Commit graph

572 commits

Author SHA1 Message Date
Antonio Murdaca
c70198617f
container_create: set mount propagation
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-11-02 16:07:51 +01:00
Antonio Murdaca
e41ba62b19
container_create: honor no_new_privs
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-11-02 16:07:51 +01:00
Antonio Murdaca
d6e819133d
*: initial update to kube 1.8
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-11-02 16:07:51 +01:00
Nalin Dahyabhai
2e5e92730a Switch to ImageServer.UntagImage in RemoveImage handler
Add an UntagImage() method to pkg/storage/ImageServer, which will check
if the passed-in NameOrID is a name.  If so, it merely removes that name
from the image, removing the image only if it was the last name that the
image had.  If the NameOrID is an image ID, the image is removed, as
RemoveImage() does.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-10-31 10:30:18 -04:00
Nalin Dahyabhai
3f2bc09231 Return image references in ImageStatus()
The image's canonical reference is a name with a digest of the image's
manifest, so compute and return that value as the image's reference in
ImageStatus() and in ContainerStatus().

We don't auto-store a name based on the image digest when we pull one by
tag, but then CRI doesn't need us to do that.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-10-31 10:29:06 -04:00
Daniel J Walsh
f6555bd868
Merge pull request #1087 from runcom/sort-mounts
container_create: sort mounts before adding them to the spec
2017-10-30 12:40:00 -04:00
Antonio Murdaca
15afc4d3de
container_create: sort mounts before adding them to the spec
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-10-29 12:31:18 +01:00
Mrunal Patel
03f9350a15 lint fixes
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-10-28 13:17:00 -07:00
Antonio Murdaca
584a256388
server: correctly return and close ch from exits routine
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-10-26 16:55:18 +02:00
Daniel J Walsh
a3cd7c422c Merge pull request #1052 from mheon/conmon_socket_as_arg
Make attach sockets directory an argument in Conmon
2017-10-24 21:48:33 -07:00
Antonio Murdaca
c316e5d8cf
oci: respect process spec on exec
This patch fixes exec to use the original (start-time) process exec
configuration. Otherwise, we were creating a brand new spec process w/o
additional groups for instance.
Spotted while integrating CRI-O with cri-test...The test was failing
with:
```
• Failure [10.640 seconds]
[k8s.io] Security Context
/home/amurdaca/go/src/github.com/kubernetes-incubator/cri-tools/pkg/framework/framework.go:72
  bucket
  /home/amurdaca/go/src/github.com/kubernetes-incubator/cri-tools/pkg/validate/security_context.go:407
    runtime should support SupplementalGroups [It]
    /home/amurdaca/go/src/github.com/kubernetes-incubator/cri-tools/pkg/validate/security_context.go:272

    Expected
        <[]string | len:1, cap:1>: ["0"]
    to contain element matching
        <string>: 1234
```

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-10-24 22:39:17 +02:00
Matthew Heon
ae5fc471ea Make attach sockets directory an argument in Conmon
This is required to enable ongoing work in libpod

Signed-off-by: Matthew Heon <mheon@redhat.com>
2017-10-24 15:42:23 -04:00
Mrunal Patel
d7d2ce7ce2 Merge pull request #1044 from runcom/fix-host-pid
fix host pid handling for containers and share uts ns
2017-10-19 14:11:41 -07:00
Antonio Murdaca
da725f3e5f
fix host pid handling for containers and share uts ns
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-10-19 21:13:28 +02:00
Mrunal Patel
b0e9f0eba8 Revert "Move crio default sock to /var/run/crio/crio.sock"
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-10-19 10:13:49 -07:00
Antonio Murdaca
12ce3ba3ed Merge pull request #1030 from mrunalp/move_crio_sock
Move crio default sock to /var/run/crio/crio.sock
2017-10-19 00:53:10 +02:00
Daniel J Walsh
c2b7f37bd3 Merge pull request #1017 from baude/cri_tests_sandbox
server/sandbox_list.go: No error on filtered list find by ID
2017-10-18 16:10:11 -04:00
Mrunal Patel
c04f585a53 Merge pull request #1021 from runcom/fix-crio-versioning
version: fix version handling and kube info
2017-10-17 22:04:55 -07:00
Mrunal Patel
761e73c82e Move crio default sock to /var/run/crio/crio.sock
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-10-17 22:02:53 -07:00
Mrunal Patel
eafb7f7105 Merge pull request #1014 from runcom/oci-kill-all-fix
oci: fixes to properly handle container stop action
2017-10-17 21:59:32 -07:00
umohnani8
a11b1f953d Fixed logic flaw in the secrets mounts
Tested on a REHL box and found out that the mounts were not showing up
Had a logic flaw, where if the mount was "host:container"
Was setting the mount source to "host" and destination to "ctrRunDir/container"
When instead, the mount source should be "ctrRunDir/container" and destination "container"
with the data copied from "host" to "ctrRunDir/container"

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-10-17 13:08:42 -04:00
Antonio Murdaca
e07ba4b2d1
version: fix version handling and kube info
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-10-17 10:44:50 +02:00
Antonio Murdaca
c6f5a290d8
oci: fixes to properly handle container stop action
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-10-17 00:21:17 +02:00
baude
179a3f9c0e server/sandbox_list.go: No error on filtered list find by ID
We should not error when we try to find a pod ID in a filtered
list of sandboxes; instead we should return an empty struct
and log it.

This fixes another cri-test failure.

Signed-off-by: baude <bbaude@redhat.com>
2017-10-16 16:36:15 -05:00
Daniel J Walsh
7b9a5c259e Merge pull request #992 from baude/cri_tests_sec
Initial fixes for cri-tests
2017-10-13 19:15:08 -04:00
baude
fc2cae39ef Initial fixes for cri-tests
We now can pass 37/55 tests with this PR.  Remaining tests include may be fixed
with 1.8.

[Fail] [k8s.io] Security Context bucket [It] runtime should support RunAsUserName
[Fail] [k8s.io] Security Context NamespaceOption [It] runtime should support HostPID
[Fail] [k8s.io] PodSandbox runtime should support sysctls [It] should support unsafe sysctls
[Fail] [k8s.io] PodSandbox runtime should support basic operations on PodSandbox [It] runtime should support removing PodSandbox [Conformance]
[Fail] [k8s.io] Streaming runtime should support streaming interfaces [It] runtime should support portforward [Conformance]
[Fail] [k8s.io] Security Context SeccompProfilePath [It] runtime should not support a custom seccomp profile without using localhost/ as a prefix
[Fail] [k8s.io] Image Manager [It] listImage should get exactly 2 repoTags in the result image [Conformance]
[Fail] [k8s.io] PodSandbox runtime should support sysctls [It] should support safe sysctls
[Fail] [k8s.io] Security Context NoNewPrivs [It] should not allow privilege escalation when true
[Fail] [k8s.io] Security Context SeccompProfilePath [It] runtime should support an seccomp profile that blocks setting hostname with SYS_ADMIN
[Fail] [k8s.io] Container runtime should support mount propagation [It] mount with 'rslave' should support propagation from host to container
[Fail] [k8s.io] Container runtime should support mount propagation [It] mount with 'rshared' should support propagation from host to container and vice versa
[Fail] [k8s.io] Networking runtime should support networking [It] runtime should support port mapping with host port and container port [Conformance]
[Fail] [k8s.io] Security Context SeccompProfilePath [It] should support seccomp localhost/profile on the container
[Fail] [k8s.io] Container runtime should support log [It] runtime should support starting container with log [Conformance]
[Fail] [k8s.io] Security Context bucket [It] runtime should support RunAsUser
[Fail] [k8s.io] Security Context bucket [It] runtime should support SupplementalGroups
[Fail] [k8s.io] Security Context SeccompProfilePath docker/default [It] should support seccomp docker/default on the container

Signed-off-by: baude <bbaude@redhat.com>
2017-10-13 08:36:14 -05:00
umohnani8
d1aea31786 Follow up changes on secrets patch
Deleted mounts.conf file and moved the secrets mount paths
to a list (default-mounts) in crio.conf

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-10-12 15:10:07 -04:00
Daniel J Walsh
5b41729b6c Merge pull request #942 from umohnani8/secrets_patch
Add secrets support to crio
2017-10-12 11:04:20 -04:00
umohnani8
d5b5028cb9 Add secrets patch to crio
Allows the user to define secret paths in /etc/containers/mounts.conf
These are then volume mounted into the container

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-10-11 20:00:38 -04:00
Mrunal Patel
bb4b2e9fea test: Modify Fatal to Fatalf as we have a specifier
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-10-11 14:51:11 -07:00
Mrunal Patel
7c2c9a8c85 test: Fix format specifier
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-10-10 16:23:54 -07:00
baude
3611f92ddf BUGFIX: Invalid return codes in kpod
Set the exitsdir for kpod back to /var/run/crio... so kpod can benefit
from the container exit file.

Because 0 is the int32 blank value, kpod needs its own container state
struct with the omitempty removed so it can actually display 0 in
its default json output.

Signed-off-by: baude <bbaude@redhat.com>
2017-10-04 09:34:28 -05:00
Dongsu Park
644a4af377 server: handle cases of securityContext, namespaceOptions being nil
Both GetSecurityContext() and GetNamespaceOptions() can return nil.
In these cases, cri-o will panic like this:

```
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x1 pc=0x1cc43f6]

goroutine 66 [running]:
.../cri-o/server.(*Server).RunPodSandbox(0xc42060e300, 0x7f611d37a0b8,
0xc420207e60, 0xc42015e318, 0x0, 0x0, 0x0)
        .../cri-o/server/sandbox_run.go:261 +0xfe6
.../cri-o/vendor/k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime._RuntimeService_RunPodSandbox_Handler(0x2180920,
0xc42060e300, 0x7f611d37a0b8, 0xc420207e60, 0xc420505950, 0x0, 0x0, 0x0,
0x64ed0d, 0xc42064bc80)
        .../cri-o/vendor/k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime/api.pb.go:3645 +0x279
.../cri-o/vendor/google.golang.org/grpc.(*Server).processUnaryRPC(0xc4200a4240,
0x33f28e0, 0xc4204b0360, 0xc42074a870, 0xc420476de0, 0x33bcd38, 0xc420207e30, 0x0, 0x0)
```

Signed-off-by: Dongsu Park <dongsu@kinvolk.io>
2017-09-29 17:00:16 +02:00
Dongsu Park
2080744963 server: fix panic when assigning entry to nil map
When running cri-tests with cri-o, I found out that cri-o panicked
immediately with the following message. Fix it by accessing to the
labels map only if it's non-nil.

```
panic: assignment to entry in nil map

goroutine 57 [running]:
.../cri-o/server.(*Server).RunPodSandbox(0xc42048e000, 0x7efcad4cd400,
0xc42066ec90, 0xc4201703d0, 0x0, 0x0, 0x0)
        .../cri-o/server/sandbox_run.go:225 +0xda5
.../cri-o/vendor/k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime
._RuntimeService_RunPodSandbox_Handler(0x21793e0, 0xc42048e000,
0x7efcad4cd400, 0xc42066ec90, 0xc4204fe780, 0x0, 0x0, 0x0, 0x0, 0x0)
        .../cri-o/vendor/k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime/api.pb.go:3645 +0x279
.../cri-o/vendor/google.golang.org/grpc.(*Server).processUnaryRPC(0xc420
09e3c0, 0x33e79c0, 0xc4203d1950, 0xc42080a000, 0xc4202bb980, 0x33b1d58,
0xc42066ec60, 0x0, 0x0)
        .../cri-o/vendor/google.golang.org/grpc/server.go:638 +0x99c
```

Signed-off-by: Dongsu Park <dongsu@kinvolk.io>
2017-09-29 16:19:21 +02:00
Mrunal Patel
db0bd66fca Merge pull request #917 from runcom/fixes-rc3-0
Fix Origin test and update kube to v1.7.6
2017-09-25 14:55:42 -07:00
Antonio Murdaca
3dd043c581
sandbox_network: pass sandbox to newPodNetwork
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-25 21:08:11 +02:00
Antonio Murdaca
6c871769b4
server: more fixes for selinux and privileged mode
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-25 21:08:11 +02:00
Antonio Murdaca
7b0bde4362
container_create: fix seccomp annotations
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-25 21:08:11 +02:00
Antonio Murdaca
59c0218a9c
container_create: follow symlink for mount host path
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-25 21:08:11 +02:00
Antonio Murdaca
e8cfe3b867
container_create: support seccomp docker/default annotation
Fixes the following Origin/Kube test:

```
• Failure [10.323 seconds]
[k8s.io] Security Context [Feature:SecurityContext]
/go/src/github.com/openshift/origin/vendor/k8s.io/kubernetes/test/e2e/framework/framework.go:619
  should support seccomp alpha docker/default annotation
[Feature:Seccomp] [It]
  /go/src/github.com/openshift/origin/vendor/k8s.io/kubernetes/test/e2e/security_context.go:133

  Expected error:
      <*errors.errorString | 0xc420cbacf0>: {
          s: "expected \"2\" in container output: Expected\n
<string>: Seccomp:\t0\n    \nto contain substring\n    <string>: 2",
      }
      expected "2" in container output: Expected
          <string>: Seccomp:	0

      to contain substring
          <string>: 2
  not to have occurred
}
```

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-25 21:08:11 +02:00
Mrunal Patel
50baca10e9 Add crio annotations to container endpoint
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-25 11:59:40 -07:00
Mrunal Patel
2e3d5240c2 client: Add crio client package
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-25 11:59:40 -07:00
Antonio Murdaca
a11b8cd8ec
sandbox, ctr: SELinux fixes
server: fix selinux labels for pod and containers

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

sandbox: set selinux labels from request, not defaults

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

container_create: use sandbox's selinux if container's nil

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

sandbox: correctly init selinux labels

First, we weren't correctly initializing selinux labels. If any of
(level, user, role, type) was missing from kube selinux options, we
were erroring out. This is wrong as kube sends just `level=s0`
sometimes and docker itself allows `--security-opt label=level:s0`.
This patch directly initializes selinux labels, correctly, and adds a
test to verify it.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>

test: testdata: use container_runtime_t selinux type

RHEL SELinux policy doesn't have `container_t` type but we're using it
in our fixtures. That means Fedora integration tests pass because
`container_t` is in Fedora's container policy but RHEL is broken.
Fix it by using `container_runtime_t` which is aliased in Fedora policy
to `container_t`.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 22:40:17 +02:00
Antonio Murdaca
ec42a40936
server: use grpc getters
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 10:19:32 +02:00
Antonio Murdaca
9ec518491f
server: correctly set hostname
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 10:19:31 +02:00
Antonio Murdaca
0c1383fd30
test: add inspect integration tests
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 10:19:31 +02:00
Antonio Murdaca
e26e48ec87
server: add inspect unit test
The inspect endpoint is used mainly in the CRI-O cAdvisor handler.
Let's make sure we don't break it by adding some trivial unit tests.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-17 10:19:29 +02:00
Dan Williams
6a58bdf787 server: clean up sandbox network when running the sandbox fails
Runtimes need to clean up anything that needs it if RunPodSandbox()
fails.

Signed-off-by: Dan Williams <dcbw@redhat.com>
2017-09-11 14:19:27 -05:00
Antonio Murdaca
b8a6d358e7 Merge pull request #562 from rhatdan/hooks
Add support for running oci-hooks
2017-09-07 19:06:01 +02:00
Antonio Murdaca
e5b5ffdeac Merge pull request #846 from mrunalp/fix_cgroup_config
Fix cgroup config
2017-09-07 19:04:25 +02:00
Antonio Murdaca
af0a494251
container_create: handle cap add/drop ALL
Kubelet can send cap add/drop ALL. Handle that in CRI-O as well.
Also, this PR is re-vendoring runtime-tools to fix capabilities add to
add caps to _all_ caps set **and** fix a shared memory issue (caps set
were initialized with the same slice, if one modifies one slice, it's
reflected on the other slices, the vendoring fixes this as well)

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 16:43:33 +02:00
Mrunal Patel
7f4f630b98 Merge pull request #852 from runcom/fixies-42
*: bunch of fixes...
2017-09-07 07:37:37 -07:00
Antonio Murdaca
e8553a124d
container_create: better handling of devices
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 10:13:22 +02:00
Antonio Murdaca
b7b57e8731
container_create: Add TERM=xterm when tty=true
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 10:13:22 +02:00
Antonio Murdaca
cde40ad5ca
container_create: set privileged on ctr only if also on sandbox
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 10:13:22 +02:00
Antonio Murdaca
dacc5c3ece
*: correctly wait and close servers
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 10:13:21 +02:00
Dan Williams
0df30c5319 server: port to github.com/cri-o/ocicni; remove pkg/ocicni
Signed-off-by: Dan Williams <dcbw@redhat.com>
2017-09-06 16:07:50 -05:00
Mrunal Patel
cb1cad28db sandbox: Check cri-o and kubelet cgroup managers are same
We ensure that cri-o and kubelet are started with compatible
cgroup managers.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-06 09:57:10 -07:00
Mrunal Patel
ac12018973 Merge pull request #814 from runcom/cache-ip-sandbox
cache sandbox's IP address
2017-09-06 09:51:03 -07:00
Antonio Murdaca
f9bf4b15e8
server: inspect: send full ctr log path
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-06 17:14:53 +02:00
Antonio Murdaca
e1125af435
server: expose container Name and IP
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-06 17:14:53 +02:00
Daniel J Walsh
257c3d2744 Merge pull request #839 from umohnani8/rm
Implement kpod rm
2017-09-06 10:59:35 -04:00
Mrunal Patel
612dcc0267 Add k8s function to compress cgroupfs path to systemd
We are copying this to avoid getting in lots of dependencies.
We also remove now unused function.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-05 19:16:15 -07:00
Mrunal Patel
923f50b0f3 inspect: Add cgroup driver to info output
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-05 15:24:39 -07:00
Daniel J Walsh
c88bc13b07 Implement kpod rm
Kpod rm removes a container from the system

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-09-05 14:35:36 -04:00
Daniel J Walsh
139d0841e8 Add support for oci-hooks to libkpod
Add new directory /etc/crio/hooks.d, where packagers can drop a json config
file to specify a hook.

The json must specify a valid executable to run.
The json must also specify which stage(s) to run the hook:
prestart, poststart, poststop
The json must specify under which criteria the hook should be launched
If the container HasBindMounts
If the container cmd matches a list of regular expressions
If the containers annotations matches a list of regular expressions.
If any of these match the the hook will be launched.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-05 07:39:31 -04:00
Antonio Murdaca
2ac2832686
server: container_create: store sandbox's ip in annotations
So it can be later retrieved when needed (cadvisor)

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-02 02:05:58 +02:00
Antonio Murdaca
5d637f015d
*: store sandbox IP
Don't call into net namespace on every status call

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-02 02:05:12 +02:00
Antonio Murdaca
8538c4067a Merge pull request #834 from mrunalp/inspect_add_sandbox
server: Add sandbox to container info
2017-09-01 22:41:07 +02:00
Antonio Murdaca
11fbcd235c Merge pull request #822 from mrunalp/label_infra_ctr
sandbox: Add special label to infra container
2017-09-01 22:10:54 +02:00
Daniel J Walsh
553521f03f Merge pull request #805 from baude/config
Make kpod parse configuration file
2017-09-01 14:57:14 -04:00
Mrunal Patel
ec27f5b615 server: Add sandbox to container info
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-01 11:50:18 -07:00
Mrunal Patel
e9378f23ca server: Lookup infra containers as well in endpoint
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-01 10:25:10 -07:00
Mrunal Patel
138a40540f server: Add special k8s label to infra containers
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-01 10:25:04 -07:00
baude
266fc193e7 Make kpod parse configuration file
kpod must parse the crio configuration file or the storage
is not set up correctly.  By default it is not.  We now read
/etc/crio/crio.conf in as the configuration file unless it is
overriden by the user and the global -c|--config switch.

Signed-off-by: baude <bbaude@redhat.com>
2017-09-01 11:14:40 -05:00
Mrunal Patel
49c1fd27ac server: Add infra container store to track them separately
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-01 08:49:08 -07:00
Mrunal Patel
b4f9fc8c2c server: Rename infra container to POD
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-01 08:47:55 -07:00
Antonio Murdaca
39006d4cdd
serve grpc and http on the same socket
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-01 12:37:10 +02:00
Mrunal Patel
a913cb0b5d server: Use crio socket for info/inspect endpoints
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-08-31 21:30:54 -07:00
Antonio Murdaca
b16d73ab2f
server: image_list: report image size
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-31 17:50:25 +02:00
Antonio Murdaca
69fc590fc3
server: inspect: add log path and mount point for cadvisor
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-31 17:49:07 +02:00
Mrunal Patel
004330df8f server: Add a /info endpoint
This will give a way for client to get information about crio daemon.

Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-08-30 20:50:04 -07:00
Mrunal Patel
58bc35ab40 server: Add an inspect endpoint for containers
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-08-30 11:45:56 -07:00
Antonio Murdaca
f51ca87857
*: constify cgroups stuff
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-30 01:10:39 +02:00
Antonio Murdaca
c199f63dba
oci: join crio-conmon for cgroupfs
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-29 23:00:02 +02:00
Antonio Murdaca
dd2b4a8907
server: container_create: fix cgroupfs scopes naming
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-29 23:00:00 +02:00
Antonio Murdaca
c2a4fc740f
oci: wait a while for exit file to show up
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-29 11:25:51 +02:00
Antonio Murdaca
8a0b851b88
server: container_remove: ignore not existent exit file
Found out that during OpenShift testing, node was trying to remove
containers (probably in a bad state) and was failing the removal with
this kind of error:

E0828 13:19:46.082710    1235 kuberuntime_gc.go:127] Failed to remove
container
"e907f0f46b969e0dc83ca82c03ae7dd072cfe4155341e4521223d9fe3dec5afb": rpc
error: code = 2 desc = failed to remove container exit file
e907f0f46b969e0dc83ca82c03ae7dd072cfe4155341e4521223d9fe3dec5afb: remove
/var/run/crio/exits/e907f0f46b969e0dc83ca82c03ae7dd072cfe4155341e4521223d9fe3dec5afb:
no such file or directory

I believe it's ok to ignore this error as it may happen conmon will
fail early before exit file is written.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-28 15:37:00 +02:00
Antonio Murdaca
98da370173
server: set golang runtime max threads
SetMaxThreads from runtime/debug in Golang is called to set max threads
value to 90% of /proc/sys/kernel/threads-max
Should really help performance.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-23 19:35:08 +02:00
Antonio Murdaca
d56bf090ce
*: update kube vendor to v1.7.4
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-22 17:32:14 +02:00
Mrunal Patel
959aab4fd5 Merge pull request #766 from mrunalp/ctr_status_fixes
Container status fixes
2017-08-18 07:39:56 -07:00
Mrunal Patel
701e7ff63f container_status: Get latest container status if exit code is -1
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-08-17 21:13:39 -07:00
Mrunal Patel
908b3fcbbc Add container/sandbox id to response debugs
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-08-17 19:42:43 -07:00
Mrunal Patel
cab0860257 sandbox_remove: Don't stop containers if sandbox is stopped already
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-08-17 11:28:18 -07:00
Mrunal Patel
8d58f227cd sandbox_stop: Store stopped status
This allows us to respond to kubelet quickly if the
pod was already stopped successfully earlier.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-08-17 09:01:07 -07:00
Mrunal Patel
ce17c5214d sandbox: Reduce number of calls to UpdateStatus
Also, we distinguish between container and a pod infra
container in the exit monitor as pod infra containers
aren't stored in the main container index.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-08-17 09:01:07 -07:00
Mrunal Patel
ea4b6fa55d container: Reduce number of calls to UpdateStatus
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-08-17 09:01:07 -07:00
Mrunal Patel
3f1b42ee9e Return container mounts in status from stored list
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-08-17 09:01:07 -07:00
Mrunal Patel
fa317b41fd Add volumes to container object at container create time
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-08-17 09:01:07 -07:00
Mrunal Patel
bfcebcdb00 Store imageName and imageRef for containers
We calculate these values at container creation time and store
them in the container object as they are requested during container
status. This avoids re-calculation and speeds up container status.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-08-17 09:01:07 -07:00