github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
1,191 Commits 3 Branches 2 Tags 112 MiB
01d77d44f5
Commit Graph

417 Commits

Author SHA1 Message Date
Filipe Brandenburger
01d77d44f5 Update github.com/opencontainers/runtime-tools to v0.6.0 
Also add new dependencies on github.com/xeipuuv/gojson* (brought up by
new runtime-tools) and adapt the containerd/cri code to replace the APIs
that were removed by runtime-tools.

In particular, add new helpers to handle the capabilities, since
runtime-tools now split them into separate sets of functions for each
capability set.

Replace g.Spec() with g.Config since g.Spec() has been deprecated in the
runtime-tools API.

Signed-off-by: Filipe Brandenburger <filbranden@google.com>
 2018-06-20 13:52:50 -07:00
Lantao Liu
b60e456bd9 Fix snapshotter nil panic. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-20 00:43:44 +00:00
Lantao Liu
e3d57d240f
Merge pull request #761 from Random-Liu/add-log-max-size 
Add log max size
 2018-06-15 15:56:04 -07:00
Lantao Liu
53f1ab4145 Fix double /dev/shm mount. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-14 19:03:19 -07:00
Lantao Liu
405f57f8e0 Add max_container_log_size 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-14 14:24:17 -07:00
Lantao Liu
46d621e4ac Support Cmd for sandbox container. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-12 14:38:55 -07:00
Lantao Liu
c9216531ce Revert "Use pod ip instead of localhost in pod netns for portforward." 
This reverts commit dd886bc281.

Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-11 07:35:32 +00:00
Lantao Liu
d7abb5b489
Merge pull request #807 from Random-Liu/log-task-exit-event 
Log task exit event.
 2018-06-08 20:07:04 -07:00
Lantao Liu
5a1105c614
Merge pull request #808 from Random-Liu/erase-ambient-caps 
Erase ambient capabilities.
 2018-06-08 20:06:34 -07:00
Lantao Liu
dd886bc281 Use pod ip instead of localhost in pod netns for portforward. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-08 18:26:06 -07:00
Lantao Liu
b367f30097 Erase ambient capabilities. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-08 14:37:05 -07:00
Lantao Liu
e4e2585431 Log task exit event. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-08 08:33:12 +00:00
Lantao Liu
83e6b65566 Select ipv4 first if there is one. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-05 18:25:03 +00:00
Akihiro Suda
097249054d vendor containerd (#2135) 
For containerd/containerd#2135

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-06-02 23:10:59 +09:00
Lantao Liu
b870ee7942 Generate fatal error when cri plugin fail to start. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-05-31 10:49:11 -07:00
Evan Hazlett
d7d2212324 vendor bump 
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>

containerd: linux -> runtime/linux

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>

fix utils to properly format vendor repo

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>

test fixup

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
 2018-05-30 19:51:24 -04:00
Wei Fu
e28b77c08c Remove useless error-check in createImageReference 
Signed-off-by: Wei Fu <fhfuwei@163.com>
 2018-05-25 10:23:13 +08:00
Lantao Liu
60b0d08a6f Use containerd.WithPullUnpack. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-05-23 12:39:14 -07:00
Ricardo Aravena
f79e0171ca
Minor typo 
Signed-off-by: Ricardo Aravena <raravena80@gmail.com>
 2018-05-15 09:11:48 -07:00
Lantao Liu
5d29598a6d Fix workingset memory calculation. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-05-11 15:17:16 -07:00
Lantao Liu
a5d1332e8f Explicitly set rw for privileged container. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-05-07 15:13:14 -07:00
Lantao Liu
5f4035ae2f
Merge pull request #754 from kolyshkin/mount 
os.Unmount: do not consult mountinfo
 2018-04-30 14:41:57 -07:00
Kir Kolyshkin
daeab40b45 os.Unmount: do not consult mountinfo, drop flags 
1. Currently, Unmount() call takes a burden to parse the whole nine yards
of /proc/self/mountinfo to figure out whether the given mount point is
mounted or not (and returns an error in case parsing fails somehow).

Instead, let's just call umount() and ignore EINVAL, which results
in the same behavior, but much better performance.

This also introduces a slight change: in case target does not exist,
the appropriate error (ENOENT) is returned -- document that.

2. As Unmount() is always used with MNT_DETACH flag, let's drop the
flags argument. This way, the only reason of EINVAL returned from
umount(2) can only be "target is not mounted".

3. While at it, remove the 'containerdmount' alias from the package.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2018-04-30 12:54:10 -07:00
Lantao Liu
279fa853a6 Always mount sysfs as rw. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-26 18:58:26 -07:00
Lantao Liu
daa9f6008c
Merge pull request #743 from Random-Liu/fix-sandbox-stop-race 
Fix sandbox stop race condition.
 2018-04-18 13:28:54 -07:00
Lantao Liu
856534c846 Fix sandbox stop race condition. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-18 10:12:33 -07:00
Lantao Liu
5cb4744f27 Fix portforward for host network. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-17 08:24:44 +00:00
Lantao Liu
69b3f3aeac Add socat back. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-11 01:53:24 +00:00
Lantao Liu
3d0706c4e5
Merge pull request #691 from abhi/socat 
Getting rid of nsenter and socat
 2018-04-09 15:34:44 -07:00
abhi
02b952ec17 Getting rid of socat 
Signed-off-by: abhi <abhi@docker.com>
 2018-04-09 14:31:44 -07:00
Lantao Liu
d8a3c5f254 Address comments. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-09 18:15:09 +00:00
Lantao Liu
b2099c2061 Add cni config template support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-07 06:34:45 +00:00
abhi
aeef99a76e Using netns to perform socat 
This commit removes the usage of nsenter and uses netns
to perform socat operation.

Signed-off-by: abhi <abhi@docker.com>
 2018-04-05 13:28:00 -07:00
Mike Brown
c7793564fc switches from not CA signed to self CA signed for streaming TLS 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-04-02 17:50:12 -05:00
Mike Brown
2f9f721b63 adds a new flag to enable TLS support insecure for now 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-04-02 12:27:55 -05:00
Lantao Liu
ed20174ce4 Add RunAsGroup support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-30 22:26:07 +00:00
Lantao Liu
be43ad09da Fix a log output. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-28 21:31:44 +00:00
Lantao Liu
277edb2d3b Fix event monitor panic. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-27 01:41:35 +00:00
Lantao Liu
f4c9ef2647 Add symlink follow into unmount util. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-24 01:25:31 +00:00
Mike Brown
94df315de8 adds volatile state directory to the fs plan for cntrs/pods/fifo 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-03-24 00:05:52 +00:00
Lantao Liu
c6fecb2115
Merge pull request #688 from Random-Liu/cleanup-kata-code 
Address comments for privileged runtime code.
 2018-03-22 23:01:31 -07:00
Lantao Liu
ca67f94ee0 Address comments for privileged runtime code. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-23 02:17:46 +00:00
Lantao Liu
55d512b98c Make const private. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-23 00:48:50 +00:00
Mike Brown
89adb74414 adds tls certificate to tls config 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-03-22 09:42:31 -05:00
Jose Carlos Venegas Munoz
bdc5eee544 test: Add unit tests for privileged runtime functions 
- Add unit test for privilegedSandbox

- Add unit test  for getRuntime

Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
 2018-03-20 18:04:23 -06:00
Jose Carlos Venegas Munoz
ca16bd601a runtime: Add trusted runtime option 
Some CRI compatible runtimes may not support provileged operations.
Specifically hypervisor based runtimes (like kata-containers, cc-runtime
and runv) do not support privileged operations like:

- Provide access to the host namespaces
- Create fully privileged containers with access to host devices

Hypervisor based runtimes create container workloads within virtual machines.
When a running host privileged containers using them,
they wont provide support to requested the privileged opertations.

This commits add the new options to define two runtimes:

Trusted runtime : Used when a privileged container is requested.
Default runtime : for non-privileged workloads.

A container that belongs to a privileged pod will inherent this property
an will be created with the trusted runtime.

- Add options to define trusted runtime
- Add logic to decide if a sanbox is trusted
- Export annotation containers below to a trusted sandbox

Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
 2018-03-20 13:56:49 -06:00
Lantao Liu
387da59ee5 Rename all variables to remove "cricontainerd". 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-19 21:59:32 +00:00
Lantao Liu
e1fe1abff0 Use github.com/pkg/errors 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-17 02:24:38 +00:00
abhi
2bdf428eb7 Removing DAD config and updating plugins to v0.7.0 
Signed-off-by: abhi <abhi@docker.com>
 2018-03-16 14:46:46 -07:00
Lantao Liu
1dcbf4f742
Merge pull request #663 from abhi/cni 
Moving to use go-cni library from containerd
 2018-03-15 17:53:50 -07:00