Merge pull request kubernetes#90061 from marosset/runtimehandler-image-spec-annotations

Add annotations to CRI ImageSpec objects

Author: k8s-ci-robot

pkg/kubelet/container/runtime.go

@@ -25,7 +25,7 @@ import (
 	"strings"
 	"time"
 
-	"k8s.io/api/core/v1"
+	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/tools/remotecommand"
 	"k8s.io/client-go/util/flowcontrol"
@@ -47,7 +47,11 @@ type Version interface {
 // value of a Container's Image field, but in the future it will include more detailed
 // information about the different image types.
 type ImageSpec struct {
+	// ID of the image.
 	Image string
+	// The annotations for the image.
+	// This should be passed to CRI during image pulls and returned when images are listed.
+	Annotations []Annotation
 }
 
 // ImageStats contains statistics about all the images currently available.
@@ -349,6 +353,8 @@ type Image struct {
 	RepoDigests []string
 	// The size of the image in bytes.
 	Size int64
+	// ImageSpec for the image which include annotations.
+	Spec ImageSpec
 }
 
 type EnvVar struct {

pkg/kubelet/container/testing/fake_runtime.go

@@ -25,7 +25,7 @@ import (
 	"sync"
 	"time"
 
-	"k8s.io/api/core/v1"
+	v1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/client-go/util/flowcontrol"
 	runtimeapi "k8s.io/cri-api/pkg/apis/runtime/v1alpha2"
@@ -300,6 +300,13 @@ func (f *FakeRuntime) PullImage(image kubecontainer.ImageSpec, pullSecrets []v1.
 	defer f.Unlock()
 
 	f.CalledFunctions = append(f.CalledFunctions, "PullImage")
+	if f.Err == nil {
+		i := kubecontainer.Image{
+			ID:   image.Image,
+			Spec: image,
+		}
+		f.ImageList = append(f.ImageList, i)
+	}
 	return image.Image, f.Err
 }
 

pkg/kubelet/images/image_manager.go

@@ -100,7 +100,18 @@ func (m *imageManager) EnsureImageExists(pod *v1.Pod, container *v1.Container, p
 		return "", msg, ErrInvalidImageName
 	}
 
-	spec := kubecontainer.ImageSpec{Image: image}
+	var podAnnotations []kubecontainer.Annotation
+	for k, v := range pod.GetAnnotations() {
+		podAnnotations = append(podAnnotations, kubecontainer.Annotation{
+			Name:  k,
+			Value: v,
+		})
+	}
+
+	spec := kubecontainer.ImageSpec{
+		Image:       image,
+		Annotations: podAnnotations,
+	}
 	imageRef, err := m.imageService.GetImageRef(spec)
 	if err != nil {
 		msg := fmt.Sprintf("Failed to inspect image %q: %v", container.Image, err)

pkg/kubelet/images/image_manager_test.go

@@ -22,7 +22,7 @@ import (
 	"time"
 
 	"github.com/stretchr/testify/assert"
-	"k8s.io/api/core/v1"
+	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/clock"
 	"k8s.io/client-go/tools/record"
@@ -202,3 +202,48 @@ func TestApplyDefaultImageTag(t *testing.T) {
 		}
 	}
 }
+
+func TestPullAndListImageWithPodAnnotations(t *testing.T) {
+	pod := &v1.Pod{
+		ObjectMeta: metav1.ObjectMeta{
+			Name:            "test_pod",
+			Namespace:       "test-ns",
+			UID:             "bar",
+			ResourceVersion: "42",
+			SelfLink:        "/api/v1/pods/foo",
+			Annotations: map[string]string{
+				"kubernetes.io/runtimehandler": "handler_name",
+			},
+		}}
+	c := pullerTestCase{ // pull missing image
+		containerImage: "missing_image",
+		policy:         v1.PullIfNotPresent,
+		inspectErr:     nil,
+		pullerErr:      nil,
+		expected: []pullerExpects{
+			{[]string{"GetImageRef", "PullImage"}, nil},
+		}}
+
+	useSerializedEnv := true
+	puller, fakeClock, fakeRuntime, container := pullerTestEnv(c, useSerializedEnv)
+	fakeRuntime.CalledFunctions = nil
+	fakeRuntime.ImageList = []Image{}
+	fakeClock.Step(time.Second)
+
+	_, _, err := puller.EnsureImageExists(pod, container, nil, nil)
+	assert.NoError(t, fakeRuntime.AssertCalls(c.expected[0].calls), "tick=%d", 0)
+	assert.Equal(t, c.expected[0].err, err, "tick=%d", 0)
+
+	images, _ := fakeRuntime.ListImages()
+	assert.Equal(t, 1, len(images), "ListImages() count")
+
+	image := images[0]
+	assert.Equal(t, "missing_image:latest", image.ID, "Image ID")
+
+	expectedAnnotations := []Annotation{
+		{
+			Name:  "kubernetes.io/runtimehandler",
+			Value: "handler_name",
+		}}
+	assert.Equal(t, expectedAnnotations, image.Spec.Annotations, "image spec annotations")
+}

pkg/kubelet/kuberuntime/BUILD

@@ -9,6 +9,7 @@ load(
 go_library(
     name = "go_default_library",
     srcs = [
+        "convert.go",
         "doc.go",
         "fake_kuberuntime_manager.go",
         "helpers.go",
@@ -91,6 +92,7 @@ go_library(
 go_test(
     name = "go_default_test",
     srcs = [
+        "convert_test.go",
         "helpers_linux_test.go",
         "helpers_test.go",
         "instrumented_services_test.go",

pkg/kubelet/kuberuntime/convert.go

@@ -0,0 +1,55 @@
+/*
+Copyright 2020 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package kuberuntime
+
+import (
+	runtimeapi "k8s.io/cri-api/pkg/apis/runtime/v1alpha2"
+	kubecontainer "k8s.io/kubernetes/pkg/kubelet/container"
+)
+
+// This file contains help function to kuberuntime types to CRI runtime API types, or vice versa.
+
+func toKubeContainerImageSpec(image *runtimeapi.Image) kubecontainer.ImageSpec {
+	var annotations []kubecontainer.Annotation
+
+	if image.Spec != nil && image.Spec.Annotations != nil {
+		for k, v := range image.Spec.Annotations {
+			annotations = append(annotations, kubecontainer.Annotation{
+				Name:  k,
+				Value: v,
+			})
+		}
+	}
+
+	return kubecontainer.ImageSpec{
+		Image:       image.Id,
+		Annotations: annotations,
+	}
+}
+
+func toRuntimeAPIImageSpec(imageSpec kubecontainer.ImageSpec) *runtimeapi.ImageSpec {
+	var annotations = make(map[string]string)
+	if imageSpec.Annotations != nil {
+		for _, a := range imageSpec.Annotations {
+			annotations[a.Name] = a.Value
+		}
+	}
+	return &runtimeapi.ImageSpec{
+		Image:       imageSpec.Image,
+		Annotations: annotations,
+	}
+}

pkg/kubelet/kuberuntime/convert_test.go

@@ -0,0 +1,152 @@
+/*
+Copyright 2020 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package kuberuntime
+
+import (
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+
+	runtimeapi "k8s.io/cri-api/pkg/apis/runtime/v1alpha2"
+	kubecontainer "k8s.io/kubernetes/pkg/kubelet/container"
+)
+
+func TestConvertToKubeContainerImageSpec(t *testing.T) {
+	testCases := []struct {
+		input    *runtimeapi.Image
+		expected kubecontainer.ImageSpec
+	}{
+		{
+			input: &runtimeapi.Image{
+				Id:   "test",
+				Spec: nil,
+			},
+			expected: kubecontainer.ImageSpec{
+				Image:       "test",
+				Annotations: []kubecontainer.Annotation(nil),
+			},
+		},
+		{
+			input: &runtimeapi.Image{
+				Id: "test",
+				Spec: &runtimeapi.ImageSpec{
+					Annotations: nil,
+				},
+			},
+			expected: kubecontainer.ImageSpec{
+				Image:       "test",
+				Annotations: []kubecontainer.Annotation(nil),
+			},
+		},
+		{
+			input: &runtimeapi.Image{
+				Id: "test",
+				Spec: &runtimeapi.ImageSpec{
+					Annotations: map[string]string{},
+				},
+			},
+			expected: kubecontainer.ImageSpec{
+				Image:       "test",
+				Annotations: []kubecontainer.Annotation(nil),
+			},
+		},
+		{
+			input: &runtimeapi.Image{
+				Id: "test",
+				Spec: &runtimeapi.ImageSpec{
+					Annotations: map[string]string{
+						"kubernetes.io/os":             "linux",
+						"kubernetes.io/runtimehandler": "handler",
+					},
+				},
+			},
+			expected: kubecontainer.ImageSpec{
+				Image: "test",
+				Annotations: []kubecontainer.Annotation{
+					{
+						Name:  "kubernetes.io/os",
+						Value: "linux",
+					},
+					{
+						Name:  "kubernetes.io/runtimehandler",
+						Value: "handler",
+					},
+				},
+			},
+		},
+	}
+
+	for _, test := range testCases {
+		actual := toKubeContainerImageSpec(test.input)
+		assert.Equal(t, test.expected, actual)
+	}
+}
+
+func TestConvertToRuntimeAPIImageSpec(t *testing.T) {
+	testCases := []struct {
+		input    kubecontainer.ImageSpec
+		expected *runtimeapi.ImageSpec
+	}{
+		{
+			input: kubecontainer.ImageSpec{
+				Image:       "test",
+				Annotations: nil,
+			},
+			expected: &runtimeapi.ImageSpec{
+				Image:       "test",
+				Annotations: map[string]string{},
+			},
+		},
+		{
+			input: kubecontainer.ImageSpec{
+				Image:       "test",
+				Annotations: []kubecontainer.Annotation{},
+			},
+			expected: &runtimeapi.ImageSpec{
+				Image:       "test",
+				Annotations: map[string]string{},
+			},
+		},
+		{
+			input: kubecontainer.ImageSpec{
+				Image: "test",
+				Annotations: []kubecontainer.Annotation{
+					{
+						Name:  "kubernetes.io/os",
+						Value: "linux",
+					},
+					{
+						Name:  "kubernetes.io/runtimehandler",
+						Value: "handler",
+					},
+				},
+			},
+			expected: &runtimeapi.ImageSpec{
+				Image: "test",
+				Annotations: map[string]string{
+					"kubernetes.io/os":             "linux",
+					"kubernetes.io/runtimehandler": "handler",
+				},
+			},
+		},
+	}
+
+	for _, test := range testCases {
+		actual := toRuntimeAPIImageSpec(test.input)
+		assert.Equal(t, test.expected, actual)
+	}
+}

pkg/kubelet/kuberuntime/kuberuntime_image.go

@@ -17,7 +17,7 @@ limitations under the License.
 package kuberuntime
 
 import (
-	"k8s.io/api/core/v1"
+	v1 "k8s.io/api/core/v1"
 	utilerrors "k8s.io/apimachinery/pkg/util/errors"
 	runtimeapi "k8s.io/cri-api/pkg/apis/runtime/v1alpha2"
 	"k8s.io/klog/v2"
@@ -40,7 +40,8 @@ func (m *kubeGenericRuntimeManager) PullImage(image kubecontainer.ImageSpec, pul
 		return "", err
 	}
 
-	imgSpec := &runtimeapi.ImageSpec{Image: img}
+	imgSpec := toRuntimeAPIImageSpec(image)
+
 	creds, withCredentials := keyring.Lookup(repoToPull)
 	if !withCredentials {
 		klog.V(3).Infof("Pulling image %q without credentials", img)
@@ -80,7 +81,7 @@ func (m *kubeGenericRuntimeManager) PullImage(image kubecontainer.ImageSpec, pul
 // GetImageRef gets the ID of the image which has already been in
 // the local storage. It returns ("", nil) if the image isn't in the local storage.
 func (m *kubeGenericRuntimeManager) GetImageRef(image kubecontainer.ImageSpec) (string, error) {
-	status, err := m.imageService.ImageStatus(&runtimeapi.ImageSpec{Image: image.Image})
+	status, err := m.imageService.ImageStatus(toRuntimeAPIImageSpec(image))
 	if err != nil {
 		klog.Errorf("ImageStatus for image %q failed: %v", image, err)
 		return "", err
@@ -107,6 +108,7 @@ func (m *kubeGenericRuntimeManager) ListImages() ([]kubecontainer.Image, error)
 			Size:        int64(img.Size_),
 			RepoTags:    img.RepoTags,
 			RepoDigests: img.RepoDigests,
+			Spec:        toKubeContainerImageSpec(img),
 		})
 	}