github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
11,904 Commits 3 Branches 4 Tags
f6491b0049ae9a0c124b642c77d796677ff48328
Commit Graph

137 Commits

Author SHA1 Message Date
Akihiro Suda
e0a05b56e5 Merge pull request #8152 from bart0sh/PR007-upgrade-CDI-to-0.5.4 
update CDI version to v0.5.4
 2023-02-28 09:22:30 +09:00
Changwei Ge
bd0a2a9273 CRI: remove duplicated snapshotters code 
The snapshotter annotation definitions and related functions have been
public in the new packge snapshotter

Also remove a test for container image layer's annotation.

Signed-off-by: Changwei Ge <gechangwei@bytedance.com>
 2023-02-23 11:46:14 +08:00
Ed Bartosh
49abbe4f2b fix failing TestCDIInjections 
Signed-off-by: Ed Bartosh <eduard.bartosh@intel.com>
 2023-02-22 20:07:34 +02:00
Derek McGowan
179f00c883 Merge pull request #8051 from yulng/goroutine 
fix: 'go routine' should be 'goroutine'
 2023-02-15 15:20:47 -08:00
Derek McGowan
aa6418fadd Merge pull request from GHSA-hmfx-3pcx-653p 
oci: fix additional GIDs
 2023-02-15 13:45:14 -08:00
Kazuyoshi Kato
fe5d1d3e7c Merge pull request #7954 from klihub/devel/sbserver-nri-integration 
pkg/cri/sbserver: experimental NRI integration for CRI.
 2023-02-15 10:42:25 -08:00
Maksym Pavlenko
3548f59fd8 Merge pull request #8060 from dcantah/cri-annots-other 
CRI: Pass sandbox annotations to _other platforms
 2023-02-14 18:34:46 -08:00
Casey Callendrello
0166783c79 cni: pass in the cgroupPath capability argument 
There is a new CNI capability argument, cgroupPath, where runtimes can
pass cgroup paths to CNI plugins.

Implement that.

Signed-off-by: Casey Callendrello <cdc@isovalent.com>
 2023-02-14 16:49:29 +01:00
Danny Canter
646bc3a94e CRI: Create DefaultCRIAnnotations helper 
All of the CRI sandbox and container specs all get assigned
almost the exact same default annotations (sandboxID, name, metadata,
container type etc.) so lets make a helper to return the right set for
a sandbox or regular workload container.

Signed-off-by: Danny Canter <danny@dcantah.dev>
 2023-02-13 13:05:01 -08:00
Danny Canter
5aab634e14 CRI: Pass sandbox annotations to _other platforms 
!windows and !linux weren't getting passed the sandbox annotations.

Signed-off-by: Danny Canter <danny@dcantah.dev>
 2023-02-13 13:03:51 -08:00
Maksym Pavlenko
2b24af8d13 Use options to pass PodSandboxConfig to shims 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-02-13 12:36:20 -08:00
Krisztian Litkey
ebbcb57a4c pkg/cri/sbserver: experimental NRI integration for CRI. 
Hook the NRI service plugin into CRI sbserver request
processing.

Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
 2023-02-13 22:08:18 +02:00
Derek McGowan
edb8ebaf07 Merge pull request #8047 from ruiwen-zhao/send_nil 
Send container events with nil PodSandboxStatus
 2023-02-13 11:38:14 -08:00
Derek McGowan
164ac924f8 Merge pull request #7984 from aitumik/aitumik/add-host-network-tests 
test: add hostNetwork tests for both windows and linux
 2023-02-13 11:37:20 -08:00
Fu Wei
2654ece1d0 Merge pull request #8066 from fuweid/cleanup-blockio-init 
*: introduce wrapper pkgs for blockio and rdt
 2023-02-13 14:05:32 +08:00
Derek McGowan
c6cf6b2522 Merge pull request #8093 from mxpv/instrument 
Extract CRI instrument into separate package
 2023-02-12 21:45:13 -08:00
Maksym Pavlenko
750d18aced Extract CRI instrument package 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-02-12 20:49:15 -08:00
Akihiro Suda
b61988670c go.mod: github.com/containerd/typeurl/v2 v2.1.0 
Changes: https://github.com/containerd/typeurl/compare/7f6e6d160d67...v2.1.0

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-02-11 23:39:52 +09:00
ruiwen-zhao
51a8db233d Send container events with nil PodSandboxStatus 
Signed-off-by: ruiwen-zhao <ruiwen@google.com>
 2023-02-11 01:34:39 +00:00
ruiwen-zhao
27c8f4085c Move PLEG event generation back to sbserver to avoid missing pod sandbox status 
Signed-off-by: ruiwen-zhao <ruiwen@google.com>
 2023-02-11 01:34:33 +00:00
Fu Wei
362ba2c743 Merge pull request #7981 from dmcgowan/sandbox-controller-interface-refactor 
[sandbox] refactor controller interface
 2023-02-11 09:22:36 +08:00
Nathan
7cf5560754 test: add hostNetwork tests for both windows and linux 
Signed-off-by: Nathan <aitumik@protonmail.com>
 2023-02-11 00:15:48 +03:00
Zechun Chen
b944b108df Clean up repeated package import 
Signed-off-by: Zechun Chen <zechun.chen@daocloud.io>
 2023-02-10 16:21:55 +08:00
Akihiro Suda
3eda46af12 oci: fix additional GIDs 
Test suite:
```yaml

---
apiVersion: v1
kind: Pod
metadata:
  name: test-no-option
  annotations:
    description: "Equivalent of `docker run` (no option)"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=0(root) gid=0(root) groups=0(root),10(wheel)" ]']
---
apiVersion: v1
kind: Pod
metadata:
  name: test-group-add-1-group-add-1234
  annotations:
    description: "Equivalent of `docker run --group-add 1 --group-add 1234`"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=0(root) gid=0(root) groups=0(root),1(daemon),10(wheel),1234" ]']
  securityContext:
    supplementalGroups: [1, 1234]
---
apiVersion: v1
kind: Pod
metadata:
  name: test-user-1234
  annotations:
    description: "Equivalent of `docker run --user 1234`"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=1234 gid=0(root) groups=0(root)" ]']
  securityContext:
    runAsUser: 1234
---
apiVersion: v1
kind: Pod
metadata:
  name: test-user-1234-1234
  annotations:
    description: "Equivalent of `docker run --user 1234:1234`"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=1234 gid=1234 groups=1234" ]']
  securityContext:
    runAsUser: 1234
    runAsGroup: 1234
---
apiVersion: v1
kind: Pod
metadata:
  name: test-user-1234-group-add-1234
  annotations:
    description: "Equivalent of `docker run --user 1234 --group-add 1234`"
spec:
  restartPolicy: Never
  containers:
    - name: main
      image: ghcr.io/containerd/busybox:1.28
      args: ['sh', '-euxc',
             '[ "$(id)" = "uid=1234 gid=0(root) groups=0(root),1234" ]']
  securityContext:
    runAsUser: 1234
    supplementalGroups: [1234]
```

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-02-10 15:53:00 +09:00
Wei Fu
62df35df66 *: introduce wrapper pkgs for blockio and rdt 
Before this patch, both the RdtEnabled and BlockIOEnabled are provided
by services/tasks pkg. Since the services/tasks can be pkg plugin which
can be initialized multiple times or concurrently. It will fire data-race
issue as there is no mutex to protect `enable`.

This patch is aimed to provide wrapper pkgs to use intel/{blockio,rdt}
safely.

Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-02-10 08:21:34 +08:00
yulng
6cdc221f59 'go routine' should be 'goroutine' 
Signed-off-by: yulng <wei.yang@daocloud.io>
 2023-02-08 14:10:34 +08:00
Derek McGowan
b0e97c0f9b Use multierror for cleanup error 
Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-02-07 11:06:14 -08:00
Derek McGowan
a788f6c799 Move local sandbox controller under plugins package 
Add options to sandbox controller interface.
Update sandbox controller interface to fully utilize sandbox controller
interface.
Move grpc error conversion to service.

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-02-06 22:04:45 -08:00
Derek McGowan
2717685dad Refactor sandbox controller interface 
Update the sandbox controller interface to use local types rather than
using the API types.

Signed-off-by: Derek McGowan <derek@mcg.dev>
 2023-02-06 21:39:30 -08:00
Maksym Pavlenko
1f35b03369 Fix sandbox exit monitor 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-02-02 14:02:52 -08:00
Derek McGowan
ee0e22f01c Merge pull request #8020 from AkihiroSuda/mkdir-etc-cni-0755 
cri: mkdir /etc/cni with 0755, not 0700
 2023-01-30 10:21:30 -08:00
Akihiro Suda
b36b415526 cri: mkdir /etc/cni with 0755, not 0700 
/etc/cni has to be readable for non-root users (0755), because /etc/cni/tuning/allowlist.conf is used for rootless mode too.
This file was introduced in CNI plugins 1.2.0 (containernetworking/plugins PR 693), and its path is hard-coded.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2023-01-29 07:49:36 +09:00
Maksym Pavlenko
21fe0ceaad Move PLEG events for pause container to podsandbox 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-25 19:28:48 -08:00
Sebastiaan van Stijn
4f39b164f3 pkg/cri: optimize slice initialization 
Some of this code was originally added in b7b1200dd3,
which likely meant to initialize the slice with a length to reduce allocations,
however, instead of initializing with a zero-length and a capacity, it
initialized the slice with a fixed length, which was corrected in commit
0c63c42f81.

This patch initializes the slice with a zero-length and expected capacity.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
 2023-01-24 20:46:20 +01:00
Maksym Pavlenko
f9f8455332 Backport #7393 to sbserver 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-17 14:36:21 -08:00
Maksym Pavlenko
0cbfb3375f Backport #7661 to sbserver 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-17 14:31:47 -08:00
Maksym Pavlenko
41eabf134a Backport #7685 to sbserver 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-17 14:26:16 -08:00
Maksym Pavlenko
b0d7a96976 Backport unit test from #7882 to sbserver 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-17 14:26:16 -08:00
Maksym Pavlenko
1ade777c24 Add basic spec and mounts for Darwin 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-12 17:00:40 -08:00
Maksym Pavlenko
3c8469a782 Use Platform instead of generated API 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-12 10:30:42 -08:00
Maksym Pavlenko
40be96efa9 Have separate spec builder for each platform 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:12:25 -08:00
Maksym Pavlenko
fdfa3519a3 Remove unused params from platformSpec 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:03:59 -08:00
Maksym Pavlenko
1c1d8fb057 Update OCI spec tests for generic platform 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:03:59 -08:00
Maksym Pavlenko
f43d8924e4 Move most of OCI spec options to common builder 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:03:59 -08:00
Maksym Pavlenko
21338d2777 Add stub to build common OCI spec 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:03:59 -08:00
Maksym Pavlenko
f318e5630b Update sandbox API to return target platform 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:03:59 -08:00
Maksym Pavlenko
dd22a3a806 Move WithMounts to specs 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-11 13:03:59 -08:00
Qasim Sarfraz
9c8c4508ec cri: Fix TestUpdateOCILinuxResource for host w/o swap controller 
Tested on Ubuntu 20.04 w/o swap controller:
```
$ stat -fc %T /sys/fs/cgroup/
tmpfs
$ la -la /sys/fs/cgroup/memory/memory.memsw.limit_in_bytes
ls: cannot access '/sys/fs/cgroup/memory/memory.memsw.limit_in_bytes': No such file or directory
$  go test -v ./pkg/cri/sbserver/ -run TestUpdateOCILinuxResource
=== RUN   TestUpdateOCILinuxResource
=== RUN   TestUpdateOCILinuxResource/should_be_able_to_patch_the_unified_map
=== RUN   TestUpdateOCILinuxResource/should_be_able_to_update_each_resource
=== RUN   TestUpdateOCILinuxResource/should_skip_empty_fields
=== RUN   TestUpdateOCILinuxResource/should_be_able_to_fill_empty_fields
--- PASS: TestUpdateOCILinuxResource (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_be_able_to_patch_the_unified_map (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_be_able_to_update_each_resource (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_skip_empty_fields (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_be_able_to_fill_empty_fields (0.00s)
PASS
ok      github.com/containerd/containerd/pkg/cri/sbserver       (cached)
$ go test -v ./pkg/cri/server/ -run TestUpdateOCILinuxResource
=== RUN   TestUpdateOCILinuxResource
=== RUN   TestUpdateOCILinuxResource/should_be_able_to_update_each_resource
=== RUN   TestUpdateOCILinuxResource/should_skip_empty_fields
=== RUN   TestUpdateOCILinuxResource/should_be_able_to_fill_empty_fields
=== RUN   TestUpdateOCILinuxResource/should_be_able_to_patch_the_unified_map
--- PASS: TestUpdateOCILinuxResource (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_be_able_to_update_each_resource (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_skip_empty_fields (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_be_able_to_fill_empty_fields (0.00s)
    --- PASS: TestUpdateOCILinuxResource/should_be_able_to_patch_the_unified_map (0.00s)
PASS
ok      github.com/containerd/containerd/pkg/cri/server (cached)
```

Signed-off-by: Qasim Sarfraz <qasimsarfraz@microsoft.com>
 2023-01-10 15:41:04 +01:00
Maksym Pavlenko
06bfcd658c Enable dupword linter 
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
 2023-01-03 12:47:16 -08:00
Samuel Karp
b0b28f1d8e Merge pull request #7879 from fuweid/clean-build-tags 2022-12-30 00:22:03 -08:00