Commit graph

1207 commits

Author SHA1 Message Date
Antonio Murdaca
17584facf0 Merge pull request #641 from mrunalp/pids_limit
Pids limit
2017-07-12 12:39:54 +02:00
Antonio Murdaca
f7206aa86d Merge pull request #647 from mrunalp/rename_to_crio
Rename remnants of ocid to crio
2017-07-12 12:38:28 +02:00
Antonio Murdaca
dd53f5e6bb Merge pull request #635 from tklauser/syscall-to-x-sys-unix
all: Switch from package syscall to golang.org/x/sys/unix
2017-07-12 12:37:11 +02:00
Tobias Klauser
822172a892 all: Switch from package syscall to golang.org/x/sys/unix
The syscall package is locked down and the comment in [1] advises to
switch code to use the corresponding package from golang.org/x/sys. Do
so and replace usage of package syscall where possible (leave
syscall.SysProcAttr and syscall.Stat_t).

  [1] https://github.com/golang/go/blob/master/src/syscall/syscall.go#L21-L24

This will also allow to get updates and fixes just by re-vendoring
golang.org/x/sys/unix instead of having to update to a new go version.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-07-12 08:18:55 +02:00
Mrunal Patel
288415d31d test: Add test for pids limit
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-07-11 19:17:48 -07:00
Mrunal Patel
ed9d49f247 container: Add cgroup mount for introspection
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-07-11 19:17:48 -07:00
Mrunal Patel
c58bcc4ccf docs: Document pids limit for crio
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-07-11 19:17:41 -07:00
Mrunal Patel
c9edee9af2 Merge pull request #606 from 14rcole/kpod-image
Add 'kpod images' and 'kpod rmi' commands
2017-07-11 16:21:02 -07:00
Mrunal Patel
6b543be50b Rename remnants of ocid to crio
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-07-11 16:19:18 -07:00
Mrunal Patel
e49dd34657 Add support for container pids limit
We add a daemon level setting and will add a container
override once it is supported in CRI.

Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-07-11 14:59:52 -07:00
Ryan Cole
a040f20a76 Add 'kpod images' and 'kpod rmi' commands
'kpod images' lists all images on a system.  'kpod rmi' removes
one or more images from a system.  The images will not be removed
if they are associated with a running container, unless the -f
option is used

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-07-11 15:52:57 -04:00
Mrunal Patel
7fb772b7d1 Merge pull request #638 from umohnani8/kpod_pull
Add 'kpod pull' command
2017-07-11 12:23:01 -07:00
Mrunal Patel
d270de78c4 Merge pull request #645 from vbatts/kpod-version-failsafe
kpod: version should not fail
2017-07-11 07:30:15 -07:00
umohnani8
ac9b53266d Add 'kpod pull' command
Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-07-11 09:05:17 -04:00
Mrunal Patel
e949508b17 Merge pull request #644 from umohnani8/man
Man pages were being created empty
2017-07-10 16:01:36 -07:00
Antonio Murdaca
6f75a27d96 Merge pull request #637 from mrunalp/image_volumes
Image volumes
2017-07-10 23:40:00 +02:00
umohnani8
26126085eb Man pages were being created empty
This patch causes the man pages to be created with the correct content.

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-07-10 17:20:42 -04:00
55d526e213
kpod: version should not fail
even when the variables are not provided at compile, the `kpod version`
command ought not fail.

Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2017-07-10 17:02:13 -04:00
Mrunal Patel
c85be90e1b docs: Document image volumes option in man pages
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-07-10 13:46:14 -07:00
Mrunal Patel
de1cb64ee8 test: Add a test for image volume ignore
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-07-10 13:46:14 -07:00
Mrunal Patel
d40883d88c container: Use ImageVolumes setting at container creation
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-07-10 13:46:14 -07:00
Mrunal Patel
dc55fd2f14 config: Add ImageVolumes configuration setting
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-07-10 13:46:14 -07:00
Mrunal Patel
59646cc520 Merge pull request #646 from mrunalp/fix_lint
lint: Use a fixed commit for gometalinter
2017-07-10 13:36:12 -07:00
Mrunal Patel
762f508d9c lint: Use a fixed commit for gometalinter
Pulling latest code breaks our lint when unstable code is merged
into gometalinter.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-07-10 13:06:57 -07:00
Mrunal Patel
e1c0508fec Merge pull request #633 from 14rcole/kpod-tag
Add `kpod tag` command
2017-07-06 12:16:13 -07:00
Ryan Cole
b84f064976 Add kpod tag command
Add one or more tags to an image

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-07-06 10:10:51 -04:00
Antonio Murdaca
ea7045dfa8 Merge pull request #640 from mrunalp/test_with_cgroupfs
test: Use cgroupfs for tests
2017-07-06 16:06:42 +02:00
Mrunal Patel
0d0f651828 test: Use cgroupfs for tests
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-07-05 17:29:32 -07:00
Mrunal Patel
844c78ad81 Merge pull request #639 from apilloud/rlimit
server: containers inherit rlimits from server
2017-07-05 12:03:15 -07:00
Andrew Pilloud
1a01ca7251 server: inherit rlimits from server
Signed-off-by: Andrew Pilloud <andrewpilloud@igneoussystems.com>
2017-07-03 14:49:34 -07:00
Mrunal Patel
b9c1d58b36 Merge pull request #607 from umohnani8/master
Add version command to kpod
2017-06-30 13:38:20 -07:00
Mrunal Patel
39a5203a1d Merge pull request #634 from alexlarsson/conmon-no-numstdio-fds
conmon: Change how we detect container exit
2017-06-30 12:08:31 -07:00
Alexander Larsson
3cf86e25a8 fixup! conmon: Change how we detect container exit
Signed-off-by: Alexander Larsson <alexl@redhat.com>
2017-06-29 23:20:12 +02:00
Alexander Larsson
c00f0dd848 conmon: Change how we detect container exit
Instead of waiting until stderr/out is closed and then waiting for
the container to exit we wait for the container to exit in the
gmainloop, in addition to everything else, exiting only when
the child dies.

We then drain any output in stderr/out after the child has exited.

Signed-off-by: Alexander Larsson <alexl@redhat.com>
2017-06-29 12:19:34 +02:00
umohnani8
9595d7900e Add kpod version
Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-06-27 16:48:24 -04:00
Mrunal Patel
91977d3989 Merge pull request #632 from tklauser/rm-prctl
utils: remove unused Prctl wrapper
2017-06-27 07:22:01 -07:00
Tobias Klauser
5523e7d99d utils: remove unused Prctl wrapper
Remove the Prctl wrapper function which has been unused since commit
d2f6a4c0e2. If a prctl wrapper would be needed in the future,
golang.org/x/sys provides unix.Prctl which could be used instead.

Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
2017-06-27 09:48:25 +02:00
Antonio Murdaca
f3f8b67b76 Merge pull request #626 from mrunalp/pod_infra_oom
sandbox: Adjust OOM score of infra container to a low value
2017-06-26 18:38:50 +02:00
Antonio Murdaca
d1850d9993 Merge pull request #629 from mrunalp/oci_id
oci: Use container ID as ID instead of container name
2017-06-25 13:14:26 +02:00
Mrunal Patel
510d7d97d4 Merge pull request #605 from apilloud/hostport
server: Add support for hostPorts
2017-06-24 10:28:28 -07:00
Mrunal Patel
67504a02d5 oci: Use container ID as ID instead of container name
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-06-24 08:31:41 -07:00
Mrunal Patel
328e50fb50 Merge pull request #630 from runcom/fix-insecure-reg-flag
cmd/crio: fix reading insecure-registry flags
2017-06-24 08:23:25 -07:00
Antonio Murdaca
78e2fd3d5e
cmd/crio: fix reading insecure-registry flags
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-24 13:16:45 +02:00
Antonio Murdaca
efb71ae74e Merge pull request #627 from mrunalp/crio_oom_score
contrib: Set the OOM Score Adjust of cri-o service to be low
2017-06-24 10:44:08 +02:00
Antonio Murdaca
da7ecdc7f8 Merge pull request #628 from mrunalp/annotation_id
container: Add containerID to annotations for the container
2017-06-24 10:43:03 +02:00
Antonio Murdaca
f88e5e677d Merge pull request #623 from sboeuf/fix_bats
test: Make sure to have a running container before calling into "exec"
2017-06-24 10:42:33 +02:00
Sebastien Boeuf
c66081eafa test: Make sure to have a running container before calling into "exec"
The test "ctr execsync std{out,err}" from ctr.bats works with runc,
but the semantics behind is wrong.

We should not be able to execute a new process on a container which
has not been previously started. That's why this patch adds a call
to start the container.

Moreover, we don't want to be able to execute a new process on a
container that has already returned because its workload is done.
For that reason, we need to force the container workload to be a
"sleep 10" to ensure it is still running when the call to "exec"
is issued.

Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
2017-06-23 14:08:33 -07:00
Mrunal Patel
975347b874 container: Add containerID to annotations for the container
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-06-23 09:31:13 -07:00
Mrunal Patel
cb4c566fac sandbox: Adjust OOM score of infra container to a low value
This matches the current kube behavior. This will probably
be provided over the CRI at which point we won't have to
define a constant in cri-o code.

Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-06-23 09:24:53 -07:00
Mrunal Patel
c7dd594604 contrib: Set the OOM Score Adjust of cri-o service to be low
We don't want cri-o to be OOM killed easily.

Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-06-23 09:04:27 -07:00