@@ -57,74 +57,76 @@ func NewContainer(ctx gocontext.Context, client *containerd.Client, context *cli
5757 opts = append (opts , oci .WithSpecFromFile (context .String ("config" )))
5858 } else {
5959 opts = append (opts , oci .WithDefaultSpec (), oci .WithDefaultUnixDevices )
60- }
61-
62- opts = append (opts , oci .WithEnv (context .StringSlice ("env" )))
63- opts = append (opts , withMounts (context ))
64- cOpts = append (cOpts , containerd .WithContainerLabels (commands .LabelArgs (context .StringSlice ("label" ))))
65- cOpts = append (cOpts , containerd .WithRuntime (context .String ("runtime" ), nil ))
66- if context .Bool ("rootfs" ) {
67- opts = append (opts , oci .WithRootFSPath (ref ))
68- } else {
69- snapshotter := context .String ("snapshotter" )
70- image , err := client .GetImage (ctx , ref )
71- if err != nil {
72- return nil , err
73- }
74- unpacked , err := image .IsUnpacked (ctx , snapshotter )
75- if err != nil {
76- return nil , err
77- }
78- if ! unpacked {
79- if err := image .Unpack (ctx , snapshotter ); err != nil {
60+ opts = append (opts , oci .WithEnv (context .StringSlice ("env" )))
61+ opts = append (opts , withMounts (context ))
62+
63+ if context .Bool ("rootfs" ) {
64+ opts = append (opts , oci .WithRootFSPath (ref ))
65+ } else {
66+ snapshotter := context .String ("snapshotter" )
67+ image , err := client .GetImage (ctx , ref )
68+ if err != nil {
69+ return nil , err
70+ }
71+ unpacked , err := image .IsUnpacked (ctx , snapshotter )
72+ if err != nil {
8073 return nil , err
8174 }
75+ if ! unpacked {
76+ if err := image .Unpack (ctx , snapshotter ); err != nil {
77+ return nil , err
78+ }
79+ }
80+ opts = append (opts , oci .WithImageConfig (image ))
81+ cOpts = append (cOpts ,
82+ containerd .WithImage (image ),
83+ containerd .WithSnapshotter (snapshotter ),
84+ // Even when "readonly" is set, we don't use KindView snapshot here. (#1495)
85+ // We pass writable snapshot to the OCI runtime, and the runtime remounts it as read-only,
86+ // after creating some mount points on demand.
87+ containerd .WithNewSnapshot (id , image ))
8288 }
83- opts = append (opts , oci .WithImageConfig (image ))
84- cOpts = append (cOpts ,
85- containerd .WithImage (image ),
86- containerd .WithSnapshotter (snapshotter ),
87- // Even when "readonly" is set, we don't use KindView snapshot here. (#1495)
88- // We pass writable snapshot to the OCI runtime, and the runtime remounts it as read-only,
89- // after creating some mount points on demand.
90- containerd .WithNewSnapshot (id , image ))
91- }
92- if context .Bool ("readonly" ) {
93- opts = append (opts , oci .WithRootFSReadonly ())
94- }
95- if len (args ) > 0 {
96- opts = append (opts , oci .WithProcessArgs (args ... ))
97- }
98- if cwd := context .String ("cwd" ); cwd != "" {
99- opts = append (opts , oci .WithProcessCwd (cwd ))
100- }
101- if context .Bool ("tty" ) {
102- opts = append (opts , oci .WithTTY )
103- }
104- if context .Bool ("privileged" ) {
105- opts = append (opts , oci .WithPrivileged )
106- }
107- if context .Bool ("net-host" ) {
108- opts = append (opts , oci .WithHostNamespace (specs .NetworkNamespace ), oci .WithHostHostsFile , oci .WithHostResolvconf )
109- }
110- joinNs := context .StringSlice ("with-ns" )
111- for _ , ns := range joinNs {
112- parts := strings .Split (ns , ":" )
113- if len (parts ) != 2 {
114- return nil , errors .New ("joining a Linux namespace using --with-ns requires the format 'nstype:path'" )
89+ if context .Bool ("readonly" ) {
90+ opts = append (opts , oci .WithRootFSReadonly ())
11591 }
116- if ! validNamespace (parts [0 ]) {
117- return nil , errors .New ("the Linux namespace type specified in --with-ns is not valid: " + parts [0 ])
92+ if len (args ) > 0 {
93+ opts = append (opts , oci .WithProcessArgs (args ... ))
94+ }
95+ if cwd := context .String ("cwd" ); cwd != "" {
96+ opts = append (opts , oci .WithProcessCwd (cwd ))
97+ }
98+ if context .Bool ("tty" ) {
99+ opts = append (opts , oci .WithTTY )
100+ }
101+ if context .Bool ("privileged" ) {
102+ opts = append (opts , oci .WithPrivileged )
103+ }
104+ if context .Bool ("net-host" ) {
105+ opts = append (opts , oci .WithHostNamespace (specs .NetworkNamespace ), oci .WithHostHostsFile , oci .WithHostResolvconf )
106+ }
107+
108+ joinNs := context .StringSlice ("with-ns" )
109+ for _ , ns := range joinNs {
110+ parts := strings .Split (ns , ":" )
111+ if len (parts ) != 2 {
112+ return nil , errors .New ("joining a Linux namespace using --with-ns requires the format 'nstype:path'" )
113+ }
114+ if ! validNamespace (parts [0 ]) {
115+ return nil , errors .New ("the Linux namespace type specified in --with-ns is not valid: " + parts [0 ])
116+ }
117+ opts = append (opts , oci .WithLinuxNamespace (specs.LinuxNamespace {
118+ Type : specs .LinuxNamespaceType (parts [0 ]),
119+ Path : parts [1 ],
120+ }))
121+ }
122+ if context .IsSet ("gpus" ) {
123+ opts = append (opts , nvidia .WithGPUs (nvidia .WithDevices (context .Int ("gpus" )), nvidia .WithAllCapabilities ))
118124 }
119- opts = append (opts , oci .WithLinuxNamespace (specs.LinuxNamespace {
120- Type : specs .LinuxNamespaceType (parts [0 ]),
121- Path : parts [1 ],
122- }))
123- }
124- if context .IsSet ("gpus" ) {
125- opts = append (opts , nvidia .WithGPUs (nvidia .WithDevices (context .Int ("gpus" )), nvidia .WithAllCapabilities ))
126125 }
127126
127+ cOpts = append (cOpts , containerd .WithContainerLabels (commands .LabelArgs (context .StringSlice ("label" ))))
128+ cOpts = append (cOpts , containerd .WithRuntime (context .String ("runtime" ), nil ))
129+
128130 var s specs.Spec
129131 spec = containerd .WithSpec (& s , opts ... )
130132
0 commit comments