github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
1,141 Commits 3 Branches 2 Tags 112 MiB
450eb09a68
Commit Graph

400 Commits

Author SHA1 Message Date
Lantao Liu
60b0d08a6f Use containerd.WithPullUnpack. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-05-23 12:39:14 -07:00
Ricardo Aravena
f79e0171ca
Minor typo 
Signed-off-by: Ricardo Aravena <raravena80@gmail.com>
 2018-05-15 09:11:48 -07:00
Lantao Liu
5d29598a6d Fix workingset memory calculation. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-05-11 15:17:16 -07:00
Lantao Liu
a5d1332e8f Explicitly set rw for privileged container. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-05-07 15:13:14 -07:00
Lantao Liu
5f4035ae2f
Merge pull request #754 from kolyshkin/mount 
os.Unmount: do not consult mountinfo
 2018-04-30 14:41:57 -07:00
Kir Kolyshkin
daeab40b45 os.Unmount: do not consult mountinfo, drop flags 
1. Currently, Unmount() call takes a burden to parse the whole nine yards
of /proc/self/mountinfo to figure out whether the given mount point is
mounted or not (and returns an error in case parsing fails somehow).

Instead, let's just call umount() and ignore EINVAL, which results
in the same behavior, but much better performance.

This also introduces a slight change: in case target does not exist,
the appropriate error (ENOENT) is returned -- document that.

2. As Unmount() is always used with MNT_DETACH flag, let's drop the
flags argument. This way, the only reason of EINVAL returned from
umount(2) can only be "target is not mounted".

3. While at it, remove the 'containerdmount' alias from the package.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2018-04-30 12:54:10 -07:00
Lantao Liu
279fa853a6 Always mount sysfs as rw. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-26 18:58:26 -07:00
Lantao Liu
daa9f6008c
Merge pull request #743 from Random-Liu/fix-sandbox-stop-race 
Fix sandbox stop race condition.
 2018-04-18 13:28:54 -07:00
Lantao Liu
856534c846 Fix sandbox stop race condition. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-18 10:12:33 -07:00
Lantao Liu
5cb4744f27 Fix portforward for host network. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-17 08:24:44 +00:00
Lantao Liu
69b3f3aeac Add socat back. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-11 01:53:24 +00:00
Lantao Liu
3d0706c4e5
Merge pull request #691 from abhi/socat 
Getting rid of nsenter and socat
 2018-04-09 15:34:44 -07:00
abhi
02b952ec17 Getting rid of socat 
Signed-off-by: abhi <abhi@docker.com>
 2018-04-09 14:31:44 -07:00
Lantao Liu
d8a3c5f254 Address comments. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-09 18:15:09 +00:00
Lantao Liu
b2099c2061 Add cni config template support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-07 06:34:45 +00:00
abhi
aeef99a76e Using netns to perform socat 
This commit removes the usage of nsenter and uses netns
to perform socat operation.

Signed-off-by: abhi <abhi@docker.com>
 2018-04-05 13:28:00 -07:00
Mike Brown
c7793564fc switches from not CA signed to self CA signed for streaming TLS 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-04-02 17:50:12 -05:00
Mike Brown
2f9f721b63 adds a new flag to enable TLS support insecure for now 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-04-02 12:27:55 -05:00
Lantao Liu
ed20174ce4 Add RunAsGroup support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-30 22:26:07 +00:00
Lantao Liu
be43ad09da Fix a log output. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-28 21:31:44 +00:00
Lantao Liu
277edb2d3b Fix event monitor panic. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-27 01:41:35 +00:00
Lantao Liu
f4c9ef2647 Add symlink follow into unmount util. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-24 01:25:31 +00:00
Mike Brown
94df315de8 adds volatile state directory to the fs plan for cntrs/pods/fifo 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-03-24 00:05:52 +00:00
Lantao Liu
c6fecb2115
Merge pull request #688 from Random-Liu/cleanup-kata-code 
Address comments for privileged runtime code.
 2018-03-22 23:01:31 -07:00
Lantao Liu
ca67f94ee0 Address comments for privileged runtime code. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-23 02:17:46 +00:00
Lantao Liu
55d512b98c Make const private. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-23 00:48:50 +00:00
Mike Brown
89adb74414 adds tls certificate to tls config 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-03-22 09:42:31 -05:00
Jose Carlos Venegas Munoz
bdc5eee544 test: Add unit tests for privileged runtime functions 
- Add unit test for privilegedSandbox

- Add unit test  for getRuntime

Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
 2018-03-20 18:04:23 -06:00
Jose Carlos Venegas Munoz
ca16bd601a runtime: Add trusted runtime option 
Some CRI compatible runtimes may not support provileged operations.
Specifically hypervisor based runtimes (like kata-containers, cc-runtime
and runv) do not support privileged operations like:

- Provide access to the host namespaces
- Create fully privileged containers with access to host devices

Hypervisor based runtimes create container workloads within virtual machines.
When a running host privileged containers using them,
they wont provide support to requested the privileged opertations.

This commits add the new options to define two runtimes:

Trusted runtime : Used when a privileged container is requested.
Default runtime : for non-privileged workloads.

A container that belongs to a privileged pod will inherent this property
an will be created with the trusted runtime.

- Add options to define trusted runtime
- Add logic to decide if a sanbox is trusted
- Export annotation containers below to a trusted sandbox

Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
 2018-03-20 13:56:49 -06:00
Lantao Liu
387da59ee5 Rename all variables to remove "cricontainerd". 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-19 21:59:32 +00:00
Lantao Liu
e1fe1abff0 Use github.com/pkg/errors 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-17 02:24:38 +00:00
abhi
2bdf428eb7 Removing DAD config and updating plugins to v0.7.0 
Signed-off-by: abhi <abhi@docker.com>
 2018-03-16 14:46:46 -07:00
Lantao Liu
1dcbf4f742
Merge pull request #663 from abhi/cni 
Moving to use go-cni library from containerd
 2018-03-15 17:53:50 -07:00
abhi
003bbd4292 Modifying fake cni plugin 
Signed-off-by: abhi <abhi@docker.com>
 2018-03-15 17:05:33 -07:00
Lantao Liu
d389af83a9 Cleanup event backoff. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-15 18:49:36 +00:00
yanxuean
c751847350 Handle containerd event reliably 
fix #434

Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2018-03-15 17:14:02 +08:00
yanxuean
7583bce4ab some comments 
Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2018-03-15 15:55:54 +08:00
abhi
92110e1d74 Moving to use go-cni library from containerd 
This fix aims to use the cni library form containerd.
The library avoid usage of nsenter.

Signed-off-by: abhi <abhi@docker.com>
 2018-03-14 19:25:54 -07:00
Mike Brown
d4e7154625 move links for cri-containerd to cri 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-03-13 17:06:26 -05:00
Lantao Liu
f0a500a390 Use direct function call. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-13 04:51:19 +00:00
Lantao Liu
e20c6eb8a8
Merge pull request #558 from Random-Liu/report-containerd-version 
Report containerd version instead of cri-containerd version.
 2018-03-09 15:25:32 -08:00
Lantao Liu
f01c6d73a6 Fix cleanup context. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-07 07:05:27 +00:00
Lantao Liu
d3b112a989
Merge pull request #639 from Random-Liu/remove-standalone-mode 
Remove standalone mode
 2018-03-05 17:23:06 -08:00
Lantao Liu
ceb540d823 Fix potential panic. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-05 22:09:58 +00:00
Lantao Liu
d1e9960180 Remove standalone mode 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-05 21:45:20 +00:00
Lantao Liu
36b4c05354 Report containerd version instead of cri-containerd version. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-01 01:26:37 +00:00
Lantao Liu
6d538ccbf6 Do not block on stream server close. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-02-14 08:41:29 +00:00
Lantao Liu
a8264ec035 Support reopening container log. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-02-13 17:57:45 +00:00
Lantao Liu
6900cbdada Use mountpoint as image fs identifier. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-02-09 07:46:49 +00:00
Lantao Liu
46fc92f65f Use new namespace mode and support shared pid namespace. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-02-08 03:10:57 +00:00