github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
11,707 Commits 3 Branches 4 Tags
e307f87971391efb47eef4487e93be4cfd36fe85
Commit Graph

107 Commits

Author SHA1 Message Date
Derek McGowan
ee0e22f01c Merge pull request #8020 from AkihiroSuda/mkdir-etc-cni-0755 
cri: mkdir /etc/cni with 0755, not 0700
 2023-01-30 10:21:30 -08:00
Akihiro Suda
b36b415526 cri: mkdir /etc/cni with 0755, not 0700 
/etc/cni has to be readable for non-root users (0755), because /etc/cni/tuning/allowlist.conf is used for rootless mode too.
This file was introduced in CNI plugins 1.2.0 (containernetworking/plugins PR 693), and its path is hard-coded.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-01-29 07:49:36 +09:00
Maksym Pavlenko
21fe0ceaad Move PLEG events for pause container to podsandbox 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-25 19:28:48 -08:00
Sebastiaan van Stijn
4f39b164f3 pkg/cri: optimize slice initialization 
Some of this code was originally added in b7b1200dd3,
which likely meant to initialize the slice with a length to reduce allocations,
however, instead of initializing with a zero-length and a capacity, it
initialized the slice with a fixed length, which was corrected in commit
0c63c42f81.

This patch initializes the slice with a zero-length and expected capacity.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2023-01-24 20:46:20 +01:00
Maksym Pavlenko
f9f8455332 Backport #7393 to sbserver 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-17 14:36:21 -08:00
Maksym Pavlenko
0cbfb3375f Backport #7661 to sbserver 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-17 14:31:47 -08:00
Maksym Pavlenko
41eabf134a Backport #7685 to sbserver 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-17 14:26:16 -08:00
Maksym Pavlenko
b0d7a96976 Backport unit test from #7882 to sbserver 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-17 14:26:16 -08:00
Maksym Pavlenko
1ade777c24 Add basic spec and mounts for Darwin 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-12 17:00:40 -08:00
Maksym Pavlenko
3c8469a782 Use Platform instead of generated API 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-12 10:30:42 -08:00
Maksym Pavlenko
40be96efa9 Have separate spec builder for each platform 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:12:25 -08:00
Maksym Pavlenko
fdfa3519a3 Remove unused params from platformSpec 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:03:59 -08:00
Maksym Pavlenko
1c1d8fb057 Update OCI spec tests for generic platform 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:03:59 -08:00
Maksym Pavlenko
f43d8924e4 Move most of OCI spec options to common builder 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:03:59 -08:00
Maksym Pavlenko
21338d2777 Add stub to build common OCI spec 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:03:59 -08:00
Maksym Pavlenko
f318e5630b Update sandbox API to return target platform 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:03:59 -08:00
Maksym Pavlenko
dd22a3a806 Move WithMounts to specs 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:03:59 -08:00
Qasim Sarfraz
9c8c4508ec cri: Fix TestUpdateOCILinuxResource for host w/o swap controller 
Tested on Ubuntu 20.04 w/o swap controller:
```
$ stat -fc %T /sys/fs/cgroup/
tmpfs
$ la -la /sys/fs/cgroup/memory/memory.memsw.limit_in_bytes
ls: cannot access '/sys/fs/cgroup/memory/memory.memsw.limit_in_bytes': No such file or directory
$  go test -v ./pkg/cri/sbserver/ -run TestUpdateOCILinuxResource
=== RUN   TestUpdateOCILinuxResource
=== RUN   TestUpdateOCILinuxResource/should_be_able_to_patch_the_unified_map
=== RUN   TestUpdateOCILinuxResource/should_be_able_to_update_each_resource
=== RUN   TestUpdateOCILinuxResource/should_skip_empty_fields
=== RUN   TestUpdateOCILinuxResource/should_be_able_to_fill_empty_fields
--- PASS: TestUpdateOCILinuxResource (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_be_able_to_patch_the_unified_map (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_be_able_to_update_each_resource (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_skip_empty_fields (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_be_able_to_fill_empty_fields (0.00s)
PASS
ok      github.com/containerd/containerd/pkg/cri/sbserver       (cached)
$ go test -v ./pkg/cri/server/ -run TestUpdateOCILinuxResource
=== RUN   TestUpdateOCILinuxResource
=== RUN   TestUpdateOCILinuxResource/should_be_able_to_update_each_resource
=== RUN   TestUpdateOCILinuxResource/should_skip_empty_fields
=== RUN   TestUpdateOCILinuxResource/should_be_able_to_fill_empty_fields
=== RUN   TestUpdateOCILinuxResource/should_be_able_to_patch_the_unified_map
--- PASS: TestUpdateOCILinuxResource (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_be_able_to_update_each_resource (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_skip_empty_fields (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_be_able_to_fill_empty_fields (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_be_able_to_patch_the_unified_map (0.00s)
PASS
ok      github.com/containerd/containerd/pkg/cri/server (cached)
```

Signed-off-by: Qasim Sarfraz <qasimsarfraz@microsoft.com>
 2023-01-10 15:41:04 +01:00
Maksym Pavlenko
06bfcd658c Enable dupword linter 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-03 12:47:16 -08:00
Samuel Karp
b0b28f1d8e Merge pull request #7879 from fuweid/clean-build-tags 2022-12-30 00:22:03 -08:00
Mike Brown
66f186d42d Merge pull request #7679 from kinvolk/rata/userns-stateless-pods 
Add support for user namespaces in stateless pods (KEP-127)
 2022-12-29 14:08:24 -06:00
Wei Fu
6b7e237fc7 chore: use go fix to cleanup old +build buildtag 
Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2022-12-29 14:25:14 +08:00
Derek McGowan
27f43506b4 Merge pull request #7872 from yanggangtony/cri-sbserver 
CRI sbserver: Prevent server reuse after Shutdown
 2022-12-27 15:54:29 -08:00
yanggang
e94d925711 CRI sbserver: Prevent server reuse after Shutdown. 
Signed-off-by: yanggang <gang.yang@daocloud.io>
 2022-12-27 14:16:40 +08:00
Danny Canter
229779a4e5 oci: Add WithDomainname 
A domainname field was recently added to the OCI spec. Prior to this
folks would need to set this with a sysctl, but now runtimes should be
able to setdomainname(2). There's an open change to runc at the moment
to add support for this so I've just left testing as a couple spec
validations in CRI until that's in and usable.

Signed-off-by: Danny Canter <danny@dcantah.dev>
 2022-12-26 04:03:45 -05:00
Antonio Ojea
ba0a7185f0 add network plugin metrics 
Add network plugin metrics.

The metrics are the same that were used in dockershim/kubelet until
it was deprecated in kubernetes 1.23

https://github.com/kubernetes/kubernetes/blob/release-1.23/pkg/kubelet/dockershim/network/metrics/metrics.go

Signed-off-by: Antonio Ojea <aojea@google.com>
 2022-12-23 09:23:56 +00:00
Rodrigo Campos
a7adeb6976 cri: Support pods with user namespaces 
This patch requests the OCI runtime to create a userns when the CRI
message includes such request.

Signed-off-by: Rodrigo Campos <rodrigoca@microsoft.com>
 2022-12-21 17:56:56 -03:00
Kazuyoshi Kato
52a7480399 Remove github.com/gogo/protobuf again 
While we need to support CRI v1alpha2, the implementation doesn't have
to be tied to gogo/protobuf.

Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>
 2022-12-15 22:54:15 +00:00
Derek McGowan
a4bc380b91 Merge pull request #7814 from dcantah/hostnet-helper 
CRI: Add host networking helper
 2022-12-15 11:21:45 -08:00
Fu Wei
12f30e6524 Merge pull request #7792 from mxpv/sb-shutdown 2022-12-15 13:37:35 +08:00
Maksym Pavlenko
a4d5c3e5cb Support sandboxed shims shutdown 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-12-14 18:22:52 -08:00
Danny Canter
84529072d2 CRI: Add host networking helper 
We do a ton of host networking checks around the CRI plugin, all mainly
doing the same thing of checking the different quirks on various platforms
(for windows are we a HostProcess pod, for linux is namespace mode the
right thing, darwin doesn't have CNI support etc.) which could all be
bundled up into a small helper that can be re-used.

Signed-off-by: Danny Canter <danny@dcantah.dev>
 2022-12-14 01:47:22 -08:00
Maksym Pavlenko
0e33a8fa4f [sb] Fix status 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-12-13 16:35:15 -08:00
Phil Estes
ecf00ffe84 Merge pull request #7783 from inspektor-gadget/qasim/cri-disable-swap 
cri: make swapping disabled with memory limit
 2022-12-13 15:21:51 -05:00
Fu Wei
d2f68bfb36 Merge pull request #7313 from pacoxu/image-pull-metrics 
add metrics for image pulling: error; in progress count; thoughput
 2022-12-13 19:49:22 +08:00
Fu Wei
f2cf411b79 Merge pull request #7073 from ruiwen-zhao/event 
Add container event support to containerd
 2022-12-09 15:24:23 +08:00
Maksym Pavlenko
e1abaeb386 Merge pull request #7764 from mxpv/config 
Pass TOML configuration options for runtimes CRI is not aware of
 2022-12-08 12:59:13 -08:00
ruiwen-zhao
a6929f9f6b Add Evented PLEG support to sandbox server 
Signed-off-by: ruiwen-zhao <ruiwen@google.com>
 2022-12-08 19:31:36 +00:00
Qasim Sarfraz
69975b92bb cri: make swapping disabled with memory limit 
OCI runtime spec defines memory.swap as 'limit of memory+Swap usage'
so setting them to equal should disable the swap. Also, this change
should make containerd behaviour same as other runtimes e.g
'cri-dockerd/dockershim' and won't be impacted when user turn on
'NodeSwap' (https://github.com/kubernetes/enhancements/issues/2400) feature.

Signed-off-by: Qasim Sarfraz <qasimsarfraz@microsoft.com>
 2022-12-08 13:54:55 +01:00
Maksym Pavlenko
f9295aa49f Fix context when waiting sandbox 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-12-07 12:52:04 -08:00
Maksym Pavlenko
8ab1d44967 Pass runtime configuration as TOML blob 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-12-07 10:55:06 -08:00
Paco Xu
c59f1635f0 add metrics for image pulling: success/failure count; in progress count; thoughput 
Signed-off-by: Paco Xu <paco.xu@daocloud.io>
 2022-12-07 15:11:00 +08:00
Maksym Pavlenko
a113737ccf sbserver bug fixing 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-12-06 15:32:42 -08:00
Derek McGowan
51195ad099 Merge pull request #7731 from mxpv/cri 
[Sandbox API] CRI status cleanup
 2022-12-01 13:43:13 -08:00
Kirtana Ashok
08d5879f32 Added nullptr checks to pkg/cri/server and sbserver 
Signed-off-by: Kirtana Ashok <Kirtana.Ashok@microsoft.com>
 2022-11-29 13:25:49 -08:00
Maksym Pavlenko
9f4ba48839 [sandbox] Fix panic when waiting for sandbox controller 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-11-28 13:29:21 -08:00
Maksym Pavlenko
dbc6d33ac5 [sandbox] Specify sandbox ID when using sandboxed shims 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-11-28 13:27:54 -08:00
Maksym Pavlenko
9a53a6c34a [sandbox] Don't access pause container when creating pod container 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-11-28 12:48:57 -08:00
Maksym Pavlenko
cc111eef61 [sandbox] Move sandbox info to podsandbox controller 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-11-28 12:06:41 -08:00
Maksym Pavlenko
a6d1d53cc2 [sandbox] Update Controller.Status protos 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2022-11-28 10:13:37 -08:00