This is needed so we can build the runc shim without grpc as a
transative dependency.
With this change the runc shim binary went from 14MB to 11MB.
The RSS from an idle shim went from about 17MB to 14MB (back around
where it was in in 1.7).
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Allow the api to stay at the same v1 go package name and keep using a
1.x version number. This indicates the API is still at 1.x and allows
sharing proto types with containerd 1.6 and 1.7 releases.
Signed-off-by: Derek McGowan <derek@mcg.dev>
Protobuf will automatically put the files generated for a v2 module into
a v2 directory. Move them to their correct location after running the
protobuild.
Signed-off-by: Derek McGowan <derek@mcg.dev>
The `cri-containerd-*.tar.gz` release bundles have been deprecated
since containerd v1.6.
These bundles are no longer created in the CI, however, the
corresponding Makefile targets are still kept, as they are still used by
external CIs.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Distros usually like to install docs, so add a rule for that, so
dist maintainers don't need to care about the details.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Distros tend to change this to specific locations (eg. on MVCC installs),
therefore introduce a generic environment variable that's a common practise
since 30+ years and thus already well known and supported by distros.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
Required for distros that wanna use their local version and
can't have some (possibly failing) git commands being run here.
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
There still was one place that's calling the `go` command directly
instead of using the $(GO) variable.
Fixes: 9ea25634bd
Signed-off-by: Enrico Weigelt, metux IT consult <info@metux.net>
There was a todo for the windows variant of dependency installation that
hinted at making an install-hcsshim.sh script, however Windows today doesn't
rely on a standalone OCI runtime binary that gets invoked by the shim. Rather,
container creation/management is all handled by the shim itself in-proc. Due to
this, `make` or `make binaries` basically fulfills that purpose as it
clones hcsshim and builds the shim along with containerd.
Signed-off-by: Danny Canter <danny@dcantah.dev>
While we need to support CRI v1alpha2, the implementation doesn't have
to be tied to gogo/protobuf.
Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
Introduce cni-bridge-fp as CNI bridge plugin wrapper binary for CRI
testing.
With CNI `io.kubernetes.cri.pod-annotations` capability enabled, the user
can inject the failpoint setting by pod's annotation
`cniFailpointControlStateDir`, which stores each pod's failpoint setting
named by `${K8S_POD_NAMESPACE}-${K8S_POD_NAME}.json`.
When the plugin is invoked, the plugin will check the CNI_ARGS to get
the failpoint for the CNI_COMMAND from disk. For the testing, the user
can prepare setting before RunPodSandbox.
Signed-off-by: Wei Fu <fuweid89@gmail.com>
Added new runc shim binary in integration testing.
The shim is named by io.containerd.runc-fp.v1, which allows us to use
additional OCI annotation `io.containerd.runtime.v2.shim.failpoint.*` to
setup shim task API's failpoint. Since the shim can be shared with
multiple container, like what kubernetes pod does, the failpoint will be
initialized during setup the shim server. So, the following the
container's OCI failpoint's annotation will not work.
This commit also updates the ctr tool that we can use `--annotation` to
specify annotations when run container. For example:
```bash
➜ ctr run -d --runtime runc-fp.v1 \
--annotation "io.containerd.runtime.v2.shim.failpoint.Kill=1*error(sorry)" \
docker.io/library/alpine:latest testing sleep 1d
➜ ctr t ls
TASK PID STATUS
testing 147304 RUNNING
➜ ctr t kill -s SIGKILL testing
ctr: sorry: unknown
➜ ctr t kill -s SIGKILL testing
➜ sudo ctr t ls
TASK PID STATUS
testing 147304 STOPPED
```
The runc-fp.v1 shim is based on core runc.v2. We can use it to inject
failpoint during testing complicated or big transcation API, like
kubernetes PodRunPodsandbox.
Signed-off-by: Wei Fu <fuweid89@gmail.com>
We only need the `ToMan()` as part of the `bin/gen-manpages` binary, which
generates the man-pages; other binaries don't use this code, so we can
set the `urfave_cli_no_docs` build-tag to exclude `cpuguy83/md2man` and
`russross/blackfriday` (and other dependencies) from the binaries:
Before:
ls -lh bin
total 149M
-rwxr-xr-x 1 root root 49M May 27 10:12 containerd
-rwxr-xr-x 1 root root 6.1M May 27 10:13 containerd-shim
-rwxr-xr-x 1 root root 8.1M May 27 10:13 containerd-shim-runc-v1
-rwxr-xr-x 1 root root 8.2M May 27 10:13 containerd-shim-runc-v2
-rwxr-xr-x 1 root root 22M May 27 10:12 containerd-stress
-rwxr-xr-x 1 root root 26M May 27 10:11 ctr
-rwxr-xr-x 1 root root 30M May 27 10:14 gen-manpages
ls -l bin
total 151676
-rwxr-xr-x 1 root root 51280184 May 27 10:12 containerd
-rwxr-xr-x 1 root root 6332416 May 27 10:13 containerd-shim
-rwxr-xr-x 1 root root 8458240 May 27 10:13 containerd-shim-runc-v1
-rwxr-xr-x 1 root root 8536064 May 27 10:13 containerd-shim-runc-v2
-rwxr-xr-x 1 root root 22567160 May 27 10:12 containerd-stress
-rwxr-xr-x 1 root root 26873752 May 27 10:11 ctr
-rwxr-xr-x 1 root root 30508888 May 27 10:14 gen-manpages
After:
ls -lh bin
total 147M
-rwxr-xr-x 1 root root 49M May 27 10:26 containerd
-rwxr-xr-x 1 root root 6.1M May 27 10:26 containerd-shim
-rwxr-xr-x 1 root root 8.1M May 27 10:26 containerd-shim-runc-v1
-rwxr-xr-x 1 root root 8.2M May 27 10:26 containerd-shim-runc-v2
-rwxr-xr-x 1 root root 22M May 27 10:26 containerd-stress
-rwxr-xr-x 1 root root 26M May 27 10:26 ctr
-rwxr-xr-x 1 root root 30M May 27 10:27 gen-manpages
ls -l bin
total 149912
-rwxr-xr-x 1 root root 50930360 May 27 10:26 containerd
-rwxr-xr-x 1 root root 6332416 May 27 10:26 containerd-shim
-rwxr-xr-x 1 root root 8458240 May 27 10:26 containerd-shim-runc-v1
-rwxr-xr-x 1 root root 8536064 May 27 10:26 containerd-shim-runc-v2
-rwxr-xr-x 1 root root 22209144 May 27 10:26 containerd-stress
-rwxr-xr-x 1 root root 26523896 May 27 10:26 ctr
-rwxr-xr-x 1 root root 30508888 May 27 10:27 gen-manpages
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit removes the following gogoproto extensions;
- gogoproto.nullable
- gogoproto.customename
- gogoproto.unmarshaller_all
- gogoproto.stringer_all
- gogoproto.sizer_all
- gogoproto.marshaler_all
- gogoproto.goproto_unregonized_all
- gogoproto.goproto_stringer_all
- gogoproto.goproto_getters_all
None of them are supported by Google's toolchain (see #6564).
Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
A recent change altered the default target that would get run for the makefile.
This ended up making a standalone 'make' invocation only build the Windows
shim and nothing else. This was affecting the CI of some other projects that
relied on 'make' building containerd, ctr, and friends.
Signed-off-by: Daniel Canter <dcanter@microsoft.com>
In prior releases we were not using this variable and instead were
self-constructing a release tar file.
This was changed in 27d7c50384
The change means the variable is being used now and is causing the
artifacts to be produced to have a different name which may break
download scripts.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This moves all the release builds into a Dockerfile which is a bit
cleaner for setting up our build environment.
Non-linux/amd64 builds are cross-compiled.
Currently onlinux linux/amd64, linux/arm64, and windows/amd64 are
supported, but is easy to add more, provided their is a cross-compile
toolchain available for it.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
- ensure that the root go.mod and the module specific go.mod have the
same `require` and `replace` directives for different dependencies.
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
In containerd 1.5.x, we introduced support for go modules by adding a
go.mod file in the root directory. This go.mod lists all the things
needed across the whole code base (with the exception of
integration/client which has its own go.mod). So when projects that
need to make calls to containerd API will pull in some code from
containerd/containerd, the `go mod` commands will add all the things
listed in the root go.mod to the projects go.mod file. This causes
some problems as the list of things needed to make a simple API call
is enormous. in effect, making a API call will pull everything that a
typical server needs as well as the root go.mod is all encompassing.
In general if we had smaller things folks could use, that will make it
easier by reducing the number of things that will end up in a consumers
go.mod file.
Now coming to a specific problem, the root containerd go.mod has various
k8s.io/* modules listed. Also kubernetes depends on containerd indirectly
via both moby/moby (working with docker maintainers seperately) and via
google/cadvisor. So when the kubernetes maintainers try to use latest
1.5.x containerd, they will see the kubernetes go.mod ending up depending
on the older version of kubernetes!
So if we can expose just the minimum things needed to make a client API
call then projects like cadvisor can adopt that instead of pulling in
the entire go.mod from containerd. Looking at the existing code in
cadvisor the minimum things needed would be the api/ directory from
containerd. Please see proof of concept here:
github.com/google/cadvisor/pull/2908
To enable that, in this PR, we add a go.mod file in api/ directory. we
split the Protobuild.yaml into two, one for just the things in api/
directory and the rest in the root directory. We adjust various targets
to build things correctly using `protobuild` and also ensure that we
end up with the same generated code as before as well. To ensure we
better take care of the various go.mod/go.sum files, we update the
existing `make vendor` and also add a new `make verify-vendor` that one
can run locally as well in the CI.
Ideally, we would have a `containerd/client` either as a standalone repo
or within `containerd/containerd` as a separate go module. but we will
start here to experiment with a standalone api go module first.
Also there are various follow ups we can do, for example @thaJeztah has
identified two tasks we could do after this PR lands:
github.com/containerd/containerd/pull/5716#discussion_r668821396
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Commits 77374e8 and b5f530a changed handling of the `DESTDIR` and `PREFIX`
variables, and introduced a `MANDIR` variable.
However, in those commits, the variables are concatenated with a directory
separator (`/`); `$DESTDIR/$PREFIX`. The `$PREFIX` variable (and consequently,
the `MANDIR` variable) already should have a leading `/` (absolute path), so
there should be no need to add it. In addition, adding the `/`, would not allow
either an empty path to be passed (well, it would result in `//` in the path),
or for `$PREFIX` to be used with a relative path (with an empty `$PREFIX`).
This patch removes the directory separator.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
