github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
9,214 Commits 3 Branches 2 Tags 112 MiB
09d78bb6b9
Commit Graph

106 Commits

Author SHA1 Message Date
Phil Estes
e47400cbd2
Merge pull request #5100 from adisky/skip-tls-localHost 
Skip TLS verification for localhost
 2021-05-12 14:56:53 -04:00
Mike Brown
c1a35232d8
Merge pull request #5446 from Random-Liu/fix-auth-config 
Fix different registry hosts referencing the same auth config.
 2021-05-04 06:21:02 -05:00
Lantao Liu
81402e4758 Fix different registry hosts referencing the same auth config. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2021-05-03 17:42:57 -07:00
Aditi Sharma
8014d9fee0 Skip TLS verification for localhost 
Signed-off-by: Aditi Sharma <adi.sky17@gmail.com>
 2021-05-03 10:21:54 +05:30
Thomas Hartland
efcb187429 Add unit tests for PID NamespaceMode_TARGET validation 
Signed-off-by: Thomas Hartland <thomas.george.hartland@cern.ch>
 2021-04-21 19:59:10 +02:00
Thomas Hartland
b48f27df6b Support PID NamespaceMode_TARGET 
This commit adds support for the PID namespace mode TARGET
when generating a container spec.

The container that is created will be sharing its PID namespace
with the target container that was specified by ID in the namespace
options.

Signed-off-by: Thomas Hartland <thomas.george.hartland@cern.ch>
 2021-04-21 17:54:17 +02:00
Phil Estes
4f18131239
Merge pull request #5286 from payall4u/optimize-cri-redirect-logs 
cri: Reduce the cpu usage of  the function redirectLogs in cri
 2021-04-14 21:33:05 -04:00
Sebastiaan van Stijn
864a3322b3
go.mod: github.com/containerd/go-cni v1.0.2 
full diff: https://github.com/containerd/go-cni/compare/v1.0.1...v1.0.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2021-04-14 09:09:18 +02:00
Mike Brown
8a04bd0521 address recent runtimes config confusion 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2021-04-12 15:33:38 -05:00
Mike Brown
e96d2a5d90 Revert "remove two very old no longer used runtime options" 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2021-04-12 10:16:01 -05:00
Fu, Wei
7e3fd8da24
Merge pull request #5298 from jsturtevant/issue-5297 
Support multi-arch images for Windows via ctr
 2021-04-12 13:52:14 +08:00
payall4u
4bc8f692fc optimize cri redirect logs 
Signed-off-by: Zhiyu Li <payall4u@qq.com>
 2021-04-09 11:45:53 +08:00
Fu, Wei
d064140369
Merge pull request #5302 from mikebrow/toml-cri-defaults 
shows our runc.v2 default options
 2021-04-09 11:11:25 +08:00
Sebastiaan van Stijn
9bc8d63c9f
cri/server: use containerd/oci instead of libcontainer/devices 
Looks like we had our own copy of the "getDevices" code already, so use
that code (which also matches the code that's used to _generate_ the spec,
so a better match).

Moving the code to a separate file, I also noticed that the _unix and _linux
code was _exactly_ the same (baring some `//nolint:` comments), so also
removing the duplicated code.

With this patch applied, we removed the dependency on the libcontainer/devices
package (leaving only libcontainer/user).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2021-04-08 23:25:21 +02:00
Mike Brown
dd16b006e5 merge in the move to the new options type 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2021-04-08 14:09:59 -05:00
Mike Brown
9144ce9677 shows our runc.v2 default options in the containerd default config 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2021-04-08 14:09:59 -05:00
Aditi Sharma
4d4117415e Change CRI config runtime options type 
Changing Runtime.Options type to map[string]interface{}
to correctly marshal it from go to JSON.
See issue: https://github.com/kubernetes-sigs/cri-tools/issues/728

Signed-off-by: Aditi Sharma <adi.sky17@gmail.com>
 2021-04-08 15:11:33 +05:30
Mike Brown
88880f0f2c
Merge pull request #5304 from mikebrow/cri-registry-doc-updates 
remove mirrors from default; document the deprecation of registry.configs and registry.mirrors
merging based on LGTMs from https://github.com/containerd/containerd/pull/5304#pullrequestreview-628234110 and https://github.com/containerd/containerd/pull/5304#pullrequestreview-630478887 thanks!
 2021-04-07 14:49:36 -05:00
Mike Brown
d4be6aa8fa rm mirror defaults; doc registry deprecations 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2021-04-07 12:29:43 -05:00
Akihiro Suda
8ba8533bde
pkg/cri/opts.WithoutRunMount -> oci.WithoutRunMount 
Move `pkg/cri/opts.WithoutRunMount` function to `oci.WithoutRunMount`
so that it can be used without dependency on CRI.

Also add `oci.WithoutMounts(dests ...string)` for generality.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2021-04-07 21:25:36 +09:00
Mike Brown
0186a329e9 remove two very old no longer used runtime options 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2021-04-06 20:41:09 -05:00
Derek McGowan
261c107ffc
Merge pull request #5278 from mxpv/toml 
Migrate TOML to github.com/pelletier/go-toml
 2021-04-01 21:24:52 -07:00
Maksym Pavlenko
5ada2f74a7 Keep host order as defined in TOML file 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2021-04-01 09:29:16 -07:00
James Sturtevant
d9ff8ebef5 support multi-arch images for windows via ctr 
Signed-off-by: James Sturtevant <jstur@microsoft.com>
 2021-03-31 15:50:01 -07:00
Mike Brown
1b05b605c8
Merge pull request #5145 from aojea/happyeyeballs 
use (sort of) happy-eyeballs for port-forwarding
 2021-03-26 09:51:29 -05:00
Maksym Pavlenko
ddd4298a10 Migrate current TOML code to github.com/pelletier/go-toml 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2021-03-25 13:13:33 -07:00
Derek McGowan
75a0c2b7d3
Merge pull request #5264 from mxpv/tests 
Run unit tests on CI for MacOS
 2021-03-25 09:46:25 -07:00
Fu, Wei
80fa9fe32a
Merge pull request #5135 from AkihiroSuda/default-config-crypt 
add imgcrypt stream processors to the default config
 2021-03-25 14:31:38 +08:00
Maksym Pavlenko
4674ad7beb Ignore some tests on darwin 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2021-03-24 22:40:22 -07:00
Maksym Pavlenko
181e2d4216
Merge pull request #5250 from dmcgowan/cri-fix-reference-ordering 
Fix reference ordering in CRI image store
 2021-03-23 14:45:16 -07:00
Sebastiaan van Stijn
708299ca40
Move RunningInUserNS() to its own package 
This allows using the utility without bringing whole of "sys" with it.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2021-03-23 11:29:53 +01:00
Derek McGowan
0886ceaea2
Fix reference ordering in CRI image store 
Currently image references end up being stored in a
random order due to the way maps are iterated through
in Go. This leads to inconsistent identifiers being
resolved when a single reference is needed to identify
an image and the ordering of the references is used for
the selection.

Sort references in a consistent and ranked manner,
from higher information formats to lower.

Note: A `name + tag` reference is considered higher
information than a `name + digest` reference since a
registry may be used to resolve the digest from a
`name + tag` reference.

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2021-03-22 22:29:57 -07:00
Antonio Ojea
305b425830 use happy-eyeballs for port-forwarding 
golang has enabled RFC 6555 Fast Fallback (aka HappyEyeballs)
by default in 1.12.
It means that if a host resolves to both IPv6 and IPv4,
it will try to connect to any of those addresses and use the
working connection.
However, the implementation uses go routines to start both connections in parallel,
and this has limitations when running inside a namespace, so we try to the connections
serially, trying IPv4 first for keeping the same behaviour.
xref https://github.com/golang/go/issues/44922

Signed-off-by: Antonio Ojea <aojea@redhat.com>
 2021-03-22 20:15:24 +01:00
Michael Crosby
3f98a6d2d3
Merge pull request #5211 from pacoxu/pause/3.5 
upgrade pause image to 3.5 for non-root
 2021-03-18 11:43:59 -04:00
Phil Estes
32a08f1a6a
Merge pull request #4847 from cpuguy83/devices_by_dir 
Support adding devices by dir
 2021-03-17 09:41:02 -04:00
pacoxu
ffff688663 upgrade pause image to 3.5 for non-root 
Signed-off-by: pacoxu <paco.xu@daocloud.io>
 2021-03-16 23:20:35 +08:00
Derek McGowan
2755ead927
Merge pull request #4978 from cpuguy83/certs_dir 
Add support for using a host registry dir in cri
 2021-03-15 13:47:03 -07:00
Brian Goff
7776e5ef2a Support adding devices by dir 
This enables cases where devices exist in a subdirectory of /dev,
particularly where those device names are not portable across machines,
which makes it problematic to specify from a runtime such as cri.

Added this to `ctr` as well so I could test that the code at least
works.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
 2021-03-15 16:42:23 +00:00
Akihiro Suda
ecb881e5e6
add imgcrypt stream processors to the default config 
Enable the following config by default:

```toml
version = 2

[plugins."io.containerd.grpc.v1.cri".image_decryption]
  key_model = "node"

[stream_processors]
  [stream_processors."io.containerd.ocicrypt.decoder.v1.tar.gzip"]
    accepts = ["application/vnd.oci.image.layer.v1.tar+gzip+encrypted"]
    returns = "application/vnd.oci.image.layer.v1.tar+gzip"
    path = "ctd-decoder"
    args = ["--decryption-keys-path", "/etc/containerd/ocicrypt/keys"]
    env = ["OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"]
  [stream_processors."io.containerd.ocicrypt.decoder.v1.tar"]
    accepts = ["application/vnd.oci.image.layer.v1.tar+encrypted"]
    returns = "application/vnd.oci.image.layer.v1.tar"
    path = "ctd-decoder"
    args = ["--decryption-keys-path", "/etc/containerd/ocicrypt/keys"]
    env = ["OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"]
```

Fix issue 5128

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2021-03-15 13:27:16 +09:00
Brian Goff
b0b6d9aa03 Add support for using a host registry dir in cri 
This will be used instead of the cri registry config in the main config
toml.

---

Also pulls in changes from containerd/cri@d0b4eecbb3

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
 2021-03-12 22:42:22 +00:00
Derek McGowan
35eeb24a17
Fix exported comments enforcer in CI 
Add comments where missing and fix incorrect comments

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2021-03-12 08:47:05 -08:00
Iceber Gu
f37ae8fc35
move to v3.4.1 for the pause image 
Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>
 2021-03-07 15:21:20 +08:00
Iceber Gu
92ab1a63b0 cri: fix container status 
Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>
 2021-03-05 00:00:10 +08:00
f00231050
591caece0c cri: check fsnotify watcher when receiving cni conf dir events 
carry: 612f5f9f44

Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2021-03-03 16:46:41 +08:00
Yohei Ueda
07f1df4541
cri: set default masked/readonly paths to empty paths 
Fixes #5029.

Signed-off-by: Yohei Ueda <yohei@jp.ibm.com>
 2021-02-24 23:50:40 +09:00
Phil Estes
757be0a090
Merge pull request #5017 from AkihiroSuda/parse-cap 
oci.WithPrivileged: set the current caps, not the known caps
 2021-02-23 09:10:57 -05:00
Mike Brown
9173d3e929
Merge pull request #5021 from wzshiming/fix/signal_repeatedly 
Fix repeated sending signal
 2021-02-22 09:45:56 -06:00
Justin Terry (SF)
06e4e09567 cri: append envs from image config to empty slice to avoid env lost 
Signed-off-by: Justin Terry (SF) <juterry@microsoft.com>
 2021-02-18 16:39:28 -08:00
Phil Estes
c32ccdf8be
Merge pull request #5024 from yadzhang/deepcopy-imageconfig 
cri: append envs from image config to empty slice to avoid env lost
 2021-02-18 12:51:51 -05:00
Akihiro Suda
746cef0bc2
Merge pull request #5044 from wzshiming/fix/empty-error-warpping 
Fix empty error warpping
 2021-02-18 13:47:13 +09:00