github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
1,804 Commits 3 Branches 2 Tags 112 MiB
e093a0ee08
Commit Graph

703 Commits

Author SHA1 Message Date
Sebastiaan van Stijn
e093a0ee08
Use local "ensureRemoveAll" instead of docker/pkg/system 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-03-12 20:21:14 +01:00
Akihiro Suda
fa72e2f693 cgroup2: do not unshare cgroup namespace for privileged 
Conforms to the latest KEP:
0e409b4749/keps/sig-node/20191118-cgroups-v2.md (cgroup-namespace)

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-03-09 01:49:04 +09:00
Brandon Lum
8d5a8355d0 Updated docs and code for default nil behavior 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2020-02-27 23:42:03 +00:00
Brandon Lum
ffcef9dc32 Addressed nits 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2020-02-24 20:45:57 +00:00
Brandon Lum
8df431fc31 Defer multitenant key model to image auth discussion 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2020-02-24 20:45:57 +00:00
Brandon Lum
c43a7588f6 Refactor encrypted opts and added unit test 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2020-02-24 20:45:57 +00:00
Brandon Lum
f0579c7b4d Implmented node key model for image encryption 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2020-02-24 20:45:57 +00:00
Mike Brown
f4b3cdb892
Merge pull request #1399 from mikebrow/pause-image-update 
move to v3.2 for the pause image
 2020-02-20 10:45:16 -06:00
Mike Brown
c9ed98462d move to v3.2 for the pause image 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2020-02-14 12:55:52 -06:00
Mike Brown
cf0e0a1e2c
Merge pull request #1332 from bg-chun/update_cri_for_hugepages 
update cri-plugin to parse hugepages limit
 2020-02-12 10:05:01 -06:00
Byonggon Chun
c02c24847f update cri-plugin to parse hugepages limit from CRI message 
Signed-off-by: Byonggon Chun <bg.chun@samsung.com>
 2020-02-06 15:28:24 +09:00
Justin Terry (VM)
a8cc66b37a Fix store error serialization to gRPC status codes 
The pkg/store errors are duplicated errors of NotFound and AlreadyExist from
containerd's errdefs package and thus do not properly serialize when running
errdefs.ToGRPC on them. CRI runs this function on every return from a CRI
method so the conversion fails if there is a cache miss from the store caches
for containers or sandboxes. This change verifies that the errors are properly
converted to their gRPC values.

Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
 2020-02-05 18:32:45 -08:00
Akihiro Suda
2d28b60046 vendor kubernetes 1.17.1 
Corresponds to https://github.com/kubernetes/kubernetes/blob/v1.17.1/go.mod

note: `k8snet.ChooseBindAddress()` was renamed to `k8snet.ResolveBindAddress()` in afa0b808f8

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-01-22 02:06:50 +09:00
Akihiro Suda
5e5960f2bc
Merge pull request #1376 from Zyqsempai/add-cgroups-v2-metrics 
Cgroupv2: Added CPU, Memory metrics
 2020-01-21 23:21:09 +09:00
Boris Popovschi
6b8846cdf8 vendor updated + added cgroupv2 metrics 
Signed-off-by: Boris Popovschi <zyqsempai@mail.ru>
 2020-01-17 11:55:06 +02:00
Akihiro Suda
71740399e0 cgroup2: unshare cgroup namespace for containers 
In cgroup v1 container implementations, cgroupns is not used by default because
it was not available in the kernel until kernel 4.6 (May 2016), and the default
behavior will not change on cgroup v1 environments, because changing the
default will break compatibility and surprise users.

For cgroup v2, implementations are going to unshare cgroupns by default
so as to hide /sys/fs/cgroup from containers.

* Discussion: https://github.com/containers/libpod/issues/4363
* Podman PR (merged): https://github.com/containers/libpod/pull/4374
* Moby PR: https://github.com/moby/moby/pull/40174

This PR enables cgroupns for containers, but pod sandboxes are untouched
because probably there is no need to do.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-01-09 14:58:30 +09:00
Akihiro Suda
aaddaa2732 bump up the default runtime to "io.containerd.runc.v2" 
The former default runtime "io.containerd.runc.v1" won't support new features
like support for cgroup v2: containerd/containerd#3726

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2019-12-16 11:53:58 +09:00
Lantao Liu
0c2d3b718d Fix privileged devices. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-12-09 17:43:06 -08:00
Lantao Liu
78708b20c7
Merge pull request #1351 from Random-Liu/better-unknown-state-handling 
Better handle unknown state.
 2019-12-09 10:34:57 -08:00
Lantao Liu
facbaa0e79 Better handle unknown state. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-12-06 10:56:27 -08:00
bpopovschi
5d7bd738e4 Use containerD WithHostDevices 
Signed-off-by: bpopovschi <zyqsempai@mail.ru>
 2019-12-04 11:34:46 +02:00
Lantao Liu
444f02a89e
Merge pull request #1344 from darfux/add-resolvconf-to-sandbox-container 
Provide resolvConf to sandbox container's mounts
 2019-12-01 21:25:19 -08:00
Li Yuxuan
dbc1fb37d0 Provide resolvConf to sandbox container's mounts 
As https://github.com/kata-containers/runtime/issues/1603 discussed,
kata relies on such mount spec to setup resolv.conf for pod VM properly.

Signed-off-by: Li Yuxuan <liyuxuan04@baidu.com>
 2019-11-28 12:05:05 +08:00
Lantao Liu
ab6701bd11 Add insecure_skip_verify option. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-11-26 13:25:52 -08:00
Lantao Liu
5c2f33bd0d Cleanup path for windows mount 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-11-15 18:52:11 +00:00
Erik Wilson
7cc3938717 Set default scheme in registryEndpoints for host 
Signed-off-by: Erik Wilson <Erik.E.Wilson@gmail.com>
 2019-10-31 10:30:17 -07:00
Lantao Liu
65b9c31805 Use http for localhost, 127.0.0.1 and ::1 by default. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-10-28 19:07:43 -07:00
Lantao Liu
d95e21c89b Add container compute stats support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-10-25 14:32:02 -07:00
Lantao Liu
2ce0bb0926 Update code for latest containerd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-10-09 18:05:20 -07:00
Lantao Liu
358d672160 Add hostname CRI validation and unit test. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-09-25 16:11:27 -07:00
Lantao Liu
7fba77f238
Merge pull request #1298 from Random-Liu/set-sandbox-cpu-shares 
Set default sandbox container cpu shares on windows.
 2019-09-25 11:05:43 -07:00
Lantao Liu
2eba67a7ee
Merge pull request #1287 from crosbymichael/cgroups 
Use type alias from containerd for cgroup metric types
 2019-09-24 17:34:49 -07:00
Lantao Liu
f3ef10e9a2 Set default sandbox container cpu shares on windows. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-09-24 17:03:11 -07:00
Justin Terry (VM)
ed7873ef1e Forward SandboxConfig.Hostname to Workload container activation 
1. For Windows the Hostname property is not inherited from the sandbox and must
be passed for the Workload container activations as well.

Signed-off-by: Justin Terry (VM) <juterry@microsoft.com>
 2019-09-24 10:21:17 -07:00
Lantao Liu
bad68a8270
Merge pull request #1284 from liyanhui1228/win_portforward 
Add windows port forward support
 2019-09-23 22:17:08 -07:00
Angela Li
dc413bd6d6 Add windows portforward support 
Signed-off-by: Angela Li <yanhuil@google.com>
 2019-09-23 17:36:43 -07:00
Michael Crosby
c8c7c54a6e Use typealias for containerd metrics 
Signed-off-by: Michael Crosby <crosbymichael@gmail.com>
 2019-09-20 16:01:48 -04:00
Lantao Liu
470776c903
Merge pull request #1274 from Random-Liu/dualstack 
Add DualStack support
 2019-09-19 21:32:26 -07:00
Lantao Liu
c1ece0c801 Address comment. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-09-19 14:05:28 -07:00
Lantao Liu
b431316edd
Merge pull request #1280 from estesp/add-default-path-env 
Add back default UNIX env to container config
 2019-09-19 11:41:03 -07:00
Phil Estes
161abf8f5b
Fix golangci-lint findings 
Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
 2019-09-19 09:38:40 -04:00
Phil Estes
229eb19bd6
Add back default UNIX env to container config 
Due to changes to the defaults in containerd, the CRI path to creating a
container OCI config needs to add back in the default UNIX $PATH (and
any other defaults) as that is the expected behavior from other
runtimes.

Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>
 2019-09-19 09:00:25 -04:00
Antonio Ojea
fcd6bf318b Report Additional POD IPs 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-09-18 17:21:37 -07:00
Lantao Liu
dc964de85f Add windows implmenetation 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-09-18 10:46:29 -07:00
Lantao Liu
bbcf564745 Add windows image platform comparer 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-09-18 10:46:28 -07:00
Lantao Liu
c6cb25c158 Open/create log file with FILE_SHARE_DELETE on windows 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-09-18 10:46:28 -07:00
Mike Brown
738179542a add a test case for container_annotations 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2019-09-10 11:28:59 +03:00
Ed Bartosh
05a9028969 Use container annotations when creating containers 
Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
 2019-09-10 11:28:59 +03:00
Ed Bartosh
e28689657a Add ContatinerAnnotations to the Runtime and config 
Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
 2019-09-10 11:28:51 +03:00
Lantao Liu
115b7664d9 Clarify some exec behavior. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-09-03 16:52:23 -07:00