Signed-off-by: Swagat Bora <sbora@amazon.com>
Add spans around image unpack operations
Use image.ref to denote image name and image.id for the image config digest
Add top-level spand and record errors in the CRI instrumentation service
This PR updates the url for the kata containers reference about
how to use kata containers and containerd for untrusted workloads.
Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
Referencing the raw link to the containerd.service may enhance the developer experience by enabling those following the docs to use the raw link directly to `wget` or `curl` the file without additional navigation.
Signed-off-by: Kyle L Frisbie <KyleFrisbie@users.noreply.github.com>
Updated some documentation for devmapper snapshotter plugin.
Made consistent use of "thin-pool", "Device Mapper" when referring to
the volume management framework, and "devmapper" when referring to the
snapshotter plugin itself.
Also added some additional resources / reorg.
Signed-off-by: Gavin Inglis <giinglis@amazon.com>
since containerd doesn't have GenerateSpec method any longer, spec has to be generated with WithNewSpec.
Signed-off-by: Yakul Garg <2000yeshu@gmail.com>
This patch adds support for a container annotation and two separate
pod annotations for controlling the blockio class of containers.
The container annotation can be used by a CRI client:
"io.kubernetes.cri.blockio-class"
Pod annotations specify the blockio class in the K8s pod spec level:
"blockio.resources.beta.kubernetes.io/pod"
(pod-wide default for all containers within)
"blockio.resources.beta.kubernetes.io/container.<container_name>"
(container-specific overrides)
Correspondingly, this patch adds support for --blockio-class and
--blockio-config-file to ctr, too.
This implementation follows the resource class annotation pattern
introduced in RDT and merged in commit 893701220.
Signed-off-by: Antti Kervinen <antti.kervinen@intel.com>
To clarify that end users do not need to read these docs, and that these
docs do not need to be updated
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
The previous documentation was too much forcusing on the Go API and not useful
for users who are not interested in implementing their own containerd client.
It was also recommending the deprecated way (cri-containerd-*.tar.gz) to install
containerd and its dependencies.
The new documentation recommends the current official way to install containerd,
and provides several links for end users.
This will replace the content of https://containerd.io/docs/getting-started/
after merging the containerd/containerd.io PR 120.
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Enabling this option effectively causes RDT class of a container to be a
soft requirement. If RDT support has not been enabled the RDT class
setting will not have any effect.
Signed-off-by: Markus Lehtonen <markus.lehtonen@intel.com>
Add support for configuring the Linux resctrl pseudo-filesystem with
goresctrl library. The functionality is integrated in the
"io.containerd.service.v1.tasks-service" plugin.
Signed-off-by: Markus Lehtonen <markus.lehtonen@intel.com>
This commit adds a flag that enable all devices whitelisting when
privileged_without_host_devices is already enabled.
Fixes#5679
Signed-off-by: Dat Nguyen <dnguyen7@atlassian.com>
This fixes the TODO of this function and also expands on how the primary pod ip
is selected. This change allows the operator to prefer ipv4, ipv6, or retain the
ordering provided by the return results of the CNI plugins.
This makes it much more flexible for ops to configure containerd and how IPs are
set on the pod.
Signed-off-by: Michael Crosby <michael@thepasture.io>
With the introduction of Windows Server 2022, some images have been updated
to support WS2022 in their manifest list. This commit updates the test images
accordingly.
Signed-off-by: Adelina Tuvenie <atuvenie@cloudbasesolutions.com>
Adds shared content labels to namespaces allowing content to be shared
between namespaces if that namespace is specifically tagged as being
sharable by adding the `containerd.io/namespace/sharable` label to the
namespace.
Signed-off-by: Cody Roseborough <cdr@amazon.com>
Adds support for mirrors which are non-compliant with the
OCI distribution specification but have previously mirrored
content with a namespace prefix after the API root `/v2`.
Signed-off-by: Derek McGowan <derek@mcg.dev>
This will be used instead of the cri registry config in the main config
toml.
---
Also pulls in changes from containerd/cri@d0b4eecbb3
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This moves the runc version to build to scripts/setup/runc-version,
which makes it easier for packagers to find the default version
to use.
The RUNC_VERSION environment variable can still be used to override
the version, which can be used (e.g.) to test against different versions
in our CI.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Now that the dependency on runc (libcontaienr) code has been reduced
considerably, it is probbaly ok to cut the version dependency between
libcontainer and the runc binary that is supported.
This patch separates the runc binary version from the version of
libcontainer that is defined in go.mod, and updates the documentation
accordingly.
The RUNC_COMMIT variable in the install-runc script is renamed to
RUNC_VERSION to encourage using tagged versions, and the Dockerfile
in contrib is updated to allow building with a custom version.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
