kubelet/dockershim: update cri to protobuf v3

2025-07-29 22:46:12 +00:00 · 2017-01-20 09:55:37 +08:00 · 2017-01-20 09:55:37 +08:00 · d4bfcd1fda
commit d4bfcd1fda
parent e77e61b3bb
18 changed files with 246 additions and 245 deletions
--- a/pkg/kubelet/dockershim/BUILD
+++ b/pkg/kubelet/dockershim/BUILD
@ -49,7 +49,6 @@ go_library(
        "//vendor:github.com/docker/engine-api/types/versions",
        "//vendor:github.com/docker/go-connections/nat",
        "//vendor:github.com/golang/glog",
        "//vendor:github.com/golang/protobuf/proto",
    ],
 )
--- a/pkg/kubelet/dockershim/convert.go
+++ b/pkg/kubelet/dockershim/convert.go
@ -43,10 +43,10 @@ func imageToRuntimeAPIImage(image *dockertypes.Image) (*runtimeapi.Image, error)
 	size := uint64(image.VirtualSize)
 	return &runtimeapi.Image{
-		Id:          &image.ID,
+		Id:          image.ID,
 		RepoTags:    image.RepoTags,
 		RepoDigests: image.RepoDigests,
-		Size_:       &size,
+		Size_:       size,
 	}, nil
 }
@ -57,13 +57,17 @@ func imageInspectToRuntimeAPIImage(image *dockertypes.ImageInspect) (*runtimeapi
 	size := uint64(image.VirtualSize)
 	runtimeImage := &runtimeapi.Image{
-		Id:          &image.ID,
+		Id:          image.ID,
 		RepoTags:    image.RepoTags,
 		RepoDigests: image.RepoDigests,
-		Size_:       &size,
+		Size_:       size,
 	}
-	runtimeImage.Uid, runtimeImage.Username = getUserFromImageUser(image.Config.User)
+	uid, username := getUserFromImageUser(image.Config.User)
 	if uid != nil {
 		runtimeImage.Uid = &runtimeapi.Int64Value{Value: *uid}
 	}
 	runtimeImage.Username = username
 	return runtimeImage, nil
 }
@ -91,13 +95,13 @@ func toRuntimeAPIContainer(c *dockertypes.Container) (*runtimeapi.Container, err
 	// The timestamp in dockertypes.Container is in seconds.
 	createdAt := c.Created * int64(time.Second)
 	return &runtimeapi.Container{
-		Id:           &c.ID,
+		Id:           c.ID,
-		PodSandboxId: &sandboxID,
+		PodSandboxId: sandboxID,
 		Metadata:     metadata,
-		Image:        &runtimeapi.ImageSpec{Image: &c.Image},
+		Image:        &runtimeapi.ImageSpec{Image: c.Image},
-		ImageRef:     &c.ImageID,
+		ImageRef:     c.ImageID,
-		State:        &state,
+		State:        state,
-		CreatedAt:    &createdAt,
+		CreatedAt:    createdAt,
 		Labels:       labels,
 		Annotations:  annotations,
 	}, nil
@ -157,10 +161,10 @@ func toRuntimeAPISandbox(c *dockertypes.Container) (*runtimeapi.PodSandbox, erro
 	// The timestamp in dockertypes.Container is in seconds.
 	createdAt := c.Created * int64(time.Second)
 	return &runtimeapi.PodSandbox{
-		Id:          &c.ID,
+		Id:          c.ID,
 		Metadata:    metadata,
-		State:       &state,
+		State:       state,
-		CreatedAt:   &createdAt,
+		CreatedAt:   createdAt,
 		Labels:      labels,
 		Annotations: annotations,
 	}, nil
--- a/pkg/kubelet/dockershim/docker_container.go
+++ b/pkg/kubelet/dockershim/docker_container.go
@ -42,14 +42,14 @@ func (ds *dockerService) ListContainers(filter *runtimeapi.ContainerFilter) ([]*
 	f.AddLabel(containerTypeLabelKey, containerTypeLabelContainer)
 	if filter != nil {
-		if filter.Id != nil {
+		if filter.Id != "" {
-			f.Add("id", filter.GetId())
+			f.Add("id", filter.Id)
 		}
 		if filter.State != nil {
-			f.Add("status", toDockerContainerStatus(filter.GetState()))
+			f.Add("status", toDockerContainerStatus(filter.GetState().State))
 		}
-		if filter.PodSandboxId != nil {
+		if filter.PodSandboxId != "" {
-			f.AddLabel(sandboxIDLabelKey, *filter.PodSandboxId)
+			f.AddLabel(sandboxIDLabelKey, filter.PodSandboxId)
 		}
 		if filter.LabelSelector != nil {
@ -87,35 +87,35 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeapi
 		return "", fmt.Errorf("container config is nil")
 	}
 	if sandboxConfig == nil {
-		return "", fmt.Errorf("sandbox config is nil for container %q", config.Metadata.GetName())
+		return "", fmt.Errorf("sandbox config is nil for container %q", config.Metadata.Name)
 	}
 	labels := makeLabels(config.GetLabels(), config.GetAnnotations())
 	// Apply a the container type label.
 	labels[containerTypeLabelKey] = containerTypeLabelContainer
 	// Write the container log path in the labels.
-	labels[containerLogPathLabelKey] = filepath.Join(sandboxConfig.GetLogDirectory(), config.GetLogPath())
+	labels[containerLogPathLabelKey] = filepath.Join(sandboxConfig.LogDirectory, config.LogPath)
 	// Write the sandbox ID in the labels.
 	labels[sandboxIDLabelKey] = podSandboxID
 	image := ""
 	if iSpec := config.GetImage(); iSpec != nil {
-		image = iSpec.GetImage()
+		image = iSpec.Image
 	}
 	createConfig := dockertypes.ContainerCreateConfig{
 		Name: makeContainerName(sandboxConfig, config),
 		Config: &dockercontainer.Config{
 			// TODO: set User.
-			Entrypoint: dockerstrslice.StrSlice(config.GetCommand()),
+			Entrypoint: dockerstrslice.StrSlice(config.Command),
-			Cmd:        dockerstrslice.StrSlice(config.GetArgs()),
+			Cmd:        dockerstrslice.StrSlice(config.Args),
 			Env:        generateEnvList(config.GetEnvs()),
 			Image:      image,
-			WorkingDir: config.GetWorkingDir(),
+			WorkingDir: config.WorkingDir,
 			Labels:     labels,
 			// Interactive containers:
-			OpenStdin: config.GetStdin(),
+			OpenStdin: config.Stdin,
-			StdinOnce: config.GetStdinOnce(),
+			StdinOnce: config.StdinOnce,
-			Tty:       config.GetTty(),
+			Tty:       config.Tty,
 		},
 	}
@ -132,13 +132,13 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeapi
 		rOpts := lc.GetResources()
 		if rOpts != nil {
 			hc.Resources = dockercontainer.Resources{
-				Memory:     rOpts.GetMemoryLimitInBytes(),
+				Memory:     rOpts.MemoryLimitInBytes,
 				MemorySwap: dockertools.DefaultMemorySwap(),
-				CPUShares:  rOpts.GetCpuShares(),
+				CPUShares:  rOpts.CpuShares,
-				CPUQuota:   rOpts.GetCpuQuota(),
+				CPUQuota:   rOpts.CpuQuota,
-				CPUPeriod:  rOpts.GetCpuPeriod(),
+				CPUPeriod:  rOpts.CpuPeriod,
 			}
-			hc.OomScoreAdj = int(rOpts.GetOomScoreAdj())
+			hc.OomScoreAdj = int(rOpts.OomScoreAdj)
 		}
 		// Note: ShmSize is handled in kube_docker_client.go
@ -149,9 +149,9 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeapi
 	// Apply cgroupsParent derived from the sandbox config.
 	if lc := sandboxConfig.GetLinux(); lc != nil {
 		// Apply Cgroup options.
-		cgroupParent, err := ds.GenerateExpectedCgroupParent(lc.GetCgroupParent())
+		cgroupParent, err := ds.GenerateExpectedCgroupParent(lc.CgroupParent)
 		if err != nil {
-			return "", fmt.Errorf("failed to generate cgroup parent in expected syntax for container %q: %v", config.Metadata.GetName(), err)
+			return "", fmt.Errorf("failed to generate cgroup parent in expected syntax for container %q: %v", config.Metadata.Name, err)
 		}
 		hc.CgroupParent = cgroupParent
 	}
@ -160,17 +160,17 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeapi
 	devices := make([]dockercontainer.DeviceMapping, len(config.Devices))
 	for i, device := range config.Devices {
 		devices[i] = dockercontainer.DeviceMapping{
-			PathOnHost:        device.GetHostPath(),
+			PathOnHost:        device.HostPath,
-			PathInContainer:   device.GetContainerPath(),
+			PathInContainer:   device.ContainerPath,
-			CgroupPermissions: device.GetPermissions(),
+			CgroupPermissions: device.Permissions,
 		}
 	}
 	hc.Resources.Devices = devices
 	// Apply appArmor and seccomp options.
-	securityOpts, err := getContainerSecurityOpts(config.Metadata.GetName(), sandboxConfig, ds.seccompProfileRoot)
+	securityOpts, err := getContainerSecurityOpts(config.Metadata.Name, sandboxConfig, ds.seccompProfileRoot)
 	if err != nil {
-		return "", fmt.Errorf("failed to generate container security options for container %q: %v", config.Metadata.GetName(), err)
+		return "", fmt.Errorf("failed to generate container security options for container %q: %v", config.Metadata.Name, err)
 	}
 	hc.SecurityOpt = append(hc.SecurityOpt, securityOpts...)
@ -310,9 +310,9 @@ func (ds *dockerService) ContainerStatus(containerID string) (*runtimeapi.Contai
 		m := r.Mounts[i]
 		readonly := !m.RW
 		mounts = append(mounts, &runtimeapi.Mount{
-			HostPath:      &m.Source,
+			HostPath:      m.Source,
-			ContainerPath: &m.Destination,
+			ContainerPath: m.Destination,
-			Readonly:      &readonly,
+			Readonly:      readonly,
 			// Note: Can't set SeLinuxRelabel
 		})
 	}
@ -369,18 +369,18 @@ func (ds *dockerService) ContainerStatus(containerID string) (*runtimeapi.Contai
 		imageName = ir.RepoTags[0]
 	}
 	return &runtimeapi.ContainerStatus{
-		Id:          &r.ID,
+		Id:          r.ID,
 		Metadata:    metadata,
-		Image:       &runtimeapi.ImageSpec{Image: &imageName},
+		Image:       &runtimeapi.ImageSpec{Image: imageName},
-		ImageRef:    &imageID,
+		ImageRef:    imageID,
 		Mounts:      mounts,
-		ExitCode:    &exitCode,
+		ExitCode:    exitCode,
-		State:       &state,
+		State:       state,
-		CreatedAt:   &ct,
+		CreatedAt:   ct,
-		StartedAt:   &st,
+		StartedAt:   st,
-		FinishedAt:  &ft,
+		FinishedAt:  ft,
-		Reason:      &reason,
+		Reason:      reason,
-		Message:     &message,
+		Message:     message,
 		Labels:      labels,
 		Annotations: annotations,
 	}, nil
--- a/pkg/kubelet/dockershim/docker_container_test.go
+++ b/pkg/kubelet/dockershim/docker_container_test.go
@ -32,10 +32,10 @@ import (
 func makeContainerConfig(sConfig *runtimeapi.PodSandboxConfig, name, image string, attempt uint32, labels, annotations map[string]string) *runtimeapi.ContainerConfig {
 	return &runtimeapi.ContainerConfig{
 		Metadata: &runtimeapi.ContainerMetadata{
-			Name:    &name,
+			Name:    name,
-			Attempt: &attempt,
+			Attempt: attempt,
 		},
-		Image:       &runtimeapi.ImageSpec{Image: &image},
+		Image:       &runtimeapi.ImageSpec{Image: image},
 		Labels:      labels,
 		Annotations: annotations,
 	}
@ -77,12 +77,12 @@ func TestListContainers(t *testing.T) {
 		// the most recent containers first.
 		expected = append([]*runtimeapi.Container{{
 			Metadata:     configs[i].Metadata,
-			Id:           &id,
+			Id:           id,
-			PodSandboxId: &sandboxID,
+			PodSandboxId: sandboxID,
-			State:        &state,
+			State:        state,
-			CreatedAt:    &createdAt,
+			CreatedAt:    createdAt,
 			Image:        configs[i].Image,
-			ImageRef:     &imageRef,
+			ImageRef:     imageRef,
 			Labels:       configs[i].Labels,
 			Annotations:  configs[i].Annotations,
 		}}, expected...)
@ -112,16 +112,16 @@ func TestContainerStatus(t *testing.T) {
 	var reason, message string
 	expected := &runtimeapi.ContainerStatus{
-		State:       &state,
+		State:       state,
-		CreatedAt:   &ct,
+		CreatedAt:   ct,
-		StartedAt:   &st,
+		StartedAt:   st,
-		FinishedAt:  &ft,
+		FinishedAt:  ft,
 		Metadata:    config.Metadata,
 		Image:       config.Image,
-		ImageRef:    &imageRef,
+		ImageRef:    imageRef,
-		ExitCode:    &exitCode,
+		ExitCode:    exitCode,
-		Reason:      &reason,
+		Reason:      reason,
-		Message:     &message,
+		Message:     message,
 		Mounts:      []*runtimeapi.Mount{},
 		Labels:      config.Labels,
 		Annotations: config.Annotations,
@ -129,7 +129,7 @@ func TestContainerStatus(t *testing.T) {
 	// Create the container.
 	fClock.SetTime(time.Now().Add(-1 * time.Hour))
-	*expected.CreatedAt = fClock.Now().UnixNano()
+	expected.CreatedAt = fClock.Now().UnixNano()
 	const sandboxId = "sandboxid"
 	id, err := ds.CreateContainer(sandboxId, config, sConfig)
@ -140,7 +140,7 @@ func TestContainerStatus(t *testing.T) {
 	assert.Equal(t, c.Config.Labels[sandboxIDLabelKey], sandboxId)
 	// Set the id manually since we don't know the id until it's created.
-	expected.Id = &id
+	expected.Id = id
 	assert.NoError(t, err)
 	status, err := ds.ContainerStatus(id)
 	assert.NoError(t, err)
@ -148,8 +148,8 @@ func TestContainerStatus(t *testing.T) {
 	// Advance the clock and start the container.
 	fClock.SetTime(time.Now())
-	*expected.StartedAt = fClock.Now().UnixNano()
+	expected.StartedAt = fClock.Now().UnixNano()
-	*expected.State = runtimeapi.ContainerState_CONTAINER_RUNNING
+	expected.State = runtimeapi.ContainerState_CONTAINER_RUNNING
 	err = ds.StartContainer(id)
 	assert.NoError(t, err)
@ -158,9 +158,9 @@ func TestContainerStatus(t *testing.T) {
 	// Advance the clock and stop the container.
 	fClock.SetTime(time.Now().Add(1 * time.Hour))
-	*expected.FinishedAt = fClock.Now().UnixNano()
+	expected.FinishedAt = fClock.Now().UnixNano()
-	*expected.State = runtimeapi.ContainerState_CONTAINER_EXITED
+	expected.State = runtimeapi.ContainerState_CONTAINER_EXITED
-	*expected.Reason = "Completed"
+	expected.Reason = "Completed"
 	err = ds.StopContainer(id, 0)
 	assert.NoError(t, err)
@ -181,9 +181,9 @@ func TestContainerLogPath(t *testing.T) {
 	containerLogPath := "0"
 	kubeletContainerLogPath := filepath.Join(podLogPath, containerLogPath)
 	sConfig := makeSandboxConfig("foo", "bar", "1", 0)
-	sConfig.LogDirectory = &podLogPath
+	sConfig.LogDirectory = podLogPath
 	config := makeContainerConfig(sConfig, "pause", "iamimage", 0, nil, nil)
-	config.LogPath = &containerLogPath
+	config.LogPath = containerLogPath
 	const sandboxId = "sandboxid"
 	id, err := ds.CreateContainer(sandboxId, config, sConfig)
--- a/pkg/kubelet/dockershim/docker_image.go
+++ b/pkg/kubelet/dockershim/docker_image.go
@ -29,7 +29,7 @@ func (ds *dockerService) ListImages(filter *runtimeapi.ImageFilter) ([]*runtimea
 	opts := dockertypes.ImageListOptions{}
 	if filter != nil {
 		if imgSpec := filter.GetImage(); imgSpec != nil {
-			opts.MatchName = imgSpec.GetImage()
+			opts.MatchName = imgSpec.Image
 		}
 	}
@ -52,7 +52,7 @@ func (ds *dockerService) ListImages(filter *runtimeapi.ImageFilter) ([]*runtimea
 // ImageStatus returns the status of the image, returns nil if the image doesn't present.
 func (ds *dockerService) ImageStatus(image *runtimeapi.ImageSpec) (*runtimeapi.Image, error) {
-	imageInspect, err := ds.client.InspectImageByRef(image.GetImage())
+	imageInspect, err := ds.client.InspectImageByRef(image.Image)
 	if err != nil {
 		if dockertools.IsImageNotFoundError(err) {
 			return nil, nil
@ -64,21 +64,23 @@ func (ds *dockerService) ImageStatus(image *runtimeapi.ImageSpec) (*runtimeapi.I
 // PullImage pulls an image with authentication config.
 func (ds *dockerService) PullImage(image *runtimeapi.ImageSpec, auth *runtimeapi.AuthConfig) (string, error) {
-	err := ds.client.PullImage(image.GetImage(),
+	authConfig := dockertypes.AuthConfig{}
-		dockertypes.AuthConfig{
+	if auth != nil {
-			Username:      auth.GetUsername(),
+		authConfig.Username = auth.Username
-			Password:      auth.GetPassword(),
+		authConfig.Password = auth.Password
-			ServerAddress: auth.GetServerAddress(),
+		authConfig.ServerAddress = auth.ServerAddress
-			IdentityToken: auth.GetIdentityToken(),
+		authConfig.IdentityToken = auth.IdentityToken
-			RegistryToken: auth.GetRegistryToken(),
+		authConfig.RegistryToken = auth.RegistryToken
-		},
+	}
 	err := ds.client.PullImage(image.Image,
 		authConfig,
 		dockertypes.ImagePullOptions{},
 	)
 	if err != nil {
 		return "", err
 	}
-	return dockertools.GetImageRef(ds.client, image.GetImage())
+	return dockertools.GetImageRef(ds.client, image.Image)
 }
 // RemoveImage removes the image.
@ -86,7 +88,7 @@ func (ds *dockerService) RemoveImage(image *runtimeapi.ImageSpec) error {
 	// If the image has multiple tags, we need to remove all the tags
 	// TODO: We assume image.Image is image ID here, which is true in the current implementation
 	// of kubelet, but we should still clarify this in CRI.
-	imageInspect, err := ds.client.InspectImageByID(image.GetImage())
+	imageInspect, err := ds.client.InspectImageByID(image.Image)
 	if err == nil && imageInspect != nil && len(imageInspect.RepoTags) > 1 {
 		for _, tag := range imageInspect.RepoTags {
 			if _, err := ds.client.RemoveImage(tag, dockertypes.ImageRemoveOptions{PruneChildren: true}); err != nil {
@ -96,6 +98,6 @@ func (ds *dockerService) RemoveImage(image *runtimeapi.ImageSpec) error {
 		return nil
 	}
-	_, err = ds.client.RemoveImage(image.GetImage(), dockertypes.ImageRemoveOptions{PruneChildren: true})
+	_, err = ds.client.RemoveImage(image.Image, dockertypes.ImageRemoveOptions{PruneChildren: true})
 	return err
 }
--- a/pkg/kubelet/dockershim/docker_image_test.go
+++ b/pkg/kubelet/dockershim/docker_image_test.go
@ -29,7 +29,7 @@ func TestRemoveImage(t *testing.T) {
 	ds, fakeDocker, _ := newTestDockerService()
 	id := "1111"
 	fakeDocker.Image = &dockertypes.ImageInspect{ID: id, RepoTags: []string{"foo"}}
-	ds.RemoveImage(&runtimeapi.ImageSpec{Image: &id})
+	ds.RemoveImage(&runtimeapi.ImageSpec{Image: id})
 	fakeDocker.AssertCallDetails(dockertools.NewCalledDetail("inspect_image", nil),
 		dockertools.NewCalledDetail("remove_image", []interface{}{id, dockertypes.ImageRemoveOptions{PruneChildren: true}}))
 }
@ -38,7 +38,7 @@ func TestRemoveImageWithMultipleTags(t *testing.T) {
 	ds, fakeDocker, _ := newTestDockerService()
 	id := "1111"
 	fakeDocker.Image = &dockertypes.ImageInspect{ID: id, RepoTags: []string{"foo", "bar"}}
-	ds.RemoveImage(&runtimeapi.ImageSpec{Image: &id})
+	ds.RemoveImage(&runtimeapi.ImageSpec{Image: id})
 	fakeDocker.AssertCallDetails(dockertools.NewCalledDetail("inspect_image", nil),
 		dockertools.NewCalledDetail("remove_image", []interface{}{"foo", dockertypes.ImageRemoveOptions{PruneChildren: true}}),
 		dockertools.NewCalledDetail("remove_image", []interface{}{"bar", dockertypes.ImageRemoveOptions{PruneChildren: true}}))
--- a/pkg/kubelet/dockershim/docker_sandbox.go
+++ b/pkg/kubelet/dockershim/docker_sandbox.go
@ -66,13 +66,13 @@ func (ds *dockerService) RunPodSandbox(config *runtimeapi.PodSandboxConfig) (str
 	// Step 2: Create the sandbox container.
 	createConfig, err := ds.makeSandboxDockerConfig(config, image)
 	if err != nil {
-		return "", fmt.Errorf("failed to make sandbox docker config for pod %q: %v", config.Metadata.GetName(), err)
+		return "", fmt.Errorf("failed to make sandbox docker config for pod %q: %v", config.Metadata.Name, err)
 	}
 	createResp, err := ds.client.CreateContainer(*createConfig)
 	recoverFromConflictIfNeeded(ds.client, err)
 	if err != nil || createResp == nil {
-		return "", fmt.Errorf("failed to create a sandbox for pod %q: %v", config.Metadata.GetName(), err)
+		return "", fmt.Errorf("failed to create a sandbox for pod %q: %v", config.Metadata.Name, err)
 	}
 	// Step 3: Start the sandbox container.
@ -80,9 +80,9 @@ func (ds *dockerService) RunPodSandbox(config *runtimeapi.PodSandboxConfig) (str
 	// startContainer failed.
 	err = ds.client.StartContainer(createResp.ID)
 	if err != nil {
-		return createResp.ID, fmt.Errorf("failed to start sandbox container for pod %q: %v", config.Metadata.GetName(), err)
+		return createResp.ID, fmt.Errorf("failed to start sandbox container for pod %q: %v", config.Metadata.Name, err)
 	}
-	if config.GetLinux().GetSecurityContext().GetNamespaceOptions().GetHostNetwork() {
+	if nsOptions := config.GetLinux().GetSecurityContext().GetNamespaceOptions(); nsOptions != nil && nsOptions.HostNetwork {
 		return createResp.ID, nil
 	}
@ -94,7 +94,7 @@ func (ds *dockerService) RunPodSandbox(config *runtimeapi.PodSandboxConfig) (str
 	// on the host as well, to satisfy parts of the pod spec that aren't
 	// recognized by the CNI standard yet.
 	cID := kubecontainer.BuildContainerID(runtimeName, createResp.ID)
-	err = ds.networkPlugin.SetUpPod(config.GetMetadata().GetNamespace(), config.GetMetadata().GetName(), cID)
+	err = ds.networkPlugin.SetUpPod(config.GetMetadata().Namespace, config.GetMetadata().Name, cID)
 	// TODO: Do we need to teardown on failure or can we rely on a StopPodSandbox call with the given ID?
 	return createResp.ID, err
 }
@ -109,16 +109,16 @@ func (ds *dockerService) StopPodSandbox(podSandboxID string) error {
 	if err != nil {
 		return fmt.Errorf("Failed to get sandbox status: %v", err)
 	}
-	if !status.GetLinux().GetNamespaces().GetOptions().GetHostNetwork() {
+	if nsOpts := status.GetLinux().GetNamespaces().GetOptions(); nsOpts != nil && !nsOpts.HostNetwork {
 		m := status.GetMetadata()
 		cID := kubecontainer.BuildContainerID(runtimeName, podSandboxID)
-		if err := ds.networkPlugin.TearDownPod(m.GetNamespace(), m.GetName(), cID); err != nil {
+		if err := ds.networkPlugin.TearDownPod(m.Namespace, m.Name, cID); err != nil {
 			// TODO: Figure out a way to retry this error. We can't
 			// right now because the plugin throws errors when it doesn't find
 			// eth0, which might not exist for various reasons (setup failed,
 			// conf changed etc). In theory, it should teardown everything else
 			// so there's no need to retry.
-			glog.Errorf("Failed to teardown sandbox %v for pod %v/%v: %v", m.GetNamespace(), m.GetName(), podSandboxID, err)
+			glog.Errorf("Failed to teardown sandbox %v for pod %v/%v: %v", m.Namespace, m.Name, podSandboxID, err)
 		}
 	}
 	return ds.client.StopContainer(podSandboxID, defaultSandboxGracePeriod)
@ -138,12 +138,12 @@ func (ds *dockerService) getIPFromPlugin(sandbox *dockertypes.ContainerJSON) (st
 	if err != nil {
 		return "", err
 	}
-	msg := fmt.Sprintf("Couldn't find network status for %s/%s through plugin", *metadata.Namespace, *metadata.Name)
+	msg := fmt.Sprintf("Couldn't find network status for %s/%s through plugin", metadata.Namespace, metadata.Name)
 	if sharesHostNetwork(sandbox) {
 		return "", fmt.Errorf("%v: not responsible for host-network sandboxes", msg)
 	}
 	cID := kubecontainer.BuildContainerID(runtimeName, sandbox.ID)
-	networkStatus, err := ds.networkPlugin.GetPodNetworkStatus(*metadata.Namespace, *metadata.Name, cID)
+	networkStatus, err := ds.networkPlugin.GetPodNetworkStatus(metadata.Namespace, metadata.Name, cID)
 	if err != nil {
 		// This might be a sandbox that somehow ended up without a default
 		// interface (eth0). We can't distinguish this from a more serious
@ -203,7 +203,7 @@ func (ds *dockerService) PodSandboxStatus(podSandboxID string) (*runtimeapi.PodS
 	if err != nil {
 		return nil, err
 	}
-	network := &runtimeapi.PodSandboxNetworkStatus{Ip: &IP}
+	network := &runtimeapi.PodSandboxNetworkStatus{Ip: IP}
 	netNS := getNetworkNamespace(r)
 	metadata, err := parseSandboxName(r.Name)
@ -213,18 +213,18 @@ func (ds *dockerService) PodSandboxStatus(podSandboxID string) (*runtimeapi.PodS
 	hostNetwork := sharesHostNetwork(r)
 	labels, annotations := extractLabels(r.Config.Labels)
 	return &runtimeapi.PodSandboxStatus{
-		Id:          &r.ID,
+		Id:          r.ID,
-		State:       &state,
+		State:       state,
-		CreatedAt:   &ct,
+		CreatedAt:   ct,
 		Metadata:    metadata,
 		Labels:      labels,
 		Annotations: annotations,
 		Network:     network,
 		Linux: &runtimeapi.LinuxPodSandboxStatus{
 			Namespaces: &runtimeapi.Namespace{
-				Network: &netNS,
+				Network: netNS,
 				Options: &runtimeapi.NamespaceOption{
-					HostNetwork: &hostNetwork,
+					HostNetwork: hostNetwork,
 				},
 			},
 		},
@ -243,11 +243,11 @@ func (ds *dockerService) ListPodSandbox(filter *runtimeapi.PodSandboxFilter) ([]
 	f.AddLabel(containerTypeLabelKey, containerTypeLabelSandbox)
 	if filter != nil {
-		if filter.Id != nil {
+		if filter.Id != "" {
-			f.Add("id", filter.GetId())
+			f.Add("id", filter.Id)
 		}
 		if filter.State != nil {
-			if filter.GetState() == runtimeapi.PodSandboxState_SANDBOX_READY {
+			if filter.GetState().State == runtimeapi.PodSandboxState_SANDBOX_READY {
 				// Only list running containers.
 				opts.All = false
 			} else {
@ -280,7 +280,7 @@ func (ds *dockerService) ListPodSandbox(filter *runtimeapi.PodSandboxFilter) ([]
 			glog.V(4).Infof("Unable to convert docker to runtime API sandbox: %v", err)
 			continue
 		}
-		if filterOutReadySandboxes && converted.GetState() == runtimeapi.PodSandboxState_SANDBOX_READY {
+		if filterOutReadySandboxes && converted.State == runtimeapi.PodSandboxState_SANDBOX_READY {
 			continue
 		}
@ -292,7 +292,7 @@ func (ds *dockerService) ListPodSandbox(filter *runtimeapi.PodSandboxFilter) ([]
 // applySandboxLinuxOptions applies LinuxPodSandboxConfig to dockercontainer.HostConfig and dockercontainer.ContainerCreateConfig.
 func (ds *dockerService) applySandboxLinuxOptions(hc *dockercontainer.HostConfig, lc *runtimeapi.LinuxPodSandboxConfig, createConfig *dockertypes.ContainerCreateConfig, image string) error {
 	// Apply Cgroup options.
-	cgroupParent, err := ds.GenerateExpectedCgroupParent(lc.GetCgroupParent())
+	cgroupParent, err := ds.GenerateExpectedCgroupParent(lc.CgroupParent)
 	if err != nil {
 		return err
 	}
@ -317,7 +317,7 @@ func (ds *dockerService) makeSandboxDockerConfig(c *runtimeapi.PodSandboxConfig,
 	createConfig := &dockertypes.ContainerCreateConfig{
 		Name: makeSandboxName(c),
 		Config: &dockercontainer.Config{
-			Hostname: c.GetHostname(),
+			Hostname: c.Hostname,
 			// TODO: Handle environment variables.
 			Image:  image,
 			Labels: labels,
@ -328,7 +328,7 @@ func (ds *dockerService) makeSandboxDockerConfig(c *runtimeapi.PodSandboxConfig,
 	// Set sysctls if requested
 	sysctls, err := getSysctlsFromAnnotations(c.Annotations)
 	if err != nil {
-		return nil, fmt.Errorf("failed to get sysctls from annotations %v for sandbox %q: %v", c.Annotations, c.Metadata.GetName(), err)
+		return nil, fmt.Errorf("failed to get sysctls from annotations %v for sandbox %q: %v", c.Annotations, c.Metadata.Name, err)
 	}
 	hc.Sysctls = sysctls
@ -346,9 +346,9 @@ func (ds *dockerService) makeSandboxDockerConfig(c *runtimeapi.PodSandboxConfig,
 	// Set DNS options.
 	if dnsConfig := c.GetDnsConfig(); dnsConfig != nil {
-		hc.DNS = dnsConfig.GetServers()
+		hc.DNS = dnsConfig.Servers
-		hc.DNSSearch = dnsConfig.GetSearches()
+		hc.DNSSearch = dnsConfig.Searches
-		hc.DNSOptions = dnsConfig.GetOptions()
+		hc.DNSOptions = dnsConfig.Options
 	}
 	// Apply resource options.
@ -357,7 +357,7 @@ func (ds *dockerService) makeSandboxDockerConfig(c *runtimeapi.PodSandboxConfig,
 	// Set security options.
 	securityOpts, err := getSandboxSecurityOpts(c, ds.seccompProfileRoot)
 	if err != nil {
-		return nil, fmt.Errorf("failed to generate sandbox security options for sandbox %q: %v", c.Metadata.GetName(), err)
+		return nil, fmt.Errorf("failed to generate sandbox security options for sandbox %q: %v", c.Metadata.Name, err)
 	}
 	hc.SecurityOpt = append(hc.SecurityOpt, securityOpts...)
 	return createConfig, nil
--- a/pkg/kubelet/dockershim/docker_sandbox_test.go
+++ b/pkg/kubelet/dockershim/docker_sandbox_test.go
@ -37,10 +37,10 @@ func makeSandboxConfig(name, namespace, uid string, attempt uint32) *runtimeapi.
 func makeSandboxConfigWithLabelsAndAnnotations(name, namespace, uid string, attempt uint32, labels, annotations map[string]string) *runtimeapi.PodSandboxConfig {
 	return &runtimeapi.PodSandboxConfig{
 		Metadata: &runtimeapi.PodSandboxMetadata{
-			Name:      &name,
+			Name:      name,
-			Namespace: &namespace,
+			Namespace: namespace,
-			Uid:       &uid,
+			Uid:       uid,
-			Attempt:   &attempt,
+			Attempt:   attempt,
 		},
 		Labels:      labels,
 		Annotations: annotations,
@ -72,9 +72,9 @@ func TestListSandboxes(t *testing.T) {
 		// the most recent sandbox first.
 		expected = append([]*runtimeapi.PodSandbox{{
 			Metadata:    configs[i].Metadata,
-			Id:          &id,
+			Id:          id,
-			State:       &state,
+			State:       state,
-			CreatedAt:   &createdAt,
+			CreatedAt:   createdAt,
 			Labels:      configs[i].Labels,
 			Annotations: configs[i].Annotations,
 		}}, expected...)
@ -102,18 +102,18 @@ func TestSandboxStatus(t *testing.T) {
 	ct := int64(0)
 	hostNetwork := false
 	expected := &runtimeapi.PodSandboxStatus{
-		State:       &state,
+		State:       state,
-		CreatedAt:   &ct,
+		CreatedAt:   ct,
 		Metadata:    config.Metadata,
-		Network:     &runtimeapi.PodSandboxNetworkStatus{Ip: &fakeIP},
+		Network:     &runtimeapi.PodSandboxNetworkStatus{Ip: fakeIP},
-		Linux:       &runtimeapi.LinuxPodSandboxStatus{Namespaces: &runtimeapi.Namespace{Network: &fakeNS, Options: &runtimeapi.NamespaceOption{HostNetwork: &hostNetwork}}},
+		Linux:       &runtimeapi.LinuxPodSandboxStatus{Namespaces: &runtimeapi.Namespace{Network: fakeNS, Options: &runtimeapi.NamespaceOption{HostNetwork: hostNetwork}}},
 		Labels:      labels,
 		Annotations: annotations,
 	}
 	// Create the sandbox.
 	fClock.SetTime(time.Now())
-	*expected.CreatedAt = fClock.Now().UnixNano()
+	expected.CreatedAt = fClock.Now().UnixNano()
 	id, err := ds.RunPodSandbox(config)
 	// Check internal labels
@ -122,13 +122,13 @@ func TestSandboxStatus(t *testing.T) {
 	assert.Equal(t, c.Config.Labels[containerTypeLabelKey], containerTypeLabelSandbox)
 	assert.Equal(t, c.Config.Labels[types.KubernetesContainerNameLabel], sandboxContainerName)
-	expected.Id = &id // ID is only known after the creation.
+	expected.Id = id // ID is only known after the creation.
 	status, err := ds.PodSandboxStatus(id)
 	assert.NoError(t, err)
 	assert.Equal(t, expected, status)
 	// Stop the sandbox.
-	*expected.State = runtimeapi.PodSandboxState_SANDBOX_NOTREADY
+	expected.State = runtimeapi.PodSandboxState_SANDBOX_NOTREADY
 	err = ds.StopPodSandbox(id)
 	assert.NoError(t, err)
 	status, err = ds.PodSandboxStatus(id)
@ -189,7 +189,7 @@ func TestHostNetworkPluginInvocation(t *testing.T) {
 	c.Linux = &runtimeapi.LinuxPodSandboxConfig{
 		SecurityContext: &runtimeapi.LinuxSandboxSecurityContext{
 			NamespaceOptions: &runtimeapi.NamespaceOption{
-				HostNetwork: &hostNetwork,
+				HostNetwork: hostNetwork,
 			},
 		},
 	}
--- a/pkg/kubelet/dockershim/docker_service.go
+++ b/pkg/kubelet/dockershim/docker_service.go
@ -21,7 +21,6 @@ import (
 	"net/http"
 	"github.com/golang/glog"
 	"github.com/golang/protobuf/proto"
 	"k8s.io/kubernetes/pkg/apis/componentconfig"
 	internalapi "k8s.io/kubernetes/pkg/kubelet/api"
@ -191,10 +190,10 @@ func (ds *dockerService) Version(_ string) (*runtimeapi.VersionResponse, error)
 	// suffix to remedy this.
 	apiVersion := fmt.Sprintf("%s.0", v.APIVersion)
 	return &runtimeapi.VersionResponse{
-		Version:           &runtimeAPIVersion,
+		Version:           runtimeAPIVersion,
-		RuntimeName:       &name,
+		RuntimeName:       name,
-		RuntimeVersion:    &v.Version,
+		RuntimeVersion:    v.Version,
-		RuntimeApiVersion: &apiVersion,
+		RuntimeApiVersion: apiVersion,
 	}, nil
 }
@ -204,9 +203,9 @@ func (ds *dockerService) UpdateRuntimeConfig(runtimeConfig *runtimeapi.RuntimeCo
 		return
 	}
 	glog.Infof("docker cri received runtime config %+v", runtimeConfig)
-	if ds.networkPlugin != nil && runtimeConfig.NetworkConfig.PodCidr != nil {
+	if ds.networkPlugin != nil && runtimeConfig.NetworkConfig.PodCidr != "" {
 		event := make(map[string]interface{})
-		event[network.NET_PLUGIN_EVENT_POD_CIDR_CHANGE_DETAIL_CIDR] = *runtimeConfig.NetworkConfig.PodCidr
+		event[network.NET_PLUGIN_EVENT_POD_CIDR_CHANGE_DETAIL_CIDR] = runtimeConfig.NetworkConfig.PodCidr
 		ds.networkPlugin.Event(network.NET_PLUGIN_EVENT_POD_CIDR_CHANGE, event)
 	}
 	return
@ -246,23 +245,23 @@ func (ds *dockerService) Start() error {
 // TODO(random-liu): Set network condition accordingly here.
 func (ds *dockerService) Status() (*runtimeapi.RuntimeStatus, error) {
 	runtimeReady := &runtimeapi.RuntimeCondition{
-		Type:   proto.String(runtimeapi.RuntimeReady),
+		Type:   runtimeapi.RuntimeReady,
-		Status: proto.Bool(true),
+		Status: true,
 	}
 	networkReady := &runtimeapi.RuntimeCondition{
-		Type:   proto.String(runtimeapi.NetworkReady),
+		Type:   runtimeapi.NetworkReady,
-		Status: proto.Bool(true),
+		Status: true,
 	}
 	conditions := []*runtimeapi.RuntimeCondition{runtimeReady, networkReady}
 	if _, err := ds.client.Version(); err != nil {
-		runtimeReady.Status = proto.Bool(false)
+		runtimeReady.Status = false
-		runtimeReady.Reason = proto.String("DockerDaemonNotReady")
+		runtimeReady.Reason = "DockerDaemonNotReady"
-		runtimeReady.Message = proto.String(fmt.Sprintf("docker: failed to get docker version: %v", err))
+		runtimeReady.Message = fmt.Sprintf("docker: failed to get docker version: %v", err)
 	}
 	if err := ds.networkPlugin.Status(); err != nil {
-		networkReady.Status = proto.Bool(false)
+		networkReady.Status = false
-		networkReady.Reason = proto.String("NetworkPluginNotReady")
+		networkReady.Reason = "NetworkPluginNotReady"
-		networkReady.Message = proto.String(fmt.Sprintf("docker: network plugin is not ready: %v", err))
+		networkReady.Message = fmt.Sprintf("docker: network plugin is not ready: %v", err)
 	}
 	return &runtimeapi.RuntimeStatus{Conditions: conditions}, nil
 }
--- a/pkg/kubelet/dockershim/docker_service_test.go
+++ b/pkg/kubelet/dockershim/docker_service_test.go
@ -53,8 +53,8 @@ func TestStatus(t *testing.T) {
 		assert.Equal(t, len(expected), len(conditions))
 		for k, v := range expected {
 			for _, c := range conditions {
-				if k == c.GetType() {
+				if k == c.Type {
-					assert.Equal(t, v, c.GetStatus())
+					assert.Equal(t, v, c.Status)
 				}
 			}
 		}
--- a/pkg/kubelet/dockershim/docker_streaming.go
+++ b/pkg/kubelet/dockershim/docker_streaming.go
@ -86,7 +86,7 @@ func (ds *dockerService) Exec(req *runtimeapi.ExecRequest) (*runtimeapi.ExecResp
 	if ds.streamingServer == nil {
 		return nil, streaming.ErrorStreamingDisabled("exec")
 	}
-	_, err := checkContainerStatus(ds.client, req.GetContainerId())
+	_, err := checkContainerStatus(ds.client, req.ContainerId)
 	if err != nil {
 		return nil, err
 	}
@ -98,7 +98,7 @@ func (ds *dockerService) Attach(req *runtimeapi.AttachRequest) (*runtimeapi.Atta
 	if ds.streamingServer == nil {
 		return nil, streaming.ErrorStreamingDisabled("attach")
 	}
-	_, err := checkContainerStatus(ds.client, req.GetContainerId())
+	_, err := checkContainerStatus(ds.client, req.ContainerId)
 	if err != nil {
 		return nil, err
 	}
@ -110,7 +110,7 @@ func (ds *dockerService) PortForward(req *runtimeapi.PortForwardRequest) (*runti
 	if ds.streamingServer == nil {
 		return nil, streaming.ErrorStreamingDisabled("port forward")
 	}
-	_, err := checkContainerStatus(ds.client, req.GetPodSandboxId())
+	_, err := checkContainerStatus(ds.client, req.PodSandboxId)
 	if err != nil {
 		return nil, err
 	}
--- a/pkg/kubelet/dockershim/helpers.go
+++ b/pkg/kubelet/dockershim/helpers.go
@ -64,7 +64,7 @@ func (v apiVersion) Compare(other string) (int, error) {
 // '<key>=<value>', which can be understood by docker.
 func generateEnvList(envs []*runtimeapi.KeyValue) (result []string) {
 	for _, env := range envs {
-		result = append(result, fmt.Sprintf("%s=%s", env.GetKey(), env.GetValue()))
+		result = append(result, fmt.Sprintf("%s=%s", env.Key, env.Value))
 	}
 	return
 }
@ -129,8 +129,8 @@ func extractLabels(input map[string]string) (map[string]string, map[string]strin
 // relabeling and the pod provides an SELinux label
 func generateMountBindings(mounts []*runtimeapi.Mount) (result []string) {
 	for _, m := range mounts {
-		bind := fmt.Sprintf("%s:%s", m.GetHostPath(), m.GetContainerPath())
+		bind := fmt.Sprintf("%s:%s", m.HostPath, m.ContainerPath)
-		readOnly := m.GetReadonly()
+		readOnly := m.Readonly
 		if readOnly {
 			bind += ":ro"
 		}
@ -138,7 +138,7 @@ func generateMountBindings(mounts []*runtimeapi.Mount) (result []string) {
 		// does not provide an SELinux context relabeling will label the volume with
 		// the container's randomly allocated MCS label. This would restrict access
 		// to the volume to the container which mounts it first.
-		if m.GetSelinuxRelabel() {
+		if m.SelinuxRelabel {
 			if readOnly {
 				bind += ",Z"
 			} else {
@ -154,16 +154,16 @@ func makePortsAndBindings(pm []*runtimeapi.PortMapping) (map[dockernat.Port]stru
 	exposedPorts := map[dockernat.Port]struct{}{}
 	portBindings := map[dockernat.Port][]dockernat.PortBinding{}
 	for _, port := range pm {
-		exteriorPort := port.GetHostPort()
+		exteriorPort := port.HostPort
 		if exteriorPort == 0 {
 			// No need to do port binding when HostPort is not specified
 			continue
 		}
-		interiorPort := port.GetContainerPort()
+		interiorPort := port.ContainerPort
 		// Some of this port stuff is under-documented voodoo.
 		// See http://stackoverflow.com/questions/20428302/binding-a-port-to-a-host-interface-using-the-rest-api
 		var protocol string
-		switch strings.ToUpper(string(port.GetProtocol())) {
+		switch strings.ToUpper(string(port.Protocol)) {
 		case "UDP":
 			protocol = "/udp"
 		case "TCP":
@ -178,7 +178,7 @@ func makePortsAndBindings(pm []*runtimeapi.PortMapping) (map[dockernat.Port]stru
 		hostBinding := dockernat.PortBinding{
 			HostPort: strconv.Itoa(int(exteriorPort)),
-			HostIP:   port.GetHostIp(),
+			HostIP:   port.HostIp,
 		}
 		// Allow multiple host ports bind to same docker port
@ -272,20 +272,20 @@ func (f *dockerFilter) AddLabel(key, value string) {
 // getUserFromImageUser gets uid or user name of the image user.
 // If user is numeric, it will be treated as uid; or else, it is treated as user name.
-func getUserFromImageUser(imageUser string) (*int64, *string) {
+func getUserFromImageUser(imageUser string) (*int64, string) {
 	user := dockertools.GetUserFromImageUser(imageUser)
 	// return both nil if user is not specified in the image.
 	if user == "" {
-		return nil, nil
+		return nil, ""
 	}
 	// user could be either uid or user name. Try to interpret as numeric uid.
 	uid, err := strconv.ParseInt(user, 10, 64)
 	if err != nil {
 		// If user is non numeric, assume it's user name.
-		return nil, &user
+		return nil, user
 	}
 	// If user is a numeric uid.
-	return &uid, nil
+	return &uid, ""
 }
 // See #33189. If the previous attempt to create a sandbox container name FOO
--- a/pkg/kubelet/dockershim/helpers_test.go
+++ b/pkg/kubelet/dockershim/helpers_test.go
@ -192,11 +192,10 @@ func TestGetSystclsFromAnnotations(t *testing.T) {
 // TestGetUserFromImageUser tests the logic of getting image uid or user name of image user.
 func TestGetUserFromImageUser(t *testing.T) {
 	newI64 := func(i int64) *int64 { return &i }
 	newStr := func(s string) *string { return &s }
 	for c, test := range map[string]struct {
 		user string
 		uid  *int64
-		name *string
+		name string
 	}{
 		"no gid": {
 			user: "0",
@ -215,11 +214,11 @@ func TestGetUserFromImageUser(t *testing.T) {
 		},
 		"root username": {
 			user: "root:root",
-			name: newStr("root"),
+			name: "root",
 		},
 		"username": {
 			user: "test:test",
-			name: newStr("test"),
+			name: "test",
 		},
 	} {
 		t.Logf("TestCase - %q", c)
--- a/pkg/kubelet/dockershim/naming.go
+++ b/pkg/kubelet/dockershim/naming.go
@ -57,23 +57,23 @@ const (
 func makeSandboxName(s *runtimeapi.PodSandboxConfig) string {
 	return strings.Join([]string{
-		kubePrefix,                                 // 0
+		kubePrefix,                            // 0
-		sandboxContainerName,                       // 1
+		sandboxContainerName,                  // 1
-		s.Metadata.GetName(),                       // 2
+		s.Metadata.Name,                       // 2
-		s.Metadata.GetNamespace(),                  // 3
+		s.Metadata.Namespace,                  // 3
-		s.Metadata.GetUid(),                        // 4
+		s.Metadata.Uid,                        // 4
-		fmt.Sprintf("%d", s.Metadata.GetAttempt()), // 5
+		fmt.Sprintf("%d", s.Metadata.Attempt), // 5
 	}, nameDelimiter)
 }
 func makeContainerName(s *runtimeapi.PodSandboxConfig, c *runtimeapi.ContainerConfig) string {
 	return strings.Join([]string{
-		kubePrefix,                                 // 0
+		kubePrefix,                            // 0
-		c.Metadata.GetName(),                       // 1:
+		c.Metadata.Name,                       // 1:
-		s.Metadata.GetName(),                       // 2: sandbox name
+		s.Metadata.Name,                       // 2: sandbox name
-		s.Metadata.GetNamespace(),                  // 3: sandbox namesapce
+		s.Metadata.Namespace,                  // 3: sandbox namesapce
-		s.Metadata.GetUid(),                        // 4  sandbox uid
+		s.Metadata.Uid,                        // 4  sandbox uid
-		fmt.Sprintf("%d", c.Metadata.GetAttempt()), // 5
+		fmt.Sprintf("%d", c.Metadata.Attempt), // 5
 	}, nameDelimiter)
 }
@ -105,10 +105,10 @@ func parseSandboxName(name string) (*runtimeapi.PodSandboxMetadata, error) {
 	}
 	return &runtimeapi.PodSandboxMetadata{
-		Name:      &parts[2],
+		Name:      parts[2],
-		Namespace: &parts[3],
+		Namespace: parts[3],
-		Uid:       &parts[4],
+		Uid:       parts[4],
-		Attempt:   &attempt,
+		Attempt:   attempt,
 	}, nil
 }
@ -131,7 +131,7 @@ func parseContainerName(name string) (*runtimeapi.ContainerMetadata, error) {
 	}
 	return &runtimeapi.ContainerMetadata{
-		Name:    &parts[1],
+		Name:    parts[1],
-		Attempt: &attempt,
+		Attempt: attempt,
 	}, nil
 }
--- a/pkg/kubelet/dockershim/naming_test.go
+++ b/pkg/kubelet/dockershim/naming_test.go
@ -55,8 +55,8 @@ func TestContainerNameRoundTrip(t *testing.T) {
 	name, attempt := "pause", uint32(5)
 	config := &runtimeapi.ContainerConfig{
 		Metadata: &runtimeapi.ContainerMetadata{
-			Name:    &name,
+			Name:    name,
-			Attempt: &attempt,
+			Attempt: attempt,
 		},
 	}
 	actualName := makeContainerName(sConfig, config)
--- a/pkg/kubelet/dockershim/remote/docker_service.go
+++ b/pkg/kubelet/dockershim/remote/docker_service.go
@ -47,7 +47,7 @@ func NewDockerService(s dockershim.DockerService) DockerService {
 }
 func (d *dockerService) Version(ctx context.Context, r *runtimeapi.VersionRequest) (*runtimeapi.VersionResponse, error) {
-	return d.runtimeService.Version(r.GetVersion())
+	return d.runtimeService.Version(r.Version)
 }
 func (d *dockerService) Status(ctx context.Context, r *runtimeapi.StatusRequest) (*runtimeapi.StatusResponse, error) {
@ -63,11 +63,11 @@ func (d *dockerService) RunPodSandbox(ctx context.Context, r *runtimeapi.RunPodS
 	if err != nil {
 		return nil, err
 	}
-	return &runtimeapi.RunPodSandboxResponse{PodSandboxId: &podSandboxId}, nil
+	return &runtimeapi.RunPodSandboxResponse{PodSandboxId: podSandboxId}, nil
 }
 func (d *dockerService) StopPodSandbox(ctx context.Context, r *runtimeapi.StopPodSandboxRequest) (*runtimeapi.StopPodSandboxResponse, error) {
-	err := d.runtimeService.StopPodSandbox(r.GetPodSandboxId())
+	err := d.runtimeService.StopPodSandbox(r.PodSandboxId)
 	if err != nil {
 		return nil, err
 	}
@ -75,7 +75,7 @@ func (d *dockerService) StopPodSandbox(ctx context.Context, r *runtimeapi.StopPo
 }
 func (d *dockerService) RemovePodSandbox(ctx context.Context, r *runtimeapi.RemovePodSandboxRequest) (*runtimeapi.RemovePodSandboxResponse, error) {
-	err := d.runtimeService.RemovePodSandbox(r.GetPodSandboxId())
+	err := d.runtimeService.RemovePodSandbox(r.PodSandboxId)
 	if err != nil {
 		return nil, err
 	}
@ -83,7 +83,7 @@ func (d *dockerService) RemovePodSandbox(ctx context.Context, r *runtimeapi.Remo
 }
 func (d *dockerService) PodSandboxStatus(ctx context.Context, r *runtimeapi.PodSandboxStatusRequest) (*runtimeapi.PodSandboxStatusResponse, error) {
-	podSandboxStatus, err := d.runtimeService.PodSandboxStatus(r.GetPodSandboxId())
+	podSandboxStatus, err := d.runtimeService.PodSandboxStatus(r.PodSandboxId)
 	if err != nil {
 		return nil, err
 	}
@ -99,15 +99,15 @@ func (d *dockerService) ListPodSandbox(ctx context.Context, r *runtimeapi.ListPo
 }
 func (d *dockerService) CreateContainer(ctx context.Context, r *runtimeapi.CreateContainerRequest) (*runtimeapi.CreateContainerResponse, error) {
-	containerId, err := d.runtimeService.CreateContainer(r.GetPodSandboxId(), r.GetConfig(), r.GetSandboxConfig())
+	containerId, err := d.runtimeService.CreateContainer(r.PodSandboxId, r.GetConfig(), r.GetSandboxConfig())
 	if err != nil {
 		return nil, err
 	}
-	return &runtimeapi.CreateContainerResponse{ContainerId: &containerId}, nil
+	return &runtimeapi.CreateContainerResponse{ContainerId: containerId}, nil
 }
 func (d *dockerService) StartContainer(ctx context.Context, r *runtimeapi.StartContainerRequest) (*runtimeapi.StartContainerResponse, error) {
-	err := d.runtimeService.StartContainer(r.GetContainerId())
+	err := d.runtimeService.StartContainer(r.ContainerId)
 	if err != nil {
 		return nil, err
 	}
@ -115,7 +115,7 @@ func (d *dockerService) StartContainer(ctx context.Context, r *runtimeapi.StartC
 }
 func (d *dockerService) StopContainer(ctx context.Context, r *runtimeapi.StopContainerRequest) (*runtimeapi.StopContainerResponse, error) {
-	err := d.runtimeService.StopContainer(r.GetContainerId(), r.GetTimeout())
+	err := d.runtimeService.StopContainer(r.ContainerId, r.Timeout)
 	if err != nil {
 		return nil, err
 	}
@ -123,7 +123,7 @@ func (d *dockerService) StopContainer(ctx context.Context, r *runtimeapi.StopCon
 }
 func (d *dockerService) RemoveContainer(ctx context.Context, r *runtimeapi.RemoveContainerRequest) (*runtimeapi.RemoveContainerResponse, error) {
-	err := d.runtimeService.RemoveContainer(r.GetContainerId())
+	err := d.runtimeService.RemoveContainer(r.ContainerId)
 	if err != nil {
 		return nil, err
 	}
@ -139,7 +139,7 @@ func (d *dockerService) ListContainers(ctx context.Context, r *runtimeapi.ListCo
 }
 func (d *dockerService) ContainerStatus(ctx context.Context, r *runtimeapi.ContainerStatusRequest) (*runtimeapi.ContainerStatusResponse, error) {
-	status, err := d.runtimeService.ContainerStatus(r.GetContainerId())
+	status, err := d.runtimeService.ContainerStatus(r.ContainerId)
 	if err != nil {
 		return nil, err
 	}
@ -147,7 +147,7 @@ func (d *dockerService) ContainerStatus(ctx context.Context, r *runtimeapi.Conta
 }
 func (d *dockerService) ExecSync(ctx context.Context, r *runtimeapi.ExecSyncRequest) (*runtimeapi.ExecSyncResponse, error) {
-	stdout, stderr, err := d.runtimeService.ExecSync(r.GetContainerId(), r.GetCmd(), time.Duration(r.GetTimeout())*time.Second)
+	stdout, stderr, err := d.runtimeService.ExecSync(r.ContainerId, r.Cmd, time.Duration(r.Timeout)*time.Second)
 	var exitCode int32
 	if err != nil {
 		exitError, ok := err.(utilexec.ExitError)
@ -159,7 +159,7 @@ func (d *dockerService) ExecSync(ctx context.Context, r *runtimeapi.ExecSyncRequ
 	return &runtimeapi.ExecSyncResponse{
 		Stdout:   stdout,
 		Stderr:   stderr,
-		ExitCode: &exitCode,
+		ExitCode: exitCode,
 	}, nil
 }
@ -204,7 +204,7 @@ func (d *dockerService) PullImage(ctx context.Context, r *runtimeapi.PullImageRe
 	if err != nil {
 		return nil, err
 	}
-	return &runtimeapi.PullImageResponse{ImageRef: &image}, nil
+	return &runtimeapi.PullImageResponse{ImageRef: image}, nil
 }
 func (d *dockerService) RemoveImage(ctx context.Context, r *runtimeapi.RemoveImageRequest) (*runtimeapi.RemoveImageResponse, error) {
--- a/pkg/kubelet/dockershim/security_context.go
+++ b/pkg/kubelet/dockershim/security_context.go
@ -69,10 +69,10 @@ func modifyContainerConfig(sc *runtimeapi.LinuxContainerSecurityContext, config
 		return
 	}
 	if sc.RunAsUser != nil {
-		config.User = strconv.FormatInt(sc.GetRunAsUser(), 10)
+		config.User = strconv.FormatInt(sc.GetRunAsUser().Value, 10)
 	}
-	if sc.RunAsUsername != nil {
+	if sc.RunAsUsername != "" {
-		config.User = sc.GetRunAsUsername()
+		config.User = sc.RunAsUsername
 	}
 }
@ -88,24 +88,20 @@ func modifyHostConfig(sc *runtimeapi.LinuxContainerSecurityContext, hostConfig *
 	}
 	// Apply security context for the container.
-	if sc.Privileged != nil {
+	hostConfig.Privileged = sc.Privileged
-		hostConfig.Privileged = sc.GetPrivileged()
+	hostConfig.ReadonlyRootfs = sc.ReadonlyRootfs
 	}
 	if sc.ReadonlyRootfs != nil {
 		hostConfig.ReadonlyRootfs = sc.GetReadonlyRootfs()
 	}
 	if sc.Capabilities != nil {
-		hostConfig.CapAdd = sc.GetCapabilities().GetAddCapabilities()
+		hostConfig.CapAdd = sc.GetCapabilities().AddCapabilities
-		hostConfig.CapDrop = sc.GetCapabilities().GetDropCapabilities()
+		hostConfig.CapDrop = sc.GetCapabilities().DropCapabilities
 	}
 	if sc.SelinuxOptions != nil {
 		hostConfig.SecurityOpt = securitycontext.ModifySecurityOptions(
 			hostConfig.SecurityOpt,
 			&v1.SELinuxOptions{
-				User:  sc.SelinuxOptions.GetUser(),
+				User:  sc.SelinuxOptions.User,
-				Role:  sc.SelinuxOptions.GetRole(),
+				Role:  sc.SelinuxOptions.Role,
-				Type:  sc.SelinuxOptions.GetType(),
+				Type:  sc.SelinuxOptions.Type,
-				Level: sc.SelinuxOptions.GetLevel(),
+				Level: sc.SelinuxOptions.Level,
 			},
 		)
 	}
@ -114,22 +110,26 @@ func modifyHostConfig(sc *runtimeapi.LinuxContainerSecurityContext, hostConfig *
 // modifySandboxNamespaceOptions apply namespace options for sandbox
 func modifySandboxNamespaceOptions(nsOpts *runtimeapi.NamespaceOption, hostConfig *dockercontainer.HostConfig, networkPlugin network.NetworkPlugin) {
 	modifyCommonNamespaceOptions(nsOpts, hostConfig)
-	modifyHostNetworkOptionForSandbox(nsOpts.GetHostNetwork(), networkPlugin, hostConfig)
+	modifyHostNetworkOptionForSandbox(nsOpts.HostNetwork, networkPlugin, hostConfig)
 }
 // modifyContainerNamespaceOptions apply namespace options for container
 func modifyContainerNamespaceOptions(nsOpts *runtimeapi.NamespaceOption, sandboxID string, hostConfig *dockercontainer.HostConfig) {
 	hostNetwork := false
 	if nsOpts != nil {
 		hostNetwork = nsOpts.HostNetwork
 	}
 	modifyCommonNamespaceOptions(nsOpts, hostConfig)
-	modifyHostNetworkOptionForContainer(nsOpts.GetHostNetwork(), sandboxID, hostConfig)
+	modifyHostNetworkOptionForContainer(hostNetwork, sandboxID, hostConfig)
 }
 // modifyCommonNamespaceOptions apply common namespace options for sandbox and container
 func modifyCommonNamespaceOptions(nsOpts *runtimeapi.NamespaceOption, hostConfig *dockercontainer.HostConfig) {
 	if nsOpts != nil {
-		if nsOpts.GetHostPid() {
+		if nsOpts.HostPid {
 			hostConfig.PidMode = namespaceModeHost
 		}
-		if nsOpts.GetHostIpc() {
+		if nsOpts.HostIpc {
 			hostConfig.IpcMode = namespaceModeHost
 		}
 	}
--- a/pkg/kubelet/dockershim/security_context_test.go
+++ b/pkg/kubelet/dockershim/security_context_test.go
@ -30,7 +30,7 @@ import (
 func TestModifyContainerConfig(t *testing.T) {
 	var uid int64 = 123
-	var username string = "testuser"
+	var username = "testuser"
 	cases := []struct {
 		name     string
@ -40,7 +40,7 @@ func TestModifyContainerConfig(t *testing.T) {
 		{
 			name: "container.SecurityContext.RunAsUser set",
 			sc: &runtimeapi.LinuxContainerSecurityContext{
-				RunAsUser: &uid,
+				RunAsUser: &runtimeapi.Int64Value{Value: uid},
 			},
 			expected: &dockercontainer.Config{
 				User: strconv.FormatInt(uid, 10),
@ -49,7 +49,7 @@ func TestModifyContainerConfig(t *testing.T) {
 		{
 			name: "container.SecurityContext.RunAsUsername set",
 			sc: &runtimeapi.LinuxContainerSecurityContext{
-				RunAsUsername: &username,
+				RunAsUsername: username,
 			},
 			expected: &dockercontainer.Config{
 				User: username,
@ -70,10 +70,9 @@ func TestModifyContainerConfig(t *testing.T) {
 }
 func TestModifyHostConfig(t *testing.T) {
 	priv := true
 	setNetworkHC := &dockercontainer.HostConfig{}
 	setPrivSC := &runtimeapi.LinuxContainerSecurityContext{}
-	setPrivSC.Privileged = &priv
+	setPrivSC.Privileged = true
 	setPrivHC := &dockercontainer.HostConfig{
 		Privileged: true,
 	}
@ -168,7 +167,7 @@ func TestModifyHostConfigAndNamespaceOptionsForContainer(t *testing.T) {
 	sandboxID := "sandbox"
 	sandboxNSMode := fmt.Sprintf("container:%v", sandboxID)
 	setPrivSC := &runtimeapi.LinuxContainerSecurityContext{}
-	setPrivSC.Privileged = &priv
+	setPrivSC.Privileged = priv
 	setPrivHC := &dockercontainer.HostConfig{
 		Privileged:  true,
 		IpcMode:     dockercontainer.IpcMode(sandboxNSMode),
@ -235,7 +234,7 @@ func TestModifySandboxNamespaceOptions(t *testing.T) {
 		{
 			name: "NamespaceOption.HostNetwork",
 			nsOpt: &runtimeapi.NamespaceOption{
-				HostNetwork: &set,
+				HostNetwork: set,
 			},
 			expected: &dockercontainer.HostConfig{
 				NetworkMode: namespaceModeHost,
@ -244,7 +243,7 @@ func TestModifySandboxNamespaceOptions(t *testing.T) {
 		{
 			name: "NamespaceOption.HostIpc",
 			nsOpt: &runtimeapi.NamespaceOption{
-				HostIpc: &set,
+				HostIpc: set,
 			},
 			expected: &dockercontainer.HostConfig{
 				IpcMode:     namespaceModeHost,
@ -254,7 +253,7 @@ func TestModifySandboxNamespaceOptions(t *testing.T) {
 		{
 			name: "NamespaceOption.HostPid",
 			nsOpt: &runtimeapi.NamespaceOption{
-				HostPid: &set,
+				HostPid: set,
 			},
 			expected: &dockercontainer.HostConfig{
 				PidMode:     namespaceModeHost,
@ -281,7 +280,7 @@ func TestModifyContainerNamespaceOptions(t *testing.T) {
 		{
 			name: "NamespaceOption.HostNetwork",
 			nsOpt: &runtimeapi.NamespaceOption{
-				HostNetwork: &set,
+				HostNetwork: set,
 			},
 			expected: &dockercontainer.HostConfig{
 				NetworkMode: dockercontainer.NetworkMode(sandboxNSMode),
@ -292,7 +291,7 @@ func TestModifyContainerNamespaceOptions(t *testing.T) {
 		{
 			name: "NamespaceOption.HostIpc",
 			nsOpt: &runtimeapi.NamespaceOption{
-				HostIpc: &set,
+				HostIpc: set,
 			},
 			expected: &dockercontainer.HostConfig{
 				NetworkMode: dockercontainer.NetworkMode(sandboxNSMode),
@ -302,7 +301,7 @@ func TestModifyContainerNamespaceOptions(t *testing.T) {
 		{
 			name: "NamespaceOption.HostPid",
 			nsOpt: &runtimeapi.NamespaceOption{
-				HostPid: &set,
+				HostPid: set,
 			},
 			expected: &dockercontainer.HostConfig{
 				NetworkMode: dockercontainer.NetworkMode(sandboxNSMode),
@ -318,9 +317,8 @@ func TestModifyContainerNamespaceOptions(t *testing.T) {
 }
 func fullValidSecurityContext() *runtimeapi.LinuxContainerSecurityContext {
 	priv := true
 	return &runtimeapi.LinuxContainerSecurityContext{
-		Privileged:     &priv,
+		Privileged:     true,
 		Capabilities:   inputCapabilities(),
 		SelinuxOptions: inputSELinuxOptions(),
 	}
@ -340,10 +338,10 @@ func inputSELinuxOptions() *runtimeapi.SELinuxOption {
 	level := "level"
 	return &runtimeapi.SELinuxOption{
-		User:  &user,
+		User:  user,
-		Role:  &role,
+		Role:  role,
-		Type:  &stype,
+		Type:  stype,
-		Level: &level,
+		Level: level,
 	}
 }