github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
13,985 Commits 3 Branches 2 Tags 112 MiB
15887d7efc
Commit Graph

428 Commits

Author SHA1 Message Date
Phil Estes
dc869b7855
Merge pull request #6125 from xens/update_doc_to_v2 
Update doc to version 2 syntax
 2021-10-28 10:20:17 -04:00
Romain Aviolat
ebc5cf19ac
feat(doc): update to version 2 syntax 
Signed-off-by: Romain Aviolat <r.aviolat@gmail.com>
 2021-10-21 19:06:47 +02:00
Romain Aviolat
3b73922fba
feat(doc): add Core Scheduling documentation 
Adding documentation for the Core Scheduling feature.

Signed-off-by: Romain Aviolat <r.aviolat@gmail.com>
 2021-10-18 19:16:25 +02:00
Michael Crosby
55893b9be7 Add CNI conf based on runtime class 
Signed-off-by: Michael Crosby <michael@thepasture.io>
 2021-09-17 19:05:06 +00:00
Michael Crosby
1efed43090
add ip_pref CNI options for primary pod ip 
This fixes the TODO of this function and also expands on how the primary pod ip
is selected. This change allows the operator to prefer ipv4, ipv6, or retain the
ordering provided by the return results of the CNI plugins.

This makes it much more flexible for ops to configure containerd and how IPs are
set on the pod.

Signed-off-by: Michael Crosby <michael@thepasture.io>
 2021-09-10 10:04:21 -04:00
kerthcet
820bd92690 fix document non-synchronous in crictl.md 
Signed-off-by: kerthcet <kerthcet@gmail.com>
 2021-09-06 17:47:46 +08:00
Adelina Tuvenie
6d3d34b85d Update Pause image in tests & config 
With the introduction of Windows Server 2022, some images have been updated
to support WS2022 in their manifest list. This commit updates the test images
accordingly.

Signed-off-by: Adelina Tuvenie <atuvenie@cloudbasesolutions.com>
 2021-08-31 19:42:57 +03:00
Sebastiaan van Stijn
9cc179aa77
BUILDING.md: remove some bits about building runc 
Refer users to runc's documentation instead of duplicating
the instructions.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2021-08-10 09:31:02 +02:00
Cody Roseborough
e692a01926 Add shared content label to namespaces 
Adds shared content labels to namespaces allowing content to be shared
between namespaces if that namespace is specifically tagged as being
sharable by adding the `containerd.io/namespace/sharable` label to the
namespace.

Signed-off-by: Cody Roseborough <cdr@amazon.com>
 2021-07-28 18:49:32 +00:00
Mike Brown
b5fc7846c4 adding a little more clarity 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2021-07-26 14:55:44 -05:00
Derek McGowan
a7ad6b3be5
Add support for registry host path override 
Adds support for mirrors which are non-compliant with the
OCI distribution specification but have previously mirrored
content with a namespace prefix after the API root `/v2`.

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2021-07-02 09:48:27 -07:00
Derek McGowan
95c708572f
Update documenation for OCI distribution 1.0 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2021-07-01 17:24:08 -07:00
Mike Brown
560e7d4799 fixing some doc links 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2021-06-21 18:24:47 -05:00
Zufar Dhiyaulhaq
75b4c83f04 fix deprecation config for default runtime 
Signed-off-by: Zufar Dhiyaulhaq <zufardhiyaulhaq@gmail.com>
 2021-06-20 10:09:09 -04:00
Mike Brown
7a2b04758b adds explanation for seccomp unset/unconfined default vs runtime default 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2021-06-07 17:57:18 -05:00
Kazuyoshi Kato
75daf45beb docs: explicitly mention containerd's Prometheus path 
It is under `/v1/metrics`, which should be explicitly called out.

Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
 2021-06-01 11:15:06 -07:00
Iceber Gu
93d4541a20 docs/cri: update ocicrypt link 
Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>
 2021-05-31 15:32:30 +08:00
Iceber Gu
7924664951 docs/cri: fix broken links 
Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>
 2021-05-31 15:31:51 +08:00
Gaurav Gahlot
a5b1740bbe fixed typos 
Signed-off-by: Gaurav Gahlot <gauravgahlot0107@gmail.com>
 2021-05-19 10:31:50 +05:30
Mike Brown
6e249b1aea adds credentials description 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2021-05-12 08:37:37 -05:00
Mike Brown
b59e29773c adds description for hosts.toml 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2021-05-02 00:46:41 +00:00
Akihiro Suda
41fc516a22
docs/rootless.md: recommend "easy way" over "hard way" 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2021-04-14 16:57:46 +09:00
maoyangLiu
abd4be07ac fix the 404 url 
Signed-off-by: maoyangLiu <liumaoyang@inspur.com>
 2021-04-13 20:55:26 +08:00
Mike Brown
e96d2a5d90 Revert "remove two very old no longer used runtime options" 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2021-04-12 10:16:01 -05:00
Mike Brown
f9bcf4a8a4 add section link 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2021-04-07 12:29:43 -05:00
Mike Brown
d4be6aa8fa rm mirror defaults; doc registry deprecations 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2021-04-07 12:29:43 -05:00
Mike Brown
0186a329e9 remove two very old no longer used runtime options 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2021-04-06 20:41:09 -05:00
Fu, Wei
80fa9fe32a
Merge pull request #5135 from AkihiroSuda/default-config-crypt 
add imgcrypt stream processors to the default config
 2021-03-25 14:31:38 +08:00
Andrei Dobre
e4b9b1038b
Make CRI registry docs more clear 
Added reference to previous config syntax.

Signed-off-by: Andrei Dobre <andreidobre.web@gmail.com>
 2021-03-23 22:10:06 +02:00
pacoxu
ffff688663 upgrade pause image to 3.5 for non-root 
Signed-off-by: pacoxu <paco.xu@daocloud.io>
 2021-03-16 23:20:35 +08:00
Akihiro Suda
ecb881e5e6
add imgcrypt stream processors to the default config 
Enable the following config by default:

```toml
version = 2

[plugins."io.containerd.grpc.v1.cri".image_decryption]
  key_model = "node"

[stream_processors]
  [stream_processors."io.containerd.ocicrypt.decoder.v1.tar.gzip"]
    accepts = ["application/vnd.oci.image.layer.v1.tar+gzip+encrypted"]
    returns = "application/vnd.oci.image.layer.v1.tar+gzip"
    path = "ctd-decoder"
    args = ["--decryption-keys-path", "/etc/containerd/ocicrypt/keys"]
    env = ["OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"]
  [stream_processors."io.containerd.ocicrypt.decoder.v1.tar"]
    accepts = ["application/vnd.oci.image.layer.v1.tar+encrypted"]
    returns = "application/vnd.oci.image.layer.v1.tar"
    path = "ctd-decoder"
    args = ["--decryption-keys-path", "/etc/containerd/ocicrypt/keys"]
    env = ["OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"]
```

Fix issue 5128

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2021-03-15 13:27:16 +09:00
Brian Goff
b0b6d9aa03 Add support for using a host registry dir in cri 
This will be used instead of the cri registry config in the main config
toml.

---

Also pulls in changes from containerd/cri@d0b4eecbb3

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
 2021-03-12 22:42:22 +00:00
Sebastiaan van Stijn
79a51cd16a
move runc version to a separate file for easier consumption 
This moves the runc version to build to scripts/setup/runc-version,
which makes it easier for packagers to find the default version
to use.

The RUNC_VERSION environment variable can still be used to override
the version, which can be used (e.g.) to test against different versions
in our CI.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2021-03-10 14:28:29 +01:00
Sebastiaan van Stijn
8325ba5d36
Separate runc binary version from libcontainer version 
Now that the dependency on runc (libcontaienr) code has been reduced
considerably, it is probbaly ok to cut the version dependency between
libcontainer and the runc binary that is supported.

This patch separates the runc binary version from the version of
libcontainer that is defined in go.mod, and updates the documentation
accordingly.

The RUNC_COMMIT variable in the install-runc script is renamed to
RUNC_VERSION to encourage using tagged versions, and the Dockerfile
in contrib is updated to allow building with a custom version.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2021-03-10 13:41:12 +01:00
Sebastiaan van Stijn
b89a63a235
Remove references to apparmor and selinux buildtags for runc 
From the runc v1.0.0-rc93 release notes:

> The "selinux" and "apparmor" buildtags have been removed, and now all runc
> builds will have SELinux and AppArmor support enabled. Note that "seccomp"
> is still optional (though we very highly recommend you enable it).

Also adding a note about kmem support.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2021-03-10 12:16:54 +01:00
Iceber Gu
f37ae8fc35
move to v3.4.1 for the pause image 
Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>
 2021-03-07 15:21:20 +08:00
Mike Brown
4379557924
Merge pull request #5086 from eramos2/revise-docs 
Fixed wording in docs, and broken link
 2021-02-25 15:32:25 -06:00
alexyadon
c61f0ceada
Fix broken docs links (#5085) 
* docs: fix broken links

Signed-off-by: Alex Yadon <alex.yadon@ibm.com>

* docs: use relative paths

Signed-off-by: Alex Yadon <alex.yadon@ibm.com>
 2021-02-25 14:09:49 -06:00
Emmanuel Ramos
224efa9dae Fixed wording in docs, and broken link 
Signed-off-by: Emmanuel Ramos <emmanuel.ramos2@ibm.com>
 2021-02-25 13:18:13 -05:00
Lorenz Brun
36d0bc1f2b Allow moving netns directory into StateDir 
Signed-off-by: Lorenz Brun <lorenz@nexantic.com>
 2021-02-10 18:33:14 +01:00
Wei Fu
3299c5560d
Merge pull request #4967 from dmcgowan/cleanup-root 
Move documentation and helper directories out of root
 2021-01-24 15:08:19 +08:00
Aditi Sharma
d09bf18862 Clean Up Doc and fix some broken links 
Signed-off-by: Aditi Sharma <adi.sky17@gmail.com>
 2021-01-20 15:45:43 +05:30
Derek McGowan
7dffdfa560
Move documentation and helper directories out of root 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2021-01-12 12:19:50 -08:00
Shengjing Zhu
91dc69ee43 docs: point cri release tarball to github release page 
Signed-off-by: Shengjing Zhu <zhsj@debian.org>
 2021-01-03 17:50:40 +08:00
Shengjing Zhu
5988bfc1ef docs: Various typo found by codespell 
Signed-off-by: Shengjing Zhu <zhsj@debian.org>
 2020-12-22 13:22:16 +08:00
Akihiro Suda
7e6e4c466f
remove "selinux" build tag 
The build tag was removed in go-selinux v1.8.0: opencontainers/selinux#132

Related: remove "apparmor" build tag: 0a9147f3aa

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-12-15 20:05:25 +09:00
Kazuyoshi Kato
03cc4cedc5 docs: fix broken links 
This change fixes broken links in docs/.

Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
 2020-11-11 10:19:17 -08:00
Kazuyoshi Kato
a05fa4214d Move CRI plugin's docs from docs/ to docs/cri/ 
There are a lot of documents which are specifically talking about
the CRI plugin. These docs should be in docs/cri/.

Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
 2020-11-10 11:49:05 -08:00
Mike Brown
1ab8bdc27b refresh cri testing guide after move 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2020-10-30 18:22:37 -05:00
Mike Brown
b6053fb7c3 change default for disablesnapshotannotations 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2020-10-29 15:30:13 -05:00
shouhei
f1a3235e84 Fix typo in examples of registry config 
Signed-off-by: shouhei <shouhei.yamaguchi.be@gmail.com>
 2020-10-11 01:52:16 +09:00
Derek McGowan
e7a350176a
Merge containerd/cri into containerd/containerd 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2020-10-07 10:58:39 -07:00
Martin Hickey
fe5fdccdaf Update after review 
Review comments:
- https://github.com/containerd/cri/pull/1591#pullrequestreview-499636859

Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
 2020-09-30 19:00:08 +00:00
Martin Hickey
70a56ae327 Updates to the image registry doc 
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
 2020-09-30 14:51:59 +00:00
Mike Brown
2c2dd59f32
Merge branch 'master' into update-config-syntax 2020-09-24 15:58:39 -05:00
Akihiro Suda
0762fdd9e2
Revert "Fix doc for runtime specific options" 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-09-22 17:23:19 +09:00
Akihiro Suda
e3e2c39462
update docs/rootless.md 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-08-08 04:08:35 +09:00
Wei Fu
df8352f1ff
Merge pull request #4335 from ktock/sn-doc 
Add doc about snapshotter based on shared remote storage
 2020-07-30 23:19:59 +08:00
Mike Brown
fe9bb8da65
Merge branch 'master' into ssdoc 2020-07-29 11:44:10 -05:00
Mike Brown
63400c7694
Merge pull request #1543 from ktock/discard-content 
Allow GC to discard content after successful pull and unpack
 2020-07-29 11:39:28 -05:00
Takumasa Sakao
4c8164bccf Specify version = 2 & fix wrong key in registry.md (GCR example) 
Signed-off-by: Takumasa Sakao <sakataku7@gmail.com>
 2020-07-28 17:54:12 +09:00
ktock
375dd76255 Add description about disable_snapshot_annotations to configuration doc 
Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
 2020-07-28 09:30:20 +09:00
ktock
c80660b82b Allow GC to discard content after successful pull and unpack 
This commit adds a config flag for allowing GC to clean layer contents up after
unpacking these contents completed, which leads to deduplication of layer
contents between the snapshotter and the contnet store.

Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
 2020-07-28 09:05:47 +09:00
ktock
c2081369c5 Add doc about remote snapshotter 
Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
 2020-07-23 13:05:05 +09:00
Michael Crosby
5f5d954b6a add selinux category range to config 
This allows an admin to set the upper bounds on the category range for selinux
labels.  This can be useful when handling allocation of PVs or other volume
types that need to be shared with selinux enabled on the hosts and volumes.

Signed-off-by: Michael Crosby <michael@thepasture.io>
 2020-07-20 16:02:07 -04:00
Brandon Lum
f93b72530f Update doc cri plugin convention 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2020-07-22 17:34:17 +00:00
HsuanChi (Austin) Kuo
904ab30f9d Fix doc for runtime specifc options 
Signed-off-by: Hsuan-Chi Kuo <hckuo2@illinois.edu>
 2020-07-10 11:04:49 -05:00
Akihiro Suda
fe6833a9a4
config: TolerateMissingHugePagesCgroupController -> TolerateMissingHugetlbController 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-07-02 13:49:42 +09:00
Avi Deitcher
e7f069e2c3 describe content flow and dependencies 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2020-06-24 21:20:42 +03:00
Mike Brown
b661ad711e
Merge pull request #1504 from lorenz/ignore-image-defined-volumes 
Add option for ignoring volumes defined in images
 2020-06-14 11:52:48 -05:00
Wei Fu
ae8200bf93
Merge pull request #1499 from webwurst/patch-1 
Fix typo
 2020-06-10 13:46:29 +08:00
Lorenz Brun
5a1d49b063 Add option for ignoring volumes defined in images 
Signed-off-by: Lorenz Brun <lorenz@brun.one>
 2020-06-09 21:02:47 +02:00
Brian Goff
c694c63176 Add config for registry http headers 
This adds a configuration knob for adding request headers to all
registry requests. It is not namespaced to a registry.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
 2020-06-08 18:56:15 -07:00
Tobias Bradtke
098e040014 Fix typo 
Signed-off-by: Tobias Bradtke <webwurst@gmail.com>
 2020-06-05 18:19:49 +02:00
Michael Crosby
8898550e34
Merge pull request #1498 from mxpv/base 
Specify base OCI runtime spec
 2020-05-29 16:34:29 -04:00
Maksym Pavlenko
df8d6c5b7b Update documentation for base OCI spec files 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2020-05-28 14:45:11 -07:00
Maksym Pavlenko
8d54f39753 Allow specify base OCI runtime spec 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2020-05-28 13:39:31 -07:00
Mike Brown
a7ad3bc01f add a registry auth tutorial 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2020-05-22 15:39:30 -05:00
Mike Brown
3f0aa45453 removing boilerplate test replace by projectboiler check 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2020-05-14 17:52:12 -05:00
Maksym Pavlenko
674fe72aa8 Update docs for unset seccomp profile 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2020-05-10 10:46:58 -07:00
Dave Syer
5ac8515bf0 Clarify that plugin names are long in version = 2 
Otherwise it's confusing for readers who just need quick reference
for plugin configurations.

Signed-off-by: Dave Syer <dsyer@pivotal.io>
 2020-04-27 14:35:41 +01:00
Martin Hickey
02307da36d Add improvement to docs 
Some small improvements to docs of things I found while
using the docs.

Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
 2020-04-23 09:47:54 +00:00
Wei Fu
a45f57bcf1
Merge pull request #1375 from jdewinne/registry-doc 
Update registry.md for auth config
 2020-04-21 16:25:08 +08:00
Joris De Winne
050e8c63c0
Update registry.md for auth config 
Signed-off-by: Joris De Winne <joris.dewinne@gmail.com>
 2020-04-20 21:19:35 -07:00
Brian Goff
8574083153 This config no longer exists, so remove from docs. 
This was changed to `no_subreaper` in
6e9f24b711 and, as far as I can tell,
`no_subreaper` doesn't exist as a config anymore.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
 2020-04-17 14:14:35 -07:00
Sebastiaan van Stijn
ad090e67e9
man: move ctr.1, containerd-config to section 8, and fix generation 
I missed this in my previous change: the ctr man page is also
in Section 8, because it's considered an administrative tool,
and containerd-config is related to containerd so updating these
as well.

This commit also fixes naming of the generated files, which was
hard-coded to .1.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-04-03 12:32:52 +02:00
Sebastiaan van Stijn
356782cb47
Makefile: man page: rename containerd.1 to containerd.8 
The generated file was incorrectly named containerd.1 and should
be in section 8 (see [MAN-PAGES(7)]: Sections of the manual pages)

This patch fixes the filename and updates references to containerd(1)
to refer to containerd(8).

The generated file itself already had the correct section set in its
header, so didn't need updating.

[MAN-PAGES(7)]: http://man7.org/linux/man-pages/man7/man-pages.7.html

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-04-02 13:52:06 +02:00
Brandon Lum
8d5a8355d0 Updated docs and code for default nil behavior 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2020-02-27 23:42:03 +00:00
Brandon Lum
7a24da0375 Updated docs and encryption.md -> decryption.md 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2020-02-24 20:45:57 +00:00
Brandon Lum
c5209cd679 Updated doc based on changes requested 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2020-02-24 20:45:57 +00:00
Brandon Lum
8df431fc31 Defer multitenant key model to image auth discussion 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2020-02-24 20:45:57 +00:00
Brandon Lum
f0579c7b4d Implmented node key model for image encryption 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2020-02-24 20:45:57 +00:00
Mike Brown
c9ed98462d move to v3.2 for the pause image 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2020-02-14 12:55:52 -06:00
Mihai Coman
5e6d56ee2d Fix startup_delay within default configuration 
Without this patch, the containerd daemon fails to start using the
default configuration example:
containerd[37139]: containerd: time: missing unit in duration 100000000

Signed-off-by: Mihai Coman <mihai.cmn@gmail.com>
 2020-01-29 15:34:23 +02:00
Yecheng Fu
ef7f327f2a update config syntax in registry.md 
Signed-off-by: Yecheng Fu <fuyecheng@pingcap.com>
 2020-01-10 17:43:41 +08:00
Akihiro Suda
b553bc14a2 update docs/rootless.md 
* Updated an example config to v2 syntax
* Updated for shim v2 (relates to #2767)

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-01-08 13:37:29 +09:00
Akihiro Suda
b127b666aa ctr: support $CONTAINERD_ADDRESS env var 
`$CONTAINERD_ADDRESS` can be specified instead of the `ctr --address` flag.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-01-07 15:59:12 +09:00
Akihiro Suda
aaddaa2732 bump up the default runtime to "io.containerd.runc.v2" 
The former default runtime "io.containerd.runc.v1" won't support new features
like support for cgroup v2: containerd/containerd#3726

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2019-12-16 11:53:58 +09:00
Lantao Liu
4f350ad474 Fix typo. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-11-26 15:09:07 -08:00
Lantao Liu
ab6701bd11 Add insecure_skip_verify option. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-11-26 13:25:52 -08:00
Ameya Gawde
d21f0f116e
windows process shim installer 
Signed-off-by: Ameya Gawde <ameya.gawde@docker.com>
 2019-10-30 16:22:02 -07:00
Lantao Liu
aaccfcbe2b Fix containerd config dump. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-10-23 22:38:18 -07:00
Lantao Liu
56fa16ef9c Update the kube-up doc with a simpler approach. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-09-23 17:24:10 -07:00
Lantao Liu
35eb96d901 Update deployment and integration test 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-09-18 17:21:37 -07:00
Michael Crosby
f3a5b8c0a9 Add command to generate man pages 
The climan package has a command that can be registered with any urfav
cli app to generate man pages.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2019-09-11 15:31:02 -04:00
Ed Bartosh
e28689657a Add ContatinerAnnotations to the Runtime and config 
Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
 2019-09-10 11:28:51 +03:00
Michael Crosby
f76eefd272
Merge pull request #3574 from mxpv/cfg 
Support config imports
 2019-09-04 16:34:11 -04:00
Lantao Liu
2d03ccf5dd FDQN is a typo, and we don't support trailing dot in FQDN. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-08-30 13:31:04 -07:00
chentanjun
92a5b08a68 fix-grammar-mistake 
Signed-off-by: chentanjun <2799194073@qq.com>
 2019-08-28 16:10:08 +08:00
Maksym Pavlenko
8ebffecbc3 Use map for stream processors 
Signed-off-by: Maksym Pavlenko <makpav@amazon.com>
 2019-08-23 15:31:37 -07:00
Maksym Pavlenko
ea6c749e35 Update config doc 
Signed-off-by: Maksym Pavlenko <makpav@amazon.com>
 2019-08-23 11:08:25 -07:00
Lantao Liu
81ca274c6f Add wildcard mirror support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-08-13 12:02:57 -07:00
Phil Estes
b77e25dade
Merge pull request #3516 from crosbymichael/remote-enc 
Remove encryption code from containerd core
 2019-08-13 10:52:48 -04:00
Akihiro Suda
28e492fce0 allow non-mutual TLS 
Previously, client keypair had needed to be specified even when unused.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2019-08-10 21:48:03 +09:00
Lantao Liu
53e94c6753 Use containerd registry mirror library. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-08-09 14:39:30 -07:00
Michael Crosby
0dadef19cf Add docs for stream processors 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2019-08-09 18:40:43 +00:00
Michael Crosby
d085d9b464 Remove encryption code from containerd core 
We are separating out the encryption code and have designed a few new
interfaces and APIs for processing content streams.  This keep the core
clean of encryption code but enables not only encryption but support of
multiple content types ( custom media types ).

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2019-08-09 15:01:16 +00:00
Alex Price
3353ab76d9 Add flag to overload default privileged host device behaviour 
This commit adds a flag to the runtime config that allows overloading of the default
privileged behaviour. When the flag is enabled on a runtime, host devices won't
be appended to the runtime spec if the container is run as privileged.

By default the flag is false to maintain the current behaviour of privileged.

Fixes #1213

Signed-off-by: Alex Price <aprice@atlassian.com>
 2019-08-08 12:16:42 +10:00
Lantao Liu
871a8b89c8 Do not deprecate no_pivot yet. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-08-05 15:12:50 -07:00
Lantao Liu
b74653b821 Print warning message for deprecated options. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-08-02 01:10:11 -07:00
Derek McGowan
adad947b77
Merge pull request #3460 from lumjjb/ctrrecipients 
Specify protocols in ctr encrypt recipients
 2019-08-01 15:37:40 -07:00
Lantao Liu
467f9e0e8a Fix proc mount support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-07-31 17:11:15 -07:00
Akihiro Suda
4195136eea
Merge pull request #3433 from dmcgowan/gc-docs 
Add garbage collection doc
 2019-07-30 14:03:01 +09:00
Lantao Liu
c78caf902d Add max concurrent downloads support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-07-26 18:15:17 -07:00
Brandon Lum
8cd480c233 Specify protocols in ctr encrypt recipients 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2019-07-26 13:20:22 -04:00
Derek McGowan
22f44c44d9
Add garbage collection doc 
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
 2019-07-25 14:42:30 -07:00
Aldo Culquicondor
4b43303203 Add option to register on TCP server 
Signed-off-by: Aldo Culquicondor <acondor@google.com>
 2019-07-25 09:42:49 -04:00
Lantao Liu
64bf4bebf3
Merge pull request #1188 from alculquicondor/fix/doc 
Update docs to v2 config
 2019-07-24 14:25:42 -07:00
Aldo Culquicondor
e2550f6285 Update docs to v2 config 
Signed-off-by: Aldo Culquicondor <acondor@google.com>
 2019-07-24 09:30:13 -04:00
Brandon Lum
c6d437fd70 Corrected lease implementation 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2019-07-18 18:17:20 -04:00
Stefan Berger
bf8804c743 Implemented image encryption/decryption libraries and ctr commands 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2019-07-17 15:19:58 -04:00
Joe Borg
9ebc10ec08 Correcting typo 
`/ec/` > `/etc/`

Signed-off-by: Joe Borg <joe@josephb.org>
 2019-07-04 14:12:20 -04:00
Michael Crosby
bb9616ba20
Merge pull request #3379 from Ace-Tang/clean-doc 
docs: remove shim_no_newns in ops.md
 2019-06-26 11:30:21 -04:00
Ace-Tang
2d03791158 docs: remove shim_no_newns in ops.md 
this ops is removed in commit fd2e3cd326,
remove from doc avoid misleading users.

Signed-off-by: Ace-Tang <aceapril@126.com>
 2019-06-26 16:37:36 +08:00
Phil Estes
0886e4f1b7
No need to keep 2017 DockerCon doc 
Remove outdated discussion document from repo.

Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
 2019-06-26 00:00:59 -04:00
BoWen Yan
d15a06b190 docs: Fix typo to some markdown files in /docs. 
Signed-off-by: BoWen Yan <loneybw@gmail.com>
 2019-06-13 15:29:12 +08:00
Mike Brown
3ba04c01cc doc update for cni max num 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2019-06-11 08:35:22 -05:00
kuramal
b022de5f37 add cni plugin config file max num config, set go-cni to commit 22460c0 
Signed-off-by: kuramal <linxxnil@126.com>
 2019-06-10 12:14:35 +08:00
Vlad Ungureanu
60a58af376 Add TLS auth registry support 
Signed-off-by: Vlad Ungureanu <ungureanuvladvictor@gmail.com>
 2019-06-06 14:55:53 -07:00
Lantao Liu
db90808477 Update doc and add deprecation policy for CRI options. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-04-25 16:11:16 -07:00
Lantao Liu
19e2b20c13 Use ctr images import. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-04-15 10:37:31 -07:00
Derek McGowan
2f60e389a0
Merge pull request #2626 from krsoninikhil/defaults3 
Uses namespace labels for default options
 2019-04-02 11:46:35 -07:00
Lantao Liu
238658719f Cleanup pod annotation test and only support tailing wildcard. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-03-25 12:54:34 -07:00
Harshal Patil
effd82227c Add support for passing sandbox annotations to runtime 
Signed-off-by: Harshal Patil <harshal.patil@in.ibm.com>
 2019-03-21 14:38:14 +05:30
Mike Brown
9474b05dd7 clarify the versioning for the tarball 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2019-03-13 12:58:12 -05:00
Lantao Liu
f2f90f6b00
Merge pull request #1060 from Random-Liu/support-stream-idle-timeout 
Support stream idle timeout.
 2019-02-28 10:28:27 -08:00
Lantao Liu
8222da7768 Support stream idle timeout. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-02-28 01:30:01 -08:00
Lantao Liu
76ed153e8c Add more explanation about the CRI config. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-02-27 16:51:36 -08:00
Aldo Culquicondor
c88e18b907 Fix architecture doc 
Network namespace is created before the pause container.

Signed-off-by: Aldo Culquicondor <acondor@google.com>
 2019-02-27 18:00:40 -05:00
Shengjing Zhu
fb80483711 docs: Add NAME section in all manpages 
As described in https://lintian.debian.org/tags/manpage-has-bad-whatis-entry.html
each manual page should start with a "NAME" section.

Signed-off-by: Shengjing Zhu <zhsj@debian.org>
 2019-02-22 23:40:28 +08:00
Mike Brown
857f169e9e update support statment reflecting eol for k8s 1.10 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2019-02-14 11:28:26 -06:00
Nikhil Soni
da2ab865e0 Add documentation for using namespace labels for configuring defaults. 
Signed-off-by: Nikhil Soni <krsoninikhil@gmail.com>
 2019-02-01 23:14:33 +05:30
Derek McGowan
8706a355dd
Merge pull request #2889 from linxiulei/isolated_content 
metadata: define content sharing policy
 2019-01-14 13:15:38 -08:00
Phil Estes
a79879e9dd
Add security audit report to README 
Also remove weekly development reports section from README as those are
not being produced regularly at this time.

Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
 2019-01-04 09:56:03 -05:00
Akihiro Suda
cd8231ab2a support DisableCgroup, DisableApparmor, RestrictOOMScoreAdj 
Add following config for supporting "rootless" mode

* DisableCgroup: disable cgroup
* DisableApparmor: disable Apparmor
* RestrictOOMScoreAdj: restrict the lower bound of OOMScoreAdj

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2019-01-03 05:12:04 +09:00
Eric Lin
4247f2684d metadata: define content sharing policy 
This changeset modifies the metadata store to allow one to set a
"content sharing policy" that defines how blobs are shared between
namespaces in the content store.

The default mode "shared" will make blobs available in all namespaces
once it is pulled into any namespace.  The blob will be pulled into
the namespace if a writer is opened with the "Expected" digest that
is already present in the backend.

The alternative mode, "isolated" requires that clients prove they have
access to the content by providing all of the content to the ingest
before the blob is added to the namespace.

Both modes share backing data, while "shared" will reduce total
bandwidth across namespaces, at the cost of allowing access to any
blob just by knowing its digest.

Note: Most functional codes and changelog of this commit originate from
Stephen J Day <stephen.day@docker.com>, see
40455aade8

Fixes #1713 Fixes #2865

Signed-off-by: Eric Lin <linxiulei@gmail.com>
 2018-12-21 15:02:21 +08:00
Sebastiaan van Stijn
723797d320
docs: remove website leftovers 
The website content moved to the github.com/containerd/containerd.io
repository.

Commit da1fba0050 removed all website-
related content, but there were some stray files left behind.

This patch removes those files, and updates the `.editorconfig` file
to only match Markdown files.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2018-12-20 10:01:51 +01:00
Sebastiaan van Stijn
555ea3fb43
Ignore modprobe failures in ExecStartPre (systemd unit) 
When running containerd inside LXC, due to systemd being unable to execute
`modprobe overlay` inside the container (module is already loaded in host kernel).

This patch adds a `-` prefix to the `ExecStartPre` command, so that failures
are ignored, and the service can start as usual.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2018-11-10 12:52:06 +01:00
Akihiro Suda
ce6d4c9a9f add docs/rootless.md 
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-11-06 17:39:30 +09:00
Lantao Liu
1442425f92 Support runtime specific configurations. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-10-08 17:17:29 -07:00
Lantao Liu
65283e4253 The indent is wrong. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-09-17 12:11:18 -07:00
Lantao Liu
3de8c8bf19 Update cri-tools to 98eea54af789ae13edce79cba101fb9ac8e7b241. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-09-17 10:54:42 -07:00
Tim Allclair
e7189a25c3
Add RuntimeHandler support 
Signed-off-by: Tim Allclair <tallclair@google.com>
 2018-09-05 17:27:35 -07:00
JulienBalestra
dffd0dfa0e
streaming: tls conf validation to func with tests 
Signed-off-by: JulienBalestra <julien.balestra@datadoghq.com>
 2018-08-30 15:10:48 +02:00
JulienBalestra
859003a940
stream: struct for x509 key pair, update the docs, error management 
Signed-off-by: JulienBalestra <julien.balestra@datadoghq.com>
 2018-08-28 17:22:11 +02:00
Phil Estes
da1fba0050
Website no longer managed from this repo 
Website content is deployed from containerd/containerd.io now

Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
 2018-08-23 14:55:04 -04:00
Aleksa Sarai
7aa132ffc7
docs: man: rename config.toml(5) to be more descriptive 
The man page namespace is global, so in order to avoid colliding with
other man pages named "config.toml" rename ours to be more descriptive.
This also helps with discoverability (now tab-completion of 'man
containerd<tab>' will return the config man page), as well as making it
much cleaner from the perspective of distributions that want to package
containerd.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
 2018-08-08 18:33:29 +10:00
Michael Crosby
2742238909 Add docs for managed opts dir 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2018-08-03 11:50:02 -04:00
Lantao Liu
b3d6f16383 Serve streaming on localhost by default to match k8s 1.11 default. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-07-21 01:10:45 +00:00
yanxuean
7065dd81f9 support no_pivot option for runc 
Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2018-07-20 08:46:50 +08:00
Lantao Liu
0f3c83b11b Use --no-overwrite-dir in installation doc. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-07-11 18:04:48 +00:00
Lantao Liu
952e53bf58 Add registry auth config, and use docker resolver in containerd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-07-09 19:08:48 -07:00
Alban Crequy
6ef65b74e1 Document how to use systemd-run 
It is also useful when testing local changes, I just run:

sudo systemd-run -p Delegate=yes -p KillMode=process bin/containerd

Signed-off-by: Alban Crequy <alban@kinvolk.io>
 2018-06-27 16:58:30 +02:00
Lantao Liu
fd71c9f065 Fix another link. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-26 13:30:32 -07:00
Yu-Ju Hong
e23c0e708a
Fix link to GCE getting started guide 
Signed-off-by: Yu-Ju Hong <yjhong@google.com>
 2018-06-25 12:10:03 -07:00
Lantao Liu
405f57f8e0 Add max_container_log_size 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-14 14:24:17 -07:00
Luc Perkins
e5e63539a6 Return Markdown files to /docs directory 
Signed-off-by: Luc Perkins <lucperkins@gmail.com>
 2018-05-16 11:23:50 -07:00
Luc Perkins
d1503dc9ce Migrate website to Hugo 
Signed-off-by: Luc Perkins <lucperkins@gmail.com>
 2018-05-15 12:30:26 -07:00
Lantao Liu
e22ebf420f Down containerd binaries from official release. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-24 01:23:44 -07:00
Lantao Liu
06f53b4838 Add unix:// prefix for socket addresses used by CRI remote client. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-20 17:36:25 -07:00
Lantao Liu
9aa9f85a03 Add release instruction to make the release process written down. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-16 06:46:22 +00:00
Lantao Liu
d8a3c5f254 Address comments. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-09 18:15:09 +00:00
Lantao Liu
b2099c2061 Add cni config template support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-07 06:34:45 +00:00
Lantao Liu
ad7bffc093 Enable TLS streaming in all the setup. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-03 00:17:26 +00:00
Lantao Liu
c4f80aecb7
Merge pull request #711 from tklauser/libapparmor-dep 
Drop libapparmor dependency from build docs
 2018-04-02 11:55:27 -07:00
Tobias Klauser
d29678a3c4 Drop libapparmor dependency from build docs 
As of opencontainers/runc@db093f6 runc no longer depends on libapparmor
thus libapparmor-dev no longer needs to be installed to build it or
anythind that depends on it (like containerd or cri-containerd). Adjust
the documentation accordingly.

containerd/containerd#2238 did the same for containerd.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
 2018-03-31 18:18:12 +02:00
Tyler Kellen
11189f6e8b fully specify --container-runtime-endpoint flag 
Resolves this warning:
"/run/containerd/containerd.sock" as endpoint is deprecated please
consider using full url format "unix:///run/containerd/containerd.sock"

Signed-off-by: Tyler Kellen <tyler@sleekcode.net>
 2018-03-28 17:23:43 -04:00
Lantao Liu
f0655ecfe0 Use pause image from new source. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-26 07:11:41 +00:00
Lantao Liu
356a41c424
Merge pull request #697 from Random-Liu/fs-layout-change 
adds volatile state directory to the fs plan for cntrs/pods/fifo
 2018-03-23 19:24:19 -07:00
Mike Brown
94df315de8 adds volatile state directory to the fs plan for cntrs/pods/fifo 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-03-24 00:05:52 +00:00
Lantao Liu
205892d935
Merge pull request #696 from Random-Liu/update-document 
Update documents.
 2018-03-23 14:47:33 -07:00
Lantao Liu
b05744478a Update documents. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-23 21:03:46 +00:00
Yanqiang Miao
559581e18a Add a document for cri plugin config 
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2018-03-23 15:08:58 +08:00
Lantao Liu
65c1cc77bb
Merge pull request #682 from Random-Liu/update-doc 
Update README.d and graphs.
 2018-03-20 19:08:06 -07:00
Lantao Liu
129d060e10 Update README.d and graphs. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-20 21:11:23 +00:00
Lantao Liu
904938fa9d Fix for kube-up.sh and update several documments. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-20 09:24:15 +00:00
Lantao Liu
47855119ab
Merge pull request #667 from mikebrow/doc-updates-cri-move 
docs update for cri-containerd to cri move
 2018-03-16 16:24:40 -07:00
Mike Brown
0ee7614785 docs update for cri-containerd to cri move 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-03-16 15:33:17 -05:00
Lantao Liu
7e67d96b9b Replace ctrcri with ctr cri. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-15 23:22:00 +00:00
Yanqiang Miao
4a8060f08b Add document about registry configuration 
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2018-03-08 11:02:57 +08:00