Add ArgsEscaped support for CRI #7135
Conversation
|
Hi @kiashok. Thanks for your PR. I'm waiting for a containerd member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. DetailsInstructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
kiashok
changed the title
|
I really think for full testing sanity we should host an image that is built with docker that would set ArgsEscaped, and then have a test in the CRI /integration suite that launches a container and verifies we're all good. |
|
I think the Project Checks are failing because you're using github.com/pkg/errors in a spot here and it was removed as a direct dependency |
|
PR description is great but please add some description to the commit message as well describing the need for this change and what it fixes |
There was a problem hiding this comment.
Thank you! I see a lot of work here. IMO this change may best be done after the merge of opencontainers/image-spec#892 till then this could proto on a branch with that change merged, which would mean a lot less code necessary, wouldn't have to revert some of Maksym's recent changes that moved get spec to the client.. wouldn't need to unmarshal twice to get the extended (deprecated docker) field....
|
I think the reason was that PR had been stalled for awhile and wasn't sure if it'd be done in time for 1.7. Would it be undesirable to use the double unmarshal to get the ArgsEscaped field in the meantime until we have that in imagespec, and we can do a follow-up change? For the reverting Maksym's changes bit, which part of this change was that? |
|
@mikebrow pingaroo on the above. Question: given we don't vendor an exact tag of the spec here today already, am I right in assuming we could re-vendor image-spec from the latest in main once that change is merged? If it's highly preferred to wait for that to land we can try and drive that forward ASAP. If that doesn't seem to be making progress in time for 1.7, could we move forward with what's here for now and retrofit after? |
nod.. but let's track the OCI pr for a bit... esp. with the linux args escaped news... |
|
opencontainers/image-spec#892 merged :) |
jterry75
left a comment
jterry75
left a comment
There was a problem hiding this comment.
Great start. Left some comments.
Hi @jterry75 , I addressed the comments. Could you please let me know if they look ok? Thanks a lot! |
dmcgowan
added
the
status/needs-discussion
|
Hi @dcantah , would you be able to take a second look at the changes when you have some time please? Thanks! |
|
@kiashok Yep! I'll try and get to this tomorrow evening |
Thanks Danny! |
|
Today's lookin a little slammed.. 🫠 I'll definitely get to this sometime this week @kiashok (please ping if I don't) |
Sure Danny no worries, thanks a lot! :) |
|
@kiashok I'll try and get a final pass sometime this week. Thanks for looking at the feedback! |
This commit adds supports for the ArgsEscaped value for the image got from the dockerfile. It is used to evaluate and process the image entrypoint/cmd and container entrypoint/cmd options got from the podspec. Signed-off-by: Kirtana Ashok <[email protected]>
|
@mxpv could you please take a look at the new changes and see if they look good? Also, the CI failures seem to be unrelated to the change |
|
Looks like I accidentally deleted the fork that had the branch with the changes in this PR. Addressed the comments that @dmcgowan left this morning and wanted to submit new changes and realized this. Since am unable to update this PR with the new changes, I closed this PR and created a new one here - #8198. Apologies for this! |
11 participants
This PR addresses windows images that are broken when created using the "shell form" entrypoint/cmd in Dockerfile. Associated bug - #5067
The approach taken to fix this bug is as discussed by @kevpar here - #6479 (comment)
Docker uses non-OCI field called ArgsEscaped to address how the image 'ENTRYPOINT' and 'CMD' are interpreted on windows. This PR adds support for ArgsEscaped in containerd without changes to the OCI spec and also adds changes to handle cases when image ENTRYPOINT and CMD can be overriden by 'Command' and 'Args' specified in the podspec.
The fix in this PR does the following:
Regression tests have also been added to this PR.