Bumping containerd to version v2.0.0-rc.3-19-g741c4bde5, which comprises the following commits:
531da9960 Reduce scope of permissions in stale workflow
ed64e6503 core/mount: remove logrus import
ea8265fb1 core/transfer/local: remove logrus import
75fd7a5a7 pkg/shim: remove logrus imports
38e2f0038 Adds a mutex to protect fallback host
587ee80f6 pkg/tracing: LogrusHook.Fire: micro-optimisation
ccf793812 pkg/tracing: remove direct use of github.com/sirupsen/logrus
4203e2de8 pkg/tracing/plugin: rename var that collided with import
e2e09b384 pkg/tracing: rename func that shadowed builtin, rm makeSpanName
e69ad9442 build(deps): bump the k8s group across 1 directory with 4 updates
5b8dfbd11 Allow proxy plugins to have capabilities
cc2cedae0 Revert "install-runc: pin Go to 1.21"
3c097352a update runc binary to v1.1.13
8c13ed1b8 Prepare v2.0.0-rc.3 release
86b8a8824 Remove pkg/seed
09d3e20d3 Allow running test in usernamespace
8bcffa944 KEP-3619: Fine grained SupplementalGroups control
87dd4309d vendor: github.com/containerd/platforms v0.2.1
939135ae3 CI: golangci-lint v1.59.1
df7f6ba5b ctr: return explicit errors for flags unsupported by transfer service
686a610ee build(deps): bump github.com/checkpoint-restore/checkpointctl
156458e54 build(deps): bump the golang-x group with 2 updates
08c1e12e9 CI: add back EL 8
149ca6880 Update hcsshim tag to 0.12.4
b1a23c495 Fail integration test early when a plugin load fails
d23c4b8b5 Use unix and windows specific connection error checks
02b6c6939 Allow fallback across default ports
80ce8bd61 build(deps): bump github.com/containerd/containerd/api
cde2527fc ctr: pull: Do not ignore labels when transfer service is used
1c123efb4 Update Go version to 1.22.4
e1e793e4a Update rockylinux vagrant build
5611fdd4a Transfer: Push: Enable to specify platforms
0e8cc9146 Transfer: Push: fix failure on pushing duplicated blobs
4123170a3 *: export RemoveVolatileOption for CRI image volumes
3e71ccafc Add type alias for event Envelope
da1d9672f Enable imgcrypt in cri pull
9857afda4 Add vendor for github.com/containerd/imgcrypt
359d84351 Update api minimum go version to 1.21
2d73340c2 Explicitly set release latest to false
ca59fb0b4 Cleanup shim manager configuration
9831a62d7 auth: add span to FetchToken helpers
58be88189 sandbox: do retry for wait to remote sandbox controller
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bumping containerd to version v2.0.0-rc.2-12-g5d2c988a5, which comprises the following commits:
446e63579 remove uses of platforms.Platform alias
22f2af40c update pause image to 3.10
65024e6fd core/image: fix usage of "unknown" platform
8b3060717 Provide runtime options in plugin info
332caf1a1 Provide ability to set lo up without CNI
288f0592e Prepare release notes for v2.0.0-rc.2
f24a95185 build(deps): bump github.com/prometheus/client_golang
8b2a69c19 build(deps): bump golangci/golangci-lint-action from 5 to 6
96ff18d37 build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3
1cae3dc9b update ttrpc to 1.2.4
e2251f948 Update instrumentation fuzzer with new flag
ef76a90e9 Update platforms package to v0.2.0
0b113d78d doc: add the description of sandboxer and io_type
7cead8800 cri: restart created container with correct io type
42f778fc1 modify streaming io url form
25c2f690a Update toolchain to Go 1.22.3
681a083fa Update unpacker to always fetch all
2788604e4 Update ctr image pull all platforms
58be88189 sandbox: do retry for wait to remote sandbox controller
059731775 Preserve CL_UNPRIVILEGED locked flags during remount of bind mounts
9a9a8c46a Don't require vagrant tests in merge queues
d9dc2811a fix: delete sockets on shim exit
41dc94ee1 CI: bump up golangci-lint to v1.58.0
9ecfac7f6 Integration: Change to grpc.NewClient
8c6183d74 Add lease test for metadata snapshotter
c7fb8a925 Update metadata snapshotter to lease on exists
b8dfb4d8f cri: support io by streaming api
3b065cddd CI: skip test in arm64 CI
6c3c5376f critools-version: v1.30.0
b488e76db build(deps): bump google.golang.org/protobuf from 1.33.0 to 1.34.1
a6e417dc6 build(deps): bump go.etcd.io/bbolt from 1.3.9 to 1.3.10
4401c3cb7 build(deps): bump github.com/pelletier/go-toml/v2 from 2.2.1 to 2.2.2
42e02c6c0 build(deps): bump golang.org/x/sys in the golang-x group
88b52119c Update api version to v1.8.0-rc.0
1c9c64f31 Update release procedure to mention api replace
e69efd56d Add go mod replace when proto changes happen
678137199 sandbox: remove PID() in sandbox client
13f2fa1de remove go1.21.9 from CI matrix
f0363a7f6 Chore: Simplify some syscall error checks
99ad11a00 core/metadata: failfast on content.Commit
3fb84403b CI: bump up crun to 1.15
55fcebffc Prepare release notes for api/v1.8.0
b811a8879 Add API release action
b8060d641 Update ctr shim subcommand to task v3
f1e265b13 core/runtime: Check shim PluginInfo to enforce idmap support
05a3171bb Update transfer proxy to support ttrpc
ec04e4f63 Add streaming proxy
fe01cad20 Cleanup local transfer interface
171fc1434 Update release doc to mention API versioning
2ac2b9c90 Make api a Go sub-module
e1b94c0e7 Move protobuf package under pkg
3e9cace72 Move runtimeoptions to api directory
4a4550777 Move runc options to api directory
25a288662 Fix v2 migrate for testutil package
fb1f15d30 docs: correct the typo in the documentation
2df04b403 build(deps): bump the otel group with 8 updates
950db7eb7 build(deps): bump the k8s group across 1 directory with 4 updates
93690baf4 build(deps): bump github.com/grpc-ecosystem/go-grpc-middleware/providers/prometheus
4c753d124 go.mod: k8s.io/cri-api v0.30.0
de38490ed sandbox: merge address and protocol to one url
c3b306240 add task api endpoint in task create options
72fe47b2a add task api endpoint in oci proto
b1fefccc7 sandbox: store endpoint in cri sandboxStore
f6e0cf189 sandbox: add address info in Start and Status response
15782881e go.mod: go 1.22
2d5689434 CI: use Go 1.22 by default
fef78c102 install-runc: pin Go to 1.21
11d8beff8 optimize error logs by providing absolute file paths
81a9df625 build(deps): bump github.com/urfave/cli/v2 from 2.27.1 to 2.27.2
c001a7056 build(deps): bump lycheeverse/lychee-action from 1.9.3 to 1.10.0
6df759e24 build(deps): bump golangci/golangci-lint-action from 4 to 5
b7c977414 container.Checkpoint(), WithRestoreImage(): use ocispec.AnnotationRefName
8a8c3e221 pkg/cri/server/base: log CRI config as embedded JSON
f62edda5a pkg/cri/server/base: use structured log for CRI plugin startup
e07b63d84 document usage and design of blockfile snapshotter
b6bd12f13 Add Syself Autopilot to adopters
7bc476001 ADOPTERS.md: Fix Actuated italics
416741675 Perform file sync outside of lock on Commit
c27bcdc56 cri: introspectRuntimeFeatures: fix nil panic
dfdfa206f Update for latest updates to release tool
53c9e6f86 Update release process after 1.7
a12acedfa sandbox: make a independent shim plugin
9ee3bfaba images: tests: Fix typos in the tests
c51463010 docs: update registry config guide
7bd4d348e add info of exited event
218e2cf7c Return correct error if CRIU binary is missing
bb9d923aa content: add a BlobReadSeeker func to allow multipart blob streaming
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Bumping containerd to version v2.0.0-rc.1-8-g0426e3c2e, which comprises the following commits:
c27bcdc56 cri: introspectRuntimeFeatures: fix nil panic
c5ba71d11 Makefile: update default PACKAGE to v2
094bafe2a apparmor: Allow confined runc to kill containers
e461a59ae fix migrateConfig for io.containerd.cri.v1.images
eb5a0c04b apparmor: add `signal (receive) peer=/usr/local/bin/rootlesskit,`
5e470e1ca Update HTTPFallback to handle tls handshake timeout
a37b451cd build(deps): bump tags.cncf.io/container-device-interface
888fd315f Update CNI to v1.2.0
13e6b2b68 update to go1.21.9, go1.22.2
42e4de9c5 Prepare release notes for v2.0.0-rc.1
4a31bd606 chore: use errors.New to replace fmt.Errorf with no parameters will much better
a6a82c102 Update hcsshim to v0.12.3
7e60d5a07 Account for ipv4 vs ipv6 localhost in windows port forwarding
a153b2cd3 mod: bump github.com/containerd/nri@v0.6.1
77512e2d7 build(deps): bump the golang-x group with 3 updates
c8d9eba7c build(deps): bump github.com/klauspost/compress from 1.17.7 to 1.17.8
1c0f73aa0 build(deps): bump github.com/pelletier/go-toml/v2 from 2.2.0 to 2.2.1
32caaee48 Snapshotters: Export the root path
b82ced57f fix: close profile
c7ea06a69 fix default working directory `hostProcess`
1040c7b98 build(deps): bump the otel group with 8 updates
b50e9eae4 Refactor spots to make use of sys.IgnoringEintr
3ea69db8e Add helper to ignore eintr
1b6222418 Bump tags.cncf.io/container-device-interface to v0.7.1
ad584ebec Replace direct waitid syscall with unix.Waitid
7c5078459 Remove empty default tls configuration in ctr
b6e361694 cri: add pause image name to annotations
0ec14fdf8 core/diff/apply: use unix.Syncfs
739659a4b build(deps): bump google.golang.org/grpc from 1.62.1 to 1.63.2
433279438 Transfer: Registry: Enable plain HTTP
88b4cc659 address review comments
f20c49311 Update tracing documentation to add details about manual instrumentation
63d5573a3 remote: Fix HTTPFallback fails when pushing manifest
2474a99c3 Add IsNotFound case to ListPodSandboxStats
3830f8167 fix(cri): fix unexpected order of mounts since go 1.19
cbb644182 build(deps): bump github.com/Microsoft/hcsshim from 0.12.0 to 0.12.2
362fcf2d2 build(deps): bump github.com/distribution/reference from 0.5.0 to 0.6.0
5b6ae0f79 Use different containerd sock address in tests
ab2c569fb ctr: fix parsing mount options
b97ef91fb Change port forwarding on windows
ea681afba docs: fix typo
6d00c3ada runc-shim: only defer init process exits
da4ca4949 build(deps): bump github.com/pelletier/go-toml/v2 from 2.1.1 to 2.2.0
dd72fb3b2 build(deps): bump github.com/intel/goresctrl from 0.6.0 to 0.7.0
e41e9e11b transfer: Platform matcher should match multiple platforms
d0d35f0d0 core/images/archive: normalizeReference: remove outdated TODO
26158609b pkg/seutil: move to internal/cri
33732bc13 pkg/systemd: move to internal/cri
0d0850af1 Prepare v2.0.0-rc.0
f5abb63c0 Update mailmap
30813f646 build(deps): bump github.com/containernetworking/plugins
0fafc0c50 build(deps): bump github.com/checkpoint-restore/go-criu/v7
7c1fca096 Update migration script based on usage
45e425ccc vendor: github.com/golang/protobuf v1.5.4
4aa6fedd5 CRI: postpone removal of deprecated config properties
34c545824 Automatically decompress archives for transfer service import
df26c189a Clean cri options and useless parms
88421068f Fix invalid event filter in podsandbox
357c59b79 Update github actions ci to run on forks
4b719cc4b build(deps): bump google.golang.org/grpc from 1.62.0 to 1.62.1
10c7f03b3 build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0
21d3fedf4 build(deps): bump softprops/action-gh-release from 1 to 2
228aa42a6 build(deps): bump the otel group with 8 updates
47d13767f Clean typos in plugins.
7ac9d6909 Use the Go toolchain in CI matrix to build binaries
6a96e4501 Move shim package to pkg
f25770e48 Wire through CRI ContainerCheckpoint RPC
7ecdebff9 update to go 1.21.8, 1.22.1
723306d0e Disable OOM set score unpriv test temporarily
994fdd74e Don't create new scratch VHD per image for CimFS
016b588a9 build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0
d9409c461 Update hcsshim to v0.12.0
00d714e90 build(deps): bump the golang-x group with 2 updates
ab4de3e4c build(deps): bump azure/login from 1 to 2
713dd8f8d go.mod: k8s.io/cri-api v0.30.0-alpha.3
d9b9160ae mv internal/testutil pkg/testutil
752917c0f build(deps): bump github.com/prometheus/client_golang
7a3b7fba5 Transfer: Registry: Enable to use registry configuration diretory
1bf781d8e Cleanup introspection interface
5bd204109 Remove grpc from Client connection interface
347346e3c Add ttrpc support to content proxy
9104e6a24 Add events proxy interface
892dc54bd runc-shim: process exec exits before init
9128ee0a9 Move nri packages to plugin and internal
d0da3d1ca sandbox: make event monitor in CRI independent
17ea3959b adds mediatype to oci index record
c5ef8a2c2 fix(docs): fix duplicate instructions for windows installation
87e8e9c7f Add Go client stability in releases for 2.0.
72f21833b Move events to plugins and core
caa9e2075 add k8s 1.29 and 1.30preview to support table
154ed26a7 vendor: go.etcd.io/bbolt v1.3.9
6d1dfe55f cri: ensure the pause image loaded in older versions is pinned
2884b318f build(deps): bump github.com/klauspost/compress from 1.17.6 to 1.17.7
bd44df8a1 refactor code - clean switch and if statements
a60e52f58 sandbox: add struct tags for PinnedImages
a0b73ae11 sandbox: optimize the lock in PodSandbox
0f1d27412 sandbox: add methods to sandboxService
a2768f19d plugins/sandbox: move local plugin into services
d651cb743 mediatypes: support zstd compression
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
We no longer need the split between container-docker and
containerd-opencontainers and dependent layers have been
given over a year to adapt.
We do keep the provides and rprovides around for a bit
longer, but those will also be removed in the future.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
Since there are two implementations of runc and containerd that may
not always be in sync, the docker variant, and the opencontainers
variable, we create a virtual/* namespace for these components.
Anything requiring runc or containerd should set a preferred provider
to get the desired/tested variant.
We set the default provider to the docker variants, since they are
the primary use case for these components.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Docker defines required dependency versions in its vendor.conf
file. These can also be validated by running 'docker info' on the
running system. In order to avoid issues, such as the current one
where docker can't run containers, we need to ensure we match these
versions. Uprev containerd to the version defined in docker's
vendor.conf file.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Go only understands "386" as target arch, not "i586". Adjust this.
Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Since we are building a cross tool which produces something which is
ARCH specific we should stick to the <toolname>-cross-<arch> naming
convention. A variant of this patch has been floating around for a
while but with the changes around per recipe sysroots, distributed
builds, shared builds... we are best served to adopt this convention
now.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Make use of bitbake variable where appropriate, this makes the recipe portable.
Signed-off-by: Amarnath Valluri <amarnath.valluri@intel.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Similar to commit 01aa8f1, runc and containered also need to set GOROOT
explicitly.
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
We need to ensure we are using the target toolchain and sysroot to
avoid possible host contamination, and in the case of non x86-64
target builds, allow the build to complete successfully.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Bumping the version of docker and dependencies. This gets us closer to
runc 1.0, which is the foundation for future OCI efforts.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
With the update to docker 1.11.x+, we need the OCI containerd to control
runc:
containerd is a daemon to control runC, built for performance and density.
containerd leverages runC's advanced features such as seccomp and user
namespace support as well as checkpoint and restore for cloning and
live migration of containers.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
