Annotations: Provide container metadata for VM based runtimes

[jcvenegas]

For hypervisor-based container runtimes (like Kata Containers, Clear Containers
or runv) a pod will be created in a VM and then create containers within the VM.

When a runtime is requested for container commands like create and start, both
the instal "pause" container and next containers need to be added to the pod
namespace (same VM).

A runtime does not know if it needs to create/start a VM or if it needs to add a
container to an already running VM pod.

This patch adds a way to provide this information through container annotations.
When starting a container or a sandbox, 2 annotations are added:

• type (Container or Sandbox)
• sandbox name

This allow to a VM based runtime to decide if they need to create a pod VM or
container within the VM pod.

Signed-off-by: Jose Carlos Venegas Munoz [email protected]

[abhi]

@jcvenegas thank you for submitting the PR. Aren't these already available as labels and metadata ? Any reason to be passed as annotations ?

[abhi]

for e.g.:

"Labels": {
        "io.cri-containerd.kind": "container",
        "io.kubernetes.container.name": "kube-controller-manager",
        "io.kubernetes.pod.name": "kube-controller-manager-abhi-k8s-ubuntu-0",
        "io.kubernetes.pod.namespace": "kube-system",
        "io.kubernetes.pod.uid": "1985db349c24e16ece3f84cce82a7183"
    },

[Random-Liu]

/ok-to-test

[Random-Liu]

@abhi I think they need runc annotation instead of containerd label.

[mikebrow]

Looking good.. just a nit on the label names.

[mikebrow]

How about cri.containerType, cri.sandboxID, cri.sandboxName.
Might want to substitute sandbox for pod, since these labels might get printed out and most folks won't know that sandbox is the internal name for pod...

[abhi]

or may be io.kubernetes.containerd.ContainerType and so on below ?

[Random-Liu]

@jcvenegas Same question here. Are we going to have different annotation key for cri-o, cri-containerd or dockershim? Shouldn't that be a standard name? Will katacontainers be looking at different annotations from different container runtimes?

[jcvenegas]

@mikebrow @abhi : "cri.containerType" sounds good to me. It is a more agnostic cri implementation.
About podID or sanboxID. What about PodSandbox tight to cri api definitions and includes both pod and sandbox to avoid confusions.

[jcvenegas]

Today kata is looking for different annotations. I like the idea to go beyond and take a first step towards standardization.

[sameo]

@abhi We need to get those as OCI annotations.

[sameo]

@jcvenegas You need to add the Kubernetes boilerplate to this file.

[mikebrow]

/*
Copyright 2018 The Containerd Authors.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

[jcvenegas]

Thank you, added.

[Random-Liu]

@jcvenegas Same question here. Are we going to have different annotation key for cri-o, cri-containerd or dockershim? Shouldn't that be a standard name? Will katacontainers be looking at different annotations from different container runtimes?

[Random-Liu]

1. Can we do this in generateContainerSpec?
2. name is the name of the container, right? Not the sandbox name. What name do you need here? From the annotation you applied on sandbox, it seems that you require the pod name?

[jcvenegas]

That is true this is pod name, I will provide the sandbox struct to generateContainerSpec and populate with the right value.

[Random-Liu]

ditto. It's not very clear to me what kind of sandbox name do you need.

[jcvenegas]

@mikebrow changed namespace annotations to io.kubernetes.cri

[Random-Liu]

Can we use io.kubernetes.cri.container-type or io.kubernetes.cri.containertype.

The Kubernetes naming convention https://github.com/kubernetes/community/blob/master/contributors/design-proposals/architecture/identifiers.md

Basically for label key, we want it to be DNS subdomain.

[yanxuean]

suggest to correct this.

[jcvenegas]

@Random-Liu moved annotation to generateContainerSpec.

[Random-Liu]

Thanks!

[abhi]

@jcvenegas there is lint failure.

I0116 21:34:34.878] pkg/server/container_create_test.go:302:120:warning: unused variable or constant too few arguments in call to c.generateContainerSpec (varcheck)
I0116 21:34:34.879] pkg/server/container_create_test.go:705:46:warning: unused variable or constant cannot use testPid (variable of type uint32) as string value in argument to c.generateContainerSpec (varcheck)
I0116 21:34:34.880] pkg/server/container_create_test.go:705:55:warning: unused variable or constant cannot use config (variable of type *github.com/containerd/cri-containerd/vendor/k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime.ContainerConfig) as uint32 value in argument to c.generateContainerSpec (varcheck)
I0116 21:34:34.882] pkg/server/container_create_test.go:705:63:warning: unused variable or constant cannot use sandboxConfig (variable of type *github.com/containerd/cri-containerd/vendor/k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime.PodSandboxConfig) as *github.com/containerd/cri-containerd/vendor/k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime.ContainerConfig value in argument to c.generateContainerSpec (varcheck)
I0116 21:34:34.883] pkg/server/container_create_test.go:705:78:warning: unused variable or constant cannot use imageConfig (variable of type *github.com/containerd/cri-containerd/vendor/github.com/opencontainers/image-spec/specs-go/v1.ImageConfig) as *github.com/containerd/cri-containerd/vendor/k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime.PodSandboxConfig value in argument to c.generateContainerSpec (varcheck)
I0116 21:34:34.884] pkg/server/container_create_test.go:705:94:warning: unused variable or constant too few arguments in call to c.generateContainerSpec (varcheck)
I0116 21:34:37.397] Makefile:67: recipe for target 'lint' failed

you can run make verify locally

[abhi]

LGTM

[mikebrow]

/LGTM

[Random-Liu]

Can we use io.kubernetes.cri.container-type or io.kubernetes.cri.containertype.

The Kubernetes naming convention https://github.com/kubernetes/community/blob/master/contributors/design-proposals/architecture/identifiers.md

Basically for label key, we want it to be DNS subdomain.

[Random-Liu]

ditto.

[Random-Liu]

Thanks!

[Random-Liu]

You may want to check whether the annotations are set properly in default specCheck. However, if you don't have to do that, I can send a following up PR to do that. :)

[jcvenegas]

yeah agree - not worries, adding proper checks to specCheck

[sameo]

cc @miaoyq @guangxuli @xiangpengzhao @yanxuean

[guangxuli]

@sameo SGTM, cool work. BTW, is this a first step cri-containerd support cc/kata runtime?

[jcvenegas]

@guangxuli that is right this is the brings initial support to allow kata and other hypervisor based runtime containers work with cri-containerd :)

[jcvenegas]

@Random-Liu @yanxuean updated annotations values according to the Kubernetes naming convention.

[Random-Liu]

@jcvenegas Thanks for contributing this! :D