登录 注册
开源 企业版 高校版 私有云 Gitee AI NEW
扫描微信二维码支付
取消
支付完成
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 0 Fork 43

YIN JIAYI/iSulad

forked from src-openEuler/iSulad 
代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
该仓库未声明开源许可证文件(LICENSE),使用请关注具体项目描述及其代码上游依赖。
项目仓库所选许可证以仓库主分支所使用许可证为准
克隆/下载
0003-update-api.proto-to-v1.19.3-according-to-kubelet.patch 4.47 KB
一键复制 编辑 原始数据 按行查看 历史
haozi007 提交于 2020-12-03 19:12 . sync from openeuler
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102
From 5720b90e9515a698b5f9cde21a99194848f2c66a Mon Sep 17 00:00:00 2001

From: gaohuatao <[email protected]>

Date: Fri, 13 Nov 2020 03:21:16 -0500

Subject: [PATCH 03/17] update api.proto to v1.19.3 according to kubelet



Signed-off-by: gaohuatao <[email protected]>

---

 src/api/services/cri/api.proto               | 31 ++++++++++++++++++++

 src/daemon/entry/cri/cri_security_context.cc |  7 +++++

 2 files changed, 38 insertions(+)



diff --git a/src/api/services/cri/api.proto b/src/api/services/cri/api.proto

index 67e5527e..dc0cfeb9 100644

--- a/src/api/services/cri/api.proto

+++ b/src/api/services/cri/api.proto

@@ -219,6 +219,13 @@ enum NamespaceMode {

     // For example, a container with a PID namespace of NODE expects to view

     // all of the processes on the host running the kubelet.

     NODE      = 2;

+    // TARGET targets the namespace of another container. When this is specified,

+    // a target_id must be specified in NamespaceOption and refer to a container

+    // previously created with NamespaceMode CONTAINER. This containers namespace

+    // will be made to match that of container target_id.

+    // For example, a container with a PID namespace of TARGET expects to view

+    // all of the processes that container target_id can view.

+    TARGET    = 3;  

 }

 

 // NamespaceOption provides options for Linux namespaces.

@@ -236,6 +243,10 @@ message NamespaceOption {

     // Note: There is currently no way to set CONTAINER scoped IPC in the Kubernetes API.

     // Namespaces currently set by the kubelet: POD, NODE

     NamespaceMode ipc = 3;

+    // Target Container ID for NamespaceMode of TARGET. This container must have been

+    // previously created in the same pod. It is not possible to specify different targets

+    // for each namespace.

+    string target_id = 4;

 }

 

 // Int64Value is the wrapper of int64.

@@ -519,6 +530,10 @@ message ListPodSandboxResponse {

 // future it will include more detailed information about the different image types.

 message ImageSpec {

     string image = 1;

+    // Unstructured key-value map holding arbitrary metadata.

+    // ImageSpec Annotations can be used to help the runtime target specific

+    // images in multi-arch images.

+    map<string, string> annotations = 2;

 }

 

 message KeyValue {

@@ -545,6 +560,19 @@ message LinuxContainerResources {

     string cpuset_cpus = 6;

     // CpusetMems constrains the allowed set of memory nodes. Default: "" (not specified).

     string cpuset_mems = 7;

+    // List of HugepageLimits to limit the HugeTLB usage of container per page size. Default: nil (not specified).

+    repeated HugepageLimit hugepage_limits = 8;

+}

+

+// HugepageLimit corresponds to the file`hugetlb.<hugepagesize>.limit_in_byte` in container level cgroup.

+// For example, `PageSize=1GB`, `Limit=1073741824` means setting `1073741824` bytes to hugetlb.1GB.limit_in_bytes.

+message HugepageLimit {

+    // The value of PageSize has the format <size><unit-prefix>B (2MB, 1GB),

+    // and must match the <hugepagesize> of the corresponding control file found in `hugetlb.<hugepagesize>.limit_in_bytes`.

+    // The values of <unit-prefix> are intended to be parsed using base 1024("1KB" = 1024, "1MB" = 1048576, etc).

+    string page_size = 1;

+    // limit in bytes of hugepagesize HugeTLB usage.

+    uint64 limit = 2;

 }

 

 // SELinuxOption are the labels to be applied to the container.

@@ -1040,6 +1068,9 @@ message Image {

     // User name that will run the command(s). This is used if UID is not set

     // and no user is specified when creating container.

     string username = 6;

+    // ImageSpec for image which includes annotations

+    ImageSpec spec = 7;

+

 }

 

 message ListImagesResponse {

diff --git a/src/daemon/entry/cri/cri_security_context.cc b/src/daemon/entry/cri/cri_security_context.cc

index 634e53ad..1d332261 100644

--- a/src/daemon/entry/cri/cri_security_context.cc

+++ b/src/daemon/entry/cri/cri_security_context.cc

@@ -179,6 +179,13 @@ static void ModifyContainerNamespaceOptions(const runtime::v1alpha2::NamespaceOp

         hostConfig->pid_mode = util_strdup_s(sandboxNSMode.c_str());

     }

 

+    

+    if (nsOpts.pid() == runtime::v1alpha2::NamespaceMode::TARGET) {

+        std::string targetPidNsMode = "container:" + nsOpts.target_id();

+        free(hostConfig->pid_mode);

+        hostConfig->pid_mode = util_strdup_s(targetPidNsMode.c_str());

+    }

+

     /* set common Namespace options */

     ModifyCommonNamespaceOptions(nsOpts, hostConfig);

     /* modify host network option for container */

-- 

2.25.1
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
1
https://gitee.com/yinjiayi/iSulad.git
[email protected]:yinjiayi/iSulad.git
yinjiayi
iSulad
iSulad
master
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
仓库举报
回到顶部