This commit upgrades github.com/containerd/typeurl to use typeurl.Any.
The interface hides gogo/protobuf/types.Any from containerd's Go client.
Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
All occurrences only passed a PID, so we can use this utility to make
the code more symmetrical with their cgroups v2 counterparts.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This commit removes gogoproto.enumvalue_customname,
gogoproto.goproto_enum_prefix and gogoproto.enum_customname.
All of them make proto-generated Go code more idiomatic, but we already
don't use these enums in our external-surfacing types and they are anyway
not supported by Google's official toolchain (see #6564).
Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
gogoproto.customtype is used to have go-digest.Digest instead of string.
While it is convinient, protoc-gen-go doesn't support the extension
and that blocks #6564.
Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
`gosec` linter is able to identify issues described in #6584
e.g.
$ git revert 54e95e6b88
[gosec dfc8ca1ec] Revert "fix Implicit memory aliasing in for loop"
2 files changed, 2 deletions(-)
$ make check
+ proto-fmt
+ check
GOGC=75 golangci-lint run
containerstore.go:192:54: G601: Implicit memory aliasing in for loop. (gosec)
containers = append(containers, containerFromProto(&container))
^
image_store.go:132:42: G601: Implicit memory aliasing in for loop. (gosec)
images = append(images, imageFromProto(&image))
^
make: *** [check] Error 1
I also disabled following two settings which prevent the linter to show a complete list of issues.
* max-issues-per-linter (default 50)
* max-same-issues (default 3)
Furthermore enabling gosec revealed many other issues. For now I blacklisted the ones except G601.
Will create separate tasks to address them one by one moving next.
Signed-off-by: Henry Wang <henwang@amazon.com>
Use goresctrl for parsing container and pod annotations related to RDT.
In practice, from the users' point of view, this patchs adds support for
a container annotation and two separate pod annotations for controlling
the RDT class of containers.
Container annotation can be used by a CRI client:
"io.kubernetes.cri.rdt-class"
Pod annotations for specifying the RDT class in the K8s pod spec level:
"rdt.resources.beta.kubernetes.io/pod"
(pod-wide default for all containers within)
"rdt.resources.beta.kubernetes.io/container.<container_name>"
(container-specific overrides)
Annotations are intended as an intermediate step before the CRI API
supports RDT.
Signed-off-by: Markus Lehtonen <markus.lehtonen@intel.com>
Add support for configuring the Linux resctrl pseudo-filesystem with
goresctrl library. The functionality is integrated in the
"io.containerd.service.v1.tasks-service" plugin.
Signed-off-by: Markus Lehtonen <markus.lehtonen@intel.com>
When running containerd as a service it may be hard to
override the TMP location of the process. This is especially
true on Windows when running containerd in SCM. This change
allows you to set the 'temp' location in the config.toml when
the service starts up that overrides its TEMP/TMP/TMPDIR usage.
This is helpful on Linux as well but it primarily solves the
performance issue on Windows when running containerd across
volumes. IE: If you configure your data/root paths on a volume
other than the SystemDrive the snapshotter does a temporary unpack
on the SystemDrive and then has to copy contents of that data
to the snapshot folder on the destination volume. By alinging the
tmp with the destination it is a simple move operation instead of
a copy operation.
Signed-off-by: Justin Terry <jlterry@amazon.com>
This allows both client and server to determine when
stream is completed. Previously this was done by
closesend call from the client side but that is async
so client can not assume that the server side also
already thinks that stream is complete.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Before this change we only ever had the grpc incoming medata set so when
we make a request to a shim or a grpc plugin the namespace is not sent
over the RPC.
I need this for github.com/cpuguy83/systemdshim, and I am sure there are
other use-cases where this would be needed.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
In linux 5.14 and hopefully some backports, core scheduling allows processes to
be co scheduled within the same domain on SMT enabled systems.
The containerd impl sets the core sched domain when launching a shim. This
allows a clean way for each shim(container/pod) to be in its own domain and any
additional containers, (v2 pods) be be launched with the same domain as well as
any exec'd process added to the container.
kernel docs: https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/core-scheduling.html
Signed-off-by: Michael Crosby <michael@thepasture.io>
Found this error in a docker daemon log classified as an "uknown" error.
Since we know what this is return the correct error type so it can be
handled.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
The io/ioutil package has been deprecated as of Go 1.16, see
https://golang.org/doc/go1.16#ioutil. This commit replaces the existing
io/ioutil functions with their new definitions in io and os packages.
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
This commit attemts to support containerd on darwin platform. With an
external runtime shim, ctr run should work with, for instance,
--runtime=io.containerd.runu.v1. An example of runtime and shim is
managed under different repository (github.com/ukontainer/runu/).
Signed-off-by: Hajime Tazaki <thehajime@gmail.com>
