github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
467 Commits 3 Branches 2 Tags 112 MiB
cc5d3ef96a
Commit Graph

226 Commits

Author SHA1 Message Date
Ian Campbell
0161764ef5 Always use a writeable snapshot as the rootfs. 
This will be made readonly by runc based on spec.Root.Readonly (which we
already set correctly) but defering until then gives runc the chance to make
any missing mount points as it processes the spec.Mount array.

This is necessary because many container images lack mount points for things
like the /etc/hosts which we want to overbind. This is not noticed with e.g.
Docker because it automatically creates an additional layer containing those.
This is something we may want to do here as well eventually but for now using a
writeable snapshot is both necessary and sufficient.

The same does not apply to the sandbox since we never modify its rootfs or want
to mount anything in it etc, add a comment to clarify.

Fixes #220.

Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-09-06 22:20:14 +01:00
Lantao Liu
e06c2c59e0 Merge pull request #179 from Random-Liu/checkpoint-container-status 
Checkpoint container status onto disk.
 2017-09-06 13:51:38 -07:00
Lantao Liu
8569fa366e Merge pull request #215 from Random-Liu/add-capability-all 
Add "ALL" capabilities support.
 2017-09-05 18:14:36 -07:00
Lantao Liu
d02ecc4673 Add "ALL" capabilities support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-06 00:05:08 +00:00
Mike Brown
8a21e3f3c8 Merge pull request #206 from Random-Liu/ensure-remove-all 
Use EnsureRemoveAll
 2017-09-05 18:43:45 -05:00
Ian Campbell
1dea8fdfc4 Handle environment variables which containe spaces 
This avoids errors such as:

    spec: invalid environment variable "JAVA_OPTS=-Djava.security.egd=file:/dev/urandom"

use SplitN(2) to get the envvar name and value while allowing the value to
contain `=`.

Add some variables to the test data which have one or more `=` in the value.
Since this makes the resulting list of variables to check rather long split the
check in two and check the container config and image config derived values
independently.

Signed-off-by: Ian Campbell <ijc@docker.com>
 2017-09-05 23:06:07 +01:00
Lantao Liu
adfabdaa35 Use EnsureRemoveAll 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-05 20:29:18 +00:00
Jamie Zhuang
915f5b0aea Make sandbox container image configurable 
Signed-off-by: Jamie Zhuang <lanchongyizu@gmail.com>
 2017-09-03 02:53:17 -04:00
Lantao Liu
c3cb1cfde8 Revert "Setting containerd shim cgroup same as pod cgroup" 
This reverts commit 59008c608e.

Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-02 04:20:55 +00:00
Lantao Liu
aa3635c75a Merge pull request #183 from Random-Liu/cri-containerd-exit-with-containerd 
Cri containerd exits with containerd
 2017-09-01 16:39:38 -07:00
Lantao Liu
c3e8c69aff Let cri-containerd exit with containerd 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-01 23:14:04 +00:00
Mike Brown
4f442de959 adds support for AppArmor 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-09-01 18:08:34 -05:00
Lantao Liu
4f449cec5f Merge pull request #202 from Random-Liu/fix-image-repo-digest 
Fix repo digest for schema 1 image.
 2017-09-01 16:01:05 -07:00
Lantao Liu
7121d251b0 Return image repo digest in container status. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-01 20:58:15 +00:00
Lantao Liu
5057c2d4fb Merge pull request #197 from Random-Liu/not-remove-out-dated-tag 
Do not remove out dated image tag.
 2017-09-01 00:48:37 -07:00
Lantao Liu
cfb5513a54 Fix repo digest for schema 1 image. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-01 07:18:02 +00:00
Lantao Liu
73bb6e3283 Do not remove out dated image tag. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-01 07:09:13 +00:00
Lantao Liu
9c49624174 Merge pull request #157 from miaoyq/apply-selinux-opt 
Support selinux options/label
 2017-08-31 16:30:30 -07:00
Abhinandan Prativadi
59008c608e Setting containerd shim cgroup same as pod cgroup 
Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-08-31 15:16:51 -07:00
Yanqiang Miao
0c3304e006 Support selinux options/label 
Support selinux optios/label

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-08-31 19:20:12 +08:00
Lantao Liu
ac4f238f48 Cleanup image operations. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-31 00:52:09 +00:00
Lantao Liu
130aa5ac0d Checkpoint container status onto disk. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-31 00:41:52 +00:00
Abhinandan Prativadi
e1edeae4c9 Adding option to configure cgroup to start cri-containerd 
Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-08-30 14:37:40 -07:00
Lantao Liu
c4d95aa2c4 Fix sandbox container snapshotter. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-30 18:33:59 +00:00
Lantao Liu
3f4978b77b Use rbind and rprivate in bind mount. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-30 01:40:03 +00:00
Lantao Liu
55ee423224 Merge pull request #175 from Random-Liu/disable-pid-ns-sharing 
Disable pid namespace sharing
 2017-08-29 13:14:18 -07:00
Lantao Liu
b73161627d Fix fifo files leakage. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-28 21:14:35 +00:00
Lantao Liu
3b2d29be46 Merge pull request #177 from miaoyq/related-to-173 
Exclude the event of sandbox containers from event stream
 2017-08-28 10:00:21 -07:00
Yanqiang Miao
b18542c586 Excloude the event of sandbox containers from event stream 
We should exclude the event of sandbox containers from event
stream in order to avoid outputting unexpected error print.

related #173

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-08-28 14:21:03 +08:00
Lantao Liu
f46cd1a71a Disable pid namespace sharing 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-28 05:44:46 +00:00
Lantao Liu
fda30c3ad2 Do not teardown when network namespace is removed already. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-28 05:10:30 +00:00
Lantao Liu
270e09ab26 Use containerd WithUserID. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-25 21:11:56 +00:00
Lantao Liu
980e8e8007 Merge pull request #168 from Random-Liu/add-run-as-user 
Add RunAsUser support
 2017-08-25 13:45:47 -07:00
Lantao Liu
60d8430ac1 Do not checkpoint sandbox pid. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-25 01:38:05 +00:00
Lantao Liu
a80df151d1 Add RunAsUsername support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-25 00:47:35 +00:00
Lantao Liu
e1f74f00a5 Various security related fixes 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-24 21:52:30 +00:00
Lantao Liu
a795927c5a Get CreatedAt from containerd instead of maintaining it ourselves. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-24 18:38:00 +00:00
Lantao Liu
73bb9696e8 Merge pull request #151 from Random-Liu/add-instrumented-service 
Add instrumented service.
 2017-08-24 11:26:39 -07:00
Lantao Liu
36da027c20 Merge pull request #138 from abhinandanpb/p_netns 
Creating sandbox namespace
 2017-08-24 11:26:21 -07:00
Lantao Liu
c6191122f2 Merge pull request #163 from abhinandanpb/containerd-alpha6 
Updating to container1.0-alpha
 2017-08-24 10:43:43 -07:00
Abhinandan Prativadi
5a119200b8 Creating permanent sandbox namespace 
This commit contains changes to create/delete permanent namespace
for a sandbox container.

Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-08-24 10:43:42 -07:00
zhangzhenhao
331e542c09 add the user id support of runAsUser 
Signed-off-by: zhangzhenhao <zhangzhenhao@outlook.com>
 2017-08-24 23:29:45 +08:00
Abhinandan Prativadi
728dced6a1 Updating to container1.0-alpha 
Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-08-23 23:17:21 -07:00
Lantao Liu
2faa665eb2 Merge pull request #155 from miaoyq/support-nonewprivileges 
Support NoNewPrivileges
 2017-08-23 20:58:38 -07:00
Yanqiang Miao
1aec120d5f Support NoNewPrivileges 
fixes #117

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-08-24 08:37:40 +08:00
Lantao Liu
45ee2e554a Add container attach support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-23 23:48:31 +00:00
Lantao Liu
77b703f1e7 Move generateID to util. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-23 23:46:55 +00:00
Lantao Liu
dd6e9fb88d Merge pull request #156 from yanxuean/metalabel 
Checkpoint and restart recovery
 2017-08-23 15:36:19 -07:00
yanxuean
d2757cb8f9 Checkpoint and restart recovery 
fix part of #120

Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-08-23 17:01:13 +08:00
Lantao Liu
195b52500f Add instrumented service. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-23 07:02:12 +00:00
Lantao Liu
7901f56367 Merge pull request #150 from Random-Liu/support-update-container-resources 
Support update container resources
 2017-08-22 23:28:48 -07:00
Lantao Liu
f6d99abcf4 Add hostport support 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-23 01:33:02 +00:00
Lantao Liu
8f898cb3b8 Import ocicni update from https://github.com/Random-Liu/ocicni 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-23 01:25:12 +00:00
Lantao Liu
a0589d37dd Implement container resources update 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-22 18:40:30 +00:00
Lantao Liu
d41c23e31d Update code to make it build 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-22 05:38:51 +00:00
Lantao Liu
50b01812ce Merge pull request #147 from miaoyq/group-all-privileged-logic 
Group all privileged logic together
 2017-08-21 18:43:06 -07:00
Yanqiang Miao
8adad23015 Group all privileged logic together 
Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-08-22 09:16:37 +08:00
Lantao Liu
c05a7e74ee Add node e2e test CI. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-21 21:21:41 +00:00
Lantao Liu
dcc3cb2a05 Merge pull request #137 from Random-Liu/cleanup-with-new-client 
Some cleanup after switching to new client.
 2017-08-18 15:04:24 -07:00
Lantao Liu
ed640d3972 Some cleanup after switching to new client. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-18 21:04:38 +00:00
Lantao Liu
8e9a251f72 Merge pull request #135 from yanxuean/myfeature 
The parameters of InitCNI should be filled in reverse order
 2017-08-16 19:50:22 -07:00
yanxuean
8cc0347b0a The parameters of InitCNI should be filled in reverse order. 
fix  #131

Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-08-17 10:18:40 +08:00
Lantao Liu
f555bb1242 Add portforward support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-17 00:13:31 +00:00
Abhinandan Prativadi
32e0313418 Containerd client integration 
This commit:
1) Replaces the usage of containerd GRPC APIs with the containerd client for all operations related to containerd.
2) Updated containerd to v1.0alpha4+
3) Updated runc to v1.0.0

Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-08-16 14:43:22 -07:00
Lantao Liu
2427d332f0 Add TERM=xterm when tty=true. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-11 16:53:40 +00:00
Lantao Liu
86a0f6a59b Merge pull request #126 from miaoyq/change-defaut-spec 
Replace the original default spec with containerd default spec
 2017-08-10 14:25:23 -07:00
Yanqiang Miao
9cc93886ea Replace the original default spec with containerd default spec 
The original default spec contain `seccomp` configuration,
but some OS do not support this feature, such as ubuntu14.04,
and `make test-cri` always fail. The containerd default spec dosen't
contain `seccomp`, so I think we could replace the default spec
with containerd default spec.

Signed-off-by: Yanqiang Miao <miao.yanqiang@zte.com.cn>
 2017-08-10 20:31:03 +08:00
Mike Brown
8d37d97d01 sets sysctls from pod config annotations 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-08-09 18:42:04 -05:00
Lantao Liu
4c5cea9258 Handle device symlink. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-08 00:53:15 +00:00
Lantao Liu
54286313ce Add container Exec support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-07 22:49:06 +00:00
Lantao Liu
8b56c91ec5 Extract execInContainer 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-07 22:35:50 +00:00
Lantao Liu
bf270fae1c Use containerd client for container execsync. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-04 18:32:39 +00:00
Mike Brown
73748840da Swicth to 1.0.0-alpha2 containerd api. 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-08-02 23:21:37 +00:00
Lantao Liu
ffb69423ec Temporarily remove unit test relying on fake containerd services. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-07-31 22:42:10 +00:00
Lantao Liu
f4df66eaaf Remove old metadata store. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-07-28 23:35:31 +00:00
Lantao Liu
7b16a35287 Use new metadata store. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-07-28 23:35:31 +00:00
Lantao Liu
4317e6119a Remove sandbox truncindex. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-07-28 23:35:31 +00:00
Lantao Liu
a393f3a084 Add new metadata store. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-07-28 23:35:31 +00:00
Random-Liu
b398a161de Get runtime spec from container metadata. 
Signed-off-by: Random-Liu <lantaol@google.com>
 2017-07-28 16:26:20 +00:00
Lantao Liu
faf592069b Remove out-of-date TODOs. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-30 01:19:51 +00:00
Lantao Liu
4c48ad780f Do not teardown network namespace when using host network. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-29 01:30:04 +00:00
Lantao Liu
333ea04846 Merge pull request #95 from Random-Liu/fix-verify 
Remove unused fields and comments.
 2017-06-28 10:21:11 -07:00
Lantao Liu
7ddc85f3ca Remove unused fields and comments. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-28 16:59:35 +00:00
Lantao Liu
054bcfbf68 Merge pull request #91 from Random-Liu/support-oom-event 
Handle OOM event.
 2017-06-26 00:18:27 -07:00
Lantao Liu
a2f6f7f128 Handle OOM event. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-26 07:10:35 +00:00
Lantao Liu
14fd8401a2 Set sandbox container resource limit. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-23 01:23:53 +00:00
Lantao Liu
d5674be41f Add pull image authentication. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-22 18:41:02 +00:00
Lantao Liu
1bf09089b3 Register all possible repo tags and repo digests. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-21 20:20:34 +00:00
Lantao Liu
78b74a6a58 Merge pull request #85 from Random-Liu/update-cri 
Update CRI to d779e9c9561b732adf06263c5424889e7564fdbd.
 2017-06-21 13:18:24 -07:00
Lantao Liu
4d7735567c Merge pull request #82 from mikebrow/containerd-client-library 
Use containerd client library to connect to containerd services
 2017-06-20 19:03:18 -07:00
Lantao Liu
862d00a21c Update CRI to d779e9c9561b732adf06263c5424889e7564fdbd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-21 01:56:13 +00:00
Mike Brown
97063a0e34 switch to client provided services and address nits 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-06-20 19:19:14 -05:00
Mike Brown
0fe8c17fdf godeps udpate 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-06-20 19:18:48 -05:00
Mike Brown
20fc0227ae use containerd client library 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-06-20 19:18:29 -05:00
Lantao Liu
166778361e Merge pull request #84 from Random-Liu/use-orignal-pause-image 
Use gcr.io/google_containers/pause:3.0
 2017-06-20 16:04:12 -07:00
Lantao Liu
0321bef16a Use gcr.io/google_containers/pause:3.0 because we've supported schema 1. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-20 21:59:05 +00:00
Lantao Liu
7d5ea4401d Send stop signal specified in image config. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-20 21:11:20 +00:00
Lantao Liu
8524a4ef30 Add schema1 support, and use namespace k8s.io. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-19 18:44:00 +00:00
Lantao Liu
1f3a73d79e Merge pull request #72 from Random-Liu/add-exec-sync 
Add ExecSync.
 2017-06-16 16:58:50 -07:00
Lantao Liu
9b79201aa5 Add ExecSync. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-16 22:28:48 +00:00