github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
10,081 Commits 3 Branches 2 Tags 112 MiB
adee2c7974
Commit Graph

1040 Commits

Author SHA1 Message Date
Lantao Liu
3a5ec1cf6e Merge pull request #328 from Random-Liu/fix-container-stats-panic 
Fix container stats panic.
 2017-10-04 21:45:19 -07:00
Lantao Liu
94b68ae662 Fix container stats panic. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-05 02:18:19 +00:00
Lantao Liu
0bcc95e4a1 Skip not exist image volume directory. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-04 22:43:24 +00:00
Lantao Liu
23b8330b44 Merge pull request #322 from miaoyq/fix-314 
Update kubernetes version to the PR#52395 and support `unconfined` apparmor
 2017-10-04 10:49:56 -07:00
Yanqiang Miao
9f656cdda4 Support unconfined apparmor 
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-10-04 09:50:27 +08:00
Lantao Liu
a81a47bf9b Fix update container resources 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-10-03 06:03:39 +00:00
Lantao Liu
a7b78d7622 Merge pull request #297 from ijc/use-stat-for-device-uuid-comparison 
Use stat_t.st_rdev to compare block devices
 2017-09-28 11:30:34 -07:00
Abhinandan Prativadi
1784b073bc Merge pull request #301 from Random-Liu/fix-container-stats 
Fix container stats.
 2017-09-28 06:02:42 -07:00
Lantao Liu
de6287d626 Fix container stats. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-28 05:49:44 +00:00
Lantao Liu
d6e04d871e Merge pull request #300 from Random-Liu/improve-some-error-message 
Better format several errors
 2017-09-27 22:47:15 -07:00
Lantao Liu
517f697f62 Better format several errors 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-28 01:15:06 +00:00
Lantao Liu
e723a5018b Merge pull request #293 from Random-Liu/cleanup-container-metrics 
Fix and cleanup container metrics
 2017-09-27 17:17:46 -07:00
Lantao Liu
97b6e82d98 Fix and cleanup container metrics 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-27 23:43:00 +00:00
Ian Campbell
11714fb6a3 Use stat_t.st_rdev to compare block devices 
I implemented /dev/disk/by-uuid on my platform but using absolute links (where
udev typically uses relative) which broke the code in `os.DeviceUUID`.

Rather than just patch that up directly instead stat both the target and
candidate devices and pick one with matching major:minor in st_rdev. This saves
manually building paths to resolve symlinks and I think should be more robust
overall.

I also removed the initial stat of /dev/disk/by-uuid, I believe
`ioutil.Readdir` will correctly return an error if the path does not exist.

Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-09-27 16:17:57 +01:00
Abhinandan Prativadi
66693196ac Setting timestamp for cpu and memory stats in nano seconds 
Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-09-27 07:06:25 -07:00
Lantao Liu
0e6e593481 Merge pull request #275 from mikebrow/config-for-containerd 
Adds support for configuring the containerd runtime engine
 2017-09-26 20:04:13 -07:00
Mike Brown
d8a3c6b018 adds support for configuring the containerd runtime engine 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-09-26 20:22:51 -05:00
Lantao Liu
e7a5001c3e Merge pull request #265 from abhinandanpb/metrics 
Adding container metrics support
 2017-09-26 13:57:17 -07:00
Abhinandan Prativadi
d0298944eb Adding container metrics 
Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-09-26 12:03:08 -07:00
Lantao Liu
cd57d063c5 Add systemd cgroup support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-26 06:44:30 +00:00
Lantao Liu
4231473df3 Address comments 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-25 23:09:44 +00:00
Lantao Liu
21233b22be Check seccomp enable and add unit test for seccomp/apparmor. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-25 23:09:26 +00:00
Lantao Liu
491400c892 Add ImageFsInfo support 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-25 21:02:29 +00:00
Lantao Liu
6363207315 Merge pull request #272 from Random-Liu/improve-selinux-apparmor-support 
Improve apparmor and selinux support.
 2017-09-22 15:09:59 -07:00
Lantao Liu
dd967cde8c Improve apparmor and selinux support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-22 20:46:31 +00:00
Lantao Liu
1fd8c2ffc3 Merge pull request #270 from Random-Liu/fix-checkpoint-recovery 
Fix checkpoint recovery.
 2017-09-22 00:48:00 -07:00
Lantao Liu
10df5f71a7 Merge pull request #212 from miaoyq/related-selinux 
Add build tags and Improve the test case of selinux
 2017-09-21 21:07:53 -07:00
Yanqiang Miao
7096027d21 Add build tags and Improve the test case of selinux 
- Add build tags
- Fixes a bug because of my negligence
- Improve the test case of selinux

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>

test
 2017-09-22 11:39:32 +08:00
Mike Brown
78a925f57b vendor for new seccomp helpers 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-09-21 17:37:50 -05:00
Mike Brown
c0a2d152d9 adds seccomp support 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-09-21 17:22:11 -05:00
Lantao Liu
ce9d27bd94 Fix checkpoint recovery. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-21 21:10:38 +00:00
Lantao Liu
e132f9c1ea Should register container/sandbox name after restart. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-21 21:06:24 +00:00
Lantao Liu
9015b6ec68 Merge pull request #209 from Random-Liu/checkpoint-recovery 
Checkpoint recovery
 2017-09-21 11:32:49 -07:00
Lantao Liu
cc1b0b6709 Add restart recovery logic. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-21 17:59:46 +00:00
Lantao Liu
90d6e44c22 Merge pull request #267 from Random-Liu/fix-apparmor 
Fix apparmor empty case.
 2017-09-20 21:53:28 -07:00
Lantao Liu
dd3421c3c7 Fix apparmor empty case. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-21 04:07:39 +00:00
Lantao Liu
5dbba596e6 Merge pull request #260 from yanxuean/use-containerd-extension 
Switch to containerd extension
 2017-09-20 10:36:57 -07:00
yanxuean
e1a7a0ea76 Switch to containerd extension 
fix #251

Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-09-21 00:15:10 +08:00
Lantao Liu
a2dbc6ec1c Merge pull request #261 from ijc/volume-copyup 
Implement volume copy up.
 2017-09-20 02:30:36 -07:00
Lantao Liu
9c533dca14 Merge pull request #262 from ijc/sandbox-getip-improvements 
Do not attempt to retrieve IP from host network namespace
 2017-09-20 02:22:07 -07:00
Ian Campbell
9c3c38d9ab Do not attempt to retrieve IP from host network namespace 
Since sandboxes which use the host network have no network namespace path this
would result in an invalid invocation of nsenter.

Rework the fetching of the sandbox to take this into account and also avoid
trying to get an IP when the network plugin is not yet ready.

Fixes #245.

Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-09-20 09:53:56 +01:00
Ian Campbell
8c6ba35038 Implement volume copy up. 
This pulls in and uses github.com/docker/docker/pkg/chrootarchive for the
actual copy up which is some battle hardened code to unpack avoiding things
like symlink traversal security issues.

However it does pull in a pretty huge pile of vendoring, including
github.com/docker/docker/pkg/reexec which we must then call at startup. It's
not immediately clear that this tradeoff is the correct one.

Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-09-20 09:52:27 +01:00
Lantao Liu
45f98a0b39 Fix one line of log, we are writing not reading. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-19 18:53:45 +00:00
Lantao Liu
437131299b Merge pull request #230 from miaoyq/ensure-mount-shared-slave 
Ensure the mount point is propagated
 2017-09-19 00:56:27 -07:00
Yanqiang Miao
49eb38a5d4 Ensure the mount point is propagated 
mount with `rshared`, the host path should be shared.
mount with `rslave`, the host pash should be shared or slave.

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-09-19 14:21:21 +08:00
Lantao Liu
06a305d7ea Merge pull request #255 from Random-Liu/use-config-in-service 
Use config in service.
 2017-09-17 22:37:06 -07:00
Lantao Liu
8a03d551da Merge pull request #252 from abhinandanpb/rshared 
Setting rootfs mount propagation if the mount type is rshared/shared
 2017-09-17 12:23:39 -07:00
Abhinandan Prativadi
abba4e22f6 Setting rootfspropagation if the mount type shared or slave 
This is needed by runc to mount volume for containers that expect
biderectional file updates or host to container updates.

Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-09-17 09:59:45 -07:00
Lantao Liu
71b0d0a043 Use config in service. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-17 06:46:40 +00:00
Lantao Liu
cd27050425 Add image volume support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-15 11:25:55 +01:00
Ian Campbell
e0079125d2 Move resolveSymbolicLink to OS package and stub out for tests 
Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-09-15 11:25:45 +01:00
Ian Campbell
56539bd3a4 Require generateContainerSpec passes during tests and abort if not 
This is achieved by switching `assert.NoError` to `require.NoError` in several
places.

Otherwise the test code will continue and dereference a nil spec, leading to a
panic which obscures the real failure.

Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-09-15 11:06:25 +01:00
Lantao Liu
1fadb5e573 Follow symlink for mount host path. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-12 07:12:03 +00:00
Lantao Liu
6cd0f77c4e Create host path is mount source does not exist. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-12 00:58:34 +00:00
Lantao Liu
9558ff2001 Merge pull request #233 from Random-Liu/remove-run-mount 
Remove `/run` mount for backward compatibility with docker.
 2017-09-09 13:55:33 -07:00
Lantao Liu
0bfcdd39ab Remove /run mount for backward compatibility with docker. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-09 07:34:00 +00:00
Lantao Liu
b074388460 Update containerd to v1.0.0-beta.0 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-09 04:46:02 +00:00
Lantao Liu
c4846745d6 Use WithNewSnapshot for sandbox container. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-09 03:59:58 +00:00
Lantao Liu
7a75a91578 Merge pull request #225 from Random-Liu/update-ocicni 
Update ocicni to 73f1309d6bc5c3eac78c1382408921cd771ff22e
 2017-09-06 21:04:45 -07:00
Lantao Liu
3e4b4234c6 Merge pull request #218 from miaoyq/fixes-185 
Update kubernetes version and support mount propagation
 2017-09-06 21:03:56 -07:00
Yanqiang Miao
9da460ec0a Support mount propagation 
fixex #185

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-09-07 08:58:20 +08:00
Lantao Liu
f36ef46b35 Use new ocicni. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-07 00:14:12 +00:00
Lantao Liu
2b6302d91d Remove an addressed TODO. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-06 23:29:27 +00:00
Lantao Liu
34319e025f Merge pull request #221 from ijc/writeable-rootfs-snapshot 
Always use a writeable snapshot as the rootfs.
 2017-09-06 15:10:28 -07:00
Ian Campbell
0161764ef5 Always use a writeable snapshot as the rootfs. 
This will be made readonly by runc based on spec.Root.Readonly (which we
already set correctly) but defering until then gives runc the chance to make
any missing mount points as it processes the spec.Mount array.

This is necessary because many container images lack mount points for things
like the /etc/hosts which we want to overbind. This is not noticed with e.g.
Docker because it automatically creates an additional layer containing those.
This is something we may want to do here as well eventually but for now using a
writeable snapshot is both necessary and sufficient.

The same does not apply to the sandbox since we never modify its rootfs or want
to mount anything in it etc, add a comment to clarify.

Fixes #220.

Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-09-06 22:20:14 +01:00
Lantao Liu
e06c2c59e0 Merge pull request #179 from Random-Liu/checkpoint-container-status 
Checkpoint container status onto disk.
 2017-09-06 13:51:38 -07:00
Lantao Liu
8569fa366e Merge pull request #215 from Random-Liu/add-capability-all 
Add "ALL" capabilities support.
 2017-09-05 18:14:36 -07:00
Lantao Liu
d02ecc4673 Add "ALL" capabilities support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-06 00:05:08 +00:00
Mike Brown
8a21e3f3c8 Merge pull request #206 from Random-Liu/ensure-remove-all 
Use EnsureRemoveAll
 2017-09-05 18:43:45 -05:00
Ian Campbell
1dea8fdfc4 Handle environment variables which containe spaces 
This avoids errors such as:

    spec: invalid environment variable "JAVA_OPTS=-Djava.security.egd=file:/dev/urandom"

use SplitN(2) to get the envvar name and value while allowing the value to
contain `=`.

Add some variables to the test data which have one or more `=` in the value.
Since this makes the resulting list of variables to check rather long split the
check in two and check the container config and image config derived values
independently.

Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-09-05 23:06:07 +01:00
Lantao Liu
adfabdaa35 Use EnsureRemoveAll 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-05 20:29:18 +00:00
Jamie Zhuang
915f5b0aea Make sandbox container image configurable 
Signed-off-by: Jamie Zhuang <lanchongyizu@gmail.com>
 2017-09-03 02:53:17 -04:00
Lantao Liu
c3cb1cfde8 Revert "Setting containerd shim cgroup same as pod cgroup" 
This reverts commit 59008c608e.

Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-02 04:20:55 +00:00
Lantao Liu
aa3635c75a Merge pull request #183 from Random-Liu/cri-containerd-exit-with-containerd 
Cri containerd exits with containerd
 2017-09-01 16:39:38 -07:00
Lantao Liu
c3e8c69aff Let cri-containerd exit with containerd 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-01 23:14:04 +00:00
Mike Brown
4f442de959 adds support for AppArmor 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-09-01 18:08:34 -05:00
Lantao Liu
4f449cec5f Merge pull request #202 from Random-Liu/fix-image-repo-digest 
Fix repo digest for schema 1 image.
 2017-09-01 16:01:05 -07:00
Lantao Liu
7121d251b0 Return image repo digest in container status. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-01 20:58:15 +00:00
Lantao Liu
5057c2d4fb Merge pull request #197 from Random-Liu/not-remove-out-dated-tag 
Do not remove out dated image tag.
 2017-09-01 00:48:37 -07:00
Lantao Liu
cfb5513a54 Fix repo digest for schema 1 image. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-01 07:18:02 +00:00
Lantao Liu
73bb6e3283 Do not remove out dated image tag. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-01 07:09:13 +00:00
Lantao Liu
9c49624174 Merge pull request #157 from miaoyq/apply-selinux-opt 
Support selinux options/label
 2017-08-31 16:30:30 -07:00
Abhinandan Prativadi
59008c608e Setting containerd shim cgroup same as pod cgroup 
Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-08-31 15:16:51 -07:00
Yanqiang Miao
0c3304e006 Support selinux options/label 
Support selinux optios/label

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-08-31 19:20:12 +08:00
Lantao Liu
ac4f238f48 Cleanup image operations. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-31 00:52:09 +00:00
Lantao Liu
130aa5ac0d Checkpoint container status onto disk. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-31 00:41:52 +00:00
Abhinandan Prativadi
e1edeae4c9 Adding option to configure cgroup to start cri-containerd 
Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-08-30 14:37:40 -07:00
Lantao Liu
c4d95aa2c4 Fix sandbox container snapshotter. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-30 18:33:59 +00:00
Lantao Liu
3f4978b77b Use rbind and rprivate in bind mount. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-30 01:40:03 +00:00
Lantao Liu
55ee423224 Merge pull request #175 from Random-Liu/disable-pid-ns-sharing 
Disable pid namespace sharing
 2017-08-29 13:14:18 -07:00
Lantao Liu
b73161627d Fix fifo files leakage. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-28 21:14:35 +00:00
Lantao Liu
3b2d29be46 Merge pull request #177 from miaoyq/related-to-173 
Exclude the event of sandbox containers from event stream
 2017-08-28 10:00:21 -07:00
Yanqiang Miao
b18542c586 Excloude the event of sandbox containers from event stream 
We should exclude the event of sandbox containers from event
stream in order to avoid outputting unexpected error print.

related #173

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-08-28 14:21:03 +08:00
Lantao Liu
f46cd1a71a Disable pid namespace sharing 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-28 05:44:46 +00:00
Lantao Liu
fda30c3ad2 Do not teardown when network namespace is removed already. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-28 05:10:30 +00:00
Lantao Liu
270e09ab26 Use containerd WithUserID. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-25 21:11:56 +00:00
Lantao Liu
980e8e8007 Merge pull request #168 from Random-Liu/add-run-as-user 
Add RunAsUser support
 2017-08-25 13:45:47 -07:00
Lantao Liu
60d8430ac1 Do not checkpoint sandbox pid. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-25 01:38:05 +00:00
Lantao Liu
a80df151d1 Add RunAsUsername support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-25 00:47:35 +00:00
Lantao Liu
e1f74f00a5 Various security related fixes 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-24 21:52:30 +00:00
Lantao Liu
a795927c5a Get CreatedAt from containerd instead of maintaining it ourselves. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-24 18:38:00 +00:00
Lantao Liu
73bb9696e8 Merge pull request #151 from Random-Liu/add-instrumented-service 
Add instrumented service.
 2017-08-24 11:26:39 -07:00
Lantao Liu
36da027c20 Merge pull request #138 from abhinandanpb/p_netns 
Creating sandbox namespace
 2017-08-24 11:26:21 -07:00
Lantao Liu
c6191122f2 Merge pull request #163 from abhinandanpb/containerd-alpha6 
Updating to container1.0-alpha
 2017-08-24 10:43:43 -07:00
Abhinandan Prativadi
5a119200b8 Creating permanent sandbox namespace 
This commit contains changes to create/delete permanent namespace
for a sandbox container.

Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-08-24 10:43:42 -07:00
zhangzhenhao
331e542c09 add the user id support of runAsUser 
Signed-off-by: zhangzhenhao <zhangzhenhao@outlook.com>
 2017-08-24 23:29:45 +08:00
Abhinandan Prativadi
728dced6a1 Updating to container1.0-alpha 
Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-08-23 23:17:21 -07:00
Lantao Liu
2faa665eb2 Merge pull request #155 from miaoyq/support-nonewprivileges 
Support NoNewPrivileges
 2017-08-23 20:58:38 -07:00
Yanqiang Miao
1aec120d5f Support NoNewPrivileges 
fixes #117

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-08-24 08:37:40 +08:00
Lantao Liu
45ee2e554a Add container attach support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-23 23:48:31 +00:00
Lantao Liu
77b703f1e7 Move generateID to util. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-23 23:46:55 +00:00
Lantao Liu
dd6e9fb88d Merge pull request #156 from yanxuean/metalabel 
Checkpoint and restart recovery
 2017-08-23 15:36:19 -07:00
yanxuean
d2757cb8f9 Checkpoint and restart recovery 
fix part of #120

Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-08-23 17:01:13 +08:00
Lantao Liu
195b52500f Add instrumented service. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-23 07:02:12 +00:00
Lantao Liu
7901f56367 Merge pull request #150 from Random-Liu/support-update-container-resources 
Support update container resources
 2017-08-22 23:28:48 -07:00
Lantao Liu
f6d99abcf4 Add hostport support 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-23 01:33:02 +00:00
Lantao Liu
8f898cb3b8 Import ocicni update from https://github.com/Random-Liu/ocicni 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-23 01:25:12 +00:00
Lantao Liu
a0589d37dd Implement container resources update 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-22 18:40:30 +00:00
Lantao Liu
d41c23e31d Update code to make it build 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-22 05:38:51 +00:00
Lantao Liu
50b01812ce Merge pull request #147 from miaoyq/group-all-privileged-logic 
Group all privileged logic together
 2017-08-21 18:43:06 -07:00
Yanqiang Miao
8adad23015 Group all privileged logic together 
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-08-22 09:16:37 +08:00
Lantao Liu
c05a7e74ee Add node e2e test CI. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-21 21:21:41 +00:00
Lantao Liu
dcc3cb2a05 Merge pull request #137 from Random-Liu/cleanup-with-new-client 
Some cleanup after switching to new client.
 2017-08-18 15:04:24 -07:00
Lantao Liu
ed640d3972 Some cleanup after switching to new client. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-18 21:04:38 +00:00
Lantao Liu
8e9a251f72 Merge pull request #135 from yanxuean/myfeature 
The parameters of InitCNI should be filled in reverse order
 2017-08-16 19:50:22 -07:00
yanxuean
8cc0347b0a The parameters of InitCNI should be filled in reverse order. 
fix  #131

Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-08-17 10:18:40 +08:00
Lantao Liu
f555bb1242 Add portforward support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-17 00:13:31 +00:00
Abhinandan Prativadi
32e0313418 Containerd client integration 
This commit:
1) Replaces the usage of containerd GRPC APIs with the containerd client for all operations related to containerd.
2) Updated containerd to v1.0alpha4+
3) Updated runc to v1.0.0

Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-08-16 14:43:22 -07:00
Lantao Liu
2427d332f0 Add TERM=xterm when tty=true. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-11 16:53:40 +00:00
Lantao Liu
86a0f6a59b Merge pull request #126 from miaoyq/change-defaut-spec 
Replace the original default spec with containerd default spec
 2017-08-10 14:25:23 -07:00
Yanqiang Miao
9cc93886ea Replace the original default spec with containerd default spec 
The original default spec contain `seccomp` configuration,
but some OS do not support this feature, such as ubuntu14.04,
and `make test-cri` always fail. The containerd default spec dosen't
contain `seccomp`, so I think we could replace the default spec
with containerd default spec.

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-08-10 20:31:03 +08:00
Mike Brown
8d37d97d01 sets sysctls from pod config annotations 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-08-09 18:42:04 -05:00
Lantao Liu
4c5cea9258 Handle device symlink. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-08 00:53:15 +00:00
Lantao Liu
54286313ce Add container Exec support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-07 22:49:06 +00:00
Lantao Liu
8b56c91ec5 Extract execInContainer 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-07 22:35:50 +00:00
Lantao Liu
bf270fae1c Use containerd client for container execsync. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-04 18:32:39 +00:00
Mike Brown
73748840da Swicth to 1.0.0-alpha2 containerd api. 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-08-02 23:21:37 +00:00
Lantao Liu
ffb69423ec Temporarily remove unit test relying on fake containerd services. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-07-31 22:42:10 +00:00
Lantao Liu
f4df66eaaf Remove old metadata store. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-07-28 23:35:31 +00:00
Lantao Liu
7b16a35287 Use new metadata store. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-07-28 23:35:31 +00:00
Lantao Liu
4317e6119a Remove sandbox truncindex. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-07-28 23:35:31 +00:00
Lantao Liu
a393f3a084 Add new metadata store. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-07-28 23:35:31 +00:00
Random-Liu
b398a161de Get runtime spec from container metadata. 
Signed-off-by: Random-Liu <lantaol@google.com>
 2017-07-28 16:26:20 +00:00
Lantao Liu
faf592069b Remove out-of-date TODOs. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-30 01:19:51 +00:00
Lantao Liu
4c48ad780f Do not teardown network namespace when using host network. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-29 01:30:04 +00:00
Lantao Liu
333ea04846 Merge pull request #95 from Random-Liu/fix-verify 
Remove unused fields and comments.
 2017-06-28 10:21:11 -07:00
Lantao Liu
7ddc85f3ca Remove unused fields and comments. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-28 16:59:35 +00:00
Lantao Liu
054bcfbf68 Merge pull request #91 from Random-Liu/support-oom-event 
Handle OOM event.
 2017-06-26 00:18:27 -07:00
Lantao Liu
a2f6f7f128 Handle OOM event. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-26 07:10:35 +00:00
Lantao Liu
14fd8401a2 Set sandbox container resource limit. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-23 01:23:53 +00:00
Lantao Liu
d5674be41f Add pull image authentication. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-22 18:41:02 +00:00
Lantao Liu
1bf09089b3 Register all possible repo tags and repo digests. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-21 20:20:34 +00:00
Lantao Liu
78b74a6a58 Merge pull request #85 from Random-Liu/update-cri 
Update CRI to d779e9c9561b732adf06263c5424889e7564fdbd.
 2017-06-21 13:18:24 -07:00
Lantao Liu
4d7735567c Merge pull request #82 from mikebrow/containerd-client-library 
Use containerd client library to connect to containerd services
 2017-06-20 19:03:18 -07:00
Lantao Liu
862d00a21c Update CRI to d779e9c9561b732adf06263c5424889e7564fdbd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-21 01:56:13 +00:00
Mike Brown
97063a0e34 switch to client provided services and address nits 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-06-20 19:19:14 -05:00
Mike Brown
0fe8c17fdf godeps udpate 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-06-20 19:18:48 -05:00
Mike Brown
20fc0227ae use containerd client library 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-06-20 19:18:29 -05:00
Lantao Liu
166778361e Merge pull request #84 from Random-Liu/use-orignal-pause-image 
Use gcr.io/google_containers/pause:3.0
 2017-06-20 16:04:12 -07:00
Lantao Liu
0321bef16a Use gcr.io/google_containers/pause:3.0 because we've supported schema 1. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-20 21:59:05 +00:00
Lantao Liu
7d5ea4401d Send stop signal specified in image config. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-20 21:11:20 +00:00
Lantao Liu
8524a4ef30 Add schema1 support, and use namespace k8s.io. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-19 18:44:00 +00:00
Lantao Liu
1f3a73d79e Merge pull request #72 from Random-Liu/add-exec-sync 
Add ExecSync.
 2017-06-16 16:58:50 -07:00
Lantao Liu
9b79201aa5 Add ExecSync. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-16 22:28:48 +00:00
Lantao Liu
53367bbd14 Stop/remove all containers when stop/remove sandbox. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-16 17:19:19 +00:00
Lantao Liu
7f9e0262ad Unmount /dev/shm when stop sandbox. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-16 17:18:14 +00:00
Lantao Liu
d6435996e2 Use new Kill task api. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-16 16:43:13 +00:00
Lantao Liu
5b7cbf1bc6 Create/remove sandbox container. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-16 16:43:13 +00:00
Lantao Liu
cb9e104cf1 Create/delete containerd containerd 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-16 16:43:13 +00:00
Lantao Liu
6ca9c65578 Rename more container to task. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-16 02:34:43 +00:00
Lantao Liu
bad279e0f6 Finish snapshot support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-16 02:34:43 +00:00
Mike Brown
484a326717 modify code to compile on updated containerd 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-06-15 23:14:21 +00:00
Lantao Liu
d4f7380f59 Merge pull request #73 from Random-Liu/fix-delete-race 
Fix Delete race.
 2017-06-14 14:04:24 -07:00
Lantao Liu
2ae22b33b7 Fix a race that fake execution client sends event to closed channel. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-14 01:50:33 +00:00
Lantao Liu
bd09d31777 Fix Delete race. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-14 01:36:21 +00:00
Lantao Liu
7050011faa Merge pull request #75 from Random-Liu/kill-with-0-timeout 
Kill container directly if timeout is 0.
 2017-06-13 15:41:01 -07:00
Lantao Liu
d381cfa831 Kill container directly if timeout is 0. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-13 19:29:02 +00:00
Lantao Liu
87ec0f89bf Add the missing loop in event handler. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-13 17:48:28 +00:00
Lantao Liu
479e8c3045 Merge pull request #70 from Random-Liu/mount-cgroup 
Mount cgroup into the container and add unit test for privileged mount.
 2017-06-12 14:14:07 -07:00
Lantao Liu
9b1708b408 Merge pull request #71 from Random-Liu/fix-capabilities 
Fix capabilities support.
 2017-06-12 09:34:48 -07:00
Lantao Liu
f247a0819d Fix capabilities support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-12 16:18:50 +00:00
Lantao Liu
9d5990fe4f Add sandbox /dev/shm. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-11 09:49:46 +00:00
Lantao Liu
5398a3b7ec Add mount/unmount in os interface 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-11 09:23:04 +00:00
Lantao Liu
ffa4ffe3bf Mount cgroup into the container and add unit test for privileged mount. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-11 02:23:59 +00:00
Lantao Liu
e9a930b28b Merge pull request #51 from heartlock/support-privileged 
Support privileged
 2017-06-10 17:30:57 -07:00
Lantao Liu
227dbe97f2 Merge pull request #50 from Crazykev/resolv 
Generate and maintain resolv.conf for sandbox
 2017-06-09 09:41:23 -07:00
Crazykev
62d1e5dc10 add unit test 
Signed-off-by: Crazykev <crazykev@zju.edu.cn>
 2017-06-09 19:36:30 +08:00
Crazykev
9bf7ffd51a generate and maintain resolv.conf for sandbox 
Signed-off-by: Crazykev <crazykev@zju.edu.cn>
 2017-06-09 19:36:30 +08:00
heartlock
dda03f733a support privileged 
Signed-off-by: heartlock <21521209@zju.edu.cn>
 2017-06-09 15:42:04 +08:00
Lantao Liu
f770d4fea3 Use containerd version returned by version service. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-07 22:04:09 +00:00
Lantao Liu
4eac00fe23 Add unit test. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-06 06:43:38 +00:00
Lantao Liu
88f4c252d6 Add sandbox /etc/hosts when using host network 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-06 06:43:38 +00:00
Lantao Liu
69fcf97583 Add unit test 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-02 16:36:02 +00:00
Lantao Liu
e657e1eb14 Add container logging support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-02 16:36:02 +00:00
Lantao Liu
95e0fc694f Cleanup some code. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-02 02:15:58 +00:00
Lantao Liu
a4e067cdff Merge pull request #53 from Random-Liu/add-other-small-functions 
Add other small functions
 2017-05-31 14:54:42 -07:00
Lantao Liu
0179d0fbaf Retry and backoff when lost connection with containerd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-05-31 21:33:52 +00:00
Lantao Liu
2df96e1654 Add unit test. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-05-31 19:11:56 +00:00
Lantao Liu
7c1a4c1fc1 Add Version, UpdateRuntimeConfig and Status. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-05-31 19:11:56 +00:00
Lantao Liu
dee95bc315 Add unit test. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-05-31 01:18:22 +00:00
Lantao Liu
80c973a550 Ensure container rootfs and apply image config 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-05-31 01:18:22 +00:00
Lantao Liu
6eb1ddb1f8 Add unit test. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-05-31 00:39:38 +00:00
Lantao Liu
eb20601c08 Pull sandbox image and apply image config 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-05-31 00:39:38 +00:00
Lantao Liu
60e28a9460 Minor cleanup. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-05-27 00:31:30 +00:00
Random-Liu
c3ac5f7533 Add image pull waiting. 
Signed-off-by: Random-Liu <lantaol@google.com>
 2017-05-27 00:12:00 +00:00
Random-Liu
bc7dfa2650 Update containerd version to 193abed96e. 
Signed-off-by: Random-Liu <lantaol@google.com>
 2017-05-27 00:07:48 +00:00
Random-Liu
8c1f26747a Add unit test. 
Signed-off-by: Random-Liu <lantaol@google.com>
 2017-05-26 23:52:31 +00:00
Random-Liu
b112418e7b Finish image management. 
Signed-off-by: Random-Liu <lantaol@google.com>
 2017-05-26 23:52:31 +00:00
Crazykev
49e7ef2153 update kubernetes vendor for new CRI change 
Signed-off-by: Crazykev <crazykev@zju.edu.cn>
 2017-05-24 10:25:55 +08:00
Lantao Liu
6ce1dc0167 Merge pull request #44 from Random-Liu/stop-on-cancellation 
Stop waiting on cancellation.
 2017-05-23 15:08:57 -07:00
Xianglin Gao
4a4414987f Add unit test 
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
 2017-05-23 18:30:20 +08:00
Xianglin Gao
6d2b9fabca And setup and teardown 
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
 2017-05-23 15:17:40 +08:00
Lantao Liu
84390cc6a7 Stop waiting on cancellation. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-05-23 05:47:48 +00:00
Xianglin Gao
c541515674 Add flags and initialize network plugin 
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
 2017-05-23 12:48:36 +08:00
Lantao Liu
10e3afbb23 Merge pull request #22 from Random-Liu/add-container-implementation 
Add container implementation
 2017-05-22 13:21:05 -07:00
Lantao Liu
322b6ef333 Add unit test. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-05-22 19:14:09 +00:00
Random-Liu
6ac71e5862 Add initial container implementation. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-05-22 19:14:09 +00:00
Lantao Liu
dea7ed3fcc Merge pull request #39 from mozhuli/enhance-fake-services 
Enhance fake services
 2017-05-17 09:03:48 -07:00
Lantao Liu
a397b69b09 Merge pull request #37 from mozhuli/add-fake-iamges-service 
Add fake images service
 2017-05-17 09:02:54 -07:00
mozhuli
938cbe3e74 Enhance fake services 
Signed-off-by: mozhuli <21621232@zju.edu.cn>
 2017-05-17 11:25:46 +08:00
mozhulee
e6b4c3e18c Add fake images service 
Signed-off-by: mozhuli <21621232@zju.edu.cn>
 2017-05-17 11:11:23 +08:00
Lantao Liu
b4f9911f0e Merge pull request #30 from mozhuli/master 
Add fake rootfs service
 2017-05-16 19:18:14 -07:00
mozhuli
0e56cab7c0 add fake rootfs service 
Signed-off-by: mozhuli <21621232@zju.edu.cn>
 2017-05-17 10:10:20 +08:00
Random-Liu
11fff60aff Add container metadata store. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-05-16 20:47:25 +00:00
Lantao Liu
2d2fcedf24 Return not exist error in metadata store 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-05-16 19:57:41 +00:00
Random-Liu
ca2167f17e Use docker/distribution library to resolve image reference. 
Signed-off-by: Random-Liu <lantaol@google.com>
 2017-05-12 13:57:05 -07:00
Random-Liu
e4e9f30c5d Add unit test. 
Signed-off-by: Random-Liu <lantaol@google.com>
 2017-05-12 13:14:25 -07:00
Random-Liu
bf28c7fc75 Add initial sandbox management implementation 
Signed-off-by: Random-Liu <lantaol@google.com>
 2017-05-12 13:14:11 -07:00
Lantao Liu
cdfdc8d33b Merge pull request #21 from mikebrow/image-management 
Initial implementation for image management
 2017-05-11 17:44:42 -07:00
Mike Brown
e5199c0cda initial implementation for image management 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-05-11 19:32:44 -05:00
Random-Liu
9baadc1b4b Enhance fake execution client. 
Signed-off-by: Random-Liu <lantaol@google.com>
 2017-05-10 10:03:18 -07:00
Lantao Liu
4c86ac9d21 Merge pull request #23 from heartlock/fake-execution-service 
Add fake execution service
 2017-05-03 22:56:58 -07:00
heartlock
c6138870e0 Add fake execution service 
Signed-off-by: heartlock <21521209@zju.edu.cn>
 2017-05-04 05:00:06 +00:00
Random-Liu
f61c974faf Add OS interface and fake implementation. 
Signed-off-by: Random-Liu <lantaol@google.com>
 2017-05-03 16:55:28 -07:00
Random-Liu
86997f00b2 Add unit test for metadata store 
Signed-off-by: Random-Liu <lantaol@google.com>
 2017-05-03 14:09:14 -07:00
Random-Liu
0e7fa9de9b Add a sandbox metadata store based on the metadata store 
Signed-off-by: Random-Liu <lantaol@google.com>
 2017-05-03 14:09:14 -07:00
Random-Liu
36246167d9 Add metadata store 
Signed-off-by: Random-Liu <lantaol@google.com>
 2017-05-03 14:09:14 -07:00
Christopher M. Luciano
683fd7f0e5
Add containerdVersion flag 
Add version flag that only prints the static version for the binary.

This commit does not include build details for containers since
Makefile does not build them.

Closes #8

Signed-off-by: Christopher M. Luciano <cmluciano@us.ibm.com>
 2017-04-24 14:46:16 -04:00
Mike Brown
11ba1cb54d initial makefile (#7) 
* adds initial makefile

Signed-off-by: Mike Brown <brownwm@us.ibm.com>

* clean up lint

Signed-off-by: Mike Brown <brownwm@us.ibm.com>

* presume path is set to contain gomealinter

Signed-off-by: Mike Brown <brownwm@us.ibm.com>

* addresses requested improvements

Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-04-18 21:17:14 -05:00
Random-Liu
f2925f58ac Add initial code framework 2017-04-14 19:04:26 -07:00