packages/iSulad
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
iSulad/0003-update-api.proto-to-v1.19.3-according-to-kubelet.patch
haozi007 112089d24b sync from openeuler 
1. support default container log options
2. fix bugs
3. show all mutl network's ips
4. update api.proto to k8s v1.19.3

Signed-off-by: haozi007 <liuhao27@huawei.com>
2020-12-03 19:20:13 +08:00

103 lines
4.5 KiB
Diff
Raw Blame History

From 5720b90e9515a698b5f9cde21a99194848f2c66a Mon Sep 17 00:00:00 2001
From: gaohuatao <gaohuatao@huawei.com>
Date: Fri, 13 Nov 2020 03:21:16 -0500
Subject: [PATCH 03/17] update api.proto to v1.19.3 according to kubelet
Signed-off-by: gaohuatao <gaohuatao@huawei.com>
---
src/api/services/cri/api.proto | 31 ++++++++++++++++++++
src/daemon/entry/cri/cri_security_context.cc | 7 +++++
2 files changed, 38 insertions(+)
diff --git a/src/api/services/cri/api.proto b/src/api/services/cri/api.proto
index 67e5527e..dc0cfeb9 100644
--- a/src/api/services/cri/api.proto
+++ b/src/api/services/cri/api.proto
@@ -219,6 +219,13 @@ enum NamespaceMode {
// For example, a container with a PID namespace of NODE expects to view
// all of the processes on the host running the kubelet.
NODE = 2;
+ // TARGET targets the namespace of another container. When this is specified,
+ // a target_id must be specified in NamespaceOption and refer to a container
+ // previously created with NamespaceMode CONTAINER. This containers namespace
+ // will be made to match that of container target_id.
+ // For example, a container with a PID namespace of TARGET expects to view
+ // all of the processes that container target_id can view.
+ TARGET = 3;
}
// NamespaceOption provides options for Linux namespaces.
@@ -236,6 +243,10 @@ message NamespaceOption {
// Note: There is currently no way to set CONTAINER scoped IPC in the Kubernetes API.
// Namespaces currently set by the kubelet: POD, NODE
NamespaceMode ipc = 3;
+ // Target Container ID for NamespaceMode of TARGET. This container must have been
+ // previously created in the same pod. It is not possible to specify different targets
+ // for each namespace.
+ string target_id = 4;
}
// Int64Value is the wrapper of int64.
@@ -519,6 +530,10 @@ message ListPodSandboxResponse {
// future it will include more detailed information about the different image types.
message ImageSpec {
string image = 1;
+ // Unstructured key-value map holding arbitrary metadata.
+ // ImageSpec Annotations can be used to help the runtime target specific
+ // images in multi-arch images.
+ map<string, string> annotations = 2;
}
message KeyValue {
@@ -545,6 +560,19 @@ message LinuxContainerResources {
string cpuset_cpus = 6;
// CpusetMems constrains the allowed set of memory nodes. Default: "" (not specified).
string cpuset_mems = 7;
+ // List of HugepageLimits to limit the HugeTLB usage of container per page size. Default: nil (not specified).
+ repeated HugepageLimit hugepage_limits = 8;
+}
+
+// HugepageLimit corresponds to the file`hugetlb.<hugepagesize>.limit_in_byte` in container level cgroup.
+// For example, `PageSize=1GB`, `Limit=1073741824` means setting `1073741824` bytes to hugetlb.1GB.limit_in_bytes.
+message HugepageLimit {
+ // The value of PageSize has the format <size><unit-prefix>B (2MB, 1GB),
+ // and must match the <hugepagesize> of the corresponding control file found in `hugetlb.<hugepagesize>.limit_in_bytes`.
+ // The values of <unit-prefix> are intended to be parsed using base 1024("1KB" = 1024, "1MB" = 1048576, etc).
+ string page_size = 1;
+ // limit in bytes of hugepagesize HugeTLB usage.
+ uint64 limit = 2;
}
// SELinuxOption are the labels to be applied to the container.
@@ -1040,6 +1068,9 @@ message Image {
// User name that will run the command(s). This is used if UID is not set
// and no user is specified when creating container.
string username = 6;
+ // ImageSpec for image which includes annotations
+ ImageSpec spec = 7;
+
}
message ListImagesResponse {
diff --git a/src/daemon/entry/cri/cri_security_context.cc b/src/daemon/entry/cri/cri_security_context.cc
index 634e53ad..1d332261 100644
--- a/src/daemon/entry/cri/cri_security_context.cc
+++ b/src/daemon/entry/cri/cri_security_context.cc
@@ -179,6 +179,13 @@ static void ModifyContainerNamespaceOptions(const runtime::v1alpha2::NamespaceOp
hostConfig->pid_mode = util_strdup_s(sandboxNSMode.c_str());
}
+
+ if (nsOpts.pid() == runtime::v1alpha2::NamespaceMode::TARGET) {
+ std::string targetPidNsMode = "container:" + nsOpts.target_id();
+ free(hostConfig->pid_mode);
+ hostConfig->pid_mode = util_strdup_s(targetPidNsMode.c_str());
+ }
+
/* set common Namespace options */
ModifyCommonNamespaceOptions(nsOpts, hostConfig);
/* modify host network option for container */
--
2.25.1
Reference in New Issue View Git Blame Copy Permalink