From 9c9abec21c9206d83bab0d2f84de4c216f76e17c Mon Sep 17 00:00:00 2001
From: Lantao Liu <lantaol@google.com>
Date: Mon, 23 Apr 2018 16:34:17 -0700
Subject: [PATCH] Update cri plugin to v1.0.0.

Signed-off-by: Lantao Liu <lantaol@google.com>
---
 script/setup/install-critools                 |  2 +-
 vendor.conf                                   |  2 +-
 vendor/github.com/containerd/cri/README.md    |  2 +-
 .../cri/pkg/server/sandbox_portforward.go     | 27 ++++++++++++++-----
 .../containerd/cri/pkg/server/sandbox_stop.go | 11 +++++---
 vendor/github.com/containerd/cri/vendor.conf  | 11 ++++----
 6 files changed, 37 insertions(+), 18 deletions(-)

diff --git a/script/setup/install-critools b/script/setup/install-critools
index 897c16e4b..024c81fcb 100755
--- a/script/setup/install-critools
+++ b/script/setup/install-critools
@@ -21,7 +21,7 @@
 set -eu -o pipefail
 
 go get -u github.com/onsi/ginkgo/ginkgo
-CRITEST_COMMIT=207e773f72fde8d8aed1447692d8f800a6686d6c
+CRITEST_COMMIT=f37a5a1edb69ee742c6e42c57413fe6b63788085
 go get -d github.com/kubernetes-incubator/cri-tools/...
 cd $GOPATH/src/github.com/kubernetes-incubator/cri-tools
 git checkout $CRITEST_COMMIT
diff --git a/vendor.conf b/vendor.conf
index c4eb0cfb7..708b467ea 100644
--- a/vendor.conf
+++ b/vendor.conf
@@ -44,7 +44,7 @@ github.com/gotestyourself/gotestyourself 44dbf532bbf5767611f6f2a61bded572e337010
 github.com/google/go-cmp v0.1.0
 
 # cri dependencies
-github.com/containerd/cri v1.0.0-rc.2
+github.com/containerd/cri v1.0.0
 github.com/containerd/go-cni f2d7272f12d045b16ed924f50e91f9f9cecc55a7
 github.com/blang/semver v3.1.0
 github.com/containernetworking/cni v0.6.0
diff --git a/vendor/github.com/containerd/cri/README.md b/vendor/github.com/containerd/cri/README.md
index 2fb13f7d1..938b8dded 100644
--- a/vendor/github.com/containerd/cri/README.md
+++ b/vendor/github.com/containerd/cri/README.md
@@ -121,7 +121,7 @@ sudo containerd
 ```
 2. From the Kubernetes project directory startup a local cluster using `containerd`:
 ```bash
-CONTAINER_RUNTIME=remote CONTAINER_RUNTIME_ENDPOINT='/run/containerd/containerd.sock' ./hack/local-up-cluster.sh
+CONTAINER_RUNTIME=remote CONTAINER_RUNTIME_ENDPOINT='unix:///run/containerd/containerd.sock' ./hack/local-up-cluster.sh
 ```
 ### Test
 See [here](./docs/testing.md) for information about test.
diff --git a/vendor/github.com/containerd/cri/pkg/server/sandbox_portforward.go b/vendor/github.com/containerd/cri/pkg/server/sandbox_portforward.go
index eb6bed1a7..7106cb673 100644
--- a/vendor/github.com/containerd/cri/pkg/server/sandbox_portforward.go
+++ b/vendor/github.com/containerd/cri/pkg/server/sandbox_portforward.go
@@ -53,8 +53,23 @@ func (c *criService) portForward(id string, port int32, stream io.ReadWriteClose
 	if err != nil {
 		return errors.Wrapf(err, "failed to find sandbox %q in store", id)
 	}
-	if s.NetNS == nil || s.NetNS.Closed() {
-		return errors.Errorf("network namespace for sandbox %q is closed", id)
+	var netNSDo func(func(ns.NetNS) error) error
+	// netNSPath is the network namespace path for logging.
+	var netNSPath string
+	securityContext := s.Config.GetLinux().GetSecurityContext()
+	hostNet := securityContext.GetNamespaceOptions().GetNetwork() == runtime.NamespaceMode_NODE
+	if !hostNet {
+		if s.NetNS == nil || s.NetNS.Closed() {
+			return errors.Errorf("network namespace for sandbox %q is closed", id)
+		}
+		netNSDo = s.NetNS.GetNs().Do
+		netNSPath = s.NetNS.GetPath()
+	} else {
+		// Run the function directly for host network.
+		netNSDo = func(do func(_ ns.NetNS) error) error {
+			return do(nil)
+		}
+		netNSPath = "host"
 	}
 
 	socat, err := exec.LookPath("socat")
@@ -65,8 +80,8 @@ func (c *criService) portForward(id string, port int32, stream io.ReadWriteClose
 	// Check https://linux.die.net/man/1/socat for meaning of the options.
 	args := []string{socat, "-", fmt.Sprintf("TCP4:localhost:%d", port)}
 
-	logrus.Infof("Executing port forwarding command %q in network namespace %q", strings.Join(args, " "), s.NetNS.GetPath())
-	err = s.NetNS.GetNs().Do(func(_ ns.NetNS) error {
+	logrus.Infof("Executing port forwarding command %q in network namespace %q", strings.Join(args, " "), netNSPath)
+	err = netNSDo(func(_ ns.NetNS) error {
 		cmd := exec.Command(args[0], args[1:]...)
 		cmd.Stdout = stream
 
@@ -95,12 +110,12 @@ func (c *criService) portForward(id string, port int32, stream io.ReadWriteClose
 		}()
 
 		if err := cmd.Run(); err != nil {
-			return errors.Errorf("nsenter command returns error: %v, stderr: %q", err, stderr.String())
+			return errors.Errorf("socat command returns error: %v, stderr: %q", err, stderr.String())
 		}
 		return nil
 	})
 	if err != nil {
-		return errors.Wrapf(err, "failed to execute portforward in network namespace %s", s.NetNS.GetPath())
+		return errors.Wrapf(err, "failed to execute portforward in network namespace %q", netNSPath)
 	}
 	logrus.Infof("Finish port forwarding for %q port %d", id, port)
 
diff --git a/vendor/github.com/containerd/cri/pkg/server/sandbox_stop.go b/vendor/github.com/containerd/cri/pkg/server/sandbox_stop.go
index eb00c8d55..9def53576 100644
--- a/vendor/github.com/containerd/cri/pkg/server/sandbox_stop.go
+++ b/vendor/github.com/containerd/cri/pkg/server/sandbox_stop.go
@@ -26,6 +26,7 @@ import (
 	"github.com/pkg/errors"
 	"github.com/sirupsen/logrus"
 	"golang.org/x/net/context"
+	"golang.org/x/sys/unix"
 	runtime "k8s.io/kubernetes/pkg/kubelet/apis/cri/runtime/v1alpha2"
 
 	sandboxstore "github.com/containerd/cri/pkg/store/sandbox"
@@ -94,7 +95,9 @@ func (c *criService) StopPodSandbox(ctx context.Context, r *runtime.StopPodSandb
 	return &runtime.StopPodSandboxResponse{}, nil
 }
 
-// stopSandboxContainer kills and deletes sandbox container.
+// stopSandboxContainer kills the sandbox container.
+// `task.Delete` is not called here because it will be called when
+// the event monitor handles the `TaskExit` event.
 func (c *criService) stopSandboxContainer(ctx context.Context, sandbox sandboxstore.Sandbox) error {
 	container := sandbox.Container
 	task, err := container.Task(ctx, nil)
@@ -105,10 +108,10 @@ func (c *criService) stopSandboxContainer(ctx context.Context, sandbox sandboxst
 		return errors.Wrap(err, "failed to get sandbox container")
 	}
 
-	// Delete the sandbox container from containerd.
-	_, err = task.Delete(ctx, containerd.WithProcessKill)
+	// Kill the sandbox container.
+	err = task.Kill(ctx, unix.SIGKILL, containerd.WithKillAll)
 	if err != nil && !errdefs.IsNotFound(err) {
-		return errors.Wrap(err, "failed to delete sandbox container")
+		return errors.Wrap(err, "failed to kill sandbox container")
 	}
 
 	return c.waitSandboxStop(ctx, sandbox, killContainerTimeout)
diff --git a/vendor/github.com/containerd/cri/vendor.conf b/vendor/github.com/containerd/cri/vendor.conf
index 643c6e701..0e9fdc8d9 100644
--- a/vendor/github.com/containerd/cri/vendor.conf
+++ b/vendor/github.com/containerd/cri/vendor.conf
@@ -4,11 +4,11 @@ github.com/boltdb/bolt e9cf4fae01b5a8ff89d0ec6b32f0d9c9f79aefdd
 github.com/BurntSushi/toml a368813c5e648fee92e5f6c30e3944ff9d5e8895
 github.com/containerd/cgroups fe281dd265766145e943a034aa41086474ea6130
 github.com/containerd/console cb7008ab3d8359b78c5f464cb7cf160107ad5925
-github.com/containerd/containerd v1.1.0-rc.1
+github.com/containerd/containerd 1381f8fddc4f826e12b48d46c9def347d5aa338a
 github.com/containerd/continuity 3e8f2ea4b190484acb976a5b378d373429639a1a
 github.com/containerd/fifo 3d5202aec260678c48179c56f40e6f38a095738c
-github.com/containerd/go-runc bcb223a061a3dd7de1a89c0b402a60f4dd9bd307
 github.com/containerd/go-cni f2d7272f12d045b16ed924f50e91f9f9cecc55a7
+github.com/containerd/go-runc bcb223a061a3dd7de1a89c0b402a60f4dd9bd307
 github.com/containerd/typeurl f6943554a7e7e88b3c14aad190bf05932da84788
 github.com/containernetworking/cni v0.6.0
 github.com/containernetworking/plugins v0.7.0
@@ -23,7 +23,8 @@ github.com/docker/spdystream 449fdfce4d962303d702fec724ef0ad181c92528
 github.com/emicklei/go-restful ff4f55a206334ef123e4f79bbf348980da81ca46
 github.com/ghodss/yaml 73d445a93680fa1a78ae23a5839bad48f32ba1ee
 github.com/godbus/dbus c7fdd8b5cd55e87b4e1f4e372cdb1db61dd6c66f
-github.com/gogo/protobuf v0.5
+github.com/gogo/googleapis 08a7655d27152912db7aaf4f983275eaf8d128ef
+github.com/gogo/protobuf v1.0.0
 github.com/golang/glog 44145f04b68cf362d9c4df2182967c2275eaefed
 github.com/golang/protobuf 1643683e1b54a9e88ad26d98f81400c8c9d9f4f9
 github.com/google/gofuzz 44d81051d367757e1c7c6a5a86423ece9afcf63c
@@ -54,14 +55,14 @@ github.com/stretchr/testify v1.1.4
 github.com/syndtr/gocapability db04d3cc01c8b54962a58ec7e491717d06cfcc16
 github.com/tchap/go-patricia 5ad6cdb7538b0097d5598c7e57f0a24072adf7dc
 github.com/urfave/cli 7bc6a0acffa589f415f88aca16cc1de5ffd66f9c
+golang.org/x/crypto 49796115aa4b964c318aad4f3084fdb41e9aa067
 golang.org/x/net 7dcfb8076726a3fdd9353b6b8a1f1b6be6811bd6
 golang.org/x/sync 450f422ab23cf9881c94e2db30cac0eb1b7cf80c
 golang.org/x/sys 314a259e304ff91bd6985da2a7149bbf91237993 https://github.com/golang/sys
 golang.org/x/text 19e51611da83d6be54ddafce4a4af510cb3e9ea4
 golang.org/x/time f51c12702a4d776e4c1fa9b0fabab841babae631
-golang.org/x/crypto 49796115aa4b964c318aad4f3084fdb41e9aa067
 google.golang.org/genproto d80a6e20e776b0b17a324d0ba1ab50a39c8e8944
-google.golang.org/grpc v1.7.4
+google.golang.org/grpc v1.10.1
 gopkg.in/inf.v0 3887ee99ecf07df5b447e9b00d9c0b2adaa9f3e4
 gopkg.in/yaml.v2 53feefa2559fb8dfa8d81baad31be332c97d6c77
 k8s.io/api 7e796de92438aede7cb5d6bcf6c10f4fa65db560