In containerd 1.5.x, we introduced support for go modules by adding a
go.mod file in the root directory. This go.mod lists all the things
needed across the whole code base (with the exception of
integration/client which has its own go.mod). So when projects that
need to make calls to containerd API will pull in some code from
containerd/containerd, the `go mod` commands will add all the things
listed in the root go.mod to the projects go.mod file. This causes
some problems as the list of things needed to make a simple API call
is enormous. in effect, making a API call will pull everything that a
typical server needs as well as the root go.mod is all encompassing.
In general if we had smaller things folks could use, that will make it
easier by reducing the number of things that will end up in a consumers
go.mod file.
Now coming to a specific problem, the root containerd go.mod has various
k8s.io/* modules listed. Also kubernetes depends on containerd indirectly
via both moby/moby (working with docker maintainers seperately) and via
google/cadvisor. So when the kubernetes maintainers try to use latest
1.5.x containerd, they will see the kubernetes go.mod ending up depending
on the older version of kubernetes!
So if we can expose just the minimum things needed to make a client API
call then projects like cadvisor can adopt that instead of pulling in
the entire go.mod from containerd. Looking at the existing code in
cadvisor the minimum things needed would be the api/ directory from
containerd. Please see proof of concept here:
github.com/google/cadvisor/pull/2908
To enable that, in this PR, we add a go.mod file in api/ directory. we
split the Protobuild.yaml into two, one for just the things in api/
directory and the rest in the root directory. We adjust various targets
to build things correctly using `protobuild` and also ensure that we
end up with the same generated code as before as well. To ensure we
better take care of the various go.mod/go.sum files, we update the
existing `make vendor` and also add a new `make verify-vendor` that one
can run locally as well in the CI.
Ideally, we would have a `containerd/client` either as a standalone repo
or within `containerd/containerd` as a separate go module. but we will
start here to experiment with a standalone api go module first.
Also there are various follow ups we can do, for example @thaJeztah has
identified two tasks we could do after this PR lands:
github.com/containerd/containerd/pull/5716#discussion_r668821396
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
systemd uses SIGRTMIN+n signals, but containerd didn't support the signals
since Go's sys/unix doesn't support them.
This change introduces SIGRTMIN+n handling by utilizing moby/sys/signal.
Fixes#5402.
https://www.freedesktop.org/software/systemd/man/systemd.html#Signals
Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
dmsetup does not discard blocks when removing a thin device. The unused blocks
are reused by the thin-pool, but will remain allocated in the underlying
device indefinitely. For loop device backed thin-pools, this results in
"lost" disk space in the underlying file system as the blocks remain allocated
in the loop device's backing file.
This change adds an option, discard_blocks, to the devmapper snapshotter which
causes the snapshotter to issue blkdiscard ioctls on the thin device before
removal. With this option enabled, loop device setups will see disk space
return to the underlying filesystem immediately on exiting a container.
Fixes#5691
Signed-off-by: Kern Walster <walster@amazon.com>
full diff: https://github.com/cpuguy83/go-md2man/compare/v2.0.0...v2.0.1
- Fix handling multiple definition descriptions
- Fix inline markup causing table cells to split
- Remove escaping tilde character (prevents tildes (`~`) from disappearing).
- Do not escape dash, underscore, and ampersand (prevents ampersands (`&`) from disappearing).
- Ignore unknown HTML tags to prevent noisy warnings
Note that this only updates the binaries we install. The vendor code also
includes go-md2man (as indirect dependency of urfave/cli). I don't think we use that
feature, so I did not add it to our go.mod
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Looking at how this image is used, I think we don't even need the
source in the final image, so we can build containerd in a separate
stage, and copy the binaries.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Not critical for intermediate stages, but a minor optimization to
reduce the image cache. Ideally, this would use cache-mounts for this,
but those may not be supported by podman, so taking the traditional
approach.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Building critools only requires the install script and the critools-version
file (to determin the version to build). Moving it to a separate stage
prevents rebuilding it if unrelated changes are made in the code.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Building cni only requires the install script, and the go.mod (to determin
the version to install). Moving it to a separate stage prevents it from
being rebuilt if unrelated changes were made in the codebase.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This allows for easier copying artifacts from stages, by just copying
the directory content to the stage where it's used. These stages are
not used to be run individually so do not have to be "runnable".
Each stage is "responsible" for colllecting all aftifacts in the directory,
so that "consumer" stages do not have to be aware of what needs to be copied.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
This makes the following changes:
- The containerd/config.toml, and docker-entrypoint.sh only occasionally change,
so copy them before copying the source code to allow them to be cached.
- The cri-in-userns stage does not need files from proto3, so do not copy them
- The dev environment does need the file from the proto3 stage, so copy them there.
- Change the order of stages. Our CI uses `podman build` which (I think) does not
skips stages that are not used for the specified target (like BuildKit does).
So I moved stages that are not used for the `cri-in-userns` after that stage.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
