github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-14 22:33:34 +00:00
Code Issues Projects Releases Wiki Activity

Review comments

Browse Source 
Signed-off-by: Jean Rouge <rougej+github@gmail.com>
This commit is contained in:
Jean Rouge 2019-02-25 10:59:23 -08:00
parent a09031dbbd
commit f1bdfa93f9
1 changed files with 7 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
pkg/kubelet/dockershim/docker_container_windows.go
View File

@ -29,8 +29,6 @@ import (
dockertypes "github.com/docker/docker/api/types"
dockercontainer "github.com/docker/docker/api/types/container"
utilfeature "k8s.io/apiserver/pkg/util/feature"
kubefeatures "k8s.io/kubernetes/pkg/features"
runtimeapi "k8s.io/kubernetes/pkg/kubelet/apis/cri/runtime/v1alpha2"
"k8s.io/kubernetes/pkg/kubelet/kuberuntime"
)
@ -45,11 +43,9 @@ type containerCreationCleanupInfo struct {
func (ds *dockerService) applyPlatformSpecificDockerConfig(request *runtimeapi.CreateContainerRequest, createConfig *dockertypes.ContainerCreateConfig) (*containerCreationCleanupInfo, error) {
cleanupInfo := &containerCreationCleanupInfo{}
if utilfeature.DefaultFeatureGate.Enabled(kubefeatures.WindowsGMSA) {
if err := applyGMSAConfig(request.GetConfig(), createConfig, cleanupInfo); err != nil {
return nil, err
}
}
return cleanupInfo, nil
}
@ -60,7 +56,8 @@ func (ds *dockerService) applyPlatformSpecificDockerConfig(request *runtimeapi.C
// whose location could potentially change down the line, or even be unknown (eg if docker is not installed on the
// C: drive)
// When docker supports passing a credential spec's contents directly, we should switch to using that
// as it will avoid cluttering the registry.
// as it will avoid cluttering the registry - there is a moby PR out for this:
// https://github.com/moby/moby/pull/38777
func applyGMSAConfig(config *runtimeapi.ContainerConfig, createConfig *dockertypes.ContainerCreateConfig, cleanupInfo *containerCreationCleanupInfo) error {
credSpec := config.Annotations[kuberuntime.GMSASpecContainerAnnotationKey]
if credSpec == "" {
@ -163,11 +160,9 @@ func randomString(length int) (string, error) {
// after a container creation. Any errors it returns are simply logged, but do not fail the container
// creation.
func (ds *dockerService) performPlatformSpecificContainerCreationCleanup(cleanupInfo *containerCreationCleanupInfo) (errors []error) {
if utilfeature.DefaultFeatureGate.Enabled(kubefeatures.WindowsGMSA) {
if err := removeGMSARegistryValue(cleanupInfo); err != nil {
errors = append(errors, err)
}
}
return
}
@ -194,10 +189,7 @@ func removeGMSARegistryValue(cleanupInfo *containerCreationCleanupInfo) error {
// creating containers.
// Errors are simply logged, but don't prevent dockershim from starting.
func (ds *dockerService) platformSpecificContainerCreationInitCleanup() (errors []error) {
if utilfeature.DefaultFeatureGate.Enabled(kubefeatures.WindowsGMSA) {
errors = removeAllGMSARegistryValues()
}
return
return removeAllGMSARegistryValues()
}
func removeAllGMSARegistryValues() (errors []error) {