github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
8,778 Commits 3 Branches 2 Tags 112 MiB
498eebe860
Commit Graph

8778 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Crosby
3e2a9c60af Merge pull request #1458 from AkihiroSuda/net-host 
ctr: net-host: bind-mount host /etc/{hosts,resolv.conf}
 2017-09-01 10:28:17 -04:00
Phil Estes
dd05301bef Merge pull request #1457 from AkihiroSuda/nit-doc 
RELEASES.md: Go API -> Go client API
 2017-09-01 10:00:23 -04:00
Lantao Liu
5057c2d4fb Merge pull request #197 from Random-Liu/not-remove-out-dated-tag 
Do not remove out dated image tag.
 2017-09-01 00:48:37 -07:00
Lantao Liu
cfb5513a54 Fix repo digest for schema 1 image. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-01 07:18:02 +00:00
Akihiro Suda
053deb5ce2 ctr: net-host: bind-mount host /etc/{hosts,resolv.conf} 
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2017-09-01 07:16:31 +00:00
Lantao Liu
73bb6e3283 Do not remove out dated image tag. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-01 07:09:13 +00:00
Akihiro Suda
37896edfed RELEASES.md: Go API -> Go client API 
So as to make sure the Go plugin API is not in the scope

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2017-09-01 07:05:35 +00:00
Akihiro Suda
525bffd194 snapshot: support JSON marshalling for Info 
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2017-09-01 04:47:35 +00:00
Akihiro Suda
fef7f3addc ctr: add ctr snapshot info <key> 
Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2017-09-01 04:41:34 +00:00
Lantao Liu
9c49624174 Merge pull request #157 from miaoyq/apply-selinux-opt 
Support selinux options/label
 2017-08-31 16:30:30 -07:00
Lantao Liu
66baf1312d Merge pull request #193 from abhinandanpb/containerd_shim 
Setting containerd shim to Pod cgroup
 2017-08-31 16:12:57 -07:00
Ian Campbell
94b0d0ecd0 ctr: drop labels from ctr containers subcommand list 
The labels can be very long (e.g. cri-containerd stores a large JSON metadata
blob as `io.cri-containerd.container.metadata`) which renders the output
useless due to all the line wrapping etc.

The information is still available in `ctr containers info «name»`.

Signed-off-by: Ian Campbell <ian.campbell@docker.com>
 2017-08-31 23:42:21 +01:00
Abhinandan Prativadi
59008c608e Setting containerd shim cgroup same as pod cgroup 
Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-08-31 15:16:51 -07:00
Lantao Liu
82ee80d0fa Implement streaming server stop (Kubernetes#51377) 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-31 21:56:47 +00:00
Kenfe-Mickael Laventure
1b79170849
linux: Add RuntimeRoot to RuncOptions 
This allow specifying wher the OCI runtime should store its state data.

Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
 2017-08-31 14:35:05 -07:00
Kenfe-Mickael Laventure
ab0cb4e756
linux: Honor RuncOptions if set on container 
This also fix the type used for RuncOptions.SystemCgroup, hence introducing
an API break.

Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
 2017-08-31 14:35:05 -07:00
Kenfe-Mickael Laventure
e0d8cb1366
Fix retrieval of container Runtime.Options field 
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
 2017-08-31 12:05:39 -07:00
Kenfe-Mickaël Laventure
22df20b35f Merge pull request #1452 from crosbymichael/reaper2 
Update reaper for multiple subscribers
 2017-08-31 11:52:23 -07:00
Michael Crosby
6b4c4a2937 Update reaper for multipe subscribers 
Depends on https://github.com/containerd/go-runc/pull/24

The is currently a race with the reaper where you could miss some exit
events from processes.

The problem before and why the reaper was so complex was because
processes could fork, getting a pid, and then fail on an execve before
we would have time to register the process with the reaper.  This could
cause pids to fill up in a map as a way to reduce the race.

This changes makes the reaper handle multiple subscribers so that the
caller can handle locking, for when they want to wait for a specific
pid, without affecting other callers using the reaper code.

Exit events are broadcast to multiple subscribers, in the case, the runc
commands and container pids that we get from a pid-file.  Locking while
the entire container stats no longs affects runc commands where you want
to call `runc create` and wait until that has been completed.

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2017-08-31 14:29:47 -04:00
Stephen J Day
9255e752b3
containerd: export Subscribe method on client 
Signed-off-by: Stephen J Day <stephen.day@docker.com>
 2017-08-31 11:14:03 -07:00
Phil Estes
c2e894c33a Merge pull request #1448 from darrenstahlmsft/ConsoleSize 
Ensure ConsoleSize is not nil
 2017-08-31 08:49:45 -04:00
Yanqiang Miao
0c3304e006 Support selinux options/label 
Support selinux optios/label

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-08-31 19:20:12 +08:00
Lantao Liu
c311f10a77 Merge pull request #190 from Random-Liu/cleanup-image-operations 
Cleanup image operations
 2017-08-30 18:19:40 -07:00
Lantao Liu
ac4f238f48 Cleanup image operations. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-31 00:52:09 +00:00
Lantao Liu
130aa5ac0d Checkpoint container status onto disk. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-31 00:41:52 +00:00
Stephen Day
c1c2aafffe Merge pull request #1444 from Random-Liu/add-image-config 
Add image config function.
 2017-08-30 17:27:23 -07:00
Darren Stahl
04c6bf42e2 Ensure ConsoleSize is not nil 
Signed-off-by: Darren Stahl <darst@microsoft.com>
 2017-08-30 16:34:20 -07:00
Lantao Liu
39854b292a Merge pull request #184 from abhinandanpb/cgroup 
Adding option to configure cgroup to start cri-containerd
 2017-08-30 16:27:01 -07:00
Lantao Liu
76e016ca30 Add image config function. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-30 23:02:43 +00:00
Abhinandan Prativadi
e1edeae4c9 Adding option to configure cgroup to start cri-containerd 
Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-08-30 14:37:40 -07:00
Lantao Liu
80b57f54a6 Merge pull request #192 from Random-Liu/fix-sandbox-container-snapshotter 
Fix sandbox container snapshotter.
 2017-08-30 13:47:15 -07:00
Phil Estes
0baecaa7cf Merge pull request #1439 from mlaventure/allow-setting-rutime-opts 
Allow setting runtime options when using WithRuntime()
 2017-08-30 15:59:14 -04:00
Lantao Liu
c4d95aa2c4 Fix sandbox container snapshotter. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-30 18:33:59 +00:00
Kenfe-Mickaël Laventure
49e3d43ff2 Merge pull request #1443 from crosbymichael/daemon-cgroup 
Place containerd inside cgroup
 2017-08-30 10:45:19 -07:00
Lantao Liu
2aea0388be Merge pull request #187 from Random-Liu/fix-bind-mount 
Use rbind and rprivate in bind mount.
 2017-08-30 10:16:59 -07:00
Lantao Liu
9478446de1 Merge pull request #189 from Random-Liu/update-cri-test 
Update cri validation test to add supplemental groups test.
 2017-08-30 10:15:43 -07:00
Lantao Liu
fd2a8c9701 Update cri validation test to add supplemental groups test. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-30 06:02:21 +00:00
Lantao Liu
3f4978b77b Use rbind and rprivate in bind mount. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-30 01:40:03 +00:00
Lantao Liu
55ee423224 Merge pull request #175 from Random-Liu/disable-pid-ns-sharing 
Disable pid namespace sharing
 2017-08-29 13:14:18 -07:00
Lantao Liu
c2fb61b5fe Merge pull request #178 from Random-Liu/fix-leak-files 
Fix leak files
 2017-08-29 13:13:01 -07:00
Michael Crosby
932246b575 Place containerd inside cgroup 
This adds a config option to place the `containerd` daemon process into
a cgroup so that proper resource usage and accounting can be applied.

It defaults to not being place inside a cgroup and will create a new
cgroup if the `path` does not exist in the config or join an existing
`path` if it already exists.

```toml
[cgroup]
    path = "/containerd"
```

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2017-08-29 15:00:27 -04:00
Michael Crosby
c3711c3866 Merge pull request #1319 from mlaventure/handle-sigkilled-shim 
Handle sigkilled shim
 2017-08-29 14:06:17 -04:00
Michael Crosby
744308a952 Merge pull request #1440 from mlaventure/fix-shim-panic 
Fix panic in CloseIO when not Stdin was allocated for a process
 2017-08-29 13:33:05 -04:00
Kenfe-Mickael Laventure
42b131c1f3
Allow setting runtime options when using WithRuntime() 
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
 2017-08-29 10:03:51 -07:00
Kenfe-Mickael Laventure
1c92c0ecbf
Fix panic in CloseIO when not Stdin was allocated for a process 
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
 2017-08-29 09:58:48 -07:00
Kenfe-Mickaël Laventure
456e1697ee Merge pull request #1438 from crosbymichael/apparmor 
Add default apparmor profile generation
 2017-08-29 09:55:34 -07:00
Phil Estes
7dd87c35ee Merge pull request #1436 from crosbymichael/security 
Add security mailing list to readme and releases
 2017-08-29 12:19:59 -04:00
Michael Crosby
2b46989dbe Add default apparmor profile generation 
This adds default apparmor profile generation to the containerd client
so that profiles can be generated with a SpecOpt

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2017-08-29 12:03:24 -04:00
Kenfe-Mickael Laventure
edd1da8591
Use configured runtime when cleaning up after dead shim 
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
 2017-08-29 08:27:44 -07:00
Kenfe-Mickael Laventure
700120c066
Don't build binaries when running make vet 
Signed-off-by: Kenfe-Mickael Laventure <mickael.laventure@gmail.com>
 2017-08-29 08:27:44 -07:00