github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
1,807 Commits 3 Branches 2 Tags 112 MiB
4d4c35b3a8
Commit Graph

615 Commits

Author SHA1 Message Date
Sebastiaan van Stijn
e093a0ee08
Use local "ensureRemoveAll" instead of docker/pkg/system 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-03-12 20:21:14 +01:00
Akihiro Suda
fa72e2f693 cgroup2: do not unshare cgroup namespace for privileged 
Conforms to the latest KEP:
0e409b4749/keps/sig-node/20191118-cgroups-v2.md (cgroup-namespace)

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-03-09 01:49:04 +09:00
Brandon Lum
8d5a8355d0 Updated docs and code for default nil behavior 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2020-02-27 23:42:03 +00:00
Brandon Lum
ffcef9dc32 Addressed nits 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2020-02-24 20:45:57 +00:00
Brandon Lum
8df431fc31 Defer multitenant key model to image auth discussion 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2020-02-24 20:45:57 +00:00
Brandon Lum
c43a7588f6 Refactor encrypted opts and added unit test 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2020-02-24 20:45:57 +00:00
Brandon Lum
f0579c7b4d Implmented node key model for image encryption 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2020-02-24 20:45:57 +00:00
Akihiro Suda
2d28b60046 vendor kubernetes 1.17.1 
Corresponds to https://github.com/kubernetes/kubernetes/blob/v1.17.1/go.mod

note: `k8snet.ChooseBindAddress()` was renamed to `k8snet.ResolveBindAddress()` in afa0b808f8

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-01-22 02:06:50 +09:00
Akihiro Suda
5e5960f2bc
Merge pull request #1376 from Zyqsempai/add-cgroups-v2-metrics 
Cgroupv2: Added CPU, Memory metrics
 2020-01-21 23:21:09 +09:00
Boris Popovschi
6b8846cdf8 vendor updated + added cgroupv2 metrics 
Signed-off-by: Boris Popovschi <zyqsempai@mail.ru>
 2020-01-17 11:55:06 +02:00
Akihiro Suda
71740399e0 cgroup2: unshare cgroup namespace for containers 
In cgroup v1 container implementations, cgroupns is not used by default because
it was not available in the kernel until kernel 4.6 (May 2016), and the default
behavior will not change on cgroup v1 environments, because changing the
default will break compatibility and surprise users.

For cgroup v2, implementations are going to unshare cgroupns by default
so as to hide /sys/fs/cgroup from containers.

* Discussion: https://github.com/containers/libpod/issues/4363
* Podman PR (merged): https://github.com/containers/libpod/pull/4374
* Moby PR: https://github.com/moby/moby/pull/40174

This PR enables cgroupns for containers, but pod sandboxes are untouched
because probably there is no need to do.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-01-09 14:58:30 +09:00
Akihiro Suda
aaddaa2732 bump up the default runtime to "io.containerd.runc.v2" 
The former default runtime "io.containerd.runc.v1" won't support new features
like support for cgroup v2: containerd/containerd#3726

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2019-12-16 11:53:58 +09:00
Lantao Liu
0c2d3b718d Fix privileged devices. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-12-09 17:43:06 -08:00
Lantao Liu
78708b20c7
Merge pull request #1351 from Random-Liu/better-unknown-state-handling 
Better handle unknown state.
 2019-12-09 10:34:57 -08:00
Lantao Liu
facbaa0e79 Better handle unknown state. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-12-06 10:56:27 -08:00
bpopovschi
5d7bd738e4 Use containerD WithHostDevices 
Signed-off-by: bpopovschi <zyqsempai@mail.ru>
 2019-12-04 11:34:46 +02:00
Lantao Liu
444f02a89e
Merge pull request #1344 from darfux/add-resolvconf-to-sandbox-container 
Provide resolvConf to sandbox container's mounts
 2019-12-01 21:25:19 -08:00
Li Yuxuan
dbc1fb37d0 Provide resolvConf to sandbox container's mounts 
As https://github.com/kata-containers/runtime/issues/1603 discussed,
kata relies on such mount spec to setup resolv.conf for pod VM properly.

Signed-off-by: Li Yuxuan <liyuxuan04@baidu.com>
 2019-11-28 12:05:05 +08:00
Lantao Liu
ab6701bd11 Add insecure_skip_verify option. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-11-26 13:25:52 -08:00
Lantao Liu
5c2f33bd0d Cleanup path for windows mount 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-11-15 18:52:11 +00:00
Erik Wilson
7cc3938717 Set default scheme in registryEndpoints for host 
Signed-off-by: Erik Wilson <Erik.E.Wilson@gmail.com>
 2019-10-31 10:30:17 -07:00
Lantao Liu
65b9c31805 Use http for localhost, 127.0.0.1 and ::1 by default. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-10-28 19:07:43 -07:00
Lantao Liu
d95e21c89b Add container compute stats support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-10-25 14:32:02 -07:00
Lantao Liu
2ce0bb0926 Update code for latest containerd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-10-09 18:05:20 -07:00
Lantao Liu
358d672160 Add hostname CRI validation and unit test. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-09-25 16:11:27 -07:00
Lantao Liu
7fba77f238
Merge pull request #1298 from Random-Liu/set-sandbox-cpu-shares 
Set default sandbox container cpu shares on windows.
 2019-09-25 11:05:43 -07:00
Lantao Liu
2eba67a7ee
Merge pull request #1287 from crosbymichael/cgroups 
Use type alias from containerd for cgroup metric types
 2019-09-24 17:34:49 -07:00
Lantao Liu
f3ef10e9a2 Set default sandbox container cpu shares on windows. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-09-24 17:03:11 -07:00
Justin Terry (VM)
ed7873ef1e Forward SandboxConfig.Hostname to Workload container activation 
1. For Windows the Hostname property is not inherited from the sandbox and must
be passed for the Workload container activations as well.

Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
 2019-09-24 10:21:17 -07:00
Lantao Liu
bad68a8270
Merge pull request #1284 from liyanhui1228/win_portforward 
Add windows port forward support
 2019-09-23 22:17:08 -07:00
Angela Li
dc413bd6d6 Add windows portforward support 
Signed-off-by: Angela Li <yanhuil@google.com>
 2019-09-23 17:36:43 -07:00
Michael Crosby
c8c7c54a6e Use typealias for containerd metrics 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2019-09-20 16:01:48 -04:00
Lantao Liu
470776c903
Merge pull request #1274 from Random-Liu/dualstack 
Add DualStack support
 2019-09-19 21:32:26 -07:00
Lantao Liu
c1ece0c801 Address comment. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-09-19 14:05:28 -07:00
Phil Estes
229eb19bd6
Add back default UNIX env to container config 
Due to changes to the defaults in containerd, the CRI path to creating a
container OCI config needs to add back in the default UNIX $PATH (and
any other defaults) as that is the expected behavior from other
runtimes.

Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
 2019-09-19 09:00:25 -04:00
Antonio Ojea
fcd6bf318b Report Additional POD IPs 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-09-18 17:21:37 -07:00
Lantao Liu
dc964de85f Add windows implmenetation 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-09-18 10:46:29 -07:00
Lantao Liu
c6cb25c158 Open/create log file with FILE_SHARE_DELETE on windows 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-09-18 10:46:28 -07:00
Mike Brown
738179542a add a test case for container_annotations 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2019-09-10 11:28:59 +03:00
Ed Bartosh
05a9028969 Use container annotations when creating containers 
Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
 2019-09-10 11:28:59 +03:00
Lantao Liu
115b7664d9 Clarify some exec behavior. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-09-03 16:52:23 -07:00
Lantao Liu
50c73e6dc5 Move unix specific logic into _unix.go 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-09-03 16:23:42 -07:00
Lantao Liu
c6203ec13b Fix panic for task in unknown state. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-09-03 14:56:15 -07:00
Nishchay
f41675d234
fix: support empty auth config for anonymous registry 
- empty username means caller wants to use no credentials, typically for anonymous registry
- Fixes https://github.com/containerd/cri/issues/1249

Signed-off-by: Nishchay Kumar <mrawesomenix@gmail.com>
 2019-08-28 10:24:31 -07:00
Lantao Liu
28aef2fe38 Support CNI DNS capabilities. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-08-22 14:29:04 -07:00
Lantao Liu
10acd8e769 Fix apparmor for privileged. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-08-19 16:28:45 -07:00
Michael Crosby
3995efc7c1 Update cni and go-cni to the v0.7.1 release 
Closes #1236

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2019-08-14 16:19:37 +00:00
Lantao Liu
81ca274c6f Add wildcard mirror support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-08-13 12:02:57 -07:00
Lantao Liu
8021850e91
Merge pull request #1233 from AkihiroSuda/allow-ca-without-client-certs 
allow non-mutual TLS
 2019-08-11 17:07:57 -07:00
Lantao Liu
fd6c732cd7
Merge pull request #1232 from Random-Liu/avoid-schema1-roundtrip 
Remove extra roundtrip for checking schema1.
 2019-08-10 10:25:46 -07:00