github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
9,126 Commits 3 Branches 4 Tags
b48f27df6bc01be83d5157ca50853e09d0cc5c80
Commit Graph

936 Commits

Author SHA1 Message Date
Li Yuxuan
cb0140063e Fix goroutine leak when exec/attach 
The resize chan is never closed when doing exec/attach now. What's more,
`resize` is a recieved only chan so it can not be closed. Use ctx to
exit the goroutine in `handleResizing` properly.

Signed-off-by: Li Yuxuan <liyuxuan04@baidu.com>
 2020-03-24 10:42:54 +08:00
Sebastiaan van Stijn
e093a0ee08 Use local "ensureRemoveAll" instead of docker/pkg/system 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-03-12 20:21:14 +01:00
lifubang
488d6194f2 fix dial error when clean up a dead shim 
Signed-off-by: lifubang <lifubang@acmcoder.com>
 2020-03-12 10:57:55 +08:00
Akihiro Suda
fa72e2f693 cgroup2: do not unshare cgroup namespace for privileged 
Conforms to the latest KEP:
0e409b4749/keps/sig-node/20191118-cgroups-v2.md (cgroup-namespace)

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-03-09 01:49:04 +09:00
Sebastiaan van Stijn
f2edc6f164 vendor: update gotest.tools v3.0.2 
full diff: https://github.com/gotestyourself/gotest.tools/compare/v2.3.0...v3.0.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-02-28 17:47:20 +01:00
Brandon Lum
8d5a8355d0 Updated docs and code for default nil behavior 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2020-02-27 23:42:03 +00:00
Kiril Vladimiroff
4dd75be2b9 Unify dialer implementations 
Instead of having several dialer implementations, leave only one in
`pkg/dialer` and call it from `pkg/ttrpcutil`, `runtime/v(1|2)/shim`
which had their own

Closes #3471.

Signed-off-by: Kiril Vladimiroff <kiril@vladimiroff.org>
 2020-02-26 23:29:04 +02:00
Brandon Lum
ffcef9dc32 Addressed nits 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2020-02-24 20:45:57 +00:00
Brandon Lum
8df431fc31 Defer multitenant key model to image auth discussion 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2020-02-24 20:45:57 +00:00
Brandon Lum
c43a7588f6 Refactor encrypted opts and added unit test 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2020-02-24 20:45:57 +00:00
Brandon Lum
f0579c7b4d Implmented node key model for image encryption 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2020-02-24 20:45:57 +00:00
Mike Brown
f4b3cdb892 Merge pull request #1399 from mikebrow/pause-image-update 
move to v3.2 for the pause image
 2020-02-20 10:45:16 -06:00
Mike Brown
c9ed98462d move to v3.2 for the pause image 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2020-02-14 12:55:52 -06:00
Mike Brown
cf0e0a1e2c Merge pull request #1332 from bg-chun/update_cri_for_hugepages 
update cri-plugin to parse hugepages limit
 2020-02-12 10:05:01 -06:00
Byonggon Chun
c02c24847f update cri-plugin to parse hugepages limit from CRI message 
Signed-off-by: Byonggon Chun <bg.chun@samsung.com>
 2020-02-06 15:28:24 +09:00
Justin Terry (VM)
a8cc66b37a Fix store error serialization to gRPC status codes 
The pkg/store errors are duplicated errors of NotFound and AlreadyExist from
containerd's errdefs package and thus do not properly serialize when running
errdefs.ToGRPC on them. CRI runs this function on every return from a CRI
method so the conversion fails if there is a cache miss from the store caches
for containers or sandboxes. This change verifies that the errors are properly
converted to their gRPC values.

Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
 2020-02-05 18:32:45 -08:00
Akihiro Suda
2d28b60046 vendor kubernetes 1.17.1 
Corresponds to https://github.com/kubernetes/kubernetes/blob/v1.17.1/go.mod

note: `k8snet.ChooseBindAddress()` was renamed to `k8snet.ResolveBindAddress()` in afa0b808f8

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-01-22 02:06:50 +09:00
Akihiro Suda
5e5960f2bc Merge pull request #1376 from Zyqsempai/add-cgroups-v2-metrics 
Cgroupv2: Added CPU, Memory metrics
 2020-01-21 23:21:09 +09:00
Boris Popovschi
6b8846cdf8 vendor updated + added cgroupv2 metrics 
Signed-off-by: Boris Popovschi <zyqsempai@mail.ru>
 2020-01-17 11:55:06 +02:00
Akihiro Suda
71740399e0 cgroup2: unshare cgroup namespace for containers 
In cgroup v1 container implementations, cgroupns is not used by default because
it was not available in the kernel until kernel 4.6 (May 2016), and the default
behavior will not change on cgroup v1 environments, because changing the
default will break compatibility and surprise users.

For cgroup v2, implementations are going to unshare cgroupns by default
so as to hide /sys/fs/cgroup from containers.

* Discussion: https://github.com/containers/libpod/issues/4363
* Podman PR (merged): https://github.com/containers/libpod/pull/4374
* Moby PR: https://github.com/moby/moby/pull/40174

This PR enables cgroupns for containers, but pod sandboxes are untouched
because probably there is no need to do.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-01-09 14:58:30 +09:00
Akihiro Suda
aaddaa2732 bump up the default runtime to "io.containerd.runc.v2" 
The former default runtime "io.containerd.runc.v1" won't support new features
like support for cgroup v2: containerd/containerd#3726

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2019-12-16 11:53:58 +09:00
Lantao Liu
0c2d3b718d Fix privileged devices. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-12-09 17:43:06 -08:00
Lantao Liu
78708b20c7 Merge pull request #1351 from Random-Liu/better-unknown-state-handling 
Better handle unknown state.
 2019-12-09 10:34:57 -08:00
Lantao Liu
facbaa0e79 Better handle unknown state. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-12-06 10:56:27 -08:00
bpopovschi
5d7bd738e4 Use containerD WithHostDevices 
Signed-off-by: bpopovschi <zyqsempai@mail.ru>
 2019-12-04 11:34:46 +02:00
Lantao Liu
a6b6097c90 Fix container pid. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-12-02 01:02:22 -08:00
Lantao Liu
444f02a89e Merge pull request #1344 from darfux/add-resolvconf-to-sandbox-container 
Provide resolvConf to sandbox container's mounts
 2019-12-01 21:25:19 -08:00
Li Yuxuan
dbc1fb37d0 Provide resolvConf to sandbox container's mounts 
As https://github.com/kata-containers/runtime/issues/1603 discussed,
kata relies on such mount spec to setup resolv.conf for pod VM properly.

Signed-off-by: Li Yuxuan <liyuxuan04@baidu.com>
 2019-11-28 12:05:05 +08:00
Lantao Liu
ab6701bd11 Add insecure_skip_verify option. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-11-26 13:25:52 -08:00
Lantao Liu
5c2f33bd0d Cleanup path for windows mount 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-11-15 18:52:11 +00:00
Erik Wilson
7cc3938717 Set default scheme in registryEndpoints for host 
Signed-off-by: Erik Wilson <Erik.E.Wilson@gmail.com>
 2019-10-31 10:30:17 -07:00
Lantao Liu
65b9c31805 Use http for localhost, 127.0.0.1 and ::1 by default. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-10-28 19:07:43 -07:00
Lantao Liu
d95e21c89b Add container compute stats support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-10-25 14:32:02 -07:00
Michael Crosby
f8cca26f3c Handle large output in v2 shim with TTY 
Reized the I/O buffers to align with the size of the kernel buffers with fifos
and move the close aspect of the console to key off of the stdin closing.

Fixes #3738

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2019-10-11 15:42:05 -04:00
Lantao Liu
2ce0bb0926 Update code for latest containerd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-10-09 18:05:20 -07:00
Lantao Liu
18be6e3714 Use cached state instead of runc state. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-10-03 10:53:13 -07:00
Lantao Liu
358d672160 Add hostname CRI validation and unit test. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-09-25 16:11:27 -07:00
Lantao Liu
7fba77f238 Merge pull request #1298 from Random-Liu/set-sandbox-cpu-shares 
Set default sandbox container cpu shares on windows.
 2019-09-25 11:05:43 -07:00
Lantao Liu
2eba67a7ee Merge pull request #1287 from crosbymichael/cgroups 
Use type alias from containerd for cgroup metric types
 2019-09-24 17:34:49 -07:00
Lantao Liu
f3ef10e9a2 Set default sandbox container cpu shares on windows. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-09-24 17:03:11 -07:00
Justin Terry (VM)
ed7873ef1e Forward SandboxConfig.Hostname to Workload container activation 
1. For Windows the Hostname property is not inherited from the sandbox and must
be passed for the Workload container activations as well.

Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
 2019-09-24 10:21:17 -07:00
Lantao Liu
bad68a8270 Merge pull request #1284 from liyanhui1228/win_portforward 
Add windows port forward support
 2019-09-23 22:17:08 -07:00
Angela Li
dc413bd6d6 Add windows portforward support 
Signed-off-by: Angela Li <yanhuil@google.com>
 2019-09-23 17:36:43 -07:00
Michael Crosby
0a21292225 Check for more kill error types 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2019-09-23 15:36:34 -04:00
Michael Crosby
c8c7c54a6e Use typealias for containerd metrics 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2019-09-20 16:01:48 -04:00
Lantao Liu
470776c903 Merge pull request #1274 from Random-Liu/dualstack 
Add DualStack support
 2019-09-19 21:32:26 -07:00
Lantao Liu
c1ece0c801 Address comment. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-09-19 14:05:28 -07:00
Lantao Liu
b431316edd Merge pull request #1280 from estesp/add-default-path-env 
Add back default UNIX env to container config
 2019-09-19 11:41:03 -07:00
Phil Estes
161abf8f5b Fix golangci-lint findings 
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
 2019-09-19 09:38:40 -04:00
Phil Estes
229eb19bd6 Add back default UNIX env to container config 
Due to changes to the defaults in containerd, the CRI path to creating a
container OCI config needs to add back in the default UNIX $PATH (and
any other defaults) as that is the expected behavior from other
runtimes.

Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
 2019-09-19 09:00:25 -04:00