Commit graph

475 commits

Author SHA1 Message Date
Dan Williams
6a58bdf787 server: clean up sandbox network when running the sandbox fails
Runtimes need to clean up anything that needs it if RunPodSandbox()
fails.

Signed-off-by: Dan Williams <dcbw@redhat.com>
2017-09-11 14:19:27 -05:00
Antonio Murdaca
b8a6d358e7 Merge pull request #562 from rhatdan/hooks
Add support for running oci-hooks
2017-09-07 19:06:01 +02:00
Antonio Murdaca
e5b5ffdeac Merge pull request #846 from mrunalp/fix_cgroup_config
Fix cgroup config
2017-09-07 19:04:25 +02:00
Antonio Murdaca
af0a494251
container_create: handle cap add/drop ALL
Kubelet can send cap add/drop ALL. Handle that in CRI-O as well.
Also, this PR is re-vendoring runtime-tools to fix capabilities add to
add caps to _all_ caps set **and** fix a shared memory issue (caps set
were initialized with the same slice, if one modifies one slice, it's
reflected on the other slices, the vendoring fixes this as well)

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 16:43:33 +02:00
Mrunal Patel
7f4f630b98 Merge pull request #852 from runcom/fixies-42
*: bunch of fixes...
2017-09-07 07:37:37 -07:00
Antonio Murdaca
e8553a124d
container_create: better handling of devices
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 10:13:22 +02:00
Antonio Murdaca
b7b57e8731
container_create: Add TERM=xterm when tty=true
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 10:13:22 +02:00
Antonio Murdaca
cde40ad5ca
container_create: set privileged on ctr only if also on sandbox
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 10:13:22 +02:00
Antonio Murdaca
dacc5c3ece
*: correctly wait and close servers
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 10:13:21 +02:00
Dan Williams
0df30c5319 server: port to github.com/cri-o/ocicni; remove pkg/ocicni
Signed-off-by: Dan Williams <dcbw@redhat.com>
2017-09-06 16:07:50 -05:00
Mrunal Patel
cb1cad28db sandbox: Check cri-o and kubelet cgroup managers are same
We ensure that cri-o and kubelet are started with compatible
cgroup managers.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-06 09:57:10 -07:00
Mrunal Patel
ac12018973 Merge pull request #814 from runcom/cache-ip-sandbox
cache sandbox's IP address
2017-09-06 09:51:03 -07:00
Antonio Murdaca
f9bf4b15e8
server: inspect: send full ctr log path
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-06 17:14:53 +02:00
Antonio Murdaca
e1125af435
server: expose container Name and IP
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-06 17:14:53 +02:00
Daniel J Walsh
257c3d2744 Merge pull request #839 from umohnani8/rm
Implement kpod rm
2017-09-06 10:59:35 -04:00
Mrunal Patel
612dcc0267 Add k8s function to compress cgroupfs path to systemd
We are copying this to avoid getting in lots of dependencies.
We also remove now unused function.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-05 19:16:15 -07:00
Mrunal Patel
923f50b0f3 inspect: Add cgroup driver to info output
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-05 15:24:39 -07:00
Daniel J Walsh
c88bc13b07 Implement kpod rm
Kpod rm removes a container from the system

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-09-05 14:35:36 -04:00
Daniel J Walsh
139d0841e8 Add support for oci-hooks to libkpod
Add new directory /etc/crio/hooks.d, where packagers can drop a json config
file to specify a hook.

The json must specify a valid executable to run.
The json must also specify which stage(s) to run the hook:
prestart, poststart, poststop
The json must specify under which criteria the hook should be launched
If the container HasBindMounts
If the container cmd matches a list of regular expressions
If the containers annotations matches a list of regular expressions.
If any of these match the the hook will be launched.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-05 07:39:31 -04:00
Antonio Murdaca
2ac2832686
server: container_create: store sandbox's ip in annotations
So it can be later retrieved when needed (cadvisor)

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-02 02:05:58 +02:00
Antonio Murdaca
5d637f015d
*: store sandbox IP
Don't call into net namespace on every status call

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-02 02:05:12 +02:00
Antonio Murdaca
8538c4067a Merge pull request #834 from mrunalp/inspect_add_sandbox
server: Add sandbox to container info
2017-09-01 22:41:07 +02:00
Antonio Murdaca
11fbcd235c Merge pull request #822 from mrunalp/label_infra_ctr
sandbox: Add special label to infra container
2017-09-01 22:10:54 +02:00
Daniel J Walsh
553521f03f Merge pull request #805 from baude/config
Make kpod parse configuration file
2017-09-01 14:57:14 -04:00
Mrunal Patel
ec27f5b615 server: Add sandbox to container info
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-01 11:50:18 -07:00
Mrunal Patel
e9378f23ca server: Lookup infra containers as well in endpoint
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-01 10:25:10 -07:00
Mrunal Patel
138a40540f server: Add special k8s label to infra containers
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-01 10:25:04 -07:00
baude
266fc193e7 Make kpod parse configuration file
kpod must parse the crio configuration file or the storage
is not set up correctly.  By default it is not.  We now read
/etc/crio/crio.conf in as the configuration file unless it is
overriden by the user and the global -c|--config switch.

Signed-off-by: baude <bbaude@redhat.com>
2017-09-01 11:14:40 -05:00
Mrunal Patel
49c1fd27ac server: Add infra container store to track them separately
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-01 08:49:08 -07:00
Mrunal Patel
b4f9fc8c2c server: Rename infra container to POD
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-01 08:47:55 -07:00
Antonio Murdaca
39006d4cdd
serve grpc and http on the same socket
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-01 12:37:10 +02:00
Mrunal Patel
a913cb0b5d server: Use crio socket for info/inspect endpoints
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-08-31 21:30:54 -07:00
Antonio Murdaca
b16d73ab2f
server: image_list: report image size
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-31 17:50:25 +02:00
Antonio Murdaca
69fc590fc3
server: inspect: add log path and mount point for cadvisor
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-31 17:49:07 +02:00
Mrunal Patel
004330df8f server: Add a /info endpoint
This will give a way for client to get information about crio daemon.

Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-08-30 20:50:04 -07:00
Mrunal Patel
58bc35ab40 server: Add an inspect endpoint for containers
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-08-30 11:45:56 -07:00
Antonio Murdaca
f51ca87857
*: constify cgroups stuff
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-30 01:10:39 +02:00
Antonio Murdaca
c199f63dba
oci: join crio-conmon for cgroupfs
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-29 23:00:02 +02:00
Antonio Murdaca
dd2b4a8907
server: container_create: fix cgroupfs scopes naming
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-29 23:00:00 +02:00
Antonio Murdaca
c2a4fc740f
oci: wait a while for exit file to show up
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-29 11:25:51 +02:00
Antonio Murdaca
8a0b851b88
server: container_remove: ignore not existent exit file
Found out that during OpenShift testing, node was trying to remove
containers (probably in a bad state) and was failing the removal with
this kind of error:

E0828 13:19:46.082710    1235 kuberuntime_gc.go:127] Failed to remove
container
"e907f0f46b969e0dc83ca82c03ae7dd072cfe4155341e4521223d9fe3dec5afb": rpc
error: code = 2 desc = failed to remove container exit file
e907f0f46b969e0dc83ca82c03ae7dd072cfe4155341e4521223d9fe3dec5afb: remove
/var/run/crio/exits/e907f0f46b969e0dc83ca82c03ae7dd072cfe4155341e4521223d9fe3dec5afb:
no such file or directory

I believe it's ok to ignore this error as it may happen conmon will
fail early before exit file is written.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-28 15:37:00 +02:00
Antonio Murdaca
98da370173
server: set golang runtime max threads
SetMaxThreads from runtime/debug in Golang is called to set max threads
value to 90% of /proc/sys/kernel/threads-max
Should really help performance.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-23 19:35:08 +02:00
Antonio Murdaca
d56bf090ce
*: update kube vendor to v1.7.4
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-08-22 17:32:14 +02:00
Mrunal Patel
959aab4fd5 Merge pull request #766 from mrunalp/ctr_status_fixes
Container status fixes
2017-08-18 07:39:56 -07:00
Mrunal Patel
701e7ff63f container_status: Get latest container status if exit code is -1
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-08-17 21:13:39 -07:00
Mrunal Patel
908b3fcbbc Add container/sandbox id to response debugs
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-08-17 19:42:43 -07:00
Mrunal Patel
cab0860257 sandbox_remove: Don't stop containers if sandbox is stopped already
Signed-off-by: Mrunal Patel <mpatel@redhat.com>
2017-08-17 11:28:18 -07:00
Mrunal Patel
8d58f227cd sandbox_stop: Store stopped status
This allows us to respond to kubelet quickly if the
pod was already stopped successfully earlier.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-08-17 09:01:07 -07:00
Mrunal Patel
ce17c5214d sandbox: Reduce number of calls to UpdateStatus
Also, we distinguish between container and a pod infra
container in the exit monitor as pod infra containers
aren't stored in the main container index.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-08-17 09:01:07 -07:00
Mrunal Patel
ea4b6fa55d container: Reduce number of calls to UpdateStatus
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-08-17 09:01:07 -07:00