github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
12,203 Commits 3 Branches 4 Tags
dc60137467bb459114ced85bea153a434805518e
Commit Graph

179 Commits

Author SHA1 Message Date
Fu Wei
dc60137467 Merge pull request #8252 from bart0sh/PR008-CDI-use-CRI-field 
CDI: Use CRI Config.CDIDevices field for CDI injection
 2023-05-10 21:16:49 +08:00
Kohei Tokunaga
6e2c915a44 Bump up golangci-lint to v1.52.2 
Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
 2023-05-09 15:07:55 +09:00
Maksym Pavlenko
6f34da5f80 Cleanup logrus imports 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-05-05 11:54:14 -07:00
Brad Davidson
27f56e607f Fix umarshal metrics for CRI server 
Signed-off-by: Brad Davidson <brad.davidson@rancher.com>
 2023-05-03 20:50:04 +00:00
Derek McGowan
a7ceac8b63 Merge pull request #8337 from keloyang/imagePullThroughput 
Register imagePullThroughput and count with MiB
 2023-05-02 10:30:19 -07:00
Fu Wei
b27301cd08 Merge pull request #8414 from kiashok/deleteCtrFromCtrStore 
Remove entry for container from container store on error
 2023-04-26 18:24:27 +08:00
Kirtana Ashok
d9f3e387c6 Remove entry for container from container store on error 
If containerd does not see a container but criservice's
container store does, then we should try to recover from
this error state by removing the container from criservice's
container store as well.

Signed-off-by: Kirtana Ashok <Kirtana.Ashok@microsoft.com>
 2023-04-25 16:32:22 -07:00
Mike Brown
159d3055a5 Merge pull request #8367 from dcantah/sbserver-podsbstatus-enhance 
CRI Sbserver: Make PodSandboxStatus friendlier to shim crashes
 2023-04-21 17:49:29 -05:00
Wei Fu
8bcfdda39b pkg/cri/sbserver: sub-test uses array and capture range var 
Using array to build sub-tests is to avoid random pick. The shuffle
thing should be handled by go-test framework. And we should capture
range var before runing sub-test.

Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-04-16 15:22:13 +08:00
Ed Bartosh
cd16b31cd2 Get CDI devices from CRI Config.CDIDevices field 
Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
 2023-04-14 13:41:08 +03:00
Derek McGowan
c5a43b0007 Merge pull request #8366 from mxpv/stats 
[sbserver] Backport CRI stats patches to sandboxed CRI
 2023-04-10 13:38:30 -07:00
Shingo Omura
dc2fc987ca capture desc variable in range variable just in case that it run in parallel mode 
Signed-off-by: Shingo Omura <everpeace@gmail.com>
 2023-04-10 20:59:11 +09:00
Shingo Omura
05bb52b273 Use t.TempDir instead of os.MkdirTemp 
Signed-off-by: Shingo Omura <everpeace@gmail.com>
 2023-04-10 20:58:36 +09:00
Danny Canter
7a7519a780 CRI Sbserver: Make PodSandboxStatus friendlier to shim crashes 
Currently if you're using the shim-mode sandbox server support, if your
shim that's hosting the Sandbox API dies for any reason that wasn't
intentional (segfault, oom etc.) PodSandboxStatus is kind of wedged.
We can use the fact that if we didn't go through the usual k8s flow
of Stop->Remove and we still have an entry in our sandbox store,
us not having a shim mapping anymore means this was likely unintentional.

Signed-off-by: Danny Canter <danny@dcantah.dev>
 2023-04-10 04:39:50 -07:00
Fu Wei
5885db62c8 Merge pull request #8136 from everpeace/fix-additiona-gids-to-read-image-user 
[CRI] fix additionalGids: it should fallback to imageConfig.User when securityContext.RunAsUser,RunAsUsername are empty
 2023-04-09 14:59:07 +08:00
Maksym Pavlenko
79cb4b0000 [sbserver] handle missing cpu stats 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-04-07 15:59:40 -07:00
Maksym Pavlenko
464a4977a6 [sbserver] Refactor usageNanoCores be to used for all OSes 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-04-07 15:56:23 -07:00
Shukui Yang
db223271e3 Register imagePullThroughput and count with MiB 
Signed-off-by: Shukui Yang <yangshukui@bytedance.com>
 2023-04-07 10:12:41 +08:00
Samuel Karp
8f756bc8c2 Merge pull request #8309 from vinayakankugoyal/fixresolv 
Add noexec nodev and nosuid to sandbox /etc/resolv.conf mount bind.
 2023-03-30 17:34:08 -07:00
Vinayak Goyal
ac84bf7c89 Update sbserver to add noexec nodev and nosuid to /etc/resolv.conf mount bind. 
Signed-off-by: Vinayak Goyal <vinaygo@google.com>
 2023-03-30 21:54:21 +00:00
Maksym Pavlenko
126ab72fea Keep linux mounts for linux sandboxes on Windows/Darwin 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-03-29 19:00:06 -07:00
Maksym Pavlenko
3557ac884b Extract image service from CRI 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-03-28 20:37:26 -07:00
Maksym Pavlenko
a11e47b48c Use built in atomic.Bool 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-03-27 12:08:06 -07:00
Fu Wei
584d13d5cb Merge pull request #8276 from Iceber/remove_cri_v1alpha2 
Remove CRI v1alpha2 [deprecated since v1.7]
 2023-03-22 13:25:07 +08:00
Iceber Gu
c011502bd1 Remove cri v1alpha1 services 
Signed-off-by: Iceber Gu <wei.cai-nat@daocloud.io>
 2023-03-16 17:48:49 +08:00
Danny Canter
62f98a1c11 CRI: Don't always close netConfMonitor channel 
In the CRI server initialization a syncgroup is setup that adds to the
counter for every cni config found/registered. This functions on platforms
where CNI is supported/theres an assumption that there will always be
the loopback config. However, on platforms like Darwin where there's generally
nothing registered the Wait() on the syncgroup returns immediately and the
channel used to return any Network config sync errors is closed. This channel
is one of three that's used to monitor if we should Close the CRI service in
containerd, so it's not great if this happens.

Signed-off-by: Danny Canter <danny@dcantah.dev>
 2023-03-15 20:01:17 -07:00
Maksym Pavlenko
8bd82e355a Remove no_pivot when creating container from CRI 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-03-15 09:18:16 -07:00
Maksym Pavlenko
07c2ae12e1 Remove v1 runctypes 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-03-15 09:18:16 -07:00
Shingo Omura
50740a1a0c use strings.Cut instead of strings.Split for parsing imageConfig.User 
Signed-off-by: Shingo Omura <everpeace@gmail.com>
 2023-03-14 13:52:03 +09:00
Maksym Pavlenko
48a1350658 Merge pull request #8149 from Burning1020/sb-netns 
sandbox: create sandbox with network namespace path
 2023-03-08 14:22:00 -08:00
Zhang Tianyang
5144ba9c49 sandbox: create sandbox with network namespace path 
Signed-off-by: Zhang Tianyang <burning9699@gmail.com>
 2023-03-08 18:54:14 +08:00
Fu Wei
5ae3a7f417 Merge pull request #8198 from kiashok/argsEscapedSupportInCri 
Add ArgsEscaped support for CRI
 2023-03-07 16:12:24 +08:00
Kevin Parsons
31c9a66385 Merge pull request #7099 from jsturtevant/cri-only-stats-windows 
[cri] Implement CRI Pod and Container stats for Windows
 2023-03-06 09:31:41 -08:00
James Sturtevant
32ed559c86 Add Windows Sandbox Stats (sbserver) 
Signed-off-by: James Sturtevant <jstur@microsoft.com>
 2023-03-03 14:37:39 -08:00
Kirtana Ashok
8137e41c48 Add ArgsEscaped support for CRI 
This commit adds supports for the ArgsEscaped
value for the image got from the dockerfile.
It is used to evaluate and process the image
entrypoint/cmd and container entrypoint/cmd
options got from the podspec.

Signed-off-by: Kirtana Ashok <Kirtana.Ashok@microsoft.com>
 2023-03-03 13:38:06 -08:00
Wei Fu
5946c1051e *: fix code style issue 
1. it's easy to check wrong input if using drain_exec_sync_io_timeout in error
2. avoid to use full error message, as part of error generated by go
   stdlib would be changed in the future
3. delete the extra empty line

Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-03-03 17:51:03 +08:00
Wei Fu
98cb6d7eb8 cri/sbserver: ignore the NOT_FOUND error in exec cleanup 
Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-03-03 12:20:09 +08:00
Wei Fu
ffebcb1223 cri: disable drain-exec-IO if it is empty timeout 
Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-03-03 11:59:07 +08:00
Wei Fu
3c18decea7 *: add DrainExecSyncIOTimeout config and disable as by default 
Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-03-03 00:21:55 +08:00
Wei Fu
a9cbddd65d *: fix typo and skip exec-io-drain-testcase in win 
Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-03-02 21:57:43 +08:00
Wei Fu
04dfd6275e pkg/cri/sbserver: add timeout to drain exec io 
Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-03-02 13:06:45 +08:00
Akihiro Suda
e0a05b56e5 Merge pull request #8152 from bart0sh/PR007-upgrade-CDI-to-0.5.4 
update CDI version to v0.5.4
 2023-02-28 09:22:30 +09:00
Changwei Ge
bd0a2a9273 CRI: remove duplicated snapshotters code 
The snapshotter annotation definitions and related functions have been
public in the new packge snapshotter

Also remove a test for container image layer's annotation.

Signed-off-by: Changwei Ge <gechangwei@bytedance.com>
 2023-02-23 11:46:14 +08:00
Ed Bartosh
49abbe4f2b fix failing TestCDIInjections 
Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
 2023-02-22 20:07:34 +02:00
Shingo Omura
727b254039 fix userstr for dditionalGids on Linux 
It should fallback to imageConfig.User when no securityContext.RunAsUser/RunAsUsername

Signed-off-by: Shingo Omura <everpeace@gmail.com>
 2023-02-19 22:09:00 +09:00
Derek McGowan
179f00c883 Merge pull request #8051 from yulng/goroutine 
fix: 'go routine' should be 'goroutine'
 2023-02-15 15:20:47 -08:00
Derek McGowan
aa6418fadd Merge pull request from GHSA-hmfx-3pcx-653p 
oci: fix additional GIDs
 2023-02-15 13:45:14 -08:00
Kazuyoshi Kato
fe5d1d3e7c Merge pull request #7954 from klihub/devel/sbserver-nri-integration 
pkg/cri/sbserver: experimental NRI integration for CRI.
 2023-02-15 10:42:25 -08:00
Maksym Pavlenko
3548f59fd8 Merge pull request #8060 from dcantah/cri-annots-other 
CRI: Pass sandbox annotations to _other platforms
 2023-02-14 18:34:46 -08:00
Casey Callendrello
0166783c79 cni: pass in the cgroupPath capability argument 
There is a new CNI capability argument, cgroupPath, where runtimes can
pass cgroup paths to CNI plugins.

Implement that.

Signed-off-by: Casey Callendrello <cdc@isovalent.com>
 2023-02-14 16:49:29 +01:00