github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
9,214 Commits 3 Branches 4 Tags
09d78bb6b9e8b173f44f5ba3abaee0de416b0ee0
Commit Graph

224 Commits

Author SHA1 Message Date
Maksym Pavlenko
d9526f5c4f Move CloudFormation template to contrib 
Signed-off-by: Maksym Pavlenko <makpav@amazon.com>
 2019-04-01 13:34:48 -07:00
Sebastiaan van Stijn
8f8fd3c3a8 seccomp: whitelist statx syscall 
This whitelists the statx syscall; libseccomp-2.3.3 or up
is needed for this, older seccomp versions will ignore this.

Equivalent of https://github.com/moby/moby/pull/36417

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2019-03-20 11:59:02 +01:00
Avi Kivity
4506eb45bf seccomp: whitelist io_pgetevents 
io_pgetevents() is a new Linux system call, similar to the already-whitelisted
io_getevents(). It has no security implications. Whitelist it so applications can
use the new system call.

Fixes #3105.

Signed-off-by: Avi Kivity <avi@scylladb.com>
 2019-03-19 11:56:32 +02:00
Tibor Vass
7ca2c3d68d contrib/nvidia: export helper binary path and list of Nvidia capabilities 
Signed-off-by: Tibor Vass <tibor@docker.com>
 2019-03-12 15:28:14 -07:00
zhangyue
996c60616a fix: fix error info start capitalized 
Signed-off-by: zhangyue <zy675793960@yeah.net>
 2018-11-28 15:26:16 +08:00
Jean Rouge
90880078b9 Adding a --load-kmods flag to the NVIDIA OCI hook 
Signed-off-by: Jean Rouge <jer329@cornell.edu>
 2018-11-15 01:52:11 -08:00
Mike Brown
6039a4d322 link to new icon location 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-10-27 10:23:56 -05:00
Sebastiaan van Stijn
07237e34e6 Bump to Go 1.11.x 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2018-10-25 22:13:21 +02:00
nashasha1
7f03ad6579 Fix typos 
Signed-off-by: nashasha1 <a4012017@sina.com>
 2018-09-07 16:59:42 +08:00
Kenfe-Mickaël Laventure
875b92c507 Merge pull request #2512 from crosbymichael/gpupath 
Add nvidia Opts to lookup containerd binary or hook path
 2018-07-31 09:28:33 -07:00
Michael Crosby
e4f33dcfb5 Add nvidia Opts to lookup containerd binary or hook path 
This is for consumers like Docker that manage a `docker-containerd`.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2018-07-31 10:11:25 -04:00
Michael Crosby
81e2859e8b Change gpu Capability type to string 
This helps with mappings so that we are not translating multiple times
from caller to hook.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2018-07-30 15:37:13 -04:00
Derek McGowan
ca71484793 Merge pull request #2480 from dmcgowan/proxy-plugin-doc 
Document plugins
 2018-07-30 11:23:24 -07:00
Michael Crosby
dd0c04970d nvidia GPU support for caps and multiple uuids 
This improves nvidia support for multiple uuids per container and fixes
the API to add individual capabilities.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2018-07-27 15:28:59 -04:00
Derek McGowan
3e657de3af Document plugins 
Add plugins documentation to root.
Mention configuring proxy plugins and runtime plugins.

Signed-off-by: Derek McGowan <derek@mcgstyle.net>
 2018-07-25 23:28:09 -07:00
Lantao Liu
0a5c05bcd4 Merge pull request #776 from Random-Liu/disable-streaming 
Disable TLS streaming to work with new kubelet streaming proxy.
 2018-06-01 00:48:44 -07:00
Lantao Liu
6c7ec48daf Another logo fix. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-05-21 18:05:30 -07:00
Lantao Liu
6f43d493f9 Disable TLS streaming to work with new kubelet streaming proxy. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-05-18 19:02:03 -07:00
Michael Crosby
b949697a9c Add nvidia gpu support via libnvidia-container 
This adds nvidia gpu support via the libnvidia-container project and
`nvidia-container-cli`.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2018-05-09 13:37:39 -04:00
Tom Godkin
fc8bce59b9 Use user-specific temp directory if set 
This allows non-privileged users to use containerd. This is part of a
larger track of work integrating containerd into Cloudfoundry's garden
with support for rootless.

[#156343575]

Signed-off-by: Claudia Beresford <cberesford@pivotal.io>
 2018-05-04 10:27:58 +01:00
Lantao Liu
06f53b4838 Add unix:// prefix for socket addresses used by CRI remote client. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-20 17:36:25 -07:00
Lantao Liu
69b3f3aeac Add socat back. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-11 01:53:24 +00:00
abhi
f7a0b43734 Minor cleanup of comment in ansible 
Signed-off-by: abhi <abhi@docker.com>
 2018-04-09 15:57:24 -07:00
abhi
c200cb4642 Updating ansible installer 
Signed-off-by: abhi <abhi@docker.com>
 2018-04-09 14:31:49 -07:00
Lantao Liu
ad7bffc093 Enable TLS streaming in all the setup. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-03 00:17:26 +00:00
Lantao Liu
b287fec35d Upgrade the tarball version in ansible. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-02 20:06:20 +00:00
Lantao Liu
c4f80aecb7 Merge pull request #711 from tklauser/libapparmor-dep 
Drop libapparmor dependency from build docs
 2018-04-02 11:55:27 -07:00
Tobias Klauser
d29678a3c4 Drop libapparmor dependency from build docs 
As of opencontainers/runc@db093f6 runc no longer depends on libapparmor
thus libapparmor-dev no longer needs to be installed to build it or
anythind that depends on it (like containerd or cri-containerd). Adjust
the documentation accordingly.

containerd/containerd#2238 did the same for containerd.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
 2018-03-31 18:18:12 +02:00
Michael Crosby
606be14859 Merge pull request #2238 from tklauser/runc-libapparmor-dep 
Drop libapparmor dependency from runc build docs
 2018-03-30 10:18:34 -04:00
Tobias Klauser
a74903a307 Drop libapparmor dependency from runc build docs 
As of opencontainers/runc@db093f621f runc
no longer depends on libapparmor thus libapparmor-dev no longer needs to
be installed to build it. Adjust the documentation accordingly.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
 2018-03-29 09:18:45 +02:00
Justin Cormack
9435aeeb30 The set of bounding capabilities is the largest group 
No capabilities can be granted outside the bounding set, so there
is no point looking at any other set for the largest scope.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2018-03-28 17:36:46 -07:00
Lantao Liu
ddda05211b Use systemd service cgroup and oom score adj. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-28 00:30:59 +00:00
Lantao Liu
f0655ecfe0 Use pause image from new source. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-26 07:11:41 +00:00
Nitesh Konkar
6a542c596b Bump pause container to multi-arch gcr.io/google-containers/pause:3.1 
Signed-off-by: Nitesh Konkar <niteshkonkar@in.ibm.com>
 2018-03-22 05:44:12 +00:00
Mike Brown
0ee7614785 docs update for cri-containerd to cri move 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-03-16 15:33:17 -05:00
Abhinandan Prativadi
ffda916fd0 Merge pull request #641 from Random-Liu/fix-ansible-doc 
Require ansible 2.4+.
 2018-03-05 21:39:22 -08:00
Lantao Liu
640e7ac2b0 Update ansible setup. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-06 00:05:02 +00:00
Lantao Liu
760248df77 Require ansible 2.4+. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-05 21:51:59 +00:00
Phil Estes
6aa612dfc2 Update recommended versions to Go 1.10 
To match build requirements for containerd now that we are using 1.10.

Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
 2018-02-27 16:50:12 -08:00
Kunal Kushwaha
b12c3215a0 Licence header added 
Signed-off-by: Kunal Kushwaha <kushwaha_kunal_v7@lab.ntt.co.jp>
 2018-02-19 10:32:26 +09:00
Christopher Jones
8043f26651 [contrib] bump golang 
Use golang:1.9, which should get the latest 1.9.x version,
instead of using a specific tag.

Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
 2018-02-16 08:23:35 -05:00
Justin Cormack
35be3d5127 Remove a really confusing fallthrough 
This is so confusing, and not needed.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2018-02-08 16:22:29 +00:00
Christopher Jones
051ac5dd63 running tests in a container 
This provides a dockerfile for building a container to run the containerd tests

Signed-off-by: Christopher Jones <tophj@linux.vnet.ibm.com>
 2018-01-30 14:44:30 -05:00
Michael Crosby
d179c61231 Revert "Use jsoniteer for faster json encoding/decoding" 
This reverts commit 4233b87b89.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2018-01-29 15:47:48 -05:00
Michael Crosby
4233b87b89 Use jsoniteer for faster json encoding/decoding 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2018-01-26 16:32:55 -05:00
Lantao Liu
144ff3989b Update all glog flags to log-level. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-17 21:57:31 +00:00
Mike Brown
07c8f07ba3 fix kubernetes-incubator links 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-01-11 17:50:57 -06:00
Lantao Liu
025ffe551f Rename kubernetes-incubator/cri-containerd to containerd/cri-containerd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-10 22:35:33 +00:00
Lantao Liu
ec975b2e7a Add OS and arch in release tarball. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-12-13 23:03:03 +00:00
Lantao Liu
5a17149a70 Add LimitNPROC, LimitNOFILE and LimitCORE for containerd and 
cri-containerd.

Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-12-01 00:16:58 +00:00