityOpt = append(hc.SecurityOpt, securityOpts...)
createConfig.HostConfig = hc
createResp, err := ds.client.CreateContainer(createConfig) createResp, err := ds.client.CreateContainer(createConfig)
if err != nil { if err != nil {
createResp, err = recoverFromCreationConflictIfNeeded(ds.client, createConfig, err) createResp, err = recoverFromCreationConflictIfNeeded(ds.client, createConfig, err)

45
pkg/kubelet/dockershim/helpers_linux.go
View File

@ -21,6 +21,9 @@ package dockershim
import ( import (
"fmt" "fmt"
"github.com/blang/semver"
dockertypes "github.com/docker/engine-api/types"
dockercontainer "github.com/docker/engine-api/types/container"
runtimeapi "k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1" runtimeapi "k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1"
) )
@ -37,3 +40,45 @@ func (ds *dockerService) getSecurityOpts(containerName string, sandboxConfig *ru
return seccompSecurityOpts, nil return seccompSecurityOpts, nil
} }
func (ds *dockerService) updateCreateConfig(
createConfig *dockertypes.ContainerCreateConfig,
config *runtimeapi.ContainerConfig,
sandboxConfig *runtimeapi.PodSandboxConfig,
podSandboxID string, securityOptSep rune, apiVersion *semver.Version) error {
// Apply Linux-specific options if applicable.
if lc := config.GetLinux(); lc != nil {
// TODO: Check if the units are correct.
// TODO: Can we assume the defaults are sane?
rOpts := lc.GetResources()
if rOpts != nil {
createConfig.HostConfig.Resources = dockercontainer.Resources{
Memory: rOpts.MemoryLimitInBytes,
MemorySwap: DefaultMemorySwap(),
CPUShares: rOpts.CpuShares,
CPUQuota: rOpts.CpuQuota,
CPUPeriod: rOpts.CpuPeriod,
}
createConfig.HostConfig.OomScoreAdj = int(rOpts.OomScoreAdj)
}
// Note: ShmSize is handled in kube_docker_client.go
// Apply security context.
if err := applyContainerSecurityContext(lc, podSandboxID, createConfig.Config, createConfig.HostConfig, securityOptSep); err != nil {
return fmt.Errorf("failed to apply container security context for container %q: %v", config.Metadata.Name, err)
}
modifyPIDNamespaceOverrides(ds.disableSharedPID, apiVersion, createConfig.HostConfig)
}
// Apply cgroupsParent derived from the sandbox config.
if lc := sandboxConfig.GetLinux(); lc != nil {
// Apply Cgroup options.
cgroupParent, err := ds.GenerateExpectedCgroupParent(lc.CgroupParent)
if err != nil {
return fmt.Errorf("failed to generate cgroup parent in expected syntax for container %q: %v", config.Metadata.Name, err)
}
createConfig.HostConfig.CgroupParent = cgroupParent
}
return nil
}

11
pkg/kubelet/dockershim/helpers_unsupported.go
View File

@ -19,6 +19,8 @@ limitations under the License.
package dockershim package dockershim
import ( import (
"github.com/blang/semver"
dockertypes "github.com/docker/engine-api/types"
"github.com/golang/glog" "github.com/golang/glog"
runtimeapi "k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1" runtimeapi "k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1"
) )
@ -31,3 +33,12 @@ func (ds *dockerService) getSecurityOpts(containerName string, sandboxConfig *ru
glog.Warningf("getSecurityOpts is unsupported in this build") glog.Warningf("getSecurityOpts is unsupported in this build")
return nil, nil return nil, nil
} }
func (ds *dockerService) updateCreateConfig(
createConfig *dockertypes.ContainerCreateConfig,
config *runtimeapi.ContainerConfig,
sandboxConfig *runtimeapi.PodSandboxConfig,
podSandboxID string, securityOptSep rune, apiVersion *semver.Version) error {
glog.Warningf("updateCreateConfig is unsupported in this build")
return nil
}

17
pkg/kubelet/dockershim/helpers_windows.go
View File

@ -19,6 +19,11 @@ limitations under the License.
package dockershim package dockershim
import ( import (
"os"
"github.com/blang/semver"
dockertypes "github.com/docker/engine-api/types"
dockercontainer "github.com/docker/engine-api/types/container"
"github.com/golang/glog" "github.com/golang/glog"
"k8s.io/kubernetes/pkg/api/v1" "k8s.io/kubernetes/pkg/api/v1"
runtimeapi "k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1" runtimeapi "k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1"
@ -43,3 +48,15 @@ func (ds *dockerService) getSecurityOpts(containerName string, sandboxConfig *ru
return nil, nil return nil, nil
} }
func (ds *dockerService) updateCreateConfig(
createConfig *dockertypes.ContainerCreateConfig,
config *runtimeapi.ContainerConfig,
sandboxConfig *runtimeapi.PodSandboxConfig,
podSandboxID string, securityOptSep rune, apiVersion *semver.Version) error {
if networkMode := os.Getenv("CONTAINER_NETWORK"); networkMode != "" {
createConfig.HostConfig.NetworkMode = dockercontainer.NetworkMode(networkMode)
}
return nil
}