containerd icon indicating copy to clipboard operation
containerd copied to clipboard
Published 1 month ago verified publisher icon containerd

sandbox: make podsandbox controller plugin type of PodSandboxPlugin

Open abel-von opened this issue 1 year ago • 9 comments

We add a new plugin type SandboxControllerPluginV2 to distinguish it with the podsandbox controller. We can not handle the task in the pod sandbox as a sandboxed Task because podsandbox controller rely on task plugin to create pause container, If the task handle rely on podsandbox controller, it will make a cyclic dependency of plugins.

So In this PR, We add a new SandboxControllerPluginV2, the Shim sandbox controller and other user defined sandbox controllers should be in this kind. and the subsequent PR of sandboxed Task will rely on this PR to handle sandboxed Task in sandbox of SandboxControllerPluginV2.

abel-von avatar Feb 27 '24 06:02 abel-von

Hi @abel-von. Thanks for your PR.

I'm waiting for a containerd member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot avatar Feb 27 '24 06:02 k8s-ci-robot

There is no legacy podsandbox controller. Sandbox api was introduced in 1.7 as experimental API with no backward compatibility guaranties until its stable. It's perfectly legal to break things until 2.0 release.

mxpv avatar Feb 27 '24 20:02 mxpv

It is just the podsandbox controller is a little bit special because it manage sandbox by Task plugin. and in https://github.com/containerd/containerd/pull/9884 the sandboxed Task may have dependency on the sandbox controller to update the sandbox before/after task manangement, this makes a cyclic dependency.

We add a v2 sandbox controller to distinguish it with the podsandbox controller, so we can exclude it from the sandboxed Task dependency.

In the last community meeting I proposed another solution, we can add a ReqiureExcludes in the plugin definition to exclude the podsandbox controller from the Requires image

I am not sure which is a better solution, may you have a better suggestion, please? @mxpv

abel-von avatar Mar 01 '24 03:03 abel-von

/ok-to-test

Burning1020 avatar Mar 30 '24 02:03 Burning1020

Shell we add this in 2.0 milestone list? @mxpv @fuweid

Burning1020 avatar Apr 20 '24 08:04 Burning1020

/retest

abel-von avatar May 06 '24 16:05 abel-von

/retest

abel-von avatar May 17 '24 08:05 abel-von

@mxpv could you please take a look?

abel-von avatar May 23 '24 17:05 abel-von

Please take a look at this PR while you have time. @mxpv @dmcgowan @fuweid

abel-von avatar Jul 15 '24 08:07 abel-von

/cc @mxpv @dmcgowan @fuweid

abel-von avatar Jul 15 '24 08:07 abel-von

@mxpv Could you please take a look at this PR again? I realized that the change of plugin name may related to the change of config and config migration. Maybe we don't have to consider the compatibility issue, if we can merge it before 2.0.

abel-von avatar Jul 23 '24 01:07 abel-von