containerd

Author	SHA1	Message	Date
Lantao Liu	f938a166cd	Fix kube-container-runtime-monitor. Signed-off-by: Lantao Liu <lantaol@google.com>	2020-08-11 09:15:08 -07:00
Lantao Liu	91f8e61bd3	Use crictl installed in kube-up.sh Signed-off-by: Lantao Liu <lantaol@google.com>	2020-08-11 09:15:08 -07:00
Lantao Liu	5161f663e4	Add `unix://` prefix for socket addresses used by CRI remote client. Signed-off-by: Lantao Liu <lantaol@google.com>	2020-08-11 09:15:08 -07:00
Lantao Liu	1b995fcaf2	Add KUBE_CONTAINER_RUNTIME_NAME to fix fluentd support. Signed-off-by: Lantao Liu <lantaol@google.com>	2020-08-11 09:15:08 -07:00
Lantao Liu	48457a254e	Try using preloaded containerd if no version is specified. Signed-off-by: Lantao Liu <lantaol@google.com>	2020-08-11 09:15:08 -07:00
Lantao Liu	c67a38b0b5	Add log level support. Signed-off-by: Lantao Liu <lantaol@google.com>	2020-08-11 09:15:08 -07:00
Lantao Liu	4453aac005	Improve gce bootstrapping in various ways. Signed-off-by: Lantao Liu <lantaol@google.com>	2020-08-11 09:15:08 -07:00
Lantao Liu	1bd3cdc572	Add cni config template support. Signed-off-by: Lantao Liu <lantaol@google.com>	2020-08-11 09:15:07 -07:00
Lantao Liu	d520fac508	Enable TLS streaming in all the setup. Signed-off-by: Lantao Liu <lantaol@google.com>	2020-08-11 09:15:07 -07:00
Lantao Liu	cdb4aec93a	Use systemd service cgroup and oom score adj. Signed-off-by: Lantao Liu <lantaol@google.com>	2020-08-11 09:15:07 -07:00
Lantao Liu	af8bd80689	Fix for kube-up.sh and update several documments. Signed-off-by: Lantao Liu <lantaol@google.com>	2020-08-11 09:15:07 -07:00
Lantao Liu	005da4a9b9	Replace `ctrcri` with `ctr cri`. Signed-off-by: Lantao Liu <lantaol@google.com>	2020-08-11 09:15:07 -07:00
Lantao Liu	0e2bd216ce	Update GCE cluster bootstrapping and e2e test Signed-off-by: Lantao Liu <lantaol@google.com>	2020-08-11 09:15:07 -07:00
Lantao Liu	59e65e1f37	Enable container log rotation. Signed-off-by: Lantao Liu <lantaol@google.com>	2020-08-11 09:15:07 -07:00
Lantao Liu	85b4e69c9f	Do not block on stream server close. Signed-off-by: Lantao Liu <lantaol@google.com>	2020-08-11 09:15:07 -07:00
Lantao Liu	2ea6584ca7	Add initial wait for health-monitor and use pkill -x. Signed-off-by: Lantao Liu <lantaol@google.com>	2020-08-11 09:15:07 -07:00
Lantao Liu	56b7ef2c4d	The ENV is finalized as KUBE_KUBELET_EXTRA_ARGS. Signed-off-by: Lantao Liu <lantaol@google.com>	2020-08-11 09:15:06 -07:00
Mike Brown	24a3a0a068	change crictl sandboxes to pods; other references to sandboxes Signed-off-by: Mike Brown <brownwm@us.ibm.com>	2020-08-11 09:15:06 -07:00
Lantao Liu	8bc30e7a2e	Update ocicni to main stream. Signed-off-by: Lantao Liu <lantaol@google.com>	2020-08-11 09:15:06 -07:00
Lantao Liu	a010715584	Add a separate CLI for cri-containerd `ctrcri`. Signed-off-by: Lantao Liu <lantaol@google.com>	2020-08-11 09:15:06 -07:00
Lantao Liu	a843a30645	Use registry-1.docker.io as backup Signed-off-by: Lantao Liu <lantaol@google.com>	2020-08-11 09:15:06 -07:00
Lantao Liu	ec649079a9	Put version into metadata so that version won't be changed across restart. Signed-off-by: Lantao Liu <lantaol@google.com>	2020-08-11 09:15:06 -07:00
Lantao Liu	7cbc1c8dc3	Set registry mirror. Signed-off-by: Lantao Liu <lantaol@google.com>	2020-08-11 09:15:06 -07:00
Lantao Liu	9f0816ac43	Configure container runtime cgroups for cgroup. Signed-off-by: Lantao Liu <lantaol@google.com>	2020-08-11 09:15:06 -07:00
Lantao Liu	be72f47ec9	Add runtime cgroup and fix a cli panic. Signed-off-by: Lantao Liu <lantaol@google.com>	2020-08-11 09:15:05 -07:00
Lantao Liu	680e21c430	Update all glog flags to `log-level`. Signed-off-by: Lantao Liu <lantaol@google.com>	2020-08-11 09:15:05 -07:00
Lantao Liu	d50b9dd64c	Update containerd to 6c7abf7c76c1973d4fb4b0bad51691de84869a51. Signed-off-by: Lantao Liu <lantaol@google.com>	2020-08-11 09:15:05 -07:00
Lantao Liu	869ea6b0c8	Add document for kube-up.sh Signed-off-by: Lantao Liu <lantaol@google.com>	2020-08-11 09:15:05 -07:00
Lantao Liu	30cbfb62ec	Add OS and arch in release tarball. Signed-off-by: Lantao Liu <lantaol@google.com>	2020-08-11 09:15:05 -07:00
Lantao Liu	0512d1e0b2	Add `cluster` directory and health-monitor.sh. Signed-off-by: Lantao Liu <lantaol@google.com>	2020-08-11 09:15:05 -07:00
Akihiro Suda	8a3f1c99e0	Merge pull request #4451 from dweomer/test-selinux Update Vagrantfile for testing SELinux	2020-08-11 20:05:03 +09:00
Derek McGowan	4252d2c9b1	Merge pull request #4461 from AkihiroSuda/update-rootless-doc update docs/rootless.md	2020-08-10 23:46:32 -07:00
Derek McGowan	269633f72e	Merge pull request #4459 from AkihiroSuda/runc-rc92 update runc to v1.0.0-rc92	2020-08-10 23:45:43 -07:00
Jacob Blain Christen	b4376e9865	Update Vagrantfile for testing SELinux `vagrant up` will build and install containerd and all dependencies, setting up proper SELinux contexts on the runc and containerd binaries. The VM is configured to be SELinux Enforcing by default but this gets changed during various CI passes via a matrix param to Disabled and Permissive before running tests. I have an open PR to fix the container-selinux policy for containerd at https://github.com/containers/container-selinux/pull/98 which once accepted we will want to update the CI matrix to use Enforcing mode instead of Permissive. All tests currently pass in SELinux permissive mode with containerd configured with `enable_selinux=true`. To see which tests are failing with SELinux enforcing and an already spun up VM: `SELINUX=Enforcing vagrant up --provision-with=selinux,test-cri` To test SELinux enforcing in a new VM: `vagrant destroy -force; SELINUX=Enforcing vagrant up --provision-with=shell,selinux,test-cri` The `selinux` shell provisioner, parameterized by the SELINUX envvar, will configure the system as you would expect, with the side effect that containerd is configured with `enable_selinux=true` via `/etc/containerd/config.toml` for Permissive or Enforcing modes and `enable_selinux=false` when SELINUX=Disabled. Provided that virtualization is suported, this Vagrantfile and provisioners make it easy to test containerd/cri for conformance under SELinux on non-SELinux systems. Signed-off-by: Jacob Blain Christen <jacob@rancher.com>	2020-08-10 01:55:44 -07:00
Wei Fu	23934e8686	Merge pull request #4462 from thaJeztah/bump_golang_1.13.15 Bump Golang 1.13.15	2020-08-09 10:41:37 +08:00
Sebastiaan van Stijn	55c9eade39	Bump Golang 1.13.15 full diff: https://github.com/golang/go/compare/go1.13.14...go1.13.15 go1.13.15 (released 2020/08/06) includes security fixes to the encoding/binary package. See the Go 1.13.15 milestone on the issue tracker for details. https://github.com/golang/go/issues?q=milestone%3AGo1.13.15+label%3ACherryPickApproved Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2020-08-08 15:07:28 +02:00
Akihiro Suda	e3e2c39462	update docs/rootless.md Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>	2020-08-08 04:08:35 +09:00
Akihiro Suda	8433602989	update runc to v1.0.0-rc92 Changes: https://github.com/opencontainers/runc/releases/tag/v1.0.0-rc92 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>	2020-08-06 20:31:33 +09:00
Akihiro Suda	3cdc7bf13d	Merge pull request #4457 from thaJeztah/bump_cri_tools Update cri-tools to v1.18.0-100-g2bf7674 for Go 1.15 compatibility	2020-08-06 09:21:39 +09:00
Sebastiaan van Stijn	3cc2be2a87	Update cri-tools to v1.18.0-100-g2bf7674 for Go 1.15 compatibility full diff: `16911795a3...2bf7674922` Signed-off-by: Sebastiaan van Stijn <github@gone.nl>	2020-08-05 13:17:11 +02:00
Derek McGowan	85b15eff45	Merge pull request #4449 from dmcgowan/prepare-1.4.0-rc.0 Prepare 1.4.0-rc.0 release	2020-08-04 10:57:07 -07:00
Derek McGowan	6288559231	Prepare 1.4.0-rc.0 release Move beta release notes and update version Signed-off-by: Derek McGowan <derek@mcg.dev>	2020-08-03 22:22:53 -07:00
Maksym Pavlenko	666198cd2a	Merge pull request #4446 from kzys/devmapper-platform snapshots/devmapper: don't hardcord the platform strings	2020-08-03 13:11:38 -07:00
Kazuyoshi Kato	74e9aa7abb	snapshots/devmapper: don't hardcord the platform strings The snapshotter doesn't have to exclude non-amd64 platforms. Signed-off-by: Kazuyoshi Kato <katokazu@amazon.com>	2020-08-03 11:55:36 -07:00
Akihiro Suda	0f08a55d6b	Merge pull request #4413 from dmcgowan/registry-proxy-ns Add namespace query parameter for registry proxying	2020-08-04 01:58:52 +09:00
Derek McGowan	adeba792f1	Add namespace query parameter for registry proxying Proxy registries are designed to serve content from upstreams. However, the proxy hostname will usually not match the hostname of the upstream, requiring the proxy to only use a single upstream or use its own pattern matching to determine the upstream. To solve this issue, the client will pass along the namespace which is being used for the request, allowing mirrors to easily map to multiple upstreams. This query parameter can safely be ignored if multiple upstreams are not supported. Signed-off-by: Derek McGowan <derek@mcg.dev>	2020-08-03 09:32:44 -07:00
Akihiro Suda	49837814b3	Merge pull request #4433 from Yikun/enable-new-nodeset Change nodeset to `ubuntu-xenial-arm64-openlab`	2020-08-03 16:26:38 +09:00
Maksym Pavlenko	bd92d567a5	Merge pull request #4442 from estesp/noop-deps Remove seccomp/Linux deps steps in GH Actions	2020-07-31 16:13:34 -07:00
Phil Estes	5a190c7077	Remove seccomp/Linux deps steps in GH Actions Recent changes removed the need for libseccomp-dev when building containerd. The btrfs tools package is already installed on GH Actions runners and was already a no-op so the whole step can be removed. Signed-off-by: Phil Estes <estesp@linux.vnet.ibm.com>	2020-07-31 11:25:26 -04:00
Phil Estes	6162ae93db	Merge pull request #4439 from AkihiroSuda/cri-20200731 vendor: update cri (no more libseccomp cgo dependency)	2020-07-31 11:21:11 -04:00

1 2 3 4 5 ...

6055 Commits