github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
14,630 Commits 3 Branches 4 Tags
730a7fb8c033deb9b83f764d44ee48928f8eb5fd
Commit Graph

444 Commits

Author SHA1 Message Date
Samuel Karp
a39f1146b0 docs: include note about unprivileged sysctls 
We changed the default setting for `enable_unprivileged_ports` and
`enable_unprivileged_icmp` in the CRI plugin in
https://github.com/containerd/containerd/pull/9348, but missed including
this change in the release notes.

Signed-off-by: Samuel Karp <samuelkarp@google.com>
 2025-03-07 08:34:08 +00:00
Akihiro Suda
bf47b6ebc9 docs/containerd-2.0.md: add more highlights 
- CRI support for user namespaces (PR 8803)
- CRI support for recursive read-only mounts (PR 9787)
- CDI is now enabled by default (PR 9621)

Co-authored-by: Samuel Karp <me@samuelkarp.com>
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-11-02 06:27:18 +09:00
Akihiro Suda
f5ce859ee2 docs/containerd-2.0.md: fix the deprecation release of AUFS 
AUFS was deprecated in v1.5, not in v1.7.
See PR 5433

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-11-02 06:19:04 +09:00
Samuel Karp
bc819bc97a docs: add command for finding schema 1 images 
Signed-off-by: Samuel Karp <samuelkarp@google.com>
 2024-10-22 20:44:51 -07:00
Samuel Karp
c86b2772ce docs: update min version for deprecation warnings 
While some warnings were available in earlier versions, the first
"complete" implementation was in 1.7.12 and 1.6.27.

https://github.com/containerd/containerd/issues/9312 tracks that initial
set of warnings.

Signed-off-by: Samuel Karp <samuelkarp@google.com>
 2024-10-22 15:57:26 -07:00
Austin Vazquez
92d327af17 Update tracing docs for containerd 2.0 
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
 2024-10-18 14:50:05 +00:00
Akihiro Suda
d4cabf7179 Merge pull request #10852 from austinvazquez/update-nri-doc-for-2.0 
Update NRI documentation for containerd 2.0
 2024-10-18 12:12:40 +09:00
Austin Vazquez
943b196ad6 Update NRI documentation for containerd 2.0 
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
 2024-10-17 23:33:04 +00:00
Samuel Karp
a6ceb4be0d containerd 2.0 guide: add image verifier plugins 
Signed-off-by: Samuel Karp <samuelkarp@google.com>
 2024-10-17 14:10:29 -07:00
Austin Vazquez
249dd74744 Format link text in containerd 2.0 doc for readability 
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
 2024-10-17 17:11:13 +00:00
Akihiro Suda
3eea3536f1 docs/containerd-2.0.md: mention the removal of cri-containerd-*.tar.gz 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-10-17 19:17:34 +09:00
Austin Vazquez
b724b9f231 Add containerd 2.0 doc 
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
 2024-10-16 17:53:38 +00:00
Maksym Pavlenko
146a977f92 Move features section to a separate file 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2024-09-26 15:32:16 -07:00
Akihiro Suda
a3d84a1727 docs: update for containerd v2 
Fix issue 10132

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-08-16 03:09:50 +09:00
Paul Meyer
d036988eec docs/content-flow: fix code fence delimiter 
Signed-off-by: Paul Meyer <49727155+katexochen@users.noreply.github.com>
 2024-08-05 12:55:48 +02:00
Avi Deitcher
1a5c711c3c update documentation for content-flow 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-07-17 15:29:54 +03:00
bzsuni
22f2af40c0 update pause image to 3.10 
Signed-off-by: bzsuni <bingzhe.sun@daocloud.io>
 2024-05-25 08:17:46 +08:00
Mike Brown
87bab6cdc7 Merge pull request #10238 from MikeZappa87/feature/provideinternalloup 
Add support to set loopback to up
 2024-05-20 14:19:43 +00:00
Michael Zappa
332caf1a15 Provide ability to set lo up without CNI 
Signed-off-by: Michael Zappa <michael.zappa@gmail.com>
 2024-05-17 14:34:55 -06:00
Maksym Pavlenko
90a8667310 Merge pull request #10190 from abel-von/fix-streaming-io-path 
fix: modify streaming io url and add docs of sandboxer and io_type
 2024-05-16 19:57:27 +00:00
Maksym Pavlenko
4fa8ce9d30 Merge pull request #10075 from ZhangShuaiyi/fix/docs 
docs: update registry config guide
 2024-05-16 19:42:21 +00:00
Abel Feng
0b113d78d4 doc: add the description of sandboxer and io_type 
Signed-off-by: Abel Feng <fshb1988@gmail.com>
 2024-05-13 17:42:58 +08:00
Ruihua Wen
fb1f15d304 docs: correct the typo in the documentation 
Signed-off-by: Ruihua Wen <spiffyeight77@gmail.com>
 2024-05-02 02:04:24 +09:00
Avi Deitcher
e07b63d845 document usage and design of blockfile snapshotter 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2024-04-28 11:44:03 +03:00
Akihiro Suda
9d108fa83b Merge pull request #9894 from profnandaa/docs/fix-windows-instructions-2 
fix(docs): fix duplicate instructions for windows installation
 2024-04-23 23:54:59 +00:00
Shuaiyi Zhang
c51463010e docs: update registry config guide 
Signed-off-by: Shuaiyi Zhang <zhang_syi@qq.com>
 2024-04-22 12:01:30 +00:00
Swagat Bora
88b4cc659a address review comments 
Signed-off-by: Swagat Bora <sbora@amazon.com>
 2024-04-02 20:40:55 +00:00
Swagat Bora
f20c49311d Update tracing documentation to add details about manual instrumentation 
Signed-off-by: Swagat Bora <sbora@amazon.com>
 2024-04-02 20:40:55 +00:00
Arash Haghighat
ea681afbaa docs: fix typo 
Signed-off-by: Arash Haghighat <arash@linja.pro>
 2024-03-26 16:45:12 +01:00
Anthony Nandaa
c5ef8a2c26 fix(docs): fix duplicate instructions for windows installation 
This commit fixes the duplicate copy and configure steps for
the Windows powershell scripts.

fixes #9887

It also adds the architecture as a variable in preparation for
the ARM64 support that is coming.

Signed-off-by: Anthony Nandaa <profnandaa@gmail.com>
 2024-02-28 11:21:28 +03:00
Austin Vazquez
413fbe82c7 Fix unpacker link in remote snapshotter docs 
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
 2024-02-10 16:42:24 -08:00
Akihiro Suda
b466b7ef85 Merge pull request #9747 from AkihiroSuda/revert-9713 
Revert "cri: make read-only mounts recursively read-only"
 2024-02-08 10:29:03 +00:00
Akihiro Suda
1f58a53a61 Merge pull request #8048 from profnandaa/docs/windows-setup 
docs: add step to include binaries in the $env:Path
 2024-02-08 08:18:59 +00:00
Anthony Nandaa
9ef94fe528 fix(docs): fix cp and add step to include binaries in the $env:Path 
This commit adds an extra (optional) step for the Windows
installation/set-up to include the containerd binaries in
the $env:Path so that later executions especially
for `ctr.exe` if needed, do not require to specify the full path.

It also further fixes the previous steps to be absolute and
also work with re-installations and upgrades.

Signed-off-by: Anthony Nandaa <profnandaa@gmail.com>
 2024-02-05 11:41:45 +03:00
Krisztian Litkey
fe24b918f6 pkg/nri, docs: enable NRI by default. 
Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
 2024-02-04 11:41:56 +02:00
Akihiro Suda
6670695836 Revert "cri: make read-only mounts recursively read-only" 
Revert PR 9713, as it appeared to break the compatibility too much
https://github.com/kubernetes/enhancements/pull/3858#issuecomment-1925441072

This reverts commit b2f254fff0.

> Conflicts:
>	internal/cri/opts/spec_linux_opts.go

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-02-04 01:17:14 +09:00
Akihiro Suda
b2f254fff0 cri: make read-only mounts recursively read-only 
Prior to this commit, `readOnly` volumes were not recursively read-only and
could result in compromise of data;
e.g., even if `/mnt` was mounted as read-only, its submounts such as
`/mnt/usbstorage` were not read-only.

This commit utilizes runc's "rro" bind mount option to make read-only bind
mounts literally read-only. The "rro" bind mount options is implemented by
calling `mount_setattr(2)` with `MOUNT_ATTR_RDONLY` and `AT_RECURSIVE`.

The "rro" bind mount options requires kernel >= 5.12, with runc >= 1.1 or
a compatible runtime such as crun >= 1.4.

When the "rro" bind mount options is not available, containerd falls back
to the legacy non-recursive read-only mounts by default.

The behavior is configurable via `/etc/containerd/config.toml`:
```toml
version = 2
[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc]
  # treat_ro_mounts_as_rro ("Enabled"|"IfPossible"|"Disabled")
  # treats read-only mounts as recursive read-only mounts.
  # An empty string means "IfPossible".
  # "Enabled" requires Linux kernel v5.12 or later.
  # This configuration does not apply to non-volume mounts such as "/sys/fs/cgroup".
  treat_ro_mounts_as_rro = ""
```

Replaces:
- kubernetes/enhancements issue 3857
- kubernetes/enhancements PR 3858

Note: this change does not affect non-CRI clients such as ctr, nerdctl, and Docker/Moby.
RRO mounts have been supported since nerdctl v0.14 (containerd/nerdctl PR 511)
and Docker v25 (moby/moby PR 45278).

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-02-01 09:39:36 +09:00
谭九鼎
87a9835f16 docs: fix typo 
Signed-off-by: 谭九鼎 <109224573@qq.com>
 2024-01-31 21:37:48 +08:00
Akihiro Suda
ebbce74230 rm docs/cri/installation.md 
The file was replaced with the "Please update your bookmark" page on
Apr 1, 2022 (PR 6758).

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-01-31 05:04:54 +09:00
Samuel Karp
22e1a2e65c Merge pull request #9675 from yanggangtony/clean-indent-for-containerd-config.toml 
Clean plugin indent in containerd-config.toml.5.md
 2024-01-28 09:01:11 +00:00
Akhil Mohan
b608c6f73d doc: fix package import path in sample code 
fix package import path that was changed as part of v2 in sample code
snippets.

Signed-off-by: Akhil Mohan <akhilerm@gmail.com>
 2024-01-26 11:41:30 +05:30
Evan Lezar
ad869e9053 Use tags.cncf.io CDI url in config.md 
Signed-off-by: Evan Lezar <elezar@nvidia.com>
 2024-01-24 14:53:15 +01:00
yanggang
7eccde5d03 Clean plugin indent in containerd-config.toml.5.md 
Signed-off-by: yanggang <gang.yang@daocloud.io>
 2024-01-23 07:02:07 +00:00
Ed Bartosh
c8e8a093ce config: enable CDI by default 
Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
 2024-01-12 09:31:39 +02:00
Derek McGowan
2c8a996330 Merge pull request #9495 from jamesorlakin/chore/hosts-documentation-ns 
Document `ns` query string added to mirror requests
 2023-12-15 19:54:00 +00:00
James Lakin
6bb81ee577 Document ns query string added to mirror requests 
This also adds clarification to the `server` field being used as a fallback.

Signed-off-by: James Lakin <james@jameslakin.co.uk>
 2023-12-11 13:44:39 +00:00
Maksym Pavlenko
bfa651c69f Fix broken links 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-12-09 13:09:39 -08:00
Austin Vazquez
1af0cba1a8 Update documentation for containerd v2.0 packages 
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
 2023-11-16 00:40:21 +00:00
Avi Deitcher
76049170b8 document runtime and shim configuration and selection 
Signed-off-by: Avi Deitcher <avi@deitcher.net>
 2023-11-06 08:59:36 +02:00
Alex Rodriguez
124d3a20a6 Sync ops.md, update CLI --help output to be consistent in descriptions 
Signed-off-by: Alex Rodriguez <alexrodriguez@ibm.com>
 2023-10-30 08:54:29 -07:00