containerd
containerd copied to clipboard
containerd
cri: add sandbox image name to annotations
We are working on a feature to enable the guest image pulling on the confidential-containers, and we would greatly appreciate containerd’s assistance in this matter. we hope containerd could share the pause image name and add it to the annotations so that we can pass it to the guest.
Fixes: #9418
Hi @ChengyuZhu6. Thanks for your PR.
I'm waiting for a containerd member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.
Once the patch is verified, the new status will be reflected by the ok-to-test label.
I understand the commands that are listed here.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
It would be grateful if someone could review it. @egernst @crosbymichael @dcantah @dmcgowan
Please squash into one commit. I can't see any reason to use two commits in this pr. Thanks
Fixed.
Side note: I don't have objections on this because it's just metadata. That CC runtime should not rely on this, since it's not an API. containerd doesn't guarantee to keep them in the future. CC runtime should consider to maintain their own pause image.
Side note: I don't have objections on this because it's just metadata. That CC runtime should not rely on this, since it's not an API. containerd doesn't guarantee to keep them in the future. CC runtime should consider to maintain their own pause image.
Thank you for the note. Now I’m interested in the transfer service and its benefits for pulling images in the guest. We plan to use it until transfer service is ready in containerd 2.0.
We plan to use it until transfer service is ready in containerd 2.0.
If so, we can close this one.
We plan to use it until transfer service is ready in containerd 2.0.
If so, we can close this one.
Please accept my apologies for any confusion. I noticed that containerd 2.0 is still in beta and some features (such as streaming) may not be fully ready yet. I would appreciate it if containerd could accept this patch, so that we can use the guest pull features on containerd 1.x for CC.
Hey... fair to pass the pod image annotation in for the cases where pause is being used on host...
Let's create a: // SandboxPauseImageName is the name of the contain image used to scope pod shared resources used by the pod's containers, if nil a pause container is not being used. SandboxImageName = "io.kubernetes.cri.podsandbox.image-name"
And only add that to the pod meta..
Hey @mikebrow , thanks for your review. I have rebased the PR and addressed your feedback.