runtime: cri-o annotations have been moved to podman

Let's swith to depending on podman which also simplies indirect dependency on kubernetes components. And it helps to avoid cri-o security issues like CVE-2022-1708 as well. Fixes: #4972 Signed-off-by: Peng Tao <bergwolf@hyper.sh>
2026-01-07 00:14:21 +01:00 · 2022-08-24 18:07:47 +08:00
parent 2b5dc2ad39
commit a06d819b24
410 changed files with 26290 additions and 7742 deletions
--- a/src/runtime/pkg/oci/utils.go
+++ b/src/runtime/pkg/oci/utils.go
@@ -19,7 +19,7 @@ import (
 	"syscall"

 	ctrAnnotations "github.com/containerd/containerd/pkg/cri/annotations"
-	crioAnnotations "github.com/cri-o/cri-o/pkg/annotations"
+	podmanAnnotations "github.com/containers/podman/v4/pkg/annotations"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/sirupsen/logrus"
 	"k8s.io/apimachinery/pkg/api/resource"
@@ -46,17 +46,17 @@ var (

 	// CRIContainerTypeKeyList lists all the CRI keys that could define
 	// the container type from annotations in the config.json.
-	CRIContainerTypeKeyList = []string{ctrAnnotations.ContainerType, crioAnnotations.ContainerType, dockershimAnnotations.ContainerTypeLabelKey}
+	CRIContainerTypeKeyList = []string{ctrAnnotations.ContainerType, podmanAnnotations.ContainerType, dockershimAnnotations.ContainerTypeLabelKey}

 	// CRISandboxNameKeyList lists all the CRI keys that could define
 	// the sandbox ID (sandbox ID) from annotations in the config.json.
-	CRISandboxNameKeyList = []string{ctrAnnotations.SandboxID, crioAnnotations.SandboxID, dockershimAnnotations.SandboxIDLabelKey}
+	CRISandboxNameKeyList = []string{ctrAnnotations.SandboxID, podmanAnnotations.SandboxID, dockershimAnnotations.SandboxIDLabelKey}

 	// CRIContainerTypeList lists all the maps from CRI ContainerTypes annotations
 	// to a virtcontainers ContainerType.
 	CRIContainerTypeList = []annotationContainerType{
-		{crioAnnotations.ContainerTypeSandbox, vc.PodSandbox},
-		{crioAnnotations.ContainerTypeContainer, vc.PodContainer},
+		{podmanAnnotations.ContainerTypeSandbox, vc.PodSandbox},
+		{podmanAnnotations.ContainerTypeContainer, vc.PodContainer},
 		{ctrAnnotations.ContainerTypeSandbox, vc.PodSandbox},
 		{ctrAnnotations.ContainerTypeContainer, vc.PodContainer},
 		{dockershimAnnotations.ContainerTypeLabelSandbox, vc.PodSandbox},
@@ -1047,8 +1047,8 @@ func getShmSize(c vc.ContainerConfig) (uint64, error) {

 // IsCRIOContainerManager check if a Pod is created from CRI-O
 func IsCRIOContainerManager(spec *specs.Spec) bool {
-	if val, ok := spec.Annotations[crioAnnotations.ContainerType]; ok {
-		if val == crioAnnotations.ContainerTypeSandbox || val == crioAnnotations.ContainerTypeContainer {
+	if val, ok := spec.Annotations[podmanAnnotations.ContainerType]; ok {
+		if val == podmanAnnotations.ContainerTypeSandbox || val == podmanAnnotations.ContainerTypeContainer {
 			return true
 		}
 	}
--- a/src/runtime/pkg/oci/utils_test.go
+++ b/src/runtime/pkg/oci/utils_test.go
@@ -16,7 +16,7 @@ import (
 	"testing"

 	ctrAnnotations "github.com/containerd/containerd/pkg/cri/annotations"
-	crioAnnotations "github.com/cri-o/cri-o/pkg/annotations"
+	podmanAnnotations "github.com/containers/podman/v4/pkg/annotations"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/stretchr/testify/assert"
 	"golang.org/x/sys/unix"
@@ -224,22 +224,22 @@ func TestContainerType(t *testing.T) {
 		},
 		{
 			description:     "crio unexpected annotation, expect error",
-			annotationKey:   crioAnnotations.ContainerType,
+			annotationKey:   podmanAnnotations.ContainerType,
 			annotationValue: "foo",
 			expectedType:    vc.UnknownContainerType,
 			expectedErr:     true,
 		},
 		{
 			description:     "crio sandbox",
-			annotationKey:   crioAnnotations.ContainerType,
-			annotationValue: string(crioAnnotations.ContainerTypeSandbox),
+			annotationKey:   podmanAnnotations.ContainerType,
+			annotationValue: string(podmanAnnotations.ContainerTypeSandbox),
 			expectedType:    vc.PodSandbox,
 			expectedErr:     false,
 		},
 		{
 			description:     "crio container",
-			annotationKey:   crioAnnotations.ContainerType,
-			annotationValue: string(crioAnnotations.ContainerTypeContainer),
+			annotationKey:   podmanAnnotations.ContainerType,
+			annotationValue: string(podmanAnnotations.ContainerTypeContainer),
 			expectedType:    vc.PodContainer,
 			expectedErr:     false,
 		},
@@ -287,7 +287,7 @@ func TestSandboxIDSuccessful(t *testing.T) {
 	assert := assert.New(t)

 	ociSpec.Annotations = map[string]string{
-		crioAnnotations.SandboxID: testSandboxID,
+		podmanAnnotations.SandboxID: testSandboxID,
 	}

 	sandboxID, err := SandboxID(ociSpec)
@@ -883,15 +883,15 @@ func TestIsCRIOContainerManager(t *testing.T) {
 		result      bool
 	}{
 		{
-			annotations: map[string]string{crioAnnotations.ContainerType: "abc"},
+			annotations: map[string]string{podmanAnnotations.ContainerType: "abc"},
 			result:      false,
 		},
 		{
-			annotations: map[string]string{crioAnnotations.ContainerType: crioAnnotations.ContainerTypeSandbox},
+			annotations: map[string]string{podmanAnnotations.ContainerType: podmanAnnotations.ContainerTypeSandbox},
 			result:      true,
 		},
 		{
-			annotations: map[string]string{crioAnnotations.ContainerType: crioAnnotations.ContainerTypeContainer},
+			annotations: map[string]string{podmanAnnotations.ContainerType: podmanAnnotations.ContainerTypeContainer},
 			result:      true,
 		},
 	}