Antonio Murdaca
e5b5ffdeac
Merge pull request #846 from mrunalp/fix_cgroup_config
...
Fix cgroup config
2017-09-07 19:04:25 +02:00
Antonio Murdaca
af0a494251
container_create: handle cap add/drop ALL
...
Kubelet can send cap add/drop ALL. Handle that in CRI-O as well.
Also, this PR is re-vendoring runtime-tools to fix capabilities add to
add caps to _all_ caps set **and** fix a shared memory issue (caps set
were initialized with the same slice, if one modifies one slice, it's
reflected on the other slices, the vendoring fixes this as well)
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 16:43:33 +02:00
Mrunal Patel
7f4f630b98
Merge pull request #852 from runcom/fixies-42
...
*: bunch of fixes...
2017-09-07 07:37:37 -07:00
Antonio Murdaca
e8553a124d
container_create: better handling of devices
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 10:13:22 +02:00
Antonio Murdaca
b7b57e8731
container_create: Add TERM=xterm when tty=true
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 10:13:22 +02:00
Antonio Murdaca
cde40ad5ca
container_create: set privileged on ctr only if also on sandbox
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 10:13:22 +02:00
Antonio Murdaca
dacc5c3ece
*: correctly wait and close servers
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 10:13:21 +02:00
Dan Williams
0df30c5319
server: port to github.com/cri-o/ocicni; remove pkg/ocicni
...
Signed-off-by: Dan Williams <dcbw@redhat.com>
2017-09-06 16:07:50 -05:00
Mrunal Patel
cb1cad28db
sandbox: Check cri-o and kubelet cgroup managers are same
...
We ensure that cri-o and kubelet are started with compatible
cgroup managers.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-06 09:57:10 -07:00
Mrunal Patel
ac12018973
Merge pull request #814 from runcom/cache-ip-sandbox
...
cache sandbox's IP address
2017-09-06 09:51:03 -07:00
Antonio Murdaca
f9bf4b15e8
server: inspect: send full ctr log path
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-06 17:14:53 +02:00
Antonio Murdaca
e1125af435
server: expose container Name and IP
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-06 17:14:53 +02:00
Daniel J Walsh
257c3d2744
Merge pull request #839 from umohnani8/rm
...
Implement kpod rm
2017-09-06 10:59:35 -04:00
Mrunal Patel
612dcc0267
Add k8s function to compress cgroupfs path to systemd
...
We are copying this to avoid getting in lots of dependencies.
We also remove now unused function.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-05 19:16:15 -07:00
Mrunal Patel
923f50b0f3
inspect: Add cgroup driver to info output
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-05 15:24:39 -07:00
Daniel J Walsh
c88bc13b07
Implement kpod rm
...
Kpod rm removes a container from the system
Signed-off-by: Ryan Cole <rcyoalne@gmail.com>
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-09-05 14:35:36 -04:00
Antonio Murdaca
2ac2832686
server: container_create: store sandbox's ip in annotations
...
So it can be later retrieved when needed (cadvisor)
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-02 02:05:58 +02:00
Antonio Murdaca
5d637f015d
*: store sandbox IP
...
Don't call into net namespace on every status call
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-02 02:05:12 +02:00
Antonio Murdaca
8538c4067a
Merge pull request #834 from mrunalp/inspect_add_sandbox
...
server: Add sandbox to container info
2017-09-01 22:41:07 +02:00
Antonio Murdaca
11fbcd235c
Merge pull request #822 from mrunalp/label_infra_ctr
...
sandbox: Add special label to infra container
2017-09-01 22:10:54 +02:00
Daniel J Walsh
553521f03f
Merge pull request #805 from baude/config
...
Make kpod parse configuration file
2017-09-01 14:57:14 -04:00
Mrunal Patel
ec27f5b615
server: Add sandbox to container info
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-01 11:50:18 -07:00
Mrunal Patel
e9378f23ca
server: Lookup infra containers as well in endpoint
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-01 10:25:10 -07:00
Mrunal Patel
138a40540f
server: Add special k8s label to infra containers
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-01 10:25:04 -07:00
baude
266fc193e7
Make kpod parse configuration file
...
kpod must parse the crio configuration file or the storage
is not set up correctly. By default it is not. We now read
/etc/crio/crio.conf in as the configuration file unless it is
overriden by the user and the global -c|--config switch.
Signed-off-by: baude <bbaude@redhat.com>
2017-09-01 11:14:40 -05:00
Mrunal Patel
49c1fd27ac
server: Add infra container store to track them separately
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-01 08:49:08 -07:00
Mrunal Patel
b4f9fc8c2c
server: Rename infra container to POD
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-01 08:47:55 -07:00
Antonio Murdaca
39006d4cdd
serve grpc and http on the same socket
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-01 12:37:10 +02:00
Mrunal Patel
a913cb0b5d
server: Use crio socket for info/inspect endpoints
...
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-08-31 21:30:54 -07:00
Antonio Murdaca
b16d73ab2f
server: image_list: report image size
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-31 17:50:25 +02:00
Antonio Murdaca
69fc590fc3
server: inspect: add log path and mount point for cadvisor
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-31 17:49:07 +02:00
Mrunal Patel
004330df8f
server: Add a /info endpoint
...
This will give a way for client to get information about crio daemon.
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-08-30 20:50:04 -07:00
Mrunal Patel
58bc35ab40
server: Add an inspect endpoint for containers
...
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-08-30 11:45:56 -07:00
Antonio Murdaca
f51ca87857
*: constify cgroups stuff
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-30 01:10:39 +02:00
Antonio Murdaca
c199f63dba
oci: join crio-conmon for cgroupfs
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-29 23:00:02 +02:00
Antonio Murdaca
dd2b4a8907
server: container_create: fix cgroupfs scopes naming
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-29 23:00:00 +02:00
Antonio Murdaca
c2a4fc740f
oci: wait a while for exit file to show up
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-29 11:25:51 +02:00
Antonio Murdaca
8a0b851b88
server: container_remove: ignore not existent exit file
...
Found out that during OpenShift testing, node was trying to remove
containers (probably in a bad state) and was failing the removal with
this kind of error:
E0828 13:19:46.082710 1235 kuberuntime_gc.go:127] Failed to remove
container
"e907f0f46b969e0dc83ca82c03ae7dd072cfe4155341e4521223d9fe3dec5afb": rpc
error: code = 2 desc = failed to remove container exit file
e907f0f46b969e0dc83ca82c03ae7dd072cfe4155341e4521223d9fe3dec5afb: remove
/var/run/crio/exits/e907f0f46b969e0dc83ca82c03ae7dd072cfe4155341e4521223d9fe3dec5afb:
no such file or directory
I believe it's ok to ignore this error as it may happen conmon will
fail early before exit file is written.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-28 15:37:00 +02:00
Antonio Murdaca
98da370173
server: set golang runtime max threads
...
SetMaxThreads from runtime/debug in Golang is called to set max threads
value to 90% of /proc/sys/kernel/threads-max
Should really help performance.
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-23 19:35:08 +02:00
Antonio Murdaca
d56bf090ce
*: update kube vendor to v1.7.4
...
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-22 17:32:14 +02:00
Mrunal Patel
959aab4fd5
Merge pull request #766 from mrunalp/ctr_status_fixes
...
Container status fixes
2017-08-18 07:39:56 -07:00
Mrunal Patel
701e7ff63f
container_status: Get latest container status if exit code is -1
...
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-08-17 21:13:39 -07:00
Mrunal Patel
908b3fcbbc
Add container/sandbox id to response debugs
...
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-08-17 19:42:43 -07:00
Mrunal Patel
cab0860257
sandbox_remove: Don't stop containers if sandbox is stopped already
...
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-08-17 11:28:18 -07:00
Mrunal Patel
8d58f227cd
sandbox_stop: Store stopped status
...
This allows us to respond to kubelet quickly if the
pod was already stopped successfully earlier.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-08-17 09:01:07 -07:00
Mrunal Patel
ce17c5214d
sandbox: Reduce number of calls to UpdateStatus
...
Also, we distinguish between container and a pod infra
container in the exit monitor as pod infra containers
aren't stored in the main container index.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-08-17 09:01:07 -07:00
Mrunal Patel
ea4b6fa55d
container: Reduce number of calls to UpdateStatus
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-08-17 09:01:07 -07:00
Mrunal Patel
3f1b42ee9e
Return container mounts in status from stored list
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-08-17 09:01:07 -07:00
Mrunal Patel
fa317b41fd
Add volumes to container object at container create time
...
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-08-17 09:01:07 -07:00
Mrunal Patel
bfcebcdb00
Store imageName and imageRef for containers
...
We calculate these values at container creation time and store
them in the container object as they are requested during container
status. This avoids re-calculation and speeds up container status.
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-08-17 09:01:07 -07:00