github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
9,002 Commits 3 Branches 2 Tags 112 MiB
1edab60723
Commit Graph

254 Commits

Author SHA1 Message Date
Mike Brown
f9bcf4a8a4 add section link 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2021-04-07 12:29:43 -05:00
Mike Brown
d4be6aa8fa rm mirror defaults; doc registry deprecations 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2021-04-07 12:29:43 -05:00
Mike Brown
0186a329e9 remove two very old no longer used runtime options 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2021-04-06 20:41:09 -05:00
Fu, Wei
80fa9fe32a
Merge pull request #5135 from AkihiroSuda/default-config-crypt 
add imgcrypt stream processors to the default config
 2021-03-25 14:31:38 +08:00
Andrei Dobre
e4b9b1038b
Make CRI registry docs more clear 
Added reference to previous config syntax.

Signed-off-by: Andrei Dobre <andreidobre.web@gmail.com>
 2021-03-23 22:10:06 +02:00
pacoxu
ffff688663 upgrade pause image to 3.5 for non-root 
Signed-off-by: pacoxu <paco.xu@daocloud.io>
 2021-03-16 23:20:35 +08:00
Akihiro Suda
ecb881e5e6
add imgcrypt stream processors to the default config 
Enable the following config by default:

```toml
version = 2

[plugins."io.containerd.grpc.v1.cri".image_decryption]
  key_model = "node"

[stream_processors]
  [stream_processors."io.containerd.ocicrypt.decoder.v1.tar.gzip"]
    accepts = ["application/vnd.oci.image.layer.v1.tar+gzip+encrypted"]
    returns = "application/vnd.oci.image.layer.v1.tar+gzip"
    path = "ctd-decoder"
    args = ["--decryption-keys-path", "/etc/containerd/ocicrypt/keys"]
    env = ["OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"]
  [stream_processors."io.containerd.ocicrypt.decoder.v1.tar"]
    accepts = ["application/vnd.oci.image.layer.v1.tar+encrypted"]
    returns = "application/vnd.oci.image.layer.v1.tar"
    path = "ctd-decoder"
    args = ["--decryption-keys-path", "/etc/containerd/ocicrypt/keys"]
    env = ["OCICRYPT_KEYPROVIDER_CONFIG=/etc/containerd/ocicrypt/ocicrypt_keyprovider.conf"]
```

Fix issue 5128

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2021-03-15 13:27:16 +09:00
Brian Goff
b0b6d9aa03 Add support for using a host registry dir in cri 
This will be used instead of the cri registry config in the main config
toml.

---

Also pulls in changes from containerd/cri@d0b4eecbb3

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
 2021-03-12 22:42:22 +00:00
Sebastiaan van Stijn
79a51cd16a
move runc version to a separate file for easier consumption 
This moves the runc version to build to scripts/setup/runc-version,
which makes it easier for packagers to find the default version
to use.

The RUNC_VERSION environment variable can still be used to override
the version, which can be used (e.g.) to test against different versions
in our CI.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2021-03-10 14:28:29 +01:00
Sebastiaan van Stijn
8325ba5d36
Separate runc binary version from libcontainer version 
Now that the dependency on runc (libcontaienr) code has been reduced
considerably, it is probbaly ok to cut the version dependency between
libcontainer and the runc binary that is supported.

This patch separates the runc binary version from the version of
libcontainer that is defined in go.mod, and updates the documentation
accordingly.

The RUNC_COMMIT variable in the install-runc script is renamed to
RUNC_VERSION to encourage using tagged versions, and the Dockerfile
in contrib is updated to allow building with a custom version.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2021-03-10 13:41:12 +01:00
Sebastiaan van Stijn
b89a63a235
Remove references to apparmor and selinux buildtags for runc 
From the runc v1.0.0-rc93 release notes:

> The "selinux" and "apparmor" buildtags have been removed, and now all runc
> builds will have SELinux and AppArmor support enabled. Note that "seccomp"
> is still optional (though we very highly recommend you enable it).

Also adding a note about kmem support.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2021-03-10 12:16:54 +01:00
Iceber Gu
f37ae8fc35
move to v3.4.1 for the pause image 
Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>
 2021-03-07 15:21:20 +08:00
Mike Brown
4379557924
Merge pull request #5086 from eramos2/revise-docs 
Fixed wording in docs, and broken link
 2021-02-25 15:32:25 -06:00
alexyadon
c61f0ceada
Fix broken docs links (#5085) 
* docs: fix broken links

Signed-off-by: Alex Yadon <alex.yadon@ibm.com>

* docs: use relative paths

Signed-off-by: Alex Yadon <alex.yadon@ibm.com>
 2021-02-25 14:09:49 -06:00
Emmanuel Ramos
224efa9dae Fixed wording in docs, and broken link 
Signed-off-by: Emmanuel Ramos <emmanuel.ramos2@ibm.com>
 2021-02-25 13:18:13 -05:00
Lorenz Brun
36d0bc1f2b Allow moving netns directory into StateDir 
Signed-off-by: Lorenz Brun <lorenz@nexantic.com>
 2021-02-10 18:33:14 +01:00
Wei Fu
3299c5560d
Merge pull request #4967 from dmcgowan/cleanup-root 
Move documentation and helper directories out of root
 2021-01-24 15:08:19 +08:00
Aditi Sharma
d09bf18862 Clean Up Doc and fix some broken links 
Signed-off-by: Aditi Sharma <adi.sky17@gmail.com>
 2021-01-20 15:45:43 +05:30
Derek McGowan
7dffdfa560
Move documentation and helper directories out of root 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2021-01-12 12:19:50 -08:00
Shengjing Zhu
91dc69ee43 docs: point cri release tarball to github release page 
Signed-off-by: Shengjing Zhu <zhsj@debian.org>
 2021-01-03 17:50:40 +08:00
Shengjing Zhu
5988bfc1ef docs: Various typo found by codespell 
Signed-off-by: Shengjing Zhu <zhsj@debian.org>
 2020-12-22 13:22:16 +08:00
Akihiro Suda
7e6e4c466f
remove "selinux" build tag 
The build tag was removed in go-selinux v1.8.0: opencontainers/selinux#132

Related: remove "apparmor" build tag: 0a9147f3aa

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-12-15 20:05:25 +09:00
Kazuyoshi Kato
03cc4cedc5 docs: fix broken links 
This change fixes broken links in docs/.

Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
 2020-11-11 10:19:17 -08:00
Kazuyoshi Kato
a05fa4214d Move CRI plugin's docs from docs/ to docs/cri/ 
There are a lot of documents which are specifically talking about
the CRI plugin. These docs should be in docs/cri/.

Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
 2020-11-10 11:49:05 -08:00
Mike Brown
1ab8bdc27b refresh cri testing guide after move 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2020-10-30 18:22:37 -05:00
Mike Brown
b6053fb7c3 change default for disablesnapshotannotations 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2020-10-29 15:30:13 -05:00
shouhei
f1a3235e84 Fix typo in examples of registry config 
Signed-off-by: shouhei <shouhei.yamaguchi.be@gmail.com>
 2020-10-11 01:52:16 +09:00
Derek McGowan
e7a350176a
Merge containerd/cri into containerd/containerd 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2020-10-07 10:58:39 -07:00
Martin Hickey
fe5fdccdaf Update after review 
Review comments:
- https://github.com/containerd/cri/pull/1591#pullrequestreview-499636859

Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
 2020-09-30 19:00:08 +00:00
Martin Hickey
70a56ae327 Updates to the image registry doc 
Signed-off-by: Martin Hickey <martin.hickey@ie.ibm.com>
 2020-09-30 14:51:59 +00:00
Mike Brown
2c2dd59f32
Merge branch 'master' into update-config-syntax 2020-09-24 15:58:39 -05:00
Akihiro Suda
0762fdd9e2
Revert "Fix doc for runtime specific options" 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-09-22 17:23:19 +09:00
Akihiro Suda
e3e2c39462
update docs/rootless.md 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-08-08 04:08:35 +09:00
Wei Fu
df8352f1ff
Merge pull request #4335 from ktock/sn-doc 
Add doc about snapshotter based on shared remote storage
 2020-07-30 23:19:59 +08:00
Mike Brown
fe9bb8da65
Merge branch 'master' into ssdoc 2020-07-29 11:44:10 -05:00
Mike Brown
63400c7694
Merge pull request #1543 from ktock/discard-content 
Allow GC to discard content after successful pull and unpack
 2020-07-29 11:39:28 -05:00
Takumasa Sakao
4c8164bccf Specify version = 2 & fix wrong key in registry.md (GCR example) 
Signed-off-by: Takumasa Sakao <sakataku7@gmail.com>
 2020-07-28 17:54:12 +09:00
ktock
375dd76255 Add description about disable_snapshot_annotations to configuration doc 
Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
 2020-07-28 09:30:20 +09:00
ktock
c80660b82b Allow GC to discard content after successful pull and unpack 
This commit adds a config flag for allowing GC to clean layer contents up after
unpacking these contents completed, which leads to deduplication of layer
contents between the snapshotter and the contnet store.

Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
 2020-07-28 09:05:47 +09:00
ktock
c2081369c5 Add doc about remote snapshotter 
Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
 2020-07-23 13:05:05 +09:00
Michael Crosby
5f5d954b6a add selinux category range to config 
This allows an admin to set the upper bounds on the category range for selinux
labels.  This can be useful when handling allocation of PVs or other volume
types that need to be shared with selinux enabled on the hosts and volumes.

Signed-off-by: Michael Crosby <michael@thepasture.io>
 2020-07-20 16:02:07 -04:00
Brandon Lum
f93b72530f Update doc cri plugin convention 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2020-07-22 17:34:17 +00:00
HsuanChi (Austin) Kuo
904ab30f9d Fix doc for runtime specifc options 
Signed-off-by: Hsuan-Chi Kuo <hckuo2@illinois.edu>
 2020-07-10 11:04:49 -05:00
Akihiro Suda
fe6833a9a4
config: TolerateMissingHugePagesCgroupController -> TolerateMissingHugetlbController 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-07-02 13:49:42 +09:00
Avi Deitcher
e7f069e2c3 describe content flow and dependencies 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2020-06-24 21:20:42 +03:00
Mike Brown
b661ad711e
Merge pull request #1504 from lorenz/ignore-image-defined-volumes 
Add option for ignoring volumes defined in images
 2020-06-14 11:52:48 -05:00
Wei Fu
ae8200bf93
Merge pull request #1499 from webwurst/patch-1 
Fix typo
 2020-06-10 13:46:29 +08:00
Lorenz Brun
5a1d49b063 Add option for ignoring volumes defined in images 
Signed-off-by: Lorenz Brun <lorenz@brun.one>
 2020-06-09 21:02:47 +02:00
Brian Goff
c694c63176 Add config for registry http headers 
This adds a configuration knob for adding request headers to all
registry requests. It is not namespaced to a registry.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
 2020-06-08 18:56:15 -07:00
Tobias Bradtke
098e040014 Fix typo 
Signed-off-by: Tobias Bradtke <webwurst@gmail.com>
 2020-06-05 18:19:49 +02:00