Skip to content

Commit b3f2402

Browse files
dmcgowandmcgowan
authored
Merge pull request #5002 from crosbymichael/anno-image-name
[cri] add image-name annotation
2 parents e908be5 + 99cb62f commit b3f2402

8 files changed

Lines changed: 69 additions & 31 deletions

pkg/cri/annotations/annotations.go

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -53,4 +53,6 @@ const (
5353

5454
// ContainerName is the name of the container in the pod
5555
ContainerName = "io.kubernetes.cri.container-name"
56+
// ImageName is the name of the image used to create the container
57+
ImageName = "io.kubernetes.cri.image-name"
5658
)

pkg/cri/server/container_create.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -155,7 +155,7 @@ func (c *criService) CreateContainer(ctx context.Context, r *runtime.CreateConta
155155
}
156156
log.G(ctx).Debugf("Use OCI runtime %+v for sandbox %q and container %q", ociRuntime, sandboxID, id)
157157

158-
spec, err := c.containerSpec(id, sandboxID, sandboxPid, sandbox.NetNSPath, containerName, config, sandboxConfig,
158+
spec, err := c.containerSpec(id, sandboxID, sandboxPid, sandbox.NetNSPath, containerName, containerdImage.Name(), config, sandboxConfig,
159159
&image.ImageSpec.Config, append(mounts, volumeMounts...), ociRuntime)
160160
if err != nil {
161161
return nil, errors.Wrapf(err, "failed to generate container %q spec", id)

pkg/cri/server/container_create_linux.go

Lines changed: 14 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -108,10 +108,19 @@ func (c *criService) containerMounts(sandboxID string, config *runtime.Container
108108
return mounts
109109
}
110110

111-
func (c *criService) containerSpec(id string, sandboxID string, sandboxPid uint32, netNSPath string, containerName string,
112-
config *runtime.ContainerConfig, sandboxConfig *runtime.PodSandboxConfig, imageConfig *imagespec.ImageConfig,
113-
extraMounts []*runtime.Mount, ociRuntime config.Runtime) (_ *runtimespec.Spec, retErr error) {
114-
111+
func (c *criService) containerSpec(
112+
id string,
113+
sandboxID string,
114+
sandboxPid uint32,
115+
netNSPath string,
116+
containerName string,
117+
imageName string,
118+
config *runtime.ContainerConfig,
119+
sandboxConfig *runtime.PodSandboxConfig,
120+
imageConfig *imagespec.ImageConfig,
121+
extraMounts []*runtime.Mount,
122+
ociRuntime config.Runtime,
123+
) (_ *runtimespec.Spec, retErr error) {
115124
specOpts := []oci.SpecOpts{
116125
customopts.WithoutRunMount,
117126
}
@@ -263,6 +272,7 @@ func (c *criService) containerSpec(id string, sandboxID string, sandboxPid uint3
263272
customopts.WithAnnotation(annotations.SandboxNamespace, sandboxConfig.GetMetadata().GetNamespace()),
264273
customopts.WithAnnotation(annotations.SandboxName, sandboxConfig.GetMetadata().GetName()),
265274
customopts.WithAnnotation(annotations.ContainerName, containerName),
275+
customopts.WithAnnotation(annotations.ImageName, imageName),
266276
)
267277
// cgroupns is used for hiding /sys/fs/cgroup from containers.
268278
// For compatibility, cgroupns is not used when running in cgroup v1 mode or in privileged.

pkg/cri/server/container_create_linux_test.go

Lines changed: 17 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -179,6 +179,9 @@ func getCreateContainerTestData() (*runtime.ContainerConfig, *runtime.PodSandbox
179179

180180
assert.Contains(t, spec.Annotations, annotations.SandboxName)
181181
assert.EqualValues(t, spec.Annotations[annotations.SandboxName], "test-sandbox-name")
182+
183+
assert.Contains(t, spec.Annotations, annotations.ImageName)
184+
assert.EqualValues(t, spec.Annotations[annotations.ImageName], testImageName)
182185
}
183186
return config, sandboxConfig, imageConfig, specCheck
184187
}
@@ -236,7 +239,7 @@ func TestContainerCapabilities(t *testing.T) {
236239
c := newTestCRIService()
237240

238241
containerConfig.Linux.SecurityContext.Capabilities = test.capability
239-
spec, err := c.containerSpec(testID, testSandboxID, testPid, "", testContainerName, containerConfig, sandboxConfig, imageConfig, nil, ociRuntime)
242+
spec, err := c.containerSpec(testID, testSandboxID, testPid, "", testContainerName, testImageName, containerConfig, sandboxConfig, imageConfig, nil, ociRuntime)
240243
require.NoError(t, err)
241244

242245
if selinux.GetEnabled() {
@@ -271,7 +274,7 @@ func TestContainerSpecTty(t *testing.T) {
271274
c := newTestCRIService()
272275
for _, tty := range []bool{true, false} {
273276
containerConfig.Tty = tty
274-
spec, err := c.containerSpec(testID, testSandboxID, testPid, "", testContainerName, containerConfig, sandboxConfig, imageConfig, nil, ociRuntime)
277+
spec, err := c.containerSpec(testID, testSandboxID, testPid, "", testContainerName, testImageName, containerConfig, sandboxConfig, imageConfig, nil, ociRuntime)
275278
require.NoError(t, err)
276279
specCheck(t, testID, testSandboxID, testPid, spec)
277280
assert.Equal(t, tty, spec.Process.Terminal)
@@ -298,7 +301,7 @@ func TestContainerSpecDefaultPath(t *testing.T) {
298301
imageConfig.Env = append(imageConfig.Env, pathenv)
299302
expected = pathenv
300303
}
301-
spec, err := c.containerSpec(testID, testSandboxID, testPid, "", testContainerName, containerConfig, sandboxConfig, imageConfig, nil, ociRuntime)
304+
spec, err := c.containerSpec(testID, testSandboxID, testPid, "", testContainerName, testImageName, containerConfig, sandboxConfig, imageConfig, nil, ociRuntime)
302305
require.NoError(t, err)
303306
specCheck(t, testID, testSandboxID, testPid, spec)
304307
assert.Contains(t, spec.Process.Env, expected)
@@ -315,7 +318,7 @@ func TestContainerSpecReadonlyRootfs(t *testing.T) {
315318
c := newTestCRIService()
316319
for _, readonly := range []bool{true, false} {
317320
containerConfig.Linux.SecurityContext.ReadonlyRootfs = readonly
318-
spec, err := c.containerSpec(testID, testSandboxID, testPid, "", testContainerName, containerConfig, sandboxConfig, imageConfig, nil, ociRuntime)
321+
spec, err := c.containerSpec(testID, testSandboxID, testPid, "", testContainerName, testImageName, containerConfig, sandboxConfig, imageConfig, nil, ociRuntime)
319322
require.NoError(t, err)
320323
specCheck(t, testID, testSandboxID, testPid, spec)
321324
assert.Equal(t, readonly, spec.Root.Readonly)
@@ -354,7 +357,7 @@ func TestContainerSpecWithExtraMounts(t *testing.T) {
354357
Readonly: false,
355358
},
356359
}
357-
spec, err := c.containerSpec(testID, testSandboxID, testPid, "", testContainerName, containerConfig, sandboxConfig, imageConfig, extraMounts, ociRuntime)
360+
spec, err := c.containerSpec(testID, testSandboxID, testPid, "", testContainerName, testImageName, containerConfig, sandboxConfig, imageConfig, extraMounts, ociRuntime)
358361
require.NoError(t, err)
359362
specCheck(t, testID, testSandboxID, testPid, spec)
360363
var mounts, sysMounts, devMounts []runtimespec.Mount
@@ -422,7 +425,7 @@ func TestContainerAndSandboxPrivileged(t *testing.T) {
422425
sandboxConfig.Linux.SecurityContext = &runtime.LinuxSandboxSecurityContext{
423426
Privileged: test.sandboxPrivileged,
424427
}
425-
_, err := c.containerSpec(testID, testSandboxID, testPid, "", testContainerName, containerConfig, sandboxConfig, imageConfig, nil, ociRuntime)
428+
_, err := c.containerSpec(testID, testSandboxID, testPid, "", testContainerName, testImageName, containerConfig, sandboxConfig, imageConfig, nil, ociRuntime)
426429
if test.expectError {
427430
assert.Error(t, err)
428431
} else {
@@ -613,7 +616,7 @@ func TestPrivilegedBindMount(t *testing.T) {
613616
containerConfig.Linux.SecurityContext.Privileged = test.privileged
614617
sandboxConfig.Linux.SecurityContext.Privileged = test.privileged
615618

616-
spec, err := c.containerSpec(t.Name(), testSandboxID, testPid, "", testContainerName, containerConfig, sandboxConfig, imageConfig, nil, ociRuntime)
619+
spec, err := c.containerSpec(t.Name(), testSandboxID, testPid, "", testContainerName, testImageName, containerConfig, sandboxConfig, imageConfig, nil, ociRuntime)
617620

618621
assert.NoError(t, err)
619622
if test.expectedSysFSRO {
@@ -770,7 +773,7 @@ func TestPidNamespace(t *testing.T) {
770773
} {
771774
t.Logf("TestCase %q", desc)
772775
containerConfig.Linux.SecurityContext.NamespaceOptions = &runtime.NamespaceOption{Pid: test.pidNS}
773-
spec, err := c.containerSpec(testID, testSandboxID, testPid, "", testContainerName, containerConfig, sandboxConfig, imageConfig, nil, ociRuntime)
776+
spec, err := c.containerSpec(testID, testSandboxID, testPid, "", testContainerName, testImageName, containerConfig, sandboxConfig, imageConfig, nil, ociRuntime)
774777
require.NoError(t, err)
775778
assert.Contains(t, spec.Linux.Namespaces, test.expected)
776779
}
@@ -785,7 +788,7 @@ func TestNoDefaultRunMount(t *testing.T) {
785788
ociRuntime := config.Runtime{}
786789
c := newTestCRIService()
787790

788-
spec, err := c.containerSpec(testID, testSandboxID, testPid, "", testContainerName, containerConfig, sandboxConfig, imageConfig, nil, ociRuntime)
791+
spec, err := c.containerSpec(testID, testSandboxID, testPid, "", testContainerName, testImageName, containerConfig, sandboxConfig, imageConfig, nil, ociRuntime)
789792
assert.NoError(t, err)
790793
for _, mount := range spec.Mounts {
791794
assert.NotEqual(t, "/run", mount.Destination)
@@ -1158,7 +1161,7 @@ func TestMaskedAndReadonlyPaths(t *testing.T) {
11581161
sandboxConfig.Linux.SecurityContext = &runtime.LinuxSandboxSecurityContext{
11591162
Privileged: test.privileged,
11601163
}
1161-
spec, err := c.containerSpec(testID, testSandboxID, testPid, "", testContainerName, containerConfig, sandboxConfig, imageConfig, nil, ociRuntime)
1164+
spec, err := c.containerSpec(testID, testSandboxID, testPid, "", testContainerName, testImageName, containerConfig, sandboxConfig, imageConfig, nil, ociRuntime)
11621165
require.NoError(t, err)
11631166
if !test.privileged { // specCheck presumes an unprivileged container
11641167
specCheck(t, testID, testSandboxID, testPid, spec)
@@ -1205,7 +1208,7 @@ func TestHostname(t *testing.T) {
12051208
sandboxConfig.Linux.SecurityContext = &runtime.LinuxSandboxSecurityContext{
12061209
NamespaceOptions: &runtime.NamespaceOption{Network: test.networkNs},
12071210
}
1208-
spec, err := c.containerSpec(testID, testSandboxID, testPid, "", testContainerName, containerConfig, sandboxConfig, imageConfig, nil, ociRuntime)
1211+
spec, err := c.containerSpec(testID, testSandboxID, testPid, "", testContainerName, testImageName, containerConfig, sandboxConfig, imageConfig, nil, ociRuntime)
12091212
require.NoError(t, err)
12101213
specCheck(t, testID, testSandboxID, testPid, spec)
12111214
assert.Contains(t, spec.Process.Env, test.expectedEnv)
@@ -1217,7 +1220,7 @@ func TestDisableCgroup(t *testing.T) {
12171220
ociRuntime := config.Runtime{}
12181221
c := newTestCRIService()
12191222
c.config.DisableCgroup = true
1220-
spec, err := c.containerSpec("test-id", "sandbox-id", 1234, "", "container-name", containerConfig, sandboxConfig, imageConfig, nil, ociRuntime)
1223+
spec, err := c.containerSpec("test-id", "sandbox-id", 1234, "", "container-name", testImageName, containerConfig, sandboxConfig, imageConfig, nil, ociRuntime)
12211224
require.NoError(t, err)
12221225

12231226
t.Log("resource limit should not be set")
@@ -1340,7 +1343,7 @@ func TestPrivilegedDevices(t *testing.T) {
13401343
ociRuntime := config.Runtime{
13411344
PrivilegedWithoutHostDevices: test.privilegedWithoutHostDevices,
13421345
}
1343-
spec, err := c.containerSpec(t.Name(), testSandboxID, testPid, "", testContainerName, containerConfig, sandboxConfig, imageConfig, nil, ociRuntime)
1346+
spec, err := c.containerSpec(t.Name(), testSandboxID, testPid, "", testContainerName, testImageName, containerConfig, sandboxConfig, imageConfig, nil, ociRuntime)
13441347
assert.NoError(t, err)
13451348

13461349
hostDevicesRaw, err := devices.HostDevices()
@@ -1389,7 +1392,7 @@ func TestBaseOCISpec(t *testing.T) {
13891392
testPid := uint32(1234)
13901393
containerConfig, sandboxConfig, imageConfig, specCheck := getCreateContainerTestData()
13911394

1392-
spec, err := c.containerSpec(testID, testSandboxID, testPid, "", testContainerName, containerConfig, sandboxConfig, imageConfig, nil, ociRuntime)
1395+
spec, err := c.containerSpec(testID, testSandboxID, testPid, "", testContainerName, testImageName, containerConfig, sandboxConfig, imageConfig, nil, ociRuntime)
13931396
assert.NoError(t, err)
13941397

13951398
specCheck(t, testID, testSandboxID, testPid, spec)

pkg/cri/server/container_create_other.go

Lines changed: 13 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -33,9 +33,19 @@ func (c *criService) containerMounts(sandboxID string, config *runtime.Container
3333
return []*runtime.Mount{}
3434
}
3535

36-
func (c *criService) containerSpec(id string, sandboxID string, sandboxPid uint32, netNSPath string, containerName string,
37-
config *runtime.ContainerConfig, sandboxConfig *runtime.PodSandboxConfig, imageConfig *imagespec.ImageConfig,
38-
extraMounts []*runtime.Mount, ociRuntime config.Runtime) (_ *runtimespec.Spec, retErr error) {
36+
func (c *criService) containerSpec(
37+
id string,
38+
sandboxID string,
39+
sandboxPid uint32,
40+
netNSPath string,
41+
containerName string,
42+
imageName string,
43+
config *runtime.ContainerConfig,
44+
sandboxConfig *runtime.PodSandboxConfig,
45+
imageConfig *imagespec.ImageConfig,
46+
extraMounts []*runtime.Mount,
47+
ociRuntime config.Runtime,
48+
) (_ *runtimespec.Spec, retErr error) {
3949
return c.runtimeSpec(id, ociRuntime.BaseRuntimeSpec)
4050
}
4151

pkg/cri/server/container_create_test.go

Lines changed: 5 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -52,6 +52,8 @@ func checkMount(t *testing.T, mounts []runtimespec.Mount, src, dest, typ string,
5252
assert.True(t, found, "mount from %q to %q not found", src, dest)
5353
}
5454

55+
const testImageName = "container-image-name"
56+
5557
func TestGeneralContainerSpec(t *testing.T) {
5658
testID := "test-id"
5759
testPid := uint32(1234)
@@ -60,7 +62,7 @@ func TestGeneralContainerSpec(t *testing.T) {
6062
c := newTestCRIService()
6163
testSandboxID := "sandbox-id"
6264
testContainerName := "container-name"
63-
spec, err := c.containerSpec(testID, testSandboxID, testPid, "", testContainerName, containerConfig, sandboxConfig, imageConfig, nil, ociRuntime)
65+
spec, err := c.containerSpec(testID, testSandboxID, testPid, "", testContainerName, testImageName, containerConfig, sandboxConfig, imageConfig, nil, ociRuntime)
6466
require.NoError(t, err)
6567
specCheck(t, testID, testSandboxID, testPid, spec)
6668
}
@@ -124,7 +126,7 @@ func TestPodAnnotationPassthroughContainerSpec(t *testing.T) {
124126
ociRuntime := config.Runtime{
125127
PodAnnotations: test.podAnnotations,
126128
}
127-
spec, err := c.containerSpec(testID, testSandboxID, testPid, "", testContainerName,
129+
spec, err := c.containerSpec(testID, testSandboxID, testPid, "", testContainerName, testImageName,
128130
containerConfig, sandboxConfig, imageConfig, nil, ociRuntime)
129131
assert.NoError(t, err)
130132
assert.NotNil(t, spec)
@@ -372,7 +374,7 @@ func TestContainerAnnotationPassthroughContainerSpec(t *testing.T) {
372374
PodAnnotations: test.podAnnotations,
373375
ContainerAnnotations: test.containerAnnotations,
374376
}
375-
spec, err := c.containerSpec(testID, testSandboxID, testPid, "", testContainerName,
377+
spec, err := c.containerSpec(testID, testSandboxID, testPid, "", testContainerName, testImageName,
376378
containerConfig, sandboxConfig, imageConfig, nil, ociRuntime)
377379
assert.NoError(t, err)
378380
assert.NotNil(t, spec)

pkg/cri/server/container_create_windows.go

Lines changed: 14 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -34,9 +34,19 @@ func (c *criService) containerMounts(sandboxID string, config *runtime.Container
3434
return nil
3535
}
3636

37-
func (c *criService) containerSpec(id string, sandboxID string, sandboxPid uint32, netNSPath string, containerName string,
38-
config *runtime.ContainerConfig, sandboxConfig *runtime.PodSandboxConfig, imageConfig *imagespec.ImageConfig,
39-
extraMounts []*runtime.Mount, ociRuntime config.Runtime) (*runtimespec.Spec, error) {
37+
func (c *criService) containerSpec(
38+
id string,
39+
sandboxID string,
40+
sandboxPid uint32,
41+
netNSPath string,
42+
containerName string,
43+
imageName string,
44+
config *runtime.ContainerConfig,
45+
sandboxConfig *runtime.PodSandboxConfig,
46+
imageConfig *imagespec.ImageConfig,
47+
extraMounts []*runtime.Mount,
48+
ociRuntime config.Runtime,
49+
) (*runtimespec.Spec, error) {
4050
specOpts := []oci.SpecOpts{
4151
customopts.WithProcessArgs(config, imageConfig),
4252
}
@@ -109,6 +119,7 @@ func (c *criService) containerSpec(id string, sandboxID string, sandboxPid uint3
109119
customopts.WithAnnotation(annotations.SandboxNamespace, sandboxConfig.GetMetadata().GetNamespace()),
110120
customopts.WithAnnotation(annotations.SandboxName, sandboxConfig.GetMetadata().GetName()),
111121
customopts.WithAnnotation(annotations.ContainerName, containerName),
122+
customopts.WithAnnotation(annotations.ImageName, imageName),
112123
)
113124
return c.runtimeSpec(id, ociRuntime.BaseRuntimeSpec, specOpts...)
114125
}

pkg/cri/server/container_create_windows_test.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -145,7 +145,7 @@ func TestContainerWindowsNetworkNamespace(t *testing.T) {
145145
c := newTestCRIService()
146146

147147
containerConfig, sandboxConfig, imageConfig, specCheck := getCreateContainerTestData()
148-
spec, err := c.containerSpec(testID, testSandboxID, testPid, nsPath, testContainerName, containerConfig, sandboxConfig, imageConfig, nil, config.Runtime{})
148+
spec, err := c.containerSpec(testID, testSandboxID, testPid, nsPath, testContainerName, testImageName, containerConfig, sandboxConfig, imageConfig, nil, config.Runtime{})
149149
assert.NoError(t, err)
150150
assert.NotNil(t, spec)
151151
specCheck(t, testID, testSandboxID, testPid, spec)
@@ -167,7 +167,7 @@ func TestMountCleanPath(t *testing.T) {
167167
ContainerPath: "c:/test/container-path",
168168
HostPath: "c:/test/host-path",
169169
})
170-
spec, err := c.containerSpec(testID, testSandboxID, testPid, nsPath, testContainerName, containerConfig, sandboxConfig, imageConfig, nil, config.Runtime{})
170+
spec, err := c.containerSpec(testID, testSandboxID, testPid, nsPath, testContainerName, testImageName, containerConfig, sandboxConfig, imageConfig, nil, config.Runtime{})
171171
assert.NoError(t, err)
172172
assert.NotNil(t, spec)
173173
specCheck(t, testID, testSandboxID, testPid, spec)
@@ -187,7 +187,7 @@ func TestMountNamedPipe(t *testing.T) {
187187
ContainerPath: `\\.\pipe\foo`,
188188
HostPath: `\\.\pipe\foo`,
189189
})
190-
spec, err := c.containerSpec(testID, testSandboxID, testPid, nsPath, testContainerName, containerConfig, sandboxConfig, imageConfig, nil, config.Runtime{})
190+
spec, err := c.containerSpec(testID, testSandboxID, testPid, nsPath, testContainerName, testImageName, containerConfig, sandboxConfig, imageConfig, nil, config.Runtime{})
191191
assert.NoError(t, err)
192192
assert.NotNil(t, spec)
193193
specCheck(t, testID, testSandboxID, testPid, spec)

0 commit comments

Comments
 (0)