github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
10,081 Commits 3 Branches 2 Tags 112 MiB
adee2c7974
Commit Graph

1040 Commits

Author SHA1 Message Date
Lantao Liu
6379fd0346 Update containerd to b9eeaa1ce8. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-08-09 01:53:44 -07:00
Lantao Liu
e1a37e8797 Unpack image during import. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-07-26 07:48:41 +00:00
Lantao Liu
a0cfc8c1d2
Merge pull request #857 from egernst/untrusted-priv 
sandbox: separate host accessing workload and privileged
 2018-07-24 12:11:41 -07:00
Eric Ernst
9a01272dc2 sandbox: separate host accessing workload and privileged 
VM isolated runtimes can support privileged workloads. In this
scenario, access to the guest VM is provided instead of the host.
Based on this, allow untrusted runtimes to run privileged workloads.

If the workload is specifically asking for node PID/IPC/network, etc.,
then continue to require the trusted runtime.

This commit repurposes the hostPrivilegedSandbox utility function to
only check for node namespace checking.

Fixes: #855

Signed-off-by: Eric Ernst <eric.ernst@intel.com>
 2018-07-22 16:51:22 -07:00
Lantao Liu
b3d6f16383 Serve streaming on localhost by default to match k8s 1.11 default. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-07-21 01:10:45 +00:00
yanxuean
7065dd81f9 support no_pivot option for runc 
Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2018-07-20 08:46:50 +08:00
Lantao Liu
7beac6fcc1
Merge pull request #849 from dmcgowan/remove-stringid 
Replace stringid call with simple random reader
 2018-07-12 18:32:28 -07:00
Derek McGowan
cce0a46c8a
Seed random on ctr and containerd startup 
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
 2018-07-12 17:51:55 -07:00
Derek McGowan
1984e451d5 Replace stringid with simple rand reader 
Signed-off-by: Derek McGowan <derek@mcgstyle.net>
 2018-07-12 16:40:45 -07:00
Lantao Liu
e4ad68098e Remove pkg/containerd/resolver package. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-07-09 19:08:48 -07:00
Lantao Liu
952e53bf58 Add registry auth config, and use docker resolver in containerd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-07-09 19:08:48 -07:00
Lantao Liu
4eb4a29577
Merge pull request #825 from abhi/cni_config 
Change to keep in sync with latest cni config
 2018-06-21 16:14:31 -07:00
Abhinandan Prativadi
263b0b99d0 Change to keep in sync with latest cni config 
This commit contains change to pick the latest cni config
from the configured CNIConfDir.
With this change any changes made to the cni config file will
be picked up on the kubelet's runtime status check call.
Ofcourse this would lead to undefined behavior when the cni config
change is made in parallel during pod creation. However its
reasonable to assume that the operator is aware of the need to
drain the nodes of pods before making cni configuration change.
The behavior is currently not defined in kubernetes. However
I see that similar approach being adopted in the upstream kubernetes
with dockershim. Keeping the behavior consistent for now.

Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2018-06-21 20:43:38 +00:00
Filipe Brandenburger
01d77d44f5 Update github.com/opencontainers/runtime-tools to v0.6.0 
Also add new dependencies on github.com/xeipuuv/gojson* (brought up by
new runtime-tools) and adapt the containerd/cri code to replace the APIs
that were removed by runtime-tools.

In particular, add new helpers to handle the capabilities, since
runtime-tools now split them into separate sets of functions for each
capability set.

Replace g.Spec() with g.Config since g.Spec() has been deprecated in the
runtime-tools API.

Signed-off-by: Filipe Brandenburger <filbranden@google.com>
 2018-06-20 13:52:50 -07:00
Lantao Liu
b60e456bd9 Fix snapshotter nil panic. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-20 00:43:44 +00:00
Lantao Liu
e3d57d240f
Merge pull request #761 from Random-Liu/add-log-max-size 
Add log max size
 2018-06-15 15:56:04 -07:00
Lantao Liu
53f1ab4145 Fix double /dev/shm mount. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-14 19:03:19 -07:00
Lantao Liu
405f57f8e0 Add max_container_log_size 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-14 14:24:17 -07:00
Lantao Liu
46d621e4ac Support Cmd for sandbox container. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-12 14:38:55 -07:00
Lantao Liu
b7aac6396d
Merge pull request #811 from Random-Liu/fix-volume-ownership 
Fix empty volume ownership.
 2018-06-11 10:42:04 -07:00
Lantao Liu
c55776377f Fix empty volume ownership. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-11 08:40:35 +00:00
Lantao Liu
c9216531ce Revert "Use pod ip instead of localhost in pod netns for portforward." 
This reverts commit dd886bc281.

Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-11 07:35:32 +00:00
Lantao Liu
d7abb5b489
Merge pull request #807 from Random-Liu/log-task-exit-event 
Log task exit event.
 2018-06-08 20:07:04 -07:00
Lantao Liu
5a1105c614
Merge pull request #808 from Random-Liu/erase-ambient-caps 
Erase ambient capabilities.
 2018-06-08 20:06:34 -07:00
Lantao Liu
dd886bc281 Use pod ip instead of localhost in pod netns for portforward. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-08 18:26:06 -07:00
Lantao Liu
b367f30097 Erase ambient capabilities. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-08 14:37:05 -07:00
Vincent Demeester
832b05ae67
Update tests to use gotest.tools angel 
Signed-off-by: Vincent Demeester <vincent@sbr.pm>
 2018-06-08 21:02:01 +02:00
Lantao Liu
e4e2585431 Log task exit event. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-08 08:33:12 +00:00
Lantao Liu
83e6b65566 Select ipv4 first if there is one. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-05 18:25:03 +00:00
Lantao Liu
0faff1c22f Fix ctr cri timeout. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-05 01:24:28 +00:00
Akihiro Suda
097249054d vendor containerd (#2135) 
For containerd/containerd#2135

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-06-02 23:10:59 +09:00
Lantao Liu
578b34f112
Merge pull request #794 from Random-Liu/panic-for-cri-start-failure 
Generate fatal error when cri plugin fail to start.
 2018-05-31 13:21:16 -07:00
Lantao Liu
b870ee7942 Generate fatal error when cri plugin fail to start. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-05-31 10:49:11 -07:00
Lantao Liu
b68fb075d4
Merge pull request #793 from Random-Liu/port-containerd-fix-#2364 
Port docker resolver fix #2364.
 2018-05-31 01:03:00 -07:00
Lantao Liu
0fae42b9b8 Port docker resolver fix #2364. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-05-30 17:25:46 -07:00
Evan Hazlett
d7d2212324 vendor bump 
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>

containerd: linux -> runtime/linux

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>

fix utils to properly format vendor repo

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>

test fixup

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
 2018-05-30 19:51:24 -04:00
Wei Fu
e28b77c08c Remove useless error-check in createImageReference 
Signed-off-by: Wei Fu <fhfuwei@163.com>
 2018-05-25 10:23:13 +08:00
Lantao Liu
60b0d08a6f Use containerd.WithPullUnpack. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-05-23 12:39:14 -07:00
Michael Crosby
009ba4d797 Move testutils to pkg 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2018-05-22 17:08:38 -04:00
Michael Crosby
927517de36 Move dialer to pkg 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2018-05-22 13:32:25 -04:00
Michael Crosby
ae4b78d1cc Move progress into pkg 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2018-05-22 13:32:25 -04:00
Ricardo Aravena
f79e0171ca
Minor typo 
Signed-off-by: Ricardo Aravena <raravena80@gmail.com>
 2018-05-15 09:11:48 -07:00
Lantao Liu
5d29598a6d Fix workingset memory calculation. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-05-11 15:17:16 -07:00
Lantao Liu
a5d1332e8f Explicitly set rw for privileged container. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-05-07 15:13:14 -07:00
Lantao Liu
5f4035ae2f
Merge pull request #754 from kolyshkin/mount 
os.Unmount: do not consult mountinfo
 2018-04-30 14:41:57 -07:00
Kir Kolyshkin
daeab40b45 os.Unmount: do not consult mountinfo, drop flags 
1. Currently, Unmount() call takes a burden to parse the whole nine yards
of /proc/self/mountinfo to figure out whether the given mount point is
mounted or not (and returns an error in case parsing fails somehow).

Instead, let's just call umount() and ignore EINVAL, which results
in the same behavior, but much better performance.

This also introduces a slight change: in case target does not exist,
the appropriate error (ENOENT) is returned -- document that.

2. As Unmount() is always used with MNT_DETACH flag, let's drop the
flags argument. This way, the only reason of EINVAL returned from
umount(2) can only be "target is not mounted".

3. While at it, remove the 'containerdmount' alias from the package.

Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
 2018-04-30 12:54:10 -07:00
Lantao Liu
279fa853a6 Always mount sysfs as rw. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-26 18:58:26 -07:00
Lantao Liu
daa9f6008c
Merge pull request #743 from Random-Liu/fix-sandbox-stop-race 
Fix sandbox stop race condition.
 2018-04-18 13:28:54 -07:00
Lantao Liu
856534c846 Fix sandbox stop race condition. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-18 10:12:33 -07:00
Lantao Liu
5cb4744f27 Fix portforward for host network. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-17 08:24:44 +00:00
Lantao Liu
69b3f3aeac Add socat back. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-11 01:53:24 +00:00
Lantao Liu
b09489de96
Merge pull request #727 from Random-Liu/fix-symlink-layer 
Support symlink layer in image import.
 2018-04-10 18:32:29 -07:00
Lantao Liu
9f85c48e4c Support symlink layer in image import. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-10 22:08:45 +00:00
Lantao Liu
3d0706c4e5
Merge pull request #691 from abhi/socat 
Getting rid of nsenter and socat
 2018-04-09 15:34:44 -07:00
abhi
02b952ec17 Getting rid of socat 
Signed-off-by: abhi <abhi@docker.com>
 2018-04-09 14:31:44 -07:00
Lantao Liu
304045491c
Merge pull request #725 from Random-Liu/fix-resolver-race 
Fix resolver race
 2018-04-09 13:10:44 -07:00
Lantao Liu
a68530c1e8 Port containerd fix #2276 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-09 18:36:06 +00:00
Lantao Liu
d8a3c5f254 Address comments. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-09 18:15:09 +00:00
Lantao Liu
b2099c2061 Add cni config template support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-04-07 06:34:45 +00:00
abhi
aeef99a76e Using netns to perform socat 
This commit removes the usage of nsenter and uses netns
to perform socat operation.

Signed-off-by: abhi <abhi@docker.com>
 2018-04-05 13:28:00 -07:00
Mike Brown
c7793564fc switches from not CA signed to self CA signed for streaming TLS 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-04-02 17:50:12 -05:00
Mike Brown
2f9f721b63 adds a new flag to enable TLS support insecure for now 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-04-02 12:27:55 -05:00
Lantao Liu
ed20174ce4 Add RunAsGroup support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-30 22:26:07 +00:00
Lantao Liu
be43ad09da Fix a log output. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-28 21:31:44 +00:00
Lantao Liu
277edb2d3b Fix event monitor panic. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-27 01:41:35 +00:00
Lantao Liu
f0655ecfe0 Use pause image from new source. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-26 07:11:41 +00:00
Lantao Liu
356a41c424
Merge pull request #697 from Random-Liu/fs-layout-change 
adds volatile state directory to the fs plan for cntrs/pods/fifo
 2018-03-23 19:24:19 -07:00
Lantao Liu
f4c9ef2647 Add symlink follow into unmount util. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-24 01:25:31 +00:00
Mike Brown
94df315de8 adds volatile state directory to the fs plan for cntrs/pods/fifo 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-03-24 00:05:52 +00:00
Lantao Liu
aa83a7a0aa Change for new containerd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-23 23:03:16 +00:00
Lantao Liu
c6fecb2115
Merge pull request #688 from Random-Liu/cleanup-kata-code 
Address comments for privileged runtime code.
 2018-03-22 23:01:31 -07:00
Lantao Liu
ca67f94ee0 Address comments for privileged runtime code. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-23 02:17:46 +00:00
Lantao Liu
55d512b98c Make const private. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-23 00:48:50 +00:00
Lantao Liu
5ae4de1cc2
Merge pull request #681 from mikebrow/tls-config 
adds tls certificate to tls config
 2018-03-22 17:34:04 -07:00
Mike Brown
89adb74414 adds tls certificate to tls config 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-03-22 09:42:31 -05:00
Nitesh Konkar
6a542c596b Bump pause container to multi-arch gcr.io/google-containers/pause:3.1 
Signed-off-by: Nitesh Konkar <niteshkonkar@in.ibm.com>
 2018-03-22 05:44:12 +00:00
Lantao Liu
9177cb16bc Remove omitempty from config json. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-21 07:28:25 +00:00
Jose Carlos Venegas Munoz
bdc5eee544 test: Add unit tests for privileged runtime functions 
- Add unit test for privilegedSandbox

- Add unit test  for getRuntime

Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
 2018-03-20 18:04:23 -06:00
Jose Carlos Venegas Munoz
ca16bd601a runtime: Add trusted runtime option 
Some CRI compatible runtimes may not support provileged operations.
Specifically hypervisor based runtimes (like kata-containers, cc-runtime
and runv) do not support privileged operations like:

- Provide access to the host namespaces
- Create fully privileged containers with access to host devices

Hypervisor based runtimes create container workloads within virtual machines.
When a running host privileged containers using them,
they wont provide support to requested the privileged opertations.

This commits add the new options to define two runtimes:

Trusted runtime : Used when a privileged container is requested.
Default runtime : for non-privileged workloads.

A container that belongs to a privileged pod will inherent this property
an will be created with the trusted runtime.

- Add options to define trusted runtime
- Add logic to decide if a sanbox is trusted
- Export annotation containers below to a trusted sandbox

Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
 2018-03-20 13:56:49 -06:00
Lantao Liu
387da59ee5 Rename all variables to remove "cricontainerd". 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-19 21:59:32 +00:00
Lantao Liu
e1fe1abff0 Use github.com/pkg/errors 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-17 02:24:38 +00:00
abhi
2bdf428eb7 Removing DAD config and updating plugins to v0.7.0 
Signed-off-by: abhi <abhi@docker.com>
 2018-03-16 14:46:46 -07:00
Lantao Liu
1dcbf4f742
Merge pull request #663 from abhi/cni 
Moving to use go-cni library from containerd
 2018-03-15 17:53:50 -07:00
Lantao Liu
5e5a5f50d1
Merge pull request #671 from Random-Liu/ctrcri-to-ctr-cri 
Ctrcri to ctr cri
 2018-03-15 17:14:59 -07:00
abhi
003bbd4292 Modifying fake cni plugin 
Signed-off-by: abhi <abhi@docker.com>
 2018-03-15 17:05:33 -07:00
Lantao Liu
7e67d96b9b Replace ctrcri with ctr cri. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-15 23:22:00 +00:00
Lantao Liu
d389af83a9 Cleanup event backoff. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-15 18:49:36 +00:00
yanxuean
c751847350 Handle containerd event reliably 
fix #434

Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2018-03-15 17:14:02 +08:00
yanxuean
7583bce4ab some comments 
Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2018-03-15 15:55:54 +08:00
abhi
92110e1d74 Moving to use go-cni library from containerd 
This fix aims to use the cni library form containerd.
The library avoid usage of nsenter.

Signed-off-by: abhi <abhi@docker.com>
 2018-03-14 19:25:54 -07:00
Mike Brown
d4e7154625 move links for cri-containerd to cri 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-03-13 17:06:26 -05:00
Lantao Liu
f0a500a390 Use direct function call. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-13 04:51:19 +00:00
Lantao Liu
80b2f751d3
Merge pull request #654 from stevvooe/simplify-stopch 
pkg/store: use a sync.Once to synchronize channel close
 2018-03-09 15:29:32 -08:00
Lantao Liu
e20c6eb8a8
Merge pull request #558 from Random-Liu/report-containerd-version 
Report containerd version instead of cri-containerd version.
 2018-03-09 15:25:32 -08:00
Stephen J Day
4ed26f3116
pkg/store: use a sync.Once to synchronize channel close 
Signed-off-by: Stephen J Day <stephen.day@docker.com>
 2018-03-09 14:43:16 -08:00
Abhinandan Prativadi
1f28f8d2fe
Merge pull request #650 from Random-Liu/fix-resolver 
Handles 401 in resolver.
 2018-03-07 10:59:43 -08:00
Lantao Liu
40c8372f0e Handles 401 in resolver. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-07 07:35:02 +00:00
Lantao Liu
f01c6d73a6 Fix cleanup context. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-07 07:05:27 +00:00
Lantao Liu
d3b112a989
Merge pull request #639 from Random-Liu/remove-standalone-mode 
Remove standalone mode
 2018-03-05 17:23:06 -08:00
Lantao Liu
ceb540d823 Fix potential panic. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-05 22:09:58 +00:00
Lantao Liu
d1e9960180 Remove standalone mode 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-05 21:45:20 +00:00
Lantao Liu
36b4c05354 Report containerd version instead of cri-containerd version. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-01 01:26:37 +00:00
Lantao Liu
f5390d01d6 Fix a potential panic 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-02-22 03:17:16 +00:00
Lantao Liu
6d538ccbf6 Do not block on stream server close. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-02-14 08:41:29 +00:00
Lantao Liu
a8264ec035 Support reopening container log. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-02-13 17:57:45 +00:00
Lantao Liu
6900cbdada Use mountpoint as image fs identifier. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-02-09 07:46:49 +00:00
Mike Brown
6e1c57ec01 update runc vendor and containerd 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-02-08 19:01:48 -06:00
Lantao Liu
46fc92f65f Use new namespace mode and support shared pid namespace. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-02-08 03:10:57 +00:00
Lantao Liu
605b4a7b6a Update imports 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-02-08 02:45:44 +00:00
Lantao Liu
047df7aca6
Merge pull request #602 from mikebrow/critools-install-minor-update 
update critools
 2018-02-07 18:44:37 -08:00
Mike Brown
edb2b2379d change crictl sandboxes to pods; other references to sandboxes 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-02-07 17:23:59 -06:00
Lantao Liu
8925ef90be Use trace support in containerd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-02-07 19:17:26 +00:00
Lantao Liu
2b8800df2b
Merge pull request #592 from Random-Liu/fix-registry-mirror 
Fix registry mirror.
 2018-02-02 15:37:29 -08:00
Lantao Liu
92995e29e5 Fix registry mirror. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-02-02 22:52:36 +00:00
Lantao Liu
d113c16802 Update ocicni to my fork. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-02-02 19:45:26 +00:00
Lantao Liu
7ddd9255b6 Add golang version in Status info. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-02-01 20:10:39 +00:00
Abhinandan Prativadi
8094fe69d4
Merge pull request #531 from abhi/registry-mirror 
Adding Registry Mirror support
 2018-01-31 13:01:25 -08:00
abhi
f3ccd85891 Adding Registry Mirror support 
This commit aims to add registy mirror support similar to
docker. The UI is similar to docker where user can
provide mirror urls and the image resolves against the provided
mirrors before fetching from default docker regitry mirror url.

Signed-off-by: abhi <abhi@docker.com>
 2018-01-31 10:47:34 -08:00
yason
6931a69881 add filter for containerd event 
Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2018-01-30 14:13:22 +08:00
Lantao Liu
4dfd8250fd Fix a privileged check. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-27 02:25:52 +00:00
Yanqiang Miao
61c1fdb098 Use channel to propagate the stop info of sandbox 
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2018-01-26 16:58:13 +08:00
Lantao Liu
f401662123
Merge pull request #571 from Random-Liu/do-not-list-task 
Avoid containerd access as much as possible.
 2018-01-25 16:13:43 -08:00
Lantao Liu
df58d6825d Avoid containerd access as much as possible. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-25 23:36:00 +00:00
Lantao Liu
e7f2a74a84 Add runtime cgroup and fix a cli panic. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-25 22:32:57 +00:00
Yanqiang Miao
c663d2423e Use channel to pass the stop info instead of polling for container stop 
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2018-01-25 11:07:54 +08:00
Lantao Liu
635e5747c0 Update containerd and leverage plugin graceful stop. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-23 22:46:46 +00:00
Lantao Liu
2b6f084f36 Disable IPv6 dad by default. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-22 23:54:16 +00:00
Lantao Liu
4e9ca399e1 Use containerd plugin config. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-19 02:25:03 +00:00
Lantao Liu
7d18d61674 Move cgroup and oom score setting to cmd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-19 01:35:36 +00:00
Lantao Liu
74d8880032
Merge pull request #552 from Random-Liu/use-containerd-grpc-server 
Use containerd grpc server
 2018-01-18 12:36:05 -08:00
Lantao Liu
62e6921145 Use containerd grpc server 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-18 18:51:18 +00:00
Lantao Liu
6fadb7f5e9 Minor code cleanup. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-18 07:31:16 +00:00
Lantao Liu
3d68005c04 Replace glog with logrus 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-17 21:57:31 +00:00
Lantao Liu
383a89b948 Add flags and utils for logrus 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-17 21:57:31 +00:00
Jose Carlos Venegas Munoz
b383b0261a Annotations: Provide container metadata for VM based runtimes 
For hypervisor-based container runtimes (like Kata Containers, Clear Containers
or runv) a pod will be created in a VM and then create containers within the VM.

When a runtime is requested for container commands like create and start, both
the instal "pause" container and next containers need to be added to the pod
namespace (same VM).

A runtime does not know if it needs to create/start a VM or if it needs to add a
container to an already running VM pod.

This patch adds a way to provide this information through container annotations.
When starting a container or a sandbox, 2 annotations are added:

- type (Container or Sandbox)
- sandbox name

This allow to a VM based runtime to decide if they need to create a pod VM or
container within the VM pod.

Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
 2018-01-17 09:57:20 -06:00
Lantao Liu
cdb1bf0946 Use new cio package. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-12 22:35:24 +00:00
Lantao Liu
8782f18d50 Add integration test for volume copy up. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-11 19:10:52 +00:00
Lantao Liu
54b3b4e0b0 Use graphdriver/copy instead of chrootarchive 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-11 19:10:11 +00:00
Lantao Liu
025ffe551f Rename kubernetes-incubator/cri-containerd to containerd/cri-containerd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-10 22:35:33 +00:00
Lantao Liu
5bfa5e451a
Merge pull request #528 from cpuguy83/skip_selinux_test 
Minor cleanup on selinux test
 2018-01-09 16:30:41 -08:00
Brian Goff
2a07847d67 Use t.Run() instead of t.Log() for subtest log 
Signed-off-by: Brian Goff <brian.goff@docker.com>
 2018-01-09 15:45:13 -05:00
Brian Goff
96484eb3e7 Use t.Skip() when selinux is not enabled 
Signed-off-by: Brian Goff <brian.goff@docker.com>
 2018-01-09 15:43:56 -05:00
Lantao Liu
dca05358dc Add flag to skip imagefs uuid related logic. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-08 18:41:13 +00:00
Lantao Liu
aee7a366f3
Merge pull request #525 from abhi/cniip 
Caching IP allocated by CNI plugin
 2018-01-05 00:27:48 -08:00
abhi
f1dbc0b375 Caching IP allocated by CNI plugin 
Signed-off-by: abhi <abhi@docker.com>
 2018-01-04 20:00:55 -08:00
Lantao Liu
31bc964195 Enable HostSpecific option in runtime-tools generator. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-03 19:04:47 +00:00
Lantao Liu
cebe1b39f7 Remove default rlimits. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-02 18:53:01 +00:00
Lantao Liu
b701b0e496 Add our own DeepCopy. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-12-16 00:23:14 +00:00
Lantao Liu
737efe70a7
Merge pull request #493 from Random-Liu/minor-cleanup 
Minor cleanup.
 2017-12-12 23:30:47 -08:00
Lantao Liu
e4753edf0a Minor cleanup. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-12-13 03:15:01 +00:00
yason
6c9a837b7a cleanup some comment for removeImage 
Signed-off-by: yason <yan.xuean@zte.com.cn>
 2017-12-13 10:07:52 +08:00
Lantao Liu
a9c7237e67
Merge pull request #470 from mikebrow/debug-image 
adding info map for verbose image status
 2017-12-12 15:09:57 -08:00
Mike Brown
31223fd5b1 adds oci image spec to image info placed into imagestore 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-12-12 15:58:07 -06:00
Lantao Liu
cbda4256cd
Merge pull request #487 from yanxuean/image-improve 
improve image
 2017-12-12 11:58:43 -08:00
Mike Brown
03ac989644 adding info map for verbose image status 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-12-12 13:44:08 -06:00
Lantao Liu
c9b279bb79
Merge pull request #479 from Random-Liu/improve-container-sandbox-status 
Improve container sandbox status
 2017-12-12 11:42:51 -08:00
yason
5f6d9a5fcc reliably remove image when content missing 
Signed-off-by: yason <yan.xuean@zte.com.cn>
 2017-12-12 18:44:59 +08:00
yason
4762b3e273 remove taskService and imageStoreService 
Signed-off-by: yason <yan.xuean@zte.com.cn>
 2017-12-12 16:51:22 +08:00
Lantao Liu
f4c572fba7 Add restart test for sandbox recovery. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-12-11 21:21:08 +00:00
Lantao Liu
dd017e6e6c Move less important function to the end. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-12-11 18:45:57 +00:00
Lantao Liu
b25b06577e Improve container and sandbox status. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-12-11 18:45:56 +00:00
yason
41c8763e2b improve calling for content 
Signed-off-by: yason <yan.xuean@zte.com.cn>
 2017-12-11 15:28:10 +08:00
Mike Brown
220411b73b adding info map for verbose pod status 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-12-05 19:40:39 -06:00
Lantao Liu
11eb24c26f
Merge pull request #475 from Random-Liu/order-container-status-fields 
Use one big info struct before we change info to an array.
 2017-12-05 14:37:36 -08:00
Lantao Liu
85b943eb47 Use one big info struct before we change info to an array. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-12-05 21:37:12 +00:00
Lantao Liu
266e49a3bf
Merge pull request #471 from yanxuean/improve-unmount 
Improve unmount for snapshot
 2017-12-05 09:54:05 -08:00
yason
2a25cf7c1f sync Unmount for snapshot 
best effort to remove temp dir for snapshot

Signed-off-by: yason <yan.xuean@zte.com.cn>
 2017-12-05 19:05:32 +08:00
Lantao Liu
572e354a2d Revert debug code. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-12-05 07:40:11 +00:00
Lantao Liu
562eb725c7
Merge pull request #458 from mikebrow/boilerplate-update 
fixes for boilerplate
 2017-12-04 10:03:41 -08:00
Mike Brown
bd6d530290
Merge pull request #463 from Random-Liu/dump-rootfs 
Check and dump rootfs.
 2017-12-03 09:23:04 -06:00
Lantao Liu
a23bdf25d8 Check and dump rootfs. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-12-03 11:39:54 +00:00
abhi
43c05efb22 Revert: Setting containerd shim cgroup same as pod cgroup 
Signed-off-by: abhi <abhi@docker.com>
 2017-12-01 16:03:38 -08:00
Mike Brown
009e40f280 correct some boilerplates 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-12-01 16:56:25 -06:00
Lantao Liu
181d7d5076 Move shim cgroup opts to pkg/containerd/opts. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-12-01 19:18:26 +00:00
abhi
0d6774f4af Setting containerd shim cgroup same as pod cgroup 
Signed-off-by: abhi <abhi@docker.com>
 2017-12-01 08:33:50 -08:00
Lantao Liu
0db6e04ba1
Merge pull request #447 from Random-Liu/update-containerd 
Update containerd to fix long exec issue.
 2017-11-30 12:58:24 -08:00
Lantao Liu
5ed43ea1a3 Update containerd to fix long exec issue. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-30 19:24:14 +00:00
Lantao Liu
dc7066d23f
Merge pull request #445 from mikebrow/debug-container 
adding some verbose debug
 2017-11-30 11:15:34 -08:00
Mike Brown
33b93fb1d0 adding some verbose debug 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-11-30 09:51:03 -06:00
Lantao Liu
200ba370a3
Merge pull request #438 from yanxuean/import-lease 
add lease for importer
 2017-11-29 10:18:37 -08:00
yanxuean
089df25492 add lease for importer 
fix #389

Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-11-29 14:02:54 +08:00
Lantao Liu
5f0fba4204 Update containerd and add synchronous image deletion. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-28 22:44:25 +00:00
Mike Brown
4934098e27
Merge pull request #440 from dnephin/use-oci-package 
Use containerd.oci package
 2017-11-28 16:41:26 -06:00
Daniel Nephin
85d3bf0660 Use SpecOpts from new oci package 
Signed-off-by: Daniel Nephin <dnephin@gmail.com>
 2017-11-28 15:30:11 -05:00
Brian Goff
f6fe36d17a Remove explicit unpack on all container creates 
This only performs an unpack if there is an error when creating the
container snapshot (and only if it's a "not found' error) since it should
already be unpacked.

Signed-off-by: Brian Goff <brian.goff@docker.com>
 2017-11-28 14:28:20 -05:00
Lantao Liu
4b4714eaca
Merge pull request #432 from mikebrow/vet-fixes 
fixing vet errors
 2017-11-27 12:03:30 -08:00
Lantao Liu
80c7d18703
Merge pull request #431 from Random-Liu/update-containerd 
Update containerd
 2017-11-27 12:03:18 -08:00
Lantao Liu
1b05f088b5
Merge pull request #375 from yanxuean/image-trunc 
support get image by truncindex
 2017-11-27 11:36:58 -08:00
yanxuean
50cb8a0571 update containerd for refactor 
fix #423

Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-11-27 19:24:14 +00:00
Mike Brown
983994dc87 fixing vet errors 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-11-27 13:13:21 -06:00
yanxuean
b4ebf2d7a7 improve localResolve 
Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-11-23 10:56:12 +08:00
yanxuean
cbe7f0dd5a use docker.digestSet store image truncid 
Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-11-23 10:55:59 +08:00
Lantao Liu
6104fcba3c
Merge pull request #421 from Random-Liu/add-new-cri-log-support 
Add new cri log support
 2017-11-21 13:09:57 -08:00
Lantao Liu
48726ecd27 Add support for CRI partial log. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-21 19:24:12 +00:00
Lantao Liu
76268ea242 Do not remove sandbox when netns is not closed. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-21 01:22:19 +00:00
Lantao Liu
3f80fe06ef Add simple unit test. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-16 23:04:33 +00:00
Lantao Liu
03aca5e82b Fix data race. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-14 05:35:44 +00:00
Lantao Liu
57f37ca66e Print full container spec for debugging. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-13 23:36:12 +00:00
Lantao Liu
01493463db Fix streaming deadlock. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-13 05:51:14 +00:00
Lantao Liu
3557cffbbb Fix container exec 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-10 21:03:29 +00:00
Lantao Liu
e41b6d3c24 Refactor container io code 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-10 21:03:29 +00:00
Lantao Liu
c4931c8409 Keep stdin open instead of opening when use it. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-09 09:28:30 +00:00
Lantao Liu
2433ae7539
Merge pull request #393 from abhi/labels 
Adding kube pod and container labels to containerd
 2017-11-07 23:39:20 -08:00
abhi
cd5886d647 Adding kube pod and container labels to containerd 
Currently we have the pod and container labels part of
containerd metadata extensions. However for third party users
like cadvisor that depend on standard kube labels will need
to be aware of the way metadata is stored in containerd to
fetch the labels.

Signed-off-by: abhi <abhi@docker.com>
 2017-11-07 22:19:19 -08:00
Lantao Liu
affc6e93a8
Merge pull request #397 from yanxuean/trunc-for-list 
Add truncindex for filter in List and Stat
 2017-11-07 00:41:03 -08:00
yanxuean
12bbbc0edc add unit test for listcontainer and listpodsandbox 
Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-11-07 15:57:29 +08:00
Lantao Liu
75e97dd168 Reverse the wrong logic for tty. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-07 02:03:44 +00:00
Lantao Liu
b9d4eda403
Merge pull request #401 from Random-Liu/add-comment 
Add comment for #398.
 2017-11-06 14:09:50 -08:00
Lantao Liu
68e74dc16a
Merge pull request #394 from Random-Liu/fix-container-streaming 
Various fixes for container streaming.
 2017-11-06 14:09:30 -08:00
Lantao Liu
6f97764171 Add comment for #398. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-06 20:54:50 +00:00
Lantao Liu
eec818e6ab Various fixes for container streaming. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-06 20:50:50 +00:00
Lantao Liu
e363c218d6
Merge pull request #395 from Random-Liu/fix-image-in-container-status 
Return image tag as image spec.
 2017-11-06 10:55:37 -08:00
Justin Cormack
913836474b Remove comment about whether other paths should be read only with ro root 
Since https://github.com/moby/moby/pull/35344 we clarified that this behaviour
was a mistake, and the read only flag should just apply to the actual rootfs,
so it corresponds to the OCI read-only option. Other mounts may be able to be
adjusted by re-specifying them or other means but this is unrelated.

Signed-off-by: Justin Cormack <justin.cormack@docker.com>
 2017-11-06 14:21:16 +00:00
yanxuean
6234337459 Add truncindex for filter in List and Stat 
fix #344
Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-11-06 16:47:43 +08:00
Lantao Liu
050ee1de95 Return image tag as image spec. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-06 06:05:49 +00:00
Lantao Liu
74abfe349d Add crictl config. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-06 05:28:58 +00:00
Lantao Liu
9f2de2cd02
Merge pull request #382 from miaoyq/return-config 
"Status" function return cri-containerd config in json format
 2017-11-02 20:41:31 -07:00
Lantao Liu
e19e043a4c
Merge pull request #386 from Random-Liu/fix-spammy-cni-log 
Get rid of spammy CNI log.
 2017-11-02 20:40:50 -07:00
Yanqiang Miao
9b71208be9 "Status" function return cri-containerd config in json format 
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-11-03 09:23:05 +08:00
Lantao Liu
73c2cb5632 Fix spammy CNI log. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-03 01:08:07 +00:00
Mike Brown
df6f4a3655 adds help for load command (#383) 
* adds help for load command

Signed-off-by: Mike Brown <brownwm@us.ibm.com>

* vendor restrom/dedent

Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-11-02 15:38:24 -07:00
Lantao Liu
8679d10733
Merge pull request #380 from Random-Liu/fix-deadlock 
Do not call `Usage` inside `Walk`.
 2017-11-01 22:04:10 +01:00
Lantao Liu
2453c03daa Do not call Usage inside Walk. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-11-01 18:11:11 +00:00
Lantao Liu
2cb1572667
Merge pull request #379 from yanxuean/unpack 
Use image.IsUnpacked
 2017-11-01 07:50:12 +01:00
yanxuean
9027a02e8e Use image.IsUnpacked 
fix #361
Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-11-01 13:51:25 +08:00
Lantao Liu
4eaaee380f Fix removing state recover. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-31 20:03:58 +00:00
Lantao Liu
4e6e1cab0d Add the missing container log path in container status. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-30 06:03:52 +00:00
Lantao Liu
1d14c11dcb
Merge pull request #368 from Random-Liu/not-log-output 
Do not log container output in error log.
 2017-10-28 05:50:14 +02:00
Lantao Liu
f2fa351a1f Do not log container output in error log. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-28 02:16:43 +00:00
Lantao Liu
6cded68bac
Merge pull request #360 from Random-Liu/add-image-load 
Add image load
 2017-10-28 00:43:20 +02:00
Lantao Liu
25fdf72692 Add image load. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-27 21:51:04 +00:00
Lantao Liu
32806fa375 Fix a log line and also set containerd log level to debug in node e2e. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-27 07:21:37 +00:00
Lantao Liu
f10cc58362 Revert "Put containerd-shim into pod cgroup" 
This reverts commit e9cf1d5909.

Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-27 05:33:55 +00:00
Lantao Liu
5e74cba0f0 Add log of generated id for debugging. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-27 00:11:16 +00:00
Lantao Liu
6c6b337e87 Merge pull request #358 from Random-Liu/unpack-when-creation 
Also unpack image during creation.
 2017-10-26 22:44:07 +02:00
Lantao Liu
acc3f74d5c Also unpack image during creation. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-26 17:57:53 +00:00
Yanqiang Miao
e9cf1d5909 Put containerd-shim into pod cgroup 
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-10-26 10:17:12 +08:00
Lantao Liu
698f0ea2ae Merge pull request #345 from yanxuean/imagereadiness 
check image readiness when recover
 2017-10-23 16:09:14 +02:00
yanxuean
9d06ac0e2b check image readiness when recover 
fix #303

Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-10-23 19:21:39 +08:00
Ian Campbell
d75e0882c4 typo: subtract not substract. 
Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-10-13 09:50:17 +01:00
yanxuean
3887b0a1a0 Add a flag to set OOMScore 
fix #337
Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-10-12 16:43:35 +08:00
Lantao Liu
885024f987 Merge pull request #295 from miaoyq/use-mount-lookup 
Get the mountInfo by 'LookupMount' in containerd
 2017-10-11 21:05:39 -07:00
Lantao Liu
61d598d00f Merge pull request #235 from yanxuean/truncindex 
Add Truncindex for container, sandbox and image
 2017-10-11 21:03:16 -07:00
Yanqiang Miao
c65921b16a Get the mountInfo by 'LookupMount' in containerd 
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-10-12 11:09:24 +08:00
yanxuean
5ee3423820 add truncindex 
fix #222

Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-10-12 10:32:20 +08:00
Lantao Liu
e4b818ff41 Merge pull request #342 from Random-Liu/update-kubernetes-containerd 
Update kubernetes and containerd.
 2017-10-11 00:23:24 -07:00
Lantao Liu
bde8b0517e Update kubernetes and containerd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-11 06:16:19 +00:00
Lantao Liu
6cb3d27ed3 Use device number to find uuid 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-09 06:10:43 +00:00
Lantao Liu
09d7d652e6 Change Version to return cri-containerd version instead. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-07 00:47:51 +00:00
Lantao Liu
e78c85f76b Use new container update function 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-06 17:57:26 +00:00
Lantao Liu
3a5ec1cf6e Merge pull request #328 from Random-Liu/fix-container-stats-panic 
Fix container stats panic.
 2017-10-04 21:45:19 -07:00
Lantao Liu
94b68ae662 Fix container stats panic. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-05 02:18:19 +00:00
Lantao Liu
0bcc95e4a1 Skip not exist image volume directory. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-04 22:43:24 +00:00
Lantao Liu
23b8330b44 Merge pull request #322 from miaoyq/fix-314 
Update kubernetes version to the PR#52395 and support `unconfined` apparmor
 2017-10-04 10:49:56 -07:00
Yanqiang Miao
9f656cdda4 Support unconfined apparmor 
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-10-04 09:50:27 +08:00
Lantao Liu
a81a47bf9b Fix update container resources 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-03 06:03:39 +00:00
Lantao Liu
a7b78d7622 Merge pull request #297 from ijc/use-stat-for-device-uuid-comparison 
Use stat_t.st_rdev to compare block devices
 2017-09-28 11:30:34 -07:00
Abhinandan Prativadi
1784b073bc Merge pull request #301 from Random-Liu/fix-container-stats 
Fix container stats.
 2017-09-28 06:02:42 -07:00
Lantao Liu
de6287d626 Fix container stats. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-28 05:49:44 +00:00
Lantao Liu
d6e04d871e Merge pull request #300 from Random-Liu/improve-some-error-message 
Better format several errors
 2017-09-27 22:47:15 -07:00
Lantao Liu
517f697f62 Better format several errors 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-28 01:15:06 +00:00
Lantao Liu
e723a5018b Merge pull request #293 from Random-Liu/cleanup-container-metrics 
Fix and cleanup container metrics
 2017-09-27 17:17:46 -07:00
Lantao Liu
97b6e82d98 Fix and cleanup container metrics 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-27 23:43:00 +00:00
Ian Campbell
11714fb6a3 Use stat_t.st_rdev to compare block devices 
I implemented /dev/disk/by-uuid on my platform but using absolute links (where
udev typically uses relative) which broke the code in `os.DeviceUUID`.

Rather than just patch that up directly instead stat both the target and
candidate devices and pick one with matching major:minor in st_rdev. This saves
manually building paths to resolve symlinks and I think should be more robust
overall.

I also removed the initial stat of /dev/disk/by-uuid, I believe
`ioutil.Readdir` will correctly return an error if the path does not exist.

Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-09-27 16:17:57 +01:00
Abhinandan Prativadi
66693196ac Setting timestamp for cpu and memory stats in nano seconds 
Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-09-27 07:06:25 -07:00
Lantao Liu
0e6e593481 Merge pull request #275 from mikebrow/config-for-containerd 
Adds support for configuring the containerd runtime engine
 2017-09-26 20:04:13 -07:00
Mike Brown
d8a3c6b018 adds support for configuring the containerd runtime engine 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-09-26 20:22:51 -05:00
Lantao Liu
e7a5001c3e Merge pull request #265 from abhinandanpb/metrics 
Adding container metrics support
 2017-09-26 13:57:17 -07:00
Abhinandan Prativadi
d0298944eb Adding container metrics 
Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-09-26 12:03:08 -07:00
Lantao Liu
cd57d063c5 Add systemd cgroup support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-26 06:44:30 +00:00
Lantao Liu
4231473df3 Address comments 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-25 23:09:44 +00:00
Lantao Liu
21233b22be Check seccomp enable and add unit test for seccomp/apparmor. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-25 23:09:26 +00:00
Lantao Liu
491400c892 Add ImageFsInfo support 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-25 21:02:29 +00:00
Lantao Liu
6363207315 Merge pull request #272 from Random-Liu/improve-selinux-apparmor-support 
Improve apparmor and selinux support.
 2017-09-22 15:09:59 -07:00
Lantao Liu
dd967cde8c Improve apparmor and selinux support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-22 20:46:31 +00:00
Lantao Liu
1fd8c2ffc3 Merge pull request #270 from Random-Liu/fix-checkpoint-recovery 
Fix checkpoint recovery.
 2017-09-22 00:48:00 -07:00
Lantao Liu
10df5f71a7 Merge pull request #212 from miaoyq/related-selinux 
Add build tags and Improve the test case of selinux
 2017-09-21 21:07:53 -07:00
Yanqiang Miao
7096027d21 Add build tags and Improve the test case of selinux 
- Add build tags
- Fixes a bug because of my negligence
- Improve the test case of selinux

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>

test
 2017-09-22 11:39:32 +08:00
Mike Brown
78a925f57b vendor for new seccomp helpers 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-09-21 17:37:50 -05:00
Mike Brown
c0a2d152d9 adds seccomp support 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-09-21 17:22:11 -05:00
Lantao Liu
ce9d27bd94 Fix checkpoint recovery. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-21 21:10:38 +00:00
Lantao Liu
e132f9c1ea Should register container/sandbox name after restart. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-21 21:06:24 +00:00
Lantao Liu
9015b6ec68 Merge pull request #209 from Random-Liu/checkpoint-recovery 
Checkpoint recovery
 2017-09-21 11:32:49 -07:00
Lantao Liu
cc1b0b6709 Add restart recovery logic. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-21 17:59:46 +00:00
Lantao Liu
90d6e44c22 Merge pull request #267 from Random-Liu/fix-apparmor 
Fix apparmor empty case.
 2017-09-20 21:53:28 -07:00
Lantao Liu
dd3421c3c7 Fix apparmor empty case. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-21 04:07:39 +00:00
Lantao Liu
5dbba596e6 Merge pull request #260 from yanxuean/use-containerd-extension 
Switch to containerd extension
 2017-09-20 10:36:57 -07:00
yanxuean
e1a7a0ea76 Switch to containerd extension 
fix #251

Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-09-21 00:15:10 +08:00
Lantao Liu
a2dbc6ec1c Merge pull request #261 from ijc/volume-copyup 
Implement volume copy up.
 2017-09-20 02:30:36 -07:00
Lantao Liu
9c533dca14 Merge pull request #262 from ijc/sandbox-getip-improvements 
Do not attempt to retrieve IP from host network namespace
 2017-09-20 02:22:07 -07:00
Ian Campbell
9c3c38d9ab Do not attempt to retrieve IP from host network namespace 
Since sandboxes which use the host network have no network namespace path this
would result in an invalid invocation of nsenter.

Rework the fetching of the sandbox to take this into account and also avoid
trying to get an IP when the network plugin is not yet ready.

Fixes #245.

Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-09-20 09:53:56 +01:00
Ian Campbell
8c6ba35038 Implement volume copy up. 
This pulls in and uses github.com/docker/docker/pkg/chrootarchive for the
actual copy up which is some battle hardened code to unpack avoiding things
like symlink traversal security issues.

However it does pull in a pretty huge pile of vendoring, including
github.com/docker/docker/pkg/reexec which we must then call at startup. It's
not immediately clear that this tradeoff is the correct one.

Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-09-20 09:52:27 +01:00
Lantao Liu
45f98a0b39 Fix one line of log, we are writing not reading. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-19 18:53:45 +00:00
Lantao Liu
437131299b Merge pull request #230 from miaoyq/ensure-mount-shared-slave 
Ensure the mount point is propagated
 2017-09-19 00:56:27 -07:00
Yanqiang Miao
49eb38a5d4 Ensure the mount point is propagated 
mount with `rshared`, the host path should be shared.
mount with `rslave`, the host pash should be shared or slave.

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-09-19 14:21:21 +08:00
Lantao Liu
06a305d7ea Merge pull request #255 from Random-Liu/use-config-in-service 
Use config in service.
 2017-09-17 22:37:06 -07:00
Lantao Liu
8a03d551da Merge pull request #252 from abhinandanpb/rshared 
Setting rootfs mount propagation if the mount type is rshared/shared
 2017-09-17 12:23:39 -07:00
Abhinandan Prativadi
abba4e22f6 Setting rootfspropagation if the mount type shared or slave 
This is needed by runc to mount volume for containers that expect
biderectional file updates or host to container updates.

Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-09-17 09:59:45 -07:00
Lantao Liu
71b0d0a043 Use config in service. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-17 06:46:40 +00:00
Lantao Liu
cd27050425 Add image volume support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-15 11:25:55 +01:00
Ian Campbell
e0079125d2 Move resolveSymbolicLink to OS package and stub out for tests 
Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-09-15 11:25:45 +01:00
Ian Campbell
56539bd3a4 Require generateContainerSpec passes during tests and abort if not 
This is achieved by switching `assert.NoError` to `require.NoError` in several
places.

Otherwise the test code will continue and dereference a nil spec, leading to a
panic which obscures the real failure.

Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-09-15 11:06:25 +01:00
Lantao Liu
1fadb5e573 Follow symlink for mount host path. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-12 07:12:03 +00:00
Lantao Liu
6cd0f77c4e Create host path is mount source does not exist. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-12 00:58:34 +00:00
Lantao Liu
9558ff2001 Merge pull request #233 from Random-Liu/remove-run-mount 
Remove `/run` mount for backward compatibility with docker.
 2017-09-09 13:55:33 -07:00
Lantao Liu
0bfcdd39ab Remove /run mount for backward compatibility with docker. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-09 07:34:00 +00:00
Lantao Liu
b074388460 Update containerd to v1.0.0-beta.0 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-09 04:46:02 +00:00
Lantao Liu
c4846745d6 Use WithNewSnapshot for sandbox container. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-09 03:59:58 +00:00
Lantao Liu
7a75a91578 Merge pull request #225 from Random-Liu/update-ocicni 
Update ocicni to 73f1309d6bc5c3eac78c1382408921cd771ff22e
 2017-09-06 21:04:45 -07:00
Lantao Liu
3e4b4234c6 Merge pull request #218 from miaoyq/fixes-185 
Update kubernetes version and support mount propagation
 2017-09-06 21:03:56 -07:00
Yanqiang Miao
9da460ec0a Support mount propagation 
fixex #185

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-09-07 08:58:20 +08:00
Lantao Liu
f36ef46b35 Use new ocicni. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-07 00:14:12 +00:00
Lantao Liu
2b6302d91d Remove an addressed TODO. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-06 23:29:27 +00:00
Lantao Liu
34319e025f Merge pull request #221 from ijc/writeable-rootfs-snapshot 
Always use a writeable snapshot as the rootfs.
 2017-09-06 15:10:28 -07:00
Ian Campbell
0161764ef5 Always use a writeable snapshot as the rootfs. 
This will be made readonly by runc based on spec.Root.Readonly (which we
already set correctly) but defering until then gives runc the chance to make
any missing mount points as it processes the spec.Mount array.

This is necessary because many container images lack mount points for things
like the /etc/hosts which we want to overbind. This is not noticed with e.g.
Docker because it automatically creates an additional layer containing those.
This is something we may want to do here as well eventually but for now using a
writeable snapshot is both necessary and sufficient.

The same does not apply to the sandbox since we never modify its rootfs or want
to mount anything in it etc, add a comment to clarify.

Fixes #220.

Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-09-06 22:20:14 +01:00
Lantao Liu
e06c2c59e0 Merge pull request #179 from Random-Liu/checkpoint-container-status 
Checkpoint container status onto disk.
 2017-09-06 13:51:38 -07:00
Lantao Liu
8569fa366e Merge pull request #215 from Random-Liu/add-capability-all 
Add "ALL" capabilities support.
 2017-09-05 18:14:36 -07:00
Lantao Liu
d02ecc4673 Add "ALL" capabilities support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-06 00:05:08 +00:00
Mike Brown
8a21e3f3c8 Merge pull request #206 from Random-Liu/ensure-remove-all 
Use EnsureRemoveAll
 2017-09-05 18:43:45 -05:00
Ian Campbell
1dea8fdfc4 Handle environment variables which containe spaces 
This avoids errors such as:

    spec: invalid environment variable "JAVA_OPTS=-Djava.security.egd=file:/dev/urandom"

use SplitN(2) to get the envvar name and value while allowing the value to
contain `=`.

Add some variables to the test data which have one or more `=` in the value.
Since this makes the resulting list of variables to check rather long split the
check in two and check the container config and image config derived values
independently.

Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-09-05 23:06:07 +01:00
Lantao Liu
adfabdaa35 Use EnsureRemoveAll 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-05 20:29:18 +00:00
Jamie Zhuang
915f5b0aea Make sandbox container image configurable 
Signed-off-by: Jamie Zhuang <lanchongyizu@gmail.com>
 2017-09-03 02:53:17 -04:00
Lantao Liu
c3cb1cfde8 Revert "Setting containerd shim cgroup same as pod cgroup" 
This reverts commit 59008c608e.

Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-02 04:20:55 +00:00
Lantao Liu
aa3635c75a Merge pull request #183 from Random-Liu/cri-containerd-exit-with-containerd 
Cri containerd exits with containerd
 2017-09-01 16:39:38 -07:00
Lantao Liu
c3e8c69aff Let cri-containerd exit with containerd 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-01 23:14:04 +00:00
Mike Brown
4f442de959 adds support for AppArmor 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-09-01 18:08:34 -05:00
Lantao Liu
4f449cec5f Merge pull request #202 from Random-Liu/fix-image-repo-digest 
Fix repo digest for schema 1 image.
 2017-09-01 16:01:05 -07:00
Lantao Liu
7121d251b0 Return image repo digest in container status. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-01 20:58:15 +00:00
Lantao Liu
5057c2d4fb Merge pull request #197 from Random-Liu/not-remove-out-dated-tag 
Do not remove out dated image tag.
 2017-09-01 00:48:37 -07:00
Lantao Liu
cfb5513a54 Fix repo digest for schema 1 image. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-01 07:18:02 +00:00
Lantao Liu
73bb6e3283 Do not remove out dated image tag. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-01 07:09:13 +00:00
Lantao Liu
9c49624174 Merge pull request #157 from miaoyq/apply-selinux-opt 
Support selinux options/label
 2017-08-31 16:30:30 -07:00
Abhinandan Prativadi
59008c608e Setting containerd shim cgroup same as pod cgroup 
Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-08-31 15:16:51 -07:00
Yanqiang Miao
0c3304e006 Support selinux options/label 
Support selinux optios/label

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-08-31 19:20:12 +08:00
Lantao Liu
ac4f238f48 Cleanup image operations. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-31 00:52:09 +00:00
Lantao Liu
130aa5ac0d Checkpoint container status onto disk. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-31 00:41:52 +00:00
Abhinandan Prativadi
e1edeae4c9 Adding option to configure cgroup to start cri-containerd 
Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-08-30 14:37:40 -07:00
Lantao Liu
c4d95aa2c4 Fix sandbox container snapshotter. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-30 18:33:59 +00:00
Lantao Liu
3f4978b77b Use rbind and rprivate in bind mount. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-30 01:40:03 +00:00
Lantao Liu
55ee423224 Merge pull request #175 from Random-Liu/disable-pid-ns-sharing 
Disable pid namespace sharing
 2017-08-29 13:14:18 -07:00
Lantao Liu
b73161627d Fix fifo files leakage. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-28 21:14:35 +00:00
Lantao Liu
3b2d29be46 Merge pull request #177 from miaoyq/related-to-173 
Exclude the event of sandbox containers from event stream
 2017-08-28 10:00:21 -07:00
Yanqiang Miao
b18542c586 Excloude the event of sandbox containers from event stream 
We should exclude the event of sandbox containers from event
stream in order to avoid outputting unexpected error print.

related #173

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-08-28 14:21:03 +08:00
Lantao Liu
f46cd1a71a Disable pid namespace sharing 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-28 05:44:46 +00:00
Lantao Liu
fda30c3ad2 Do not teardown when network namespace is removed already. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-28 05:10:30 +00:00
Lantao Liu
270e09ab26 Use containerd WithUserID. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-25 21:11:56 +00:00
Lantao Liu
980e8e8007 Merge pull request #168 from Random-Liu/add-run-as-user 
Add RunAsUser support
 2017-08-25 13:45:47 -07:00
Lantao Liu
60d8430ac1 Do not checkpoint sandbox pid. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-25 01:38:05 +00:00
Lantao Liu
a80df151d1 Add RunAsUsername support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-25 00:47:35 +00:00
Lantao Liu
e1f74f00a5 Various security related fixes 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-24 21:52:30 +00:00
Lantao Liu
a795927c5a Get CreatedAt from containerd instead of maintaining it ourselves. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-24 18:38:00 +00:00
Lantao Liu
73bb9696e8 Merge pull request #151 from Random-Liu/add-instrumented-service 
Add instrumented service.
 2017-08-24 11:26:39 -07:00
Lantao Liu
36da027c20 Merge pull request #138 from abhinandanpb/p_netns 
Creating sandbox namespace
 2017-08-24 11:26:21 -07:00
Lantao Liu
c6191122f2 Merge pull request #163 from abhinandanpb/containerd-alpha6 
Updating to container1.0-alpha
 2017-08-24 10:43:43 -07:00
Abhinandan Prativadi
5a119200b8 Creating permanent sandbox namespace 
This commit contains changes to create/delete permanent namespace
for a sandbox container.

Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-08-24 10:43:42 -07:00
zhangzhenhao
331e542c09 add the user id support of runAsUser 
Signed-off-by: zhangzhenhao <zhangzhenhao@outlook.com>
 2017-08-24 23:29:45 +08:00
Abhinandan Prativadi
728dced6a1 Updating to container1.0-alpha 
Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-08-23 23:17:21 -07:00
Lantao Liu
2faa665eb2 Merge pull request #155 from miaoyq/support-nonewprivileges 
Support NoNewPrivileges
 2017-08-23 20:58:38 -07:00
Yanqiang Miao
1aec120d5f Support NoNewPrivileges 
fixes #117

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-08-24 08:37:40 +08:00
Lantao Liu
45ee2e554a Add container attach support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-23 23:48:31 +00:00
Lantao Liu
77b703f1e7 Move generateID to util. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-23 23:46:55 +00:00
Lantao Liu
dd6e9fb88d Merge pull request #156 from yanxuean/metalabel 
Checkpoint and restart recovery
 2017-08-23 15:36:19 -07:00
yanxuean
d2757cb8f9 Checkpoint and restart recovery 
fix part of #120

Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-08-23 17:01:13 +08:00
Lantao Liu
195b52500f Add instrumented service. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-23 07:02:12 +00:00
Lantao Liu
7901f56367 Merge pull request #150 from Random-Liu/support-update-container-resources 
Support update container resources
 2017-08-22 23:28:48 -07:00
Lantao Liu
f6d99abcf4 Add hostport support 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-23 01:33:02 +00:00
Lantao Liu
8f898cb3b8 Import ocicni update from https://github.com/Random-Liu/ocicni 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-23 01:25:12 +00:00
Lantao Liu
a0589d37dd Implement container resources update 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-22 18:40:30 +00:00
Lantao Liu
d41c23e31d Update code to make it build 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-22 05:38:51 +00:00
Lantao Liu
50b01812ce Merge pull request #147 from miaoyq/group-all-privileged-logic 
Group all privileged logic together
 2017-08-21 18:43:06 -07:00
Yanqiang Miao
8adad23015 Group all privileged logic together 
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-08-22 09:16:37 +08:00
Lantao Liu
c05a7e74ee Add node e2e test CI. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-21 21:21:41 +00:00
Lantao Liu
dcc3cb2a05 Merge pull request #137 from Random-Liu/cleanup-with-new-client 
Some cleanup after switching to new client.
 2017-08-18 15:04:24 -07:00
Lantao Liu
ed640d3972 Some cleanup after switching to new client. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-18 21:04:38 +00:00
Lantao Liu
8e9a251f72 Merge pull request #135 from yanxuean/myfeature 
The parameters of InitCNI should be filled in reverse order
 2017-08-16 19:50:22 -07:00
yanxuean
8cc0347b0a The parameters of InitCNI should be filled in reverse order. 
fix  #131

Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-08-17 10:18:40 +08:00
Lantao Liu
f555bb1242 Add portforward support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-17 00:13:31 +00:00
Abhinandan Prativadi
32e0313418 Containerd client integration 
This commit:
1) Replaces the usage of containerd GRPC APIs with the containerd client for all operations related to containerd.
2) Updated containerd to v1.0alpha4+
3) Updated runc to v1.0.0

Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-08-16 14:43:22 -07:00
Lantao Liu
2427d332f0 Add TERM=xterm when tty=true. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-11 16:53:40 +00:00
Lantao Liu
86a0f6a59b Merge pull request #126 from miaoyq/change-defaut-spec 
Replace the original default spec with containerd default spec
 2017-08-10 14:25:23 -07:00
Yanqiang Miao
9cc93886ea Replace the original default spec with containerd default spec 
The original default spec contain `seccomp` configuration,
but some OS do not support this feature, such as ubuntu14.04,
and `make test-cri` always fail. The containerd default spec dosen't
contain `seccomp`, so I think we could replace the default spec
with containerd default spec.

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-08-10 20:31:03 +08:00
Mike Brown
8d37d97d01 sets sysctls from pod config annotations 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-08-09 18:42:04 -05:00
Lantao Liu
4c5cea9258 Handle device symlink. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-08 00:53:15 +00:00
Lantao Liu
54286313ce Add container Exec support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-07 22:49:06 +00:00
Lantao Liu
8b56c91ec5 Extract execInContainer 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-07 22:35:50 +00:00
Lantao Liu
bf270fae1c Use containerd client for container execsync. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-04 18:32:39 +00:00
Mike Brown
73748840da Swicth to 1.0.0-alpha2 containerd api. 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-08-02 23:21:37 +00:00
Lantao Liu
ffb69423ec Temporarily remove unit test relying on fake containerd services. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-07-31 22:42:10 +00:00
Lantao Liu
f4df66eaaf Remove old metadata store. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-07-28 23:35:31 +00:00
Lantao Liu
7b16a35287 Use new metadata store. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-07-28 23:35:31 +00:00
Lantao Liu
4317e6119a Remove sandbox truncindex. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-07-28 23:35:31 +00:00
Lantao Liu
a393f3a084 Add new metadata store. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-07-28 23:35:31 +00:00
Random-Liu
b398a161de Get runtime spec from container metadata. 
Signed-off-by: Random-Liu <lantaol@google.com>
 2017-07-28 16:26:20 +00:00
Lantao Liu
faf592069b Remove out-of-date TODOs. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-30 01:19:51 +00:00
Lantao Liu
4c48ad780f Do not teardown network namespace when using host network. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-29 01:30:04 +00:00
Lantao Liu
333ea04846 Merge pull request #95 from Random-Liu/fix-verify 
Remove unused fields and comments.
 2017-06-28 10:21:11 -07:00
Lantao Liu
7ddc85f3ca Remove unused fields and comments. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-28 16:59:35 +00:00
Lantao Liu
054bcfbf68 Merge pull request #91 from Random-Liu/support-oom-event 
Handle OOM event.
 2017-06-26 00:18:27 -07:00
Lantao Liu
a2f6f7f128 Handle OOM event. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-26 07:10:35 +00:00
Lantao Liu
14fd8401a2 Set sandbox container resource limit. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-23 01:23:53 +00:00
Lantao Liu
d5674be41f Add pull image authentication. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-22 18:41:02 +00:00
Lantao Liu
1bf09089b3 Register all possible repo tags and repo digests. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-21 20:20:34 +00:00
Lantao Liu
78b74a6a58 Merge pull request #85 from Random-Liu/update-cri 
Update CRI to d779e9c9561b732adf06263c5424889e7564fdbd.
 2017-06-21 13:18:24 -07:00
Lantao Liu
4d7735567c Merge pull request #82 from mikebrow/containerd-client-library 
Use containerd client library to connect to containerd services
 2017-06-20 19:03:18 -07:00
Lantao Liu
862d00a21c Update CRI to d779e9c9561b732adf06263c5424889e7564fdbd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-21 01:56:13 +00:00
Mike Brown
97063a0e34 switch to client provided services and address nits 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-06-20 19:19:14 -05:00
Mike Brown
0fe8c17fdf godeps udpate 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-06-20 19:18:48 -05:00
Mike Brown
20fc0227ae use containerd client library 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-06-20 19:18:29 -05:00
Lantao Liu
166778361e Merge pull request #84 from Random-Liu/use-orignal-pause-image 
Use gcr.io/google_containers/pause:3.0
 2017-06-20 16:04:12 -07:00
Lantao Liu
0321bef16a Use gcr.io/google_containers/pause:3.0 because we've supported schema 1. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-20 21:59:05 +00:00
Lantao Liu
7d5ea4401d Send stop signal specified in image config. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-20 21:11:20 +00:00
Lantao Liu
8524a4ef30 Add schema1 support, and use namespace k8s.io. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-19 18:44:00 +00:00
Lantao Liu
1f3a73d79e Merge pull request #72 from Random-Liu/add-exec-sync 
Add ExecSync.
 2017-06-16 16:58:50 -07:00
Lantao Liu
9b79201aa5 Add ExecSync. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-16 22:28:48 +00:00
Lantao Liu
53367bbd14 Stop/remove all containers when stop/remove sandbox. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-16 17:19:19 +00:00
Lantao Liu
7f9e0262ad Unmount /dev/shm when stop sandbox. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-16 17:18:14 +00:00
Lantao Liu
d6435996e2 Use new Kill task api. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-16 16:43:13 +00:00
Lantao Liu
5b7cbf1bc6 Create/remove sandbox container. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-16 16:43:13 +00:00
Lantao Liu
cb9e104cf1 Create/delete containerd containerd 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-16 16:43:13 +00:00
Lantao Liu
6ca9c65578 Rename more container to task. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-16 02:34:43 +00:00
Lantao Liu
bad279e0f6 Finish snapshot support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-16 02:34:43 +00:00
Mike Brown
484a326717 modify code to compile on updated containerd 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-06-15 23:14:21 +00:00
Lantao Liu
d4f7380f59 Merge pull request #73 from Random-Liu/fix-delete-race 
Fix Delete race.
 2017-06-14 14:04:24 -07:00
Lantao Liu
2ae22b33b7 Fix a race that fake execution client sends event to closed channel. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-14 01:50:33 +00:00
Lantao Liu
bd09d31777 Fix Delete race. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-14 01:36:21 +00:00
Lantao Liu
7050011faa Merge pull request #75 from Random-Liu/kill-with-0-timeout 
Kill container directly if timeout is 0.
 2017-06-13 15:41:01 -07:00
Lantao Liu
d381cfa831 Kill container directly if timeout is 0. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-13 19:29:02 +00:00
Lantao Liu
87ec0f89bf Add the missing loop in event handler. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-13 17:48:28 +00:00
Lantao Liu
479e8c3045 Merge pull request #70 from Random-Liu/mount-cgroup 
Mount cgroup into the container and add unit test for privileged mount.
 2017-06-12 14:14:07 -07:00
Lantao Liu
9b1708b408 Merge pull request #71 from Random-Liu/fix-capabilities 
Fix capabilities support.
 2017-06-12 09:34:48 -07:00
Lantao Liu
f247a0819d Fix capabilities support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-12 16:18:50 +00:00
Lantao Liu
9d5990fe4f Add sandbox /dev/shm. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-11 09:49:46 +00:00
Lantao Liu
5398a3b7ec Add mount/unmount in os interface 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-11 09:23:04 +00:00
Lantao Liu
ffa4ffe3bf Mount cgroup into the container and add unit test for privileged mount. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-11 02:23:59 +00:00
Lantao Liu
e9a930b28b Merge pull request #51 from heartlock/support-privileged 
Support privileged
 2017-06-10 17:30:57 -07:00
Lantao Liu
227dbe97f2 Merge pull request #50 from Crazykev/resolv 
Generate and maintain resolv.conf for sandbox
 2017-06-09 09:41:23 -07:00
Crazykev
62d1e5dc10 add unit test 
Signed-off-by: Crazykev <crazykev@zju.edu.cn>
 2017-06-09 19:36:30 +08:00
Crazykev
9bf7ffd51a generate and maintain resolv.conf for sandbox 
Signed-off-by: Crazykev <crazykev@zju.edu.cn>
 2017-06-09 19:36:30 +08:00
heartlock
dda03f733a support privileged 
Signed-off-by: heartlock <21521209@zju.edu.cn>
 2017-06-09 15:42:04 +08:00
Lantao Liu
f770d4fea3 Use containerd version returned by version service. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-07 22:04:09 +00:00
Lantao Liu
4eac00fe23 Add unit test. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-06 06:43:38 +00:00
Lantao Liu
88f4c252d6 Add sandbox /etc/hosts when using host network 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-06 06:43:38 +00:00
Lantao Liu
69fcf97583 Add unit test 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-02 16:36:02 +00:00
Lantao Liu
e657e1eb14 Add container logging support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-02 16:36:02 +00:00
Lantao Liu
95e0fc694f Cleanup some code. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-02 02:15:58 +00:00
Lantao Liu
a4e067cdff Merge pull request #53 from Random-Liu/add-other-small-functions 
Add other small functions
 2017-05-31 14:54:42 -07:00
Lantao Liu
0179d0fbaf Retry and backoff when lost connection with containerd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-05-31 21:33:52 +00:00
Lantao Liu
2df96e1654 Add unit test. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-05-31 19:11:56 +00:00
Lantao Liu
7c1a4c1fc1 Add Version, UpdateRuntimeConfig and Status. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-05-31 19:11:56 +00:00
Lantao Liu
dee95bc315 Add unit test. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-05-31 01:18:22 +00:00
Lantao Liu
80c973a550 Ensure container rootfs and apply image config 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-05-31 01:18:22 +00:00
Lantao Liu
6eb1ddb1f8 Add unit test. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-05-31 00:39:38 +00:00
Lantao Liu
eb20601c08 Pull sandbox image and apply image config 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-05-31 00:39:38 +00:00
Lantao Liu
60e28a9460 Minor cleanup. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-05-27 00:31:30 +00:00
Random-Liu
c3ac5f7533 Add image pull waiting. 
Signed-off-by: Random-Liu <lantaol@google.com>
 2017-05-27 00:12:00 +00:00
Random-Liu
bc7dfa2650 Update containerd version to 193abed96e. 
Signed-off-by: Random-Liu <lantaol@google.com>
 2017-05-27 00:07:48 +00:00
Random-Liu
8c1f26747a Add unit test. 
Signed-off-by: Random-Liu <lantaol@google.com>
 2017-05-26 23:52:31 +00:00
Random-Liu
b112418e7b Finish image management. 
Signed-off-by: Random-Liu <lantaol@google.com>
 2017-05-26 23:52:31 +00:00
Crazykev
49e7ef2153 update kubernetes vendor for new CRI change 
Signed-off-by: Crazykev <crazykev@zju.edu.cn>
 2017-05-24 10:25:55 +08:00
Lantao Liu
6ce1dc0167 Merge pull request #44 from Random-Liu/stop-on-cancellation 
Stop waiting on cancellation.
 2017-05-23 15:08:57 -07:00
Xianglin Gao
4a4414987f Add unit test 
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
 2017-05-23 18:30:20 +08:00
Xianglin Gao
6d2b9fabca And setup and teardown 
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
 2017-05-23 15:17:40 +08:00
Lantao Liu
84390cc6a7 Stop waiting on cancellation. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-05-23 05:47:48 +00:00
Xianglin Gao
c541515674 Add flags and initialize network plugin 
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
 2017-05-23 12:48:36 +08:00
Lantao Liu
10e3afbb23 Merge pull request #22 from Random-Liu/add-container-implementation 
Add container implementation
 2017-05-22 13:21:05 -07:00
Lantao Liu
322b6ef333 Add unit test. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-05-22 19:14:09 +00:00
Random-Liu
6ac71e5862 Add initial container implementation. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-05-22 19:14:09 +00:00
Lantao Liu
dea7ed3fcc Merge pull request #39 from mozhuli/enhance-fake-services 
Enhance fake services
 2017-05-17 09:03:48 -07:00
Lantao Liu
a397b69b09 Merge pull request #37 from mozhuli/add-fake-iamges-service 
Add fake images service
 2017-05-17 09:02:54 -07:00
mozhuli
938cbe3e74 Enhance fake services 
Signed-off-by: mozhuli <21621232@zju.edu.cn>
 2017-05-17 11:25:46 +08:00
mozhulee
e6b4c3e18c Add fake images service 
Signed-off-by: mozhuli <21621232@zju.edu.cn>
 2017-05-17 11:11:23 +08:00
Lantao Liu
b4f9911f0e Merge pull request #30 from mozhuli/master 
Add fake rootfs service
 2017-05-16 19:18:14 -07:00
mozhuli
0e56cab7c0 add fake rootfs service 
Signed-off-by: mozhuli <21621232@zju.edu.cn>
 2017-05-17 10:10:20 +08:00
Random-Liu
11fff60aff Add container metadata store. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-05-16 20:47:25 +00:00
Lantao Liu
2d2fcedf24 Return not exist error in metadata store 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-05-16 19:57:41 +00:00
Random-Liu
ca2167f17e Use docker/distribution library to resolve image reference. 
Signed-off-by: Random-Liu <lantaol@google.com>
 2017-05-12 13:57:05 -07:00
Random-Liu
e4e9f30c5d Add unit test. 
Signed-off-by: Random-Liu <lantaol@google.com>
 2017-05-12 13:14:25 -07:00
Random-Liu
bf28c7fc75 Add initial sandbox management implementation 
Signed-off-by: Random-Liu <lantaol@google.com>
 2017-05-12 13:14:11 -07:00
Lantao Liu
cdfdc8d33b Merge pull request #21 from mikebrow/image-management 
Initial implementation for image management
 2017-05-11 17:44:42 -07:00
Mike Brown
e5199c0cda initial implementation for image management 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-05-11 19:32:44 -05:00
Random-Liu
9baadc1b4b Enhance fake execution client. 
Signed-off-by: Random-Liu <lantaol@google.com>
 2017-05-10 10:03:18 -07:00
Lantao Liu
4c86ac9d21 Merge pull request #23 from heartlock/fake-execution-service 
Add fake execution service
 2017-05-03 22:56:58 -07:00
heartlock
c6138870e0 Add fake execution service 
Signed-off-by: heartlock <21521209@zju.edu.cn>
 2017-05-04 05:00:06 +00:00
Random-Liu
f61c974faf Add OS interface and fake implementation. 
Signed-off-by: Random-Liu <lantaol@google.com>
 2017-05-03 16:55:28 -07:00
Random-Liu
86997f00b2 Add unit test for metadata store 
Signed-off-by: Random-Liu <lantaol@google.com>
 2017-05-03 14:09:14 -07:00
Random-Liu
0e7fa9de9b Add a sandbox metadata store based on the metadata store 
Signed-off-by: Random-Liu <lantaol@google.com>
 2017-05-03 14:09:14 -07:00
Random-Liu
36246167d9 Add metadata store 
Signed-off-by: Random-Liu <lantaol@google.com>
 2017-05-03 14:09:14 -07:00
Christopher M. Luciano
683fd7f0e5
Add containerdVersion flag 
Add version flag that only prints the static version for the binary.

This commit does not include build details for containers since
Makefile does not build them.

Closes #8

Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>
 2017-04-24 14:46:16 -04:00
Mike Brown
11ba1cb54d initial makefile (#7) 
* adds initial makefile

Signed-off-by: Mike Brown <brownwm@us.ibm.com>

* clean up lint

Signed-off-by: Mike Brown <brownwm@us.ibm.com>

* presume path is set to contain gomealinter

Signed-off-by: Mike Brown <brownwm@us.ibm.com>

* addresses requested improvements

Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-04-18 21:17:14 -05:00
Random-Liu
f2925f58ac Add initial code framework 2017-04-14 19:04:26 -07:00