github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-23 11:50:44 +00:00
Code Issues Projects Releases Wiki Activity

Add experimental hyperv containers support on Windows

Browse Source
This commit is contained in:
Pengfei Ni 2018-01-30 09:33:48 +08:00
parent 8d9a9dcaf2
commit cabd2bb619
4 changed files with 47 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/kubelet/dockershim/docker_sandbox.go
View File

@ -587,6 +587,8 @@ func (ds *dockerService) makeSandboxDockerConfig(c *runtimeapi.PodSandboxConfig,
return nil, fmt.Errorf("failed to generate sandbox security options for sandbox %q: %v", c.Metadata.Name, err) return nil, fmt.Errorf("failed to generate sandbox security options for sandbox %q: %v", c.Metadata.Name, err)
} }
hc.SecurityOpt = append(hc.SecurityOpt, securityOpts...) hc.SecurityOpt = append(hc.SecurityOpt, securityOpts...)
applyExperimentalCreateConfig(createConfig, c.Annotations)
return createConfig, nil return createConfig, nil
} }

4
pkg/kubelet/dockershim/helpers_linux.go
View File

@ -145,3 +145,7 @@ func getNetworkNamespace(c *dockertypes.ContainerJSON) (string, error) {
} }
return fmt.Sprintf(dockerNetNSFmt, c.State.Pid), nil return fmt.Sprintf(dockerNetNSFmt, c.State.Pid), nil
} }
// applyExperimentalCreateConfig applys experimental configures from sandbox annotations.
func applyExperimentalCreateConfig(createConfig *dockertypes.ContainerCreateConfig, annotations map[string]string) {
}

4
pkg/kubelet/dockershim/helpers_unsupported.go
View File

@ -53,3 +53,7 @@ func (ds *dockerService) determinePodIPBySandboxID(uid string) string {
func getNetworkNamespace(c *dockertypes.ContainerJSON) (string, error) { func getNetworkNamespace(c *dockertypes.ContainerJSON) (string, error) {
return "", fmt.Errorf("unsupported platform") return "", fmt.Errorf("unsupported platform")
} }
// applyExperimentalCreateConfig applys experimental configures from sandbox annotations.
func applyExperimentalCreateConfig(createConfig *dockertypes.ContainerCreateConfig, annotations map[string]string) {
}

40
pkg/kubelet/dockershim/helpers_windows.go
View File

@ -29,6 +29,13 @@ import (
runtimeapi "k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime" runtimeapi "k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime"
) )
const (
hypervIsolationAnnotationKey = "experimental.windows.kubernetes.io/isolation-type"
// Refer https://aka.ms/hyperv-container.
hypervIsolation = "hyperv"
)
func DefaultMemorySwap() int64 { func DefaultMemorySwap() int64 {
return 0 return 0
} }
@ -40,6 +47,22 @@ func (ds *dockerService) getSecurityOpts(seccompProfile string, separator rune)
return nil, nil return nil, nil
} }
func shouldIsolatedByHyperV(annotations map[string]string) bool {
v, ok := annotations[hypervIsolationAnnotationKey]
return ok && v == hypervIsolation
}
// applyExperimentalCreateConfig applys experimental configures from sandbox annotations.
func applyExperimentalCreateConfig(createConfig *dockertypes.ContainerCreateConfig, annotations map[string]string) {
if shouldIsolatedByHyperV(annotations) {
createConfig.HostConfig.Isolation = hypervIsolation
if networkMode := os.Getenv("CONTAINER_NETWORK"); networkMode == "" {
createConfig.HostConfig.NetworkMode = dockercontainer.NetworkMode("none")
}
}
}
func (ds *dockerService) updateCreateConfig( func (ds *dockerService) updateCreateConfig(
createConfig *dockertypes.ContainerCreateConfig, createConfig *dockertypes.ContainerCreateConfig,
config *runtimeapi.ContainerConfig, config *runtimeapi.ContainerConfig,
@ -47,11 +70,13 @@ func (ds *dockerService) updateCreateConfig(
podSandboxID string, securityOptSep rune, apiVersion *semver.Version) error { podSandboxID string, securityOptSep rune, apiVersion *semver.Version) error {
if networkMode := os.Getenv("CONTAINER_NETWORK"); networkMode != "" { if networkMode := os.Getenv("CONTAINER_NETWORK"); networkMode != "" {
createConfig.HostConfig.NetworkMode = dockercontainer.NetworkMode(networkMode) createConfig.HostConfig.NetworkMode = dockercontainer.NetworkMode(networkMode)
} else { } else if !shouldIsolatedByHyperV(sandboxConfig.Annotations) {
// Todo: Refactor this call in future for calling methods directly in security_context.go // Todo: Refactor this call in future for calling methods directly in security_context.go
modifyHostNetworkOptionForContainer(false, podSandboxID, createConfig.HostConfig) modifyHostNetworkOptionForContainer(false, podSandboxID, createConfig.HostConfig)
} }
applyExperimentalCreateConfig(createConfig, sandboxConfig.Annotations)
return nil return nil
} }
@ -87,8 +112,17 @@ func (ds *dockerService) determinePodIPBySandboxID(sandboxID string) string {
// Todo: Add a kernel version check for more validation // Todo: Add a kernel version check for more validation
if networkMode := os.Getenv("CONTAINER_NETWORK"); networkMode == "" { if networkMode := os.Getenv("CONTAINER_NETWORK"); networkMode == "" {
// Do not return any IP, so that we would continue and get the IP of the Sandbox if r.HostConfig.Isolation == hypervIsolation {
ds.getIP(sandboxID, r) // Hyper-V only supports one container per Pod yet and the container will have a different
// IP address from sandbox. Return the first non-sandbox container IP as POD IP.
// TODO(feiskyer): remove this workaround after Hyper-V supports multiple containers per Pod.
if containerIP := ds.getIP(c.ID, r); containerIP != "" {
return containerIP
}
} else {
// Do not return any IP, so that we would continue and get the IP of the Sandbox
ds.getIP(sandboxID, r)
}
} else { } else {
// On Windows, every container that is created in a Sandbox, needs to invoke CNI plugin again for adding the Network, // On Windows, every container that is created in a Sandbox, needs to invoke CNI plugin again for adding the Network,
// with the shared container name as NetNS info, // with the shared container name as NetNS info,