github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
12,181 Commits 3 Branches 4 Tags
master
Commit Graph

1475 Commits

Author SHA1 Message Date
Akihiro Suda
cde9490779 digest: use github.com/minio/sha256-simd 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2022-12-08 18:50:00 +09:00
Maksym Pavlenko
d10dbd2d2d Merge pull request #7773 from mxpv/ctx 
Fix context when waiting sandbox
 2022-12-07 13:53:37 -08:00
Derek McGowan
241563be06 Merge pull request from GHSA-2qjp-425j-52j9 
CRI stream server: Fix goroutine leak in Exec
 2022-12-07 13:50:26 -08:00
Maksym Pavlenko
f9295aa49f Fix context when waiting sandbox 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-12-07 12:52:04 -08:00
Maksym Pavlenko
8ab1d44967 Pass runtime configuration as TOML blob 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-12-07 10:55:06 -08:00
Maksym Pavlenko
3e92dedc2e Update runtime options to include bytes blob 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-12-07 10:55:06 -08:00
Paco Xu
c59f1635f0 add metrics for image pulling: success/failure count; in progress count; thoughput 
Signed-off-by: Paco Xu <paco.xu@daocloud.io>
 2022-12-07 15:11:00 +08:00
Maksym Pavlenko
03a4dc0711 Merge pull request #7768 from mxpv/fixes 
sbserver bug fixing
 2022-12-06 17:07:54 -08:00
Maksym Pavlenko
a113737ccf sbserver bug fixing 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-12-06 15:32:42 -08:00
Phil Estes
5d4276cc34 Merge pull request #7525 from thaJeztah/remove_deprecated_stubs 
remove some (aliases for) deprecated functions
 2022-12-06 11:49:18 -05:00
Derek McGowan
8a25fa584f Unwrap proto errors in streaming client 
Allows clients to properly detect context cancellation

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2022-12-02 22:30:54 -08:00
Derek McGowan
51195ad099 Merge pull request #7731 from mxpv/cri 
[Sandbox API] CRI status cleanup
 2022-12-01 13:43:13 -08:00
Derek McGowan
f88162587b Rename transferer to transferrer 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2022-11-30 16:02:09 -08:00
Derek McGowan
fc2754204f Cleanup code comments and lint fixes 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2022-11-30 16:02:09 -08:00
Derek McGowan
c387a52051 Add variables names to transfer interface 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2022-11-30 12:56:57 -08:00
Derek McGowan
8304a61b53 Combine stream fuzz tests 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2022-11-30 12:56:57 -08:00
Derek McGowan
0762a3a759 Add media type to export stream 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2022-11-30 12:56:57 -08:00
Derek McGowan
11c1c8e6f4 Update import logic 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2022-11-30 12:56:56 -08:00
Derek McGowan
40d3fa3afd Add filter fields to image store types 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2022-11-30 12:56:56 -08:00
Derek McGowan
737257bb48 Add push progress 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2022-11-30 12:56:55 -08:00
Derek McGowan
e88baa0873 Fixup pull authorization and labeling 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2022-11-30 12:56:55 -08:00
Derek McGowan
478f1c934d Lint fixes 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2022-11-30 12:56:55 -08:00
Derek McGowan
6b5df1ee16 Update transfer packages 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2022-11-30 12:56:54 -08:00
Derek McGowan
7318a2def6 Add transfer plugin registration 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2022-11-30 12:56:53 -08:00
Derek McGowan
d1627e3c71 Add basic import and export handlers 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2022-11-30 12:56:53 -08:00
Derek McGowan
adfaeeff0d Add binary stream functionality and helpers 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2022-11-30 12:56:53 -08:00
Derek McGowan
81afd9c36e Add progress 
Signed-off-by: Derek McGowan <derek@mcg.dev>

Update progress to reference parents

Signed-off-by: Derek McGowan <derek@mcg.dev>

Update Progress logic

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2022-11-30 12:56:52 -08:00
Derek McGowan
0e4e96544f Add transfer proxy client 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2022-11-30 12:56:52 -08:00
Derek McGowan
6f64cb8598 Transfer interface and plugin work in progress 
Signed-off-by: Derek McGowan <derek@mcg.dev>

Transfer service implementation

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2022-11-30 12:56:50 -08:00
Derek McGowan
dcf5687cab Add streaming service 
Adds a service capable of streaming Any objects bi-directionally.
This can be used by services to send data, received data, or to
initiate requests from server to client.

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2022-11-30 12:55:56 -08:00
Derek McGowan
c469f67a2b Merge pull request #6019 from klihub/pr/proto/nri 
NRI: add support for NRI with extended scope.
 2022-11-30 10:42:17 -08:00
Kirtana Ashok
08d5879f32 Added nullptr checks to pkg/cri/server and sbserver 
Signed-off-by: Kirtana Ashok <Kirtana.Ashok@microsoft.com>
 2022-11-29 13:25:49 -08:00
Danny Canter
f012617edf CRI stream server: Fix goroutine leak in Exec 
In the CRI streaming server, a goroutine (`handleResizeEvents`) is launched
to handle terminal resize events if a TTY is asked for with an exec; this
is the sender of terminal resize events. Another goroutine is launched
shortly after successful process startup to actually do something with
these events, however the issue arises if the exec process fails to start
for any reason that would have `process.Start` return non-nil. The receiver
goroutine never gets launched so the sender is stuck blocked on a channel send
infinitely.

This could be used in a malicious manner by repeatedly launching execs
with a command that doesn't exist in the image, as a single goroutine
will get leaked on every invocation which will slowly grow containerd's
memory usage.

Signed-off-by: Danny Canter <danny@dcantah.dev>
 2022-11-29 06:31:38 -08:00
Maksym Pavlenko
9f4ba48839 [sandbox] Fix panic when waiting for sandbox controller 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-11-28 13:29:21 -08:00
Maksym Pavlenko
dbc6d33ac5 [sandbox] Specify sandbox ID when using sandboxed shims 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-11-28 13:27:54 -08:00
Maksym Pavlenko
9a53a6c34a [sandbox] Don't access pause container when creating pod container 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-11-28 12:48:57 -08:00
Maksym Pavlenko
cc111eef61 [sandbox] Move sandbox info to podsandbox controller 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-11-28 12:06:41 -08:00
Krisztian Litkey
02f0a8b50e pkg/cri/server: nuke old v0.1.0 NRI hooks. 
Remove direct invocation of old v0.1.0 NRI plugins. They
can be enabled using the revised NRI API and the v0.1.0
adapter plugin.

Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
 2022-11-28 21:51:42 +02:00
Krisztian Litkey
b27ef6f169 pkg/cri/server: experimental NRI integration for CRI. 
Implement the adaptation interface required by the NRI
service plugin to handle CRI sandboxes and containers.
Hook the NRI service plugin into CRI request processing.

Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
 2022-11-28 21:51:08 +02:00
Krisztian Litkey
43704ca888 nri: add experimental NRI plugin. 
Add a common NRI 'service' plugin. It takes care of relaying
requests and respones to and from NRI (external NRI plugins)
and the high-level containerd namespace-independent logic of
applying NRI container adjustments and updates to actual CRI
and other containers.

The namespace-dependent details of the necessary container
manipulation operations are to be implemented by namespace-
specific adaptations. This NRI plugin defines the API which
such adaptations need to implement.

Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
 2022-11-28 21:51:06 +02:00
Maksym Pavlenko
a6d1d53cc2 [sandbox] Update Controller.Status protos 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-11-28 10:13:37 -08:00
Fu Wei
6bfe6e38b2 Merge pull request #7684 from mxpv/sb-runtime-fix 
Fix sandbox API when calling sandboxed shims
 2022-11-28 22:32:08 +08:00
Maksym Pavlenko
6d830d30ad Merge pull request #7470 from lengrongfu/feat/sandbox_api_status 
Sandbox API: implement Controller.Status for SandboxAPI
 2022-11-22 18:11:57 -08:00
Maksym Pavlenko
ae0da7dc58 Use sandbox store to retrieve runtime info for sandboxed containers 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-11-22 17:43:40 -08:00
Maksym Pavlenko
3ddaa34445 Retrieve sandbox creation time from store. 
All pause container object references must be removed
from sbserver. This is an implementation detail of
podsandbox package.

Added TODOs for remaining work.

Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-11-22 17:43:36 -08:00
Maksym Pavlenko
4b32819823 Remove duplicated helpers 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-11-22 17:40:36 -08:00
Maksym Pavlenko
3f331e7d13 Specify runtime configuration for sandbox shims 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-11-22 17:39:27 -08:00
Samuel Karp
a74f7e902b sbserver: save netns in sandbox metadata on create 
Port of b41d6f40bb to sbserver

Signed-off-by: Samuel Karp <samuelkarp@google.com>
 2022-11-21 16:45:37 -08:00
Samuel Karp
1deaedd38a sbserver: persist sandbox during partial teardown 
Port of 4f4aad057d to sbserver

Signed-off-by: Samuel Karp <samuelkarp@google.com>
 2022-11-21 16:45:36 -08:00
Phil Estes
99acefaad9 Merge pull request #7697 from inspektor-gadget/qasim/add-sandbox-uid-annotation 
cri: add pod uid annotation
 2022-11-21 10:54:20 -05:00