Commit graph

159 commits

Author SHA1 Message Date
Ryan Cole
0d4305a261 Implement kpod inspect
kpod inspect allows the user to view low-level information about
containers and images

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-07-21 08:11:27 -04:00
Ryan Cole
680f7a6106 Add kpod push command
Push an image to a specified location, such as to an atomic registry
or a local directory

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-07-20 11:12:40 -04:00
umohnani8
ad490708a4 Add 'kpod history' command
Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-07-19 15:11:25 -04:00
Tobias Klauser
92a51af7ba seccomp: use Prctl() from x/sys/unix
Use unix.Prctl() instead of manually reimplementing it using
unix.RawSyscall. Also use unix.SECCOMP_MODE_FILTER instead of locally
defining it.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-18 15:34:23 +02:00
Mrunal Patel
fa5a3a04e0 test: Add a test for image volumes bind mount option
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-07-14 16:57:38 -07:00
Antonio Murdaca
17584facf0 Merge pull request #641 from mrunalp/pids_limit
Pids limit
2017-07-12 12:39:54 +02:00
Tobias Klauser
822172a892 all: Switch from package syscall to golang.org/x/sys/unix
The syscall package is locked down and the comment in [1] advises to
switch code to use the corresponding package from golang.org/x/sys. Do
so and replace usage of package syscall where possible (leave
syscall.SysProcAttr and syscall.Stat_t).

  [1] https://github.com/golang/go/blob/master/src/syscall/syscall.go#L21-L24

This will also allow to get updates and fixes just by re-vendoring
golang.org/x/sys/unix instead of having to update to a new go version.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-12 08:18:55 +02:00
Mrunal Patel
288415d31d test: Add test for pids limit
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-07-11 19:17:48 -07:00
umohnani8
ac9b53266d Add 'kpod pull' command
Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-07-11 09:05:17 -04:00
Mrunal Patel
de1cb64ee8 test: Add a test for image volume ignore
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-07-10 13:46:14 -07:00
Mrunal Patel
0d0f651828 test: Use cgroupfs for tests
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-07-05 17:29:32 -07:00
umohnani8
9595d7900e Add kpod version
Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-06-27 16:48:24 -04:00
Mrunal Patel
510d7d97d4 Merge pull request #605 from apilloud/hostport
server: Add support for hostPorts
2017-06-24 10:28:28 -07:00
Sebastien Boeuf
c66081eafa test: Make sure to have a running container before calling into "exec"
The test "ctr execsync std{out,err}" from ctr.bats works with runc,
but the semantics behind is wrong.

We should not be able to execute a new process on a container which
has not been previously started. That's why this patch adds a call
to start the container.

Moreover, we don't want to be able to execute a new process on a
container that has already returned because its workload is done.
For that reason, we need to force the container workload to be a
"sleep 10" to ensure it is still running when the call to "exec"
is issued.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2017-06-23 14:08:33 -07:00
Andrew Pilloud
e4e982d78a test: hostport network test
Signed-off-by: Andrew Pilloud <andrewpilloud@igneoussystems.com>
2017-06-22 15:46:15 -07:00
Mrunal Patel
59820df8e1 Merge pull request #619 from mrunalp/tty_logging_check
test: Tighten the grep for logging with tty
2017-06-22 10:02:54 -07:00
Andrew Pilloud
afc731d3a6 testdata: Remove hostport from sandbox_config
Signed-off-by: Andrew Pilloud <andrewpilloud@igneoussystems.com>
2017-06-22 08:51:50 -07:00
Antonio Murdaca
6035cff9e4
server: standardize on naming
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-22 11:55:03 +02:00
Mrunal Patel
db337699f2 test: Tighten the grep for logging with tty
This tests that our ONLCR takes effect as we match \r\n
in the logs

Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-06-21 10:10:16 -07:00
Mrunal Patel
3b3a2929e1 test: Ensure we get error messages back on creation failure
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-06-20 15:07:34 -07:00
Mrunal Patel
784d03809e Merge pull request #530 from runcom/fix-mounts-leak
server: adhere to CRI for sandbox stop/remove
2017-06-16 15:10:41 -07:00
Antonio Murdaca
8b4e3036ea
test: add a test for /etc/resolv.conf in rw/ro mode
This patch isn't adding a test for /etc/hosts as that requires host
network and we don't want to play with host's /etc/hosts when running
make localintegration on our laptops. That may change in the future
moving to some sort of in-container testing.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-16 11:01:12 +02:00
Antonio Murdaca
9f68cb4507
server: adhere to CRI for sandbox stop/remove
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-15 23:08:30 +02:00
Mrunal Patel
bfd1b83f51 conmon: Modify console terminal settings to match kube settings
We enable ONLCR on the console to match kube's terminal settings.

Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-06-15 07:54:12 -07:00
Antonio Murdaca
65d4ac8fc2
container_create: fix OCI processArgs assemblement
This patch fixes the following command:

kubectl run -i --tty centos --image=centos -- sh

The command above use to fail with:

/usr/bin/sh: /usr/bin/sh: cannot execute binary file

That's because we were wrongly assembling the OCI processArgs.

Thanks @alexlarsson for spotting this.

This patch basically replicates what docker does when merging container
config and image config. It also replicates how docker sets processArgs
for the OCI runtime.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-08 11:48:11 +02:00
Mrunal Patel
90e3e7a632 Merge pull request #529 from runcom/k8s-node-e2e-RHEL
enable RHEL k8s node-e2e tests
2017-05-30 07:42:09 -07:00
Antonio Murdaca
ad3a3fcd5a
server: properly format error
`containerdID` is overridden in `s.ctrIDIndex.Get()`, if the ctr is not
found it's overridden by an empty string making the error return
totally unusable.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-28 20:43:01 +02:00
Antonio Murdaca
bc8570d1de
test: use nginx:alpine when testing pull-by-digest
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-28 20:33:55 +02:00
Antonio Murdaca
b9336c74a3
server: correctly fill ctr termination reason
This patch fixes all port forwarding e2e tests. Those tests were
specifically looking for a termination reason to say that a given
container has finished running. CRI-O wasn't actually returning any
reason field for an exited container.

-> https://github.com/kubernetes/kubernetes/blob/master/test/e2e/portforward.go#L116
   -> https://github.com/kubernetes/kubernetes/blob/master/test/utils/conditions.go#L97

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-28 20:14:45 +02:00
Antonio Murdaca
b4f1cee2a2
server: store and use image's stop signal to stop containers
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-27 10:21:04 +02:00
Antonio Murdaca
aa9abdfe40
test: pull just once in integration tests
w/o this patch we were always pulling redis:alpine by digest in each
test.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-26 16:01:31 +02:00
Antonio Murdaca
b4251aebd8
execsync: rewrite to fix a bug in conmon
conmon has many flags that are parsed when it's executed, one of them
is "-c". During PR #510 where we vendor latest kube master code,
upstream has changed a test to call a "ctr execsync" with a command of
"sh -c commmand ...".
Turns out:

a) conmon has a "-c" flag which refers to the container name/id
b) the exec command has a "-c" flags but it's for "sh"

That leads to conmon parsing the second "-c" flags from the exec
command causing an error. The executed command looks like:

conmon -c [..other flags..] CONTAINERID -e sh -c echo hello world

This patch rewrites the exec sync code to not pass down to conmon the
exec command via command line. Rather, we're now creating an OCI runtime
process spec in a temp file, pass _the path_ down to conmon, and have
runc exec the command using "runc exec --process
/path/to/process-spec.json CONTAINERID". This is far better in which we
don't need to bother anymore about conflicts with flags in conmon.

Added and fixed some tests also.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-25 22:36:33 +02:00
Mrunal Patel
d06b2ff20f test: Add a test for container OOM
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-05-25 11:30:58 -07:00
Mrunal Patel
f64032483e test: Ensure image for testing oom is present
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-05-25 11:30:58 -07:00
Mrunal Patel
bd6e8a5a20 Merge pull request #534 from runcom/volumes-workaround
server: workaround images with Config.Volumes
2017-05-22 10:59:44 -07:00
Antonio Murdaca
02f3828283
server: workaround images with Config.Volumes
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-22 18:01:06 +02:00
Antonio Murdaca
d099e3a988
server: container_status: we should return digested references in imageRef
currently blocked on
https://github.com/kubernetes-incubator/cri-o/issues/531

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-22 16:37:46 +02:00
Antonio Murdaca
22d055869d
server: container_status: return image name if available
If we create a container using the image ID like
771cd5947d5ea4bf8e8f4900dd357dbb67e7b16486c270f8274087d182d457c6, then
a call to container_status will return that same ID for the "Image"
field in ContainerStatusResponse.

This patch matches dockershim behavior and return the first tagged name
if available from the image store.

This is also needed to fix a failure in k8s e2d tests.

Reference:
https://github.com/kubernetes/kubernetes/pull/39298/files#diff-c7dd39479fd733354254e70845075db5R369
Reference:
67a5bf8454/test/e2e/framework/util.go (L1941)

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-22 16:37:46 +02:00
Antonio Murdaca
a0916b1044
server: sandbox_stop: ignore not found sandboxes
This patch matches dockershim behavior

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-22 16:37:39 +02:00
Mrunal Patel
fb83c7e619 Merge pull request #505 from runcom/restore-2
Fix restore
2017-05-19 08:39:28 -07:00
Antonio Murdaca
3318dac64b
test: exercise systemd cgroup_parent
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-19 00:18:40 +02:00
Antonio Murdaca
9b74e546ca
test: fix restore test
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-18 21:19:53 +02:00
Antonio Murdaca
22b922727b
test: add bad state restore test
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-18 21:19:53 +02:00
Antonio Murdaca
dac6b7ceb5
test: fix typo
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-18 17:47:43 +02:00
Antonio Murdaca
4dcf33581c
test: add CGROUP_MANAGER env to switch to systemd
default is still cgroupfs

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-18 17:39:49 +02:00
Antonio Murdaca
ecd0006e80
vendor: upgrade containers/storage
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-17 22:18:07 +02:00
Antonio Murdaca
725c159bea
test: testdata: get rid of memory limits
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-17 17:30:11 +02:00
Mrunal Patel
5e4809bdfe Fix remnants of ocid -> crio rename
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-05-15 15:05:58 -07:00
Matthew Heon
d60d3b78ad Fix unit test to use crio/crioctl
The rename to crio missed this test, update it so tests pass

Signed-off-by: Matthew Heon <mheon@redhat.com>
2017-05-15 16:03:05 -04:00
Mrunal Patel
7ea255fcea Merge pull request #495 from rhatdan/rename
Rename ocid to crio
2017-05-15 11:27:28 -07:00