github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
2,037 Commits 3 Branches 2 Tags 112 MiB
e571fd864f
Commit Graph

2037 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
ktock
e571fd864f Limit value size of additional annotation for avoiding unpack failure 
In containerd, there is a size limit for label size (4096 chars).
Currently if an image has many layers (> (4096-39)/72 > 56),
`containerd.io/snapshot/cri.image-layers` will hit the limit of label size and
the unpack will fail.
This commit fixes this by limiting the size of the annotation.

Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
 2020-09-15 22:47:28 +09:00
Derek McGowan
35e623e6bf
Merge pull request #1561 from crosbymichael/kata-se 
Handle KVM based runtimes with selinux
 2020-09-01 13:12:11 -07:00
Michael Crosby
d715d00906 Handle KVM based runtimes with selinux 
Signed-off-by: Michael Crosby <michael@thepasture.io>
 2020-08-26 21:38:03 -04:00
Derek McGowan
56a89cda34
Merge pull request #1552 from crosbymichael/nri 
Add experimental NRI injection points
 2020-08-24 13:58:11 -07:00
Mike Brown
d09e26b0a0
Merge pull request #1556 from aojea/cni80 
bump cni dependencies
 2020-08-24 13:12:24 -05:00
Antonio Ojea
1403a391c3 bump cni dependencies 
Signed-off-by: Antonio Ojea <aojea@redhat.com>
 2020-08-21 18:00:20 +02:00
Mike Brown
bb0ca842e9
Merge pull request #1559 from mikebrow/prepare-1.4 
Prepare 1.4
 2020-08-20 12:16:29 -05:00
Michael Crosby
63f89eb954 Update server with nri injection points 
This allows development with container to be done for NRI without the need for
custom builds.

This is an experimental feature and is not enabled unless a user has a global
`/etc/nri/conf.json` config setup with plugins on the system.  No NRI code will
be executed if this config file does not exist.

Signed-off-by: Michael Crosby <michael@thepasture.io>
 2020-08-20 08:10:09 -04:00
Michael Crosby
b777982928 Update vendor for new containerd and nri 
Signed-off-by: Michael Crosby <michael@thepasture.io>
 2020-08-20 07:28:37 -04:00
Mike Brown
b0cc07999a vendor containerd 1.4 release 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2020-08-20 05:14:45 -05:00
Mike Brown
a40d639285 update support table for 1.4 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2020-08-20 05:13:47 -05:00
Akihiro Suda
4e6644c8cf
Merge pull request #1551 from thaJeztah/bump_kubernetes_1.19.0-rc.4 
vendor: kubernetes 1.19.0 rc.4 and dependencies
 2020-08-10 19:18:50 +09:00
Akihiro Suda
0619de413c
Merge pull request #1555 from thaJeztah/bump_golang_1.13.15 
Bump Golang 1.13.15
 2020-08-09 03:00:33 +09:00
Sebastiaan van Stijn
34596c9c90
Bump Golang 1.13.15 
full diff: https://github.com/golang/go/compare/go1.13.14...go1.13.15

go1.13.15 (released 2020/08/06) includes security fixes to the encoding/binary
package. See the Go 1.13.15 milestone on the issue tracker for details.

https://github.com/golang/go/issues?q=milestone%3AGo1.13.15+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-08-08 15:10:30 +02:00
Mike Brown
5c6c6b2ac7
Merge pull request #1550 from thaJeztah/bump_containerd_v1.4.0-rc.0 
Bump containerd v1.4.0 rc.0
 2020-08-05 17:56:08 -05:00
Mike Brown
a8b6b6b065
Merge pull request #1549 from thaJeztah/bump_golang_1.13.14 
Bump Golang 1.13.14
 2020-08-05 10:15:48 -05:00
Sebastiaan van Stijn
ecbdffc9c5
vendor: update kubernetes v1.19.0-rc.4 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-08-05 15:48:45 +02:00
Sebastiaan van Stijn
968d44d1bc
vendor: golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 
full diff: bac4c82f69...75b288015a

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-08-05 15:48:43 +02:00
Sebastiaan van Stijn
e018d6fa41
vendor: golang.org/x/sys v0.0.0-20200622214017-ed371f2e16b4 
full diff: 9dae0f8f57...ed371f2e16

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-08-05 15:48:41 +02:00
Sebastiaan van Stijn
bee6ab5a15
vendor: golang.org/x/net v0.0.0-20200707034311-ab3426394381 
full diff: f3200d17e0...ab34263943

Worth mentioning that there's a comment updated in golang.org/x/net/websocket:

    This package currently lacks some features found in alternative
    and more actively maintained WebSocket packages:
        https://godoc.org/github.com/gorilla/websocket
        https://godoc.org/nhooyr.io/websocket

It's used in k8s.io/apiserver/pkg/util/wsstream/stream.go, so perhaps that should
be reviewed if the alternatives are better for how it's used.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-08-05 15:48:38 +02:00
Sebastiaan van Stijn
117c169992
vendor: containerd v1.4.0-rc.0 
full diff: d184a0a343...v1.4.0-rc.0

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-08-05 15:38:30 +02:00
Sebastiaan van Stijn
fd030873ac
vendor: opencontainers/runc v1.0.0-rc91-48-g67169a9d 
full diff: https://github.com/opencontainers/runc/compare/v1.0.0-rc91...67169a9d43456ff0d5ae12b967acb8e366e2f181

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-08-05 15:36:19 +02:00
Sebastiaan van Stijn
78e5277419
vendor: containerd/continuity efbc4488d8fe1bdc16bde3b2d2990d9b3a899165 
full diff: d3ef23f19f...efbc4488d8

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-08-05 15:33:10 +02:00
Sebastiaan van Stijn
93a03cc810
vendor: json-iterator/go v1.1.10 
full diff: https://github.com/json-iterator/go/compare/v1.1.9...v1.1.10

- Fix 459 map keys of custom types should serialize using MarshalText when available
- Fix potential panic in (*stringAny).ToInt64 and (*stringAny).ToUint64 (see 450)
- Fix 449 do NOT marshal the field whose name start with underscore
- Reuse stream buffer and remove flush in (*Stream).WriteMore(see 441 440)
- Fix 421 simplify the error string returned by the decoder when it meets error unmarshaling anonymous structs
- Fix 389 411 do NOT marshal the json.RawMessage type field whose real type is integer/float as "null" with ValidateJsonRawMessage option enabled
- Fix 326 do Not marshal private field after calling extra.SetNamingStrategy() to register naming strategy extension

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-08-05 14:27:14 +02:00
Sebastiaan van Stijn
bfba0f2840
Bump Golang 1.13.14 
full diff: https://github.com/golang/go/compare/go1.13.12...go1.13.14

- go1.13.14 (released 2020/07/16) includes fixes to the compiler, vet, and the
  database/sql, net/http, and reflect packages. See the Go 1.13.14 milestone on
  the issue tracker for details:
  https://github.com/golang/go/issues?q=milestone%3AGo1.13.14+label%3ACherryPickApproved
- go1.13.13 (released 2020/07/14) includes security fixes to the crypto/x509 and
  net/http packages. See the Go 1.13.13 milestone on our issue tracker for details:
  https://github.com/golang/go/issues?q=milestone%3AGo1.13.13+label%3ACherryPickApproved

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2020-08-05 13:29:16 +02:00
Wei Fu
8871d5cdf8
Merge pull request #1548 from AkihiroSuda/remove-libseccomp-dependency 
remove libseccomp cgo dependency
 2020-07-30 23:30:04 +08:00
Akihiro Suda
7332e2ad2e
remove libseccomp cgo dependency 
The CRI plugin was depending on libseccomp cgo dependency via
libseccomp-golang via libcontainer.

https://github.com/seccomp/libseccomp-golang/blob/v0.9.1/seccomp_internal.go#L17

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-07-30 18:51:23 +09:00
Mike Brown
858a766264
Merge pull request #1547 from mikebrow/containerd-list-podid-should-search 
adds support for pod id lookup for filter
 2020-07-29 17:39:18 -05:00
Mike Brown
8a2d1cc802 adds support for pod id lookup for filter 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2020-07-29 15:23:22 -05:00
Mike Brown
c209d013cb
Merge pull request #1545 from ktock/ssdoc 
Add description about `disable_snapshot_annotations` to configuration doc
 2020-07-29 11:48:30 -05:00
Mike Brown
fe9bb8da65
Merge branch 'master' into ssdoc 2020-07-29 11:44:10 -05:00
Mike Brown
63400c7694
Merge pull request #1543 from ktock/discard-content 
Allow GC to discard content after successful pull and unpack
 2020-07-29 11:39:28 -05:00
Akihiro Suda
0f99e0f53e
Merge pull request #1542 from sachaos/master 
Update config syntax in registry.md (GCR example)
 2020-07-29 02:30:20 +09:00
Takumasa Sakao
4c8164bccf Specify version = 2 & fix wrong key in registry.md (GCR example) 
Signed-off-by: Takumasa Sakao <sakataku7@gmail.com>
 2020-07-28 17:54:12 +09:00
ktock
375dd76255 Add description about disable_snapshot_annotations to configuration doc 
Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
 2020-07-28 09:30:20 +09:00
ktock
c80660b82b Allow GC to discard content after successful pull and unpack 
This commit adds a config flag for allowing GC to clean layer contents up after
unpacking these contents completed, which leads to deduplication of layer
contents between the snapshotter and the contnet store.

Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
 2020-07-28 09:05:47 +09:00
ktock
b51177bfcc Vendor containerd d184a0a343 
Signed-off-by: Kohei Tokunaga <ktokunaga.mail@gmail.com>
 2020-07-27 10:48:20 +09:00
Mike Brown
8448b92d23
Merge pull request #1534 from crosbymichael/selinux-range 
Update selinux pkg and allow category range to be set in config
 2020-07-23 15:32:55 -05:00
Mike Brown
0443a13da7
Merge pull request #1535 from lumjjb/updatecri-doc 
Update doc cri plugin convention
 2020-07-23 11:18:44 -05:00
Mike Brown
e080f84537
Merge pull request #1539 from mikebrow/windows-ci-force-bash 
switching to windows-2016.. latest is breaking due to wsl conflict with bash
 2020-07-23 10:11:13 -05:00
Mike Brown
fad87288f8 switching to windows-2016 latest is breaking due to wsl conflict with bash 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2020-07-22 17:33:45 -05:00
Brandon Lum
f93b72530f Update doc cri plugin convention 
Signed-off-by: Brandon Lum <lumjjb@gmail.com>
 2020-07-22 17:34:17 +00:00
Michael Crosby
5f5d954b6a add selinux category range to config 
This allows an admin to set the upper bounds on the category range for selinux
labels.  This can be useful when handling allocation of PVs or other volume
types that need to be shared with selinux enabled on the hosts and volumes.

Signed-off-by: Michael Crosby <michael@thepasture.io>
 2020-07-20 16:02:07 -04:00
Michael Crosby
9b06da4773 update selinux to 1.6.0 release 
Signed-off-by: Michael Crosby <michael@thepasture.io>
 2020-07-20 15:57:28 -04:00
Mike Brown
fcda0cf4a7
Merge pull request #1529 from AkihiroSuda/allow-disabling-hugepages 
allow disabling hugepages
 2020-07-16 13:29:46 -05:00
Akihiro Suda
707d2c49d1
allow disabling hugepages 
This helps with running rootless mode + cgroup v2 + systemd without hugetlb delegation.
Systemd does not (and will not, perhaps) support hugetlb delegation as of systemd v245. https://github.com/systemd/systemd/
issues/14662

From 502bc5427e/src/patches/containerd/0001-DIRTY-VENDOR-cri-allow-disabling-hugepages.patch

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2020-07-16 11:46:25 +09:00
Mike Brown
1d3b9c5b80
Merge pull request #1532 from jsturtevant/update-pause-image-ref 
Update to latest Windows SandboxImage
 2020-07-15 17:55:28 -05:00
James Sturtevant
2bb0b19c4b Update to latest pause image for windows 
Signed-off-by: James Sturtevant <jstur@microsoft.com>
 2020-07-15 11:45:21 -07:00
Mike Brown
5df93a038a
Merge pull request #1531 from mikebrow/nit-for-default-config 
show runc options tag
 2020-07-11 11:47:00 -05:00
Mike Brown
4b3974c4e9 show runc options tag 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2020-07-10 16:33:36 -05:00