[pull] main from containerd:main

internal/cri/server/images/service.go

@@ -199,10 +199,9 @@ func (c *CRIImageService) ImageFSPaths() map[string]string {
 	return c.imageFSPaths
 }
 
-// PinnedImage is used to lookup a pinned image by name.
-// Most often used to get the "sandbox" image.
-func (c *CRIImageService) PinnedImage(name string) string {
-	return c.config.PinnedImages[name]
+// Config returns the image configuration.
+func (c *CRIImageService) Config() criconfig.ImageConfig {
+	return c.config
 }
 
 // GRPCService returns a new CRI Image Service grpc server.

internal/cri/server/podsandbox/controller.go

@@ -36,7 +36,6 @@ import (
 	"github.com/containerd/containerd/v2/internal/cri/server/podsandbox/types"
 	imagestore "github.com/containerd/containerd/v2/internal/cri/store/image"
 	ctrdutil "github.com/containerd/containerd/v2/internal/cri/util"
-	"github.com/containerd/containerd/v2/pkg/oci"
 	osinterface "github.com/containerd/containerd/v2/pkg/os"
 	"github.com/containerd/containerd/v2/pkg/protobuf"
 	"github.com/containerd/containerd/v2/plugins"
@@ -74,7 +73,6 @@ func init() {
 			if err != nil {
 				return nil, fmt.Errorf("unable to load CRI runtime service plugin dependency: %w", err)
 			}
-			runtimeService := criRuntimePlugin.(RuntimeService)
 
 			// Get image service.
 			criImagePlugin, err := ic.GetByID(plugins.CRIServicePlugin, "images")
@@ -89,9 +87,9 @@ func init() {
 
 			c := Controller{
 				client:         client,
-				config:         runtimeService.Config(),
+				config:         criRuntimePlugin.(interface{ Config() criconfig.Config }).Config(),
+				imageConfig:    criImagePlugin.(interface{ Config() criconfig.ImageConfig }).Config(),
 				os:             osinterface.RealOS{},
-				runtimeService: runtimeService,
 				imageService:   criImagePlugin.(ImageService),
 				warningService: warningPlugin.(warning.Service),
 				store:          NewStore(),
@@ -111,28 +109,20 @@ func init() {
 	})
 }
 
-// RuntimeService specifies dependencies to CRI runtime service.
-type RuntimeService interface {
-	Config() criconfig.Config
-	LoadOCISpec(string) (*oci.Spec, error)
-}
-
 // ImageService specifies dependencies to CRI image service.
 type ImageService interface {
 	LocalResolve(refOrID string) (imagestore.Image, error)
 	GetImage(id string) (imagestore.Image, error)
 	PullImage(ctx context.Context, name string, creds func(string) (string, string, error), sc *runtime.PodSandboxConfig, runtimeHandler string) (string, error)
-	RuntimeSnapshotter(ctx context.Context, ociRuntime criconfig.Runtime) string
-	PinnedImage(string) string
 }
 
 type Controller struct {
 	// config contains all configurations.
 	config criconfig.Config
+	// imageConfig contains CRI image configuration.
+	imageConfig criconfig.ImageConfig
 	// client is an instance of the containerd client
 	client *containerd.Client
-	// runtimeService is a dependency to CRI runtime service.
-	runtimeService RuntimeService
 	// imageService is a dependency to CRI image service.
 	imageService ImageService
 	// warningService is used to emit deprecation warnings.

internal/cri/server/podsandbox/helpers.go

@@ -83,32 +83,11 @@ func (c *Controller) toContainerdImage(ctx context.Context, image imagestore.Ima
 }
 
 // runtimeSpec returns a default runtime spec used in cri-containerd.
-func (c *Controller) runtimeSpec(id string, baseSpecFile string, opts ...oci.SpecOpts) (*runtimespec.Spec, error) {
+func (c *Controller) runtimeSpec(id string, opts ...oci.SpecOpts) (*runtimespec.Spec, error) {
 	// GenerateSpec needs namespace.
 	ctx := ctrdutil.NamespacedContext()
 	container := &containers.Container{ID: id}
 
-	if baseSpecFile != "" {
-		baseSpec, err := c.runtimeService.LoadOCISpec(baseSpecFile)
-		if err != nil {
-			return nil, fmt.Errorf("can't load base OCI spec %q: %w", baseSpecFile, err)
-		}
-
-		spec := oci.Spec{}
-		if err := ctrdutil.DeepCopy(&spec, &baseSpec); err != nil {
-			return nil, fmt.Errorf("failed to clone OCI spec: %w", err)
-		}
-
-		// Fix up cgroups path
-		applyOpts := append([]oci.SpecOpts{oci.WithNamespacedCgroup()}, opts...)
-
-		if err := oci.ApplyOpts(ctx, nil, container, &spec, applyOpts...); err != nil {
-			return nil, fmt.Errorf("failed to apply OCI options: %w", err)
-		}
-
-		return &spec, nil
-	}
-
 	spec, err := oci.GenerateSpec(ctx, nil, container, opts...)
 	if err != nil {
 		return nil, fmt.Errorf("failed to generate spec: %w", err)

internal/cri/server/podsandbox/sandbox_run.go

@@ -188,8 +188,13 @@ func (c *Controller) Start(ctx context.Context, id string) (cin sandbox.Controll
 	}
 	snapshotterOpt = append(snapshotterOpt, extraSOpts...)
 
+	sandboxSnapshotter := c.imageConfig.Snapshotter
+	if ociRuntime.Snapshotter != "" {
+		sandboxSnapshotter = ociRuntime.Snapshotter
+	}
+
 	opts := []containerd.NewContainerOpts{
-		containerd.WithSnapshotter(c.imageService.RuntimeSnapshotter(ctx, ociRuntime)),
+		containerd.WithSnapshotter(sandboxSnapshotter),
 		customopts.WithNewSnapshot(id, containerdImage, snapshotterOpt...),
 		containerd.WithSpec(spec, specOpts...),
 		containerd.WithContainerLabels(sandboxLabels),
@@ -346,11 +351,9 @@ func (c *Controller) ensureImageExists(ctx context.Context, ref string, config *
 func (c *Controller) getSandboxImageName() string {
 	// returns the name of the sandbox image used to scope pod shared resources used by the pod's containers,
 	// if empty return the default sandbox image.
-	if c.imageService != nil {
-		sandboxImage := c.imageService.PinnedImage("sandbox")
-		if sandboxImage != "" {
-			return sandboxImage
-		}
+	if image, ok := c.imageConfig.PinnedImages["sandbox"]; ok && image != "" {
+		return image
 	}
+
 	return criconfig.DefaultSandboxImage
 }

internal/cri/server/podsandbox/sandbox_run_linux.go

@@ -196,7 +196,7 @@ func (c *Controller) sandboxContainerSpec(id string, config *runtime.PodSandboxC
 
 	specOpts = append(specOpts, annotations.DefaultCRIAnnotations(id, "", c.getSandboxImageName(), config, true)...)
 
-	return c.runtimeSpec(id, "", specOpts...)
+	return c.runtimeSpec(id, specOpts...)
 }
 
 // sandboxContainerSpecOpts generates OCI spec options for

internal/cri/server/podsandbox/sandbox_run_other.go

@@ -27,9 +27,8 @@ import (
 	runtime "k8s.io/cri-api/pkg/apis/runtime/v1"
 )
 
-func (c *Controller) sandboxContainerSpec(id string, config *runtime.PodSandboxConfig,
-	imageConfig *imagespec.ImageConfig, nsPath string, runtimePodAnnotations []string) (_ *runtimespec.Spec, retErr error) {
-	return c.runtimeSpec(id, "", annotations.DefaultCRIAnnotations(id, "", c.getSandboxImageName(), config, true)...)
+func (c *Controller) sandboxContainerSpec(id string, config *runtime.PodSandboxConfig, _ *imagespec.ImageConfig, _ string, _ []string) (_ *runtimespec.Spec, _ error) {
+	return c.runtimeSpec(id, annotations.DefaultCRIAnnotations(id, "", c.getSandboxImageName(), config, true)...)
 }
 
 // sandboxContainerSpecOpts generates OCI spec options for

internal/cri/server/podsandbox/sandbox_run_windows.go

@@ -87,7 +87,7 @@ func (c *Controller) sandboxContainerSpec(id string, config *runtime.PodSandboxC
 		annotations.DefaultCRIAnnotations(id, "", c.getSandboxImageName(), config, true)...,
 	)
 
-	return c.runtimeSpec(id, "", specOpts...)
+	return c.runtimeSpec(id, specOpts...)
 }
 
 // No sandbox container spec options for windows yet.