Commit graph

1563 commits

Author SHA1 Message Date
Mrunal Patel
f9387aca28 Merge pull request #865 from runcom/fix-ci
contrib: test: run kube tests in CI with same cgroup driver
2017-09-08 07:24:09 -07:00
Antonio Murdaca
2fa8b3a948 Merge pull request #867 from vbatts/readme_formatting
README: more copy-pastable code sample
2017-09-08 16:03:54 +02:00
87aa0f58e4
README: more copy-pastable code sample
Signed-off-by: Vincent Batts <vbatts@hashbangbash.com>
2017-09-08 09:27:50 -04:00
Antonio Murdaca
09a8d1a751
contrib: test: run kube tests in CI with same cgroup driver
Our CI tests on RHEL and Fedora and we want to test the systemd cgroup
driver. However, kubelet needs to run in tests with systemd cgroup
driver as well, or tests fail. This patch fixes broken CI because of
not matching cgroup driver between CRI-O and the kubelet.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-08 14:26:39 +02:00
Daniel J Walsh
3c468b6f51 Merge pull request #803 from rhatdan/libpod
Move libkpod/image libkpod/layer to libpod/images and libpod/layers
2017-09-07 15:20:31 -04:00
Antonio Murdaca
b8a6d358e7 Merge pull request #562 from rhatdan/hooks
Add support for running oci-hooks
2017-09-07 19:06:01 +02:00
Antonio Murdaca
e5b5ffdeac Merge pull request #846 from mrunalp/fix_cgroup_config
Fix cgroup config
2017-09-07 19:04:25 +02:00
Mrunal Patel
631359ed69 Merge pull request #849 from runcom/fix-caps
container_create: handle cap add/drop ALL
2017-09-07 09:53:11 -07:00
Antonio Murdaca
af0a494251
container_create: handle cap add/drop ALL
Kubelet can send cap add/drop ALL. Handle that in CRI-O as well.
Also, this PR is re-vendoring runtime-tools to fix capabilities add to
add caps to _all_ caps set **and** fix a shared memory issue (caps set
were initialized with the same slice, if one modifies one slice, it's
reflected on the other slices, the vendoring fixes this as well)

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 16:43:33 +02:00
Mrunal Patel
7f4f630b98 Merge pull request #852 from runcom/fixies-42
*: bunch of fixes...
2017-09-07 07:37:37 -07:00
Mrunal Patel
b13e881a9b Merge pull request #858 from runcom/fix-add-registry
pkg: storage: fix additional registries
2017-09-07 07:34:57 -07:00
Antonio Murdaca
f7cbbf5e69 Merge pull request #813 from cevich/addswap
Add file-backed swap to prevent OOM
2017-09-07 14:56:08 +02:00
Antonio Murdaca
70657ea19a Merge pull request #854 from dcbw/cni-updates
Use CNI driver from cri-o/ocicni instead of internal one
2017-09-07 12:33:31 +02:00
Antonio Murdaca
1f908f0890
pkg: storage: fix additional registries
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 11:57:16 +02:00
Antonio Murdaca
e8553a124d
container_create: better handling of devices
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 10:13:22 +02:00
Antonio Murdaca
b7b57e8731
container_create: Add TERM=xterm when tty=true
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 10:13:22 +02:00
Antonio Murdaca
cde40ad5ca
container_create: set privileged on ctr only if also on sandbox
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 10:13:22 +02:00
Antonio Murdaca
dacc5c3ece
*: correctly wait and close servers
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-07 10:13:21 +02:00
Mrunal Patel
a81e90a9c9 Merge pull request #848 from runcom/panic-img
pkg: storage: fix panic when no image names
2017-09-06 17:31:34 -07:00
Dan Williams
0df30c5319 server: port to github.com/cri-o/ocicni; remove pkg/ocicni
Signed-off-by: Dan Williams <dcbw@redhat.com>
2017-09-06 16:07:50 -05:00
Dan Williams
3db6ba7667 vendor: add github.com/cri-o/ocicni
Signed-off-by: Dan Williams <dcbw@redhat.com>
2017-09-06 16:03:58 -05:00
Dan Williams
aec99d6f80 vendor: update CNI to 0.6.0
Signed-off-by: Dan Williams <dcbw@redhat.com>
2017-09-06 16:03:57 -05:00
Daniel J Walsh
9f282717da Begin converting kpod pull to use libpod/runtime
We want to drop brute force mechainism for handling image
movement, this patch experiments with moving kpod pull
to use new libpod interfaces.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-06 19:38:47 +00:00
Daniel J Walsh
e18e962238 Move libkpod/image libkpod/layer to libpod/images and libpod/layers
Begin moving image and layer handling out of libkpod into libpod.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-06 19:25:45 +00:00
Daniel J Walsh
47ef2f66df Merge pull request #850 from ashcrow/lint-install-info
lint: Exit and give instructions when linter missing
2017-09-06 13:31:46 -04:00
Mrunal Patel
cb1cad28db sandbox: Check cri-o and kubelet cgroup managers are same
We ensure that cri-o and kubelet are started with compatible
cgroup managers.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-06 09:57:10 -07:00
Mrunal Patel
ac12018973 Merge pull request #814 from runcom/cache-ip-sandbox
cache sandbox's IP address
2017-09-06 09:51:03 -07:00
Antonio Murdaca
a51bc9753f
oci: add a note about crio-conmon- sub-cgroup with cgroupfs
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-06 17:14:53 +02:00
Antonio Murdaca
f9bf4b15e8
server: inspect: send full ctr log path
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-06 17:14:53 +02:00
Antonio Murdaca
e1125af435
server: expose container Name and IP
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-06 17:14:53 +02:00
Antonio Murdaca
5947698818
test: replace bash CNI plugin with a custom bridge
Because we need a working CNI plugin to setup a correct netns so
sandbox_run can grab a working IP address.

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-06 17:14:53 +02:00
Daniel J Walsh
257c3d2744 Merge pull request #839 from umohnani8/rm
Implement kpod rm
2017-09-06 10:59:35 -04:00
Steve Milner
9c240aed8e lint: Exit and give instructions when linter missing
Signed-off-by: Steve Milner <smilner@redhat.com>
2017-09-06 10:15:20 -04:00
Antonio Murdaca
6c4a508fc9 Merge pull request #845 from mrunalp/cgroup_info
inspect: Add cgroup driver to info output
2017-09-06 14:48:56 +02:00
Antonio Murdaca
ccb44fd047 Merge pull request #840 from umohnani8/vendor_containers/image
Vendor in latest containers/image
2017-09-06 14:11:25 +02:00
Antonio Murdaca
6624eb60c8 Merge pull request #844 from rhatdan/selinux
When installing content make sure it gets labeled correctly.
2017-09-06 13:27:20 +02:00
Antonio Murdaca
b29c6108e2
pkg: storage: fix panic when no image names
Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-06 11:32:53 +02:00
Mrunal Patel
612dcc0267 Add k8s function to compress cgroupfs path to systemd
We are copying this to avoid getting in lots of dependencies.
We also remove now unused function.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-05 19:16:15 -07:00
Mrunal Patel
923f50b0f3 inspect: Add cgroup driver to info output
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-05 15:24:39 -07:00
Daniel J Walsh
d375aab45a When installing content make sure it gets labeled correctly.
This patch will check to see if SELinux is enabled and then pass
the -Z flag to the install command, which causes install to label
all created content with the system default labels.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-05 17:09:28 -04:00
Daniel J Walsh
c88bc13b07 Implement kpod rm
Kpod rm removes a container from the system

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-09-05 14:35:36 -04:00
umohnani8
e9467dc540 Vendor in latest containers/image
Adds support for credential helpers

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-09-05 14:19:10 -04:00
Daniel J Walsh
139d0841e8 Add support for oci-hooks to libkpod
Add new directory /etc/crio/hooks.d, where packagers can drop a json config
file to specify a hook.

The json must specify a valid executable to run.
The json must also specify which stage(s) to run the hook:
prestart, poststart, poststop
The json must specify under which criteria the hook should be launched
If the container HasBindMounts
If the container cmd matches a list of regular expressions
If the containers annotations matches a list of regular expressions.
If any of these match the the hook will be launched.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-05 07:39:31 -04:00
Antonio Murdaca
2ac2832686
server: container_create: store sandbox's ip in annotations
So it can be later retrieved when needed (cadvisor)

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-02 02:05:58 +02:00
Antonio Murdaca
5d637f015d
*: store sandbox IP
Don't call into net namespace on every status call

Signed-off-by: Antonio Murdaca <runcom@redhat.com>
2017-09-02 02:05:12 +02:00
Antonio Murdaca
8538c4067a Merge pull request #834 from mrunalp/inspect_add_sandbox
server: Add sandbox to container info
2017-09-01 22:41:07 +02:00
Antonio Murdaca
11fbcd235c Merge pull request #822 from mrunalp/label_infra_ctr
sandbox: Add special label to infra container
2017-09-01 22:10:54 +02:00
Daniel J Walsh
553521f03f Merge pull request #805 from baude/config
Make kpod parse configuration file
2017-09-01 14:57:14 -04:00
Mrunal Patel
ec27f5b615 server: Add sandbox to container info
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-01 11:50:18 -07:00
Mrunal Patel
e9378f23ca server: Lookup infra containers as well in endpoint
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-01 10:25:10 -07:00