github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
14,599 Commits 3 Branches 2 Tags 112 MiB
b98cdb39df
Commit Graph

14599 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Derek McGowan
b98cdb39df
Merge pull request #11456 from k8s-infra-cherrypick-robot/cherry-pick-11271-to-release/2.0 
[release/2.0] Fix privileged container sysfs can't be rw because pod is ro by default
 2025-02-28 10:51:43 -08:00
fengwei0328
c7f64196fc Fix privileged container sysfs can't be rw because pod is ro by default 
Signed-off-by: fengwei0328 <feng.wei8@zte.com.cn>
 2025-02-28 16:07:00 +00:00
Akihiro Suda
67bb32a8b2
Merge pull request #11430 from klihub/fixes/release/2.0.x/cdi-emfile-sigsegv 
[release/2.0] go.{mod,sum}: bump CDI deps to v.0.8.1.
 2025-02-27 23:52:49 +09:00
Akihiro Suda
02b70eaa9b
Merge pull request #11446 from k8s-infra-cherrypick-robot/cherry-pick-11442-to-release/2.0 
[release/2.0] Prefer runtime options for PluginInfo request
 2025-02-27 23:51:44 +09:00
Akihiro Suda
1bdee2c4b8
Merge pull request #11439 from k8s-infra-cherrypick-robot/cherry-pick-11433-to-release/2.0 
[release/2.0] pkg: prevent oom watcher from depending on shim pkg
 2025-02-27 17:46:32 +09:00
Jose Fernandez
569af34cbb Prefer runtime options for PluginInfo request 
Previously, PluginInfo was called with task options as the primary
value, resulting in opts.BinaryName being omitted. Consequently, the
containerd-shim-runc-v2 fell back to the system's runc binary in the
PATH rather than the explicitly specified one. This change inverts the
option fallback by preferring runtime options over task options,
ensuring the correct binary is used for the PluginInfo request.

Closes: https://github.com/containerd/containerd/issues/11169

Signed-off-by: Jose Fernandez <josef@netflix.com>
Reviewed-by: Erikson Tung <etung@netflix.com>
 2025-02-27 07:37:01 +00:00
Phil Estes
968d9452ed
Merge pull request #11436 from AkihiroSuda/cherrypick-11427-2.0 
[release/2.0] CI: arm64-8core-32gb -> ubuntu-24.04-arm
 2025-02-26 10:20:17 -05:00
Lei Liu
0ce93e16a9 prevent oom watcher depend on shim pkg. 
Signed-off-by: Lei Liu <liulei.pt@bytedance.com>
 2025-02-26 01:46:25 +00:00
Akihiro Suda
f3284aa68f
CI: arm64-8core-32gb -> ubuntu-24.04-arm 
GHA now provides ARM runners for free

https://github.blog/changelog/2025-01-16-linux-arm64-hosted-runners-now-available-for-free-in-public-repositories-public-preview/

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
(cherry picked from commit 4e7484d3f40a8ec07126eb16fae614aedafe630a)
> Conflicts:
>	.github/workflows/ci.yml
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2025-02-26 10:15:20 +09:00
Krisztian Litkey
92ae2951ff
Update CDI dependency to v0.8.1. 
Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
 2025-02-25 09:39:55 +02:00
Akihiro Suda
6b4c4a19f5
Merge pull request #11403 from k8s-infra-cherrypick-robot/cherry-pick-11323-to-release/2.0 
[release/2.0] Revert "Add timestamp to PodSandboxStatusResponse for kubernetes Evented PLEG"
 2025-02-25 12:41:15 +09:00
Akihiro Suda
6a3f071b8b
Merge pull request #11411 from k8s-infra-cherrypick-robot/cherry-pick-11362-to-release/2.0 
[release/2.0] move the device after the options when using mkfs.ext4
 2025-02-21 10:57:51 +09:00
zouyee
f95a426b83 move the device after the options when using mkfs.ext4 
Signed-off-by: zouyee <zouyee1989@gmail.com>
 2025-02-20 07:44:00 +00:00
Maksym Pavlenko
6b5e19bdc5
Merge pull request #11410 from akhilerm/2.0-update-go1.24 
[release/2.0] update build to go1.23.6, test go1.24.0
 2025-02-19 09:18:17 -08:00
Akhil Mohan
4d19a6adfe
update build to go1.23.6, test go1.24.0 
Signed-off-by: Akhil Mohan <akhilerm@gmail.com>
 2025-02-19 20:40:03 +05:30
Samuel Karp
e7efb877ca
Merge pull request #11405 from djdongjin/release-2.0-bump-up-cache-action 
[release/2.0] build(deps): bump actions/cache from 4.1.2 to 4.2.0
 2025-02-18 16:48:04 -08:00
Phil Estes
67931999d8
Merge pull request #11387 from frcai/users/frcai/upgrade-x-net-33 
[release/2.0] Upgrade x/net to 0.33.0 to fix vulnerability GHSA-w32m-9786-jp63
 2025-02-18 16:40:13 -05:00
dependabot[bot]
c738c3aabc build(deps): bump actions/cache from 4.1.2 to 4.2.0 
Bumps [actions/cache](https://github.com/actions/cache) from 4.1.2 to 4.2.0.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](6849a64899...1bd1e32a3b)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit 9270122437f5a0105c74b49089fddc1a2c2648af)
Signed-off-by: Jin Dong <djdongjin95@gmail.com>
 2025-02-18 20:26:38 +00:00
Chris Henzie
b5313993c1 Revert "Add timestamp to PodSandboxStatusResponse for kubernetes Evented PLEG" 
This reverts commit b5290726d2.

Signed-off-by: Chris Henzie <chrishenzie@google.com>
 2025-02-18 15:31:16 +00:00
Akihiro Suda
6b5df746e4
Merge pull request #11357 from k8s-infra-cherrypick-robot/cherry-pick-11019-to-release/2.0 
[release/2.0] Update install-imgcrypt to allow change install repo
 2025-02-18 19:03:14 +09:00
Fu Wei
cb68d980c5
Merge pull request #11394 from k8s-infra-cherrypick-robot/cherry-pick-11388-to-release/2.0 
[release/2.0] Update runc binary to v1.2.5
 2025-02-18 11:38:15 +08:00
Austin Vazquez
697c59c635 Update runc binary to v1.2.5 
This is the fifth patch release in the 1.2.z series of runc. It
primarily fixes an issue caused by an upstream systemd bug.

There was a regression in systemd v230 which made the way we define device
rule restrictions require a systemctl daemon-reload for our transient
units. This caused issues for workloads using NVIDIA GPUs. Workaround the
upstream regression by re-arranging how the unit properties are defined.
Dependency github.com/cyphar/filepath-securejoin is updated to v0.4.1,
to allow projects that vendor runc to bump it as well.
CI: fixed criu-dev compilation.
Dependency golang.org/x/net is updated to 0.33.0.

diff: opencontainers/runc@v1.2.4...v1.2.5

Signed-off-by: Austin Vazquez <macedonv@amazon.com>
 2025-02-17 22:20:04 +00:00
Chifeng Cai
fcf64305ce Update vendor files to fix build failure 
Signed-off-by: Chifeng Cai <frcai@microsoft.com>
 2025-02-13 17:06:05 -08:00
Chifeng Cai
d3437eb291 Upgrade x/net to 0.33.0 
Signed-off-by: Chifeng Cai <frcai@microsoft.com>
 2025-02-13 17:01:36 -08:00
Jing Xu
0785bd8cc6 Update install-imgcrypt to allow change install repo 
Add repo env similar to other install script

Signed-off-by: Jing Xu <jinxu@google.com>
 2025-02-07 21:52:14 +00:00
Mike Brown
29be12a668
Merge pull request #11269 from MikeZappa87/bugfix/gocnirace 
[release/2.0] Update go-cni version to fix Race Condition issue
 2025-02-05 16:26:14 -06:00
Fu Wei
be08040e8d
Merge pull request #11329 from klihub/fixes/containerd/2.0.x/nri-plugin-sync 
[release/2.0] fix initial sync race of registering NRI plugins.
 2025-02-04 09:35:57 -05:00
Michael Zappa
06891f899d
fix go-cni race condition 
Signed-off-by: Michael Zappa <michael.zappa@gmail.com>
 2025-02-03 16:26:08 -07:00
Phil Estes
7319817149
Merge pull request #11325 from kiashok/update-imgcrypt 
[release/2.0] Update github.com/containerd/imgcrypt to v2.0.0
 2025-02-03 14:02:20 -05:00
Krisztian Litkey
79cdbf61b6
cri,nri: block NRI plugin sync. during event processing. 
Block the synchronization of registering NRI plugins during
CRI events to avoid the plugin ending up in an inconsistent
starting state after initial sync (missing pods, containers
or missed events for some pods or containers).

Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
 2025-02-03 10:24:20 +02:00
Kirtana Ashok
9d5cfce833 Update github.com/containerd/imgcrypt to v2.0.0 
Signed-off-by: Kirtana Ashok <kiashok@microsoft.com>
 2025-01-30 10:09:20 -08:00
Mike Brown
e465b45f9c
Merge pull request #11265 from dmcgowan/2.0-fix-cdi-oci-opt 
[release/2.0] Move CDI device spec out of the OCI package
 2025-01-23 13:19:23 -06:00
Derek McGowan
c18314700a
Merge pull request #11297 from k8s-infra-cherrypick-robot/cherry-pick-11277-to-release/2.0 
[release/2.0] update to go1.23.5 / go1.22.11
 2025-01-22 10:09:18 -07:00
Akhil Mohan
1f4e5688ef update to go1.23.5 / go1.22.11 
- go1.23.5 (released 2025-01-16) includes security fixes to the
crypto/x509 and net/http packages, as well as bug fixes to the compiler,
the runtime, and the net package. See the Go 1.23.5 milestone on our
issue tracker for details.

- go1.22.11 (released 2025-01-16) includes security fixes to the
crypto/x509 and net/http packages, as well as bug fixes to the runtime.
See the Go 1.22.11 milestone on our issue tracker for details.

Signed-off-by: Akhil Mohan <akhilerm@gmail.com>
 2025-01-22 05:12:48 +00:00
Derek McGowan
f58939c33d
Remove deprecated WithCDIDevices in oci spec opts 
This function has been moved to prevent an unintended dependency on CDI.

Signed-off-by: Derek McGowan <derek@mcg.dev>
(cherry picked from commit bdc847f1eb535a6728b6db3f2619d2a5ed0edbb9)
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2025-01-17 08:58:34 -08:00
Derek McGowan
3d53430fe1
Move CDI device spec out of the OCI package 
The CDI device injection spec opt was mistakenly added to the OCI
package which brought in an unintended dependency on CDI and its
transitive dependencies.

Signed-off-by: Derek McGowan <derek@mcg.dev>
(cherry picked from commit e20f7f4a2425c005d85855abfd4556d7b4ccbf87)
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2025-01-14 14:16:18 -08:00
Derek McGowan
0fbf3c3b38
Merge pull request #11263 from thaJeztah/2.0_backport_protobuf_1.35.2 
[release/2.0 backport] build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2
 2025-01-14 10:50:48 -07:00
dependabot[bot]
3a6ab80d01
build(deps): bump google.golang.org/protobuf from 1.35.1 to 1.35.2 
Bumps google.golang.org/protobuf from 1.35.1 to 1.35.2.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
(cherry picked from commit dd2d891672305ab756b4b93970ac1342c952ffc8)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2025-01-14 09:53:24 +01:00
Derek McGowan
c507a0257e
Merge pull request #11245 from AkihiroSuda/prepare-v2.0.2 
Prepare release notes for v2.0.2
 2025-01-13 22:21:27 -07:00
Akihiro Suda
cdaf4dfb4d
Prepare release notes for v2.0.2 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2025-01-14 11:14:20 +09:00
Kazuyoshi Kato
0d9aa65eba
Merge pull request #11259 from k8s-infra-cherrypick-robot/cherry-pick-11257-to-release/2.0 
[release/2.0] Update platforms to latest rc
 2025-01-13 16:00:04 -08:00
Derek McGowan
eb125e1dd3 Update platforms to latest rc 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2025-01-13 22:26:42 +00:00
Derek McGowan
c334ae68b8
Merge pull request #11256 from k8s-infra-cherrypick-robot/cherry-pick-10980-to-release/2.0 
[release/2.0] Remove confusing warning in cri runtime config migration
 2025-01-13 09:09:32 -07:00
Jin Dong
468079c5c4 Remove confusing warning in cri runtime config migration 
Signed-off-by: Jin Dong <djdongjin95@gmail.com>
 2025-01-13 15:26:45 +00:00
Akihiro Suda
b48e1080c2
Merge pull request #11248 from k8s-infra-cherrypick-robot/cherry-pick-11165-to-release/2.0 
[release/2.0] Fix runtime platform loading in cri image plugin init
 2025-01-11 23:06:22 +09:00
Jin Dong
a2d9d4fd55 Fix runtime platform loading in cri image plugin init 
The cri image service init has a bug where, after getting FSPath
for snapshotter_i, it stores it under defaultSnapshotter instead
of snapshotter_i.

Also make a few other refactor:

1. Dedup the snapshotRoot loading for defaultSnapshotter
2. Remove some unnecessary logic in RuntimePlatforms for-loop

Signed-off-by: Jin Dong <djdongjin95@gmail.com>
 2025-01-10 21:12:46 +00:00
Maksym Pavlenko
e1b0bb601e
Merge pull request #11246 from k8s-infra-cherrypick-robot/cherry-pick-11161-to-release/2.0 
[release/2.0] make sure console master tty is closed on task exit
 2025-01-10 12:36:24 -08:00
Henry Wang
184ffad01f Add integ test to check tty leak 
Signed-off-by: Henry Wang <henwang@amazon.com>
 2025-01-10 16:38:20 +00:00
Henry Wang
17181ed33e fix master tty leak due to leaking init container object 
Signed-off-by: Henry Wang <henwang@amazon.com>
 2025-01-10 16:38:20 +00:00
Derek McGowan
1698a59589
Merge pull request #11242 from djdongjin/bump-otelttrpc-release-20 
[release/2.0] Bump up otelttrpc to 0.1.0
 2025-01-09 22:53:00 -07:00