containerd

Author	SHA1	Message	Date
Lantao Liu	c1ece0c801	Address comment. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-09-19 14:05:28 -07:00
Lantao Liu	b431316edd	Merge pull request #1280 from estesp/add-default-path-env Add back default UNIX env to container config	2019-09-19 11:41:03 -07:00
Phil Estes	161abf8f5b	Fix golangci-lint findings Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>	2019-09-19 09:38:40 -04:00
Phil Estes	229eb19bd6	Add back default UNIX env to container config Due to changes to the defaults in containerd, the CRI path to creating a container OCI config needs to add back in the default UNIX $PATH (and any other defaults) as that is the expected behavior from other runtimes. Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>	2019-09-19 09:00:25 -04:00
Antonio Ojea	fcd6bf318b	Report Additional POD IPs Signed-off-by: Lantao Liu <lantaol@google.com>	2019-09-18 17:21:37 -07:00
Lantao Liu	dc964de85f	Add windows implmenetation Signed-off-by: Lantao Liu <lantaol@google.com>	2019-09-18 10:46:29 -07:00
Lantao Liu	bbcf564745	Add windows image platform comparer Signed-off-by: Lantao Liu <lantaol@google.com>	2019-09-18 10:46:28 -07:00
Lantao Liu	c6cb25c158	Open/create log file with FILE_SHARE_DELETE on windows Signed-off-by: Lantao Liu <lantaol@google.com>	2019-09-18 10:46:28 -07:00
Michael Crosby	5a656cacb4	Move manpage gen to separate binary This moves the man page generation to a separate binary Signed-off-by: Michael Crosby <crosbymichael@gmail.com>	2019-09-12 14:19:00 -04:00
Michael Crosby	f3a5b8c0a9	Add command to generate man pages The climan package has a command that can be registered with any urfav cli app to generate man pages. Signed-off-by: Michael Crosby <crosbymichael@gmail.com>	2019-09-11 15:31:02 -04:00
Mike Brown	738179542a	add a test case for container_annotations Signed-off-by: Mike Brown <brownwm@us.ibm.com>	2019-09-10 11:28:59 +03:00
Ed Bartosh	05a9028969	Use container annotations when creating containers Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>	2019-09-10 11:28:59 +03:00
Ed Bartosh	e28689657a	Add ContatinerAnnotations to the Runtime and config Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>	2019-09-10 11:28:51 +03:00
Lantao Liu	115b7664d9	Clarify some exec behavior. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-09-03 16:52:23 -07:00
Lantao Liu	50c73e6dc5	Move unix specific logic into _unix.go Signed-off-by: Lantao Liu <lantaol@google.com>	2019-09-03 16:23:42 -07:00
Lantao Liu	c6203ec13b	Fix panic for task in unknown state. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-09-03 14:56:15 -07:00
Lantao Liu	2d03ccf5dd	FDQN is a typo, and we don't support trailing dot in FQDN. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-08-30 13:31:04 -07:00
Nishchay	f41675d234	fix: support empty auth config for anonymous registry - empty username means caller wants to use no credentials, typically for anonymous registry - Fixes https://github.com/containerd/cri/issues/1249 Signed-off-by: Nishchay Kumar <mrawesomenix@gmail.com>	2019-08-28 10:24:31 -07:00
Lantao Liu	28aef2fe38	Support CNI DNS capabilities. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-08-22 14:29:04 -07:00
Lantao Liu	10acd8e769	Fix apparmor for privileged. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-08-19 16:28:45 -07:00
Michael Crosby	3995efc7c1	Update cni and go-cni to the v0.7.1 release Closes #1236 Signed-off-by: Michael Crosby <crosbymichael@gmail.com>	2019-08-14 16:19:37 +00:00
Lantao Liu	81ca274c6f	Add wildcard mirror support. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-08-13 12:02:57 -07:00
Michael Crosby	2e8ea9fd6b	Allow timeouts to be configured in config This adds a singleton `timeout` package that will allow services and user to configure timeouts in the daemon. When a service wants to use a timeout, it should declare a const and register it's default value inside an `init()` function for that package. When the default config is generated, we can use the `timeout` package to provide the available timeout keys so that a user knows that they can configure. These show up in the config as follows: ```toml [timeouts] "io.containerd.timeout.shim.cleanup" = 5 "io.containerd.timeout.shim.load" = 5 "io.containerd.timeout.shim.shutdown" = 3 "io.containerd.timeout.task.state" = 2 ``` Timeouts in the config are specified in seconds. Timeouts are very hard to get right and giving this power to the user to configure things is a huge improvement. Machines can be faster and slower and depending on the CPU or load of the machine, a timeout may need to be adjusted. Signed-off-by: Michael Crosby <crosbymichael@gmail.com>	2019-08-13 17:36:32 +00:00
Lantao Liu	8021850e91	Merge pull request #1233 from AkihiroSuda/allow-ca-without-client-certs allow non-mutual TLS	2019-08-11 17:07:57 -07:00
Lantao Liu	fd6c732cd7	Merge pull request #1232 from Random-Liu/avoid-schema1-roundtrip Remove extra roundtrip for checking schema1.	2019-08-10 10:25:46 -07:00
Akihiro Suda	28e492fce0	allow non-mutual TLS Previously, client keypair had needed to be specified even when unused. Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>	2019-08-10 21:48:03 +09:00
Lantao Liu	d64fa3b6b8	Remove extra roundtrip for checking schema1. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-08-09 18:47:40 -07:00
Lantao Liu	005f9f7378	Consider endpoint path when checking default host. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-08-09 18:22:08 -07:00
Lantao Liu	2fd69f0b78	Move config validation into pkg/config and add unit test. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-08-09 14:39:30 -07:00
Lantao Liu	53e94c6753	Use containerd registry mirror library. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-08-09 14:39:30 -07:00
Michael Crosby	d085d9b464	Remove encryption code from containerd core We are separating out the encryption code and have designed a few new interfaces and APIs for processing content streams. This keep the core clean of encryption code but enables not only encryption but support of multiple content types ( custom media types ). Signed-off-by: Michael Crosby <crosbymichael@gmail.com>	2019-08-09 15:01:16 +00:00
Alex Price	3353ab76d9	Add flag to overload default privileged host device behaviour This commit adds a flag to the runtime config that allows overloading of the default privileged behaviour. When the flag is enabled on a runtime, host devices won't be appended to the runtime spec if the container is run as privileged. By default the flag is false to maintain the current behaviour of privileged. Fixes #1213 Signed-off-by: Alex Price <aprice@atlassian.com>	2019-08-08 12:16:42 +10:00
Lantao Liu	95bd02d28f	Merge pull request #1200 from jterry75/image_user Assign ImageSpec User if SecurityContext is not set	2019-08-07 13:50:08 -07:00
Lantao Liu	8ea0cc90aa	Merge pull request #1221 from jterry75/log_g Switch to containerd/log package	2019-08-07 13:49:33 -07:00
Justin Terry (VM)	bc2cff625b	Assign ImageSpec User if SecurityContext is not set By default the SecurityContext for Container activation can contain a Username UID, GID. The order of precedences is username, UID, GID. If none of these options are specified as a last resort attempt to set the ImageSpec username. Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>	2019-08-07 12:20:52 -07:00
Justin Terry (VM)	193918b702	Switch to containerd/log package Moves to the containerd/log package over logrus directly. This benefits the traces because if using any log context such as OpenCensus on the entry gRPC API all traces for that gRPC method will now contain the appropriate TraceID, SpanID for easy correlation. Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>	2019-08-07 12:18:18 -07:00
Lantao Liu	eae5fc360f	Infer systemd cgroup based on path suffix. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-08-06 11:00:51 -07:00
Lantao Liu	871a8b89c8	Do not deprecate no_pivot yet. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-08-05 15:12:50 -07:00
Lantao Liu	986d04aec1	Add test for disable_proc_mount. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-08-02 11:22:34 -07:00
Phil Estes	f0821348b4	Merge pull request #3475 from stefanberger/gpg2-passphrase-via-file ECI: gpg: Pass the passphrase to the gpg2 tool using a pipe	2019-08-02 13:59:17 -04:00
Lantao Liu	b74653b821	Print warning message for deprecated options. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-08-02 01:10:11 -07:00
Lantao Liu	f636fb0519	Merge pull request #1215 from Random-Liu/update-kubernetes Update kubernetes	2019-08-01 10:28:25 -07:00
Lantao Liu	ba8788c6b9	Update kubernetes dependency to 1.15.0. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-07-31 23:52:03 -07:00
Lantao Liu	467f9e0e8a	Fix proc mount support. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-07-31 17:11:15 -07:00
Stefan Berger	5cf79913e4	gpg: Use a Pipe() rather than a file Use a Pipe() rather than a file to pass the passphrase to the command line tool. Pass the file descriptor to read the passphrase from as fd '3'. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2019-07-31 16:07:25 -04:00
Stefan Berger	6a25128791	gpg: Pass the passphrase to the gpg2 tool using a file Rather than passing the passphrase via command line write it into a temp. file and pass the name of the file using passphrase-file option. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2019-07-31 16:07:25 -04:00
Kevin Parsons	b16e7c5de1	Update pkg/ttrpcutil with improved pipe dial logic Signed-off-by: Kevin Parsons <kevpar@microsoft.com>	2019-07-30 18:46:36 -07:00
Mike Brown	b23e2cf9d1	Merge pull request #1212 from mrIncompetent/return-annotations-bandwith-error Return actual error when fetching the bandwidth info from annotation fails	2019-07-29 13:39:51 -05:00
Henrik Schmidt	9aec38164d	Return actual error when fetching the bandwidth info from annotation fails Signed-off-by: mrIncompetent <henrik@henrik-schmidt.de>	2019-07-28 09:47:31 +02:00
Lantao Liu	c78caf902d	Add max concurrent downloads support. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-07-26 18:15:17 -07:00
Lantao Liu	d3cacff8e1	Move context cancel into defer. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-07-25 15:00:43 -07:00
Lantao Liu	74d2b6947c	Merge pull request #1152 from jterry75/deadline_exceeded Return gRPC codes.DeadlineExceeded for all timeout operations	2019-07-25 14:58:29 -07:00
Mike Brown	d2986eb5aa	Merge pull request #1187 from alculquicondor/feature/tcp Add option to register on TCP server	2019-07-25 16:36:05 -05:00
Aldo Culquicondor	4b43303203	Add option to register on TCP server Signed-off-by: Aldo Culquicondor <acondor@google.com>	2019-07-25 09:42:49 -04:00
Brandon Lum	3d1fa69694	Implemented constructors for both encryption and decryption Signed-off-by: Brandon Lum <lumjjb@gmail.com>	2019-07-24 22:19:39 -04:00
Brandon Lum	05a2b63e84	Create CryptoConfig constructors in place of dcparameters Signed-off-by: Brandon Lum <lumjjb@gmail.com>	2019-07-24 21:51:47 -04:00
Lantao Liu	fe0cb22026	Do not cache image handler. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-07-24 15:38:18 -07:00
Stefan Berger	364de4c35d	Wrap creation of CryptoConfig in constructors Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>	2019-07-23 19:53:23 -04:00
Derek McGowan	dde436e65b	Crypto library movement and changes to content helper interfaces Signed-off-by: Derek McGowan <derek@mcgstyle.net>	2019-07-17 15:21:29 -04:00
Justin Terry (VM)	7b0c78bacd	ExecSync should block unless client context is canceled A call to ExecSync should only return if the client context was canceled or exceeded. The Timeout parameter to ExecSyncRequest is now used to send SIGKILL if the exec'd process does not exit within Timeout but all paths wait for the exec to exit. Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>	2019-07-16 09:47:55 -07:00
Justin Terry (VM)	71cecedc44	StopContainer should block unless client context is canceled A call to StopContainer should only return if the client context is canceled or its deadline was exceeded. The Timeout parameter on StopContainerRequest is now used as the time AFTER sending the stop signal before the SIGKILL is delivered. The call will remain until the container has exited or the client context has finished. Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>	2019-07-16 09:44:23 -07:00
Justin Terry (VM)	d7c3ecd0fb	RunPodSandbox should block unless client context is canceled A call to RunPodSandbox should only return timeout if the operation has timed out because the clients context deadline was exceeded. On client cancelation it should return gRPC Canceled otherwise it should block until the sandbox has exited. Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>	2019-07-16 09:35:56 -07:00
Maksym Pavlenko	ef7f46eb7b	Fix linter errors Signed-off-by: Maksym Pavlenko <makpav@amazon.com>	2019-07-14 20:49:40 -07:00
Michael Crosby	6601b406b7	Refactor runtime code for code sharing Signed-off-by: Michael Crosby <crosbymichael@gmail.com>	2019-07-08 11:47:53 -04:00
Justin Terry (VM)	cfeb2fed81	Return gRPC errors from instrumetedService Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>	2019-06-19 10:11:18 -07:00
Lantao Liu	bb020275cb	Merge pull request #1170 from Random-Liu/remove-ctr-cri-load Remove ctr cri load	2019-06-12 14:41:49 -07:00
Lantao Liu	4a417fb083	Merge pull request #1171 from Random-Liu/add-http-proxy-support Fix http proxy ENV when TLS is enabled.	2019-06-12 14:40:58 -07:00
Lantao Liu	322cd48965	Remove load image support Signed-off-by: Lantao Liu <lantaol@google.com>	2019-06-12 11:14:11 -07:00
Lantao Liu	55e5ce0e95	Fix http client when TLS is enabled. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-06-12 11:09:53 -07:00
Lantao Liu	78b4a39f5b	Merge pull request #1163 from Random-Liu/config-v2 Use the new v2 config	2019-06-12 10:29:11 -07:00
Lantao Liu	b3f733f0ad	Merge pull request #1166 from mikebrow/doc-cni-maxnum doc update for cni max num	2019-06-11 10:55:28 -07:00
Mike Brown	3ba04c01cc	doc update for cni max num Signed-off-by: Mike Brown <brownwm@us.ibm.com>	2019-06-11 08:35:22 -05:00
Lantao Liu	150232325e	Use v2 config. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-06-10 20:51:18 -07:00
Lantao Liu	66d1870d25	Add cri managed image label when pulling the image. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-06-10 15:13:38 -07:00
Lantao Liu	53c71e2b10	Merge pull request #1155 from kuramal/cni_plugin_conf_file_max_num add cni plugin config file max num config	2019-06-10 10:14:35 -07:00
Mike Brown	bc3b49efdf	Merge pull request #1160 from Random-Liu/remove-unused-todo Remove an unused TODO.	2019-06-10 16:21:42 +02:00
kuramal	b022de5f37	add cni plugin config file max num config, set go-cni to commit 22460c0 Signed-off-by: kuramal <linxxnil@126.com>	2019-06-10 12:14:35 +08:00
Lantao Liu	770621fe7a	Merge pull request #1158 from mikebrow/cni-debug-update adds cni config data to the cri status/info	2019-06-07 16:46:04 -07:00
Lantao Liu	09f83a337f	Remove an unused TODO. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-06-07 15:42:04 -07:00
Vlad Ungureanu	60a58af376	Add TLS auth registry support Signed-off-by: Vlad Ungureanu <ungureanuvladvictor@gmail.com>	2019-06-06 14:55:53 -07:00
Mike Brown	b87c0d74a5	adds cni config data to the cri status/info Signed-off-by: Mike Brown <brownwm@us.ibm.com>	2019-06-05 16:39:45 -05:00
Justin Terry (VM)	b8ea1fa177	Minor typo in toCNIBandWidth Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>	2019-05-30 11:51:10 -07:00
Lantao Liu	35e9f39991	Merge pull request #1151 from johscheuer/add-bandwidth-capability Initial support for traffic shaping	2019-05-30 10:28:06 -07:00
Johannes M. Scheuermann	5e2e7c6f7d	Correct Egress limits and remove unnecessary check Signed-off-by: Johannes M. Scheuermann <joh.scheuer@gmail.com>	2019-05-30 11:44:05 +02:00
Johannes M. Scheuermann	4f0948eed5	Remove capitalized letter in error message Signed-off-by: Johannes M. Scheuermann <joh.scheuer@gmail.com>	2019-05-29 08:20:21 +02:00
Lantao Liu	d257c16dbc	Make sure exec process is killed when context is canceled. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-05-28 12:25:03 -07:00
Justin Terry (VM)	f544955e4a	Update parseDNSOptions maxDNSSearches in error message Minor correctness. We should use the value of the const in the error message instead of hard coding it in the string so if maxDNSSearches ever changes so does the error. Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>	2019-05-24 14:42:56 -07:00
Johannes M. Scheuermann	0d439c3474	Implement bandwidth capabilties Signed-off-by: Johannes M. Scheuermann <joh.scheuer@gmail.com>	2019-05-24 10:29:52 +02:00
Johannes M. Scheuermann	42eb3c49af	Initial support for traffic shaping Signed-off-by: Johannes M. Scheuermann <joh.scheuer@gmail.com>	2019-05-24 09:01:02 +02:00
Derek McGowan	25daa7355c	Merge pull request #3192 from thaJeztah/bump_grpc_1.19.1 bump google.golang.org/grpc v1.20.1	2019-05-22 11:58:52 -07:00
Maksym Pavlenko	7f79fbb245	Move ttrpc client to pkg/ttrpcutil Signed-off-by: Maksym Pavlenko <makpav@amazon.com>	2019-05-20 16:44:49 -07:00
Lantao Liu	6e14e01307	Merge pull request #1148 from congliu01/log Override container log path to empty if either of sandbox log directory or container log path is empty.	2019-05-14 15:50:20 -07:00
Cong Liu	fda2902f30	Validate log paths in sandbox and container config. Only compose full container log path if neither of the paths is empty. Otherwise container won't start properly. Signed-off-by: Cong Liu <conliu@google.com>	2019-05-14 13:46:52 -04:00
Lantao Liu	ebce49f0ea	Merge pull request #1145 from jterry75/fix_typo Fix typo in WithoutRunMount	2019-05-12 23:55:06 -07:00
Justin Terry (VM)	8ba5c02f8f	Fix typo in WithoutRunMount Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>	2019-05-10 13:30:22 -07:00
Lantao Liu	179ca59478	Merge pull request #1147 from jterry75/unix_to_syscall_signal Move from unix to syscall package for SIG* signals	2019-05-10 13:14:10 -07:00
Justin Terry (VM)	c1468cdeec	Move from unix to syscall package for SIG* signals To support cross compilation for SIG* signals perfer the syscall package over the unix package. Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>	2019-05-10 11:50:45 -07:00
Justin Terry (VM)	bc445d7595	Forward sandbox config to PullImage request Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>	2019-05-10 11:35:09 -07:00
Lantao Liu	4037806184	Log failed registry mirror attempt in debug. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-05-08 23:56:29 -07:00
Sebastiaan van Stijn	2ed8e60fa1	bump google.golang.org/grpc v1.20.1 full diff: https://github.com/grpc/grpc-go/compare/v1.12.2...v1.20.1 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2019-05-05 12:39:23 -07:00
Lantao Liu	ba4a04ae70	Add DefaultRuntimeName option. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-04-18 11:18:25 -07:00
Lantao Liu	a5c5d55c90	Merge pull request #1133 from Random-Liu/use-wait Use wait instead of `TaskExit`.	2019-04-18 11:10:21 -07:00
Lantao Liu	d1f9611cb0	Use wait instead of `TaskExit`. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-04-18 00:18:26 -07:00
Lantao Liu	e425bd019a	Update go-cni to 891c2a41e18144b2d7921f971d6c9789a68046b2. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-04-10 12:07:59 -07:00
Lantao Liu	fae4f79060	Enable runc.v2 as the default runtime in test. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-04-03 18:47:25 -07:00
Lantao Liu	b23b406fed	Merge pull request #1102 from Random-Liu/uts-namespace-and-fix-array Uts namespace and fix array	2019-04-01 09:22:37 -07:00
Sebastiaan van Stijn	7b397f0322	bump opencontainers/selinux to v1.2 Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2019-03-29 01:33:35 +01:00
Lantao Liu	4b4182cf59	Do not assume there is no duplicated elements in arrays. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-03-28 13:05:55 -07:00
Lantao Liu	9bd49c98c6	No UTS namespace for hostnetwork. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-03-27 15:07:36 -07:00
Lantao Liu	8777224600	Merge pull request #1099 from Random-Liu/do-not-kill-if-cancelled Do not SIGKILL container if container stop is cancelled.	2019-03-27 14:55:18 -07:00
Michael Crosby	5eddc1a2cc	Use container'd oci opts for spec generation This bumps the containerd and sys packages in CRI Signed-off-by: Michael Crosby <crosbymichael@gmail.com> Remove runtime-tools Signed-off-by: Michael Crosby <crosbymichael@gmail.com> Update tests for oci opts package Signed-off-by: Michael Crosby <crosbymichael@gmail.com>	2019-03-27 16:57:04 -04:00
Lantao Liu	1a0228d520	Do not SIGKILL container if container stop is cancelled. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-03-27 00:49:41 -07:00
Lantao Liu	238658719f	Cleanup pod annotation test and only support tailing wildcard. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-03-25 12:54:34 -07:00
Harshal Patil	effd82227c	Add support for passing sandbox annotations to runtime Signed-off-by: Harshal Patil <harshal.patil@in.ibm.com>	2019-03-21 14:38:14 +05:30
Mike Brown	bf4e7a885c	test filtering of container create masks when privileged Signed-off-by: Mike Brown <brownwm@us.ibm.com>	2019-03-14 08:17:56 -05:00
Lantao Liu	3691cb6550	Fix /etc/hostname backward compatibility issue for in-place upgrade. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-03-12 01:17:41 -07:00
Lantao Liu	25442a865c	Merge pull request #1080 from zhsj/rm-partial-docker Use ParseSignal and AtomicWriteFile functions from containerd	2019-03-08 10:53:05 -08:00
Lantao Liu	8a0bd84b9a	Merge pull request #1056 from Random-Liu/add-sandbox-log-dir-annotation Add an OCI annotation for sandbox log directory.	2019-03-08 01:32:38 -08:00
Shengjing Zhu	c6729fe0c4	Use ParseSignal and AtomicWriteFile functions from containerd Containerd has its own ParseSignal and AtomicWriteFile implementation. So there's no need to use these function from github.com/docker/docker. Signed-off-by: Shengjing Zhu <i@zhsj.me>	2019-03-08 00:51:04 +08:00
Lantao Liu	9eabcf525e	Add an OCI annotation for sandbox log directory. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-03-06 16:43:36 -08:00
Lantao Liu	0464298b1e	Use clean path for map and comparison. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-03-03 21:19:50 -08:00
Lantao Liu	210e80289b	Merge pull request #1055 from Random-Liu/use-right-sandbox-config Use the correct sandbox config.	2019-02-28 13:02:39 -08:00
Lantao Liu	f2f90f6b00	Merge pull request #1060 from Random-Liu/support-stream-idle-timeout Support stream idle timeout.	2019-02-28 10:28:27 -08:00
Lantao Liu	8222da7768	Support stream idle timeout. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-02-28 01:30:01 -08:00
haiyanmeng	9dea9d39f5	Add RuntimeHandler into PodSandbox and PodSandboxStatus The upstream CRI change: https://github.com/kubernetes/kubernetes/pull/73833 Signed-off-by: Haiyan Meng <haiyanmeng@google.com>	2019-02-27 16:49:35 -08:00
Lantao Liu	87dba924de	Use the correct sandbox config. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-02-22 15:37:07 -08:00
Lantao Liu	b2cd840042	Merge pull request #1045 from Random-Liu/fix-env-performance-issue Fix env performance issue	2019-02-12 11:03:33 -08:00
Lantao Liu	877c1cadc1	Include default envs from containerd. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-02-12 10:29:45 -08:00
Lantao Liu	9e2ce3494d	Merge pull request #1042 from Random-Liu/etc-hostname Set /etc/hostname.	2019-02-12 10:15:11 -08:00
Lantao Liu	ec6dd37691	Add env cache. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-02-12 03:02:20 -08:00
Lantao Liu	89717d0b63	Don't log config at info level. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-02-12 02:07:53 -08:00
Lantao Liu	089d4fbfb8	Set /etc/hostname. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-02-12 00:18:00 -08:00
Sebastiaan van Stijn	51affb8839	Replace util.NormalizeImageRef with reference.ParseDockerRef Using the utility caused other project to have containerd/cri as a dependency, only for this utility. The new `reference.ParseDockerRef` function does the same (it's a copy of this function). Tests were kept for now, but could be removed in future. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2019-02-07 13:22:58 +01:00
Lantao Liu	83af4dad87	Support unknown state for sandbox and container Signed-off-by: Lantao Liu <lantaol@google.com>	2019-02-05 11:56:24 -08:00
Lantao Liu	4dc6f6d0b5	Add state machine for sandbox and container Signed-off-by: Lantao Liu <lantaol@google.com>	2019-02-05 11:56:24 -08:00
Lantao Liu	bfd25c80b4	Change StateUnknown to StateInit Signed-off-by: Lantao Liu <lantaol@google.com>	2019-02-04 11:24:49 -08:00
Iskander (Alex) Sharipov	dfebb404cb	remove excessive []byte(s) conversion `copy` permits using to mix `[]byte` and `string` arguments without explicit conversion. I removed explicit conversion to make the code simpler. Signed-off-by: Iskander Sharipov <quasilyte@gmail.com>	2019-01-28 19:50:28 +03:00
Lantao Liu	4dd6735020	Merge pull request #1029 from Random-Liu/add-runtime-config-api Add a generic runtime options api.	2019-01-24 17:36:20 -08:00
Lantao Liu	bf00de33a5	Merge pull request #1025 from JoeWrightss/patch-4 Fix some typos in comment	2019-01-24 11:17:33 -08:00
Lantao Liu	d9914c8dbd	Always fallback to the new runtime options. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-01-24 00:59:02 -08:00
Lantao Liu	42aba00a31	Add runtime config api. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-01-24 00:59:02 -08:00
Lantao Liu	556b219450	Fix lint error. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-01-23 18:14:34 -08:00
Lantao Liu	50ac40097e	Fix the log ending newline handling. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-01-23 17:23:13 -08:00
Wei Fu	132ee9b826	fix: linter issue megacheck, gosimple and unused has been deprecated and subsumed by staticcheck. And staticcheck also has been upgraded. we need to update code for the linter issue. close: #2945 Signed-off-by: Wei Fu <fuweid89@gmail.com>	2019-01-23 22:54:51 +08:00
zhoulin xie	ae1b7ac4fd	Fix some typos in comment Signed-off-by: zhoulin xie <zhoulin.xie@daocloud.io>	2019-01-17 15:50:46 +08:00
Lantao Liu	b1ad4ee9b6	Add unit test for DisableCgroup, RestrictOOMScoreAdj. Signed-off-by: Lantao Liu <lantaol@google.com>	2019-01-03 10:47:34 -08:00
Lantao Liu	0fa8668aa4	Merge pull request #970 from AkihiroSuda/rootless support DisableCgroup, DisableApparmor, RestrictOOMScoreAdj	2019-01-03 10:14:22 -08:00
Lantao Liu	1fbd06479e	Merge pull request #1010 from teawater/fix_crash Fix the issue that pod or container config file without metadata will…	2019-01-03 10:10:26 -08:00
Hui Zhu	3bfef01589	Fix the issue that pod or container config file without metadata will crash containerd Because RunPodSandbox and CreateContainer will access metadata without check, pod or container config file without metadata will crash containerd. This patch add checks to handle the issue. Fixes: #1009 Signed-off-by: Hui Zhu <teawater@hyper.sh>	2019-01-03 11:02:10 +08:00
Akihiro Suda	cd8231ab2a	support DisableCgroup, DisableApparmor, RestrictOOMScoreAdj Add following config for supporting "rootless" mode * DisableCgroup: disable cgroup * DisableApparmor: disable Apparmor * RestrictOOMScoreAdj: restrict the lower bound of OOMScoreAdj Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>	2019-01-03 05:12:04 +09:00
Lantao Liu	4b4b2abb2e	Merge pull request #1000 from Random-Liu/teardown-network-after-stop Teardown sandbox network after stop.	2019-01-02 10:04:56 -08:00
JoeWrightss	55fb3b9fce	Fix return error message Signed-off-by: JoeWrightss <zhoulin.xie@daocloud.io>	2018-12-30 18:08:04 +08:00
Lantao Liu	fbab182e5e	Teardown sandbox network after stop. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-12-14 15:52:17 -08:00
Mike Brown	cd3d5c7992	Merge pull request #993 from JoeWrightss/patch-2 Fix some typo errors	2018-12-11 07:49:27 -08:00
JoeWrightss	d53bcba991	Fix some typo errors Signed-off-by: JoeWrightss <zhoulin.xie@daocloud.io>	2018-12-11 22:13:03 +08:00
Lantao Liu	ec6a1eab11	Merge pull request #991 from Random-Liu/remove-container-lifecycle-image-dependency Remove container lifecycle image dependency	2018-12-07 17:03:57 -08:00
Lantao Liu	515ef02473	Remove container lifecycle image ref dependency. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-12-07 10:40:21 -08:00
JoeWrightss	37085692e2	fix spelling error: contaner -> container Signed-off-by: JoeWrightss <zhoulin.xie@daocloud.io>	2018-12-07 22:56:09 +08:00
Lantao Liu	db0c4dea24	Merge pull request #984 from mikebrow/ignore-exits-with-no-id filter events for non k8s.io namespaces	2018-12-05 00:10:41 -08:00
Mike Brown	b59dd55966	filter namespace Signed-off-by: Mike Brown <brownwm@us.ibm.com>	2018-12-04 16:51:24 -06:00
Lantao Liu	de967051d4	Fix kill when shared pid namespace. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-12-04 01:53:09 -08:00
Mike Brown	f8e89f71a9	adds cni results to verbose pod info Signed-off-by: Mike Brown <brownwm@us.ibm.com>	2018-11-26 15:57:00 -06:00
Lantao Liu	80554f4a85	Merge pull request #973 from Random-Liu/use-event-id Use the `ID` field of `TaskExit` event.	2018-11-12 17:02:34 -08:00
Lantao Liu	7f1f4e7a14	Remove invalid TODO comment. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-11-12 14:34:36 -08:00
Lantao Liu	d4c825f905	Use the `ID` field of `TaskExit` event. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-11-12 14:30:27 -08:00
Lantao Liu	459e481808	Update code for golang 1.11 gofmt. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-11-07 16:08:58 -08:00
Mike Brown	1b3ff7462e	removes authconfit from info log Signed-off-by: Mike Brown <brownwm@us.ibm.com>	2018-10-29 21:17:15 -05:00
Lantao Liu	c1740d8291	Manage mount lifecycle and remove cached state Signed-off-by: Lantao Liu <lantaol@google.com>	2018-10-24 11:00:25 -07:00
Starnop	22a8777a9e	refactor: setup network after get Sandbox runtime Signed-off-by: Starnop <starnop@163.com>	2018-10-17 16:35:45 +08:00
Lantao Liu	84775d2c10	Add integration test. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-10-11 10:32:19 -07:00
Lantao Liu	c39f63eaf4	Teardown pod network even if the network namespace is closed Signed-off-by: Lantao Liu <lantaol@google.com>	2018-10-10 13:10:18 -07:00
Lantao Liu	70da14e4b3	Merge pull request #943 from Random-Liu/support-per-runtime-config Support runtime specific configurations.	2018-10-09 08:09:12 -07:00
Lantao Liu	1442425f92	Support runtime specific configurations. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-10-08 17:17:29 -07:00
Lantao Liu	3e4cf68a3f	Use Authorizer. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-10-08 15:16:15 -07:00
JulienBalestra	27f33cd4d6	cni result: add a debug message Signed-off-by: JulienBalestra <julien.balestra@datadoghq.com>	2018-10-03 17:19:51 +02:00
Akihiro Suda	5349fa31df	remove pkg/testutil/loopback_linux.go and use continuity/testutil/loopback Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>	2018-10-02 13:12:25 +09:00
Lantao Liu	db68300a5a	Manage unmanaged images in k8s.io namespace Signed-off-by: Lantao Liu <lantaol@google.com>	2018-09-27 11:19:11 -07:00
Lantao Liu	963a01735b	Add timeout for container/sandbox recover and event monitor. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-09-26 15:23:15 -07:00
Lantao Liu	4b45e16a4b	Show runtime handler in sandbox debug info. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-09-16 21:27:51 -07:00
Lantao Liu	ca3b806b5c	Fix addition group ids. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-09-13 16:31:32 -07:00
Lantao Liu	f540c2a74d	Skip sctp protocol hostport mapping. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-09-11 16:32:15 -07:00
Lantao Liu	fe0cd3672b	Merge pull request #865 from Random-Liu/cache-image-reference Cache image reference	2018-09-10 16:21:57 -07:00
Lantao Liu	953d67d250	Create image reference cache. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-09-10 11:30:52 -07:00
Lantao Liu	f08a90ff64	Fix hostname env. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-09-10 10:58:17 -07:00
Lantao Liu	cfdf872493	Merge pull request #891 from tallclair/runtimehandler Add RuntimeHandler support	2018-09-10 10:09:57 -07:00
Lantao Liu	eb3d3cfc5e	Revert "Add HOSTNAME to env by default for pod containers" This reverts commit `4c3e195db3`. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-09-06 15:30:53 -07:00
Lantao Liu	db8500d10c	Merge pull request #892 from Random-Liu/fix-volume-mount-order Sort volume mount.	2018-09-06 14:44:45 -07:00
Tim Allclair	e7189a25c3	Add RuntimeHandler support Signed-off-by: Tim Allclair <tallclair@google.com>	2018-09-05 17:27:35 -07:00
Lantao Liu	67c0b3e5e2	Merge pull request #894 from Random-Liu/support-masked-readonly-paths Support masked readonly paths	2018-09-05 10:32:40 -07:00
Phil Estes	4c3e195db3	Add HOSTNAME to env by default for pod containers To match expectations of users coming from Docker engine runtime, add the HOSTNAME to the environment of new containers in a pod. Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>	2018-09-05 12:04:40 -04:00
Lantao Liu	3e4cec8739	Add MaskedPaths and ReadonlyPaths support. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-09-04 23:49:16 -07:00
Lantao Liu	063f8158f8	Sort volume mount. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-09-04 22:43:37 -07:00
Lantao Liu	49877571e9	Merge pull request #886 from DataDog/JulienBalestra/tls-stream stream: can use user certificates	2018-09-03 23:35:18 -07:00
JulienBalestra	dffd0dfa0e	streaming: tls conf validation to func with tests Signed-off-by: JulienBalestra <julien.balestra@datadoghq.com>	2018-08-30 15:10:48 +02:00
JulienBalestra	859003a940	stream: struct for x509 key pair, update the docs, error management Signed-off-by: JulienBalestra <julien.balestra@datadoghq.com>	2018-08-28 17:22:11 +02:00
JulienBalestra	b82b524260	stream: can use user certificates Signed-off-by: JulienBalestra <julien.balestra@datadoghq.com>	2018-08-27 19:26:14 +02:00
Lantao Liu	bca304ff3e	Fix an issue that container/sandbox can't be stopped. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-08-24 18:54:08 -07:00
Lantao Liu	58eb04550d	Merge pull request #873 from miaoyq/verify-selinux-level Verify selinux level format	2018-08-13 18:57:01 -07:00
Yanqiang Miao	a87bda08c0	update selinux to b6fa367 Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>	2018-08-14 08:33:43 +08:00
Yanqiang Miao	415727cd9f	verify selinux level format Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>	2018-08-14 08:33:34 +08:00
Lantao Liu	6379fd0346	Update containerd to `b9eeaa1ce8`. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-08-09 01:53:44 -07:00
Lantao Liu	e1a37e8797	Unpack image during import. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-07-26 07:48:41 +00:00
Lantao Liu	a0cfc8c1d2	Merge pull request #857 from egernst/untrusted-priv sandbox: separate host accessing workload and privileged	2018-07-24 12:11:41 -07:00
Eric Ernst	9a01272dc2	sandbox: separate host accessing workload and privileged VM isolated runtimes can support privileged workloads. In this scenario, access to the guest VM is provided instead of the host. Based on this, allow untrusted runtimes to run privileged workloads. If the workload is specifically asking for node PID/IPC/network, etc., then continue to require the trusted runtime. This commit repurposes the hostPrivilegedSandbox utility function to only check for node namespace checking. Fixes: #855 Signed-off-by: Eric Ernst <eric.ernst@intel.com>	2018-07-22 16:51:22 -07:00
Lantao Liu	b3d6f16383	Serve streaming on localhost by default to match k8s 1.11 default. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-07-21 01:10:45 +00:00
yanxuean	7065dd81f9	support no_pivot option for runc Signed-off-by: yanxuean <yan.xuean@zte.com.cn>	2018-07-20 08:46:50 +08:00
Lantao Liu	7beac6fcc1	Merge pull request #849 from dmcgowan/remove-stringid Replace stringid call with simple random reader	2018-07-12 18:32:28 -07:00
Derek McGowan	cce0a46c8a	Seed random on ctr and containerd startup Signed-off-by: Derek McGowan <derek@mcgstyle.net>	2018-07-12 17:51:55 -07:00
Derek McGowan	1984e451d5	Replace stringid with simple rand reader Signed-off-by: Derek McGowan <derek@mcgstyle.net>	2018-07-12 16:40:45 -07:00
Lantao Liu	e4ad68098e	Remove `pkg/containerd/resolver` package. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-07-09 19:08:48 -07:00
Lantao Liu	952e53bf58	Add registry auth config, and use docker resolver in containerd. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-07-09 19:08:48 -07:00
Lantao Liu	4eb4a29577	Merge pull request #825 from abhi/cni_config Change to keep in sync with latest cni config	2018-06-21 16:14:31 -07:00
Abhinandan Prativadi	263b0b99d0	Change to keep in sync with latest cni config This commit contains change to pick the latest cni config from the configured CNIConfDir. With this change any changes made to the cni config file will be picked up on the kubelet's runtime status check call. Ofcourse this would lead to undefined behavior when the cni config change is made in parallel during pod creation. However its reasonable to assume that the operator is aware of the need to drain the nodes of pods before making cni configuration change. The behavior is currently not defined in kubernetes. However I see that similar approach being adopted in the upstream kubernetes with dockershim. Keeping the behavior consistent for now. Signed-off-by: Abhinandan Prativadi <abhi@docker.com>	2018-06-21 20:43:38 +00:00
Filipe Brandenburger	01d77d44f5	Update github.com/opencontainers/runtime-tools to v0.6.0 Also add new dependencies on github.com/xeipuuv/gojson* (brought up by new runtime-tools) and adapt the containerd/cri code to replace the APIs that were removed by runtime-tools. In particular, add new helpers to handle the capabilities, since runtime-tools now split them into separate sets of functions for each capability set. Replace g.Spec() with g.Config since g.Spec() has been deprecated in the runtime-tools API. Signed-off-by: Filipe Brandenburger <filbranden@google.com>	2018-06-20 13:52:50 -07:00
Lantao Liu	b60e456bd9	Fix snapshotter nil panic. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-06-20 00:43:44 +00:00
Lantao Liu	e3d57d240f	Merge pull request #761 from Random-Liu/add-log-max-size Add log max size	2018-06-15 15:56:04 -07:00
Lantao Liu	53f1ab4145	Fix double /dev/shm mount. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-06-14 19:03:19 -07:00
Lantao Liu	405f57f8e0	Add max_container_log_size Signed-off-by: Lantao Liu <lantaol@google.com>	2018-06-14 14:24:17 -07:00
Lantao Liu	46d621e4ac	Support `Cmd` for sandbox container. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-06-12 14:38:55 -07:00
Lantao Liu	b7aac6396d	Merge pull request #811 from Random-Liu/fix-volume-ownership Fix empty volume ownership.	2018-06-11 10:42:04 -07:00
Lantao Liu	c55776377f	Fix empty volume ownership. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-06-11 08:40:35 +00:00
Lantao Liu	c9216531ce	Revert "Use pod ip instead of localhost in pod netns for portforward." This reverts commit `dd886bc281`. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-06-11 07:35:32 +00:00
Lantao Liu	d7abb5b489	Merge pull request #807 from Random-Liu/log-task-exit-event Log task exit event.	2018-06-08 20:07:04 -07:00
Lantao Liu	5a1105c614	Merge pull request #808 from Random-Liu/erase-ambient-caps Erase ambient capabilities.	2018-06-08 20:06:34 -07:00
Lantao Liu	dd886bc281	Use pod ip instead of localhost in pod netns for portforward. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-06-08 18:26:06 -07:00
Lantao Liu	b367f30097	Erase ambient capabilities. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-06-08 14:37:05 -07:00
Vincent Demeester	832b05ae67	Update tests to use gotest.tools angel Signed-off-by: Vincent Demeester <vincent@sbr.pm>	2018-06-08 21:02:01 +02:00
Lantao Liu	e4e2585431	Log task exit event. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-06-08 08:33:12 +00:00
Lantao Liu	83e6b65566	Select ipv4 first if there is one. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-06-05 18:25:03 +00:00
Lantao Liu	0faff1c22f	Fix ctr cri timeout. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-06-05 01:24:28 +00:00
Akihiro Suda	097249054d	vendor containerd (#2135 ) For containerd/containerd#2135 Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>	2018-06-02 23:10:59 +09:00
Lantao Liu	578b34f112	Merge pull request #794 from Random-Liu/panic-for-cri-start-failure Generate fatal error when cri plugin fail to start.	2018-05-31 13:21:16 -07:00
Lantao Liu	b870ee7942	Generate fatal error when cri plugin fail to start. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-05-31 10:49:11 -07:00
Lantao Liu	b68fb075d4	Merge pull request #793 from Random-Liu/port-containerd-fix-#2364 Port docker resolver fix #2364.	2018-05-31 01:03:00 -07:00
Lantao Liu	0fae42b9b8	Port docker resolver fix #2364 . Signed-off-by: Lantao Liu <lantaol@google.com>	2018-05-30 17:25:46 -07:00
Evan Hazlett	d7d2212324	vendor bump Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> containerd: linux -> runtime/linux Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> fix utils to properly format vendor repo Signed-off-by: Evan Hazlett <ejhazlett@gmail.com> test fixup Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>	2018-05-30 19:51:24 -04:00
Wei Fu	e28b77c08c	Remove useless error-check in createImageReference Signed-off-by: Wei Fu <fhfuwei@163.com>	2018-05-25 10:23:13 +08:00
Lantao Liu	60b0d08a6f	Use containerd.WithPullUnpack. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-05-23 12:39:14 -07:00
Michael Crosby	009ba4d797	Move testutils to pkg Signed-off-by: Michael Crosby <crosbymichael@gmail.com>	2018-05-22 17:08:38 -04:00
Michael Crosby	927517de36	Move dialer to pkg Signed-off-by: Michael Crosby <crosbymichael@gmail.com>	2018-05-22 13:32:25 -04:00
Michael Crosby	ae4b78d1cc	Move progress into pkg Signed-off-by: Michael Crosby <crosbymichael@gmail.com>	2018-05-22 13:32:25 -04:00
Ricardo Aravena	f79e0171ca	Minor typo Signed-off-by: Ricardo Aravena <raravena80@gmail.com>	2018-05-15 09:11:48 -07:00
Lantao Liu	5d29598a6d	Fix workingset memory calculation. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-05-11 15:17:16 -07:00
Lantao Liu	a5d1332e8f	Explicitly set `rw` for privileged container. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-05-07 15:13:14 -07:00
Lantao Liu	5f4035ae2f	Merge pull request #754 from kolyshkin/mount os.Unmount: do not consult mountinfo	2018-04-30 14:41:57 -07:00
Kir Kolyshkin	daeab40b45	os.Unmount: do not consult mountinfo, drop flags 1. Currently, Unmount() call takes a burden to parse the whole nine yards of /proc/self/mountinfo to figure out whether the given mount point is mounted or not (and returns an error in case parsing fails somehow). Instead, let's just call umount() and ignore EINVAL, which results in the same behavior, but much better performance. This also introduces a slight change: in case target does not exist, the appropriate error (ENOENT) is returned -- document that. 2. As Unmount() is always used with MNT_DETACH flag, let's drop the flags argument. This way, the only reason of EINVAL returned from umount(2) can only be "target is not mounted". 3. While at it, remove the 'containerdmount' alias from the package. Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>	2018-04-30 12:54:10 -07:00
Lantao Liu	279fa853a6	Always mount sysfs as `rw`. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-04-26 18:58:26 -07:00
Lantao Liu	daa9f6008c	Merge pull request #743 from Random-Liu/fix-sandbox-stop-race Fix sandbox stop race condition.	2018-04-18 13:28:54 -07:00
Lantao Liu	856534c846	Fix sandbox stop race condition. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-04-18 10:12:33 -07:00
Lantao Liu	5cb4744f27	Fix portforward for host network. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-04-17 08:24:44 +00:00
Lantao Liu	69b3f3aeac	Add socat back. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-04-11 01:53:24 +00:00
Lantao Liu	b09489de96	Merge pull request #727 from Random-Liu/fix-symlink-layer Support symlink layer in image import.	2018-04-10 18:32:29 -07:00
Lantao Liu	9f85c48e4c	Support symlink layer in image import. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-04-10 22:08:45 +00:00
Lantao Liu	3d0706c4e5	Merge pull request #691 from abhi/socat Getting rid of nsenter and socat	2018-04-09 15:34:44 -07:00
abhi	02b952ec17	Getting rid of socat Signed-off-by: abhi <abhi@docker.com>	2018-04-09 14:31:44 -07:00
Lantao Liu	304045491c	Merge pull request #725 from Random-Liu/fix-resolver-race Fix resolver race	2018-04-09 13:10:44 -07:00
Lantao Liu	a68530c1e8	Port containerd fix #2276 Signed-off-by: Lantao Liu <lantaol@google.com>	2018-04-09 18:36:06 +00:00
Lantao Liu	d8a3c5f254	Address comments. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-04-09 18:15:09 +00:00
Lantao Liu	b2099c2061	Add cni config template support. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-04-07 06:34:45 +00:00
abhi	aeef99a76e	Using netns to perform socat This commit removes the usage of nsenter and uses netns to perform socat operation. Signed-off-by: abhi <abhi@docker.com>	2018-04-05 13:28:00 -07:00
Mike Brown	c7793564fc	switches from not CA signed to self CA signed for streaming TLS Signed-off-by: Mike Brown <brownwm@us.ibm.com>	2018-04-02 17:50:12 -05:00
Mike Brown	2f9f721b63	adds a new flag to enable TLS support insecure for now Signed-off-by: Mike Brown <brownwm@us.ibm.com>	2018-04-02 12:27:55 -05:00
Lantao Liu	ed20174ce4	Add RunAsGroup support. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-03-30 22:26:07 +00:00
Lantao Liu	be43ad09da	Fix a log output. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-03-28 21:31:44 +00:00
Lantao Liu	277edb2d3b	Fix event monitor panic. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-03-27 01:41:35 +00:00
Lantao Liu	f0655ecfe0	Use pause image from new source. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-03-26 07:11:41 +00:00
Lantao Liu	356a41c424	Merge pull request #697 from Random-Liu/fs-layout-change adds volatile state directory to the fs plan for cntrs/pods/fifo	2018-03-23 19:24:19 -07:00
Lantao Liu	f4c9ef2647	Add symlink follow into unmount util. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-03-24 01:25:31 +00:00
Mike Brown	94df315de8	adds volatile state directory to the fs plan for cntrs/pods/fifo Signed-off-by: Mike Brown <brownwm@us.ibm.com>	2018-03-24 00:05:52 +00:00
Lantao Liu	aa83a7a0aa	Change for new containerd. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-03-23 23:03:16 +00:00
Lantao Liu	c6fecb2115	Merge pull request #688 from Random-Liu/cleanup-kata-code Address comments for privileged runtime code.	2018-03-22 23:01:31 -07:00
Lantao Liu	ca67f94ee0	Address comments for privileged runtime code. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-03-23 02:17:46 +00:00
Lantao Liu	55d512b98c	Make const private. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-03-23 00:48:50 +00:00
Lantao Liu	5ae4de1cc2	Merge pull request #681 from mikebrow/tls-config adds tls certificate to tls config	2018-03-22 17:34:04 -07:00
Mike Brown	89adb74414	adds tls certificate to tls config Signed-off-by: Mike Brown <brownwm@us.ibm.com>	2018-03-22 09:42:31 -05:00
Nitesh Konkar	6a542c596b	Bump pause container to multi-arch gcr.io/google-containers/pause:3.1 Signed-off-by: Nitesh Konkar <niteshkonkar@in.ibm.com>	2018-03-22 05:44:12 +00:00
Lantao Liu	9177cb16bc	Remove omitempty from config json. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-03-21 07:28:25 +00:00
Jose Carlos Venegas Munoz	bdc5eee544	test: Add unit tests for privileged runtime functions - Add unit test for privilegedSandbox - Add unit test for getRuntime Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>	2018-03-20 18:04:23 -06:00
Jose Carlos Venegas Munoz	ca16bd601a	runtime: Add trusted runtime option Some CRI compatible runtimes may not support provileged operations. Specifically hypervisor based runtimes (like kata-containers, cc-runtime and runv) do not support privileged operations like: - Provide access to the host namespaces - Create fully privileged containers with access to host devices Hypervisor based runtimes create container workloads within virtual machines. When a running host privileged containers using them, they wont provide support to requested the privileged opertations. This commits add the new options to define two runtimes: Trusted runtime : Used when a privileged container is requested. Default runtime : for non-privileged workloads. A container that belongs to a privileged pod will inherent this property an will be created with the trusted runtime. - Add options to define trusted runtime - Add logic to decide if a sanbox is trusted - Export annotation containers below to a trusted sandbox Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>	2018-03-20 13:56:49 -06:00
Lantao Liu	387da59ee5	Rename all variables to remove "cricontainerd". Signed-off-by: Lantao Liu <lantaol@google.com>	2018-03-19 21:59:32 +00:00
Lantao Liu	e1fe1abff0	Use `github.com/pkg/errors` Signed-off-by: Lantao Liu <lantaol@google.com>	2018-03-17 02:24:38 +00:00
abhi	2bdf428eb7	Removing DAD config and updating plugins to v0.7.0 Signed-off-by: abhi <abhi@docker.com>	2018-03-16 14:46:46 -07:00
Lantao Liu	1dcbf4f742	Merge pull request #663 from abhi/cni Moving to use go-cni library from containerd	2018-03-15 17:53:50 -07:00
Lantao Liu	5e5a5f50d1	Merge pull request #671 from Random-Liu/ctrcri-to-ctr-cri Ctrcri to ctr cri	2018-03-15 17:14:59 -07:00
abhi	003bbd4292	Modifying fake cni plugin Signed-off-by: abhi <abhi@docker.com>	2018-03-15 17:05:33 -07:00
Lantao Liu	7e67d96b9b	Replace `ctrcri` with `ctr cri`. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-03-15 23:22:00 +00:00
Lantao Liu	d389af83a9	Cleanup event backoff. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-03-15 18:49:36 +00:00
yanxuean	c751847350	Handle containerd event reliably fix #434 Signed-off-by: yanxuean <yan.xuean@zte.com.cn>	2018-03-15 17:14:02 +08:00
yanxuean	7583bce4ab	some comments Signed-off-by: yanxuean <yan.xuean@zte.com.cn>	2018-03-15 15:55:54 +08:00
abhi	92110e1d74	Moving to use go-cni library from containerd This fix aims to use the cni library form containerd. The library avoid usage of nsenter. Signed-off-by: abhi <abhi@docker.com>	2018-03-14 19:25:54 -07:00
Mike Brown	d4e7154625	move links for cri-containerd to cri Signed-off-by: Mike Brown <brownwm@us.ibm.com>	2018-03-13 17:06:26 -05:00
Lantao Liu	f0a500a390	Use direct function call. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-03-13 04:51:19 +00:00
Lantao Liu	80b2f751d3	Merge pull request #654 from stevvooe/simplify-stopch pkg/store: use a sync.Once to synchronize channel close	2018-03-09 15:29:32 -08:00
Lantao Liu	e20c6eb8a8	Merge pull request #558 from Random-Liu/report-containerd-version Report containerd version instead of cri-containerd version.	2018-03-09 15:25:32 -08:00
Stephen J Day	4ed26f3116	pkg/store: use a sync.Once to synchronize channel close Signed-off-by: Stephen J Day <stephen.day@docker.com>	2018-03-09 14:43:16 -08:00
Abhinandan Prativadi	1f28f8d2fe	Merge pull request #650 from Random-Liu/fix-resolver Handles 401 in resolver.	2018-03-07 10:59:43 -08:00
Lantao Liu	40c8372f0e	Handles 401 in resolver. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-03-07 07:35:02 +00:00
Lantao Liu	f01c6d73a6	Fix cleanup context. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-03-07 07:05:27 +00:00
Lantao Liu	d3b112a989	Merge pull request #639 from Random-Liu/remove-standalone-mode Remove standalone mode	2018-03-05 17:23:06 -08:00
Lantao Liu	ceb540d823	Fix potential panic. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-03-05 22:09:58 +00:00
Lantao Liu	d1e9960180	Remove standalone mode Signed-off-by: Lantao Liu <lantaol@google.com>	2018-03-05 21:45:20 +00:00
Lantao Liu	36b4c05354	Report containerd version instead of cri-containerd version. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-03-01 01:26:37 +00:00
Lantao Liu	f5390d01d6	Fix a potential panic Signed-off-by: Lantao Liu <lantaol@google.com>	2018-02-22 03:17:16 +00:00
Lantao Liu	6d538ccbf6	Do not block on stream server close. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-02-14 08:41:29 +00:00
Lantao Liu	a8264ec035	Support reopening container log. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-02-13 17:57:45 +00:00
Lantao Liu	6900cbdada	Use mountpoint as image fs identifier. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-02-09 07:46:49 +00:00
Mike Brown	6e1c57ec01	update runc vendor and containerd Signed-off-by: Mike Brown <brownwm@us.ibm.com>	2018-02-08 19:01:48 -06:00
Lantao Liu	46fc92f65f	Use new namespace mode and support shared pid namespace. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-02-08 03:10:57 +00:00
Lantao Liu	605b4a7b6a	Update imports Signed-off-by: Lantao Liu <lantaol@google.com>	2018-02-08 02:45:44 +00:00
Lantao Liu	047df7aca6	Merge pull request #602 from mikebrow/critools-install-minor-update update critools	2018-02-07 18:44:37 -08:00
Mike Brown	edb2b2379d	change crictl sandboxes to pods; other references to sandboxes Signed-off-by: Mike Brown <brownwm@us.ibm.com>	2018-02-07 17:23:59 -06:00
Lantao Liu	8925ef90be	Use trace support in containerd. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-02-07 19:17:26 +00:00
Lantao Liu	2b8800df2b	Merge pull request #592 from Random-Liu/fix-registry-mirror Fix registry mirror.	2018-02-02 15:37:29 -08:00
Lantao Liu	92995e29e5	Fix registry mirror. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-02-02 22:52:36 +00:00
Lantao Liu	d113c16802	Update ocicni to my fork. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-02-02 19:45:26 +00:00
Lantao Liu	7ddd9255b6	Add golang version in `Status` info. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-02-01 20:10:39 +00:00
Abhinandan Prativadi	8094fe69d4	Merge pull request #531 from abhi/registry-mirror Adding Registry Mirror support	2018-01-31 13:01:25 -08:00
abhi	f3ccd85891	Adding Registry Mirror support This commit aims to add registy mirror support similar to docker. The UI is similar to docker where user can provide mirror urls and the image resolves against the provided mirrors before fetching from default docker regitry mirror url. Signed-off-by: abhi <abhi@docker.com>	2018-01-31 10:47:34 -08:00
yason	6931a69881	add filter for containerd event Signed-off-by: yanxuean <yan.xuean@zte.com.cn>	2018-01-30 14:13:22 +08:00
Lantao Liu	4dfd8250fd	Fix a privileged check. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-01-27 02:25:52 +00:00
Yanqiang Miao	61c1fdb098	Use channel to propagate the stop info of sandbox Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>	2018-01-26 16:58:13 +08:00
Lantao Liu	f401662123	Merge pull request #571 from Random-Liu/do-not-list-task Avoid containerd access as much as possible.	2018-01-25 16:13:43 -08:00
Lantao Liu	df58d6825d	Avoid containerd access as much as possible. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-01-25 23:36:00 +00:00
Lantao Liu	e7f2a74a84	Add runtime cgroup and fix a cli panic. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-01-25 22:32:57 +00:00
Yanqiang Miao	c663d2423e	Use channel to pass the stop info instead of polling for container stop Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>	2018-01-25 11:07:54 +08:00
Lantao Liu	635e5747c0	Update containerd and leverage plugin graceful stop. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-01-23 22:46:46 +00:00
Lantao Liu	2b6f084f36	Disable IPv6 dad by default. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-01-22 23:54:16 +00:00
Lantao Liu	4e9ca399e1	Use containerd plugin config. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-01-19 02:25:03 +00:00
Lantao Liu	7d18d61674	Move cgroup and oom score setting to cmd. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-01-19 01:35:36 +00:00
Lantao Liu	74d8880032	Merge pull request #552 from Random-Liu/use-containerd-grpc-server Use containerd grpc server	2018-01-18 12:36:05 -08:00
Lantao Liu	62e6921145	Use containerd grpc server Signed-off-by: Lantao Liu <lantaol@google.com>	2018-01-18 18:51:18 +00:00
Lantao Liu	6fadb7f5e9	Minor code cleanup. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-01-18 07:31:16 +00:00
Lantao Liu	3d68005c04	Replace glog with logrus Signed-off-by: Lantao Liu <lantaol@google.com>	2018-01-17 21:57:31 +00:00
Lantao Liu	383a89b948	Add flags and utils for logrus Signed-off-by: Lantao Liu <lantaol@google.com>	2018-01-17 21:57:31 +00:00
Jose Carlos Venegas Munoz	b383b0261a	Annotations: Provide container metadata for VM based runtimes For hypervisor-based container runtimes (like Kata Containers, Clear Containers or runv) a pod will be created in a VM and then create containers within the VM. When a runtime is requested for container commands like create and start, both the instal "pause" container and next containers need to be added to the pod namespace (same VM). A runtime does not know if it needs to create/start a VM or if it needs to add a container to an already running VM pod. This patch adds a way to provide this information through container annotations. When starting a container or a sandbox, 2 annotations are added: - type (Container or Sandbox) - sandbox name This allow to a VM based runtime to decide if they need to create a pod VM or container within the VM pod. Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>	2018-01-17 09:57:20 -06:00
Lantao Liu	cdb1bf0946	Use new cio package. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-01-12 22:35:24 +00:00
Lantao Liu	8782f18d50	Add integration test for volume copy up. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-01-11 19:10:52 +00:00
Lantao Liu	54b3b4e0b0	Use graphdriver/copy instead of chrootarchive Signed-off-by: Lantao Liu <lantaol@google.com>	2018-01-11 19:10:11 +00:00
Lantao Liu	025ffe551f	Rename kubernetes-incubator/cri-containerd to containerd/cri-containerd. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-01-10 22:35:33 +00:00
Lantao Liu	5bfa5e451a	Merge pull request #528 from cpuguy83/skip_selinux_test Minor cleanup on selinux test	2018-01-09 16:30:41 -08:00
Brian Goff	2a07847d67	Use `t.Run()` instead of `t.Log()` for subtest log Signed-off-by: Brian Goff <brian.goff@docker.com>	2018-01-09 15:45:13 -05:00
Brian Goff	96484eb3e7	Use t.Skip() when selinux is not enabled Signed-off-by: Brian Goff <brian.goff@docker.com>	2018-01-09 15:43:56 -05:00
Lantao Liu	dca05358dc	Add flag to skip imagefs uuid related logic. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-01-08 18:41:13 +00:00
Lantao Liu	aee7a366f3	Merge pull request #525 from abhi/cniip Caching IP allocated by CNI plugin	2018-01-05 00:27:48 -08:00
abhi	f1dbc0b375	Caching IP allocated by CNI plugin Signed-off-by: abhi <abhi@docker.com>	2018-01-04 20:00:55 -08:00
Lantao Liu	31bc964195	Enable HostSpecific option in runtime-tools generator. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-01-03 19:04:47 +00:00
Lantao Liu	cebe1b39f7	Remove default rlimits. Signed-off-by: Lantao Liu <lantaol@google.com>	2018-01-02 18:53:01 +00:00
Lantao Liu	b701b0e496	Add our own DeepCopy. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-12-16 00:23:14 +00:00
Lantao Liu	737efe70a7	Merge pull request #493 from Random-Liu/minor-cleanup Minor cleanup.	2017-12-12 23:30:47 -08:00
Lantao Liu	e4753edf0a	Minor cleanup. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-12-13 03:15:01 +00:00
yason	6c9a837b7a	cleanup some comment for removeImage Signed-off-by: yason <yan.xuean@zte.com.cn>	2017-12-13 10:07:52 +08:00
Lantao Liu	a9c7237e67	Merge pull request #470 from mikebrow/debug-image adding info map for verbose image status	2017-12-12 15:09:57 -08:00
Mike Brown	31223fd5b1	adds oci image spec to image info placed into imagestore Signed-off-by: Mike Brown <brownwm@us.ibm.com>	2017-12-12 15:58:07 -06:00
Lantao Liu	cbda4256cd	Merge pull request #487 from yanxuean/image-improve improve image	2017-12-12 11:58:43 -08:00
Mike Brown	03ac989644	adding info map for verbose image status Signed-off-by: Mike Brown <brownwm@us.ibm.com>	2017-12-12 13:44:08 -06:00
Lantao Liu	c9b279bb79	Merge pull request #479 from Random-Liu/improve-container-sandbox-status Improve container sandbox status	2017-12-12 11:42:51 -08:00
yason	5f6d9a5fcc	reliably remove image when content missing Signed-off-by: yason <yan.xuean@zte.com.cn>	2017-12-12 18:44:59 +08:00
yason	4762b3e273	remove taskService and imageStoreService Signed-off-by: yason <yan.xuean@zte.com.cn>	2017-12-12 16:51:22 +08:00
Lantao Liu	f4c572fba7	Add restart test for sandbox recovery. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-12-11 21:21:08 +00:00
Lantao Liu	dd017e6e6c	Move less important function to the end. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-12-11 18:45:57 +00:00
Lantao Liu	b25b06577e	Improve container and sandbox status. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-12-11 18:45:56 +00:00
yason	41c8763e2b	improve calling for content Signed-off-by: yason <yan.xuean@zte.com.cn>	2017-12-11 15:28:10 +08:00
Mike Brown	220411b73b	adding info map for verbose pod status Signed-off-by: Mike Brown <brownwm@us.ibm.com>	2017-12-05 19:40:39 -06:00
Lantao Liu	11eb24c26f	Merge pull request #475 from Random-Liu/order-container-status-fields Use one big info struct before we change info to an array.	2017-12-05 14:37:36 -08:00
Lantao Liu	85b943eb47	Use one big info struct before we change info to an array. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-12-05 21:37:12 +00:00
Lantao Liu	266e49a3bf	Merge pull request #471 from yanxuean/improve-unmount Improve unmount for snapshot	2017-12-05 09:54:05 -08:00
yason	2a25cf7c1f	sync Unmount for snapshot best effort to remove temp dir for snapshot Signed-off-by: yason <yan.xuean@zte.com.cn>	2017-12-05 19:05:32 +08:00
Lantao Liu	572e354a2d	Revert debug code. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-12-05 07:40:11 +00:00
Lantao Liu	562eb725c7	Merge pull request #458 from mikebrow/boilerplate-update fixes for boilerplate	2017-12-04 10:03:41 -08:00
Mike Brown	bd6d530290	Merge pull request #463 from Random-Liu/dump-rootfs Check and dump rootfs.	2017-12-03 09:23:04 -06:00
Lantao Liu	a23bdf25d8	Check and dump rootfs. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-12-03 11:39:54 +00:00
abhi	43c05efb22	Revert: Setting containerd shim cgroup same as pod cgroup Signed-off-by: abhi <abhi@docker.com>	2017-12-01 16:03:38 -08:00
Mike Brown	009e40f280	correct some boilerplates Signed-off-by: Mike Brown <brownwm@us.ibm.com>	2017-12-01 16:56:25 -06:00
Lantao Liu	181d7d5076	Move shim cgroup opts to pkg/containerd/opts. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-12-01 19:18:26 +00:00
abhi	0d6774f4af	Setting containerd shim cgroup same as pod cgroup Signed-off-by: abhi <abhi@docker.com>	2017-12-01 08:33:50 -08:00
Lantao Liu	0db6e04ba1	Merge pull request #447 from Random-Liu/update-containerd Update containerd to fix long exec issue.	2017-11-30 12:58:24 -08:00
Lantao Liu	5ed43ea1a3	Update containerd to fix long exec issue. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-11-30 19:24:14 +00:00
Lantao Liu	dc7066d23f	Merge pull request #445 from mikebrow/debug-container adding some verbose debug	2017-11-30 11:15:34 -08:00
Mike Brown	33b93fb1d0	adding some verbose debug Signed-off-by: Mike Brown <brownwm@us.ibm.com>	2017-11-30 09:51:03 -06:00
Lantao Liu	200ba370a3	Merge pull request #438 from yanxuean/import-lease add lease for importer	2017-11-29 10:18:37 -08:00
yanxuean	089df25492	add lease for importer fix #389 Signed-off-by: yanxuean <yan.xuean@zte.com.cn>	2017-11-29 14:02:54 +08:00
Lantao Liu	5f0fba4204	Update containerd and add synchronous image deletion. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-11-28 22:44:25 +00:00
Mike Brown	4934098e27	Merge pull request #440 from dnephin/use-oci-package Use containerd.oci package	2017-11-28 16:41:26 -06:00
Daniel Nephin	85d3bf0660	Use SpecOpts from new oci package Signed-off-by: Daniel Nephin <dnephin@gmail.com>	2017-11-28 15:30:11 -05:00
Brian Goff	f6fe36d17a	Remove explicit unpack on all container creates This only performs an unpack if there is an error when creating the container snapshot (and only if it's a "not found' error) since it should already be unpacked. Signed-off-by: Brian Goff <brian.goff@docker.com>	2017-11-28 14:28:20 -05:00
Lantao Liu	4b4714eaca	Merge pull request #432 from mikebrow/vet-fixes fixing vet errors	2017-11-27 12:03:30 -08:00
Lantao Liu	80c7d18703	Merge pull request #431 from Random-Liu/update-containerd Update containerd	2017-11-27 12:03:18 -08:00
Lantao Liu	1b05f088b5	Merge pull request #375 from yanxuean/image-trunc support get image by truncindex	2017-11-27 11:36:58 -08:00
yanxuean	50cb8a0571	update containerd for refactor fix #423 Signed-off-by: yanxuean <yan.xuean@zte.com.cn>	2017-11-27 19:24:14 +00:00
Mike Brown	983994dc87	fixing vet errors Signed-off-by: Mike Brown <brownwm@us.ibm.com>	2017-11-27 13:13:21 -06:00
yanxuean	b4ebf2d7a7	improve localResolve Signed-off-by: yanxuean <yan.xuean@zte.com.cn>	2017-11-23 10:56:12 +08:00
yanxuean	cbe7f0dd5a	use docker.digestSet store image truncid Signed-off-by: yanxuean <yan.xuean@zte.com.cn>	2017-11-23 10:55:59 +08:00
Lantao Liu	6104fcba3c	Merge pull request #421 from Random-Liu/add-new-cri-log-support Add new cri log support	2017-11-21 13:09:57 -08:00
Lantao Liu	48726ecd27	Add support for CRI partial log. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-11-21 19:24:12 +00:00
Lantao Liu	76268ea242	Do not remove sandbox when netns is not closed. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-11-21 01:22:19 +00:00
Lantao Liu	3f80fe06ef	Add simple unit test. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-11-16 23:04:33 +00:00
Lantao Liu	03aca5e82b	Fix data race. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-11-14 05:35:44 +00:00
Lantao Liu	57f37ca66e	Print full container spec for debugging. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-11-13 23:36:12 +00:00
Lantao Liu	01493463db	Fix streaming deadlock. Signed-off-by: Lantao Liu <lantaol@google.com>	2017-11-13 05:51:14 +00:00
Lantao Liu	3557cffbbb	Fix container exec Signed-off-by: Lantao Liu <lantaol@google.com>	2017-11-10 21:03:29 +00:00

... 6 7 8 9 10 ...

1040 Commits