github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-13 22:05:59 +00:00
Code Issues Projects Releases Wiki Activity

cri-api: fix comment lines about PROPAGATION_PRIVATE

Browse Source 
The current CRI implementations treat `PROPAGATION_PRIVATE` as "rprivate", not "private":
- https://github.com/containerd/containerd/blob/v1.6.16/pkg/cri/opts/spec_linux.go#L181
- https://github.com/cri-o/cri-o/blob/v1.26.1/server/container_create_linux.go#L982

However, this is not always true for cri-dockerd, which treats `PROPAGATION_PRIVATE` as
noop and lets dockerd use its default propagation mode:
- https://github.com/Mirantis/cri-dockerd/blob/v0.3.1/libdocker/helpers.go#L235-L236
  (The "private is default" comment in L236 is inaccurate)

dockerd's default propagation mode is "rprivate" for most cases, but dockerd changes
its default propagation mode to "rslave" when the mount source contains the daemon root
(`/var/lib/docker`):
- https://github.com/moby/moby/blob/v20.10.23/volume/mounts/linux_parser.go#L145
- https://github.com/moby/moby/blob/v20.10.23/daemon/volumes.go#L137-L143
- https://github.com/moby/moby/blob/v20.10.23/daemon/volumes_linux.go#L11-L36

This behavior was introduced in Docker 18.03 (moby/moby PR 36055).

Related:
- kubernetes/website PR 39385
- Mirantis/cri-dockerd PR 159

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
This commit is contained in:
Akihiro Suda 2023-02-12 00:50:34 +09:00
parent 3cf9f66e90
commit af95a76bb2
No known key found for this signature in database
GPG Key ID: 49524C6F9F638F1A
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.pb.go
View File

@ -77,7 +77,7 @@ func (Protocol) EnumDescriptor() ([]byte, []int) {
type MountPropagation int32
const (
// No mount propagation ("private" in Linux terminology).
// No mount propagation ("rprivate" in Linux terminology).
MountPropagation_PROPAGATION_PRIVATE MountPropagation = 0
// Mounts get propagated from the host to the container ("rslave" in Linux).
MountPropagation_PROPAGATION_HOST_TO_CONTAINER MountPropagation = 1

2
staging/src/k8s.io/cri-api/pkg/apis/runtime/v1/api.proto
View File

@ -199,7 +199,7 @@ message PortMapping {
}
enum MountPropagation {
// No mount propagation ("private" in Linux terminology).
// No mount propagation ("rprivate" in Linux terminology).
PROPAGATION_PRIVATE = 0;
// Mounts get propagated from the host to the container ("rslave" in Linux).
PROPAGATION_HOST_TO_CONTAINER = 1;