github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
12,023 Commits 3 Branches 4 Tags
0bbca7f1bcc29933dfd3cb3c463cc4fb8fbbe036
Commit Graph

154 Commits

Author SHA1 Message Date
Fu Wei
584d13d5cb Merge pull request #8276 from Iceber/remove_cri_v1alpha2 
Remove CRI v1alpha2 [deprecated since v1.7]
 2023-03-22 13:25:07 +08:00
Iceber Gu
c011502bd1 Remove cri v1alpha1 services 
Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>
 2023-03-16 17:48:49 +08:00
Danny Canter
62f98a1c11 CRI: Don't always close netConfMonitor channel 
In the CRI server initialization a syncgroup is setup that adds to the
counter for every cni config found/registered. This functions on platforms
where CNI is supported/theres an assumption that there will always be
the loopback config. However, on platforms like Darwin where there's generally
nothing registered the Wait() on the syncgroup returns immediately and the
channel used to return any Network config sync errors is closed. This channel
is one of three that's used to monitor if we should Close the CRI service in
containerd, so it's not great if this happens.

Signed-off-by: Danny Canter <danny@dcantah.dev>
 2023-03-15 20:01:17 -07:00
Maksym Pavlenko
8bd82e355a Remove no_pivot when creating container from CRI 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-03-15 09:18:16 -07:00
Maksym Pavlenko
07c2ae12e1 Remove v1 runctypes 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-03-15 09:18:16 -07:00
Maksym Pavlenko
48a1350658 Merge pull request #8149 from Burning1020/sb-netns 
sandbox: create sandbox with network namespace path
 2023-03-08 14:22:00 -08:00
Zhang Tianyang
5144ba9c49 sandbox: create sandbox with network namespace path 
Signed-off-by: Zhang Tianyang <burning9699@gmail.com>
 2023-03-08 18:54:14 +08:00
Fu Wei
5ae3a7f417 Merge pull request #8198 from kiashok/argsEscapedSupportInCri 
Add ArgsEscaped support for CRI
 2023-03-07 16:12:24 +08:00
Kevin Parsons
31c9a66385 Merge pull request #7099 from jsturtevant/cri-only-stats-windows 
[cri] Implement CRI Pod and Container stats for Windows
 2023-03-06 09:31:41 -08:00
James Sturtevant
32ed559c86 Add Windows Sandbox Stats (sbserver) 
Signed-off-by: James Sturtevant <jstur@microsoft.com>
 2023-03-03 14:37:39 -08:00
Kirtana Ashok
8137e41c48 Add ArgsEscaped support for CRI 
This commit adds supports for the ArgsEscaped
value for the image got from the dockerfile.
It is used to evaluate and process the image
entrypoint/cmd and container entrypoint/cmd
options got from the podspec.

Signed-off-by: Kirtana Ashok <Kirtana.Ashok@microsoft.com>
 2023-03-03 13:38:06 -08:00
Wei Fu
5946c1051e *: fix code style issue 
1. it's easy to check wrong input if using drain_exec_sync_io_timeout in error
2. avoid to use full error message, as part of error generated by go
   stdlib would be changed in the future
3. delete the extra empty line

Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-03-03 17:51:03 +08:00
Wei Fu
98cb6d7eb8 cri/sbserver: ignore the NOT_FOUND error in exec cleanup 
Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-03-03 12:20:09 +08:00
Wei Fu
ffebcb1223 cri: disable drain-exec-IO if it is empty timeout 
Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-03-03 11:59:07 +08:00
Wei Fu
3c18decea7 *: add DrainExecSyncIOTimeout config and disable as by default 
Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-03-03 00:21:55 +08:00
Wei Fu
a9cbddd65d *: fix typo and skip exec-io-drain-testcase in win 
Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-03-02 21:57:43 +08:00
Wei Fu
04dfd6275e pkg/cri/sbserver: add timeout to drain exec io 
Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-03-02 13:06:45 +08:00
Akihiro Suda
e0a05b56e5 Merge pull request #8152 from bart0sh/PR007-upgrade-CDI-to-0.5.4 
update CDI version to v0.5.4
 2023-02-28 09:22:30 +09:00
Changwei Ge
bd0a2a9273 CRI: remove duplicated snapshotters code 
The snapshotter annotation definitions and related functions have been
public in the new packge snapshotter

Also remove a test for container image layer's annotation.

Signed-off-by: Changwei Ge <gechangwei@bytedance.com>
 2023-02-23 11:46:14 +08:00
Ed Bartosh
49abbe4f2b fix failing TestCDIInjections 
Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
 2023-02-22 20:07:34 +02:00
Derek McGowan
179f00c883 Merge pull request #8051 from yulng/goroutine 
fix: 'go routine' should be 'goroutine'
 2023-02-15 15:20:47 -08:00
Derek McGowan
aa6418fadd Merge pull request from GHSA-hmfx-3pcx-653p 
oci: fix additional GIDs
 2023-02-15 13:45:14 -08:00
Kazuyoshi Kato
fe5d1d3e7c Merge pull request #7954 from klihub/devel/sbserver-nri-integration 
pkg/cri/sbserver: experimental NRI integration for CRI.
 2023-02-15 10:42:25 -08:00
Maksym Pavlenko
3548f59fd8 Merge pull request #8060 from dcantah/cri-annots-other 
CRI: Pass sandbox annotations to _other platforms
 2023-02-14 18:34:46 -08:00
Casey Callendrello
0166783c79 cni: pass in the cgroupPath capability argument 
There is a new CNI capability argument, cgroupPath, where runtimes can
pass cgroup paths to CNI plugins.

Implement that.

Signed-off-by: Casey Callendrello <cdc@isovalent.com>
 2023-02-14 16:49:29 +01:00
Danny Canter
646bc3a94e CRI: Create DefaultCRIAnnotations helper 
All of the CRI sandbox and container specs all get assigned
almost the exact same default annotations (sandboxID, name, metadata,
container type etc.) so lets make a helper to return the right set for
a sandbox or regular workload container.

Signed-off-by: Danny Canter <danny@dcantah.dev>
 2023-02-13 13:05:01 -08:00
Danny Canter
5aab634e14 CRI: Pass sandbox annotations to _other platforms 
!windows and !linux weren't getting passed the sandbox annotations.

Signed-off-by: Danny Canter <danny@dcantah.dev>
 2023-02-13 13:03:51 -08:00
Maksym Pavlenko
2b24af8d13 Use options to pass PodSandboxConfig to shims 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-02-13 12:36:20 -08:00
Krisztian Litkey
ebbcb57a4c pkg/cri/sbserver: experimental NRI integration for CRI. 
Hook the NRI service plugin into CRI sbserver request
processing.

Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
 2023-02-13 22:08:18 +02:00
Derek McGowan
edb8ebaf07 Merge pull request #8047 from ruiwen-zhao/send_nil 
Send container events with nil PodSandboxStatus
 2023-02-13 11:38:14 -08:00
Derek McGowan
164ac924f8 Merge pull request #7984 from aitumik/aitumik/add-host-network-tests 
test: add hostNetwork tests for both windows and linux
 2023-02-13 11:37:20 -08:00
Fu Wei
2654ece1d0 Merge pull request #8066 from fuweid/cleanup-blockio-init 
*: introduce wrapper pkgs for blockio and rdt
 2023-02-13 14:05:32 +08:00
Derek McGowan
c6cf6b2522 Merge pull request #8093 from mxpv/instrument 
Extract CRI instrument into separate package
 2023-02-12 21:45:13 -08:00
Maksym Pavlenko
750d18aced Extract CRI instrument package 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-02-12 20:49:15 -08:00
Akihiro Suda
b61988670c go.mod: github.com/containerd/typeurl/v2 v2.1.0 
Changes: https://github.com/containerd/typeurl/compare/7f6e6d160d67...v2.1.0

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-02-11 23:39:52 +09:00
ruiwen-zhao
51a8db233d Send container events with nil PodSandboxStatus 
Signed-off-by: ruiwen-zhao <ruiwen@google.com>
 2023-02-11 01:34:39 +00:00
ruiwen-zhao
27c8f4085c Move PLEG event generation back to sbserver to avoid missing pod sandbox status 
Signed-off-by: ruiwen-zhao <ruiwen@google.com>
 2023-02-11 01:34:33 +00:00
Fu Wei
362ba2c743 Merge pull request #7981 from dmcgowan/sandbox-controller-interface-refactor 
[sandbox] refactor controller interface
 2023-02-11 09:22:36 +08:00
Nathan
7cf5560754 test: add hostNetwork tests for both windows and linux 
Signed-off-by: Nathan <aitumik@protonmail.com>
 2023-02-11 00:15:48 +03:00
Zechun Chen
b944b108df Clean up repeated package import 
Signed-off-by: Zechun Chen <zechun.chen@daocloud.io>
 2023-02-10 16:21:55 +08:00
Akihiro Suda
3eda46af12 oci: fix additional GIDs 
Test suite:
```yaml

---
apiVersion: v1
kind: Pod
metadata:
  name: test-no-option
  annotations:
    description: "Equivalent of `docker run` (no option)"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=0(root) gid=0(root) groups=0(root),10(wheel)" ]']
---
apiVersion: v1
kind: Pod
metadata:
  name: test-group-add-1-group-add-1234
  annotations:
    description: "Equivalent of `docker run --group-add 1 --group-add 1234`"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=0(root) gid=0(root) groups=0(root),1(daemon),10(wheel),1234" ]']
  securityContext:
    supplementalGroups: [1, 1234]
---
apiVersion: v1
kind: Pod
metadata:
  name: test-user-1234
  annotations:
    description: "Equivalent of `docker run --user 1234`"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=1234 gid=0(root) groups=0(root)" ]']
  securityContext:
    runAsUser: 1234
---
apiVersion: v1
kind: Pod
metadata:
  name: test-user-1234-1234
  annotations:
    description: "Equivalent of `docker run --user 1234:1234`"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=1234 gid=1234 groups=1234" ]']
  securityContext:
    runAsUser: 1234
    runAsGroup: 1234
---
apiVersion: v1
kind: Pod
metadata:
  name: test-user-1234-group-add-1234
  annotations:
    description: "Equivalent of `docker run --user 1234 --group-add 1234`"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=1234 gid=0(root) groups=0(root),1234" ]']
  securityContext:
    runAsUser: 1234
    supplementalGroups: [1234]
```

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-02-10 15:53:00 +09:00
Wei Fu
62df35df66 *: introduce wrapper pkgs for blockio and rdt 
Before this patch, both the RdtEnabled and BlockIOEnabled are provided
by services/tasks pkg. Since the services/tasks can be pkg plugin which
can be initialized multiple times or concurrently. It will fire data-race
issue as there is no mutex to protect `enable`.

This patch is aimed to provide wrapper pkgs to use intel/{blockio,rdt}
safely.

Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-02-10 08:21:34 +08:00
yulng
6cdc221f59 'go routine' should be 'goroutine' 
Signed-off-by: yulng <wei.yang@daocloud.io>
 2023-02-08 14:10:34 +08:00
Derek McGowan
b0e97c0f9b Use multierror for cleanup error 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-02-07 11:06:14 -08:00
Derek McGowan
a788f6c799 Move local sandbox controller under plugins package 
Add options to sandbox controller interface.
Update sandbox controller interface to fully utilize sandbox controller
interface.
Move grpc error conversion to service.

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-02-06 22:04:45 -08:00
Derek McGowan
2717685dad Refactor sandbox controller interface 
Update the sandbox controller interface to use local types rather than
using the API types.

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-02-06 21:39:30 -08:00
Maksym Pavlenko
1f35b03369 Fix sandbox exit monitor 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-02-02 14:02:52 -08:00
Derek McGowan
ee0e22f01c Merge pull request #8020 from AkihiroSuda/mkdir-etc-cni-0755 
cri: mkdir /etc/cni with 0755, not 0700
 2023-01-30 10:21:30 -08:00
Akihiro Suda
b36b415526 cri: mkdir /etc/cni with 0755, not 0700 
/etc/cni has to be readable for non-root users (0755), because /etc/cni/tuning/allowlist.conf is used for rootless mode too.
This file was introduced in CNI plugins 1.2.0 (containernetworking/plugins PR 693), and its path is hard-coded.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-01-29 07:49:36 +09:00
Maksym Pavlenko
21fe0ceaad Move PLEG events for pause container to podsandbox 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-25 19:28:48 -08:00