github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
415 Commits 3 Branches 2 Tags 112 MiB
9015b6ec68
Commit Graph

196 Commits

Author SHA1 Message Date
Lantao Liu
9015b6ec68 Merge pull request #209 from Random-Liu/checkpoint-recovery 
Checkpoint recovery
 2017-09-21 11:32:49 -07:00
Lantao Liu
cc1b0b6709 Add restart recovery logic. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-21 17:59:46 +00:00
Lantao Liu
90d6e44c22 Merge pull request #267 from Random-Liu/fix-apparmor 
Fix apparmor empty case.
 2017-09-20 21:53:28 -07:00
Lantao Liu
dd3421c3c7 Fix apparmor empty case. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-21 04:07:39 +00:00
Lantao Liu
5dbba596e6 Merge pull request #260 from yanxuean/use-containerd-extension 
Switch to containerd extension
 2017-09-20 10:36:57 -07:00
yanxuean
e1a7a0ea76 Switch to containerd extension 
fix #251

Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-09-21 00:15:10 +08:00
Lantao Liu
9c533dca14 Merge pull request #262 from ijc/sandbox-getip-improvements 
Do not attempt to retrieve IP from host network namespace
 2017-09-20 02:22:07 -07:00
Ian Campbell
9c3c38d9ab Do not attempt to retrieve IP from host network namespace 
Since sandboxes which use the host network have no network namespace path this
would result in an invalid invocation of nsenter.

Rework the fetching of the sandbox to take this into account and also avoid
trying to get an IP when the network plugin is not yet ready.

Fixes #245.

Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-09-20 09:53:56 +01:00
Lantao Liu
45f98a0b39 Fix one line of log, we are writing not reading. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-19 18:53:45 +00:00
Lantao Liu
437131299b Merge pull request #230 from miaoyq/ensure-mount-shared-slave 
Ensure the mount point is propagated
 2017-09-19 00:56:27 -07:00
Yanqiang Miao
49eb38a5d4 Ensure the mount point is propagated 
mount with `rshared`, the host path should be shared.
mount with `rslave`, the host pash should be shared or slave.

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-09-19 14:21:21 +08:00
Lantao Liu
06a305d7ea Merge pull request #255 from Random-Liu/use-config-in-service 
Use config in service.
 2017-09-17 22:37:06 -07:00
Lantao Liu
8a03d551da Merge pull request #252 from abhinandanpb/rshared 
Setting rootfs mount propagation if the mount type is rshared/shared
 2017-09-17 12:23:39 -07:00
Abhinandan Prativadi
abba4e22f6 Setting rootfspropagation if the mount type shared or slave 
This is needed by runc to mount volume for containers that expect
biderectional file updates or host to container updates.

Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-09-17 09:59:45 -07:00
Lantao Liu
71b0d0a043 Use config in service. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-17 06:46:40 +00:00
Lantao Liu
cd27050425 Add image volume support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-15 11:25:55 +01:00
Ian Campbell
e0079125d2 Move resolveSymbolicLink to OS package and stub out for tests 
Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-09-15 11:25:45 +01:00
Ian Campbell
56539bd3a4 Require generateContainerSpec passes during tests and abort if not 
This is achieved by switching `assert.NoError` to `require.NoError` in several
places.

Otherwise the test code will continue and dereference a nil spec, leading to a
panic which obscures the real failure.

Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-09-15 11:06:25 +01:00
Lantao Liu
1fadb5e573 Follow symlink for mount host path. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-12 07:12:03 +00:00
Lantao Liu
6cd0f77c4e Create host path is mount source does not exist. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-12 00:58:34 +00:00
Lantao Liu
9558ff2001 Merge pull request #233 from Random-Liu/remove-run-mount 
Remove `/run` mount for backward compatibility with docker.
 2017-09-09 13:55:33 -07:00
Lantao Liu
0bfcdd39ab Remove /run mount for backward compatibility with docker. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-09 07:34:00 +00:00
Lantao Liu
b074388460 Update containerd to v1.0.0-beta.0 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-09 04:46:02 +00:00
Lantao Liu
c4846745d6 Use WithNewSnapshot for sandbox container. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-09 03:59:58 +00:00
Lantao Liu
7a75a91578 Merge pull request #225 from Random-Liu/update-ocicni 
Update ocicni to 73f1309d6bc5c3eac78c1382408921cd771ff22e
 2017-09-06 21:04:45 -07:00
Lantao Liu
3e4b4234c6 Merge pull request #218 from miaoyq/fixes-185 
Update kubernetes version and support mount propagation
 2017-09-06 21:03:56 -07:00
Yanqiang Miao
9da460ec0a Support mount propagation 
fixex #185

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-09-07 08:58:20 +08:00
Lantao Liu
f36ef46b35 Use new ocicni. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-07 00:14:12 +00:00
Lantao Liu
2b6302d91d Remove an addressed TODO. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-06 23:29:27 +00:00
Lantao Liu
34319e025f Merge pull request #221 from ijc/writeable-rootfs-snapshot 
Always use a writeable snapshot as the rootfs.
 2017-09-06 15:10:28 -07:00
Ian Campbell
0161764ef5 Always use a writeable snapshot as the rootfs. 
This will be made readonly by runc based on spec.Root.Readonly (which we
already set correctly) but defering until then gives runc the chance to make
any missing mount points as it processes the spec.Mount array.

This is necessary because many container images lack mount points for things
like the /etc/hosts which we want to overbind. This is not noticed with e.g.
Docker because it automatically creates an additional layer containing those.
This is something we may want to do here as well eventually but for now using a
writeable snapshot is both necessary and sufficient.

The same does not apply to the sandbox since we never modify its rootfs or want
to mount anything in it etc, add a comment to clarify.

Fixes #220.

Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-09-06 22:20:14 +01:00
Lantao Liu
e06c2c59e0 Merge pull request #179 from Random-Liu/checkpoint-container-status 
Checkpoint container status onto disk.
 2017-09-06 13:51:38 -07:00
Lantao Liu
8569fa366e Merge pull request #215 from Random-Liu/add-capability-all 
Add "ALL" capabilities support.
 2017-09-05 18:14:36 -07:00
Lantao Liu
d02ecc4673 Add "ALL" capabilities support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-06 00:05:08 +00:00
Mike Brown
8a21e3f3c8 Merge pull request #206 from Random-Liu/ensure-remove-all 
Use EnsureRemoveAll
 2017-09-05 18:43:45 -05:00
Ian Campbell
1dea8fdfc4 Handle environment variables which containe spaces 
This avoids errors such as:

    spec: invalid environment variable "JAVA_OPTS=-Djava.security.egd=file:/dev/urandom"

use SplitN(2) to get the envvar name and value while allowing the value to
contain `=`.

Add some variables to the test data which have one or more `=` in the value.
Since this makes the resulting list of variables to check rather long split the
check in two and check the container config and image config derived values
independently.

Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-09-05 23:06:07 +01:00
Lantao Liu
adfabdaa35 Use EnsureRemoveAll 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-05 20:29:18 +00:00
Jamie Zhuang
915f5b0aea Make sandbox container image configurable 
Signed-off-by: Jamie Zhuang <lanchongyizu@gmail.com>
 2017-09-03 02:53:17 -04:00
Lantao Liu
c3cb1cfde8 Revert "Setting containerd shim cgroup same as pod cgroup" 
This reverts commit 59008c608e.

Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-02 04:20:55 +00:00
Lantao Liu
aa3635c75a Merge pull request #183 from Random-Liu/cri-containerd-exit-with-containerd 
Cri containerd exits with containerd
 2017-09-01 16:39:38 -07:00
Lantao Liu
c3e8c69aff Let cri-containerd exit with containerd 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-01 23:14:04 +00:00
Mike Brown
4f442de959 adds support for AppArmor 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-09-01 18:08:34 -05:00
Lantao Liu
4f449cec5f Merge pull request #202 from Random-Liu/fix-image-repo-digest 
Fix repo digest for schema 1 image.
 2017-09-01 16:01:05 -07:00
Lantao Liu
7121d251b0 Return image repo digest in container status. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-01 20:58:15 +00:00
Lantao Liu
5057c2d4fb Merge pull request #197 from Random-Liu/not-remove-out-dated-tag 
Do not remove out dated image tag.
 2017-09-01 00:48:37 -07:00
Lantao Liu
cfb5513a54 Fix repo digest for schema 1 image. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-01 07:18:02 +00:00
Lantao Liu
73bb6e3283 Do not remove out dated image tag. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-01 07:09:13 +00:00
Lantao Liu
9c49624174 Merge pull request #157 from miaoyq/apply-selinux-opt 
Support selinux options/label
 2017-08-31 16:30:30 -07:00
Abhinandan Prativadi
59008c608e Setting containerd shim cgroup same as pod cgroup 
Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-08-31 15:16:51 -07:00
Yanqiang Miao
0c3304e006 Support selinux options/label 
Support selinux optios/label

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-08-31 19:20:12 +08:00