Commit graph

1906 commits

Author SHA1 Message Date
Antonio Murdaca
af0a494251
container_create: handle cap add/drop ALL
Kubelet can send cap add/drop ALL. Handle that in CRI-O as well.
Also, this PR is re-vendoring runtime-tools to fix capabilities add to
add caps to _all_ caps set **and** fix a shared memory issue (caps set
were initialized with the same slice, if one modifies one slice, it's
reflected on the other slices, the vendoring fixes this as well)

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 16:43:33 +02:00
Mrunal Patel
7f4f630b98 Merge pull request #852 from runcom/fixies-42
*: bunch of fixes...
2017-09-07 07:37:37 -07:00
Mrunal Patel
b13e881a9b Merge pull request #858 from runcom/fix-add-registry
pkg: storage: fix additional registries
2017-09-07 07:34:57 -07:00
Antonio Murdaca
f7cbbf5e69 Merge pull request #813 from cevich/addswap
Add file-backed swap to prevent OOM
2017-09-07 14:56:08 +02:00
Antonio Murdaca
70657ea19a Merge pull request #854 from dcbw/cni-updates
Use CNI driver from cri-o/ocicni instead of internal one
2017-09-07 12:33:31 +02:00
Antonio Murdaca
1f908f0890
pkg: storage: fix additional registries
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 11:57:16 +02:00
Antonio Murdaca
e8553a124d
container_create: better handling of devices
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 10:13:22 +02:00
Antonio Murdaca
b7b57e8731
container_create: Add TERM=xterm when tty=true
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 10:13:22 +02:00
Antonio Murdaca
cde40ad5ca
container_create: set privileged on ctr only if also on sandbox
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 10:13:22 +02:00
Antonio Murdaca
dacc5c3ece
*: correctly wait and close servers
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 10:13:21 +02:00
Mrunal Patel
a81e90a9c9 Merge pull request #848 from runcom/panic-img
pkg: storage: fix panic when no image names
2017-09-06 17:31:34 -07:00
Dan Williams
0df30c5319 server: port to github.com/cri-o/ocicni; remove pkg/ocicni
Signed-off-by: Dan Williams <dcbw@redhat.com>
2017-09-06 16:07:50 -05:00
Dan Williams
3db6ba7667 vendor: add github.com/cri-o/ocicni
Signed-off-by: Dan Williams <dcbw@redhat.com>
2017-09-06 16:03:58 -05:00
Dan Williams
aec99d6f80 vendor: update CNI to 0.6.0
Signed-off-by: Dan Williams <dcbw@redhat.com>
2017-09-06 16:03:57 -05:00
Daniel J Walsh
9f282717da Begin converting kpod pull to use libpod/runtime
We want to drop brute force mechainism for handling image
movement, this patch experiments with moving kpod pull
to use new libpod interfaces.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-06 19:38:47 +00:00
Daniel J Walsh
e18e962238 Move libkpod/image libkpod/layer to libpod/images and libpod/layers
Begin moving image and layer handling out of libkpod into libpod.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-06 19:25:45 +00:00
Daniel J Walsh
47ef2f66df Merge pull request #850 from ashcrow/lint-install-info
lint: Exit and give instructions when linter missing
2017-09-06 13:31:46 -04:00
Mrunal Patel
cb1cad28db sandbox: Check cri-o and kubelet cgroup managers are same
We ensure that cri-o and kubelet are started with compatible
cgroup managers.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-06 09:57:10 -07:00
Mrunal Patel
ac12018973 Merge pull request #814 from runcom/cache-ip-sandbox
cache sandbox's IP address
2017-09-06 09:51:03 -07:00
Antonio Murdaca
a51bc9753f
oci: add a note about crio-conmon- sub-cgroup with cgroupfs
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-06 17:14:53 +02:00
Antonio Murdaca
f9bf4b15e8
server: inspect: send full ctr log path
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-06 17:14:53 +02:00
Antonio Murdaca
e1125af435
server: expose container Name and IP
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-06 17:14:53 +02:00
Antonio Murdaca
5947698818
test: replace bash CNI plugin with a custom bridge
Because we need a working CNI plugin to setup a correct netns so
sandbox_run can grab a working IP address.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-06 17:14:53 +02:00
Daniel J Walsh
257c3d2744 Merge pull request #839 from umohnani8/rm
Implement kpod rm
2017-09-06 10:59:35 -04:00
Steve Milner
9c240aed8e lint: Exit and give instructions when linter missing
Signed-off-by: Steve Milner <smilner@redhat.com>
2017-09-06 10:15:20 -04:00
baude
529eb5bdb7 cmd/kpod/tag.go: Do not assume docker.io for tagging
When performing a tag, if a shortname was provided, tag.go would
preprend docker.io to the shortname through the ParseNormalized
function.  Here we work around that such that is a short name
and tag are provided, the resulting tag will be shortname:tag.  If
a shortname is provided without a tag, we append "latest" as the
tag.

Added specific tag tests too

Signed-off-by: baude <bbaude@redhat.com>
2017-09-06 09:00:00 -05:00
Antonio Murdaca
6c4a508fc9 Merge pull request #845 from mrunalp/cgroup_info
inspect: Add cgroup driver to info output
2017-09-06 14:48:56 +02:00
Antonio Murdaca
ccb44fd047 Merge pull request #840 from umohnani8/vendor_containers/image
Vendor in latest containers/image
2017-09-06 14:11:25 +02:00
Antonio Murdaca
6624eb60c8 Merge pull request #844 from rhatdan/selinux
When installing content make sure it gets labeled correctly.
2017-09-06 13:27:20 +02:00
Antonio Murdaca
b29c6108e2
pkg: storage: fix panic when no image names
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-06 11:32:53 +02:00
Mrunal Patel
612dcc0267 Add k8s function to compress cgroupfs path to systemd
We are copying this to avoid getting in lots of dependencies.
We also remove now unused function.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-05 19:16:15 -07:00
Mrunal Patel
923f50b0f3 inspect: Add cgroup driver to info output
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-05 15:24:39 -07:00
Daniel J Walsh
d375aab45a When installing content make sure it gets labeled correctly.
This patch will check to see if SELinux is enabled and then pass
the -Z flag to the install command, which causes install to label
all created content with the system default labels.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-05 17:09:28 -04:00
Daniel J Walsh
c88bc13b07 Implement kpod rm
Kpod rm removes a container from the system

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-09-05 14:35:36 -04:00
umohnani8
e9467dc540 Vendor in latest containers/image
Adds support for credential helpers

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-09-05 14:19:10 -04:00
Daniel J Walsh
139d0841e8 Add support for oci-hooks to libkpod
Add new directory /etc/crio/hooks.d, where packagers can drop a json config
file to specify a hook.

The json must specify a valid executable to run.
The json must also specify which stage(s) to run the hook:
prestart, poststart, poststop
The json must specify under which criteria the hook should be launched
If the container HasBindMounts
If the container cmd matches a list of regular expressions
If the containers annotations matches a list of regular expressions.
If any of these match the the hook will be launched.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-05 07:39:31 -04:00
Antonio Murdaca
2ac2832686
server: container_create: store sandbox's ip in annotations
So it can be later retrieved when needed (cadvisor)

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-02 02:05:58 +02:00
Antonio Murdaca
5d637f015d
*: store sandbox IP
Don't call into net namespace on every status call

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-02 02:05:12 +02:00
Antonio Murdaca
8538c4067a Merge pull request #834 from mrunalp/inspect_add_sandbox
server: Add sandbox to container info
2017-09-01 22:41:07 +02:00
Antonio Murdaca
11fbcd235c Merge pull request #822 from mrunalp/label_infra_ctr
sandbox: Add special label to infra container
2017-09-01 22:10:54 +02:00
Daniel J Walsh
553521f03f Merge pull request #805 from baude/config
Make kpod parse configuration file
2017-09-01 14:57:14 -04:00
Mrunal Patel
ec27f5b615 server: Add sandbox to container info
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-01 11:50:18 -07:00
Mrunal Patel
e9378f23ca server: Lookup infra containers as well in endpoint
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-01 10:25:10 -07:00
Mrunal Patel
138a40540f server: Add special k8s label to infra containers
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-01 10:25:04 -07:00
Antonio Murdaca
35ada86b04 Merge pull request #833 from runcom/bump-runc-2
Dockerfile: bump runc commit
2017-09-01 19:06:05 +02:00
baude
266fc193e7 Make kpod parse configuration file
kpod must parse the crio configuration file or the storage
is not set up correctly.  By default it is not.  We now read
/etc/crio/crio.conf in as the configuration file unless it is
overriden by the user and the global -c|--config switch.

Signed-off-by: baude <bbaude@redhat.com>
2017-09-01 11:14:40 -05:00
Mrunal Patel
49c1fd27ac server: Add infra container store to track them separately
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-01 08:49:08 -07:00
Mrunal Patel
b4f9fc8c2c server: Rename infra container to POD
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-01 08:47:55 -07:00
Mrunal Patel
5650a793bd Merge pull request #831 from runcom/fix-socket
serve grpc and http on the same socket
2017-09-01 07:28:06 -07:00
Antonio Murdaca
76d41478bf
Dockerfile: bump runc commit
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-01 16:25:52 +02:00