Antonio Murdaca
af0a494251
container_create: handle cap add/drop ALL
...
Kubelet can send cap add/drop ALL. Handle that in CRI-O as well.
Also, this PR is re-vendoring runtime-tools to fix capabilities add to
add caps to _all_ caps set **and** fix a shared memory issue (caps set
were initialized with the same slice, if one modifies one slice, it's
reflected on the other slices, the vendoring fixes this as well)
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 16:43:33 +02:00
Mrunal Patel
7f4f630b98
Merge pull request #852 from runcom/fixies-42
...
*: bunch of fixes...
2017-09-07 07:37:37 -07:00
Mrunal Patel
b13e881a9b
Merge pull request #858 from runcom/fix-add-registry
...
pkg: storage: fix additional registries
2017-09-07 07:34:57 -07:00
Antonio Murdaca
f7cbbf5e69
Merge pull request #813 from cevich/addswap
...
Add file-backed swap to prevent OOM
2017-09-07 14:56:08 +02:00
Antonio Murdaca
70657ea19a
Merge pull request #854 from dcbw/cni-updates
...
Use CNI driver from cri-o/ocicni instead of internal one
2017-09-07 12:33:31 +02:00
Antonio Murdaca
1f908f0890
pkg: storage: fix additional registries
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 11:57:16 +02:00
Antonio Murdaca
e8553a124d
container_create: better handling of devices
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 10:13:22 +02:00
Antonio Murdaca
b7b57e8731
container_create: Add TERM=xterm when tty=true
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 10:13:22 +02:00
Antonio Murdaca
cde40ad5ca
container_create: set privileged on ctr only if also on sandbox
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 10:13:22 +02:00
Antonio Murdaca
dacc5c3ece
*: correctly wait and close servers
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 10:13:21 +02:00
Mrunal Patel
a81e90a9c9
Merge pull request #848 from runcom/panic-img
...
pkg: storage: fix panic when no image names
2017-09-06 17:31:34 -07:00
Dan Williams
0df30c5319
server: port to github.com/cri-o/ocicni; remove pkg/ocicni
...
Signed-off-by: Dan Williams <dcbw@redhat.com>
2017-09-06 16:07:50 -05:00
Dan Williams
3db6ba7667
vendor: add github.com/cri-o/ocicni
...
Signed-off-by: Dan Williams <dcbw@redhat.com>
2017-09-06 16:03:58 -05:00
Dan Williams
aec99d6f80
vendor: update CNI to 0.6.0
...
Signed-off-by: Dan Williams <dcbw@redhat.com>
2017-09-06 16:03:57 -05:00
Daniel J Walsh
9f282717da
Begin converting kpod pull to use libpod/runtime
...
We want to drop brute force mechainism for handling image
movement, this patch experiments with moving kpod pull
to use new libpod interfaces.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-06 19:38:47 +00:00
Daniel J Walsh
e18e962238
Move libkpod/image libkpod/layer to libpod/images and libpod/layers
...
Begin moving image and layer handling out of libkpod into libpod.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-06 19:25:45 +00:00
Daniel J Walsh
47ef2f66df
Merge pull request #850 from ashcrow/lint-install-info
...
lint: Exit and give instructions when linter missing
2017-09-06 13:31:46 -04:00
Mrunal Patel
cb1cad28db
sandbox: Check cri-o and kubelet cgroup managers are same
...
We ensure that cri-o and kubelet are started with compatible
cgroup managers.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-06 09:57:10 -07:00
Mrunal Patel
ac12018973
Merge pull request #814 from runcom/cache-ip-sandbox
...
cache sandbox's IP address
2017-09-06 09:51:03 -07:00
Antonio Murdaca
a51bc9753f
oci: add a note about crio-conmon- sub-cgroup with cgroupfs
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-06 17:14:53 +02:00
Antonio Murdaca
f9bf4b15e8
server: inspect: send full ctr log path
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-06 17:14:53 +02:00
Antonio Murdaca
e1125af435
server: expose container Name and IP
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-06 17:14:53 +02:00
Antonio Murdaca
5947698818
test: replace bash CNI plugin with a custom bridge
...
Because we need a working CNI plugin to setup a correct netns so
sandbox_run can grab a working IP address.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-06 17:14:53 +02:00
Daniel J Walsh
257c3d2744
Merge pull request #839 from umohnani8/rm
...
Implement kpod rm
2017-09-06 10:59:35 -04:00
Steve Milner
9c240aed8e
lint: Exit and give instructions when linter missing
...
Signed-off-by: Steve Milner <smilner@redhat.com>
2017-09-06 10:15:20 -04:00
baude
529eb5bdb7
cmd/kpod/tag.go: Do not assume docker.io for tagging
...
When performing a tag, if a shortname was provided, tag.go would
preprend docker.io to the shortname through the ParseNormalized
function. Here we work around that such that is a short name
and tag are provided, the resulting tag will be shortname:tag. If
a shortname is provided without a tag, we append "latest" as the
tag.
Added specific tag tests too
Signed-off-by: baude <bbaude@redhat.com>
2017-09-06 09:00:00 -05:00
Antonio Murdaca
6c4a508fc9
Merge pull request #845 from mrunalp/cgroup_info
...
inspect: Add cgroup driver to info output
2017-09-06 14:48:56 +02:00
Antonio Murdaca
ccb44fd047
Merge pull request #840 from umohnani8/vendor_containers/image
...
Vendor in latest containers/image
2017-09-06 14:11:25 +02:00
Antonio Murdaca
6624eb60c8
Merge pull request #844 from rhatdan/selinux
...
When installing content make sure it gets labeled correctly.
2017-09-06 13:27:20 +02:00
Antonio Murdaca
b29c6108e2
pkg: storage: fix panic when no image names
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-06 11:32:53 +02:00
Mrunal Patel
612dcc0267
Add k8s function to compress cgroupfs path to systemd
...
We are copying this to avoid getting in lots of dependencies.
We also remove now unused function.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-05 19:16:15 -07:00
Mrunal Patel
923f50b0f3
inspect: Add cgroup driver to info output
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-05 15:24:39 -07:00
Daniel J Walsh
d375aab45a
When installing content make sure it gets labeled correctly.
...
This patch will check to see if SELinux is enabled and then pass
the -Z flag to the install command, which causes install to label
all created content with the system default labels.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-05 17:09:28 -04:00
Daniel J Walsh
c88bc13b07
Implement kpod rm
...
Kpod rm removes a container from the system
Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-09-05 14:35:36 -04:00
umohnani8
e9467dc540
Vendor in latest containers/image
...
Adds support for credential helpers
Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-09-05 14:19:10 -04:00
Daniel J Walsh
139d0841e8
Add support for oci-hooks to libkpod
...
Add new directory /etc/crio/hooks.d, where packagers can drop a json config
file to specify a hook.
The json must specify a valid executable to run.
The json must also specify which stage(s) to run the hook:
prestart, poststart, poststop
The json must specify under which criteria the hook should be launched
If the container HasBindMounts
If the container cmd matches a list of regular expressions
If the containers annotations matches a list of regular expressions.
If any of these match the the hook will be launched.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-05 07:39:31 -04:00
Antonio Murdaca
2ac2832686
server: container_create: store sandbox's ip in annotations
...
So it can be later retrieved when needed (cadvisor)
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-02 02:05:58 +02:00
Antonio Murdaca
5d637f015d
*: store sandbox IP
...
Don't call into net namespace on every status call
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-02 02:05:12 +02:00
Antonio Murdaca
8538c4067a
Merge pull request #834 from mrunalp/inspect_add_sandbox
...
server: Add sandbox to container info
2017-09-01 22:41:07 +02:00
Antonio Murdaca
11fbcd235c
Merge pull request #822 from mrunalp/label_infra_ctr
...
sandbox: Add special label to infra container
2017-09-01 22:10:54 +02:00
Daniel J Walsh
553521f03f
Merge pull request #805 from baude/config
...
Make kpod parse configuration file
2017-09-01 14:57:14 -04:00
Mrunal Patel
ec27f5b615
server: Add sandbox to container info
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-01 11:50:18 -07:00
Mrunal Patel
e9378f23ca
server: Lookup infra containers as well in endpoint
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-01 10:25:10 -07:00
Mrunal Patel
138a40540f
server: Add special k8s label to infra containers
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-01 10:25:04 -07:00
Antonio Murdaca
35ada86b04
Merge pull request #833 from runcom/bump-runc-2
...
Dockerfile: bump runc commit
2017-09-01 19:06:05 +02:00
baude
266fc193e7
Make kpod parse configuration file
...
kpod must parse the crio configuration file or the storage
is not set up correctly. By default it is not. We now read
/etc/crio/crio.conf in as the configuration file unless it is
overriden by the user and the global -c|--config switch.
Signed-off-by: baude <bbaude@redhat.com>
2017-09-01 11:14:40 -05:00
Mrunal Patel
49c1fd27ac
server: Add infra container store to track them separately
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-01 08:49:08 -07:00
Mrunal Patel
b4f9fc8c2c
server: Rename infra container to POD
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-01 08:47:55 -07:00
Mrunal Patel
5650a793bd
Merge pull request #831 from runcom/fix-socket
...
serve grpc and http on the same socket
2017-09-01 07:28:06 -07:00
Antonio Murdaca
76d41478bf
Dockerfile: bump runc commit
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-01 16:25:52 +02:00