github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
13,463 Commits 3 Branches 2 Tags 112 MiB
1f58a53a61
Commit Graph

13463 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Akihiro Suda
1f58a53a61
Merge pull request #8048 from profnandaa/docs/windows-setup 
docs: add step to include binaries in the $env:Path
 2024-02-08 08:18:59 +00:00
Maksym Pavlenko
f5ed7b84e9
Merge pull request #9705 from containerd/dependabot/github_actions/google-github-actions/upload-cloud-storage-2.1.0 
build(deps): bump google-github-actions/upload-cloud-storage from 2.0.0 to 2.1.0
 2024-02-07 21:33:20 +00:00
Maksym Pavlenko
b85ad238b9
Merge pull request #9752 from dmcgowan/update-console-vendor 
Update github.com/containerd/console to v1.0.4
 2024-02-07 21:09:43 +00:00
Derek McGowan
7fe08c63eb
Merge pull request #9733 from kiashok/platform-protobuf 
Add OSVersion to platform protobuf
 2024-02-07 20:20:47 +00:00
kiashok
5aa05481dd Add OSVersion to platform protobuf 
It also extends the functions in api/types/platform_helpers.go

Signed-off-by: kiashok <kiashok@microsoft.com>
 2024-02-07 11:33:51 -08:00
kiashok
d9cae66d8d Extend string match in make protos 
Signed-off-by: kiashok <kiashok@microsoft.com>
 2024-02-07 11:30:32 -08:00
Derek McGowan
c58b1fb407
Update github.com/containerd/console to v1.0.4 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2024-02-07 10:15:53 -08:00
Davanum Srinivas
69dff411ad
Merge pull request #9732 from henry118/big9726 
bug fix: make sure cri image is pinned when it is pulled outside cri
 2024-02-07 17:58:21 +00:00
Henry Wang
1eaf0c1f04 bug fix: make sure cri image is pinned when it is pulled outside cri 
Signed-off-by: Henry Wang <henwang@amazon.com>
 2024-02-07 16:03:40 +00:00
Fu Wei
ff464f3687
Merge pull request #9779 from dmcgowan/move-image-event-publishing 
Move image event publishing to metadata store
 2024-02-07 14:10:42 +00:00
Fu Wei
805ed8e871
Merge pull request #9743 from klihub/fixes/nri-fd-double-close 
go.{mod,sum}: update NRI dependency, fixing a potential fd double close error.
 2024-02-07 08:15:40 +00:00
Samuel Karp
886795dd32
Merge pull request #9777 from mxpv/ci 
[CI] Move inline PS scripts into files
 2024-02-07 08:13:05 +00:00
Fu Wei
de14037133
Merge pull request #9744 from klihub/devel/enable-nri-by-default 
Flip NRI on by default.
 2024-02-07 07:55:29 +00:00
Derek McGowan
79a3b20a63
Merge pull request #9764 from Fish-pro/patch-1 
Clean up repeated package import
 2024-02-07 05:53:38 +00:00
Derek McGowan
9eb9038a9e
Avoid publishing data events during transaction 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2024-02-06 21:38:32 -08:00
Derek McGowan
86530c0afb
Move image event publishing to metadata store 
The metadata store is in the best place to handle events directly after
the database has been updated. This prevents every user of the image
store interface from having to know whether or not they are responsible
for publishing events and avoid double events if the grpc local service
is used.

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2024-02-06 21:24:55 -08:00
Maksym Pavlenko
32bd8eff9e Move inline PS scripts into files 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-06 18:27:21 -08:00
Krisztian Litkey
4e8e21a7d6
go.{mod,sum}: update NRI dependency, re-vendor. 
Pull in latest NRI fixing a potential fd double close error.

Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
 2024-02-06 14:03:07 +02:00
Fu Wei
2f807b606a
Merge pull request #9750 from jiusanzhou/bugfix/integration-fix-strace-inject 
Support inject delay running with the old version (4.x) of strace for test case
 2024-02-06 05:30:42 +00:00
Maksym Pavlenko
d297fbee39
Merge pull request #9753 from kiashok/updateHcsshimMain 
Update hcsshim to v0.12.0-rc.3
 2024-02-06 03:45:22 +00:00
Fu Wei
e5a8e6ebcd
Merge pull request #9763 from mxpv/stale 
Treat PRs that require rebase > 90 days as stale
 2024-02-06 03:36:54 +00:00
Zechun Chen
5cbe92e88e Clean up repeated package import 
Signed-off-by: Zechun Chen <zechun.chen@daocloud.io>
 2024-02-06 11:06:33 +08:00
Maksym Pavlenko
72950c00b8 Treat PRs that require rebase > 90 days as stale 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-05 18:23:20 -08:00
Maksym Pavlenko
c78d526825
Merge pull request #9757 from containerd/dependabot/go_modules/github.com/klauspost/compress-1.17.6 
build(deps): bump github.com/klauspost/compress from 1.17.5 to 1.17.6
 2024-02-06 02:13:35 +00:00
Maksym Pavlenko
56e026bf70
Merge pull request #9760 from containerd/dependabot/go_modules/github.com/opencontainers/image-spec-1.1.0-rc6 
build(deps): bump github.com/opencontainers/image-spec from 1.1.0-rc5 to 1.1.0-rc6
 2024-02-06 02:12:55 +00:00
Maksym Pavlenko
a4ff0b3139
Merge pull request #9754 from mxpv/ttrpc_update 
Update TTRPC
 2024-02-06 02:02:16 +00:00
dependabot[bot]
db437580bc
build(deps): bump github.com/opencontainers/image-spec 
Bumps [github.com/opencontainers/image-spec](https://github.com/opencontainers/image-spec) from 1.1.0-rc5 to 1.1.0-rc6.
- [Release notes](https://github.com/opencontainers/image-spec/releases)
- [Changelog](https://github.com/opencontainers/image-spec/blob/main/RELEASES.md)
- [Commits](https://github.com/opencontainers/image-spec/compare/v1.1.0-rc5...v1.1.0-rc6)

---
updated-dependencies:
- dependency-name: github.com/opencontainers/image-spec
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-02-05 23:31:58 +00:00
dependabot[bot]
2c7d69530d
build(deps): bump github.com/klauspost/compress from 1.17.5 to 1.17.6 
Bumps [github.com/klauspost/compress](https://github.com/klauspost/compress) from 1.17.5 to 1.17.6.
- [Release notes](https://github.com/klauspost/compress/releases)
- [Changelog](https://github.com/klauspost/compress/blob/master/.goreleaser.yml)
- [Commits](https://github.com/klauspost/compress/compare/v1.17.5...v1.17.6)

---
updated-dependencies:
- dependency-name: github.com/klauspost/compress
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-02-05 23:30:39 +00:00
Maksym Pavlenko
da1673f55d Update vendor 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-05 11:48:16 -08:00
Maksym Pavlenko
047d42e901 Update ttrpc to v1.2.3 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-05 11:48:04 -08:00
Kirtana Ashok
64e96c7d47 Update hcsshim to v0.12.0-rc.3 
Signed-off-by: Kirtana Ashok <kiashok@microsoft.com>
 2024-02-05 10:42:36 -08:00
Zoe
a9060cda4a Support inject delay running with the old version (4.x) of strace for test case. 
Only the newer version of strace can support `--detach-on` options
and set time duration with human readable string.

In the 4.x version of strace, using `-b` to replace `--detach-on`,
and injecting a delay with int usecs.

Signed-off-by: Zoe <hi@zoe.im>
 2024-02-05 21:27:41 +08:00
Anthony Nandaa
9ef94fe528 fix(docs): fix cp and add step to include binaries in the $env:Path 
This commit adds an extra (optional) step for the Windows
installation/set-up to include the containerd binaries in
the $env:Path so that later executions especially
for `ctr.exe` if needed, do not require to specify the full path.

It also further fixes the previous steps to be absolute and
also work with re-installations and upgrades.

Signed-off-by: Anthony Nandaa <profnandaa@gmail.com>
 2024-02-05 11:41:45 +03:00
Fu Wei
f5e7fe0cb6
Merge pull request #9644 from abel-von/fix-sandbox-status 
sandbox: fix podsandbox recover status issue
 2024-02-05 07:50:34 +00:00
Samuel Karp
0125a42fb5
Merge pull request #9729 from mxpv/duration 
Remove duplicated TOML duration parsers
 2024-02-05 07:43:51 +00:00
Krisztian Litkey
fe24b918f6
pkg/nri, docs: enable NRI by default. 
Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
 2024-02-04 11:41:56 +02:00
Abel Feng
e230ed939c sandbox: add sandbox recover ut and e2e test 
Signed-off-by: Abel Feng <fshb1988@gmail.com>
 2024-02-04 11:55:46 +08:00
Abel Feng
3124964743 sandbox: fix recover status set issue 
We can't set the status to Ready before task.Wait succeed.

Signed-off-by: Abel Feng <fshb1988@gmail.com>
 2024-02-04 11:52:37 +08:00
Samuel Karp
96bf529cbf
Merge pull request #9742 from mxpv/envelope 
Move Message proto to types
 2024-02-03 06:32:01 +00:00
Derek McGowan
a896610da1
Merge pull request #9718 from jsturtevant/transfer-service-windows 
Add a default differ for Windows that matches the snapshotter when using transfer service
 2024-02-02 20:38:26 +00:00
Samuel Karp
1a39b91819
Merge pull request #9741 from mxpv/internal_cri 
Move CRI from pkg/ to internal/
 2024-02-02 19:38:44 +00:00
Maksym Pavlenko
0facc85925 Fix proto formatting 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-02 10:35:23 -08:00
Maksym Pavlenko
7f2d2c4f44 Move Message proto to types 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-02 10:35:23 -08:00
Maksym Pavlenko
2875247338 Fix formatting after moving CRI 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-02 10:12:08 -08:00
Maksym Pavlenko
bbac058cf3 Move CRI from pkg/ to internal/ 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-02 10:12:08 -08:00
Derek McGowan
db1e16da34
Merge pull request #9730 from thockin/main 
CRI: An empty DNSConfig != unspecified
 2024-02-02 17:32:45 +00:00
Tim Hockin
6e365e9250
CRI: An empty DNSConfig != unspecified 
If we find that DNSConfig is provided and empty (not nil), we should not
replace it with the host's resolv.conf.

Also adds tests.

Signed-off-by: Tim Hockin <thockin@google.com>
 2024-02-01 13:37:22 -08:00
Maksym Pavlenko
9340be717f
Remove duplicated TOML duration parsers 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-01 11:48:33 -08:00
Maksym Pavlenko
ac54047344
Merge pull request #9713 from AkihiroSuda/cri-rro 
cri: make read-only mounts recursively read-only
 2024-02-01 18:30:25 +00:00
Akihiro Suda
b2f254fff0
cri: make read-only mounts recursively read-only 
Prior to this commit, `readOnly` volumes were not recursively read-only and
could result in compromise of data;
e.g., even if `/mnt` was mounted as read-only, its submounts such as
`/mnt/usbstorage` were not read-only.

This commit utilizes runc's "rro" bind mount option to make read-only bind
mounts literally read-only. The "rro" bind mount options is implemented by
calling `mount_setattr(2)` with `MOUNT_ATTR_RDONLY` and `AT_RECURSIVE`.

The "rro" bind mount options requires kernel >= 5.12, with runc >= 1.1 or
a compatible runtime such as crun >= 1.4.

When the "rro" bind mount options is not available, containerd falls back
to the legacy non-recursive read-only mounts by default.

The behavior is configurable via `/etc/containerd/config.toml`:
```toml
version = 2
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
  # treat_ro_mounts_as_rro ("Enabled"|"IfPossible"|"Disabled")
  # treats read-only mounts as recursive read-only mounts.
  # An empty string means "IfPossible".
  # "Enabled" requires Linux kernel v5.12 or later.
  # This configuration does not apply to non-volume mounts such as "/sys/fs/cgroup".
  treat_ro_mounts_as_rro = ""
```

Replaces:
- kubernetes/enhancements issue 3857
- kubernetes/enhancements PR 3858

Note: this change does not affect non-CRI clients such as ctr, nerdctl, and Docker/Moby.
RRO mounts have been supported since nerdctl v0.14 (containerd/nerdctl PR 511)
and Docker v25 (moby/moby PR 45278).

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-02-01 09:39:36 +09:00