Commit graph

336 commits

Author SHA1 Message Date
Mrunal Patel
34357ec7a4 Merge pull request #557 from runcom/streamserver-bindaddress
server: do not use localhost for streaming service
2017-06-03 11:01:43 -07:00
Antonio Murdaca
315c385371
server: do not use localhost for streaming service
The bug is silly if you have a master/node cluster where node is on a
different machine than the master.
The current behavior is to give our addresses like "0.0.0.0:10101". If
you run "kubectl exec ..." from another host, that's not going to work
since on a different host 0.0.0.0 resolves to localhost and kubectl
exec fails with:

error: unable to upgrade connection: 404 page not found

This patch fixes the above by giving our correct addresses for reaching
from outside.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-03 18:26:33 +02:00
Samuel Ortiz
f15859c79f pkg/annotations: Export CRI-O annotations namespace
Some runtimes like Clear Containers need to interpret the CRI-O
annotations, to distinguish the infra container from the regular one.
Here we export those annotations and use a more standard dotted
namespace for them.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-06-01 23:45:44 +02:00
Antonio Murdaca
f3650533f0
create src dir for bind mounts
match docker behavior for bind mounts

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-01 17:37:20 +02:00
Antonio Murdaca
a28ed75e12
sandbox_run: fix name releasing on error
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-01 17:37:20 +02:00
Antonio Murdaca
6fd1c8957c
RemovePodSandbox must be idempotent
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-01 17:37:20 +02:00
Antonio Murdaca
a37dd46654
*: stability fixes
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-06-01 15:42:01 +02:00
Samuel Ortiz
e23d986cf2 container: Do not restrict path access for privileged containers
Privileged containers should see and reach all host paths.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-05-31 02:06:47 +02:00
Antonio Murdaca
089cb88f17
server: container_create: make the spec hostspecific
node-e2e tests were failing in RHEL because, if running a privileged
container, we get all capability in the spec. The spec generator wasn't
filtering caps based on actual host caps, it was just adding _everything_.
This patch makes spec generator host specific.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-30 18:30:26 +02:00
Antonio Murdaca
404194c1fd
server: add nil checks to not panic
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-29 13:16:27 +02:00
Mrunal Patel
5ed79fb5cd Merge pull request #543 from runcom/fix-ctr-status-reasons
[e2e fix] server: correctly fill ctr termination reason
2017-05-28 18:03:54 -07:00
Antonio Murdaca
ad3a3fcd5a
server: properly format error
`containerdID` is overridden in `s.ctrIDIndex.Get()`, if the ctr is not
found it's overridden by an empty string making the error return
totally unusable.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-28 20:43:01 +02:00
Antonio Murdaca
b9336c74a3
server: correctly fill ctr termination reason
This patch fixes all port forwarding e2e tests. Those tests were
specifically looking for a termination reason to say that a given
container has finished running. CRI-O wasn't actually returning any
reason field for an exited container.

-> https://github.com/kubernetes/kubernetes/blob/master/test/e2e/portforward.go#L116
   -> https://github.com/kubernetes/kubernetes/blob/master/test/utils/conditions.go#L97

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-28 20:14:45 +02:00
Antonio Murdaca
1e9ef65345
server: fix PortForward panic
During "Port forwarding" e2e tests, the following panic happened:

```
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x64981d]

goroutine 52788 [running]:
panic(0x1830ee0, 0xc4200100c0)
        /usr/lib/golang/src/runtime/panic.go:500 +0x1a1
github.com/kubernetes-incubator/cri-o/oci.(*Runtime).UpdateStatus(0xc4202afc00,
0x0, 0x0, 0x0)
        /home/amurdaca/go/src/github.com/kubernetes-incubator/cri-o/oci/oci.go:549
+0x7d
github.com/kubernetes-incubator/cri-o/server.streamService.PortForward(0xc42026e000,
0x0, 0x0, 0x0, 0x0, 0xc420d9af40, 0x40, 0xc400000050, 0x7fe660659a28,
0xc4201cd0e0, ...)
```

The issue is `streamService.PortForward` assumed the first argument to
be the sandbox's infra container ID, thus trying to get it from memory
store using `.state.containers.Get`. Since that ID is of the sandbox
itself, it fails to get the container object from memory and panics in
`UpdateStatus`.

Fix it by looking for the sandbox's infra container ID starting from a
sandbox ID.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-28 18:22:46 +02:00
Antonio Murdaca
b4f1cee2a2
server: store and use image's stop signal to stop containers
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-27 10:21:04 +02:00
Mrunal Patel
ea9a90abce Set Container Status Reason when OOM Killed
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-05-25 11:30:58 -07:00
Mrunal Patel
bd6e8a5a20 Merge pull request #534 from runcom/volumes-workaround
server: workaround images with Config.Volumes
2017-05-22 10:59:44 -07:00
Antonio Murdaca
02f3828283
server: workaround images with Config.Volumes
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-22 18:01:06 +02:00
Antonio Murdaca
5f53416611
server: sandbox_remove: add comment on sandbox not found empty response
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-22 16:38:10 +02:00
Antonio Murdaca
d099e3a988
server: container_status: we should return digested references in imageRef
currently blocked on
https://github.com/kubernetes-incubator/cri-o/issues/531

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-22 16:37:46 +02:00
Antonio Murdaca
22d055869d
server: container_status: return image name if available
If we create a container using the image ID like
771cd5947d5ea4bf8e8f4900dd357dbb67e7b16486c270f8274087d182d457c6, then
a call to container_status will return that same ID for the "Image"
field in ContainerStatusResponse.

This patch matches dockershim behavior and return the first tagged name
if available from the image store.

This is also needed to fix a failure in k8s e2d tests.

Reference:
https://github.com/kubernetes/kubernetes/pull/39298/files#diff-c7dd39479fd733354254e70845075db5R369
Reference:
67a5bf8454/test/e2e/framework/util.go (L1941)

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-22 16:37:46 +02:00
Antonio Murdaca
a0916b1044
server: sandbox_stop: ignore not found sandboxes
This patch matches dockershim behavior

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-22 16:37:39 +02:00
Antonio Murdaca
de96e54230
server: move StopAllSandboxes in sandbox_stop.go
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-18 21:19:52 +02:00
Antonio Murdaca
3b2e5aa5c2
add a note on server shutdown...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-18 21:19:52 +02:00
Antonio Murdaca
f00edc2b2d
server: do not remove but stop sandboxes on shutdown
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-18 21:19:52 +02:00
Antonio Murdaca
358dac96d4
server: ignore runc not exist errors
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-18 21:19:50 +02:00
Antonio Murdaca
a41ca975c1
server: restore containers state from disk on startup
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-18 21:19:50 +02:00
Antonio Murdaca
da0b8a6157
server: store containers state on disk
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-18 21:19:50 +02:00
Antonio Murdaca
790c6d891a
server: store creation in containers
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-18 18:49:54 +02:00
Antonio Murdaca
1f4a4742cb
oci: add container directory to Container struct
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-18 18:49:54 +02:00
Antonio Murdaca
3bd4811b3b
server: restore sandbox created time from disk
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-18 18:49:54 +02:00
Antonio Murdaca
59e3f98b6d
server: return sandbox's own created time
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-18 18:49:54 +02:00
Antonio Murdaca
80a789bce3
server: store sandbox creation time
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-18 18:49:54 +02:00
Mrunal Patel
3fefcaa1dd Convert pod cgroupPath to runc format for systemd cgroup
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-05-17 17:46:53 -07:00
Mrunal Patel
d3bc6ab693 Add function to convert kube pod cgroup format to runc format
This is a slightly modified version of the function in k8s.

Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-05-17 17:45:57 -07:00
Antonio Murdaca
ecd0006e80
vendor: upgrade containers/storage
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-17 22:18:07 +02:00
Antonio Murdaca
b3683ab184
server: honor container stop timeout from CRI
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-15 22:56:31 +02:00
Mrunal Patel
7ea255fcea Merge pull request #495 from rhatdan/rename
Rename ocid to crio
2017-05-15 11:27:28 -07:00
Dan Walsh
4493b6f176 Rename ocid to crio.
The ocid project was renamed to CRI-O, months ago, it is time that we moved
all of the code to the new name.  We want to elminate the name ocid from use.
Move fully to crio.

Also cric is being renamed to crioctl for the time being.

Signed-off-by: Dan Walsh <dwalsh@redhat.com>
2017-05-12 09:56:06 -04:00
Antonio Murdaca
1d455a31a9
server: add RO and masked paths on container creation
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-12 12:47:40 +02:00
Mrunal Patel
23cf1a6fdb Add devices to OCI config
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-05-09 14:37:01 -07:00
Mrunal Patel
f7e5e24a05 Add helper for adding devices to OCI spec
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-05-09 14:36:55 -07:00
Antonio Murdaca
b7ba9d058b
server: store kubeName in annotations
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-08 09:15:00 +02:00
Dan Williams
13f6e95685 sandbox: pass correct pod Namespace/Name to network plugins and fix id/name ordering
Two issues:
1) pod Namespace was always set to "", which prevents plugins from figuring out
what the actual pod is, and from getting more info about that pod from the
runtime via out-of-band mechanisms

2) the pod Name and ID arguments were switched, further preventing #1

Signed-off-by: Dan Williams <dcbw@redhat.com>
2017-05-05 23:55:37 -05:00
Antonio Murdaca
139b16bac2
server: fix set caps on container create
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-05-05 16:31:52 +02:00
Antonio Murdaca
27510ac346 Merge pull request #473 from mrunalp/port_forward
Add support for port forwarding
2017-04-28 01:16:45 +02:00
Antonio Murdaca
275a5a1ff2
server: remove Update calls
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-04-27 14:01:37 +02:00
Antonio Murdaca
5595fad535
server: do not compare pointers
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-04-27 14:01:23 +02:00
Antonio Murdaca
f18e032714
server: do not nil sandbox's infraContainer on remove
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-04-27 14:01:18 +02:00
Mrunal Patel
416a3ba62e Add support for port forwarding
Reusing k8s existing implementation. This could be re-written
to do port-forwarding natively rather than relying on socat/nsenter.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-04-26 13:58:48 -07:00