https-github-com-bit
diff --git a/‎pkg/config/config_windows.go‎
Lines changed: 47 additions & 1 deletion b/‎pkg/config/config_windows.go‎
Lines changed: 47 additions & 1 deletion
diff --git a/‎pkg/containerd/opts/spec.go‎
Lines changed: 6 additions & 0 deletions b/‎pkg/containerd/opts/spec.go‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎pkg/containerd/opts/spec_unix.go‎
Lines changed: 0 additions & 1 deletion b/‎pkg/containerd/opts/spec_unix.go‎
Lines changed: 0 additions & 1 deletion
diff --git a/‎pkg/containerd/opts/spec_windows.go‎
Lines changed: 174 additions & 0 deletions b/‎pkg/containerd/opts/spec_windows.go‎
Lines changed: 174 additions & 0 deletions
diff --git a/‎pkg/netns/netns_windows.go‎
Lines changed: 38 additions & 10 deletions b/‎pkg/netns/netns_windows.go‎
Lines changed: 38 additions & 10 deletions
diff --git a/‎pkg/server/container_create.go‎
Lines changed: 1 addition & 2 deletions b/‎pkg/server/container_create.go‎
Lines changed: 1 addition & 2 deletions
@@ -18,7 +18,53 @@ limitations under the License.
 
 package config
 
+import (
+	"os"
+	"path/filepath"
+
+	"github.com/containerd/containerd"
+	"k8s.io/kubernetes/pkg/kubelet/server/streaming"
+)
+
 // DefaultConfig returns default configurations of cri plugin.
 func DefaultConfig() PluginConfig {
-	return PluginConfig{}
+	return PluginConfig{
+		CniConfig: CniConfig{
+			NetworkPluginBinDir:       filepath.Join(os.Getenv("ProgramFiles"), "containerd", "cni", "bin"),
+			NetworkPluginConfDir:      filepath.Join(os.Getenv("ProgramFiles"), "containerd", "cni", "conf"),
+			NetworkPluginMaxConfNum:   1,
+			NetworkPluginConfTemplate: "",
+		},
+		ContainerdConfig: ContainerdConfig{
+			Snapshotter:        containerd.DefaultSnapshotter,
+			DefaultRuntimeName: "runhcs-wcow-process",
+			NoPivot:            false,
+			Runtimes: map[string]Runtime{
+				"runhcs-wcow-process": {
+					Type: "io.containerd.runhcs.v1",
+				},
+			},
+		},
+		DisableTCPService:   true,
+		StreamServerAddress: "127.0.0.1",
+		StreamServerPort:    "0",
+		StreamIdleTimeout:   streaming.DefaultConfig.StreamIdleTimeout.String(), // 4 hour
+		EnableTLSStreaming:  false,
+		X509KeyPairStreaming: X509KeyPairStreaming{
+			TLSKeyFile:  "",
+			TLSCertFile: "",
+		},
+		SandboxImage:            "mcr.microsoft.com/k8s/core/pause:1.0.0",
+		StatsCollectPeriod:      10,
+		MaxContainerLogLineSize: 16 * 1024,
+		Registry: Registry{
+			Mirrors: map[string]Mirror{
+				"docker.io": {
+					Endpoints: []string{"https://registry-1.docker.io"},
+				},
+			},
+		},
+		MaxConcurrentDownloads: 3,
+		// TODO(windows): Add platform specific config, so that most common defaults can be shared.
+	}
 }
@@ -42,6 +42,12 @@ func WithRelativeRoot(root string) oci.SpecOpts {
 	}
 }
 
+// WithoutRoot sets the root to nil for the container.
+func WithoutRoot(ctx context.Context, client oci.Client, c *containers.Container, s *runtimespec.Spec) error {
+	s.Root = nil
+	return nil
+}
+
 // WithProcessArgs sets the process args on the spec based on the image and runtime config
 func WithProcessArgs(config *runtime.ContainerConfig, image *imagespec.ImageConfig) oci.SpecOpts {
 	return func(ctx context.Context, client oci.Client, c *containers.Container, s *runtimespec.Spec) (err error) {
 
@@ -137,7 +137,6 @@ func WithMounts(osi osinterface.OS, config *runtime.ContainerConfig, extra []*ru
 				mounts = append(mounts, e)
 			}
 		}
-		// ---
 
 		// Sort mounts in number of parts. This ensures that high level mounts don't
 		// shadow other mounts.
 
@@ -0,0 +1,174 @@
+// +build windows
+
+/*
+Copyright The containerd Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package opts
+
+import (
+	"context"
+	"path/filepath"
+	"sort"
+
+	"github.com/containerd/containerd/containers"
+	"github.com/containerd/containerd/oci"
+	runtimespec "github.com/opencontainers/runtime-spec/specs-go"
+	"github.com/pkg/errors"
+	runtime "k8s.io/cri-api/pkg/apis/runtime/v1alpha2"
+
+	osinterface "github.com/containerd/cri/pkg/os"
+)
+
+// WithWindowsNetworkNamespace sets windows network namespace for container.
+// TODO(windows): Move this into container/containerd.
+func WithWindowsNetworkNamespace(path string) oci.SpecOpts {
+	return func(ctx context.Context, client oci.Client, c *containers.Container, s *runtimespec.Spec) error {
+		if s.Windows == nil {
+			s.Windows = &runtimespec.Windows{}
+		}
+		if s.Windows.Network == nil {
+			s.Windows.Network = &runtimespec.WindowsNetwork{}
+		}
+		s.Windows.Network.NetworkNamespace = path
+		return nil
+	}
+}
+
+// WithWindowsMounts sorts and adds runtime and CRI mounts to the spec for
+// windows container.
+func WithWindowsMounts(osi osinterface.OS, config *runtime.ContainerConfig, extra []*runtime.Mount) oci.SpecOpts {
+	return func(ctx context.Context, client oci.Client, _ *containers.Container, s *runtimespec.Spec) error {
+		// mergeMounts merge CRI mounts with extra mounts. If a mount destination
+		// is mounted by both a CRI mount and an extra mount, the CRI mount will
+		// be kept.
+		var (
+			criMounts = config.GetMounts()
+			mounts    = append([]*runtime.Mount{}, criMounts...)
+		)
+		// Copy all mounts from extra mounts, except for mounts overriden by CRI.
+		for _, e := range extra {
+			found := false
+			for _, c := range criMounts {
+				if filepath.Clean(e.ContainerPath) == filepath.Clean(c.ContainerPath) {
+					found = true
+					break
+				}
+			}
+			if !found {
+				mounts = append(mounts, e)
+			}
+		}
+
+		// Sort mounts in number of parts. This ensures that high level mounts don't
+		// shadow other mounts.
+		sort.Sort(orderedMounts(mounts))
+
+		// Copy all mounts from default mounts, except for
+		// - mounts overriden by supplied mount;
+		// - all mounts under /dev if a supplied /dev is present.
+		mountSet := make(map[string]struct{})
+		for _, m := range mounts {
+			mountSet[filepath.Clean(m.ContainerPath)] = struct{}{}
+		}
+
+		defaultMounts := s.Mounts
+		s.Mounts = nil
+
+		for _, m := range defaultMounts {
+			dst := filepath.Clean(m.Destination)
+			if _, ok := mountSet[dst]; ok {
+				// filter out mount overridden by a supplied mount
+				continue
+			}
+			s.Mounts = append(s.Mounts, m)
+		}
+
+		for _, mount := range mounts {
+			var (
+				dst = mount.GetContainerPath()
+				src = mount.GetHostPath()
+			)
+			// TODO(windows): Support special mount sources, e.g. named pipe.
+			// Create the host path if it doesn't exist.
+			if _, err := osi.Stat(src); err != nil {
+				// If the source doesn't exist, return an error instead
+				// of creating the source. This aligns with Docker's
+				// behavior on windows.
+				return errors.Wrapf(err, "failed to stat %q", src)
+			}
+			src, err := osi.ResolveSymbolicLink(src)
+			if err != nil {
+				return errors.Wrapf(err, "failed to resolve symlink %q", src)
+			}
+
+			var options []string
+			// NOTE(random-liu): we don't change all mounts to `ro` when root filesystem
+			// is readonly. This is different from docker's behavior, but make more sense.
+			if mount.GetReadonly() {
+				options = append(options, "ro")
+			} else {
+				options = append(options, "rw")
+			}
+			s.Mounts = append(s.Mounts, runtimespec.Mount{
+				Source:      src,
+				Destination: dst,
+				Options:     options,
+			})
+		}
+		return nil
+	}
+}
+
+// WithWindowsResources sets the provided resource restrictions for windows.
+func WithWindowsResources(resources *runtime.WindowsContainerResources) oci.SpecOpts {
+	return func(ctx context.Context, client oci.Client, c *containers.Container, s *runtimespec.Spec) error {
+		if resources == nil {
+			return nil
+		}
+		if s.Windows == nil {
+			s.Windows = &runtimespec.Windows{}
+		}
+		if s.Windows.Resources == nil {
+			s.Windows.Resources = &runtimespec.WindowsResources{}
+		}
+		if s.Windows.Resources.CPU == nil {
+			s.Windows.Resources.CPU = &runtimespec.WindowsCPUResources{}
+		}
+		if s.Windows.Resources.Memory == nil {
+			s.Windows.Resources.Memory = &runtimespec.WindowsMemoryResources{}
+		}
+
+		var (
+			count  = uint64(resources.GetCpuCount())
+			shares = uint16(resources.GetCpuShares())
+			max    = uint16(resources.GetCpuMaximum())
+			limit  = uint64(resources.GetMemoryLimitInBytes())
+		)
+		if count != 0 {
+			s.Windows.Resources.CPU.Count = &count
+		}
+		if shares != 0 {
+			s.Windows.Resources.CPU.Shares = &shares
+		}
+		if max != 0 {
+			s.Windows.Resources.CPU.Maximum = &max
+		}
+		if limit != 0 {
+			s.Windows.Resources.Memory.Limit = &limit
+		}
+		return nil
+	}
+}
@@ -18,33 +18,61 @@ limitations under the License.
 
 package netns
 
-// TODO(windows): Implement netns for windows.
-// NetNS holds network namespace.
+import "github.com/Microsoft/hcsshim/hcn"
+
+// NetNS holds network namespace for sandbox
 type NetNS struct {
+	path string
 }
 
-// NewNetNS creates a network namespace.
+// NewNetNS creates a network namespace for the sandbox
 func NewNetNS() (*NetNS, error) {
-	return nil, nil
+	temp := hcn.HostComputeNamespace{}
+	hcnNamespace, err := temp.Create()
+	if err != nil {
+		return nil, err
+	}
+
+	return &NetNS{path: string(hcnNamespace.Id)}, nil
 }
 
 // LoadNetNS loads existing network namespace.
 func LoadNetNS(path string) *NetNS {
-	return nil
+	return &NetNS{path: path}
 }
 
-// Remove removes network namepace. Remove is idempotent, meaning it might
-// be invoked multiple times and provides consistent result.
+// Remove removes network namepace if it exists and not closed. Remove is idempotent,
+// meaning it might be invoked multiple times and provides consistent result.
 func (n *NetNS) Remove() error {
-	return nil
+	hcnNamespace, err := hcn.GetNamespaceByID(n.path)
+	if err != nil {
+		if hcn.IsNotFoundError(err) {
+			return nil
+		}
+		return err
+	}
+	err = hcnNamespace.Delete()
+	if err == nil || hcn.IsNotFoundError(err) {
+		return nil
+	}
+	return err
 }
 
 // Closed checks whether the network namespace has been closed.
 func (n *NetNS) Closed() (bool, error) {
-	return false, nil
+	_, err := hcn.GetNamespaceByID(n.path)
+	if err == nil {
+		return false, nil
+	}
+	if hcn.IsNotFoundError(err) {
+		return true, nil
+	}
+	return false, err
 }
 
 // GetPath returns network namespace path for sandbox container
 func (n *NetNS) GetPath() string {
-	return ""
+	return n.path
 }
+
+// NOTE: Do function is not supported.
@@ -284,8 +284,7 @@ func (c *criService) volumeMounts(containerRootDir string, criMounts []*runtime.
 }
 
 // runtimeSpec returns a default runtime spec used in cri-containerd.
-// TODO(windows): Remove nolint after windows starts using this helper.
-func runtimeSpec(id string, opts ...oci.SpecOpts) (*runtimespec.Spec, error) { // nolint: deadcode, unused
+func runtimeSpec(id string, opts ...oci.SpecOpts) (*runtimespec.Spec, error) {
 	// GenerateSpec needs namespace.
 	ctx := ctrdutil.NamespacedContext()
 	spec, err := oci.GenerateSpec(ctx, nil, &containers.Container{ID: id}, opts...)
Original file line number	Diff line number	Diff line change
`@@ -42,6 +42,12 @@ func WithRelativeRoot(root string) oci.SpecOpts {`
`42`	`42`	`}`
`43`	`43`	`}`
`44`	`44`
	`45`	`+// WithoutRoot sets the root to nil for the container.`
	`46`	`+func WithoutRoot(ctx context.Context, client oci.Client, c containers.Container, s runtimespec.Spec) error {`
	`47`	`+ s.Root = nil`
	`48`	`+ return nil`
	`49`	`+}`
	`50`	`+`
`45`	`51`	`// WithProcessArgs sets the process args on the spec based on the image and runtime config`
`46`	`52`	`func WithProcessArgs(config runtime.ContainerConfig, image imagespec.ImageConfig) oci.SpecOpts {`
`47`	`53`	`return func(ctx context.Context, client oci.Client, c containers.Container, s runtimespec.Spec) (err error) {`
Original file line number	Diff line number	Diff line change
`@@ -137,7 +137,6 @@ func WithMounts(osi osinterface.OS, config runtime.ContainerConfig, extra []ru`
`137`	`137`	`mounts = append(mounts, e)`
`138`	`138`	`}`
`139`	`139`	`}`
`140`		`- // ---`
`141`	`140`
`142`	`141`	`// Sort mounts in number of parts. This ensures that high level mounts don't`
`143`	`142`	`// shadow other mounts.`
Original file line number	Diff line number	Diff line change
`@@ -284,8 +284,7 @@ func (c criService) volumeMounts(containerRootDir string, criMounts []runtime.`
`284`	`284`	`}`
`285`	`285`
`286`	`286`	`// runtimeSpec returns a default runtime spec used in cri-containerd.`
`287`		`-// TODO(windows): Remove nolint after windows starts using this helper.`
`288`		`-func runtimeSpec(id string, opts ...oci.SpecOpts) (*runtimespec.Spec, error) { // nolint: deadcode, unused`
	`287`	`+func runtimeSpec(id string, opts ...oci.SpecOpts) (*runtimespec.Spec, error) {`
`289`	`288`	`// GenerateSpec needs namespace.`
`290`	`289`	`ctx := ctrdutil.NamespacedContext()`
`291`	`290`	`spec, err := oci.GenerateSpec(ctx, nil, &containers.Container{ID: id}, opts...)`