diff --git a/internal/cri/server/images/service.go b/internal/cri/server/images/service.go index ddfd1c610c52..7604cfffbeb3 100644 --- a/internal/cri/server/images/service.go +++ b/internal/cri/server/images/service.go @@ -199,10 +199,9 @@ func (c *CRIImageService) ImageFSPaths() map[string]string { return c.imageFSPaths } -// PinnedImage is used to lookup a pinned image by name. -// Most often used to get the "sandbox" image. -func (c *CRIImageService) PinnedImage(name string) string { - return c.config.PinnedImages[name] +// Config returns the image configuration. +func (c *CRIImageService) Config() criconfig.ImageConfig { + return c.config } // GRPCService returns a new CRI Image Service grpc server. diff --git a/internal/cri/server/podsandbox/controller.go b/internal/cri/server/podsandbox/controller.go index 0272ff9b7829..24903d9c23fb 100644 --- a/internal/cri/server/podsandbox/controller.go +++ b/internal/cri/server/podsandbox/controller.go @@ -36,7 +36,6 @@ import ( "github.com/containerd/containerd/v2/internal/cri/server/podsandbox/types" imagestore "github.com/containerd/containerd/v2/internal/cri/store/image" ctrdutil "github.com/containerd/containerd/v2/internal/cri/util" - "github.com/containerd/containerd/v2/pkg/oci" osinterface "github.com/containerd/containerd/v2/pkg/os" "github.com/containerd/containerd/v2/pkg/protobuf" "github.com/containerd/containerd/v2/plugins" @@ -74,7 +73,6 @@ func init() { if err != nil { return nil, fmt.Errorf("unable to load CRI runtime service plugin dependency: %w", err) } - runtimeService := criRuntimePlugin.(RuntimeService) // Get image service. criImagePlugin, err := ic.GetByID(plugins.CRIServicePlugin, "images") @@ -89,9 +87,9 @@ func init() { c := Controller{ client: client, - config: runtimeService.Config(), + config: criRuntimePlugin.(interface{ Config() criconfig.Config }).Config(), + imageConfig: criImagePlugin.(interface{ Config() criconfig.ImageConfig }).Config(), os: osinterface.RealOS{}, - runtimeService: runtimeService, imageService: criImagePlugin.(ImageService), warningService: warningPlugin.(warning.Service), store: NewStore(), @@ -111,28 +109,20 @@ func init() { }) } -// RuntimeService specifies dependencies to CRI runtime service. -type RuntimeService interface { - Config() criconfig.Config - LoadOCISpec(string) (*oci.Spec, error) -} - // ImageService specifies dependencies to CRI image service. type ImageService interface { LocalResolve(refOrID string) (imagestore.Image, error) GetImage(id string) (imagestore.Image, error) PullImage(ctx context.Context, name string, creds func(string) (string, string, error), sc *runtime.PodSandboxConfig, runtimeHandler string) (string, error) - RuntimeSnapshotter(ctx context.Context, ociRuntime criconfig.Runtime) string - PinnedImage(string) string } type Controller struct { // config contains all configurations. config criconfig.Config + // imageConfig contains CRI image configuration. + imageConfig criconfig.ImageConfig // client is an instance of the containerd client client *containerd.Client - // runtimeService is a dependency to CRI runtime service. - runtimeService RuntimeService // imageService is a dependency to CRI image service. imageService ImageService // warningService is used to emit deprecation warnings. diff --git a/internal/cri/server/podsandbox/helpers.go b/internal/cri/server/podsandbox/helpers.go index 296ff0f62e7e..e0109a195737 100644 --- a/internal/cri/server/podsandbox/helpers.go +++ b/internal/cri/server/podsandbox/helpers.go @@ -83,32 +83,11 @@ func (c *Controller) toContainerdImage(ctx context.Context, image imagestore.Ima } // runtimeSpec returns a default runtime spec used in cri-containerd. -func (c *Controller) runtimeSpec(id string, baseSpecFile string, opts ...oci.SpecOpts) (*runtimespec.Spec, error) { +func (c *Controller) runtimeSpec(id string, opts ...oci.SpecOpts) (*runtimespec.Spec, error) { // GenerateSpec needs namespace. ctx := ctrdutil.NamespacedContext() container := &containers.Container{ID: id} - if baseSpecFile != "" { - baseSpec, err := c.runtimeService.LoadOCISpec(baseSpecFile) - if err != nil { - return nil, fmt.Errorf("can't load base OCI spec %q: %w", baseSpecFile, err) - } - - spec := oci.Spec{} - if err := ctrdutil.DeepCopy(&spec, &baseSpec); err != nil { - return nil, fmt.Errorf("failed to clone OCI spec: %w", err) - } - - // Fix up cgroups path - applyOpts := append([]oci.SpecOpts{oci.WithNamespacedCgroup()}, opts...) - - if err := oci.ApplyOpts(ctx, nil, container, &spec, applyOpts...); err != nil { - return nil, fmt.Errorf("failed to apply OCI options: %w", err) - } - - return &spec, nil - } - spec, err := oci.GenerateSpec(ctx, nil, container, opts...) if err != nil { return nil, fmt.Errorf("failed to generate spec: %w", err) diff --git a/internal/cri/server/podsandbox/sandbox_run.go b/internal/cri/server/podsandbox/sandbox_run.go index da43c8051298..b067feb1fffd 100644 --- a/internal/cri/server/podsandbox/sandbox_run.go +++ b/internal/cri/server/podsandbox/sandbox_run.go @@ -188,8 +188,13 @@ func (c *Controller) Start(ctx context.Context, id string) (cin sandbox.Controll } snapshotterOpt = append(snapshotterOpt, extraSOpts...) + sandboxSnapshotter := c.imageConfig.Snapshotter + if ociRuntime.Snapshotter != "" { + sandboxSnapshotter = ociRuntime.Snapshotter + } + opts := []containerd.NewContainerOpts{ - containerd.WithSnapshotter(c.imageService.RuntimeSnapshotter(ctx, ociRuntime)), + containerd.WithSnapshotter(sandboxSnapshotter), customopts.WithNewSnapshot(id, containerdImage, snapshotterOpt...), containerd.WithSpec(spec, specOpts...), containerd.WithContainerLabels(sandboxLabels), @@ -346,11 +351,9 @@ func (c *Controller) ensureImageExists(ctx context.Context, ref string, config * func (c *Controller) getSandboxImageName() string { // returns the name of the sandbox image used to scope pod shared resources used by the pod's containers, // if empty return the default sandbox image. - if c.imageService != nil { - sandboxImage := c.imageService.PinnedImage("sandbox") - if sandboxImage != "" { - return sandboxImage - } + if image, ok := c.imageConfig.PinnedImages["sandbox"]; ok && image != "" { + return image } + return criconfig.DefaultSandboxImage } diff --git a/internal/cri/server/podsandbox/sandbox_run_linux.go b/internal/cri/server/podsandbox/sandbox_run_linux.go index 79d4f56b55ca..9ffd88b217ec 100644 --- a/internal/cri/server/podsandbox/sandbox_run_linux.go +++ b/internal/cri/server/podsandbox/sandbox_run_linux.go @@ -196,7 +196,7 @@ func (c *Controller) sandboxContainerSpec(id string, config *runtime.PodSandboxC specOpts = append(specOpts, annotations.DefaultCRIAnnotations(id, "", c.getSandboxImageName(), config, true)...) - return c.runtimeSpec(id, "", specOpts...) + return c.runtimeSpec(id, specOpts...) } // sandboxContainerSpecOpts generates OCI spec options for diff --git a/internal/cri/server/podsandbox/sandbox_run_other.go b/internal/cri/server/podsandbox/sandbox_run_other.go index e0ef284f6902..b9069a59faf9 100644 --- a/internal/cri/server/podsandbox/sandbox_run_other.go +++ b/internal/cri/server/podsandbox/sandbox_run_other.go @@ -27,9 +27,8 @@ import ( runtime "k8s.io/cri-api/pkg/apis/runtime/v1" ) -func (c *Controller) sandboxContainerSpec(id string, config *runtime.PodSandboxConfig, - imageConfig *imagespec.ImageConfig, nsPath string, runtimePodAnnotations []string) (_ *runtimespec.Spec, retErr error) { - return c.runtimeSpec(id, "", annotations.DefaultCRIAnnotations(id, "", c.getSandboxImageName(), config, true)...) +func (c *Controller) sandboxContainerSpec(id string, config *runtime.PodSandboxConfig, _ *imagespec.ImageConfig, _ string, _ []string) (_ *runtimespec.Spec, _ error) { + return c.runtimeSpec(id, annotations.DefaultCRIAnnotations(id, "", c.getSandboxImageName(), config, true)...) } // sandboxContainerSpecOpts generates OCI spec options for diff --git a/internal/cri/server/podsandbox/sandbox_run_windows.go b/internal/cri/server/podsandbox/sandbox_run_windows.go index 067f4a850613..a3bd57983394 100644 --- a/internal/cri/server/podsandbox/sandbox_run_windows.go +++ b/internal/cri/server/podsandbox/sandbox_run_windows.go @@ -87,7 +87,7 @@ func (c *Controller) sandboxContainerSpec(id string, config *runtime.PodSandboxC annotations.DefaultCRIAnnotations(id, "", c.getSandboxImageName(), config, true)..., ) - return c.runtimeSpec(id, "", specOpts...) + return c.runtimeSpec(id, specOpts...) } // No sandbox container spec options for windows yet.