As part of the effort of getting hypervisor isolated windows container
support working for the CRI entrypoint here, add the runhcs-wcow-hypervisor
handler for the default config. This sets the correct SandboxIsolation
value that the Windows shim uses to differentiate process vs. hypervisor
isolation. This change additionally sets the wcow-process runtime to
passthrough io.microsoft.container* annotations and the hypervisor runtime
to accept io.microsoft.virtualmachine* annotations.
Note that for K8s users this runtime handler will need to be configured by
creating the corresponding RuntimeClass resources on the cluster as it's
not the default runtime.
Signed-off-by: Daniel Canter <dcanter@microsoft.com>
This reverts commit 1ef4bda433.
Previously we were downgrading mingw to work around an issue in the race
detector in Go on Windows when used with a newer version of GCC. The
issue was first reported here:
golang/go#46099
Shortly after the release of 1.19 someone had commented this issue was
solved for them, and after trying it out in some test runs on actions
machines, it seems to be the case. Disabling ASLR got things in order, and
PIE was disabled for -race builds in 1.19, so this is likely the reason
things work now:
0c7fcf6bd1.
The downgrade was mostly harmless except for two shortcomings:
1. It took quite a while for the package to get downloaded+installed.
2. Chocolatey would frequently fail to download with `The remote file
either doesn't exist, is unauthorized, or is forbidden for url ...
Exception calling "GetResponse" with "0" argument(s): "The request
was aborted: Could not create SSL/TLS secure channel."` Restarting the
failed run would often resolve this, but a 50-50 shot of things working
is not a great situation.
Signed-off-by: Daniel Canter <dcanter@microsoft.com>
It is follow-up of #7254. This commit will increase ReadHeaderTimeout
from 3s to 30m, which prevent from unexpected timeout when the node is
running with high-load. 30 Minutes is longer enough to get close to
before what #7254 changes.
And ideally, we should allow user to configure the streaming server if
the users want this feature.
Signed-off-by: Wei Fu <fuweid89@gmail.com>
Previously in the Windows shim, killing a task that has already exited
or a task that has not yet been started, yielded an ErrNotFound. We now
return nil, which is in line with how the linux runtime behaves, so remove
the special case we had in TestContainerdRestart for this.
Signed-off-by: Daniel Canter <dcanter@microsoft.com>
This contains quite a bit (also bumps google/uuid to 1.3.0). Some HostProcess
container improvements to get ready for whenever it goes to stable in
Kubernetes, Hyper-V (windows) container support for CRI, and a plethora of
other small additions and fixes.
Signed-off-by: Daniel Canter <dcanter@microsoft.com>
Release builds are performed from within a Dockerfile-defined
environment and do not require Go to be installed in the GitHub Actions
runner environment.
Signed-off-by: Samuel Karp <samuelkarp@google.com>
In the 1.6.7 release, we saw significantly longer execution time for
producing builds that exceeded the previous timeout of 10 minutes,
causing the workflow to fail. After increasing to 20 minutes in the
release/1.6 branch, we continued to see one failure (which succeeded on
retry).
Increase to 30 minutes to provide additional buffer for the build to
complete.
Signed-off-by: Samuel Karp <samuelkarp@google.com>
Partially revert 0e56e4f9ff
Rollback the build environment from Ubuntu 22.04 to 18.04, except for riscv64 that isn't supported by Ubuntu 18.04.
Fix issue 7255 (`1.6.7 can't be run on Ubuntu LTS 20.04 (GLIBC_2.34 not found)`)
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
