From 91616f666af9d9d1ad3ad5f1186864536af00f1c Mon Sep 17 00:00:00 2001
From: Pengfei Ni <feiskyer@gmail.com>
Date: Wed, 15 Mar 2017 09:28:06 +0800
Subject: [PATCH] kubelet: check and enforce minimum docker api version

---
 pkg/kubelet/dockershim/docker_service.go | 32 ++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/pkg/kubelet/dockershim/docker_service.go b/pkg/kubelet/dockershim/docker_service.go
index f48d8b1972f..f38292898d7 100644
--- a/pkg/kubelet/dockershim/docker_service.go
+++ b/pkg/kubelet/dockershim/docker_service.go
@@ -47,6 +47,10 @@ const (
 	dockerRuntimeName = "docker"
 	kubeAPIVersion    = "0.1.0"
 
+	// https://docs.docker.com/engine/reference/api/docker_remote_api/
+	// docker version should be at least 1.10.x
+	minimumDockerAPIVersion = "1.22.0"
+
 	// String used to detect docker host mode for various namespaces (e.g.
 	// networking). Must match the value returned by docker inspect -f
 	// '{{.HostConfig.NetworkMode}}'.
@@ -164,6 +168,13 @@ func NewDockerService(client dockertools.DockerInterface, seccompProfileRoot str
 		containerManager:  cm.NewContainerManager(cgroupsName, client),
 		checkpointHandler: checkpointHandler,
 	}
+
+	// check docker version compatibility.
+	if err = ds.checkVersionCompatibility(); err != nil {
+		return nil, err
+	}
+
+	// create streaming server if configured.
 	if streamingConfig != nil {
 		var err error
 		ds.streamingServer, err = streaming.NewServer(*streamingConfig, ds.streamingRuntime)
@@ -379,6 +390,27 @@ func (ds *dockerService) GenerateExpectedCgroupParent(cgroupParent string) (stri
 	return cgroupParent, nil
 }
 
+// checkVersionCompatibility verifies whether docker is in a compatible version.
+func (ds *dockerService) checkVersionCompatibility() error {
+	apiVersion, err := ds.getDockerAPIVersion()
+	if err != nil {
+		return err
+	}
+
+	minAPIVersion, err := semver.Parse(minimumDockerAPIVersion)
+	if err != nil {
+		return err
+	}
+
+	// Verify the docker version.
+	result := apiVersion.Compare(minAPIVersion)
+	if result < 0 {
+		return fmt.Errorf("docker API version is older than %s", minimumDockerAPIVersion)
+	}
+
+	return nil
+}
+
 // getDockerAPIVersion gets the semver-compatible docker api version.
 func (ds *dockerService) getDockerAPIVersion() (*semver.Version, error) {
 	var dv *dockertypes.Version