Commit graph

1748 commits

Author SHA1 Message Date
baude
fc2cae39ef Initial fixes for cri-tests
We now can pass 37/55 tests with this PR.  Remaining tests include may be fixed
with 1.8.

[Fail] [k8s.io] Security Context bucket [It] runtime should support RunAsUserName
[Fail] [k8s.io] Security Context NamespaceOption [It] runtime should support HostPID
[Fail] [k8s.io] PodSandbox runtime should support sysctls [It] should support unsafe sysctls
[Fail] [k8s.io] PodSandbox runtime should support basic operations on PodSandbox [It] runtime should support removing PodSandbox [Conformance]
[Fail] [k8s.io] Streaming runtime should support streaming interfaces [It] runtime should support portforward [Conformance]
[Fail] [k8s.io] Security Context SeccompProfilePath [It] runtime should not support a custom seccomp profile without using localhost/ as a prefix
[Fail] [k8s.io] Image Manager [It] listImage should get exactly 2 repoTags in the result image [Conformance]
[Fail] [k8s.io] PodSandbox runtime should support sysctls [It] should support safe sysctls
[Fail] [k8s.io] Security Context NoNewPrivs [It] should not allow privilege escalation when true
[Fail] [k8s.io] Security Context SeccompProfilePath [It] runtime should support an seccomp profile that blocks setting hostname with SYS_ADMIN
[Fail] [k8s.io] Container runtime should support mount propagation [It] mount with 'rslave' should support propagation from host to container
[Fail] [k8s.io] Container runtime should support mount propagation [It] mount with 'rshared' should support propagation from host to container and vice versa
[Fail] [k8s.io] Networking runtime should support networking [It] runtime should support port mapping with host port and container port [Conformance]
[Fail] [k8s.io] Security Context SeccompProfilePath [It] should support seccomp localhost/profile on the container
[Fail] [k8s.io] Container runtime should support log [It] runtime should support starting container with log [Conformance]
[Fail] [k8s.io] Security Context bucket [It] runtime should support RunAsUser
[Fail] [k8s.io] Security Context bucket [It] runtime should support SupplementalGroups
[Fail] [k8s.io] Security Context SeccompProfilePath docker/default [It] should support seccomp docker/default on the container

Signed-off-by: baude <bbaude@redhat.com>
2017-10-13 08:36:14 -05:00
Daniel J Walsh
825f7f290b Merge pull request from mrunalp/test_fix_kube_dns
test: Fix kube dns bring up in cluster
2017-10-07 05:59:01 -04:00
Mrunal Patel
8c9fcfce0d Merge pull request from mrunalp/readme_fixes
readme: Fix rc version and specify cgroup driver for k8s
2017-10-06 13:20:37 -07:00
Mrunal Patel
93af568246 readme: Fix rc version and specify cgroup driver for k8s
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-10-06 11:52:14 -07:00
Mrunal Patel
9c518dc03b test: Fix kube dns bring up in cluster
We have to call hack/local-up-cluster from kubernetes directory
as it makes relative calls to cluster/kubectl.sh. The failure
of these calls led to kube-dns not coming up.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-10-06 11:50:27 -07:00
Daniel J Walsh
19f37f5c14 Merge pull request from sameo/topic/delete_container
Handle container creation failures gracefully
2017-10-06 11:54:10 -04:00
Daniel J Walsh
974bafe012 Merge pull request from sameo/topic/loglevel
main: Define -log-level option
2017-10-06 09:51:07 -04:00
Daniel J Walsh
e5d2c0af5f Merge pull request from mrunalp/log_size_min
Make sure log-size-max is atleast as big as read buffer
2017-10-06 09:23:48 -04:00
Mrunal Patel
f17f122ef3 Merge pull request from dcbw/net-test
test: add test for network teardown on sandbox error
2017-10-05 21:18:09 -07:00
Mrunal Patel
309a744075 Merge pull request from mrunalp/bump_go_1.8.4
test: Update go to 1.8.4
2017-10-05 18:06:48 -07:00
Mrunal Patel
067cbff207 Make sure log-size-max is atleast as big as read buffer
We need log-size-max to be bigger than the read buffer in conmon
to accurately truncate it.

Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-10-05 15:06:38 -07:00
Dan Williams
cc2b27132e test/network: clean up tests
Signed-off-by: Dan Williams <dcbw@redhat.com>
2017-10-05 16:41:54 -05:00
Dan Williams
8392f5f757 test: add test for network teardown on sandbox setup errors
Signed-off-by: Dan Williams <dcbw@redhat.com>
2017-10-05 16:41:54 -05:00
Samuel Ortiz
f9bad6cc32 oci: Use error logs for container creation failures
They are more critical than simple debug strings.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-10-05 22:53:20 +02:00
Samuel Ortiz
a5e5ccb365 main: Replace -debug with -log-level
Running crio with -debug is very verbose. Having more granularity
on the log level can be useful when e.g. only looking for errors.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-10-05 22:53:20 +02:00
Samuel Ortiz
d27451029b oci: Increase the container creation timeout
Under very heavy loads (e.g. 100 pods created at the same time), VM
based runtimes can take more than 10 seconds to create a pod.

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-10-05 22:52:33 +02:00
Samuel Ortiz
eae1b7d6bd oci: Delete container resources upon creation failure
When cri-o assumes the container creation failed, we need to let the
runtime know that we're bailing out so that it cancels all ongoing
operation.
In container creation timeout situations for example, failing to
explictly request the runtime for container deletion can lead to large
resource leaks as kubelet re-creates a failing container, while the
runtime finishes creating the previous one(s).

Signed-off-by: Samuel Ortiz <sameo@linux.intel.com>
2017-10-05 22:52:33 +02:00
Daniel J Walsh
5b2652c3e3 Merge pull request from rhatdan/cleanup
Cleanup READMEs and Man pages
2017-10-05 14:59:19 -04:00
Mrunal Patel
c3630f807e test: Update go to 1.8.4
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-10-05 11:30:15 -07:00
Daniel J Walsh
61441c1272 Merge pull request from mrunalp/bump_rc3
Release 1.0.0-rc3
2017-10-05 13:47:01 -04:00
Daniel J Walsh
3e7227789b Cleanup READMEs and Man pages
Alphabatize correctly and add missing content.  Also add video.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-10-05 13:39:53 -04:00
Mrunal Patel
18039484ac version: Switch to 1.0.0-rc4-dev
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-10-05 09:37:41 -07:00
Mrunal Patel
d2c6f64125 version: Release 1.0.0-rc3
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-10-05 09:37:07 -07:00
Daniel J Walsh
06e8fb9fdf Merge pull request from baude/exit_code
BUGFIX: Invalid return codes in kpod
2017-10-05 08:29:12 -04:00
Daniel J Walsh
30d163900f Merge pull request from baude/kpod_rmi_name
kpod rmi by ID untagged: %name incorrect
2017-10-05 08:28:04 -04:00
Daniel J Walsh
4e4a7c5c1d Merge pull request from rhatdan/validate
validateFlags command line options to make sure the user entered a value
2017-10-04 18:29:57 -04:00
Daniel J Walsh
6657873d9d Merge pull request from TomSweeneyRedHat/dev/tsweeney/ps_fix
Add pause state to ps, touchup kpod man page
2017-10-04 18:27:26 -04:00
baude
e27230bbaf kpod rmi by ID untagged: %name incorrect
As described in https://github.com/kubernetes-incubator/cri-o/issues/888, when
deleting by ID, the name being returned for the untagged message was "".

Signed-off-by: baude <bbaude@redhat.com>
2017-10-04 15:16:10 -05:00
baude
3611f92ddf BUGFIX: Invalid return codes in kpod
Set the exitsdir for kpod back to /var/run/crio... so kpod can benefit
from the container exit file.

Because 0 is the int32 blank value, kpod needs its own container state
struct with the omitempty removed so it can actually display 0 in
its default json output.

Signed-off-by: baude <bbaude@redhat.com>
2017-10-04 09:34:28 -05:00
TomSweeneyRedHat
f92ed659ab Add pause state to ps, touchup kpod man page
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
2017-10-04 07:42:21 -04:00
Daniel J Walsh
04e96d05fc validateFlags command line options to make sure the user entered a value
When a user enters a CLI with a StringFlags or StringSliceFlags and does not add
a value the CLI mistakently takes the next option and uses it as a value.

This usually ends up with an error like not enough options or others.  Some times
it could also succeed, with weird results.  This patch looks for any values that
begin with a "-" and return an error.

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-10-04 09:36:29 +00:00
Mrunal Patel
3e2ad8f10a Merge pull request from mrunalp/btrfs_build
Btrfs build
2017-10-03 18:01:14 -07:00
Mrunal Patel
a643e533d8 Skip building btrfs support if library isn't installed
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-10-03 13:18:36 -07:00
Daniel J Walsh
1a61584c2f Merge pull request from nikhita/fix-design-proposal-link
tutorial: fix link after design proposal move
2017-10-03 06:08:34 -04:00
Nikhita Raghunath
37debee9a2 Fix link to design proposal 2017-10-03 11:53:58 +05:30
Mrunal Patel
a8ea146d71 Merge pull request from stevekuznetsov/skuznets/assume-golang
Install Golang from source
2017-10-02 10:06:14 -07:00
Steve Kuznetsov
40132d786d
Install Go directly from upstream, not through RPM
Signed-off-by: Steve Kuznetsov <skuznets@redhat.com>
2017-10-02 07:18:41 -07:00
Daniel J Walsh
e5749088b2 Merge pull request from kinvolk/dongsu/fix-panic-run-podsandbox
server: fix 2 panics in RunPodSandbox
2017-10-02 09:18:06 -04:00
Daniel J Walsh
88fc20be1e Merge pull request from rhatdan/quota
Add Overlay Quota support
2017-10-02 08:48:06 -04:00
Daniel J Walsh
f33b59861b Merge pull request from umohnani8/refactor_tests
Refactor kpod tests
2017-10-02 08:45:25 -04:00
Nalin Dahyabhai
2491d38e03 Also refactor setting flags for running kpod
* Remove duplicate definitions of storage-related flags for kpod, since
  we set them in helpers.bash now, and the other locations that were
  also setting it were doing so after loading the definitions in
  helpers.
* Set kpod storage flags after checking if we need to force use of the
  "vfs" storage driver for cri-o, to make sure kpod also ends up with
  the same override if we're using one.

Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
2017-09-29 16:37:07 -04:00
Daniel J Walsh
e16bb3feb3 Refactor kpod tests
Move kpod tests from kpod.bats to kpod_[commandname].bats
Also make sure all status checks have a echo $output before them.

Signed-off-by: Ryan Cole <rcyoalne@gmail.com>

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Signed-off-by: umohnani8 <umohnani@redhat.com>
2017-09-29 16:37:07 -04:00
Daniel J Walsh
6866589be7 Drop btrfs support from RHEL and CentOS
Packages are no longer available to build on RHEL and CentOS and
btrfs is not longer supported, so we should not build with it.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-29 20:34:29 +00:00
Daniel J Walsh
1a41d6ecd4 Remove references to overlay2 in the code
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-29 20:34:29 +00:00
Daniel J Walsh
51fc13abf3 Add documentation on setting up quota
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-29 20:34:29 +00:00
Daniel J Walsh
29bd1c79dd Vendor in container storage
This should add quota support to cri-o

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
2017-09-29 20:34:29 +00:00
Mrunal Patel
e838611fdd Merge pull request from mrunalp/add_pquota
test: Add task to enable xfs pquota support
2017-09-29 10:38:34 -07:00
Mrunal Patel
e0ffa43c34 test: Add flags to enable xfs pquota support
Signed-off-by: Mrunal Patel <mrunalp@gmail.com>
2017-09-29 10:31:46 -07:00
Dongsu Park
644a4af377 server: handle cases of securityContext, namespaceOptions being nil
Both GetSecurityContext() and GetNamespaceOptions() can return nil.
In these cases, cri-o will panic like this:

```
panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x1 pc=0x1cc43f6]

goroutine 66 [running]:
.../cri-o/server.(*Server).RunPodSandbox(0xc42060e300, 0x7f611d37a0b8,
0xc420207e60, 0xc42015e318, 0x0, 0x0, 0x0)
        .../cri-o/server/sandbox_run.go:261 +0xfe6
.../cri-o/vendor/k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime._RuntimeService_RunPodSandbox_Handler(0x2180920,
0xc42060e300, 0x7f611d37a0b8, 0xc420207e60, 0xc420505950, 0x0, 0x0, 0x0,
0x64ed0d, 0xc42064bc80)
        .../cri-o/vendor/k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime/api.pb.go:3645 +0x279
.../cri-o/vendor/google.golang.org/grpc.(*Server).processUnaryRPC(0xc4200a4240,
0x33f28e0, 0xc4204b0360, 0xc42074a870, 0xc420476de0, 0x33bcd38, 0xc420207e30, 0x0, 0x0)
```

Signed-off-by: Dongsu Park <dongsu@kinvolk.io>
2017-09-29 17:00:16 +02:00
Dongsu Park
2080744963 server: fix panic when assigning entry to nil map
When running cri-tests with cri-o, I found out that cri-o panicked
immediately with the following message. Fix it by accessing to the
labels map only if it's non-nil.

```
panic: assignment to entry in nil map

goroutine 57 [running]:
.../cri-o/server.(*Server).RunPodSandbox(0xc42048e000, 0x7efcad4cd400,
0xc42066ec90, 0xc4201703d0, 0x0, 0x0, 0x0)
        .../cri-o/server/sandbox_run.go:225 +0xda5
.../cri-o/vendor/k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime
._RuntimeService_RunPodSandbox_Handler(0x21793e0, 0xc42048e000,
0x7efcad4cd400, 0xc42066ec90, 0xc4204fe780, 0x0, 0x0, 0x0, 0x0, 0x0)
        .../cri-o/vendor/k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime/api.pb.go:3645 +0x279
.../cri-o/vendor/google.golang.org/grpc.(*Server).processUnaryRPC(0xc420
09e3c0, 0x33e79c0, 0xc4203d1950, 0xc42080a000, 0xc4202bb980, 0x33b1d58,
0xc42066ec60, 0x0, 0x0)
        .../cri-o/vendor/google.golang.org/grpc/server.go:638 +0x99c
```

Signed-off-by: Dongsu Park <dongsu@kinvolk.io>
2017-09-29 16:19:21 +02:00