github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
11,944 Commits 3 Branches 2 Tags 112 MiB
5630d6a840
Commit Graph

601 Commits

Author SHA1 Message Date
Akihiro Suda
5630d6a840
go.mod: github.com/containerd/fifo v1.1.0 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-03-07 22:06:38 +09:00
Akihiro Suda
6d95132313
go.mod: github.com/containerd/cgroups/v3 v3.0.1 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-03-07 22:06:38 +09:00
Akihiro Suda
da1ffdd757
go.mod: github.com/Microsoft/hcsshim v0.10.0-rc.7 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-03-07 21:48:06 +09:00
Akihiro Suda
c77ddf5381
Merge pull request #8131 from lucacome/bump-k8s.io-deps 
Bump k8s.io deps
 2023-03-07 21:44:13 +09:00
Akihiro Suda
56f629fd9c
Merge pull request #8217 from dmcgowan/update-imgcrypt 
Update imgcrypt to v1.1.7
 2023-03-07 21:40:10 +09:00
Fu Wei
5ae3a7f417
Merge pull request #8198 from kiashok/argsEscapedSupportInCri 
Add ArgsEscaped support for CRI
 2023-03-07 16:12:24 +08:00
Derek McGowan
60738e31d2
Update imgcrypt to v1.1.7 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-03-06 22:22:26 -08:00
Kirtana Ashok
8137e41c48 Add ArgsEscaped support for CRI 
This commit adds supports for the ArgsEscaped
value for the image got from the dockerfile.
It is used to evaluate and process the image
entrypoint/cmd and container entrypoint/cmd
options got from the podspec.

Signed-off-by: Kirtana Ashok <Kirtana.Ashok@microsoft.com>
 2023-03-03 13:38:06 -08:00
Wei Fu
55e25f1644 integration: add testcase to drain exec IO in time 
Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-03-03 11:59:07 +08:00
Wei Fu
a9cbddd65d *: fix typo and skip exec-io-drain-testcase in win 
Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-03-02 21:57:43 +08:00
Luca Comellini
8145b15f08
Bump k8s.io deps 
Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2023-03-01 21:37:21 -08:00
Wei Fu
82c0f4ff86 pkg/cri/server: add timeout to drain exec io 
By default, the child processes spawned by exec process will inherit standard
io file descriptors. The shim server creates a pipe as data channel. Both exec
process and its children write data into the write end of the pipe. And the
shim server will read data from the pipe. If the write end is still open, the
shim server will continue to wait for data from pipe.

So, if the exec command is like `bash -c "sleep 365d &"`, the exec process is
bash and quit after create `sleep 365d`. But the `sleep 365d` will hold the
write end of the pipe for a year! It doesn't make senses that CRI plugin
should wait for it.

For this case, we should use timeout to drain exec process's io instead of
waiting for it.

Fixes: #7802

Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-03-02 13:06:45 +08:00
Derek McGowan
a5a4c9ce04
Merge pull request #8173 from fuweid/update-go-cni-ver 
bump go-cni to v1.1.9
 2023-02-27 23:22:44 -08:00
Akihiro Suda
e0a05b56e5
Merge pull request #8152 from bart0sh/PR007-upgrade-CDI-to-0.5.4 
update CDI version to v0.5.4
 2023-02-28 09:22:30 +09:00
Wei Fu
36ae2f6b9e bump go-cni to v1.1.9 
Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-02-28 07:30:59 +08:00
Krisztian Litkey
310be5ce6e pkg/nri: update NRI configuration. 
Update NRI plugin configuration to match that of NRI. Remove
option for the eliminated NRI configuration file. Add option
to disable connections from externally launched plugins. Add
options to override default plugin registration and request
timeouts.

Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
 2023-02-26 19:56:31 +02:00
Ed Bartosh
30e4a14092 update CDI version to v0.5.4 
Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
 2023-02-22 16:38:37 +02:00
Fu Wei
8cb00f45c9
Merge pull request #8143 from mxpv/log 
Add Fields type alias to log package
 2023-02-21 10:22:23 +08:00
Maksym Pavlenko
06e085c8b5 Add Fields type alias to log package 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-02-20 17:29:08 -08:00
Benjamin Wang
2716fd041a dependency: bump go.etcd.io/bbolt to v1.3.7 
Please refer to link below to get more detailed info on bbolt@v1.3.7,
- https://github.com/etcd-io/bbolt/blob/master/CHANGELOG/CHANGELOG-1.3.md#v1372023-01-31

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2023-02-17 16:34:53 +08:00
Maksym Pavlenko
24cf85f5a3
Merge pull request #8103 from AkihiroSuda/go-1.20 
Go 1.20.1
 2023-02-15 20:09:28 -08:00
Derek McGowan
f885e07456
Merge pull request #8044 from fish98/main 
docs: fix function names in fuzzing test documentation
 2023-02-15 15:23:15 -08:00
Derek McGowan
aa6418fadd
Merge pull request from GHSA-hmfx-3pcx-653p 
oci: fix additional GIDs
 2023-02-15 13:45:14 -08:00
Akihiro Suda
281f89a9dc
go.mod: go 1.19 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-02-16 03:50:23 +09:00
Zechun Chen
39bac0dbef error strings should not be capitalized 
Signed-off-by: Zechun Chen <zechun.chen@daocloud.io>
 2023-02-15 14:30:36 +08:00
Casey Callendrello
d14758b605 go.mod: bump to go-cni main 
Signed-off-by: Casey Callendrello <c1@caseyc.net>
 2023-02-14 16:49:17 +01:00
Akihiro Suda
4e2eb8ba4e
Merge pull request #7964 from dmcgowan/transfer-image-store-references 
[transfer] update imagestore interface to support multiple references
 2023-02-14 11:22:27 +09:00
Derek McGowan
081601f521
Update imagestore interface to support multiple references 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-02-13 13:58:33 -08:00
Derek McGowan
edb8ebaf07
Merge pull request #8047 from ruiwen-zhao/send_nil 
Send container events with nil PodSandboxStatus
 2023-02-13 11:38:14 -08:00
Akihiro Suda
b61988670c
go.mod: github.com/containerd/typeurl/v2 v2.1.0 
Changes: https://github.com/containerd/typeurl/compare/7f6e6d160d67...v2.1.0

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-02-11 23:39:52 +09:00
ruiwen-zhao
27c8f4085c Move PLEG event generation back to sbserver to avoid missing pod sandbox status 
Signed-off-by: ruiwen-zhao <ruiwen@google.com>
 2023-02-11 01:34:33 +00:00
Akihiro Suda
3eda46af12
oci: fix additional GIDs 
Test suite:
```yaml

---
apiVersion: v1
kind: Pod
metadata:
  name: test-no-option
  annotations:
    description: "Equivalent of `docker run` (no option)"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=0(root) gid=0(root) groups=0(root),10(wheel)" ]']
---
apiVersion: v1
kind: Pod
metadata:
  name: test-group-add-1-group-add-1234
  annotations:
    description: "Equivalent of `docker run --group-add 1 --group-add 1234`"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=0(root) gid=0(root) groups=0(root),1(daemon),10(wheel),1234" ]']
  securityContext:
    supplementalGroups: [1, 1234]
---
apiVersion: v1
kind: Pod
metadata:
  name: test-user-1234
  annotations:
    description: "Equivalent of `docker run --user 1234`"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=1234 gid=0(root) groups=0(root)" ]']
  securityContext:
    runAsUser: 1234
---
apiVersion: v1
kind: Pod
metadata:
  name: test-user-1234-1234
  annotations:
    description: "Equivalent of `docker run --user 1234:1234`"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=1234 gid=1234 groups=1234" ]']
  securityContext:
    runAsUser: 1234
    runAsGroup: 1234
---
apiVersion: v1
kind: Pod
metadata:
  name: test-user-1234-group-add-1234
  annotations:
    description: "Equivalent of `docker run --user 1234 --group-add 1234`"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=1234 gid=0(root) groups=0(root),1234" ]']
  securityContext:
    runAsUser: 1234
    supplementalGroups: [1234]
```

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-02-10 15:53:00 +09:00
Akihiro Suda
52f82acb7b
btrfs: depend on kernel UAPI instead of libbtrfs 
See containerd/btrfs PR 40 and moby/moby PR 44761. (Thanks to [@]neersighted.)

The containerd/btrfs library now requires headers from kernel 4.12 or newer:
- https://github.com/torvalds/linux/blob/master/include/uapi/linux/btrfs.h
- https://github.com/torvalds/linux/blob/master/include/uapi/linux/btrfs_tree.h

These files are licensed under the GPL-2.0 WITH Linux-syscall-note, so it should be compatible with the Apache License 2.0.
https://spdx.org/licenses/Linux-syscall-note.html

The dependency on the kernel headers only affects users building from source.
Users on older kernels may opt to not compile this library (`BUILDTAGS=no_btfs`),
or to provide headers from a newer kernel.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-02-10 10:07:34 +09:00
TTFISH
5bc3fea621 update fuzz function names in docs with golang naming convention 
Signed-off-by: Jiongchi Yu <jcyu.2022@phdcs.smu.edu.sg>
 2023-02-06 17:59:07 +08:00
Kirtana Ashok
e5c57f2422 update hcsshim tag to v0.10.0-rc.5 and revendor 
Signed-off-by: Kirtana Ashok <Kirtana.Ashok@microsoft.com>
 2023-02-03 10:50:56 -08:00
TTFISH
904a87d26d docs: fix function names in fuzzing test documentation 
Signed-off-by: Jiongchi Yu <jcyu.2022@phdcs.smu.edu.sg>
 2023-02-03 23:19:00 +08:00
Maksym Pavlenko
99580e0aad Update TTRPC and Protobuild dependencies 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-02-02 09:58:43 -08:00
Sebastiaan van Stijn
d6070f8a74
go.mod: github.com/urfave/cli v1.22.12 
full diff: https://github.com/urfave/cli/compare/v1.22.10...v1.22.12

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2023-02-01 12:42:03 +01:00
Krisztian Litkey
58bd5a0940 go.mod: update github.com/containerd/nri. 
Point NRI dependency to latest HEAD, commit b3cabdec0657. That
pulls in the necessary NRI fix for a recently discovered panic
and crash.

Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
 2023-01-31 15:03:45 +02:00
Tony Fang
c46aaa8df4 Add integration test for tracing on image pull 
Create an in-memory exporter and global tracer provider
Pull image with client which should create spans
Validate spans in the exporter

Signed-off-by: Tony Fang <nhfang@amazon.com>
 2023-01-31 05:45:26 +00:00
Akihiro Suda
b5bdd6c7f2
Merge pull request #8027 from AkihiroSuda/containerd-cgroups-v3 
go.mod: github.com/containerd/cgroups/v3 v3.0.0
 2023-01-30 23:06:47 +09:00
Aditi
7ec75b1207 Update CNI to 1.2.0 
Signed-off-by: Aditi <sharmaad@vmware.com>
 2023-01-30 10:25:37 +00:00
Akihiro Suda
306db3e707
go.mod: github.com/containerd/cgroups/v3 v3.0.0 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-01-30 11:57:46 +09:00
Akihiro Suda
5082fb3958
go.mod: go.opentelemetry.io/otel v1.12.0 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-01-30 08:40:46 +09:00
Wei Fu
8886b05dc3 integration: use sleep inf with busybox:1.36 
Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-01-29 18:02:18 +08:00
Wei Fu
005d30e849 deflake: TestContainerPids 
It is kind of race because `sleep 1s` is short live process.

See: https://github.com/containerd/containerd/issues/7965#issuecomment-1383218025
Fixes: #7965

Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-01-29 16:51:52 +08:00
Kazuyoshi Kato
753bfd6575
Merge pull request #7959 from Jenkins-J/fix-mem-limit-test 
Fix Memory Limit test
 2023-01-26 10:33:35 -08:00
Markus Lehtonen
d845b2a9c2 go.mod: update goresctrl to v0.3.0 
Update github.com/intel/goresctrl to v0.3.0 which ontains multiple
bugfixes to rdt support.

Signed-off-by: Markus Lehtonen <markus.lehtonen@intel.com>
 2023-01-24 11:34:33 +02:00
James Jenkins
b1c5c57be0 Fix Memory Limit test 
Modify the memory limit test, allowing the test to pass when swap is not
enabled.

Signed-off-by: James Jenkins <James.Jenkins@ibm.com>
 2023-01-17 13:07:28 -05:00
Kirtana Ashok
66eeee0439 Update hcsshim tag to v0.10.0-rc.4 
Signed-off-by: Kirtana Ashok <Kirtana.Ashok@microsoft.com>
 2023-01-12 11:29:01 -08:00