Commit graph

1777 commits

Author SHA1 Message Date
Antonio Murdaca
a11b8cd8ec
sandbox, ctr: SELinux fixes
server: fix selinux labels for pod and containers

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

sandbox: set selinux labels from request, not defaults

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

container_create: use sandbox's selinux if container's nil

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

sandbox: correctly init selinux labels

First, we weren't correctly initializing selinux labels. If any of
(level, user, role, type) was missing from kube selinux options, we
were erroring out. This is wrong as kube sends just `level=s0`
sometimes and docker itself allows `--security-opt label=level:s0`.
This patch directly initializes selinux labels, correctly, and adds a
test to verify it.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

test: testdata: use container_runtime_t selinux type

RHEL SELinux policy doesn't have `container_t` type but we're using it
in our fixtures. That means Fedora integration tests pass because
`container_t` is in Fedora's container policy but RHEL is broken.
Fix it by using `container_runtime_t` which is aliased in Fedora policy
to `container_t`.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 22:40:17 +02:00
Antonio Murdaca
ec42a40936
server: use grpc getters
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 10:19:32 +02:00
Antonio Murdaca
c1d158bba4
Makefile: always use vfs to test in container
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 10:19:32 +02:00
Antonio Murdaca
d93f86c26c
Dockerfile: remove not needed image copy
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 10:19:31 +02:00
Antonio Murdaca
9ec518491f
server: correctly set hostname
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 10:19:31 +02:00
Antonio Murdaca
0c1383fd30
test: add inspect integration tests
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 10:19:31 +02:00
Antonio Murdaca
e26e48ec87
server: add inspect unit test
The inspect endpoint is used mainly in the CRI-O cAdvisor handler.
Let's make sure we don't break it by adding some trivial unit tests.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 10:19:29 +02:00
Daniel J Walsh
33fc0231f7 Merge branch 'master' of github.com:kubernetes-incubator/cri-o into lastError
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-16 06:10:01 -04:00
Daniel J Walsh
dbc2b404a3 Merge pull request #841 from baude/kpod_pull_name
libkpod/image/copy.go: Add pull by short-name
2017-09-16 05:12:47 -04:00
Daniel J Walsh
d03ea10be2 Merge pull request #890 from mrunalp/bind_docs
docs: Add missing bind option in docs and command help
2017-09-16 05:11:17 -04:00
Daniel J Walsh
dacfddc42c Merge pull request #899 from umohnani8/vendor_containers/image
Vendor in latest containers/storage
2017-09-16 05:09:29 -04:00
Daniel J Walsh
8320d65581 Merge pull request #915 from umohnani8/kpod_ps
Modified namespace field in json struct
2017-09-16 05:02:32 -04:00
Mrunal Patel
f59e9dae1c docs: Add missing bind option in docs and command help
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-09-15 16:12:13 -07:00
Daniel J Walsh
a001b177d6 We should not be exiting with exit(1)
There is cleanup code that will never get run.
This code will print out all errors and then return the last error.
This should allow for proper cleanup.

Also cleanup help to switch usage and description.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-15 17:51:34 -04:00
umohnani8
036658b844 Modified namespace field in json struct
The namespace field was not being omitted when empty

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-09-15 17:30:25 -04:00
Daniel J Walsh
b82bf55404 Merge pull request #900 from TomSweeneyRedHat/dev/tsweeney/docfix5
Add a few build dependencies to README.md
2017-09-15 16:47:52 -04:00
Mrunal Patel
9f663c9b66 Merge pull request #912 from TomSweeneyRedHat/dev/tsweeney/clifix
Update urfave/cli to v1.20.0
2017-09-15 12:56:47 -07:00
TomSweeneyRedHat
a29bb63613 Add a few build dependencies to README.md
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
2017-09-15 07:56:30 -04:00
TomSweeneyRedHat
359def92f1 Update urfave/cli to v1.20.0
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
2017-09-14 23:39:15 -04:00
umohnani8
cfc2393d58 Vendor in latest containers/storage
Fixes store.lock issue comming up when using store.Names

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-09-14 09:54:39 -04:00
baude
951a943d16 libkpod/image/copy.go: Add pull by short-name
If the user provides kpod pull a short name like 'debian', we
still want the pull to be sucessful.  As such, when a short
name is provided, we get the list of searchable registries via
the systemregistries code in containers-storage.  We then
append a tag of 'latest' (if not provided) and we formulate
a list of possible fully-qualified image names to try.

Vendor update for containers-storage to bring in the system_registries
code.

Also includes a patch from Nalin to fix compilation errors.

Signed-off-by: baude <bbaude@redhat.com>
2017-09-14 08:33:10 -05:00
Mrunal Patel
9dcd8c47e7 version: Switch to 1.0.0-rc3-dev
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-13 12:47:35 -07:00
Mrunal Patel
6784a66f2d version: Release 1.0.0-rc2
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-13 12:43:40 -07:00
Mrunal Patel
400713a58b Merge pull request #904 from runcom/fix-manifest-list
fix issue with official images and manifest lits
2017-09-13 12:42:18 -07:00
Antonio Murdaca
22f96b1806
fix issue with official images and manifest lits
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-13 19:01:06 +02:00
Daniel J Walsh
05713958f2 Merge pull request #894 from TomSweeneyRedHat/dev/tsweeney/docfix4
Add golang version note to README.md
2017-09-12 17:48:30 -04:00
Daniel J Walsh
1eb9f8ed8c Merge pull request #887 from baude/kpod_fix_rmi_by_id
cmd/kpod/rmi.go: Fix deletion by ID
2017-09-12 13:44:16 -04:00
Daniel J Walsh
ac5596cf62 Merge pull request #855 from baude/kpod_stop2
kpod stop -- stop one or more containers
2017-09-12 12:27:21 -04:00
Daniel J Walsh
98ab11f460 Merge pull request #885 from rhatdan/debug
Only print error message on kpod error not stacktrace
2017-09-12 11:52:26 -04:00
TomSweeneyRedHat
e2f46a34a6 Add golang version note to README.md
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
2017-09-12 11:29:11 -04:00
Mrunal Patel
ae5739c3de Merge pull request #884 from dcbw/clean-up-sandbox
server: clean up sandbox network when running the sandbox fails
2017-09-11 16:58:45 -07:00
baude
aca658b423 kpod stop -- stop one or more containers
Stop one or more containers. Specific a timeout value
that if the stop operation exceeds, will forcibly stop
the container.

Signed-off-by: baude <bbaude@redhat.com>
2017-09-11 17:03:27 -05:00
baude
f0b94a41e8 cmd/kpod/rmi.go: Fix deletion by ID
When deleting by ID, kpod rmi was only "untagging" the image
and not actually removing it.

Signed-off-by: baude <bbaude@redhat.com>
2017-09-11 16:52:57 -05:00
Daniel J Walsh
75a60cf519 Only print error message on kpod error not stacktrace
If the user specifies --debug flag then print stack trace.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-11 19:40:06 +00:00
Dan Williams
6a58bdf787 server: clean up sandbox network when running the sandbox fails
Runtimes need to clean up anything that needs it if RunPodSandbox()
fails.

Signed-off-by: Dan Williams <dcbw@redhat.com>
2017-09-11 14:19:27 -05:00
Daniel J Walsh
c56dcf2cb5 Merge pull request #863 from umohnani8/version
kpod version
2017-09-11 12:10:11 -04:00
Mrunal Patel
10b72d8bfa Merge pull request #875 from rhatdan/docs
Cleanup README.md and transfer.md with latest kpod
2017-09-11 08:08:07 -07:00
Daniel J Walsh
a3a0bb5e55 Merge pull request #871 from umohnani8/kpod_ps
Add namespace flag to kpod ps
2017-09-11 10:14:39 -04:00
Daniel J Walsh
030b462e35 Merge pull request #877 from runcom/carry-748
Add image pull with signature integration test
2017-09-11 09:40:33 -04:00
Daniel J Walsh
51fa9f3baa Cleanup README.md and transfer.md with latest kpod
Add a couple of new ascicinema also

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-11 08:31:38 -04:00
Aaron Weitekamp
adb0d19416
Add image pull with signature integration test
Signed-off-by: Aaron Weitekamp <aweiteka@redhat.com>
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-11 13:34:30 +02:00
Mrunal Patel
0f8cce1a4f Merge pull request #876 from runcom/redir-stderr-to-stdout
contrib: test: redirect stderr to stdout
2017-09-10 10:17:21 -07:00
umohnani8
12512e418b Update kpod version and info to show beta version
Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-09-10 12:17:43 -04:00
umohnani8
38e9f07844 Add namespace flag to kpod ps
The namespace flag prints out information about the namespaces

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-09-10 11:21:49 -04:00
Antonio Murdaca
c9672671db
contrib: test: redirect stderr to stdout
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-09 18:13:56 +02:00
Daniel J Walsh
36584e6f34 Merge pull request #830 from umohnani8/update_load-save
Update kpod load and save for oci-archive
2017-09-09 05:58:54 -04:00
Daniel J Walsh
b5ed8b34c0 Merge pull request #843 from baude/kpod_tag
cmd/kpod/tag.go: Do not assume docker.io for tagging
2017-09-09 05:43:15 -04:00
Antonio Murdaca
f35108d114 Merge pull request #631 from runcom/e2e-conformance
contrib: test: switch node-e2e to e2e
2017-09-09 10:26:20 +02:00
Antonio Murdaca
500eb04b25 Merge pull request #874 from mrunalp/version_dirty_commit
version: Add -dirty if compiled binary includes uncommited changes
2017-09-09 10:05:18 +02:00
Mrunal Patel
e13803043a version: Add -dirty if compiled binary includes uncommited changes
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-09-08 16:17:57 -07:00