github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
13,124 Commits 3 Branches 2 Tags 112 MiB
db43e3d1f7
Commit Graph

13124 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alex Rodriguez
124d3a20a6
Sync ops.md, update CLI --help output to be consistent in descriptions 
Signed-off-by: Alex Rodriguez <alexrodriguez@ibm.com>
 2023-10-30 08:54:29 -07:00
Derek McGowan
6021103e1f
Merge pull request #9274 from yyb196/fix-invalid-token 
fix bug that using invalid token to retry fetching layer
 2023-10-30 13:53:22 +00:00
Derek McGowan
5fdf55e493
Update go module to github.com/containerd/containerd/v2 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-10-29 20:52:21 -07:00
Derek McGowan
abfc8be530
Fix lint in integration/client 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-10-27 22:32:44 -07:00
Derek McGowan
ddd73ad300
Move protofiles generated into v2 directory 
Protobuf will automatically put the files generated for a v2 module into
a v2 directory. Move them to their correct location after running the
protobuild.

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-10-27 15:44:23 -07:00
Derek McGowan
638b474c81
Temporarily remove imgcrypt in CRI to fix circular dependency 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-10-27 15:36:47 -07:00
Derek McGowan
192168038e
Temporarily remove integration/client submodule 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-10-27 11:11:20 -07:00
Samuel Karp
332fbd907e
Merge pull request #9258 from samuelkarp/introspection-deprecation-warning 
Expose usage of deprecated features
 2023-10-26 22:49:37 +00:00
Akihiro Suda
82d7a69605
Merge pull request #9286 from thaJeztah/bump_copress 
vendor: github.com/klauspost/compress v1.17.2
 2023-10-26 03:26:44 +00:00
Akihiro Suda
c5bd5cbeda
Merge pull request #9297 from milas/grpc-1.58.3-main 
vendor: google.golang.org/grpc v1.58.3
 2023-10-25 23:35:19 +00:00
Samuel Karp
90f1638e72
Merge pull request #9294 from dmcgowan/push-match-request-scheme 
Check scheme and host of request on push redirect
 2023-10-25 22:13:48 +00:00
Sebastiaan van Stijn
4e3fbd36e7
vendor: github.com/klauspost/compress v1.17.2 
fixes data corruption with zstd output in "best"

full diff: https://github.com/klauspost/compress/compare/v1.17.1...v1.17.2

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2023-10-25 23:55:07 +02:00
Mike Brown
43d3cb9eb7
Merge pull request #9283 from dmcgowan/tls-default-behavior 
Avoid TLS fallback when protocol is not ambiguous
 2023-10-25 21:09:37 +00:00
Milas Bowman
856d1053f4 vendor: google.golang.org/grpc v1.58.3 
Upgrade google.golang.org/grpc to v1.58.3 in preparation for
upgrading OTel, which has a dependency on the latest version.

See also: containerd/containerd#9281.

Signed-off-by: Milas Bowman <milas.bowman@docker.com>
 2023-10-25 16:47:11 -04:00
Samuel Karp
8b153152af
Merge pull request #9289 from dmcgowan/fuzz-daemon-cleanup 
fuzz: update go fuzz to directly instantiate server
 2023-10-25 17:54:44 +00:00
Derek McGowan
466ee870d5
Check scheme and host of request on push redirect 
When the HTTP fallback is used, the scheme changes from HTTPS to HTTP
which can cause a mismatch on redirect, causing the authorizer to get
stripped out. Since the redirect host must match the redirect host in
this case, credentials are only sent to the same origin host that
returned the redirect.

This fixes an issue for a push getting a 401 unauthorized on the PUT
request even though credentials are available.

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-10-25 08:47:22 -07:00
Samuel Karp
3fff8b4f62
ctr: new deprecations command 
Signed-off-by: Samuel Karp <samuelkarp@google.com>
 2023-10-24 22:38:33 -07:00
Samuel Karp
079383dbec
dynamic: record deprecation for dynamic plugins 
Signed-off-by: Samuel Karp <samuelkarp@google.com>
 2023-10-24 22:38:32 -07:00
Samuel Karp
260e71abc4
server: add ability to record config deprecations 
Signed-off-by: Samuel Karp <samuelkarp@google.com>
 2023-10-24 22:38:32 -07:00
Samuel Karp
bc861b66f9
pull: record deprecation warning for schema 1 
Signed-off-by: Samuel Karp <samuelkarp@google.com>
 2023-10-24 22:38:32 -07:00
Samuel Karp
9aab446733
introspection: add support for deprecations 
Deprecation warnings are retrieved from the warning service and
returned via the Server RPC.

Signed-off-by: Samuel Karp <samuelkarp@google.com>
 2023-10-24 22:38:31 -07:00
Samuel Karp
57c897f10d
api/introspection: deprecation warnings in server 
The Server rpc in introspection service is extended to expose
deprecation warnings based on observed feature use in containerd.

Signed-off-by: Samuel Karp <samuelkarp@google.com>
 2023-10-24 22:38:31 -07:00
Samuel Karp
240733ce2f
warning: new service for deprecations 
Signed-off-by: Samuel Karp <samuelkarp@google.com>
 2023-10-24 22:38:31 -07:00
Samuel Karp
aff5b809c5
deprecation: new package for deprecations 
This package enumerates the known deprecations in the current version of
containerd.  New deprecations should be added here, and old ones
removed.

Signed-off-by: Samuel Karp <samuelkarp@google.com>
 2023-10-24 22:38:30 -07:00
Derek McGowan
f74ca32b89
Merge pull request #9290 from ktock/golangci-lint-1.55.0 
ci: bump up golangci-lint to v1.55.0
 2023-10-25 04:38:31 +00:00
Derek McGowan
d48ceb6065
Avoid TLS fallback when protocol is not ambiguous 
The TLS fallback should only be used when the protocol is ambiguous due
to provided TLS configurations and defaulting to http. Do not add TLS
configurations when defaulting to http. When the port is 80 or will be
defaulted to 80, there is no protocol ambiguity and TLS fallback should
not be used.

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-10-24 20:27:19 -07:00
Derek McGowan
ed759bae32
Update go fuzz to directly instantiate server 
Avoid importing the cmd libraries and create the server instance
directly from the server library.

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-10-24 20:20:41 -07:00
沈陵
09e40511af fix bug that using invalid token to retry fetching layer 
Signed-off-by: frankyang <yyb196@gmail.com>
 2023-10-25 10:30:24 +08:00
Phil Estes
fa4ae46b15
Merge pull request #9295 from dmcgowan/disable-windows-2019 
Disable windows-2019 integration test temporarily
 2023-10-25 01:41:31 +00:00
Derek McGowan
2fea521d0c
Disable windows-2019 integration test temporarily 
Disable windows-2019 integration tests until mingw issue is fixed

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-10-24 15:50:08 -07:00
Kohei Tokunaga
9fc407d8cf
ci: bump up golangci-lint to v1.55.0 
Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
 2023-10-24 10:34:02 +09:00
Derek McGowan
18c9e7ec4c
Merge pull request #9270 from fuweid/fix-sb-issues 
pkg/cri: should ignore no sandbox bucket
 2023-10-21 21:44:16 +00:00
Derek McGowan
788f7f248a
Merge pull request #9218 from fuweid/followup-idmapped 
idmapped: use pidfd to avoid pid reuse issue
 2023-10-20 17:34:02 +00:00
Derek McGowan
e973109c2d
Merge pull request #9233 from mxpv/tasks 
Switch runc shim to task service v3 and fix restore
 2023-10-20 17:26:31 +00:00
Derek McGowan
e3c3478cb6
Merge pull request #9279 from abel-von/remove-validate-mode 
sandbox: remove ValidateMode as it is not used
 2023-10-20 06:13:16 -07:00
Abel Feng
8b4f9656d2 sandbox: remove ValidateMode as it is not used 
Signed-off-by: Abel Feng <fshb1988@gmail.com>
 2023-10-20 16:02:13 +08:00
Wei Fu
337cc21719 pkg/cri: should ignore no sandbox bucket 
The sandbox might be recovered from v1.x release. It doesn't have
metadata bucket. We should ignore the not-found error.

How to reproduce the issue:

```bash
➜  containerd git:(main) sudo ctr version
Client:
  Version:  1.6.22
  Revision: 8165feabfdfe38c65b599c4993d227328c231fca
  Go version: go1.19.11

Server:
  Version:  1.6.22
  Revision: 8165feabfdfe38c65b599c4993d227328c231fca
  UUID: be4216aa-8a2e-4305-9186-efeacd2d9a17

➜  containerd git:(main) cat /tmp/pod.json
{
    "metadata": {
        "name": "nginx-sandbox",
        "namespace": "default",
        "attempt": 1,
        "uid": "hdishd83djaidwnduwk28bcsb"
    },
    "log_directory": "/tmp",
    "linux": {
    }
}

➜  containerd git:(main) sudo crictl runp /tmp/pod.json
616ea1cc657c57e80abf74e707a8177878ac2ec1ab7c346b4adb7bc0fadf986e
➜  containerd git:(main) sudo crictl pods
POD ID              CREATED             STATE               NAME                NAMESPACE           ATTEMPT             RUNTIME
616ea1cc657c5       9 seconds ago       Ready               nginx-sandbox       default             1                   (default)

➜  containerd git:(main) make BUILDTAGS=no_btrfs
➜  containerd git:(main) sudo PREFIX=/usr make install
+ install bin/ctr bin/containerd bin/containerd-stress bin/containerd-shim-runc-v2

➜  containerd git:(main) sudo systemctl restart containerd
➜  containerd git:(main) sudo ctr version
Client:
  Version:  v1.7.0-943-g980767551
  Revision: 9807675518
  Go version: go1.20.10

Server:
  Version:  v1.7.0-943-g980767551
  Revision: 9807675518
  UUID: be4216aa-8a2e-4305-9186-efeacd2d9a17

➜  containerd git:(main) sudo crictl stopp  616ea1cc657c5
Stopped sandbox 616ea1cc657c5

➜  containerd git:(main) sudo crictl rmp 616ea1cc657c5
E1019 14:03:37.885162 2052643 remote_runtime.go:295] "RemovePodSandbox from runtime service failed" err="rpc error: code = Unknown desc = failed to remove sandbox metadata from store: failed to delete sandbox \"616ea1cc657c57e80abf74e707a8177878ac2ec1ab7c346b4adb7bc0fadf986e\": bucket not found" podSandboxID="616ea1cc657c5"
removing the pod sandbox "616ea1cc657c5": rpc error: code = Unknown desc = failed to remove sandbox metadata from store: failed to delete sandbox "616ea1cc657c57e80abf74e707a8177878ac2ec1ab7c346b4adb7bc0fadf986e": bucket not found
```

Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-10-20 15:20:18 +08:00
Maksym Pavlenko
f90f80d9b3
Merge pull request #9254 from adisky/cri-streaming-from-k8s 
Use staging k8s.io/kubelet/cri/streaming package
 2023-10-19 12:32:12 -07:00
Maksym Pavlenko
f515cd5c55
Reorder fields when writing bootstrap params 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-10-19 12:29:06 -07:00
Maksym Pavlenko
3d53fbe858
Fix CRI integration tests 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-10-19 12:29:05 -07:00
Maksym Pavlenko
f76eaf5a6b
Fix 'not a directory' error when restoring bootstrap.json 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-10-19 12:29:05 -07:00
Maksym Pavlenko
cf75cfa32c
Add more logs around shim restore 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-10-19 12:29:04 -07:00
Maksym Pavlenko
8061cb0237
Save bootstrap.json instead of address file 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-10-19 12:29:03 -07:00
Maksym Pavlenko
e03bf32b86
Switch runc to v3 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-10-19 12:29:03 -07:00
Maksym Pavlenko
7a2d801d62
Expose shim instance version 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-10-19 12:29:02 -07:00
Maksym Pavlenko
f66c46806a
Bridge task service v2 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-10-19 12:29:01 -07:00
Maksym Pavlenko
daaf67662f
Switch runc shim to task v3 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-10-19 12:28:59 -07:00
Maksym Pavlenko
f7af7fce8a
Merge pull request #9268 from dmcgowan/cri-sandbox-controller-initialization 
Initialize sandbox controller list on CRI server creation
 2023-10-19 10:38:18 -07:00
Derek McGowan
bb64e6a8ef
Initialize sandbox controller list on CRI server creation 
Avoid calling out to the client to get a sandbox controller and instead
setup the list of controllers on initialization. This fixes a test
failure which does not set the client.

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-10-18 15:25:25 -07:00
Derek McGowan
9807675518
Merge pull request #8268 from abel-von/sandbox-plugin 
Sandbox: make sandbox controller plugin
 2023-10-18 10:16:10 -07:00