Export hcsshim annotations into its own package

cmd/containerd-shim-runhcs-v1/pod.go

@@ -11,6 +11,7 @@ import (
 	"github.com/Microsoft/hcsshim/internal/oci"
 	"github.com/Microsoft/hcsshim/internal/uvm"
 	"github.com/Microsoft/hcsshim/osversion"
+	"github.com/Microsoft/hcsshim/pkg/annotations"
 	eventstypes "github.com/containerd/containerd/api/events"
 	"github.com/containerd/containerd/errdefs"
 	"github.com/containerd/containerd/runtime"
@@ -67,15 +68,15 @@ func createPod(ctx context.Context, events publisher, req *task.CreateTaskReques
 		return nil, errors.Wrapf(
 			errdefs.ErrFailedPrecondition,
 			"expected annotation: '%s': '%s' got '%s'",
-			oci.KubernetesContainerTypeAnnotation,
+			annotations.KubernetesContainerType,
 			oci.KubernetesContainerTypeSandbox,
 			ct)
 	}
 	if sid != req.ID {
 		return nil, errors.Wrapf(
 			errdefs.ErrFailedPrecondition,
 			"expected annotation '%s': '%s' got '%s'",
-			oci.KubernetesSandboxIDAnnotation,
+			annotations.KubernetesSandboxID,
 			req.ID,
 			sid)
 	}
@@ -175,7 +176,7 @@ func createPod(ctx context.Context, events publisher, req *task.CreateTaskReques
 	p.host = parent
 	if parent != nil {
 		cid := req.ID
-		if id, ok := s.Annotations[oci.AnnotationNcproxyContainerID]; ok {
+		if id, ok := s.Annotations[annotations.NcproxyContainerID]; ok {
 			cid = id
 		}
 		caAddr := fmt.Sprintf(uvm.ComputeAgentAddrFmt, cid)
@@ -319,15 +320,15 @@ func (p *pod) CreateTask(ctx context.Context, req *task.CreateTaskRequest, s *sp
 		return nil, errors.Wrapf(
 			errdefs.ErrFailedPrecondition,
 			"expected annotation: '%s': '%s' got '%s'",
-			oci.KubernetesContainerTypeAnnotation,
+			annotations.KubernetesContainerType,
 			oci.KubernetesContainerTypeContainer,
 			ct)
 	}
 	if sid != p.id {
 		return nil, errors.Wrapf(
 			errdefs.ErrFailedPrecondition,
 			"expected annotation '%s': '%s' got '%s'",
-			oci.KubernetesSandboxIDAnnotation,
+			annotations.KubernetesSandboxID,
 			p.id,
 			sid)
 	}

cmd/containerd-shim-runhcs-v1/start.go

@@ -12,6 +12,7 @@ import (
 
 	"github.com/Microsoft/go-winio"
 	"github.com/Microsoft/hcsshim/internal/oci"
+	"github.com/Microsoft/hcsshim/pkg/annotations"
 	"github.com/containerd/containerd/runtime/v2/shim"
 	"github.com/containerd/containerd/runtime/v2/task"
 	"github.com/containerd/ttrpc"
@@ -102,8 +103,8 @@ The start command can either start a new shim or return an address to an existin
 			if isSandbox && idFlag != sbid {
 				return errors.Errorf(
 					"'id' and '%s' must match for '%s=%s'",
-					oci.KubernetesSandboxIDAnnotation,
-					oci.KubernetesContainerTypeAnnotation,
+					annotations.KubernetesSandboxID,
+					annotations.KubernetesContainerType,
 					oci.KubernetesContainerTypeSandbox)
 			}
 

cmd/containerd-shim-runhcs-v1/task_hcs.go

@@ -37,6 +37,7 @@ import (
 	"github.com/Microsoft/hcsshim/internal/shimdiag"
 	"github.com/Microsoft/hcsshim/internal/uvm"
 	"github.com/Microsoft/hcsshim/osversion"
+	"github.com/Microsoft/hcsshim/pkg/annotations"
 )
 
 const bytesPerMB = 1024 * 1024
@@ -52,7 +53,7 @@ func newHcsStandaloneTask(ctx context.Context, events publisher, req *task.Creat
 		return nil, errors.Wrapf(
 			errdefs.ErrFailedPrecondition,
 			"cannot create standalone task, expected no annotation: '%s': got '%s'",
-			oci.KubernetesContainerTypeAnnotation,
+			annotations.KubernetesContainerType,
 			ct)
 	}
 

cmd/runhcs/container.go

@@ -23,6 +23,7 @@ import (
 	"github.com/Microsoft/hcsshim/internal/runhcs"
 	"github.com/Microsoft/hcsshim/internal/uvm"
 	"github.com/Microsoft/hcsshim/osversion"
+	"github.com/Microsoft/hcsshim/pkg/annotations"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/sys/windows"
@@ -207,8 +208,8 @@ func launchShim(cmd, pidFile, logFile string, args []string, data interface{}) (
 // returns `("", false)`.
 func parseSandboxAnnotations(a map[string]string) (string, bool) {
 	var t, id string
-	if t = a["io.kubernetes.cri.container-type"]; t != "" {
-		id = a["io.kubernetes.cri.sandbox-id"]
+	if t = a[annotations.KubernetesContainerType]; t != "" {
+		id = a[annotations.KubernetesSandboxID]
 	} else if t = a["io.kubernetes.cri-o.ContainerType"]; t != "" {
 		id = a["io.kubernetes.cri-o.SandboxID"]
 	} else if t = a["io.kubernetes.docker.type"]; t != "" {

internal/guest/runtime/hcsv2/nvidia_utils.go

@@ -11,6 +11,7 @@ import (
 
 	"github.com/Microsoft/hcsshim/cmd/gcstools/generichook"
 	"github.com/Microsoft/hcsshim/internal/guest/storage/pci"
+	"github.com/Microsoft/hcsshim/pkg/annotations"
 	oci "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 )
@@ -19,9 +20,6 @@ import (
 // this MUST match the path mapped to in the shim
 const lcowNvidiaMountPath = "/run/nvidia"
 
-// annotation to find the gpu capabilities on the container spec
-// must match the hcsshim annotation string for gpu capabilities
-const annotationContainerGPUCapabilities = "io.microsoft.container.gpu.capabilities"
 const nvidiaDebugFilePath = "/nvidia-container.log"
 
 const nvidiaToolBinary = "nvidia-container-cli"
@@ -50,7 +48,7 @@ func addNvidiaDevicePreHook(ctx context.Context, spec *oci.Spec) error {
 		"configure",
 		"--ldconfig=@/sbin/ldconfig",
 	}
-	if capabilities, ok := spec.Annotations[annotationContainerGPUCapabilities]; ok {
+	if capabilities, ok := spec.Annotations[annotations.ContainerGPUCapabilities]; ok {
 		caps := strings.Split(capabilities, ",")
 		for _, c := range caps {
 			args = append(args, fmt.Sprintf("--%s", c))

internal/guest/runtime/hcsv2/sandbox_container.go

@@ -11,6 +11,7 @@ import (
 
 	"github.com/Microsoft/hcsshim/internal/guest/network"
 	"github.com/Microsoft/hcsshim/internal/oc"
+	"github.com/Microsoft/hcsshim/pkg/annotations"
 	oci "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 	"go.opencensus.io/trace"
@@ -112,7 +113,7 @@ func setupSandboxContainerSpec(ctx context.Context, id string, spec *oci.Spec) (
 		}
 	}
 
-	if rlimCore := spec.Annotations["io.microsoft.lcow.rlimitcore"]; rlimCore != "" {
+	if rlimCore := spec.Annotations[annotations.RLimitCore]; rlimCore != "" {
 		if err := setCoreRLimit(spec, rlimCore); err != nil {
 			return err
 		}

internal/guest/runtime/hcsv2/spec.go

@@ -10,6 +10,7 @@ import (
 	"strings"
 
 	"github.com/Microsoft/hcsshim/internal/log"
+	"github.com/Microsoft/hcsshim/pkg/annotations"
 	"github.com/opencontainers/runc/libcontainer/devices"
 	"github.com/opencontainers/runc/libcontainer/user"
 	oci "github.com/opencontainers/runtime-spec/specs-go"
@@ -197,7 +198,7 @@ func getGroup(spec *oci.Spec, filter func(user.Group) bool) (user.Group, error)
 // applyAnnotationsToSpec modifies the spec based on additional information from annotations
 func applyAnnotationsToSpec(ctx context.Context, spec *oci.Spec) error {
 	// Check if we need to override container's /dev/shm
-	if val, ok := spec.Annotations["io.microsoft.container.storage.shm.size-kb"]; ok {
+	if val, ok := spec.Annotations[annotations.LCOWDevShmSizeInKb]; ok {
 		sz, err := strconv.ParseInt(val, 10, 64)
 		if err != nil {
 			return errors.Wrap(err, "/dev/shm size must be a valid integer")
@@ -220,8 +221,8 @@ func applyAnnotationsToSpec(ctx context.Context, spec *oci.Spec) error {
 	}
 
 	// Check if we need to do any capability/device mappings
-	if spec.Annotations["io.microsoft.virtualmachine.lcow.privileged"] == "true" {
-		log.G(ctx).Debug("'io.microsoft.virtualmachine.lcow.privileged' set for privileged container")
+	if spec.Annotations[annotations.LCOWPrivileged] == "true" {
+		log.G(ctx).Debugf("'%s' set for privileged container", annotations.LCOWPrivileged)
 
 		// Add all host devices
 		hostDevices, err := devices.HostDevices()

internal/guest/runtime/hcsv2/uvm.go

@@ -26,6 +26,7 @@ import (
 	"github.com/Microsoft/hcsshim/internal/guest/storage/pmem"
 	"github.com/Microsoft/hcsshim/internal/guest/storage/scsi"
 	"github.com/Microsoft/hcsshim/internal/guest/transport"
+	"github.com/Microsoft/hcsshim/pkg/annotations"
 	"github.com/Microsoft/hcsshim/pkg/securitypolicy"
 	shellwords "github.com/mattn/go-shellwords"
 	"github.com/pkg/errors"
@@ -156,7 +157,7 @@ func (h *Host) CreateContainer(ctx context.Context, id string, settings *prot.VM
 	}
 
 	var namespaceID string
-	criType, isCRI := settings.OCISpecification.Annotations["io.kubernetes.cri.container-type"]
+	criType, isCRI := settings.OCISpecification.Annotations[annotations.KubernetesContainerType]
 	if isCRI {
 		switch criType {
 		case "sandbox":
@@ -180,7 +181,7 @@ func (h *Host) CreateContainer(ctx context.Context, id string, settings *prot.VM
 				return nil, err
 			}
 		case "container":
-			sid, ok := settings.OCISpecification.Annotations["io.kubernetes.cri.sandbox-id"]
+			sid, ok := settings.OCISpecification.Annotations[annotations.KubernetesSandboxID]
 			if !ok || sid == "" {
 				return nil, errors.Errorf("unsupported 'io.kubernetes.cri.sandbox-id': '%s'", sid)
 			}

internal/guest/runtime/hcsv2/workload_container.go

@@ -10,6 +10,7 @@ import (
 
 	"github.com/Microsoft/hcsshim/internal/log"
 	"github.com/Microsoft/hcsshim/internal/oc"
+	"github.com/Microsoft/hcsshim/pkg/annotations"
 	"github.com/opencontainers/runc/libcontainer/devices"
 	oci "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
@@ -161,7 +162,7 @@ func setupWorkloadContainerSpec(ctx context.Context, sbid, id string, spec *oci.
 		return err
 	}
 
-	if rlimCore := spec.Annotations["io.microsoft.lcow.rlimitcore"]; rlimCore != "" {
+	if rlimCore := spec.Annotations[annotations.RLimitCore]; rlimCore != "" {
 		if err := setCoreRLimit(spec, rlimCore); err != nil {
 			return err
 		}

internal/hcsoci/create.go

@@ -20,6 +20,7 @@ import (
 	"github.com/Microsoft/hcsshim/internal/resources"
 	"github.com/Microsoft/hcsshim/internal/schemaversion"
 	"github.com/Microsoft/hcsshim/internal/uvm"
+	"github.com/Microsoft/hcsshim/pkg/annotations"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/sirupsen/logrus"
 )
@@ -97,13 +98,13 @@ func verifyCloneContainerSpecs(templateSpec, cloneSpec *specs.Spec) error {
 	}
 
 	// for annotations check that the values of memory & cpu annotations are same
-	if templateSpec.Annotations[oci.AnnotationContainerMemorySizeInMB] != cloneSpec.Annotations[oci.AnnotationContainerMemorySizeInMB] {
+	if templateSpec.Annotations[annotations.ContainerMemorySizeInMB] != cloneSpec.Annotations[annotations.ContainerMemorySizeInMB] {
 		return fmt.Errorf("memory size limit for template and clone containers can not be different")
 	}
-	if templateSpec.Annotations[oci.AnnotationContainerProcessorCount] != cloneSpec.Annotations[oci.AnnotationContainerProcessorCount] {
+	if templateSpec.Annotations[annotations.ContainerProcessorCount] != cloneSpec.Annotations[annotations.ContainerProcessorCount] {
 		return fmt.Errorf("processor count for template and clone containers can not be different")
 	}
-	if templateSpec.Annotations[oci.AnnotationContainerProcessorLimit] != cloneSpec.Annotations[oci.AnnotationContainerProcessorLimit] {
+	if templateSpec.Annotations[annotations.ContainerProcessorLimit] != cloneSpec.Annotations[annotations.ContainerProcessorLimit] {
 		return fmt.Errorf("processor limit for template and clone containers can not be different")
 	}
 

internal/hcsoci/devices.go

@@ -16,6 +16,7 @@ import (
 	"github.com/Microsoft/hcsshim/internal/resources"
 	"github.com/Microsoft/hcsshim/internal/uvm"
 	"github.com/Microsoft/hcsshim/osversion"
+	"github.com/Microsoft/hcsshim/pkg/annotations"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 )
@@ -24,8 +25,8 @@ const deviceUtilExeName = "device-util.exe"
 
 // getSpecKernelDrivers gets any device drivers specified on the spec.
 // Drivers are optional, therefore do not return an error if none are on the spec.
-func getSpecKernelDrivers(annotations map[string]string) ([]string, error) {
-	drivers := oci.ParseAnnotationCommaSeparated(oci.AnnotationVirtualMachineKernelDrivers, annotations)
+func getSpecKernelDrivers(annots map[string]string) ([]string, error) {
+	drivers := oci.ParseAnnotationCommaSeparated(annotations.VirtualMachineKernelDrivers, annots)
 	for _, driver := range drivers {
 		if _, err := os.Stat(driver); err != nil {
 			return nil, errors.Wrapf(err, "failed to find path to drivers at %s", driver)
@@ -36,8 +37,8 @@ func getSpecKernelDrivers(annotations map[string]string) ([]string, error) {
 
 // getDeviceExtensionPaths gets any device extensions paths specified on the spec.
 // device extensions are optional, therefore if none are on the spec, do not return an error.
-func getDeviceExtensionPaths(annotations map[string]string) ([]string, error) {
-	extensions := oci.ParseAnnotationCommaSeparated(oci.AnnotationDeviceExtensions, annotations)
+func getDeviceExtensionPaths(annots map[string]string) ([]string, error) {
+	extensions := oci.ParseAnnotationCommaSeparated(annotations.DeviceExtensions, annots)
 	for _, ext := range extensions {
 		if _, err := os.Stat(ext); err != nil {
 			return nil, errors.Wrapf(err, "failed to find path to driver extensions at %s", ext)

internal/hcsoci/hcsdoc_wcow.go

@@ -20,6 +20,7 @@ import (
 	"github.com/Microsoft/hcsshim/internal/uvmfolder"
 	"github.com/Microsoft/hcsshim/internal/wclayer"
 	"github.com/Microsoft/hcsshim/osversion"
+	"github.com/Microsoft/hcsshim/pkg/annotations"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/sirupsen/logrus"
 )
@@ -113,17 +114,17 @@ func createMountsConfig(ctx context.Context, coi *createOptionsInternal) (*mount
 // exclusive.
 func ConvertCPULimits(ctx context.Context, cid string, spec *specs.Spec, maxCPUCount int32) (int32, int32, int32, error) {
 	cpuNumSet := 0
-	cpuCount := oci.ParseAnnotationsCPUCount(ctx, spec, oci.AnnotationContainerProcessorCount, 0)
+	cpuCount := oci.ParseAnnotationsCPUCount(ctx, spec, annotations.ContainerProcessorCount, 0)
 	if cpuCount > 0 {
 		cpuNumSet++
 	}
 
-	cpuLimit := oci.ParseAnnotationsCPULimit(ctx, spec, oci.AnnotationContainerProcessorLimit, 0)
+	cpuLimit := oci.ParseAnnotationsCPULimit(ctx, spec, annotations.ContainerProcessorLimit, 0)
 	if cpuLimit > 0 {
 		cpuNumSet++
 	}
 
-	cpuWeight := oci.ParseAnnotationsCPUWeight(ctx, spec, oci.AnnotationContainerProcessorWeight, 0)
+	cpuWeight := oci.ParseAnnotationsCPUWeight(ctx, spec, annotations.ContainerProcessorWeight, 0)
 	if cpuWeight > 0 {
 		cpuNumSet++
 	}
@@ -244,7 +245,7 @@ func createWindowsContainerDocument(ctx context.Context, coi *createOptionsInter
 	}
 
 	// Memory Resources
-	memoryMaxInMB := oci.ParseAnnotationsMemory(ctx, coi.Spec, oci.AnnotationContainerMemorySizeInMB, 0)
+	memoryMaxInMB := oci.ParseAnnotationsMemory(ctx, coi.Spec, annotations.ContainerMemorySizeInMB, 0)
 	if memoryMaxInMB > 0 {
 		v1.MemoryMaximumInMB = int64(memoryMaxInMB)
 		v2Container.Memory = &hcsschema.Memory{
@@ -253,8 +254,8 @@ func createWindowsContainerDocument(ctx context.Context, coi *createOptionsInter
 	}
 
 	// Storage Resources
-	storageBandwidthMax := oci.ParseAnnotationsStorageBps(ctx, coi.Spec, oci.AnnotationContainerStorageQoSBandwidthMaximum, 0)
-	storageIopsMax := oci.ParseAnnotationsStorageIops(ctx, coi.Spec, oci.AnnotationContainerStorageQoSIopsMaximum, 0)
+	storageBandwidthMax := oci.ParseAnnotationsStorageBps(ctx, coi.Spec, annotations.ContainerStorageQoSBandwidthMaximum, 0)
+	storageIopsMax := oci.ParseAnnotationsStorageIops(ctx, coi.Spec, annotations.ContainerStorageQoSIopsMaximum, 0)
 	if storageBandwidthMax > 0 || storageIopsMax > 0 {
 		v1.StorageBandwidthMaximum = uint64(storageBandwidthMax)
 		v1.StorageIOPSMaximum = uint64(storageIopsMax)
@@ -392,7 +393,7 @@ func createWindowsContainerDocument(ctx context.Context, coi *createOptionsInter
 		dumpPath = coi.HostingSystem.ProcessDumpLocation()
 	}
 
-	if specDumpPath, ok := coi.Spec.Annotations[oci.AnnotationContainerProcessDumpLocation]; ok {
+	if specDumpPath, ok := coi.Spec.Annotations[annotations.ContainerProcessDumpLocation]; ok {
 		// If a process dump path was specified at pod creation time for a hypervisor isolated pod, then
 		// use this value. If one was specified on the container creation document then override with this
 		// instead. Unlike Linux, Windows containers can set the dump path on a per container basis.
@@ -466,8 +467,8 @@ func parseAssignedDevices(ctx context.Context, coi *createOptionsInternal, v2 *h
 // corresponding value the registry expects to be set.
 //
 // See DumpType at https://docs.microsoft.com/en-us/windows/win32/wer/collecting-user-mode-dumps for the mappings
-func parseDumpType(annotations map[string]string) (int32, error) {
-	dmpTypeStr := annotations[oci.AnnotationWCOWProcessDumpType]
+func parseDumpType(annots map[string]string) (int32, error) {
+	dmpTypeStr := annots[annotations.WCOWProcessDumpType]
 	switch dmpTypeStr {
 	case "":
 		// If no type specified, default to full dumps.

internal/hcsoci/resources_lcow.go

@@ -14,9 +14,9 @@ import (
 
 	"github.com/Microsoft/hcsshim/internal/layers"
 	"github.com/Microsoft/hcsshim/internal/log"
-	"github.com/Microsoft/hcsshim/internal/oci"
 	"github.com/Microsoft/hcsshim/internal/resources"
 	"github.com/Microsoft/hcsshim/internal/uvm"
+	"github.com/Microsoft/hcsshim/pkg/annotations"
 	specs "github.com/opencontainers/runtime-spec/specs-go"
 	"github.com/pkg/errors"
 )
@@ -25,7 +25,7 @@ import (
 // shim option is set. Right now we only support Nvidia gpus, so this will default to
 // a gpu vhd with nvidia files
 func getGPUVHDPath(coi *createOptionsInternal) (string, error) {
-	gpuVHDPath, ok := coi.Spec.Annotations[oci.AnnotationGPUVHDPath]
+	gpuVHDPath, ok := coi.Spec.Annotations[annotations.GPUVHDPath]
 	if !ok || gpuVHDPath == "" {
 		return "", fmt.Errorf("no gpu vhd specified %s", gpuVHDPath)
 	}