From c79c4e4c3073924d2d39dc331a93442ce2a2787b Mon Sep 17 00:00:00 2001 From: Shishir Mahajan Date: Tue, 22 Sep 2020 14:11:52 -0700 Subject: [PATCH] Add support for consul templates. --- containerd/containerd.go | 30 ++++++++++++++++++++++++------ containerd/driver.go | 9 ++++++++- 2 files changed, 32 insertions(+), 7 deletions(-) diff --git a/containerd/containerd.go b/containerd/containerd.go index 2098cd7..4530721 100644 --- a/containerd/containerd.go +++ b/containerd/containerd.go @@ -41,7 +41,7 @@ func (d *Driver) pullImage(imageName string) (containerd.Image, error) { return d.client.Pull(d.ctxContainerd, imageName, containerd.WithPullUnpack) } -func (d *Driver) createContainer(image containerd.Image, containerName, containerSnapshotName, containerdRuntime, netnsPath string, env []string, config *TaskConfig) (containerd.Container, error) { +func (d *Driver) createContainer(image containerd.Image, containerName, containerSnapshotName, containerdRuntime, netnsPath, secretsDir, taskDir string, env []string, config *TaskConfig) (containerd.Container, error) { if config.Command == "" && len(config.Args) > 0 { return nil, fmt.Errorf("Command is empty. Cannot set --args without --command.") } @@ -119,14 +119,22 @@ func (d *Driver) createContainer(image containerd.Image, containerName, containe return nil, fmt.Errorf("Options cannot be empty for mount type: %s. You need to atleast pass rbind and ro.", mount.Type) } - m := specs.Mount{} - m.Type = mount.Type - m.Destination = mount.Target - m.Source = mount.Source - m.Options = mount.Options + m := buildMountpoint(mount.Type, mount.Target, mount.Source, mount.Options) mounts = append(mounts, m) } + // Setup "/secrets" (NOMAD_SECRETS_DIR) in the container. + if secretsDir != "" { + secretsMount := buildMountpoint("bind", "/secrets", secretsDir, []string{"rbind", "ro"}) + mounts = append(mounts, secretsMount) + } + + // Setup "/local" (NOMAD_TASK_DIR) in the container. + if taskDir != "" { + taskMount := buildMountpoint("bind", "/local", taskDir, []string{"rbind", "ro"}) + mounts = append(mounts, taskMount) + } + if len(mounts) > 0 { opts = append(opts, oci.WithMounts(mounts)) } @@ -150,6 +158,16 @@ func (d *Driver) createContainer(image containerd.Image, containerName, containe ) } +// buildMountpoint builds the mount point for the container. +func buildMountpoint(mountType, mountTarget, mountSource string, mountOptions []string) specs.Mount { + m := specs.Mount{} + m.Type = mountType + m.Destination = mountTarget + m.Source = mountSource + m.Options = mountOptions + return m +} + func (d *Driver) loadContainer(id string) (containerd.Container, error) { return d.client.LoadContainer(d.ctxContainerd, id) } diff --git a/containerd/driver.go b/containerd/driver.go index ca64db7..92ae860 100644 --- a/containerd/driver.go +++ b/containerd/driver.go @@ -357,10 +357,17 @@ func (d *Driver) StartTask(cfg *drivers.TaskConfig) (*drivers.TaskHandle, *drive // Setup environment variables. var env []string + var secretsDir, taskDir string for key, val := range cfg.Env { if skipOverride(key) { continue } + if key == "NOMAD_SECRETS_DIR" { + secretsDir = val + } + if key == "NOMAD_TASK_DIR" { + taskDir = val + } env = append(env, fmt.Sprintf("%s=%s", key, val)) } @@ -370,7 +377,7 @@ func (d *Driver) StartTask(cfg *drivers.TaskConfig) (*drivers.TaskHandle, *drive netnsPath = cfg.NetworkIsolation.Path } - container, err := d.createContainer(image, containerName, containerSnapshotName, d.config.ContainerdRuntime, netnsPath, env, &driverConfig) + container, err := d.createContainer(image, containerName, containerSnapshotName, d.config.ContainerdRuntime, netnsPath, secretsDir, taskDir, env, &driverConfig) if err != nil { return nil, nil, fmt.Errorf("Error in creating container: %v", err) }