Commit graph

208 commits

Author SHA1 Message Date
Mrunal Patel
7e7a097395 Merge pull request #913 from runcom/v1.0.0-rc2-patches
V1.0.0 rc2 patches
2017-09-17 21:03:54 -07:00
Antonio Murdaca
a11b8cd8ec
sandbox, ctr: SELinux fixes
server: fix selinux labels for pod and containers

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

sandbox: set selinux labels from request, not defaults

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

container_create: use sandbox's selinux if container's nil

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

sandbox: correctly init selinux labels

First, we weren't correctly initializing selinux labels. If any of
(level, user, role, type) was missing from kube selinux options, we
were erroring out. This is wrong as kube sends just `level=s0`
sometimes and docker itself allows `--security-opt label=level:s0`.
This patch directly initializes selinux labels, correctly, and adds a
test to verify it.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

test: testdata: use container_runtime_t selinux type

RHEL SELinux policy doesn't have `container_t` type but we're using it
in our fixtures. That means Fedora integration tests pass because
`container_t` is in Fedora's container policy but RHEL is broken.
Fix it by using `container_runtime_t` which is aliased in Fedora policy
to `container_t`.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 22:40:17 +02:00
Antonio Murdaca
9ec518491f
server: correctly set hostname
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 10:19:31 +02:00
Antonio Murdaca
0c1383fd30
test: add inspect integration tests
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 10:19:31 +02:00
Daniel J Walsh
dbc2b404a3 Merge pull request #841 from baude/kpod_pull_name
libkpod/image/copy.go: Add pull by short-name
2017-09-16 05:12:47 -04:00
umohnani8
036658b844 Modified namespace field in json struct
The namespace field was not being omitted when empty

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-09-15 17:30:25 -04:00
baude
951a943d16 libkpod/image/copy.go: Add pull by short-name
If the user provides kpod pull a short name like 'debian', we
still want the pull to be sucessful.  As such, when a short
name is provided, we get the list of searchable registries via
the systemregistries code in containers-storage.  We then
append a tag of 'latest' (if not provided) and we formulate
a list of possible fully-qualified image names to try.

Vendor update for containers-storage to bring in the system_registries
code.

Also includes a patch from Nalin to fix compilation errors.

Signed-off-by: baude <bbaude@redhat.com>
2017-09-14 08:33:10 -05:00
baude
aca658b423 kpod stop -- stop one or more containers
Stop one or more containers. Specific a timeout value
that if the stop operation exceeds, will forcibly stop
the container.

Signed-off-by: baude <bbaude@redhat.com>
2017-09-11 17:03:27 -05:00
Daniel J Walsh
a3a0bb5e55 Merge pull request #871 from umohnani8/kpod_ps
Add namespace flag to kpod ps
2017-09-11 10:14:39 -04:00
Aaron Weitekamp
adb0d19416
Add image pull with signature integration test
Signed-off-by: Aaron Weitekamp <aweiteka@redhat.com>
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-11 13:34:30 +02:00
umohnani8
38e9f07844 Add namespace flag to kpod ps
The namespace flag prints out information about the namespaces

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-09-10 11:21:49 -04:00
Daniel J Walsh
36584e6f34 Merge pull request #830 from umohnani8/update_load-save
Update kpod load and save for oci-archive
2017-09-09 05:58:54 -04:00
Daniel J Walsh
b5ed8b34c0 Merge pull request #843 from baude/kpod_tag
cmd/kpod/tag.go: Do not assume docker.io for tagging
2017-09-09 05:43:15 -04:00
umohnani8
79c09d4343 Update kpod load and save for oci-archive
Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-09-08 10:33:58 -04:00
Antonio Murdaca
09a8d1a751
contrib: test: run kube tests in CI with same cgroup driver
Our CI tests on RHEL and Fedora and we want to test the systemd cgroup
driver. However, kubelet needs to run in tests with systemd cgroup
driver as well, or tests fail. This patch fixes broken CI because of
not matching cgroup driver between CRI-O and the kubelet.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-08 14:26:39 +02:00
Antonio Murdaca
b8a6d358e7 Merge pull request #562 from rhatdan/hooks
Add support for running oci-hooks
2017-09-07 19:06:01 +02:00
Antonio Murdaca
af0a494251
container_create: handle cap add/drop ALL
Kubelet can send cap add/drop ALL. Handle that in CRI-O as well.
Also, this PR is re-vendoring runtime-tools to fix capabilities add to
add caps to _all_ caps set **and** fix a shared memory issue (caps set
were initialized with the same slice, if one modifies one slice, it's
reflected on the other slices, the vendoring fixes this as well)

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 16:43:33 +02:00
Mrunal Patel
ac12018973 Merge pull request #814 from runcom/cache-ip-sandbox
cache sandbox's IP address
2017-09-06 09:51:03 -07:00
Antonio Murdaca
5947698818
test: replace bash CNI plugin with a custom bridge
Because we need a working CNI plugin to setup a correct netns so
sandbox_run can grab a working IP address.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-06 17:14:53 +02:00
baude
529eb5bdb7 cmd/kpod/tag.go: Do not assume docker.io for tagging
When performing a tag, if a shortname was provided, tag.go would
preprend docker.io to the shortname through the ParseNormalized
function.  Here we work around that such that is a short name
and tag are provided, the resulting tag will be shortname:tag.  If
a shortname is provided without a tag, we append "latest" as the
tag.

Added specific tag tests too

Signed-off-by: baude <bbaude@redhat.com>
2017-09-06 09:00:00 -05:00
Daniel J Walsh
c88bc13b07 Implement kpod rm
Kpod rm removes a container from the system

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-09-05 14:35:36 -04:00
Daniel J Walsh
139d0841e8 Add support for oci-hooks to libkpod
Add new directory /etc/crio/hooks.d, where packagers can drop a json config
file to specify a hook.

The json must specify a valid executable to run.
The json must also specify which stage(s) to run the hook:
prestart, poststart, poststop
The json must specify under which criteria the hook should be launched
If the container HasBindMounts
If the container cmd matches a list of regular expressions
If the containers annotations matches a list of regular expressions.
If any of these match the the hook will be launched.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-05 07:39:31 -04:00
Antonio Murdaca
2ac2832686
server: container_create: store sandbox's ip in annotations
So it can be later retrieved when needed (cadvisor)

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-02 02:05:58 +02:00
umohnani8
3d23f22292 Vendor in changes made to containers/image for OCI
Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-08-31 16:40:13 -04:00
Ryan Cole
865612c3db Disable compression by default
Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-08-28 08:29:42 -04:00
Antonio Murdaca
59ba89d64d
*: fix crictl vendor
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-27 10:54:36 +02:00
Daniel J Walsh
7af1ae71ed Merge pull request #776 from umohnani8/kpod_ps
Add 'kpod ps' command
2017-08-23 07:08:31 -04:00
umohnani8
35ca80abe6 Add 'kpod ps' command
kpod ps lists the containers currently stored

Displays the list of containers

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-08-22 16:40:45 -04:00
Antonio Murdaca
49bdd59406
*: initial wire in of crictl from cri-tools
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-22 20:14:49 +02:00
Antonio Murdaca
d56bf090ce
*: update kube vendor to v1.7.4
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-22 17:32:14 +02:00
Nalin Dahyabhai
178c1e9ccb kpod.bats: correct syntax errors
Correct some syntax errors in kpod.bats, ensure that it always checks
the exit status of "kpod rmi" commands, correct the order of options
when calling "kpod inspect", and test for string equality correctly.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-08-21 11:27:45 -04:00
baude
78c6151519 Modify kpod diff --json to --format json
We want all kpod subcommands to use the formats code to output
formats like json.  Altering kpod diff --json to kpod diff --format json
like the kpod images command.

Signed-off-by: baude <bbaude@redhat.com>
2017-08-18 21:05:58 -05:00
Mrunal Patel
f82fe5691a Merge pull request #706 from 14rcole/kpod-stats
Kpod stats
2017-08-17 11:24:38 -07:00
Mrunal Patel
a5591d34b7 Merge pull request #772 from 14rcole/kpod-rename
implement kpod rename
2017-08-17 10:04:16 -07:00
Ryan Cole
ceeed6c32e add kpod stats function
Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-08-17 11:34:10 -04:00
Ryan Cole
1eb21f8e15 implement kpod rename
rename a container

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-08-17 09:00:41 -04:00
Ryan Cole
07572e85f5 Add kpod logs command
Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-08-16 08:55:23 -04:00
Mrunal Patel
4311020c36 Merge pull request #653 from baude/images_json
cmd/kpod/images.go: Add JSON output option
2017-08-13 07:19:04 -07:00
baude
01b71393e3 cmd/kpod/images.go: Add structured format ouput
For kpod images, we need to output in JSON format so that consumers
(programatic) have structured input to work with.

kpod images --format json

Signed-off-by: baude <bbaude@redhat.com>
2017-08-12 19:09:49 -05:00
Ryan Cole
949268f958 Add kpod diff command
kpod diff reports on differences between two layers, specified as
layer IDs, containers, or images.  In the case of containers or
images, kpod diff produces a diff for the top layer

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-08-11 16:08:41 -04:00
Mrunal Patel
fb2ee59225 Merge pull request #737 from umohnani8/kpod_export
Add 'kpod export' command
2017-08-11 10:54:34 -07:00
umohnani8
be8ba17534 Add 'kpod export' command
kpod export exports the container's filesystem to a tar archive

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-08-08 16:46:01 -04:00
Dan Walsh
0cc45cf26a Add kpod-mount and kpod-umount to mount and umount container images
This command will allow users to manipulate and examine the container
images from outside of the container.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-08-08 15:46:50 -04:00
Daniel J Walsh
63a218a458 Move to new github.com/sirupsen/logrus.
Need to mv to latest released and supported version of logrus
switch github.com/Sirupsen/logrus github.com/sirupsen/logrus

Also vendor in latest containers/storage and containers/image

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-08-07 11:50:04 -04:00
Antonio Murdaca
a35727c80b
*: implement additional pull registries
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-02 16:38:11 +02:00
umohnani8
412b98be26 Add 'kpod load' command
Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-07-28 22:30:48 -04:00
umohnani8
ff5eda509a Add 'kpod save' command
Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-07-27 13:35:30 -04:00
Mrunal Patel
0e17bf4659 Merge pull request #648 from 14rcole/kpod-inspect
Implement `kpod inspect`
2017-07-21 07:12:08 -07:00
Ryan Cole
0d4305a261 Implement kpod inspect
kpod inspect allows the user to view low-level information about
containers and images

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
2017-07-21 08:11:27 -04:00
Nalin Dahyabhai
4ebcd650e0 Force use of the "vfs" driver when testing on AUFS
Basically none of the clever storage drivers will work when we're on top
of AUFS, so if we find ourselves in that situation when running tests,
default to storage options of "--storage-driver vfs".

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-07-20 17:29:38 -04:00