From 27fdf664f8c8c14b65e4035d1a80229e98125b53 Mon Sep 17 00:00:00 2001 From: Kohei Tokunaga Date: Fri, 24 Mar 2023 09:41:06 +0900 Subject: [PATCH] Remove CRI Alpha API Signed-off-by: Kohei Tokunaga --- cmd/containerd-stargz-grpc/main.go | 13 +-- service/keychain/crialpha/crialpha.go | 155 -------------------------- service/plugin/plugin.go | 48 +------- service/plugincore/plugin.go | 6 +- 4 files changed, 5 insertions(+), 217 deletions(-) delete mode 100644 service/keychain/crialpha/crialpha.go diff --git a/cmd/containerd-stargz-grpc/main.go b/cmd/containerd-stargz-grpc/main.go index 2a4490173..6549fdce4 100644 --- a/cmd/containerd-stargz-grpc/main.go +++ b/cmd/containerd-stargz-grpc/main.go @@ -37,7 +37,6 @@ import ( "github.com/containerd/containerd/pkg/dialer" "github.com/containerd/containerd/snapshots" "github.com/containerd/containerd/sys" - runtime_alpha "github.com/containerd/containerd/third_party/k8s.io/cri-api/pkg/apis/runtime/v1alpha2" dbmetadata "github.com/containerd/stargz-snapshotter/cmd/containerd-stargz-grpc/db" ipfs "github.com/containerd/stargz-snapshotter/cmd/containerd-stargz-grpc/ipfs" "github.com/containerd/stargz-snapshotter/fs" @@ -45,7 +44,6 @@ import ( memorymetadata "github.com/containerd/stargz-snapshotter/metadata/memory" "github.com/containerd/stargz-snapshotter/service" "github.com/containerd/stargz-snapshotter/service/keychain/cri" - "github.com/containerd/stargz-snapshotter/service/keychain/crialpha" "github.com/containerd/stargz-snapshotter/service/keychain/dockerconfig" "github.com/containerd/stargz-snapshotter/service/keychain/kubeconfig" "github.com/containerd/stargz-snapshotter/service/resolver" @@ -160,18 +158,9 @@ func main() { } return runtime.NewImageServiceClient(conn), nil } - connectAlphaCRI := func() (runtime_alpha.ImageServiceClient, error) { - conn, err := newCRIConn(criAddr) - if err != nil { - return nil, err - } - return runtime_alpha.NewImageServiceClient(conn), nil - } f, criServer := cri.NewCRIKeychain(ctx, connectCRI) - fAlpha, criAlphaServer := crialpha.NewCRIAlphaKeychain(ctx, connectAlphaCRI) runtime.RegisterImageServiceServer(rpc, criServer) - runtime_alpha.RegisterImageServiceServer(rpc, criAlphaServer) - credsFuncs = append(credsFuncs, f, fAlpha) + credsFuncs = append(credsFuncs, f) } fsOpts := []fs.Option{fs.WithMetricsLogLevel(logrus.InfoLevel)} if config.IPFS { diff --git a/service/keychain/crialpha/crialpha.go b/service/keychain/crialpha/crialpha.go deleted file mode 100644 index 0d47ae564..000000000 --- a/service/keychain/crialpha/crialpha.go +++ /dev/null @@ -1,155 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package crialpha - -import ( - "context" - "errors" - "fmt" - "sync" - "time" - - "github.com/containerd/containerd/log" - "github.com/containerd/containerd/reference" - distribution "github.com/containerd/containerd/reference/docker" - "github.com/containerd/stargz-snapshotter/service/resolver" - - runtime_alpha "github.com/containerd/containerd/third_party/k8s.io/cri-api/pkg/apis/runtime/v1alpha2" - runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - - "github.com/containerd/stargz-snapshotter/util/criutil" -) - -// NewAlphaCRIKeychain provides creds passed through CRI PullImage API. -// Same as NewCRIKeychain but for CRI v1alpha API. -// Containerd doesn't drop v1alpha API support so our proxy also exposes this API as well. -func NewCRIAlphaKeychain(ctx context.Context, connectCRI func() (runtime_alpha.ImageServiceClient, error)) (resolver.Credential, runtime_alpha.ImageServiceServer) { - server := &instrumentedAlphaService{config: make(map[string]*runtime_alpha.AuthConfig)} - go func() { - log.G(ctx).Debugf("Waiting for CRI service is started...") - for i := 0; i < 100; i++ { - client, err := connectCRI() - if err == nil { - server.criMu.Lock() - server.cri = client - server.criMu.Unlock() - log.G(ctx).Info("connected to backend CRI service") - return - } - log.G(ctx).WithError(err).Warnf("failed to connect to CRI") - time.Sleep(10 * time.Second) - } - log.G(ctx).Warnf("no connection is available to CRI") - }() - return server.credentials, server -} - -type instrumentedAlphaService struct { - runtime_alpha.UnimplementedImageServiceServer - - cri runtime_alpha.ImageServiceClient - criMu sync.Mutex - - config map[string]*runtime_alpha.AuthConfig - configMu sync.Mutex -} - -func (in *instrumentedAlphaService) credentials(host string, refspec reference.Spec) (string, string, error) { - if host == "docker.io" || host == "registry-1.docker.io" { - // Creds of "docker.io" is stored keyed by "https://index.docker.io/v1/". - host = "index.docker.io" - } - in.configMu.Lock() - defer in.configMu.Unlock() - if cfg, ok := in.config[refspec.String()]; ok { - var v1cfg runtime.AuthConfig - if err := criutil.AlphaReqToV1Req(cfg, &v1cfg); err != nil { - return "", "", err - } - return resolver.ParseAuth(&v1cfg, host) - } - return "", "", nil -} - -func (in *instrumentedAlphaService) getCRI() (c runtime_alpha.ImageServiceClient) { - in.criMu.Lock() - c = in.cri - in.criMu.Unlock() - return -} - -func (in *instrumentedAlphaService) ListImages(ctx context.Context, r *runtime_alpha.ListImagesRequest) (res *runtime_alpha.ListImagesResponse, err error) { - cri := in.getCRI() - if cri == nil { - return nil, errors.New("server is not initialized yet") - } - return cri.ListImages(ctx, r) -} - -func (in *instrumentedAlphaService) ImageStatus(ctx context.Context, r *runtime_alpha.ImageStatusRequest) (res *runtime_alpha.ImageStatusResponse, err error) { - cri := in.getCRI() - if cri == nil { - return nil, errors.New("server is not initialized yet") - } - return cri.ImageStatus(ctx, r) -} - -func (in *instrumentedAlphaService) PullImage(ctx context.Context, r *runtime_alpha.PullImageRequest) (res *runtime_alpha.PullImageResponse, err error) { - cri := in.getCRI() - if cri == nil { - return nil, errors.New("server is not initialized yet") - } - refspec, err := parseReference(r.GetImage().GetImage()) - if err != nil { - return nil, err - } - in.configMu.Lock() - in.config[refspec.String()] = r.GetAuth() - in.configMu.Unlock() - return cri.PullImage(ctx, r) -} - -func (in *instrumentedAlphaService) RemoveImage(ctx context.Context, r *runtime_alpha.RemoveImageRequest) (_ *runtime_alpha.RemoveImageResponse, err error) { - cri := in.getCRI() - if cri == nil { - return nil, errors.New("server is not initialized yet") - } - refspec, err := parseReference(r.GetImage().GetImage()) - if err != nil { - return nil, err - } - in.configMu.Lock() - delete(in.config, refspec.String()) - in.configMu.Unlock() - return cri.RemoveImage(ctx, r) -} - -func (in *instrumentedAlphaService) ImageFsInfo(ctx context.Context, r *runtime_alpha.ImageFsInfoRequest) (res *runtime_alpha.ImageFsInfoResponse, err error) { - cri := in.getCRI() - if cri == nil { - return nil, errors.New("server is not initialized yet") - } - return cri.ImageFsInfo(ctx, r) -} - -func parseReference(ref string) (reference.Spec, error) { - namedRef, err := distribution.ParseDockerRef(ref) - if err != nil { - return reference.Spec{}, fmt.Errorf("failed to parse image reference %q: %w", ref, err) - } - return reference.Parse(namedRef.String()) -} diff --git a/service/plugin/plugin.go b/service/plugin/plugin.go index 743a270c9..b82bdd63a 100644 --- a/service/plugin/plugin.go +++ b/service/plugin/plugin.go @@ -16,52 +16,8 @@ package plugin -import ( - "context" - "time" - - "github.com/containerd/containerd/defaults" - "github.com/containerd/containerd/pkg/dialer" - grpc "google.golang.org/grpc" - "google.golang.org/grpc/backoff" - "google.golang.org/grpc/credentials/insecure" - - runtime_alpha "github.com/containerd/containerd/third_party/k8s.io/cri-api/pkg/apis/runtime/v1alpha2" - "github.com/containerd/stargz-snapshotter/service/keychain/crialpha" - "github.com/containerd/stargz-snapshotter/service/plugincore" - "github.com/containerd/stargz-snapshotter/service/resolver" -) +import "github.com/containerd/stargz-snapshotter/service/plugincore" func init() { - plugincore.RegisterPlugin(registerCRIAlphaServer) -} - -func registerCRIAlphaServer(ctx context.Context, criAddr string, rpc *grpc.Server) resolver.Credential { - connectAlphaCRI := func() (runtime_alpha.ImageServiceClient, error) { - conn, err := newCRIConn(criAddr) - if err != nil { - return nil, err - } - return runtime_alpha.NewImageServiceClient(conn), nil - } - criAlphaCreds, criAlphaServer := crialpha.NewCRIAlphaKeychain(ctx, connectAlphaCRI) - runtime_alpha.RegisterImageServiceServer(rpc, criAlphaServer) - return criAlphaCreds -} - -func newCRIConn(criAddr string) (*grpc.ClientConn, error) { - // TODO: make gRPC options configurable from config.toml - backoffConfig := backoff.DefaultConfig - backoffConfig.MaxDelay = 3 * time.Second - connParams := grpc.ConnectParams{ - Backoff: backoffConfig, - } - gopts := []grpc.DialOption{ - grpc.WithTransportCredentials(insecure.NewCredentials()), - grpc.WithConnectParams(connParams), - grpc.WithContextDialer(dialer.ContextDialer), - grpc.WithDefaultCallOptions(grpc.MaxCallRecvMsgSize(defaults.DefaultMaxRecvMsgSize)), - grpc.WithDefaultCallOptions(grpc.MaxCallSendMsgSize(defaults.DefaultMaxSendMsgSize)), - } - return grpc.Dial(dialer.DialAddress(criAddr), gopts...) + plugincore.RegisterPlugin() } diff --git a/service/plugincore/plugin.go b/service/plugincore/plugin.go index f7d65c2f1..f5bc6d8c1 100644 --- a/service/plugincore/plugin.go +++ b/service/plugincore/plugin.go @@ -17,7 +17,6 @@ package plugincore import ( - "context" "errors" "fmt" "net" @@ -55,7 +54,7 @@ type Config struct { Registry resolver.Registry `toml:"registry"` } -func RegisterPlugin(registerCRIAlphaServer func(ctx context.Context, criAddr string, rpc *grpc.Server) resolver.Credential) { +func RegisterPlugin() { ctdplugin.Register(&ctdplugin.Registration{ Type: ctdplugin.SnapshotPlugin, ID: "stargz", @@ -104,7 +103,6 @@ func RegisterPlugin(registerCRIAlphaServer func(ctx context.Context, criAddr str // Create a gRPC server rpc := grpc.NewServer() runtime.RegisterImageServiceServer(rpc, criServer) - criAlphaCreds := registerCRIAlphaServer(ctx, criAddr, rpc) // Prepare the directory for the socket if err := os.MkdirAll(filepath.Dir(addr), 0700); err != nil { return nil, fmt.Errorf("failed to create directory %q: %w", filepath.Dir(addr), err) @@ -123,7 +121,7 @@ func RegisterPlugin(registerCRIAlphaServer func(ctx context.Context, criAddr str log.G(ctx).WithError(err).Warnf("error on serving via socket %q", addr) } }() - credsFuncs = append(credsFuncs, criAlphaCreds, criCreds) + credsFuncs = append(credsFuncs, criCreds) } // TODO(ktock): print warn if old configuration is specified.