github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
12,877 Commits 3 Branches 2 Tags 112 MiB
8ed0255f1b
Commit Graph

12877 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Fu Wei
93370c806b
Merge pull request #7887 from AkihiroSuda/vagrantfile-remove-setenforce-0 2023-01-03 08:49:25 +08:00
Derek McGowan
5e2b7c5b7a
Merge pull request #7894 from my-git9/cleanup/errdefs 
reused package errdefs for error
 2023-01-02 11:57:58 -08:00
Derek McGowan
1d43149c79
Merge pull request #7888 from AkihiroSuda/integration-images-switch-away-from-dockerhub 
integration/images: switch away from Docker Hub to avoid rate limit
 2023-01-02 11:33:54 -08:00
xin.li
1753e5af7a Reused errdefs for error 
Signed-off-by: xin.li <xin.li@daocloud.io>
 2023-01-02 21:39:20 +08:00
Akihiro Suda
5a00d28a6f
Fix TestUpdateContainerResources_Memory* on cgroup v2 hosts 
Fix issue 7890

Tested on Ubuntu 22.10, with swapon and swapoff:
```
$ GITHUB_WORKSPACE="" ENABLE_CRI_SANDBOXES="" CONTAINERD_RUNTIME=io.containerd.runc.v2 FOCUS=TestUpdateContainerResources_Memory make cri-integration
...
=== RUN   TestUpdateContainerResources_MemorySwap
    container_update_resources_test.go:161: Create a sandbox
INFO[0000] Using the following image list: {Alpine:docker.io/library/alpine:latest BusyBox:docker.io/library/busybox:latest Pause:registry.k8s.io/pause:3.8 ResourceConsumer:registry.k8s.io/e2e-test-images/resource-consumer:1.10 VolumeCopyUp:ghcr.io/containerd/volume-copy-up:2.1 VolumeOwnership:ghcr.io/containerd/volume-ownership:2.1}
    main_test.go:663: Image "registry.k8s.io/pause:3.8" already exists, not pulling.
    container_update_resources_test.go:174: Create a container with memory limit but no swap
    container_update_resources_test.go:186: Check memory limit in container OCI spec
    container_update_resources_test.go:194: Check memory limit in container OCI spec
    container_update_resources_test.go:200: Start the container
    container_update_resources_test.go:205: Check memory limit in cgroup
    container_update_resources_test.go:211: Update container memory limit after started
    container_update_resources_test.go:217: Check memory limit in container OCI spec
    container_update_resources_test.go:222: Check memory limit in cgroup
--- PASS: TestUpdateContainerResources_MemorySwap (0.88s)
=== RUN   TestUpdateContainerResources_MemoryLimit
    container_update_resources_test.go:228: Create a sandbox
    main_test.go:663: Image "registry.k8s.io/pause:3.8" already exists, not pulling.
    container_update_resources_test.go:238: Create a container with memory limit
    container_update_resources_test.go:249: Check memory limit in container OCI spec
    container_update_resources_test.go:257: Update container memory limit after created
    container_update_resources_test.go:263: Check memory limit in container OCI spec
    container_update_resources_test.go:269: Start the container
    container_update_resources_test.go:274: Check memory limit in cgroup
    container_update_resources_test.go:280: Update container memory limit after started
    container_update_resources_test.go:286: Check memory limit in container OCI spec
    container_update_resources_test.go:292: Check memory limit in cgroup
--- PASS: TestUpdateContainerResources_MemoryLimit (0.91s)
PASS
```

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-01-02 13:15:38 +09:00
Akihiro Suda
a5ea5935b7
integration/images: switch away from Docker Hub to avoid rate limit 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-01-02 05:49:30 +09:00
Akihiro Suda
119bbec9e2
Vagrantfile: install-rootless-podman: remove setenforce 0 
rootless overlayfs is compatible with SELinux since kernel 5.13

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-01-02 03:01:48 +09:00
Samuel Karp
d769f03592
Merge pull request #7882 from kinvolk/rata/userns-stateless-pods 2022-12-30 23:42:59 -08:00
Derek McGowan
d7ef6cbfa3
[streaming] move response packet after registration 
Prevent a race where a client may attempt to use a stream
before it is registered.

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2022-12-30 21:56:25 -08:00
Fu Wei
426175e517
Merge pull request #7881 from Iceber/sort_content_labels 2022-12-31 11:30:32 +08:00
Rodrigo Campos
72ef986222 cri: Simplify parseUsernsIDs() 
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2022-12-30 16:49:28 -03:00
Rodrigo Campos
4eed20fc31 cri: Verify userns container config is consisten with sandbox 
The sandbox and container both have the userns config. Lets make sure
they are the same, therefore consistent.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2022-12-30 15:07:54 -03:00
Rodrigo Campos
a44b356274 cri: Fix assert vs require in tests 
Currently we require that c.containerSpec() does not return an error
if test.err is not set.

However, if the require fails (i.e. it indeed returned an error) the
rest of the code is executed anyways. The rest of the code assumes it
did not return an error (so code assumes spec is not nil). This fails
miserably if it indeed returned an error, as spec is nil and go crashes
while running the unit tests.

Let's require it is not an error, so code does not continue to execute
if that fails and go doesn't crash.

In the test.err case is not harmful the bug of using assert, but let's
switch it to require too as that is what we really want.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2022-12-30 14:02:10 -03:00
Samuel Karp
b0b28f1d8e
Merge pull request #7879 from fuweid/clean-build-tags 2022-12-30 00:22:03 -08:00
Samuel Karp
5cf6040cce
Merge pull request #7880 from kinvolk/rata/userns-stateless-pods 2022-12-30 00:18:15 -08:00
Iceber Gu
6b333fd210 ctr contents ls sorts the labels of the content 
Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>
 2022-12-30 15:58:47 +08:00
Rodrigo Campos
3b48fb5b59 cri: Shadow variables to avoid t.Parallel() issues 
This is a follow-up suggested by Fu Wei.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2022-12-29 18:16:20 -03:00
Mike Brown
66f186d42d
Merge pull request #7679 from kinvolk/rata/userns-stateless-pods 
Add support for user namespaces in stateless pods (KEP-127)
 2022-12-29 14:08:24 -06:00
Wei Fu
6b7e237fc7 chore: use go fix to cleanup old +build buildtag 
Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2022-12-29 14:25:14 +08:00
Derek McGowan
cfe7ac9956
Merge pull request #7529 from iyear/refactor-metastore-tx 
Refactor metastore transaction
 2022-12-28 20:08:38 -08:00
Derek McGowan
729206f6d0
Merge pull request #7874 from thaJeztah/appendOSMounts_error 
oci: appendOSMounts(): remove unused error, and move
 2022-12-28 20:04:06 -08:00
Akihiro Suda
ec67e05738
Merge pull request #7863 from pacoxu/v1.26-kube 
add kube v1.26: remove v1alph2 cri support
 2022-12-29 02:47:37 +09:00
iyear
1d0619bc0c Refactor metastore transaction 
Signed-off-by: Junyu Liu <ljyngup@gmail.com>
 2022-12-28 18:37:28 +08:00
Fu Wei
aee92eb46e
Merge pull request #7875 from yanggangtony/runc-version 
make runc 1.1 for oss_fuzz_build.sh
 2022-12-28 10:42:18 +08:00
Rodrigo Campos
ca69ae2656 Add integration tests for CRI userns 
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2022-12-27 22:01:12 -03:00
Derek McGowan
27f43506b4
Merge pull request #7872 from yanggangtony/cri-sbserver 
CRI sbserver: Prevent server reuse after Shutdown
 2022-12-27 15:54:29 -08:00
Derek McGowan
ba243ffaaf
Merge pull request #7521 from iyear/fix-defer 
Fix incorrect defer usage and refactor judgement
 2022-12-27 15:50:41 -08:00
Fu Wei
4fe2d14e1b
Merge pull request #7869 from dcantah/domainname-oci 
oci: Add WithDomainname
 2022-12-27 19:18:12 +08:00
yanggang
09243e43ff
make runc 1.1 for oss_fuzz_build.sh 
Signed-off-by: yanggang <gang.yang@daocloud.io>
 2022-12-27 18:25:53 +08:00
Sebastiaan van Stijn
94c68aa001
oci: appendOSMounts(): remove unused error, and move 
This function was added in ae22854e2b, but never
returned an error, and the error-return was not handled on the callsite. This
patch removes the unused error return, and moves it to a file related to mounts,
which allowed for some of the stubs to be removed and shared between non-FreeBSD
platforms.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2022-12-27 10:23:26 +01:00
Akihiro Suda
bae8fb9142
Merge pull request #7871 from yanggangtony/error-def 
Reused errdefs define error
 2022-12-27 18:07:18 +09:00
Paco Xu
d66afd2116 add kube v1.26: remove v1alpha2 cri support 
Signed-off-by: Paco Xu <paco.xu@daocloud.io>
 2022-12-27 14:57:06 +08:00
yanggang
e94d925711
CRI sbserver: Prevent server reuse after Shutdown. 
Signed-off-by: yanggang <gang.yang@daocloud.io>
 2022-12-27 14:16:40 +08:00
yanggang
b10536d64f
Reused errdefs define error 
Signed-off-by: yanggang <gang.yang@daocloud.io>
 2022-12-27 14:09:40 +08:00
Danny Canter
229779a4e5 oci: Add WithDomainname 
A domainname field was recently added to the OCI spec. Prior to this
folks would need to set this with a sysctl, but now runtimes should be
able to setdomainname(2). There's an open change to runc at the moment
to add support for this so I've just left testing as a couple spec
validations in CRI until that's in and usable.

Signed-off-by: Danny Canter <danny@dcantah.dev>
 2022-12-26 04:03:45 -05:00
Fu Wei
3fefb98f99
Merge pull request #7866 from Iceber/ctr_tasks_kill 
fix `ctr tasks kill` does not remove cni network under windows
 2022-12-26 14:24:10 +08:00
Fu Wei
4c3eb5f0c3
Merge pull request #7858 from aojea/network_metrics 2022-12-26 09:03:16 +08:00
Kazuyoshi Kato
84b81a89ff
Merge pull request #7859 from dmcgowan/unpacker-warn-remove 
Avoid using canceled context in unpacker cleanup
 2022-12-23 08:11:53 -08:00
Antonio Ojea
ba0a7185f0 add network plugin metrics 
Add network plugin metrics.

The metrics are the same that were used in dockershim/kubelet until
it was deprecated in kubernetes 1.23

https://github.com/kubernetes/kubernetes/blob/release-1.23/pkg/kubelet/dockershim/network/metrics/metrics.go

Signed-off-by: Antonio Ojea <aojea@google.com>
 2022-12-23 09:23:56 +00:00
Iceber Gu
a2df12d1a3 fix ctr tasks kill does not remove cni network under windows 
Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>
 2022-12-23 14:51:49 +08:00
Derek McGowan
6c8c427166
Merge pull request #7618 from changweige/enlarge-limit-key 
image/label: print more characters of label keys
 2022-12-22 17:26:26 -08:00
Derek McGowan
0bc9f7b545
Avoid using canceled context in unpacker cleanup 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2022-12-22 14:53:23 -08:00
Derek McGowan
b3b79813f3
Merge pull request #7165 from zouyee/nit 
prevent Server reuse after a Shutdown
 2022-12-22 14:09:29 -08:00
Samuel Karp
341a494c36
Merge pull request #7851 from kzys/critest-wait 2022-12-22 10:38:06 -08:00
Kazuyoshi Kato
b6df6708b9 Check containerd's readiness before calling critest 
It was assuming containerd was ready right after starting.
But it depends GitHub actions' performance.

In addition to that, this commit extracts the script from ci.yml.

Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
 2022-12-22 16:29:12 +00:00
Samuel Karp
46b706ac55
Merge pull request #7837 from MarkintoshZ/main 2022-12-21 22:44:12 -08:00
Mark Zhang
a27e095480 Fix grammar and spelling mistakes in README 
Signed-off-by: Mark Zhang <bf-109g2@hotmail.com>
 2022-12-22 03:46:13 +00:00
Rodrigo Campos
a7adeb6976 cri: Support pods with user namespaces 
This patch requests the OCI runtime to create a userns when the CRI
message includes such request.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2022-12-21 17:56:56 -03:00
Derek McGowan
c0c3546de4
Merge pull request #7636 from fangn2/fix-cpu-architecture-detection-issue-on-arm 
Fix cpu architecture detection issue on linux/arm
 2022-12-21 11:54:14 -08:00
David Leadbeater
31a6449734 Add capability for snapshotters to declare support for UID remapping 
This allows user namespace support to progress, either by allowing
snapshotters to deal with ownership, or falling back to containerd doing
a recursive chown.

In the future, when snapshotters implement idmap mounts, they should
report the "remap-ids" capability.

Co-authored-by: Rodrigo Campos <rodrigoca@microsoft.com>
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
Signed-off-by: David Leadbeater <dgl@dgl.cx>
 2022-12-21 15:08:28 -03:00