github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Merge pull request #4407 from AkihiroSuda/cri-20200720

Browse Source 
vendor: update containerd/cri
This commit is contained in:
Wei Fu 2020-07-22 11:20:43 +08:00 committed by GitHub
commit 59e1aa963f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 29 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
vendor.conf
View File

@ -57,7 +57,7 @@ gotest.tools/v3 v3.0.2
github.com/cilium/ebpf 1c8d4c9ef7759622653a1d319284a44652333b28 github.com/cilium/ebpf 1c8d4c9ef7759622653a1d319284a44652333b28
# cri dependencies # cri dependencies
github.com/containerd/cri 8fb244a65baad2457e6c8658db18ed28b1f77cfe # master github.com/containerd/cri fcda0cf4a7e70f0317238b09556329239321353b # master
github.com/davecgh/go-spew v1.1.1 github.com/davecgh/go-spew v1.1.1
github.com/docker/docker 4634ce647cf2ce2c6031129ccd109e557244986f github.com/docker/docker 4634ce647cf2ce2c6031129ccd109e557244986f
github.com/docker/spdystream 449fdfce4d962303d702fec724ef0ad181c92528 github.com/docker/spdystream 449fdfce4d962303d702fec724ef0ad181c92528

4
vendor/github.com/containerd/cri/pkg/config/config.go generated vendored
View File

@ -236,6 +236,10 @@ type PluginConfig struct {
// container requests with huge page limits if the cgroup controller for hugepages is not present. // container requests with huge page limits if the cgroup controller for hugepages is not present.
// This helps with supporting Kubernetes <=1.18 out of the box. (default is `true`) // This helps with supporting Kubernetes <=1.18 out of the box. (default is `true`)
TolerateMissingHugetlbController bool `toml:"tolerate_missing_hugetlb_controller" json:"tolerateMissingHugetlbController"` TolerateMissingHugetlbController bool `toml:"tolerate_missing_hugetlb_controller" json:"tolerateMissingHugetlbController"`
// DisableHugetlbController indicates to silently disable the hugetlb controller, even when it is
// present in /sys/fs/cgroup/cgroup.controllers.
// This helps with running rootless mode + cgroup v2 + systemd but without hugetlb delegation.
DisableHugetlbController bool `toml:"disable_hugetlb_controller" json:"disableHugetlbController"`
// IgnoreImageDefinedVolumes ignores volumes defined by the image. Useful for better resource // IgnoreImageDefinedVolumes ignores volumes defined by the image. Useful for better resource
// isolation, security and early detection of issues in the mount configuration when using // isolation, security and early detection of issues in the mount configuration when using
// ReadOnlyRootFilesystem since containers won't silently mount a temporary volume. // ReadOnlyRootFilesystem since containers won't silently mount a temporary volume.

5
vendor/github.com/containerd/cri/pkg/config/config_unix.go generated vendored
View File

@ -19,6 +19,7 @@
package config package config
import ( import (
"github.com/BurntSushi/toml"
"github.com/containerd/containerd" "github.com/containerd/containerd"
"github.com/containerd/cri/pkg/streaming" "github.com/containerd/cri/pkg/streaming"
) )
@ -38,7 +39,8 @@ func DefaultConfig() PluginConfig {
NoPivot: false, NoPivot: false,
Runtimes: map[string]Runtime{ Runtimes: map[string]Runtime{
"runc": { "runc": {
Type: "io.containerd.runc.v2", Type: "io.containerd.runc.v2",
Options: new(toml.Primitive),
}, },
}, },
}, },
@ -66,6 +68,7 @@ func DefaultConfig() PluginConfig {
MaxConcurrentDownloads: 3, MaxConcurrentDownloads: 3,
DisableProcMount: false, DisableProcMount: false,
TolerateMissingHugetlbController: true, TolerateMissingHugetlbController: true,
DisableHugetlbController: true,
IgnoreImageDefinedVolumes: false, IgnoreImageDefinedVolumes: false,
} }
} }

2
vendor/github.com/containerd/cri/pkg/config/config_windows.go generated vendored
View File

@ -54,7 +54,7 @@ func DefaultConfig() PluginConfig {
TLSKeyFile: "", TLSKeyFile: "",
TLSCertFile: "", TLSCertFile: "",
}, },
SandboxImage: "mcr.microsoft.com/k8s/core/pause:1.2.0", SandboxImage: "mcr.microsoft.com/oss/kubernetes/pause:1.4.0",
StatsCollectPeriod: 10, StatsCollectPeriod: 10,
MaxContainerLogLineSize: 16 * 1024, MaxContainerLogLineSize: 16 * 1024,
Registry: Registry{ Registry: Registry{

28
vendor/github.com/containerd/cri/pkg/containerd/opts/spec_unix.go generated vendored
View File

@ -408,7 +408,7 @@ func WithSelinuxLabels(process, mount string) oci.SpecOpts {
} }
// WithResources sets the provided resource restrictions // WithResources sets the provided resource restrictions
func WithResources(resources *runtime.LinuxContainerResources, tolerateMissingHugetlbController bool) oci.SpecOpts { func WithResources(resources *runtime.LinuxContainerResources, tolerateMissingHugetlbController, disableHugetlbController bool) oci.SpecOpts {
return func(ctx context.Context, client oci.Client, c *containers.Container, s *runtimespec.Spec) (err error) { return func(ctx context.Context, client oci.Client, c *containers.Container, s *runtimespec.Spec) (err error) {
if resources == nil { if resources == nil {
return nil return nil
@ -451,19 +451,21 @@ func WithResources(resources *runtime.LinuxContainerResources, tolerateMissingHu
if limit != 0 { if limit != 0 {
s.Linux.Resources.Memory.Limit = &limit s.Linux.Resources.Memory.Limit = &limit
} }
if isHugetlbControllerPresent() { if !disableHugetlbController {
for _, limit := range hugepages { if isHugetlbControllerPresent() {
s.Linux.Resources.HugepageLimits = append(s.Linux.Resources.HugepageLimits, runtimespec.LinuxHugepageLimit{ for _, limit := range hugepages {
Pagesize: limit.PageSize, s.Linux.Resources.HugepageLimits = append(s.Linux.Resources.HugepageLimits, runtimespec.LinuxHugepageLimit{
Limit: limit.Limit, Pagesize: limit.PageSize,
}) Limit: limit.Limit,
})
}
} else {
if !tolerateMissingHugetlbController {
return errors.Errorf("huge pages limits are specified but hugetlb cgroup controller is missing. " +
"Please set tolerate_missing_hugetlb_controller to `true` to ignore this error")
}
logrus.Warn("hugetlb cgroup controller is absent. skipping huge pages limits")
} }
} else {
if !tolerateMissingHugetlbController {
return errors.Errorf("huge pages limits are specified but hugetlb cgroup controller is missing. " +
"Please set tolerate_missing_hugetlb_controller to `true` to ignore this error")
}
logrus.Warn("hugetlb cgroup controller is absent. skipping huge pages limits")
} }
return nil return nil
} }

2
vendor/github.com/containerd/cri/pkg/server/container_create_unix.go generated vendored
View File

@ -225,7 +225,7 @@ func (c *criService) containerSpec(id string, sandboxID string, sandboxPid uint3
if c.config.DisableCgroup { if c.config.DisableCgroup {
specOpts = append(specOpts, customopts.WithDisabledCgroups) specOpts = append(specOpts, customopts.WithDisabledCgroups)
} else { } else {
specOpts = append(specOpts, customopts.WithResources(config.GetLinux().GetResources(), c.config.TolerateMissingHugetlbController)) specOpts = append(specOpts, customopts.WithResources(config.GetLinux().GetResources(), c.config.TolerateMissingHugetlbController, c.config.DisableHugetlbController))
if sandboxConfig.GetLinux().GetCgroupParent() != "" { if sandboxConfig.GetLinux().GetCgroupParent() != "" {
cgroupsPath := getCgroupsPath(sandboxConfig.GetLinux().GetCgroupParent(), id) cgroupsPath := getCgroupsPath(sandboxConfig.GetLinux().GetCgroupParent(), id)
specOpts = append(specOpts, oci.WithCgroup(cgroupsPath)) specOpts = append(specOpts, oci.WithCgroup(cgroupsPath))

6
vendor/github.com/containerd/cri/pkg/server/container_update_resources_unix.go generated vendored
View File

@ -73,7 +73,7 @@ func (c *criService) updateContainerResources(ctx context.Context,
return errors.Wrap(err, "failed to get container spec") return errors.Wrap(err, "failed to get container spec")
} }
newSpec, err := updateOCILinuxResource(ctx, oldSpec, resources, newSpec, err := updateOCILinuxResource(ctx, oldSpec, resources,
c.config.TolerateMissingHugetlbController) c.config.TolerateMissingHugetlbController, c.config.DisableHugetlbController)
if err != nil { if err != nil {
return errors.Wrap(err, "failed to update resource in spec") return errors.Wrap(err, "failed to update resource in spec")
} }
@ -134,7 +134,7 @@ func updateContainerSpec(ctx context.Context, cntr containerd.Container, spec *r
// updateOCILinuxResource updates container resource limit. // updateOCILinuxResource updates container resource limit.
func updateOCILinuxResource(ctx context.Context, spec *runtimespec.Spec, new *runtime.LinuxContainerResources, func updateOCILinuxResource(ctx context.Context, spec *runtimespec.Spec, new *runtime.LinuxContainerResources,
tolerateMissingHugetlbController bool) (*runtimespec.Spec, error) { tolerateMissingHugetlbController, disableHugetlbController bool) (*runtimespec.Spec, error) {
// Copy to make sure old spec is not changed. // Copy to make sure old spec is not changed.
var cloned runtimespec.Spec var cloned runtimespec.Spec
if err := util.DeepCopy(&cloned, spec); err != nil { if err := util.DeepCopy(&cloned, spec); err != nil {
@ -143,7 +143,7 @@ func updateOCILinuxResource(ctx context.Context, spec *runtimespec.Spec, new *ru
if cloned.Linux == nil { if cloned.Linux == nil {
cloned.Linux = &runtimespec.Linux{} cloned.Linux = &runtimespec.Linux{}
} }
if err := opts.WithResources(new, tolerateMissingHugetlbController)(ctx, nil, nil, &cloned); err != nil { if err := opts.WithResources(new, tolerateMissingHugetlbController, disableHugetlbController)(ctx, nil, nil, &cloned); err != nil {
return nil, errors.Wrap(err, "unable to set linux container resources") return nil, errors.Wrap(err, "unable to set linux container resources")
} }
return &cloned, nil return &cloned, nil