rk8s-dev · genedna · Apr 13, 2025 · Apr 13, 2025 · Apr 13, 2025
diff --git a/project/rkl/src/cli_commands.rs b/project/rkl/src/cli_commands.rs
@@ -1,11 +1,11 @@
-use crate::commands::{create, delete, kill, load_container, start, state};
+use crate::commands::{delete, load_container, start, state};
 use crate::rootpath;
-use crate::task::task::{self, TaskRunner};
+use crate::task::{self, TaskRunner};
 use anyhow::{Result, anyhow};
-use liboci_cli::{Create, Delete, Kill, Start, State};
+use liboci_cli::{Delete, Start, State};
 use std::fs::{self, File};
 use std::io::{Read, Write};
-use std::path::{Path, PathBuf};
+use std::path::Path;
 
 // store infomation of pod
 #[derive(Debug)]
@@ -17,7 +17,7 @@ pub struct PodInfo {
 impl PodInfo {
     pub fn load(root_path: &Path, pod_name: &str) -> Result<Self> {
         // get path like pods/podname
-        let pod_info_path = root_path.join("pods").join(format!("{}", pod_name));
+        let pod_info_path = root_path.join("pods").join(pod_name);
         let mut file =
             File::open(&pod_info_path).map_err(|_| anyhow!("Pod {} not found", pod_name))?;
         let mut contents = String::new();
@@ -44,7 +44,7 @@ impl PodInfo {
 
     pub fn save(&self, root_path: &Path, pod_name: &str) -> Result<()> {
         let pods_dir = root_path.join("pods");
-        let pod_info_path = pods_dir.join(format!("{}", pod_name));
+        let pod_info_path = pods_dir.join(pod_name);
 
         if pods_dir.exists() {
             if !pods_dir.is_dir() {
@@ -75,7 +75,7 @@ impl PodInfo {
     }
 
     pub fn delete(root_path: &Path, pod_name: &str) -> Result<()> {
-        let pod_info_path = root_path.join("pods").join(format!("{}", pod_name));
+        let pod_info_path = root_path.join("pods").join(pod_name);
         fs::remove_file(&pod_info_path)?;
         Ok(())
     }
@@ -177,7 +177,7 @@ pub fn start_pod(pod_name: &str) -> Result<(), anyhow::Error> {
 pub fn delete_pod(pod_name: &str) -> Result<(), anyhow::Error> {
     let root_path = rootpath::determine(None)?;
     let pod_info = PodInfo::load(&root_path, pod_name)?;
-    let container = load_container(root_path.clone(), &pod_name)
+    let container = load_container(root_path.clone(), pod_name)
         .map_err(|e| anyhow!("Failed to load container {}: {}", pod_name, e))?;
     let pid_i32 = container
         .state
@@ -241,7 +241,7 @@ pub fn state_pod(pod_name: &str) -> Result<(), anyhow::Error> {
     println!("Pod: {}", pod_name);
 
     println!("PodSandbox ID: {}", pod_info.pod_sandbox_id);
-    state::state(
+    let _ = state::state(
         State {
             container_id: pod_info.pod_sandbox_id.clone(),
         },
@@ -250,7 +250,7 @@ pub fn state_pod(pod_name: &str) -> Result<(), anyhow::Error> {
 
     println!("Containers:");
     for container_name in &pod_info.container_names {
-        let container_state = state::state(
+        let _container_state = state::state(
             State {
                 container_id: container_name.clone(),
             },

diff --git a/project/rkl/src/commands/create.rs b/project/rkl/src/commands/create.rs
@@ -4,7 +4,6 @@ use std::path::PathBuf;
 use anyhow::Result;
 use libcontainer::container::builder::ContainerBuilder;
 use libcontainer::syscall::syscall::SyscallType;
-use libcontainer::workload::{Executor, ExecutorError, ExecutorValidationError};
 use liboci_cli::Create;
 
 // One thing to note is that in the end, container is just another process in Linux

diff --git a/project/rkl/src/commands/mod.rs b/project/rkl/src/commands/mod.rs
@@ -2,7 +2,6 @@ use std::fs;
 use std::path::{Path, PathBuf};
 
 use anyhow::{Context, Result, bail};
-use libcgroups::common::AnyCgroupManager;
 use libcontainer::container::Container;
 
 pub mod create;
@@ -38,17 +37,3 @@ fn container_exists<P: AsRef<Path>>(root_path: P, container_id: &str) -> Result<
     let container_root = construct_container_root(root_path, container_id)?;
     Ok(container_root.exists())
 }
-
-fn create_cgroup_manager<P: AsRef<Path>>(
-    root_path: P,
-    container_id: &str,
-) -> Result<AnyCgroupManager> {
-    let container = load_container(root_path, container_id)?;
-    Ok(libcgroups::common::create_cgroup_manager(
-        libcgroups::common::CgroupConfig {
-            cgroup_path: container.spec()?.cgroup_path,
-            systemd_cgroup: container.systemd(),
-            container_name: container.id().to_string(),
-        },
-    )?)
-}
diff --git a/project/rkl/src/cri/cri.rs → project/rkl/src/cri/cri_api.rs b/project/rkl/src/cri/cri.rs → project/rkl/src/cri/cri_api.rs
@@ -50,9 +50,9 @@ pub struct PortMapping {
     /// * Valid host port range is 1-65535.
     /// * The value 0 has explicit semantic meaning: it indicates NO host port should be allocated.
     /// * The value 0 does NOT indicate dynamic port allocation. Future implementations
-    ///    of dynamic allocation will use different values/semantics.
+    ///   of dynamic allocation will use different values/semantics.
     /// * Implementations MUST handle the case where this field is explicitly set to 0,
-    ///    This field SHOULD be omitted when no port is required.
+    ///   This field SHOULD be omitted when no port is required.
     ///
     /// Default: If omitted, container port will not be exposed on the host.
     #[prost(int32, tag = "3")]
@@ -187,7 +187,7 @@ pub struct Int64Value {
 /// applied to a sandbox. Note that:
 /// 1) It does not apply to containers in the pods.
 /// 2) It may not be applicable to a PodSandbox which does not contain any running
-///     process.
+///    process.
 #[derive(Clone, PartialEq, ::prost::Message)]
 pub struct LinuxSandboxSecurityContext {
     /// Configurations for the sandbox's namespaces.
@@ -234,8 +234,8 @@ pub struct LinuxSandboxSecurityContext {
     /// * runtime/default: the default profile for the container runtime
     /// * unconfined: unconfined profile, ie, no seccomp sandboxing
     /// * localhost/<full-path-to-profile>: the profile installed on the node.
-    ///    <full-path-to-profile> is the full path of the profile.
-    /// Default: "", which is identical with unconfined.
+    ///   <full-path-to-profile> is the full path of the profile.
+    ///   Default: "", which is identical with unconfined.
     #[deprecated]
     #[prost(string, tag = "7")]
     pub seccomp_profile_path: ::prost::alloc::string::String,
@@ -980,17 +980,17 @@ pub struct LinuxContainerSecurityContext {
     /// * runtime/default: equivalent to not specifying a profile.
     /// * unconfined: no profiles are loaded
     /// * localhost/<profile_name>: profile loaded on the node
-    ///     (localhost) by name. The possible profile names are detailed at
-    ///     <https://gitlab.com/apparmor/apparmor/-/wikis/AppArmor_Core_Policy_Reference>
+    ///   (localhost) by name. The possible profile names are detailed at
+    ///   <https://gitlab.com/apparmor/apparmor/-/wikis/AppArmor_Core_Policy_Reference>
     #[deprecated]
     #[prost(string, tag = "9")]
     pub apparmor_profile: ::prost::alloc::string::String,
     /// Seccomp profile for the container, candidate values are:
     /// * runtime/default: the default profile for the container runtime
     /// * unconfined: unconfined profile, ie, no seccomp sandboxing
     /// * localhost/<full-path-to-profile>: the profile installed on the node.
-    ///    <full-path-to-profile> is the full path of the profile.
-    /// Default: "", which is identical with unconfined.
+    ///   <full-path-to-profile> is the full path of the profile.
+    ///   Default: "", which is identical with unconfined.
     #[deprecated]
     #[prost(string, tag = "10")]
     pub seccomp_profile_path: ::prost::alloc::string::String,
@@ -1758,16 +1758,16 @@ pub struct UpdateRuntimeConfigResponse {}
 /// RuntimeCondition contains condition information for the runtime.
 /// There are 2 kinds of runtime conditions:
 /// 1. Required conditions: Conditions are required for kubelet to work
-/// properly. If any required condition is unmet, the node will be not ready.
-/// The required conditions include:
+///    properly. If any required condition is unmet, the node will be not ready.
+///    The required conditions include:
 ///    * RuntimeReady: RuntimeReady means the runtime is up and ready to accept
-///    basic containers e.g. container only needs host network.
+///      basic containers e.g. container only needs host network.
 ///    * NetworkReady: NetworkReady means the runtime network is up and ready to
-///    accept containers which require container network.
+///      accept containers which require container network.
 /// 2. Optional conditions: Conditions are informative to the user, but kubelet
-/// will not rely on. Since condition type is an arbitrary string, all conditions
-/// not required are optional. These conditions will be exposed to users to help
-/// them understand the status of the system.
+///    will not rely on. Since condition type is an arbitrary string, all conditions
+///    not required are optional. These conditions will be exposed to users to help
+///    them understand the status of the system.
 #[derive(Clone, PartialEq, ::prost::Message)]
 pub struct RuntimeCondition {
     /// Type of runtime condition.
@@ -2314,6 +2314,7 @@ impl Protocol {
 }
 #[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, ::prost::Enumeration)]
 #[repr(i32)]
+#[allow(clippy::enum_variant_names)]
 pub enum MountPropagation {
     /// No mount propagation ("rprivate" in Linux terminology).
     PropagationPrivate = 0,
@@ -2676,6 +2677,7 @@ impl Signal {
 }
 #[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, ::prost::Enumeration)]
 #[repr(i32)]
+#[allow(clippy::enum_variant_names)]
 pub enum ContainerState {
     ContainerCreated = 0,
     ContainerRunning = 1,
@@ -2708,6 +2710,7 @@ impl ContainerState {
 }
 #[derive(Clone, Copy, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, ::prost::Enumeration)]
 #[repr(i32)]
+#[allow(clippy::enum_variant_names)]
 pub enum ContainerEventType {
     /// Container created
     ContainerCreatedEvent = 0,

diff --git a/project/rkl/src/cri/mod.rs b/project/rkl/src/cri/mod.rs
@@ -1 +1 @@
-pub mod cri;
+pub mod cri_api;
diff --git a/project/rkl/src/main.rs b/project/rkl/src/main.rs
@@ -4,8 +4,6 @@ mod cri;
 mod rootpath;
 mod task;
 use clap::{Parser, Subcommand};
-use std::error::Error;
-use task::task::TaskRunner;
 
 #[derive(Parser)]
 #[command(name = "rkl")]

diff --git a/project/rkl/src/task/task.rs → project/rkl/src/task.rs b/project/rkl/src/task/task.rs → project/rkl/src/task.rs
@@ -1,5 +1,5 @@
-use crate::commands::{create, delete, kill, load_container, start, state};
-use crate::cri::cri::{
+use crate::commands::{create, delete, kill, load_container, start};
+use crate::cri::cri_api::{
     ContainerConfig, ContainerMetadata, CreateContainerRequest, CreateContainerResponse, ImageSpec,
     KeyValue, Mount, PodSandboxConfig, PodSandboxMetadata, PortMapping, Protocol,
     RemovePodSandboxRequest, RemovePodSandboxResponse, RunPodSandboxRequest, RunPodSandboxResponse,
@@ -10,10 +10,9 @@ use anyhow::{Result, anyhow};
 use libcontainer::oci_spec::runtime::{
     LinuxBuilder, LinuxNamespaceBuilder, LinuxNamespaceType, ProcessBuilder, Spec,
 };
-use liboci_cli::{Create, Delete, Kill, Start, State};
+use liboci_cli::{Create, Delete, Kill, Start};
 use rust_cni::cni::Libcni;
 use serde::{Deserialize, Serialize};
-use serde_json::json;
 use std::fs::File;
 use std::io::{BufWriter, Read, Write};
 use std::path::{Path, PathBuf};
@@ -187,7 +186,7 @@ impl TaskRunner {
         request: RunPodSandboxRequest,
     ) -> Result<RunPodSandboxResponse, anyhow::Error> {
         let config = request.config.unwrap_or_default();
-        let sandbox_id = format!("{}", config.metadata.unwrap_or_default().name);
+        let sandbox_id = config.metadata.unwrap_or_default().name.to_string();
 
         // get bundle path of pause container from labels
         let bundle_path = self
@@ -231,7 +230,7 @@ impl TaskRunner {
             .pid
             .ok_or_else(|| anyhow!("PID not found for container {}", sandbox_id))?;
 
-        Self::setup_pod_network(pid_i32.clone())?;
+        Self::setup_pod_network(pid_i32)?;
         self.pause_pid = Some(pid_i32);
 
         let response = RunPodSandboxResponse {
@@ -330,7 +329,7 @@ impl TaskRunner {
         &self,
         request: CreateContainerRequest,
     ) -> Result<CreateContainerResponse, anyhow::Error> {
-        let pod_sandbox_id = request.pod_sandbox_id.clone();
+        let _pod_sandbox_id = request.pod_sandbox_id.clone();
         let config = request
             .config
             .as_ref()
@@ -385,7 +384,7 @@ impl TaskRunner {
             .iter()
             .find(|c| c.name == container_id)
             .ok_or_else(|| anyhow!("Container spec not found for ID: {}", container_id))?;
-        let mut process = ProcessBuilder::default()
+        let process = ProcessBuilder::default()
             .args(container_spec.args.clone())
             .build()?;
 
@@ -644,7 +643,7 @@ pub fn get_cni() -> Result<Libcni, anyhow::Error> {
     }
     plugin_conf_dir.push("rkl/test");
 
-    let mut cni = Libcni::new(
+    let cni = Libcni::new(
         Some(plugin_dirs),
         Some(plugin_conf_dir.to_string_lossy().to_string()),
         None,

diff --git a/project/rkl/src/task/mod.rs b/project/rkl/src/task/mod.rs
diff --git a/project/rkl/test/bundles/busybox/config.json b/project/rkl/test/bundles/busybox/config.json
@@ -97,29 +97,29 @@
     "cwd": "/",
     "capabilities": {
       "bounding": [
+        "CAP_NET_BIND_SERVICE",
         "CAP_AUDIT_WRITE",
-        "CAP_KILL",
-        "CAP_NET_BIND_SERVICE"
+        "CAP_KILL"
       ],
       "effective": [
+        "CAP_NET_BIND_SERVICE",
         "CAP_AUDIT_WRITE",
-        "CAP_KILL",
-        "CAP_NET_BIND_SERVICE"
+        "CAP_KILL"
       ],
       "inheritable": [
+        "CAP_NET_BIND_SERVICE",
         "CAP_AUDIT_WRITE",
-        "CAP_KILL",
-        "CAP_NET_BIND_SERVICE"
+        "CAP_KILL"
       ],
       "permitted": [
+        "CAP_NET_BIND_SERVICE",
         "CAP_AUDIT_WRITE",
-        "CAP_KILL",
-        "CAP_NET_BIND_SERVICE"
+        "CAP_KILL"
       ],
       "ambient": [
+        "CAP_NET_BIND_SERVICE",
         "CAP_AUDIT_WRITE",
-        "CAP_KILL",
-        "CAP_NET_BIND_SERVICE"
+        "CAP_KILL"
       ]
     },
     "rlimits": [
@@ -140,19 +140,19 @@
     "namespaces": [
       {
         "type": "pid",
-        "path": "/proc/84833/ns/pid"
+        "path": "/proc/21563/ns/pid"
       },
       {
         "type": "network",
-        "path": "/proc/84833/ns/net"
+        "path": "/proc/21563/ns/net"
       },
       {
         "type": "ipc",
-        "path": "/proc/84833/ns/ipc"
+        "path": "/proc/21563/ns/ipc"
       },
       {
         "type": "uts",
-        "path": "/proc/84833/ns/uts"
+        "path": "/proc/21563/ns/uts"
       },
       {
         "type": "mount"

diff --git a/project/rkl/test/pod-with-a-container.yaml b/project/rkl/test/pod-with-a-container.yaml
@@ -4,11 +4,11 @@ metadata:
   name: simple-container-task  
   labels:
     app: my-app 
-    bundle: /home/tcy/project/rk8s/project/rkl/test/bundles/pause   # bundle path of pause container
+    bundle: /home/ich/rk8s/project/rkl/test/bundles/pause   # bundle path of pause container
 spec:
   containers:
     - name: main-container1    
-      image: /home/tcy/project/rk8s/project/rkl/test/bundles/busybox   # bundle path
+      image: /home/ich/rk8s/project/rkl/test/bundles/busybox   # bundle path
       args:               #the arguments of config.json file             
         - "sleep"                   
         - "10000"