More dockertools cleanup

pkg/credentialprovider/BUILD

@@ -35,6 +35,7 @@ go_test(
     ],
     library = ":go_default_library",
     tags = ["automanaged"],
+    deps = ["//vendor/github.com/docker/engine-api/types:go_default_library"],
 )
 
 filegroup(

pkg/credentialprovider/keyring_test.go

@@ -19,7 +19,10 @@ package credentialprovider
 import (
 	"encoding/base64"
 	"fmt"
+	"reflect"
 	"testing"
+
+	dockertypes "github.com/docker/engine-api/types"
 )
 
 func TestUrlsMatch(t *testing.T) {
@@ -499,3 +502,117 @@ func TestLazyKeyring(t *testing.T) {
 		t.Errorf("Unexpected number of Provide calls: %v", provider.Count)
 	}
 }
+
+func TestDockerKeyringLookup(t *testing.T) {
+	ada := LazyAuthConfiguration{
+		AuthConfig: dockertypes.AuthConfig{
+			Username: "ada",
+			Password: "smash",
+			Email:    "ada@example.com",
+		},
+	}
+
+	grace := LazyAuthConfiguration{
+		AuthConfig: dockertypes.AuthConfig{
+			Username: "grace",
+			Password: "squash",
+			Email:    "grace@example.com",
+		},
+	}
+
+	dk := &BasicDockerKeyring{}
+	dk.Add(DockerConfig{
+		"bar.example.com/pong": DockerConfigEntry{
+			Username: grace.Username,
+			Password: grace.Password,
+			Email:    grace.Email,
+		},
+		"bar.example.com": DockerConfigEntry{
+			Username: ada.Username,
+			Password: ada.Password,
+			Email:    ada.Email,
+		},
+	})
+
+	tests := []struct {
+		image string
+		match []LazyAuthConfiguration
+		ok    bool
+	}{
+		// direct match
+		{"bar.example.com", []LazyAuthConfiguration{ada}, true},
+
+		// direct match deeper than other possible matches
+		{"bar.example.com/pong", []LazyAuthConfiguration{grace, ada}, true},
+
+		// no direct match, deeper path ignored
+		{"bar.example.com/ping", []LazyAuthConfiguration{ada}, true},
+
+		// match first part of path token
+		{"bar.example.com/pongz", []LazyAuthConfiguration{grace, ada}, true},
+
+		// match regardless of sub-path
+		{"bar.example.com/pong/pang", []LazyAuthConfiguration{grace, ada}, true},
+
+		// no host match
+		{"example.com", []LazyAuthConfiguration{}, false},
+		{"foo.example.com", []LazyAuthConfiguration{}, false},
+	}
+
+	for i, tt := range tests {
+		match, ok := dk.Lookup(tt.image)
+		if tt.ok != ok {
+			t.Errorf("case %d: expected ok=%t, got %t", i, tt.ok, ok)
+		}
+
+		if !reflect.DeepEqual(tt.match, match) {
+			t.Errorf("case %d: expected match=%#v, got %#v", i, tt.match, match)
+		}
+	}
+}
+
+// This validates that dockercfg entries with a scheme and url path are properly matched
+// by images that only match the hostname.
+// NOTE: the above covers the case of a more specific match trumping just hostname.
+func TestIssue3797(t *testing.T) {
+	rex := LazyAuthConfiguration{
+		AuthConfig: dockertypes.AuthConfig{
+			Username: "rex",
+			Password: "tiny arms",
+			Email:    "rex@example.com",
+		},
+	}
+
+	dk := &BasicDockerKeyring{}
+	dk.Add(DockerConfig{
+		"https://quay.io/v1/": DockerConfigEntry{
+			Username: rex.Username,
+			Password: rex.Password,
+			Email:    rex.Email,
+		},
+	})
+
+	tests := []struct {
+		image string
+		match []LazyAuthConfiguration
+		ok    bool
+	}{
+		// direct match
+		{"quay.io", []LazyAuthConfiguration{rex}, true},
+
+		// partial matches
+		{"quay.io/foo", []LazyAuthConfiguration{rex}, true},
+		{"quay.io/foo/bar", []LazyAuthConfiguration{rex}, true},
+	}
+
+	for i, tt := range tests {
+		match, ok := dk.Lookup(tt.image)
+		if tt.ok != ok {
+			t.Errorf("case %d: expected ok=%t, got %t", i, tt.ok, ok)
+		}
+
+		if !reflect.DeepEqual(tt.match, match) {
+			t.Errorf("case %d: expected match=%#v, got %#v", i, tt.match, match)
+		}
+	}
+}

pkg/kubelet/dockershim/BUILD

@@ -23,6 +23,7 @@ go_library(
         "docker_streaming.go",
         "exec.go",
         "helpers.go",
+        "helpers_linux.go",
         "naming.go",
         "security_context.go",
     ],

pkg/kubelet/dockershim/docker_container.go

@@ -151,7 +151,7 @@ func (ds *dockerService) CreateContainer(podSandboxID string, config *runtimeapi
 		if rOpts != nil {
 			hc.Resources = dockercontainer.Resources{
 				Memory:     rOpts.MemoryLimitInBytes,
-				MemorySwap: dockertools.DefaultMemorySwap(),
+				MemorySwap: DefaultMemorySwap(),
 				CPUShares:  rOpts.CpuShares,
 				CPUQuota:   rOpts.CpuQuota,
 				CPUPeriod:  rOpts.CpuPeriod,

pkg/kubelet/dockershim/docker_sandbox.go

@@ -578,7 +578,7 @@ func sharesHostIpc(container *dockertypes.ContainerJSON) bool {
 
 func setSandboxResources(hc *dockercontainer.HostConfig) {
 	hc.Resources = dockercontainer.Resources{
-		MemorySwap: dockertools.DefaultMemorySwap(),
+		MemorySwap: DefaultMemorySwap(),
 		CPUShares:  defaultSandboxCPUshares,
 		// Use docker's default cpu quota/period.
 	}

pkg/kubelet/dockertools/docker_manager_linux.go → pkg/kubelet/dockershim/helpers_linux.go

@@ -16,7 +16,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package dockertools
+package dockershim
 
 func DefaultMemorySwap() int64 {
 	return 0

pkg/kubelet/dockertools/docker_manager_unsupported.go → pkg/kubelet/dockershim/helpers_unsupported.go

@@ -16,7 +16,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package dockertools
+package dockershim
 
 func DefaultMemorySwap() int64 {
 	return -1

pkg/kubelet/dockertools/docker_manager_windows.go → pkg/kubelet/dockershim/helpers_windows.go

@@ -16,7 +16,7 @@ See the License for the specific language governing permissions and
 limitations under the License.
 */
 
-package dockertools
+package dockershim
 
 func DefaultMemorySwap() int64 {
 	return 0

pkg/kubelet/dockershim/naming.go

@@ -23,7 +23,6 @@ import (
 	"strings"
 
 	runtimeapi "k8s.io/kubernetes/pkg/kubelet/api/v1alpha1/runtime"
-	"k8s.io/kubernetes/pkg/kubelet/dockertools"
 	"k8s.io/kubernetes/pkg/kubelet/leaky"
 )
 
@@ -51,9 +50,9 @@ const (
 	// Delimiter used to construct docker container names.
 	nameDelimiter = "_"
 	// DockerImageIDPrefix is the prefix of image id in container status.
-	DockerImageIDPrefix = dockertools.DockerPrefix
+	DockerImageIDPrefix = "docker://"
 	// DockerPullableImageIDPrefix is the prefix of pullable image id in container status.
-	DockerPullableImageIDPrefix = dockertools.DockerPullablePrefix
+	DockerPullableImageIDPrefix = "docker-pullable://"
 )
 
 func makeSandboxName(s *runtimeapi.PodSandboxConfig) string {

pkg/kubelet/dockertools/BUILD

@@ -12,8 +12,6 @@ go_library(
     name = "go_default_library",
     srcs = [
         "docker.go",
-        "docker_manager.go",
-        "docker_manager_linux.go",
         "fake_docker_client.go",
         "instrumented_docker.go",
         "kube_docker_client.go",
@@ -24,7 +22,6 @@ go_library(
         "//pkg/credentialprovider:go_default_library",
         "//pkg/kubelet/container:go_default_library",
         "//pkg/kubelet/images:go_default_library",
-        "//pkg/kubelet/leaky:go_default_library",
         "//pkg/kubelet/metrics:go_default_library",
         "//vendor/github.com/docker/distribution/digest:go_default_library",
         "//vendor/github.com/docker/distribution/reference:go_default_library",

pkg/kubelet/dockertools/docker.go

@@ -37,15 +37,21 @@ import (
 	"k8s.io/kubernetes/pkg/credentialprovider"
 	kubecontainer "k8s.io/kubernetes/pkg/kubelet/container"
 	"k8s.io/kubernetes/pkg/kubelet/images"
-	"k8s.io/kubernetes/pkg/kubelet/leaky"
 )
 
 const (
-	PodInfraContainerName = leaky.PodInfraContainerName
-	DockerPrefix          = "docker://"
-	DockerPullablePrefix  = "docker-pullable://"
-	LogSuffix             = "log"
-	ext4MaxFileNameLen    = 255
+	LogSuffix          = "log"
+	ext4MaxFileNameLen = 255
+
+	DockerType = "docker"
+
+	// https://docs.docker.com/engine/reference/api/docker_remote_api/
+	// docker version should be at least 1.10.x
+	minimumDockerAPIVersion = "1.22"
+
+	statusRunningPrefix = "Up"
+	statusExitedPrefix  = "Exited"
+	statusCreatedPrefix = "Created"
 )
 
 // DockerInterface is an abstract interface for testability.  It abstracts the interface of docker client.