github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
13,626 Commits 3 Branches 2 Tags 112 MiB
3de575f17c
Commit Graph

13626 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Justin Chadwell
4660f63033 copy: remove wrapping io.NopCloser from push writer pipe 
io.Pipe produces a PipeReader and a PipeWriter - a close on the write
side, causes an error on both the read and write sides, while a close on
the read side causes an error on only the read side. Previously, we
explicitly prohibited closing from the read side.

However, http.Request.Body requires that "calling Close should unblock a
Read waiting for input". Our reader will not do this - calling close
becomes a no-op. This can cause a deadlock because client.Do may never
terminate in some circumstances.

We need the Reader side to close its side of the pipe as well, which it
already does using the go standard library - otherwise, we can hang
forever, writing to a pipe that will never be closed.

Allowing the requester to close the body should be safe - we never reuse
the same reader between requests, as the result of body() will never be
reused by the guarantees of the standard library.

Signed-off-by: Justin Chadwell <me@jedevc.com>
 2024-02-03 10:18:05 +01:00
Samuel Karp
96bf529cbf
Merge pull request #9742 from mxpv/envelope 
Move Message proto to types
 2024-02-03 06:32:01 +00:00
Derek McGowan
a896610da1
Merge pull request #9718 from jsturtevant/transfer-service-windows 
Add a default differ for Windows that matches the snapshotter when using transfer service
 2024-02-02 20:38:26 +00:00
Samuel Karp
1a39b91819
Merge pull request #9741 from mxpv/internal_cri 
Move CRI from pkg/ to internal/
 2024-02-02 19:38:44 +00:00
Maksym Pavlenko
0facc85925 Fix proto formatting 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-02 10:35:23 -08:00
Maksym Pavlenko
7f2d2c4f44 Move Message proto to types 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-02 10:35:23 -08:00
Maksym Pavlenko
2875247338 Fix formatting after moving CRI 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-02 10:12:08 -08:00
Maksym Pavlenko
bbac058cf3 Move CRI from pkg/ to internal/ 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-02 10:12:08 -08:00
Derek McGowan
db1e16da34
Merge pull request #9730 from thockin/main 
CRI: An empty DNSConfig != unspecified
 2024-02-02 17:32:45 +00:00
Tim Hockin
6e365e9250
CRI: An empty DNSConfig != unspecified 
If we find that DNSConfig is provided and empty (not nil), we should not
replace it with the host's resolv.conf.

Also adds tests.

Signed-off-by: Tim Hockin <thockin@google.com>
 2024-02-01 13:37:22 -08:00
Maksym Pavlenko
9340be717f
Remove duplicated TOML duration parsers 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-02-01 11:48:33 -08:00
Maksym Pavlenko
ac54047344
Merge pull request #9713 from AkihiroSuda/cri-rro 
cri: make read-only mounts recursively read-only
 2024-02-01 18:30:25 +00:00
Akihiro Suda
b2f254fff0
cri: make read-only mounts recursively read-only 
Prior to this commit, `readOnly` volumes were not recursively read-only and
could result in compromise of data;
e.g., even if `/mnt` was mounted as read-only, its submounts such as
`/mnt/usbstorage` were not read-only.

This commit utilizes runc's "rro" bind mount option to make read-only bind
mounts literally read-only. The "rro" bind mount options is implemented by
calling `mount_setattr(2)` with `MOUNT_ATTR_RDONLY` and `AT_RECURSIVE`.

The "rro" bind mount options requires kernel >= 5.12, with runc >= 1.1 or
a compatible runtime such as crun >= 1.4.

When the "rro" bind mount options is not available, containerd falls back
to the legacy non-recursive read-only mounts by default.

The behavior is configurable via `/etc/containerd/config.toml`:
```toml
version = 2
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
  # treat_ro_mounts_as_rro ("Enabled"|"IfPossible"|"Disabled")
  # treats read-only mounts as recursive read-only mounts.
  # An empty string means "IfPossible".
  # "Enabled" requires Linux kernel v5.12 or later.
  # This configuration does not apply to non-volume mounts such as "/sys/fs/cgroup".
  treat_ro_mounts_as_rro = ""
```

Replaces:
- kubernetes/enhancements issue 3857
- kubernetes/enhancements PR 3858

Note: this change does not affect non-CRI clients such as ctr, nerdctl, and Docker/Moby.
RRO mounts have been supported since nerdctl v0.14 (containerd/nerdctl PR 511)
and Docker v25 (moby/moby PR 45278).

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-02-01 09:39:36 +09:00
Akihiro Suda
0dbe758833
Merge pull request #9716 from AkihiroSuda/rocky8.9 
CI: update Rocky Linux to 8.9
 2024-01-31 21:28:05 +00:00
Akihiro Suda
cde08a4ff8
Merge pull request #9715 from AkihiroSuda/crun-1.14 
CI: bump up crun to 1.14
 2024-01-31 21:11:28 +00:00
Akihiro Suda
7ab553369f
Merge pull request #9722 from dmcgowan/update-runc-1.1.12 
Update runc binary to v1.1.12
 2024-01-31 21:10:57 +00:00
Akihiro Suda
27706ca4dc
Merge pull request #9721 from imba-tjd/patch-1 
docs: fix typo
 2024-01-31 21:10:36 +00:00
James Sturtevant
f74e5ce7e6
Move differ default to its own file 
Signed-off-by: James Sturtevant <jsturtevant@gmail.com>
 2024-01-31 09:54:27 -08:00
Derek McGowan
82fb589ffb
Update runc binary to v1.1.12 
Update the runc binary, which includes a fix for [CVE-2024-21626].

- release notes: https://github.com/opencontainers/runc/releases/tag/v1.1.12
- full diff: https://github.com/opencontainers/runc/compare/v1.1.11...v1.1.12

[CVE-2024-21626]: https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2024-01-31 09:31:59 -08:00
谭九鼎
87a9835f16
docs: fix typo 
Signed-off-by: 谭九鼎 <109224573@qq.com>
 2024-01-31 21:37:48 +08:00
James Sturtevant
81409e9373
Add a default differ that matches the snapshotter 
Signed-off-by: James Sturtevant <jsturtevant@gmail.com>
 2024-01-30 14:34:58 -08:00
Akihiro Suda
93573f5cf3
Merge pull request #9714 from AkihiroSuda/rm-docs-cri-installation.md 
rm docs/cri/installation.md
 2024-01-30 20:57:37 +00:00
Akihiro Suda
2369185aac
CI: update Rocky Linux to 8.9 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-01-31 05:56:46 +09:00
Akihiro Suda
d8460a702a
CI: bump up crun to 1.14 
Changes:
- https://github.com/containers/crun/releases/tag/1.13
- https://github.com/containers/crun/releases/tag/1.14

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-01-31 05:16:16 +09:00
Akihiro Suda
ebbce74230
rm docs/cri/installation.md 
The file was replaced with the "Please update your bookmark" page on
Apr 1, 2022 (PR 6758).

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-01-31 05:04:54 +09:00
Akihiro Suda
d58ec0b1ef
Merge pull request #9710 from containerd/dependabot/go_modules/github.com/google/uuid-1.6.0 
build(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0
 2024-01-30 19:51:39 +00:00
Akihiro Suda
4e34612df7
Merge pull request #9709 from containerd/dependabot/go_modules/google.golang.org/grpc-1.61.0 
build(deps): bump google.golang.org/grpc from 1.60.1 to 1.61.0
 2024-01-30 19:51:21 +00:00
Phil Estes
b537ed7436
Merge pull request #9711 from containerd/dependabot/go_modules/github.com/klauspost/compress-1.17.5 
build(deps): bump github.com/klauspost/compress from 1.17.4 to 1.17.5
 2024-01-30 14:19:32 +00:00
Akihiro Suda
728b45d5c2
Merge pull request #9708 from containerd/dependabot/go_modules/github.com/containerd/plugin-0.1.0 
build(deps): bump github.com/containerd/plugin from 0.0.0-20231101173250-7ec69893e1e7 to 0.1.0
 2024-01-30 13:23:14 +00:00
Maksym Pavlenko
d558f889ca
Merge pull request #9706 from containerd/dependabot/github_actions/lycheeverse/lychee-action-1.9.3 
build(deps): bump lycheeverse/lychee-action from 1.9.1 to 1.9.3
 2024-01-30 04:26:37 +00:00
dependabot[bot]
49d5cc7f96
build(deps): bump github.com/klauspost/compress from 1.17.4 to 1.17.5 
Bumps [github.com/klauspost/compress](https://github.com/klauspost/compress) from 1.17.4 to 1.17.5.
- [Release notes](https://github.com/klauspost/compress/releases)
- [Changelog](https://github.com/klauspost/compress/blob/master/.goreleaser.yml)
- [Commits](https://github.com/klauspost/compress/compare/v1.17.4...v1.17.5)

---
updated-dependencies:
- dependency-name: github.com/klauspost/compress
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-29 23:48:00 +00:00
dependabot[bot]
4d33170ea8
build(deps): bump github.com/google/uuid from 1.5.0 to 1.6.0 
Bumps [github.com/google/uuid](https://github.com/google/uuid) from 1.5.0 to 1.6.0.
- [Release notes](https://github.com/google/uuid/releases)
- [Changelog](https://github.com/google/uuid/blob/master/CHANGELOG.md)
- [Commits](https://github.com/google/uuid/compare/v1.5.0...v1.6.0)

---
updated-dependencies:
- dependency-name: github.com/google/uuid
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-29 23:47:01 +00:00
dependabot[bot]
3a5b47d736
build(deps): bump google.golang.org/grpc from 1.60.1 to 1.61.0 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.60.1 to 1.61.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.60.1...v1.61.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-29 23:46:49 +00:00
dependabot[bot]
9a983caad1
build(deps): bump github.com/containerd/plugin 
Bumps [github.com/containerd/plugin](https://github.com/containerd/plugin) from 0.0.0-20231101173250-7ec69893e1e7 to 0.1.0.
- [Release notes](https://github.com/containerd/plugin/releases)
- [Commits](https://github.com/containerd/plugin/commits/v0.1.0)

---
updated-dependencies:
- dependency-name: github.com/containerd/plugin
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-29 23:46:33 +00:00
dependabot[bot]
495afb0c02
build(deps): bump lycheeverse/lychee-action from 1.9.1 to 1.9.3 
Bumps [lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action) from 1.9.1 to 1.9.3.
- [Release notes](https://github.com/lycheeverse/lychee-action/releases)
- [Commits](https://github.com/lycheeverse/lychee-action/compare/v1.9.1...v1.9.3)

---
updated-dependencies:
- dependency-name: lycheeverse/lychee-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-29 23:07:38 +00:00
dependabot[bot]
5365a1089d
build(deps): bump google-github-actions/upload-cloud-storage 
Bumps [google-github-actions/upload-cloud-storage](https://github.com/google-github-actions/upload-cloud-storage) from 2.0.0 to 2.1.0.
- [Release notes](https://github.com/google-github-actions/upload-cloud-storage/releases)
- [Changelog](https://github.com/google-github-actions/upload-cloud-storage/blob/main/CHANGELOG.md)
- [Commits](https://github.com/google-github-actions/upload-cloud-storage/compare/v2.0.0...v2.1.0)

---
updated-dependencies:
- dependency-name: google-github-actions/upload-cloud-storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-01-29 23:07:18 +00:00
Derek McGowan
4f3a026bce
Merge pull request #9696 from dmcgowan/prepare-v2.0.0-beta.2 
Prepare release notes for v2.0.0-beta.2
 2024-01-29 17:00:54 +00:00
Phil Estes
f5f84a9c75
Merge pull request #8735 from iain-macdonald/iain-macdonald/issue-6377 
remotes/docker/authorizer.go: refresh OAuth tokens when they expire
 2024-01-29 16:18:56 +00:00
Derek McGowan
1b6019b5ed
Merge pull request #9681 from dmcgowan/cri-runtime-plugin 
Add CRI Service plugin type
 2024-01-29 16:05:16 +00:00
Samuel Karp
30a6485376
Merge pull request #9702 from roman-kiselenko/disable-scheduled-workflow-for-fork 
Disable Links workflow in forks
 2024-01-29 07:56:35 +00:00
Derek McGowan
64b4778fc2
Add deprecation warnings to CRI image server configuration 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2024-01-28 23:14:59 -08:00
Derek McGowan
65b3922df7
Split streaming config from runtime config 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2024-01-28 23:14:59 -08:00
Derek McGowan
58ff9d368d
Move cri plugin to plugins subpackage 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2024-01-28 20:57:19 -08:00
Derek McGowan
d29a1bc6a0
Move sandbox info to cri types packages 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2024-01-28 20:57:19 -08:00
Derek McGowan
9795677fe9
Move cri base plugin to CRI runtime service 
Create new plugin type for CRI runtime and image services.

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2024-01-28 20:57:18 -08:00
roman-kiselenko
966d518014 The Links workflow should be disabled in forks. 
Signed-off-by: roman-kiselenko <roman.kiselenko.dev@gmail.com>
 2024-01-28 12:27:45 +03:00
Samuel Karp
22e1a2e65c
Merge pull request #9675 from yanggangtony/clean-indent-for-containerd-config.toml 
Clean plugin indent in containerd-config.toml.5.md
 2024-01-28 09:01:11 +00:00
Akihiro Suda
d48dcf8181
Merge pull request #9700 from yanggangtony/fix-typo-shims 
Fix func (m manager) Info in containerd-shim-runc-v2.
 2024-01-28 06:06:05 +00:00
yanggang
e15f191a2d
Fix func (m manager) Info in containerd-shim-runc-v2 
Signed-off-by: yanggang <gang.yang@daocloud.io>
 2024-01-28 02:19:41 +00:00
Akihiro Suda
c1d59e38ef
Merge pull request #9661 from dmcgowan/update-cri-container-events-multisub 
Add support for multiple subscribers to CRI container events
 2024-01-27 15:57:30 +00:00