github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
13,051 Commits 3 Branches 4 Tags
c8012b6d74d83be2bd2fac69de6239b3fac4c00a
Commit Graph

416 Commits

Author SHA1 Message Date
Abel Feng
c8012b6d74 sandbox: make a clear dependency of cri plugins 
Signed-off-by: Abel Feng <fshb1988@gmail.com>
 2023-11-30 23:06:41 +08:00
Maksym Pavlenko
e15c246550 Move CRI image service into a separate plugin 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
Signed-off-by: Abel Feng <fshb1988@gmail.com>
 2023-11-20 09:41:27 +08:00
Wei Fu
f6c4de6b53 fix: podsandbox depends on Lease plugin 
introduced by 09723a6175

Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-11-17 23:29:04 +08:00
Abel Feng
32bf805e57 sandbox: add a sandboxService interface to criService 
so that we can add a fakeSandboxService to the criService in tests.

Signed-off-by: Abel Feng <fshb1988@gmail.com>
 2023-11-15 09:25:58 +08:00
Abel Feng
25a4c3d235 sandbox: remove SandboxersServicePlugin 
Signed-off-by: Abel Feng <fshb1988@gmail.com>
 2023-11-15 09:22:10 +08:00
Abel Feng
0cf48bab2c sandbox: podsandbox init its own client 
To break the cyclic dependency of cri plugin and podsandbox plugin,
we define a new plugin type of SandboxesServicePlugin and when cri init
it's own client, it will add the all the controllers by get them from
the SandboxesServicePlugin.
when podsandbox controller init it's client, it will not Require the
SandboxesServicePlugin.

Signed-off-by: Abel Feng <fshb1988@gmail.com>
 2023-11-15 09:22:10 +08:00
Akhil Mohan
e682da76ce fix labels in pod sandbox 
Signed-off-by: Akhil Mohan <makhil@vmware.com>
 2023-11-14 01:52:09 +05:30
Akhil Mohan
64c41162c3 update tests to use labels from cri/labels 
Signed-off-by: Akhil Mohan <makhil@vmware.com>
 2023-11-14 01:46:43 +05:30
Akhil Mohan
7e79225cec refactor labels used in cri server 
remove the duplication of labels used in cri/server
and move them to a common package cri/labels

Signed-off-by: Akhil Mohan <makhil@vmware.com>
 2023-11-14 01:45:26 +05:30
Samuel Karp
bd2db42464 Merge pull request #9287 from lengrongfu/feat/add-warning-use-inheritable 
add warning use inheritable Capabilities
 2023-11-04 00:33:18 +00:00
Samuel Karp
6cd0e8e405 Merge pull request #9321 from dmcgowan/switch-to-plugin-repo 
Switch to plugin repo
 2023-11-02 16:50:49 +00:00
Phil Estes
740717673f Merge pull request #9317 from jsturtevant/fix-sbserver-windows 
CRI: Handle ArgsEscaped for new Sb Server by clearing commandline in spec
 2023-11-02 14:45:39 +00:00
rongfu.leng
df19888f83 add warning use inheritable Capabilities 
Signed-off-by: rongfu.leng <rongfu.leng@daocloud.io>
 2023-11-02 16:14:59 +08:00
Derek McGowan
9db21401c4 Switch to github.com/containerd/plugin 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-11-01 23:01:42 -07:00
James Sturtevant
a67efe88db Add tests cases 
Signed-off-by: James Sturtevant <jsturtevant@gmail.com>
 2023-11-01 15:32:43 -07:00
James Sturtevant
0ffc3e9873 Handle ArgsEscaped for new Sb Server 
The PR https://github.com/containerd/containerd/pull/8198 fixed this for CRI but missed clearing the commandline in the forked SB server. This simply adds that back in

Signed-off-by: James Sturtevant <jsturtevant@gmail.com>
 2023-11-01 12:06:07 -07:00
Derek McGowan
261e01c2ac Move client to subpackage 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-11-01 10:37:00 -07:00
Derek McGowan
5fdf55e493 Update go module to github.com/containerd/containerd/v2 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-10-29 20:52:21 -07:00
Derek McGowan
638b474c81 Temporarily remove imgcrypt in CRI to fix circular dependency 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-10-27 15:36:47 -07:00
Derek McGowan
18c9e7ec4c Merge pull request #9270 from fuweid/fix-sb-issues 
pkg/cri: should ignore no sandbox bucket
 2023-10-21 21:44:16 +00:00
Abel Feng
8b4f9656d2 sandbox: remove ValidateMode as it is not used 
Signed-off-by: Abel Feng <fshb1988@gmail.com>
 2023-10-20 16:02:13 +08:00
Wei Fu
337cc21719 pkg/cri: should ignore no sandbox bucket 
The sandbox might be recovered from v1.x release. It doesn't have
metadata bucket. We should ignore the not-found error.

How to reproduce the issue:

```bash
➜  containerd git:(main) sudo ctr version
Client:
  Version:  1.6.22
  Revision: 8165feabfdfe38c65b599c4993d227328c231fca
  Go version: go1.19.11

Server:
  Version:  1.6.22
  Revision: 8165feabfdfe38c65b599c4993d227328c231fca
  UUID: be4216aa-8a2e-4305-9186-efeacd2d9a17

➜  containerd git:(main) cat /tmp/pod.json
{
    "metadata": {
        "name": "nginx-sandbox",
        "namespace": "default",
        "attempt": 1,
        "uid": "hdishd83djaidwnduwk28bcsb"
    },
    "log_directory": "/tmp",
    "linux": {
    }
}

➜  containerd git:(main) sudo crictl runp /tmp/pod.json
616ea1cc657c57e80abf74e707a8177878ac2ec1ab7c346b4adb7bc0fadf986e
➜  containerd git:(main) sudo crictl pods
POD ID              CREATED             STATE               NAME                NAMESPACE           ATTEMPT             RUNTIME
616ea1cc657c5       9 seconds ago       Ready               nginx-sandbox       default             1                   (default)

➜  containerd git:(main) make BUILDTAGS=no_btrfs
➜  containerd git:(main) sudo PREFIX=/usr make install
+ install bin/ctr bin/containerd bin/containerd-stress bin/containerd-shim-runc-v2

➜  containerd git:(main) sudo systemctl restart containerd
➜  containerd git:(main) sudo ctr version
Client:
  Version:  v1.7.0-943-g980767551
  Revision: 9807675518
  Go version: go1.20.10

Server:
  Version:  v1.7.0-943-g980767551
  Revision: 9807675518
  UUID: be4216aa-8a2e-4305-9186-efeacd2d9a17

➜  containerd git:(main) sudo crictl stopp  616ea1cc657c5
Stopped sandbox 616ea1cc657c5

➜  containerd git:(main) sudo crictl rmp 616ea1cc657c5
E1019 14:03:37.885162 2052643 remote_runtime.go:295] "RemovePodSandbox from runtime service failed" err="rpc error: code = Unknown desc = failed to remove sandbox metadata from store: failed to delete sandbox \"616ea1cc657c57e80abf74e707a8177878ac2ec1ab7c346b4adb7bc0fadf986e\": bucket not found" podSandboxID="616ea1cc657c5"
removing the pod sandbox "616ea1cc657c5": rpc error: code = Unknown desc = failed to remove sandbox metadata from store: failed to delete sandbox "616ea1cc657c57e80abf74e707a8177878ac2ec1ab7c346b4adb7bc0fadf986e": bucket not found
```

Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-10-20 15:20:18 +08:00
Maksym Pavlenko
f90f80d9b3 Merge pull request #9254 from adisky/cri-streaming-from-k8s 
Use staging k8s.io/kubelet/cri/streaming package
 2023-10-19 12:32:12 -07:00
Derek McGowan
bb64e6a8ef Initialize sandbox controller list on CRI server creation 
Avoid calling out to the client to get a sandbox controller and instead
setup the list of controllers on initialization. This fixes a test
failure which does not set the client.

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-10-18 15:25:25 -07:00
Derek McGowan
9807675518 Merge pull request #8268 from abel-von/sandbox-plugin 
Sandbox: make sandbox controller plugin
 2023-10-18 10:16:10 -07:00
Aditi Sharma
03d81f595f Use cri streaming pkg from k8s staging 
Use staging k8s.io/kubelet/cri/streaming package

Signed-off-by: Aditi Sharma <adi.sky17@gmail.com>
 2023-10-18 09:14:28 +05:30
Fu Wei
dc7dba9c20 Merge pull request #9239 from jiangliu/cri-multi-snapshotters 
CRI: use (snapshotter_id, snapshot_key) to uniquely identify snapshots
 2023-10-18 09:30:55 +08:00
Jiang Liu
8e7c10c6d0 CRI: enhance ImageFsInfo() to support multiple snapshotters 
Enhance cri/server/image/imagefs_info.go:ImageFsInfo() to support
snapshotter per runtime. Now `ImageFsInfoResponse.ImageFilesystems` may
contain multiple entries.

Signed-off-by: Jiang Liu <gerry@linux.alibaba.com>
 2023-10-17 17:38:18 +08:00
Abel Feng
3ef300ca75 sandbox: remove global variable of podsandbox controller 
Signed-off-by: Abel Feng <fshb1988@gmail.com>
 2023-10-16 21:17:50 +08:00
Abel Feng
d2d434b7d6 sandbox: add all sandbox information to Create method 
When call sandbox controller to create sandbox, we change the param from
sandbox id to total sandbox object to git all information to controller,
so that sandbox controller do not rely on the sandbox store anymore,
this is more decouple for the sandbox controller plugin inside
containerd, and it is neccesary for remote sandbox controller plugins as
it is not able to get sandbox from the sandbox store anymore.

Signed-off-by: Abel Feng <fshb1988@gmail.com>
 2023-10-16 21:17:50 +08:00
Abel Feng
2951fb6dc6 sandbox: support more sandbox controllers 
make containerd extensible to support more sandbox controllers
registered into containerd by config.
we change the default sandbox controller plugin's name from "local" to "shim".
to make sure we can get the controller by the plugin name it registered into
containerd.

Signed-off-by: Abel Feng <fshb1988@gmail.com>
 2023-10-16 21:17:44 +08:00
Abel Feng
69e501e7cd sandbox: change SandboxMode to Sandboxer 
Signed-off-by: Abel Feng <fshb1988@gmail.com>
 2023-10-16 20:49:36 +08:00
Jiang Liu
5ad6f34329 CRI: use (snapshotter_id, snapshot_key) to uniquely identify snapshots 
Before snapshotter per runtime, CRI only supports a global snapshotter.
So a snapshot can be uniquely identified by `snapshot_key`. With snapshotter
per runtime enabled, there may be multiple snapshotters used by CRI. So only
(snapshotter_id, snapshot_key) can uniquely identify a snapshot.
Also extends CRI/store/snapshot/Store to support multiple snapshotters.

Signed-off-by: Jiang Liu <gerry@linux.alibaba.com>
 2023-10-16 10:21:10 +08:00
Derek McGowan
a80606bc2d Move plugin type definitions to containerd plugins package 
The plugins packages defines the plugins used by containerd.
Move all the types and properties to this package.

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-10-12 20:52:56 -07:00
Maksym Pavlenko
1b31993240 Rename sbserver to server 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-10-12 15:46:57 -07:00
Maksym Pavlenko
536abf1b35 Remove legacy CRI 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-10-12 09:18:45 -07:00
Maksym Pavlenko
33b1a833c6 Move CRI testing package out 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-10-12 09:18:20 -07:00
Maksym Pavlenko
016114ff6f Move bandwidth package out of CRI server 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-10-12 09:12:52 -07:00
Samuel Karp
841c693710 Merge pull request #9076 from CFSworks/fix-ipv6-pref 
Fix `ip_pref` configuration option
 2023-10-06 23:31:45 -07:00
Fu Wei
bce8fe60df Merge pull request #9183 from dcantah/cri-snapshotter-platform 2023-10-04 11:40:33 +08:00
Kohei Tokunaga
6169433b6b Fix linter issues for golangci-lint 1.54.2 
Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
 2023-10-03 21:56:47 +09:00
Danny Canter
e3cb7471a6 CRI: Snapshotter per runtime handler adjustments 
Pass the passed in context into some nested function calls, wrap
errors instead of %+v, and change some tests to strictly just test
for an error and not an exact error.

Signed-off-by: Danny Canter <danny@dcantah.dev>
 2023-10-03 02:05:34 -07:00
Akihiro Suda
8ffb03d689 cri: stop recommending disable_cgroup 
Disabling cgroup is no longer needed since cgroup v2

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-09-29 23:08:00 +09:00
Akihiro Suda
9ffb34ac49 Merge pull request #9054 from macOScontainers/canonicalize-filter-mount-path 
Fix usages of `mountinfo.PrefixFilter`
 2023-09-27 05:10:27 +09:00
Derek McGowan
b5615caf11 Update go-toml to v2 
Updates host file parsing to use new v2 method rather than the removed
toml.Tree.

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-09-22 15:35:12 -07:00
Derek McGowan
508aa3a1ef Move to use github.com/containerd/log 
Add github.com/containerd/log to go.mod

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-09-22 07:53:23 -07:00
Derek McGowan
9e819fb4a8 Update CRI image store to not use containerd client 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-09-20 10:11:51 -07:00
Rodrigo Campos
e0b2b17de3 cri/server: Add tests for the linux-specific parts of VolumeMounts() 
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2023-09-13 16:42:31 +02:00
Rodrigo Campos
10cb112e4a cri/server: Add tests for ContainerMounts() 
Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2023-09-13 16:42:31 +02:00
Rodrigo Campos
97dfa7f556 cri/server: Pass down uidMappings to OCI runtime 
When the kubelet sends the uid/gid mappings for a mount, just pass them
down to the OCI runtime.

OCI runtimes support this since runc 1.2 and crun 1.8.1.

And whenever we add mounts (container mounts or image spec volumes) and
userns are requested by the kubelet, we use those mappings in the mounts
so the mounts are idmapped correctly. If no userns is used, we don't
send any mappings which just keeps the current behavior.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2023-09-13 16:42:31 +02:00