diff --git a/vendor.conf b/vendor.conf index bdeb27ddc..2f9779b2e 100644 --- a/vendor.conf +++ b/vendor.conf @@ -44,7 +44,7 @@ github.com/gotestyourself/gotestyourself 44dbf532bbf5767611f6f2a61bded572e337010 github.com/google/go-cmp v0.1.0 # cri dependencies -github.com/containerd/cri v1.0.0 +github.com/containerd/cri 8b0ecd87a54de2552954985ea3008caa7d76fd87 https://github.com/ehazlett/cri github.com/containerd/go-cni f2d7272f12d045b16ed924f50e91f9f9cecc55a7 github.com/blang/semver v3.1.0 github.com/containernetworking/cni v0.6.0 diff --git a/vendor/github.com/containerd/cri/README.md b/vendor/github.com/containerd/cri/README.md index 938b8dded..3ebdcffd8 100644 --- a/vendor/github.com/containerd/cri/README.md +++ b/vendor/github.com/containerd/cri/README.md @@ -1,7 +1,7 @@ # cri

- - + +

*Note: The standalone `cri-containerd` binary is end-of-life. `cri-containerd` is diff --git a/vendor/github.com/containerd/cri/pkg/containerd/opts/task.go b/vendor/github.com/containerd/cri/pkg/containerd/opts/task.go index 2d4475790..7cac8ca0c 100644 --- a/vendor/github.com/containerd/cri/pkg/containerd/opts/task.go +++ b/vendor/github.com/containerd/cri/pkg/containerd/opts/task.go @@ -20,7 +20,7 @@ import ( "context" "github.com/containerd/containerd" - "github.com/containerd/containerd/linux/runctypes" + "github.com/containerd/containerd/runtime/linux/runctypes" ) // WithContainerdShimCgroup returns function that sets the containerd diff --git a/vendor/github.com/containerd/cri/pkg/os/os.go b/vendor/github.com/containerd/cri/pkg/os/os.go index f0e7a3271..30252cbc2 100644 --- a/vendor/github.com/containerd/cri/pkg/os/os.go +++ b/vendor/github.com/containerd/cri/pkg/os/os.go @@ -22,9 +22,8 @@ import ( "os" "path/filepath" - containerdmount "github.com/containerd/containerd/mount" + "github.com/containerd/containerd/mount" "github.com/containerd/fifo" - "github.com/docker/docker/pkg/mount" "github.com/docker/docker/pkg/symlink" "golang.org/x/net/context" "golang.org/x/sys/unix" @@ -42,8 +41,8 @@ type OS interface { CopyFile(src, dest string, perm os.FileMode) error WriteFile(filename string, data []byte, perm os.FileMode) error Mount(source string, target string, fstype string, flags uintptr, data string) error - Unmount(target string, flags int) error - LookupMount(path string) (containerdmount.Info, error) + Unmount(target string) error + LookupMount(path string) (mount.Info, error) } // RealOS is used to dispatch the real system level operations. @@ -115,20 +114,23 @@ func (RealOS) Mount(source string, target string, fstype string, flags uintptr, } // Unmount will call Unmount to unmount the file. -func (RealOS) Unmount(target string, flags int) error { - return Unmount(target, flags) +func (RealOS) Unmount(target string) error { + return Unmount(target) } // LookupMount gets mount info of a given path. -func (RealOS) LookupMount(path string) (containerdmount.Info, error) { - return containerdmount.Lookup(path) +func (RealOS) LookupMount(path string) (mount.Info, error) { + return mount.Lookup(path) } -// Unmount will call unix.Unmount to unmount the file. The function doesn't -// return error if target is not mounted. -func Unmount(target string, flags int) error { - if mounted, err := mount.Mounted(target); err != nil || !mounted { - return err +// Unmount unmounts the target. It does not return an error in case the target is not mounted. +// In case the target does not exist, the appropriate error is returned. +func Unmount(target string) error { + err := unix.Unmount(target, unix.MNT_DETACH) + if err == unix.EINVAL { + // ignore "not mounted" error + err = nil } - return unix.Unmount(target, flags) + + return err } diff --git a/vendor/github.com/containerd/cri/pkg/server/container_create.go b/vendor/github.com/containerd/cri/pkg/server/container_create.go index c4f730d0d..6b1c5626e 100644 --- a/vendor/github.com/containerd/cri/pkg/server/container_create.go +++ b/vendor/github.com/containerd/cri/pkg/server/container_create.go @@ -27,9 +27,9 @@ import ( "github.com/containerd/containerd/containers" "github.com/containerd/containerd/contrib/apparmor" "github.com/containerd/containerd/contrib/seccomp" - "github.com/containerd/containerd/linux/runctypes" "github.com/containerd/containerd/mount" "github.com/containerd/containerd/oci" + "github.com/containerd/containerd/runtime/linux/runctypes" "github.com/containerd/typeurl" "github.com/davecgh/go-spew/spew" imagespec "github.com/opencontainers/image-spec/specs-go/v1" @@ -523,7 +523,7 @@ func clearReadOnly(m *runtimespec.Mount) { opt = append(opt, o) } } - m.Options = opt + m.Options = append(opt, "rw") } // addDevices set device mapping without privilege. @@ -662,7 +662,7 @@ func setOCIBindMountsPrivileged(g *generate.Generator) { spec := g.Spec() // clear readonly for /sys and cgroup for i, m := range spec.Mounts { - if spec.Mounts[i].Destination == "/sys" && !spec.Root.Readonly { + if spec.Mounts[i].Destination == "/sys" { clearReadOnly(&spec.Mounts[i]) } if m.Type == "cgroup" { diff --git a/vendor/github.com/containerd/cri/pkg/server/container_stats_list.go b/vendor/github.com/containerd/cri/pkg/server/container_stats_list.go index 3b4d8c93d..f0605ef77 100644 --- a/vendor/github.com/containerd/cri/pkg/server/container_stats_list.go +++ b/vendor/github.com/containerd/cri/pkg/server/container_stats_list.go @@ -109,8 +109,10 @@ func (c *criService) getContainerMetrics( } if metrics.Memory != nil && metrics.Memory.Usage != nil { cs.Memory = &runtime.MemoryUsage{ - Timestamp: stats.Timestamp.UnixNano(), - WorkingSetBytes: &runtime.UInt64Value{Value: metrics.Memory.Usage.Usage}, + Timestamp: stats.Timestamp.UnixNano(), + WorkingSetBytes: &runtime.UInt64Value{ + Value: getWorkingSet(metrics.Memory), + }, } } } @@ -167,3 +169,17 @@ func matchLabelSelector(selector, labels map[string]string) bool { } return true } + +// getWorkingSet calculates workingset memory from cgroup memory stats. +// The caller should make sure memory is not nil. +// workingset = usage - total_inactive_file +func getWorkingSet(memory *cgroups.MemoryStat) uint64 { + if memory.Usage == nil { + return 0 + } + var workingSet uint64 + if memory.TotalInactiveFile < memory.Usage.Usage { + workingSet = memory.Usage.Usage - memory.TotalInactiveFile + } + return workingSet +} diff --git a/vendor/github.com/containerd/cri/pkg/server/helpers.go b/vendor/github.com/containerd/cri/pkg/server/helpers.go index b09f28151..d5a314446 100644 --- a/vendor/github.com/containerd/cri/pkg/server/helpers.go +++ b/vendor/github.com/containerd/cri/pkg/server/helpers.go @@ -27,7 +27,7 @@ import ( "github.com/containerd/containerd" "github.com/containerd/containerd/containers" "github.com/containerd/containerd/content" - "github.com/containerd/containerd/linux/runctypes" + "github.com/containerd/containerd/runtime/linux/runctypes" "github.com/containerd/typeurl" "github.com/docker/distribution/reference" imagedigest "github.com/opencontainers/go-digest" diff --git a/vendor/github.com/containerd/cri/pkg/server/image_pull.go b/vendor/github.com/containerd/cri/pkg/server/image_pull.go index aea3db8c9..4db105e06 100644 --- a/vendor/github.com/containerd/cri/pkg/server/image_pull.go +++ b/vendor/github.com/containerd/cri/pkg/server/image_pull.go @@ -100,20 +100,14 @@ func (c *criService) PullImage(ctx context.Context, r *runtime.PullImageRequest) // image has already been converted. isSchema1 := desc.MediaType == containerdimages.MediaTypeDockerSchema1Manifest - // TODO(mikebrow): add truncIndex for image id image, err := c.client.Pull(ctx, ref, containerd.WithSchema1Conversion, containerd.WithResolver(resolver), + containerd.WithPullSnapshotter(c.config.ContainerdConfig.Snapshotter), + containerd.WithPullUnpack, ) if err != nil { - return nil, errors.Wrapf(err, "failed to pull image %q", ref) - } - - // Do best effort unpack. - logrus.Debugf("Unpack image %q", imageRef) - if err := image.Unpack(ctx, c.config.ContainerdConfig.Snapshotter); err != nil { - logrus.WithError(err).Warnf("Failed to unpack image %q", imageRef) - // Do not fail image pulling. Unpack will be retried before container creation. + return nil, errors.Wrapf(err, "failed to pull and unpack image %q", ref) } // Get image information. diff --git a/vendor/github.com/containerd/cri/pkg/server/sandbox_run.go b/vendor/github.com/containerd/cri/pkg/server/sandbox_run.go index cfa085835..5fa198e4a 100644 --- a/vendor/github.com/containerd/cri/pkg/server/sandbox_run.go +++ b/vendor/github.com/containerd/cri/pkg/server/sandbox_run.go @@ -24,8 +24,8 @@ import ( "github.com/containerd/containerd" containerdio "github.com/containerd/containerd/cio" "github.com/containerd/containerd/errdefs" - "github.com/containerd/containerd/linux/runctypes" "github.com/containerd/containerd/oci" + "github.com/containerd/containerd/runtime/linux/runctypes" cni "github.com/containerd/go-cni" "github.com/containerd/typeurl" imagespec "github.com/opencontainers/image-spec/specs-go/v1" @@ -494,16 +494,14 @@ func parseDNSOptions(servers, searches, options []string) (string, error) { } // unmountSandboxFiles unmount some sandbox files, we rely on the removal of sandbox root directory to -// remove these files. Unmount should *NOT* return error when: -// 1) The mount point is already unmounted. -// 2) The mount point doesn't exist. +// remove these files. Unmount should *NOT* return error if the mount point is already unmounted. func (c *criService) unmountSandboxFiles(id string, config *runtime.PodSandboxConfig) error { if config.GetLinux().GetSecurityContext().GetNamespaceOptions().GetIpc() != runtime.NamespaceMode_NODE { path, err := c.os.FollowSymlinkInScope(c.getSandboxDevShm(id), "/") if err != nil { return errors.Wrap(err, "failed to follow symlink") } - if err := c.os.Unmount(path, unix.MNT_DETACH); err != nil && !os.IsNotExist(err) { + if err := c.os.Unmount(path); err != nil && !os.IsNotExist(err) { return errors.Wrapf(err, "failed to unmount %q", path) } } diff --git a/vendor/github.com/containerd/cri/pkg/store/sandbox/netns.go b/vendor/github.com/containerd/cri/pkg/store/sandbox/netns.go index 5d56d9222..a96eb6aad 100644 --- a/vendor/github.com/containerd/cri/pkg/store/sandbox/netns.go +++ b/vendor/github.com/containerd/cri/pkg/store/sandbox/netns.go @@ -23,7 +23,6 @@ import ( cnins "github.com/containernetworking/plugins/pkg/ns" "github.com/docker/docker/pkg/symlink" "github.com/pkg/errors" - "golang.org/x/sys/unix" osinterface "github.com/containerd/cri/pkg/os" ) @@ -93,7 +92,7 @@ func (n *NetNS) Remove() error { if err != nil { return errors.Wrap(err, "failed to follow symlink") } - if err := osinterface.Unmount(path, unix.MNT_DETACH); err != nil && !os.IsNotExist(err) { + if err := osinterface.Unmount(path); err != nil && !os.IsNotExist(err) { return errors.Wrap(err, "failed to umount netns") } if err := os.RemoveAll(path); err != nil { diff --git a/vendor/github.com/containerd/cri/vendor.conf b/vendor/github.com/containerd/cri/vendor.conf index 0e9fdc8d9..f19ea3500 100644 --- a/vendor/github.com/containerd/cri/vendor.conf +++ b/vendor/github.com/containerd/cri/vendor.conf @@ -4,11 +4,11 @@ github.com/boltdb/bolt e9cf4fae01b5a8ff89d0ec6b32f0d9c9f79aefdd github.com/BurntSushi/toml a368813c5e648fee92e5f6c30e3944ff9d5e8895 github.com/containerd/cgroups fe281dd265766145e943a034aa41086474ea6130 github.com/containerd/console cb7008ab3d8359b78c5f464cb7cf160107ad5925 -github.com/containerd/containerd 1381f8fddc4f826e12b48d46c9def347d5aa338a -github.com/containerd/continuity 3e8f2ea4b190484acb976a5b378d373429639a1a +github.com/containerd/containerd 22c6a7625f745d597855600cffbae6210aea57fd https://github.com/ehazlett/containerd +github.com/containerd/continuity 2d3749b4da569ac97ca63dccba5eee4f5ee2beab github.com/containerd/fifo 3d5202aec260678c48179c56f40e6f38a095738c github.com/containerd/go-cni f2d7272f12d045b16ed924f50e91f9f9cecc55a7 -github.com/containerd/go-runc bcb223a061a3dd7de1a89c0b402a60f4dd9bd307 +github.com/containerd/go-runc f271fa2021de855d4d918dbef83c5fe19db1bdd5 github.com/containerd/typeurl f6943554a7e7e88b3c14aad190bf05932da84788 github.com/containernetworking/cni v0.6.0 github.com/containernetworking/plugins v0.7.0 @@ -34,8 +34,8 @@ github.com/hashicorp/go-multierror ed905158d87462226a13fe39ddf685ea65f1c11f github.com/json-iterator/go 1.0.4 github.com/matttproud/golang_protobuf_extensions v1.0.0 github.com/Microsoft/go-winio v0.4.5 -github.com/Microsoft/hcsshim v0.6.7 -github.com/opencontainers/go-digest 21dfd564fd89c944783d00d069f33e3e7123c448 +github.com/Microsoft/hcsshim v0.6.10 +github.com/opencontainers/go-digest c9281466c8b2f606084ac71339773efd177436e7 github.com/opencontainers/image-spec v1.0.1 github.com/opencontainers/runc 69663f0bd4b60df09991c08812a60108003fa340 github.com/opencontainers/runtime-spec v1.0.1 @@ -56,7 +56,7 @@ github.com/syndtr/gocapability db04d3cc01c8b54962a58ec7e491717d06cfcc16 github.com/tchap/go-patricia 5ad6cdb7538b0097d5598c7e57f0a24072adf7dc github.com/urfave/cli 7bc6a0acffa589f415f88aca16cc1de5ffd66f9c golang.org/x/crypto 49796115aa4b964c318aad4f3084fdb41e9aa067 -golang.org/x/net 7dcfb8076726a3fdd9353b6b8a1f1b6be6811bd6 +golang.org/x/net b3756b4b77d7b13260a0a2ec658753cf48922eac golang.org/x/sync 450f422ab23cf9881c94e2db30cac0eb1b7cf80c golang.org/x/sys 314a259e304ff91bd6985da2a7149bbf91237993 https://github.com/golang/sys golang.org/x/text 19e51611da83d6be54ddafce4a4af510cb3e9ea4