mirror of https://github.com/containers/podman
Update container-device-interface (CDI) to v0.6.2
This updates the container-device-interface dependency to v0.6.2 and renames the import to tags.cncf.io/container-device-interface to make use of the new vanity URL. [NO NEW TESTS NEEDED] Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Signed-off-by: Evan Lezar <elezar@nvidia.com>pull/20558/head
parent
b44d372b1b
commit
942bcf34b8
|
@ -1511,7 +1511,7 @@
|
|||
- The `podman run` and `podman create` commands now support a new option, `--pidfile`. This will create a file when the container is started containing the PID of the first process in the container.
|
||||
- The `podman run` and `podman create` commands now support a new option, `--requires`. The `--requires` option adds dependency containers - containers that must be running before the current container. Commands like `podman start` will automatically start the requirements of a container before starting the container itself.
|
||||
- Auto-updating containers can now be done with locally-built images, not just images hosted on a registry, by creating containers with the `io.containers.autoupdate` label set to `local`.
|
||||
- Podman now supports the [Container Device Interface](https://github.com/container-orchestrated-devices/container-device-interface) (CDI) standard.
|
||||
- Podman now supports the [Container Device Interface](https://tags.cncf.io/container-device-interface) (CDI) standard.
|
||||
- Podman now adds an entry to `/etc/hosts`, `host.containers.internal`, pointing to the current gateway (which, for root containers, is usually a bridge interface on the host system) ([#5651](https://github.com/containers/podman/issues/5651)).
|
||||
- The `podman ps`, `podman pod ps`, `podman network list`, `podman secret list`, and `podman volume list` commands now support a `--noheading` option, which will cause Podman to omit the heading line including column names.
|
||||
- The `podman unshare` command now supports a new flag, `--rootless-cni`, to join the rootless network namespace. This allows commands to be run in the same network environment as rootless containers with CNI networking.
|
||||
|
|
4
go.mod
4
go.mod
|
@ -9,7 +9,6 @@ require (
|
|||
github.com/buger/goterm v1.0.4
|
||||
github.com/checkpoint-restore/checkpointctl v1.1.0
|
||||
github.com/checkpoint-restore/go-criu/v7 v7.0.0
|
||||
github.com/container-orchestrated-devices/container-device-interface v0.6.1
|
||||
github.com/containernetworking/cni v1.1.2
|
||||
github.com/containernetworking/plugins v1.3.0
|
||||
github.com/containers/buildah v1.32.1-0.20231026190652-11e3b2132761
|
||||
|
@ -78,6 +77,7 @@ require (
|
|||
gopkg.in/yaml.v3 v3.0.1
|
||||
k8s.io/kubernetes v1.28.3
|
||||
sigs.k8s.io/yaml v1.4.0
|
||||
tags.cncf.io/container-device-interface v0.6.2
|
||||
)
|
||||
|
||||
require (
|
||||
|
@ -212,7 +212,7 @@ require (
|
|||
gopkg.in/go-jose/go-jose.v2 v2.6.1 // indirect
|
||||
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
|
||||
gopkg.in/yaml.v2 v2.4.0 // indirect
|
||||
tags.cncf.io/container-device-interface v0.6.2 // indirect
|
||||
tags.cncf.io/container-device-interface/specs-go v0.6.0 // indirect
|
||||
)
|
||||
|
||||
replace github.com/opencontainers/runc => github.com/opencontainers/runc v1.1.1-0.20230904132852-a0466dd76f23
|
||||
|
|
4
go.sum
4
go.sum
|
@ -157,8 +157,6 @@ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGX
|
|||
github.com/cncf/udpa/go v0.0.0-20201120205902-5459f2c99403/go.mod h1:WmhPx2Nbnhtbo57+VJT5O0JRkEi1Wbu0z5j0R8u5Hbk=
|
||||
github.com/cncf/xds/go v0.0.0-20210312221358-fbca930ec8ed/go.mod h1:eXthEFrGJvWHgFFCl3hGmgk+/aYT6PnTQLykKQRLhEs=
|
||||
github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:zn76sxSg3SzpJ0PPJaLDCu+Bu0Lg3sKTORVIj19EIF8=
|
||||
github.com/container-orchestrated-devices/container-device-interface v0.6.1 h1:mz77uJoP8im/4Zins+mPqt677ZMaflhoGaYrRAl5jvA=
|
||||
github.com/container-orchestrated-devices/container-device-interface v0.6.1/go.mod h1:40T6oW59rFrL/ksiSs7q45GzjGlbvxnA4xaK6cyq+kA=
|
||||
github.com/containerd/aufs v0.0.0-20200908144142-dab0cbea06f4/go.mod h1:nukgQABAEopAHvB6j7cnP5zJ+/3aVcE7hCYqvIwAHyE=
|
||||
github.com/containerd/aufs v0.0.0-20201003224125-76a6863f2989/go.mod h1:AkGGQs9NM2vtYHaUen+NljV0/baGCAPELGm2q9ZXpWU=
|
||||
github.com/containerd/aufs v0.0.0-20210316121734-20793ff83c97/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj3gNv2PU=
|
||||
|
@ -1656,3 +1654,5 @@ sigs.k8s.io/yaml v1.4.0/go.mod h1:Ejl7/uTz7PSA4eKMyQCUTnhZYNmLIl+5c2lQPGR2BPY=
|
|||
src.elv.sh v0.16.0-rc1.0.20220116211855-fda62502ad7f h1:pjVeIo9Ba6K1Wy+rlwX91zT7A+xGEmxiNRBdN04gDTQ=
|
||||
tags.cncf.io/container-device-interface v0.6.2 h1:dThE6dtp/93ZDGhqaED2Pu374SOeUkBfuvkLuiTdwzg=
|
||||
tags.cncf.io/container-device-interface v0.6.2/go.mod h1:Shusyhjs1A5Na/kqPVLL0KqnHQHuunol9LFeUNkuGVE=
|
||||
tags.cncf.io/container-device-interface/specs-go v0.6.0 h1:V+tJJN6dqu8Vym6p+Ru+K5mJ49WL6Aoc5SJFSY0RLsQ=
|
||||
tags.cncf.io/container-device-interface/specs-go v0.6.0/go.mod h1:hMAwAbMZyBLdmYqWgYcKH0F/yctNpV3P35f+/088A80=
|
||||
|
|
|
@ -22,7 +22,6 @@ import (
|
|||
|
||||
metadata "github.com/checkpoint-restore/checkpointctl/lib"
|
||||
"github.com/checkpoint-restore/go-criu/v7/stats"
|
||||
cdi "github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
|
||||
"github.com/containers/buildah"
|
||||
"github.com/containers/buildah/pkg/chrootuser"
|
||||
"github.com/containers/buildah/pkg/overlay"
|
||||
|
@ -58,6 +57,7 @@ import (
|
|||
"github.com/opencontainers/selinux/go-selinux/label"
|
||||
"github.com/sirupsen/logrus"
|
||||
"golang.org/x/sys/unix"
|
||||
cdi "tags.cncf.io/container-device-interface/pkg/cdi"
|
||||
)
|
||||
|
||||
func parseOptionIDs(ctrMappings []idtools.IDMap, option string) ([]idtools.IDMap, error) {
|
||||
|
|
|
@ -10,10 +10,10 @@ import (
|
|||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
"github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
|
||||
"github.com/opencontainers/runtime-tools/generate"
|
||||
"github.com/sirupsen/logrus"
|
||||
"golang.org/x/sys/unix"
|
||||
"tags.cncf.io/container-device-interface/pkg/cdi"
|
||||
)
|
||||
|
||||
// DevicesFromPath computes a list of devices
|
||||
|
|
|
@ -11,7 +11,6 @@ import (
|
|||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
"github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
|
||||
"github.com/containers/podman/v4/libpod/define"
|
||||
"github.com/containers/podman/v4/pkg/rootless"
|
||||
"github.com/containers/podman/v4/pkg/util"
|
||||
|
@ -20,6 +19,7 @@ import (
|
|||
"github.com/opencontainers/runtime-tools/generate"
|
||||
"github.com/sirupsen/logrus"
|
||||
"golang.org/x/sys/unix"
|
||||
"tags.cncf.io/container-device-interface/pkg/cdi"
|
||||
)
|
||||
|
||||
// DevicesFromPath computes a list of devices
|
||||
|
|
|
@ -12,7 +12,6 @@ import (
|
|||
"path/filepath"
|
||||
"strings"
|
||||
|
||||
"github.com/container-orchestrated-devices/container-device-interface/pkg/parser"
|
||||
"github.com/containers/common/libimage"
|
||||
"github.com/containers/common/libnetwork/pasta"
|
||||
"github.com/containers/common/libnetwork/slirp4netns"
|
||||
|
@ -26,6 +25,7 @@ import (
|
|||
"github.com/opencontainers/runtime-spec/specs-go"
|
||||
"github.com/opencontainers/selinux/go-selinux/label"
|
||||
"github.com/sirupsen/logrus"
|
||||
"tags.cncf.io/container-device-interface/pkg/parser"
|
||||
)
|
||||
|
||||
// MakeContainer creates a container based on the SpecGenerator.
|
||||
|
|
|
@ -1,212 +0,0 @@
|
|||
/*
|
||||
Copyright © The CDI Authors
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
*/
|
||||
|
||||
package parser
|
||||
|
||||
import (
|
||||
"fmt"
|
||||
"strings"
|
||||
)
|
||||
|
||||
// QualifiedName returns the qualified name for a device.
|
||||
// The syntax for a qualified device names is
|
||||
//
|
||||
// "<vendor>/<class>=<name>".
|
||||
//
|
||||
// A valid vendor and class name may contain the following runes:
|
||||
//
|
||||
// 'A'-'Z', 'a'-'z', '0'-'9', '.', '-', '_'.
|
||||
//
|
||||
// A valid device name may contain the following runes:
|
||||
//
|
||||
// 'A'-'Z', 'a'-'z', '0'-'9', '-', '_', '.', ':'
|
||||
func QualifiedName(vendor, class, name string) string {
|
||||
return vendor + "/" + class + "=" + name
|
||||
}
|
||||
|
||||
// IsQualifiedName tests if a device name is qualified.
|
||||
func IsQualifiedName(device string) bool {
|
||||
_, _, _, err := ParseQualifiedName(device)
|
||||
return err == nil
|
||||
}
|
||||
|
||||
// ParseQualifiedName splits a qualified name into device vendor, class,
|
||||
// and name. If the device fails to parse as a qualified name, or if any
|
||||
// of the split components fail to pass syntax validation, vendor and
|
||||
// class are returned as empty, together with the verbatim input as the
|
||||
// name and an error describing the reason for failure.
|
||||
func ParseQualifiedName(device string) (string, string, string, error) {
|
||||
vendor, class, name := ParseDevice(device)
|
||||
|
||||
if vendor == "" {
|
||||
return "", "", device, fmt.Errorf("unqualified device %q, missing vendor", device)
|
||||
}
|
||||
if class == "" {
|
||||
return "", "", device, fmt.Errorf("unqualified device %q, missing class", device)
|
||||
}
|
||||
if name == "" {
|
||||
return "", "", device, fmt.Errorf("unqualified device %q, missing device name", device)
|
||||
}
|
||||
|
||||
if err := ValidateVendorName(vendor); err != nil {
|
||||
return "", "", device, fmt.Errorf("invalid device %q: %w", device, err)
|
||||
}
|
||||
if err := ValidateClassName(class); err != nil {
|
||||
return "", "", device, fmt.Errorf("invalid device %q: %w", device, err)
|
||||
}
|
||||
if err := ValidateDeviceName(name); err != nil {
|
||||
return "", "", device, fmt.Errorf("invalid device %q: %w", device, err)
|
||||
}
|
||||
|
||||
return vendor, class, name, nil
|
||||
}
|
||||
|
||||
// ParseDevice tries to split a device name into vendor, class, and name.
|
||||
// If this fails, for instance in the case of unqualified device names,
|
||||
// ParseDevice returns an empty vendor and class together with name set
|
||||
// to the verbatim input.
|
||||
func ParseDevice(device string) (string, string, string) {
|
||||
if device == "" || device[0] == '/' {
|
||||
return "", "", device
|
||||
}
|
||||
|
||||
parts := strings.SplitN(device, "=", 2)
|
||||
if len(parts) != 2 || parts[0] == "" || parts[1] == "" {
|
||||
return "", "", device
|
||||
}
|
||||
|
||||
name := parts[1]
|
||||
vendor, class := ParseQualifier(parts[0])
|
||||
if vendor == "" {
|
||||
return "", "", device
|
||||
}
|
||||
|
||||
return vendor, class, name
|
||||
}
|
||||
|
||||
// ParseQualifier splits a device qualifier into vendor and class.
|
||||
// The syntax for a device qualifier is
|
||||
//
|
||||
// "<vendor>/<class>"
|
||||
//
|
||||
// If parsing fails, an empty vendor and the class set to the
|
||||
// verbatim input is returned.
|
||||
func ParseQualifier(kind string) (string, string) {
|
||||
parts := strings.SplitN(kind, "/", 2)
|
||||
if len(parts) != 2 || parts[0] == "" || parts[1] == "" {
|
||||
return "", kind
|
||||
}
|
||||
return parts[0], parts[1]
|
||||
}
|
||||
|
||||
// ValidateVendorName checks the validity of a vendor name.
|
||||
// A vendor name may contain the following ASCII characters:
|
||||
// - upper- and lowercase letters ('A'-'Z', 'a'-'z')
|
||||
// - digits ('0'-'9')
|
||||
// - underscore, dash, and dot ('_', '-', and '.')
|
||||
func ValidateVendorName(vendor string) error {
|
||||
err := validateVendorOrClassName(vendor)
|
||||
if err != nil {
|
||||
err = fmt.Errorf("invalid vendor. %w", err)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
// ValidateClassName checks the validity of class name.
|
||||
// A class name may contain the following ASCII characters:
|
||||
// - upper- and lowercase letters ('A'-'Z', 'a'-'z')
|
||||
// - digits ('0'-'9')
|
||||
// - underscore, dash, and dot ('_', '-', and '.')
|
||||
func ValidateClassName(class string) error {
|
||||
err := validateVendorOrClassName(class)
|
||||
if err != nil {
|
||||
err = fmt.Errorf("invalid class. %w", err)
|
||||
}
|
||||
return err
|
||||
}
|
||||
|
||||
// validateVendorOrClassName checks the validity of vendor or class name.
|
||||
// A name may contain the following ASCII characters:
|
||||
// - upper- and lowercase letters ('A'-'Z', 'a'-'z')
|
||||
// - digits ('0'-'9')
|
||||
// - underscore, dash, and dot ('_', '-', and '.')
|
||||
func validateVendorOrClassName(name string) error {
|
||||
if name == "" {
|
||||
return fmt.Errorf("empty name")
|
||||
}
|
||||
if !IsLetter(rune(name[0])) {
|
||||
return fmt.Errorf("%q, should start with letter", name)
|
||||
}
|
||||
for _, c := range string(name[1 : len(name)-1]) {
|
||||
switch {
|
||||
case IsAlphaNumeric(c):
|
||||
case c == '_' || c == '-' || c == '.':
|
||||
default:
|
||||
return fmt.Errorf("invalid character '%c' in name %q",
|
||||
c, name)
|
||||
}
|
||||
}
|
||||
if !IsAlphaNumeric(rune(name[len(name)-1])) {
|
||||
return fmt.Errorf("%q, should end with a letter or digit", name)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// ValidateDeviceName checks the validity of a device name.
|
||||
// A device name may contain the following ASCII characters:
|
||||
// - upper- and lowercase letters ('A'-'Z', 'a'-'z')
|
||||
// - digits ('0'-'9')
|
||||
// - underscore, dash, dot, colon ('_', '-', '.', ':')
|
||||
func ValidateDeviceName(name string) error {
|
||||
if name == "" {
|
||||
return fmt.Errorf("invalid (empty) device name")
|
||||
}
|
||||
if !IsAlphaNumeric(rune(name[0])) {
|
||||
return fmt.Errorf("invalid class %q, should start with a letter or digit", name)
|
||||
}
|
||||
if len(name) == 1 {
|
||||
return nil
|
||||
}
|
||||
for _, c := range string(name[1 : len(name)-1]) {
|
||||
switch {
|
||||
case IsAlphaNumeric(c):
|
||||
case c == '_' || c == '-' || c == '.' || c == ':':
|
||||
default:
|
||||
return fmt.Errorf("invalid character '%c' in device name %q",
|
||||
c, name)
|
||||
}
|
||||
}
|
||||
if !IsAlphaNumeric(rune(name[len(name)-1])) {
|
||||
return fmt.Errorf("invalid name %q, should end with a letter or digit", name)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// IsLetter reports whether the rune is a letter.
|
||||
func IsLetter(c rune) bool {
|
||||
return ('A' <= c && c <= 'Z') || ('a' <= c && c <= 'z')
|
||||
}
|
||||
|
||||
// IsDigit reports whether the rune is a digit.
|
||||
func IsDigit(c rune) bool {
|
||||
return '0' <= c && c <= '9'
|
||||
}
|
||||
|
||||
// IsAlphaNumeric reports whether the rune is a letter or digit.
|
||||
func IsAlphaNumeric(c rune) bool {
|
||||
return IsLetter(c) || IsDigit(c)
|
||||
}
|
113
vendor/github.com/container-orchestrated-devices/container-device-interface/specs-go/oci.go
generated
vendored
113
vendor/github.com/container-orchestrated-devices/container-device-interface/specs-go/oci.go
generated
vendored
|
@ -1,113 +0,0 @@
|
|||
package specs
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
|
||||
spec "github.com/opencontainers/runtime-spec/specs-go"
|
||||
)
|
||||
|
||||
// ApplyOCIEditsForDevice applies devices OCI edits, in other words
|
||||
// it finds the device in the CDI spec and applies the OCI patches that device
|
||||
// requires to the OCI specification.
|
||||
func ApplyOCIEditsForDevice(config *spec.Spec, cdi *Spec, dev string) error {
|
||||
for _, d := range cdi.Devices {
|
||||
if d.Name != dev {
|
||||
continue
|
||||
}
|
||||
|
||||
return ApplyEditsToOCISpec(config, &d.ContainerEdits)
|
||||
}
|
||||
|
||||
return fmt.Errorf("CDI: device %q not found for spec %q", dev, cdi.Kind)
|
||||
}
|
||||
|
||||
// ApplyOCIEdits applies the OCI edits the CDI spec declares globally
|
||||
func ApplyOCIEdits(config *spec.Spec, cdi *Spec) error {
|
||||
return ApplyEditsToOCISpec(config, &cdi.ContainerEdits)
|
||||
}
|
||||
|
||||
// ApplyEditsToOCISpec applies the specified edits to the OCI spec.
|
||||
func ApplyEditsToOCISpec(config *spec.Spec, edits *ContainerEdits) error {
|
||||
if config == nil {
|
||||
return errors.New("spec is nil")
|
||||
}
|
||||
if edits == nil {
|
||||
return nil
|
||||
}
|
||||
|
||||
if len(edits.Env) > 0 {
|
||||
if config.Process == nil {
|
||||
config.Process = &spec.Process{}
|
||||
}
|
||||
config.Process.Env = append(config.Process.Env, edits.Env...)
|
||||
}
|
||||
|
||||
for _, d := range edits.DeviceNodes {
|
||||
if config.Linux == nil {
|
||||
config.Linux = &spec.Linux{}
|
||||
}
|
||||
config.Linux.Devices = append(config.Linux.Devices, d.ToOCI())
|
||||
}
|
||||
|
||||
for _, m := range edits.Mounts {
|
||||
config.Mounts = append(config.Mounts, m.ToOCI())
|
||||
}
|
||||
|
||||
for _, h := range edits.Hooks {
|
||||
if config.Hooks == nil {
|
||||
config.Hooks = &spec.Hooks{}
|
||||
}
|
||||
switch h.HookName {
|
||||
case "prestart":
|
||||
config.Hooks.Prestart = append(config.Hooks.Prestart, h.ToOCI())
|
||||
case "createRuntime":
|
||||
config.Hooks.CreateRuntime = append(config.Hooks.CreateRuntime, h.ToOCI())
|
||||
case "createContainer":
|
||||
config.Hooks.CreateContainer = append(config.Hooks.CreateContainer, h.ToOCI())
|
||||
case "startContainer":
|
||||
config.Hooks.StartContainer = append(config.Hooks.StartContainer, h.ToOCI())
|
||||
case "poststart":
|
||||
config.Hooks.Poststart = append(config.Hooks.Poststart, h.ToOCI())
|
||||
case "poststop":
|
||||
config.Hooks.Poststop = append(config.Hooks.Poststop, h.ToOCI())
|
||||
default:
|
||||
fmt.Printf("CDI: Unknown hook %q\n", h.HookName)
|
||||
}
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// ToOCI returns the opencontainers runtime Spec Hook for this Hook.
|
||||
func (h *Hook) ToOCI() spec.Hook {
|
||||
return spec.Hook{
|
||||
Path: h.Path,
|
||||
Args: h.Args,
|
||||
Env: h.Env,
|
||||
Timeout: h.Timeout,
|
||||
}
|
||||
}
|
||||
|
||||
// ToOCI returns the opencontainers runtime Spec Mount for this Mount.
|
||||
func (m *Mount) ToOCI() spec.Mount {
|
||||
return spec.Mount{
|
||||
Source: m.HostPath,
|
||||
Destination: m.ContainerPath,
|
||||
Options: m.Options,
|
||||
Type: m.Type,
|
||||
}
|
||||
}
|
||||
|
||||
// ToOCI returns the opencontainers runtime Spec LinuxDevice for this DeviceNode.
|
||||
func (d *DeviceNode) ToOCI() spec.LinuxDevice {
|
||||
return spec.LinuxDevice{
|
||||
Path: d.Path,
|
||||
Type: d.Type,
|
||||
Major: d.Major,
|
||||
Minor: d.Minor,
|
||||
FileMode: d.FileMode,
|
||||
UID: d.UID,
|
||||
GID: d.GID,
|
||||
}
|
||||
}
|
|
@ -104,14 +104,6 @@ github.com/chenzhuoyu/iasm/x86_64
|
|||
# github.com/chzyer/readline v1.5.1
|
||||
## explicit; go 1.15
|
||||
github.com/chzyer/readline
|
||||
# github.com/container-orchestrated-devices/container-device-interface v0.6.1
|
||||
## explicit; go 1.17
|
||||
github.com/container-orchestrated-devices/container-device-interface/internal/multierror
|
||||
github.com/container-orchestrated-devices/container-device-interface/internal/validation
|
||||
github.com/container-orchestrated-devices/container-device-interface/internal/validation/k8s
|
||||
github.com/container-orchestrated-devices/container-device-interface/pkg/cdi
|
||||
github.com/container-orchestrated-devices/container-device-interface/pkg/parser
|
||||
github.com/container-orchestrated-devices/container-device-interface/specs-go
|
||||
# github.com/containerd/cgroups/v3 v3.0.2
|
||||
## explicit; go 1.18
|
||||
github.com/containerd/cgroups/v3/cgroup1/stats
|
||||
|
@ -1355,5 +1347,12 @@ sigs.k8s.io/yaml
|
|||
sigs.k8s.io/yaml/goyaml.v2
|
||||
# tags.cncf.io/container-device-interface v0.6.2
|
||||
## explicit; go 1.19
|
||||
tags.cncf.io/container-device-interface/internal/multierror
|
||||
tags.cncf.io/container-device-interface/internal/validation
|
||||
tags.cncf.io/container-device-interface/internal/validation/k8s
|
||||
tags.cncf.io/container-device-interface/pkg/cdi
|
||||
tags.cncf.io/container-device-interface/pkg/parser
|
||||
# tags.cncf.io/container-device-interface/specs-go v0.6.0
|
||||
## explicit; go 1.19
|
||||
tags.cncf.io/container-device-interface/specs-go
|
||||
# github.com/opencontainers/runc => github.com/opencontainers/runc v1.1.1-0.20230904132852-a0466dd76f23
|
||||
|
|
|
@ -23,7 +23,7 @@ import (
|
|||
"fmt"
|
||||
"strings"
|
||||
|
||||
"github.com/container-orchestrated-devices/container-device-interface/internal/multierror"
|
||||
"tags.cncf.io/container-device-interface/internal/multierror"
|
||||
)
|
||||
|
||||
// TotalAnnotationSizeLimitB defines the maximum size of all annotations in characters.
|
|
@ -20,7 +20,7 @@ import (
|
|||
"fmt"
|
||||
"strings"
|
||||
|
||||
"github.com/container-orchestrated-devices/container-device-interface/internal/validation/k8s"
|
||||
"tags.cncf.io/container-device-interface/internal/validation/k8s"
|
||||
)
|
||||
|
||||
// ValidateSpecAnnotations checks whether spec annotations are valid.
|
|
@ -21,7 +21,7 @@ import (
|
|||
"fmt"
|
||||
"strings"
|
||||
|
||||
"github.com/container-orchestrated-devices/container-device-interface/pkg/parser"
|
||||
"tags.cncf.io/container-device-interface/pkg/parser"
|
||||
)
|
||||
|
||||
const (
|
|
@ -26,10 +26,10 @@ import (
|
|||
"strings"
|
||||
"sync"
|
||||
|
||||
"github.com/container-orchestrated-devices/container-device-interface/internal/multierror"
|
||||
cdi "github.com/container-orchestrated-devices/container-device-interface/specs-go"
|
||||
"github.com/fsnotify/fsnotify"
|
||||
oci "github.com/opencontainers/runtime-spec/specs-go"
|
||||
"tags.cncf.io/container-device-interface/internal/multierror"
|
||||
cdi "tags.cncf.io/container-device-interface/specs-go"
|
||||
)
|
||||
|
||||
// Option is an option to change some aspect of default CDI behavior.
|
|
@ -24,9 +24,9 @@ import (
|
|||
"sort"
|
||||
"strings"
|
||||
|
||||
"github.com/container-orchestrated-devices/container-device-interface/specs-go"
|
||||
oci "github.com/opencontainers/runtime-spec/specs-go"
|
||||
ocigen "github.com/opencontainers/runtime-tools/generate"
|
||||
"tags.cncf.io/container-device-interface/specs-go"
|
||||
)
|
||||
|
||||
const (
|
|
@ -19,10 +19,10 @@ package cdi
|
|||
import (
|
||||
"fmt"
|
||||
|
||||
"github.com/container-orchestrated-devices/container-device-interface/internal/validation"
|
||||
"github.com/container-orchestrated-devices/container-device-interface/pkg/parser"
|
||||
cdi "github.com/container-orchestrated-devices/container-device-interface/specs-go"
|
||||
oci "github.com/opencontainers/runtime-spec/specs-go"
|
||||
"tags.cncf.io/container-device-interface/internal/validation"
|
||||
"tags.cncf.io/container-device-interface/pkg/parser"
|
||||
cdi "tags.cncf.io/container-device-interface/specs-go"
|
||||
)
|
||||
|
||||
// Device represents a CDI device of a Spec.
|
|
@ -2,9 +2,9 @@
|
|||
// interacting with CDI and consuming CDI devices.
|
||||
//
|
||||
// For more information about Container Device Interface, please refer to
|
||||
// https://github.com/container-orchestrated-devices/container-device-interface
|
||||
// https://tags.cncf.io/container-device-interface
|
||||
//
|
||||
// Container Device Interface
|
||||
// # Container Device Interface
|
||||
//
|
||||
// Container Device Interface, or CDI for short, provides comprehensive
|
||||
// third party device support for container runtimes. CDI uses vendor
|
||||
|
@ -29,7 +29,7 @@
|
|||
// the vast majority of CDI consumers need. The API should be usable both
|
||||
// by OCI runtime clients and runtime implementations.
|
||||
//
|
||||
// CDI Registry
|
||||
// # CDI Registry
|
||||
//
|
||||
// The primary interface to interact with CDI devices is the Registry. It
|
||||
// is essentially a cache of all Specs and devices discovered in standard
|
||||
|
@ -37,34 +37,34 @@
|
|||
// injecting devices into an OCI Spec and refreshing the cache of CDI
|
||||
// Specs and devices.
|
||||
//
|
||||
// Device Injection
|
||||
// # Device Injection
|
||||
//
|
||||
// Using the Registry one can inject CDI devices into a container with code
|
||||
// similar to the following snippet:
|
||||
//
|
||||
// import (
|
||||
// "fmt"
|
||||
// "strings"
|
||||
// import (
|
||||
// "fmt"
|
||||
// "strings"
|
||||
//
|
||||
// log "github.com/sirupsen/logrus"
|
||||
// log "github.com/sirupsen/logrus"
|
||||
//
|
||||
// "github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
|
||||
// oci "github.com/opencontainers/runtime-spec/specs-go"
|
||||
// )
|
||||
// "tags.cncf.io/container-device-interface/pkg/cdi"
|
||||
// oci "github.com/opencontainers/runtime-spec/specs-go"
|
||||
// )
|
||||
//
|
||||
// func injectCDIDevices(spec *oci.Spec, devices []string) error {
|
||||
// log.Debug("pristine OCI Spec: %s", dumpSpec(spec))
|
||||
// func injectCDIDevices(spec *oci.Spec, devices []string) error {
|
||||
// log.Debug("pristine OCI Spec: %s", dumpSpec(spec))
|
||||
//
|
||||
// unresolved, err := cdi.GetRegistry().InjectDevices(spec, devices)
|
||||
// if err != nil {
|
||||
// return fmt.Errorf("CDI device injection failed: %w", err)
|
||||
// }
|
||||
// unresolved, err := cdi.GetRegistry().InjectDevices(spec, devices)
|
||||
// if err != nil {
|
||||
// return fmt.Errorf("CDI device injection failed: %w", err)
|
||||
// }
|
||||
//
|
||||
// log.Debug("CDI-updated OCI Spec: %s", dumpSpec(spec))
|
||||
// return nil
|
||||
// }
|
||||
// log.Debug("CDI-updated OCI Spec: %s", dumpSpec(spec))
|
||||
// return nil
|
||||
// }
|
||||
//
|
||||
// Cache Refresh
|
||||
// # Cache Refresh
|
||||
//
|
||||
// By default the CDI Spec cache monitors the configured Spec directories
|
||||
// and automatically refreshes itself when necessary. This behavior can be
|
||||
|
@ -85,42 +85,42 @@
|
|||
// CDI Spec cache is up to date before performing device injection.
|
||||
// A code snippet similar to the following accmplishes that:
|
||||
//
|
||||
// import (
|
||||
// "fmt"
|
||||
// "strings"
|
||||
// import (
|
||||
// "fmt"
|
||||
// "strings"
|
||||
//
|
||||
// log "github.com/sirupsen/logrus"
|
||||
// log "github.com/sirupsen/logrus"
|
||||
//
|
||||
// "github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
|
||||
// oci "github.com/opencontainers/runtime-spec/specs-go"
|
||||
// )
|
||||
// "tags.cncf.io/container-device-interface/pkg/cdi"
|
||||
// oci "github.com/opencontainers/runtime-spec/specs-go"
|
||||
// )
|
||||
//
|
||||
// func injectCDIDevices(spec *oci.Spec, devices []string) error {
|
||||
// registry := cdi.GetRegistry()
|
||||
// func injectCDIDevices(spec *oci.Spec, devices []string) error {
|
||||
// registry := cdi.GetRegistry()
|
||||
//
|
||||
// if err := registry.Refresh(); err != nil {
|
||||
// // Note:
|
||||
// // It is up to the implementation to decide whether
|
||||
// // to abort injection on errors. A failed Refresh()
|
||||
// // does not necessarily render the registry unusable.
|
||||
// // For instance, a parse error in a Spec file for
|
||||
// // vendor A does not have any effect on devices of
|
||||
// // vendor B...
|
||||
// log.Warnf("pre-injection Refresh() failed: %v", err)
|
||||
// }
|
||||
// if err := registry.Refresh(); err != nil {
|
||||
// // Note:
|
||||
// // It is up to the implementation to decide whether
|
||||
// // to abort injection on errors. A failed Refresh()
|
||||
// // does not necessarily render the registry unusable.
|
||||
// // For instance, a parse error in a Spec file for
|
||||
// // vendor A does not have any effect on devices of
|
||||
// // vendor B...
|
||||
// log.Warnf("pre-injection Refresh() failed: %v", err)
|
||||
// }
|
||||
//
|
||||
// log.Debug("pristine OCI Spec: %s", dumpSpec(spec))
|
||||
// log.Debug("pristine OCI Spec: %s", dumpSpec(spec))
|
||||
//
|
||||
// unresolved, err := registry.InjectDevices(spec, devices)
|
||||
// if err != nil {
|
||||
// return fmt.Errorf("CDI device injection failed: %w", err)
|
||||
// }
|
||||
// unresolved, err := registry.InjectDevices(spec, devices)
|
||||
// if err != nil {
|
||||
// return fmt.Errorf("CDI device injection failed: %w", err)
|
||||
// }
|
||||
//
|
||||
// log.Debug("CDI-updated OCI Spec: %s", dumpSpec(spec))
|
||||
// return nil
|
||||
// }
|
||||
// log.Debug("CDI-updated OCI Spec: %s", dumpSpec(spec))
|
||||
// return nil
|
||||
// }
|
||||
//
|
||||
// Generated Spec Files, Multiple Directories, Device Precedence
|
||||
// # Generated Spec Files, Multiple Directories, Device Precedence
|
||||
//
|
||||
// It is often necessary to generate Spec files dynamically. On some
|
||||
// systems the available or usable set of CDI devices might change
|
||||
|
@ -149,7 +149,7 @@
|
|||
// '/etc/cdi' while all the dynamically generated Spec files, transient
|
||||
// or other, go into '/var/run/cdi'.
|
||||
//
|
||||
// Spec File Generation
|
||||
// # Spec File Generation
|
||||
//
|
||||
// CDI offers two functions for writing and removing dynamically generated
|
||||
// Specs from CDI Spec directories. These functions, WriteSpec() and
|
||||
|
@ -169,33 +169,35 @@
|
|||
// code snippet similar to the following:
|
||||
//
|
||||
// import (
|
||||
// "fmt"
|
||||
// ...
|
||||
// "github.com/container-orchestrated-devices/container-device-interface/specs-go"
|
||||
// "github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
|
||||
//
|
||||
// "fmt"
|
||||
// ...
|
||||
// "tags.cncf.io/container-device-interface/specs-go"
|
||||
// "tags.cncf.io/container-device-interface/pkg/cdi"
|
||||
//
|
||||
// )
|
||||
//
|
||||
// func generateDeviceSpecs() error {
|
||||
// registry := cdi.GetRegistry()
|
||||
// spec := &specs.Spec{
|
||||
// Version: specs.CurrentVersion,
|
||||
// Kind: vendor+"/"+class,
|
||||
// }
|
||||
// func generateDeviceSpecs() error {
|
||||
// registry := cdi.GetRegistry()
|
||||
// spec := &specs.Spec{
|
||||
// Version: specs.CurrentVersion,
|
||||
// Kind: vendor+"/"+class,
|
||||
// }
|
||||
//
|
||||
// for _, dev := range enumerateDevices() {
|
||||
// spec.Devices = append(spec.Devices, specs.Device{
|
||||
// Name: dev.Name,
|
||||
// ContainerEdits: getContainerEditsForDevice(dev),
|
||||
// })
|
||||
// }
|
||||
// for _, dev := range enumerateDevices() {
|
||||
// spec.Devices = append(spec.Devices, specs.Device{
|
||||
// Name: dev.Name,
|
||||
// ContainerEdits: getContainerEditsForDevice(dev),
|
||||
// })
|
||||
// }
|
||||
//
|
||||
// specName, err := cdi.GenerateNameForSpec(spec)
|
||||
// if err != nil {
|
||||
// return fmt.Errorf("failed to generate Spec name: %w", err)
|
||||
// }
|
||||
// specName, err := cdi.GenerateNameForSpec(spec)
|
||||
// if err != nil {
|
||||
// return fmt.Errorf("failed to generate Spec name: %w", err)
|
||||
// }
|
||||
//
|
||||
// return registry.SpecDB().WriteSpec(spec, specName)
|
||||
// }
|
||||
// return registry.SpecDB().WriteSpec(spec, specName)
|
||||
// }
|
||||
//
|
||||
// Similarly, generating and later cleaning up transient Spec files can be
|
||||
// done with code fragments similar to the following. These transient Spec
|
||||
|
@ -204,53 +206,55 @@
|
|||
// and removed once that container is removed.
|
||||
//
|
||||
// import (
|
||||
// "fmt"
|
||||
// ...
|
||||
// "github.com/container-orchestrated-devices/container-device-interface/specs-go"
|
||||
// "github.com/container-orchestrated-devices/container-device-interface/pkg/cdi"
|
||||
//
|
||||
// "fmt"
|
||||
// ...
|
||||
// "tags.cncf.io/container-device-interface/specs-go"
|
||||
// "tags.cncf.io/container-device-interface/pkg/cdi"
|
||||
//
|
||||
// )
|
||||
//
|
||||
// func generateTransientSpec(ctr Container) error {
|
||||
// registry := cdi.GetRegistry()
|
||||
// devices := getContainerDevs(ctr, vendor, class)
|
||||
// spec := &specs.Spec{
|
||||
// Version: specs.CurrentVersion,
|
||||
// Kind: vendor+"/"+class,
|
||||
// }
|
||||
// func generateTransientSpec(ctr Container) error {
|
||||
// registry := cdi.GetRegistry()
|
||||
// devices := getContainerDevs(ctr, vendor, class)
|
||||
// spec := &specs.Spec{
|
||||
// Version: specs.CurrentVersion,
|
||||
// Kind: vendor+"/"+class,
|
||||
// }
|
||||
//
|
||||
// for _, dev := range devices {
|
||||
// spec.Devices = append(spec.Devices, specs.Device{
|
||||
// // the generated name needs to be unique within the
|
||||
// // vendor/class domain on the host/node.
|
||||
// Name: generateUniqueDevName(dev, ctr),
|
||||
// ContainerEdits: getEditsForContainer(dev),
|
||||
// })
|
||||
// }
|
||||
// for _, dev := range devices {
|
||||
// spec.Devices = append(spec.Devices, specs.Device{
|
||||
// // the generated name needs to be unique within the
|
||||
// // vendor/class domain on the host/node.
|
||||
// Name: generateUniqueDevName(dev, ctr),
|
||||
// ContainerEdits: getEditsForContainer(dev),
|
||||
// })
|
||||
// }
|
||||
//
|
||||
// // transientID is expected to guarantee that the Spec file name
|
||||
// // generated using <vendor, class, transientID> is unique within
|
||||
// // the host/node. If more than one device is allocated with the
|
||||
// // same vendor/class domain, either all generated Spec entries
|
||||
// // should go to a single Spec file (like in this sample snippet),
|
||||
// // or transientID should be unique for each generated Spec file.
|
||||
// transientID := getSomeSufficientlyUniqueIDForContainer(ctr)
|
||||
// specName, err := cdi.GenerateNameForTransientSpec(vendor, class, transientID)
|
||||
// if err != nil {
|
||||
// return fmt.Errorf("failed to generate Spec name: %w", err)
|
||||
// }
|
||||
// // transientID is expected to guarantee that the Spec file name
|
||||
// // generated using <vendor, class, transientID> is unique within
|
||||
// // the host/node. If more than one device is allocated with the
|
||||
// // same vendor/class domain, either all generated Spec entries
|
||||
// // should go to a single Spec file (like in this sample snippet),
|
||||
// // or transientID should be unique for each generated Spec file.
|
||||
// transientID := getSomeSufficientlyUniqueIDForContainer(ctr)
|
||||
// specName, err := cdi.GenerateNameForTransientSpec(vendor, class, transientID)
|
||||
// if err != nil {
|
||||
// return fmt.Errorf("failed to generate Spec name: %w", err)
|
||||
// }
|
||||
//
|
||||
// return registry.SpecDB().WriteSpec(spec, specName)
|
||||
// }
|
||||
// return registry.SpecDB().WriteSpec(spec, specName)
|
||||
// }
|
||||
//
|
||||
// func removeTransientSpec(ctr Container) error {
|
||||
// registry := cdi.GetRegistry()
|
||||
// transientID := getSomeSufficientlyUniqueIDForContainer(ctr)
|
||||
// specName := cdi.GenerateNameForTransientSpec(vendor, class, transientID)
|
||||
// func removeTransientSpec(ctr Container) error {
|
||||
// registry := cdi.GetRegistry()
|
||||
// transientID := getSomeSufficientlyUniqueIDForContainer(ctr)
|
||||
// specName := cdi.GenerateNameForTransientSpec(vendor, class, transientID)
|
||||
//
|
||||
// return registry.SpecDB().RemoveSpec(specName)
|
||||
// }
|
||||
// return registry.SpecDB().RemoveSpec(specName)
|
||||
// }
|
||||
//
|
||||
// CDI Spec Validation
|
||||
// # CDI Spec Validation
|
||||
//
|
||||
// This package performs both syntactic and semantic validation of CDI
|
||||
// Spec file data when a Spec file is loaded via the registry or using
|
|
@ -17,7 +17,7 @@
|
|||
package cdi
|
||||
|
||||
import (
|
||||
"github.com/container-orchestrated-devices/container-device-interface/pkg/parser"
|
||||
"tags.cncf.io/container-device-interface/pkg/parser"
|
||||
)
|
||||
|
||||
// QualifiedName returns the qualified name for a device.
|
|
@ -19,8 +19,8 @@ package cdi
|
|||
import (
|
||||
"sync"
|
||||
|
||||
cdi "github.com/container-orchestrated-devices/container-device-interface/specs-go"
|
||||
oci "github.com/opencontainers/runtime-spec/specs-go"
|
||||
cdi "tags.cncf.io/container-device-interface/specs-go"
|
||||
)
|
||||
|
||||
// Registry keeps a cache of all CDI Specs installed or generated on
|
|
@ -28,8 +28,8 @@ import (
|
|||
oci "github.com/opencontainers/runtime-spec/specs-go"
|
||||
"sigs.k8s.io/yaml"
|
||||
|
||||
"github.com/container-orchestrated-devices/container-device-interface/internal/validation"
|
||||
cdi "github.com/container-orchestrated-devices/container-device-interface/specs-go"
|
||||
"tags.cncf.io/container-device-interface/internal/validation"
|
||||
cdi "tags.cncf.io/container-device-interface/specs-go"
|
||||
)
|
||||
|
||||
const (
|
|
@ -21,8 +21,8 @@ import (
|
|||
|
||||
"golang.org/x/mod/semver"
|
||||
|
||||
"github.com/container-orchestrated-devices/container-device-interface/pkg/parser"
|
||||
cdi "github.com/container-orchestrated-devices/container-device-interface/specs-go"
|
||||
"tags.cncf.io/container-device-interface/pkg/parser"
|
||||
cdi "tags.cncf.io/container-device-interface/specs-go"
|
||||
)
|
||||
|
||||
const (
|
|
@ -0,0 +1,38 @@
|
|||
package specs
|
||||
|
||||
import (
|
||||
spec "github.com/opencontainers/runtime-spec/specs-go"
|
||||
)
|
||||
|
||||
// ToOCI returns the opencontainers runtime Spec Hook for this Hook.
|
||||
func (h *Hook) ToOCI() spec.Hook {
|
||||
return spec.Hook{
|
||||
Path: h.Path,
|
||||
Args: h.Args,
|
||||
Env: h.Env,
|
||||
Timeout: h.Timeout,
|
||||
}
|
||||
}
|
||||
|
||||
// ToOCI returns the opencontainers runtime Spec Mount for this Mount.
|
||||
func (m *Mount) ToOCI() spec.Mount {
|
||||
return spec.Mount{
|
||||
Source: m.HostPath,
|
||||
Destination: m.ContainerPath,
|
||||
Options: m.Options,
|
||||
Type: m.Type,
|
||||
}
|
||||
}
|
||||
|
||||
// ToOCI returns the opencontainers runtime Spec LinuxDevice for this DeviceNode.
|
||||
func (d *DeviceNode) ToOCI() spec.LinuxDevice {
|
||||
return spec.LinuxDevice{
|
||||
Path: d.Path,
|
||||
Type: d.Type,
|
||||
Major: d.Major,
|
||||
Minor: d.Minor,
|
||||
FileMode: d.FileMode,
|
||||
UID: d.UID,
|
||||
GID: d.GID,
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue