mirror of
git://git.yoctoproject.org/meta-virtualization.git
synced 2026-01-27 10:41:26 +01:00
master
62 Commits
| Author | SHA1 | Message | Date | |
|---|---|---|---|---|
Bruce Ashfield
|
d9fe4df438 |
cri-o: update to v1.34.1
Bumping cri-o to version v1.34.1-9-g5780ac7b4, which comprises the following commits:
6d3fac06f Update log formatting in interceptors to use %+v for better readability of structs
83172bb4c Fix dependencies check
1c84c7c4b Re-add the `--enable-fixed-path` removal for gpgme
43f6eeeda version: bump to 1.34.1
7561efe0b HighPerformanceHooks: Defer irqSMPAffinityFile rollback
c2eab18ba HighPerformanceHooks: Move IRQ balancing to PostStop hook
0790633e6 HighPerformanceHooks: Add mock infra for command and system unit tests
e294f5435 HighPerformanceHooks: Make locks atomic for irq SMP affinity
bbd9d0360 server: Fix network cleanup failures when NetNS path is empty
a8b550ad0 config: configure shortname through configuration and enforce shortnames
7a4365cf5 Add crio.runtime.runtimes seccomp_profile to crio.conf.5 doc
9b922306b build(deps): bump the gomod group with 4 updates
5813011e0 build(deps): bump the gomod group with 2 updates
1c4060d8f Warn when CONTAINER_INCLUDED_POD_METRCIS (typo) is used.
a0a44b5dd Add runtime handler seccomp profile
fdda720ff build(deps): bump github.com/prometheus/client_golang in the gomod group
84ea2f8b6 build(deps): bump the gomod group with 2 updates
165d40bfa build(deps): bump the gomod group with 7 updates
15233a7de tests: add a unit test for log rotation
d07b9575e Update nixpkgs
c411cfa7b build(deps): bump github.com/onsi/ginkgo/v2 in the gomod group
47b7f11ff Update nixpkgs
c5942f667 Update other deps
fb2861507 build(deps): bump github.com/ulikunitz/xz from 0.5.12 to 0.5.14
fb183a27c runtime_vm: Implement the ReopenContainerLog function
d1839c936 build(deps): bump the gomod group with 4 updates
eb3004491 Use k8s 0.34.0
cc074af34 build(deps): bump the kubernetes group with 7 updates
cf1c33f6e Remove thermal_throttle masked paths.
d10c4e501 Use k8s rc instead of the next minor
558c5483c build(deps): bump the gomod group across 1 directory with 16 updates
9d999d519 Cleanup container user log message and trivial code
655c5f8fe docs: regenerate/update man pages.
2a71e8181 completions: regenerate completions.
64863ccbe nri: add configuration for the default validator.
7c5f1fe54 server: add type conversion functions removed from NRI.
831b8dd9b go.{mod,sum}: update NRI to v0.10.0.
21b03fda2 inspect: add hostnetwork information
cc10ee3cd Add support for conmon-rs log driver and heaptrack config
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Chen Qi
|
17a69ce26e |
cri-o: correct SRC_URI and HOMEPAGE
cri-o now resides under https://github.com/cri-o/cri-o. The old URL, https://github.com/kubernetes-sigs/cri-o, now redirects to https://github.com/cri-o/cri-o. Correct SRC_URI and HOMEPAGE to use https://github.com/cri-o/cri-o. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
93493802e8 |
crio: update to v1.33.0 -tip
Bumping cri-o to version v1.33.0-167-g259e23fd4, which comprises the following commits:
21b03fda2 inspect: add hostnetwork information
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
345cefb35e |
cri-o: update to v1.33.0
Bumping cri-o to version v1.33.0-63-g87ce1c120, which comprises the following commits:
b9bc2a2cd Upgrade netlink
8d0965635 Downgrade otelgrpc
bc9516250 build(deps): bump the gomod group across 1 directory with 20 updates
e90924e83 Revert "temporarily enable debug symbols"
6870ad334 test/ctr.bats: fix wrt new CPU units to weight conversion
2491f8124 Mark v1.30 as EOL
ba6a88448 fix prettier
7cf556a6f update nixpkgs
4450e698d Bump go version to 1.24.3
f8084ff63 build(deps): bump github.com/go-chi/chi/v5 from 5.2.1 to 5.2.2
ab7d879dc temporarily enable debug symbols
1e751b490 fix deadlock when the container is in uninterruptible sleep
cb2965f42 [revert] internal/oci: fix terminal resize race condition
0d449e00e internal/oci: fix terminal resize race condition
662474e9b fix verify command
ebabdc929 unit tests fixup
85665a6fe code fixup
5944f40fc HighPerformanceHooks: Remove dead code ShouldCPUQuotaBeDisabled
a22b5dad9 FreeBSD fixup
ebee282d3 HighPerformanceHooks: Unit tests for Fix IRQ SMP affinity race
c50e4e0de HighPerformanceHooks: Fix IRQ SMP affinity race conditions
239f9ee61 install: drop outdated flatcar installation instructions
bfe3b83cf increase timeout of critests
5912f0483 change conmon install
25b3dfb58 UpdateContainerStatus: fix error logging
6062ff148 internal/hostport: fix linter warning
b3f139431 Redo metaHostportManager construction, fix bug
801383af3 Improve iptables error handling when there's no iptables binary
0a0b33208 deps: bump to runc 1.3
3f4b82fa6 Finish switching to opencontainers/cgroups
dc3d6b6ec pass down apparmor errors
608b8a0e9 Retry failed tests
290edee86 sandbox: use created/stopped instead of infra container for readiness
4996d1050 Extend checkpoint/restore test for container logs
f52c04277 Add coverage report from integration tests
6b20443c5 Fix `OS_RPM_NAME="$(rpmspec -q --qf '%{name}\n' "${OS_RPM_SPECFILE}" | head -1)"` exited with status 141. error
eea79c782 Switch to v1.34.0 as development version of `main`
a51c99a2c Decrease actual version
aa52c9329 Add option to allow seccomp profiles for privileged containers
4fc529bf8 Support multi architecture artifacts
d94a8f37c Add signature verification for image volumes
15bbcca97 build(deps): bump github.com/opencontainers/cgroups in the gomod group
d063f8293 Add v1.33 to supported versions
9b0142eb0 Update CNI plugins to v1.7.1
aecad95c3 Improve timeout integration tests
f499c0a96 Make metaHostportManager handle iptables vs nftables
982c191d9 Add an nftables HostPortManager
dda8739ea Move iptables HostPortManager code into its own file.
beb362521 Move hostport conntrack cleanup to metaHostportManager
dec4bda08 Move hostport IP family filtering to metaHostportManager
b7731057a Remove hostport.PodPortMapping
5db94b36b Revert "Squash MetaHostPortManager into HostPortManager"
6fd9131eb New UpdatePodSandboxResources CRI API handler
1a9acebff Fix build
30d575118 build(deps): bump the gomod group across 1 directory with 25 updates
479a8070c Fix GitHub actions CI test setup
766a81efb Fix container_create_freebsd.go
9660da25e remove runDir
b5f51739e remove storageRoot
e042f84b2 Remove mountLabel
52b81926b Remove absentMountSourcesToReject
5c9803b19 Remove bindMountPrefix
569e8d3db Update nixpkgs
2ac913d18 Support artifact mount sub paths
6df6cfc6f Update linter and fix reports
87ee7a4af Support `artifactType` OCI artifacts
4ae753afe Fix lint CI
dd38a1805 emit crio runtime config as part of CRI API's StatusResponse
fd5db98e6 Add the option to disable/enable OCI Artifact mount
68fe1936b Remove unused imports
bb9223fc0 Add container_spec_memory_limit_bytes metric
087e2ce46 build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0
44d9073dd Disable pull-progress-timeout per default
ab9acb6f9 Add support for CNAI models
9cc9b0763 Add README for CI playbooks and remove cri-tools task
fe4378b38 .golangci.yml: remove gofmt
560bf28a1 .golangci.yml: remove some unused linters
7ddf15274 .golangci.yml: remove legacy preset from exclusions
8250128de internal/ociartifact: rename MarshalJSON -> ToJSON
a904a4e0e test/mocks: regenerate
8c3ce800f Run make mockgen
310a66356 .golangci.yml: rm some unused exclusions
c02c3a54d Run mockgen
b5b96dfdf Refactor metrics descriptors
012b6cde5 Increase pull-progress-timeout to `30s`
d3f7cb491 Update nixpkgs
6a4a3ee9b test
7c4fbadc4 Add container stop signal feature (KEP-4960)
a1f07bc4b Fix build
3feb9ad31 build(deps): bump the gomod group across 1 directory with 6 updates
a9a660579 Fix image status so that it can get artifact with canonical name and short name
6b244a90a Switch to golangci-lint v2
2fa08cfa2 Use `strings.SplitSeq` instead of `strings.Split`
704932bc3 fix schema v1 images not resolve to image ID error
f554c58ea Address linter complaint
62aeb65ce Remove Krzysztof Wilczyński as maintainer
19adbe020 Set default masked paths
f5d0ff28e crio wipe should remove storage only once per reboot
e429f75ee OCPNODE-3016: support mount OCI artifact
64567e976 Fix comment location about error message
f4cff283d build(deps): bump the gomod group with 2 updates
fca4ea622 Add image volume subpath support
db553b0be Use go version requirements from go.mod
2dc6d0831 Add lint-fix target
7f7d77ace build(deps): bump github.com/containerd/containerd from 1.7.26 to 1.7.27
109872da3 Cleanup: ensure image volume path
24452a56c build(deps): bump github.com/containers/common in the gomod group
29c662a5b build(deps): bump the kubernetes group with 6 updates
ab6bc86b8 Fix release notes download location
c2f55509f Update debug flag
a0ffef29a build(deps): bump github.com/containers/image/v5 in the gomod group
25775fdb3 build(deps): bump the gomod group across 1 directory with 2 updates
662f8cab6 Require go 1.24 for build
512d33bc5 build(deps): bump the gomod group with 7 updates
00a7117dc Improve artifact error logs
9824edb9d build(deps): bump the gomod group with 5 updates
3f1398477 build(deps): bump the gomod group with 3 updates
3507a2a5b Update the release-notes tool to v0.18.0
9e69a709f Update conmon to v2.1.13
663066d99 build(deps): bump the gomod group across 1 directory with 2 updates
754a1ed24 Add OCI artifact support
e69571c34 Drop image status log message
b638954fe Switch to go 1.24
f46b83d3f build(deps): bump github.com/containerd/containerd in the gomod group
826ef8052 build(deps): bump the gomod group across 1 directory with 5 updates
c3363e0c3 add --extra-experimental-features nix-command flag to build-static target
dfc2778ee build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5
92fd877a0 Update golangci-lint config and fix reports
8c9fa54ba Add validate method for sandbox
32854c9d1 server: fix races in GetContainerEvents
6fdd6b3bc Updating install docs
0a81f1ef7 build(deps): bump the kubernetes group with 6 updates
8287e4159 server: don't dereference Config.Linux if it is nil
3c7337fb9 server: move createSandboxContainer and related functions to container_create.go
7cdfc7938 server: factor out adding /dev/shm mount
e533ab281 server: factor out adding sysfs mounts
20b17df06 server: add no-op stub for makeOCIConfigurationRootless
5035c19a0 server: factor out creating the security context
286e7e24f internal/factory/container: add no-op stub for SpecAddDevices on FreeBSD
7f104e5da internal/factory/container: make SpecAddNamespaces platform-specific
68091febb internal/factory/container: make (*container).SelinuxLabel platform-specific
29a85ace4 internal/linklogs: add stub for freebsd
2f4bc00c2 internal/config/device: add stub for DevicesFromAnnotation
2efa5b35f Fix context cancellation when image pull progress timeout is `0`
10070a556 Fix build
d9d5def74 build(deps): bump sigs.k8s.io/release-sdk in the kubernetes group
29e76f138 Remove `exclude_graphdriver_devicemapper` build tag
a4c67cc6c Fix: If cgroup manager is cgroupfs then allow conmon_cgroup to be empty
dcfb01965 build(deps): bump google.golang.org/protobuf in the gomod group
2193e6280 Update mocks
864e43306 build(deps): bump the gomod group across 1 directory with 8 updates
a961ed207 Mark v1.29 as EOL
60c3697ac Fix typo in version_update_mask regex
77f2041ea Change nixpkgs update to monthly
4ceeaddaa Switch to golang native error joining and errgroup
0b6a04bea test: add test coverage for LinkLogs malicious paths
910f6e5d6 internal/linklogs: sanitize the directory path before using it
d5ab7c46c build(deps): bump sigs.k8s.io/release-utils in the kubernetes group
6dbfcec98 Downgrade github.com/cyphar/filepath-securejoin
b27a733c8 Remove `LimitNOFILE` from systemd service file
ecd3b6dce build(deps): bump the gomod group across 1 directory with 8 updates
6b4fd0741 Add warning log for a process having an uninterruptible child.
d19a9d641 Enable `wsl` and `nlreturn` linters
0979d3497 Integrate native GitHub arm64 runners
a371ae1c3 Log error when failing to update container status from exit file
03472dd92 Enable linters and auto-fix
630b608f0 Add documentation hint how to handle the versions
6691836a5 Revert 'Add 1.33 to supported minor version'
f67859446 watchdog: decouple CNI plugin initialization from CRI-O health checks
e87f86c1b Switch to our log module for logging in iptables module
1b06fc09d Add `release-1.33` to active prerelease version
1f60a95cc internal/config/ociartifact/ociartifact: Do not hard-code 'sha256' in error message
6dc287d45 vendor: downgrade github.com/cyphar/filepath-securejoin to v0.3.6
db4ca1752 * : fix lint/vendor issues to update dependabot updates
16289cad3 Update nixpkgs
271146940 Fix klog-shim to close the bracket properly
1005e0e32 build(deps): bump the gomod group across 1 directory with 17 updates
05296551a Avoid using UpdateContainerStatus for ReopenContainerLog and add logs tests
1a6765b73 Makefile: introduce GO_TEST for more flexible configuration
a9e7d29b3 Improve `sync.Map` iterators with an implicit call
807943105 Remove Fedora 39 content
ddaed68a3 Makefile: fixes wrt crio.conf
f5e6d6f7f Update nixpkgs to the latest HEAD commit
78c45f865 Update nix release to v2.24.11
458137a7a Update release-notes release to v0.17.11
3b94f59b1 Update gosec release to v2.21.4
a9aa6072f Update shfmt release to v3.10.0
fbc3ce557 Update golangci-lint release to v1.63.4
0fe4097af Update buildah release to v1.38.0
72f95429a Update bats release to v1.11.1
6da7ef28b Update containernetworking/plugins Go package release to v1.6.2
3f0f86965 Update multiple dependencies to newer releases
997e4fbd3 server: fix panic when default annotations are specified
b473c6c04 Fetch latest containernetworking/plugins tag instead of v1.1.1
6e0df0924 Update CRI-O version and add checks
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Zhang Peng
|
c949c06f0b |
cri-o: Add CONTAINER_DEFAULT_RUNTIME to run-ptest
CRI-O version 1.31 and later defaults to crun instead of runc. This change cause ptests to fail if crun is not installed on the target system, as the test runner verifies the runtime's availability using 'command -v "$CONTAINER_DEFAULT_RUNTIME"'. Additionally, CRI-O specifies the runtime via the VIRTUAL-RUNTIME_container_runtime variable as a dependency. This commit explicitly sets the CONTAINER_DEFAULT_RUNTIME environment variable within the run-ptest script, based on the value of VIRTUAL-RUNTIME_container_runtime. This ensures ptests execute with the expected container runtime. Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
9aa357c451 |
cri-o: update to v1.32.2
Bumping cri-o to version v1.32.2, which comprises the following commits:
e37e198e8 version: bump to 1.32.2
e681a34c8 go.{mod,sum}: bump CDI deps to v0.8.1.
85214c31b vendor: bump go-jose to 4.0.5
47566d01d Fix context cancellation when image pull progress timeout is `0`
1b98ce087 test: add test coverage for LinkLogs malicious paths
d4a9f6bae internal/linklogs: sanitize the directory path before using it
f168b6b39 version: bump to 1.32.1
5c8f66f8f Bump containers/storage
99ca98117 Avoid using UpdateContainerStatus for ReopenContainerLog and add logs tests
612f43a6d watchdog: decouple CNI plugin initialization from CRI-O health checks
fffe6270d Cherry-pick changes from containers/image project
890c75c93 Cherry-pick changes from containers/storage project
b57566b9c Update containernetworking/plugins Go package release to v1.6.2
6e44ed6d7 server: fix panic when default annotations are specified
0daeb208f Refactor man page variables in Makefile.
a103688e7 config: add default_annotations
533b7d5e2 build(deps): bump actions/upload-artifact in the actions group
d80af0f80 build(deps): bump crate-ci/typos in the actions group
986b386fc maintainers: promote Sohan and Krzysztof to approvers
10621f089 Update NRI to v0.9.0
34003b146 build(deps): bump the actions group across 1 directory with 2 updates
4409a15f6 Refactoring factory/container to remove references of snadbox
3576d0822 Update mocks
b7d4c78d0 build(deps): bump the gomod group across 1 directory with 37 updates
ea7cdad90 Require go 1.23 for build
c5bdce024 Update golangci-lint to v1.62.2 and config
31b86eb6b Remove old golang build tags
a5320071d Update nixpkgs
c1a7989d9 build(deps): bump the actions group with 2 updates
08b9acb9a Don't pass seccomp section when it's disabled
a89b991bd Don't start seccomp notifier watcher when seccomp is disabled
d4a0b860e Update cni-plugins to v1.6.1
33dbcc12b Add systemd watchdog support
698025097 Update sandbox_run_linux.go
2329bd698 Update container_create.go
197f98bb8 Always clear env even when `monitor_env` is unset
634c733df Update sandbox_run_linux.go
f448fea40 Update container_create.go
a64119adf build(deps): bump crate-ci/typos in the actions group
80aa12b19 Use `monitor_env` for calling the OCI runtime
7de043007 Update sandbox_run_linux.go
cad07030e Update container_create.go
7e48c71d6 build(deps): bump crate-ci/typos in the actions group
7c3290dea Allow to remove pod sandbox on netns removal
608c89e9c Fix container restore lint report
84ac370c9 build(deps): bump crate-ci/typos in the actions group
29a0b9429 Fix NRI CLI flags
e5bddc646 Call network plugin GC on startup
7a29433e7 build(deps): bump codecov/codecov-action in the actions group
44429579c build(deps): bump codecov/codecov-action in the actions group
6ca411a93 RuntimeHandler inheritance bug-fix
72fa20e93 build(deps): bump codecov/codecov-action in the actions group
02e5817d2 Add `--pull-progress-timeout` / `pull_progress_timeout` option
8b8be22a7 Use `slices.Equal` instead of custom implementation
19ac18b4e Update golangci-lint to v1.62.0
4d79d6b75 build(deps): bump the actions group with 2 updates
76049febe RuntimeHandler inheritance
e4bd1caee refactor cert
19efac249 vendor cni 0.4.3
426244c73 Make dual-stack hostport test reuse same test data as single-stack tests
f812c5aae Update and fix nix packages
8462bc745 remove validation for TLSCA.
50fbdcc01 Further hostport unit test cleanup
7ea8faf1a Fix ids/IPs in hostport manager test cases
74598c4cd Improve HostPortManager unit tests checking
0ff4e7cc3 Split hostport test case data out of the actual test functions
f62645f93 build(deps): bump crate-ci/typos in the actions group
ee6d71d09 Use google.golang.org/protobuf instead of gogo
680efef80 build(deps): bump crate-ci/typos in the actions group
0470ab6ed Validate stream server TLS config on startup
429ef7c36 Only restore container if all bind mounts are defined
f552e82b0 Convert `interface{}` to `any`
87d6b6076 Fix `typos` in CI
2c015a3ac Remove dead code in HostportManager
9c008e890 expose Pod assigned IPs to NRI plugins
bf1c47b50 bump nri version to get PodIPs
595557cb8 build(deps): bump crate-ci/typos in the actions group
f7116fbe5 build(deps): bump the actions group with 2 updates
30f48c5ba Disable actuated runners
30a262354 Move interceptors and metrics collector packages
f50d181a1 Use context for logging in server
d4c613d39 Switch to golang native context
20bc86cde Remove unused server metrics interceptor
09ac8a590 Centralize handling of CreateContainerRequest.PodSandboxId
cdd37ebe4 Remove the option to load a sandbox ID from the snapshot image
431f66a9a Fail in CRImportCheckpoint earlier if we should be enforcing signatures
8031b6270 Consistently use someNameOf{The,This}Image for that kind of value
4302e0a63 go.{mod,sum}: update NRI deps and re-vendor.
28069c8f2 build(deps): bump crate-ci/typos in the actions group
48d45ccf5 build(deps): bump the actions group with 3 updates
b6e9d6d68 Add `crio status heap` and `/debug/heap` endpoint
a2e62f24d nix: don't build gpgme with `--enable-fixed-path`
b13e45f4b pass cliContext instead of creating a new one
0d68102f8 Remove the first return value of PullImage
06993f4ba After pulling the pause image, use the canonical reference to look it up
4c164f5e3 Add a warning about assuming per-namespace policies are stricter
b56ddca32 Add a comment warning against repeated lookups
3f9b09e44 Consistently use the UserRequestedImage for the lookup input
fffc734c8 Simplify BROKEN pullImageOutputItem
0b184e47e Return a RegistryImageReference instead of reference.Canonical from PullImage
a2e29ba09 Better document, and sometimes rename, parameters and return values
c91de5884 Add a comment about possible future handling of complex situations.
899266bb2 Inline prepareReference into its only caller
ca1b55010 Remove no longer used code
14f4c6482 Fix build on macOS
d0a64e27b build(deps): bump crate-ci/typos in the actions group
b280cb565 vendor: bump runc to v.1.2.0
722f70ca3 utils: use moby/sys/user
1b7a8dfd2 internal/dbusmgr: use moby/sys/userns
2665ada11 crio status: add `goroutines` subcommand
dcc2a7587 build(deps): bump actions/cache from 4.1.1 to 4.1.2 in the actions group
fbbc7bfd5 Refactor memory stores to use generics
3ef549868 Simplify container stop in sandbox
9e01a99ed Remove `skip_pod_runtime` build tag
83ba7fe9b Update zeitgeist to v0.5.4
509de1aba ci: bump cri-o spec version to be higher than any cri-o version running
82fe372c1 Update gomock to v0.5.0
a271b4a79 seccomp_unsupported.go: Fix lint issues
7849e3efc Re-allow building without seccomp installed
2a42045ad Use context timeout/deadline for container stop
d1e817f14 Refactor sandbox label usage
937d24316 Refactoring factory/container to remove references of snadbox
ba13b2bac upgrade runc to v.1.1.15
9254b36d5 Re-enable exit code matching in restore test
d93ce4cc7 build(deps): bump actions/upload-artifact in the actions group
a5ee1950a build(deps): bump the actions group with 2 updates
589720f14 contrib/test: avoid running setup tasks twice
a7c46dd67 build(deps): bump the actions group across 1 directory with 8 updates
098ae5d66 Use `SignatureValidationFailed` CRI error for invalid signatures
69b4635b0 Mark `release-1.28` as EOL
5a1d62f8f Update nixpkgs
d688986db build(deps): bump github.com/containers/common from 0.60.2 to 0.60.4
6a6f57011 config: fix validation of allowed annotations
236d336fb config: pass down PullOptions from the storage configuration
eda8023ff test: fix empty pinned_images test
c02f9bb21 tests: improve wait_for_log to allow multiple calls for the same message
ddb79873d build(deps): bump peter-evans/create-pull-request in the actions group
adf2ca5f4 Don't rely on vendored tools
44def2c87 build(deps): bump the actions group across 1 directory with 2 updates
dea93eeb8 Bump release-notes to v0.17.8
4a2d29e65 image: serialize RegistryImageReferences when checking signatures
c7a819d3e Update golangci-lint to v1.61.0
dc087b219 Update nixpkgs
f030d3596 Update release and branching versions
a73311497 build(deps): bump the actions group across 1 directory with 3 updates
333530298 Use go 1.23 for nix (static) builds
915393f96 Switch to `RFC3339Nano` log format
d85ae5293 Make unit tests independent from third party binaries
8b2872139 Use nanosecond timestamp for evented pleg pod status
9910c39e1 Pin govulncheck to specific version to match Go version requirements
44e0241f8 Enable more crun integration tests
66c010968 refactoring: get some spec generation code out of createSandboxContainer()
0418b5d5c cleanup: refactoring createSandboxContainers()
b0b584ac8 refactoring: create a container.SpecSetLinuxContainerResources() function
8ec1805e6 refactoring: create a container.SpecSetPrivileges() function
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Chen Qi
|
3763a3a9a6 |
cri-o: fix textrel QA issue
Basically we pass "-buildmode=pie" to fix textrel QA issue. A new patch is added and submitted to upstream: 0001-Makefile-introduce-GO_TEST-for-more-flexible-configu.patch. With this new patch, the old patch, 0001-Add-trimpath-to-build-nri.test.patch, could be dropped. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Chen Qi
|
7834a259ad |
cri-o: fix already-stripped QA issue and clean up
Set DEBUG=1 to avoid stripping. See https://github.com/cri-o/cri-o/blob/main/Makefile#L93 Set STRIP=true to avoid stripping bin/pinns. See https://github.com/cri-o/cri-o/blob/main/pinns/Makefile#L4 ALLOW_EMPTY:${PN} = "1" is not needed. Remove it. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
3dcd679bb1 |
cri-o: update to v1.31.4-tip
Bumping cri-o to version v1.31.4, which comprises the following commits:
8aa8c7e42 server: fix panic when default annotations are specified
88939baf2 version: bump to 1.31.4
284eb9327 config: add default_annotations
26bb3c96a Allow to remove pod sandbox on netns removal
cf112c696 Disable actuated runners
0b449cebc version: bump to 1.31.3
ee2d73252 Fix container restore lint report
6aa6cbcb4 Only restore container if all bind mounts are defined
165504928 Add `--pull-progress-timeout` / `pull_progress_timeout` option
d3f39eaa9 RuntimeHandler inheritance bug-fix
c65eb63b1 RuntimeHandler inheritance
c918a52d1 nix: don't build gpgme with `--enable-fixed-path`
677d91db3 version: bump to 1.31.2
f334f80c3 config: fix validation of allowed annotations
e0fe09609 Cherry-pick changes from containers/storage/pull#2134
cae8a3ab5 Cherry-pick changes from containers/common/pull#2185
e9deb6cde version: bump to 1.31.1
b6226b8a3 config: pass down PullOptions from the storage configuration
a673a7ca4 test: fix empty pinned_images test
7d4f035b5 tests: improve wait_for_log to allow multiple calls for the same message
2d27da0f3 image: serialize RegistryImageReferences when checking signatures
4b55a1107 Pin govulncheck to specific version to match Go version requirements
abb6a439d Use nanosecond timestamp for evented pleg pod status
fbd73b339 test: fix CR test by unsetting SIGNATURE_POLICY
a379923f5 server/restore: mark signature validation incompatible with restore
1a9d36494 server: document difference between userRequestedImage/userSpecifiedImage
50075247a server: use imageID instead of a random digest
0dd7eaffe server: only check signatures if namespaced policy is defined
ec8545d2d server: use cached restore value instead of recomputing
7a67eb72b store canonical ref differently
1444e69d9 test: fix crun-wasm test to handle requirement of user_specified_image
6edecf30e Image verificaiton for namespaced policies
9d3da707d Revert "contrib: temporarily move to crun 1.15 to fix CI"
e54ea3407 Fix invalid syntax in test workflow
fc262592f ci: run setup commands for e2e because they weren't done for some reason
d24529f7d build(deps): bump the actions group with 2 updates
efa1690c0 test: setup runtimes correctly so drop-ins work
bfc509cd7 test: comment out ARM image digest as it's unused
45ee51d01 test: update memory limit tests to not be in image.bats
29803ef24 test: fix config test
fe5bdeb3b gh actions: set crun instead of runc
f174d5a3d oci: allow double delete
624b15b9c gh actions: spoof crun for unit tests on arm64
afe78eb68 config: refactor min memory handling a bit
d2cb4e4ae config: update min memory to account for crun
5e21d495c config: default to crun
c32f7b02a build(deps): bump crate-ci/typos in the actions group
2b8dfdf48 build(deps): bump github.com/opencontainers/runc in the gomod group
3fe3b4e81 build(deps): bump peter-evans/create-pull-request in the actions group
d23951276 refactor seccomp
f81fea25f Modify test case to verify blocking of clone
7d0d6ad49 Filter namespace creation args to clone in default seccomp policy
cc8b071b1 build(deps): bump the gomod group across 1 directory with 3 updates
f7fee64a7 build(deps): bump the actions group with 2 updates
dd0cb08d8 Update golangci-lint to v1.60.3 for better go 1.23 compatibility
1f212dc7b Add Makefile help
9ad5c5aed Add additional bind mount to image volumes
ff73a7a0b Fix Makefile `$PWD` when running using `sudo`
2c37d262f Make `prettier` target run in a privileged container
33fb00528 Fix lint
b1bf40749 build(deps): bump google-github-actions/upload-cloud-storage
1beb59cb8 build(deps): bump the gomod group across 1 directory with 8 updates
ba846966f config: add /dev/net/tun to default allowed devices
3ef7f9de4 build(deps): bump crate-ci/typos in the actions group
f7e8682ef Add `{verify-}prettier` makefile targets
53d958fa3 Change default tracing endpoint to 127.0.0.1
9d1a5f437 build(deps): bump crate-ci/typos in the actions group
13e701563 build(deps): bump github.com/onsi/ginkgo/v2 in the gomod group
e83973d7d Run prettier on supported files
8269859fd Make static build a GitHub action matrix
09bb40438 Change profile endpoint to 127.0.0.1
5f95cb5ce build(deps): bump the gomod group across 1 directory with 3 updates
aa1ca0d47 build(deps): bump google-github-actions/auth in the actions group
f83861120 build(deps): bump google-github-actions/upload-cloud-storage
a8950ce30 Pass around more contexts in hooks and metrics
7472e56e9 Trigger `test` workflow after release branch fast forward
6fb6e8d16 Run the runtime RuntimeType validation first
dff5305bb Avoid potential reallocs by pre-sizing some slices
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Zhang Peng
|
88949aa04f |
cri-o: enable ptest
The ptest build for cri-o was previously disabled due to issues introduced with Go 1.11, which borken the build process. With the current Go version, these issues no longer occur, and the ptest build is now functional. This commit enables ptest support and resolves the "TMPDIR [buildpaths]" issue encountered during the ptest build process. A total of 382 test cases were executed, with the following results: PASS: 317 FAIL: 33 SKIP: 32 Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
e8b6a87d5b |
cri-o: update to v1.30.0-tip
Bumping cri-o to version v1.30.0-387-g20c06a19c, which comprises the following commits:
2562cea42 build(deps): bump the actions group with 2 updates
7472e56e9 Trigger `test` workflow after release branch fast forward
5aa911d5a Update shfmt to v3.9.0
d1e6111e5 Fix space at EOL in actions
a15d14d23 fixed token-permission and pinned-dependencies issue
99b02b97b Switch to go 1.23
c36f2b5bd build(deps): bump the gomod group across 1 directory with 8 updates
8e48b06da Add `crun` integration tests
9f47c4738 Fix tab in Info to string, add tests
8e313e986 Vendor Kubernetes v1.31.0
0262d1980 Squash MetaHostPortManager into HostPortManager
6cdc457b6 Drop port-opening code from hostport manager
aa6d034d6 Skip storage directory corruption recovery tests on Kata Containers
ba0bd3e8b Add crio check sub-command used to check storage for errors
269137ede contrib: temporarily move to crun 1.15 to fix CI
0c7f36a16 Remove custom golang version for runc
211de0d70 build(deps): bump sigstore/cosign-installer in the actions group
a79fa8ba4 Make internal repair the new default and disable internal wipe
fc7a26bea Allow for storage directory removal to be forced
1a20443b2 Wipe storage only after giving storage.Repair() a chance
1348885f8 Remove orphaned mounts before removing storage directory
5cf0fc68a internal/oci: improve container termination process in killContainer
04143e0e0 build(deps): bump actions/upload-artifact in the actions group
9ee915794 Move config warning for NoSyncLog
6d76b7841 build(deps): bump the actions group with 2 updates
895c2cab8 Make the storage shutdown force unmount images on error
7b058f26b Move log message from HandleUncleanShutdown() function
8f5557429 Replace open-coded repair options with the RepairEverything() helper
46b167de3 Use custom set of checks over the CheckEverything() for storage checks
ffcf8ecb3 Log how configuration gets loaded
46ef7a1c5 Update conmon-rs to v0.6.5
af0d3e79d build(deps): bump google-github-actions/upload-cloud-storage
f03eef4d8 Run critest in parallel
07addee6b Update nixpkgs
c8ff7aec7 Add pause image to dependencies.yaml
3a7bfdfa0 build(deps): bump actions/upload-artifact in the actions group
136b3ed5e build(deps): bump crate-ci/typos in the actions group
32ad0fde5 build(deps): bump golangci/golangci-lint-action in the actions group
d1c4129b1 Enable and fix `gomoddirectives`, `gomodguard`, `noctx` and `wastedassign` linters
b98f56996 Make container and image removal/stop idempotent
0c0c7f6d2 Fix unshare index
c60000697 build(deps): bump ossf/scorecard-action in the actions group
a46e1d98a build(deps): bump the gomod group with 5 updates
c20d16cfb Trim `crio version Version: …` prefix from `crio -v`
a048e1530 Fix trailing whitespace in docs
3d778ed26 Rework no_sync_log to be a runtimes.runtime setting
988444bdd build(deps): bump crate-ci/typos in the actions group
877a4b0fa Fix lint timeout option
de0d48a57 build(deps): bump the gomod group across 1 directory with 4 updates
b9b7f089e Remove error log message if mountpoint cannot be found
8b4759730 build(deps): bump crate-ci/typos in the actions group
3a256325a Make ImageVolume garbage collection work
cfa3f2979 Add documentation for setting up CRI-O with Flatcar
b6ad92802 ci: Add timeout value on WaitEvent for TestContainerEvents
6ed96dcaf oci_volumes: require crictl that can request OCI volumes
cca74fe23 Use cri-tools master for CI tests
2cd9ad326 Log version only for main CRI-O command
8bc0487a4 Disable network ping tests for actuated runners
6e98e4210 test: config tests should ignore default runtime environment variable
c39e8014f Add OCI Volume Source support
04c768a26 test: re-enable hooks.bats in integration tests for kata
3f08208eb test: use kata 3.6.0 for testing
50046c72b test: kata test - set skip_mount_home in storage options
14e5af098 ci: kata-specific testing in integration tests
e30e13907 ci: cleanup kata processes during teardown
7f9efe304 ci: enable debug log level for the kata container runtime
2e9d44dbf Use `.gitignore` in nix build excludes
c2c0bae26 KEP-3619: implement RuntimeStatus.features.supplemental_groups_policy field
f05dac5d5 KEP-3619: update cri-api version
5f66ac000 oci: separate out timer logic from the backoff manager
08180027b oci: move oci-specific code into their respective runtime
8693692a7 test: add test coverage for multiple stop calls
c119e524e oci: remove redundant ShouldBeStopped check for stopping containers
bf9b5a309 Remove duplicate `exclude_graphdriver_devicemapper` from static builds
0bc0e6c6f Dedup installation docs
ff047539d updates pause image to 3.10
b8d9714fe Fix "data loss" description of no_sync_log setting
d1a7ee15f build(deps): bump the gomod group across 1 directory with 6 updates
031c6af6b build(deps): bump crate-ci/typos in the actions group
e14676520 Remove go-setup from jobs not using golang
0f4ab88eb Remove config migration
b3c7ebc43 build(deps): bump actions/setup-go in the actions group
481b25a72 Add table of contents to README.md
b4c6af21a Cleanup install docs
8eed3d8e1 Update crio.conf manpage for no_sync_log
6e3685c81 Update manpage for --no-sync-log
beae8bd53 server: propagate the pinned status of an image when queried via crictl
5a2e10ea2 Allow disabling fsync on log rotate and pod shutdown
33ceea55e Add automatic markdown table of contents generation
52707b8be Move hostport tests to use ginkgo
6d6149a0b build(deps): bump the actions group with 2 updates
bc86390e0 Sanitize CRI-O version set in the User-Agent header
fc1bd923a nri: pass around context and log failed pid for not spoofed containers
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
ebc4831a3f |
cri-o: update to v1.31.0
Bumping cri-o to version v1.30.0-230-g04500243e, which comprises the following commits:
6d6149a0b build(deps): bump the actions group with 2 updates
922718c3f Fix typo
199f018fc build(deps): bump crate-ci/typos in the actions group
2389743df build(deps): bump k8s.io/kubelet from 0.31.0-alpha.2 to 0.31.0-alpha.3
58a9d7ed8 Enable `gci`, `godot`, `nolintlint` and `protogetter` linters
e2f93c800 Add `kubernetes` group in dependabot
c9844d98d Allow setting `CRICTL_BINARY` externally
6d00aaacc build(deps): bump k8s.io/client-go from 0.31.0-alpha.2 to 0.31.0-alpha.3
3789c2181 build(deps): bump the gomod group with 7 updates
49890645a Sort `crio` subcommands by name
a7f937588 Fix version output in help
4148aca47 test: ensure correct parsing of supplemental groups policy in JSON
ecf2c1770 build(deps): bump the gomod group across 1 directory with 3 updates
7d460145f changed the scorecard badge link to the standard format
fd967972a Update nixpkgs
506badaa2 Reload config should remove pinned images when an empty list is provided
2f16f8bae Update go dependencies
11562fd1c Add space to the error message
f8b860970 test: add coverage for fine-grained supplemental groups
c931b90a3 server/*: add fine-grained SupplementalGroups control for enhanced security
52f3004c5 Mark v1.27 as EOL
efd4385b4 server/*: Fix bug to add gid in /etc/group
ffd15afda build(deps): bump crate-ci/typos in the actions group
6cb3925d9 OWNERS: adding littlejawa to the list of reviewers
486d768dc Update nixpkgs
1705f891c Update nix to v2.22.1
1494f809a Update shfmt to v3.8.0
7ad9c74e4 Update zeitgeist to v0.5.3
9cd0a9ed0 Update cni-plugins to v1.5.1
d27a9a8e3 Update shellcheck to v0.10.0
ccc030003 build(deps): bump actions/upload-artifact from 3.pre.node20 to 4.3.3
07ac2d0a7 build(deps): bump ossf/scorecard-action in the actions group
02574a396 build(deps): bump peter-evans/create-pull-request in the actions group
6d2ff549e build(deps): bump github.com/go-chi/chi/v5 in the gomod group
293359157 Fix container volume restore
cf1875acc Added the scorecard github action and its badge
f62cf94cd build(deps): bump the gomod group across 1 directory with 3 updates
eccab8ac5 Restore container logs from checkpoint
20eba5edf server: remove container after failed start
8efa17c6a high perf hooks: short circut when writing cpuset values
80fcdafa9 build(deps): bump the gomod group across 1 directory with 14 updates
6af15ae30 Skip `[sig-network] KubeProxy should update metric…` test
d85efd773 build(deps): bump the actions group with 2 updates
e543c4d8e release-notes: Skip first commit
935579087 build(deps): bump crate-ci/typos in the actions group
8a08f2233 Add `conntrack-tools` to CI system packages
25e2e3566 build(deps): bump crate-ci/typos in the actions group
a12fa31f2 .packit.yaml: Fix `%global commit0 <sha>` generation
4572f79b5 build(deps): bump crate-ci/typos in the actions group across 1 directory
3da7b0699 Update scripts/automated-patch-releases.md
c84c357d5 Allow pull timeout set by RPC context
0a673b9ac Make unit tests work rootless
00ecf9532 Update cni-plugins to v1.5.0
4d6b85942 build(deps): bump crate-ci/typos in the actions group
b9487a0b0 Fix container stats label filter
ef7880da4 Don't fail CI on GitHub pages push
07ffbd248 Rebase to correct branch on patch release creation
594295d94 Update nixpkgs
7e778525a Update scripts/automated-patch-releases.md
af5358508 Update scripts/automated-patch-releases.md
e316beb95 Update scripts/automated-patch-releases.md
ab6739e2d Update scripts/automated-patch-releases.md
b48aa8ec9 Update scripts/automated-patch-releases.md
1ed84cd13 golangci-lint: bump cyclomatic complexity again
3e862ecbe server: warn about container /etc not being a regular directory
37c76ad52 server: use SecureJoin when setting container /etc directory
1c457dfe1 add mermaid flow diagram for patch releases
bcea85b46 build(deps): bump the gomod group across 1 directory with 10 updates
af597f05f Readd GOARCH in `Makefile`
c491001e9 Switch to `containers/common/pkg/crutils`
ef3d4eea6 Update conmon to v2.1.12
a9d80aa26 Update nixpkgs
dde54fcad build(deps): bump the actions group with 2 updates
148cacab0 fix memory leakage
7fec7bf61 Keep the monitor exits from stopping when the watcher gets error
1e12bed7d Add small tutorial how to run CRI-O in KIND
82af00dd2 delete deprecated registries config
2da2e6830 Fix tag reconciler permissions
63f443b1f build(deps): bump cachix/install-nix-action in the actions group
a5b126c0a Run workflow after tag push
5a306d4c5 Allow workflow dispatch for `integration`, `test` and `verify` actions
0a76ebe5d Create tag on reconciler
8d66907f5 Fix lint
0df965310 server: use max function instead of manually calculating max
ca3c711a3 build(deps): bump the actions group with 2 updates
0540a8e90 build(deps): bump the gomod group across 1 directory with 11 updates
b1b3c92ae Update a typo in the code comment
55cc11975 test: reenable crun-wasm test
64b991b1f server: support ping_group_range if in a userns
474a2ce87 contrib/test/ci: cleanup archived package for Fedora and ansible code
d1db27fb2 Add parser tag for DisallowedAnnotations
8b1ce9235 Update scripts/release/release.go
3914eeb59 fix rebase branch error on patch release
8ac0907f2 Enable `revive` linter
e7e37c567 build(deps): bump ossf/scorecard-action in the actions group
cbe71afae Show runtime configuration
f03faf99a Kill exec PIDs after main container exited
8b867c6ed build(deps): bump the gomod group across 1 directory with 4 updates
137f8a5a9 build(deps): bump golangci/golangci-lint-action in the actions group
794ce67db Remove surplus newline from the log message
0a9110393 pinns: write sysctls in correct process when userns
ee49fad01 Check for nil values when importing container definition
e07608b4e Fix mocks
8f4b32a53 build(deps): bump the gomod group across 1 directory with 25 updates
64c510043 Set an integration test timeout
62fede365 build(deps): bump the actions group with 2 updates
e01608257 Enhance tag reconciler logging
6657190b7 build(deps): bump github.com/containers/podman/v5 from 5.0.0 to 5.0.1
5327c246b build(deps): bump github.com/docker/docker
52f185309 Fix tag-reconciler job by using `GITHUB_TOKEN`
ead3cca6e Dependency update for podman 5
5f54ca9c5 build(deps): bump golangci/golangci-lint-action in the actions group
e783e930e Update internal/version/version.go
481baea60 Update golangci-lint to v1.58.0 and fix lints
8132c7d15 Remove archived `containerd-cri` repo
aefd7ac37 Use `codecov/codecov-action` to fix coverage report
907685a82 add tag-reconciler for patch releases
c3bfcd3b4 wait for reload completion for stable e2e
7371d2170 dashboard: switch to non-deprecated metrics
f0cd27e15 Replace go env GOARCH to ARCH
dea6c628e Drop GOPROXY/GOSUMDB from Makefile and fix unary operator error while building crio
1585cb921 version: bump to 1.31
1beecbe27 Pin crate-ci/typos GitHub action
980db0610 test:add coverage for automatic reloading of mirror registries
01450abb7 server: implement automatic reloading of mirror registries configuration
882ce4afc Fix kubelet image GC by using new `image_id` CRI field
d91496190 Fix AppArmour profile Apply() function to correctly handle an "Unconfined" mode.
97384f9a9 test/cri-metrics.bats: skip test for kata VMs
1955ce5d7 internal/criocli: Update criocli with new added metrics flags
820522dcf - internal/stats: Pass the container_server context down to statsserver
33d2f4785 - Better naming for ContainerStats struct
2ba4de466 New slice for each metric collection
b4ac9a966 Add metrics integration tests
d7fe9a3bb - Add missing fields and functions to unsupported stats
274a509eb - Implement ListPodSandboxMetrics
e851caffb Replace libcontainer.Stats with cgmgr.CgroupStats
352afeddd Add file_mapped and failcnt fields to memory stats
40ea8516a Add metrics decscriptors list
38e296b15 - Add cri-metrics implementations
4d93b7ec4 build(deps): bump the actions group across 1 directory with 3 updates
e66cd346d drop loop variable, which is no longer needed in go 1.22
8b966a886 Re-add `GITHUB_TOKEN` for GitHub actions jobs
4b4e66c63 Remove `GH_TOKEN` usage from repo
e0c06c4b5 golangcilint: potentially fix lint from broken linter
8d3a11eef hack/build-rpms.sh: Update for new builder image
c2d743dc6 Add debug log line to track newly started exec PIDs
614eb160e Add debug log to expose details of an exec PID being killed
6470daf8c Vendor Kubernetes v1.30.0
8c78850c1 Install `cri-tools` from `master`
b7e687853 fix typo and lints of CVE-2024-3154 fix
976ab1f4c annotations: add OCI runtime specific annotations to the AllowedAnnotations
b40648e43 Pin golangci-lint action
b20fce0b8 build(deps): bump golangci/golangci-lint-action in the actions group
9af6c1717 Fix verify.yml for GitHub actions
2e81eedc8 contrib/test: skip fips test for kata containers
81a98deb9 test: add coverage for disabling crypto.fips_enabled when FIPS_DISABLE is set
9977160f7 server: allow containers within a cluster to opt out of FIPS mode when necessary
316c23534 Pin GitHub actions commits
0c284bea2 replace patch-release.go with release.go
e34ea18ae Updates pinned images list on config reload
f326ace51 oci: keep track of exec PIDs and stop them on container stop
04be0b7cc build(deps): bump crate-ci/typos in the actions group
2edec2888 Build s390x binaries using musl libc
f98b96534 stop using BytesSize when merging the config
49b4a5fa4 bump ocicrypt to v1.1.10
13efa1ae1 Run patch release and nixpkgs jobs only on cri-o/cri-o
46d815d17 Distinguish conmon version parse from execution error
9e8848281 Remove duplicate comment in crio.conf
87cea5626 Rename `cron` workflow to `release-branch-forward`
d5b4ae531 drop hooks from kata integration tests
cd8333627 Use release-note block instead of label
b01cb1886 Update cri-tools to v1.30.0
3099a8fa7 patch-release: configure the default git user and fix file update
ddbd81955 Use default `cri-o` org for patch releases
da1999a6a Add missing kernel version check to the RRO mounts integration tests
dfc851483 Update `release-notes` to v0.16.8
851c13a05 build(deps): bump crate-ci/typos in the actions group
e3873837d sasha comments
cf44dd802 drop version
43f7ae0d1 Update golangci-lint to v1.57.2 and config
99aad640c Fix patch release workflow restriction
09a529bdf config,factory: use updated CDI interface.
fd9aa7625 go.{mod,sum}: update CDI dependency past 0.7.1.
283ac9cb1 add imagefs integration tests
8cffb6590 Move test volume creation to a local helper function
36d5b2359 Lower verbosity of `Allowed annotations are specified for workload` message
c69b09563 Enable and fix errorlint
7a098653b feat: add release versions for manual workflow run
5c4fb9a0e Use debug log level for CRI-O prow tests
25d397f98 Remove device mapper support
55857d8dd hack/govulncheck.sh: nit
0302c4150 Move to use new SELinux test helpers over the opencoded checks
9331b8628 Add test helpers to check for current SELinux status and mode
1234e86f2 Add test helpers to check for kernel and crictl versions
39be41ef9 Add support for Recursive Read-only (RRO) mounts
e1b983ac7 Makefile: rm $(PROJECT) use from paths
0e20dcddb Makefile: rm i386 hack
9e2727a9b build(deps): bump crate-ci/typos in the actions group
c848ba727 Print runtime version info on CRI-O startup
9bac613f5 Implement configurable container minimum memory limit per OCI runtime.
f7c3a7fff server: do not chmod bind mounts
bb8d956d5 server: chown secrets to root in the container
57a29faf1 add powertools repo for gpgme-devel
083656490 contrib/test/ci: use force_clone for crun to avoid outdated codebase
4fe7bc348 drop rootless dependency from podman
9231bcfa8 Add docs about the prow CI images
27982a07a update runtime spec to 1.2
0484ce3dd Fix Actuated badge in README.md
e480e5b28 Cherry-pick changes from containers/image/pull#2363
4ebe38670 Remove pinned conmon-rs version
74145d0b3 contrib/test/ci: use the main branch for building crun
46feeca20 build(deps): bump crate-ci/typos in the actions group
9d0acb9c1 Disable cron workflow for forks
0490e18b3 skip crun-wasm test in image bats
e3e629a5f build(deps): bump crate-ci/typos in the actions group
6718d4708 *: address issues with the latest typos update
31a0e9c12 build(deps): bump the actions group with 2 updates
a3496374e contrib/test/ci: fix ansible code for building runc
618a4cf1f Do not abort startup if CRIU binary not found
03839cb0a Don't fail-fast integration test matrix
ce21e6ae5 test: fix potential flake in timezone tests.
b5319fd54 Allow runc to build with go 1.21 and revert wasmedge changes Signed-off-by: Kevin Hannon <kehannon@redhat.com>
12a281f4c create go1.21.9 directory
33db97543 setup golang to 1.22
0f887e69e build golang 1.29 in runc
4e1bb0ba9 ci at 1.22
f407aa06b use golang 1.21 until runc works with 1.22
aedcfd1ac Run seccomp notifier tests on arm
dc44631dc add x to set for traceability
0a4272d03 test: remove references to crioctl
3c6b0e089 use wasmedge and drop crun-wasm
a63bc4d7a WIP: patch release workflow and script
ecd7c6ab5 Change `progressGoRoutine` to `consumeImagePullProgress`
b3b0089f0 fix: validation check should handle zero values
9d1cff8f3 oci: AttachContainer: always read attach socket
6ec4e5f38 refactor: moved cpulimit to crio config
3c1fc985b test: added test to cover parsing annotations
34223ab23 upkeep: small wording changes
2c666e7cc feat: add support for cpu limits for workloads
1a377ccd8 Add dynamic pull timeout
7084db255 packit: Update config and sync to Fedora
d6d21a12d In some cases the seccomp_notifier does not have time to stop the workload, in that cases exit code of container is 0.
39b3003e2 Update install.md
9b0e2b9b1 Update bats to v1.11.0
bea30a002 add a more clear pointer to what is supported for packaging
ba25bb584 Migrate off deprecated AppArmorProfile CRI API
b8e947a08 Add exponential backoff to the container stop loop
8460c2c1b add selinux package to crio Signed-off-by: Kevin Hannon <kehannon@redhat.com>
5bd10e270 Update OCI CNI to v0.4.2
d6ebb48a1 Use CRIU version check go-criu; not from Podman
ab7961676 drop specgen from crio
a6abdb326 Remove Podman `lookup` dependency
bcd879fe8 Change duplicated string values into constants
511572c5a Enable and fix `ginkgolinter` reports
7de6d9882 Remove Podman `annotations` package dependency
65ffd1737 Use upcoming version as release notes `endRev`
5677831ca Update cni-plugins to v1.4.1
8c41a868f Deflake `pod annotations capability for chained cni plugins` test
169c5f0c6 Use contextual logs in `server/container_restore.go`
3b29ce532 Remove Podman `errorhandling` package dependency
7824651ac Update google.golang.org/protobuf package to version v1.33.0
6649d97af Update the CNI plugins instructions
9b9318132 Update golangci-lint to v1.56.2 and fix lints
3372a225d build(deps): bump the actions group with 1 update
3f046d1df build(deps): bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.3
7afcf3f46 build(deps): bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3
863e51424 Add OCI artifact layer cache
c434ea8ad Change CRIU support from default off to default on
a9ba094a1 deps: update otelttrpc to @latest and re-vendor.
365eaff17 Update zeitgeist to v0.4.4
5b246ba0a build(deps): bump the actions group with 1 update
624564010 Sync changes of PR#7719 & other defaults
791ce8045 Change process metrics collector log levels
03c4bcacc Remove `--seccomp-use-default-when-empty` option
ae00cdf9b fix a minor typo in the comment of pullImageImplementation
115e11d09 Disable Recursive Read-only (RRO) mounts feature
0b7cd2f34 Do not overwrite stored latency/governor on container restart
097fe3bf0 Add s390x architecture support
a1b8cb9c9 Add OCI artifact pull unit tests
ed7963f03 Keep versions file simple to source only
338ea986f In-memory OCI artifact pull
b302bc1a0 server: report the runtime handlers features
66ac43688 config: make error message clearer
0fa57582a vendor: bump kubernetes dependencies
08c393d17 Update release-notes to v0.16.5
b826a7f8c Remove `crun` from `dependencies.yaml`
3193916ac build(deps): bump github.com/opencontainers/image-spec
c692bec92 Fix markdown lint
6bd4f6855 Allow plain annotation `seccomp-profile.kubernetes.cri-o.io` for images
7b610e32c build(deps): bump the actions group with 6 updates
474fc7780 test: always override NRI socket location.
d3808e4ca Add all update types to dependabot groups
9241d7492 build(deps): bump the gomod group with 8 updates
8cc853085 build(deps): bump the actions group with 1 update
4c682eb0d Group all dependabot updates
bf5cc00bc config, docs, completions: enable NRI by default.
031ba9b11 Run checkpoint restore tests on arm
f1408edbe Update nixpkgs
e4a4024e5 Rename seccomp profile annotation to `seccomp-profile.kubernetes.cri-o.io`
fe8ec1940 Run integration tests with JOBS=2
14ef21bd2 Reduce amount of parallel jobs in integration tests
6f28ea99a Remove deprecated metrics
edebdd00f Revert "Fix ImageRef field for containers to default to an image ID"
91f888a3d Filter image annotations before used
ea8f1054e Don't fail-fast matrix
d43d8fd92 Don't use CRLF when generating CRI-O documentation
abf38859c CRI: An empty DNSConfig != unspecified
567eed921 Switch to go 1.22 and update deps
162594e9b Update openSUSE's OBS URL in install-distro.md file
a38b9b956 .golangci: Bump gocyclo to enforce code complexity checks
aff565f82 test: add test for timezone support
66c2aeb83 *: add support for specifying timezone for pod/container
05f4cbb19 release-notes: fix startTag calculation
b20d06cc7 Add support for OCI artifact seccomp profiles
ff60ac14a When crio restarts, restore the infraContainer
d955623e6 go.{mod,sum}: update NRI dependency, re-vendor.
4619ca724 server,nri: enable otel tracing over ttrpc.
9613e6075 Fix ctr log max test on arm64
e84b65477 oci: handle early exited container faster in stop loop
d8d3670be Update runc to 1.1.12
aedf47129 build(deps): bump github.com/opencontainers/runc from 1.1.10 to 1.1.12
511877186 report memory Swap-only values
601d85941 clean up the Populate* functions with their helpers
3bd73f662 libcontainer-based stats server for linux
5a2bbb90f Run integration tests on arm64
6fb83141a higeperfhooks: mixedcpus: set only exclusive cpus in child cgroup
63ff1eee8 Add integration tests
ea75b9bef Move metrics endpoint listener to use 127.0.0.1 as default
fbe8bbbee highperfhooks: add precreate hook for injecting envs
5e83e9697 Update nixpkgs
7e94aa19a server: implement stopPodSandbox for FreeBSD
f70aa434c server: implement runPodSandbox for FreeBSD
c13044276 internal/sandbox/infra: make this build on FreeBSD
bdaa98b66 internal/node/config: implement ValidateConfig for FreeBSD
2eb3db455 internal/config/nsmgr: implement nsmgr for FreeBSD
479e316db internal/oci: Implement getPidStartTime for FreeBSD
19e407c2e server: make configureMaxThreads platform-specific...
887c4421d internal/lib/sandbox: make NeedsInfra plaform-specific
5cb9fa77a internal/factory/containers: allow non-linux containers
5d3d7260d pkg/config: only validate the pinns path on Linux
c9975a3c4 build(deps): bump ocicni to latest master
3333f2fa7 build(deps): bump the opentelemetry group with 2 updates
1b9754486 fix missing line ending on crio.8.md
3cbaa5294 fix grep for whitespace
8dea35388 add metrics_host to config
8cffd22e3 fix typo for time out
e510f3854 metrics: remove deleted containers from OOM count metrics
56e46815d build(deps): bump github.com/go-git/go-git/v5 from 5.10.0 to 5.11.0
0c67d8b5a version: bump to 1.30.0
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
9de2c86118 |
crio-o: adapt SRC_URI to include destsuffix=${GO_SRCURI_DESTSUFFIX}
As of commit cc4ec43a2b657fb4c58429ab14f1edc2473c1327 [go: Drop fork of unpack code, mandate GO_SRCURI_DESTSUFFIX] we require this variable in our go recipes. We also adjust our WORKDIR reference to use UNPACKDIR instead Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
a6cf2e0e7d |
cri-o: update to 1.30
Bumping cri-o to version v1.29.0-44-g5aff11c7c, which comprises the following commits:
1b9754486 fix missing line ending on crio.8.md
3cbaa5294 fix grep for whitespace
8dea35388 add metrics_host to config
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
82d2ac74cb |
cri-o: update to 1.29.0
Bumping cri-o to version v1.27.0-662-gf8ccf314a, which comprises the following commits:
3b7ab35ff build(deps): bump crate-ci/typos from 1.16.17 to 1.16.18
f7d3228a7 Avoid an unnecessary c/storage lookup in ListImages
96e6aa9b5 Inline getImageCacheItem into ListImages
e4f2b888d Split imageIsBeingPulled from ListImages
c7188518d Simplify ListImages more
1cfe3c8bb Simplify appendCachedResult
ae597ba16 Remove the "filter" parameter to ListImages
e0750462f Turn ListImages(filter) into ImageStatus
50ce23e89 Simplify storageImageStatus a bit
2cb166512 Simplify ImageStatus a bit
1b0e82a22 Split storageImageStatus from ImageStatus
ad8be44cc Simplify error handling in ImageStatus
203612b23 Move the ImageResult -> ImageStatusResponse conversion out of the loop
97329e4fa build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.0
013a0998c Update release-notes to v0.16.1
dc44bac35 Fix quoting issue in usage help text
f22040da2 crio: add support for --imagestore
1d0e5d074 build(deps): bump crate-ci/typos from 1.16.15 to 1.16.17
bb4ab8110 Run GitHub actions in `update-nixpkgs-*` branches
45a6e70e7 Update nixpkgs
8ec74c5fa contrib/test: pin the latest release of runc
2505851e0 Update crun to 1.9.2
f3e53a058 test: Add test for image pinning behavior
12cabc651 internal/storage: compute Pinned field from recently loaded image
0fd641c6d build(deps): bump crate-ci/typos from 1.16.14 to 1.16.15
347194d3f build(deps): bump crate-ci/typos from 1.16.13 to 1.16.14
f532cbd89 Add nixpkgs update cron
8fa9260fc build(deps): bump crate-ci/typos from 1.16.12 to 1.16.13
72280f09c Update install.md removed spaces (markdown lint error)
fe9ed4e3a storage: add support to split filesystem using imagestore
544db3209 RFC: Use RuntimeContainerMetadata for passing container data
c9309ebb6 Add a layer name in one step
4f5a2e95c Microoptimize reference creation
3a77cc956 Eliminate the now unused imageAuthFile and isPauseImage parameters
61d86923c Simplify createContainerOrPodSandbox again
a936e6861 Simplify CreatePodSandbox
39095cbb4 CHANGE: Simplify CreateContainer image lookup
a09320639 Eliminate the clearly dead part of the just copy&pasted code
a7f841955 Blindly copy the image handling code from createContainerOrPodSandbox into callers
6cabaaee1 Remove an imageID parameter to CreatePodSandbox
2b4652c52 Fix/Add error handling
8e1e1e672 update containers storage to 1.50.2
5d8538318 build(deps): bump DavidAnson/markdownlint-cli2-action from 12 to 13
6c1574efc Fix nix `dirty` build
d951faa32 Make the release branch fast forward a cronjob
5dee42bcf build(deps): bump crate-ci/typos from 1.16.11 to 1.16.12
91b83b10c Fix release notes job
096f803a3 Bump golang dependencies
7d86c2e25 docs: fix CI failure
f182fb411 Bump version to 1.29.0
51bae7a96 Remove the IsFullIdentifier check from Server.pullImage again
7eb248b1a Don't silently modify the caller's SystemContext
2d72e13e6 Fix a VERY misleading comment.
472d2c5f9 Remove an unnecessary check
23d7c35d5 Remove an unnecessary parse call
6f9a7173f Remove an unnecessary check
8c3e301da Optimize handling of full image IDs
5f45d232a Remove the ErrCannotParseImageID special case
335d4b0f3 Fix a VERY misleading comment
b489507c9 Remove a completely unused ErrImageMultiplyTagged
98f171147 Make Server.pullImage responsible for rejecting image IDs
e292f17c0 docs: Update the containers/image branch name
6005b03f2 contrib/test/ci: remove the redundant golang setup file
059a7b5f8 Add conmon-rs binary to bundle
4ac3aeef2 internal/storage: address unpredictable behavior of image names
61a0b7c79 config/server: add functions to check IDMap support in runtime
9ce778351 Remove golang-go from debian installation
3d450274e Pause container during checkpointing
e069cc827 contrib/test: fix golang version extraction for CI
0774b644d build(deps): bump actions/checkout from 3 to 4
d6f4c7100 Adopters.md: fix linting issue
d805d28fd Add new adopter
940de5009 build(deps): bump crate-ci/typos from 1.16.10 to 1.16.11
ac9c6fbfe Don't vendor main Kubernetes repo any more
4a1e406b0 Mention Roadmap GitHub Project in README.md
bacc5e638 build(deps): bump crate-ci/typos from 1.16.9 to 1.16.10
9cbd8d555 build(deps): bump cachix/install-nix-action from 22 to 23
798a8d701 build(deps): bump actions/checkout from 3 to 4
758e3d8c3 cgmgr: reorder setting of sched_load_balance for pod cgroup
0e6b13e08 build(deps): bump crate-ci/typos from 1.16.8 to 1.16.9
ff434ba27 build(deps): bump github.com/containers/podman/v4 from 4.6.1 to 4.6.2
0002792fa build(deps): bump DavidAnson/markdownlint-cli2-action from 11 to 12
3aa18aff3 Switch to go 1.21
5b9f7f96d Add dependabot group for OTEL deps
d7ad3fcbf build(deps): bump github.com/containers/buildah from 1.31.2 to 1.31.3
85c3d9db1 Bump conmon and crun dependencies
5ab387fe5 build(deps): bump github.com/containers/common from 0.55.3 to 0.55.4
a4f2d8071 server: remove deprecated functionality
28ae1f81a Fix bundle e2e tests
a9afa0442 Add ppc64le binaries to release notes
c8f8ca498 Add Kubernetes package test for static binary bundle
734e1538c build(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1
873c0f420 Policy: Allow backport of independent features
bebd421b5 Configure systemd install path based on OS
ec4bbac12 feat(cmdrunner): add support for context
59f9b823d move shmSetup in server/sandbox to internal/factory/sandbox
d1946b30a blockio: add blockio_reload option
ce1cdfa54 main: create parent crio dir before creating clean.shutdown.supported
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
5569d65881 |
cri-o: update to release 1.28.0
Bumping cri-o to version v1.28.0, which comprises the following commits:
23dec8c7d version: bump to v1.28.0
c104a0608 build(deps): bump github.com/containers/storage from 1.48.0 to 1.49.0
5524b65d3 add info about pulling image before doing the tutorial
922573ffe build(deps): bump crate-ci/typos from 1.16.6 to 1.16.8
67724cb6f build(deps): bump github.com/containers/podman/v4 from 4.6.0 to 4.6.1
a2d46ae01 build(deps): bump github.com/containers/ocicrypt from 1.1.7 to 1.1.8
7e3522a9c Added a flag internal-repair
39ea33e29 feat: Added a feature to check at reboot time shutdown was clean or not, If it was not clean then apply repair logic
c5def7f72 build(deps): bump crate-ci/typos from 1.16.5 to 1.16.6
b873985b8 Add `conmon` to ppc64le static bundle
3e3f70c22 Update install.md
9c3d622a6 Vendor Kubernetes v1.28.0
a7f160b49 build(deps): bump crate-ci/typos from 1.16.3 to 1.16.5
d2fa125a4 Update nixpkgs and use overlay
80fdf486e Add containers_events_dropped_total metric
e19002329 Fix indentation in installation instructions
94f5e75c8 Update cri-tools to v1.28.0
a8d7c29e1 Vendor Kubernetes v1.28.0-rc.1
23f51c3e1 Update OWNERS_ALIASES
f1bb83127 Update runc to v1.1.9
581a388ac build(deps): bump crate-ci/typos from 1.16.2 to 1.16.3
5022d956a test/image.bats: add test for checking crun-wasm workflow
05ef7a189 *: add platform_runtime_paths to RuntimeHandler
6a0c4b9ec build(deps): bump github.com/containers/image/v5 from 5.26.1 to 5.27.0
f18d122e8 Revert "devices: fill the FileMode field in spec"
8937245b0 build-static: misc fixes needed for 1.25.4 generation
abfc2d616 build(deps): bump crate-ci/typos from 1.16.1 to 1.16.2
3f06640cf contrib/test/ci: add crun-wasm
3a9232c62 build(deps): bump google.golang.org/grpc from 1.56.2 to 1.57.0
bb98e2b2a Set mount type HostToContainer for mounts that include container storage root
309d045ec add script bumping
927843ea4 test/metrics: simplify oom test, add debug
64fdfbcaa build(deps): bump github.com/opencontainers/image-spec
15a586215 build(deps): bump github.com/opencontainers/runtime-spec
f30ef84ad build(deps): bump github.com/onsi/gomega from 1.27.8 to 1.27.10
ecd7f9a3e cri: implement RuntimeConfig rpc
2463fdf78 vendor: update Kubernetes to v1.28.0-beta.0
edc5ece7b build(deps): bump github.com/containers/podman/v4
ef1653c8e internal/config/seccomp: Sync call signature of (*Config).Setup
67b43c4b5 internal/config/cgmgr: add non-linux stubs
1dffd7e71 internal/config/node: add non-linux stubs
ecb372986 internal/config/device: add non-linux stubs
10168b534 internal/config/nsmgr: add non-linux stubs
8edfbfd45 internal/config/capabilities: add non-linux stubs
2bd7fcbd8 internal/config/apparmor: add non-linux stubs
da69490d0 oci: update unit tests for new stop code
be5bac87b oci: simplify stopping code
7371b1e77 oci: don't return ErrContainerStopped from StopContainer
c0e34644c build(deps): bump github.com/containers/buildah from 1.31.0 to 1.31.1
41b13e28d Fix ImageRef field for containers to default to an image ID
930f49889 runc: 1.1.7 -> 1.1.8
b563cd728 Add Adobe to ADOPTERS.md
3bc609eb1 build(deps): bump sigs.k8s.io/release-sdk from 0.10.2 to 0.10.3
4e0f88970 build(deps): bump github.com/opencontainers/runc from 1.1.7 to 1.1.8
e6af91f6a oci: change IsAlive to Living
320671ed2 devices: fill the FileMode field in spec
126bd4ca9 build(deps): bump crate-ci/typos from 1.16.0 to 1.16.1
b79391fe1 Update bats to v1.10.0
5e86a5261 build(deps): bump github.com/go-chi/chi/v5 from 5.0.8 to 5.0.10
92e1d1910 Bump vendored Podman to v4.6-rc2
a3d229acf internal/factory/container: get CDI devices from CRI field.
21181672b Add Debian 12 as a supported OS to the install doc
b7c826d38 build(deps): bump github.com/containers/common from 0.55.1 to 0.55.2
151572a56 build(deps): bump github.com/container-orchestrated-devices/container-device-interface
c0c7ce5ae Add OpenSSF best practices badge in favor of CII
0d92db47e build(deps): bump golang.org/x/net from 0.11.0 to 0.12.0
70e5b76ca build(deps): bump google.golang.org/grpc from 1.56.1 to 1.56.2
79859a9d9 build(deps): bump crate-ci/typos from 1.15.10 to 1.16.0
7ebe2f614 Update vendored Kubernetes to v1.28.0-alpha.4
c28303fad container_test: fix "AddCapabilities ALL" test case
e176397c8 vendor: drop podman replace and update runc
eff07b834 Run irqbalance tests in serial within the actual suite
059dce220 build(deps): bump crate-ci/typos from 1.15.9 to 1.15.10
d43833d61 Bump bats in ci jobs to latest release
66ac754c7 build(deps): bump github.com/containers/buildah from 1.30.0 to 1.31.0
59952bf00 build(deps): bump github.com/containers/common from 0.54.0 to 0.55.1
ff3bb58db build(deps): bump crate-ci/typos from 1.15.7 to 1.15.9
4fe0b8164 build(deps): bump github.com/containers/image/v5 from 5.26.0 to 5.26.1
cb51739b1 server: use platform struct to set OS details
bac73aa42 Pre-check request values on container creation
5a85cfc95 Remove non existent Debian builds from install instructions
73cf5597a test: fix make mockgen test failure
dfdd2acde vendor: update release-sdk to v0.10.2
abcf50239 build(deps): bump google.golang.org/grpc from 1.55.0 to 1.56.1
9c78a1e23 vendor: update containers/storage to v1.48.0
87b126342 build(deps): bump github.com/intel/goresctrl from 0.3.0 to 0.4.0
8a9d4ef17 vendor: update containers/common to v0.54.0
cb247caf5 build(deps): bump github.com/containers/image/v5 from 5.25.0 to 5.26.0
ad3dd698b build(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0
b8bb276a0 build(deps): bump github.com/uptrace/opentelemetry-go-extra/otellogrus
0882a1dcb build(deps): bump crate-ci/typos from 1.15.6 to 1.15.7
6b9e49d3b Try to find `CONTAINER_CNI_PLUGIN_DIR` by binary lookup
40bbe8218 vendor: fix vendoring issue
f6317807c typos: add WRONLY to the list of extend-ignore-re
6a10113c7 build(deps): bump crate-ci/typos from 1.14.12 to 1.15.6
1062a4cd3 build(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0
91d6bd38b vendor: bump github.com/onsi/ginkgo/v2 to 2.11.0
7f66c1428 build(deps): bump cachix/install-nix-action from 21 to 22
d0526337e vendor: bump github.com/urfave/cli/v2 to 2.25.7
7a2b9a220 vendor: bump golang.org/x/sync to 0.3.0
ba0751938 vendor: bump golang.org/x/net to 0.11.0
9f0680cde vendor: bump github.com/prometheus/client_golang to 1.16.0
67a132dc6 runtime handler hooks: run default hook when container stops gracefully
49d9efe8b vendor: bump github.com/stretchr/testify to 1.8.4
001733570 vendor: bump github.com/sigstore/rekor to 1.2.1
d274dd121 Use a variable to manage the version of kata used for testing.
4a7d0857b Update supported version and variable guide for adding repository
0534d7eff governance: tweak voting behavior
bfc7cf55a Use kata 3.0 for testing
db4b8eaab kata tests: Enabling more than one test file for kata tests.
0f08aeb6f kata tests: Update list of skipped tests for the ctr.bats file
4310e3342 Modify ansible files to re-enable kata tests
8224bd8a5 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
f84eb7874 Move reload watcher into `Server`
e3b7406b9 Update golangci-lint and config
159aaf6c6 utils: make this package build on non-linux platforms
c088d69aa fix function name in comment
c702bb78a build(deps): bump DavidAnson/markdownlint-cli2-action from 10 to 11
098fbebf7 Add a test for log linking
5620764ae linklogs: add support for symlinking container directory
5d7ecfe4b Add support for linking pods logs
a7d314bea build(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3
e614bc756 server: ensure pod labels are present
d84cc85c5 build(deps): bump github.com/BurntSushi/toml from 1.3.1 to 1.3.2
72b735603 OCPBUGS-14750: Pod termination must succeed when a hook fails
98c43d537 Add OSFF scorecard action
85c7e712e main: Added a call to GarbageCollect
ccb91bc8a docs: fix eol test
08f7c0776 build(deps): bump github.com/onsi/gomega from 1.27.7 to 1.27.8
f2feb7c6f Use staging k8s.io/kubelet/cri/streaming package
72011b3c4 Add support for namespaced signature policies
3939fba97 Apply markdown linting, cleanup docs and fix broken links #6890
96e6aed74 Apply markdown linting on the tutorials folder #6890
2ead2413a Apply markdown linting on the contrib folder #6890
5d7b64018 Add markdown linter action #6890
d58f408f5 test: fix timeout metric test
5f74e7994 build(deps): bump github.com/BurntSushi/toml from 1.3.0 to 1.3.1
c87b11115 server: do not take lock to populate pid in container status and inspect
28b34889a build(deps): bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3
b373909cf build(deps): bump github.com/containerd/containerd from 1.7.1 to 1.7.2
d456a11ef crio: deprecate config migration
259e7980c metrics: add metric for resource stalled at stage
85a4ba091 build(deps): bump crate-ci/typos from 1.14.11 to 1.14.12
75aacdb04 Drop support for path based seccomp profiles
e18e2e90a test/helpers: rm useless code
b7d1c2e61 test/helpers: use cli to set container dirs
459372c24 test: adapt for sched_load_balance disable after stop
6da8e46b1 runtime handler hooks: add DefaultCPULoadBalanceHooks
23b9179f9 server: call hooks and NRI in stopContainer
e1c68ea2a Update `README.md` version table
56ac8ac79 crio: remove DefaultsPath config feature
b2a20a418 server: call hooks on infra container creation
2efd04aa4 high perf hooks: workaround libcontainer quirk when disabling cpu quota
9ec701691 cgmgr: export CrioPrefix and use containerCgroupPath more
775690b1e build(deps): bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.9.7
cf7e0946e tests/timeout: skip for conmon-rs
c1c431836 ci/gha: add space-at-eol check, fix existing ones
0a35354c4 build(deps): bump github.com/BurntSushi/toml from 1.2.1 to 1.3.0
65792546b ci: bump shellcheck to 0.9.0
6b2f35e2c test: fix a few cases of SC2086
d6b793c46 contrib/kube-local/kube-local: rm unreachable code
b6014826c test/copyimg: use log.Fatalf
587e3d595 test/*.bats: rm useless echo "$output"
bdb765635 test: rm explicit $status checks
933e33c1c test: simplify assigning IDs
22978429a test/status.bats: simplify exit code checks
ff7bc1b52 test: simplify non-zero exit status checks
0bf509d35 test/cdi.bats: rm run_cmd, use run
21e5dcebe test/nri.bats: fix checking exit code
2fab13028 test/README.md: fix wrong bats example
9c2fcb3bd test/*bats: drop fail()
84ee0c931 Fix using ! in bats tests
045c026da test/timeout: fix "dup ctr" test
1da9bf5f7 ci: require bats 1.9.0
c5a1c1b1e test: separate var setting and img preload
7b9e5201b ci: bump bats to 1.9.0
9ad33da53 build(deps): bump github.com/containers/podman/v4 from 4.5.0 to 4.5.1
2604665cc Update nix and nixpkgs
792a5d0ad test: limit number of parallel jobs
1cc1958de test/cgroup: fix for cgroupfs
aa86e94f0 ci/gha: fix double caching
47c13e037 [FEAT] Add new parameter disable_hostport_mapping in CRI-O
df7df847d build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
f7f085f6f Makefile: Remove GOPATH references
1eeaad851 build(deps): bump cachix/install-nix-action from 20 to 21
7cc3e206c build(deps): bump github.com/onsi/gomega from 1.27.6 to 1.27.7
3b5c9f115 build(deps): bump crate-ci/typos from 1.14.10 to 1.14.11
7003312b0 OCPNODE-1286: Add a CI job to run cri-o e2e tests by enabling the evented pleg feature
47958dc0b Update crun to v1.8.5
9b6a4cff7 Wrap CRI errors on image pull
defdf1c9e build(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.2
6a3ee4e6b docs: update cri-o podman doc and remove stale information
7ed2cfc7f deps: bump runc to 1.1.7
f59c1f72a sandbox: Handle PodLinuxOverhead and PodLinuxResources CRI fields
f5e58c0ea build(deps): bump crate-ci/typos from 1.14.9 to 1.14.10
1009668bb build(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3
42e0f7fac go.{mod,sum}, vendor: update NRI.
d97ac8a10 contrib/test: reenable Statefulset Basic tests
3761965f8 contrib/test: re-enable block volmod tests
003edc26c high perf hooks: disable CPU quota with libcontainer as a pre start hook
a875ef486 test: add test for cpu-quota.crio.io
e1c3cf960 Check and fix typos in CI
fa57ffd3e *: switch to go-chi/chi mux
6330b1d5f build(deps): bump github.com/cloudflare/circl from 1.1.0 to 1.3.3
786109a6e build(deps): bump github.com/containerd/containerd from 1.7.0 to 1.7.1
ecc712850 Support image policy verification error
ccaef6a7d build(deps): bump github.com/onsi/ginkgo/v2 from 2.9.4 to 2.9.5
484870532 build(deps): bump sigs.k8s.io/release-utils from 0.7.3 to 0.7.4
3480e9efa Fix GitHub action `bundles` test
937ed8cf6 - Convert status cli as a subcommand of crio - Moved commands to the internal criocli package and used them in the crio and crio-status binaries - Adding the status subcommands directly to the binary
a247c52d9 pkg/config: update the description for templateStringCrioImagePinnedImages
4fadec5f1 internal/storge: fix CompileRegexpsForPinnedImages test case
5e751fda3 vendor: fix vendoring
5ecc82e6f contrib/metrics-explorer: fix nested modules
640624ec9 Update CNI plugins to v1.3.0
9fc177ed4 build(deps): bump golang.org/x/net in /contrib/metrics-exporter
8b230dec7 clients connected to container event stream now receive the same data
3fd71bdc9 vendor: fix CI due to incosistent vendoring
20fd7770e fix kubectl version in bug report template
21b47b11c *: update sandbox/pause image to 3.9
edbd4890f internal/storage: add sandbox/pause image to the list of pinned_images
b0531365f build(deps): bump github.com/containernetworking/plugins
22ad8957b Changes to build binaries for ppc64le architecture.
32ec246ba Update README.md and associated files
f10ea341d build(deps): bump golang.org/x/net from 0.9.0 to 0.10.0
c9bb988d1 *: fix warnings related to gosec
0e65290c4 .github/worflows: add go vulnerability management check for cri-o
f9abf50c9 pkg/config: reload pinned_images when the new config is provided
bbe9a7a2c *: add support for pinned_images in crio configuration
dfcf222c3 refactoring vars
386509caf Use native crierrors package for registry unavailable
a90d00103 build(deps): bump golang.org/x/sys from 0.7.0 to 0.8.0
16ab25339 Vendor latest Kubernetes master
6a095aef7 build(deps): bump google.golang.org/grpc from 1.54.0 to 1.55.0
5c064914f build(deps): bump golang.org/x/sync from 0.1.0 to 0.2.0
639b6dddf OWNERS: add sohankunkerkar to cri-o-reviewers
4477a804b tests: add a fake pinns call to delay things and cause the timeout
6fa761497 tests: use crictl binary directly when checking its capabilities
1ff3303df cni: configure cgroupPath capability arg
e52e63a41 vendor: bump ocicni to tip
914763fb1 Remove vendor specific changes
08cd56fc9 Migrate image registry to registry.k8s.io
3311658af build(deps): bump github.com/uptrace/opentelemetry-go-extra/otellogrus
02fe074f2 build(deps): bump github.com/onsi/ginkgo/v2 from 2.9.2 to 2.9.4
0b8a2c068 build(deps): bump github.com/sigstore/rekor from 1.1.0 to 1.1.1
660b63bd7 cgmgr: set sched_load_balance to disabled on sandbox cgroup
5a1707e4c test/pod.bats: update to current setup
f83a4faba cgmgr: create cgroups for systemd cgroup driver for dropped infra pods
f21e178f8 build(deps): bump github.com/prometheus/client_golang
bf23f5c01 Support `RegistryUnavailable` type
e80464e07 Update generated docs
ed9c419e7 OWNERS: allow cri-o reviewers to approve dependabot PRs
58c101634 build(deps): bump github.com/urfave/cli/v2 from 2.25.1 to 2.25.3
a4fc119af .github/workflows: remove auto-approve workflow
a0009cb25 build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
541b6563d Extend cpu-c-states.crio.io annotation to add max latency
2417374a6 build(deps): bump k8s.io/klog/v2 from 2.90.1 to 2.100.1
249c340d3 contrib/test/ci: fix the bin folder location for cri-tools
cf30845e7 #6833 user ns: Fix segfault while constructing id mappings
38774e14a Use ImageRef instead of ImageName for restore
1f224d1e0 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
7c6676f02 contrib/test/ci/build: use `force:yes` while linking crictl/critest
c9cc1529f .github/workflows: fix the github_token field
a1c09ad99 .github/workflows: fix the token field
30ddd6d89 Fix events generated by Evented PLEG
b8d8ff14b Update c/common to v0.53.0
b34038f8f build(deps): bump actions/setup-go from 3 to 4
4c828dc48 build(deps): bump github.com/opencontainers/runtime-spec
928d5d49c build(deps): bump github.com/prometheus/client_golang
e806005d6 test/network: skip flaky test running on a node with cgroupv2
e914f0e15 test: combined oom test to avoid CI flake
d5048e7ff test/seccomp: fix the syscall
473ee6b73 contrib/test/ci: remove duplicate code
a1c6ae7e4 test/*: consolidate images used for integration tests
25fb4fa76 build(deps): bump github.com/Microsoft/go-winio from 0.6.0 to 0.6.1
a950c837d Download more dependencies instead of vendoring
839bd1203 build(deps): bump github.com/containers/conmon-rs from 0.5.0 to 0.5.1
edbe9c27e build(deps): bump github.com/go-logr/logr from 1.2.3 to 1.2.4
e53dcc003 Stop vendoring release notes tool
1c26776cb .github/workflows: auto approve dependabot PRs
e967a178c user ns: fix segfault when host id mapping is empty
19c0b4d7b server: fix failing tests
edf6a88a9 build(deps): bump k8s.io/release from 0.15.0 to 0.15.1
7a612bc4b Allow restoring of containers with different names
86b36ee6e build(deps): bump lumaxis/shellcheck-problem-matchers from 1 to 2
6da5b1272 build(deps): bump actions/stale from 7 to 8
1c1cfb92a Fix Flannel PodCIDR in kubeadm tutorial
bac3a79b6 adding support for configmap namespace
603f176a0 Add debug to identify when a relabel was not requested
f9fa10915 Update tutorials/debugging.md
75c8b181b Added documentation to force the Go garbage collector for CRI-O
11f5c4326 Remove remnants of CONTAINER_MANAGE_NS_LIFECYCLE
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
791ffcd5df |
cri-o: update to 1.27.1
Bumping cri-o to version v1.27.1-7-gab7845e07, which comprises the following commits:
fbfca3a52 oci: update unit tests for new stop code
6dec88e7c oci: simplify stopping code
5b7b82f56 oci: don't return ErrContainerStopped from StopContainer
0e4df2e9c oci: change IsAlive to Living
92b455156 devices: fill the FileMode field in spec
e54504a00 version: bump to 1.27.1
a61082768 vendor: drop podman replace and actually update runc
9c86a1269 vendor: bump runc to 1.1.6
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
5d41297f4b |
cri-o: update to 1.27-tip
Bumping cri-o to version v1.27.0-48-g3abbef701, which comprises the following commits:
a61082768 vendor: drop podman replace and actually update runc
9c86a1269 vendor: bump runc to 1.1.6
1d6f5a00c [1.27] Add support for namespaced signature policies
35afa9859 runtime handler hooks: run default hook when container stops gracefully
3907696a4 main: Added a call to GarbageCollect
ee6868938 Add a test for log linking
5319875b4 linklogs: add support for symlinking container directory
13f8ae560 Add support for linking pods logs
605e4d935 server: ensure pod labels are present
15d6d5977 OCPBUGS-14750: Pod termination must succeed when a hook fails
ccd7e23af server: do not take lock to populate pid in container status and inspect
57662c6f8 go.{mod,sum}, vendor: update NRI.
ef90744ae test: adapt for sched_load_balance disable after stop
169220817 runtime handler hooks: add DefaultCPULoadBalanceHooks
a74999eb6 server: call hooks and NRI in stopContainer
ea3297939 server: call hooks on infra container creation
37518c031 high perf hooks: workaround libcontainer quirk when disabling cpu quota
eca28447d cgmgr: export CrioPrefix and use containerCgroupPath more
49cfa2060 *: update sandbox/pause image to 3.9
bf9eec8cb Add debug to identify when a relabel was not requested
2ee3398cb high perf hooks: disable CPU quota with libcontainer as a pre start hook
11141ac32 test: add test for cpu-quota.crio.io
69a6d6fc2 Fix events generated by Evented PLEG
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Renato Caldas
|
680f56d9e4 |
cri-o: drop unneeded dependency on virtual-containerd
Signed-off-by: Renato Caldas <renato@calgera.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
ea6911aea4 |
cri-o: update to 1.27.0
Bumping cri-o to version v1.27.0-14-g81ac4cea5, which comprises the following commits:
69a6d6fc2 Fix events generated by Evented PLEG
86cae21ec cgmgr: set sched_load_balance to disabled on sandbox cgroup
47d6d6c82 test/pod.bats: update to current setup
2b7f614e0 cgmgr: create cgroups for systemd cgroup driver for dropped infra pods
b415e72d6 Fix vendoring
6df1f0711 Update c/common to v0.53.0
cd9636049 Download more dependencies instead of vendoring
230e28acb Stop vendoring release notes tool
a2b280af4 build(deps): bump k8s.io/release from 0.15.0 to 0.15.1
cc00b5a62 version: bump to 1.27.0
f5ce04e04 bump cri-tools to 1.27.0
bc45b9021 Fix restore tests
8d6b49db2 build(deps): bump github.com/containers/podman/v4 from 4.4.2 to 4.5.0
a28b1e760 Add unit test for crictl info with verbose
875c3a2b1 Add basic crictl info config with sandboxImage
070668a35 Bump crun to v1.8.4
48bc2bd8d contrib/test/ci: cache runc and crun setup unconditionally
48cf728dd config: mark seccomp-use-default-when-empty as deprecated
a2961f8c3 Bump runc to v1.1.6
efaea1060 high perf hooks: move cpu-quota disable handling to container creation
566aa128a high perf hooks: remove test for cpu load balancing
65d25545e high perf hooks: update cpu load balancing to be cgroup based
cc50b438b test: add cpu load balancing test
cf77d5383 build(deps): bump github.com/onsi/gomega from 1.27.2 to 1.27.6
acd4d30ba Bump Kubernetes to v1.27.0
0087d0ee7 Don't use KUBE-MARK-MASQ in hostport rules
c1c52191d Update template.go
4bc36eabd contrib/test: don't cache the cri-o content
6fcbca13f Don't print `Dependencies` if `crio version` it not verbose
4073764a8 Update nixpkgs
9aa7afcec Update golangci-lint and config
cb70d29b9 internal: fix the release version for release notes
3890a7222 internal/storage.runtimeService.createContainerOrPodSandbox(): read ID maps
b325ad692 Set umask for crio container
28f910952 build(deps): bump github.com/docker/docker
53431c68a runtimeVM: fix Exec(sync) overwriting the initial spec args
400793fab vendor: use go-github to fetch the latest tag from github
e9a932f04 Update bom and use binary directly
4edb9e8ea Fixed signature check for commit-based downloads
a86fbb63e Fixed issues found by shellcheck
0c029c62e Fixed signature check
9e5b533a3 Fixed version substitution
bbe4b04a5 Generate proper signature check
683e4f858 test: run irqbalance tests serially to avoid race condition
e07246fc1 Update crun to v1.8.3 and runc to v1.5.1
fd35a25b1 OCPBUGS-10970: Fix the interrupt mask width when encoding
934765cf6 Update zeitgeist to v0.4.1
5e512d6ef create the metrics endpoint with correct shutdown logic
2b7efa752 build(deps): bump github.com/urfave/cli/v2 from 2.24.4 to 2.25.1
604e7bb6b Remove `scripts/node_e2e_installer`
f1e9c0e8c server: wire support for userns volumes
973c51a7b vendor: bump cri-api
a8bd24c60 test: add irqbalance dependency to CI
ed7bbaf28 contrib/test/ci: disable failing sig-network test for v1.27 release
2184981ea Remove SELinux policy download
e57047253 Add spdx signature and cert to release notes
d7cf40b7e oci: Enable checkpointing of file locks
d719028aa build(deps): bump golang.org/x/sys from 0.5.0 to 0.6.0
c4c583014 go.mod: update CDI dependency to 0.5.4.
11cbc5fd7 build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
44d878e93 test: add irqbalance dependency
f74da33a7 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
4bb2e930e Fix get script
f556f5a58 build(deps): bump sigstore/cosign-installer from 2 to 3
244982179 Bump crun to v1.8.1
246c59139 go.mod: update github.com/containerd/nri to 0.3.0.
be2cc0eb5 build(deps): bump cachix/install-nix-action from 19 to 20
11c9401a8 build(deps): bump github.com/onsi/gomega from 1.27.1 to 1.27.2
cd8346082 Pin nix version to fix static builds
f112d497d Add new parameter hostnetwork-disable-selinux
96906a86c [CI] Fix validate-completion
ab8fc4f7d build(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.2
dde09588c build(deps): bump github.com/containers/storage from 1.45.3 to 1.45.4
b769f0dbb build(deps): bump github.com/containers/podman/v4 from 4.4.1 to 4.4.2
9f9fc8a19 build(deps): bump github.com/containerd/containerd
1a488f516 test: Avoid parallel execution
b74d76c79 test: add integration test for irqbalance
e15854938 highperfhooks: add option to configure irqbalance restore
3f9d21c7e Fix cgroup leak for systemd cgroup driver
7af09fa0a unit-test: call UpdateContainerResources when nri enabled
828ad0200 nri: add protection against nil dereference
97b03c338 build(deps): bump github.com/containerd/fifo from 1.0.0 to 1.1.0
b267ed784 highperfhooks: add logs in the irqbalance restore
3774df887 highperfhooks: test: use ExpectWithOffset
e21dd08e9 highperfhook: use internal/.log, not logrus
9ee51c429 docs-validation: try String() for struct field values.
ab3b401b0 internal/oci: don't crash when getting unset Spec.
fa2abd239 test: update NRI BATS test.
1d0ca6fd1 completions, docs: update completions and man pages.
f5afa87ce config,criocli: update NRI deps, configuration.
7cfdaebb6 Update to c/image 5.24.2
a78a7d470 build(deps): bump github.com/onsi/gomega from 1.27.0 to 1.27.1
38455da55 build(deps): bump github.com/psampaz/go-mod-outdated from 0.8.0 to 0.9.0
221a7d0f9 build(deps): bump github.com/onsi/ginkgo/v2 from 2.8.1 to 2.8.3
95f5c57aa build(deps): bump cachix/install-nix-action from 18 to 19
1f909bc5e test/*: add test for checking the /etc folder permission
ef164da82 server: fix the permission issue for `/etc`
7b812d0ab build(deps): bump github.com/containers/buildah from 1.29.0 to 1.29.1
7c21bc7d7 build(deps): bump github.com/onsi/gomega from 1.26.0 to 1.27.0
a091d6c8f build(deps): bump github.com/urfave/cli/v2 from 2.24.3 to 2.24.4
25b06a987 Remove `zeitgeist` from golang dependencies
ba4d53c14 Bump golang dependencies
9216a817a Revert "main: shutdown server only once"
d573f0406 Drop `ENABLE_POD_EVENTS` var from e2e installer script
79a6d4fec Fix roadmap links
b59e59572 test: use container_sleep for idempotent test
169908b5a Update github.com/containers/image to v5.24.0
62173e974 main: shutdown server only once
2f2d152d8 Bump the CRIO commit to the latest main
10a6096f9 Add documentation about how to use tracing
66b6bb3bc Switch to go 1.20 for CI jobs
49cbab56a dependencies: bump conmon to v2.1.6
679bbbf20 Closes #5653 Return ContainerResources in ContainerStatusResponse Signed-off-by: T K Chandra Hasan <t.k.chandra.hasan@ibm.com>
0e7fdcaf0 Update opencontainers/runtime-tools to a6a073817ab0.
4cf3d3774 runtimeVM: ignore missing shim path for deleted containers
c80ae0acd runtimeVM: notify server that the container exited
5d23b6a02 contrib/test/ci/*: refactor CI to build a cache image
7600cb4e3 contrib/test/ci: adds time information to tasks
1fb1771bd go.mod: update github.com/containerd/nri.
905bd1b37 Take MaskedPaths and ReadonlyPaths from checkpointed container
cd406494f build(deps): bump google.golang.org/grpc from 1.52.0 to 1.52.3
9a2dae755 Fix unit tests
1edf19505 build(deps): bump k8s.io/klog/v2 from 2.80.1 to 2.90.0
193ae758c build(deps): bump github.com/onsi/gomega from 1.25.0 to 1.26.0
a6a95fe96 Add container stats to the ListPodSandboxStats response
8b3fca69a contrib/cni: provide more context around file selection
f648ff47f build(deps): bump github.com/urfave/cli/v2 from 2.23.7 to 2.24.1
72e54a7de Add additional metadata to inspect and checkpoint
a9d845a6b Update to latest version of checkpointctl
7a8f62f1b Removed pod checkpointing support
f291de93a Make storage unmount less strict
f3ed08a35 build(deps): bump k8s.io/release from 0.14.0 to 0.15.0
1226a601c packit: install wget before build
8e42d5360 build(deps): bump github.com/containers/ocicrypt from 1.1.6 to 1.1.7
d85a8b3cf Update OTEL dependencies
42c00941b Update CNI plugins to v1.2.0
437d7bbf9 GOVERNANCE: add org member tier
8fc1e91d3 CoC: replace with CNCF one
0059f24a6 mention MAINTAINERS file in GOVERNANCE
dbf1ee997 Add MAINTAINERS.md document
700fe6590 README: add roadmap
35cce86f8 add a public roadmap
ae9712231 update GOVERNANCE.md file
5ef5271b3 build(deps): bump mvdan.cc/sh/v3 from 3.5.1 to 3.6.0
34a7052a8 build(deps): bump helm.sh/helm/v3 from 3.10.0 to 3.10.3
1cc037f57 build(deps): bump github.com/onsi/gomega from 1.24.1 to 1.25.0
ff3aa8105 build(deps): bump sigs.k8s.io/release-sdk from 0.9.3 to 0.9.7
f57e36946 build(deps): bump github.com/sigstore/cosign from 1.11.1 to 1.12.0
ae60a2bb6 Update vendor of opencontainers/runtime-tools
47922035d Allow cross building from non-linux
dfc43f7ba Inject release-notes branch from GitHub actions
6d35f54d7 build(deps): bump google.golang.org/grpc from 1.51.0 to 1.52.0
faeaceddb ci-verify: Run get-scripts only on main branch
752bf4d69 Update critest parameters
89029ed43 hostport: use generic Set
dcc7437db server: update streaming interface to take context
1135dbad5 ci: bump cri-o.spec file to 1.26
5ae6ba51d static: bump go version
9e1b732a9 bump to cri-tools 1.26.0
2d0457814 server: add support for new CRI calls
9f1c91349 server/streaming: add context to methods
eb4719b55 vendor: bump kube to 1.26.0
815a426e8 Enable upstream CI to test node e2e with evented pleg feature
404afb004 Bump e2e-installer script with the latest commit
a410ce6e8 mocks: update with new c/storage mocks
43ed06ee4 vendor: bump storage to v1.44.1-0.20230101110555-a747b27fe4ca
fadc73bc7 job get script: fix conflist path
666a9e91c fix inconsistent documentation for default value of
b78350830 build(deps): bump actions/stale from 6 to 7
79b1b5937 Pass tracer to conmon-rs client
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
6ae8646348 |
cri-o: update to 1.26.2
Bumping cri-o to version v1.26.2-10-gc0557b868, which comprises the following commits:
6ee82e547 Update crun to v1.8.3 and runc to v1.5.1
4bea0d45b create the metrics endpoint with correct shutdown logic
778169257 Update CNI plugins to v1.2.0
8f943a9cc Add spdx signature and cert to release notes
ab5daed67 Fix release notes build for release-1.26 branch
fc032744b version: bump to v1.26.2
141c69ac6 build(deps): bump sigstore/cosign-installer from 2 to 3
46e4d5286 Bump crun to v1.8.1
12cc52830 Pin nix version to fix static builds
2c3c8c7d8 unit-test: call UpdateContainerResources when nri enabled
d3504291c nri: add protection against nil dereference
8438fdf40 docs-validation: try String() for struct field values.
b997d9a61 internal/oci: don't crash when getting unset Spec.
96c12e147 test: update NRI BATS test.
d19c65049 completions, docs: update completions and man pages.
3c1bb518c config,criocli: update NRI deps, configuration.
9831dddef Fix cgroup leak for systemd cgroup driver
0c32aa50d Update to c/image 5.24.2
0015d0477 test/*: add test for checking the /etc folder permission
b1113fa78 server: fix the permission issue for `/etc`
7f60e0419 Update github.com/containers/image to v5.24.0
1f0b14da9 Update opencontainers/runtime-tools to a6a073817ab0.
0841fe69a Add container stats to the ListPodSandboxStats response
3facc028e Make storage unmount less strict
b93180c99 Inject release-notes branch from GitHub actions
5ce93c60e ci-verify: Run get-scripts only on main branch
d8c6707bd version: bump to 1.26.1
741be35fa vendor: bump storage to v1.44.1-0.20230101110555-a747b27fe4ca
f49c3b608 Update critest parameters
1b1b95af8 hostport: use generic Set
1e66eb86e server: update streaming interface to take context
2adc326f6 ci: bump cri-o.spec file to 1.26
ae0a0d5f9 static: bump go version
8f8228b77 bump to cri-tools 1.26.0
fff07d82f server: add support for new CRI calls
cac6a729e server/streaming: add context to methods
ec5beb231 vendor: bump kube to 1.26.0
8ffb14733 mocks: update with new c/storage mocks
48d0bf4ca job get script: fix conflist path
7705f9942 bump to v1.26.0
d06cae7c9 contrib/cni: use cniVersion 0.3.1 for ipv4 only bridge config
5526fae33 bundle: use ipv4 only config because of gh action limitation
1b8b28433 Support evented PLEG in CRI-O
5783c3254 Bump cri-api to support evented pleg
29ce5a7b2 get script: fix conflist path
f317b267d Fix-6080: Update the CNI version to 1.0.0
54b7b5fc0 test, Makefile: hook NRI tests into localintegration.
ab73c1dcd test/nri: add a test client with basic NRI tests.
36305e7bd server: hook NRI into request processing.
773e6e005 nri: add experimental NRI adaptation interface.
907f4edf5 config,cli: add support for NRI configuration.
a6430c8c8 Add test for conmonrs cgroup with no infra container
b6f92b04f Add test for default conmon cgroup type
f323d022c Fix applying cgroup for conmonrs when pinned
6c62954e8 Remove cri wrapper package
093d680dd server/metrics: Update seccomp notifier metrics to reduce cardinality
fe2458341 ci: make golangci-lint happy
da96d6be4 Support checkpointing infra less containers
4a541607e build(deps): bump github.com/onsi/ginkgo/v2 from 2.5.0 to 2.6.1
ebe73f411 build(deps): bump google.golang.org/grpc from 1.50.1 to 1.51.0
7d8f2328f Merge log and metrics interceptor
cb8aa99d7 ResourceStore: delete entries after they're used
1b42a3d4c Use containerd v1.7.0-beta.0
41dca27cb server: fail if HOME variable has a newline
c1d7c54fa systemd: use on-failure as restart policy
88782d59c contrib/test/ci: fix SELinux permission issue on RHEL9
8132ef511 ci: update system-packages.yml to install gpgme-devel on fedora
ac319a568 OWNERS: move vrothberg to emeritus approvers
c095c4781 build(deps): bump github.com/urfave/cli/v2 from 2.23.5 to 2.23.7
7150ba10b contrib/test/ci: fix the when condition for CentOS Stream 9
0ffec79a4 contrib/test/ci: enable crb repo for CentOS Stream 9
905e8485a Update security process
3232ffe2a Downgrade cgroupfs test to Ubuntu 20.04
7d848b3c1 Fix GitHub actions CI
b6b4f8235 Add Reddit to ADOPTERS.md
189e9f7eb Disable typecheck linter
b9d94374b Bump golang dependencies
5e71e4f9c contrib/test: set env variables for integration tests
22249fcf9 build(deps): bump sigs.k8s.io/bom from 0.3.0 to 0.4.1
a67e7776c Port remaining logrus with internal/log
14547d489 Pass ctx so that more tracing spans could be created
19bc7330f internal/log: add a function to start new tracing span
834b60336 Setup logrus hook to attach logs to traces
ef3bed00b Remove CRI v1alpha2 support
c9316ec2a Update golangci-lint and config
3b631242b Add seccomp notifier feature
e3416bda9 build(deps): bump cachix/cachix-action from 11 to 12
71252c17b Disable checkpoint image check as early as possible
658a11552 Correctly extend $PATH before calling conmon during restore
a93201a8e Use correct key for tracing hostname field
923f665ca Add docs that `tracing-sampling-rate-per-million` set to 1000000 refers to always sample
999ba7f59 Fix CI
1e8229d45 build(deps): bump github.com/urfave/cli/v2 from 2.19.2 to 2.20.2
3327991b0 build(deps): bump cachix/cachix-action from 10 to 11
0ce9fb039 build(deps): bump google.golang.org/grpc from 1.50.0 to 1.50.1
1f8221f07 build(deps): bump cachix/install-nix-action from 17 to 18
376f7e9df Update dependencies
316830590 Add logs to OpenTelemetry traces
e56855dc7 docs: updated kubernetes tutorial
53e631663 Update conmon-rs to latest `main`
8bf89f341 Minor Checkpoint/Restore improvements
62d77513b Track type of all bind mounts during checkpointing
331f30bfb build(deps): bump google.golang.org/grpc from 1.49.0 to 1.50.0
997032dec .github/CODEOWNERS: drop runcom
a7a279c84 build(deps): bump sigs.k8s.io/zeitgeist from 0.3.2 to 0.3.5
fb66985f1 config: avoid segfault when workloads.resources is nil
0244fee08 support checkpointing to oci image
ae5d39c74 Fix lint CI on `main`
eabfdb404 [#5240] update supported OS versions
26614cad9 build(deps): bump github.com/urfave/cli/v2 from 2.15.0 to 2.17.1
f7c9c2754 build(deps): bump github.com/Microsoft/go-winio from 0.5.2 to 0.6.0
42bb61393 fix: give loopback a name
9ee3457ff test/README: Update url for kata containers
f1be99faa images/os/Dockerfile: Delete this, it's dead code
570a4c1b9 config: translate monitor fields when printing config
32e6520ff Update config readme
5d20c76fb Allow complete Runtimes config to change
88cc2f9b9 build(deps): bump k8s.io/klog/v2 from 2.70.1 to 2.80.1
28861ed60 build(deps): bump actions/stale from 5 to 6
88c1f772f build(deps): bump github.com/opencontainers/image-spec
b6755fc94 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
c9ba93e08 build(deps): bump github.com/containers/podman/v4 from 4.2.0 to 4.2.1
2a876f1a7 build(deps): bump github.com/containers/buildah from 1.27.0 to 1.28.0
db20b31e1 Do not use deprecated SetNames
4ea5eeddf build(deps): bump github.com/container-orchestrated-devices/container-device-interface
481683497 config: do not remove runc if different default runtime
f24ea6702 workloads: fix whitespace
b3f877a64 template: fix whitespace and comments in runtimes table
b7b56c202 contrib/test: set LOG_DIR to debug kubernetes issues
0b0e16b1c Update conmon-rs
8e1a561e8 Bump conmon-rs code to latest `main`
506e0cbef contrib/test: drop userns integration tests
9db3e8e64 Add basic integration tests for runtime reload
877b5fbdc Add notes on runtime reload support to documentation
a3fb007fb Reload runtime configs on reload
29bff1526 Invert conditional check in ValidateDefaultRuntime
2ba6ee2ed Move default runtime validation to its own function
018657b37 use cri-tools version from dependencies.yaml
406f367cb use AddInheritableCapabilities
9070d982d config: add field AddInheritableCapabilities
9d5fbfd90 resourcestore: add test for stages
40d41e3fb server: update stages according to progress with resource creation
bce2bc388 resource store: return stage when a watcher is requested
a8e2fc166 resource store: introduce stages
1955be644 Add conmon-rs e2e to ansible playbook
24304da5e server: return already created ID for duplicated requests
6b627cbc0 cli: fix some inconsistencies in the help text
0cdd90155 Update vendored files
14926effc go.mod: update goresctrl to v0.3.0
53182dd9b build(deps): bump github.com/urfave/cli/v2 from 2.11.2 to 2.15.0
3b6b98872 Add scripts to run node e2e tests using custom cri-o builds
6d66ea7e6 Fix integration CI runs
7a0b131f5 build(deps): bump sigs.k8s.io/zeitgeist from 0.3.1 to 0.3.2
388032759 metrics: close listener on shutdown
ee5d97254 cgmgr: use NewSystemd from createSandboxCgroup
aede1956a contrib/test/ci: add rhel9 variant-specific changes
8ec499266 removes async
b2a72cbd8 migrates tests to run on GCP
76ec212ea Update build instructions for RHEL 8 distribution
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
fd0958ed9e |
containers: use VIRTUAL-RUNTIME variable to allow container runtime flexibility
Rather than using virtual-runc (which choses between the old docker and opencontainer variants), use the newly added VIRTUAL-RUNTIME_container-runtime variable, which allows switching betwen runc and crun. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Chen Qi
|
a1bb5d0ab0 |
container-host-config: provide /etc/containers/policy.json
The /etc/containers/policy.json[1] file is used to specify verification policy. For now, we can see it's used by both cri-o and skopeo. To avoid conflict, we use container-host-config to provide this file and make both skopeo and cri-o depend on it. [1] https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Chen Qi
|
e43d530e99 |
cri-o: update crio.conf to match the current version
The old crio.conf file can cause cri-o start failure. The error message is as below. validating runtime config: runtime validation: failed to \ translate monitor fields for runtime runc: cgroupfs manager \ conmon cgroup should be 'pod' or empty Use new crio.conf file to solve this issue. The file is generated by 'crio --config="" config --default' command, as indicated in the old crio.conf file. With this config file update, the crio.service can now start correctly. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Chen Qi
|
3a8e830db2 |
cri-o: create /var/lib/crio
crio.service now reports the following error messages:
level=error msg="Writing clean shutdown supported file: \
open /var/lib/crio/clean.shutdown.supported: no such file or directory"
level=error msg="Failed to sync parent directory of clean \
shutdown file: open /var/lib/crio: no such file or directory"
Create /var/lib/crio to avoid such error message.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Chen Qi
|
253cf1d572 |
cri-o: use PACKAGECONFIG to handle selinux
For cri-o, libselinux is optional, this can be seen from its Makefile. So let's make selinux optional by using PACKAGECONFIG, whose default value is determined by the DISTRO_FEATURES. In this way, meta-selinux dependency is not necessary. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Chen Qi
|
08fb12bbcc |
cri-o: remove meta-security check
libseccomp is not in oe-core. There's no need to check meta-security any more. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
10b92dc1a5 |
cri-o: update to 1.25.2
Bumping cri-o to version v1.25.2-11-g1a6bb9c9b, which comprises the following commits:
32d1cb665 mocks: update with new c/storage mocks
fb2753ee2 bump c/storage to fix map leak
3a9449924 Make storage unmount less strict
63f413530 Inject release-notes branch from GitHub actions
7037d1568 ResourceStore: delete entries after they're used
dfff7e6b4 ci-verify: Run get-scripts only on main branch
51d3621c2 Fix GitHub actions CI
aba30569c version: bump to 1.25.2
2845bb5f5 Update c/storage to v1.44.0
c431b53ca Use containerd v1.7.0-beta.0
36c4d1bc2 Bump conmon-rs to v0.4.0
dc9a6b1a8 version: bump to 1.25.1
2863b7d6e Fix lint CI on `main`
e7e849359 config: translate monitor fields when printing config
9edf0c5c7 workloads: fix whitespace
bea0f973d template: fix whitespace and comments in runtimes table
aa329a1e3 Update config README
556d85231 Allow complete Runtimes config to change
9dc1a70b4 Add basic integration tests for runtime reload
7fcef1dbd Add notes on runtime reload support to documentation
d51a01ad3 Reload runtime configs on reload
f06c01231 Invert conditional check in ValidateDefaultRuntime
7ef8fac1a Move default runtime validation to its own function
23081649b config: do not remove runc if different default runtime
b6b835512 use AddInheritableCapabilities
4e4749a27 config: add field AddInheritableCapabilities
24feb7778 server: return already created ID for duplicated requests
e2cce29fc resourcestore: add test for stages
7e7a8d923 server: update stages according to progress with resource creation
b15581620 resource store: return stage when a watcher is requested
398964d9e resource store: introduce stages
706f920f9 cli: fix some inconsistencies in the help text
ebc644a68 Update runc to v1.1.4
a05ddfb4a Fix lint CI
f253c4b7c test: add checkpoint/restore tests
b033570b3 test: do not hard code CNI location
15ec8f36c Provide support for checkpoint and restore
f06e5c8d5 vendor: bump conmon-rs to latest main
7076f72ab oci: add --systemd-cgroup to all runtime commands
f09c1d31b oci: refactor runtime command handling
08ce6edce oci: take ExecCmd
4f5ca801b Update golangci-lint, config and timeout
db3b399a8 server: add container GID to additional groups
b3f970d0f build(deps): bump google.golang.org/grpc from 1.48.0 to 1.49.0
f68121a5b build(deps): bump github.com/containers/kubensmnt from 1.1.3 to 1.2.0
cd90ce156 Bump Kubernetes to v1.25.0
3ba908fdd build(deps): bump github.com/containers/kubensmnt from 1.1.2 to 1.1.3
b241c32d8 Adding annotations for image and sandbox name.
9ef68e8e7 Fix bundle e2e tests
45966c89c build(deps): bump github.com/container-orchestrated-devices/container-device-interface
4b6936f8f bump cri-api to k8s 1.25 rc0
e27f28868 build(deps): bump github.com/urfave/cli/v2 from 2.11.1 to 2.11.2
1ecd63643 build(deps): bump github.com/containers/podman/v4
10069a178 build(deps): bump github.com/containerd/containerd from 1.6.6 to 1.6.8
4b10ed79f build(deps): bump github.com/prometheus/client_golang
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
2119189361 |
treewide: bulk update patches with status field
While the insane.bbclass upstream-status check hasn't been made default, users of meta-virtualization may have it enabled in their distros .. so the effect is the same. We must have this tracking tag in out patches. This is a bulk update to add the tag and silence the QA message. As packages get updated, the normal/routine process of checking the patches will continue, and the status fields may (or may not) get more useful. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
c1977562f6 |
cri-o: update to 1.25-tip
Bumping cri-o to version v1.24.0-292-gda7b5b1d9, which comprises the following commits:
4b6936f8f bump cri-api to k8s 1.25 rc0
1988e00f0 server: handle exit files asynchronously
45a55ed20 server: remove exit file in exit monitor
ced6fdaca server: cleanup exit monitor function
1e27ac3eb server: allow for kubelet to specify -1 for swap
3e7fd1de9 Add packit configuration
66b2ccc34 fix lint errors from 1.19 bump
9b49723de golangci: drop nolintlint
1e2f0055f bump golangci-lint to 1.48.0
7fe1f1b9e dependencies: update with new ci
c42d0d464 bump golang to 1.19
2426f669f fix documentation issue in contrib/cni/README.md: build-output changed
cc933c7a8 build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
30bb89319 utils/RunUnderSystemdScope: fix
3e0aa19bd oci: take opLock for UpdateContainer
a560c8d8f node_e2e_installer: use runc/crun from PATH
1c4d63c41 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
3d0fc3630 fix documentation issues in contrib/cni/README.md
33fbbcde1 Fix possible panic in pod runtime attach
784245033 Pin containers/* dependencies
e82c16b16 migrate image_list to quay.io
f7d02e2c4 add critest-images mirror
dc5769f4f add GCP vagrant environment
76c96ce83 build(deps): bump github.com/containernetworking/cni from 1.1.1 to 1.1.2
2e8612255 Add bundle e2e and integration tests using conmonrs
d4530cb40 Fix nginx based integration tests
45badb2a0 add vagrantfile to test CI and fixes
7f4ddeca6 build(deps): bump sigs.k8s.io/release-utils from 0.7.2 to 0.7.3
19ae364e0 Enter mount namespace if set in $KUBENSMNT environment
483fd0cf0 bats: Alter cleanup_testdir to handle nested mountpoints
65b52fb80 highperfhooks: avoid unbound growth of irqbalance
e09fe0efa Add support for max log size in runtime pod
d3cd7a07b unzips cri-o to the go dir
c60fd9473 Bump crun: 1.4.5 -> 1.5
c2984518d build(deps): bump github.com/urfave/cli/v2 from 2.11.0 to 2.11.1
c42240355 build(deps): bump github.com/BurntSushi/toml from 1.1.0 to 1.2.0
9d5abc2ad Add Lyft to adopters
eff3a3191 build(deps): bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0
74fa8341f Re-enable conmon-rs attach test
ad5f650bd Remove etcd dependency replacement
f6d6ba4c7 updates ansible for use with prow instead of jenkins
d8e76f15e copies test/integration to test/ci
35f4900ba Pin sigs.k8s.io/bom to v0.3.0
edb06fbf9 Switch to `github.com/blang/semver/v4`
6a1b6b581 Fallback to default seccomp profile if not found on disk
639843795 build(deps): bump google.golang.org/grpc from 1.47.0 to 1.48.0
7dc5333c6 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
222051ffb build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
45304727c build(deps): bump github.com/urfave/cli/v2 from 2.10.3 to 2.11.0
084dbcf4d build(deps): bump github.com/emicklei/go-restful
8c66b2aa3 remove succinct option to fix jenkins
4f75284ff build(deps): bump k8s.io/klog/v2 from 2.70.0 to 2.70.1
4ca27d0b0 Remove enable_custom_shm_size
f71d92ed8 Retry dependency report push if failed
410258613 Fix Unmasked ProcMountType
8e6895172 Add a unit test around configuring taskset on InfraCtrCPUSet
5a59d9f58 Add test for "Canonize selinux label"
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
7ac3d53888 |
cri-o: update to 1.25
Bumping cri-o to version v1.24.0-189-g78992d160, which comprises the following commits:
3e085ffc3 build(deps): bump github.com/containers/buildah from 1.26.1 to 1.26.2
4ca27d0b0 Remove enable_custom_shm_size
4149fa03e Add annotations to allow power management configuration
0f4d79209 Fix release notes pull behavior
44d42542f oci: unconditionally set as not stopping after a stop stops stopping
56b807510 container_server: drop StopContainerAndWait
b4ddab0e7 server: take container server Stop method
7cda39bb4 container server: drop duplicated Remove function
f03e563ec config: set version-file-persist to empty by default
935652c90 version: don't wipe if filename is empty
2e3b19475 bundle: always install runc
c57d3b05c scripts: install runc if not found in get script
6d729cd4d remove Vagrantfile
87a4e8eb7 Fix a link in install.md building section about dependencies
e8e523dda Retry release notes push if failed
ee80a2b9e Bump version to 1.25.0
c00962a51 build(deps): bump github.com/stretchr/testify from 1.7.5 to 1.8.0
a2d1ca204 server: userns support
41f67c326 vendor, kubernetes: update to kubernetes-1.25.0-alpha.2
df5e39094 Fix release-notes tag determination
b068d17cf Upload release notes for each tag
66d33db6b Fix unit test coverage
f61332ed9 hostport: don't use unexported symbol
01a7c0276 server: use k8s.io/utils/clock
20ef6c73e update ubuntu releases
8a981fef4 Pin upstream node e2e test to latest `main`
7f0604ceb Verify SBOM for static binary bundle
489caa132 Use default token for stale bot
0a3bfc078 Switch to golang native error wrapping
b86d8c343 build(deps): bump github.com/stretchr/testify from 1.7.4 to 1.7.5
80d1d7908 Run more stale operations
da2dce1e1 chore: Set permissions for GitHub actions
c800d043b build(deps): bump github.com/urfave/cli/v2 from 2.10.2 to 2.10.3
e30ae00a1 Add stale bot workflow
863d1a334 cgmgr/systemd: don't recalculate cgroup path
d94e48924 build(deps): bump sigs.k8s.io/bom from 0.3.0-rc1 to 0.3.0-rc.2
8c7cc72e4 Generate SBOM for static binary bundle
26138ec52 build(deps): bump k8s.io/klog/v2 from 2.60.1 to 2.70.0
0cdf37c86 Verify signed artifacts via `get` script
fdb6c3b30 server: unify logging in resourcecleaner
896456bc8 server: move cleanup funcs closer to function that provisioned resource
49ad4b0ad build(deps): bump github.com/urfave/cli/v2 from 2.10.1 to 2.10.2
7b2475303 build(deps): bump github.com/stretchr/testify from 1.7.3 to 1.7.4
0f46b58cb Fix container status for HostToContainer propagation
99d86536e Fix docs validation
9f105d8f0 build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.3
748fd5d2e build(deps): bump github.com/urfave/cli/v2 from 2.8.1 to 2.10.1
93fc6b72e build(deps): bump github.com/containers/podman/v4 from 4.1.0 to 4.1.1
491b03a30 Update cgroupfs cgroup manager
de8672f7e contrib/test/int/build/runc: rm build tags
0b3153d7d Bump runc to v1.1.3
a3171b395 Sign static binary bundle via cosign
704f9aeb6 dependencies: update conmon
333cc8988 contrib/test/integration: skip installing conmon via ansible
4b120cbef Fix lint CI
40df9c9ae Bump `go.opentelemetry.io/*` dependencies
06b6e86b2 Bump `containers/*` dependencies
67c18103e Cleanup: remove BuildContainerdBinaryName as it is not called anymore.
b480e8a3b Bump golang dependency on containerd
864733f77 build(deps): bump actions/checkout from 2 to 3
e2a32f36c bump ocicni to v0.4.0
63399460e build(deps): bump github.com/containers/ocicrypt from 1.1.3 to 1.1.5
e67e36753 build(deps): bump google.golang.org/grpc from 1.46.2 to 1.47.0
24d401919 Bump golang dependencies
f72969022 Fix unit tests
37c1a01fe drop use of deprecated package io/ioutil
8bdadc77c security: add 2022 audit report
79e404fa5 conmonmgr: query help text to see if it supports log-global-size-max
a4080bb34 add support for conmon log-global-size-max
b7f15ac3d oci: cap exec sync length
1e277b836 utils/RunUnderSystemdScope: fix wrt channel deadlock
03e4aa482 Bump cri-tools to v1.24.2
2fbf71963 test: set cri stats more idiomatically
efff3878c server: reduce object creation in List{Containers,PodSandboxes}
0cde0a6de update kubeadm init instructions
e5bb0c600 docs: update for CNI package change
62a14cf91 oci: reuse helper function to reduce duplication
9fea6e219 oci: kill children of container if it is in the host pid namespace
f6d963871 Add pause/unpause description to readme
35ca21623 Fix review issues
fa435f79c Use a default umask of `0o022`
6293c07b9 Fix it case failed
5d75cc24a Fix review issues
26432e631 changesinREADME
908111147 move 1.23 to 1.24 in README
85bcbe8d1 OWNERS: remove fgiudici
eb41d30e0 build(deps): bump actions/download-artifact from 2 to 3
c14faa62e build(deps): bump golangci/golangci-lint-action from 2 to 3
7fe39c7bc Add integration test for remove paused ctr
33997ae93 vendor: bump crypto package
8a090364d 1.When in paused state, stop contianer should unpause it 2.We should treat paused state as running, or kubelet will delete it and restart one
1e61f1318 build(deps): bump actions/setup-go from 2 to 3
c40fa5350 fix review issues
985c182a4 build(deps): bump google.golang.org/grpc from 1.43.0 to 1.46.2
cef56110d build(deps): bump actions/upload-artifact from 2 to 3
e932964fc build(deps): bump cachix/install-nix-action from 12 to 17
bf67bfd4f build(deps): bump actions/cache from 2 to 3
7db2b3b39 Try to force delete ctr when in paused state
0c1bf03fa chore: Included githubactions in the dependabot config
c657f4623 Fix some uses of Atoi
54d7da638 typo fix
2b8a7055c Typo fix
d4ec76bd4 Add CodeQL Github actions
ed53fa23b Use go 1.18 buildinfo for version output
21c8f6bde Bump third party dependencies
d68931ddb Run critest with conmonrs
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
d36e757d42 |
cri-o: update to 1.24.1 -latest
Bumping cri-o to version v1.24.1-18-gb0d2ef327, which comprises the following commits:
81ef20b38 Fix unit test coverage
7b4941478 Fix release-notes tag determination
0dde66a3c Upload release notes for each tag
29762438c Fix container status for HostToContainer propagation
2cf9cf9df bump ocicni to 0.4.0
5481d35e9 Fix unit tests
b0040ddd9 test: set cri stats more idiomatically
cf0037d1a utils/RunUnderSystemdScope: fix wrt channel deadlock
5b75a4763 oci: kill children of container if it is in the host pid namespace
489819e33 bump to v1.24.1
8acadd3f4 conmonmgr: query help text to see if it supports log-global-size-max
fc852b402 add support for conmon log-global-size-max
77f0429d9 oci: cap exec sync length
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
4c0f2dbe12 |
cri-o: update to 1.24.1
Bumping cri-o to version v1.24.1
We refresh one patch, add add textrel to our QA check skip list.
Which imports the following commits:
489819e33 bump to v1.24.1
8acadd3f4 conmonmgr: query help text to see if it supports log-global-size-max
fc852b402 add support for conmon log-global-size-max
77f0429d9 oci: cap exec sync length
9441b6700 Fix review issues
ee1a8519f Fix it case failed
027ab3f50 Fix review issues
db4a4aa51 Add integration test for remove paused ctr
76d1a929e 1.When in paused state, stop contianer should unpause it 2.We should treat paused state as running, or kubelet will delete it and restart one
3b25e48e4 fix review issues
eff3af248 Try to force delete ctr when in paused state
62d81d722 vendor: bump crypto package
3d516c53b oci: Move exec probe process to container cgroup, if enabled
8294126fa config: Add monitor_exec_cgroup config option
9a2723cb4 Reenable pod runtime in package spec
ae024bd0a dependencies: Upversion conmon dependency to v2.0.27
1737a4702 Sanitize conmonrs log level and print used version
5658fd35a Wrap runtime pod errors
b4bbd4d94 openshift test: use go 1.18
aa13dfb7b openshift test: add skip_pod_runtime to cri-o spec
d6aff5b63 Bump nixpkgs and use go1.18
4864ffc60 Fix golangci-lint errors
d0664581d add runtime pod
c33e14fc1 vendor conmon-rs
3b80d009b oci: add IsInfra method
0f601939e oci: lock for runtime creation
1376307fb test: use go 1.18 for lint
b98f15851 Move WillRunSystemd call after iterating the mounts
2a75c8307 Add sha256sum bundle files to uploaded artifacts
9f6a6724d crio:fix a bug about log container
901310bdd oci: use runtime handler level monitor fields
12758b2b3 config: assume default conmon cgroup if it's not specified
240de5f3f template: add comment to runtimes table
5a8223c75 config: replace Conmon specific fields with runtime handler versions
de2105a17 main(): don't treat reexec.Init() == true as an error
1de3e5ed2 crio:try fix integration test failed, because unpause not on time
6dfc68de4 config: increase pids limit to unlimited and deprecate it and logSizeMax
9ff165b4e bump ocicni to 0.3.1
b447dff77 bump containernetworking cni to 1.1.0
3fa33fe48 crio: unpause ctr after test
8e9ddee87 crio:fix golint check warning
019c578fa fix(stats): incorrect id on zfs driver
153bb668c crio:fix crun it failed
87f7f00f3 crio:update status after pause/unpause container
54912d7c8 oci: cleanup log path if the container failed to create
7a65dc340 utils: remove unused io related packages
9b111b532 runtime_vm: use containerd deps for container io directly
2da7482db remove the external dependency on the conntrack binary
1955cc167 go.{mod,sum}: update CDI deps to v0.3.2.
a8687861c server: no longer use hardcoded timeouts
64270ef91 fix builds by passing -buildvcs=false on 386
48230e006 test: bump to go 1.18.1
d41e3cbe6 Disable systemd-mode cgroup detection conditionally
e10376810 crio: Fix review issues and make format shell file
78308acd4 Add bats test to ensure namespaces are cleaned up on pod stop
ec1414424 pinns: Check calloc return value
adfe57b5d bump to 4.11 image
5e72b4133 crio: Fix code style
270d195ec crio: implement extended interface for pause/unpause container
31c278301 seccomp: drop unshare syscall from default profile
1098cc9b9 Retry to set CPU load balancing before return the error
7ccafd559 build(deps): bump github.com/BurntSushi/toml from 0.4.1 to 1.1.0
9b735153b Fix integration tests
862b27b8c Switch to registry.k8s.io for the sandbox Image:
9ebdeef1e Change the mcs order in selinux.bats to test the canonization of selinux label
1a9a3fdae Canonize selinux label for comparison with filesystem label
b106fcd71 oci: fix segfault in pod stop code
3e9d77257 capabilities: drop inheritable
afe738b18 Bump ocicni to v0.3.0
7b5a67f51 Switch to ginkgo/v2
1999baa2f Add bats test for infra_ctr_cpuset taskset
9fada28f7 Add bats test for zombie conmon cleanup
15afd20ee Update golangci-lint and config
13d7b9738 Bump golang to 1.18.x
1af1f8af2 pinns: Pass sysctls as repeated '-s' arguments
eb8715d30 Fix shell format
c3095bf20 README: Update EOL & Version Skew links
05c443b06 config/sysctl: fail if there is a + in the value
ea39e74f2 Fix critest
739379b0c Enable `--seccomp-use-default-when-empty` by default
98c18d1cb test: update to new runc behavior
4cb2407a2 Automatically chcon and restorecon on get script
bef94e1f8 Pin `github.com/u-root/u-root`
3be4dba79 Switch to `main` for `get` script
09399e41f Bump nixpkgs
51a800af0 Pin nixos/nix version
97df87f71 test: allow state of failing tests to be kept intact.
32d682800 factory: take capabilities setup
a643dad27 Add dedicated security information
d65414758 test/crio-wipe.bats: don't nuke $TESTDIR too early.
ff36ee6e0 test/cgroups.bats: fix incorrect setup order.
128165130 test/cdi.bat: add CDI integration tests.
a0d3fd8aa config,cli: add configuration for CDI.
f35fba448 pkg/container: implement CDI device injection.
572616137 go.{mod,sum}: update deps, vendor.
683baa221 contrib/test: force BATS symlink in place.
0be4d0611 contrib/test: always install BATS for integration.
2426bdb4c openshift e2e: bump cri-o version
e337fa364 bump to 1.24.0
5cad5f287 test: avoid concurrent crictl config writes.
bc240fd4c server: stop deleting pod from idIndex if already gone
a4b5f0c15 CI: use kubernetes from git tip
03064f4ca test/e2e: update skipped test list
65f93912d contrib/test/int/build/kubernetes: rm deprecated RunAsGroup
2e7a4d375 server: use syncfs instead of fsync
d9102e748 config/sysctls: validate against invalid spaces
230409570 [gitpod] use latest workspace full
6c3144af2 hack/build-rpms.sh: fix yum-builddep failures
52adfe025 ci: bump shellcheck to 0.8.0
92edea6dd test/apparmor: suppress bogus SC2031/2031
ca10da055 test/cni_plugin_helper: suppress shellcheck warning
0655dd213 test/test_runner: rm eval, fix comment
1acde4379 OWNERS: move rhatdan to emeritus approvers
d280c71ce OWNERS: move runcom to emeritus approvers
4041adc55 utils: Sync: use f.Sync
14d742672 Deny empty `localhost/` AppArmor profiles
bd02dac92 OWNERS: add first round of reviewers
626446e5c OWNERS: Move @sboeuf to emeritus approver
8aab1e8f2 int/storage: getReferences: fix gocritic warning
f1ca25bc5 server: fix (rather than ignore) gocritic warning
bc839156e server/streaming: specify the linter
fa2fd247f ci: bump golangci-lint to 1.44.0
cc6ed292b scripts/release-notes: fix printf args
f0e70901e scripts: fix a typo
b1705dc28 int/version: fix forcetypeassert linter warning
851916f0d server/container_create_linux: fix forcetypeassert warning
a2760072b utils: fix forcetypeassert linter warnings
d295f8b24 server/streaming: fix nolintlint warning
dd70c87ab int/storage: fix gosimple warning
f26fafdc5 int/config/cgmgr: fix stylecheck warnings
bc91cdb57 Format code using gofumpt 0.2.1
98d945cc9 Makefile: fix a comment
bb96cd907 test/crio-wipe: fixups
107fe3853 ISSUE_TEMPLATE: fix grammatical error
1affa13d9 OWNERS: move @sameo to emeritus_approvers
4dc761f9f ISSUE_TEMPLATES: update membership form to be reviewer form
592aa5159 ISSUE_TEMPLATES: add a couple of more
238e4d009 image: use imageCache value for ImageStatus()
411e15058 contrib/bundle: remove deprecated kubelet option.
15048929c minor edit: removed dead link from TOC
0dd5d2d00 oci: drop WaitContainerStateStopped
6449ff0d3 oci: fix a leaked goroutine
40165cb5b internal/factory/container: initialize from pkg/container
0dabb91b3 internal/factory/sandbox: initialize from pkg/sandbox
6e2472c92 README: update branches
a0f88d3a5 Updated format
a53f1d221 Generate checksum files for artifacts
728731808 test: add test for skipped sysctls
1667b5a66 server: skip sysctls that would affect the host
a7ac4683c deep copy List{PodSandbox,Container} structs
183ac018f GOVERNANCE: fix links
18dfcd273 oci: always have conmon log to syslog
c424e85e7 README: add reference to governance
008b3541a add GOVERNANCE.md
33063001c issue templates: add membership request form
aa8130f62 Add Debian_11 OS variable on installation instructions of Debian Signed-off-by: Wang Kai <persistence201306@gmail.com>
e5dad09ee criocli: produce diff-friendlier zsh completions.
b299c80c5 ci: use main branch for conmon
bcf069b12 server: fix race with kubelet
0769411bb Fix runtime panic on pod sandbox stats retrieval
ef1746095 update go to 1.17 in go.mod
acde72556 Reuse createContainerIO in CreateContainer
0731a9b57 Fix vm containers couldn't restore after CRI-O restart
386d4a447 ci: use main version of runc
28585442e openshift e2e: bump ci image
35c02b56e server: fix a potential NULL-pointer dereference.
20370fa95 Documentation: expand on CNI CIDRs in the kubeadm tutorial
143a623ad test: update tests for allowed_devices
56929cdb9 config: add AllowedDevices option
2aceed0f0 pass the main mount point to fix crypto profiles binding
6b887e9c3 Add Nestybox to the CRI-O adopters list.
33e25b47b server: drop duplicate log message
25a2eec40 pkg/container: fix container device GID fallback.
a68b239af bump crio commit for upstream k8s CI
d7da8b2b0 adds config template linting
86e43fc28 adds comments to default values
ff2a04e8b server: don't set memory swap when it's not enabled
5ebc4a407 Inherits storage configurations from storage.conf if crio config does not set
d0d8fb3a7 use cmdrunner singleton
2237f2658 conmonmgr: refactor for new CommandRunner
878040d10 cmdrunner: update mocks and add target to makefile
b3bb86659 config: prepend commands with taskset if InfraCtrCPUSet is configured
e9f0bb6c8 cmdrunner: add tests for prepended commands
04e9c61e3 cmdrunner: create singleton
fd2e2aeec Use timeout for conmon cgroup move
9af5e3363 build(deps): bump google.golang.org/grpc from 1.42.0 to 1.43.0
9a051dede Fixed a problem where metricImagePullsBytesTotal was getting updated twice and on second call getting incorrect labels
347f04161 test: add test ensuring a stopped pod is restored
86fd03b81 sandbox stop: remove namespaces
e02d5bf15 restore: handle removed namespaces
334e925ac Partially revert "restore: restore stop before managing namespace"
948b92bd7 restore: ensure containers are wiped on reboot
c3f75859b build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
78e1c80af build(deps): bump github.com/opencontainers/runc from 1.0.2 to 1.0.3
d8ea9f6ca vendor: bump c/image to 5.17.0
11c127f3d pinns: Add LDFLAGS to Makefile
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
3110725635 |
cri-o: update to 1.23.1
Bumping cri-o to version v1.23.1-16-g1607c6ec2, which comprises the following commits:
f2d8f69e3 config/sysctls: validate against invalid spaces
b1932286d server: stop deleting pod from idIndex if already gone
bccfd5110 [1.23] ci: use kubernetes 1.23, cri-tools 1.23
2630e0f88 contrib/test/int/build/kubernetes: rm deprecated RunAsGroup
e50405e5a hack/build-rpms.sh: fix yum-builddep failures
574393461 image: use imageCache value for ImageStatus()
4559c3328 oci: fix a leaked goroutine
e19f812f9 Reuse createContainerIO in CreateContainer
c9b4eb84e Fix vm containers couldn't restore after CRI-O restart
3899601f9 release-notes: add args for checksum fields
abe57a58b Updated format
b2fba4cf7 Generate checksum files for artifacts
0c619fc21 bump to v1.23.1
24092dd77 test: add test for skipped sysctls
b2ac1b7ca server: skip sysctls that would affect the host
8d512cbac server: don't set memory swap when it's not enabled
ac75b6cf0 deep copy List{PodSandbox,Container} structs
76e9feca0 ci: use main branch for conmon
54b6b7932 server: fix race with kubelet
987bd1366 Fix runtime panic on pod sandbox stats retrieval
a8513868c ci: use main version of runc
a6d6d3dde openshift e2e: bump ci image
8520be5fc server: fix a potential NULL-pointer dereference.
bc38aa734 pass the main mount point to fix crypto profiles binding
dc4bea916 test: update tests for allowed_devices
0f57bf75c config: add AllowedDevices option
dc224daf3 server: drop duplicate log message
11ffa6cbe test: add test ensuring a stopped pod is restored
a1ada429a sandbox stop: remove namespaces
89eccb5fc restore: handle removed namespaces
873414dbf Partially revert "restore: restore stop before managing namespace"
fe0e69dc8 restore: ensure containers are wiped on reboot
b905626d9 use cmdrunner singleton
228f82dbb conmonmgr: refactor for new CommandRunner
97bbe0637 cmdrunner: update mocks and add target to makefile
8ec9ce138 config: prepend commands with taskset if InfraCtrCPUSet is configured
81761eb2e cmdrunner: add tests for prepended commands
9c915e269 cmdrunner: create singleton
499540011 Use timeout for conmon cgroup move
04e8e4081 Fixed a problem where metricImagePullsBytesTotal was getting updated twice and on second call getting incorrect labels
021b5ba00 vendor: bump c/image to 5.17.0
dba27ab7e Add new metrics that match Prometheus best practices and reduce cardinality * add metrics with new names that match naming best practices * use _total for all counters * use base unit seconds, bytes * metrics that do not follow best practices have been marked deprecated, these can be removed in a future release, it is to ensure non-breaking change for couple of releases
e7aa30fdc unit test: fix relative log test
acc746e52 unit tests: update pinns path in case it isn't found in PATH
9f584ca4c test: skip target tests for userns
972c29c2d test: add test for target namespace
0176d5f92 add support for target PID namespaces
da0de5373 test: give testunit sudo
4b0d40ad4 oci: add managed pidns to container object
1fa69c707 pkg/container: take container namespace configuration
546732eed nsmgrtest: take some namespace related test code
440ba9feb nsmgr: add function to pin existing namespace
e122cb4f0 nsmgr: take (and rename) NamespacePathFromProc
8db9a89a5 pkg/sandbox: take config initialization
6f4e7bf8c Bump Kubernetes to v1.23.0
da8f9a07e set user.max_user_namespaces in case it's not
b8a766213 lint: bump cyclo complexity
0864aed84 gh-actions/contrib: setup sub{g,u}id
067551101 docs: add tutorial for setting up user namespaces
5d3c5a67f oci: put conmon in infra ctr cpuset if it is in the pod cgroup
231a358d2 test: add tests for user namespace annotations
ce3699969 test: move workload creation function to helpers
87aede8d5 cni manager: catch server shutdown
f3d2c601e server: notify user when network isn't ready yet
99e93ee58 stop using hardcoded "pod" const
9f81e4a00 oci: always reap conmon zombies
ab1b1aaaa clarify some error messages
96679844e Drop intermediate CRI types
3162e0552 Relabel containerenv files
f154c7c3c Add minimum_mappable_(u|g)id settings
bbc944cf6 Fix runtime panic on stats server shutdown
efcf8afe6 restore: restore stop before managing namespace
dec3bf5c9 server: add {,List}SandboxStats
5ba5cb0be server: refactor sandbox list
64870e3d8 server: use stats server to get container stats
b17b7dfd9 container server: use stats server
7f136833c stats: add stats server
43db34fb6 config: add StatsCollectionPeriod field
2569255c9 cgmgr: move most of stats handling to cgmgr
c6efa96ee oci: make changes in preparation for moving stats functionality:
536c08423 server: stub {List,}PodSandboxStats
542eb5580 server/cri: add PodSandboxStats support
ad71bd9ff vendor: bump cri-api
c5dd30dd1 server/cri: refactor to make stats processing unified
a598debac pkg/config: use iota
40dcd6da9 Add go 1.17+ go:build tags
6fbd6773f Remove redundant build tags
3064a9d7a Add containerenv file to containers This file indicates that the current environment is inside a container environment. The same technique is used by podman and docker. The same file name/path as podman was used, as it is vendor agnostic.
86538358a build(deps): bump github.com/containerd/containerd from 1.5.7 to 1.5.8
5fb7618d5 config: merge runtime and workload allowed annotations
28b01dad2 Updates kubeadm.md: The cgroup property is removed in [kubeadm-config.v1beta3](https://kubernetes.io/docs/reference/config-api/kubeadm-config.v1beta3/)
5a510ad7f build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
99027c321 Specify runtime table format in the error message
1f7b886d7 build(deps): bump github.com/containerd/ttrpc from 1.0.2 to 1.1.0
cbfab09d5 server: fix segfault when using cgroupv2
0f99f3348 gh-actions: add sed for kube e2e
880744562 release-notes: update to main
60615f0a3 build(deps): bump github.com/onsi/gomega from 1.16.0 to 1.17.0
8530f0a38 build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
8daa9039a Bug 2012838: fix override storage options from storage.conf
0ce45a372 oci: fix deadlock in container stop code
cf7f6f5af build(deps): bump google.golang.org/grpc from 1.41.0 to 1.42.0
a216d3d24 oci: always close chControl
1e8e40aaa oci: make some channels buffered
3036101b0 build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
cf3524471 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
2e1048422 build(deps): bump github.com/godbus/dbus/v5 from 5.0.5 to 5.0.6
10f8f17c4 Add annotation that makes /sys/fs/cgroup writable
7f747dde0 Add support for CNI plugins v1.0.1
ec6305762 bump(deps-opentelemetry)
37418e122 pin go.opentelemetry grpc/otelgrpc v0.25.0
c16429eb1 opentelemetry: add gRPC tracing
2a5623a2e build(deps): bump k8s.io/klog/v2 from 2.20.0 to 2.30.0
3571d9c74 build(deps): bump github.com/go-logr/logr from 1.1.0 to 1.2.0
ca38caa74 version: bump to 1.23.0
808681227 build(deps): bump github.com/containers/podman/v3 from 3.3.1 to 3.4.1
0b1b2061f build(deps): bump github.com/containers/common from 0.43.2 to 0.46.0
8f1daefc6 test: drop swap disable playbook
f253acb15 server: add support for CRI unified field
cd8bc4c1f server: implement swap support
9ab385d44 server/cri: add support for 1.22 features
aca331db3 test: bump cri-tools version
518fceb63 scripts: pin cri-tools version
97773983e server: reduce needless copying for sb.NamespaceOptions
b8b2f308d oci: refactor internal structure to use CRI type
9c813715d oci: use server CRI metadata type for containers
91289b929 sandbox: refactor internal structure to use CRI type
e45403022 sandbox: save createdAt as a int64
99cb4a362 build(deps): bump github.com/containerd/cgroups from 1.0.1 to 1.0.2
c119e253d build(deps): bump github.com/creack/pty from 1.1.16 to 1.1.17
6845b4233 build(deps): bump github.com/Microsoft/go-winio from 0.5.0 to 0.5.1
f61a4e097 Bump Kubernetes to v1.22.2
2cf307d2e sandbox: use server CRI metadata type
01ee37390 docs: emphasize deprecation notice
b7a80f137 update documentation for workloads
83518f098 add allowed annotations to workloads
b6b3f4cbb Log HTTP response writer message instead an error
20ad4f609 oci: use c/common signal parsing function
13182e64b Skip volume relabel for super privileged containers
cd2b0028a oci: chown stdin pipe to user in the container
c0a8f339c test: fix selinux test failures
f27efb28a build(deps): bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5
cd7f7cb46 Fix runtime handler docs
63d69d2a7 build(deps): bump github.com/containers/image/v5 from 5.15.2 to 5.16.1
b753b04a2 scripts: fix release branch forward script
87b8e5d05 server: FilterDisallowedAnnotations of containers earlier
0e02798d6 server: conditionally relabel volumes given annotation
99dac5fb8 build(deps): bump github.com/containers/storage from 1.36.0 to 1.37.0
6ec1ec47c test: refactor allowed_annotation tests
e70542f26 server: reduce args in addOCIBindMounts
f3106693c build(deps): bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1
74177a645 test: add label for openshift e2e in dockerfile
b2e665754 build(deps): bump github.com/containerd/containerd from 1.5.5 to 1.5.7
28043f5a9 test: skip certificate check for downloading parallel
086386bb1 Remove usge of deprecated apt-key in Ubuntu install
7ca329409 Fix install.md links
0f455e285 build(deps): bump google.golang.org/grpc from 1.40.0 to 1.41.0
245a88040 use a more appropriate console with code block
8c088319f build(deps): bump k8s.io/api from 0.22.1 to 0.22.2
ef861e8c7 build(deps): bump k8s.io/cri-api from 0.22.1 to 0.22.2
c7e8c26f5 build(deps): bump sigs.k8s.io/yaml from 1.2.0 to 1.3.0
757c863d5 build(deps): bump github.com/creack/pty from 1.1.15 to 1.1.16
5dd999e05 build(deps): bump k8s.io/apimachinery from 0.22.1 to 0.22.2
683428d75 fix node e2e
756543ec8 build(deps): bump github.com/intel/goresctrl from 0.1.0 to 0.2.0
d56449c4c bump crio commit used by node e2e installer
615ba94fd server: mount cgroup if hostNetwork
77b1a6e62 server: use container level host network setting
45366c8c7 server: don't recalculate hostnet
6493d8640 Fix typo in install.md
7071e5b3d Remove one of the explanations for `bind_mount_prefix` because it is duplicated.
7fe435d7d node e2e: keep infra container
c6f1ed4d5 add unit test for the `server/sandbox_remove`.
ce96d93c2 test: fix journald test for new conmon
9ada36be0 fix shfmt
19fb1db10 update `install.md` for debian and ubuntu
5b1c43bbb build(deps): bump github.com/json-iterator/go from 1.1.11 to 1.1.12
0833f62f3 build(deps): bump k8s.io/client-go from 0.22.1 to 0.22.2
f5ebb6c23 fix shfmt
61e08418a server: set spec when dropping infra
68c8989f8 Update 'master' branch links to 'main'
7fc2f88ce bumps pause image to 3.6
3fd1cd226 server: don't wait forever on conmon cgroup move fail
a9add6909 build(deps): bump github.com/containers/storage from 1.34.1 to 1.36.0
d7cc66fe8 Remove bashism in sh script
15f7f7e4e Do not log if Intel RDT is not supported
b9ad2de69 build(deps): bump github.com/godbus/dbus/v5 from 5.0.4 to 5.0.5
eb45b4891 Fix cluster.yaml for kubectl create
69e88512a call cmd.Wait() in all cases we call Start()
07328622a oci: call wait on conmon if cgroup move fails
a377aec52 build(deps): bump github.com/go-logr/logr from 1.0.0 to 1.1.0
38f41c16a Fix `crio_image_pulls_layer_size_` metrics docs
9195a3417 Adapt to klog incompatible changes
a5716420b build(deps): bump k8s.io/klog/v2 from 2.10.0 to 2.20.0
6b96358ef Add `--profile-cpu` and `--profile-mem` options
ed0eca0f1 build(deps): bump github.com/containers/podman/v3 from 3.3.0 to 3.3.1
88f5e154d server: remove ineffective `updateLock`.
05e662469 Fix missing quantile in `latency_microseconds_total` metrics
681aa32ed Update crio commit for node e2e
94b9b8688 build(deps): bump github.com/fsnotify/fsnotify from 1.4.9 to 1.5.1
c8ecab3da Bump runc binary to 1.0.2
0d640e6f9 Switch to go1.17 for CI
8bbbbf2b5 fix debian 10 build doc
639d494cd test/testdata/sandbox_config.json: fix the dns_config
af555c038 adds updating instructions to install.md
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
f895d152d2 |
cri-o: update to use SKIP_RECIPE
oe-core has remove PNBLACKLIST in favour of SKIP_RECIPE, so we update our recipe accordingly to avoid warnings. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
1589b430e3 |
cri-o: update to 1.22.1
Bumping cri-o to version v1.22.1-5-ge3dfe61ca, which comprises the following commits:
d89a55e91 gh-actions: add sed for kube e2e
b1ac0896f release-notes: update to main
a90fcad56 test: add label for openshift e2e in dockerfile
1495b80e8 bump to 1.22.1
4ce3396b9 Skip volume relabel for super privileged containers
66e3210e0 test: skip certificate check for downloading parallel
91acfb2e7 test: fix shmft
325ec64d5 vendor: update to selinux 1.9.1
8bacf3132 test: fix selinux test failures
116eff337 server: FilterDisallowedAnnotations of containers earlier
e595eeb06 server: conditionally relabel volumes given annotation
69dfc4bc4 test: refactor allowed_annotation tests
92810c137 server: reduce args in addOCIBindMounts
54f343719 server: mount cgroup if hostNetwork
b40d9220b server: use container level host network setting
53755727a server: don't recalculate hostnet
a220ddf71 server: set spec when dropping infra
85043dab6 server: don't wait forever on conmon cgroup move fail
764e83f44 Do not log if Intel RDT is not supported
4542e5166 call cmd.Wait() in all cases we call Start()
2bd8e315b oci: call wait on conmon if cgroup move fails
d45f1f112 Fix missing quantile in `latency_microseconds_total` metrics
6a8cb41cd oci: use conmon for exec again
ddef4d063 install dependency in test step
f74d274fa blockio: apply annotations and blockio classes to Linux.Resources
7b3f68fa8 blockio: handle class configuration file if set
d7444c86d blockio: enable setting blockio class configuration file
5aacbedb2 fix checking in openpgp_tag.sh
2bfcfb6fb config: set internal_wipe to true by default, and deprecate the option
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
17e0be0dc3 |
cri-o: switch from master -> main
cri-o has joined the projects switching their default branch to main (and removing the old one). We update our recipe to avoid fetcher errors. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
0a7ae8bc50 |
global: convert github SRC_URIs to use https protocol
github is removing git:// access, and fetches will start experiencing interruptions in service, and eventually will fail completely. bitbake will also begin to warn on github src_uri's that don't use https. So we convert the meta-virt instances to use protocol=https (done using the oe-core contrib conversion script) Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
7b46286b34 |
virtual/containerd: don't rprovide virtual/
Similar to the oe-core commit:
commit 93ac180d8c389f16964bce8bd5538d9389e970e6
Author: Michael Opdenacker <michael.opdenacker@bootlin.com>
Date: Wed Sep 1 11:20:20 2021 +0200
meta: stop using "virtual/" in RPROVIDES and RDEPENDS
Fixes [YOCTO #14538]
Recipes shouldn't use the "virtual/" string in RPROVIDES and RDEPENDS.
That's confusing because "virtual/" has no special meaning in
RPROVIDES and RDEPENDS (unlike in PROVIDES and DEPENDS).
Instead, using "virtual-" instead of "virtual/"
as already done in the glibc recipe.
We stop rproviding virtual/containerd to keep the namespace clean.
There aren't many users of this virtual provides, but we keep
it around (for now) to maintain compatibility.
At the same time we convert the RPROVIDES to virtual-containerd, to keep
it available and consistent with oe-core use virtual-libc, etc.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
263e4d3d4e |
virtual/runc: don't rprovide virtual/
Similar to the oe-core commit:
commit 93ac180d8c389f16964bce8bd5538d9389e970e6
Author: Michael Opdenacker <michael.opdenacker@bootlin.com>
Date: Wed Sep 1 11:20:20 2021 +0200
meta: stop using "virtual/" in RPROVIDES and RDEPENDS
Fixes [YOCTO #14538]
Recipes shouldn't use the "virtual/" string in RPROVIDES and RDEPENDS.
That's confusing because "virtual/" has no special meaning in
RPROVIDES and RDEPENDS (unlike in PROVIDES and DEPENDS).
Instead, using "virtual-" instead of "virtual/"
as already done in the glibc recipe.
We stop rproviding virtual/runc to keep the namespace clean.
There aren't many users of this virtual provides, but we keep
it around (for now) to maintain compatibility.
At the same time we convert the RPROVIDES to virtual-runc, to keep
it available and consistent with oe-core use virtual-libc, etc.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
c32950010e |
cri-o: update to 1.22-dev
Updating to the latest cri-o development branches to align with k*s testing and dev. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
d876cfc5bf |
global: overrides syntax conversion
OEcore/bitbake are moving to use the clearer ":" as an overrides
separator.
This is pass one of updating the meta-virt recipes to use that
syntax.
This has only been minimally build/runtime tested, more changes
will be required for missed overrides, or incorrect conversions
Note: A recent bitbake is required:
commit 75fad23fc06c008a03414a1fc288a8614c6af9ca
Author: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Sun Jul 18 12:59:15 2021 +0100
bitbake: data_smart/parse: Allow ':' characters in variable/function names
It is becomming increasingly clear we need to find a way to show what
is/is not an override in our syntax. We need to do this in a way which
is clear to users, readable and in a way we can transition to.
The most effective way I've found to this is to use the ":" charater
to directly replace "_" where an override is being specified. This
includes "append", "prepend" and "remove" which are effectively special
override directives.
This patch simply adds the character to the parser so bitbake accepts
the value but maps it back to "_" internally so there is no behaviour
change.
This change is simple enough it could potentially be backported to older
version of bitbake meaning layers using the new syntax/markup could
work with older releases. Even if other no other changes are accepted
at this time and we don't backport, it does set us on a path where at
some point in future we could
require a more explict syntax.
I've tested this patch by converting oe-core/meta-yocto to the new
syntax for overrides (9000+ changes) and then seeing that builds
continue to work with this patch.
(Bitbake rev: 0dbbb4547cb2570d2ce607e9a53459df3c0ac284)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Bruce Ashfield
|
fd4b46ce22 |
cri-o: add seccomp distro features check
Since seccomp depends on libseccomp, and seccomp is only available when the distro feature is enabled, we add the same dependency and distro feature check to this recipe. Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
a781aa5fd9 |
cri-o: update to 1.22 release
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
c092e3de20 |
cri-o: update to 1.21-latest
Bumping the latest 1.21 release changes, which comprise the
following commits:
bce3e6c5f Fix tests
ec1a512ac Bump to v3.1.1-dev
9f09fb62c Bump to v3.1.0
1386f9046 Fix test failure
38bb77c5b Update release notes for v3.1.0 final release
670e1ac67 [NO TESTS NEEDED] Turn on podman-remote build --isolation
ac4bdd265 Fix long option format on docs.podman.io
96ffce219 Fix containers list/prune http api filter behaviour
e772719bf [CI:DOCS] Add note to mappings for user/group userns in build
52cd3ce2d Validate passed in timezone from tz option
633ae014e Generate Kubernetes PersistentVolumeClaims from named volumes
c9640bab7 libpod/image: unit tests: use a `registries.conf` for aliases
43c772aa2 libpod/image: unit tests: defer cleanup
396a59b02 libpod/image: unit tests: use `require.NoError`
a01b387e8 Unification of until filter across list/prune endpoints
183a68a81 Unification of label filter across list/prune endpoints
d1589f280 fixup
31351ad94 fix: build endpoint for compat API
7148544df [NO TESTS NEEDED] Remove /tmp/containers-users-* files on reboot
88672b58c Check if stdin is a term in --interactive --tty mode
23f3805df [NO TESTS NEEDED] Fix rootless volume plugins
5e3445e6e Ensure manually-created volumes have correct ownership
6b6989206 Support multi doc yaml for generate/play kube
d560f168f Correct json field name
573ed9220 Fix filters in image http compat/libpod api endpoints
1b349d79a podman generate systemd --new do not duplicate params
1089f83a4 Fix podman build --pull-never
be02c8581 man pages: correct seccomp-policy label
62b49e176 [NO TESTS NEEDED] Use same function podman-remote rmi as podman
3d1aaffdb Add problematic volume name to kube play error messages
d498022fd Fix list pods filter handling in libpod api
66b1c2bd9 [NO TESTS NEEDED] Fix for kernel without CONFIG_USER_NS
b55730180 Remove resize race condition
e7dc66d83 [NO TESTS NEEDED] Vendor in containers/buildah v1.20.0
57e0d8f29 Use TMPDIR when commiting images
505f43c08 Add RequiresMountsFor= to systemd generate
15da607d1 Fix swapped dimensions from terminal.GetSize
0127cc184 Revert go-systemd to v2.22.0
4f11517c0 Cirrus: Update configuration for v3.1 branch
834f4caaa Bump to v3.1.0-dev
1b56ea2d9 Bump to v3.1.0-rc2
1ae87ff46 Update release notes for v3.1.0-RC2
3b609a706 Bump github.com/coreos/go-systemd/v22 from 22.1.0 to 22.3.0
1dfbdd5d9 Fix system prune cmd user message with options
afce37671 System tests: reenable a bunch of skipped tests
417f36281 Cleanup /libpod/images/load handler
adf652e2a vendor: drop replace for github.com/syndtr/gocapability
e85cf8f4a security: use the bounding caps with --privileged
f46b34ecd Bump github.com/containers/common from 0.35.0 to 0.35.3
5a18b5eb7 Bump k8s.io/apimachinery from 0.20.4 to 0.20.5
aa2d6e6e6 Fix volumes and networks list/prune filters in http api
ec1651fbf Bump github.com/containers/storage from 1.25.0 to 1.28.0
1ca74b00d add a dependabot config to automate vendoring
a596d1f5d Bump github.com/onsi/ginkgo from 1.15.1 to 1.15.2
8ea02d0b6 network prune filters for http compat and libpod api
8da5fd820 test: check for io.stat existence on cgroup v2
592aae4f9 test: fix test for last crun/runc
1c873c7da test: simplify cgroup path
af3499db5 Latest crun/runc should handle blkio-weight test
82858a97c fix user message image prune --all
3d01d42f2 Docs: removing secrets is safe for in-use secrets
21f229a3d Downgrade github.com/coreos/go-systemd/v22
e8918ff10 pkg/bindings/images.Build(): fix a race condition in error reporting
310eae4ba Switch all builds to pull-never
963d19c75 System test cleanup
f4b2d597a Fix for volumes prune in http compat api
8de560703 Fix remote client timezone test
57e8c6632 Do not leak libpod package into the remote client
762148deb Split libpod/network package
955aaccc5 fix use with localhost (testing)
9251b6c8c add /auth for docker compatibility
3803d0a4a create endpoint for querying libpod networks
12fb9e465 Bump github.com/sirupsen/logrus from 1.8.0 to 1.8.1
660a72993 sdnotify tests: try real hard to kill socat processes
7b0155cf7 Fix array instead of one elem network http api
92a8d69a7 Delete all containers and pods between tests
258749e43 apiv2 tests: finally fix POST as originally intended
c9ef26071 Document CONTAINERS_CONF/CONTAINERS_STORAGE_CONF Env variables
f1eb8e816 Removing a non existing container API should return 404
dc0c72a48 Docs: Add docs to access APIs inside container
6d4899745 options: append CLI graph driver options
930bec4d3 podman load: fix error handling
1f2f7e745 podman cp: evaluate symlink correctly when copying from container
2033fa4c7 rm pkg/api/handlers/libpod/copy.go
31b11b5cd podman cp: fix copying to a non-existent dir
a61d70cf8 podman cp: fix ownership
2abfef380 podman cp: ignore EPERMs in rootless mode
d175fbfdb vendor buildah@v1.19.8
e33f52390 apiv2 tests: add helpers to start/stop a local registry
e926b5d73 Bump to v3.1.0-dev
aa9616cd4 Bump to v3.1.0-rc1
e9db60492 allow the removal of storage images
9eac4a7f7 podman-remote build does not support volumes
d1878cc67 Compat API: Avoid trying to create volumes if they already exist
7e289833e Bump github.com/onsi/gomega from 1.10.5 to 1.11.0
0e36e65ea Allow users to generate a kubernetes yaml off non running containers
80390dd18 Bump github.com/onsi/ginkgo from 1.15.0 to 1.15.1
d0d084dd8 turn hidden --trace into a NOP
320df8388 pkg/terminal: use c/storage/pkg/homedir
cc7a7568a Update nix pin with `make nixpkgs`
9e75cafd5 build-arg
326f3eda3 Handle podman build --dns-search
01ffe2c30 podman build --build-arg should fall back to environment
2c500a814 Add support for podman build --ignorefile
1a33b7648 replace local mount consts with libpod/define
e4da5096b separate file with mount consts in libpod/define
9fc29f63e Correct compat images/{name}/push response
a910f74ea [NO TESTS NEEDED] Bump pre-commit-hooks version
3ae580b0e [ci skip] Bad formatting fix in build documentation
803e58b36 Bump github.com/containernetworking/plugins to v0.9.1
d107c3729 podman-remote stop -time 0 does not work
5bb8fa30b Do not return from c.stop() before re-locking
2bcc95257 Fix for podman network rm (-f) workflow
3396343d4 Bump github.com/coreos/go-systemd/v22 from 22.1.0 to 22.2.0
efc592fba Bump github.com/containers/buildah from 1.19.6 to 1.19.7
793c52dd5 Add tests for selinux kvm/init labels
8453424e2 Respect NanoCpus in Compat Create
a090301bb podman cp: support copying on tmpfs mounts
e43385eca image removal: ignore unknown-layer errors
aa0a57f09 Fix cni teardown errors
f86d64130 Use version package to track all versions
252aec1c9 Check for supportsKVM based on basename of the runtime
53d22c779 Compat API: create volume source dirs on the host
61e626c85 Makefile: add install.docker-docs-nobuild for packaging use
81a3f8a43 Add /sys/fs/cgroup as readonly path in docs
8f2192922 Add network summary to compat ps
4eed89aca Fix possible panic with podman build --iidfile
9391bfc52 Add version field to secret compat list/inspect api
b19791c0b Tidy duplicate log tests
5df625140 Fix support for podman build --timestamp
43e899c2e Rewrite Rename backend in a more atomic fashion
91b2f07d5 Use functions and defines from checkpointctl
bf92e2111 Move checkpoint/restore code to pkg/checkpoint/crutils
bd819ef7d Vendor in checkpointctl
2c8c5393a Support label type dict on compat build
ac992e4b0 Makefile: install systemd services conditionally
63a3b8a09 podman-system-service.1.md: fix timeout example
774aea45e swagger: update the libpodPutArchive operation verb
3908c0079 Makefile: split install.docker-docs from install.docker
2f0fc2911 Bump RootlessKit v0.14.0-beta.0
8b7caa6d0 Compat api containers/json Ports field is null
14d5bd164 Bump github.com/cri-o/ocicni to latest master
7927fe01f Refactor python tests to run against python3.9
9435e5b79 APIv2 tests: make more maintainable
e9d94dc90 [CI:DOCS] Improve release process docs
375201633 podman rmi: handle corrupted storage better
d9cb135b6 Enable cgroupsv2 rw mount via security-opt unmask
cc679d952 podman-image-sign.1.md: typo fix
f54ed7269 compat api network ls accept both format options
680dacaea Enable no_hosts from containers.conf
fcce1da1b Correct compat images/create?fromImage response
ba319e3ba [Compat API] Also print successfully tagging images in /build endpoint
43d010bd0 Fix parsing of Tmpfs field in compat create
24d9bda7f prune remotecommand dependency
bee21f1e4 system test image: build it multiarch
ef549235e Updated based on Jhonce comments
ccbe4ff73 updated common to 0.35.0
836bfebb4 Refactored file
1aa96ed2e swagger: removes the schema type for PodSpecGenerator $ref
431f75519 podman-system-connection.1.md: fix copy/paste error
90050671b Add dns search domains from cni response to resolv.conf
f152f9cf0 Network connect error if net mode is not bridge
fc32ec768 Sort CapDrop in inspect to guarantee order
79eaadd3f podman upgrade tests
3947feb4b test: ignore named hierarchies for cgroups=split
e5ac28f3b container removal: handle already removed containers
a775c5920 Bump github.com/rootless-containers/rootlesskit from 0.13.1 to 0.13.2
0ab32d11d Bump k8s.io/apimachinery from 0.20.3 to 0.20.4
874f2327e Add U volume flag to chown source volumes
fcf669fd9 Replace Labels and Options nulls with {} in NetworkResource
4875a8fb4 Cirrus: Temp. disable prior-fedora (F32) testing
f3a8e3324 podman cp: test /dev/stdin correctly
8577be72e podman cp: treat /dev/stdout correctly
e87c5b6c1 cgroup: change cgroup deletion logic on v1
9d818be73 Fix podman network IDs handling
d9655b0f0 pr-should-include-tests: recognized "renamed" tests
d2f3098c6 --no-header flag implementation for generate systemd
af7a68fa8 [NO TESTS NEEDED] Make binding util internal
c236aebb9 Two variations of --new flag added to e2e
a2e1b3eab swagger: add missing schema properties
5dded6fae bump go module to v3
d333ef82b Fix 'storage.options' indent
d886cd930 Bump github.com/sirupsen/logrus from 1.7.1 to 1.8.0
b40d778f4 Bump github.com/containers/buildah from 1.19.4 to 1.19.6
05eb06f56 Turn on journald and k8s file logging tests
f06dd45e0 Allow podman play kube to read yaml file from stdin
43a581904 Log working dir when chdir fails
d6b0b5412 Fix segfault in run with memory-swap
e1ad50654 leak fix in rootless_linux.c fcn can_use_shortcut
612ba6aa8 Fix journald logs with more than 1 container
9016387bb Fix journald logs --follow
f2d057c94 Fix journald logs --since
fbc50e528 fix journald logs --tail 0
cf2a55189 [CI:DOCS]basic networking guide
71689052a cp: treat "." and "/." correctly
caa0bc157 [CI:DOCS] [NO TESTS NEEDED] Update swagger doc for libpod container wait
31eca5c20 Bump k8s.io/apimachinery from 0.20.2 to 0.20.3
e022c1975 Don't switch on a single case
3e168b19f Quote URL
b3f9559c8 bindings: support simple types that implement fmt.Stringer interface
9699e81a0 API: fix libpod's container wait endpoint condition conversion
a9d548bf7 Change source path resolution for volume copy-up
e2d5a1d05 podman ps --format '{{ .Size }}' requires --size option
12b6342c3 infra: downgrade warning to debug
12a577aea Ignore entrypoint=[\"\"]
684290725 Bump github.com/sirupsen/logrus from 1.7.0 to 1.7.1
68a8d397c Add missing early returns in compat API
5d1ec2960 Do not reset storage when running inside of a container
958f90143 podman kill should report rawInput not container id
759fc9334 Fix an issue where copyup could fail with ENOENT
2ec0e3b65 do not set empty $HOME
2a21ecafa images/create: always pull image
f2f18768a Fix panic in pod creation
0fd480708 Bump github.com/rootless-containers/rootlesskit from 0.13.0 to 0.13.1
2845f7b83 podman build: pass runtime to buildah
39c1fdb15 correct startup error message
690c02f60 Add missing params for podman-remote build
a532994f8 Fix typo podman run doc in flag -pid=mode "efault"
4a9bd7a18 When stopping a container, print rawInput
714acf326 fix create container: handle empty host port
3d50393f0 Don't chown workdir if it already exists
bf083c185 Fix broken podman generate systemd --new with pods
227c54813 fix dns resolution on ubuntu
0ab5bfd31 e2e: fix network alias test
704fa8b55 fix failing image e2e test
9a24d5098 Update troubleshooting.md
6ffd05d0b [NO TESTS NEEDED] Refactor generated code
2c31f3839 Fix superfluous response.WriteHeader call in WaitContainerLibpod()
4067f3a4d change ps Created to unix
78b419909 Enable more golangci-lint linters
adfcb7460 make layer-tree lookup errors non-fatal
78c8a8736 Enable whitespace linter
69ab67bf9 Enable golint linter
ef2fc90f2 Enable stylecheck linter
40c3c972d Update Master to reflect the 3.0 release
660a06f2f utils: takes the longest path on cgroup v1
5f999b6bc container ps json format miscue
8e2fae186 Bump github.com/spf13/cobra from 1.1.2 to 1.1.3
1b5f3ed24 utils: create parent cgroups
9196a5ce3 utils: ignore unified on cgroupv1 if not present
f4fd25a00 utils: skip empty lines
f28b08fe9 Correct compat network prune response
5ccb1596b Display correct value for unlimited ulimit
fdf39e169 apiv2: handle docker-java clients pulling
ea910fc53 Rewrite copy-up to use buildah Copier
31b2b2cc2 bump to v3.1.0-dev
68133414f [NO TESTS NEEDED] Update linter
46b014bad Bump github.com/spf13/cobra from 1.1.1 to 1.1.2
1cc387bf7 Add shell completion tests for secrets
f4ece018b Docker APIv2 push sends digest in response body
f2a856203 Fix compat networks endpoint for a empty result
21deafba8 hardening flags for fedora rpmbuilds
e15e170ac [CI:DOCS]First pass at release process
46385dd60 Restart service when CONTAINERS_CONF changes
cc846a8cd Support annotations from containers.conf
68414537c vendor github.com/containers/image v5.10.2
ea704da72 APIv2 tests: lots of cleanup
721a1e104 Fix Docker APIv2 push endpoint
48c612cf6 generate kube: support --privileged
08d8290f1 Bump github.com/containers/ocicrypt from 1.0.3 to 1.1.0
832a69b0b Implement Secrets
45981ba29 Bump containers/buildah to v1.19.4
1caace8f4 Allow path completion for podman create/run --rootfs
6c75419a8 Cirrus: Send cirrus-cron report e-mail to list.
feecdf919 make `podman rmi` more robust
407e86dcd Implement missing arguments for podman build
3c3e644c1 vendor latest containers/common
91ea3fabd add network prune
821ef6486 fix logic when not creating a workdir
002f2aca7 Bump remote API version to 3.0.0
6c713984e play kube selinux test case
5c6ab3075 Fix podman network disconnect wrong NetworkStatus number
05444cb2c Fix per review request
c995b5460 generate kube: handle entrypoint
96adf0e2a play kube selinux test case
2b8d6ca09 Increase timeouts in some tests
3c57bc845 Add test for Docker APIv2 wait
4a219aa23 Implement Docker wait conditions
fc385806d Improve ContainerEngine.ContainerWait()
570e1587d Improve container libpod.Wait*() functions
6a6e86829 Cirrus: Collect ginkgo node logs artifacts
ebc42f508 Bump github.com/containers/storage from 1.24.5 to 1.25.0
9dc795191 Bump github.com/containernetworking/cni from 0.8.0 to 0.8.1
bc149a4dd bindings: attach: warn correct error
d87f54fbb Fix invalid wait condition on kill
dfa9a340a Makefile: make bin/* real targets!
3d105015f typo
c40cd1be9 Bump github.com/onsi/gomega from 1.10.4 to 1.10.5
bda95bdb6 Update nix pin with `make nixpkgs`
1c50e09b0 System test for #9096 (truncated stdout)
432ee04c5 play kube selinux label test case
e0bc8ffb5 Gating tests: diff test: workaround for RHEL8 failure
bde23a021 [NO TESTS NEEDED] style: indendation
89df89b5f [NO TESTS NEEDED] fixup: remove debug code
7e4d696d9 Report StatusConflict on Pod opt partial failures
bd0e22ed1 Honor network options for macvlan networks
095919680 Make slirp MTU configurable (network_cmd_options)
ac3bd4c33 [NO TESTS NEEDED] Generated files
5a746c08f [NO TESTS NEEDED] Improve generator
c68b59f97 play kube selinux label issue
e9f936a29 Makefile: refactor ginkgo * ginkgo-remote
931ea939a Allow pods to use --net=none
323ab314e Bump github.com/onsi/ginkgo from 1.14.2 to 1.15.0
077fd670b Update release notes for v3.0.0
ee8ee651d New 'make completions' target
e11d8f15e add macvlan as a supported network driver
5352df226 Fix podman generate systemd --new special char handling
eaafd975a Bump github.com/rootless-containers/rootlesskit from 0.12.0 to 0.13.0
51c11fea8 Endpoint that lists containers does not return correct Status value
3cfd4ce45 Fix --network parsing for podman pod create
9b5b03d1e list volumes before pruning
4a6d042c2 Docker ignores mount flags that begin with constency
cdbbc6120 podman generate kube ignores --network=host
073f76c13 Switch podman stop/kill/wait handlers to use abi
b842d97f5 [CI:DOCS]build instructions for macOS
280f332bd Vendor in containers/buildah v1.19.3
ca0dd76bf Honor custom DNS in play|generate kube
d7c356552 Podman-remote push can support --format
b74f939fb Bump github.com/containers/image/v5 from 5.10.0 to 5.10.1
8d979e093 Cirrus: Build static podman-remote
c0bf0ba9e podman build --pull: refine help message and docs
c450092fd Revert "podman build --pull: use correct policy"
75c3b3389 Bump github.com/containers/image/v5 from 5.9.0 to 5.10.0
59076888d Cleanup bindings for image pull
89bb8a9b3 Don't fail if one of the cgroups is not setup
1fac43654 Add support for rootless network-aliases
c717b3cac Allow static ip and mac with rootless cni network
15caebfe5 podman build --pull: use correct policy
bfc1b66be Cirrus: Fix running Validate task on branches
f8bf509d1 Fix static build cache by using cachix
84f7bdc4d Switch podman image push handlers to use abi
fee2fadc3 e2e tests: synchronize test results
21cb3043f podman-remote ps --external --pod --sort do not work.
f79d68eea Fix podman history --no-trunc for the CREATED BY field
c63599d36 remote exec: write conmon error on hijacked connection
e9f4fb975 Fix #9100 Change console mode message to debug
02ec5299f Add default net info in container inspect
1ae410d19 Ensure the Volumes field in Compat Create is honored
35c89ccc5 [CI:DOCS]update state of restful service
0f668aa08 workdir presence checks
7b186dcb9 libpod: add (*Container).ResolvePath()
74a63df05 Fixup search
97f5e9458 Pass DefaultMountsFile to podman build
5350254f0 Ensure shutdown handler access is syncronized
33179c281 System tests: cover gaps from the last month
5623cb9d3 Fix --arch and --os flags to work correctly
a86d23c75 Bump github.com/google/uuid from 1.1.5 to 1.2.0
75698b4b7 Fix typo
393a8f026 disable dnsname when --internal
ef76b92b8 swagger.go: Fix compilation error
8c1768e38 Fix fish completion issue if the command is prefixed with a space
a457c5c92 Bump golang.org/x/crypto
0ba1942f2 networking: lookup child IP in networks
c182091b0 Small API test improvement for compatibility search endpoint
6e6a38b41 podman manifest exists
c9baa6b93 Accept and ignore 'null' as value for X-Registry-Auth
4b8df5903 Turn on some remote test
94f96c78a Add a notice to remove pod before starting service
ef654941d libpod: move slirp magic IPs to consts
5e65f0ba3 rootlessport: set source IP to slirp4netns device
37319dec1 vendor: update rootlesskit to v0.12.0
2fa67fe4b api: fix import image swagger definition
9d31fed5f podman volume exists
4e4d318b7 Cirrus: Upload swagger YAML in every context
dbb99433d [CI:DOCS] Cirrus: Skip smoke task on branch-push
836fa4c49 Move the cni lock file into the cni config dir
c1cd512cb Use random network names in the e2e tests
3fedb2b6d [CI:DOCS] Update project name in Code of Conduct
f43046745 Set log driver for compatability containers
c3cbaa355 Make generate systemd --new robust against double curly braces
6518391e8 Fix man page for fuse-overlayfs config in rootless mode
a3621a7cf Cirrus: add bindings checks
e7df73efa Fix handling of container remove
41a7e11c7 make bindings generation explicit
f302ce578 make bindings generation more robuts
175fc3867 Revert "ginkgo: install on demand via `go get -u`"
37abec240 [CI:DOCS] fix go-md2man HTMLSpan warnings
9f6bb3563 CI: smoke test: insist on adding tests on PRs
a45d22a1d podman network exists
de05e5816 ginkgo: install on demand via `go get -u`
d2ee3d815 runner.sh : deal with bash 'set -e'
4ccb0729b Add binding options for container|pod exists
683bab03f [CI:DOCS]Do not run compose tests with CI:DOCS
2df59829e simplify bindings generation
462994268 make: generate bindings: use vendor
caaaa2c5e hack/install_golangci.sh: smarter install
f38b7f48c golangci-lint: install to ./bin
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Martin Jansa
|
04f8621d82 |
cri-o, podman, packagegroup-container: replace anonymous python function calling bb.parse.SkipRecipe with conditional PNBLACKLISTs
* PNBLACKLISTs are IMHO a bit easier to read and easier to override from distro which e.g. provides own recipe for libseccomp Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Bruce Ashfield
|
c0d7968bfd |
cri-o: update to v1.21.0
Bumping to the 1.21 release branch. Although this still in development, there are some depreciations and other features we want to get into the release, so we bump now for extra testing. This comprises the following commits: 7b4b8b2de bump protobuf to 1.3.2 cf1e612eb server: support setting raw unified cgroupv2 settings fc69fe15c vendor: update runtime-specs fcc278427 cgroup: implement fix for swap memcg on cgroup v2 7b7efa307 server: leave swap mem limit unset if not supported 2d857bf21 test: skip ServiceAccountIssuerDiscovery test dcf651d91 hostport manager clean up host ports 6f096c58e allows stream timeout to be set from config 056f8161d Bump containers image to v5.10.1 26aa60644 Move unit tests to GitHub actions 04185fc4f Move go1.14 and 386 builds to GitHub actions f91c4f0ca set kubelet node IP 26491d154 Fix validate-completions GitHub action ebafe7536 Add integration test for pprof over unix socket 109b412af Add a flag for enabling profile over unix socket a09423d60 Lookup echo command for unit tests c1a724770 Move static build to GitHub actions 85feffc1f pinns: Fixup 'pwarn' output to match 'pwarnf' output e30c3975f pinns: Don't put errno in the exit message for argument checks fd8e390ad nsmgr: use host option 76a89b938 nsmgr: Use config struct for NewPodNamespaces 969505130 pinns: support pinning host ns 4394eee77 Remove implicit GitHub action `name` fields a0568ace6 Move docs and completions validation to GitHub actions fa3741f1d Make config tests work rootless 2a8f2b11b Make rootless namespace unit test execution work 2670d8598 Do not log file path on ioutil.ReadFile a6e8ae41d fixes version_test.go 841913db8 Close the stdin/tty on server start to avoid shortname prompts e430b1df6 Update debian repository url to use https 3f4bef945 docs: fix http link c2b9d0fd8 docs: update kubeadm tutorial b64e716a9 Fix `make lint` f36c64dbd Return runtime API version based on protocol cce49c0e4 Update compatibility matrix to mention v1.20 77f1b7c36 add method comment 84b616b79 restore irqbalance config only on system restart aa46a2393 add blurb in doc and more informative name for unit tests 13be7ae5a add is-enabled check for irqbalance service 9930cc33d fix unit tests ce9973796 add unit tests b3b48b31f fix bash/zsh completions 3cd55b226 fix the docs validation cf61f947d handle irqbalance service 7a1939882 runtime_vm: set finished time when containers stop 78c91cbf9 nsmgr: fix/add calls to GetNamespace 177250f74 managed namespaces: move to dedicated package 10c9e4961 Provide integration test for infra-ctr-cpuset feature 5f9dbb1a2 Set CPUs for the infra containers during the creation b3fb25b44 Add shell completion for infra-containers-cpu flag e0f7ccc32 Add new infra-containers-cpus to the CLI and config file 30b0aea2e refine `registries` deprecation message ac8e51bfd Circle CI: install test/registries.conf d0e9b8b0c crio.8.md: runroot defaults to /run/containers/storage 2e49302ed support short-name aliases 22417169d pull: do check for blocked registries 83974bbdd config: deprecate registries 4879bba02 Rollback gocapability vendor bump 78261109b vendor: bump containers/storage to v1.24.4 d25bfe297 Update nix pin with `make nixpkgs` 709e4d170 contrib/test/int: add Kata Containers runtime support ce0beec25 contrib/test/int: enforce linking in parallel build process 85e67f811 contrib/test/int: build parallel from sources in CentOS b18fe2cbf contrib/test/int: allow to skip user namespace testing 506e7c2e7 contrib/test/int: allow to configure test timeout cc9d037c3 Capitalize Kubernetes c85474476 modify the error url of podctl 1b7e811fb Add Digital Science to adopters e0bf8bc94 pinns: make binary not always static 0aeb7d27e server: use IsAlive() more 2460f6d26 Support CRI v1 and v1alpha2 at the same time 1633196c1 drop support for ManageNSLifecycle b395cd224 test/timeout.bats: increase timeout to fix flakes ab2626872 release-notes: fix flags fa6a34381 test/timeout.bats: fix comments 553123b19 int/resourcestore: fix comment about Put de186def3 test/image.bats: simplify some loops 0a30ab479 test/helpers.bats: simplify cleanup_* cfdf40e4b test: add timeout.bats 521fa1948 bump network creation timeout to 5 minutes 87977f19d resourcecache: add watcher idiom 1d2328aa8 server: use ResourceCache instead of dropping progress 4bdc500ba Add unit tests for ResourceCache 76ebcac66 Introduce ResourceCache a4588db28 moves shmsize to a handler allowed annotation 8e8f164f2 image pull: close progress chan 1fffd7210 test/ctr.bats: fix a "ctr execsync" flake 2bca8ec2b Fix the functions' name in completions 5e80372b7 Increase release-notes run timeout to 30m 7150db5ba Bump k/release to v0.6.0 eabdf7e4e ci: enable shellcheck for bats files 829053a41 test/network.bats: silence shellcheck SC1090 0c42734b2 test/network.bats: s/which/command -v/ c50658467 test/inspect.bats: fix SC2086 e62136838 test/image.bats: rm unused code 03f8eae37 test/network.bats: fix shellcheck warnings 149619d93 test/devices.bats: fix a shellcheck warning 15a3cb785 test/pod.bats: use jq to edit json 64c0fb2a0 test/network.bats: use jq to edit json 7053a2c39 test/*bats: rm unneeded stop_crio 99e521b23 test/testdata/container_config_sleep.json: rm 2a40a639a test/ctr_seccomp.bats: rm testdata/container_config_seccomp.json 9ca6eeab4 test/selinux.bats: rename a test d309db54b test/selinux: rm testdata/sandbox_config_selinux.json 6ca29591a test/pod: rm testdata/sandbox_config_sysctl.json f1fc4626f test/ctr.bats: do not create files in $TESTDATA 25a559237 test/image: rm container_config_by_imageid.json f10a38851 Use own metadata types 09f929216 test: use jq to manipulate json 029bb46bf test/*bats: rm excessive runs 25db96707 Add CRI glue types for v1alpha2 and v1 usage e8127e0e7 Add CRI v1 API c4df5708c Fix make vendor GOSUMDB d0e2cfdfd make: drop link to crio.service 5ad548b38 test: rm "run ctr with image with Config.Volumes" 39ff75035 test: add no-pull-on-run=true ea9d2ab31 circleci: use updated images 284779311 Check allowed_annotations under performance hooks and drop deprecation warning 91ea6ac1a Add clean v1alpha2 CRI API interface 63bd12659 contrib/test/int/build: bump a few deps abf049f6b circleci: use go 1.15 for vendor 302b36c0f ci: bump go to 1.15.5 bafa2a870 circleci: bump go to 1.15.5 7f046e2af Pass runtime to the handler hooks bd5ae5de2 Provide methods to check allowed_annotations for high-performance runtime handler 38f8e9da5 Provide a better value for features specific annotationis bd78f7e89 don't do unnecesary iptables restore 942e6255f switch CRI-O to use its own hostport manager d17d157e0 dual-stack host port manager a86d258c7 fix upstream hostport manager 76f6d342f Add README to hostport folder 7dbafacd1 fork hosport kubernetes code 90ae7e2d7 ignore test binaries 8dd12dc42 fix cleanup func wording 7244e40ca server: refactor handling of cleanup funcs d2b341659 Make NamespaceOption an internal type in sandbox 49d0de238 test/e2e: disable a flaky test 22ce1d7a3 contrib/test/int/e2e-features: skip Serial tests f1b6fde01 contrib/test/int/e2e-features: rework "skip" regex fd15db07f contrib/test/int/e2e: rework "skip" regex 5e57f4215 contrib/test/int/e2e: rm obsoleted TODO 9ef215fb7 ci: move check vendor to github actions 437f1c1b8 Makefile: rm GIT_MERGE_BASE a4309e000 circleci: fix cri-tools install b59718676 alphabetize OS ad043ae9a Update install.md d22c37e71 ci: move docs-valication to github actions 9dd630514 ci: move shfmt from circleci to github actions 2489684ac ci: move shellcheck from circleci to github actions 7f9f09801 ci: move golangci-lint from circleci to GH actions 9fe43d28d github/PR template: add /kind ci, other 359c60f2a vendor: bump containers/storage to v1.24.0 99081ef41 Makefile: bump golangci-lint to 1.32.2 936e21890 circleci: rm build-test-binaries job b3000eb70 test/devices.bats: fix "additional device permissions" case 22d9e7e8f do not enforce seccomp profiles if disabled 1eddc1b9b ci: use cri-tools from git head a53c2a70e test/devices.bats: rm unneeded run 7b910a08f test/devices.bats: skip earlier 329ccbafb Add wrongly removed word 7ff1fbc05 Update the crictl tutorial and simplify a few steps fedd00c0d Make CNI setup instructions a bit more clear and fix nits 205711e5e Fix links to installation documentation 24b7e4f83 move is_cgroup_v2 to helpers ddcfee824 oci: add Devices to allowed annotations structure 54477302e restore.bats: allow userns tests 61dad864c test_runner: test userns with manage_ns_lifecycle ba3d36c00 test/ctr_userns: rely on global userns testing 34d0aacbb Allow userns together with ManageNSLifecycle 1daaa067c server.createContainerPlatform: fix userns + spoofed infra 4e0cb03fe server: add userns mappings for spoofed infra 6e897b8e5 runtime_vm: Ensure closeIOChan is not nil inside CloseStdin's function b256264f1 test/command.bats: fix device test 7646b5b74 server: fix some nits about resolveSymbolicLink 917d39c66 move device handling to container iface c3370fb0c move additionalDevices handling to separate package c8e270f23 Bandwidht CNI plugin reserved an upper limit on burst,in which banned include boundary. See: https://github.com/containernetworking/plugins/blob/v0.8.7/plugins/meta/bandwidth/main.go#L113 fe8c25a1d Update nix pin with `make nixpkgs` 3ca6f8dae pinns: fix ownership for created namespaces d7d8f7a29 pinns: use a socketpair instead of a pipe 374415de8 vendor: pin shfmt to v3.2.0 f4301256d OWNERS: add myself bd364cd2c Log version at startup 88159bb7b test: rm disabling selinux from userns tests e54203c8a curl: add -S where -s is used 98fbf5bab ci: bump crun to 0.15/HEAD be3ec3c1e nix: fix static build 0cfc673cd test: bring back userns testing c9290e44c test/network_ping.bats: skip with userns a3d0b391d test/restore.bats: skip some tests with userns 6931ee743 test/network.bats: skip hostnetwork test with userns b7db612de test/image_volume.bats: fix userns check b4d692617 test/drop_infra.bats: skip if userns is enabled 03cfc2fcc test/ctr.bats: skip privileged test when userns f147b4a9e Preserve sandbox annotations for handling OCI hooks 3e6b81904 Increase integration test timeout to 30min 9750103ae Upload bundle in separate CI step ecece5641 vendor: update containers/storage to v1.23.7 35f64617e test: disable crictl pull on create f41aa4ae5 Update maintenance versions in README.md d22514351 test/image.bats: pull the image to be used a400561a7 circleci: use ubuntu 20.04 image 468d49427 removes runs 70f73ab7b circle-ci: use go 1.15.3 8a2f5f189 Add SUSE CaaS Platform and openSUSE Kubic to adopters 58328a6af Error if GitHub release could not be found ca11353f8 Update e2e-aws logic for 4.7 95f285103 drop error in finalizeUserMapping as well 455a1b6b5 Adding Oracle Linux Cloud Native Environment to the list of adopters. 4cfde377e userns: use the same ID if the mapping is missing 0de968083 Add KubeCon EU 2020 talks to awesome list 99a21e919 use correct mappings when they exist ba9c0c245 drop AllowUsernsAnnotations 1a5553ebd add allowed_annotations to runtime handler 1d0f68156 update documentation of privileged_without_host_devices f0fab44c4 template: move default_runtime closer to runtimes map 5c9085a9f Fix release notes generation 23e0ed065 begin ADOPTERS.md file 4cf0a2915 test/testdata: rm container_redis_default_mounts.json 7e88c2cd6 test: mv test-specific setup out of setup_test() b8af8c4f0 test/reload_image.bats: nits 35b7de3c8 test/default_mounts: rm --deprecated-mounts test e1ffae3b5 test/default_mounts.bats: rm excessive run 5a59e514e test/testdata: rm *namespace*.json ba126e6de test/namespaces.bats: rm excessive run and cleanup 83fe6c285 test/testdata: rm sandbox?_config.json 2a0076143 test/testdata: rm *_hostport.json 3fbdf6fa4 Remove last traces of --default-mounts 023c57ac7 test: improve/rename parse_pod_ip -> pod_ip bc9d66793 test/helpers: improve test_pod_from_pod 417f0591f test/network: improve "Check for valid pod netns CIDR" d7babd6ac test/network_ping: merge the two cases 905511a2f test/helpers: show crio.log after the test 8343d16fc test/helpers: hide crictl info output 2bdf0e109 test/helpers: rm temp_sandbox_conf, switch to jq a6c985492 test/shm_size.bats: fix SC2002 a035e1561 test: simplify check_journald check 0483c62b2 .gitignore: rm conmon e6ef7221b test: simplify check_metrics_port -> port_listens 5502607e1 container_create: fix /etc/resolv.conf to be ro d04aa9092 test/testdata: rm container_config_resolvconf*.json 979dabda1 test/testdata: rm sandbox_config_privileged.json 347b03e01 test: rm testdata/container_redis_env_custom.json 1dbd73dc5 test/testdata: rm some unused files 2ba965644 test/pod.bats removes excessive runs 9784199e6 test/pod.bats removes unneeded teardown 5f4774efc runtime_vm: Ignore ttrpc.ErrClosed when removing a container 802b4e4fe runtime_vm: StopContainers() should not fail when the VM is shutdown 85f341c32 runtime_vm: Don't let wait() return ttrpc.ErrClosed 0f2a07053 runtime_vm: Fix updateContainerStatus() logic fecf1a1d8 network stop: don't segfault if sandbox isn't created yet 2fb259791 Revert "Move back network setup to after adding infra container" 06b6e129f test/ctr.bats: use $newconfig 54959f5b8 test/ctr.bats: replace sed with jq a7746c2dd test/ctr.bats: convert python calls to jq bbd70e433 test: rm edit_json, use jq directly ae7ac6105 test/ctr.bats: shfmt it 6693d79c5 CI: add shfmt check for bats files 4953fb28c test/*.bats: format using shfmt 4c9984603 shfmt: update to current master 407603303 introduce SeccompOverrideEmpty e9d9b3011 server: cleanup container in runtime after failed creation 685f275d3 defer removal of container in storage immediately cf79dc39f test/status.bats: use shfmt 0ea616973 test/status.bats: rm excessive use of run 70ea166d3 test/status.bats: minor refactor 7bc848cbe test/image_remove.bats: rewrite 510e5325a test: tidy image prefetch 6e0d7a3c2 test/image: rm unused var 4ab412848 test/ctr.bats: fix SC2086 27dd454a2 test/ctr: rm excessive use of run eea57ad02 ctr.bats: fix jq checks 19e521422 test/ctr: fix "privileged ctr -- check for rw mounts" 86596bdcc test/ctr.bats: fix "annotations passed through" test bea64ec68 test/ctr.bats: add is_cgroup_v2, fix SC2046 601e1e4ca test/ctr.bats: rm unneeded cleanup 37c9c24ed test/ctr.bats: fix SC2002 96b8890e5 test/version.bats: fix/improve b45e341ee test: fix SC2086 dd3c394e3 crio: add new option --separate-pull-cgroup fbed1b37e crio: move in a new cgroup on reexec 26cf82891 test/command.bats: fix shellcheck warnings e60a04514 test/crio-wipe.bats: rm excessive run usage 6c69b4495 test/crio-wipe: simplify code f0e081865 test/apparmor: simplify is_apparmor_enabled e5bea7e08 pull: move image pull to a new process 7cc83932b crio: force garbage collection with SIGUSR2 4b549f542 test/network.bats: fix "Clean up network" tests 9da1a3ea8 Update nix pin with `make nixpkgs` e559d8e0e test/helpers.bash: rm "echo 0" caebae40e Support passing properties to RunUnderSystemScope ada8cfcaa test/network_ping.bats: simplify b03195eb5 test/network.bats: simplify, fix shellcheck ef07f7192 Move back network setup to after adding infra container 178872342 Bump master version to 1.20.0-dev 39a0e7984 server: use more GetContainerFromShortID and less GetContainer 965b70fad server: do not do container operations on a not created container 928edf243 server: do not stop/create container if pod is not created 9284c007d defer network stop ASAP after network start 83169c578 network: create as early as possible 00bf747aa Bump Kubernetes to v1.20.0-alpha.1 a78651ff8 Bump logrus to v1.7.0 6913515c8 runtime_vm: set Pid and InitPid for VM runtimes 1a35fce0c go.mod/sum: update 309b3d07e contrib/test/ci/cri-o.spec: rm GO111MODULE=off 6445c1418 Makefile: rm GO111MODULE=on and -mod=vendor 8eb6575c6 CONTRIBUTING: no need to set GO111MODULE 012e52db9 Makefile: fix vendor target bd3aa8151 internal/config/node: add checkFsMayDetachMounts a2bc9d35c Fix bogus CI test failures 056b43d11 runtime: parse oom file for VM type runtimes c49ee2362 test: use crun 0.15 b66ec3f42 test: adapt test to new crun output bac4a3ea0 moves spec generation to container 40709d286 test: drop infra container 4aa7d4c51 test/config: fix shellcheck warning 94ef42cbc test/config: fix "config dir should fail with invalid option" 1d097f7d5 cni: fix ipv4 configuration file 4f1e4efae [feature] support custom shm size and docs deba2580b Update nix pin with `make nixpkgs` a20c3a4de Verify Cgroup Memory - cgroupfs 7eaede753 deprecate manage_ns_lifecycle option aac00ea84 Enable debug logs for release notes generation 0d878de1e Bump GRPC to v1.27.0 53b72efe1 test: skip MetricsGrabber tests 9afdd35c3 drop infra container when appropriate 25383e728 server: no longer assume some infra containers will be nil e42b2b1c5 sandbox: add NeedsInfra function fdab97f50 oci: add Spoofed() function 33de444ce introduce pkg/annotations 4ff61bb49 portforward: rework to not need infra container 3c241bdbb pinns: fix pinning cgroup namespace 26de5b665 pinns: allow sysctls to be passed 3f655aa2b test: configure self when kata-runtime is the CONTAINER_RUNTIME 9e337b0ab test: add tests for dropping infra 3978b8cf5 add --drop-infra-ctr option 7d56d27b1 broken link dff47619b update link for podman 3fd6ff726 add the integration tests for handling default runtime db3f22b4c Update containers/* dependencies and vendor libpod/v2 0f9a374ea test: remove generated file e5940bc87 Updating documentation of kubeadm with offline configurations. Signed-off-by: Athanasios Garyfalos garyfalos@cpan.org 6bda9b5e0 Force pkg dependencies to older ones compatible with gogo/protobuf 1635b0d26 Switch to Kubernetes AppArmor unconfined const ca1c46636 Update crictl.yaml to reflect cri-tools v1.19.0 configs 40b9d971f Bump cri-tools to v1.19.0, CNI plugins and golang 6f9341d5d Add image layer reuse docs to metrics.md 167fed492 oci: parse stat file instead of using ctime 12a5cb458 Print seccomp profile JSON only on trace log level ec69e86fa oci: return IsAlive error instead of logging 687202247 sandbox config: Improve validation error message 7b1e83595 pinNamespaces: fix cleanup and error returned 2b5a80d57 pinNamespaces: set capacity for returnedNamespaces 9925188dd pinNamespaces: use string concat instead of fmt.Sprintf 525d5b760 sandbox: ignore enoent on shm unmount b66da412d Revert "runtime_vm: Cleanup process when the Container is Stopped" bc9dd6fe2 test: deflake stats test 635ab5f5d oci: improve error message for verifyPid() b6db1d8a0 Fix pinns compilation for TEMP_FAILURE_RETRY 4a3f8b87d Vendor Kubernetes v1.19.0 8152e00f3 config: set internal RootConfig to default storage if not specified 827eb0bfc Revert "dual stack portmap support" f45c631ab Update nix pin with `make nixpkgs` 773f6b0b5 branch forward: stop on rc 5011a7b2f added irq smp balance and cpu cfs quota control 6a3f71112 Code clean up in containers_create_linux.go 7b942ed73 Remove git-validation in favor of prow/golangci-lint f97ad7fd3 dual stack portmap support f0d987acb Switch to containers/common for AppArmor 017e62dc1 Unset GOSUMDB when vendoring 4bf30158a storage: delete layer if mapped ad2ed3b79 mapping: add support for userns-mode annotation f035d6077 server: make paths to chown also accessible d9d3789cd vendor: update containers/storage to v1.23.1 7f8c00e5e server, systemd: export container env variable 2716da1de remove --runtime option 0afa35525 fix high performance hook self-exit container issue 9e112eebd oci: move channel close to writer goroutine 3472cc5c8 test: fix container stats test d4c32cb00 test/stats.bats: fix/improve container stats test d1e2ea04a test/stats.bats: improve test case d05a6335e test/stats.bats: fix typo in a variable name 9a1490531 managed ns: report namespace cleanup failure by default 4ed669482 managed ns: ignore `PID not initialized` on sandbox creation ff6d989fb test/apparmor: add missing test case call aca64980b test/cgroups.bats: enable pids test for cgroup v2 01432f5d6 test/cgroups.bats: simplify and fix 0aacb5b53 test/critest.bats: move setup/cleanup out of test b811a2040 test/apparmor: simplify 6f169692f test/apparmor.bats: add teardown function b4eb95602 test/cleanup_test: improve 5bce7486a test/wait_until_reachable: fix d6405601a test/ping_pod_from_pod: fix 60a04790f test/pull_test_containers: fix 8bf151454 test/critest.bats: fix d2ded1d73 handle runc not present on the system 838ab4aed Add fidencio to OWNERS file ab82e12e0 Use Unmount w/o prior Mounted check 15375c94c Don't limit the size on /run for systemd based containers 8c7c8028e oci: reorder conmon args 80609e566 config: check conmon version before assuming features 5dcf88604 test/image.bats: rm useless code c5d29b355 test/*bats: fix excessive use of export 616b7855e test/ctr_seccomp.bats: unify common code 2a45877ae test/ctr_seccomp.bats: unify/simplify seccomp check 149e13b07 test/ctr.bats: properly declare readonly var 2c4d5de9b test/apparmor.bats: fix shellcheck SC2030,SC2031 f2469036e Remove duplicate check for enabled seccomp d9ea3921d Bump test images to go1.15 61736cbe3 runtime_vm: Store logs in the correct format 8e45b939e Revert "Fix potentially unclosed file in runtimeVM#CreateContainer" e3e4385d1 selinux: override only specified values 8cbe37722 Fix container cgroup under cgroupfs 3609f6475 server: reduce complexity of getSourceMount 7a48cf993 server/addOCIBindMounts: speed up 6dd52f2ac Reuse Kubernetes API consts for seccomp profiles dca828597 oci_linux: fix working set calculation for cgroupv2 18fa73d9e Switch to go 1.15 49d121594 Add /sys/dev as a masked path path eddf148a1 oci_linux: fix working set calculation 059934138 test/image_volume.bats: fixes 79c52eb1e Revert "tests: adjust test to not depend on runc behavior" 76c7e8657 test/*.bats: fix checks that id is not present bf10fcafe test/*bats: fix shellcheck SC2076 a881562a2 Fix logs that have wrong func names f90a1dda0 Ensure CloseIO is called after Start for exec e21f21edd Add layer reuse metrics ae5630f72 Bump golangci-lint to v1.30.0 e790775d9 Vendor Kubernetes v1.19.0-rc.4 dfcd1691a config: create hooks dir if not present cbc7c514c docs: Move logo location d69d6d728 docs: update installation instructions 371a60093 use errors.Is() instead of errors.Cause() e1eb96fc8 Fix lint pipeline by gofumpt'ing cgmgr_test.go c99023d50 Parameterize strip binary in pinns/Makefile for cross-compilation 0bfefee51 Make filter container list be able to filter short pod IDs 44e0c0db7 drop findprocess 009ccb65e oci: rarely access Pid directly 5b3c5b655 exec sync: check pid instead of calling runtime state 1d672d139 server/createSandboxContainer: minor optimization b44a6cafa setCPUSLoadBalancing: nit 042a4a76c setCPUSLoadBalancing: optimize 82b339265 setCPUSLoadBalancing: rm repeated call to c.Spec() 484551e15 shouldCPULoadBalancingBeDisabled: simplify 5a5aa34cb Remove unused global vars in memory storer e8d4b0bc6 exec sync: be more careful about temp files 814c1bb01 runtime_vm: Cleanup process when the Container is Stopped 8b4ffe784 docs: fix cni documentation 79de63e63 contrib: update the crun version to the last release b55168f78 test: fix regex to look at the beginning of the line 4d21cd3f0 add stats list unit tests 857bcd34c stats: skipped stopped containers on container list stats ae69fd7f6 crio: use json-iterator/go instead of encoding/json 91d3d2791 Do not remove existing runtime handler 964d0d3a2 Speedup static build by utilizing CI cache on `/nix` folder 3f7d13e62 Add `make release` target f64d6d5e9 runtime_vm: set container creation time cd9e835c2 test/command: add test for --profile 1aa5f89a4 test/helpers: rm start_crio_* twins eb9321386 Remove unnecessary err assignment faad1a446 runtime_vm: Avoid possible deadlock on UpdateContainerStatus() 1313a9a2b Fix unit-tests and regenerate mocks e6e3c4ad0 Bring back pprof 9d4195941 Add testcase for createdAt timestamp restore f7f4a8664 Restore Sandbox createdAt timestamp on cri-o restart 2a260703f Fix gofumpt lints 300380462 name is reserved: give more informative error fb3cb0a2f Restore CPU load balancing just when an error appears d34d57c94 Add unittest for the high-performance hooks fe69fd2b1 Add RuntimeHandlerHooks interface dd5abc1c5 Add gofumpt linter and apply lint fixes e115e4cc8 Cleanup nix derivation for static builds 496f1e426 Provide unittest for the CPU load balancing method 8a48ff5d3 Provide functionality to disable and enable back the CPU load balancing 6886573e6 makes containerstats just get one container instead of whole pod 5cbbd289d Update UpdateContainerResources unittests e29c3ffe4 Update the container resources under the spec 1ee062c85 Make integration-cgroupfs tests depdent on results a2ec1d40d Copy spec to not touch original spec on exec(sync) 74a94b546 Add volume mount option for SELinux labeling 00c33525f Implement BigFilesTemporaryDir 65b692268 Perform log directory validation early in Server#runPodSandbox ce5825f1a Remove resolvPath when Relabel fails abecfdf31 remove all cases of returning an error named err fdb2df175 container: handle SelinuxLabels 9b881b0b5 container: add ReadOnly() b852ad675 container: add Image() 6e883db15 container: add fips disable handling 1f51d6d5d Revert "container_server: disable fdatasync() for atomic writes" 77cf58c91 node: fix panic if /sys/fs/cgroup failed to stat 4810ca3e3 Use /usr/bin/env bash in crio-shutdown.service c4795b496 Fix static binary mode retrieval for musl toolchains c180faac7 change variable name err to retErr for deferred comparisons 705381c46 runtime_vm: Improve CreateContainer cleanup in case of failures d785c14fc runtime_vm: Create deleteContainer() helper 11ae5b78d Close the done channel in runtimeOCI#ReopenContainerLog d5920c866 Update golang dependencies 924a8e983 Fix potentially unclosed file in runtimeVM#CreateContainer 65fe2c5fb Bump testimage versions including golang 15264b7e5 Enable more feature tests 9bf8e5397 Vendor Kubernetes v1.19.0-rc.1 7170231d8 internal/oci/runtime_vm: lock around map access cbd32ae9d internal/oci/runtime_vm: fix resizePty signature 11ec0bcda circle: save output for debugging ce0921e74 test: add circle job that runs with cgroupfs d8615ec46 managed ns: don't remove namespaces on sandbox stop d33995bd8 managed ns fixes 02d8bb96f runtime_vm: Ignore ttrpc.ErrClosed when shutting the container down b6b4d1023 Update golangci lint to v1.28.3 c2255b718 oci: add debug logs for runtime state calls b058683c5 Return empty DecryptConfig when no keys to force decryption fd07083b4 test: drop cgroupfs override fa9e413c2 Make release notes generator capable of handling tags a97c66840 Validate cgroupfs conmon cgroup on start 83e8282c4 contrib: enable debugging on the kubelet 77bb73c29 contrib, e2e: force systemd system session b803107b0 server, root: unset XDG_RUNTIME_DIR, DBUS_SESSION_BUS_ADDRESS 945adb00b contrib, cgroup v2: use kubernetes master aee425b19 pods.bats: force usage of the system bus 04c44932f config: fix systemd version parsing ceb473cf3 skip another failing test a69782498 e2e: skip failing test 0a2c92d17 use cgroupfs to fix tests temporarily e8c12b348 Streamline how done channel is closed in Runtime#WaitContainerStateStopped 83ec8f8ed test: bump go version to 1.14 23193ea43 Add runtime_type as an option of "--runtimes" bb54e152e runtime_vm: Apply the correct label before the sandbox is created 56140296b sandbox_run_linux: Use libconfig alias c0da93f0d test: use node readiness as an indicator to run kubetest ab8f1acdc Add logic for running openshift e2e-aws tests 164f46cc6 server: re-add gocyclo skip 6b6a604e2 Restore version output from crio --version 00af53a89 Enable SCTP and seccomp e2e tests 6b9dfc6e8 criocli: Avoid parsing the config twice 35a8caf8a StringSliceTrySplit: return a copy of the underlying slice 3d2cd5a4c Remove the protocol filter from the portMappings constructor. a296edd66 test: fix seccomp tests 3e063339a pkg/container: handle logPath 859a65099 Use the container_kvm_t label when using kata as the runtime 978a0bc3d use inactive-or-failed CollectMode if appropriate 861297e93 Close the done channel in waitContainerStop dee450550 Send only single error to stdinDone 8e4a4b774 config: add ulimits package 3752167dc logs: fix some problems 63e8f1f07 oci: check state before stop atomically c0f5c1679 Container should only be added once after passing filter 5571a88dd Add info logs for image pull and status CRI calls 490d651cc server: store container privilege bool in pkg/container 44607af0d bump runc to v1.0.0-rc90 1fed461fe config: add node package ac966530c oci: make failure to move conmon to new cgroup fatal 058d6b926 config: add cgmgr fa6114234 managed_ns: deflake tests a083494ff Add crun to static binary bundle 764d5caac Add crun to config template 87c26e6bb Update k/release to 0.3.2 954585ddc Add sandbox IPs if there is no error in IP retrieval 832e6fc19 Cleanup default info logs aa8f005d9 Check whether seccomp is enabled before making assertion 2e5aad445 Close the done channel when there is watcher error 4033c7ac4 vendor: update seccomp/containers-golang to v0.4.1 99d7f7256 Add unit test for sandbox response verbose mode 83e01c296 sandbox_status: Fix typo in error message cd85ebf7f Use correct format for logPath removal log b689ae675 Use one deferred func to execute cleanup func's a5bc7193d test: Add a test for pod pause image 166bd36d8 Return verbose information for a pod 525b1d335 Store pause image information for a pod 9197a5568 Added signature - Fixed standard cidr and typo 52dadcf42 Update golang dependencies 613cbdbee Add image pull success and failure metrics 3584fa451 attach: Don't return early for non-tty attach if there is no stdin 35c0c79e2 Fix the kubeadm command 7512d3166 Remove socat runtime dependency de262316f sandbox iface: don't fail if uid is not specified 67fc28844 Exclude failing conntrack e2e test 247d465e8 Add `privileged` indicator to container status e7e0746e3 Check that SecurityContext is not nil before dereferencing 3c7f385b3 Allow release notes for release branches d686db64c crio wipe: log less 1ffd66949 Update nix image and dependencies 92f9f68f9 container_server: disable fdatasync() for atomic writes a02f21766 vendor: update containers/storage to v1.19.2 25fcca87a bump version of libpod to get selinux e62039468 Automatically label containers running systemd with the correct label 0fda6777d Add metrics exporter and documentation 9a53c232e crio wipe: add version-file-persist e1f3fe0af Update k/release repo and use go templates 4a841df26 Update golangci lint to v1.26.0 0c3a5dff5 Switch to logrus 1.6.0 a9ff43ce9 Remove containerd/release-tool dependency a6e8db404 Update Kubernetes to 1.19.0-alpha.3 de45cf1dd Avoid unnecessary locking on runtimeImplMap 2ec6e6a73 Add `--metrics-socket`/`metrics_socket` config option a96823544 Cleanup go modules and vendor cffb00c88 Missing `cd ~/.ansible/roles` Before `git clone` fac15d5da Close done channel if the wait for ContainerStateStopped times out 086eeaa5f version: return empty link mode on failure de0f51822 version: omitempty on String() 3007180b0 Delete container Id only when impl.DeleteContainer(c) passes 727b3a116 Delete container Id from ctrIDIndex if podIDIndex.Add fails 0540afc0a Add support for making reproducible builds 8e7d4d2c0 Adds Ubuntu 20.04 to install instructions 604eeb1b3 oci: drop container level privileged flag 7b6696b65 port error: check for error 4d6d96c1e port forward: add stream nil check to pass unit tests 7016c3e13 port forward: drain the stream on error 351af8519 Vendor in v1.9.1 containers/libpod 93420c499 Fix naming unit test c83b0040a Check error return from os.Create before closing file ed3d80f87 Close channels in runtimeOCI 192621d9d Remove latest-version script 0b105b24a Remove crio-wipe and crio-shutdown systemd units from bundle 9b80a5818 Avoid removing container twice d04755a08 Return an error if context has been cancelled or deadline exceeded b5fdabc22 Use correct upload URL for binary uploads 4a6beaa9b Close the channel for syncStruct 0806f14e2 Remove unnecessary error wrapping for runtimeVM#StartContainer 65d8bb6cd Fix CI by re-generating mocks 2079196f8 cni ctx: call cancel func 6171dcf39 give fraction of timeout to network{start,stop} calls 1ad8ce652 Pass context from caller to ocicni 870cd9b7d Update ocicni vendor code to get new methods that support context argument 926daa840 Use bats v1.2.0 release for CI ae353585c Fix Linkmode path resolution 78badc81c test: check for rw mounts c6233a2b4 Makefile: include -nobuild install targets ed34636da Close childStartPipe if cmd.Start() fails d1172d693 Do not hold lock when ExponentialBackoff() is called 3eff5407b readme: drop support for unsupported branches 8f01225a4 Fix incorrect image digest for test image 83257214a test: update digests and test fa2db8d8a test: update image digest to fix test 2843f551e Fix linkmode for static binaries e785dd2fd Check for context erroring before returning from longer requests 5daa5ac79 Allow comma separated string slice parsing cd5d1a08c Add info logs where needed dc945b31d Add Installation Guide with Ansible 39a35cb30 Use absolute path to binary when retrieving linkmode dff32318b Makefile: allow customization of go commands 3261c2a75 vendor: bump ocicni to b197cd13855bae919c7c75c191c976fcc48610b9 5d2494793 Add Codecov badge to README f7896341f Fix static build DNS resolving with netgo 9b2ee751e Add docs and completions for default_env b92a3e6f7 Add a test for container default env cfcee0126 Add support for default_env in crio configuration c0b466e86 Stop container when there is error in createSandboxContainer 0c8b231c1 contrib,crun: use version which correctly writes swap 9f334aabd test: refactor handling of mem swap 7bdf93819 only set swap if we have the swap cgroup 51cfd5c76 SetLinuxResourcesMemorySwap to the LinuxResourcesMemoryLimit 44dda8b52 Add release-1.18 reference to documentation 3816fb11f Update cri-tools to v1.18.0 307be36a7 Validate capabilities on CRI-O start d67eea300 stats: spoof stats on a cgroupless ctr f25db77b3 add haircommander to OWNERS file 0361c5e37 Fix GitHub artifact upload via new upload-artifacts target a7e117e44 Update libpod to v1.9.0 ec26619e3 more retErr fixes 2e494c323 Use named error return for container_server 66dc81696 config migrate: add pause image and namespace dir 62c02af51 add stop container for StorageRuntimeServer on error 95d5ab215 bump default PauseImage to 3.2 39aef1a09 Add shellcheck linter and apply fixes b7be5b673 Update go-mod-outdated to v0.6.0 b5242b807 Add dependency report badge be8e876cd Add runtimeSpec field to container stats info 99388a706 Add OCI image spec to image stats info 7f4ac3b7d Move crio defaults back to /etc/crio/crio.conf 4e795832a Fix lint reports for setnameandid test 3f89b9539 Use proper variable for error return in Server#createSandboxContainer 10f522002 Update installation steps for CentOS 89ff7c1b9 Fix CircleCI job race accessing gh-pages branch 5ae550efd manage ns: don't remove top level directories on pod teardown fabb871e4 manage ns: debug output of pinns ffede601e branch foward: skip release candidates 55bec4dae server: skip setting memory limit to 0 c36a8ebb9 Upload release bundle automatically to GitHub ac1112c45 Update dependencies c24e99945 Generate dependencies file in gh-pages root 086982d61 systemd unit: drop requirement of crio wipe 1e0419df5 makefile: allow version to be overridden af2509fe1 Update kubeadm docs e5397f81b Add dependency report to gh-pages and CircleCI d8a709f8a Assume hugetlb is not supported by default 80d1a2466 Update shfmt to 3.1.0 96e76dd2e Enable debug symbols for binaries when make DEBUG=1 2e5b40a62 Vendor in latest containers/storage 7501a08aa Skip already uploaded artifacts with gsutil d0d099a90 restore tests: verify some namespace lifecycle cases work 92aeb50b6 fail on failed pinns c443e9b88 pinns: pin to /var/run/*ns instead of /var/run/crio/ns/* 1dcf7b931 Fix typo in apparmor tests 92863e3b3 sandbox: Make sure the label annotation is proper JSON 9afd5ff71 container_server: Wrap a few more errors in LoadSandbox 2bc9e13f5 Add image labels to ImageStatus Info 5281f1382 bump to conmon 2.0.15 5146d6c63 Add the mounts that are required by systemd b297abab6 Skip already uploaded artifacts with gsutil 1806cabfa Add release branch forward to CircleCI 5cc33b558 Update Kubernetes to v1.18.0 474d29407 Test for master tag if release branch contains none 2d5cedabe Add SetNameAndID to Sandbox interface e540ef3a8 Make release notes require results in CircleCI ab431e66d Add crio config --migrate feature 717425df0 vendor: use directly github.com/creack/pty 9e10f54d3 Use HEAD for runc built from source b91d80994 Do not take config dir into account on config creation 360177a6f Make docs-generation and completions work rootless 63230017a Move CNI plugin into NetworkConfig 3027070ca build: clean generated bin/ dir f2ffe39fb Downgrade golangci-lint to v1.23.8 856ad18aa test: drop make install.{systemd,config} c2ec5aed7 test: set cri-o systemd restart policy to no 3d110a307 build: Makefile - add shfmt target to help dfed40b4a contrib: Add kube-local tool 759f498ae Add description to magic test value d672ed1de Do not Wrapf errors if no format is specified 9d6326b4a config: remove unneeded empty values b4808eac5 skip ipv6 ping pod from pod for rhel 7 7c535f29e return default-mounts-file 66b5814ab use fedora-ping image 6a0f33ae0 unify sysctl handling b35ecf1ab test: switch from dnf to yum 88e0c419c Fix specifying string slices a5db2aee2 drop net raw: add some test fixes to update ami 63b9f4ec9 Remove NET_RAW and SYS_CHROOT capabilities 58657488e Add cni-default-network option c2b25b4ea Add hint to release notes on gh-pages to README.md b9db8f3b8 Drop musl build from nix to update to go 1.14 1963aea3e Add shell format check and apply diff e265ad0ce server/ContainerStatus: don't lock for c.State() f8f35ba32 drop conmonmon 239ac2049 stats: fix some style nits 976e9b061 Add linkmode to crio version output 309a5bf3d Add release-branch-forward script 3e3725d5b Fix gh-pages push for remote branch 5f49b2c1f Added integration test to make sure annotations are passed through to the runtime 1ed7eb389 tree_status: show the git diff ff7609400 Add kind/dependency-change label 648b94860 Add further kinds to pull request template 92ec88f99 Fix unit tests for locally configured registries b039ef652 Add SetNameAndID to Container interface 6885d9088 Publish release notes on gh-pages branch 38ba09453 avoid parallel pulls of the same image 9ae49dad8 vendor github.com/containers/image/v5@v5.3.0 60c01cc24 Switch back to machine executor for CI lint stage e1f6d2ab1 stats: prevent a segfault 15f1f14ac server: Return grpc code NotFound when we can't find container or pod 7615871d6 test: move readonly_rootfs and privileged to correct place f757e0a2d Mention starting cri-o for running with kubernetes 64e46e789 Move bundle to contrib and reuse version vars 3ac1d93bb Simplify container log path handling f3eeee275 build: make uninstall - remove systemd/config files ad7125fcc Remove utils.ExecCmdWithStdStreams in favor of utils.ExecCmd f7730c325 Add PodSandboxConfig (get/set) to Sandbox interface 03c7bd758 Avoid filename collisions in JUNIT_PATH 57b3b608d sandbox_run: import internal/lib/sandbox as libsandbox dbbfd7865 Remove github.com/docker/docker dependency 9f556378a bump conmon to 2.0.12 e02dd7ead vendor: bump github.com/containers/libpod from v1.8.0 to v1.8.1 a3bab821c Update golangci-lint to v1.24.0 7e66be6f3 Remove Update() method fb6525374 docs: add TOC to setup.md f038600d4 Skip release notes generation for forks e8ffd6e17 Add container config (set/get) to Container interface d1d165abb crun: use version 0.13 97d990230 Add target release version to generated notes 01d40e5cf Add gRPC method name to logs 40d247042 Take localhost/ images into account during pull 0f4b6d6fd fix some remaining instances of assuming cgroupfs default bb23a494d bundle/test: drop cgroupfs override a6ae391a3 stats: fix stats when systemd cgroups are used e4cc02850 integration tests: switch to systemd cgroups 9ccd5ac97 bump to conmon 2.0.11 c862e1fbd Support pulling image specified by tag and digest. b0717fc3f Restore sandbox selinux labels directly from config.json 345952cb7 Update Makefile targets and docs to crio.conf.d 12918b25e Add runc, conmon, crictl and CNI plugins to bundle c07429a56 Render latest release notes 73f42d35a Use static runc binary in CircleCI 5f745fa7d Let CRI-O start when `runc` is not in $PATH and not configured 2fae47c00 test/pod: TerminationGracePeriod: skip on CircleCI 34ee0d9ba test/pod: TerminationGracePeriod passthru test 23177bd84 Use `Value` field in CLI for non-default values 211393d25 Upload every successful built bundle to the GCS bucket 11b1fa661 Update golangci-lint to v1.23.8 97b9587f1 Add DEFAULTS_PATH to Makefile eb9cc161c Flatten internal/pkg/* packages to internal/* 4bec101bd Fix 32bit build by vendoring latest go-selinux 3c48743f8 test/conmonmon: fix getting conmon pid 3d7c5ae58 skip failing storage test c0f0c897c Add crio.conf.d(5) man-page to the bundle 4bf557482 Cleanup: minor wording adjustments in documentation 5110df3bf Fix some minor whitespace issues in crio documentation b22b31c58 Add crio.conf.d man page bb0a68503 Move pkg/config/seccomp package to internal/config/seccomp f9f058f2f Update dependencies 6ab73e82e Upgrade CI to use go 1.14 b91cb5e56 Apply Kubernetes PR template 07d329e97 Add live configuration reload to AppArmor profile 1f856928c CreateContainer: pass TerminationGracePeriod 43a03bff8 Add CI bundle tests d81de1839 Remove extra check for go modules in Makefile 917c3e764 Rebuild bin/* targets on *.go file changes d1696ce6b Improve crio --version / version output f13aad99c Make bin/pinns a PHONY target fa3d37c0c Bump kubernetes to v1.18.0-beta.0 295240116 Fix markdown for generated crio/crio-status docs 3010195bb Cleanup config default values d83645127 Drop support for golang < v1.12 eff11105a server, cgroupv2: do not create cgroupns e48d23aab Automatically retrieve digest in test image builds 61f9ca072 Add high level Sandbox and Container interface 2c422eb42 Auto inject CRI-O version c23a169d6 Change CircleCI config to build all jobs for all tags 56d48195c Uppercase first log char per default ffda0f3be Add cgroup namespace unsharing to pinns 06257791d Add live configuration reload to seccomp profile 9ec3b8dc2 cgroups: parse cgroup.controllers once d45ad21d7 Fix Fedora based integration tests 2e1d04393 Update docs and completions for crio wipe --force 153c0002e tests: update to crun 0.12.2.1 59c63a611 restore: specify runtime root to the OCI runtime d1bcb14c9 test/ctr: adapt test to cgroupv2 94c9876d8 wipe: Add a force flag for skipping version check dde9af43e Remove version marker from AppArmor profile 92d3eaf59 test: adapt to python3 0ed6aa6dd test: look for substring c12fa5a5b contrib: install crun also at /usr/local/bin/runc e502d70d3 contrib: fix ansible warning 94799c992 contrib: set crun in crio.conf when build_crun 032baf175 contrib: add tests for cgroup v2 8da112216 container: ignore hugetlb limits if not supported 5c5eb7124 Add user-notice about minimal ctr_stop_timeout 92f899ccb Update pinns build and add small cleanups 007080ec5 conmonmon: errorf when OOM killing fd88a5bd5 klog: don't write to /tmp f31362e45 Pass down the integer value of the stop signal 5a112abf4 exec: Close pipe fds to prevent hangs 23582bdd5 Add live reload to DecryptionKeysPath ad75e22be Update nix package dependencies and cleanup default.nix a5119bdc9 Make SIGHUP reload for drop-in config dir work 0bb5a2abc update installation info for debian and forks c2535c68e Add pinns binary to static bundle f838631f7 contrib: drop system containers fa8d49cb1 contrib: use crun from the containers repository a56b2f9a4 Remove trailing whitespaces from configuration template 1280b5d61 oci: Handle timeouts correctly for probes f6fa7760e fix server restore to not remove podman containers 2c311967c Bump containers storage to v1.15.8 6cefdcca7 drop host_ip from crio.conf.5.md f4449b681 vendor github.com/containers/image@v5.2.0 1d7d7a0fc Unwrap errors from label.Relabel() before checking for ENOTSUP 00fd41c97 Fix reload behavior for unqualified search registries 0eec45416 Skip invalid hooks directories by default e48fa304b Add log context to container stats f4214be7c contrib: 10-crio-bridge.conf change subnet e962246a5 Update dependencies 720545fbf Add `crio version` subcommand ee8b72e11 Update golangci-lint to v1.23.3 78e9ee352 Setup container environment variables before user f7424e9c5 fail on network stop 5284c0a0a docs: improve setup.md 11535c489 Add the container IDs that cri-o assigns to various logs 1a12f8125 move default version file location a tmpfs 764bcf5fb sandbox: skip memory check if set to "max" ff234bb71 build: make install providing systemd and config 14a2905bf fix nit from #3165 a1cdad7e9 drop host_ip and host_ips 1f1132700 Move SystemContext from Server into Config 0a8efeb0a Update Kubernetes to v1.18.0-alpha.2 2ef722b9d Update urfave/cli to latest version ea0217e36 Use new containerd/release-tool path 437fb7356 Update libpod and ocicni 68e94e249 Remove unused getHostIPs and validateHostIPs functions 59ef3883d stream server: Bind to all addresses 0074990d6 Fix integration/unit tests 34b7b7008 Vendor in latest opencontainers/runtime-tools faad45a91 Enable AppArmor tests in CircleCI 4cba27d88 docs: add a blurb about AppArmor profile precedence 0628b3dc8 Fix network ping integration test in CircleCI b74ec1c3c Add support for crio drop-in config files d43e2f359 Fix unit tests for rootless runs 65049475d Refactor sysctl handling and add unit tests e34dad0b3 Log path location when using binaries discovered in $PATH 6a51b90a1 server: allow an apparmor-unconfined container 9ec532c7f Switch default cgroup manager to systemd 50942473b Add documentation about stream_port="0" a014aa4de Fail to start when stream server port already allocated 964245f94 Run integration tests natively in CI 35e8ad4d6 Fail to start when already listening on socket 211fb388e Update golangci-lint to v1.23.1 ef1152b88 Allow server to start without config 49310bb02 Fix generated docs formatting 512fdb2f9 Take total_inactive_file into consideration for memory usage 66ef0b326 docs: remove mention to RHEL-8 beta repo in setup.md 5d38a07d6 Mention latest release branch in docs eecbc3655 Fix typos in test descriptions aa9293e95 Add image pull metrics a94e0b779 container_create_linux: refactor common code 4bb04824b Fix man page header 31ce68627 persist exit: fix some nits 1ae3626d6 Fixes to better handle exit code 914adc516 Save exit file for container in persistent directory 62d09afcd doc: improve setup.md 8fd34a082 server: create cgroupns when running on cgroup v2 bcecd7941 Destroy the pod's network when it can't be restored 36b73a8c9 Add `namespaces{-_}dir` CLI and config option 9ddf6d7d4 Update CNI plugins to v0.8.4 ee1df54f0 Use UUID generator for namespace path 5fb3192f1 Add new NSType for available namespaces a3afb54c3 Fix pinns path mismatch for install and uninstall 6c5ec8486 remove ErrClosedNS 9d7f8ed21 Fix possible segmentation fault in namespace removal 8bcefec51 Change AppArmor profile handling to fallback to the default a0cb8161d Update to conmon v2.0.9 0c02f5453 Fix possible segmentation fault in error handling 20b449bbf Cleanup sandbox shared memory before removing it 1c28b2395 update createSandboxContainer to parse hugepages limit from CRI message 7646a7fd5 Update vendor to v1.18.0-alpha.1 Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Mark Asselstine
|
685d518eb7 |
cri-o: uprev from 1.15 to 1.17
Uprev to the latest release of cri-o to pick up some fixes and
CVEs. Makefile updates along with updates to the go.bbclass allow us
to remove most of the do_compile() tweaks that were in place. To test
that these removals are sane builds were done for x86_64 and arm64 in
docker containers with network=none, no issues were found.
Quite a few runtime tests were done as well since we are stepping up 2
releases, and we also just uprev'd 'cni' and wanted to validate its
runtime as well.
Once the system is started and cri-o is given time to start you can
use the new 'crio-status info' command to retrieve the runtime status
of cri-o:
root@qemux86-64:~# crio-status info
cgroup driver: cgroupfs
storage driver:
storage root: /var/lib/containers/storage
default GID mappings (format <container>:<host>:<size>):
0:0:4294967295
default UID mappings (format <container>:<host>:<size>):
0:0:4294967295
Additionally 'crictl' was installed (the recipe will be submitted
shortly) and the cri-o Tutorial found here was run
(https://github.com/cri-o/cri-o/blob/master/tutorials/crictl.md)
In order to run the tutorial /etc/cni/net.d/99-loopback.conf and
/etc/containers/policy.json were taken from
./contrib/cni/99-loopback.conf and ./contrib/policy.json in the cri-o
src repo. The sandbox_config.json and container_redis.json were taken
from https://github.com/cri-o/cri-o/blob/master/test/testdata (note:
using core-image-minimal with systemd enabled I had to remove
"cpu_period": 10000 and "cpu_quota": 20000 to get the tutorial to
work). We are not able to use the loopback networking to telnet to the
redis container, but we can use other techniques to validate that it
is running.
root@qemux86-64:~# /usr/lib/go/src/import/_output/crictl --runtime-endpoint unix:///var/run/crio/crio.sock ps
CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID
72718714360ef quay.io/crio/redis:alpine 47 seconds ago Running podsandbox1-redis 0 38b97e5a7bb99
root@qemux86-64:~# /usr/lib/go/src/import/_output/crictl --runtime-endpoint unix:///var/run/crio/crio.sock exec -i 72718714360ef cat /etc/issue
Welcome to Alpine Linux 3.7
Kernel \r on an \m (\l)
The CRIO_BUILD_CROSS approach was no longer valid and was
dropped. There is most likely some other cleanup we can do but this
gets us to a good state on the latest release.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
||
|
Hongxu Jia
|
00cc8afd1e |
cri-o: workaround failure since go upgraded to 1.13
Since go was upgraded to 1.13, there is a failure: ... | src/vendor/golang.org/x/net/http2/frame.go:17:2: use of vendored package not allowed | ../../../recipe-sysroot/usr/lib64/go/src/net/http/h2_bundle.go:49:2: use of vendored package not allowed ... Refer upstream suggestion [1]: `or copying your vendor contents into GOPATH/src rather than mapping them in to GOPATH/src/vendor.' [1] https://github.com/golang/go/issues/34068 Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com> Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com> |
||
|
Hongxu Jia
|
de255d6afa |
cri-o: Disable for all mips machines
Since commit [
|