github/containerd
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity
14,355 Commits 3 Branches 2 Tags 112 MiB
fff2236f49
Commit Graph

14355 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Derek McGowan
fff2236f49
Merge pull request #10769 from klihub/devel/update-nri 
Update NRI to latest.
 2024-10-16 23:38:34 +00:00
Samuel Karp
3bc51c43c0
Merge pull request #10696 from austinvazquez/add-containerd-2.0-doc 
Add containerd 2.0 doc
 2024-10-16 22:33:15 +00:00
Austin Vazquez
b724b9f231
Add containerd 2.0 doc 
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
 2024-10-16 17:53:38 +00:00
Phil Estes
0abada6251
Merge pull request #10839 from matteopulcini6/sandbox-deferring-teardown-main 
Handle teardown failure to avoid blocking cleanup
 2024-10-16 15:54:56 +00:00
Phil Estes
d1245c6faf
Merge pull request #10815 from Iceber/unmarshal-metrics-to-type 
metrics: Use UnmarshalTo instead of UnmarshalAny
 2024-10-16 13:50:24 +00:00
Phil Estes
dac94198b1
Merge pull request #10829 from containerd/dependabot/github_actions/lycheeverse/lychee-action-2.0.2 
build(deps): bump lycheeverse/lychee-action from 1.10.0 to 2.0.2
 2024-10-16 13:48:06 +00:00
dependabot[bot]
4f2bc1580b
build(deps): bump lycheeverse/lychee-action from 1.10.0 to 2.0.2 
Bumps [lycheeverse/lychee-action](https://github.com/lycheeverse/lychee-action) from 1.10.0 to 2.0.2.
- [Release notes](https://github.com/lycheeverse/lychee-action/releases)
- [Commits](https://github.com/lycheeverse/lychee-action/compare/v1.10.0...v2.0.2)

---
updated-dependencies:
- dependency-name: lycheeverse/lychee-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-16 07:55:51 +00:00
Krisztian Litkey
4bd3a71dd6
go.{mod,sum}: update NRI deps and re-vendor. 
Update NRI dependencies to point to the latest main/HEAD.

Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
 2024-10-16 10:27:57 +03:00
Samuel Karp
37943cf6e4
Merge pull request #10840 from step-security-bot/stepsecurity_remediation_1729057981 
[StepSecurity] ci: Harden GitHub Actions
 2024-10-16 07:15:54 +00:00
StepSecurity Bot
bff82e1968
[StepSecurity] ci: Harden GitHub Actions 
Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
 2024-10-16 05:53:03 +00:00
Akihiro Suda
8b41368e7b
Merge pull request #10830 from containerd/dependabot/go_modules/otel-11b303cab5 
build(deps): bump the otel group with 8 updates
 2024-10-16 00:50:56 +00:00
Matteo Pulcini
0742238cd6 Handle teardown failure to avoid blocking cleanup 
Signed-off-by: Matteo Pulcini <Matteo.Pulcini@ibm.com>
 2024-10-15 15:35:20 -07:00
dependabot[bot]
c3d84a87fb
build(deps): bump the otel group with 8 updates 
Bumps the otel group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.55.0` | `0.56.0` |
| [go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp](https://github.com/open-telemetry/opentelemetry-go-contrib) | `0.55.0` | `0.56.0` |
| [go.opentelemetry.io/otel](https://github.com/open-telemetry/opentelemetry-go) | `1.30.0` | `1.31.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlptrace](https://github.com/open-telemetry/opentelemetry-go) | `1.30.0` | `1.31.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc](https://github.com/open-telemetry/opentelemetry-go) | `1.30.0` | `1.31.0` |
| [go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp](https://github.com/open-telemetry/opentelemetry-go) | `1.30.0` | `1.31.0` |
| [go.opentelemetry.io/otel/sdk](https://github.com/open-telemetry/opentelemetry-go) | `1.30.0` | `1.31.0` |
| [go.opentelemetry.io/otel/trace](https://github.com/open-telemetry/opentelemetry-go) | `1.30.0` | `1.31.0` |


Updates `go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc` from 0.55.0 to 0.56.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.55.0...zpages/v0.56.0)

Updates `go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp` from 0.55.0 to 0.56.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go-contrib/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go-contrib/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go-contrib/compare/zpages/v0.55.0...zpages/v0.56.0)

Updates `go.opentelemetry.io/otel` from 1.30.0 to 1.31.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.30.0...v1.31.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace` from 1.30.0 to 1.31.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.30.0...v1.31.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc` from 1.30.0 to 1.31.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.30.0...v1.31.0)

Updates `go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp` from 1.30.0 to 1.31.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.30.0...v1.31.0)

Updates `go.opentelemetry.io/otel/sdk` from 1.30.0 to 1.31.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.30.0...v1.31.0)

Updates `go.opentelemetry.io/otel/trace` from 1.30.0 to 1.31.0
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.30.0...v1.31.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: otel
- dependency-name: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: otel
- dependency-name: go.opentelemetry.io/otel
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: otel
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: otel
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: otel
- dependency-name: go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracehttp
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: otel
- dependency-name: go.opentelemetry.io/otel/sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: otel
- dependency-name: go.opentelemetry.io/otel/trace
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: otel
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-15 22:17:42 +00:00
Fu Wei
5d49f2e3ae
Merge pull request #10838 from samuelkarp/revert-runc-1.1.15 
Revert "update runc binary to 1.1.15"
 2024-10-15 20:45:12 +00:00
Fu Wei
36ae5f94b9
Merge pull request #10721 from rata/issue-10704 
Fix data loss in rootfs overlayfs when unmount of tmp dirs fail with idmap mounts
 2024-10-15 20:44:46 +00:00
Samuel Karp
b7c333ce24
Revert "update runc binary to 1.1.15" 
This reverts commit f0f1bfca07.

runc 1.1.15 appears to have incresed chances for causing OOMs for
containers with small memory limits.  Revert the change in containerd
to unblock CI while the upstream runc issue is resolved.

Dependency-issue: https://github.com/opencontainers/runc/issues/4427
Signed-off-by: Samuel Karp <samuelkarp@google.com>
 2024-10-15 09:28:04 -07:00
Iceber Gu
c6d089090c metrics: Use UnmarshalTo instead of UnmarshalAny 
Co-authored-by: Sam Lockart <sam.lockart@zendesk.com>
Signed-off-by: Iceber Gu <caiwei95@hotmail.com>
 2024-10-12 15:55:27 +08:00
Akihiro Suda
61f91b963e
Merge pull request #10817 from AkihiroSuda/fix-10816 
CI: fix vagrant
 2024-10-12 13:57:42 +09:00
Akihiro Suda
1db0064c6a
CI: install OVMF for Vagrant 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-10-12 05:19:09 +09:00
Akihiro Suda
4d02217b5e
CI: fix "Unable to find a source package for vagrant" error 
Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-10-12 05:19:08 +09:00
Akihiro Suda
38beeb359a
Revert "use vagrant from jammy in noble" 
This reverts commit 1bfdccee09.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-10-12 05:19:08 +09:00
Akihiro Suda
e2daa20ed5
Revert "use older version of OVMF package" 
This reverts commit c25183ff19.

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
 2024-10-12 05:19:08 +09:00
Akihiro Suda
08037e7624
Merge pull request #10821 from estesp/switch-arm-runners 
Switch from actuated.dev to GH Action runners for arm64
 2024-10-12 05:18:59 +09:00
Phil Estes
ee921689f7
Switch from actuated.dev to GH Action runners for arm64 
Signed-off-by: Phil Estes <estesp@amazon.com>
 2024-10-11 13:30:43 -04:00
Akihiro Suda
ce7c473ccc
Merge pull request #10788 from containerd/dependabot/go_modules/golang-x-fce5e8e0ff 
build(deps): bump golang.org/x/sys from 0.25.0 to 0.26.0 in the golang-x group
 2024-10-09 04:58:35 +00:00
dependabot[bot]
f89ed3c628
build(deps): bump golang.org/x/sys in the golang-x group 
Bumps the golang-x group with 1 update: [golang.org/x/sys](https://github.com/golang/sys).


Updates `golang.org/x/sys` from 0.25.0 to 0.26.0
- [Commits](https://github.com/golang/sys/compare/v0.25.0...v0.26.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: golang-x
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-09 03:54:23 +00:00
Akihiro Suda
2483108676
Merge pull request #10791 from containerd/dependabot/go_modules/google.golang.org/grpc-1.67.1 
build(deps): bump google.golang.org/grpc from 1.67.0 to 1.67.1
 2024-10-09 03:19:53 +00:00
dependabot[bot]
428df99db2
build(deps): bump google.golang.org/grpc from 1.67.0 to 1.67.1 
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.67.0 to 1.67.1.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](https://github.com/grpc/grpc-go/compare/v1.67.0...v1.67.1)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-08 09:24:24 +00:00
Akihiro Suda
6c4102f944
Merge pull request #10790 from containerd/dependabot/go_modules/google.golang.org/protobuf-1.35.1 
build(deps): bump google.golang.org/protobuf from 1.34.2 to 1.35.1
 2024-10-08 08:42:38 +00:00
Akihiro Suda
179b8d9b3c
Merge pull request #10772 from austinvazquez/update-golang-1.23.2 
update to go1.23.2,go1.22.8
 2024-10-08 06:41:34 +00:00
Samuel Karp
ce648b5c89
Merge pull request #10787 from samuelkarp/runc-1.1.15 
update runc binary to 1.1.15
 2024-10-08 03:45:13 +00:00
dependabot[bot]
9c42dd959a
build(deps): bump google.golang.org/protobuf from 1.34.2 to 1.35.1 
Bumps google.golang.org/protobuf from 1.34.2 to 1.35.1.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2024-10-07 23:32:15 +00:00
Samuel Karp
f0f1bfca07
update runc binary to 1.1.15 
diff: https://github.com/opencontainers/runc/compare/v1.1.14...v1.1.15

Release notes:

- The -ENOSYS seccomp stub is now always generated for the native
  architecture that runc is running on. This is needed to work around some
  arguably specification-incompliant behaviour from Docker on architectures
  such as ppc64le, where the allowed architecture list is set to null. This
  ensures that we always generate at least one -ENOSYS stub for the native
  architecture even with these weird configs. (#4391)
- On a system with older kernel, reading /proc/self/mountinfo may skip some
  entries, as a consequence runc may not properly set mount propagation,
  causing container mounts leak onto the host mount namespace. (#2404, #4425)
- In order to fix performance issues in the "lightweight" bindfd protection
  against [CVE-2019-5736], the temporary ro bind-mount of /proc/self/exe
  has been removed. runc now creates a binary copy in all cases. (#4392, #2532)

Signed-off-by: Samuel Karp <samuelkarp@google.com>
 2024-10-07 15:41:26 -07:00
Austin Vazquez
46f5a0d939
update to go1.23.2,go1.22.8 
Signed-off-by: Austin Vazquez <macedonv@amazon.com>
 2024-10-07 15:09:53 +00:00
Phil Estes
8701137695
Merge pull request #10777 from coolljt0725/fix_typo 
core/runtime: Fix a typo in error message
 2024-10-07 13:02:57 +00:00
Phil Estes
d2565d4bb3
Merge pull request #10781 from austinvazquez/upgrade-macos-runner-image 
Update runner images to macOS13
 2024-10-07 12:52:07 +00:00
Austin Vazquez
7b18098513
Update runner images to macOS13 
This change upgrades the runner images in CI to macOS 13. macOS 12
runners are being deprecated.

See https://github.com/actions/runner-images/issues/10721 for more
information.

Signed-off-by: Austin Vazquez <macedonv@amazon.com>
 2024-10-07 01:31:05 +00:00
Lei Jitang
e479431e0d core/runtime: Fix a typo in error message 
`boostrap.json` should be `bootstrap.json`

Signed-off-by: Lei Jitang <leijitang@outlook.com>
 2024-10-05 18:33:12 +08:00
Phil Estes
59ffbf4ce3
Merge pull request #10761 from cpuguy83/shim_remove_nethttp 
More shim imports cleanup
 2024-10-03 14:56:25 +00:00
Derek McGowan
f1c70e83ae
Merge pull request #9470 from lengrongfu/feat/add-e2e-for-systemdcgroup 
add use systemd cgroup e2e
 2024-10-03 13:13:44 +00:00
Brian Goff
b85909cd4c shim: Move pprof server to plugin 
Makes the pprof server a plugin and also gates by the `shim_tracing`
build tag (like otel is).
With this change, `net/http` is no longer a dependency in the shim.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
 2024-10-03 00:12:50 +00:00
Brian Goff
b2681dfbdb shim: Move ttrpc interceptors to plugins 
This makes it so we don't need to import otelttrpc unless the shim is
compiled with the `shim_tracing` build tag.
This way otel is no longer compiled into the binary at all unless
`shim_tracing` is set.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
 2024-10-03 00:12:47 +00:00
Samuel Karp
e1006c0869
Merge pull request #10723 from saketjajoo/3787-race-condition-fix 
Fix the race condition during GC of snapshots when client retries
 2024-10-02 23:32:24 +00:00
Maksym Pavlenko
9c23fd71ed
Merge pull request #10760 from GabyCT/topic/runctrap 
script/setup/install-runc: Add trap statement to clean up tmp files
 2024-10-02 23:26:10 +00:00
Saket Jajoo
d7f83034c2
Fix the race condition during GC of snapshots when client retries 
When an upstream client (e.g. kubelet) stops or restarts, the CRI
connection to the containerd gets interrupted which is treated as a
cancellation of context which subsequently cancels an ongoing operation,
including an image pull. This generally gets followed by containerd's
GC routine that tries to delete the prepared snapshots for the image
layer(s) corresponding to the image in the pull operation that got
cancelled. However, if the upstream client immediately retries (or
starts a new) image pull operation, containerd initiates a new image
pull and starts unpacking the image layers into snapshots. This may
create a race condition: the GC routine (corresponding to the failed
image pull operation) trying to clean up the same snapshot that the new
image pull operation is preparing, thus leading to the "parent snapshot
does not exist: not found" error.

Race Condition Scenario:
Assume an image consisting of 2 layers (L1 and L2, L1 being the bottom
layer) that are supposed to get unpacked into snapshots S1 and S2
respectively.

During an image pull operation, containerd unpacks(L1) which involves
Stat()'ing the chainID. This Stat() fails as the chainID does not
exist and Prepare(L1) gets called. Once S1 gets prepared, containerd
processes L2 - unpack(L2) which again involves Stat()'ing the chainID
which fails as the chainID for S2 does not exist which results in the
call to Prepare(L2). However, if the image pull operation gets
cancelled before Prepare(L2) is called, then the GC routine tries to
clean up S1.

When the image pull operation is retried by the upstream client,
containerd follows the same series of operations. unpack(L1) gets
called which then calls Stat(chainID) for L1. However, this time,
Stat(L1) succedes as S1 already exists (from the previous image pull
operation) and thus containerd goes to the next iteration to
unpack(L2). Now, GC cleans up S1 and when Prepare(L2) gets called, it
returns back the "parent snapshot does not exist: not found" error.

Fix:
Removing the "Stat() + early return" fixes the race condition. Now
during the image pull operation corresponding to the client retry,
although the chainID (for L1) already exists, containerd does not
return early and goes on to Prepare(L1). Since L1 is already prepared,
it adds a new lease to S1 and then returns `ErrAlreadyExists`. This
new lease prevents GC from cleaning up S1 when containerd processes
L2 (unpack(L2) -> Prepare(L2)).

Fixes: https://github.com/containerd/containerd/issues/3787

Signed-off-by: Saket Jajoo <saketjajoo@google.com>
 2024-10-02 22:10:15 +00:00
Gabriela Cervantes
24fe444eb6 script/setup/install-runc: Add trap statement to clean up tmp files 
This PR adds the trap statement in the install runc script to clean
up the temporary files and ensure we are not leaving them.

Signed-off-by: Gabriela Cervantes <gabriela.cervantes.tellez@intel.com>
 2024-10-02 19:52:02 +00:00
Brian Goff
6ffdabf725 Makefile: fix shim tags overwritten 
Go taks multiple `--tags` as overwriting the previously set ones,
which is not what we want.

Signed-off-by: Brian Goff <cpuguy83@gmail.com>
 2024-10-02 19:17:56 +00:00
Maksym Pavlenko
01ca26f209
Merge pull request #10757 from cpuguy83/shim_deps 
Clean up some dependency trees for runc shim
 2024-10-02 16:39:23 +00:00
lengrongfu
095131abf9 add use systemd cgroup e2e 
Signed-off-by: lengrongfu <lenronfu@gmail.com>
Signed-off-by: rongfu.leng <lenronfu@gmail.com>
 2024-10-03 00:37:29 +08:00
Derek McGowan
06dfa0c2f1
Merge pull request #10754 from containerd/dependabot/go_modules/github.com/intel/goresctrl-0.8.0 
build(deps): bump github.com/intel/goresctrl from 0.7.0 to 0.8.0
 2024-10-02 13:53:44 +00:00