The previous names were confusing because v1 may look like shim API v1 (io.containerd.runtime.v1.linux").
Also, v2 may look like cgroup v2.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
- always apt-get update before installing packages
- move to tagged official create_release action
The official GH create_release action now has support for body text from
file.
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
This log message shows up in the client's logs. For any media type that
the client doesn't know about it will wind up with a warning log.
Downgrade this to debug since it is more of a development concern.
We encountered this trying to fetch Docker plugins which has a media
type for plugin configs.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
Provide a snapshotter opt to add labels used by any supporting
snapshotter to handle user namespace filesystem remapping. Currently
supported by the fuse-overlayfs snapshotter, and others can use this
information as well.
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
Restartable Sequences (rseq) are a kernel-based mechanism for fast
update operations on per-core data in user-space. Some libraries, like
the newest version of Google's TCMalloc, depend on it [1].
This also makes dockers default seccomp profile on par with systemd's,
which enabled 'rseq' in early 2019 [2].
1: https://google.github.io/tcmalloc/design.html
2: systemd/systemd@6fee3be
Signed-off-by: Florian Schmaus <flo@geekplace.eu>
[BeforeEach] [k8s.io] Security Context
/home/runner/work/containerd/containerd/src/github.com/kubernetes-sigs/cri-tools/pkg/framework/framework.go:50
W0624 12:26:28.532644 30569 util_unix.go:103] Using "/var/run/containerd/containerd.sock" as endpoint is deprecated, please consider using full url format "unix:///var/run/containerd/containerd.sock".
W0624 12:26:28.532700 30569 util_unix.go:103] Using "/var/run/containerd/containerd.sock" as endpoint is deprecated, please consider using full url format "unix:///var/run/containerd/containerd.sock".
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
We had once updated bbolt from v1.3.3 to v1.3.4 in #4134,
but reverted to v1.3.3 in #4156 due to "fatal error: sweep increased
allocation count" (etcd-io/bbolt#214).
The issue was fixed in bbolt v1.3.5 (etcd-io/bbolt#220).
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
This commit adds a flag through Pull API for allowing GC to clean layer contents
up after unpacking these contents completed.
This patch takes an approach to directly delete GC labels pointing to layers
from the manifest blob. This will result in other snapshotters cannot reuse
these contents on the next pull. But this patch mainly focuses on CRI use-cases
where single snapshotter is usually used throughout the node lifecycle so this
shouldn't be a matter.
Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
Previously shim v2 (`io.containerd.runc.{v1,v2}`) always used `/run/containerd/runc` as the runc root.
Fix#4326
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
