github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
1,058 Commits 3 Branches 2 Tags 112 MiB
334f7ddf0a
Commit Graph

1058 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Lantao Liu
334f7ddf0a Update cri test to include RunAsGroup test. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-02 21:29:09 +00:00
Lantao Liu
d36d62ecd4
Merge pull request #714 from mikebrow/disable-tls-flag 
adds a new flag to enable TLS support (insecure for now)
 2018-04-02 14:20:37 -07:00
Lantao Liu
c4f80aecb7
Merge pull request #711 from tklauser/libapparmor-dep 
Drop libapparmor dependency from build docs
 2018-04-02 11:55:27 -07:00
Mike Brown
2f9f721b63 adds a new flag to enable TLS support insecure for now 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-04-02 12:27:55 -05:00
Tobias Klauser
d29678a3c4 Drop libapparmor dependency from build docs 
As of opencontainers/runc@db093f6 runc no longer depends on libapparmor
thus libapparmor-dev no longer needs to be installed to build it or
anythind that depends on it (like containerd or cri-containerd). Adjust
the documentation accordingly.

containerd/containerd#2238 did the same for containerd.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
 2018-03-31 18:18:12 +02:00
Lantao Liu
ed92befab7
Merge pull request #710 from Random-Liu/support-run-as-group 
Add RunAsGroup support.
 2018-03-30 17:21:25 -07:00
Lantao Liu
ed20174ce4 Add RunAsGroup support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-30 22:26:07 +00:00
Lantao Liu
f99f0be5ae
Merge pull request #707 from Random-Liu/fix-log-output 
Fix a log output.
 2018-03-28 16:18:58 -07:00
Lantao Liu
0fc1372b77
Merge pull request #706 from tkellen/patch-1 
fully specify --container-runtime-endpoint flag
 2018-03-28 16:18:44 -07:00
Lantao Liu
71c8b6b9e0
Merge pull request #704 from Random-Liu/use-systemd 
Use systemd service cgroup and oom score adj.
 2018-03-28 14:53:24 -07:00
Lantao Liu
be43ad09da Fix a log output. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-28 21:31:44 +00:00
Tyler Kellen
11189f6e8b fully specify --container-runtime-endpoint flag 
Resolves this warning:
"/run/containerd/containerd.sock" as endpoint is deprecated please
consider using full url format "unix:///run/containerd/containerd.sock"

Signed-off-by: Tyler Kellen <tyler@sleekcode.net>
 2018-03-28 17:23:43 -04:00
Lantao Liu
2073d270a5
Merge pull request #705 from Random-Liu/update-vendors 
Update cri-tools, containerd and kubernetes version.
 2018-03-28 09:56:53 -07:00
Lantao Liu
bb480ceabd Update cri-tools, containerd and kubernetes version. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-28 00:45:01 +00:00
Lantao Liu
ddda05211b Use systemd service cgroup and oom score adj. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-28 00:30:59 +00:00
Lantao Liu
896e347000
Merge pull request #701 from Random-Liu/fix-event-monitor-panic 
Fix event monitor panic.
 2018-03-26 20:59:10 -07:00
Lantao Liu
277edb2d3b Fix event monitor panic. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-27 01:41:35 +00:00
Lantao Liu
796cae72d8
Merge pull request #700 from Random-Liu/update-pause-image 
Use pause image from new source.
 2018-03-26 10:26:39 -07:00
Lantao Liu
f0655ecfe0 Use pause image from new source. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-26 07:11:41 +00:00
Lantao Liu
356a41c424
Merge pull request #697 from Random-Liu/fs-layout-change 
adds volatile state directory to the fs plan for cntrs/pods/fifo
 2018-03-23 19:24:19 -07:00
Lantao Liu
f4c9ef2647 Add symlink follow into unmount util. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-24 01:25:31 +00:00
Mike Brown
94df315de8 adds volatile state directory to the fs plan for cntrs/pods/fifo 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-03-24 00:05:52 +00:00
Lantao Liu
2ab611a2f2
Merge pull request #698 from Random-Liu/update-dependencies 
Update dependencies
 2018-03-23 16:48:14 -07:00
Lantao Liu
aa83a7a0aa Change for new containerd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-23 23:03:16 +00:00
Lantao Liu
e5f6cbce51 Update kubernetes to v1.10.0-rc.1 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-23 23:03:07 +00:00
Lantao Liu
776929c52e Update containerd to 8a7e17ef96 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-23 23:03:00 +00:00
Lantao Liu
205892d935
Merge pull request #696 from Random-Liu/update-document 
Update documents.
 2018-03-23 14:47:33 -07:00
Lantao Liu
b05744478a Update documents. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-23 21:03:46 +00:00
Lantao Liu
7f64f9b85c
Merge pull request #695 from miaoyq/add-doc-for-config 
Add a document for cri plugin config
 2018-03-23 00:55:26 -07:00
Yanqiang Miao
559581e18a Add a document for cri plugin config 
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2018-03-23 15:08:58 +08:00
Lantao Liu
c6fecb2115
Merge pull request #688 from Random-Liu/cleanup-kata-code 
Address comments for privileged runtime code.
 2018-03-22 23:01:31 -07:00
Lantao Liu
ca67f94ee0 Address comments for privileged runtime code. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-23 02:17:46 +00:00
Lantao Liu
c63c357d2d
Merge pull request #694 from Random-Liu/address-comments-in-#681 
Make const private.
 2018-03-22 18:31:04 -07:00
Lantao Liu
55d512b98c Make const private. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-23 00:48:50 +00:00
Lantao Liu
5ae4de1cc2
Merge pull request #681 from mikebrow/tls-config 
adds tls certificate to tls config
 2018-03-22 17:34:04 -07:00
Lantao Liu
b142a225ea
Merge pull request #690 from nitkon/master 
Bump pause container to multi-arch gcr.io/google-containers/pause:3.1
 2018-03-22 11:47:44 -07:00
Mike Brown
89adb74414 adds tls certificate to tls config 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-03-22 09:42:31 -05:00
Nitesh Konkar
6a542c596b Bump pause container to multi-arch gcr.io/google-containers/pause:3.1 
Signed-off-by: Nitesh Konkar <niteshkonkar@in.ibm.com>
 2018-03-22 05:44:12 +00:00
Lantao Liu
246ffa325d
Merge pull request #689 from Random-Liu/remove-omit-empty 
Remove omitempty from config json.
 2018-03-21 11:41:36 -07:00
Lantao Liu
9177cb16bc Remove omitempty from config json. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-21 07:28:25 +00:00
Lantao Liu
cf156144bc
Merge pull request #657 from jcvenegas/trusted-runtime 
[WIP]config: Allow to define trusted runtime
 2018-03-20 19:21:04 -07:00
Lantao Liu
f3b8e72998
Merge pull request #685 from Random-Liu/update-cri-tools 
Update cri-tools and build critest into release tarball again.
 2018-03-20 19:08:18 -07:00
Lantao Liu
65c1cc77bb
Merge pull request #682 from Random-Liu/update-doc 
Update README.d and graphs.
 2018-03-20 19:08:06 -07:00
Jose Carlos Venegas Munoz
536b381362 test: Allow change containerd config 
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
 2018-03-20 18:05:40 -06:00
Jose Carlos Venegas Munoz
bdc5eee544 test: Add unit tests for privileged runtime functions 
- Add unit test for privilegedSandbox

- Add unit test  for getRuntime

Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
 2018-03-20 18:04:23 -06:00
Lantao Liu
36768a1920 Update cri-tools and build critest into release tarball again. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-20 21:26:05 +00:00
Lantao Liu
129d060e10 Update README.d and graphs. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-20 21:11:23 +00:00
Jose Carlos Venegas Munoz
ca16bd601a runtime: Add trusted runtime option 
Some CRI compatible runtimes may not support provileged operations.
Specifically hypervisor based runtimes (like kata-containers, cc-runtime
and runv) do not support privileged operations like:

- Provide access to the host namespaces
- Create fully privileged containers with access to host devices

Hypervisor based runtimes create container workloads within virtual machines.
When a running host privileged containers using them,
they wont provide support to requested the privileged opertations.

This commits add the new options to define two runtimes:

Trusted runtime : Used when a privileged container is requested.
Default runtime : for non-privileged workloads.

A container that belongs to a privileged pod will inherent this property
an will be created with the trusted runtime.

- Add options to define trusted runtime
- Add logic to decide if a sanbox is trusted
- Export annotation containers below to a trusted sandbox

Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
 2018-03-20 13:56:49 -06:00
Lantao Liu
7f959b6dd5
Merge pull request #684 from Random-Liu/fix-kube-up-and-docs 
Fix for kube-up.sh and update several documments.
 2018-03-20 10:18:14 -07:00
Lantao Liu
904938fa9d Fix for kube-up.sh and update several documments. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-20 09:24:15 +00:00