guest: unify pod model for V1, virtual pod, and V2 shim support#2662
Closed
shreyanshjain7174 wants to merge 2 commits intomicrosoft:mainfrom
Closed
guest: unify pod model for V1, virtual pod, and V2 shim support#2662shreyanshjain7174 wants to merge 2 commits intomicrosoft:mainfrom
shreyanshjain7174 wants to merge 2 commits intomicrosoft:mainfrom
Conversation
shreyanshjain7174
force-pushed
the
guest-pod-unification
branch
from
2c315a9 to
38631fd
Compare
shreyanshjain7174
force-pushed
the
guest-pod-unification
branch
from
38631fd to
2c5aea1
Compare
Replace heuristic sandbox path derivation (hard-coded /run/gcs/c prefix + ID) with host-provided OCIBundlePath as the canonical sandbox root directory. This change prepares the guest-side GCS for Shim v2 and multi-pod UVM support, where the host may use a different path layout than the legacy /run/gcs/c/<id>. Key changes: - Add sandboxRoots mapping on Host to store resolved sandbox root per sandbox ID - Sandbox containers: register OCIBundlePath as sandbox root - Virtual pods: derive sandbox root from OCIBundlePath parent + /virtual-pods/<id> - Workload containers: resolve sandbox root from Host mapping (fallback to legacy) - Standalone containers: use OCIBundlePath directly as root - Container.Delete: use stored sandboxRoot for cleanup paths - Remove duplicate setup functions (setupVirtualPod* merged into unified setup*) The refactor produces identical paths when the old shim sends OCIBundlePath in the legacy format, ensuring zero behavior change for existing deployments. Security: virtualPodID is validated against path traversal before use. Signed-off-by: Shreyansh Sancheti <shsancheti@microsoft.com>
shreyanshjain7174
force-pushed
the
guest-pod-unification
branch
from
2c5aea1 to
221251e
Compare
Replace VirtualPod with a generic uvmPod struct that serves all three sandbox modes (V1 shim, virtual pod annotation, V2 native Sandbox API). Key changes: - VirtualPod (exported, complex) -> uvmPod (unexported, simpler) - Host.virtualPods/containerToVirtualPod/virtualPodsCgroupParent -> Host.pods - createPodInUVM: unified pod creation under /pods/<sandboxID> cgroup - Container.sandboxID: every container tracks its sandbox for cleanup - RemoveContainer: uses sandboxID + pod lookup instead of annotation checks - Cgroup layout: /pods/<sandboxID>/<containerID> for all CRI containers - cmd/gcs/main.go: /containers/virtual-pods cgroup -> /pods cgroup - Remove InitializeVirtualPodSupport and all VirtualPod management methods Signed-off-by: Shreyansh Sancheti <shsancheti@microsoft.com>
shreyanshjain7174
force-pushed
the
guest-pod-unification
branch
from
221251e to
18fb5d8
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Superseded — will rewrite as a fresh PR on top of merged #2653 (main). The old branch had too many conflicts with recent main changes to rebase cleanly.