vendor files

vendor/k8s.io/kubernetes/pkg/kubelet/rkt/BUILD

@@ -0,0 +1,110 @@
+package(default_visibility = ["//visibility:public"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_library",
+    "go_test",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "cap.go",
+        "config.go",
+        "container_id.go",
+        "doc.go",
+        "image.go",
+        "log.go",
+        "rkt.go",
+        "systemd.go",
+        "version.go",
+    ],
+    importpath = "k8s.io/kubernetes/pkg/kubelet/rkt",
+    deps = [
+        "//pkg/credentialprovider:go_default_library",
+        "//pkg/kubelet/container:go_default_library",
+        "//pkg/kubelet/events:go_default_library",
+        "//pkg/kubelet/images:go_default_library",
+        "//pkg/kubelet/leaky:go_default_library",
+        "//pkg/kubelet/lifecycle:go_default_library",
+        "//pkg/kubelet/network:go_default_library",
+        "//pkg/kubelet/network/hairpin:go_default_library",
+        "//pkg/kubelet/prober/results:go_default_library",
+        "//pkg/kubelet/types:go_default_library",
+        "//pkg/kubelet/util/format:go_default_library",
+        "//pkg/securitycontext:go_default_library",
+        "//pkg/util/parsers:go_default_library",
+        "//pkg/util/selinux:go_default_library",
+        "//pkg/util/strings:go_default_library",
+        "//pkg/util/term:go_default_library",
+        "//pkg/util/version:go_default_library",
+        "//vendor/github.com/appc/spec/schema:go_default_library",
+        "//vendor/github.com/appc/spec/schema/types:go_default_library",
+        "//vendor/github.com/coreos/go-systemd/dbus:go_default_library",
+        "//vendor/github.com/coreos/go-systemd/unit:go_default_library",
+        "//vendor/github.com/coreos/rkt/api/v1alpha:go_default_library",
+        "//vendor/github.com/docker/docker/api/types:go_default_library",
+        "//vendor/github.com/golang/glog:go_default_library",
+        "//vendor/golang.org/x/net/context:go_default_library",
+        "//vendor/google.golang.org/grpc:go_default_library",
+        "//vendor/k8s.io/api/core/v1:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/types:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/util/errors:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/util/uuid:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/util/wait:go_default_library",
+        "//vendor/k8s.io/client-go/tools/record:go_default_library",
+        "//vendor/k8s.io/client-go/tools/remotecommand:go_default_library",
+        "//vendor/k8s.io/client-go/util/flowcontrol:go_default_library",
+        "//vendor/k8s.io/utils/exec:go_default_library",
+    ],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = [
+        "fake_rkt_interface_test.go",
+        "rkt_test.go",
+    ],
+    importpath = "k8s.io/kubernetes/pkg/kubelet/rkt",
+    library = ":go_default_library",
+    deps = [
+        "//pkg/kubelet/container:go_default_library",
+        "//pkg/kubelet/container/testing:go_default_library",
+        "//pkg/kubelet/lifecycle:go_default_library",
+        "//pkg/kubelet/network:go_default_library",
+        "//pkg/kubelet/network/kubenet:go_default_library",
+        "//pkg/kubelet/network/testing:go_default_library",
+        "//pkg/kubelet/types:go_default_library",
+        "//vendor/github.com/appc/spec/schema:go_default_library",
+        "//vendor/github.com/appc/spec/schema/types:go_default_library",
+        "//vendor/github.com/coreos/go-systemd/dbus:go_default_library",
+        "//vendor/github.com/coreos/go-systemd/unit:go_default_library",
+        "//vendor/github.com/coreos/rkt/api/v1alpha:go_default_library",
+        "//vendor/github.com/golang/mock/gomock:go_default_library",
+        "//vendor/github.com/stretchr/testify/assert:go_default_library",
+        "//vendor/golang.org/x/net/context:go_default_library",
+        "//vendor/google.golang.org/grpc:go_default_library",
+        "//vendor/k8s.io/api/core/v1:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/api/resource:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/types:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/util/errors:go_default_library",
+        "//vendor/k8s.io/client-go/util/testing:go_default_library",
+        "//vendor/k8s.io/utils/exec:go_default_library",
+        "//vendor/k8s.io/utils/exec/testing:go_default_library",
+    ],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+)

vendor/k8s.io/kubernetes/pkg/kubelet/rkt/OWNERS

@@ -0,0 +1,3 @@
+approvers:
+- euank
+- yifan-gu

vendor/k8s.io/kubernetes/pkg/kubelet/rkt/cap.go

@@ -0,0 +1,110 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package rkt
+
+// TODO(yifan): Export this to higher level package.
+const (
+	CAP_CHOWN = iota
+	CAP_DAC_OVERRIDE
+	CAP_DAC_READ_SEARCH
+	CAP_FOWNER
+	CAP_FSETID
+	CAP_KILL
+	CAP_SETGID
+	CAP_SETUID
+	CAP_SETPCAP
+	CAP_LINUX_IMMUTABLE
+	CAP_NET_BIND_SERVICE
+	CAP_NET_BROADCAST
+	CAP_NET_ADMIN
+	CAP_NET_RAW
+	CAP_IPC_LOCK
+	CAP_IPC_OWNER
+	CAP_SYS_MODULE
+	CAP_SYS_RAWIO
+	CAP_SYS_CHROOT
+	CAP_SYS_PTRACE
+	CAP_SYS_PACCT
+	CAP_SYS_ADMIN
+	CAP_SYS_BOOT
+	CAP_SYS_NICE
+	CAP_SYS_RESOURCE
+	CAP_SYS_TIME
+	CAP_SYS_TTY_CONFIG
+	CAP_MKNOD
+	CAP_LEASE
+	CAP_AUDIT_WRITE
+	CAP_AUDIT_CONTROL
+	CAP_SETFCAP
+	CAP_MAC_OVERRIDE
+	CAP_MAC_ADMIN
+	CAP_SYSLOG
+	CAP_WAKE_ALARM
+	CAP_BLOCK_SUSPEND
+	CAP_AUDIT_READ
+)
+
+// TODO(yifan): Export this to higher level package.
+var capabilityList = map[int]string{
+	CAP_CHOWN:            "CAP_CHOWN",
+	CAP_DAC_OVERRIDE:     "CAP_DAC_OVERRIDE",
+	CAP_DAC_READ_SEARCH:  "CAP_DAC_READ_SEARCH",
+	CAP_FOWNER:           "CAP_FOWNER",
+	CAP_FSETID:           "CAP_FSETID",
+	CAP_KILL:             "CAP_KILL",
+	CAP_SETGID:           "CAP_SETGID",
+	CAP_SETUID:           "CAP_SETUID",
+	CAP_SETPCAP:          "CAP_SETPCAP",
+	CAP_LINUX_IMMUTABLE:  "CAP_LINUX_IMMUTABLE",
+	CAP_NET_BIND_SERVICE: "CAP_NET_BIND_SERVICE",
+	CAP_NET_BROADCAST:    "CAP_NET_BROADCAST",
+	CAP_NET_ADMIN:        "CAP_NET_ADMIN",
+	CAP_NET_RAW:          "CAP_NET_RAW",
+	CAP_IPC_LOCK:         "CAP_IPC_LOCK",
+	CAP_IPC_OWNER:        "CAP_IPC_OWNER",
+	CAP_SYS_MODULE:       "CAP_SYS_MODULE",
+	CAP_SYS_RAWIO:        "CAP_SYS_RAWIO",
+	CAP_SYS_CHROOT:       "CAP_SYS_CHROOT",
+	CAP_SYS_PTRACE:       "CAP_SYS_PTRACE",
+	CAP_SYS_PACCT:        "CAP_SYS_PACCT",
+	CAP_SYS_ADMIN:        "CAP_SYS_ADMIN",
+	CAP_SYS_BOOT:         "CAP_SYS_BOOT",
+	CAP_SYS_NICE:         "CAP_SYS_NICE",
+	CAP_SYS_RESOURCE:     "CAP_SYS_RESOURCE",
+	CAP_SYS_TIME:         "CAP_SYS_TIME",
+	CAP_SYS_TTY_CONFIG:   "CAP_SYS_TTY_CONFIG",
+	CAP_MKNOD:            "CAP_MKNOD",
+	CAP_LEASE:            "CAP_LEASE",
+	CAP_AUDIT_WRITE:      "CAP_AUDIT_WRITE",
+	CAP_AUDIT_CONTROL:    "CAP_AUDIT_CONTROL",
+	CAP_SETFCAP:          "CAP_SETFCAP",
+	CAP_MAC_OVERRIDE:     "CAP_MAC_OVERRIDE",
+	CAP_MAC_ADMIN:        "CAP_MAC_ADMIN",
+	CAP_SYSLOG:           "CAP_SYSLOG",
+	CAP_WAKE_ALARM:       "CAP_WAKE_ALARM",
+	CAP_BLOCK_SUSPEND:    "CAP_BLOCK_SUSPEND",
+	CAP_AUDIT_READ:       "CAP_AUDIT_READ",
+}
+
+// allCapabilities returns the capability list with all capabilities.
+func allCapabilities() []string {
+	var capabilities []string
+	for _, cap := range capabilityList {
+		capabilities = append(capabilities, cap)
+	}
+	return capabilities
+}

vendor/k8s.io/kubernetes/pkg/kubelet/rkt/config.go

@@ -0,0 +1,108 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package rkt
+
+import (
+	"fmt"
+
+	rktapi "github.com/coreos/rkt/api/v1alpha"
+	"golang.org/x/net/context"
+)
+
+// Config stores the global configuration for the rkt runtime.
+// Detailed documents can be found at:
+// https://github.com/coreos/rkt/blob/master/Documentation/commands.md#global-options
+type Config struct {
+	// The absolute path to the binary, or leave empty to find it in $PATH.
+	Path string
+	// The rkt data directory.
+	Dir string
+	// The image to use as stage1.
+	Stage1Image string
+	// The debug flag for rkt.
+	Debug bool
+	// Comma-separated list of security features to disable.
+	// Allowed values: "none", "image", "tls", "ondisk", "http", "all".
+	InsecureOptions string
+	// The local config directory.
+	LocalConfigDir string
+	// The user config directory.
+	UserConfigDir string
+	// The system config directory.
+	SystemConfigDir string
+}
+
+// buildGlobalOptions returns an array of global command line options.
+func (c *Config) buildGlobalOptions() []string {
+	var result []string
+	if c == nil {
+		return result
+	}
+
+	if c.Debug {
+		result = append(result, "--debug=true")
+	}
+	if c.InsecureOptions != "" {
+		result = append(result, fmt.Sprintf("--insecure-options=%s", c.InsecureOptions))
+	}
+	if c.LocalConfigDir != "" {
+		result = append(result, fmt.Sprintf("--local-config=%s", c.LocalConfigDir))
+	}
+	if c.UserConfigDir != "" {
+		result = append(result, fmt.Sprintf("--user-config=%s", c.UserConfigDir))
+	}
+	if c.SystemConfigDir != "" {
+		result = append(result, fmt.Sprintf("--system-config=%s", c.SystemConfigDir))
+	}
+	if c.Dir != "" {
+		result = append(result, fmt.Sprintf("--dir=%s", c.Dir))
+	}
+	return result
+}
+
+// getConfig gets configurations from the rkt API service
+// and merge it with the existing config. The merge rule is
+// that the fields in the provided config will override the
+// result that get from the rkt api service.
+func (r *Runtime) getConfig(cfg *Config) (*Config, error) {
+	ctx, cancel := context.WithTimeout(context.Background(), r.requestTimeout)
+	defer cancel()
+	resp, err := r.apisvc.GetInfo(ctx, &rktapi.GetInfoRequest{})
+	if err != nil {
+		return nil, err
+	}
+
+	flags := resp.Info.GlobalFlags
+
+	if flags.Dir != "" {
+		cfg.Dir = flags.Dir
+	}
+	if flags.LocalConfigDir != "" {
+		cfg.LocalConfigDir = flags.LocalConfigDir
+	}
+	if flags.UserConfigDir != "" {
+		cfg.UserConfigDir = flags.UserConfigDir
+	}
+	if flags.SystemConfigDir != "" {
+		cfg.SystemConfigDir = flags.SystemConfigDir
+	}
+	if flags.InsecureFlags != "" {
+		cfg.InsecureOptions = fmt.Sprintf("%s,%s", cfg.InsecureOptions, flags.InsecureFlags)
+	}
+
+	return cfg, nil
+}

vendor/k8s.io/kubernetes/pkg/kubelet/rkt/container_id.go

@@ -0,0 +1,55 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package rkt
+
+import (
+	"fmt"
+	"strings"
+
+	kubecontainer "k8s.io/kubernetes/pkg/kubelet/container"
+)
+
+// containerID defines the ID of rkt containers, it will
+// be returned to kubelet, and kubelet will use this for
+// container level operations.
+type containerID struct {
+	uuid    string // rkt uuid of the pod.
+	appName string // Name of the app in that pod.
+}
+
+// buildContainerID constructs the containers's ID using containerID,
+// which consists of the pod uuid and the container name.
+// The result can be used to uniquely identify a container.
+func buildContainerID(c *containerID) kubecontainer.ContainerID {
+	return kubecontainer.ContainerID{
+		Type: RktType,
+		ID:   fmt.Sprintf("%s:%s", c.uuid, c.appName),
+	}
+}
+
+// parseContainerID parses the containerID into pod uuid and the container name. The
+// results can be used to get more information of the container.
+func parseContainerID(id kubecontainer.ContainerID) (*containerID, error) {
+	tuples := strings.Split(id.ID, ":")
+	if len(tuples) != 2 {
+		return nil, fmt.Errorf("rkt: cannot parse container ID for: %q, required format is [UUID:APPNAME]", id)
+	}
+	return &containerID{
+		uuid:    tuples[0],
+		appName: tuples[1],
+	}, nil
+}

vendor/k8s.io/kubernetes/pkg/kubelet/rkt/doc.go

@@ -0,0 +1,18 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package rkt contains the Containerruntime interface implementation for rkt.
+package rkt // import "k8s.io/kubernetes/pkg/kubelet/rkt"

vendor/k8s.io/kubernetes/pkg/kubelet/rkt/fake_rkt_interface_test.go

@@ -0,0 +1,220 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package rkt
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+	"sync"
+
+	"github.com/coreos/go-systemd/dbus"
+	rktapi "github.com/coreos/rkt/api/v1alpha"
+	"golang.org/x/net/context"
+	"google.golang.org/grpc"
+	"k8s.io/apimachinery/pkg/types"
+	kubetypes "k8s.io/apimachinery/pkg/types"
+	kubecontainer "k8s.io/kubernetes/pkg/kubelet/container"
+)
+
+// fakeRktInterface mocks the rktapi.PublicAPIClient interface for testing purpose.
+type fakeRktInterface struct {
+	sync.Mutex
+	info       rktapi.Info
+	images     []*rktapi.Image
+	podFilters []*rktapi.PodFilter
+	pods       []*rktapi.Pod
+	called     []string
+	err        error
+}
+
+func newFakeRktInterface() *fakeRktInterface {
+	return &fakeRktInterface{}
+}
+
+func (f *fakeRktInterface) CleanCalls() {
+	f.Lock()
+	defer f.Unlock()
+	f.called = nil
+}
+
+func (f *fakeRktInterface) GetInfo(ctx context.Context, in *rktapi.GetInfoRequest, opts ...grpc.CallOption) (*rktapi.GetInfoResponse, error) {
+	f.Lock()
+	defer f.Unlock()
+
+	f.called = append(f.called, "GetInfo")
+	return &rktapi.GetInfoResponse{Info: &f.info}, f.err
+}
+
+func (f *fakeRktInterface) ListPods(ctx context.Context, in *rktapi.ListPodsRequest, opts ...grpc.CallOption) (*rktapi.ListPodsResponse, error) {
+	f.Lock()
+	defer f.Unlock()
+
+	f.called = append(f.called, "ListPods")
+	f.podFilters = in.Filters
+	return &rktapi.ListPodsResponse{Pods: f.pods}, f.err
+}
+
+func (f *fakeRktInterface) InspectPod(ctx context.Context, in *rktapi.InspectPodRequest, opts ...grpc.CallOption) (*rktapi.InspectPodResponse, error) {
+	f.Lock()
+	defer f.Unlock()
+
+	f.called = append(f.called, "InspectPod")
+	for _, pod := range f.pods {
+		if pod.Id == in.Id {
+			return &rktapi.InspectPodResponse{Pod: pod}, f.err
+		}
+	}
+	return &rktapi.InspectPodResponse{}, fmt.Errorf("pod %q not found", in.Id)
+}
+
+func (f *fakeRktInterface) ListImages(ctx context.Context, in *rktapi.ListImagesRequest, opts ...grpc.CallOption) (*rktapi.ListImagesResponse, error) {
+	f.Lock()
+	defer f.Unlock()
+
+	f.called = append(f.called, "ListImages")
+	return &rktapi.ListImagesResponse{Images: f.images}, f.err
+}
+
+func (f *fakeRktInterface) InspectImage(ctx context.Context, in *rktapi.InspectImageRequest, opts ...grpc.CallOption) (*rktapi.InspectImageResponse, error) {
+	return nil, fmt.Errorf("Not implemented")
+}
+
+func (f *fakeRktInterface) ListenEvents(ctx context.Context, in *rktapi.ListenEventsRequest, opts ...grpc.CallOption) (rktapi.PublicAPI_ListenEventsClient, error) {
+	return nil, fmt.Errorf("Not implemented")
+}
+
+func (f *fakeRktInterface) GetLogs(ctx context.Context, in *rktapi.GetLogsRequest, opts ...grpc.CallOption) (rktapi.PublicAPI_GetLogsClient, error) {
+	return nil, fmt.Errorf("Not implemented")
+}
+
+// fakeSystemd mocks the systemdInterface for testing purpose.
+// TODO(yifan): Remove this once we have a package for launching rkt pods.
+// See https://github.com/coreos/rkt/issues/1769.
+type fakeSystemd struct {
+	sync.Mutex
+	called           []string
+	resetFailedUnits []string
+	version          string
+	err              error
+}
+
+func newFakeSystemd() *fakeSystemd {
+	return &fakeSystemd{}
+}
+
+func (f *fakeSystemd) CleanCalls() {
+	f.Lock()
+	defer f.Unlock()
+	f.called = nil
+}
+
+func (f *fakeSystemd) Version() (systemdVersion, error) {
+	f.Lock()
+	defer f.Unlock()
+
+	f.called = append(f.called, "Version")
+	v, _ := strconv.Atoi(f.version)
+	return systemdVersion(v), f.err
+}
+
+func (f *fakeSystemd) ListUnits() ([]dbus.UnitStatus, error) {
+	return nil, fmt.Errorf("Not implemented")
+}
+
+func (f *fakeSystemd) StopUnit(name string, mode string, ch chan<- string) (int, error) {
+	return 0, fmt.Errorf("Not implemented")
+}
+
+func (f *fakeSystemd) RestartUnit(name string, mode string, ch chan<- string) (int, error) {
+	return 0, fmt.Errorf("Not implemented")
+}
+
+func (f *fakeSystemd) ResetFailedUnit(name string) error {
+	f.called = append(f.called, "ResetFailedUnit")
+	f.resetFailedUnits = append(f.resetFailedUnits, name)
+	return f.err
+}
+
+type fakeRktCli struct {
+	sync.Mutex
+	cmds   []string
+	result []string
+	err    error
+}
+
+func newFakeRktCli() *fakeRktCli {
+	return &fakeRktCli{
+		cmds:   []string{},
+		result: []string{},
+	}
+}
+
+func (f *fakeRktCli) RunCommand(config *Config, args ...string) (result []string, err error) {
+	f.Lock()
+	defer f.Unlock()
+	cmd := append([]string{"rkt"}, args...)
+	f.cmds = append(f.cmds, strings.Join(cmd, " "))
+	return f.result, f.err
+}
+
+func (f *fakeRktCli) Reset() {
+	f.cmds = []string{}
+	f.result = []string{}
+	f.err = nil
+}
+
+type fakePodDeletionProvider struct {
+	pods map[types.UID]struct{}
+}
+
+func newFakePodDeletionProvider() *fakePodDeletionProvider {
+	return &fakePodDeletionProvider{
+		pods: make(map[types.UID]struct{}),
+	}
+}
+
+func (f *fakePodDeletionProvider) IsPodDeleted(uid types.UID) bool {
+	_, found := f.pods[uid]
+	return !found
+}
+
+type fakeUnitGetter struct {
+	networkNamespace kubecontainer.ContainerID
+	callServices     []string
+}
+
+func newfakeUnitGetter() *fakeUnitGetter {
+	return &fakeUnitGetter{
+		networkNamespace: kubecontainer.ContainerID{},
+	}
+}
+
+func (f *fakeUnitGetter) getNetworkNamespace(uid kubetypes.UID, latestPod *rktapi.Pod) (kubecontainer.ContainerID, error) {
+	return kubecontainer.ContainerID{ID: "42"}, nil
+}
+
+func (f *fakeUnitGetter) getKubernetesDirective(serviceFilePath string) (podServiceDirective, error) {
+	podService := podServiceDirective{
+		id:               "fake",
+		name:             "fake",
+		namespace:        "fake",
+		hostNetwork:      true,
+		networkNamespace: kubecontainer.ContainerID{ID: "42"},
+	}
+	return podService, nil
+}

vendor/k8s.io/kubernetes/pkg/kubelet/rkt/image.go

@@ -0,0 +1,292 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// This file contains all image related functions for rkt runtime.
+package rkt
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"path"
+	"path/filepath"
+	"sort"
+	"strings"
+
+	appcschema "github.com/appc/spec/schema"
+	appctypes "github.com/appc/spec/schema/types"
+	rktapi "github.com/coreos/rkt/api/v1alpha"
+	dockertypes "github.com/docker/docker/api/types"
+	"github.com/golang/glog"
+	"golang.org/x/net/context"
+	"k8s.io/api/core/v1"
+	"k8s.io/kubernetes/pkg/credentialprovider"
+	kubecontainer "k8s.io/kubernetes/pkg/kubelet/container"
+	"k8s.io/kubernetes/pkg/util/parsers"
+)
+
+// PullImage invokes 'rkt fetch' to download an aci.
+// TODO(yifan): Now we only support docker images, this should be changed
+// once the format of image is landed, see:
+//
+// http://issue.k8s.io/7203
+//
+func (r *Runtime) PullImage(image kubecontainer.ImageSpec, pullSecrets []v1.Secret) (string, error) {
+	img := image.Image
+	// TODO(yifan): The credential operation is a copy from dockertools package,
+	// Need to resolve the code duplication.
+	repoToPull, _, _, err := parsers.ParseImageName(img)
+	if err != nil {
+		return "", err
+	}
+
+	keyring, err := credentialprovider.MakeDockerKeyring(pullSecrets, r.dockerKeyring)
+	if err != nil {
+		return "", err
+	}
+
+	creds, ok := keyring.Lookup(repoToPull)
+	if !ok {
+		glog.V(1).Infof("Pulling image %s without credentials", img)
+	}
+
+	userConfigDir, err := ioutil.TempDir("", "rktnetes-user-config-dir-")
+	if err != nil {
+		return "", fmt.Errorf("rkt: Cannot create a temporary user-config directory: %v", err)
+	}
+	defer os.RemoveAll(userConfigDir)
+
+	config := *r.config
+	config.UserConfigDir = userConfigDir
+
+	if err := r.writeDockerAuthConfig(img, creds, userConfigDir); err != nil {
+		return "", err
+	}
+
+	// Today, `--no-store` will fetch the remote image regardless of whether the content of the image
+	// has changed or not. This causes performance downgrades when the image tag is ':latest' and
+	// the image pull policy is 'always'. The issue is tracked in https://github.com/coreos/rkt/issues/2937.
+	if _, err := r.cli.RunCommand(&config, "fetch", "--no-store", dockerPrefix+img); err != nil {
+		glog.Errorf("Failed to fetch: %v", err)
+		return "", err
+	}
+	return r.getImageID(img)
+}
+
+func (r *Runtime) GetImageRef(image kubecontainer.ImageSpec) (string, error) {
+	images, err := r.listImages(image.Image, false)
+	if err != nil {
+		return "", err
+	}
+	if len(images) == 0 {
+		return "", nil
+	}
+	return images[0].Id, nil
+}
+
+// ListImages lists all the available appc images on the machine by invoking 'rkt image list'.
+func (r *Runtime) ListImages() ([]kubecontainer.Image, error) {
+	ctx, cancel := context.WithTimeout(context.Background(), r.requestTimeout)
+	defer cancel()
+	listResp, err := r.apisvc.ListImages(ctx, &rktapi.ListImagesRequest{})
+	if err != nil {
+		return nil, fmt.Errorf("couldn't list images: %v", err)
+	}
+
+	images := make([]kubecontainer.Image, len(listResp.Images))
+	for i, image := range listResp.Images {
+		images[i] = kubecontainer.Image{
+			ID:       image.Id,
+			RepoTags: []string{buildImageName(image)},
+			Size:     image.Size,
+		}
+	}
+	return images, nil
+}
+
+// RemoveImage removes an on-disk image using 'rkt image rm'.
+func (r *Runtime) RemoveImage(image kubecontainer.ImageSpec) error {
+	imageID, err := r.getImageID(image.Image)
+	if err != nil {
+		return err
+	}
+	if _, err := r.cli.RunCommand(nil, "image", "rm", imageID); err != nil {
+		return err
+	}
+	return nil
+}
+
+// buildImageName constructs the image name for kubecontainer.Image.
+// If the annotations contain the docker2aci metadata for this image, those are
+// used instead as they may be more accurate in some cases, namely if a
+// non-appc valid character is present
+func buildImageName(img *rktapi.Image) string {
+	registry := ""
+	repository := ""
+	for _, anno := range img.Annotations {
+		if anno.Key == appcDockerRegistryURL {
+			registry = anno.Value
+		}
+		if anno.Key == appcDockerRepository {
+			repository = anno.Value
+		}
+	}
+	if registry != "" && repository != "" {
+		// TODO(euank): This could do the special casing for dockerhub and library images
+		return fmt.Sprintf("%s/%s:%s", registry, repository, img.Version)
+	}
+
+	return fmt.Sprintf("%s:%s", img.Name, img.Version)
+}
+
+// getImageID tries to find the image ID for the given image name.
+// imageName should be in the form of 'name[:version]', e.g., 'example.com/app:latest'.
+// The name should matches the result of 'rkt image list'. If the version is empty,
+// then 'latest' is assumed.
+func (r *Runtime) getImageID(imageName string) (string, error) {
+	images, err := r.listImages(imageName, false)
+	if err != nil {
+		return "", err
+	}
+	if len(images) == 0 {
+		return "", fmt.Errorf("cannot find the image %q", imageName)
+	}
+	return images[0].Id, nil
+}
+
+type sortByImportTime []*rktapi.Image
+
+func (s sortByImportTime) Len() int           { return len(s) }
+func (s sortByImportTime) Swap(i, j int)      { s[i], s[j] = s[j], s[i] }
+func (s sortByImportTime) Less(i, j int) bool { return s[i].ImportTimestamp < s[j].ImportTimestamp }
+
+// listImages lists the images that have the given name. If detail is true,
+// then image manifest is also included in the result.
+// Note that there could be more than one images that have the given name, we
+// will return the result reversely sorted by the import time, so that the latest
+// image comes first.
+func (r *Runtime) listImages(image string, detail bool) ([]*rktapi.Image, error) {
+	repoToPull, tag, _, err := parsers.ParseImageName(image)
+	if err != nil {
+		return nil, err
+	}
+
+	imageFilters := []*rktapi.ImageFilter{
+		{
+			// TODO(yifan): Add a field in the ImageFilter to match the whole name,
+			// not just keywords.
+			// https://github.com/coreos/rkt/issues/1872#issuecomment-166456938
+			Keywords: []string{repoToPull},
+			Labels:   []*rktapi.KeyValue{{Key: "version", Value: tag}},
+		},
+	}
+
+	// If the repo name is not a valid ACIdentifier (namely if it has a port),
+	// then it will have a different name in the store. Search for both the
+	// original name and this modified name in case we choose to also change the
+	// api-service to do this un-conversion on its end.
+	if appcRepoToPull, err := appctypes.SanitizeACIdentifier(repoToPull); err != nil {
+		glog.Warningf("could not convert %v to an aci identifier: %v", err)
+	} else {
+		imageFilters = append(imageFilters, &rktapi.ImageFilter{
+			Keywords: []string{appcRepoToPull},
+			Labels:   []*rktapi.KeyValue{{Key: "version", Value: tag}},
+		})
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), r.requestTimeout)
+	defer cancel()
+	listResp, err := r.apisvc.ListImages(ctx, &rktapi.ListImagesRequest{
+		Detail:  detail,
+		Filters: imageFilters,
+	})
+	if err != nil {
+		return nil, fmt.Errorf("couldn't list images: %v", err)
+	}
+
+	// TODO(yifan): Let the API service to sort the result:
+	// See https://github.com/coreos/rkt/issues/1911.
+	sort.Sort(sort.Reverse(sortByImportTime(listResp.Images)))
+	return listResp.Images, nil
+}
+
+// getImageManifest retrieves the image manifest for the given image.
+func (r *Runtime) getImageManifest(image string) (*appcschema.ImageManifest, error) {
+	var manifest appcschema.ImageManifest
+
+	images, err := r.listImages(image, true)
+	if err != nil {
+		return nil, err
+	}
+	if len(images) == 0 {
+		return nil, fmt.Errorf("cannot find the image %q", image)
+	}
+
+	return &manifest, json.Unmarshal(images[0].Manifest, &manifest)
+}
+
+// TODO(yifan): This is very racy, inefficient, and unsafe, we need to provide
+// different namespaces. See: https://github.com/coreos/rkt/issues/836.
+func (r *Runtime) writeDockerAuthConfig(image string, credsSlice []credentialprovider.LazyAuthConfiguration, userConfigDir string) error {
+	if len(credsSlice) == 0 {
+		return nil
+	}
+
+	creds := dockertypes.AuthConfig{}
+	// TODO handle multiple creds
+	if len(credsSlice) >= 1 {
+		creds = credentialprovider.LazyProvide(credsSlice[0])
+	}
+
+	registry := "index.docker.io"
+	// Image spec: [<registry>/]<repository>/<image>[:<version]
+	explicitRegistry := (strings.Count(image, "/") == 2)
+	if explicitRegistry {
+		registry = strings.Split(image, "/")[0]
+	}
+
+	authDir := filepath.Join(userConfigDir, "auth.d")
+	if _, err := os.Stat(authDir); os.IsNotExist(err) {
+		if err := os.MkdirAll(authDir, 0600); err != nil {
+			glog.Errorf("rkt: Cannot create auth dir: %v", err)
+			return err
+		}
+	}
+
+	config := fmt.Sprintf(dockerAuthTemplate, registry, creds.Username, creds.Password)
+	if err := ioutil.WriteFile(path.Join(authDir, registry+".json"), []byte(config), 0600); err != nil {
+		glog.Errorf("rkt: Cannot write docker auth config file: %v", err)
+		return err
+	}
+	return nil
+}
+
+// ImageStats returns the image stat (total storage bytes).
+func (r *Runtime) ImageStats() (*kubecontainer.ImageStats, error) {
+	var imageStat kubecontainer.ImageStats
+	ctx, cancel := context.WithTimeout(context.Background(), r.requestTimeout)
+	defer cancel()
+	listResp, err := r.apisvc.ListImages(ctx, &rktapi.ListImagesRequest{})
+	if err != nil {
+		return nil, fmt.Errorf("couldn't list images: %v", err)
+	}
+
+	for _, image := range listResp.Images {
+		imageStat.TotalStorageBytes = imageStat.TotalStorageBytes + uint64(image.Size)
+	}
+	return &imageStat, nil
+}

vendor/k8s.io/kubernetes/pkg/kubelet/rkt/log.go

@@ -0,0 +1,123 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package rkt
+
+import (
+	"fmt"
+	"io"
+	"strings"
+	"time"
+
+	"github.com/golang/glog"
+	"golang.org/x/net/context"
+
+	rktapi "github.com/coreos/rkt/api/v1alpha"
+	"k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	kubecontainer "k8s.io/kubernetes/pkg/kubelet/container"
+	"k8s.io/kubernetes/pkg/kubelet/util/format"
+)
+
+const (
+	journalTimestampLayout = "2006-01-02 15:04:05 -0700 MST"
+)
+
+// processLines write the lines into stdout in the required format.
+func processLines(lines []string, logOptions *v1.PodLogOptions, stdout, stderr io.Writer) {
+	msgKey := "MESSAGE="
+
+	for _, line := range lines {
+		msgStart := strings.Index(line, msgKey)
+		if msgStart < 0 {
+			glog.Warningf("rkt: Invalid log line %q, missing %q", line, msgKey)
+			continue
+		}
+
+		tss := strings.TrimSpace(line[:msgStart])
+		msg := strings.TrimPrefix(line[msgStart:], msgKey)
+
+		t, err := time.Parse(journalTimestampLayout, tss)
+		if err != nil {
+			glog.Warningf("rkt: Failed to parse the timestamp %q: %v", tss, err)
+			continue
+		}
+
+		var result string
+		if logOptions.Timestamps {
+			result = fmt.Sprintf("%s %s\n", t.Format(time.RFC3339), msg)
+		} else {
+			result = fmt.Sprintf("%s\n", msg)
+		}
+
+		if _, err := io.WriteString(stdout, result); err != nil {
+			glog.Warningf("rkt: Cannot write log line %q to output: %v", result, err)
+		}
+	}
+}
+
+// GetContainerLogs uses rkt's GetLogs API to get the logs of the container.
+// By default, it returns a snapshot of the container log. Set |follow| to true to
+// stream the log. Set |follow| to false and specify the number of lines (e.g.
+// "100" or "all") to tail the log.
+//
+// TODO(yifan): This doesn't work with lkvm stage1 yet.
+func (r *Runtime) GetContainerLogs(pod *v1.Pod, containerID kubecontainer.ContainerID, logOptions *v1.PodLogOptions, stdout, stderr io.Writer) error {
+	id, err := parseContainerID(containerID)
+	if err != nil {
+		return err
+	}
+
+	var since int64
+	if logOptions.SinceSeconds != nil {
+		t := metav1.Now().Add(-time.Duration(*logOptions.SinceSeconds) * time.Second)
+		since = t.Unix()
+	}
+	if logOptions.SinceTime != nil {
+		since = logOptions.SinceTime.Unix()
+	}
+
+	getLogsRequest := &rktapi.GetLogsRequest{
+		PodId:     id.uuid,
+		AppName:   id.appName,
+		Follow:    logOptions.Follow,
+		SinceTime: since,
+	}
+
+	if logOptions.TailLines != nil {
+		getLogsRequest.Lines = int32(*logOptions.TailLines)
+	}
+
+	stream, err := r.apisvc.GetLogs(context.Background(), getLogsRequest)
+	if err != nil {
+		glog.Errorf("rkt: Failed to create log stream for pod %q: %v", format.Pod(pod), err)
+		return err
+	}
+
+	for {
+		log, err := stream.Recv()
+		if err == io.EOF {
+			break
+		}
+		if err != nil {
+			glog.Errorf("rkt: Failed to receive log for pod %q: %v", format.Pod(pod), err)
+			return err
+		}
+		processLines(log.Lines, logOptions, stdout, stderr)
+	}
+
+	return nil
+}

vendor/k8s.io/kubernetes/pkg/kubelet/rkt/systemd.go

@@ -0,0 +1,92 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package rkt
+
+import (
+	"fmt"
+	"strconv"
+	"strings"
+
+	"github.com/coreos/go-systemd/dbus"
+)
+
+// systemdVersion is a type wraps the int to implement kubecontainer.Version interface.
+type systemdVersion int
+
+func (s systemdVersion) String() string {
+	return fmt.Sprintf("%d", s)
+}
+
+func (s systemdVersion) Compare(other string) (int, error) {
+	v, err := strconv.Atoi(other)
+	if err != nil {
+		return -1, err
+	}
+	if int(s) < v {
+		return -1, nil
+	} else if int(s) > v {
+		return 1, nil
+	}
+	return 0, nil
+}
+
+// systemdInterface is an abstraction of the go-systemd/dbus to make
+// it mockable for testing.
+// TODO(yifan): Eventually we should move these functionalities to:
+// 1. a package for launching/stopping rkt pods.
+// 2. rkt api-service interface for listing pods.
+// See https://github.com/coreos/rkt/issues/1769.
+type systemdInterface interface {
+	// Version returns the version of the systemd.
+	Version() (systemdVersion, error)
+	// ListUnits lists all the loaded units.
+	ListUnits() ([]dbus.UnitStatus, error)
+	// StopUnits stops the unit with the given name.
+	StopUnit(name string, mode string, ch chan<- string) (int, error)
+	// RestartUnit restarts the unit with the given name.
+	RestartUnit(name string, mode string, ch chan<- string) (int, error)
+	// ResetFailedUnit resets the "failed" state of a specific unit.
+	ResetFailedUnit(name string) error
+}
+
+// systemd implements the systemdInterface using dbus and systemctl.
+// All the functions other then Version() are already implemented by go-systemd/dbus.
+type systemd struct {
+	*dbus.Conn
+}
+
+// newSystemd creates a systemd object that implements systemdInterface.
+func newSystemd() (*systemd, error) {
+	dbusConn, err := dbus.New()
+	if err != nil {
+		return nil, err
+	}
+	return &systemd{dbusConn}, nil
+}
+
+// Version returns the version of the systemd.
+func (s *systemd) Version() (systemdVersion, error) {
+	versionStr, err := s.Conn.GetManagerProperty("Version")
+	if err != nil {
+		return -1, err
+	}
+	result, err := strconv.Atoi(strings.Trim(versionStr, "\""))
+	if err != nil {
+		return -1, err
+	}
+	return systemdVersion(result), nil
+}

vendor/k8s.io/kubernetes/pkg/kubelet/rkt/version.go

@@ -0,0 +1,111 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package rkt
+
+import (
+	"fmt"
+	"sync"
+
+	rktapi "github.com/coreos/rkt/api/v1alpha"
+	"golang.org/x/net/context"
+
+	utilversion "k8s.io/kubernetes/pkg/util/version"
+)
+
+type versions struct {
+	sync.RWMutex
+	binVersion     *utilversion.Version
+	apiVersion     *utilversion.Version
+	systemdVersion systemdVersion
+}
+
+func newRktVersion(version string) (*utilversion.Version, error) {
+	return utilversion.ParseSemantic(version)
+}
+
+func (r *Runtime) getVersions() error {
+	r.versions.Lock()
+	defer r.versions.Unlock()
+
+	// Get systemd version.
+	var err error
+	r.versions.systemdVersion, err = r.systemd.Version()
+	if err != nil {
+		return err
+	}
+
+	ctx, cancel := context.WithTimeout(context.Background(), r.requestTimeout)
+	defer cancel()
+	// Example for the version strings returned by GetInfo():
+	// RktVersion:"0.10.0+gitb7349b1" AppcVersion:"0.7.1" ApiVersion:"1.0.0-alpha"
+	resp, err := r.apisvc.GetInfo(ctx, &rktapi.GetInfoRequest{})
+	if err != nil {
+		return err
+	}
+
+	// Get rkt binary version.
+	r.versions.binVersion, err = newRktVersion(resp.Info.RktVersion)
+	if err != nil {
+		return err
+	}
+
+	// Get rkt API version.
+	r.versions.apiVersion, err = newRktVersion(resp.Info.ApiVersion)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
+// checkVersion tests whether the rkt/systemd/rkt-api-service that meet the version requirement.
+// If all version requirements are met, it returns nil.
+func (r *Runtime) checkVersion(minimumRktBinVersion, minimumRktApiVersion, minimumSystemdVersion string) error {
+	if err := r.getVersions(); err != nil {
+		return err
+	}
+
+	r.versions.RLock()
+	defer r.versions.RUnlock()
+
+	// Check systemd version.
+	result, err := r.versions.systemdVersion.Compare(minimumSystemdVersion)
+	if err != nil {
+		return err
+	}
+	if result < 0 {
+		return fmt.Errorf("rkt: systemd version(%v) is too old, requires at least %v", r.versions.systemdVersion, minimumSystemdVersion)
+	}
+
+	// Check rkt binary version.
+	result, err = r.versions.binVersion.Compare(minimumRktBinVersion)
+	if err != nil {
+		return err
+	}
+	if result < 0 {
+		return fmt.Errorf("rkt: binary version is too old(%v), requires at least %v", r.versions.binVersion, minimumRktBinVersion)
+	}
+
+	// Check rkt API version.
+	result, err = r.versions.apiVersion.Compare(minimumRktApiVersion)
+	if err != nil {
+		return err
+	}
+	if result < 0 {
+		return fmt.Errorf("rkt: API version is too old(%v), requires at least %v", r.versions.apiVersion, minimumRktApiVersion)
+	}
+	return nil
+}