github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
11,585 Commits 3 Branches 4 Tags
76d68b080ef69407129a5925ae5b97f1c9010dea
Commit Graph

545 Commits

Author SHA1 Message Date
Akihiro Suda
76d68b080e container_stats_test.go: avoid checking snapshot size 
On Linux, the snapshot size differs depending on the backing filesystem.
See issue 7909.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-01-04 02:20:41 +09:00
Akihiro Suda
24a255ce96 Merge pull request #7850 from dmcgowan/sandbox-store-local-plugin 
[sandbox] Add sandbox store plugin type
 2023-01-04 00:21:06 +09:00
Akihiro Suda
88c8480a38 Merge pull request #7893 from AkihiroSuda/fix-7890 
Fix TestUpdateContainerResources_Memory* on cgroup v2 hosts
 2023-01-03 19:52:50 +09:00
Akihiro Suda
5a00d28a6f Fix TestUpdateContainerResources_Memory* on cgroup v2 hosts 
Fix issue 7890

Tested on Ubuntu 22.10, with swapon and swapoff:
```
$ GITHUB_WORKSPACE="" ENABLE_CRI_SANDBOXES="" CONTAINERD_RUNTIME=io.containerd.runc.v2 FOCUS=TestUpdateContainerResources_Memory make cri-integration
...
=== RUN   TestUpdateContainerResources_MemorySwap
    container_update_resources_test.go:161: Create a sandbox
INFO[0000] Using the following image list: {Alpine:docker.io/library/alpine:latest BusyBox:docker.io/library/busybox:latest Pause:registry.k8s.io/pause:3.8 ResourceConsumer:registry.k8s.io/e2e-test-images/resource-consumer:1.10 VolumeCopyUp:ghcr.io/containerd/volume-copy-up:2.1 VolumeOwnership:ghcr.io/containerd/volume-ownership:2.1}
    main_test.go:663: Image "registry.k8s.io/pause:3.8" already exists, not pulling.
    container_update_resources_test.go:174: Create a container with memory limit but no swap
    container_update_resources_test.go:186: Check memory limit in container OCI spec
    container_update_resources_test.go:194: Check memory limit in container OCI spec
    container_update_resources_test.go:200: Start the container
    container_update_resources_test.go:205: Check memory limit in cgroup
    container_update_resources_test.go:211: Update container memory limit after started
    container_update_resources_test.go:217: Check memory limit in container OCI spec
    container_update_resources_test.go:222: Check memory limit in cgroup
--- PASS: TestUpdateContainerResources_MemorySwap (0.88s)
=== RUN   TestUpdateContainerResources_MemoryLimit
    container_update_resources_test.go:228: Create a sandbox
    main_test.go:663: Image "registry.k8s.io/pause:3.8" already exists, not pulling.
    container_update_resources_test.go:238: Create a container with memory limit
    container_update_resources_test.go:249: Check memory limit in container OCI spec
    container_update_resources_test.go:257: Update container memory limit after created
    container_update_resources_test.go:263: Check memory limit in container OCI spec
    container_update_resources_test.go:269: Start the container
    container_update_resources_test.go:274: Check memory limit in cgroup
    container_update_resources_test.go:280: Update container memory limit after started
    container_update_resources_test.go:286: Check memory limit in container OCI spec
    container_update_resources_test.go:292: Check memory limit in cgroup
--- PASS: TestUpdateContainerResources_MemoryLimit (0.91s)
PASS
```

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-01-02 13:15:38 +09:00
Akihiro Suda
a5ea5935b7 integration/images: switch away from Docker Hub to avoid rate limit 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-01-02 05:49:30 +09:00
Samuel Karp
b0b28f1d8e Merge pull request #7879 from fuweid/clean-build-tags 2022-12-30 00:22:03 -08:00
Wei Fu
6b7e237fc7 chore: use go fix to cleanup old +build buildtag 
Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2022-12-29 14:25:14 +08:00
Rodrigo Campos
ca69ae2656 Add integration tests for CRI userns 
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2022-12-27 22:01:12 -03:00
Derek McGowan
47fee791f6 Add sandbox store plugin type 
Moves the sandbox store plugin under the plugins packages and adds a
unique plugin type for other plugins to depend on it.
Updates the sandbox controller plugin to depend on the sandbox store
plugin.

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2022-12-20 23:05:14 -08:00
Samuel Karp
3233d5d6f5 Merge pull request #7845 from dcantah/fix-noip-onrestart 
Fixes https://github.com/containerd/containerd/issues/7843
 2022-12-20 14:28:54 -08:00
Danny Canter
3ee6dd5c1b CRI: Fix no CNI info for pod sandbox on restart 
Due to when we were updating the pod sandboxes underlying container
object, the pointer to the sandbox would have the right info, but
the on-disk representation of the data was behind. This would cause
the data returned from loading any sandboxes after a restart to have
no CNI result or IP information for the pod.

This change does an additional update to the on-disk container info
right after we invoke the CNI plugin so the metadata for the CNI result
and other networking information is properly flushed to disk.

Signed-off-by: Danny Canter <danny@dcantah.dev>
 2022-12-20 13:20:27 -08:00
Kazuyoshi Kato
d5dd11dcdc Enable checkRename test 
One of the cases wouldn't work on overlayfs, but other cases and/or
snapshotters should be tested.

Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
 2022-12-19 22:06:07 +00:00
Sebastiaan van Stijn
ce4ea26953 go.mod: update fuzz-headers and fuzz-build 
Slowly chipping away non-tagged golang.org/x/ packages

diffs:

- b2031950a3...5330a85ea6
- 3345c89a7c...d395f97c48

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-12-15 17:36:05 +01:00
Maksym Pavlenko
373c26d585 Merge pull request #7709 from lucacome/bump-grpc 
Bump grpc to v1.51.0
 2022-12-13 22:21:00 -08:00
Phil Estes
ecf00ffe84 Merge pull request #7783 from inspektor-gadget/qasim/cri-disable-swap 
cri: make swapping disabled with memory limit
 2022-12-13 15:21:51 -05:00
Luca Comellini
d7507c3c13 Bump grpc to v1.51.0 
Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2022-12-12 09:16:53 -08:00
Mike Brown
4f4fa9b497 Merge pull request #7791 from fuweid/follow-up-7073 
integration: increase timeout in container_event_test.go
 2022-12-09 12:43:05 -06:00
Phil Estes
a7428f4473 Merge pull request #7732 from AkihiroSuda/sha256-simd 
digest: use github.com/minio/sha256-simd
 2022-12-09 09:37:37 -05:00
Wei Fu
423f4388b4 integration: increase timeout in container_event_test.go 
Follow-up: https://github.com/containerd/containerd/pull/7073#discussion_r1044142416

Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2022-12-09 15:26:49 +08:00
Fu Wei
f2cf411b79 Merge pull request #7073 from ruiwen-zhao/event 
Add container event support to containerd
 2022-12-09 15:24:23 +08:00
ruiwen-zhao
a338abc902 Add container event support to containerd 
Signed-off-by: ruiwen-zhao <ruiwen@google.com>
 2022-12-08 19:30:39 +00:00
Maksym Pavlenko
3bc8fc4d30 Cleanup build constraints 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-12-08 09:36:20 -08:00
Qasim Sarfraz
69975b92bb cri: make swapping disabled with memory limit 
OCI runtime spec defines memory.swap as 'limit of memory+Swap usage'
so setting them to equal should disable the swap. Also, this change
should make containerd behaviour same as other runtimes e.g
'cri-dockerd/dockershim' and won't be impacted when user turn on
'NodeSwap' (https://github.com/kubernetes/enhancements/issues/2400) feature.

Signed-off-by: Qasim Sarfraz <qasimsarfraz@microsoft.com>
 2022-12-08 13:54:55 +01:00
Akihiro Suda
cde9490779 digest: use github.com/minio/sha256-simd 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2022-12-08 18:50:00 +09:00
Sebastiaan van Stijn
662d8a085e vendor: golang.org/x/net v0.4.0 
golang.org/x/net contains a fix for CVE-2022-41717, which was addressed
in stdlib in go1.19.4 and go1.18.9;

> net/http: limit canonical header cache by bytes, not entries
>
> An attacker can cause excessive memory growth in a Go server accepting
> HTTP/2 requests.
>
> HTTP/2 server connections contain a cache of HTTP header keys sent by
> the client. While the total number of entries in this cache is capped,
> an attacker sending very large keys can cause the server to allocate
> approximately 64 MiB per open connection.
>
> This issue is also fixed in golang.org/x/net/http2 v0.4.0,
> for users manually configuring HTTP/2.

full diff: https://github.com/golang/net/compare/c63010009c80...v0.4.0

other dependency updates (due to (circular) dependencies between them):

- golang.org/x/sys v0.3.0: https://github.com/golang/sys/compare/v0.2.0...v0.3.0
- golang.org/x/term v0.3.0: https://github.com/golang/term/compare/v0.1.0...v0.3.0
- golang.org/x/text v0.5.0: https://github.com/golang/text/compare/v0.4.0...v0.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-12-07 22:20:44 +01:00
Krisztian Litkey
740e90177a go.mod: re-vendor NRI from the official repo. 
Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
 2022-12-02 19:07:30 +02:00
Derek McGowan
51195ad099 Merge pull request #7731 from mxpv/cri 
[Sandbox API] CRI status cleanup
 2022-12-01 13:43:13 -08:00
Derek McGowan
0762a3a759 Add media type to export stream 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2022-11-30 12:56:57 -08:00
Derek McGowan
11c1c8e6f4 Update import logic 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2022-11-30 12:56:56 -08:00
Derek McGowan
cd67a98ec7 Add transfer integration test 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2022-11-30 12:56:54 -08:00
Derek McGowan
c469f67a2b Merge pull request #6019 from klihub/pr/proto/nri 
NRI: add support for NRI with extended scope.
 2022-11-30 10:42:17 -08:00
Kirtana Ashok
08d5879f32 Added nullptr checks to pkg/cri/server and sbserver 
Signed-off-by: Kirtana Ashok <Kirtana.Ashok@microsoft.com>
 2022-11-29 13:25:49 -08:00
Maksym Pavlenko
cc111eef61 [sandbox] Move sandbox info to podsandbox controller 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-11-28 12:06:41 -08:00
Krisztian Litkey
ca84aba6cc integration: add first NRI integration tests. 
Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
 2022-11-28 21:51:25 +02:00
Krisztian Litkey
43704ca888 nri: add experimental NRI plugin. 
Add a common NRI 'service' plugin. It takes care of relaying
requests and respones to and from NRI (external NRI plugins)
and the high-level containerd namespace-independent logic of
applying NRI container adjustments and updates to actual CRI
and other containers.

The namespace-dependent details of the necessary container
manipulation operations are to be implemented by namespace-
specific adaptations. This NRI plugin defines the API which
such adaptations need to implement.

Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
 2022-11-28 21:51:06 +02:00
Phil Estes
e0be97ccee Merge pull request #7721 from thaJeztah/protobuf_extensions_fix 
go.mod: golang_protobuf_extensions v1.0.4 - prevent incompatible versions
 2022-11-28 12:22:50 -05:00
Sebastiaan van Stijn
2136736f52 go.mod: golang_protobuf_extensions v1.0.4 - prevent incompatible versions 
This module made a whoopsie, and updated to `google.golang.org/protobuf`
in a patch release, but `google.golang.org/protobuf` is not backward
compatible with `github.com/golang/protobuf`.

Updating the minimum version to v1.0.4 which corrects this, to prevent
users of containerd as a module from accidentally pulling in the wrong
version:

- v1.0.3 switched to use `google.golang.org/protobuf`; https://github.com/matttproud/golang_protobuf_extensions/compare/v1.0.2..v1.0.3
- This was reverted in v1.0.4 (which is the same as v1.0.2); https://github.com/matttproud/golang_protobuf_extensions/compare/v1.0.3..v1.0.4
- And a `v2` was created instead; https://github.com/matttproud/golang_protobuf_extensions/releases/tag/v2.0.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-11-25 15:06:58 +01:00
Sebastiaan van Stijn
63c6c55ab4 go.mod: roll back github.com/containerd/cgroups to v1.0.4 release 
This was updated in 470d3ee057, but we
only needed the ebpf update. As nothing depends on this module anymore,
other than for the stats package (which didn't change in between), we
can (for now) roll it back to v1.0.4, and just force the newer ebpf
package.

Things rolled back (doesn't affect vendored code);

https://github.com/containerd/cgroups/compare/7083cd60b721..v1.0.4

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-11-25 10:00:37 +01:00
Sebastiaan van Stijn
3c1c0878e3 integration/client: update containerd version to v1.7.0-beta.0 
While the version isn't used (as it's replaced), let's keep it somewhat
in line with reality :)

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-11-25 09:29:03 +01:00
Sebastiaan van Stijn
ebd63adac2 integration/client: fix go.mod grouping 
go.mod doesn't always do a great job on keeping the dependencies grouped in the
right block; 2b60770c4b added an extra "require"
block, after which things went downward.

This patch is grouping them back in the right block to nudge it in the right
direction.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-11-25 09:22:36 +01:00
Samuel Karp
7d3ca170fd Merge pull request #7426 from samuelkarp/port-pr-5904-to-sbserver 2022-11-22 16:02:15 -08:00
AdamKorcz
ed3a49c0e6 fix for OSS-Fuzz infra changes 
Signed-off-by: AdamKorcz <adam@adalogics.com>
 2022-11-22 10:18:28 +00:00
Samuel Karp
ac4af4df89 integration: enable CNI slow test for sbserver 
Signed-off-by: Samuel Karp <samuelkarp@google.com>
 2022-11-21 16:45:37 -08:00
Samuel Karp
085d8e6334 integration: enable tests for sbserver 
Signed-off-by: Samuel Karp <samuelkarp@google.com>
 2022-11-21 16:45:37 -08:00
Sebastiaan van Stijn
bd912bbee0 go.mod: github.com/matttproud/golang_protobuf_extensions v1.0.2 
Same commit, but now tagged

diff: https://github.com/matttproud/golang_protobuf_extensions/compare/c182affec369...v1.0.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-11-20 22:21:42 +01:00
Sebastiaan van Stijn
5f23daeb26 go.mod: github.com/moby/sys/sequential v0.5.0 
Same commit, but now tagged

diff: https://github.com/moby/sys/compare/b22ba8a69b30...sequential/v0.5.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-11-20 22:20:47 +01:00
Sebastiaan van Stijn
763ec7c862 go.mod: github.com/cpuguy83/go-md2man/v2 v2.0.2 
it's an indirect dependency, but updating allows us to drop another
dependency.

full diff: https://github.com/cpuguy83/go-md2man/compare/v2.0.0...v2.0.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-11-20 22:19:43 +01:00
Sebastiaan van Stijn
0f616e3549 go.mod: github.com/AdaLogics/go-fuzz-headers v0.0.0-20221118232415-3345c89a7c72 
full diff: 443f56ff4b...3345c89a7c

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-11-20 21:59:44 +01:00
Sebastiaan van Stijn
df4d07352d go.mod: golang.org/x/sys v0.2.0 
full diff: https://github.com/golang/sys/compare/v0.1.0...v0.2.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-11-20 21:58:02 +01:00
Sebastiaan van Stijn
4e68634ef0 go.mod: github.com/sirupsen/logrus v1.9.0 
full diff: https://github.com/sirupsen/logrus/compare/v1.8.1...v1.9.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-11-20 21:53:29 +01:00