Commit graph

193 commits

Author SHA1 Message Date
Antonio Murdaca
09a8d1a751
contrib: test: run kube tests in CI with same cgroup driver
Our CI tests on RHEL and Fedora and we want to test the systemd cgroup
driver. However, kubelet needs to run in tests with systemd cgroup
driver as well, or tests fail. This patch fixes broken CI because of
not matching cgroup driver between CRI-O and the kubelet.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-08 14:26:39 +02:00
Antonio Murdaca
b8a6d358e7 Merge pull request #562 from rhatdan/hooks
Add support for running oci-hooks
2017-09-07 19:06:01 +02:00
Antonio Murdaca
af0a494251
container_create: handle cap add/drop ALL
Kubelet can send cap add/drop ALL. Handle that in CRI-O as well.
Also, this PR is re-vendoring runtime-tools to fix capabilities add to
add caps to _all_ caps set **and** fix a shared memory issue (caps set
were initialized with the same slice, if one modifies one slice, it's
reflected on the other slices, the vendoring fixes this as well)

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 16:43:33 +02:00
Mrunal Patel
ac12018973 Merge pull request #814 from runcom/cache-ip-sandbox
cache sandbox's IP address
2017-09-06 09:51:03 -07:00
Antonio Murdaca
5947698818
test: replace bash CNI plugin with a custom bridge
Because we need a working CNI plugin to setup a correct netns so
sandbox_run can grab a working IP address.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-06 17:14:53 +02:00
Daniel J Walsh
c88bc13b07 Implement kpod rm
Kpod rm removes a container from the system

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-09-05 14:35:36 -04:00
Daniel J Walsh
139d0841e8 Add support for oci-hooks to libkpod
Add new directory /etc/crio/hooks.d, where packagers can drop a json config
file to specify a hook.

The json must specify a valid executable to run.
The json must also specify which stage(s) to run the hook:
prestart, poststart, poststop
The json must specify under which criteria the hook should be launched
If the container HasBindMounts
If the container cmd matches a list of regular expressions
If the containers annotations matches a list of regular expressions.
If any of these match the the hook will be launched.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-05 07:39:31 -04:00
Antonio Murdaca
2ac2832686
server: container_create: store sandbox's ip in annotations
So it can be later retrieved when needed (cadvisor)

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-02 02:05:58 +02:00
umohnani8
3d23f22292 Vendor in changes made to containers/image for OCI
Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-08-31 16:40:13 -04:00
Ryan Cole
865612c3db Disable compression by default
Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-08-28 08:29:42 -04:00
Antonio Murdaca
59ba89d64d
*: fix crictl vendor
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-27 10:54:36 +02:00
Daniel J Walsh
7af1ae71ed Merge pull request #776 from umohnani8/kpod_ps
Add 'kpod ps' command
2017-08-23 07:08:31 -04:00
umohnani8
35ca80abe6 Add 'kpod ps' command
kpod ps lists the containers currently stored

Displays the list of containers

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-08-22 16:40:45 -04:00
Antonio Murdaca
49bdd59406
*: initial wire in of crictl from cri-tools
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-22 20:14:49 +02:00
Antonio Murdaca
d56bf090ce
*: update kube vendor to v1.7.4
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-22 17:32:14 +02:00
Nalin Dahyabhai
178c1e9ccb kpod.bats: correct syntax errors
Correct some syntax errors in kpod.bats, ensure that it always checks
the exit status of "kpod rmi" commands, correct the order of options
when calling "kpod inspect", and test for string equality correctly.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-08-21 11:27:45 -04:00
baude
78c6151519 Modify kpod diff --json to --format json
We want all kpod subcommands to use the formats code to output
formats like json.  Altering kpod diff --json to kpod diff --format json
like the kpod images command.

Signed-off-by: baude <bbaude@redhat.com>
2017-08-18 21:05:58 -05:00
Mrunal Patel
f82fe5691a Merge pull request #706 from 14rcole/kpod-stats
Kpod stats
2017-08-17 11:24:38 -07:00
Mrunal Patel
a5591d34b7 Merge pull request #772 from 14rcole/kpod-rename
implement kpod rename
2017-08-17 10:04:16 -07:00
Ryan Cole
ceeed6c32e add kpod stats function
Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-08-17 11:34:10 -04:00
Ryan Cole
1eb21f8e15 implement kpod rename
rename a container

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-08-17 09:00:41 -04:00
Ryan Cole
07572e85f5 Add kpod logs command
Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-08-16 08:55:23 -04:00
Mrunal Patel
4311020c36 Merge pull request #653 from baude/images_json
cmd/kpod/images.go: Add JSON output option
2017-08-13 07:19:04 -07:00
baude
01b71393e3 cmd/kpod/images.go: Add structured format ouput
For kpod images, we need to output in JSON format so that consumers
(programatic) have structured input to work with.

kpod images --format json

Signed-off-by: baude <bbaude@redhat.com>
2017-08-12 19:09:49 -05:00
Ryan Cole
949268f958 Add kpod diff command
kpod diff reports on differences between two layers, specified as
layer IDs, containers, or images.  In the case of containers or
images, kpod diff produces a diff for the top layer

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-08-11 16:08:41 -04:00
Mrunal Patel
fb2ee59225 Merge pull request #737 from umohnani8/kpod_export
Add 'kpod export' command
2017-08-11 10:54:34 -07:00
umohnani8
be8ba17534 Add 'kpod export' command
kpod export exports the container's filesystem to a tar archive

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-08-08 16:46:01 -04:00
Dan Walsh
0cc45cf26a Add kpod-mount and kpod-umount to mount and umount container images
This command will allow users to manipulate and examine the container
images from outside of the container.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-08-08 15:46:50 -04:00
Daniel J Walsh
63a218a458 Move to new github.com/sirupsen/logrus.
Need to mv to latest released and supported version of logrus
switch github.com/Sirupsen/logrus github.com/sirupsen/logrus

Also vendor in latest containers/storage and containers/image

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-08-07 11:50:04 -04:00
Antonio Murdaca
a35727c80b
*: implement additional pull registries
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-02 16:38:11 +02:00
umohnani8
412b98be26 Add 'kpod load' command
Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-07-28 22:30:48 -04:00
umohnani8
ff5eda509a Add 'kpod save' command
Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-07-27 13:35:30 -04:00
Mrunal Patel
0e17bf4659 Merge pull request #648 from 14rcole/kpod-inspect
Implement `kpod inspect`
2017-07-21 07:12:08 -07:00
Ryan Cole
0d4305a261 Implement kpod inspect
kpod inspect allows the user to view low-level information about
containers and images

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-07-21 08:11:27 -04:00
Nalin Dahyabhai
4ebcd650e0 Force use of the "vfs" driver when testing on AUFS
Basically none of the clever storage drivers will work when we're on top
of AUFS, so if we find ourselves in that situation when running tests,
default to storage options of "--storage-driver vfs".

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-07-20 17:29:38 -04:00
Ryan Cole
680f7a6106 Add kpod push command
Push an image to a specified location, such as to an atomic registry
or a local directory

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-07-20 11:12:40 -04:00
umohnani8
ad490708a4 Add 'kpod history' command
Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-07-19 15:11:25 -04:00
Tobias Klauser
92a51af7ba seccomp: use Prctl() from x/sys/unix
Use unix.Prctl() instead of manually reimplementing it using
unix.RawSyscall. Also use unix.SECCOMP_MODE_FILTER instead of locally
defining it.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-18 15:34:23 +02:00
Mrunal Patel
fa5a3a04e0 test: Add a test for image volumes bind mount option
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-07-14 16:57:38 -07:00
Antonio Murdaca
17584facf0 Merge pull request #641 from mrunalp/pids_limit
Pids limit
2017-07-12 12:39:54 +02:00
Tobias Klauser
822172a892 all: Switch from package syscall to golang.org/x/sys/unix
The syscall package is locked down and the comment in [1] advises to
switch code to use the corresponding package from golang.org/x/sys. Do
so and replace usage of package syscall where possible (leave
syscall.SysProcAttr and syscall.Stat_t).

  [1] https://github.com/golang/go/blob/master/src/syscall/syscall.go#L21-L24

This will also allow to get updates and fixes just by re-vendoring
golang.org/x/sys/unix instead of having to update to a new go version.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-12 08:18:55 +02:00
Mrunal Patel
288415d31d test: Add test for pids limit
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-07-11 19:17:48 -07:00
umohnani8
ac9b53266d Add 'kpod pull' command
Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-07-11 09:05:17 -04:00
Mrunal Patel
de1cb64ee8 test: Add a test for image volume ignore
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-07-10 13:46:14 -07:00
Mrunal Patel
0d0f651828 test: Use cgroupfs for tests
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-07-05 17:29:32 -07:00
umohnani8
9595d7900e Add kpod version
Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-06-27 16:48:24 -04:00
Mrunal Patel
510d7d97d4 Merge pull request #605 from apilloud/hostport
server: Add support for hostPorts
2017-06-24 10:28:28 -07:00
Sebastien Boeuf
c66081eafa test: Make sure to have a running container before calling into "exec"
The test "ctr execsync std{out,err}" from ctr.bats works with runc,
but the semantics behind is wrong.

We should not be able to execute a new process on a container which
has not been previously started. That's why this patch adds a call
to start the container.

Moreover, we don't want to be able to execute a new process on a
container that has already returned because its workload is done.
For that reason, we need to force the container workload to be a
"sleep 10" to ensure it is still running when the call to "exec"
is issued.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2017-06-23 14:08:33 -07:00
Andrew Pilloud
e4e982d78a test: hostport network test
Signed-off-by: Andrew Pilloud <andrewpilloud@igneoussystems.com>
2017-06-22 15:46:15 -07:00
Mrunal Patel
59820df8e1 Merge pull request #619 from mrunalp/tty_logging_check
test: Tighten the grep for logging with tty
2017-06-22 10:02:54 -07:00