ext4 file system was supported before. This adds support for xfs as
well. Containerd config file can have fs_type as an additional option
with possible values as "xfs" and "ext4" for now. In future other
fstype support can be added. A snapshot created from a committed
snapshot inherits the file system type of the parent. Any new snapshots
that has no parent is created with the file system type indicated in
config. If there is no config for file system type is found, then
ext4 is assumed. This allows users to use xfs as an optional file system
type.
Signed-off-by: Alakesh Haloi <alakeshh@amazon.com>
This picks a fix to properly handle images containing symlinks
inside which point to an unexisting file.
Signed-off-by: Hajime Tazaki <thehajime@gmail.com>
This fixes the TODO of this function and also expands on how the primary pod ip
is selected. This change allows the operator to prefer ipv4, ipv6, or retain the
ordering provided by the return results of the CNI plugins.
This makes it much more flexible for ops to configure containerd and how IPs are
set on the pod.
Signed-off-by: Michael Crosby <michael@thepasture.io>
Some extra steps were added for WS2022 in accordance with
the published image on Azure:
- Install Container Feature & reboot VM
- Create NAT network
Temporarily we skip critest steps for WS2022 until all test images
are updated in that project.
Signed-off-by: Adelina Tuvenie <atuvenie@cloudbasesolutions.com>
After containerd restarts, it will try to recover its sandboxes,
containers, and images. If it detects a task in the Created or
Stopped state, it will be removed. This will cause the containerd
process it hang on Windows on the t.io.Wait() call.
Calling t.io.Close() beforehand will solve this issue.
Additionally, the same issue occurs when trying to stopp a sandbox
after containerd restarts. This will solve that case as well.
Signed-off-by: Claudiu Belu <cbelu@cloudbasesolutions.com>
Windows HostProcess containers can run containerized workloads on a Windows host.
These containers operate as normal processes but have access to the host network
namespace, storage, and devices when given the appropriate user privileges.
HostProcess containers support the ability to run as one of the following Windows
service accounts: LocalSystem, LocalService, NetworkService.
Signed-off-by: Claudiu Belu <cbelu@cloudbasesolutions.com>
The CRI-plugin subscribes the image event on k8s.io namespace. By
default, the image event is created by CRI-API. However, the image can
be downloaded by containerd API on k8s.io with the customized labels.
The CRI-plugin should use patch update for `io.cri-containerd.image`
label in this case.
Fixes: #5900
Signed-off-by: Wei Fu <fuweid89@gmail.com>
Process.Kill might still return an IsNotFound error, even if it
actually killed the process. We should wait for the process to
finish in the first place. Otherwise, when querying the task's
status, we might still see it running, resulting in an error.
Signed-off-by: Claudiu Belu <cbelu@cloudbasesolutions.com>
The test sets container's Linux.SecurityContext.NamespaceOptions.Pid = NamespaceMode_CONTAINER,
which will ensure that the container keeps running even if the sandbox container dies. We do
not have that option on Windows.
Adds additional logging in the test, so it is easier to figure out which assertion failed.
Signed-off-by: Claudiu Belu <cbelu@cloudbasesolutions.com>
Since go 1.16, -buildmode=pie is supported on riscv [1],
so let's remove the platform from the exclusion list.
This reverts commit e34bf08e58.
[1] https://golang.org/doc/go1.16#riscv
Signed-off-by: Kir Kolyshkin <kolyshkin@gmail.com>
A previous commit made the Windows containerd/platforms.Default stricter
by requiring the OS Version to have a similar OS Version as the node's OS Version.
However, tar images (from docker save) do not have any OS Version information,
causing the containerd/import.Import's images.FilterPlatforms to filter out the image
entirely, which means that the images.SetChildrenLabels doesn't get to label
any children, which in turn will cause the Garbage Collector to remove content
related to the image.
This sets a default platform for the imported image if it's a Windows image which
doesn't have any OSVersion information, or if there's no platform information at
all.
Signed-off-by: Claudiu Belu <cbelu@cloudbasesolutions.com>
This commit attemts to support containerd on darwin platform. With an
external runtime shim, ctr run should work with, for instance,
--runtime=io.containerd.runu.v1. An example of runtime and shim is
managed under different repository (github.com/ukontainer/runu/).
Signed-off-by: Hajime Tazaki <thehajime@gmail.com>
Since the /run directory on macOS is read-only, darwin containerd should
use a different directory. Use the pre-defined default values instead
to avoid this issue.
Fixes: bd908acab ("Use path based unix socket for shims")
Signed-off-by: Hajime Tazaki <thehajime@gmail.com>
It seems like the cwd flag isn't used anywhere for ctr tasks exec. This change
just sets the cwd field on the spec for the execed process if a new one was
asked for, otherwise it will continue using whatever was on the containers spec.
Signed-off-by: Daniel Canter <dcanter@microsoft.com>
