diff --git a/pkg/kubelet/dockershim/BUILD b/pkg/kubelet/dockershim/BUILD index f661e0f9338..5eb438371a7 100644 --- a/pkg/kubelet/dockershim/BUILD +++ b/pkg/kubelet/dockershim/BUILD @@ -49,7 +49,6 @@ go_library( "//vendor:github.com/docker/engine-api/types/versions", "//vendor:github.com/docker/go-connections/nat", "//vendor:github.com/golang/glog", - "//vendor:github.com/golang/protobuf/proto", ], ) diff --git a/pkg/kubelet/dockershim/convert.go b/pkg/kubelet/dockershim/convert.go index 7d067536538..c8de3df417a 100644 --- a/pkg/kubelet/dockershim/convert.go +++ b/pkg/kubelet/dockershim/convert.go @@ -43,10 +43,10 @@ func imageToRuntimeAPIImage(image *dockertypes.Image) (*runtimeapi.Image, error) size := uint64(image.VirtualSize) return &runtimeapi.Image{ - Id: &image.ID, + Id: image.ID, RepoTags: image.RepoTags, RepoDigests: image.RepoDigests, - Size_: &size, + Size_: size, }, nil } @@ -57,13 +57,17 @@ func imageInspectToRuntimeAPIImage(image *dockertypes.ImageInspect) (*runtimeapi size := uint64(image.VirtualSize) runtimeImage := &runtimeapi.Image{ - Id: &image.ID, + Id: image.ID, RepoTags: image.RepoTags, RepoDigests: image.RepoDigests, - Size_: &size, + Size_: size, } - runtimeImage.Uid, runtimeImage.Username = getUserFromImageUser(image.Config.User) + uid, username := getUserFromImageUser(image.Config.User) + if uid != nil { + runtimeImage.Uid = &runtimeapi.Int64Value{Value: *uid} + } + runtimeImage.Username = username return runtimeImage, nil } @@ -91,13 +95,13 @@ func toRuntimeAPIContainer(c *dockertypes.Container) (*runtimeapi.Container, err // The timestamp in dockertypes.Container is in seconds. createdAt := c.Created * int64(time.Second) return &runtimeapi.Container{ - Id: &c.ID, - PodSandboxId: &sandboxID, + Id: c.ID, + PodSandboxId: sandboxID, Metadata: metadata, - Image: &runtimeapi.ImageSpec{Image: &c.Image}, - ImageRef: &c.ImageID, - State: &state, - CreatedAt: &createdAt, + Image: &runtimeapi.ImageSpec{Image: c.Image}, + ImageRef: c.ImageID, + State: state, + CreatedAt: createdAt, Labels: labels, Annotations: annotations, }, nil @@ -157,10 +161,10 @@ func toRuntimeAPISandbox(c *dockertypes.Container) (*runtimeapi.PodSandbox, erro // The timestamp in dockertypes.Container is in seconds. createdAt := c.Created * int64(time.Second) return &runtimeapi.PodSandbox{ - Id: &c.ID, + Id: c.ID, Metadata: metadata, - State: &state, - CreatedAt: &createdAt, + State: state, + CreatedAt: createdAt, Labels: labels, Annotations: annotations, }, nil diff --git a/pkg/kubelet/dockershim/docker_container.go b/pkg/kubelet/dockershim/docker_container.go index a990a300117..5fb38c4d71c 100644 --- a/pkg/kubelet/dockershim/docker_container.go +++ b/pkg/kubelet/dockershim/docker_container.go @@ -42,14 +42,14 @@ func (ds *dockerService) ListContainers(filter *runtimeapi.ContainerFilter) ([]* f.AddLabel(containerTypeLabelKey, containerTypeLabelContainer) if filter != nil { - if filter.Id != nil { - f.Add("id", filter.GetId()) + if filter.Id != "" { + f.Add("id", filter.Id) } if filter.State != nil { - f.Add("status", toDockerContainerStatus(filter.GetState())) + f.Add("status", toDockerContainerStatus(filter.GetState().State)) } - if filter.PodSandboxId != nil { - f.AddLabel(sandboxIDLabelKey, *filter.PodSandboxId) + if filter.PodSandboxId != "" { + f.AddLabel(sandboxIDLabelKey, filter.PodSandboxId) } if filter.LabelSelector != nil { @@ -87,35 +87,35 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeapi return "", fmt.Errorf("container config is nil") } if sandboxConfig == nil { - return "", fmt.Errorf("sandbox config is nil for container %q", config.Metadata.GetName()) + return "", fmt.Errorf("sandbox config is nil for container %q", config.Metadata.Name) } labels := makeLabels(config.GetLabels(), config.GetAnnotations()) // Apply a the container type label. labels[containerTypeLabelKey] = containerTypeLabelContainer // Write the container log path in the labels. - labels[containerLogPathLabelKey] = filepath.Join(sandboxConfig.GetLogDirectory(), config.GetLogPath()) + labels[containerLogPathLabelKey] = filepath.Join(sandboxConfig.LogDirectory, config.LogPath) // Write the sandbox ID in the labels. labels[sandboxIDLabelKey] = podSandboxID image := "" if iSpec := config.GetImage(); iSpec != nil { - image = iSpec.GetImage() + image = iSpec.Image } createConfig := dockertypes.ContainerCreateConfig{ Name: makeContainerName(sandboxConfig, config), Config: &dockercontainer.Config{ // TODO: set User. - Entrypoint: dockerstrslice.StrSlice(config.GetCommand()), - Cmd: dockerstrslice.StrSlice(config.GetArgs()), + Entrypoint: dockerstrslice.StrSlice(config.Command), + Cmd: dockerstrslice.StrSlice(config.Args), Env: generateEnvList(config.GetEnvs()), Image: image, - WorkingDir: config.GetWorkingDir(), + WorkingDir: config.WorkingDir, Labels: labels, // Interactive containers: - OpenStdin: config.GetStdin(), - StdinOnce: config.GetStdinOnce(), - Tty: config.GetTty(), + OpenStdin: config.Stdin, + StdinOnce: config.StdinOnce, + Tty: config.Tty, }, } @@ -132,13 +132,13 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeapi rOpts := lc.GetResources() if rOpts != nil { hc.Resources = dockercontainer.Resources{ - Memory: rOpts.GetMemoryLimitInBytes(), + Memory: rOpts.MemoryLimitInBytes, MemorySwap: dockertools.DefaultMemorySwap(), - CPUShares: rOpts.GetCpuShares(), - CPUQuota: rOpts.GetCpuQuota(), - CPUPeriod: rOpts.GetCpuPeriod(), + CPUShares: rOpts.CpuShares, + CPUQuota: rOpts.CpuQuota, + CPUPeriod: rOpts.CpuPeriod, } - hc.OomScoreAdj = int(rOpts.GetOomScoreAdj()) + hc.OomScoreAdj = int(rOpts.OomScoreAdj) } // Note: ShmSize is handled in kube_docker_client.go @@ -149,9 +149,9 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeapi // Apply cgroupsParent derived from the sandbox config. if lc := sandboxConfig.GetLinux(); lc != nil { // Apply Cgroup options. - cgroupParent, err := ds.GenerateExpectedCgroupParent(lc.GetCgroupParent()) + cgroupParent, err := ds.GenerateExpectedCgroupParent(lc.CgroupParent) if err != nil { - return "", fmt.Errorf("failed to generate cgroup parent in expected syntax for container %q: %v", config.Metadata.GetName(), err) + return "", fmt.Errorf("failed to generate cgroup parent in expected syntax for container %q: %v", config.Metadata.Name, err) } hc.CgroupParent = cgroupParent } @@ -160,17 +160,17 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeapi devices := make([]dockercontainer.DeviceMapping, len(config.Devices)) for i, device := range config.Devices { devices[i] = dockercontainer.DeviceMapping{ - PathOnHost: device.GetHostPath(), - PathInContainer: device.GetContainerPath(), - CgroupPermissions: device.GetPermissions(), + PathOnHost: device.HostPath, + PathInContainer: device.ContainerPath, + CgroupPermissions: device.Permissions, } } hc.Resources.Devices = devices // Apply appArmor and seccomp options. - securityOpts, err := getContainerSecurityOpts(config.Metadata.GetName(), sandboxConfig, ds.seccompProfileRoot) + securityOpts, err := getContainerSecurityOpts(config.Metadata.Name, sandboxConfig, ds.seccompProfileRoot) if err != nil { - return "", fmt.Errorf("failed to generate container security options for container %q: %v", config.Metadata.GetName(), err) + return "", fmt.Errorf("failed to generate container security options for container %q: %v", config.Metadata.Name, err) } hc.SecurityOpt = append(hc.SecurityOpt, securityOpts...) @@ -310,9 +310,9 @@ func (ds *dockerService) ContainerStatus(containerID string) (*runtimeapi.Contai m := r.Mounts[i] readonly := !m.RW mounts = append(mounts, &runtimeapi.Mount{ - HostPath: &m.Source, - ContainerPath: &m.Destination, - Readonly: &readonly, + HostPath: m.Source, + ContainerPath: m.Destination, + Readonly: readonly, // Note: Can't set SeLinuxRelabel }) } @@ -369,18 +369,18 @@ func (ds *dockerService) ContainerStatus(containerID string) (*runtimeapi.Contai imageName = ir.RepoTags[0] } return &runtimeapi.ContainerStatus{ - Id: &r.ID, + Id: r.ID, Metadata: metadata, - Image: &runtimeapi.ImageSpec{Image: &imageName}, - ImageRef: &imageID, + Image: &runtimeapi.ImageSpec{Image: imageName}, + ImageRef: imageID, Mounts: mounts, - ExitCode: &exitCode, - State: &state, - CreatedAt: &ct, - StartedAt: &st, - FinishedAt: &ft, - Reason: &reason, - Message: &message, + ExitCode: exitCode, + State: state, + CreatedAt: ct, + StartedAt: st, + FinishedAt: ft, + Reason: reason, + Message: message, Labels: labels, Annotations: annotations, }, nil diff --git a/pkg/kubelet/dockershim/docker_container_test.go b/pkg/kubelet/dockershim/docker_container_test.go index 609a11a30f4..ebabc71e86a 100644 --- a/pkg/kubelet/dockershim/docker_container_test.go +++ b/pkg/kubelet/dockershim/docker_container_test.go @@ -32,10 +32,10 @@ import ( func makeContainerConfig(sConfig *runtimeapi.PodSandboxConfig, name, image string, attempt uint32, labels, annotations map[string]string) *runtimeapi.ContainerConfig { return &runtimeapi.ContainerConfig{ Metadata: &runtimeapi.ContainerMetadata{ - Name: &name, - Attempt: &attempt, + Name: name, + Attempt: attempt, }, - Image: &runtimeapi.ImageSpec{Image: &image}, + Image: &runtimeapi.ImageSpec{Image: image}, Labels: labels, Annotations: annotations, } @@ -77,12 +77,12 @@ func TestListContainers(t *testing.T) { // the most recent containers first. expected = append([]*runtimeapi.Container{{ Metadata: configs[i].Metadata, - Id: &id, - PodSandboxId: &sandboxID, - State: &state, - CreatedAt: &createdAt, + Id: id, + PodSandboxId: sandboxID, + State: state, + CreatedAt: createdAt, Image: configs[i].Image, - ImageRef: &imageRef, + ImageRef: imageRef, Labels: configs[i].Labels, Annotations: configs[i].Annotations, }}, expected...) @@ -112,16 +112,16 @@ func TestContainerStatus(t *testing.T) { var reason, message string expected := &runtimeapi.ContainerStatus{ - State: &state, - CreatedAt: &ct, - StartedAt: &st, - FinishedAt: &ft, + State: state, + CreatedAt: ct, + StartedAt: st, + FinishedAt: ft, Metadata: config.Metadata, Image: config.Image, - ImageRef: &imageRef, - ExitCode: &exitCode, - Reason: &reason, - Message: &message, + ImageRef: imageRef, + ExitCode: exitCode, + Reason: reason, + Message: message, Mounts: []*runtimeapi.Mount{}, Labels: config.Labels, Annotations: config.Annotations, @@ -129,7 +129,7 @@ func TestContainerStatus(t *testing.T) { // Create the container. fClock.SetTime(time.Now().Add(-1 * time.Hour)) - *expected.CreatedAt = fClock.Now().UnixNano() + expected.CreatedAt = fClock.Now().UnixNano() const sandboxId = "sandboxid" id, err := ds.CreateContainer(sandboxId, config, sConfig) @@ -140,7 +140,7 @@ func TestContainerStatus(t *testing.T) { assert.Equal(t, c.Config.Labels[sandboxIDLabelKey], sandboxId) // Set the id manually since we don't know the id until it's created. - expected.Id = &id + expected.Id = id assert.NoError(t, err) status, err := ds.ContainerStatus(id) assert.NoError(t, err) @@ -148,8 +148,8 @@ func TestContainerStatus(t *testing.T) { // Advance the clock and start the container. fClock.SetTime(time.Now()) - *expected.StartedAt = fClock.Now().UnixNano() - *expected.State = runtimeapi.ContainerState_CONTAINER_RUNNING + expected.StartedAt = fClock.Now().UnixNano() + expected.State = runtimeapi.ContainerState_CONTAINER_RUNNING err = ds.StartContainer(id) assert.NoError(t, err) @@ -158,9 +158,9 @@ func TestContainerStatus(t *testing.T) { // Advance the clock and stop the container. fClock.SetTime(time.Now().Add(1 * time.Hour)) - *expected.FinishedAt = fClock.Now().UnixNano() - *expected.State = runtimeapi.ContainerState_CONTAINER_EXITED - *expected.Reason = "Completed" + expected.FinishedAt = fClock.Now().UnixNano() + expected.State = runtimeapi.ContainerState_CONTAINER_EXITED + expected.Reason = "Completed" err = ds.StopContainer(id, 0) assert.NoError(t, err) @@ -181,9 +181,9 @@ func TestContainerLogPath(t *testing.T) { containerLogPath := "0" kubeletContainerLogPath := filepath.Join(podLogPath, containerLogPath) sConfig := makeSandboxConfig("foo", "bar", "1", 0) - sConfig.LogDirectory = &podLogPath + sConfig.LogDirectory = podLogPath config := makeContainerConfig(sConfig, "pause", "iamimage", 0, nil, nil) - config.LogPath = &containerLogPath + config.LogPath = containerLogPath const sandboxId = "sandboxid" id, err := ds.CreateContainer(sandboxId, config, sConfig) diff --git a/pkg/kubelet/dockershim/docker_image.go b/pkg/kubelet/dockershim/docker_image.go index 15aa7d95410..d568c5164c0 100644 --- a/pkg/kubelet/dockershim/docker_image.go +++ b/pkg/kubelet/dockershim/docker_image.go @@ -29,7 +29,7 @@ func (ds *dockerService) ListImages(filter *runtimeapi.ImageFilter) ([]*runtimea opts := dockertypes.ImageListOptions{} if filter != nil { if imgSpec := filter.GetImage(); imgSpec != nil { - opts.MatchName = imgSpec.GetImage() + opts.MatchName = imgSpec.Image } } @@ -52,7 +52,7 @@ func (ds *dockerService) ListImages(filter *runtimeapi.ImageFilter) ([]*runtimea // ImageStatus returns the status of the image, returns nil if the image doesn't present. func (ds *dockerService) ImageStatus(image *runtimeapi.ImageSpec) (*runtimeapi.Image, error) { - imageInspect, err := ds.client.InspectImageByRef(image.GetImage()) + imageInspect, err := ds.client.InspectImageByRef(image.Image) if err != nil { if dockertools.IsImageNotFoundError(err) { return nil, nil @@ -64,21 +64,23 @@ func (ds *dockerService) ImageStatus(image *runtimeapi.ImageSpec) (*runtimeapi.I // PullImage pulls an image with authentication config. func (ds *dockerService) PullImage(image *runtimeapi.ImageSpec, auth *runtimeapi.AuthConfig) (string, error) { - err := ds.client.PullImage(image.GetImage(), - dockertypes.AuthConfig{ - Username: auth.GetUsername(), - Password: auth.GetPassword(), - ServerAddress: auth.GetServerAddress(), - IdentityToken: auth.GetIdentityToken(), - RegistryToken: auth.GetRegistryToken(), - }, + authConfig := dockertypes.AuthConfig{} + if auth != nil { + authConfig.Username = auth.Username + authConfig.Password = auth.Password + authConfig.ServerAddress = auth.ServerAddress + authConfig.IdentityToken = auth.IdentityToken + authConfig.RegistryToken = auth.RegistryToken + } + err := ds.client.PullImage(image.Image, + authConfig, dockertypes.ImagePullOptions{}, ) if err != nil { return "", err } - return dockertools.GetImageRef(ds.client, image.GetImage()) + return dockertools.GetImageRef(ds.client, image.Image) } // RemoveImage removes the image. @@ -86,7 +88,7 @@ func (ds *dockerService) RemoveImage(image *runtimeapi.ImageSpec) error { // If the image has multiple tags, we need to remove all the tags // TODO: We assume image.Image is image ID here, which is true in the current implementation // of kubelet, but we should still clarify this in CRI. - imageInspect, err := ds.client.InspectImageByID(image.GetImage()) + imageInspect, err := ds.client.InspectImageByID(image.Image) if err == nil && imageInspect != nil && len(imageInspect.RepoTags) > 1 { for _, tag := range imageInspect.RepoTags { if _, err := ds.client.RemoveImage(tag, dockertypes.ImageRemoveOptions{PruneChildren: true}); err != nil { @@ -96,6 +98,6 @@ func (ds *dockerService) RemoveImage(image *runtimeapi.ImageSpec) error { return nil } - _, err = ds.client.RemoveImage(image.GetImage(), dockertypes.ImageRemoveOptions{PruneChildren: true}) + _, err = ds.client.RemoveImage(image.Image, dockertypes.ImageRemoveOptions{PruneChildren: true}) return err } diff --git a/pkg/kubelet/dockershim/docker_image_test.go b/pkg/kubelet/dockershim/docker_image_test.go index b20b7247261..7ad366d018c 100644 --- a/pkg/kubelet/dockershim/docker_image_test.go +++ b/pkg/kubelet/dockershim/docker_image_test.go @@ -29,7 +29,7 @@ func TestRemoveImage(t *testing.T) { ds, fakeDocker, _ := newTestDockerService() id := "1111" fakeDocker.Image = &dockertypes.ImageInspect{ID: id, RepoTags: []string{"foo"}} - ds.RemoveImage(&runtimeapi.ImageSpec{Image: &id}) + ds.RemoveImage(&runtimeapi.ImageSpec{Image: id}) fakeDocker.AssertCallDetails(dockertools.NewCalledDetail("inspect_image", nil), dockertools.NewCalledDetail("remove_image", []interface{}{id, dockertypes.ImageRemoveOptions{PruneChildren: true}})) } @@ -38,7 +38,7 @@ func TestRemoveImageWithMultipleTags(t *testing.T) { ds, fakeDocker, _ := newTestDockerService() id := "1111" fakeDocker.Image = &dockertypes.ImageInspect{ID: id, RepoTags: []string{"foo", "bar"}} - ds.RemoveImage(&runtimeapi.ImageSpec{Image: &id}) + ds.RemoveImage(&runtimeapi.ImageSpec{Image: id}) fakeDocker.AssertCallDetails(dockertools.NewCalledDetail("inspect_image", nil), dockertools.NewCalledDetail("remove_image", []interface{}{"foo", dockertypes.ImageRemoveOptions{PruneChildren: true}}), dockertools.NewCalledDetail("remove_image", []interface{}{"bar", dockertypes.ImageRemoveOptions{PruneChildren: true}})) diff --git a/pkg/kubelet/dockershim/docker_sandbox.go b/pkg/kubelet/dockershim/docker_sandbox.go index 8074539c78a..03da38451bd 100644 --- a/pkg/kubelet/dockershim/docker_sandbox.go +++ b/pkg/kubelet/dockershim/docker_sandbox.go @@ -66,13 +66,13 @@ func (ds *dockerService) RunPodSandbox(config *runtimeapi.PodSandboxConfig) (str // Step 2: Create the sandbox container. createConfig, err := ds.makeSandboxDockerConfig(config, image) if err != nil { - return "", fmt.Errorf("failed to make sandbox docker config for pod %q: %v", config.Metadata.GetName(), err) + return "", fmt.Errorf("failed to make sandbox docker config for pod %q: %v", config.Metadata.Name, err) } createResp, err := ds.client.CreateContainer(*createConfig) recoverFromConflictIfNeeded(ds.client, err) if err != nil || createResp == nil { - return "", fmt.Errorf("failed to create a sandbox for pod %q: %v", config.Metadata.GetName(), err) + return "", fmt.Errorf("failed to create a sandbox for pod %q: %v", config.Metadata.Name, err) } // Step 3: Start the sandbox container. @@ -80,9 +80,9 @@ func (ds *dockerService) RunPodSandbox(config *runtimeapi.PodSandboxConfig) (str // startContainer failed. err = ds.client.StartContainer(createResp.ID) if err != nil { - return createResp.ID, fmt.Errorf("failed to start sandbox container for pod %q: %v", config.Metadata.GetName(), err) + return createResp.ID, fmt.Errorf("failed to start sandbox container for pod %q: %v", config.Metadata.Name, err) } - if config.GetLinux().GetSecurityContext().GetNamespaceOptions().GetHostNetwork() { + if nsOptions := config.GetLinux().GetSecurityContext().GetNamespaceOptions(); nsOptions != nil && nsOptions.HostNetwork { return createResp.ID, nil } @@ -94,7 +94,7 @@ func (ds *dockerService) RunPodSandbox(config *runtimeapi.PodSandboxConfig) (str // on the host as well, to satisfy parts of the pod spec that aren't // recognized by the CNI standard yet. cID := kubecontainer.BuildContainerID(runtimeName, createResp.ID) - err = ds.networkPlugin.SetUpPod(config.GetMetadata().GetNamespace(), config.GetMetadata().GetName(), cID) + err = ds.networkPlugin.SetUpPod(config.GetMetadata().Namespace, config.GetMetadata().Name, cID) // TODO: Do we need to teardown on failure or can we rely on a StopPodSandbox call with the given ID? return createResp.ID, err } @@ -109,16 +109,16 @@ func (ds *dockerService) StopPodSandbox(podSandboxID string) error { if err != nil { return fmt.Errorf("Failed to get sandbox status: %v", err) } - if !status.GetLinux().GetNamespaces().GetOptions().GetHostNetwork() { + if nsOpts := status.GetLinux().GetNamespaces().GetOptions(); nsOpts != nil && !nsOpts.HostNetwork { m := status.GetMetadata() cID := kubecontainer.BuildContainerID(runtimeName, podSandboxID) - if err := ds.networkPlugin.TearDownPod(m.GetNamespace(), m.GetName(), cID); err != nil { + if err := ds.networkPlugin.TearDownPod(m.Namespace, m.Name, cID); err != nil { // TODO: Figure out a way to retry this error. We can't // right now because the plugin throws errors when it doesn't find // eth0, which might not exist for various reasons (setup failed, // conf changed etc). In theory, it should teardown everything else // so there's no need to retry. - glog.Errorf("Failed to teardown sandbox %v for pod %v/%v: %v", m.GetNamespace(), m.GetName(), podSandboxID, err) + glog.Errorf("Failed to teardown sandbox %v for pod %v/%v: %v", m.Namespace, m.Name, podSandboxID, err) } } return ds.client.StopContainer(podSandboxID, defaultSandboxGracePeriod) @@ -138,12 +138,12 @@ func (ds *dockerService) getIPFromPlugin(sandbox *dockertypes.ContainerJSON) (st if err != nil { return "", err } - msg := fmt.Sprintf("Couldn't find network status for %s/%s through plugin", *metadata.Namespace, *metadata.Name) + msg := fmt.Sprintf("Couldn't find network status for %s/%s through plugin", metadata.Namespace, metadata.Name) if sharesHostNetwork(sandbox) { return "", fmt.Errorf("%v: not responsible for host-network sandboxes", msg) } cID := kubecontainer.BuildContainerID(runtimeName, sandbox.ID) - networkStatus, err := ds.networkPlugin.GetPodNetworkStatus(*metadata.Namespace, *metadata.Name, cID) + networkStatus, err := ds.networkPlugin.GetPodNetworkStatus(metadata.Namespace, metadata.Name, cID) if err != nil { // This might be a sandbox that somehow ended up without a default // interface (eth0). We can't distinguish this from a more serious @@ -203,7 +203,7 @@ func (ds *dockerService) PodSandboxStatus(podSandboxID string) (*runtimeapi.PodS if err != nil { return nil, err } - network := &runtimeapi.PodSandboxNetworkStatus{Ip: &IP} + network := &runtimeapi.PodSandboxNetworkStatus{Ip: IP} netNS := getNetworkNamespace(r) metadata, err := parseSandboxName(r.Name) @@ -213,18 +213,18 @@ func (ds *dockerService) PodSandboxStatus(podSandboxID string) (*runtimeapi.PodS hostNetwork := sharesHostNetwork(r) labels, annotations := extractLabels(r.Config.Labels) return &runtimeapi.PodSandboxStatus{ - Id: &r.ID, - State: &state, - CreatedAt: &ct, + Id: r.ID, + State: state, + CreatedAt: ct, Metadata: metadata, Labels: labels, Annotations: annotations, Network: network, Linux: &runtimeapi.LinuxPodSandboxStatus{ Namespaces: &runtimeapi.Namespace{ - Network: &netNS, + Network: netNS, Options: &runtimeapi.NamespaceOption{ - HostNetwork: &hostNetwork, + HostNetwork: hostNetwork, }, }, }, @@ -243,11 +243,11 @@ func (ds *dockerService) ListPodSandbox(filter *runtimeapi.PodSandboxFilter) ([] f.AddLabel(containerTypeLabelKey, containerTypeLabelSandbox) if filter != nil { - if filter.Id != nil { - f.Add("id", filter.GetId()) + if filter.Id != "" { + f.Add("id", filter.Id) } if filter.State != nil { - if filter.GetState() == runtimeapi.PodSandboxState_SANDBOX_READY { + if filter.GetState().State == runtimeapi.PodSandboxState_SANDBOX_READY { // Only list running containers. opts.All = false } else { @@ -280,7 +280,7 @@ func (ds *dockerService) ListPodSandbox(filter *runtimeapi.PodSandboxFilter) ([] glog.V(4).Infof("Unable to convert docker to runtime API sandbox: %v", err) continue } - if filterOutReadySandboxes && converted.GetState() == runtimeapi.PodSandboxState_SANDBOX_READY { + if filterOutReadySandboxes && converted.State == runtimeapi.PodSandboxState_SANDBOX_READY { continue } @@ -292,7 +292,7 @@ func (ds *dockerService) ListPodSandbox(filter *runtimeapi.PodSandboxFilter) ([] // applySandboxLinuxOptions applies LinuxPodSandboxConfig to dockercontainer.HostConfig and dockercontainer.ContainerCreateConfig. func (ds *dockerService) applySandboxLinuxOptions(hc *dockercontainer.HostConfig, lc *runtimeapi.LinuxPodSandboxConfig, createConfig *dockertypes.ContainerCreateConfig, image string) error { // Apply Cgroup options. - cgroupParent, err := ds.GenerateExpectedCgroupParent(lc.GetCgroupParent()) + cgroupParent, err := ds.GenerateExpectedCgroupParent(lc.CgroupParent) if err != nil { return err } @@ -317,7 +317,7 @@ func (ds *dockerService) makeSandboxDockerConfig(c *runtimeapi.PodSandboxConfig, createConfig := &dockertypes.ContainerCreateConfig{ Name: makeSandboxName(c), Config: &dockercontainer.Config{ - Hostname: c.GetHostname(), + Hostname: c.Hostname, // TODO: Handle environment variables. Image: image, Labels: labels, @@ -328,7 +328,7 @@ func (ds *dockerService) makeSandboxDockerConfig(c *runtimeapi.PodSandboxConfig, // Set sysctls if requested sysctls, err := getSysctlsFromAnnotations(c.Annotations) if err != nil { - return nil, fmt.Errorf("failed to get sysctls from annotations %v for sandbox %q: %v", c.Annotations, c.Metadata.GetName(), err) + return nil, fmt.Errorf("failed to get sysctls from annotations %v for sandbox %q: %v", c.Annotations, c.Metadata.Name, err) } hc.Sysctls = sysctls @@ -346,9 +346,9 @@ func (ds *dockerService) makeSandboxDockerConfig(c *runtimeapi.PodSandboxConfig, // Set DNS options. if dnsConfig := c.GetDnsConfig(); dnsConfig != nil { - hc.DNS = dnsConfig.GetServers() - hc.DNSSearch = dnsConfig.GetSearches() - hc.DNSOptions = dnsConfig.GetOptions() + hc.DNS = dnsConfig.Servers + hc.DNSSearch = dnsConfig.Searches + hc.DNSOptions = dnsConfig.Options } // Apply resource options. @@ -357,7 +357,7 @@ func (ds *dockerService) makeSandboxDockerConfig(c *runtimeapi.PodSandboxConfig, // Set security options. securityOpts, err := getSandboxSecurityOpts(c, ds.seccompProfileRoot) if err != nil { - return nil, fmt.Errorf("failed to generate sandbox security options for sandbox %q: %v", c.Metadata.GetName(), err) + return nil, fmt.Errorf("failed to generate sandbox security options for sandbox %q: %v", c.Metadata.Name, err) } hc.SecurityOpt = append(hc.SecurityOpt, securityOpts...) return createConfig, nil diff --git a/pkg/kubelet/dockershim/docker_sandbox_test.go b/pkg/kubelet/dockershim/docker_sandbox_test.go index e3e840562b7..085a7b7e720 100644 --- a/pkg/kubelet/dockershim/docker_sandbox_test.go +++ b/pkg/kubelet/dockershim/docker_sandbox_test.go @@ -37,10 +37,10 @@ func makeSandboxConfig(name, namespace, uid string, attempt uint32) *runtimeapi. func makeSandboxConfigWithLabelsAndAnnotations(name, namespace, uid string, attempt uint32, labels, annotations map[string]string) *runtimeapi.PodSandboxConfig { return &runtimeapi.PodSandboxConfig{ Metadata: &runtimeapi.PodSandboxMetadata{ - Name: &name, - Namespace: &namespace, - Uid: &uid, - Attempt: &attempt, + Name: name, + Namespace: namespace, + Uid: uid, + Attempt: attempt, }, Labels: labels, Annotations: annotations, @@ -72,9 +72,9 @@ func TestListSandboxes(t *testing.T) { // the most recent sandbox first. expected = append([]*runtimeapi.PodSandbox{{ Metadata: configs[i].Metadata, - Id: &id, - State: &state, - CreatedAt: &createdAt, + Id: id, + State: state, + CreatedAt: createdAt, Labels: configs[i].Labels, Annotations: configs[i].Annotations, }}, expected...) @@ -102,18 +102,18 @@ func TestSandboxStatus(t *testing.T) { ct := int64(0) hostNetwork := false expected := &runtimeapi.PodSandboxStatus{ - State: &state, - CreatedAt: &ct, + State: state, + CreatedAt: ct, Metadata: config.Metadata, - Network: &runtimeapi.PodSandboxNetworkStatus{Ip: &fakeIP}, - Linux: &runtimeapi.LinuxPodSandboxStatus{Namespaces: &runtimeapi.Namespace{Network: &fakeNS, Options: &runtimeapi.NamespaceOption{HostNetwork: &hostNetwork}}}, + Network: &runtimeapi.PodSandboxNetworkStatus{Ip: fakeIP}, + Linux: &runtimeapi.LinuxPodSandboxStatus{Namespaces: &runtimeapi.Namespace{Network: fakeNS, Options: &runtimeapi.NamespaceOption{HostNetwork: hostNetwork}}}, Labels: labels, Annotations: annotations, } // Create the sandbox. fClock.SetTime(time.Now()) - *expected.CreatedAt = fClock.Now().UnixNano() + expected.CreatedAt = fClock.Now().UnixNano() id, err := ds.RunPodSandbox(config) // Check internal labels @@ -122,13 +122,13 @@ func TestSandboxStatus(t *testing.T) { assert.Equal(t, c.Config.Labels[containerTypeLabelKey], containerTypeLabelSandbox) assert.Equal(t, c.Config.Labels[types.KubernetesContainerNameLabel], sandboxContainerName) - expected.Id = &id // ID is only known after the creation. + expected.Id = id // ID is only known after the creation. status, err := ds.PodSandboxStatus(id) assert.NoError(t, err) assert.Equal(t, expected, status) // Stop the sandbox. - *expected.State = runtimeapi.PodSandboxState_SANDBOX_NOTREADY + expected.State = runtimeapi.PodSandboxState_SANDBOX_NOTREADY err = ds.StopPodSandbox(id) assert.NoError(t, err) status, err = ds.PodSandboxStatus(id) @@ -189,7 +189,7 @@ func TestHostNetworkPluginInvocation(t *testing.T) { c.Linux = &runtimeapi.LinuxPodSandboxConfig{ SecurityContext: &runtimeapi.LinuxSandboxSecurityContext{ NamespaceOptions: &runtimeapi.NamespaceOption{ - HostNetwork: &hostNetwork, + HostNetwork: hostNetwork, }, }, } diff --git a/pkg/kubelet/dockershim/docker_service.go b/pkg/kubelet/dockershim/docker_service.go index 9635eaa7a12..7be90e4f681 100644 --- a/pkg/kubelet/dockershim/docker_service.go +++ b/pkg/kubelet/dockershim/docker_service.go @@ -21,7 +21,6 @@ import ( "net/http" "github.com/golang/glog" - "github.com/golang/protobuf/proto" "k8s.io/kubernetes/pkg/apis/componentconfig" internalapi "k8s.io/kubernetes/pkg/kubelet/api" @@ -191,10 +190,10 @@ func (ds *dockerService) Version(_ string) (*runtimeapi.VersionResponse, error) // suffix to remedy this. apiVersion := fmt.Sprintf("%s.0", v.APIVersion) return &runtimeapi.VersionResponse{ - Version: &runtimeAPIVersion, - RuntimeName: &name, - RuntimeVersion: &v.Version, - RuntimeApiVersion: &apiVersion, + Version: runtimeAPIVersion, + RuntimeName: name, + RuntimeVersion: v.Version, + RuntimeApiVersion: apiVersion, }, nil } @@ -204,9 +203,9 @@ func (ds *dockerService) UpdateRuntimeConfig(runtimeConfig *runtimeapi.RuntimeCo return } glog.Infof("docker cri received runtime config %+v", runtimeConfig) - if ds.networkPlugin != nil && runtimeConfig.NetworkConfig.PodCidr != nil { + if ds.networkPlugin != nil && runtimeConfig.NetworkConfig.PodCidr != "" { event := make(map[string]interface{}) - event[network.NET_PLUGIN_EVENT_POD_CIDR_CHANGE_DETAIL_CIDR] = *runtimeConfig.NetworkConfig.PodCidr + event[network.NET_PLUGIN_EVENT_POD_CIDR_CHANGE_DETAIL_CIDR] = runtimeConfig.NetworkConfig.PodCidr ds.networkPlugin.Event(network.NET_PLUGIN_EVENT_POD_CIDR_CHANGE, event) } return @@ -246,23 +245,23 @@ func (ds *dockerService) Start() error { // TODO(random-liu): Set network condition accordingly here. func (ds *dockerService) Status() (*runtimeapi.RuntimeStatus, error) { runtimeReady := &runtimeapi.RuntimeCondition{ - Type: proto.String(runtimeapi.RuntimeReady), - Status: proto.Bool(true), + Type: runtimeapi.RuntimeReady, + Status: true, } networkReady := &runtimeapi.RuntimeCondition{ - Type: proto.String(runtimeapi.NetworkReady), - Status: proto.Bool(true), + Type: runtimeapi.NetworkReady, + Status: true, } conditions := []*runtimeapi.RuntimeCondition{runtimeReady, networkReady} if _, err := ds.client.Version(); err != nil { - runtimeReady.Status = proto.Bool(false) - runtimeReady.Reason = proto.String("DockerDaemonNotReady") - runtimeReady.Message = proto.String(fmt.Sprintf("docker: failed to get docker version: %v", err)) + runtimeReady.Status = false + runtimeReady.Reason = "DockerDaemonNotReady" + runtimeReady.Message = fmt.Sprintf("docker: failed to get docker version: %v", err) } if err := ds.networkPlugin.Status(); err != nil { - networkReady.Status = proto.Bool(false) - networkReady.Reason = proto.String("NetworkPluginNotReady") - networkReady.Message = proto.String(fmt.Sprintf("docker: network plugin is not ready: %v", err)) + networkReady.Status = false + networkReady.Reason = "NetworkPluginNotReady" + networkReady.Message = fmt.Sprintf("docker: network plugin is not ready: %v", err) } return &runtimeapi.RuntimeStatus{Conditions: conditions}, nil } diff --git a/pkg/kubelet/dockershim/docker_service_test.go b/pkg/kubelet/dockershim/docker_service_test.go index 9cd3d47bdc1..5ca96ea22bb 100644 --- a/pkg/kubelet/dockershim/docker_service_test.go +++ b/pkg/kubelet/dockershim/docker_service_test.go @@ -53,8 +53,8 @@ func TestStatus(t *testing.T) { assert.Equal(t, len(expected), len(conditions)) for k, v := range expected { for _, c := range conditions { - if k == c.GetType() { - assert.Equal(t, v, c.GetStatus()) + if k == c.Type { + assert.Equal(t, v, c.Status) } } } diff --git a/pkg/kubelet/dockershim/docker_streaming.go b/pkg/kubelet/dockershim/docker_streaming.go index 18a3d467568..e7bfb3e2222 100644 --- a/pkg/kubelet/dockershim/docker_streaming.go +++ b/pkg/kubelet/dockershim/docker_streaming.go @@ -86,7 +86,7 @@ func (ds *dockerService) Exec(req *runtimeapi.ExecRequest) (*runtimeapi.ExecResp if ds.streamingServer == nil { return nil, streaming.ErrorStreamingDisabled("exec") } - _, err := checkContainerStatus(ds.client, req.GetContainerId()) + _, err := checkContainerStatus(ds.client, req.ContainerId) if err != nil { return nil, err } @@ -98,7 +98,7 @@ func (ds *dockerService) Attach(req *runtimeapi.AttachRequest) (*runtimeapi.Atta if ds.streamingServer == nil { return nil, streaming.ErrorStreamingDisabled("attach") } - _, err := checkContainerStatus(ds.client, req.GetContainerId()) + _, err := checkContainerStatus(ds.client, req.ContainerId) if err != nil { return nil, err } @@ -110,7 +110,7 @@ func (ds *dockerService) PortForward(req *runtimeapi.PortForwardRequest) (*runti if ds.streamingServer == nil { return nil, streaming.ErrorStreamingDisabled("port forward") } - _, err := checkContainerStatus(ds.client, req.GetPodSandboxId()) + _, err := checkContainerStatus(ds.client, req.PodSandboxId) if err != nil { return nil, err } diff --git a/pkg/kubelet/dockershim/helpers.go b/pkg/kubelet/dockershim/helpers.go index 8ca3bea16d0..5698b5cf704 100644 --- a/pkg/kubelet/dockershim/helpers.go +++ b/pkg/kubelet/dockershim/helpers.go @@ -64,7 +64,7 @@ func (v apiVersion) Compare(other string) (int, error) { // '=', which can be understood by docker. func generateEnvList(envs []*runtimeapi.KeyValue) (result []string) { for _, env := range envs { - result = append(result, fmt.Sprintf("%s=%s", env.GetKey(), env.GetValue())) + result = append(result, fmt.Sprintf("%s=%s", env.Key, env.Value)) } return } @@ -129,8 +129,8 @@ func extractLabels(input map[string]string) (map[string]string, map[string]strin // relabeling and the pod provides an SELinux label func generateMountBindings(mounts []*runtimeapi.Mount) (result []string) { for _, m := range mounts { - bind := fmt.Sprintf("%s:%s", m.GetHostPath(), m.GetContainerPath()) - readOnly := m.GetReadonly() + bind := fmt.Sprintf("%s:%s", m.HostPath, m.ContainerPath) + readOnly := m.Readonly if readOnly { bind += ":ro" } @@ -138,7 +138,7 @@ func generateMountBindings(mounts []*runtimeapi.Mount) (result []string) { // does not provide an SELinux context relabeling will label the volume with // the container's randomly allocated MCS label. This would restrict access // to the volume to the container which mounts it first. - if m.GetSelinuxRelabel() { + if m.SelinuxRelabel { if readOnly { bind += ",Z" } else { @@ -154,16 +154,16 @@ func makePortsAndBindings(pm []*runtimeapi.PortMapping) (map[dockernat.Port]stru exposedPorts := map[dockernat.Port]struct{}{} portBindings := map[dockernat.Port][]dockernat.PortBinding{} for _, port := range pm { - exteriorPort := port.GetHostPort() + exteriorPort := port.HostPort if exteriorPort == 0 { // No need to do port binding when HostPort is not specified continue } - interiorPort := port.GetContainerPort() + interiorPort := port.ContainerPort // Some of this port stuff is under-documented voodoo. // See http://stackoverflow.com/questions/20428302/binding-a-port-to-a-host-interface-using-the-rest-api var protocol string - switch strings.ToUpper(string(port.GetProtocol())) { + switch strings.ToUpper(string(port.Protocol)) { case "UDP": protocol = "/udp" case "TCP": @@ -178,7 +178,7 @@ func makePortsAndBindings(pm []*runtimeapi.PortMapping) (map[dockernat.Port]stru hostBinding := dockernat.PortBinding{ HostPort: strconv.Itoa(int(exteriorPort)), - HostIP: port.GetHostIp(), + HostIP: port.HostIp, } // Allow multiple host ports bind to same docker port @@ -272,20 +272,20 @@ func (f *dockerFilter) AddLabel(key, value string) { // getUserFromImageUser gets uid or user name of the image user. // If user is numeric, it will be treated as uid; or else, it is treated as user name. -func getUserFromImageUser(imageUser string) (*int64, *string) { +func getUserFromImageUser(imageUser string) (*int64, string) { user := dockertools.GetUserFromImageUser(imageUser) // return both nil if user is not specified in the image. if user == "" { - return nil, nil + return nil, "" } // user could be either uid or user name. Try to interpret as numeric uid. uid, err := strconv.ParseInt(user, 10, 64) if err != nil { // If user is non numeric, assume it's user name. - return nil, &user + return nil, user } // If user is a numeric uid. - return &uid, nil + return &uid, "" } // See #33189. If the previous attempt to create a sandbox container name FOO diff --git a/pkg/kubelet/dockershim/helpers_test.go b/pkg/kubelet/dockershim/helpers_test.go index 9bdfdbddf9e..d5900cf19a1 100644 --- a/pkg/kubelet/dockershim/helpers_test.go +++ b/pkg/kubelet/dockershim/helpers_test.go @@ -192,11 +192,10 @@ func TestGetSystclsFromAnnotations(t *testing.T) { // TestGetUserFromImageUser tests the logic of getting image uid or user name of image user. func TestGetUserFromImageUser(t *testing.T) { newI64 := func(i int64) *int64 { return &i } - newStr := func(s string) *string { return &s } for c, test := range map[string]struct { user string uid *int64 - name *string + name string }{ "no gid": { user: "0", @@ -215,11 +214,11 @@ func TestGetUserFromImageUser(t *testing.T) { }, "root username": { user: "root:root", - name: newStr("root"), + name: "root", }, "username": { user: "test:test", - name: newStr("test"), + name: "test", }, } { t.Logf("TestCase - %q", c) diff --git a/pkg/kubelet/dockershim/naming.go b/pkg/kubelet/dockershim/naming.go index cb62a9eb696..062b012d214 100644 --- a/pkg/kubelet/dockershim/naming.go +++ b/pkg/kubelet/dockershim/naming.go @@ -57,23 +57,23 @@ const ( func makeSandboxName(s *runtimeapi.PodSandboxConfig) string { return strings.Join([]string{ - kubePrefix, // 0 - sandboxContainerName, // 1 - s.Metadata.GetName(), // 2 - s.Metadata.GetNamespace(), // 3 - s.Metadata.GetUid(), // 4 - fmt.Sprintf("%d", s.Metadata.GetAttempt()), // 5 + kubePrefix, // 0 + sandboxContainerName, // 1 + s.Metadata.Name, // 2 + s.Metadata.Namespace, // 3 + s.Metadata.Uid, // 4 + fmt.Sprintf("%d", s.Metadata.Attempt), // 5 }, nameDelimiter) } func makeContainerName(s *runtimeapi.PodSandboxConfig, c *runtimeapi.ContainerConfig) string { return strings.Join([]string{ - kubePrefix, // 0 - c.Metadata.GetName(), // 1: - s.Metadata.GetName(), // 2: sandbox name - s.Metadata.GetNamespace(), // 3: sandbox namesapce - s.Metadata.GetUid(), // 4 sandbox uid - fmt.Sprintf("%d", c.Metadata.GetAttempt()), // 5 + kubePrefix, // 0 + c.Metadata.Name, // 1: + s.Metadata.Name, // 2: sandbox name + s.Metadata.Namespace, // 3: sandbox namesapce + s.Metadata.Uid, // 4 sandbox uid + fmt.Sprintf("%d", c.Metadata.Attempt), // 5 }, nameDelimiter) } @@ -105,10 +105,10 @@ func parseSandboxName(name string) (*runtimeapi.PodSandboxMetadata, error) { } return &runtimeapi.PodSandboxMetadata{ - Name: &parts[2], - Namespace: &parts[3], - Uid: &parts[4], - Attempt: &attempt, + Name: parts[2], + Namespace: parts[3], + Uid: parts[4], + Attempt: attempt, }, nil } @@ -131,7 +131,7 @@ func parseContainerName(name string) (*runtimeapi.ContainerMetadata, error) { } return &runtimeapi.ContainerMetadata{ - Name: &parts[1], - Attempt: &attempt, + Name: parts[1], + Attempt: attempt, }, nil } diff --git a/pkg/kubelet/dockershim/naming_test.go b/pkg/kubelet/dockershim/naming_test.go index 49212310737..9b70cbb73d1 100644 --- a/pkg/kubelet/dockershim/naming_test.go +++ b/pkg/kubelet/dockershim/naming_test.go @@ -55,8 +55,8 @@ func TestContainerNameRoundTrip(t *testing.T) { name, attempt := "pause", uint32(5) config := &runtimeapi.ContainerConfig{ Metadata: &runtimeapi.ContainerMetadata{ - Name: &name, - Attempt: &attempt, + Name: name, + Attempt: attempt, }, } actualName := makeContainerName(sConfig, config) diff --git a/pkg/kubelet/dockershim/remote/docker_service.go b/pkg/kubelet/dockershim/remote/docker_service.go index 8274d83315d..70c8f899e78 100644 --- a/pkg/kubelet/dockershim/remote/docker_service.go +++ b/pkg/kubelet/dockershim/remote/docker_service.go @@ -47,7 +47,7 @@ func NewDockerService(s dockershim.DockerService) DockerService { } func (d *dockerService) Version(ctx context.Context, r *runtimeapi.VersionRequest) (*runtimeapi.VersionResponse, error) { - return d.runtimeService.Version(r.GetVersion()) + return d.runtimeService.Version(r.Version) } func (d *dockerService) Status(ctx context.Context, r *runtimeapi.StatusRequest) (*runtimeapi.StatusResponse, error) { @@ -63,11 +63,11 @@ func (d *dockerService) RunPodSandbox(ctx context.Context, r *runtimeapi.RunPodS if err != nil { return nil, err } - return &runtimeapi.RunPodSandboxResponse{PodSandboxId: &podSandboxId}, nil + return &runtimeapi.RunPodSandboxResponse{PodSandboxId: podSandboxId}, nil } func (d *dockerService) StopPodSandbox(ctx context.Context, r *runtimeapi.StopPodSandboxRequest) (*runtimeapi.StopPodSandboxResponse, error) { - err := d.runtimeService.StopPodSandbox(r.GetPodSandboxId()) + err := d.runtimeService.StopPodSandbox(r.PodSandboxId) if err != nil { return nil, err } @@ -75,7 +75,7 @@ func (d *dockerService) StopPodSandbox(ctx context.Context, r *runtimeapi.StopPo } func (d *dockerService) RemovePodSandbox(ctx context.Context, r *runtimeapi.RemovePodSandboxRequest) (*runtimeapi.RemovePodSandboxResponse, error) { - err := d.runtimeService.RemovePodSandbox(r.GetPodSandboxId()) + err := d.runtimeService.RemovePodSandbox(r.PodSandboxId) if err != nil { return nil, err } @@ -83,7 +83,7 @@ func (d *dockerService) RemovePodSandbox(ctx context.Context, r *runtimeapi.Remo } func (d *dockerService) PodSandboxStatus(ctx context.Context, r *runtimeapi.PodSandboxStatusRequest) (*runtimeapi.PodSandboxStatusResponse, error) { - podSandboxStatus, err := d.runtimeService.PodSandboxStatus(r.GetPodSandboxId()) + podSandboxStatus, err := d.runtimeService.PodSandboxStatus(r.PodSandboxId) if err != nil { return nil, err } @@ -99,15 +99,15 @@ func (d *dockerService) ListPodSandbox(ctx context.Context, r *runtimeapi.ListPo } func (d *dockerService) CreateContainer(ctx context.Context, r *runtimeapi.CreateContainerRequest) (*runtimeapi.CreateContainerResponse, error) { - containerId, err := d.runtimeService.CreateContainer(r.GetPodSandboxId(), r.GetConfig(), r.GetSandboxConfig()) + containerId, err := d.runtimeService.CreateContainer(r.PodSandboxId, r.GetConfig(), r.GetSandboxConfig()) if err != nil { return nil, err } - return &runtimeapi.CreateContainerResponse{ContainerId: &containerId}, nil + return &runtimeapi.CreateContainerResponse{ContainerId: containerId}, nil } func (d *dockerService) StartContainer(ctx context.Context, r *runtimeapi.StartContainerRequest) (*runtimeapi.StartContainerResponse, error) { - err := d.runtimeService.StartContainer(r.GetContainerId()) + err := d.runtimeService.StartContainer(r.ContainerId) if err != nil { return nil, err } @@ -115,7 +115,7 @@ func (d *dockerService) StartContainer(ctx context.Context, r *runtimeapi.StartC } func (d *dockerService) StopContainer(ctx context.Context, r *runtimeapi.StopContainerRequest) (*runtimeapi.StopContainerResponse, error) { - err := d.runtimeService.StopContainer(r.GetContainerId(), r.GetTimeout()) + err := d.runtimeService.StopContainer(r.ContainerId, r.Timeout) if err != nil { return nil, err } @@ -123,7 +123,7 @@ func (d *dockerService) StopContainer(ctx context.Context, r *runtimeapi.StopCon } func (d *dockerService) RemoveContainer(ctx context.Context, r *runtimeapi.RemoveContainerRequest) (*runtimeapi.RemoveContainerResponse, error) { - err := d.runtimeService.RemoveContainer(r.GetContainerId()) + err := d.runtimeService.RemoveContainer(r.ContainerId) if err != nil { return nil, err } @@ -139,7 +139,7 @@ func (d *dockerService) ListContainers(ctx context.Context, r *runtimeapi.ListCo } func (d *dockerService) ContainerStatus(ctx context.Context, r *runtimeapi.ContainerStatusRequest) (*runtimeapi.ContainerStatusResponse, error) { - status, err := d.runtimeService.ContainerStatus(r.GetContainerId()) + status, err := d.runtimeService.ContainerStatus(r.ContainerId) if err != nil { return nil, err } @@ -147,7 +147,7 @@ func (d *dockerService) ContainerStatus(ctx context.Context, r *runtimeapi.Conta } func (d *dockerService) ExecSync(ctx context.Context, r *runtimeapi.ExecSyncRequest) (*runtimeapi.ExecSyncResponse, error) { - stdout, stderr, err := d.runtimeService.ExecSync(r.GetContainerId(), r.GetCmd(), time.Duration(r.GetTimeout())*time.Second) + stdout, stderr, err := d.runtimeService.ExecSync(r.ContainerId, r.Cmd, time.Duration(r.Timeout)*time.Second) var exitCode int32 if err != nil { exitError, ok := err.(utilexec.ExitError) @@ -159,7 +159,7 @@ func (d *dockerService) ExecSync(ctx context.Context, r *runtimeapi.ExecSyncRequ return &runtimeapi.ExecSyncResponse{ Stdout: stdout, Stderr: stderr, - ExitCode: &exitCode, + ExitCode: exitCode, }, nil } @@ -204,7 +204,7 @@ func (d *dockerService) PullImage(ctx context.Context, r *runtimeapi.PullImageRe if err != nil { return nil, err } - return &runtimeapi.PullImageResponse{ImageRef: &image}, nil + return &runtimeapi.PullImageResponse{ImageRef: image}, nil } func (d *dockerService) RemoveImage(ctx context.Context, r *runtimeapi.RemoveImageRequest) (*runtimeapi.RemoveImageResponse, error) { diff --git a/pkg/kubelet/dockershim/security_context.go b/pkg/kubelet/dockershim/security_context.go index 29dcef52a48..b2203d6600d 100644 --- a/pkg/kubelet/dockershim/security_context.go +++ b/pkg/kubelet/dockershim/security_context.go @@ -69,10 +69,10 @@ func modifyContainerConfig(sc *runtimeapi.LinuxContainerSecurityContext, config return } if sc.RunAsUser != nil { - config.User = strconv.FormatInt(sc.GetRunAsUser(), 10) + config.User = strconv.FormatInt(sc.GetRunAsUser().Value, 10) } - if sc.RunAsUsername != nil { - config.User = sc.GetRunAsUsername() + if sc.RunAsUsername != "" { + config.User = sc.RunAsUsername } } @@ -88,24 +88,20 @@ func modifyHostConfig(sc *runtimeapi.LinuxContainerSecurityContext, hostConfig * } // Apply security context for the container. - if sc.Privileged != nil { - hostConfig.Privileged = sc.GetPrivileged() - } - if sc.ReadonlyRootfs != nil { - hostConfig.ReadonlyRootfs = sc.GetReadonlyRootfs() - } + hostConfig.Privileged = sc.Privileged + hostConfig.ReadonlyRootfs = sc.ReadonlyRootfs if sc.Capabilities != nil { - hostConfig.CapAdd = sc.GetCapabilities().GetAddCapabilities() - hostConfig.CapDrop = sc.GetCapabilities().GetDropCapabilities() + hostConfig.CapAdd = sc.GetCapabilities().AddCapabilities + hostConfig.CapDrop = sc.GetCapabilities().DropCapabilities } if sc.SelinuxOptions != nil { hostConfig.SecurityOpt = securitycontext.ModifySecurityOptions( hostConfig.SecurityOpt, &v1.SELinuxOptions{ - User: sc.SelinuxOptions.GetUser(), - Role: sc.SelinuxOptions.GetRole(), - Type: sc.SelinuxOptions.GetType(), - Level: sc.SelinuxOptions.GetLevel(), + User: sc.SelinuxOptions.User, + Role: sc.SelinuxOptions.Role, + Type: sc.SelinuxOptions.Type, + Level: sc.SelinuxOptions.Level, }, ) } @@ -114,22 +110,26 @@ func modifyHostConfig(sc *runtimeapi.LinuxContainerSecurityContext, hostConfig * // modifySandboxNamespaceOptions apply namespace options for sandbox func modifySandboxNamespaceOptions(nsOpts *runtimeapi.NamespaceOption, hostConfig *dockercontainer.HostConfig, networkPlugin network.NetworkPlugin) { modifyCommonNamespaceOptions(nsOpts, hostConfig) - modifyHostNetworkOptionForSandbox(nsOpts.GetHostNetwork(), networkPlugin, hostConfig) + modifyHostNetworkOptionForSandbox(nsOpts.HostNetwork, networkPlugin, hostConfig) } // modifyContainerNamespaceOptions apply namespace options for container func modifyContainerNamespaceOptions(nsOpts *runtimeapi.NamespaceOption, sandboxID string, hostConfig *dockercontainer.HostConfig) { + hostNetwork := false + if nsOpts != nil { + hostNetwork = nsOpts.HostNetwork + } modifyCommonNamespaceOptions(nsOpts, hostConfig) - modifyHostNetworkOptionForContainer(nsOpts.GetHostNetwork(), sandboxID, hostConfig) + modifyHostNetworkOptionForContainer(hostNetwork, sandboxID, hostConfig) } // modifyCommonNamespaceOptions apply common namespace options for sandbox and container func modifyCommonNamespaceOptions(nsOpts *runtimeapi.NamespaceOption, hostConfig *dockercontainer.HostConfig) { if nsOpts != nil { - if nsOpts.GetHostPid() { + if nsOpts.HostPid { hostConfig.PidMode = namespaceModeHost } - if nsOpts.GetHostIpc() { + if nsOpts.HostIpc { hostConfig.IpcMode = namespaceModeHost } } diff --git a/pkg/kubelet/dockershim/security_context_test.go b/pkg/kubelet/dockershim/security_context_test.go index f0e0f52ecc7..0397283aae3 100644 --- a/pkg/kubelet/dockershim/security_context_test.go +++ b/pkg/kubelet/dockershim/security_context_test.go @@ -30,7 +30,7 @@ import ( func TestModifyContainerConfig(t *testing.T) { var uid int64 = 123 - var username string = "testuser" + var username = "testuser" cases := []struct { name string @@ -40,7 +40,7 @@ func TestModifyContainerConfig(t *testing.T) { { name: "container.SecurityContext.RunAsUser set", sc: &runtimeapi.LinuxContainerSecurityContext{ - RunAsUser: &uid, + RunAsUser: &runtimeapi.Int64Value{Value: uid}, }, expected: &dockercontainer.Config{ User: strconv.FormatInt(uid, 10), @@ -49,7 +49,7 @@ func TestModifyContainerConfig(t *testing.T) { { name: "container.SecurityContext.RunAsUsername set", sc: &runtimeapi.LinuxContainerSecurityContext{ - RunAsUsername: &username, + RunAsUsername: username, }, expected: &dockercontainer.Config{ User: username, @@ -70,10 +70,9 @@ func TestModifyContainerConfig(t *testing.T) { } func TestModifyHostConfig(t *testing.T) { - priv := true setNetworkHC := &dockercontainer.HostConfig{} setPrivSC := &runtimeapi.LinuxContainerSecurityContext{} - setPrivSC.Privileged = &priv + setPrivSC.Privileged = true setPrivHC := &dockercontainer.HostConfig{ Privileged: true, } @@ -168,7 +167,7 @@ func TestModifyHostConfigAndNamespaceOptionsForContainer(t *testing.T) { sandboxID := "sandbox" sandboxNSMode := fmt.Sprintf("container:%v", sandboxID) setPrivSC := &runtimeapi.LinuxContainerSecurityContext{} - setPrivSC.Privileged = &priv + setPrivSC.Privileged = priv setPrivHC := &dockercontainer.HostConfig{ Privileged: true, IpcMode: dockercontainer.IpcMode(sandboxNSMode), @@ -235,7 +234,7 @@ func TestModifySandboxNamespaceOptions(t *testing.T) { { name: "NamespaceOption.HostNetwork", nsOpt: &runtimeapi.NamespaceOption{ - HostNetwork: &set, + HostNetwork: set, }, expected: &dockercontainer.HostConfig{ NetworkMode: namespaceModeHost, @@ -244,7 +243,7 @@ func TestModifySandboxNamespaceOptions(t *testing.T) { { name: "NamespaceOption.HostIpc", nsOpt: &runtimeapi.NamespaceOption{ - HostIpc: &set, + HostIpc: set, }, expected: &dockercontainer.HostConfig{ IpcMode: namespaceModeHost, @@ -254,7 +253,7 @@ func TestModifySandboxNamespaceOptions(t *testing.T) { { name: "NamespaceOption.HostPid", nsOpt: &runtimeapi.NamespaceOption{ - HostPid: &set, + HostPid: set, }, expected: &dockercontainer.HostConfig{ PidMode: namespaceModeHost, @@ -281,7 +280,7 @@ func TestModifyContainerNamespaceOptions(t *testing.T) { { name: "NamespaceOption.HostNetwork", nsOpt: &runtimeapi.NamespaceOption{ - HostNetwork: &set, + HostNetwork: set, }, expected: &dockercontainer.HostConfig{ NetworkMode: dockercontainer.NetworkMode(sandboxNSMode), @@ -292,7 +291,7 @@ func TestModifyContainerNamespaceOptions(t *testing.T) { { name: "NamespaceOption.HostIpc", nsOpt: &runtimeapi.NamespaceOption{ - HostIpc: &set, + HostIpc: set, }, expected: &dockercontainer.HostConfig{ NetworkMode: dockercontainer.NetworkMode(sandboxNSMode), @@ -302,7 +301,7 @@ func TestModifyContainerNamespaceOptions(t *testing.T) { { name: "NamespaceOption.HostPid", nsOpt: &runtimeapi.NamespaceOption{ - HostPid: &set, + HostPid: set, }, expected: &dockercontainer.HostConfig{ NetworkMode: dockercontainer.NetworkMode(sandboxNSMode), @@ -318,9 +317,8 @@ func TestModifyContainerNamespaceOptions(t *testing.T) { } func fullValidSecurityContext() *runtimeapi.LinuxContainerSecurityContext { - priv := true return &runtimeapi.LinuxContainerSecurityContext{ - Privileged: &priv, + Privileged: true, Capabilities: inputCapabilities(), SelinuxOptions: inputSELinuxOptions(), } @@ -340,10 +338,10 @@ func inputSELinuxOptions() *runtimeapi.SELinuxOption { level := "level" return &runtimeapi.SELinuxOption{ - User: &user, - Role: &role, - Type: &stype, - Level: &level, + User: user, + Role: role, + Type: stype, + Level: level, } }