github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
14,070 Commits 3 Branches 2 Tags 112 MiB
231301c8f8
Commit Graph

14070 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Maksym Pavlenko
2875247338 Fix formatting after moving CRI 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-02 10:12:08 -08:00
Maksym Pavlenko
bbac058cf3 Move CRI from pkg/ to internal/ 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-02 10:12:08 -08:00
Derek McGowan
db1e16da34
Merge pull request #9730 from thockin/main 
CRI: An empty DNSConfig != unspecified
 2024-02-02 17:32:45 +00:00
Tim Hockin
6e365e9250
CRI: An empty DNSConfig != unspecified 
If we find that DNSConfig is provided and empty (not nil), we should not
replace it with the host's resolv.conf.

Also adds tests.

Signed-off-by: Tim Hockin <thockin@google.com>
 2024-02-01 13:37:22 -08:00
Maksym Pavlenko
9340be717f
Remove duplicated TOML duration parsers 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-01 11:48:33 -08:00
Maksym Pavlenko
ac54047344
Merge pull request #9713 from AkihiroSuda/cri-rro 
cri: make read-only mounts recursively read-only
 2024-02-01 18:30:25 +00:00
Akihiro Suda
b2f254fff0
cri: make read-only mounts recursively read-only 
Prior to this commit, `readOnly` volumes were not recursively read-only and
could result in compromise of data;
e.g., even if `/mnt` was mounted as read-only, its submounts such as
`/mnt/usbstorage` were not read-only.

This commit utilizes runc's "rro" bind mount option to make read-only bind
mounts literally read-only. The "rro" bind mount options is implemented by
calling `mount_setattr(2)` with `MOUNT_ATTR_RDONLY` and `AT_RECURSIVE`.

The "rro" bind mount options requires kernel >= 5.12, with runc >= 1.1 or
a compatible runtime such as crun >= 1.4.

When the "rro" bind mount options is not available, containerd falls back
to the legacy non-recursive read-only mounts by default.

The behavior is configurable via `/etc/containerd/config.toml`:
```toml
version = 2
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
  # treat_ro_mounts_as_rro ("Enabled"|"IfPossible"|"Disabled")
  # treats read-only mounts as recursive read-only mounts.
  # An empty string means "IfPossible".
  # "Enabled" requires Linux kernel v5.12 or later.
  # This configuration does not apply to non-volume mounts such as "/sys/fs/cgroup".
  treat_ro_mounts_as_rro = ""
```

Replaces:
- kubernetes/enhancements issue 3857
- kubernetes/enhancements PR 3858

Note: this change does not affect non-CRI clients such as ctr, nerdctl, and Docker/Moby.
RRO mounts have been supported since nerdctl v0.14 (containerd/nerdctl PR 511)
and Docker v25 (moby/moby PR 45278).

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-02-01 09:39:36 +09:00
Akihiro Suda
0dbe758833
Merge pull request #9716 from AkihiroSuda/rocky8.9 
CI: update Rocky Linux to 8.9
 2024-01-31 21:28:05 +00:00
Akihiro Suda
cde08a4ff8
Merge pull request #9715 from AkihiroSuda/crun-1.14 
CI: bump up crun to 1.14
 2024-01-31 21:11:28 +00:00
Akihiro Suda
7ab553369f
Merge pull request #9722 from dmcgowan/update-runc-1.1.12 
Update runc binary to v1.1.12
 2024-01-31 21:10:57 +00:00
Akihiro Suda
27706ca4dc
Merge pull request #9721 from imba-tjd/patch-1 
docs: fix typo
 2024-01-31 21:10:36 +00:00
James Sturtevant
f74e5ce7e6
Move differ default to its own file 
Signed-off-by: James Sturtevant <jsturtevant@gmail.com>
 2024-01-31 09:54:27 -08:00
Derek McGowan
82fb589ffb
Update runc binary to v1.1.12 
Update the runc binary, which includes a fix for [CVE-2024-21626].

- release notes: https://github.com/opencontainers/runc/releases/tag/v1.1.12
- full diff: https://github.com/opencontainers/runc/compare/v1.1.11...v1.1.12

[CVE-2024-21626]: https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2024-01-31 09:31:59 -08:00
谭九鼎
87a9835f16
docs: fix typo 
Signed-off-by: 谭九鼎 <109224573@qq.com>
 2024-01-31 21:37:48 +08:00
James Sturtevant
81409e9373
Add a default differ that matches the snapshotter 
Signed-off-by: James Sturtevant <jsturtevant@gmail.com>
 2024-01-30 14:34:58 -08:00
Akihiro Suda
93573f5cf3
Merge pull request #9714 from AkihiroSuda/rm-docs-cri-installation.md 
rm docs/cri/installation.md
 2024-01-30 20:57:37 +00:00
Akihiro Suda
2369185aac
CI: update Rocky Linux to 8.9 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-01-31 05:56:46 +09:00
Akihiro Suda
d8460a702a
CI: bump up crun to 1.14 
Changes:
- https://github.com/containers/crun/releases/tag/1.13
- https://github.com/containers/crun/releases/tag/1.14

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-01-31 05:16:16 +09:00
Akihiro Suda
ebbce74230
rm docs/cri/installation.md 
The file was replaced with the "Please update your bookmark" page on
Apr 1, 2022 (PR 6758).

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-01-31 05:04:54 +09:00
Akihiro Suda
d58ec0b1ef
Merge pull request #9710 from containerd/dependabot/go_modules/github.com/google/uuid-1.6.0 
build(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0
 2024-01-30 19:51:39 +00:00
Akihiro Suda
4e34612df7
Merge pull request #9709 from containerd/dependabot/go_modules/google.golang.org/grpc-1.61.0 
build(deps): bump google.golang.org/grpc from 1.60.1 to 1.61.0
 2024-01-30 19:51:21 +00:00
Phil Estes
b537ed7436
Merge pull request #9711 from containerd/dependabot/go_modules/github.com/klauspost/compress-1.17.5 
build(deps): bump github.com/klauspost/compress from 1.17.4 to 1.17.5
 2024-01-30 14:19:32 +00:00
Akihiro Suda
728b45d5c2
Merge pull request #9708 from containerd/dependabot/go_modules/github.com/containerd/plugin-0.1.0 
build(deps): bump github.com/containerd/plugin from 0.0.0-20231101173250-7ec69893e1e7 to 0.1.0
 2024-01-30 13:23:14 +00:00
Maksym Pavlenko
d558f889ca
Merge pull request #9706 from containerd/dependabot/github_actions/lycheeverse/lychee-action-1.9.3 
build(deps): bump lycheeverse/lychee-action from 1.9.1 to 1.9.3
 2024-01-30 04:26:37 +00:00
dependabot[bot]
49d5cc7f96
build(deps): bump github.com/klauspost/compress from 1.17.4 to 1.17.5 
Bumps [github.com/klauspost/compress](https://github.com/klauspost/compress) from 1.17.4 to 1.17.5.
- [Release notes](https://github.com/klauspost/compress/releases)
- [Changelog](https://github.com/klauspost/compress/blob/master/.goreleaser.yml)
- [Commits](https://github.com/klauspost/compress/compare/v1.17.4...v1.17.5)

---
updated-dependencies:
- dependency-name: github.com/klauspost/compress
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-29 23:48:00 +00:00
dependabot[bot]
4d33170ea8
build(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0 
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.5.0...v1.6.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-29 23:47:01 +00:00
dependabot[bot]
3a5b47d736
build(deps): bump google.golang.org/grpc from 1.60.1 to 1.61.0 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.60.1 to 1.61.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.60.1...v1.61.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-29 23:46:49 +00:00
dependabot[bot]
9a983caad1
build(deps): bump github.com/containerd/plugin 
Bumps [github.com/containerd/plugin](https://github.com/containerd/plugin) from 0.0.0-20231101173250-7ec69893e1e7 to 0.1.0.
- [Release notes](https://github.com/containerd/plugin/releases)
- [Commits](https://github.com/containerd/plugin/commits/v0.1.0)

---
updated-dependencies:
- dependency-name: github.com/containerd/plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-29 23:46:33 +00:00
dependabot[bot]
495afb0c02
build(deps): bump lycheeverse/lychee-action from 1.9.1 to 1.9.3 
Bumps [lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action) from 1.9.1 to 1.9.3.
- [Release notes](https://github.com/lycheeverse/lychee-action/releases)
- [Commits](https://github.com/lycheeverse/lychee-action/compare/v1.9.1...v1.9.3)

---
updated-dependencies:
- dependency-name: lycheeverse/lychee-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-29 23:07:38 +00:00
dependabot[bot]
5365a1089d
build(deps): bump google-github-actions/upload-cloud-storage 
Bumps [google-github-actions/upload-cloud-storage](https://github.com/google-github-actions/upload-cloud-storage) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/google-github-actions/upload-cloud-storage/releases)
- [Changelog](https://github.com/google-github-actions/upload-cloud-storage/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google-github-actions/upload-cloud-storage/compare/v2.0.0...v2.1.0)

---
updated-dependencies:
- dependency-name: google-github-actions/upload-cloud-storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-29 23:07:18 +00:00
Derek McGowan
4f3a026bce
Merge pull request #9696 from dmcgowan/prepare-v2.0.0-beta.2 
Prepare release notes for v2.0.0-beta.2
 2024-01-29 17:00:54 +00:00
Phil Estes
f5f84a9c75
Merge pull request #8735 from iain-macdonald/iain-macdonald/issue-6377 
remotes/docker/authorizer.go: refresh OAuth tokens when they expire
 2024-01-29 16:18:56 +00:00
Derek McGowan
1b6019b5ed
Merge pull request #9681 from dmcgowan/cri-runtime-plugin 
Add CRI Service plugin type
 2024-01-29 16:05:16 +00:00
Samuel Karp
30a6485376
Merge pull request #9702 from roman-kiselenko/disable-scheduled-workflow-for-fork 
Disable Links workflow in forks
 2024-01-29 07:56:35 +00:00
Derek McGowan
64b4778fc2
Add deprecation warnings to CRI image server configuration 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2024-01-28 23:14:59 -08:00
Derek McGowan
65b3922df7
Split streaming config from runtime config 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2024-01-28 23:14:59 -08:00
Derek McGowan
58ff9d368d
Move cri plugin to plugins subpackage 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2024-01-28 20:57:19 -08:00
Derek McGowan
d29a1bc6a0
Move sandbox info to cri types packages 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2024-01-28 20:57:19 -08:00
Derek McGowan
9795677fe9
Move cri base plugin to CRI runtime service 
Create new plugin type for CRI runtime and image services.

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2024-01-28 20:57:18 -08:00
roman-kiselenko
966d518014 The Links workflow should be disabled in forks. 
Signed-off-by: roman-kiselenko <roman.kiselenko.dev@gmail.com>
 2024-01-28 12:27:45 +03:00
Samuel Karp
22e1a2e65c
Merge pull request #9675 from yanggangtony/clean-indent-for-containerd-config.toml 
Clean plugin indent in containerd-config.toml.5.md
 2024-01-28 09:01:11 +00:00
Akihiro Suda
d48dcf8181
Merge pull request #9700 from yanggangtony/fix-typo-shims 
Fix func (m manager) Info in containerd-shim-runc-v2.
 2024-01-28 06:06:05 +00:00
yanggang
e15f191a2d
Fix func (m manager) Info in containerd-shim-runc-v2 
Signed-off-by: yanggang <gang.yang@daocloud.io>
 2024-01-28 02:19:41 +00:00
Akihiro Suda
c1d59e38ef
Merge pull request #9661 from dmcgowan/update-cri-container-events-multisub 
Add support for multiple subscribers to CRI container events
 2024-01-27 15:57:30 +00:00
Phil Estes
95d24b6403
Merge pull request #9692 from akhilerm/fix-sample-code 
doc: fix package import in sample code
 2024-01-26 19:13:52 +00:00
Phil Estes
fea1bc2dc7
Merge pull request #9688 from dmcgowan/move-errdefs-package 
Use errdefs library
 2024-01-26 16:01:20 +00:00
Phil Estes
939a98abdc
Merge pull request #9670 from containerd/dependabot/github_actions/actions/cache-4 
build(deps): bump actions/cache from 3 to 4
 2024-01-26 15:59:59 +00:00
Phil Estes
ed78a0b0ff
Merge pull request #9697 from akhilerm/remove-log-pkg 
refactor: remove containerd/containerd/log
 2024-01-26 15:55:05 +00:00
Phil Estes
3d93add18b
Merge pull request #9687 from akhilerm/refactor-protos 
refactor: move plugin/fieldpath to api/types/
 2024-01-26 15:05:39 +00:00
Akhil Mohan
4f570db1aa
refactor: remove containerd/containerd/log 
The log package was kept because hcsshim had a dependency. This was
removed in https://github.com/microsoft/hcsshim/pull/1898. So, its not
required to maintain the containerd/containerd/log package anymore.

Signed-off-by: Akhil Mohan <akhilerm@gmail.com>
 2024-01-26 12:02:34 +05:30