Plumb CRI Container Devices through to OCI Windows Devices

This uses the "legacy" mapping of hostpath split on "/" producing type and ID; https://github.com/aarnaud/k8s-directx-device-plugin works this way, for example. TODO: Unit tests for the new spec processors. Signed-off-by: Paul "TBBle" Hampson <[email protected]>
containerd · Mar 4, 2022 · fe810fe · fe810fe
1 parent 79a7073
commit fe810fe
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 1 deletion.
diff --git a/oci/spec_opts_windows.go b/oci/spec_opts_windows.go
@@ -19,6 +19,7 @@ package oci
 import (
 	"context"
 	"errors"
+	"fmt"
 	"strings"
 
 	"github.com/containerd/containerd/containers"
@@ -100,3 +101,26 @@ func escapeAndCombineArgs(args []string) string {
 	}
 	return strings.Join(escaped, " ")
 }
+
+func WithDevices(devicePath, containerPath, permissions string) SpecOpts {
+	return func(_ context.Context, _ Client, _ *containers.Container, s *Spec) error {
+		if containerPath != "" {
+			return fmt.Errorf("unexpected containerPath %s", containerPath)
+		}
+
+		if permissions != "" {
+			return fmt.Errorf("unexpected permissions %s", permissions)
+		}
+
+		deviceParts := strings.Split(devicePath, "/")
+		if len(deviceParts) != 2 {
+			return fmt.Errorf("unsupported devicePath %s, must be in 'type/id' format", devicePath)
+		}
+
+		if s.Windows == nil {
+			s.Windows = &specs.Windows{}
+		}
+		s.Windows.Devices = append(s.Windows.Devices, specs.WindowsDevice{IDType: deviceParts[0], ID: deviceParts[1]})
+		return nil
+	}
+}
diff --git a/pkg/cri/opts/spec_windows.go b/pkg/cri/opts/spec_windows.go
@@ -230,3 +230,16 @@ func WithWindowsCredentialSpec(credentialSpec string) oci.SpecOpts {
 		return nil
 	}
 }
+
+// WithDevices sets the provided devices onto the container spec
+func WithDevices(config *runtime.ContainerConfig) oci.SpecOpts {
+	return func(ctx context.Context, client oci.Client, c *containers.Container, s *runtimespec.Spec) (err error) {
+		for _, device := range config.GetDevices() {
+			o := oci.WithDevices(device.HostPath, device.ContainerPath, device.Permissions)
+			if err := o(ctx, client, c, s); err != nil {
+				return err
+			}
+		}
+		return nil
+	}
+}
diff --git a/pkg/cri/server/container_create_windows.go b/pkg/cri/server/container_create_windows.go
@@ -76,7 +76,7 @@ func (c *criService) containerSpec(
 		oci.WithHostname(sandboxConfig.GetHostname()),
 	)
 
-	specOpts = append(specOpts, customopts.WithWindowsMounts(c.os, config, extraMounts))
+	specOpts = append(specOpts, customopts.WithWindowsMounts(c.os, config, extraMounts), customopts.WithDevices(config))
 
 	// Start with the image config user and override below if RunAsUsername is not "".
 	username := imageConfig.User