github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
1,888 Commits 3 Branches 2 Tags 112 MiB
c96373f6d5
Commit Graph

153 Commits

Author SHA1 Message Date
Lantao Liu
c4846745d6 Use WithNewSnapshot for sandbox container. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-09 03:59:58 +00:00
Lantao Liu
f36ef46b35 Use new ocicni. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-07 00:14:12 +00:00
Ian Campbell
0161764ef5 Always use a writeable snapshot as the rootfs. 
This will be made readonly by runc based on spec.Root.Readonly (which we
already set correctly) but defering until then gives runc the chance to make
any missing mount points as it processes the spec.Mount array.

This is necessary because many container images lack mount points for things
like the /etc/hosts which we want to overbind. This is not noticed with e.g.
Docker because it automatically creates an additional layer containing those.
This is something we may want to do here as well eventually but for now using a
writeable snapshot is both necessary and sufficient.

The same does not apply to the sandbox since we never modify its rootfs or want
to mount anything in it etc, add a comment to clarify.

Fixes #220.

Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-09-06 22:20:14 +01:00
Lantao Liu
c3cb1cfde8 Revert "Setting containerd shim cgroup same as pod cgroup" 
This reverts commit 59008c608e.

Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-02 04:20:55 +00:00
Mike Brown
4f442de959 adds support for AppArmor 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-09-01 18:08:34 -05:00
Lantao Liu
9c49624174 Merge pull request #157 from miaoyq/apply-selinux-opt 
Support selinux options/label
 2017-08-31 16:30:30 -07:00
Abhinandan Prativadi
59008c608e Setting containerd shim cgroup same as pod cgroup 
Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-08-31 15:16:51 -07:00
Yanqiang Miao
0c3304e006 Support selinux options/label 
Support selinux optios/label

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-08-31 19:20:12 +08:00
Lantao Liu
ac4f238f48 Cleanup image operations. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-31 00:52:09 +00:00
Lantao Liu
c4d95aa2c4 Fix sandbox container snapshotter. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-30 18:33:59 +00:00
Lantao Liu
270e09ab26 Use containerd WithUserID. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-25 21:11:56 +00:00
Lantao Liu
980e8e8007 Merge pull request #168 from Random-Liu/add-run-as-user 
Add RunAsUser support
 2017-08-25 13:45:47 -07:00
Lantao Liu
60d8430ac1 Do not checkpoint sandbox pid. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-25 01:38:05 +00:00
Lantao Liu
a80df151d1 Add RunAsUsername support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-25 00:47:35 +00:00
Lantao Liu
e1f74f00a5 Various security related fixes 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-24 21:52:30 +00:00
Lantao Liu
a795927c5a Get CreatedAt from containerd instead of maintaining it ourselves. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-24 18:38:00 +00:00
Lantao Liu
73bb9696e8 Merge pull request #151 from Random-Liu/add-instrumented-service 
Add instrumented service.
 2017-08-24 11:26:39 -07:00
Abhinandan Prativadi
5a119200b8 Creating permanent sandbox namespace 
This commit contains changes to create/delete permanent namespace
for a sandbox container.

Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-08-24 10:43:42 -07:00
Lantao Liu
45ee2e554a Add container attach support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-23 23:48:31 +00:00
Lantao Liu
77b703f1e7 Move generateID to util. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-23 23:46:55 +00:00
Lantao Liu
dd6e9fb88d Merge pull request #156 from yanxuean/metalabel 
Checkpoint and restart recovery
 2017-08-23 15:36:19 -07:00
yanxuean
d2757cb8f9 Checkpoint and restart recovery 
fix part of #120

Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-08-23 17:01:13 +08:00
Lantao Liu
195b52500f Add instrumented service. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-23 07:02:12 +00:00
Lantao Liu
f6d99abcf4 Add hostport support 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-23 01:33:02 +00:00
Abhinandan Prativadi
32e0313418 Containerd client integration 
This commit:
1) Replaces the usage of containerd GRPC APIs with the containerd client for all operations related to containerd.
2) Updated containerd to v1.0alpha4+
3) Updated runc to v1.0.0

Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-08-16 14:43:22 -07:00
Lantao Liu
86a0f6a59b Merge pull request #126 from miaoyq/change-defaut-spec 
Replace the original default spec with containerd default spec
 2017-08-10 14:25:23 -07:00
Yanqiang Miao
9cc93886ea Replace the original default spec with containerd default spec 
The original default spec contain `seccomp` configuration,
but some OS do not support this feature, such as ubuntu14.04,
and `make test-cri` always fail. The containerd default spec dosen't
contain `seccomp`, so I think we could replace the default spec
with containerd default spec.

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-08-10 20:31:03 +08:00
Mike Brown
8d37d97d01 sets sysctls from pod config annotations 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-08-09 18:42:04 -05:00
Mike Brown
73748840da Swicth to 1.0.0-alpha2 containerd api. 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-08-02 23:21:37 +00:00
Lantao Liu
7b16a35287 Use new metadata store. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-07-28 23:35:31 +00:00
Lantao Liu
4317e6119a Remove sandbox truncindex. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-07-28 23:35:31 +00:00
Lantao Liu
faf592069b Remove out-of-date TODOs. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-30 01:19:51 +00:00
Lantao Liu
14fd8401a2 Set sandbox container resource limit. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-23 01:23:53 +00:00
Lantao Liu
862d00a21c Update CRI to d779e9c9561b732adf06263c5424889e7564fdbd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-21 01:56:13 +00:00
Lantao Liu
7f9e0262ad Unmount /dev/shm when stop sandbox. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-16 17:18:14 +00:00
Lantao Liu
5b7cbf1bc6 Create/remove sandbox container. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-16 16:43:13 +00:00
Lantao Liu
cb9e104cf1 Create/delete containerd containerd 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-16 16:43:13 +00:00
Lantao Liu
6ca9c65578 Rename more container to task. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-16 02:34:43 +00:00
Lantao Liu
bad279e0f6 Finish snapshot support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-16 02:34:43 +00:00
Mike Brown
484a326717 modify code to compile on updated containerd 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-06-15 23:14:21 +00:00
Lantao Liu
9d5990fe4f Add sandbox /dev/shm. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-11 09:49:46 +00:00
Crazykev
9bf7ffd51a generate and maintain resolv.conf for sandbox 
Signed-off-by: Crazykev <crazykev@zju.edu.cn>
 2017-06-09 19:36:30 +08:00
Lantao Liu
88f4c252d6 Add sandbox /etc/hosts when using host network 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-06 06:43:38 +00:00
Lantao Liu
e657e1eb14 Add container logging support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-02 16:36:02 +00:00
Lantao Liu
95e0fc694f Cleanup some code. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-02 02:15:58 +00:00
Lantao Liu
80c973a550 Ensure container rootfs and apply image config 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-05-31 01:18:22 +00:00
Lantao Liu
eb20601c08 Pull sandbox image and apply image config 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-05-31 00:39:38 +00:00
Crazykev
49e7ef2153 update kubernetes vendor for new CRI change 
Signed-off-by: Crazykev <crazykev@zju.edu.cn>
 2017-05-24 10:25:55 +08:00
Xianglin Gao
4a4414987f Add unit test 
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
 2017-05-23 18:30:20 +08:00
Xianglin Gao
6d2b9fabca And setup and teardown 
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
 2017-05-23 15:17:40 +08:00
Random-Liu
6ac71e5862 Add initial container implementation. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-05-22 19:14:09 +00:00
Random-Liu
bf28c7fc75 Add initial sandbox management implementation 
Signed-off-by: Random-Liu <lantaol@google.com>
 2017-05-12 13:14:11 -07:00
Random-Liu
f2925f58ac Add initial code framework 2017-04-14 19:04:26 -07:00