github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
11,778 Commits 3 Branches 4 Tags
5aab634e14022a638ba1d65792f1328b1b7b4c7b
Commit Graph

446 Commits

Author SHA1 Message Date
Danny Canter
5aab634e14 CRI: Pass sandbox annotations to _other platforms 
!windows and !linux weren't getting passed the sandbox annotations.

Signed-off-by: Danny Canter <danny@dcantah.dev>
 2023-02-13 13:03:51 -08:00
Derek McGowan
edb8ebaf07 Merge pull request #8047 from ruiwen-zhao/send_nil 
Send container events with nil PodSandboxStatus
 2023-02-13 11:38:14 -08:00
Derek McGowan
164ac924f8 Merge pull request #7984 from aitumik/aitumik/add-host-network-tests 
test: add hostNetwork tests for both windows and linux
 2023-02-13 11:37:20 -08:00
Fu Wei
2654ece1d0 Merge pull request #8066 from fuweid/cleanup-blockio-init 
*: introduce wrapper pkgs for blockio and rdt
 2023-02-13 14:05:32 +08:00
Derek McGowan
c6cf6b2522 Merge pull request #8093 from mxpv/instrument 
Extract CRI instrument into separate package
 2023-02-12 21:45:13 -08:00
Maksym Pavlenko
750d18aced Extract CRI instrument package 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-02-12 20:49:15 -08:00
Fu Wei
040fcf85f0 Merge pull request #8091 from dcantah/mirror-generic-toml-change 2023-02-12 11:23:34 +08:00
Akihiro Suda
b61988670c go.mod: github.com/containerd/typeurl/v2 v2.1.0 
Changes: https://github.com/containerd/typeurl/compare/7f6e6d160d67...v2.1.0

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-02-11 23:39:52 +09:00
Danny Canter
74b371b98a CRI: Mirror generic toml runtime config under server 
In https://github.com/containerd/containerd/pull/7764 it was made
so that generic runtime options in the containerd toml config file
would get passed to shims regardless of if containerd knew of the
type beforehand and could supply the struct. However, this was only
added for the sandbox server fork here and not the regular ol' CRI
server. This change just mirrors the parts that need to be plopped in
pkg/cri/server

Signed-off-by: Danny Canter <danny@dcantah.dev>
 2023-02-11 05:18:52 -08:00
ruiwen-zhao
51a8db233d Send container events with nil PodSandboxStatus 
Signed-off-by: ruiwen-zhao <ruiwen@google.com>
 2023-02-11 01:34:39 +00:00
ruiwen-zhao
27c8f4085c Move PLEG event generation back to sbserver to avoid missing pod sandbox status 
Signed-off-by: ruiwen-zhao <ruiwen@google.com>
 2023-02-11 01:34:33 +00:00
Fu Wei
362ba2c743 Merge pull request #7981 from dmcgowan/sandbox-controller-interface-refactor 
[sandbox] refactor controller interface
 2023-02-11 09:22:36 +08:00
Nathan
7cf5560754 test: add hostNetwork tests for both windows and linux 
Signed-off-by: Nathan <aitumik@protonmail.com>
 2023-02-11 00:15:48 +03:00
Zechun Chen
b944b108df Clean up repeated package import 
Signed-off-by: Zechun Chen <zechun.chen@daocloud.io>
 2023-02-10 16:21:55 +08:00
Wei Fu
62df35df66 *: introduce wrapper pkgs for blockio and rdt 
Before this patch, both the RdtEnabled and BlockIOEnabled are provided
by services/tasks pkg. Since the services/tasks can be pkg plugin which
can be initialized multiple times or concurrently. It will fire data-race
issue as there is no mutex to protect `enable`.

This patch is aimed to provide wrapper pkgs to use intel/{blockio,rdt}
safely.

Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-02-10 08:21:34 +08:00
Derek McGowan
b0e97c0f9b Use multierror for cleanup error 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-02-07 11:06:14 -08:00
Derek McGowan
a788f6c799 Move local sandbox controller under plugins package 
Add options to sandbox controller interface.
Update sandbox controller interface to fully utilize sandbox controller
interface.
Move grpc error conversion to service.

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-02-06 22:04:45 -08:00
Derek McGowan
2717685dad Refactor sandbox controller interface 
Update the sandbox controller interface to use local types rather than
using the API types.

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-02-06 21:39:30 -08:00
Maksym Pavlenko
1f35b03369 Fix sandbox exit monitor 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-02-02 14:02:52 -08:00
Phil Estes
6116820aeb Merge pull request #8036 from ktock/remotesnlabel 
Export remote snapshotter label handler
 2023-02-02 11:53:43 -05:00
Kohei Tokunaga
dbf384a5a8 Export remote snapshotter label handler 
Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
 2023-02-01 23:03:23 +09:00
Derek McGowan
ee0e22f01c Merge pull request #8020 from AkihiroSuda/mkdir-etc-cni-0755 
cri: mkdir /etc/cni with 0755, not 0700
 2023-01-30 10:21:30 -08:00
Akihiro Suda
b36b415526 cri: mkdir /etc/cni with 0755, not 0700 
/etc/cni has to be readable for non-root users (0755), because /etc/cni/tuning/allowlist.conf is used for rootless mode too.
This file was introduced in CNI plugins 1.2.0 (containernetworking/plugins PR 693), and its path is hard-coded.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-01-29 07:49:36 +09:00
Maksym Pavlenko
21fe0ceaad Move PLEG events for pause container to podsandbox 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-25 19:28:48 -08:00
Sebastiaan van Stijn
4f39b164f3 pkg/cri: optimize slice initialization 
Some of this code was originally added in b7b1200dd3,
which likely meant to initialize the slice with a length to reduce allocations,
however, instead of initializing with a zero-length and a capacity, it
initialized the slice with a fixed length, which was corrected in commit
0c63c42f81.

This patch initializes the slice with a zero-length and expected capacity.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2023-01-24 20:46:20 +01:00
Maksym Pavlenko
f9f8455332 Backport #7393 to sbserver 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-17 14:36:21 -08:00
Maksym Pavlenko
0cbfb3375f Backport #7661 to sbserver 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-17 14:31:47 -08:00
Maksym Pavlenko
41eabf134a Backport #7685 to sbserver 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-17 14:26:16 -08:00
Maksym Pavlenko
b0d7a96976 Backport unit test from #7882 to sbserver 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-17 14:26:16 -08:00
Maksym Pavlenko
1ade777c24 Add basic spec and mounts for Darwin 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-12 17:00:40 -08:00
Maksym Pavlenko
3c8469a782 Use Platform instead of generated API 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-12 10:30:42 -08:00
Maksym Pavlenko
40be96efa9 Have separate spec builder for each platform 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:12:25 -08:00
Maksym Pavlenko
fdfa3519a3 Remove unused params from platformSpec 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:03:59 -08:00
Maksym Pavlenko
1c1d8fb057 Update OCI spec tests for generic platform 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:03:59 -08:00
Maksym Pavlenko
f43d8924e4 Move most of OCI spec options to common builder 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:03:59 -08:00
Maksym Pavlenko
21338d2777 Add stub to build common OCI spec 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:03:59 -08:00
Maksym Pavlenko
f318e5630b Update sandbox API to return target platform 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:03:59 -08:00
Maksym Pavlenko
dd22a3a806 Move WithMounts to specs 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:03:59 -08:00
Maksym Pavlenko
0ae0399b16 Make OCI spec opts available on all platforms 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:03:58 -08:00
Qasim Sarfraz
9c8c4508ec cri: Fix TestUpdateOCILinuxResource for host w/o swap controller 
Tested on Ubuntu 20.04 w/o swap controller:
```
$ stat -fc %T /sys/fs/cgroup/
tmpfs
$ la -la /sys/fs/cgroup/memory/memory.memsw.limit_in_bytes
ls: cannot access '/sys/fs/cgroup/memory/memory.memsw.limit_in_bytes': No such file or directory
$  go test -v ./pkg/cri/sbserver/ -run TestUpdateOCILinuxResource
=== RUN   TestUpdateOCILinuxResource
=== RUN   TestUpdateOCILinuxResource/should_be_able_to_patch_the_unified_map
=== RUN   TestUpdateOCILinuxResource/should_be_able_to_update_each_resource
=== RUN   TestUpdateOCILinuxResource/should_skip_empty_fields
=== RUN   TestUpdateOCILinuxResource/should_be_able_to_fill_empty_fields
--- PASS: TestUpdateOCILinuxResource (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_be_able_to_patch_the_unified_map (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_be_able_to_update_each_resource (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_skip_empty_fields (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_be_able_to_fill_empty_fields (0.00s)
PASS
ok      github.com/containerd/containerd/pkg/cri/sbserver       (cached)
$ go test -v ./pkg/cri/server/ -run TestUpdateOCILinuxResource
=== RUN   TestUpdateOCILinuxResource
=== RUN   TestUpdateOCILinuxResource/should_be_able_to_update_each_resource
=== RUN   TestUpdateOCILinuxResource/should_skip_empty_fields
=== RUN   TestUpdateOCILinuxResource/should_be_able_to_fill_empty_fields
=== RUN   TestUpdateOCILinuxResource/should_be_able_to_patch_the_unified_map
--- PASS: TestUpdateOCILinuxResource (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_be_able_to_update_each_resource (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_skip_empty_fields (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_be_able_to_fill_empty_fields (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_be_able_to_patch_the_unified_map (0.00s)
PASS
ok      github.com/containerd/containerd/pkg/cri/server (cached)
```

Signed-off-by: Qasim Sarfraz <qasimsarfraz@microsoft.com>
 2023-01-10 15:41:04 +01:00
Maksym Pavlenko
06bfcd658c Enable dupword linter 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-03 12:47:16 -08:00
Danny Canter
3f0edb249b CRI: Comment cleanup/misc fixes 
Comments in initPlatform for Windows states that the options were
Linux specific. Additionally properly wrap an error after trying
to setup CDI on Linux.

Signed-off-by: Danny Canter <danny@dcantah.dev>
 2023-01-02 18:55:31 -08:00
xin.li
1753e5af7a Reused errdefs for error 
Signed-off-by: xin.li <xin.li@daocloud.io>
 2023-01-02 21:39:20 +08:00
Rodrigo Campos
72ef986222 cri: Simplify parseUsernsIDs() 
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2022-12-30 16:49:28 -03:00
Rodrigo Campos
4eed20fc31 cri: Verify userns container config is consisten with sandbox 
The sandbox and container both have the userns config. Lets make sure
they are the same, therefore consistent.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2022-12-30 15:07:54 -03:00
Rodrigo Campos
a44b356274 cri: Fix assert vs require in tests 
Currently we require that c.containerSpec() does not return an error
if test.err is not set.

However, if the require fails (i.e. it indeed returned an error) the
rest of the code is executed anyways. The rest of the code assumes it
did not return an error (so code assumes spec is not nil). This fails
miserably if it indeed returned an error, as spec is nil and go crashes
while running the unit tests.

Let's require it is not an error, so code does not continue to execute
if that fails and go doesn't crash.

In the test.err case is not harmful the bug of using assert, but let's
switch it to require too as that is what we really want.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2022-12-30 14:02:10 -03:00
Samuel Karp
b0b28f1d8e Merge pull request #7879 from fuweid/clean-build-tags 2022-12-30 00:22:03 -08:00
Rodrigo Campos
3b48fb5b59 cri: Shadow variables to avoid t.Parallel() issues 
This is a follow-up suggested by Fu Wei.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2022-12-29 18:16:20 -03:00
Mike Brown
66f186d42d Merge pull request #7679 from kinvolk/rata/userns-stateless-pods 
Add support for user namespaces in stateless pods (KEP-127)
 2022-12-29 14:08:24 -06:00
Wei Fu
6b7e237fc7 chore: use go fix to cleanup old +build buildtag 
Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2022-12-29 14:25:14 +08:00