github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
1,444 Commits 3 Branches 2 Tags 112 MiB
effd82227c
Commit Graph

46 Commits

Author SHA1 Message Date
Harshal Patil
effd82227c Add support for passing sandbox annotations to runtime 
Signed-off-by: Harshal Patil <harshal.patil@in.ibm.com>
 2019-03-21 14:38:14 +05:30
Lantao Liu
9eabcf525e Add an OCI annotation for sandbox log directory. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-03-06 16:43:36 -08:00
Lantao Liu
089d4fbfb8 Set /etc/hostname. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-02-12 00:18:00 -08:00
Lantao Liu
b1ad4ee9b6 Add unit test for DisableCgroup, RestrictOOMScoreAdj. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2019-01-03 10:47:34 -08:00
Lantao Liu
f540c2a74d Skip sctp protocol hostport mapping. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-09-11 16:32:15 -07:00
Tim Allclair
e7189a25c3
Add RuntimeHandler support 
Signed-off-by: Tim Allclair <tallclair@google.com>
 2018-09-05 17:27:35 -07:00
Eric Ernst
9a01272dc2 sandbox: separate host accessing workload and privileged 
VM isolated runtimes can support privileged workloads. In this
scenario, access to the guest VM is provided instead of the host.
Based on this, allow untrusted runtimes to run privileged workloads.

If the workload is specifically asking for node PID/IPC/network, etc.,
then continue to require the trusted runtime.

This commit repurposes the hostPrivilegedSandbox utility function to
only check for node namespace checking.

Fixes: #855

Signed-off-by: Eric Ernst <eric.ernst@intel.com>
 2018-07-22 16:51:22 -07:00
Lantao Liu
46d621e4ac Support Cmd for sandbox container. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-12 14:38:55 -07:00
Lantao Liu
83e6b65566 Select ipv4 first if there is one. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-06-05 18:25:03 +00:00
Ricardo Aravena
f79e0171ca
Minor typo 
Signed-off-by: Ricardo Aravena <raravena80@gmail.com>
 2018-05-15 09:11:48 -07:00
Mike Brown
94df315de8 adds volatile state directory to the fs plan for cntrs/pods/fifo 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-03-24 00:05:52 +00:00
Lantao Liu
ca67f94ee0 Address comments for privileged runtime code. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-23 02:17:46 +00:00
Jose Carlos Venegas Munoz
bdc5eee544 test: Add unit tests for privileged runtime functions 
- Add unit test for privilegedSandbox

- Add unit test  for getRuntime

Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
 2018-03-20 18:04:23 -06:00
Lantao Liu
387da59ee5 Rename all variables to remove "cricontainerd". 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-03-19 21:59:32 +00:00
abhi
003bbd4292 Modifying fake cni plugin 
Signed-off-by: abhi <abhi@docker.com>
 2018-03-15 17:05:33 -07:00
Mike Brown
d4e7154625 move links for cri-containerd to cri 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2018-03-13 17:06:26 -05:00
Lantao Liu
46fc92f65f Use new namespace mode and support shared pid namespace. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-02-08 03:10:57 +00:00
Jose Carlos Venegas Munoz
b383b0261a Annotations: Provide container metadata for VM based runtimes 
For hypervisor-based container runtimes (like Kata Containers, Clear Containers
or runv) a pod will be created in a VM and then create containers within the VM.

When a runtime is requested for container commands like create and start, both
the instal "pause" container and next containers need to be added to the pod
namespace (same VM).

A runtime does not know if it needs to create/start a VM or if it needs to add a
container to an already running VM pod.

This patch adds a way to provide this information through container annotations.
When starting a container or a sandbox, 2 annotations are added:

- type (Container or Sandbox)
- sandbox name

This allow to a VM based runtime to decide if they need to create a pod VM or
container within the VM pod.

Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
 2018-01-17 09:57:20 -06:00
Lantao Liu
025ffe551f Rename kubernetes-incubator/cri-containerd to containerd/cri-containerd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2018-01-10 22:35:33 +00:00
Lantao Liu
cd57d063c5 Add systemd cgroup support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-26 06:44:30 +00:00
Mike Brown
78a925f57b vendor for new seccomp helpers 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-09-21 17:37:50 -05:00
yanxuean
e1a7a0ea76 Switch to containerd extension 
fix #251

Signed-off-by: yanxuean <yan.xuean@zte.com.cn>
 2017-09-21 00:15:10 +08:00
Lantao Liu
f36ef46b35 Use new ocicni. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-09-07 00:14:12 +00:00
Lantao Liu
270e09ab26 Use containerd WithUserID. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-25 21:11:56 +00:00
Lantao Liu
a80df151d1 Add RunAsUsername support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-25 00:47:35 +00:00
Abhinandan Prativadi
5a119200b8 Creating permanent sandbox namespace 
This commit contains changes to create/delete permanent namespace
for a sandbox container.

Signed-off-by: Abhinandan Prativadi <abhi@docker.com>
 2017-08-24 10:43:42 -07:00
Lantao Liu
f6d99abcf4 Add hostport support 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-08-23 01:33:02 +00:00
Mike Brown
73748840da Swicth to 1.0.0-alpha2 containerd api. 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-08-02 23:21:37 +00:00
Lantao Liu
ffb69423ec Temporarily remove unit test relying on fake containerd services. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-07-31 22:42:10 +00:00
Lantao Liu
7b16a35287 Use new metadata store. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-07-28 23:35:31 +00:00
Lantao Liu
4317e6119a Remove sandbox truncindex. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-07-28 23:35:31 +00:00
Lantao Liu
14fd8401a2 Set sandbox container resource limit. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-23 01:23:53 +00:00
Lantao Liu
862d00a21c Update CRI to d779e9c9561b732adf06263c5424889e7564fdbd. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-21 01:56:13 +00:00
Lantao Liu
5b7cbf1bc6 Create/remove sandbox container. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-16 16:43:13 +00:00
Lantao Liu
6ca9c65578 Rename more container to task. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-16 02:34:43 +00:00
Lantao Liu
bad279e0f6 Finish snapshot support. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-16 02:34:43 +00:00
Mike Brown
484a326717 modify code to compile on updated containerd 
Signed-off-by: Mike Brown <brownwm@us.ibm.com>
 2017-06-15 23:14:21 +00:00
Lantao Liu
9d5990fe4f Add sandbox /dev/shm. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-11 09:49:46 +00:00
Crazykev
62d1e5dc10 add unit test 
Signed-off-by: Crazykev <crazykev@zju.edu.cn>
 2017-06-09 19:36:30 +08:00
Crazykev
9bf7ffd51a generate and maintain resolv.conf for sandbox 
Signed-off-by: Crazykev <crazykev@zju.edu.cn>
 2017-06-09 19:36:30 +08:00
Lantao Liu
4eac00fe23 Add unit test. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-06-06 06:43:38 +00:00
Lantao Liu
dee95bc315 Add unit test. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-05-31 01:18:22 +00:00
Lantao Liu
6eb1ddb1f8 Add unit test. 
Signed-off-by: Lantao Liu <lantaol@google.com>
 2017-05-31 00:39:38 +00:00
Crazykev
49e7ef2153 update kubernetes vendor for new CRI change 
Signed-off-by: Crazykev <crazykev@zju.edu.cn>
 2017-05-24 10:25:55 +08:00
Xianglin Gao
4a4414987f Add unit test 
Signed-off-by: Xianglin Gao <xlgao@zju.edu.cn>
 2017-05-23 18:30:20 +08:00
Random-Liu
e4e9f30c5d Add unit test. 
Signed-off-by: Random-Liu <lantaol@google.com>
 2017-05-12 13:14:25 -07:00