volumeMounts sets up image volumes for container. Rely on the removal of container root directory to do cleanup. Note that image volume will be skipped, if there is criMounts specified with the same destination.
(platform imagespec.Platform, containerRootDir string, containerConfig *runtime.ContainerConfig, config *imagespec.ImageConfig)
| 501 | // root directory to do cleanup. Note that image volume will be skipped, if there is criMounts |
| 502 | // specified with the same destination. |
| 503 | func (c *criService) volumeMounts(platform imagespec.Platform, containerRootDir string, containerConfig *runtime.ContainerConfig, config *imagespec.ImageConfig) []*runtime.Mount { |
| 504 | var uidMappings, gidMappings []*runtime.IDMapping |
| 505 | if platform.OS == "linux" { |
| 506 | if usernsOpts := containerConfig.GetLinux().GetSecurityContext().GetNamespaceOptions().GetUsernsOptions(); usernsOpts != nil { |
| 507 | uidMappings = usernsOpts.GetUids() |
| 508 | gidMappings = usernsOpts.GetGids() |
| 509 | } |
| 510 | } |
| 511 | |
| 512 | criMounts := containerConfig.GetMounts() |
| 513 | |
| 514 | if len(config.Volumes) == 0 { |
| 515 | return nil |
| 516 | } |
| 517 | var mounts []*runtime.Mount |
| 518 | for dst := range config.Volumes { |
| 519 | if isInCRIMounts(dst, criMounts) { |
| 520 | // Skip the image volume, if there is CRI defined volume mapping. |
| 521 | // TODO(random-liu): This should be handled by Kubelet in the future. |
| 522 | // Kubelet should decide what to use for image volume, and also de-duplicate |
| 523 | // the image volume and user mounts. |
| 524 | continue |
| 525 | } |
| 526 | volumeID := util.GenerateID() |
| 527 | src := filepath.Join(containerRootDir, "volumes", volumeID) |
| 528 | // When the platform OS is Linux, ensure dst is a _Linux_ abs path. |
| 529 | // We can't use filepath.IsAbs() because, when executing on Windows, it checks for |
| 530 | // Windows abs paths. |
| 531 | if platform.OS == "linux" && !strings.HasPrefix(dst, "/") { |
| 532 | // On Windows, ToSlash() is needed to ensure the path is a valid Linux path. |
| 533 | // On Linux, ToSlash() is a no-op. |
| 534 | oldDst := dst |
| 535 | dst = filepath.ToSlash(filepath.Join("/", dst)) |
| 536 | log.L.Debugf("Volume destination %q is not absolute, converted to %q", oldDst, dst) |
| 537 | } |
| 538 | // addOCIBindMounts will create these volumes. |
| 539 | mounts = append(mounts, &runtime.Mount{ |
| 540 | ContainerPath: dst, |
| 541 | HostPath: src, |
| 542 | SelinuxRelabel: true, |
| 543 | UidMappings: uidMappings, |
| 544 | GidMappings: gidMappings, |
| 545 | }) |
| 546 | } |
| 547 | return mounts |
| 548 | } |
| 549 | |
| 550 | // runtimeSpec returns a default runtime spec used in cri-containerd. |
| 551 | func (c *criService) runtimeSpec(id string, platform imagespec.Platform, baseSpecFile string, opts ...oci.SpecOpts) (*runtimespec.Spec, error) { |