diff --git a/pkg/kubelet/dockershim/docker_container.go b/pkg/kubelet/dockershim/docker_container.go index 453c18c75663e..33a05556dfdce 100644 --- a/pkg/kubelet/dockershim/docker_container.go +++ b/pkg/kubelet/dockershim/docker_container.go @@ -102,7 +102,6 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeapi if err != nil { return "", fmt.Errorf("unable to get the docker API version: %v", err) } - securityOptSep := getSecurityOptSeparator(apiVersion) image := "" if iSpec := config.GetImage(); iSpec != nil { @@ -134,7 +133,7 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeapi } hc := createConfig.HostConfig - ds.updateCreateConfig(&createConfig, config, sandboxConfig, podSandboxID, securityOptSep, apiVersion) + ds.updateCreateConfig(&createConfig, config, sandboxConfig, podSandboxID, securityOptSeparator, apiVersion) // Set devices for container. devices := make([]dockercontainer.DeviceMapping, len(config.Devices)) for i, device := range config.Devices { @@ -146,7 +145,7 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeapi } hc.Resources.Devices = devices - securityOpts, err := ds.getSecurityOpts(config.GetLinux().GetSecurityContext().GetSeccompProfilePath(), securityOptSep) + securityOpts, err := ds.getSecurityOpts(config.GetLinux().GetSecurityContext().GetSeccompProfilePath(), securityOptSeparator) if err != nil { return "", fmt.Errorf("failed to generate security options for container %q: %v", config.Metadata.Name, err) } diff --git a/pkg/kubelet/dockershim/docker_sandbox.go b/pkg/kubelet/dockershim/docker_sandbox.go index b595e310096b2..e388a16e3d964 100644 --- a/pkg/kubelet/dockershim/docker_sandbox.go +++ b/pkg/kubelet/dockershim/docker_sandbox.go @@ -528,12 +528,6 @@ func (ds *dockerService) makeSandboxDockerConfig(c *runtimeapi.PodSandboxConfig, // TODO(random-liu): Deprecate this label once container metrics is directly got from CRI. labels[types.KubernetesContainerNameLabel] = sandboxContainerName - apiVersion, err := ds.getDockerAPIVersion() - if err != nil { - return nil, fmt.Errorf("unable to get the docker API version: %v", err) - } - securityOptSep := getSecurityOptSeparator(apiVersion) - hc := &dockercontainer.HostConfig{} createConfig := &dockertypes.ContainerCreateConfig{ Name: makeSandboxName(c), @@ -547,7 +541,7 @@ func (ds *dockerService) makeSandboxDockerConfig(c *runtimeapi.PodSandboxConfig, } // Apply linux-specific options. - if err := ds.applySandboxLinuxOptions(hc, c.GetLinux(), createConfig, image, securityOptSep); err != nil { + if err := ds.applySandboxLinuxOptions(hc, c.GetLinux(), createConfig, image, securityOptSeparator); err != nil { return nil, err } @@ -565,7 +559,7 @@ func (ds *dockerService) makeSandboxDockerConfig(c *runtimeapi.PodSandboxConfig, } // Set security options. - securityOpts, err := ds.getSecurityOpts(c.GetLinux().GetSecurityContext().GetSeccompProfilePath(), securityOptSep) + securityOpts, err := ds.getSecurityOpts(c.GetLinux().GetSecurityContext().GetSeccompProfilePath(), securityOptSeparator) if err != nil { return nil, fmt.Errorf("failed to generate sandbox security options for sandbox %q: %v", c.Metadata.Name, err) } diff --git a/pkg/kubelet/dockershim/helpers.go b/pkg/kubelet/dockershim/helpers.go index 595263a840b22..8066b7b03c68f 100644 --- a/pkg/kubelet/dockershim/helpers.go +++ b/pkg/kubelet/dockershim/helpers.go @@ -22,7 +22,6 @@ import ( "strconv" "strings" - "github.com/blang/semver" dockertypes "github.com/docker/docker/api/types" dockercontainer "github.com/docker/docker/api/types/container" dockerfilters "github.com/docker/docker/api/types/filters" @@ -39,12 +38,8 @@ import ( ) const ( - annotationPrefix = "annotation." - - // Docker changed the API for specifying options in v1.11 - securityOptSeparatorChangeVersion = "1.23.0" // Corresponds to docker 1.11.x - securityOptSeparatorOld = ':' - securityOptSeparatorNew = '=' + annotationPrefix = "annotation." + securityOptSeparator = '=' ) var ( @@ -54,10 +49,6 @@ var ( // if a container starts but the executable file is not found, runc gives a message that matches startRE = regexp.MustCompile(`\\\\\\\"(.*)\\\\\\\": executable file not found`) - // Docker changes the security option separator from ':' to '=' in the 1.23 - // API version. - optsSeparatorChangeVersion = semver.MustParse(securityOptSeparatorChangeVersion) - defaultSeccompOpt = []dockerOpt{{"seccomp", "unconfined", ""}} ) @@ -321,21 +312,6 @@ func transformStartContainerError(err error) error { return err } -// getSecurityOptSeparator returns the security option separator based on the -// docker API version. -// TODO: Remove this function along with the relevant code when we no longer -// need to support docker 1.10. -func getSecurityOptSeparator(v *semver.Version) rune { - switch v.Compare(optsSeparatorChangeVersion) { - case -1: - // Current version is less than the API change version; use the old - // separator. - return securityOptSeparatorOld - default: - return securityOptSeparatorNew - } -} - // ensureSandboxImageExists pulls the sandbox image when it's not present. func ensureSandboxImageExists(client libdocker.Interface, image string) error { _, err := client.InspectImageByRef(image) diff --git a/pkg/kubelet/dockershim/helpers_test.go b/pkg/kubelet/dockershim/helpers_test.go index 9532b6bc04256..03809c4c5ffca 100644 --- a/pkg/kubelet/dockershim/helpers_test.go +++ b/pkg/kubelet/dockershim/helpers_test.go @@ -23,7 +23,6 @@ import ( "path/filepath" "testing" - "github.com/blang/semver" dockertypes "github.com/docker/docker/api/types" dockernat "github.com/docker/go-connections/nat" "github.com/stretchr/testify/assert" @@ -129,30 +128,6 @@ func TestParsingCreationConflictError(t *testing.T) { require.Equal(t, matches[1], "24666ab8c814d16f986449e504ea0159468ddf8da01897144a770f66dce0e14e") } -func TestGetSecurityOptSeparator(t *testing.T) { - for c, test := range map[string]struct { - desc string - version *semver.Version - expected rune - }{ - "older docker version": { - version: &semver.Version{Major: 1, Minor: 22, Patch: 0}, - expected: ':', - }, - "changed docker version": { - version: &semver.Version{Major: 1, Minor: 23, Patch: 0}, - expected: '=', - }, - "newer docker version": { - version: &semver.Version{Major: 1, Minor: 24, Patch: 0}, - expected: '=', - }, - } { - actual := getSecurityOptSeparator(test.version) - assert.Equal(t, test.expected, actual, c) - } -} - // writeDockerConfig will write a config file into a temporary dir, and return that dir. // Caller is responsible for deleting the dir and its contents. func writeDockerConfig(cfg string) (string, error) { diff --git a/pkg/kubelet/dockershim/libdocker/client.go b/pkg/kubelet/dockershim/libdocker/client.go index 0400bbb917908..99de908423944 100644 --- a/pkg/kubelet/dockershim/libdocker/client.go +++ b/pkg/kubelet/dockershim/libdocker/client.go @@ -29,8 +29,8 @@ import ( const ( // https://docs.docker.com/engine/reference/api/docker_remote_api/ - // docker version should be at least 1.10.x - MinimumDockerAPIVersion = "1.22.0" + // docker version should be at least 1.11.x + MinimumDockerAPIVersion = "1.23.0" // Status of a container returned by ListContainers. StatusRunningPrefix = "Up"