github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
11,783 Commits 3 Branches 4 Tags
ce215971d4a08a77e251eef4602db90ba98fa12a
Commit Graph

124 Commits

Author SHA1 Message Date
Maksym Pavlenko
2b24af8d13 Use options to pass PodSandboxConfig to shims 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-02-13 12:36:20 -08:00
Derek McGowan
edb8ebaf07 Merge pull request #8047 from ruiwen-zhao/send_nil 
Send container events with nil PodSandboxStatus
 2023-02-13 11:38:14 -08:00
Derek McGowan
164ac924f8 Merge pull request #7984 from aitumik/aitumik/add-host-network-tests 
test: add hostNetwork tests for both windows and linux
 2023-02-13 11:37:20 -08:00
Fu Wei
2654ece1d0 Merge pull request #8066 from fuweid/cleanup-blockio-init 
*: introduce wrapper pkgs for blockio and rdt
 2023-02-13 14:05:32 +08:00
Derek McGowan
c6cf6b2522 Merge pull request #8093 from mxpv/instrument 
Extract CRI instrument into separate package
 2023-02-12 21:45:13 -08:00
Maksym Pavlenko
750d18aced Extract CRI instrument package 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-02-12 20:49:15 -08:00
Akihiro Suda
b61988670c go.mod: github.com/containerd/typeurl/v2 v2.1.0 
Changes: https://github.com/containerd/typeurl/compare/7f6e6d160d67...v2.1.0

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-02-11 23:39:52 +09:00
ruiwen-zhao
51a8db233d Send container events with nil PodSandboxStatus 
Signed-off-by: ruiwen-zhao <ruiwen@google.com>
 2023-02-11 01:34:39 +00:00
ruiwen-zhao
27c8f4085c Move PLEG event generation back to sbserver to avoid missing pod sandbox status 
Signed-off-by: ruiwen-zhao <ruiwen@google.com>
 2023-02-11 01:34:33 +00:00
Fu Wei
362ba2c743 Merge pull request #7981 from dmcgowan/sandbox-controller-interface-refactor 
[sandbox] refactor controller interface
 2023-02-11 09:22:36 +08:00
Nathan
7cf5560754 test: add hostNetwork tests for both windows and linux 
Signed-off-by: Nathan <aitumik@protonmail.com>
 2023-02-11 00:15:48 +03:00
Zechun Chen
b944b108df Clean up repeated package import 
Signed-off-by: Zechun Chen <zechun.chen@daocloud.io>
 2023-02-10 16:21:55 +08:00
Wei Fu
62df35df66 *: introduce wrapper pkgs for blockio and rdt 
Before this patch, both the RdtEnabled and BlockIOEnabled are provided
by services/tasks pkg. Since the services/tasks can be pkg plugin which
can be initialized multiple times or concurrently. It will fire data-race
issue as there is no mutex to protect `enable`.

This patch is aimed to provide wrapper pkgs to use intel/{blockio,rdt}
safely.

Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-02-10 08:21:34 +08:00
Derek McGowan
b0e97c0f9b Use multierror for cleanup error 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-02-07 11:06:14 -08:00
Derek McGowan
a788f6c799 Move local sandbox controller under plugins package 
Add options to sandbox controller interface.
Update sandbox controller interface to fully utilize sandbox controller
interface.
Move grpc error conversion to service.

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-02-06 22:04:45 -08:00
Derek McGowan
2717685dad Refactor sandbox controller interface 
Update the sandbox controller interface to use local types rather than
using the API types.

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-02-06 21:39:30 -08:00
Maksym Pavlenko
1f35b03369 Fix sandbox exit monitor 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-02-02 14:02:52 -08:00
Derek McGowan
ee0e22f01c Merge pull request #8020 from AkihiroSuda/mkdir-etc-cni-0755 
cri: mkdir /etc/cni with 0755, not 0700
 2023-01-30 10:21:30 -08:00
Akihiro Suda
b36b415526 cri: mkdir /etc/cni with 0755, not 0700 
/etc/cni has to be readable for non-root users (0755), because /etc/cni/tuning/allowlist.conf is used for rootless mode too.
This file was introduced in CNI plugins 1.2.0 (containernetworking/plugins PR 693), and its path is hard-coded.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-01-29 07:49:36 +09:00
Maksym Pavlenko
21fe0ceaad Move PLEG events for pause container to podsandbox 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-25 19:28:48 -08:00
Sebastiaan van Stijn
4f39b164f3 pkg/cri: optimize slice initialization 
Some of this code was originally added in b7b1200dd3,
which likely meant to initialize the slice with a length to reduce allocations,
however, instead of initializing with a zero-length and a capacity, it
initialized the slice with a fixed length, which was corrected in commit
0c63c42f81.

This patch initializes the slice with a zero-length and expected capacity.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2023-01-24 20:46:20 +01:00
Maksym Pavlenko
f9f8455332 Backport #7393 to sbserver 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-17 14:36:21 -08:00
Maksym Pavlenko
0cbfb3375f Backport #7661 to sbserver 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-17 14:31:47 -08:00
Maksym Pavlenko
41eabf134a Backport #7685 to sbserver 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-17 14:26:16 -08:00
Maksym Pavlenko
b0d7a96976 Backport unit test from #7882 to sbserver 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-17 14:26:16 -08:00
Maksym Pavlenko
1ade777c24 Add basic spec and mounts for Darwin 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-12 17:00:40 -08:00
Maksym Pavlenko
3c8469a782 Use Platform instead of generated API 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-12 10:30:42 -08:00
Maksym Pavlenko
40be96efa9 Have separate spec builder for each platform 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:12:25 -08:00
Maksym Pavlenko
fdfa3519a3 Remove unused params from platformSpec 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:03:59 -08:00
Maksym Pavlenko
1c1d8fb057 Update OCI spec tests for generic platform 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:03:59 -08:00
Maksym Pavlenko
f43d8924e4 Move most of OCI spec options to common builder 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:03:59 -08:00
Maksym Pavlenko
21338d2777 Add stub to build common OCI spec 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:03:59 -08:00
Maksym Pavlenko
f318e5630b Update sandbox API to return target platform 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:03:59 -08:00
Maksym Pavlenko
dd22a3a806 Move WithMounts to specs 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:03:59 -08:00
Qasim Sarfraz
9c8c4508ec cri: Fix TestUpdateOCILinuxResource for host w/o swap controller 
Tested on Ubuntu 20.04 w/o swap controller:
```
$ stat -fc %T /sys/fs/cgroup/
tmpfs
$ la -la /sys/fs/cgroup/memory/memory.memsw.limit_in_bytes
ls: cannot access '/sys/fs/cgroup/memory/memory.memsw.limit_in_bytes': No such file or directory
$  go test -v ./pkg/cri/sbserver/ -run TestUpdateOCILinuxResource
=== RUN   TestUpdateOCILinuxResource
=== RUN   TestUpdateOCILinuxResource/should_be_able_to_patch_the_unified_map
=== RUN   TestUpdateOCILinuxResource/should_be_able_to_update_each_resource
=== RUN   TestUpdateOCILinuxResource/should_skip_empty_fields
=== RUN   TestUpdateOCILinuxResource/should_be_able_to_fill_empty_fields
--- PASS: TestUpdateOCILinuxResource (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_be_able_to_patch_the_unified_map (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_be_able_to_update_each_resource (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_skip_empty_fields (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_be_able_to_fill_empty_fields (0.00s)
PASS
ok      github.com/containerd/containerd/pkg/cri/sbserver       (cached)
$ go test -v ./pkg/cri/server/ -run TestUpdateOCILinuxResource
=== RUN   TestUpdateOCILinuxResource
=== RUN   TestUpdateOCILinuxResource/should_be_able_to_update_each_resource
=== RUN   TestUpdateOCILinuxResource/should_skip_empty_fields
=== RUN   TestUpdateOCILinuxResource/should_be_able_to_fill_empty_fields
=== RUN   TestUpdateOCILinuxResource/should_be_able_to_patch_the_unified_map
--- PASS: TestUpdateOCILinuxResource (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_be_able_to_update_each_resource (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_skip_empty_fields (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_be_able_to_fill_empty_fields (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_be_able_to_patch_the_unified_map (0.00s)
PASS
ok      github.com/containerd/containerd/pkg/cri/server (cached)
```

Signed-off-by: Qasim Sarfraz <qasimsarfraz@microsoft.com>
 2023-01-10 15:41:04 +01:00
Maksym Pavlenko
06bfcd658c Enable dupword linter 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-03 12:47:16 -08:00
Samuel Karp
b0b28f1d8e Merge pull request #7879 from fuweid/clean-build-tags 2022-12-30 00:22:03 -08:00
Mike Brown
66f186d42d Merge pull request #7679 from kinvolk/rata/userns-stateless-pods 
Add support for user namespaces in stateless pods (KEP-127)
 2022-12-29 14:08:24 -06:00
Wei Fu
6b7e237fc7 chore: use go fix to cleanup old +build buildtag 
Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2022-12-29 14:25:14 +08:00
Derek McGowan
27f43506b4 Merge pull request #7872 from yanggangtony/cri-sbserver 
CRI sbserver: Prevent server reuse after Shutdown
 2022-12-27 15:54:29 -08:00
yanggang
e94d925711 CRI sbserver: Prevent server reuse after Shutdown. 
Signed-off-by: yanggang <gang.yang@daocloud.io>
 2022-12-27 14:16:40 +08:00
Danny Canter
229779a4e5 oci: Add WithDomainname 
A domainname field was recently added to the OCI spec. Prior to this
folks would need to set this with a sysctl, but now runtimes should be
able to setdomainname(2). There's an open change to runc at the moment
to add support for this so I've just left testing as a couple spec
validations in CRI until that's in and usable.

Signed-off-by: Danny Canter <danny@dcantah.dev>
 2022-12-26 04:03:45 -05:00
Antonio Ojea
ba0a7185f0 add network plugin metrics 
Add network plugin metrics.

The metrics are the same that were used in dockershim/kubelet until
it was deprecated in kubernetes 1.23

https://github.com/kubernetes/kubernetes/blob/release-1.23/pkg/kubelet/dockershim/network/metrics/metrics.go

Signed-off-by: Antonio Ojea <aojea@google.com>
 2022-12-23 09:23:56 +00:00
Rodrigo Campos
a7adeb6976 cri: Support pods with user namespaces 
This patch requests the OCI runtime to create a userns when the CRI
message includes such request.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2022-12-21 17:56:56 -03:00
Kazuyoshi Kato
52a7480399 Remove github.com/gogo/protobuf again 
While we need to support CRI v1alpha2, the implementation doesn't have
to be tied to gogo/protobuf.

Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
 2022-12-15 22:54:15 +00:00
Derek McGowan
a4bc380b91 Merge pull request #7814 from dcantah/hostnet-helper 
CRI: Add host networking helper
 2022-12-15 11:21:45 -08:00
Fu Wei
12f30e6524 Merge pull request #7792 from mxpv/sb-shutdown 2022-12-15 13:37:35 +08:00
Maksym Pavlenko
a4d5c3e5cb Support sandboxed shims shutdown 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-12-14 18:22:52 -08:00
Danny Canter
84529072d2 CRI: Add host networking helper 
We do a ton of host networking checks around the CRI plugin, all mainly
doing the same thing of checking the different quirks on various platforms
(for windows are we a HostProcess pod, for linux is namespace mode the
right thing, darwin doesn't have CNI support etc.) which could all be
bundled up into a small helper that can be re-used.

Signed-off-by: Danny Canter <danny@dcantah.dev>
 2022-12-14 01:47:22 -08:00
Maksym Pavlenko
0e33a8fa4f [sb] Fix status 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-12-13 16:35:15 -08:00