Remove Podman annotations package dependency

We now maintain the annotations directly in CRI-O rather than Podman. Refers to cri-o#7866 Signed-off-by: Sascha Grunert <[email protected]>
saschagrunert · Mar 14, 2024 · 7de6d98 · 7de6d98
1 parent 227330d
commit 7de6d98
Show file tree

Hide file tree

Showing 13 changed files with 168 additions and 51 deletions.
diff --git a/internal/factory/container/container.go b/internal/factory/container/container.go
@@ -12,7 +12,6 @@ import (
  "strings"
  "time"
 
- "github.com/containers/podman/v4/pkg/annotations"
  "github.com/containers/storage/pkg/stringid"
  "github.com/cri-o/cri-o/internal/config/capabilities"
  "github.com/cri-o/cri-o/internal/config/device"
@@ -22,7 +21,7 @@ import (
  "github.com/cri-o/cri-o/internal/log"
  oci "github.com/cri-o/cri-o/internal/oci"
  "github.com/cri-o/cri-o/internal/storage"
- crioann "github.com/cri-o/cri-o/pkg/annotations"
+ "github.com/cri-o/cri-o/pkg/annotations"
  "github.com/cri-o/cri-o/pkg/config"
  "github.com/cri-o/cri-o/utils"
  v1 "github.com/opencontainers/image-spec/specs-go/v1"
@@ -188,7 +187,7 @@ func (c *container) SpecAddAnnotations(ctx context.Context, sb *sandbox.Sandbox,
  // The sandbox annotations are already filtered for the allowed
  // annotations, there is no need to check it additionally here.
  for k, v := range sb.Annotations() {
- if k == crioann.OCISeccompBPFHookAnnotation+"/"+c.config.Metadata.Name {
+ if k == annotations.OCISeccompBPFHookAnnotation+"/"+c.config.Metadata.Name {
  // The OCI seccomp BPF hook
  // (https://github.com/containers/oci-seccomp-bpf-hook)
  // uses the annotation io.containers.trace-syscall as indicator
@@ -204,10 +203,10 @@ func (c *container) SpecAddAnnotations(ctx context.Context, sb *sandbox.Sandbox,
  // distinguishable files.
  log.Debugf(ctx,
  "Annotation key for container %q rewritten to %q (value is: %q)",
- c.config.Metadata.Name, crioann.OCISeccompBPFHookAnnotation, v,
+ c.config.Metadata.Name, annotations.OCISeccompBPFHookAnnotation, v,
  )
- c.config.Annotations[crioann.OCISeccompBPFHookAnnotation] = v
- c.spec.AddAnnotation(crioann.OCISeccompBPFHookAnnotation, v)
+ c.config.Annotations[annotations.OCISeccompBPFHookAnnotation] = v
+ c.spec.AddAnnotation(annotations.OCISeccompBPFHookAnnotation, v)
  } else {
  c.spec.AddAnnotation(k, v)
  }
@@ -235,7 +234,7 @@ func (c *container) SpecAddAnnotations(ctx context.Context, sb *sandbox.Sandbox,
  c.spec.AddAnnotation(annotations.SeccompProfilePath, seccompRef)
  c.spec.AddAnnotation(annotations.Created, created.Format(time.RFC3339Nano))
  // for retrieving the runtime path for a given platform.
- c.spec.AddAnnotation(crioann.PlatformRuntimePath, platformRuntimePath)
+ c.spec.AddAnnotation(annotations.PlatformRuntimePath, platformRuntimePath)
 
  metadataJSON, err := json.Marshal(c.Config().Metadata)
  if err != nil {
@@ -530,7 +529,7 @@ func (c *container) AddUnifiedResourcesFromAnnotations(annotationsMap map[string
  return nil
  }
 
- annotationKey := fmt.Sprintf("%s.%s", crioann.UnifiedCgroupAnnotation, containerName)
+ annotationKey := fmt.Sprintf("%s.%s", annotations.UnifiedCgroupAnnotation, containerName)
  annotation := annotationsMap[annotationKey]
  if annotation == "" {
  return nil
@@ -548,7 +547,7 @@ func (c *container) AddUnifiedResourcesFromAnnotations(annotationsMap map[string
  for _, r := range strings.Split(annotation, ";") {
  parts := strings.SplitN(r, "=", 2)
  if len(parts) != 2 {
- return fmt.Errorf("invalid annotation %q", crioann.UnifiedCgroupAnnotation)
+ return fmt.Errorf("invalid annotation %q", annotations.UnifiedCgroupAnnotation)
  }
  d, err := b64.StdEncoding.DecodeString(parts[1])
  // if the value is not specified in base64, then use its raw value.

diff --git a/internal/factory/container/container_test.go b/internal/factory/container/container_test.go
@@ -7,15 +7,14 @@ import (
  "strconv"
  "time"
 
- "github.com/containers/podman/v4/pkg/annotations"
  "github.com/cri-o/cri-o/internal/config/capabilities"
  "github.com/cri-o/cri-o/internal/hostport"
  "github.com/cri-o/cri-o/internal/lib"
  "github.com/cri-o/cri-o/internal/lib/sandbox"
  oci "github.com/cri-o/cri-o/internal/oci"
  "github.com/cri-o/cri-o/internal/storage"
  "github.com/cri-o/cri-o/internal/storage/references"
- crioann "github.com/cri-o/cri-o/pkg/annotations"
+ "github.com/cri-o/cri-o/pkg/annotations"
  . "github.com/onsi/ginkgo/v2"
  . "github.com/onsi/gomega"
  v1 "github.com/opencontainers/image-spec/specs-go/v1"
@@ -332,7 +331,7 @@ var _ = t.Describe("Container", func() {
  config.Labels = map[string]string{
  kubeletTypes.KubernetesContainerNameLabel: containerName,
  }
- annotationKey := fmt.Sprintf("%s.%s", crioann.UnifiedCgroupAnnotation, containerName)
+ annotationKey := fmt.Sprintf("%s.%s", annotations.UnifiedCgroupAnnotation, containerName)
  annotationsMap := map[string]string{
  annotationKey: "memory.max=1000000;memory.min=MTAwMDA=;memory.low=20000",
  }
@@ -357,7 +356,7 @@ var _ = t.Describe("Container", func() {
  }
 
  differentContainerName := "bar"
- annotationKey := fmt.Sprintf("%s.%s", crioann.UnifiedCgroupAnnotation, differentContainerName)
+ annotationKey := fmt.Sprintf("%s.%s", annotations.UnifiedCgroupAnnotation, differentContainerName)
  annotationsMap := map[string]string{
  annotationKey: "memory.max=1000000;memory.min=MTAwMDA=;memory.low=20000",
  }

diff --git a/internal/lib/checkpoint.go b/internal/lib/checkpoint.go
@@ -10,11 +10,11 @@ import (
 
  metadata "github.com/checkpoint-restore/checkpointctl/lib"
  "github.com/checkpoint-restore/go-criu/v7/stats"
- "github.com/containers/podman/v4/pkg/annotations"
  "github.com/containers/podman/v4/pkg/checkpoint/crutils"
  "github.com/containers/storage/pkg/archive"
  "github.com/cri-o/cri-o/internal/log"
  "github.com/cri-o/cri-o/internal/oci"
+ "github.com/cri-o/cri-o/pkg/annotations"
  rspec "github.com/opencontainers/runtime-spec/specs-go"
  "github.com/opencontainers/runtime-tools/generate"
 )

diff --git a/internal/lib/container_server.go b/internal/lib/container_server.go
@@ -10,7 +10,6 @@ import (
  "time"
 
  "github.com/containers/common/pkg/hooks"
- "github.com/containers/podman/v4/pkg/annotations"
  cstorage "github.com/containers/storage"
  "github.com/containers/storage/pkg/ioutils"
  "github.com/containers/storage/pkg/truncindex"
@@ -22,7 +21,7 @@ import (
  "github.com/cri-o/cri-o/internal/registrar"
  "github.com/cri-o/cri-o/internal/storage"
  "github.com/cri-o/cri-o/internal/storage/references"
- crioann "github.com/cri-o/cri-o/pkg/annotations"
+ "github.com/cri-o/cri-o/pkg/annotations"
  libconfig "github.com/cri-o/cri-o/pkg/config"
  json "github.com/json-iterator/go"
  rspec "github.com/opencontainers/runtime-spec/specs-go"
@@ -223,20 +222,20 @@ func (c *ContainerServer) LoadSandbox(ctx context.Context, id string) (sb *sandb
  }
 
  podLinuxOverhead := types.LinuxContainerResources{}
- if v, found := m.Annotations[crioann.PodLinuxOverhead]; found {
+ if v, found := m.Annotations[annotations.PodLinuxOverhead]; found {
  if err := json.Unmarshal([]byte(v), &podLinuxOverhead); err != nil {
- return nil, fmt.Errorf("error unmarshalling %s annotation: %w", crioann.PodLinuxOverhead, err)
+ return nil, fmt.Errorf("error unmarshalling %s annotation: %w", annotations.PodLinuxOverhead, err)
  }
  }
 
  podLinuxResources := types.LinuxContainerResources{}
- if v, found := m.Annotations[crioann.PodLinuxResources]; found {
+ if v, found := m.Annotations[annotations.PodLinuxResources]; found {
  if err := json.Unmarshal([]byte(v), &podLinuxResources); err != nil {
- return nil, fmt.Errorf("error unmarshalling %s annotation: %w", crioann.PodLinuxResources, err)
+ return nil, fmt.Errorf("error unmarshalling %s annotation: %w", annotations.PodLinuxResources, err)
  }
  }
 
- sb, err = sandbox.New(id, m.Annotations[annotations.Namespace], name, m.Annotations[annotations.KubeName], filepath.Dir(m.Annotations[annotations.LogPath]), labels, kubeAnnotations, processLabel, mountLabel, &metadata, m.Annotations[annotations.ShmPath], m.Annotations[annotations.CgroupParent], privileged, m.Annotations[annotations.RuntimeHandler], m.Annotations[annotations.ResolvPath], m.Annotations[annotations.HostName], portMappings, hostNetwork, created, m.Annotations[crioann.UsernsModeAnnotation], &podLinuxOverhead, &podLinuxResources)
+ sb, err = sandbox.New(id, m.Annotations[annotations.Namespace], name, m.Annotations[annotations.KubeName], filepath.Dir(m.Annotations[annotations.LogPath]), labels, kubeAnnotations, processLabel, mountLabel, &metadata, m.Annotations[annotations.ShmPath], m.Annotations[annotations.CgroupParent], privileged, m.Annotations[annotations.RuntimeHandler], m.Annotations[annotations.ResolvPath], m.Annotations[annotations.HostName], portMappings, hostNetwork, created, m.Annotations[annotations.UsernsModeAnnotation], &podLinuxOverhead, &podLinuxResources)
  if err != nil {
  return nil, err
  }
@@ -290,7 +289,7 @@ func (c *ContainerServer) LoadSandbox(ctx context.Context, id string) (sb *sandb
  // We should not take whether the server currently has DropInfraCtr specified, but rather
  // whether the server used to.
  wasSpoofed := false
- if spoofed, ok := m.Annotations[crioann.SpoofedContainer]; ok && spoofed == "true" {
+ if spoofed, ok := m.Annotations[annotations.SpoofedContainer]; ok && spoofed == "true" {
  wasSpoofed = true
  }
 
@@ -456,7 +455,7 @@ func (c *ContainerServer) LoadContainer(ctx context.Context, id string) (retErr
  imageID = &id
  }
 
- platformRuntimePath, ok := m.Annotations[crioann.PlatformRuntimePath]
+ platformRuntimePath, ok := m.Annotations[annotations.PlatformRuntimePath]
  if !ok {
  platformRuntimePath = ""
  }

diff --git a/internal/lib/container_server_freebsd.go b/internal/lib/container_server_freebsd.go
@@ -3,8 +3,9 @@ package lib
 import (
  "fmt"
 
- "github.com/containers/podman/v4/pkg/annotations"
  rspec "github.com/opencontainers/runtime-spec/specs-go"
+
+ "github.com/cri-o/cri-o/pkg/annotations"
 )
 
 func configNsPath(spec *rspec.Spec, nsType rspec.LinuxNamespaceType) (string, error) {

diff --git a/internal/lib/container_server_test.go b/internal/lib/container_server_test.go
@@ -7,9 +7,9 @@ import (
  "os"
  "time"
 
- "github.com/containers/podman/v4/pkg/annotations"
  "github.com/cri-o/cri-o/internal/lib"
  "github.com/cri-o/cri-o/internal/oci"
+ "github.com/cri-o/cri-o/pkg/annotations"
  libconfig "github.com/cri-o/cri-o/pkg/config"
  "github.com/golang/mock/gomock"
  . "github.com/onsi/ginkgo/v2"

diff --git a/internal/lib/restore.go b/internal/lib/restore.go
@@ -8,11 +8,11 @@ import (
 
  metadata "github.com/checkpoint-restore/checkpointctl/lib"
  "github.com/checkpoint-restore/go-criu/v7/stats"
- "github.com/containers/podman/v4/pkg/annotations"
  "github.com/containers/podman/v4/pkg/checkpoint/crutils"
  "github.com/containers/storage/pkg/archive"
  "github.com/cri-o/cri-o/internal/log"
  "github.com/cri-o/cri-o/internal/oci"
+ "github.com/cri-o/cri-o/pkg/annotations"
  "github.com/opencontainers/runtime-tools/generate"
  "github.com/sirupsen/logrus"
 )

diff --git a/internal/oci/runtime_vm.go b/internal/oci/runtime_vm.go
@@ -31,9 +31,9 @@ import (
  "github.com/containerd/ttrpc"
  "github.com/containerd/typeurl"
  conmonconfig "github.com/containers/conmon/runner/config"
- "github.com/containers/podman/v4/pkg/annotations"
  "github.com/cri-o/cri-o/internal/config/cgmgr"
  "github.com/cri-o/cri-o/internal/log"
+ "github.com/cri-o/cri-o/pkg/annotations"
  "github.com/cri-o/cri-o/pkg/config"
  "github.com/cri-o/cri-o/server/metrics"
  "github.com/cri-o/cri-o/utils"

diff --git a/pkg/annotations/internal.go b/pkg/annotations/internal.go
@@ -0,0 +1,122 @@
+package annotations
+
+const (
+ // Annotations carries the received Kubelet annotations.
+ Annotations = "io.kubernetes.cri-o.Annotations"
+
+ // ContainerID is the container ID annotation.
+ ContainerID = "io.kubernetes.cri-o.ContainerID"
+
+ // ContainerName is the container name annotation.
+ ContainerName = "io.kubernetes.cri-o.ContainerName"
+
+ // ContainerType is the container type (sandbox or container) annotation.
+ ContainerType = "io.kubernetes.cri-o.ContainerType"
+
+ // Created is the container creation time annotation.
+ Created = "io.kubernetes.cri-o.Created"
+
+ // HostName is the container host name annotation.
+ HostName = "io.kubernetes.cri-o.HostName"
+
+ // CgroupParent is the sandbox cgroup parent.
+ CgroupParent = "io.kubernetes.cri-o.CgroupParent"
+
+ // IP is the container ipv4 or ipv6 address.
+ IP = "io.kubernetes.cri-o.IP"
+
+ // NamespaceOptions store the options for namespaces.
+ NamespaceOptions = "io.kubernetes.cri-o.NamespaceOptions"
+
+ // SeccompProfilePath is the node seccomp profile path.
+ SeccompProfilePath = "io.kubernetes.cri-o.SeccompProfilePath"
+
+ // Image is the container image ID annotation.
+ Image = "io.kubernetes.cri-o.Image"
+
+ // ImageName is the container image name annotation.
+ ImageName = "io.kubernetes.cri-o.ImageName"
+
+ // ImageRef is the container image ref annotation.
+ ImageRef = "io.kubernetes.cri-o.ImageRef"
+
+ // KubeName is the kubernetes name annotation.
+ KubeName = "io.kubernetes.cri-o.KubeName"
+
+ // PortMappings holds the port mappings for the sandbox.
+ PortMappings = "io.kubernetes.cri-o.PortMappings"
+
+ // Labels are the kubernetes labels annotation.
+ Labels = "io.kubernetes.cri-o.Labels"
+
+ // LogPath is the container logging path annotation.
+ LogPath = "io.kubernetes.cri-o.LogPath"
+
+ // Metadata is the container metadata annotation.
+ Metadata = "io.kubernetes.cri-o.Metadata"
+
+ // Name is the pod name annotation.
+ Name = "io.kubernetes.cri-o.Name"
+
+ // Namespace is the pod namespace annotation.
+ Namespace = "io.kubernetes.cri-o.Namespace"
+
+ // PrivilegedRuntime is the annotation for the privileged runtime path.
+ PrivilegedRuntime = "io.kubernetes.cri-o.PrivilegedRuntime"
+
+ // ResolvPath is the resolver configuration path annotation.
+ ResolvPath = "io.kubernetes.cri-o.ResolvPath"
+
+ // HostnamePath is the path to /etc/hostname to bind mount annotation.
+ HostnamePath = "io.kubernetes.cri-o.HostnamePath"
+
+ // SandboxID is the sandbox ID annotation.
+ SandboxID = "io.kubernetes.cri-o.SandboxID"
+
+ // SandboxName is the sandbox name annotation.
+ SandboxName = "io.kubernetes.cri-o.SandboxName"
+
+ // ShmPath is the shared memory path annotation.
+ ShmPath = "io.kubernetes.cri-o.ShmPath"
+
+ // MountPoint is the mount point of the container rootfs.
+ MountPoint = "io.kubernetes.cri-o.MountPoint"
+
+ // RuntimeHandler is the annotation for runtime handler.
+ RuntimeHandler = "io.kubernetes.cri-o.RuntimeHandler"
+
+ // TTY is the terminal path annotation.
+ TTY = "io.kubernetes.cri-o.TTY"
+
+ // Stdin is the stdin annotation.
+ Stdin = "io.kubernetes.cri-o.Stdin"
+
+ // StdinOnce is the stdin_once annotation.
+ StdinOnce = "io.kubernetes.cri-o.StdinOnce"
+
+ // Volumes is the volumes annotation.
+ Volumes = "io.kubernetes.cri-o.Volumes"
+
+ // HostNetwork indicates whether the host network namespace is used or not.
+ HostNetwork = "io.kubernetes.cri-o.HostNetwork"
+
+ // CNIResult is the JSON string representation of the Result from CNI.
+ CNIResult = "io.kubernetes.cri-o.CNIResult"
+
+ // ContainerManager is the annotation key for indicating the creator and
+ // manager of the container.
+ ContainerManager = "io.container.manager"
+)
+
+// ContainerType values
+const (
+ // ContainerTypeSandbox represents a pod sandbox container.
+ ContainerTypeSandbox = "sandbox"
+
+ // ContainerTypeContainer represents a container running within a pod.
+ ContainerTypeContainer = "container"
+)
+
+// ContainerManagerLibpod indicates that libpod created and manages the
+// container.
+const ContainerManagerLibpod = "libpod"
diff --git a/server/container_restore.go b/server/container_restore.go
@@ -6,13 +6,12 @@ import (
  "os"
 
  metadata "github.com/checkpoint-restore/checkpointctl/lib"
- "github.com/containers/podman/v4/pkg/annotations"
  "github.com/containers/storage/pkg/archive"
  "github.com/cri-o/cri-o/internal/factory/container"
  "github.com/cri-o/cri-o/internal/lib/sandbox"
  "github.com/cri-o/cri-o/internal/log"
  "github.com/cri-o/cri-o/internal/storage"
- crioann "github.com/cri-o/cri-o/pkg/annotations"
+ "github.com/cri-o/cri-o/pkg/annotations"
  spec "github.com/opencontainers/runtime-spec/specs-go"
  "golang.org/x/net/context"
  types "k8s.io/cri-api/pkg/apis/runtime/v1"
@@ -36,7 +35,7 @@ func (s *Server) checkIfCheckpointOCIImage(ctx context.Context, input string) (*
  return nil, nil
  }
 
- ann, ok := status.Annotations[crioann.CheckpointAnnotationName]
+ ann, ok := status.Annotations[annotations.CheckpointAnnotationName]
  if !ok {
  return nil, nil
  }