github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
11,899 Commits 3 Branches 2 Tags 112 MiB
8145b15f08
Commit Graph

590 Commits

Author SHA1 Message Date
Luca Comellini
8145b15f08
Bump k8s.io deps 
Signed-off-by: Luca Comellini <luca.com@gmail.com>
 2023-03-01 21:37:21 -08:00
Derek McGowan
a5a4c9ce04
Merge pull request #8173 from fuweid/update-go-cni-ver 
bump go-cni to v1.1.9
 2023-02-27 23:22:44 -08:00
Akihiro Suda
e0a05b56e5
Merge pull request #8152 from bart0sh/PR007-upgrade-CDI-to-0.5.4 
update CDI version to v0.5.4
 2023-02-28 09:22:30 +09:00
Wei Fu
36ae2f6b9e bump go-cni to v1.1.9 
Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-02-28 07:30:59 +08:00
Krisztian Litkey
310be5ce6e pkg/nri: update NRI configuration. 
Update NRI plugin configuration to match that of NRI. Remove
option for the eliminated NRI configuration file. Add option
to disable connections from externally launched plugins. Add
options to override default plugin registration and request
timeouts.

Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
 2023-02-26 19:56:31 +02:00
Ed Bartosh
30e4a14092 update CDI version to v0.5.4 
Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
 2023-02-22 16:38:37 +02:00
Fu Wei
8cb00f45c9
Merge pull request #8143 from mxpv/log 
Add Fields type alias to log package
 2023-02-21 10:22:23 +08:00
Maksym Pavlenko
06e085c8b5 Add Fields type alias to log package 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-02-20 17:29:08 -08:00
Benjamin Wang
2716fd041a dependency: bump go.etcd.io/bbolt to v1.3.7 
Please refer to link below to get more detailed info on bbolt@v1.3.7,
- https://github.com/etcd-io/bbolt/blob/master/CHANGELOG/CHANGELOG-1.3.md#v1372023-01-31

Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2023-02-17 16:34:53 +08:00
Maksym Pavlenko
24cf85f5a3
Merge pull request #8103 from AkihiroSuda/go-1.20 
Go 1.20.1
 2023-02-15 20:09:28 -08:00
Derek McGowan
f885e07456
Merge pull request #8044 from fish98/main 
docs: fix function names in fuzzing test documentation
 2023-02-15 15:23:15 -08:00
Derek McGowan
aa6418fadd
Merge pull request from GHSA-hmfx-3pcx-653p 
oci: fix additional GIDs
 2023-02-15 13:45:14 -08:00
Akihiro Suda
281f89a9dc
go.mod: go 1.19 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-02-16 03:50:23 +09:00
Zechun Chen
39bac0dbef error strings should not be capitalized 
Signed-off-by: Zechun Chen <zechun.chen@daocloud.io>
 2023-02-15 14:30:36 +08:00
Casey Callendrello
d14758b605 go.mod: bump to go-cni main 
Signed-off-by: Casey Callendrello <c1@caseyc.net>
 2023-02-14 16:49:17 +01:00
Akihiro Suda
4e2eb8ba4e
Merge pull request #7964 from dmcgowan/transfer-image-store-references 
[transfer] update imagestore interface to support multiple references
 2023-02-14 11:22:27 +09:00
Derek McGowan
081601f521
Update imagestore interface to support multiple references 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-02-13 13:58:33 -08:00
Derek McGowan
edb8ebaf07
Merge pull request #8047 from ruiwen-zhao/send_nil 
Send container events with nil PodSandboxStatus
 2023-02-13 11:38:14 -08:00
Akihiro Suda
b61988670c
go.mod: github.com/containerd/typeurl/v2 v2.1.0 
Changes: https://github.com/containerd/typeurl/compare/7f6e6d160d67...v2.1.0

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-02-11 23:39:52 +09:00
ruiwen-zhao
27c8f4085c Move PLEG event generation back to sbserver to avoid missing pod sandbox status 
Signed-off-by: ruiwen-zhao <ruiwen@google.com>
 2023-02-11 01:34:33 +00:00
Akihiro Suda
3eda46af12
oci: fix additional GIDs 
Test suite:
```yaml

---
apiVersion: v1
kind: Pod
metadata:
  name: test-no-option
  annotations:
    description: "Equivalent of `docker run` (no option)"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=0(root) gid=0(root) groups=0(root),10(wheel)" ]']
---
apiVersion: v1
kind: Pod
metadata:
  name: test-group-add-1-group-add-1234
  annotations:
    description: "Equivalent of `docker run --group-add 1 --group-add 1234`"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=0(root) gid=0(root) groups=0(root),1(daemon),10(wheel),1234" ]']
  securityContext:
    supplementalGroups: [1, 1234]
---
apiVersion: v1
kind: Pod
metadata:
  name: test-user-1234
  annotations:
    description: "Equivalent of `docker run --user 1234`"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=1234 gid=0(root) groups=0(root)" ]']
  securityContext:
    runAsUser: 1234
---
apiVersion: v1
kind: Pod
metadata:
  name: test-user-1234-1234
  annotations:
    description: "Equivalent of `docker run --user 1234:1234`"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=1234 gid=1234 groups=1234" ]']
  securityContext:
    runAsUser: 1234
    runAsGroup: 1234
---
apiVersion: v1
kind: Pod
metadata:
  name: test-user-1234-group-add-1234
  annotations:
    description: "Equivalent of `docker run --user 1234 --group-add 1234`"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=1234 gid=0(root) groups=0(root),1234" ]']
  securityContext:
    runAsUser: 1234
    supplementalGroups: [1234]
```

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-02-10 15:53:00 +09:00
Akihiro Suda
52f82acb7b
btrfs: depend on kernel UAPI instead of libbtrfs 
See containerd/btrfs PR 40 and moby/moby PR 44761. (Thanks to [@]neersighted.)

The containerd/btrfs library now requires headers from kernel 4.12 or newer:
- https://github.com/torvalds/linux/blob/master/include/uapi/linux/btrfs.h
- https://github.com/torvalds/linux/blob/master/include/uapi/linux/btrfs_tree.h

These files are licensed under the GPL-2.0 WITH Linux-syscall-note, so it should be compatible with the Apache License 2.0.
https://spdx.org/licenses/Linux-syscall-note.html

The dependency on the kernel headers only affects users building from source.
Users on older kernels may opt to not compile this library (`BUILDTAGS=no_btfs`),
or to provide headers from a newer kernel.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-02-10 10:07:34 +09:00
TTFISH
5bc3fea621 update fuzz function names in docs with golang naming convention 
Signed-off-by: Jiongchi Yu <jcyu.2022@phdcs.smu.edu.sg>
 2023-02-06 17:59:07 +08:00
Kirtana Ashok
e5c57f2422 update hcsshim tag to v0.10.0-rc.5 and revendor 
Signed-off-by: Kirtana Ashok <Kirtana.Ashok@microsoft.com>
 2023-02-03 10:50:56 -08:00
TTFISH
904a87d26d docs: fix function names in fuzzing test documentation 
Signed-off-by: Jiongchi Yu <jcyu.2022@phdcs.smu.edu.sg>
 2023-02-03 23:19:00 +08:00
Maksym Pavlenko
99580e0aad Update TTRPC and Protobuild dependencies 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-02-02 09:58:43 -08:00
Sebastiaan van Stijn
d6070f8a74
go.mod: github.com/urfave/cli v1.22.12 
full diff: https://github.com/urfave/cli/compare/v1.22.10...v1.22.12

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2023-02-01 12:42:03 +01:00
Krisztian Litkey
58bd5a0940 go.mod: update github.com/containerd/nri. 
Point NRI dependency to latest HEAD, commit b3cabdec0657. That
pulls in the necessary NRI fix for a recently discovered panic
and crash.

Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
 2023-01-31 15:03:45 +02:00
Tony Fang
c46aaa8df4 Add integration test for tracing on image pull 
Create an in-memory exporter and global tracer provider
Pull image with client which should create spans
Validate spans in the exporter

Signed-off-by: Tony Fang <nhfang@amazon.com>
 2023-01-31 05:45:26 +00:00
Akihiro Suda
b5bdd6c7f2
Merge pull request #8027 from AkihiroSuda/containerd-cgroups-v3 
go.mod: github.com/containerd/cgroups/v3 v3.0.0
 2023-01-30 23:06:47 +09:00
Aditi
7ec75b1207 Update CNI to 1.2.0 
Signed-off-by: Aditi <sharmaad@vmware.com>
 2023-01-30 10:25:37 +00:00
Akihiro Suda
306db3e707
go.mod: github.com/containerd/cgroups/v3 v3.0.0 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-01-30 11:57:46 +09:00
Akihiro Suda
5082fb3958
go.mod: go.opentelemetry.io/otel v1.12.0 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-01-30 08:40:46 +09:00
Wei Fu
8886b05dc3 integration: use sleep inf with busybox:1.36 
Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-01-29 18:02:18 +08:00
Wei Fu
005d30e849 deflake: TestContainerPids 
It is kind of race because `sleep 1s` is short live process.

See: https://github.com/containerd/containerd/issues/7965#issuecomment-1383218025
Fixes: #7965

Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-01-29 16:51:52 +08:00
Kazuyoshi Kato
753bfd6575
Merge pull request #7959 from Jenkins-J/fix-mem-limit-test 
Fix Memory Limit test
 2023-01-26 10:33:35 -08:00
Markus Lehtonen
d845b2a9c2 go.mod: update goresctrl to v0.3.0 
Update github.com/intel/goresctrl to v0.3.0 which ontains multiple
bugfixes to rdt support.

Signed-off-by: Markus Lehtonen <markus.lehtonen@intel.com>
 2023-01-24 11:34:33 +02:00
James Jenkins
b1c5c57be0 Fix Memory Limit test 
Modify the memory limit test, allowing the test to pass when swap is not
enabled.

Signed-off-by: James Jenkins <James.Jenkins@ibm.com>
 2023-01-17 13:07:28 -05:00
Kirtana Ashok
66eeee0439 Update hcsshim tag to v0.10.0-rc.4 
Signed-off-by: Kirtana Ashok <Kirtana.Ashok@microsoft.com>
 2023-01-12 11:29:01 -08:00
AdamKorcz
802c6c5c0d fuzzing: improve archive fuzzer 
Signed-off-by: AdamKorcz <adam@adalogics.com>
 2023-01-11 23:32:45 +00:00
Tony Fang
82d6c2f931 Revert container_stats_test.go change which caused Windows CRI integration test failure 
PR #7892 which supposed to fix issue on Linux introduced random failure
on Windows, this commit is to revert that change for Windows platform

Signed-off-by: Tony Fang <nenghui.fang@gmail.com>
 2023-01-09 05:22:25 +00:00
Samuel Karp
6f9936e305
mod: update github.com/pelletier/go-toml@v1.9.5 
Signed-off-by: Samuel Karp <samuelkarp@google.com>
 2023-01-06 13:11:07 -08:00
Akihiro Suda
7b1f08bf50
nri_test.go: skip if SELinux is enabled 
SELinux relabeling is not implemented for NRI yet

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-01-04 02:20:42 +09:00
Akihiro Suda
dcbb32d6fb
cri-integration: set SelinuxRelabel 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-01-04 02:20:42 +09:00
Akihiro Suda
0f163d6960
TestVolumeOwnership: compare GID, not group name 
The name of the GID 65534 differs across distros.
("nogroup" on Debian derivatives, "nobody" on Red Hat derivatives)

Fix the following test failure:
```
=== RUN   TestVolumeOwnership
    volume_copy_up_test.go:103: Create a sandbox
    main_test.go:667: Pull test image "ghcr.io/containerd/volume-ownership:2.1"
    volume_copy_up_test.go:108: Create a container with volume-ownership test image
    volume_copy_up_test.go:117: Start the container
    volume_copy_up_test.go:125: Check ownership of test directory inside container
    volume_copy_up_test.go:146: Check ownership of test directory on the host
    volume_copy_up_test.go:153:
        	Error Trace:	/root/go/src/github.com/containerd/containerd/volume_copy_up_test.go:153
        	Error:      	Not equal:
        	            	expected: "nobody:nogroup\n"
        	            	actual  : "nobody:nobody\n"

        	            	Diff:
        	            	--- Expected
        	            	+++ Actual
        	            	@@ -1,2 +1,2 @@
        	            	-nobody:nogroup
        	            	+nobody:nobody

        	Test:       	TestVolumeOwnership
--- FAIL: TestVolumeOwnership (3.45s)
```

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-01-04 02:20:42 +09:00
Akihiro Suda
76d68b080e
container_stats_test.go: avoid checking snapshot size 
On Linux, the snapshot size differs depending on the backing filesystem.
See issue 7909.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-01-04 02:20:41 +09:00
Akihiro Suda
24a255ce96
Merge pull request #7850 from dmcgowan/sandbox-store-local-plugin 
[sandbox] Add sandbox store plugin type
 2023-01-04 00:21:06 +09:00
Akihiro Suda
88c8480a38
Merge pull request #7893 from AkihiroSuda/fix-7890 
Fix TestUpdateContainerResources_Memory* on cgroup v2 hosts
 2023-01-03 19:52:50 +09:00
Akihiro Suda
5a00d28a6f
Fix TestUpdateContainerResources_Memory* on cgroup v2 hosts 
Fix issue 7890

Tested on Ubuntu 22.10, with swapon and swapoff:
```
$ GITHUB_WORKSPACE="" ENABLE_CRI_SANDBOXES="" CONTAINERD_RUNTIME=io.containerd.runc.v2 FOCUS=TestUpdateContainerResources_Memory make cri-integration
...
=== RUN   TestUpdateContainerResources_MemorySwap
    container_update_resources_test.go:161: Create a sandbox
INFO[0000] Using the following image list: {Alpine:docker.io/library/alpine:latest BusyBox:docker.io/library/busybox:latest Pause:registry.k8s.io/pause:3.8 ResourceConsumer:registry.k8s.io/e2e-test-images/resource-consumer:1.10 VolumeCopyUp:ghcr.io/containerd/volume-copy-up:2.1 VolumeOwnership:ghcr.io/containerd/volume-ownership:2.1}
    main_test.go:663: Image "registry.k8s.io/pause:3.8" already exists, not pulling.
    container_update_resources_test.go:174: Create a container with memory limit but no swap
    container_update_resources_test.go:186: Check memory limit in container OCI spec
    container_update_resources_test.go:194: Check memory limit in container OCI spec
    container_update_resources_test.go:200: Start the container
    container_update_resources_test.go:205: Check memory limit in cgroup
    container_update_resources_test.go:211: Update container memory limit after started
    container_update_resources_test.go:217: Check memory limit in container OCI spec
    container_update_resources_test.go:222: Check memory limit in cgroup
--- PASS: TestUpdateContainerResources_MemorySwap (0.88s)
=== RUN   TestUpdateContainerResources_MemoryLimit
    container_update_resources_test.go:228: Create a sandbox
    main_test.go:663: Image "registry.k8s.io/pause:3.8" already exists, not pulling.
    container_update_resources_test.go:238: Create a container with memory limit
    container_update_resources_test.go:249: Check memory limit in container OCI spec
    container_update_resources_test.go:257: Update container memory limit after created
    container_update_resources_test.go:263: Check memory limit in container OCI spec
    container_update_resources_test.go:269: Start the container
    container_update_resources_test.go:274: Check memory limit in cgroup
    container_update_resources_test.go:280: Update container memory limit after started
    container_update_resources_test.go:286: Check memory limit in container OCI spec
    container_update_resources_test.go:292: Check memory limit in cgroup
--- PASS: TestUpdateContainerResources_MemoryLimit (0.91s)
PASS
```

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-01-02 13:15:38 +09:00
Akihiro Suda
a5ea5935b7
integration/images: switch away from Docker Hub to avoid rate limit 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-01-02 05:49:30 +09:00