github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
11,643 Commits 3 Branches 4 Tags
d0893daf09fa26c844a7ef4f81cea36784d9be21
Commit Graph

97 Commits

Author SHA1 Message Date
Maksym Pavlenko
40be96efa9 Have separate spec builder for each platform 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:12:25 -08:00
Maksym Pavlenko
fdfa3519a3 Remove unused params from platformSpec 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:03:59 -08:00
Maksym Pavlenko
1c1d8fb057 Update OCI spec tests for generic platform 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:03:59 -08:00
Maksym Pavlenko
f43d8924e4 Move most of OCI spec options to common builder 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:03:59 -08:00
Maksym Pavlenko
21338d2777 Add stub to build common OCI spec 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:03:59 -08:00
Maksym Pavlenko
f318e5630b Update sandbox API to return target platform 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:03:59 -08:00
Maksym Pavlenko
dd22a3a806 Move WithMounts to specs 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:03:59 -08:00
Qasim Sarfraz
9c8c4508ec cri: Fix TestUpdateOCILinuxResource for host w/o swap controller 
Tested on Ubuntu 20.04 w/o swap controller:
```
$ stat -fc %T /sys/fs/cgroup/
tmpfs
$ la -la /sys/fs/cgroup/memory/memory.memsw.limit_in_bytes
ls: cannot access '/sys/fs/cgroup/memory/memory.memsw.limit_in_bytes': No such file or directory
$  go test -v ./pkg/cri/sbserver/ -run TestUpdateOCILinuxResource
=== RUN   TestUpdateOCILinuxResource
=== RUN   TestUpdateOCILinuxResource/should_be_able_to_patch_the_unified_map
=== RUN   TestUpdateOCILinuxResource/should_be_able_to_update_each_resource
=== RUN   TestUpdateOCILinuxResource/should_skip_empty_fields
=== RUN   TestUpdateOCILinuxResource/should_be_able_to_fill_empty_fields
--- PASS: TestUpdateOCILinuxResource (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_be_able_to_patch_the_unified_map (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_be_able_to_update_each_resource (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_skip_empty_fields (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_be_able_to_fill_empty_fields (0.00s)
PASS
ok      github.com/containerd/containerd/pkg/cri/sbserver       (cached)
$ go test -v ./pkg/cri/server/ -run TestUpdateOCILinuxResource
=== RUN   TestUpdateOCILinuxResource
=== RUN   TestUpdateOCILinuxResource/should_be_able_to_update_each_resource
=== RUN   TestUpdateOCILinuxResource/should_skip_empty_fields
=== RUN   TestUpdateOCILinuxResource/should_be_able_to_fill_empty_fields
=== RUN   TestUpdateOCILinuxResource/should_be_able_to_patch_the_unified_map
--- PASS: TestUpdateOCILinuxResource (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_be_able_to_update_each_resource (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_skip_empty_fields (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_be_able_to_fill_empty_fields (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_be_able_to_patch_the_unified_map (0.00s)
PASS
ok      github.com/containerd/containerd/pkg/cri/server (cached)
```

Signed-off-by: Qasim Sarfraz <qasimsarfraz@microsoft.com>
 2023-01-10 15:41:04 +01:00
Maksym Pavlenko
06bfcd658c Enable dupword linter 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-03 12:47:16 -08:00
Samuel Karp
b0b28f1d8e Merge pull request #7879 from fuweid/clean-build-tags 2022-12-30 00:22:03 -08:00
Mike Brown
66f186d42d Merge pull request #7679 from kinvolk/rata/userns-stateless-pods 
Add support for user namespaces in stateless pods (KEP-127)
 2022-12-29 14:08:24 -06:00
Wei Fu
6b7e237fc7 chore: use go fix to cleanup old +build buildtag 
Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2022-12-29 14:25:14 +08:00
Derek McGowan
27f43506b4 Merge pull request #7872 from yanggangtony/cri-sbserver 
CRI sbserver: Prevent server reuse after Shutdown
 2022-12-27 15:54:29 -08:00
yanggang
e94d925711 CRI sbserver: Prevent server reuse after Shutdown. 
Signed-off-by: yanggang <gang.yang@daocloud.io>
 2022-12-27 14:16:40 +08:00
Danny Canter
229779a4e5 oci: Add WithDomainname 
A domainname field was recently added to the OCI spec. Prior to this
folks would need to set this with a sysctl, but now runtimes should be
able to setdomainname(2). There's an open change to runc at the moment
to add support for this so I've just left testing as a couple spec
validations in CRI until that's in and usable.

Signed-off-by: Danny Canter <danny@dcantah.dev>
 2022-12-26 04:03:45 -05:00
Antonio Ojea
ba0a7185f0 add network plugin metrics 
Add network plugin metrics.

The metrics are the same that were used in dockershim/kubelet until
it was deprecated in kubernetes 1.23

https://github.com/kubernetes/kubernetes/blob/release-1.23/pkg/kubelet/dockershim/network/metrics/metrics.go

Signed-off-by: Antonio Ojea <aojea@google.com>
 2022-12-23 09:23:56 +00:00
Rodrigo Campos
a7adeb6976 cri: Support pods with user namespaces 
This patch requests the OCI runtime to create a userns when the CRI
message includes such request.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2022-12-21 17:56:56 -03:00
Kazuyoshi Kato
52a7480399 Remove github.com/gogo/protobuf again 
While we need to support CRI v1alpha2, the implementation doesn't have
to be tied to gogo/protobuf.

Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
 2022-12-15 22:54:15 +00:00
Derek McGowan
a4bc380b91 Merge pull request #7814 from dcantah/hostnet-helper 
CRI: Add host networking helper
 2022-12-15 11:21:45 -08:00
Fu Wei
12f30e6524 Merge pull request #7792 from mxpv/sb-shutdown 2022-12-15 13:37:35 +08:00
Maksym Pavlenko
a4d5c3e5cb Support sandboxed shims shutdown 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-12-14 18:22:52 -08:00
Danny Canter
84529072d2 CRI: Add host networking helper 
We do a ton of host networking checks around the CRI plugin, all mainly
doing the same thing of checking the different quirks on various platforms
(for windows are we a HostProcess pod, for linux is namespace mode the
right thing, darwin doesn't have CNI support etc.) which could all be
bundled up into a small helper that can be re-used.

Signed-off-by: Danny Canter <danny@dcantah.dev>
 2022-12-14 01:47:22 -08:00
Maksym Pavlenko
0e33a8fa4f [sb] Fix status 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-12-13 16:35:15 -08:00
Phil Estes
ecf00ffe84 Merge pull request #7783 from inspektor-gadget/qasim/cri-disable-swap 
cri: make swapping disabled with memory limit
 2022-12-13 15:21:51 -05:00
Fu Wei
d2f68bfb36 Merge pull request #7313 from pacoxu/image-pull-metrics 
add metrics for image pulling: error; in progress count; thoughput
 2022-12-13 19:49:22 +08:00
Fu Wei
f2cf411b79 Merge pull request #7073 from ruiwen-zhao/event 
Add container event support to containerd
 2022-12-09 15:24:23 +08:00
Maksym Pavlenko
e1abaeb386 Merge pull request #7764 from mxpv/config 
Pass TOML configuration options for runtimes CRI is not aware of
 2022-12-08 12:59:13 -08:00
ruiwen-zhao
a6929f9f6b Add Evented PLEG support to sandbox server 
Signed-off-by: ruiwen-zhao <ruiwen@google.com>
 2022-12-08 19:31:36 +00:00
Qasim Sarfraz
69975b92bb cri: make swapping disabled with memory limit 
OCI runtime spec defines memory.swap as 'limit of memory+Swap usage'
so setting them to equal should disable the swap. Also, this change
should make containerd behaviour same as other runtimes e.g
'cri-dockerd/dockershim' and won't be impacted when user turn on
'NodeSwap' (https://github.com/kubernetes/enhancements/issues/2400) feature.

Signed-off-by: Qasim Sarfraz <qasimsarfraz@microsoft.com>
 2022-12-08 13:54:55 +01:00
Maksym Pavlenko
f9295aa49f Fix context when waiting sandbox 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-12-07 12:52:04 -08:00
Maksym Pavlenko
8ab1d44967 Pass runtime configuration as TOML blob 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-12-07 10:55:06 -08:00
Paco Xu
c59f1635f0 add metrics for image pulling: success/failure count; in progress count; thoughput 
Signed-off-by: Paco Xu <paco.xu@daocloud.io>
 2022-12-07 15:11:00 +08:00
Maksym Pavlenko
a113737ccf sbserver bug fixing 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-12-06 15:32:42 -08:00
Derek McGowan
51195ad099 Merge pull request #7731 from mxpv/cri 
[Sandbox API] CRI status cleanup
 2022-12-01 13:43:13 -08:00
Kirtana Ashok
08d5879f32 Added nullptr checks to pkg/cri/server and sbserver 
Signed-off-by: Kirtana Ashok <Kirtana.Ashok@microsoft.com>
 2022-11-29 13:25:49 -08:00
Maksym Pavlenko
9f4ba48839 [sandbox] Fix panic when waiting for sandbox controller 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-11-28 13:29:21 -08:00
Maksym Pavlenko
dbc6d33ac5 [sandbox] Specify sandbox ID when using sandboxed shims 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-11-28 13:27:54 -08:00
Maksym Pavlenko
9a53a6c34a [sandbox] Don't access pause container when creating pod container 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-11-28 12:48:57 -08:00
Maksym Pavlenko
cc111eef61 [sandbox] Move sandbox info to podsandbox controller 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-11-28 12:06:41 -08:00
Maksym Pavlenko
a6d1d53cc2 [sandbox] Update Controller.Status protos 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-11-28 10:13:37 -08:00
Fu Wei
6bfe6e38b2 Merge pull request #7684 from mxpv/sb-runtime-fix 
Fix sandbox API when calling sandboxed shims
 2022-11-28 22:32:08 +08:00
Maksym Pavlenko
6d830d30ad Merge pull request #7470 from lengrongfu/feat/sandbox_api_status 
Sandbox API: implement Controller.Status for SandboxAPI
 2022-11-22 18:11:57 -08:00
Maksym Pavlenko
ae0da7dc58 Use sandbox store to retrieve runtime info for sandboxed containers 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-11-22 17:43:40 -08:00
Maksym Pavlenko
3ddaa34445 Retrieve sandbox creation time from store. 
All pause container object references must be removed
from sbserver. This is an implementation detail of
podsandbox package.

Added TODOs for remaining work.

Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-11-22 17:43:36 -08:00
Maksym Pavlenko
4b32819823 Remove duplicated helpers 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-11-22 17:40:36 -08:00
Maksym Pavlenko
3f331e7d13 Specify runtime configuration for sandbox shims 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-11-22 17:39:27 -08:00
Samuel Karp
a74f7e902b sbserver: save netns in sandbox metadata on create 
Port of b41d6f40bb to sbserver

Signed-off-by: Samuel Karp <samuelkarp@google.com>
 2022-11-21 16:45:37 -08:00
Samuel Karp
1deaedd38a sbserver: persist sandbox during partial teardown 
Port of 4f4aad057d to sbserver

Signed-off-by: Samuel Karp <samuelkarp@google.com>
 2022-11-21 16:45:36 -08:00
Phil Estes
99acefaad9 Merge pull request #7697 from inspektor-gadget/qasim/add-sandbox-uid-annotation 
cri: add pod uid annotation
 2022-11-21 10:54:20 -05:00
yanggang
579c7f43de Change fsnotify event status condition. 
Signed-off-by: yanggang <gang.yang@daocloud.io>
 2022-11-20 09:43:54 +08:00