Skip to content

cri: add annotations for pod name and namespace#4922

Merged
mxpv merged 1 commit intocontainerd:masterfrom
kinvolk:alban_pod_annotations
Jan 26, 2021
Merged

cri: add annotations for pod name and namespace#4922
mxpv merged 1 commit intocontainerd:masterfrom
kinvolk:alban_pod_annotations

Conversation

@alban
Copy link
Copy Markdown
Contributor

@alban alban commented Jan 11, 2021

cri-o has annotations for pod name, namespace and container name:
https://github.com/containers/podman/blob/master/pkg/annotations/annotations.go

But so far containerd had only the container name.

This patch will be useful for seccomp agents to have a different behaviour depending on the pod (see runtime-spec PR 1074 and runc PR 2682). This should simplify the code in:
https://github.com/kinvolk/seccompagent/blob/b2d423695d6dfc976d2456769acb19765a9d7524/pkg/kuberesolver/kuberesolver.go#L16-L27

Signed-off-by: Alban Crequy [email protected]

cc @rata @mauriciovasquezbernal

@k8s-ci-robot
Copy link
Copy Markdown

k8s-ci-robot commented Jan 11, 2021

Hi @alban. Thanks for your PR.

I'm waiting for a containerd member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@theopenlab-ci
Copy link
Copy Markdown

theopenlab-ci Bot commented Jan 11, 2021

Build succeeded.

  • containerd-build-arm64 : RETRY_LIMIT in 1m 00s (non-voting)

@alban
Copy link
Copy Markdown
Contributor Author

alban commented Jan 11, 2021

I don't understand the error in the CI in the windows test:

Exception 0xc0000420 0x0 0x0 0x7fff7a882dba
PC=0x7fff7a882dba
signal arrived during external code execution

This does not seem related to my change.

@dcantah
Copy link
Copy Markdown
Member

dcantah commented Jan 11, 2021

@alban I'm running into the same and investigating on the Windows side, I'll update here if I find anything. It's hitting this (unless I'm missing something) on calling code that hasn't changed in quite a while so I'm a bit confused. It doesn't seem like any other recent PRs have ran into this besides me and you.

@dmcgowan dmcgowan requested review from dims and mikebrow January 22, 2021 19:48
crosbymichael
crosbymichael reviewed Jan 25, 2021
View reviewed changes
Comment thread pkg/cri/annotations/annotations.go Outdated
@crosbymichael
Copy link
Copy Markdown
Member

crosbymichael commented Jan 25, 2021

This looks good. I actually have this change in a working set locally where I was needing the same information. Thank you for adding this!

mikebrow
mikebrow reviewed Jan 25, 2021
View reviewed changes
Copy link
Copy Markdown
Member

@mikebrow mikebrow left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good just.. s/pod/sandbox/

Comment thread pkg/cri/annotations/annotations.go Outdated
Comment thread pkg/cri/annotations/annotations.go Outdated
@alban
cri: add annotations for pod name and namespace
28e4fb2 
cri-o has annotations for pod name, namespace and container name:
https://github.com/containers/podman/blob/master/pkg/annotations/annotations.go

But so far containerd had only the container name.

This patch will be useful for seccomp agents to have a different
behaviour depending on the pod (see runtime-spec PR 1074 and runc PR
2682). This should simplify the code in:
https://github.com/kinvolk/seccompagent/blob/b2d423695d6dfc976d2456769acb19765a9d7524/pkg/kuberesolver/kuberesolver.go#L16-L27

Signed-off-by: Alban Crequy <[email protected]>
@alban alban force-pushed the alban_pod_annotations branch from 13a654d to 28e4fb2 Compare January 26, 2021 11:11
@alban
Copy link
Copy Markdown
Contributor Author

alban commented Jan 26, 2021

Thanks! I rebased & updated the patch with the suggested renames.

crosbymichael
crosbymichael approved these changes Jan 26, 2021
View reviewed changes
Copy link
Copy Markdown
Member

@crosbymichael crosbymichael left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mxpv mxpv merged commit c28e424 into containerd:master Jan 26, 2021
@alban alban mentioned this pull request Mar 12, 2021
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mikebrow mikebrow mikebrow left review comments

@crosbymichael crosbymichael crosbymichael approved these changes

@mxpv mxpv mxpv approved these changes

@AkihiroSuda AkihiroSuda AkihiroSuda approved these changes

@dims dims Awaiting requested review from dims

Assignees

No one assigned

Labels

needs-ok-to-test

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@alban @k8s-ci-robot @dcantah @crosbymichael @mxpv @AkihiroSuda @mikebrow