github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
1,576 Commits 3 Branches 2 Tags 112 MiB
ba8788c6b9
Commit Graph

100 Commits

Author SHA1 Message Date
Lantao Liu
ba8788c6b9 Update kubernetes dependency to 1.15.0. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-07-31 23:52:03 -07:00
Lantao Liu
fe0cb22026 Do not cache image handler. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-07-24 15:38:18 -07:00
Justin Terry (VM)
bc445d7595 Forward sandbox config to PullImage request 
Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
 2019-05-10 11:35:09 -07:00
Lantao Liu
d1f9611cb0 Use wait instead of TaskExit. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-04-18 00:18:26 -07:00
Lantao Liu
fae4f79060 Enable runc.v2 as the default runtime in test. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-04-03 18:47:25 -07:00
Sebastiaan van Stijn
7b397f0322
bump opencontainers/selinux to v1.2 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2019-03-29 01:33:35 +01:00
Michael Crosby
5eddc1a2cc Use container'd oci opts for spec generation 
This bumps the containerd and sys packages in CRI

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Remove runtime-tools

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>

Update tests for oci opts package

Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2019-03-27 16:57:04 -04:00
Lantao Liu
238658719f Cleanup pod annotation test and only support tailing wildcard. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-03-25 12:54:34 -07:00
Harshal Patil
effd82227c Add support for passing sandbox annotations to runtime 
Signed-off-by: Harshal Patil <harshal.patil@in.ibm.com>
 2019-03-21 14:38:14 +05:30
Lantao Liu
0464298b1e Use clean path for map and comparison. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-03-03 21:19:50 -08:00
Lantao Liu
b2cd840042
Merge pull request #1045 from Random-Liu/fix-env-performance-issue 
Fix env performance issue
 2019-02-12 11:03:33 -08:00
Lantao Liu
877c1cadc1 Include default envs from containerd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-02-12 10:29:45 -08:00
Lantao Liu
9e2ce3494d
Merge pull request #1042 from Random-Liu/etc-hostname 
Set /etc/hostname.
 2019-02-12 10:15:11 -08:00
Lantao Liu
ec6dd37691 Add env cache. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-02-12 03:02:20 -08:00
Lantao Liu
089d4fbfb8 Set /etc/hostname. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-02-12 00:18:00 -08:00
Sebastiaan van Stijn
51affb8839
Replace util.NormalizeImageRef with reference.ParseDockerRef 
Using the utility caused other project to have containerd/cri
as a dependency, only for this utility. The new `reference.ParseDockerRef`
function does the same (it's a copy of this function).

Tests were kept for now, but could be removed in future.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2019-02-07 13:22:58 +01:00
Lantao Liu
83af4dad87 Support unknown state for sandbox and container 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-02-05 11:56:24 -08:00
Lantao Liu
d9914c8dbd Always fallback to the new runtime options. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-01-24 00:59:02 -08:00
Akihiro Suda
cd8231ab2a support DisableCgroup, DisableApparmor, RestrictOOMScoreAdj 
Add following config for supporting "rootless" mode

* DisableCgroup: disable cgroup
* DisableApparmor: disable Apparmor
* RestrictOOMScoreAdj: restrict the lower bound of OOMScoreAdj

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2019-01-03 05:12:04 +09:00
Lantao Liu
459e481808 Update code for golang 1.11 gofmt. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-11-07 16:08:58 -08:00
Lantao Liu
c1740d8291 Manage mount lifecycle and remove cached state 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-10-24 11:00:25 -07:00
Lantao Liu
1442425f92 Support runtime specific configurations. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-10-08 17:17:29 -07:00
Lantao Liu
db68300a5a Manage unmanaged images in k8s.io namespace 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-09-27 11:19:11 -07:00
Lantao Liu
fe0cd3672b
Merge pull request #865 from Random-Liu/cache-image-reference 
Cache image reference
 2018-09-10 16:21:57 -07:00
Lantao Liu
953d67d250 Create image reference cache. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-09-10 11:30:52 -07:00
Lantao Liu
f08a90ff64 Fix hostname env. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-09-10 10:58:17 -07:00
Lantao Liu
063f8158f8 Sort volume mount. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-09-04 22:43:37 -07:00
Yanqiang Miao
a87bda08c0 update selinux to b6fa367 
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2018-08-14 08:33:43 +08:00
Yanqiang Miao
415727cd9f verify selinux level format 
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2018-08-14 08:33:34 +08:00
Lantao Liu
952e53bf58 Add registry auth config, and use docker resolver in containerd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-07-09 19:08:48 -07:00
Akihiro Suda
097249054d vendor containerd (#2135) 
For containerd/containerd#2135

Signed-off-by: Akihiro Suda <suda.akihiro@lab.ntt.co.jp>
 2018-06-02 23:10:59 +09:00
Evan Hazlett
d7d2212324 vendor bump 
Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>

containerd: linux -> runtime/linux

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>

fix utils to properly format vendor repo

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>

test fixup

Signed-off-by: Evan Hazlett <ejhazlett@gmail.com>
 2018-05-30 19:51:24 -04:00
Mike Brown
94df315de8 adds volatile state directory to the fs plan for cntrs/pods/fifo 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-03-24 00:05:52 +00:00
Lantao Liu
ca67f94ee0 Address comments for privileged runtime code. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-23 02:17:46 +00:00
Jose Carlos Venegas Munoz
ca16bd601a runtime: Add trusted runtime option 
Some CRI compatible runtimes may not support provileged operations.
Specifically hypervisor based runtimes (like kata-containers, cc-runtime
and runv) do not support privileged operations like:

- Provide access to the host namespaces
- Create fully privileged containers with access to host devices

Hypervisor based runtimes create container workloads within virtual machines.
When a running host privileged containers using them,
they wont provide support to requested the privileged opertations.

This commits add the new options to define two runtimes:

Trusted runtime : Used when a privileged container is requested.
Default runtime : for non-privileged workloads.

A container that belongs to a privileged pod will inherent this property
an will be created with the trusted runtime.

- Add options to define trusted runtime
- Add logic to decide if a sanbox is trusted
- Export annotation containers below to a trusted sandbox

Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
 2018-03-20 13:56:49 -06:00
Lantao Liu
387da59ee5 Rename all variables to remove "cricontainerd". 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-19 21:59:32 +00:00
Lantao Liu
e1fe1abff0 Use github.com/pkg/errors 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-17 02:24:38 +00:00
abhi
2bdf428eb7 Removing DAD config and updating plugins to v0.7.0 
Signed-off-by: abhi <abhi@docker.com>
 2018-03-16 14:46:46 -07:00
Lantao Liu
1dcbf4f742
Merge pull request #663 from abhi/cni 
Moving to use go-cni library from containerd
 2018-03-15 17:53:50 -07:00
abhi
003bbd4292 Modifying fake cni plugin 
Signed-off-by: abhi <abhi@docker.com>
 2018-03-15 17:05:33 -07:00
yanxuean
7583bce4ab some comments 
Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2018-03-15 15:55:54 +08:00
abhi
92110e1d74 Moving to use go-cni library from containerd 
This fix aims to use the cni library form containerd.
The library avoid usage of nsenter.

Signed-off-by: abhi <abhi@docker.com>
 2018-03-14 19:25:54 -07:00
Mike Brown
d4e7154625 move links for cri-containerd to cri 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-03-13 17:06:26 -05:00
Lantao Liu
46fc92f65f Use new namespace mode and support shared pid namespace. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-02-08 03:10:57 +00:00
abhi
f3ccd85891 Adding Registry Mirror support 
This commit aims to add registy mirror support similar to
docker. The UI is similar to docker where user can
provide mirror urls and the image resolves against the provided
mirrors before fetching from default docker regitry mirror url.

Signed-off-by: abhi <abhi@docker.com>
 2018-01-31 10:47:34 -08:00
Lantao Liu
2b6f084f36 Disable IPv6 dad by default. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-22 23:54:16 +00:00
Lantao Liu
7d18d61674 Move cgroup and oom score setting to cmd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-19 01:35:36 +00:00
Lantao Liu
025ffe551f Rename kubernetes-incubator/cri-containerd to containerd/cri-containerd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-10 22:35:33 +00:00
Lantao Liu
31bc964195 Enable HostSpecific option in runtime-tools generator. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-03 19:04:47 +00:00
Lantao Liu
a9c7237e67
Merge pull request #470 from mikebrow/debug-image 
adding info map for verbose image status
 2017-12-12 15:09:57 -08:00