refactor container packages and support mounts

[BenTheElder]

• move pkg/docker to pkg/container/docker, long term we can better break up docker specific vs general container functionality and support other container runtimes.
  • tracking issue: support multiple container engines on the host #154
  • see also: Attempting to make kind a little less Docker Centric #151, this is work towards a cleaner alternative
  • see also: https://kind.sigs.k8s.io/docs/design/principles/#target-cri-functionality
• create a CRI package, with types (Mount related only for now) copied from upstream
  • this allows us to avoid stability concerns, if necessary we can provide our own conversion
  • I added better JSON / yaml encoding for Mount's propagation field
    • I've tested that in the future we could instead use type Mount upstreamcri.Mount and still support this
• add support for CRI Mounts in docker.Run, refactor docker.Run to take functional options
• support mounts in the node config, update control-plane and worker node creation to support this

This is an alternative to #302 where we vendor CRI

cc @neolit123

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: BenTheElder

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [BenTheElder]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[BenTheElder]

usage:

kind: Config
apiVersion: kind.sigs.k8s.io/v1alpha2
nodes:
- role: control-plane
  mounts:
  - container_path: /kind-source
    host_path: /Users/bentheelder/go/src/sigs.k8s.io/kind
    readonly: true

Things to consider for the future (but I think I'd rather not do in the first PR to keep the diff down):

• swap out the snakeCase json fields for camelCase fields to match the rest of our config?
• resolve environment variables in host_path or at least resolve relative paths with respect to the kind working directory. Docker requires absolute paths for bind mounts but that's not super great UX for our case I think ...

[neolit123]

this seems good @BenTheElder
i just need to do some quick testing for Mounts *[]cri.Mount

[neolit123]

there is a weird side effect when marshaling slices with omitempty, that is already a problem in k/k, kubeadm, cluster-api. i think the safe route was to use Mounts *[]cri.Mount json:"mounts,omitempty"` but i need to check this.

[neolit123]

package main

import (
	"fmt"
	"log"
	"sigs.k8s.io/yaml"
)

type A struct {
	Mounts []string `json:"mounts,omitempty"`
}

func main() {
	a := A{Mounts: []string{}} // <--------- [*]
	fmt.Println(a.Mounts, a.Mounts == nil)
	b, err := yaml.Marshal(a)	
	if err != nil {
		log.Fatal(err)
	}
	fmt.Println(string(b))
	c := A{}
	err = yaml.Unmarshal(b, &c)
	if err != nil {
		log.Fatal(err)
	}
	fmt.Println(c.Mounts, c.Mounts == nil)
}

[] false
{}
[] true

[*]
so this problem is relevant only if we assign a meaning to the "empty" value of Mounts and what is the "empty" value (is it a empty slice or nil) and if the user is marhaling the kind Config.

if there is no default value this problem is not relevant, but just referencing this here so that we don't have this problem for the future kind config:
kubernetes/kubeadm#1358

[BenTheElder]

What was it? https://play.golang.org/p/EOfDnWThpdj
Your comment hadn't loaded

[BenTheElder]

I think we can treat empty and nil the same, the node already has mounts (tmps and one docker volume) we're just adding additional mounts here (we should clarify that in the docs)

[neolit123]

hm, yes. i know the existing mounts are essential for the setup to work.

so in a way we already have default mounts and these mounts are extra mounts 🤔
would it be clearer naming this ExtraMounts and including some more notes in the field comment?

[BenTheElder]

Yeah I think that might make sense.

[BenTheElder]

renamed it 👍

[neolit123]

ideally everything "unmarshall" should be using DisallowUnknownFields
but i leave this to you.

[BenTheElder]

Yeah, trying to figure out if we should just do that inline or if there's a way to plumb through the option 🙄

[BenTheElder]

I'm going to tackle this in a follow up, but before the next release, I'm not sure how this will interact with the rest of the decoding logic.

i'm still hopeful for getting support for that upstream in API machinery.

[neolit123]

looks like these variable names need "adjustments" upstream.

[BenTheElder]

Yeah I'm not sure if that's actually an option. I think it would probably be fine for us to match the types closely but use a different on-disk format.

[neolit123]

we still have the option to shim with getters and setters. this means some extra boiler plate.
this fixes both the field names and hides the upstream config.

create a CRI package, with types (Mount related only for now) copied from upstream

• this allows us to avoid stability concerns, if necessary we can provide our own conversion

i need to know the roadmap for CRI in terms of do they have plans to remove or rename fields, because if there are upstream API changes our local type can end up invalid and we will have to break kind users because these fields are public in the kind config.

i will leave this to you at this point if you want us to proceed, but comments from others would be appreciated too.

[BenTheElder]

CRI is pretty stable at this point, this type hasn't actually changed in years.

But our local type can be a shim just closely matching their type, if they diverge we will translate. As long as we are not using the client this isn't an issue.

Also for the types we expose here for on disk purposes, what they are capable of is unlikely to change. They cannot remove support for these fields without breaking Kubernetes majorly.

[neolit123]

ok

[BenTheElder]

It is nice for now that they are literally the same definition, but if it diverges slightly (EG they add a field or break the type up) we can keep our changes compatible and translate.

The things we will need to expose in config like Mounts, DNS, ... those seem unlikely to change significantly.

More complex types like entire containers, those seem stable too but we don't need to expose those on disk anyhow.

[BenTheElder]

I adjusted our names, strangely the proto json tags were already camelCase but not the actual json tags 🤷‍♂️

Where possible these match user facing API fields in Kubernetes APIs

[neolit123]

i've missed if we are adding a linter exception for this file/package.

[BenTheElder]

We did, it's a separate commit.

[neolit123]

ah, saw it.

[neolit123]

/assign @munnerz
hi, do you have comments on the new CRI mount support?

[BenTheElder]

per discussion in the meeting I renamed to camel case and switched to the core/v1 VolumeMount strings for the mount enum. I think we can remove the lint exception now as well.

[BenTheElder]

Re-enabled golint and fixed remaining lints.

[neolit123]

as per the discussions today during the kind meeting LGTM.
/lgtm
/hold

[BenTheElder]

this one is not actually exposed directly in kubernetes volumes AFAICT, but from previous test-infra containerization work I remember control over this being necessary on some systems.

we should consider if we want to expose this or not, imho we can just document it well and expect the user to do the right thing, support for this shouldn't go anywhere in CRI

[BenTheElder]

/hold cancel

Will follow up with considerations on EG relative paths / other UX improvements.

In the meantime this config is now possible:

kind: Config
apiVersion: kind.sigs.k8s.io/v1alpha2
nodes:
- role: control-plane
  extraMounts:
  - containerPath: /kind-source
    hostPath: /Users/bentheelder/go/src/sigs.k8s.io/kind
    readOnly: true