github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
8,778 Commits 3 Branches 2 Tags 112 MiB
498eebe860
Commit Graph

242 Commits

Author SHA1 Message Date
Sebastiaan van Stijn
356782cb47
Makefile: man page: rename containerd.1 to containerd.8 
The generated file was incorrectly named containerd.1 and should
be in section 8 (see [MAN-PAGES(7)]: Sections of the manual pages)

This patch fixes the filename and updates references to containerd(1)
to refer to containerd(8).

The generated file itself already had the correct section set in its
header, so didn't need updating.

[MAN-PAGES(7)]: http://man7.org/linux/man-pages/man7/man-pages.7.html

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-04-02 13:52:06 +02:00
Brandon Lum
8d5a8355d0 Updated docs and code for default nil behavior 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2020-02-27 23:42:03 +00:00
Brandon Lum
7a24da0375 Updated docs and encryption.md -> decryption.md 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2020-02-24 20:45:57 +00:00
Brandon Lum
c5209cd679 Updated doc based on changes requested 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2020-02-24 20:45:57 +00:00
Brandon Lum
8df431fc31 Defer multitenant key model to image auth discussion 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2020-02-24 20:45:57 +00:00
Brandon Lum
f0579c7b4d Implmented node key model for image encryption 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2020-02-24 20:45:57 +00:00
Mike Brown
c9ed98462d move to v3.2 for the pause image 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2020-02-14 12:55:52 -06:00
Mihai Coman
5e6d56ee2d Fix startup_delay within default configuration 
Without this patch, the containerd daemon fails to start using the
default configuration example:
containerd[37139]: containerd: time: missing unit in duration 100000000

Signed-off-by: Mihai Coman <mihai.cmn@gmail.com>
 2020-01-29 15:34:23 +02:00
Yecheng Fu
ef7f327f2a update config syntax in registry.md 
Signed-off-by: Yecheng Fu <fuyecheng@pingcap.com>
 2020-01-10 17:43:41 +08:00
Akihiro Suda
b553bc14a2 update docs/rootless.md 
* Updated an example config to v2 syntax
* Updated for shim v2 (relates to #2767)

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-01-08 13:37:29 +09:00
Akihiro Suda
b127b666aa ctr: support $CONTAINERD_ADDRESS env var 
`$CONTAINERD_ADDRESS` can be specified instead of the `ctr --address` flag.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-01-07 15:59:12 +09:00
Akihiro Suda
aaddaa2732 bump up the default runtime to "io.containerd.runc.v2" 
The former default runtime "io.containerd.runc.v1" won't support new features
like support for cgroup v2: containerd/containerd#3726

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2019-12-16 11:53:58 +09:00
Lantao Liu
4f350ad474 Fix typo. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-11-26 15:09:07 -08:00
Lantao Liu
ab6701bd11 Add insecure_skip_verify option. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-11-26 13:25:52 -08:00
Ameya Gawde
d21f0f116e
windows process shim installer 
Signed-off-by: Ameya Gawde <ameya.gawde@docker.com>
 2019-10-30 16:22:02 -07:00
Lantao Liu
aaccfcbe2b Fix containerd config dump. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-10-23 22:38:18 -07:00
Lantao Liu
56fa16ef9c Update the kube-up doc with a simpler approach. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-09-23 17:24:10 -07:00
Lantao Liu
35eb96d901 Update deployment and integration test 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-09-18 17:21:37 -07:00
Michael Crosby
f3a5b8c0a9 Add command to generate man pages 
The climan package has a command that can be registered with any urfav
cli app to generate man pages.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2019-09-11 15:31:02 -04:00
Ed Bartosh
e28689657a Add ContatinerAnnotations to the Runtime and config 
Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
 2019-09-10 11:28:51 +03:00
Michael Crosby
f76eefd272
Merge pull request #3574 from mxpv/cfg 
Support config imports
 2019-09-04 16:34:11 -04:00
Lantao Liu
2d03ccf5dd FDQN is a typo, and we don't support trailing dot in FQDN. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-08-30 13:31:04 -07:00
chentanjun
92a5b08a68 fix-grammar-mistake 
Signed-off-by: chentanjun <2799194073@qq.com>
 2019-08-28 16:10:08 +08:00
Maksym Pavlenko
8ebffecbc3 Use map for stream processors 
Signed-off-by: Maksym Pavlenko <makpav@amazon.com>
 2019-08-23 15:31:37 -07:00
Maksym Pavlenko
ea6c749e35 Update config doc 
Signed-off-by: Maksym Pavlenko <makpav@amazon.com>
 2019-08-23 11:08:25 -07:00
Lantao Liu
81ca274c6f Add wildcard mirror support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-08-13 12:02:57 -07:00
Phil Estes
b77e25dade
Merge pull request #3516 from crosbymichael/remote-enc 
Remove encryption code from containerd core
 2019-08-13 10:52:48 -04:00
Akihiro Suda
28e492fce0 allow non-mutual TLS 
Previously, client keypair had needed to be specified even when unused.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2019-08-10 21:48:03 +09:00
Lantao Liu
53e94c6753 Use containerd registry mirror library. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-08-09 14:39:30 -07:00
Michael Crosby
0dadef19cf Add docs for stream processors 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2019-08-09 18:40:43 +00:00
Michael Crosby
d085d9b464 Remove encryption code from containerd core 
We are separating out the encryption code and have designed a few new
interfaces and APIs for processing content streams.  This keep the core
clean of encryption code but enables not only encryption but support of
multiple content types ( custom media types ).

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2019-08-09 15:01:16 +00:00
Alex Price
3353ab76d9 Add flag to overload default privileged host device behaviour 
This commit adds a flag to the runtime config that allows overloading of the default
privileged behaviour. When the flag is enabled on a runtime, host devices won't
be appended to the runtime spec if the container is run as privileged.

By default the flag is false to maintain the current behaviour of privileged.

Fixes #1213

Signed-off-by: Alex Price <aprice@atlassian.com>
 2019-08-08 12:16:42 +10:00
Lantao Liu
871a8b89c8 Do not deprecate no_pivot yet. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-08-05 15:12:50 -07:00
Lantao Liu
b74653b821 Print warning message for deprecated options. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-08-02 01:10:11 -07:00
Derek McGowan
adad947b77
Merge pull request #3460 from lumjjb/ctrrecipients 
Specify protocols in ctr encrypt recipients
 2019-08-01 15:37:40 -07:00
Lantao Liu
467f9e0e8a Fix proc mount support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-07-31 17:11:15 -07:00
Akihiro Suda
4195136eea
Merge pull request #3433 from dmcgowan/gc-docs 
Add garbage collection doc
 2019-07-30 14:03:01 +09:00
Lantao Liu
c78caf902d Add max concurrent downloads support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-07-26 18:15:17 -07:00
Brandon Lum
8cd480c233 Specify protocols in ctr encrypt recipients 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2019-07-26 13:20:22 -04:00
Derek McGowan
22f44c44d9
Add garbage collection doc 
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
 2019-07-25 14:42:30 -07:00
Aldo Culquicondor
4b43303203 Add option to register on TCP server 
Signed-off-by: Aldo Culquicondor <acondor@google.com>
 2019-07-25 09:42:49 -04:00
Lantao Liu
64bf4bebf3
Merge pull request #1188 from alculquicondor/fix/doc 
Update docs to v2 config
 2019-07-24 14:25:42 -07:00
Aldo Culquicondor
e2550f6285 Update docs to v2 config 
Signed-off-by: Aldo Culquicondor <acondor@google.com>
 2019-07-24 09:30:13 -04:00
Brandon Lum
c6d437fd70 Corrected lease implementation 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2019-07-18 18:17:20 -04:00
Stefan Berger
bf8804c743 Implemented image encryption/decryption libraries and ctr commands 
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2019-07-17 15:19:58 -04:00
Joe Borg
9ebc10ec08 Correcting typo 
`/ec/` > `/etc/`

Signed-off-by: Joe Borg <joe@josephb.org>
 2019-07-04 14:12:20 -04:00
Michael Crosby
bb9616ba20
Merge pull request #3379 from Ace-Tang/clean-doc 
docs: remove shim_no_newns in ops.md
 2019-06-26 11:30:21 -04:00
Ace-Tang
2d03791158 docs: remove shim_no_newns in ops.md 
this ops is removed in commit fd2e3cd326,
remove from doc avoid misleading users.

Signed-off-by: Ace-Tang <aceapril@126.com>
 2019-06-26 16:37:36 +08:00
Phil Estes
0886e4f1b7
No need to keep 2017 DockerCon doc 
Remove outdated discussion document from repo.

Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
 2019-06-26 00:00:59 -04:00
BoWen Yan
d15a06b190 docs: Fix typo to some markdown files in /docs. 
Signed-off-by: BoWen Yan <loneybw@gmail.com>
 2019-06-13 15:29:12 +08:00
Mike Brown
3ba04c01cc doc update for cni max num 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2019-06-11 08:35:22 -05:00
kuramal
b022de5f37 add cni plugin config file max num config, set go-cni to commit 22460c0 
Signed-off-by: kuramal <linxxnil@126.com>
 2019-06-10 12:14:35 +08:00
Vlad Ungureanu
60a58af376 Add TLS auth registry support 
Signed-off-by: Vlad Ungureanu <ungureanuvladvictor@gmail.com>
 2019-06-06 14:55:53 -07:00
Lantao Liu
db90808477 Update doc and add deprecation policy for CRI options. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-04-25 16:11:16 -07:00
Lantao Liu
19e2b20c13 Use ctr images import. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-04-15 10:37:31 -07:00
Derek McGowan
2f60e389a0
Merge pull request #2626 from krsoninikhil/defaults3 
Uses namespace labels for default options
 2019-04-02 11:46:35 -07:00
Lantao Liu
238658719f Cleanup pod annotation test and only support tailing wildcard. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-03-25 12:54:34 -07:00
Harshal Patil
effd82227c Add support for passing sandbox annotations to runtime 
Signed-off-by: Harshal Patil <harshal.patil@in.ibm.com>
 2019-03-21 14:38:14 +05:30
Mike Brown
9474b05dd7 clarify the versioning for the tarball 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2019-03-13 12:58:12 -05:00
Lantao Liu
f2f90f6b00
Merge pull request #1060 from Random-Liu/support-stream-idle-timeout 
Support stream idle timeout.
 2019-02-28 10:28:27 -08:00
Lantao Liu
8222da7768 Support stream idle timeout. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-02-28 01:30:01 -08:00
Lantao Liu
76ed153e8c Add more explanation about the CRI config. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-02-27 16:51:36 -08:00
Aldo Culquicondor
c88e18b907 Fix architecture doc 
Network namespace is created before the pause container.

Signed-off-by: Aldo Culquicondor <acondor@google.com>
 2019-02-27 18:00:40 -05:00
Shengjing Zhu
fb80483711 docs: Add NAME section in all manpages 
As described in https://lintian.debian.org/tags/manpage-has-bad-whatis-entry.html
each manual page should start with a "NAME" section.

Signed-off-by: Shengjing Zhu <zhsj@debian.org>
 2019-02-22 23:40:28 +08:00
Mike Brown
857f169e9e update support statment reflecting eol for k8s 1.10 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2019-02-14 11:28:26 -06:00
Nikhil Soni
da2ab865e0 Add documentation for using namespace labels for configuring defaults. 
Signed-off-by: Nikhil Soni <krsoninikhil@gmail.com>
 2019-02-01 23:14:33 +05:30
Derek McGowan
8706a355dd
Merge pull request #2889 from linxiulei/isolated_content 
metadata: define content sharing policy
 2019-01-14 13:15:38 -08:00
Phil Estes
a79879e9dd
Add security audit report to README 
Also remove weekly development reports section from README as those are
not being produced regularly at this time.

Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
 2019-01-04 09:56:03 -05:00
Akihiro Suda
cd8231ab2a support DisableCgroup, DisableApparmor, RestrictOOMScoreAdj 
Add following config for supporting "rootless" mode

* DisableCgroup: disable cgroup
* DisableApparmor: disable Apparmor
* RestrictOOMScoreAdj: restrict the lower bound of OOMScoreAdj

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2019-01-03 05:12:04 +09:00
Eric Lin
4247f2684d metadata: define content sharing policy 
This changeset modifies the metadata store to allow one to set a
"content sharing policy" that defines how blobs are shared between
namespaces in the content store.

The default mode "shared" will make blobs available in all namespaces
once it is pulled into any namespace.  The blob will be pulled into
the namespace if a writer is opened with the "Expected" digest that
is already present in the backend.

The alternative mode, "isolated" requires that clients prove they have
access to the content by providing all of the content to the ingest
before the blob is added to the namespace.

Both modes share backing data, while "shared" will reduce total
bandwidth across namespaces, at the cost of allowing access to any
blob just by knowing its digest.

Note: Most functional codes and changelog of this commit originate from
Stephen J Day <stephen.day@docker.com>, see
40455aade8

Fixes #1713 Fixes #2865

Signed-off-by: Eric Lin <linxiulei@gmail.com>
 2018-12-21 15:02:21 +08:00
Sebastiaan van Stijn
723797d320
docs: remove website leftovers 
The website content moved to the github.com/containerd/containerd.io
repository.

Commit da1fba0050 removed all website-
related content, but there were some stray files left behind.

This patch removes those files, and updates the `.editorconfig` file
to only match Markdown files.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2018-12-20 10:01:51 +01:00
Sebastiaan van Stijn
555ea3fb43
Ignore modprobe failures in ExecStartPre (systemd unit) 
When running containerd inside LXC, due to systemd being unable to execute
`modprobe overlay` inside the container (module is already loaded in host kernel).

This patch adds a `-` prefix to the `ExecStartPre` command, so that failures
are ignored, and the service can start as usual.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2018-11-10 12:52:06 +01:00
Akihiro Suda
ce6d4c9a9f add docs/rootless.md 
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-11-06 17:39:30 +09:00
Lantao Liu
1442425f92 Support runtime specific configurations. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-10-08 17:17:29 -07:00
Lantao Liu
65283e4253 The indent is wrong. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-09-17 12:11:18 -07:00
Lantao Liu
3de8c8bf19 Update cri-tools to 98eea54af789ae13edce79cba101fb9ac8e7b241. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-09-17 10:54:42 -07:00
Tim Allclair
e7189a25c3
Add RuntimeHandler support 
Signed-off-by: Tim Allclair <tallclair@google.com>
 2018-09-05 17:27:35 -07:00
JulienBalestra
dffd0dfa0e
streaming: tls conf validation to func with tests 
Signed-off-by: JulienBalestra <julien.balestra@datadoghq.com>
 2018-08-30 15:10:48 +02:00
JulienBalestra
859003a940
stream: struct for x509 key pair, update the docs, error management 
Signed-off-by: JulienBalestra <julien.balestra@datadoghq.com>
 2018-08-28 17:22:11 +02:00
Phil Estes
da1fba0050
Website no longer managed from this repo 
Website content is deployed from containerd/containerd.io now

Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
 2018-08-23 14:55:04 -04:00
Aleksa Sarai
7aa132ffc7
docs: man: rename config.toml(5) to be more descriptive 
The man page namespace is global, so in order to avoid colliding with
other man pages named "config.toml" rename ours to be more descriptive.
This also helps with discoverability (now tab-completion of 'man
containerd<tab>' will return the config man page), as well as making it
much cleaner from the perspective of distributions that want to package
containerd.

Signed-off-by: Aleksa Sarai <asarai@suse.de>
 2018-08-08 18:33:29 +10:00
Michael Crosby
2742238909 Add docs for managed opts dir 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2018-08-03 11:50:02 -04:00
Lantao Liu
b3d6f16383 Serve streaming on localhost by default to match k8s 1.11 default. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-07-21 01:10:45 +00:00
yanxuean
7065dd81f9 support no_pivot option for runc 
Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2018-07-20 08:46:50 +08:00
Lantao Liu
0f3c83b11b Use --no-overwrite-dir in installation doc. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-07-11 18:04:48 +00:00
Lantao Liu
952e53bf58 Add registry auth config, and use docker resolver in containerd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-07-09 19:08:48 -07:00
Alban Crequy
6ef65b74e1 Document how to use systemd-run 
It is also useful when testing local changes, I just run:

sudo systemd-run -p Delegate=yes -p KillMode=process bin/containerd

Signed-off-by: Alban Crequy <alban@kinvolk.io>
 2018-06-27 16:58:30 +02:00
Lantao Liu
fd71c9f065 Fix another link. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-26 13:30:32 -07:00
Yu-Ju Hong
e23c0e708a
Fix link to GCE getting started guide 
Signed-off-by: Yu-Ju Hong <yjhong@google.com>
 2018-06-25 12:10:03 -07:00
Lantao Liu
405f57f8e0 Add max_container_log_size 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-14 14:24:17 -07:00
Luc Perkins
e5e63539a6 Return Markdown files to /docs directory 
Signed-off-by: Luc Perkins <lucperkins@gmail.com>
 2018-05-16 11:23:50 -07:00
Luc Perkins
d1503dc9ce Migrate website to Hugo 
Signed-off-by: Luc Perkins <lucperkins@gmail.com>
 2018-05-15 12:30:26 -07:00
Lantao Liu
e22ebf420f Down containerd binaries from official release. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-24 01:23:44 -07:00
Lantao Liu
06f53b4838 Add unix:// prefix for socket addresses used by CRI remote client. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-20 17:36:25 -07:00
Lantao Liu
9aa9f85a03 Add release instruction to make the release process written down. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-16 06:46:22 +00:00
Lantao Liu
d8a3c5f254 Address comments. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-09 18:15:09 +00:00
Lantao Liu
b2099c2061 Add cni config template support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-07 06:34:45 +00:00
Lantao Liu
ad7bffc093 Enable TLS streaming in all the setup. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-03 00:17:26 +00:00
Lantao Liu
c4f80aecb7
Merge pull request #711 from tklauser/libapparmor-dep 
Drop libapparmor dependency from build docs
 2018-04-02 11:55:27 -07:00
Tobias Klauser
d29678a3c4 Drop libapparmor dependency from build docs 
As of opencontainers/runc@db093f6 runc no longer depends on libapparmor
thus libapparmor-dev no longer needs to be installed to build it or
anythind that depends on it (like containerd or cri-containerd). Adjust
the documentation accordingly.

containerd/containerd#2238 did the same for containerd.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
 2018-03-31 18:18:12 +02:00