Switch to using the new `google-github-actions/upload-cloud-storage`
GitHub action for uploading the CI results for the Windows Periodic
Tests.
Signed-off-by: Nashwan Azhari <nazhari@cloudbasesolutions.com>
Following the forking of `github-google-actions/setup-gcloud` into
individual actions, the functionality for authenticating on Google
Cloud within GitHub workflows has been moved to the
`github-google-actions/auth` action.
This patch updates the Windows Periodic Integration test workflow to use
the new `auth` action, as well as switching to using Workload Identity
Federation-based authorization which is superseding the Service Account
Key-based authorization the Windows Periodic workflow was using thus far.
Signed-off-by: Nashwan Azhari <nazhari@cloudbasesolutions.com>
This commit unifies the following sub commands alias for
deleting/removing.
- containers
- tasks
- contents
- leases
- images
- snapshots
Signed-off-by: Ning Li <lining2020x@163.com>
This makes it easy for share functionality across tools to prevent
pushing layers that are not supposed to be re-distributed.
Signed-off-by: Brian Goff <cpuguy83@gmail.com>
This patch makes the Windows Periodic workflow pass specific test images
to CRITest. This will allow full control over the container images used
in workflow runs as opposed to relying on the hardcoded defaults in
`cri-tools` to be compatible with all the tested Windows releases.
Depends-On: https://github.com/kubernetes-sigs/cri-tools/pull/855
Signed-off-by: Nashwan Azhari <nazhari@cloudbasesolutions.com>
On newer COS M97 images, cgroupv2 is enabled out of the box. It is
enabled using default systemd configuration and does not have
`systemd.unified_cgroup_hierarchy` present `/proc/cmdline`. As a result, the
check for manual cgroupv2 enablement should be improved to not only check
`/proc/cmdline`, but also to see if it's enabled on the system using `stat
-fc %T /sys/fs/cgroup/`
Signed-off-by: David Porter <porterdavid@google.com>
This system call is only available on 32- and 64-bit PowerPC, it is used
by modern programming language implementations to implement coroutine
features through userspace context switches.
moby [1] and systemd nspawn [2] already whitelist this system call so it
makes sense to whitelist it in containerd as well.
[1]: https://github.com/moby/moby/pull/43092
[2]: https://github.com/systemd/systemd/pull/9487
Signed-off-by: Sören Tempel <soeren+git@soeren-tempel.net>
Enabling this option effectively causes RDT class of a container to be a
soft requirement. If RDT support has not been enabled the RDT class
setting will not have any effect.
Signed-off-by: Markus Lehtonen <markus.lehtonen@intel.com>
Use goresctrl for parsing container and pod annotations related to RDT.
In practice, from the users' point of view, this patchs adds support for
a container annotation and two separate pod annotations for controlling
the RDT class of containers.
Container annotation can be used by a CRI client:
"io.kubernetes.cri.rdt-class"
Pod annotations for specifying the RDT class in the K8s pod spec level:
"rdt.resources.beta.kubernetes.io/pod"
(pod-wide default for all containers within)
"rdt.resources.beta.kubernetes.io/container.<container_name>"
(container-specific overrides)
Annotations are intended as an intermediate step before the CRI API
supports RDT.
Signed-off-by: Markus Lehtonen <markus.lehtonen@intel.com>
Add support for configuring the Linux resctrl pseudo-filesystem with
goresctrl library. The functionality is integrated in the
"io.containerd.service.v1.tasks-service" plugin.
Signed-off-by: Markus Lehtonen <markus.lehtonen@intel.com>
