containerd

Author	SHA1	Message	Date
Maksym Pavlenko	bbac058cf3	Move CRI from pkg/ to internal/ Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>	2024-02-02 10:12:08 -08:00
Tim Hockin	6e365e9250	CRI: An empty DNSConfig != unspecified If we find that DNSConfig is provided and empty (not nil), we should not replace it with the host's resolv.conf. Also adds tests. Signed-off-by: Tim Hockin <thockin@google.com>	2024-02-01 13:37:22 -08:00
Akihiro Suda	b2f254fff0	cri: make read-only mounts recursively read-only Prior to this commit, `readOnly` volumes were not recursively read-only and could result in compromise of data; e.g., even if `/mnt` was mounted as read-only, its submounts such as `/mnt/usbstorage` were not read-only. This commit utilizes runc's "rro" bind mount option to make read-only bind mounts literally read-only. The "rro" bind mount options is implemented by calling `mount_setattr(2)` with `MOUNT_ATTR_RDONLY` and `AT_RECURSIVE`. The "rro" bind mount options requires kernel >= 5.12, with runc >= 1.1 or a compatible runtime such as crun >= 1.4. When the "rro" bind mount options is not available, containerd falls back to the legacy non-recursive read-only mounts by default. The behavior is configurable via `/etc/containerd/config.toml`: ```toml version = 2 [plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] # treat_ro_mounts_as_rro ("Enabled"\|"IfPossible"\|"Disabled") # treats read-only mounts as recursive read-only mounts. # An empty string means "IfPossible". # "Enabled" requires Linux kernel v5.12 or later. # This configuration does not apply to non-volume mounts such as "/sys/fs/cgroup". treat_ro_mounts_as_rro = "" ``` Replaces: - kubernetes/enhancements issue 3857 - kubernetes/enhancements PR 3858 Note: this change does not affect non-CRI clients such as ctr, nerdctl, and Docker/Moby. RRO mounts have been supported since nerdctl v0.14 (containerd/nerdctl PR 511) and Docker v25 (moby/moby PR 45278). Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>	2024-02-01 09:39:36 +09:00
Derek McGowan	65b3922df7	Split streaming config from runtime config Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-28 23:14:59 -08:00
Derek McGowan	58ff9d368d	Move cri plugin to plugins subpackage Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-28 20:57:19 -08:00
Derek McGowan	d29a1bc6a0	Move sandbox info to cri types packages Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-28 20:57:19 -08:00
Derek McGowan	9795677fe9	Move cri base plugin to CRI runtime service Create new plugin type for CRI runtime and image services. Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-28 20:57:18 -08:00
Akihiro Suda	c1d59e38ef	Merge pull request #9661 from dmcgowan/update-cri-container-events-multisub Add support for multiple subscribers to CRI container events	2024-01-27 15:57:30 +00:00
Derek McGowan	7cf54b437f	Remove unused pkg/errdefs package Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-25 22:18:45 -08:00
Derek McGowan	fb9b59a843	Switch to new errdefs package Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-25 22:18:45 -08:00
Derek McGowan	023ec5e52c	Merge pull request #9682 from AkihiroSuda/mv-seccomp-kernelversion mv contrib/seccomp/kernelversion pkg/kernelversion	2024-01-25 04:23:33 +00:00
Derek McGowan	11de0d80f6	Merge pull request #9683 from yanggangtony/clean-nri_api Code clean for nri_api.	2024-01-25 00:41:42 +00:00
Maksym Pavlenko	75459afafd	Merge pull request #9673 from zzzzzzzzzy9/dev2 pod: CreatedAt time will be 269 years ago if create cri network failed	2024-01-24 16:31:01 +00:00
Akihiro Suda	eb8981f352	mv contrib/seccomp/kernelversion pkg/kernelversion The package isn't really relevant to seccomp Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>	2024-01-24 19:03:53 +09:00
yanggang	ed47102411	Code clean for nri_api. Signed-off-by: yanggang <gang.yang@daocloud.io>	2024-01-24 09:29:28 +00:00
Derek McGowan	f2765617c5	Merge pull request #9662 from dmcgowan/replace-platform-package Use github.com/containerd/platforms package	2024-01-23 19:50:25 +00:00
Derek McGowan	e79ec7a095	Remove deprecated platforms package Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-23 09:14:03 -08:00
Evan Lezar	9dd29b3cf7	Update container-device-interface to v0.6.2 This includes migrating from the github.com/container-orchestrated-devices repo to tags.cncf.io. Signed-off-by: Evan Lezar <elezar@nvidia.com>	2024-01-23 11:36:34 +01:00
张钰10307750	b16d467404	pod: CreatedAt time will be 269 years ago while creating cri network failed. We should set sandbox CreatedAt first time when we create sandbox struct, and then set sandbox CreatedAt second time after container started. Before this commit, we just set sandbox CreatedAt after container started, but if network create failed, the sandbox time is the default time, which is 269 years ago, so we need to set sandbox CreatedAt at first, even if an error occurred before start container. Signed-off-by: zzzzzzzzzy9 <zhang.yu58@zte.com.cn>	2024-01-23 10:44:49 +08:00
Derek McGowan	e7eb08eb56	Add support for multiple subscribers to CRI container events Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-19 21:27:06 -08:00
Derek McGowan	d7689ae8ba	Remove CRI plugin config after migrating Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-18 06:46:50 -08:00
Derek McGowan	dbc74db6a1	Move runtime to core/runtime Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-17 09:58:04 -08:00
Derek McGowan	19e763553c	Move pkg/truncindex to internal/truncindex Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-17 09:57:46 -08:00
Derek McGowan	764c907003	Move pkg/tomlext to internal/tomlext Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-17 09:57:37 -08:00
Derek McGowan	1c4be2d883	Move pkg/testutil to internal/testutil Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-17 09:57:28 -08:00
Derek McGowan	114df368f0	Move pkg/registrar to internal/registrar Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-17 09:57:19 -08:00
Derek McGowan	4ee6419fad	Move pkg/randutil to internal/randutil Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-17 09:57:10 -08:00
Derek McGowan	696cf25650	Move pkg/kmutex to internal/kmutex Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-17 09:57:01 -08:00
Derek McGowan	5e1d9543be	Move pkg/hasher to internal/hasher Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-17 09:56:52 -08:00
Derek McGowan	23914a01b8	Move pkg/failpoint to internal/failpoint Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-17 09:56:43 -08:00
Derek McGowan	c79ecfe246	Move pkg/cleanup to internal/cleanup Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-17 09:56:34 -08:00
Derek McGowan	8f0eb26311	Move tracing to pkg/tracing Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-17 09:56:25 -08:00
Derek McGowan	6be90158cd	Move sys to pkg/sys Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-17 09:56:16 -08:00
Derek McGowan	de606680b0	Move rootfs to pkg/rootfs Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-17 09:56:07 -08:00
Derek McGowan	fdb8a527c9	Move reference to pkg/reference Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-17 09:55:58 -08:00
Derek McGowan	e59f64792b	Move oci to pkg/oci Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-17 09:55:48 -08:00
Derek McGowan	fa8cae99d1	Move namespaces to pkg/namespaces Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-17 09:55:39 -08:00
Derek McGowan	b76236bb45	Move labels to pkg/labels Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-17 09:55:30 -08:00
Derek McGowan	bb71c28353	Move identifiers to pkg/identifiers Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-17 09:55:21 -08:00
Derek McGowan	5e00f63ce7	Move gc to pkg/gc Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-17 09:55:12 -08:00
Derek McGowan	c38f2ab724	Move filters to pkg/filters Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-17 09:54:54 -08:00
Derek McGowan	44a836c9b5	Move errdefs to pkg/errdefs Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-17 09:54:45 -08:00
Derek McGowan	70ed2696fa	Move events to pkg/events Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-17 09:54:36 -08:00
Derek McGowan	b0c3d00e98	Move cio to pkg/cio Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-17 09:54:27 -08:00
Derek McGowan	8e14c39e80	Move archive to pkg/archive Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-17 09:54:18 -08:00
Derek McGowan	fcd39ccc53	Move snapshots to core/snapshots Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-17 09:54:09 -08:00
Derek McGowan	92d2a5fc02	Move services to plugins/services Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-17 09:52:57 -08:00
Derek McGowan	ce41d1c90a	Move services/server to cmd/containerd/server Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-17 09:52:48 -08:00
Derek McGowan	228ad5a5ca	Move sandbox to core/sandbox Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-17 09:52:39 -08:00
Derek McGowan	0dabf6f154	Move remotes to core/remotes Signed-off-by: Derek McGowan <derek@mcg.dev>	2024-01-17 09:52:21 -08:00

1 2 3 4 5 ...

1777 Commits