github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Import ocicni update from https://github.com/Random-Liu/ocicni

Browse Source 
Signed-off-by: Lantao Liu <lantaol@google.com>
This commit is contained in:
Lantao Liu 2017-08-23 01:24:19 +00:00
parent af83d3e1f7
commit 8f898cb3b8
16 changed files with 169 additions and 2203 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
pkg/server/testing/fake_cni_plugin.go
View File

@ -23,7 +23,7 @@ import (
"sync"
"time"
"github.com/kubernetes-incubator/cri-o/pkg/ocicni"
"github.com/cri-o/ocicni"
)
// CalledDetail is the struct contains called function name and arguments.
@ -34,20 +34,12 @@ type CalledDetail struct {
Argument interface{}
}
// CNIPluginArgument is arguments used to call CNI related functions.
type CNIPluginArgument struct {
NetnsPath string
Namespace string
Name string
ContainerID string
}
// FakeCNIPlugin is a fake plugin used for test.
type FakeCNIPlugin struct {
sync.Mutex
called []CalledDetail
errors map[string]error
IPMap map[CNIPluginArgument]string
IPMap map[string]string
}
// getError get error for call
@ -108,18 +100,17 @@ func (f *FakeCNIPlugin) GetCalledDetails() []CalledDetail {
}
// SetFakePodNetwork sets the given IP for given arguments.
func (f *FakeCNIPlugin) SetFakePodNetwork(netnsPath string, namespace string, name string, containerID string, ip string) {
func (f *FakeCNIPlugin) SetFakePodNetwork(podNetwork ocicni.PodNetwork, ip string) {
f.Lock()
defer f.Unlock()
arg := CNIPluginArgument{netnsPath, namespace, name, containerID}
f.IPMap[arg] = ip
f.IPMap[podNetwork.NetNS] = ip
}
// NewFakeCNIPlugin create a FakeCNIPlugin.
func NewFakeCNIPlugin() ocicni.CNIPlugin {
return &FakeCNIPlugin{
errors: make(map[string]error),
IPMap: make(map[CNIPluginArgument]string),
IPMap: make(map[string]string),
}
}
@ -129,45 +120,42 @@ func (f *FakeCNIPlugin) Name() string {
}
// SetUpPod setup the network of PodSandbox.
func (f *FakeCNIPlugin) SetUpPod(netnsPath string, namespace string, name string, containerID string) error {
func (f *FakeCNIPlugin) SetUpPod(podNetwork ocicni.PodNetwork) error {
f.Lock()
defer f.Unlock()
arg := CNIPluginArgument{netnsPath, namespace, name, containerID}
f.appendCalled("SetUpPod", arg)
f.appendCalled("SetUpPod", podNetwork)
if err := f.getError("SetUpPod"); err != nil {
return err
}
f.IPMap[arg] = generateIP()
f.IPMap[podNetwork.NetNS] = generateIP()
return nil
}
// TearDownPod teardown the network of PodSandbox.
func (f *FakeCNIPlugin) TearDownPod(netnsPath string, namespace string, name string, containerID string) error {
func (f *FakeCNIPlugin) TearDownPod(podNetwork ocicni.PodNetwork) error {
f.Lock()
defer f.Unlock()
arg := CNIPluginArgument{netnsPath, namespace, name, containerID}
f.appendCalled("TearDownPod", arg)
f.appendCalled("TearDownPod", podNetwork)
if err := f.getError("TearDownPod"); err != nil {
return err
}
_, ok := f.IPMap[arg]
_, ok := f.IPMap[podNetwork.NetNS]
if !ok {
return fmt.Errorf("failed to find the IP")
}
delete(f.IPMap, arg)
delete(f.IPMap, podNetwork.NetNS)
return nil
}
// GetContainerNetworkStatus get the status of network.
func (f *FakeCNIPlugin) GetContainerNetworkStatus(netnsPath string, namespace string, name string, containerID string) (string, error) {
// GetPodNetworkStatus get the status of network.
func (f *FakeCNIPlugin) GetPodNetworkStatus(netnsPath string) (string, error) {
f.Lock()
defer f.Unlock()
arg := CNIPluginArgument{netnsPath, namespace, name, containerID}
f.appendCalled("GetContainerNetworkStatus", arg)
if err := f.getError("GetContainerNetworkStatus"); err != nil {
f.appendCalled("GetPodNetworkStatus", netnsPath)
if err := f.getError("GetPodNetworkStatus"); err != nil {
return "", err
}
ip, ok := f.IPMap[arg]
ip, ok := f.IPMap[netnsPath]
if !ok {
return "", fmt.Errorf("failed to find the IP")
}

4
vendor.conf
View File

@ -2,7 +2,8 @@ github.com/blang/semver v3.1.0
github.com/boltdb/bolt v1.3.0-58-ge9cf4fa
github.com/containerd/containerd f79981c2dfe35c3bfcbdd2de9b682e8c3de904b2
github.com/containerd/fifo fbfb6a11ec671efbe94ad1c12c2e98773f19e1e6
github.com/containernetworking/cni v0.4.0
github.com/containernetworking/cni v0.6.0
github.com/cri-o/ocicni 3bb422584a0755d73718085e0edc355619b5973e https://github.com/Random-Liu/ocicni.git
github.com/davecgh/go-spew v1.1.0
github.com/docker/distribution b38e5838b7b2f2ad48e06ec4b500011976080621
github.com/docker/docker cc4da8112814cdbb00dbf23370f9ed764383de1f
@ -21,7 +22,6 @@ github.com/go-openapi/spec 6aced65f8501fe1217321abf0749d354824ba2ff
github.com/go-openapi/swag 1d0bd113de87027671077d3c71eb3ac5d7dbba72
github.com/jpillora/backoff 06c7a16c845dc8e0bf575fafeeca0f5462f5eb4d
github.com/juju/ratelimit 5b9ff866471762aa2ab2dced63c9fb6f53921342
github.com/kubernetes-incubator/cri-o 63a218a45844fd912f482dc85f9cc149e68e0e57
github.com/mailru/easyjson d5b7844b561a7bc640052f1b935f7b800330d7e0
github.com/Microsoft/go-winio v0.4.4
github.com/opencontainers/go-digest 21dfd564fd89c944783d00d069f33e3e7123c448

0
vendor/github.com/kubernetes-incubator/cri-o/pkg/ocicni/LICENSE → vendor/github.com/cri-o/ocicni/LICENSE generated vendored
View File

0
vendor/github.com/kubernetes-incubator/cri-o/pkg/ocicni/README.md → vendor/github.com/cri-o/ocicni/README.md generated vendored
View File

24
vendor/github.com/cri-o/ocicni/noop.go generated vendored Normal file
View File

@ -0,0 +1,24 @@
package ocicni
type cniNoOp struct {
}
func (noop *cniNoOp) Name() string {
return "CNINoOp"
}
func (noop *cniNoOp) SetUpPod(network PodNetwork) error {
return nil
}
func (noop *cniNoOp) TearDownPod(network PodNetwork) error {
return nil
}
func (noop *cniNoOp) GetPodNetworkStatus(netnsPath string) (string, error) {
return "", nil
}
func (noop *cniNoOp) Status() error {
return nil
}

99
vendor/github.com/kubernetes-incubator/cri-o/pkg/ocicni/ocicni.go → vendor/github.com/cri-o/ocicni/ocicni.go generated vendored
View File

@ -5,6 +5,7 @@ import (
"fmt"
"os/exec"
"sort"
"strings"
"sync"
"github.com/containernetworking/cni/libcni"
@ -29,7 +30,7 @@ type cniNetworkPlugin struct {
type cniNetwork struct {
name string
NetworkConfig *libcni.NetworkConfig
NetworkConfig *libcni.NetworkConfigList
CNIConfig libcni.CNI
}
@ -128,7 +129,7 @@ func getDefaultCNINetwork(pluginDir string, cniDirs []string, vendorCNIDirPrefix
cniDirs = []string{DefaultCNIDir}
}
files, err := libcni.ConfFiles(pluginDir)
files, err := libcni.ConfFiles(pluginDir, []string{".conf", ".conflist", ".json"})
switch {
case err != nil:
return nil, err
@ -138,19 +139,39 @@ func getDefaultCNINetwork(pluginDir string, cniDirs []string, vendorCNIDirPrefix
sort.Strings(files)
for _, confFile := range files {
conf, err := libcni.ConfFromFile(confFile)
if err != nil {
logrus.Warningf("Error loading CNI config file %s: %v", confFile, err)
var confList *libcni.NetworkConfigList
if strings.HasSuffix(confFile, ".conflist") {
confList, err = libcni.ConfListFromFile(confFile)
if err != nil {
logrus.Warningf("Error loading CNI config list file %s: %v", confFile, err)
continue
}
} else {
conf, err := libcni.ConfFromFile(confFile)
if err != nil {
logrus.Warningf("Error loading CNI config file %s: %v", confFile, err)
continue
}
if conf.Network.Type == "" {
logrus.Warningf("Error loading CNI config file %s: no 'type'; perhaps this is a .conflist?", confFile)
continue
}
confList, err = libcni.ConfListFromConf(conf)
if err != nil {
logrus.Warningf("Error converting CNI config file %s to list: %v", confFile, err)
continue
}
}
if len(confList.Plugins) == 0 {
logrus.Warningf("CNI config list %s has no networks, skipping", confFile)
continue
}
// Search for vendor-specific plugins as well as default plugins in the CNI codebase.
vendorDir := vendorCNIDir(vendorCNIDirPrefix, conf.Network.Type)
vendorDir := vendorCNIDir(vendorCNIDirPrefix, confList.Plugins[0].Network.Type)
cninet := &libcni.CNIConfig{
Path: append(cniDirs, vendorDir),
}
network := &cniNetwork{name: conf.Network.Name, NetworkConfig: conf, CNIConfig: cninet}
network := &cniNetwork{name: confList.Name, NetworkConfig: confList, CNIConfig: cninet}
return network, nil
}
return nil, fmt.Errorf("No valid networks found in %s", pluginDir)
@ -165,17 +186,19 @@ func getLoNetwork(cniDirs []string, vendorDirPrefix string) *cniNetwork {
cniDirs = []string{DefaultCNIDir}
}
loConfig, err := libcni.ConfFromBytes([]byte(`{
"cniVersion": "0.1.0",
loConfig, err := libcni.ConfListFromBytes([]byte(`{
"cniVersion": "0.2.0",
"name": "cni-loopback",
"type": "loopback"
"plugins": [{
"type": "loopback"
}]
}`))
if err != nil {
// The hardcoded config above should always be valid and unit tests will
// catch this
panic(err)
}
vendorDir := vendorCNIDir(vendorDirPrefix, loConfig.Network.Type)
vendorDir := vendorCNIDir(vendorDirPrefix, loConfig.Plugins[0].Network.Type)
cninet := &libcni.CNIConfig{
Path: append(cniDirs, vendorDir),
}
@ -222,18 +245,18 @@ func (plugin *cniNetworkPlugin) Name() string {
return CNIPluginName
}
func (plugin *cniNetworkPlugin) SetUpPod(netnsPath string, namespace string, name string, id string) error {
func (plugin *cniNetworkPlugin) SetUpPod(podNetwork PodNetwork) error {
if err := plugin.checkInitialized(); err != nil {
return err
}
_, err := plugin.loNetwork.addToNetwork(name, namespace, id, netnsPath)
_, err := plugin.loNetwork.addToNetwork(podNetwork)
if err != nil {
logrus.Errorf("Error while adding to cni lo network: %s", err)
return err
}
_, err = plugin.getDefaultNetwork().addToNetwork(name, namespace, id, netnsPath)
_, err = plugin.getDefaultNetwork().addToNetwork(podNetwork)
if err != nil {
logrus.Errorf("Error while adding to cni network: %s", err)
return err
@ -242,17 +265,17 @@ func (plugin *cniNetworkPlugin) SetUpPod(netnsPath string, namespace string, nam
return err
}
func (plugin *cniNetworkPlugin) TearDownPod(netnsPath string, namespace string, name string, id string) error {
func (plugin *cniNetworkPlugin) TearDownPod(podNetwork PodNetwork) error {
if err := plugin.checkInitialized(); err != nil {
return err
}
return plugin.getDefaultNetwork().deleteFromNetwork(name, namespace, id, netnsPath)
return plugin.getDefaultNetwork().deleteFromNetwork(podNetwork)
}
// TODO: Use the addToNetwork function to obtain the IP of the Pod. That will assume idempotent ADD call to the plugin.
// Also fix the runtime's call to Status function to be done only in the case that the IP is lost, no need to do periodic calls
func (plugin *cniNetworkPlugin) GetContainerNetworkStatus(netnsPath string, namespace string, name string, id string) (string, error) {
func (plugin *cniNetworkPlugin) GetPodNetworkStatus(netnsPath string) (string, error) {
ip, err := getContainerIP(plugin.nsenterPath, netnsPath, DefaultInterfaceName, "-4")
if err != nil {
return "", err
@ -261,16 +284,16 @@ func (plugin *cniNetworkPlugin) GetContainerNetworkStatus(netnsPath string, name
return ip.String(), nil
}
func (network *cniNetwork) addToNetwork(podName string, podNamespace string, podInfraContainerID string, podNetnsPath string) (*cnitypes.Result, error) {
rt, err := buildCNIRuntimeConf(podName, podNamespace, podInfraContainerID, podNetnsPath)
func (network *cniNetwork) addToNetwork(podNetwork PodNetwork) (cnitypes.Result, error) {
rt, err := buildCNIRuntimeConf(podNetwork)
if err != nil {
logrus.Errorf("Error adding network: %v", err)
return nil, err
}
netconf, cninet := network.NetworkConfig, network.CNIConfig
logrus.Infof("About to run with conf.Network.Type=%v", netconf.Network.Type)
res, err := cninet.AddNetwork(netconf, rt)
logrus.Infof("About to add CNI network %v (type=%v)", netconf.Name, netconf.Plugins[0].Network.Type)
res, err := cninet.AddNetworkList(netconf, rt)
if err != nil {
logrus.Errorf("Error adding network: %v", err)
return nil, err
@ -279,16 +302,16 @@ func (network *cniNetwork) addToNetwork(podName string, podNamespace string, pod
return res, nil
}
func (network *cniNetwork) deleteFromNetwork(podName string, podNamespace string, podInfraContainerID string, podNetnsPath string) error {
rt, err := buildCNIRuntimeConf(podName, podNamespace, podInfraContainerID, podNetnsPath)
func (network *cniNetwork) deleteFromNetwork(podNetwork PodNetwork) error {
rt, err := buildCNIRuntimeConf(podNetwork)
if err != nil {
logrus.Errorf("Error deleting network: %v", err)
return err
}
netconf, cninet := network.NetworkConfig, network.CNIConfig
logrus.Infof("About to run with conf.Network.Type=%v", netconf.Network.Type)
err = cninet.DelNetwork(netconf, rt)
logrus.Infof("About to del CNI network %v (type=%v)", netconf.Name, netconf.Plugins[0].Network.Type)
err = cninet.DelNetworkList(netconf, rt)
if err != nil {
logrus.Errorf("Error deleting network: %v", err)
return err
@ -296,22 +319,28 @@ func (network *cniNetwork) deleteFromNetwork(podName string, podNamespace string
return nil
}
func buildCNIRuntimeConf(podName string, podNs string, podInfraContainerID string, podNetnsPath string) (*libcni.RuntimeConf, error) {
logrus.Infof("Got netns path %v", podNetnsPath)
logrus.Infof("Using netns path %v", podNs)
func buildCNIRuntimeConf(podNetwork PodNetwork) (*libcni.RuntimeConf, error) {
logrus.Infof("Got pod network %+v", podNetwork)
rt := &libcni.RuntimeConf{
ContainerID: podInfraContainerID,
NetNS: podNetnsPath,
ContainerID: podNetwork.ID,
NetNS: podNetwork.NetNS,
IfName: DefaultInterfaceName,
Args: [][2]string{
{"IgnoreUnknown", "1"},
{"K8S_POD_NAMESPACE", podNs},
{"K8S_POD_NAME", podName},
{"K8S_POD_INFRA_CONTAINER_ID", podInfraContainerID},
{"K8S_POD_NAMESPACE", podNetwork.Namespace},
{"K8S_POD_NAME", podNetwork.Name},
{"K8S_POD_INFRA_CONTAINER_ID", podNetwork.ID},
},
}
if len(podNetwork.PortMappings) == 0 {
return rt, nil
}
rt.CapabilityArgs = map[string]interface{}{
"portMappings": podNetwork.PortMappings,
}
return rt, nil
}

62
vendor/github.com/cri-o/ocicni/types.go generated vendored Normal file
View File

@ -0,0 +1,62 @@
package ocicni
const (
// DefaultInterfaceName is the string to be used for the interface name inside the net namespace
DefaultInterfaceName = "eth0"
// CNIPluginName is the default name of the plugin
CNIPluginName = "cni"
// DefaultNetDir is the place to look for CNI Network
DefaultNetDir = "/etc/cni/net.d"
// DefaultCNIDir is the place to look for cni config files
DefaultCNIDir = "/opt/cni/bin"
// VendorCNIDirTemplate is the template for looking up vendor specific cni config/executable files
VendorCNIDirTemplate = "%s/opt/%s/bin"
)
// PortMapping maps to the standard CNI portmapping Capability
// see: https://github.com/containernetworking/cni/blob/master/CONVENTIONS.md
type PortMapping struct {
// HostPort is the port number on the host.
HostPort int32 `json:"hostPort"`
// ContainerPort is the port number inside the sandbox.
ContainerPort int32 `json:"containerPort"`
// Protocol is the protocol of the port mapping.
Protocol string `json:"protocol"`
// HostIP is the host ip to use.
HostIP string `json:"hostIP"`
}
// PodNetwork configures the network of a pod sandbox.
type PodNetwork struct {
// Name is the name of the sandbox.
Name string
// Namespace is the namespace of the sandbox.
Namespace string
// ID is the id of the sandbox container.
ID string
// NetNS is the network namespace path of the sandbox.
NetNS string
// PortMappings is the port mapping of the sandbox.
PortMappings []PortMapping
}
// CNIPlugin is the interface that needs to be implemented by a plugin
type CNIPlugin interface {
// Name returns the plugin's name. This will be used when searching
// for a plugin by name, e.g.
Name() string
// SetUpPod is the method called after the sandbox container of
// the pod has been created but before the other containers of the
// pod are launched.
SetUpPod(network PodNetwork) error
// TearDownPod is the method called before a pod's sandbox container will be deleted
TearDownPod(network PodNetwork) error
// Status is the method called to obtain the ipv4 or ipv6 addresses of the pod sandbox
GetPodNetworkStatus(netnsPath string) (string, error)
// NetworkStatus returns error if the network plugin is in error state
Status() error
}

0
vendor/github.com/kubernetes-incubator/cri-o/pkg/ocicni/util.go → vendor/github.com/cri-o/ocicni/util.go generated vendored
View File

201
vendor/github.com/kubernetes-incubator/cri-o/LICENSE generated vendored
View File

@ -1,201 +0,0 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following
boilerplate notice, with the fields enclosed by brackets "{}"
replaced with your own identifying information. (Don't include
the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a
file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier
identification within third-party archives.
Copyright {yyyy} {name of copyright owner}
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

217
vendor/github.com/kubernetes-incubator/cri-o/README.md generated vendored
View File

@ -1,217 +0,0 @@
![cri-o logo](https://cdn.rawgit.com/kubernetes-incubator/cri-o/master/logo/crio-logo.svg)
# cri-o - OCI-based implementation of Kubernetes Container Runtime Interface
[![Build Status](https://img.shields.io/travis/kubernetes-incubator/cri-o.svg?maxAge=2592000&style=flat-square)](https://travis-ci.org/kubernetes-incubator/cri-o)
[![Go Report Card](https://goreportcard.com/badge/github.com/kubernetes-incubator/cri-o?style=flat-square)](https://goreportcard.com/report/github.com/kubernetes-incubator/cri-o)
### Status: alpha
## What is the scope of this project?
cri-o is meant to provide an integration path between OCI conformant runtimes and the kubelet.
Specifically, it implements the Kubelet Container Runtime Interface (CRI) using OCI conformant runtimes.
The scope of cri-o is tied to the scope of the CRI.
At a high level, we expect the scope of cri-o to be restricted to the following functionalities:
* Support multiple image formats including the existing Docker image format
* Support for multiple means to download images including trust & image verification
* Container image management (managing image layers, overlay filesystems, etc)
* Container process lifecycle management
* Monitoring and logging required to satisfy the CRI
* Resource isolation as required by the CRI
## What is not in scope for this project?
* Building, signing and pushing images to various image storages
* A CLI utility for interacting with cri-o. Any CLIs built as part of this project are only meant for testing this project and there will be no guarantees on the backwards compatibility with it.
This is an implementation of the Kubernetes Container Runtime Interface (CRI) that will allow Kubernetes to directly launch and manage Open Container Initiative (OCI) containers.
The plan is to use OCI projects and best of breed libraries for different aspects:
- Runtime: [runc](https://github.com/opencontainers/runc) (or any OCI runtime-spec implementation) and [oci runtime tools](https://github.com/opencontainers/runtime-tools)
- Images: Image management using [containers/image](https://github.com/containers/image)
- Storage: Storage and management of image layers using [containers/storage](https://github.com/containers/storage)
- Networking: Networking support through use of [CNI](https://github.com/containernetworking/cni)
It is currently in active development in the Kubernetes community through the [design proposal](https://github.com/kubernetes/kubernetes/pull/26788). Questions and issues should be raised in the Kubernetes [sig-node Slack channel](https://kubernetes.slack.com/archives/sig-node).
## Commands
| Command | Description |
| ---------------------------------------------------- | ---------------------------------------------------------------------------------------------------- |
| [crio(8)](/docs/crio.8.md) | Enable OCI Kubernetes Container Runtime daemon |
| [kpod(1)](/docs/kpod.1.md) | Simple management tool for pods and images |
| [kpod-history(1)](/docs/kpod-history.1.md)] | Shows the history of an image |
| [kpod-images(1)](/docs/kpod-images.1.md) | List images in local storage |
| [kpod-inspect(1)](/docs/kpod-inspect.1.md) | Display the configuration of a container or image |
| [kpod-load(1)](/docs/kpod-load.1.md) | Load an image from docker archive or oci |
| [kpod-pull(1)](/docs/kpod-pull.1.md) | Pull an image from a registry |
| [kpod-push(1)](/docs/kpod-push.1.md) | Push an image to a specified destination |
| [kpod-rmi(1)](/docs/kpod-rmi.1.md) | Removes one or more images |
| [kpod-save(1)](/docs/kpod-save.1.md) | Saves an image to an archive |
| [kpod-tag(1)](/docs/kpod-tag.1.md) | Add an additional name to a local image |
| [kpod-version(1)](/docs/kpod-version.1.md) | Display the Kpod Version Information |
## Configuration
| File | Description |
| ---------------------------------------------------- | ---------------------------------------------------------------------------------------------------- |
| [crio.conf(5)](/docs/crio.conf.5.md) | CRI-O Configuation file |
## Communication
For async communication and long running discussions please use issues and pull requests on the github repo. This will be the best place to discuss design and implementation.
For sync communication we have an IRC channel #cri-o, on chat.freenode.net, that everyone is welcome to join and chat about development.
## Getting started
### Prerequisites
Latest verion of `runc` is expected to be installed on the system. It is picked up as the default runtime by crio.
### Build Dependencies
**Required**
Fedora, CentOS, RHEL, and related distributions:
```bash
yum install -y \
btrfs-progs-devel \
device-mapper-devel \
glib2-devel \
glibc-devel \
glibc-static \
gpgme-devel \
libassuan-devel \
libgpg-error-devel \
libseccomp-devel \
libselinux-devel \
ostree-devel \
pkgconfig \
runc
```
Debian, Ubuntu, and related distributions:
```bash
apt install -y \
btrfs-tools \
libassuan-dev \
libdevmapper-dev \
libglib2.0-dev \
libc6-dev \
libgpgme11-dev \
libgpg-error-dev \
libseccomp-dev \
libselinux1-dev \
pkg-config \
runc
```
Debian, Ubuntu, and related distributions will also need a copy of the development libraries for `ostree`, either in the form of the `libostree-dev` package from the [flatpak](https://launchpad.net/~alexlarsson/+archive/ubuntu/flatpak) PPA, or built [from source](https://github.com/ostreedev/ostree) (more on that [here](https://ostree.readthedocs.io/en/latest/#building)).
If using an older release or a long-term support release, be careful to double-check that the version of `runc` is new enough (running `runc --version` should produce `spec: 1.0.0`), or else build your own.
**Optional**
Fedora, CentOS, RHEL, and related distributions:
(no optional packages)
Debian, Ubuntu, and related distributions:
```bash
apt install -y \
libapparmor-dev
```
### Get Source Code
As with other Go projects, cri-o must be cloned into a directory structure like:
```
GOPATH
└── src
└── github.com
└── kubernetes-incubator
└── cri-o
```
First, configure a `GOPATH` (if you are using go1.8 or later, this defaults to `~/go`).
```bash
export GOPATH=~/go
mkdir -p $GOPATH
```
Next, clone the source code using:
```bash
mkdir -p $GOPATH/src/github.com/kubernetes-incubator
cd $_ # or cd $GOPATH/src/github.com/kubernetes-incubator
git clone https://github.com/kubernetes-incubator/cri-o # or your fork
cd cri-o
```
### Build
```bash
make install.tools
make
sudo make install
```
Otherwise, if you do not want to build `cri-o` with seccomp support you can add `BUILDTAGS=""` when running make.
```bash
make BUILDTAGS=""
sudo make install
```
#### Build Tags
`cri-o` supports optional build tags for compiling support of various features.
To add build tags to the make option the `BUILDTAGS` variable must be set.
```bash
make BUILDTAGS='seccomp apparmor'
```
| Build Tag | Feature | Dependency |
|-----------|------------------------------------|-------------|
| seccomp | syscall filtering | libseccomp |
| selinux | selinux process and mount labeling | libselinux |
| apparmor | apparmor profile support | libapparmor |
### Running pods and containers
Follow this [tutorial](tutorial.md) to get started with CRI-O.
### Setup CNI networking
A proper description of setting up CNI networking is given in the
[`contrib/cni` README](contrib/cni/README.md). But the gist is that you need to
have some basic network configurations enabled and CNI plugins installed on
your system.
### Running with kubernetes
You can run a local version of kubernetes with cri-o using `local-up-cluster.sh`:
1. Clone the [kubernetes repository](https://github.com/kubernetes/kubernetes)
1. Start the cri-o daemon (`crio`)
1. From the kubernetes project directory, run: `CONTAINER_RUNTIME=remote CONTAINER_RUNTIME_ENDPOINT='/var/run/crio.sock --runtime-request-timeout=15m' ./hack/local-up-cluster.sh`
To run a full cluster, see [the instructions](kubernetes.md).
### Current Roadmap
1. Basic pod/container lifecycle, basic image pull (done)
1. Support for tty handling and state management (done)
1. Basic integration with kubelet once client side changes are ready (done)
1. Support for log management, networking integration using CNI, pluggable image/storage management (done)
1. Support for exec/attach (done)
1. Target fully automated kubernetes testing without failures [e2e status](https://github.com/kubernetes-incubator/cri-o/issues/533)
1. Release 1.0
1. Track upstream k8s releases

149
vendor/github.com/kubernetes-incubator/cri-o/conmon/cmsg.c generated vendored
View File

@ -1,149 +0,0 @@
/*
* Copyright 2016 SUSE LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/* NOTE: This code comes directly from runc/libcontainer/utils/cmsg.c. */
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <unistd.h>
#include "cmsg.h"
#define error(fmt, ...) \
({ \
fprintf(stderr, "nsenter: " fmt ": %m\n", ##__VA_ARGS__); \
errno = ECOMM; \
goto err; /* return value */ \
})
/*
* Sends a file descriptor along the sockfd provided. Returns the return
* value of sendmsg(2). Any synchronisation and preparation of state
* should be done external to this (we expect the other side to be in
* recvfd() in the code).
*/
ssize_t sendfd(int sockfd, struct file_t file)
{
struct msghdr msg = {0};
struct iovec iov[1] = {0};
struct cmsghdr *cmsg;
int *fdptr;
union {
char buf[CMSG_SPACE(sizeof(file.fd))];
struct cmsghdr align;
} u;
/*
* We need to send some other data along with the ancillary data,
* otherwise the other side won't recieve any data. This is very
* well-hidden in the documentation (and only applies to
* SOCK_STREAM). See the bottom part of unix(7).
*/
iov[0].iov_base = file.name;
iov[0].iov_len = strlen(file.name) + 1;
msg.msg_name = NULL;
msg.msg_namelen = 0;
msg.msg_iov = iov;
msg.msg_iovlen = 1;
msg.msg_control = u.buf;
msg.msg_controllen = sizeof(u.buf);
cmsg = CMSG_FIRSTHDR(&msg);
cmsg->cmsg_level = SOL_SOCKET;
cmsg->cmsg_type = SCM_RIGHTS;
cmsg->cmsg_len = CMSG_LEN(sizeof(int));
fdptr = (int *) CMSG_DATA(cmsg);
memcpy(fdptr, &file.fd, sizeof(int));
return sendmsg(sockfd, &msg, 0);
}
/*
* Receives a file descriptor from the sockfd provided. Returns the file
* descriptor as sent from sendfd(). It will return the file descriptor
* or die (literally) trying. Any synchronisation and preparation of
* state should be done external to this (we expect the other side to be
* in sendfd() in the code).
*/
struct file_t recvfd(int sockfd)
{
struct msghdr msg = {0};
struct iovec iov[1] = {0};
struct cmsghdr *cmsg;
struct file_t file = {0};
int *fdptr;
int olderrno;
union {
char buf[CMSG_SPACE(sizeof(file.fd))];
struct cmsghdr align;
} u;
/* Allocate a buffer. */
/* TODO: Make this dynamic with MSG_PEEK. */
file.name = malloc(TAG_BUFFER);
if (!file.name)
error("recvfd: failed to allocate file.tag buffer\n");
/*
* We need to "recieve" the non-ancillary data even though we don't
* plan to use it at all. Otherwise, things won't work as expected.
* See unix(7) and other well-hidden documentation.
*/
iov[0].iov_base = file.name;
iov[0].iov_len = TAG_BUFFER;
msg.msg_name = NULL;
msg.msg_namelen = 0;
msg.msg_iov = iov;
msg.msg_iovlen = 1;
msg.msg_control = u.buf;
msg.msg_controllen = sizeof(u.buf);
ssize_t ret = recvmsg(sockfd, &msg, 0);
if (ret < 0)
goto err;
cmsg = CMSG_FIRSTHDR(&msg);
if (!cmsg)
error("recvfd: got NULL from CMSG_FIRSTHDR");
if (cmsg->cmsg_level != SOL_SOCKET)
error("recvfd: expected SOL_SOCKET in cmsg: %d", cmsg->cmsg_level);
if (cmsg->cmsg_type != SCM_RIGHTS)
error("recvfd: expected SCM_RIGHTS in cmsg: %d", cmsg->cmsg_type);
if (cmsg->cmsg_len != CMSG_LEN(sizeof(int)))
error("recvfd: expected correct CMSG_LEN in cmsg: %lu", cmsg->cmsg_len);
fdptr = (int *) CMSG_DATA(cmsg);
if (!fdptr || *fdptr < 0)
error("recvfd: recieved invalid pointer");
file.fd = *fdptr;
return file;
err:
olderrno = errno;
free(file.name);
errno = olderrno;
return (struct file_t){0};
}

38
vendor/github.com/kubernetes-incubator/cri-o/conmon/cmsg.h generated vendored
View File

@ -1,38 +0,0 @@
/*
* Copyright 2016 SUSE LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
/* NOTE: This code comes directly from runc/libcontainer/utils/cmsg.h. */
#pragma once
#if !defined(CMSG_H)
#define CMSG_H
#include <sys/types.h>
/* TODO: Implement this properly with MSG_PEEK. */
#define TAG_BUFFER 4096
/* This mirrors Go's (*os.File). */
struct file_t {
char *name;
int fd;
};
struct file_t recvfd(int sockfd);
ssize_t sendfd(int sockfd, struct file_t file);
#endif /* !defined(CMSG_H) */

1400
vendor/github.com/kubernetes-incubator/cri-o/conmon/conmon.c generated vendored
View File

File diff suppressed because it is too large Load Diff

24
vendor/github.com/kubernetes-incubator/cri-o/pkg/ocicni/noop.go generated vendored
View File

@ -1,24 +0,0 @@
package ocicni
type cniNoOp struct {
}
func (noop *cniNoOp) Name() string {
return "CNINoOp"
}
func (noop *cniNoOp) SetUpPod(netnsPath string, namespace string, name string, containerID string) error {
return nil
}
func (noop *cniNoOp) TearDownPod(netnsPath string, namespace string, name string, containerID string) error {
return nil
}
func (noop *cniNoOp) GetContainerNetworkStatus(netnsPath string, namespace string, name string, containerID string) (string, error) {
return "", nil
}
func (noop *cniNoOp) Status() error {
return nil
}

35
vendor/github.com/kubernetes-incubator/cri-o/pkg/ocicni/types.go generated vendored
View File

@ -1,35 +0,0 @@
package ocicni
const (
// DefaultInterfaceName is the string to be used for the interface name inside the net namespace
DefaultInterfaceName = "eth0"
// CNIPluginName is the default name of the plugin
CNIPluginName = "cni"
// DefaultNetDir is the place to look for CNI Network
DefaultNetDir = "/etc/cni/net.d"
// DefaultCNIDir is the place to look for cni config files
DefaultCNIDir = "/opt/cni/bin"
// VendorCNIDirTemplate is the template for looking up vendor specific cni config/executable files
VendorCNIDirTemplate = "%s/opt/%s/bin"
)
// CNIPlugin is the interface that needs to be implemented by a plugin
type CNIPlugin interface {
// Name returns the plugin's name. This will be used when searching
// for a plugin by name, e.g.
Name() string
// SetUpPod is the method called after the infra container of
// the pod has been created but before the other containers of the
// pod are launched.
SetUpPod(netnsPath string, namespace string, name string, containerID string) error
// TearDownPod is the method called before a pod's infra container will be deleted
TearDownPod(netnsPath string, namespace string, name string, containerID string) error
// Status is the method called to obtain the ipv4 or ipv6 addresses of the container
GetContainerNetworkStatus(netnsPath string, namespace string, name string, containerID string) (string, error)
// NetworkStatus returns error if the network plugin is in error state
Status() error
}

73
vendor/github.com/kubernetes-incubator/cri-o/vendor.conf generated vendored
View File

@ -1,73 +0,0 @@
k8s.io/kubernetes v1.6.5 https://github.com/kubernetes/kubernetes
# https://github.com/kubernetes/client-go#compatibility-matrix
k8s.io/client-go v3.0.0-beta.0 https://github.com/kubernetes/client-go
k8s.io/apimachinery release-1.6 https://github.com/kubernetes/apimachinery
k8s.io/apiserver release-1.6 https://github.com/kubernetes/apiserver
#
github.com/sirupsen/logrus v1.0.0
github.com/containers/image 74e359348c7ce9e0caf4fa75aa8de3809cf41c46
github.com/ostreedev/ostree-go master
github.com/containers/storage f8cff0727cf0802f0752ca58d2c05ec5270a47d5
github.com/containernetworking/cni v0.4.0
google.golang.org/grpc v1.0.1-GA https://github.com/grpc/grpc-go
github.com/opencontainers/selinux v1.0.0-rc1
github.com/opencontainers/go-digest v1.0.0-rc0
github.com/opencontainers/runtime-tools 6bcd3b417fd6962ea04dafdbc2c07444e750572d
github.com/opencontainers/runc 45bde006ca8c90e089894508708bcf0e2cdf9e13
github.com/opencontainers/image-spec v1.0.0
github.com/opencontainers/runtime-spec v1.0.0
github.com/juju/ratelimit acf38b000a03e4ab89e40f20f1e548f4e6ac7f72
github.com/tchap/go-patricia v2.2.6
gopkg.in/cheggaaa/pb.v1 v1.0.7
gopkg.in/inf.v0 v0.9.0
gopkg.in/yaml.v2 v2
github.com/docker/docker d4f6db83c21cfc6af54fffb1f13e8acb7199f96a
github.com/docker/spdystream ed496381df8283605c435b86d4fdd6f4f20b8c6e
github.com/docker/distribution 7a8efe719e55bbfaff7bc5718cdf0ed51ca821df
github.com/docker/go-units v0.3.1
github.com/docker/go-connections 3ede32e2033de7505e6500d6c868c2b9ed9f169d
github.com/docker/libtrust aabc10ec26b754e797f9028f4589c5b7bd90dc20
github.com/mistifyio/go-zfs v2.1.1
github.com/ghodss/yaml 04f313413ffd65ce25f2541bfd2b2ceec5c0908c
github.com/imdario/mergo 0.2.2
github.com/gorilla/mux v1.3.0
github.com/gorilla/context v1.1
github.com/mtrmac/gpgme b2432428689ca58c2b8e8dea9449d3295cf96fc9
github.com/mattn/go-runewidth v0.0.1
github.com/seccomp/libseccomp-golang v0.9.0
github.com/syndtr/gocapability e7cb7fa329f456b3855136a2642b197bad7366ba
github.com/blang/semver v3.5.0
github.com/BurntSushi/toml v0.2.0
github.com/mitchellh/go-wordwrap ad45545899c7b13c020ea92b2072220eefad42b8
github.com/golang/glog 23def4e6c14b4da8ac2ed8007337bc5eb5007998
github.com/davecgh/go-spew v1.1.0
github.com/go-openapi/spec 02fb9cd3430ed0581e0ceb4804d5d4b3cc702694
github.com/go-openapi/jsonpointer 779f45308c19820f1a69e9a4cd965f496e0da10f
github.com/go-openapi/jsonreference 36d33bfe519efae5632669801b180bf1a245da3b
github.com/go-openapi/swag d5f8ebc3b1c55a4cf6489eeae7354f338cfe299e
github.com/google/gofuzz 44d81051d367757e1c7c6a5a86423ece9afcf63c
github.com/mailru/easyjson 99e922cf9de1bc0ab38310c277cff32c2147e747
github.com/PuerkitoBio/purell v1.1.0
github.com/PuerkitoBio/urlesc 5bd2802263f21d8788851d5305584c82a5c75d7e
github.com/ugorji/go d23841a297e5489e787e72fceffabf9d2994b52a
github.com/spf13/pflag 9ff6c6923cfffbcd502984b8e0c80539a94968b7
golang.org/x/crypto 3fbbcd23f1cb824e69491a5930cfeff09b12f4d2
golang.org/x/net c427ad74c6d7a814201695e9ffde0c5d400a7674
golang.org/x/sys 4cd6d1a821c7175768725b55ca82f14683a29ea4
golang.org/x/text f72d8390a633d5dfb0cc84043294db9f6c935756
github.com/kr/pty v1.0.0
github.com/gogo/protobuf v0.3
github.com/golang/protobuf 8ee79997227bf9b34611aee7946ae64735e6fd93
github.com/coreos/go-systemd v14
github.com/coreos/pkg v3
github.com/golang/groupcache b710c8433bd175204919eb38776e944233235d03
github.com/fsnotify/fsnotify 7d7316ed6e1ed2de075aab8dfc76de5d158d66e1
github.com/emicklei/go-restful 09691a3b6378b740595c1002f40c34dd5f218a22
github.com/Azure/go-ansiterm 19f72df4d05d31cbe1c56bfc8045c96babff6c7e
github.com/Microsoft/go-winio 78439966b38d69bf38227fbf57ac8a6fee70f69a
github.com/Microsoft/hcsshim 43f9725307998e09f2e3816c2c0c36dc98f0c982
github.com/pkg/errors v0.8.0
github.com/godbus/dbus v4.0.0
github.com/urfave/cli v1.19.1
github.com/vbatts/tar-split v0.10.1
github.com/renstrom/dedent v1.0.0