mirror of
git://git.yoctoproject.org/meta-virtualization.git
synced 2025-07-19 12:50:22 +02:00
c0d7968bfd
Bumping to the 1.21 release branch. Although this still in development, there are some depreciations and other features we want to get into the release, so we bump now for extra testing. This comprises the following commits: 7b4b8b2de bump protobuf to 1.3.2 cf1e612eb server: support setting raw unified cgroupv2 settings fc69fe15c vendor: update runtime-specs fcc278427 cgroup: implement fix for swap memcg on cgroup v2 7b7efa307 server: leave swap mem limit unset if not supported 2d857bf21 test: skip ServiceAccountIssuerDiscovery test dcf651d91 hostport manager clean up host ports 6f096c58e allows stream timeout to be set from config 056f8161d Bump containers image to v5.10.1 26aa60644 Move unit tests to GitHub actions 04185fc4f Move go1.14 and 386 builds to GitHub actions f91c4f0ca set kubelet node IP 26491d154 Fix validate-completions GitHub action ebafe7536 Add integration test for pprof over unix socket 109b412af Add a flag for enabling profile over unix socket a09423d60 Lookup echo command for unit tests c1a724770 Move static build to GitHub actions 85feffc1f pinns: Fixup 'pwarn' output to match 'pwarnf' output e30c3975f pinns: Don't put errno in the exit message for argument checks fd8e390ad nsmgr: use host option 76a89b938 nsmgr: Use config struct for NewPodNamespaces 969505130 pinns: support pinning host ns 4394eee77 Remove implicit GitHub action `name` fields a0568ace6 Move docs and completions validation to GitHub actions fa3741f1d Make config tests work rootless 2a8f2b11b Make rootless namespace unit test execution work 2670d8598 Do not log file path on ioutil.ReadFile a6e8ae41d fixes version_test.go 841913db8 Close the stdin/tty on server start to avoid shortname prompts e430b1df6 Update debian repository url to use https 3f4bef945 docs: fix http link c2b9d0fd8 docs: update kubeadm tutorial b64e716a9 Fix `make lint` f36c64dbd Return runtime API version based on protocol cce49c0e4 Update compatibility matrix to mention v1.20 77f1b7c36 add method comment 84b616b79 restore irqbalance config only on system restart aa46a2393 add blurb in doc and more informative name for unit tests 13be7ae5a add is-enabled check for irqbalance service 9930cc33d fix unit tests ce9973796 add unit tests b3b48b31f fix bash/zsh completions 3cd55b226 fix the docs validation cf61f947d handle irqbalance service 7a1939882 runtime_vm: set finished time when containers stop 78c91cbf9 nsmgr: fix/add calls to GetNamespace 177250f74 managed namespaces: move to dedicated package 10c9e4961 Provide integration test for infra-ctr-cpuset feature 5f9dbb1a2 Set CPUs for the infra containers during the creation b3fb25b44 Add shell completion for infra-containers-cpu flag e0f7ccc32 Add new infra-containers-cpus to the CLI and config file 30b0aea2e refine `registries` deprecation message ac8e51bfd Circle CI: install test/registries.conf d0e9b8b0c crio.8.md: runroot defaults to /run/containers/storage 2e49302ed support short-name aliases 22417169d pull: do check for blocked registries 83974bbdd config: deprecate registries 4879bba02 Rollback gocapability vendor bump 78261109b vendor: bump containers/storage to v1.24.4 d25bfe297 Update nix pin with `make nixpkgs` 709e4d170 contrib/test/int: add Kata Containers runtime support ce0beec25 contrib/test/int: enforce linking in parallel build process 85e67f811 contrib/test/int: build parallel from sources in CentOS b18fe2cbf contrib/test/int: allow to skip user namespace testing 506e7c2e7 contrib/test/int: allow to configure test timeout cc9d037c3 Capitalize Kubernetes c85474476 modify the error url of podctl 1b7e811fb Add Digital Science to adopters e0bf8bc94 pinns: make binary not always static 0aeb7d27e server: use IsAlive() more 2460f6d26 Support CRI v1 and v1alpha2 at the same time 1633196c1 drop support for ManageNSLifecycle b395cd224 test/timeout.bats: increase timeout to fix flakes ab2626872 release-notes: fix flags fa6a34381 test/timeout.bats: fix comments 553123b19 int/resourcestore: fix comment about Put de186def3 test/image.bats: simplify some loops 0a30ab479 test/helpers.bats: simplify cleanup_* cfdf40e4b test: add timeout.bats 521fa1948 bump network creation timeout to 5 minutes 87977f19d resourcecache: add watcher idiom 1d2328aa8 server: use ResourceCache instead of dropping progress 4bdc500ba Add unit tests for ResourceCache 76ebcac66 Introduce ResourceCache a4588db28 moves shmsize to a handler allowed annotation 8e8f164f2 image pull: close progress chan 1fffd7210 test/ctr.bats: fix a "ctr execsync" flake 2bca8ec2b Fix the functions' name in completions 5e80372b7 Increase release-notes run timeout to 30m 7150db5ba Bump k/release to v0.6.0 eabdf7e4e ci: enable shellcheck for bats files 829053a41 test/network.bats: silence shellcheck SC1090 0c42734b2 test/network.bats: s/which/command -v/ c50658467 test/inspect.bats: fix SC2086 e62136838 test/image.bats: rm unused code 03f8eae37 test/network.bats: fix shellcheck warnings 149619d93 test/devices.bats: fix a shellcheck warning 15a3cb785 test/pod.bats: use jq to edit json 64c0fb2a0 test/network.bats: use jq to edit json 7053a2c39 test/*bats: rm unneeded stop_crio 99e521b23 test/testdata/container_config_sleep.json: rm 2a40a639a test/ctr_seccomp.bats: rm testdata/container_config_seccomp.json 9ca6eeab4 test/selinux.bats: rename a test d309db54b test/selinux: rm testdata/sandbox_config_selinux.json 6ca29591a test/pod: rm testdata/sandbox_config_sysctl.json f1fc4626f test/ctr.bats: do not create files in $TESTDATA 25a559237 test/image: rm container_config_by_imageid.json f10a38851 Use own metadata types 09f929216 test: use jq to manipulate json 029bb46bf test/*bats: rm excessive runs 25db96707 Add CRI glue types for v1alpha2 and v1 usage e8127e0e7 Add CRI v1 API c4df5708c Fix make vendor GOSUMDB d0e2cfdfd make: drop link to crio.service 5ad548b38 test: rm "run ctr with image with Config.Volumes" 39ff75035 test: add no-pull-on-run=true ea9d2ab31 circleci: use updated images 284779311 Check allowed_annotations under performance hooks and drop deprecation warning 91ea6ac1a Add clean v1alpha2 CRI API interface 63bd12659 contrib/test/int/build: bump a few deps abf049f6b circleci: use go 1.15 for vendor 302b36c0f ci: bump go to 1.15.5 bafa2a870 circleci: bump go to 1.15.5 7f046e2af Pass runtime to the handler hooks bd5ae5de2 Provide methods to check allowed_annotations for high-performance runtime handler 38f8e9da5 Provide a better value for features specific annotationis bd78f7e89 don't do unnecesary iptables restore 942e6255f switch CRI-O to use its own hostport manager d17d157e0 dual-stack host port manager a86d258c7 fix upstream hostport manager 76f6d342f Add README to hostport folder 7dbafacd1 fork hosport kubernetes code 90ae7e2d7 ignore test binaries 8dd12dc42 fix cleanup func wording 7244e40ca server: refactor handling of cleanup funcs d2b341659 Make NamespaceOption an internal type in sandbox 49d0de238 test/e2e: disable a flaky test 22ce1d7a3 contrib/test/int/e2e-features: skip Serial tests f1b6fde01 contrib/test/int/e2e-features: rework "skip" regex fd15db07f contrib/test/int/e2e: rework "skip" regex 5e57f4215 contrib/test/int/e2e: rm obsoleted TODO 9ef215fb7 ci: move check vendor to github actions 437f1c1b8 Makefile: rm GIT_MERGE_BASE a4309e000 circleci: fix cri-tools install b59718676 alphabetize OS ad043ae9a Update install.md d22c37e71 ci: move docs-valication to github actions 9dd630514 ci: move shfmt from circleci to github actions 2489684ac ci: move shellcheck from circleci to github actions 7f9f09801 ci: move golangci-lint from circleci to GH actions 9fe43d28d github/PR template: add /kind ci, other 359c60f2a vendor: bump containers/storage to v1.24.0 99081ef41 Makefile: bump golangci-lint to 1.32.2 936e21890 circleci: rm build-test-binaries job b3000eb70 test/devices.bats: fix "additional device permissions" case 22d9e7e8f do not enforce seccomp profiles if disabled 1eddc1b9b ci: use cri-tools from git head a53c2a70e test/devices.bats: rm unneeded run 7b910a08f test/devices.bats: skip earlier 329ccbafb Add wrongly removed word 7ff1fbc05 Update the crictl tutorial and simplify a few steps fedd00c0d Make CNI setup instructions a bit more clear and fix nits 205711e5e Fix links to installation documentation 24b7e4f83 move is_cgroup_v2 to helpers ddcfee824 oci: add Devices to allowed annotations structure 54477302e restore.bats: allow userns tests 61dad864c test_runner: test userns with manage_ns_lifecycle ba3d36c00 test/ctr_userns: rely on global userns testing 34d0aacbb Allow userns together with ManageNSLifecycle 1daaa067c server.createContainerPlatform: fix userns + spoofed infra 4e0cb03fe server: add userns mappings for spoofed infra 6e897b8e5 runtime_vm: Ensure closeIOChan is not nil inside CloseStdin's function b256264f1 test/command.bats: fix device test 7646b5b74 server: fix some nits about resolveSymbolicLink 917d39c66 move device handling to container iface c3370fb0c move additionalDevices handling to separate package c8e270f23 Bandwidht CNI plugin reserved an upper limit on burst,in which banned include boundary. See: https://github.com/containernetworking/plugins/blob/v0.8.7/plugins/meta/bandwidth/main.go#L113 fe8c25a1d Update nix pin with `make nixpkgs` 3ca6f8dae pinns: fix ownership for created namespaces d7d8f7a29 pinns: use a socketpair instead of a pipe 374415de8 vendor: pin shfmt to v3.2.0 f4301256d OWNERS: add myself bd364cd2c Log version at startup 88159bb7b test: rm disabling selinux from userns tests e54203c8a curl: add -S where -s is used 98fbf5bab ci: bump crun to 0.15/HEAD be3ec3c1e nix: fix static build 0cfc673cd test: bring back userns testing c9290e44c test/network_ping.bats: skip with userns a3d0b391d test/restore.bats: skip some tests with userns 6931ee743 test/network.bats: skip hostnetwork test with userns b7db612de test/image_volume.bats: fix userns check b4d692617 test/drop_infra.bats: skip if userns is enabled 03cfc2fcc test/ctr.bats: skip privileged test when userns f147b4a9e Preserve sandbox annotations for handling OCI hooks 3e6b81904 Increase integration test timeout to 30min 9750103ae Upload bundle in separate CI step ecece5641 vendor: update containers/storage to v1.23.7 35f64617e test: disable crictl pull on create f41aa4ae5 Update maintenance versions in README.md d22514351 test/image.bats: pull the image to be used a400561a7 circleci: use ubuntu 20.04 image 468d49427 removes runs 70f73ab7b circle-ci: use go 1.15.3 8a2f5f189 Add SUSE CaaS Platform and openSUSE Kubic to adopters 58328a6af Error if GitHub release could not be found ca11353f8 Update e2e-aws logic for 4.7 95f285103 drop error in finalizeUserMapping as well 455a1b6b5 Adding Oracle Linux Cloud Native Environment to the list of adopters. 4cfde377e userns: use the same ID if the mapping is missing 0de968083 Add KubeCon EU 2020 talks to awesome list 99a21e919 use correct mappings when they exist ba9c0c245 drop AllowUsernsAnnotations 1a5553ebd add allowed_annotations to runtime handler 1d0f68156 update documentation of privileged_without_host_devices f0fab44c4 template: move default_runtime closer to runtimes map 5c9085a9f Fix release notes generation 23e0ed065 begin ADOPTERS.md file 4cf0a2915 test/testdata: rm container_redis_default_mounts.json 7e88c2cd6 test: mv test-specific setup out of setup_test() b8af8c4f0 test/reload_image.bats: nits 35b7de3c8 test/default_mounts: rm --deprecated-mounts test e1ffae3b5 test/default_mounts.bats: rm excessive run 5a59e514e test/testdata: rm *namespace*.json ba126e6de test/namespaces.bats: rm excessive run and cleanup 83fe6c285 test/testdata: rm sandbox?_config.json 2a0076143 test/testdata: rm *_hostport.json 3fbdf6fa4 Remove last traces of --default-mounts 023c57ac7 test: improve/rename parse_pod_ip -> pod_ip bc9d66793 test/helpers: improve test_pod_from_pod 417f0591f test/network: improve "Check for valid pod netns CIDR" d7babd6ac test/network_ping: merge the two cases 905511a2f test/helpers: show crio.log after the test 8343d16fc test/helpers: hide crictl info output 2bdf0e109 test/helpers: rm temp_sandbox_conf, switch to jq a6c985492 test/shm_size.bats: fix SC2002 a035e1561 test: simplify check_journald check 0483c62b2 .gitignore: rm conmon e6ef7221b test: simplify check_metrics_port -> port_listens 5502607e1 container_create: fix /etc/resolv.conf to be ro d04aa9092 test/testdata: rm container_config_resolvconf*.json 979dabda1 test/testdata: rm sandbox_config_privileged.json 347b03e01 test: rm testdata/container_redis_env_custom.json 1dbd73dc5 test/testdata: rm some unused files 2ba965644 test/pod.bats removes excessive runs 9784199e6 test/pod.bats removes unneeded teardown 5f4774efc runtime_vm: Ignore ttrpc.ErrClosed when removing a container 802b4e4fe runtime_vm: StopContainers() should not fail when the VM is shutdown 85f341c32 runtime_vm: Don't let wait() return ttrpc.ErrClosed 0f2a07053 runtime_vm: Fix updateContainerStatus() logic fecf1a1d8 network stop: don't segfault if sandbox isn't created yet 2fb259791 Revert "Move back network setup to after adding infra container" 06b6e129f test/ctr.bats: use $newconfig 54959f5b8 test/ctr.bats: replace sed with jq a7746c2dd test/ctr.bats: convert python calls to jq bbd70e433 test: rm edit_json, use jq directly ae7ac6105 test/ctr.bats: shfmt it 6693d79c5 CI: add shfmt check for bats files 4953fb28c test/*.bats: format using shfmt 4c9984603 shfmt: update to current master 407603303 introduce SeccompOverrideEmpty e9d9b3011 server: cleanup container in runtime after failed creation 685f275d3 defer removal of container in storage immediately cf79dc39f test/status.bats: use shfmt 0ea616973 test/status.bats: rm excessive use of run 70ea166d3 test/status.bats: minor refactor 7bc848cbe test/image_remove.bats: rewrite 510e5325a test: tidy image prefetch 6e0d7a3c2 test/image: rm unused var 4ab412848 test/ctr.bats: fix SC2086 27dd454a2 test/ctr: rm excessive use of run eea57ad02 ctr.bats: fix jq checks 19e521422 test/ctr: fix "privileged ctr -- check for rw mounts" 86596bdcc test/ctr.bats: fix "annotations passed through" test bea64ec68 test/ctr.bats: add is_cgroup_v2, fix SC2046 601e1e4ca test/ctr.bats: rm unneeded cleanup 37c9c24ed test/ctr.bats: fix SC2002 96b8890e5 test/version.bats: fix/improve b45e341ee test: fix SC2086 dd3c394e3 crio: add new option --separate-pull-cgroup fbed1b37e crio: move in a new cgroup on reexec 26cf82891 test/command.bats: fix shellcheck warnings e60a04514 test/crio-wipe.bats: rm excessive run usage 6c69b4495 test/crio-wipe: simplify code f0e081865 test/apparmor: simplify is_apparmor_enabled e5bea7e08 pull: move image pull to a new process 7cc83932b crio: force garbage collection with SIGUSR2 4b549f542 test/network.bats: fix "Clean up network" tests 9da1a3ea8 Update nix pin with `make nixpkgs` e559d8e0e test/helpers.bash: rm "echo 0" caebae40e Support passing properties to RunUnderSystemScope ada8cfcaa test/network_ping.bats: simplify b03195eb5 test/network.bats: simplify, fix shellcheck ef07f7192 Move back network setup to after adding infra container 178872342 Bump master version to 1.20.0-dev 39a0e7984 server: use more GetContainerFromShortID and less GetContainer 965b70fad server: do not do container operations on a not created container 928edf243 server: do not stop/create container if pod is not created 9284c007d defer network stop ASAP after network start 83169c578 network: create as early as possible 00bf747aa Bump Kubernetes to v1.20.0-alpha.1 a78651ff8 Bump logrus to v1.7.0 6913515c8 runtime_vm: set Pid and InitPid for VM runtimes 1a35fce0c go.mod/sum: update 309b3d07e contrib/test/ci/cri-o.spec: rm GO111MODULE=off 6445c1418 Makefile: rm GO111MODULE=on and -mod=vendor 8eb6575c6 CONTRIBUTING: no need to set GO111MODULE 012e52db9 Makefile: fix vendor target bd3aa8151 internal/config/node: add checkFsMayDetachMounts a2bc9d35c Fix bogus CI test failures 056b43d11 runtime: parse oom file for VM type runtimes c49ee2362 test: use crun 0.15 b66ec3f42 test: adapt test to new crun output bac4a3ea0 moves spec generation to container 40709d286 test: drop infra container 4aa7d4c51 test/config: fix shellcheck warning 94ef42cbc test/config: fix "config dir should fail with invalid option" 1d097f7d5 cni: fix ipv4 configuration file 4f1e4efae [feature] support custom shm size and docs deba2580b Update nix pin with `make nixpkgs` a20c3a4de Verify Cgroup Memory - cgroupfs 7eaede753 deprecate manage_ns_lifecycle option aac00ea84 Enable debug logs for release notes generation 0d878de1e Bump GRPC to v1.27.0 53b72efe1 test: skip MetricsGrabber tests 9afdd35c3 drop infra container when appropriate 25383e728 server: no longer assume some infra containers will be nil e42b2b1c5 sandbox: add NeedsInfra function fdab97f50 oci: add Spoofed() function 33de444ce introduce pkg/annotations 4ff61bb49 portforward: rework to not need infra container 3c241bdbb pinns: fix pinning cgroup namespace 26de5b665 pinns: allow sysctls to be passed 3f655aa2b test: configure self when kata-runtime is the CONTAINER_RUNTIME 9e337b0ab test: add tests for dropping infra 3978b8cf5 add --drop-infra-ctr option 7d56d27b1 broken link dff47619b update link for podman 3fd6ff726 add the integration tests for handling default runtime db3f22b4c Update containers/* dependencies and vendor libpod/v2 0f9a374ea test: remove generated file e5940bc87 Updating documentation of kubeadm with offline configurations. Signed-off-by: Athanasios Garyfalos garyfalos@cpan.org 6bda9b5e0 Force pkg dependencies to older ones compatible with gogo/protobuf 1635b0d26 Switch to Kubernetes AppArmor unconfined const ca1c46636 Update crictl.yaml to reflect cri-tools v1.19.0 configs 40b9d971f Bump cri-tools to v1.19.0, CNI plugins and golang 6f9341d5d Add image layer reuse docs to metrics.md 167fed492 oci: parse stat file instead of using ctime 12a5cb458 Print seccomp profile JSON only on trace log level ec69e86fa oci: return IsAlive error instead of logging 687202247 sandbox config: Improve validation error message 7b1e83595 pinNamespaces: fix cleanup and error returned 2b5a80d57 pinNamespaces: set capacity for returnedNamespaces 9925188dd pinNamespaces: use string concat instead of fmt.Sprintf 525d5b760 sandbox: ignore enoent on shm unmount b66da412d Revert "runtime_vm: Cleanup process when the Container is Stopped" bc9dd6fe2 test: deflake stats test 635ab5f5d oci: improve error message for verifyPid() b6db1d8a0 Fix pinns compilation for TEMP_FAILURE_RETRY 4a3f8b87d Vendor Kubernetes v1.19.0 8152e00f3 config: set internal RootConfig to default storage if not specified 827eb0bfc Revert "dual stack portmap support" f45c631ab Update nix pin with `make nixpkgs` 773f6b0b5 branch forward: stop on rc 5011a7b2f added irq smp balance and cpu cfs quota control 6a3f71112 Code clean up in containers_create_linux.go 7b942ed73 Remove git-validation in favor of prow/golangci-lint f97ad7fd3 dual stack portmap support f0d987acb Switch to containers/common for AppArmor 017e62dc1 Unset GOSUMDB when vendoring 4bf30158a storage: delete layer if mapped ad2ed3b79 mapping: add support for userns-mode annotation f035d6077 server: make paths to chown also accessible d9d3789cd vendor: update containers/storage to v1.23.1 7f8c00e5e server, systemd: export container env variable 2716da1de remove --runtime option 0afa35525 fix high performance hook self-exit container issue 9e112eebd oci: move channel close to writer goroutine 3472cc5c8 test: fix container stats test d4c32cb00 test/stats.bats: fix/improve container stats test d1e2ea04a test/stats.bats: improve test case d05a6335e test/stats.bats: fix typo in a variable name 9a1490531 managed ns: report namespace cleanup failure by default 4ed669482 managed ns: ignore `PID not initialized` on sandbox creation ff6d989fb test/apparmor: add missing test case call aca64980b test/cgroups.bats: enable pids test for cgroup v2 01432f5d6 test/cgroups.bats: simplify and fix 0aacb5b53 test/critest.bats: move setup/cleanup out of test b811a2040 test/apparmor: simplify 6f169692f test/apparmor.bats: add teardown function b4eb95602 test/cleanup_test: improve 5bce7486a test/wait_until_reachable: fix d6405601a test/ping_pod_from_pod: fix 60a04790f test/pull_test_containers: fix 8bf151454 test/critest.bats: fix d2ded1d73 handle runc not present on the system 838ab4aed Add fidencio to OWNERS file ab82e12e0 Use Unmount w/o prior Mounted check 15375c94c Don't limit the size on /run for systemd based containers 8c7c8028e oci: reorder conmon args 80609e566 config: check conmon version before assuming features 5dcf88604 test/image.bats: rm useless code c5d29b355 test/*bats: fix excessive use of export 616b7855e test/ctr_seccomp.bats: unify common code 2a45877ae test/ctr_seccomp.bats: unify/simplify seccomp check 149e13b07 test/ctr.bats: properly declare readonly var 2c4d5de9b test/apparmor.bats: fix shellcheck SC2030,SC2031 f2469036e Remove duplicate check for enabled seccomp d9ea3921d Bump test images to go1.15 61736cbe3 runtime_vm: Store logs in the correct format 8e45b939e Revert "Fix potentially unclosed file in runtimeVM#CreateContainer" e3e4385d1 selinux: override only specified values 8cbe37722 Fix container cgroup under cgroupfs 3609f6475 server: reduce complexity of getSourceMount 7a48cf993 server/addOCIBindMounts: speed up 6dd52f2ac Reuse Kubernetes API consts for seccomp profiles dca828597 oci_linux: fix working set calculation for cgroupv2 18fa73d9e Switch to go 1.15 49d121594 Add /sys/dev as a masked path path eddf148a1 oci_linux: fix working set calculation 059934138 test/image_volume.bats: fixes 79c52eb1e Revert "tests: adjust test to not depend on runc behavior" 76c7e8657 test/*.bats: fix checks that id is not present bf10fcafe test/*bats: fix shellcheck SC2076 a881562a2 Fix logs that have wrong func names f90a1dda0 Ensure CloseIO is called after Start for exec e21f21edd Add layer reuse metrics ae5630f72 Bump golangci-lint to v1.30.0 e790775d9 Vendor Kubernetes v1.19.0-rc.4 dfcd1691a config: create hooks dir if not present cbc7c514c docs: Move logo location d69d6d728 docs: update installation instructions 371a60093 use errors.Is() instead of errors.Cause() e1eb96fc8 Fix lint pipeline by gofumpt'ing cgmgr_test.go c99023d50 Parameterize strip binary in pinns/Makefile for cross-compilation 0bfefee51 Make filter container list be able to filter short pod IDs 44e0c0db7 drop findprocess 009ccb65e oci: rarely access Pid directly 5b3c5b655 exec sync: check pid instead of calling runtime state 1d672d139 server/createSandboxContainer: minor optimization b44a6cafa setCPUSLoadBalancing: nit 042a4a76c setCPUSLoadBalancing: optimize 82b339265 setCPUSLoadBalancing: rm repeated call to c.Spec() 484551e15 shouldCPULoadBalancingBeDisabled: simplify 5a5aa34cb Remove unused global vars in memory storer e8d4b0bc6 exec sync: be more careful about temp files 814c1bb01 runtime_vm: Cleanup process when the Container is Stopped 8b4ffe784 docs: fix cni documentation 79de63e63 contrib: update the crun version to the last release b55168f78 test: fix regex to look at the beginning of the line 4d21cd3f0 add stats list unit tests 857bcd34c stats: skipped stopped containers on container list stats ae69fd7f6 crio: use json-iterator/go instead of encoding/json 91d3d2791 Do not remove existing runtime handler 964d0d3a2 Speedup static build by utilizing CI cache on `/nix` folder 3f7d13e62 Add `make release` target f64d6d5e9 runtime_vm: set container creation time cd9e835c2 test/command: add test for --profile 1aa5f89a4 test/helpers: rm start_crio_* twins eb9321386 Remove unnecessary err assignment faad1a446 runtime_vm: Avoid possible deadlock on UpdateContainerStatus() 1313a9a2b Fix unit-tests and regenerate mocks e6e3c4ad0 Bring back pprof 9d4195941 Add testcase for createdAt timestamp restore f7f4a8664 Restore Sandbox createdAt timestamp on cri-o restart 2a260703f Fix gofumpt lints 300380462 name is reserved: give more informative error fb3cb0a2f Restore CPU load balancing just when an error appears d34d57c94 Add unittest for the high-performance hooks fe69fd2b1 Add RuntimeHandlerHooks interface dd5abc1c5 Add gofumpt linter and apply lint fixes e115e4cc8 Cleanup nix derivation for static builds 496f1e426 Provide unittest for the CPU load balancing method 8a48ff5d3 Provide functionality to disable and enable back the CPU load balancing 6886573e6 makes containerstats just get one container instead of whole pod 5cbbd289d Update UpdateContainerResources unittests e29c3ffe4 Update the container resources under the spec 1ee062c85 Make integration-cgroupfs tests depdent on results a2ec1d40d Copy spec to not touch original spec on exec(sync) 74a94b546 Add volume mount option for SELinux labeling 00c33525f Implement BigFilesTemporaryDir 65b692268 Perform log directory validation early in Server#runPodSandbox ce5825f1a Remove resolvPath when Relabel fails abecfdf31 remove all cases of returning an error named err fdb2df175 container: handle SelinuxLabels 9b881b0b5 container: add ReadOnly() b852ad675 container: add Image() 6e883db15 container: add fips disable handling 1f51d6d5d Revert "container_server: disable fdatasync() for atomic writes" 77cf58c91 node: fix panic if /sys/fs/cgroup failed to stat 4810ca3e3 Use /usr/bin/env bash in crio-shutdown.service c4795b496 Fix static binary mode retrieval for musl toolchains c180faac7 change variable name err to retErr for deferred comparisons 705381c46 runtime_vm: Improve CreateContainer cleanup in case of failures d785c14fc runtime_vm: Create deleteContainer() helper 11ae5b78d Close the done channel in runtimeOCI#ReopenContainerLog d5920c866 Update golang dependencies 924a8e983 Fix potentially unclosed file in runtimeVM#CreateContainer 65fe2c5fb Bump testimage versions including golang 15264b7e5 Enable more feature tests 9bf8e5397 Vendor Kubernetes v1.19.0-rc.1 7170231d8 internal/oci/runtime_vm: lock around map access cbd32ae9d internal/oci/runtime_vm: fix resizePty signature 11ec0bcda circle: save output for debugging ce0921e74 test: add circle job that runs with cgroupfs d8615ec46 managed ns: don't remove namespaces on sandbox stop d33995bd8 managed ns fixes 02d8bb96f runtime_vm: Ignore ttrpc.ErrClosed when shutting the container down b6b4d1023 Update golangci lint to v1.28.3 c2255b718 oci: add debug logs for runtime state calls b058683c5 Return empty DecryptConfig when no keys to force decryption fd07083b4 test: drop cgroupfs override fa9e413c2 Make release notes generator capable of handling tags a97c66840 Validate cgroupfs conmon cgroup on start 83e8282c4 contrib: enable debugging on the kubelet 77bb73c29 contrib, e2e: force systemd system session b803107b0 server, root: unset XDG_RUNTIME_DIR, DBUS_SESSION_BUS_ADDRESS 945adb00b contrib, cgroup v2: use kubernetes master aee425b19 pods.bats: force usage of the system bus 04c44932f config: fix systemd version parsing ceb473cf3 skip another failing test a69782498 e2e: skip failing test 0a2c92d17 use cgroupfs to fix tests temporarily e8c12b348 Streamline how done channel is closed in Runtime#WaitContainerStateStopped 83ec8f8ed test: bump go version to 1.14 23193ea43 Add runtime_type as an option of "--runtimes" bb54e152e runtime_vm: Apply the correct label before the sandbox is created 56140296b sandbox_run_linux: Use libconfig alias c0da93f0d test: use node readiness as an indicator to run kubetest ab8f1acdc Add logic for running openshift e2e-aws tests 164f46cc6 server: re-add gocyclo skip 6b6a604e2 Restore version output from crio --version 00af53a89 Enable SCTP and seccomp e2e tests 6b9dfc6e8 criocli: Avoid parsing the config twice 35a8caf8a StringSliceTrySplit: return a copy of the underlying slice 3d2cd5a4c Remove the protocol filter from the portMappings constructor. a296edd66 test: fix seccomp tests 3e063339a pkg/container: handle logPath 859a65099 Use the container_kvm_t label when using kata as the runtime 978a0bc3d use inactive-or-failed CollectMode if appropriate 861297e93 Close the done channel in waitContainerStop dee450550 Send only single error to stdinDone 8e4a4b774 config: add ulimits package 3752167dc logs: fix some problems 63e8f1f07 oci: check state before stop atomically c0f5c1679 Container should only be added once after passing filter 5571a88dd Add info logs for image pull and status CRI calls 490d651cc server: store container privilege bool in pkg/container 44607af0d bump runc to v1.0.0-rc90 1fed461fe config: add node package ac966530c oci: make failure to move conmon to new cgroup fatal 058d6b926 config: add cgmgr fa6114234 managed_ns: deflake tests a083494ff Add crun to static binary bundle 764d5caac Add crun to config template 87c26e6bb Update k/release to 0.3.2 954585ddc Add sandbox IPs if there is no error in IP retrieval 832e6fc19 Cleanup default info logs aa8f005d9 Check whether seccomp is enabled before making assertion 2e5aad445 Close the done channel when there is watcher error 4033c7ac4 vendor: update seccomp/containers-golang to v0.4.1 99d7f7256 Add unit test for sandbox response verbose mode 83e01c296 sandbox_status: Fix typo in error message cd85ebf7f Use correct format for logPath removal log b689ae675 Use one deferred func to execute cleanup func's a5bc7193d test: Add a test for pod pause image 166bd36d8 Return verbose information for a pod 525b1d335 Store pause image information for a pod 9197a5568 Added signature - Fixed standard cidr and typo 52dadcf42 Update golang dependencies 613cbdbee Add image pull success and failure metrics 3584fa451 attach: Don't return early for non-tty attach if there is no stdin 35c0c79e2 Fix the kubeadm command 7512d3166 Remove socat runtime dependency de262316f sandbox iface: don't fail if uid is not specified 67fc28844 Exclude failing conntrack e2e test 247d465e8 Add `privileged` indicator to container status e7e0746e3 Check that SecurityContext is not nil before dereferencing 3c7f385b3 Allow release notes for release branches d686db64c crio wipe: log less 1ffd66949 Update nix image and dependencies 92f9f68f9 container_server: disable fdatasync() for atomic writes a02f21766 vendor: update containers/storage to v1.19.2 25fcca87a bump version of libpod to get selinux e62039468 Automatically label containers running systemd with the correct label 0fda6777d Add metrics exporter and documentation 9a53c232e crio wipe: add version-file-persist e1f3fe0af Update k/release repo and use go templates 4a841df26 Update golangci lint to v1.26.0 0c3a5dff5 Switch to logrus 1.6.0 a9ff43ce9 Remove containerd/release-tool dependency a6e8db404 Update Kubernetes to 1.19.0-alpha.3 de45cf1dd Avoid unnecessary locking on runtimeImplMap 2ec6e6a73 Add `--metrics-socket`/`metrics_socket` config option a96823544 Cleanup go modules and vendor cffb00c88 Missing `cd ~/.ansible/roles` Before `git clone` fac15d5da Close done channel if the wait for ContainerStateStopped times out 086eeaa5f version: return empty link mode on failure de0f51822 version: omitempty on String() 3007180b0 Delete container Id only when impl.DeleteContainer(c) passes 727b3a116 Delete container Id from ctrIDIndex if podIDIndex.Add fails 0540afc0a Add support for making reproducible builds 8e7d4d2c0 Adds Ubuntu 20.04 to install instructions 604eeb1b3 oci: drop container level privileged flag 7b6696b65 port error: check for error 4d6d96c1e port forward: add stream nil check to pass unit tests 7016c3e13 port forward: drain the stream on error 351af8519 Vendor in v1.9.1 containers/libpod 93420c499 Fix naming unit test c83b0040a Check error return from os.Create before closing file ed3d80f87 Close channels in runtimeOCI 192621d9d Remove latest-version script 0b105b24a Remove crio-wipe and crio-shutdown systemd units from bundle 9b80a5818 Avoid removing container twice d04755a08 Return an error if context has been cancelled or deadline exceeded b5fdabc22 Use correct upload URL for binary uploads 4a6beaa9b Close the channel for syncStruct 0806f14e2 Remove unnecessary error wrapping for runtimeVM#StartContainer 65d8bb6cd Fix CI by re-generating mocks 2079196f8 cni ctx: call cancel func 6171dcf39 give fraction of timeout to network{start,stop} calls 1ad8ce652 Pass context from caller to ocicni 870cd9b7d Update ocicni vendor code to get new methods that support context argument 926daa840 Use bats v1.2.0 release for CI ae353585c Fix Linkmode path resolution 78badc81c test: check for rw mounts c6233a2b4 Makefile: include -nobuild install targets ed34636da Close childStartPipe if cmd.Start() fails d1172d693 Do not hold lock when ExponentialBackoff() is called 3eff5407b readme: drop support for unsupported branches 8f01225a4 Fix incorrect image digest for test image 83257214a test: update digests and test fa2db8d8a test: update image digest to fix test 2843f551e Fix linkmode for static binaries e785dd2fd Check for context erroring before returning from longer requests 5daa5ac79 Allow comma separated string slice parsing cd5d1a08c Add info logs where needed dc945b31d Add Installation Guide with Ansible 39a35cb30 Use absolute path to binary when retrieving linkmode dff32318b Makefile: allow customization of go commands 3261c2a75 vendor: bump ocicni to b197cd13855bae919c7c75c191c976fcc48610b9 5d2494793 Add Codecov badge to README f7896341f Fix static build DNS resolving with netgo 9b2ee751e Add docs and completions for default_env b92a3e6f7 Add a test for container default env cfcee0126 Add support for default_env in crio configuration c0b466e86 Stop container when there is error in createSandboxContainer 0c8b231c1 contrib,crun: use version which correctly writes swap 9f334aabd test: refactor handling of mem swap 7bdf93819 only set swap if we have the swap cgroup 51cfd5c76 SetLinuxResourcesMemorySwap to the LinuxResourcesMemoryLimit 44dda8b52 Add release-1.18 reference to documentation 3816fb11f Update cri-tools to v1.18.0 307be36a7 Validate capabilities on CRI-O start d67eea300 stats: spoof stats on a cgroupless ctr f25db77b3 add haircommander to OWNERS file 0361c5e37 Fix GitHub artifact upload via new upload-artifacts target a7e117e44 Update libpod to v1.9.0 ec26619e3 more retErr fixes 2e494c323 Use named error return for container_server 66dc81696 config migrate: add pause image and namespace dir 62c02af51 add stop container for StorageRuntimeServer on error 95d5ab215 bump default PauseImage to 3.2 39aef1a09 Add shellcheck linter and apply fixes b7be5b673 Update go-mod-outdated to v0.6.0 b5242b807 Add dependency report badge be8e876cd Add runtimeSpec field to container stats info 99388a706 Add OCI image spec to image stats info 7f4ac3b7d Move crio defaults back to /etc/crio/crio.conf 4e795832a Fix lint reports for setnameandid test 3f89b9539 Use proper variable for error return in Server#createSandboxContainer 10f522002 Update installation steps for CentOS 89ff7c1b9 Fix CircleCI job race accessing gh-pages branch 5ae550efd manage ns: don't remove top level directories on pod teardown fabb871e4 manage ns: debug output of pinns ffede601e branch foward: skip release candidates 55bec4dae server: skip setting memory limit to 0 c36a8ebb9 Upload release bundle automatically to GitHub ac1112c45 Update dependencies c24e99945 Generate dependencies file in gh-pages root 086982d61 systemd unit: drop requirement of crio wipe 1e0419df5 makefile: allow version to be overridden af2509fe1 Update kubeadm docs e5397f81b Add dependency report to gh-pages and CircleCI d8a709f8a Assume hugetlb is not supported by default 80d1a2466 Update shfmt to 3.1.0 96e76dd2e Enable debug symbols for binaries when make DEBUG=1 2e5b40a62 Vendor in latest containers/storage 7501a08aa Skip already uploaded artifacts with gsutil d0d099a90 restore tests: verify some namespace lifecycle cases work 92aeb50b6 fail on failed pinns c443e9b88 pinns: pin to /var/run/*ns instead of /var/run/crio/ns/* 1dcf7b931 Fix typo in apparmor tests 92863e3b3 sandbox: Make sure the label annotation is proper JSON 9afd5ff71 container_server: Wrap a few more errors in LoadSandbox 2bc9e13f5 Add image labels to ImageStatus Info 5281f1382 bump to conmon 2.0.15 5146d6c63 Add the mounts that are required by systemd b297abab6 Skip already uploaded artifacts with gsutil 1806cabfa Add release branch forward to CircleCI 5cc33b558 Update Kubernetes to v1.18.0 474d29407 Test for master tag if release branch contains none 2d5cedabe Add SetNameAndID to Sandbox interface e540ef3a8 Make release notes require results in CircleCI ab431e66d Add crio config --migrate feature 717425df0 vendor: use directly github.com/creack/pty 9e10f54d3 Use HEAD for runc built from source b91d80994 Do not take config dir into account on config creation 360177a6f Make docs-generation and completions work rootless 63230017a Move CNI plugin into NetworkConfig 3027070ca build: clean generated bin/ dir f2ffe39fb Downgrade golangci-lint to v1.23.8 856ad18aa test: drop make install.{systemd,config} c2ec5aed7 test: set cri-o systemd restart policy to no 3d110a307 build: Makefile - add shfmt target to help dfed40b4a contrib: Add kube-local tool 759f498ae Add description to magic test value d672ed1de Do not Wrapf errors if no format is specified 9d6326b4a config: remove unneeded empty values b4808eac5 skip ipv6 ping pod from pod for rhel 7 7c535f29e return default-mounts-file 66b5814ab use fedora-ping image 6a0f33ae0 unify sysctl handling b35ecf1ab test: switch from dnf to yum 88e0c419c Fix specifying string slices a5db2aee2 drop net raw: add some test fixes to update ami 63b9f4ec9 Remove NET_RAW and SYS_CHROOT capabilities 58657488e Add cni-default-network option c2b25b4ea Add hint to release notes on gh-pages to README.md b9db8f3b8 Drop musl build from nix to update to go 1.14 1963aea3e Add shell format check and apply diff e265ad0ce server/ContainerStatus: don't lock for c.State() f8f35ba32 drop conmonmon 239ac2049 stats: fix some style nits 976e9b061 Add linkmode to crio version output 309a5bf3d Add release-branch-forward script 3e3725d5b Fix gh-pages push for remote branch 5f49b2c1f Added integration test to make sure annotations are passed through to the runtime 1ed7eb389 tree_status: show the git diff ff7609400 Add kind/dependency-change label 648b94860 Add further kinds to pull request template 92ec88f99 Fix unit tests for locally configured registries b039ef652 Add SetNameAndID to Container interface 6885d9088 Publish release notes on gh-pages branch 38ba09453 avoid parallel pulls of the same image 9ae49dad8 vendor github.com/containers/image/v5@v5.3.0 60c01cc24 Switch back to machine executor for CI lint stage e1f6d2ab1 stats: prevent a segfault 15f1f14ac server: Return grpc code NotFound when we can't find container or pod 7615871d6 test: move readonly_rootfs and privileged to correct place f757e0a2d Mention starting cri-o for running with kubernetes 64e46e789 Move bundle to contrib and reuse version vars 3ac1d93bb Simplify container log path handling f3eeee275 build: make uninstall - remove systemd/config files ad7125fcc Remove utils.ExecCmdWithStdStreams in favor of utils.ExecCmd f7730c325 Add PodSandboxConfig (get/set) to Sandbox interface 03c7bd758 Avoid filename collisions in JUNIT_PATH 57b3b608d sandbox_run: import internal/lib/sandbox as libsandbox dbbfd7865 Remove github.com/docker/docker dependency 9f556378a bump conmon to 2.0.12 e02dd7ead vendor: bump github.com/containers/libpod from v1.8.0 to v1.8.1 a3bab821c Update golangci-lint to v1.24.0 7e66be6f3 Remove Update() method fb6525374 docs: add TOC to setup.md f038600d4 Skip release notes generation for forks e8ffd6e17 Add container config (set/get) to Container interface d1d165abb crun: use version 0.13 97d990230 Add target release version to generated notes 01d40e5cf Add gRPC method name to logs 40d247042 Take localhost/ images into account during pull 0f4b6d6fd fix some remaining instances of assuming cgroupfs default bb23a494d bundle/test: drop cgroupfs override a6ae391a3 stats: fix stats when systemd cgroups are used e4cc02850 integration tests: switch to systemd cgroups 9ccd5ac97 bump to conmon 2.0.11 c862e1fbd Support pulling image specified by tag and digest. b0717fc3f Restore sandbox selinux labels directly from config.json 345952cb7 Update Makefile targets and docs to crio.conf.d 12918b25e Add runc, conmon, crictl and CNI plugins to bundle c07429a56 Render latest release notes 73f42d35a Use static runc binary in CircleCI 5f745fa7d Let CRI-O start when `runc` is not in $PATH and not configured 2fae47c00 test/pod: TerminationGracePeriod: skip on CircleCI 34ee0d9ba test/pod: TerminationGracePeriod passthru test 23177bd84 Use `Value` field in CLI for non-default values 211393d25 Upload every successful built bundle to the GCS bucket 11b1fa661 Update golangci-lint to v1.23.8 97b9587f1 Add DEFAULTS_PATH to Makefile eb9cc161c Flatten internal/pkg/* packages to internal/* 4bec101bd Fix 32bit build by vendoring latest go-selinux 3c48743f8 test/conmonmon: fix getting conmon pid 3d7c5ae58 skip failing storage test c0f0c897c Add crio.conf.d(5) man-page to the bundle 4bf557482 Cleanup: minor wording adjustments in documentation 5110df3bf Fix some minor whitespace issues in crio documentation b22b31c58 Add crio.conf.d man page bb0a68503 Move pkg/config/seccomp package to internal/config/seccomp f9f058f2f Update dependencies 6ab73e82e Upgrade CI to use go 1.14 b91cb5e56 Apply Kubernetes PR template 07d329e97 Add live configuration reload to AppArmor profile 1f856928c CreateContainer: pass TerminationGracePeriod 43a03bff8 Add CI bundle tests d81de1839 Remove extra check for go modules in Makefile 917c3e764 Rebuild bin/* targets on *.go file changes d1696ce6b Improve crio --version / version output f13aad99c Make bin/pinns a PHONY target fa3d37c0c Bump kubernetes to v1.18.0-beta.0 295240116 Fix markdown for generated crio/crio-status docs 3010195bb Cleanup config default values d83645127 Drop support for golang < v1.12 eff11105a server, cgroupv2: do not create cgroupns e48d23aab Automatically retrieve digest in test image builds 61f9ca072 Add high level Sandbox and Container interface 2c422eb42 Auto inject CRI-O version c23a169d6 Change CircleCI config to build all jobs for all tags 56d48195c Uppercase first log char per default ffda0f3be Add cgroup namespace unsharing to pinns 06257791d Add live configuration reload to seccomp profile 9ec3b8dc2 cgroups: parse cgroup.controllers once d45ad21d7 Fix Fedora based integration tests 2e1d04393 Update docs and completions for crio wipe --force 153c0002e tests: update to crun 0.12.2.1 59c63a611 restore: specify runtime root to the OCI runtime d1bcb14c9 test/ctr: adapt test to cgroupv2 94c9876d8 wipe: Add a force flag for skipping version check dde9af43e Remove version marker from AppArmor profile 92d3eaf59 test: adapt to python3 0ed6aa6dd test: look for substring c12fa5a5b contrib: install crun also at /usr/local/bin/runc e502d70d3 contrib: fix ansible warning 94799c992 contrib: set crun in crio.conf when build_crun 032baf175 contrib: add tests for cgroup v2 8da112216 container: ignore hugetlb limits if not supported 5c5eb7124 Add user-notice about minimal ctr_stop_timeout 92f899ccb Update pinns build and add small cleanups 007080ec5 conmonmon: errorf when OOM killing fd88a5bd5 klog: don't write to /tmp f31362e45 Pass down the integer value of the stop signal 5a112abf4 exec: Close pipe fds to prevent hangs 23582bdd5 Add live reload to DecryptionKeysPath ad75e22be Update nix package dependencies and cleanup default.nix a5119bdc9 Make SIGHUP reload for drop-in config dir work 0bb5a2abc update installation info for debian and forks c2535c68e Add pinns binary to static bundle f838631f7 contrib: drop system containers fa8d49cb1 contrib: use crun from the containers repository a56b2f9a4 Remove trailing whitespaces from configuration template 1280b5d61 oci: Handle timeouts correctly for probes f6fa7760e fix server restore to not remove podman containers 2c311967c Bump containers storage to v1.15.8 6cefdcca7 drop host_ip from crio.conf.5.md f4449b681 vendor github.com/containers/image@v5.2.0 1d7d7a0fc Unwrap errors from label.Relabel() before checking for ENOTSUP 00fd41c97 Fix reload behavior for unqualified search registries 0eec45416 Skip invalid hooks directories by default e48fa304b Add log context to container stats f4214be7c contrib: 10-crio-bridge.conf change subnet e962246a5 Update dependencies 720545fbf Add `crio version` subcommand ee8b72e11 Update golangci-lint to v1.23.3 78e9ee352 Setup container environment variables before user f7424e9c5 fail on network stop 5284c0a0a docs: improve setup.md 11535c489 Add the container IDs that cri-o assigns to various logs 1a12f8125 move default version file location a tmpfs 764bcf5fb sandbox: skip memory check if set to "max" ff234bb71 build: make install providing systemd and config 14a2905bf fix nit from #3165 a1cdad7e9 drop host_ip and host_ips 1f1132700 Move SystemContext from Server into Config 0a8efeb0a Update Kubernetes to v1.18.0-alpha.2 2ef722b9d Update urfave/cli to latest version ea0217e36 Use new containerd/release-tool path 437fb7356 Update libpod and ocicni 68e94e249 Remove unused getHostIPs and validateHostIPs functions 59ef3883d stream server: Bind to all addresses 0074990d6 Fix integration/unit tests 34b7b7008 Vendor in latest opencontainers/runtime-tools faad45a91 Enable AppArmor tests in CircleCI 4cba27d88 docs: add a blurb about AppArmor profile precedence 0628b3dc8 Fix network ping integration test in CircleCI b74ec1c3c Add support for crio drop-in config files d43e2f359 Fix unit tests for rootless runs 65049475d Refactor sysctl handling and add unit tests e34dad0b3 Log path location when using binaries discovered in $PATH 6a51b90a1 server: allow an apparmor-unconfined container 9ec532c7f Switch default cgroup manager to systemd 50942473b Add documentation about stream_port="0" a014aa4de Fail to start when stream server port already allocated 964245f94 Run integration tests natively in CI 35e8ad4d6 Fail to start when already listening on socket 211fb388e Update golangci-lint to v1.23.1 ef1152b88 Allow server to start without config 49310bb02 Fix generated docs formatting 512fdb2f9 Take total_inactive_file into consideration for memory usage 66ef0b326 docs: remove mention to RHEL-8 beta repo in setup.md 5d38a07d6 Mention latest release branch in docs eecbc3655 Fix typos in test descriptions aa9293e95 Add image pull metrics a94e0b779 container_create_linux: refactor common code 4bb04824b Fix man page header 31ce68627 persist exit: fix some nits 1ae3626d6 Fixes to better handle exit code 914adc516 Save exit file for container in persistent directory 62d09afcd doc: improve setup.md 8fd34a082 server: create cgroupns when running on cgroup v2 bcecd7941 Destroy the pod's network when it can't be restored 36b73a8c9 Add `namespaces{-_}dir` CLI and config option 9ddf6d7d4 Update CNI plugins to v0.8.4 ee1df54f0 Use UUID generator for namespace path 5fb3192f1 Add new NSType for available namespaces a3afb54c3 Fix pinns path mismatch for install and uninstall 6c5ec8486 remove ErrClosedNS 9d7f8ed21 Fix possible segmentation fault in namespace removal 8bcefec51 Change AppArmor profile handling to fallback to the default a0cb8161d Update to conmon v2.0.9 0c02f5453 Fix possible segmentation fault in error handling 20b449bbf Cleanup sandbox shared memory before removing it 1c28b2395 update createSandboxContainer to parse hugepages limit from CRI message 7646a7fd5 Update vendor to v1.18.0-alpha.1 Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
125 lines
4.5 KiB
BlitzBasic
125 lines
4.5 KiB
BlitzBasic
HOMEPAGE = "https://github.com/kubernetes-sigs/cri-o"
|
|
SUMMARY = "Open Container Initiative-based implementation of Kubernetes Container Runtime Interface"
|
|
DESCRIPTION = "cri-o is meant to provide an integration path between OCI conformant \
|
|
runtimes and the kubelet. Specifically, it implements the Kubelet Container Runtime \
|
|
Interface (CRI) using OCI conformant runtimes. The scope of cri-o is tied to the scope of the CRI. \
|
|
. \
|
|
At a high level, we expect the scope of cri-o to be restricted to the following functionalities: \
|
|
. \
|
|
- Support multiple image formats including the existing Docker image format \
|
|
- Support for multiple means to download images including trust & image verification \
|
|
- Container image management (managing image layers, overlay filesystems, etc) \
|
|
- Container process lifecycle management \
|
|
- Monitoring and logging required to satisfy the CRI \
|
|
- Resource isolation as required by the CRI \
|
|
"
|
|
|
|
SRCREV_cri-o = "7f6ccb579c26519df8cefbf6c9220bd65e25830a"
|
|
SRC_URI = "\
|
|
git://github.com/kubernetes-sigs/cri-o.git;branch=release-1.21;name=cri-o \
|
|
file://0001-Makefile-force-symlinks.patch \
|
|
file://crio.conf \
|
|
"
|
|
|
|
# Apache-2.0 for docker
|
|
LICENSE = "Apache-2.0"
|
|
LIC_FILES_CHKSUM = "file://src/import/LICENSE;md5=e3fc50a88d0a364313df4b21ef20c29e"
|
|
|
|
GO_IMPORT = "import"
|
|
|
|
PV = "1.21.0+git${SRCREV_cri-o}"
|
|
|
|
DEPENDS = " \
|
|
glib-2.0 \
|
|
btrfs-tools \
|
|
gpgme \
|
|
ostree \
|
|
libdevmapper \
|
|
libseccomp \
|
|
libselinux \
|
|
"
|
|
RDEPENDS_${PN} = " \
|
|
cni \
|
|
libdevmapper \
|
|
"
|
|
|
|
python __anonymous() {
|
|
msg = ""
|
|
# ERROR: Nothing PROVIDES 'libseccomp' (but /buildarea/layers/meta-virtualization/recipes-containers/cri-o/cri-o_git.bb DEPENDS on or otherwise requires it).
|
|
# ERROR: Required build target 'meta-world-pkgdata' has no buildable providers.
|
|
# Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 'cri-o', 'libseccomp']
|
|
if 'security' not in d.getVar('BBFILE_COLLECTIONS').split():
|
|
msg += "Make sure meta-security should be present as it provides 'libseccomp'"
|
|
raise bb.parse.SkipRecipe(msg)
|
|
# ERROR: Nothing PROVIDES 'libselinux' (but /buildarea/layers/meta-virtualization/recipes-containers/cri-o/cri-o_git.bb DEPENDS on or otherwise requires it).
|
|
# ERROR: Required build target 'meta-world-pkgdata' has no buildable providers.
|
|
# Missing or unbuildable dependency chain was: ['meta-world-pkgdata', 'cri-o', 'libselinux']
|
|
elif 'selinux' not in d.getVar('BBFILE_COLLECTIONS').split():
|
|
msg += "Make sure meta-selinux should be present as it provides 'libselinux'"
|
|
raise bb.parse.SkipRecipe(msg)
|
|
}
|
|
|
|
PACKAGES =+ "${PN}-config"
|
|
|
|
RDEPENDS_${PN} += " virtual/containerd virtual/runc"
|
|
RDEPENDS_${PN} += " e2fsprogs-mke2fs conmon util-linux iptables conntrack-tools"
|
|
|
|
inherit systemd
|
|
inherit go
|
|
inherit goarch
|
|
inherit pkgconfig
|
|
|
|
EXTRA_OEMAKE="BUILDTAGS=''"
|
|
|
|
do_compile() {
|
|
set +e
|
|
|
|
cd ${S}/src/import
|
|
|
|
oe_runmake local-cross
|
|
oe_runmake binaries
|
|
}
|
|
|
|
SYSTEMD_PACKAGES = "${@bb.utils.contains('DISTRO_FEATURES','systemd','${PN}','',d)}"
|
|
SYSTEMD_SERVICE_${PN} = "${@bb.utils.contains('DISTRO_FEATURES','systemd','crio.service','',d)}"
|
|
SYSTEMD_AUTO_ENABLE_${PN} = "enable"
|
|
|
|
do_install() {
|
|
set +e
|
|
localbindir="/usr/local/bin"
|
|
|
|
install -d ${D}${localbindir}
|
|
install -d ${D}/${libexecdir}/crio
|
|
install -d ${D}/${sysconfdir}/crio
|
|
install -d ${D}${systemd_unitdir}/system/
|
|
install -d ${D}/usr/share/containers/oci/hooks.d
|
|
|
|
install ${WORKDIR}/crio.conf ${D}/${sysconfdir}/crio/crio.conf
|
|
|
|
# sample config files, they'll go in the ${PN}-config below
|
|
install -d ${D}/${sysconfdir}/crio/config/
|
|
install -m 755 -D ${S}/src/import/test/testdata/* ${D}/${sysconfdir}/crio/config/
|
|
|
|
install ${S}/src/import/bin/crio.cross.linux* ${D}/${localbindir}/crio
|
|
install ${S}/src/import/bin/crio-status ${D}/${localbindir}/
|
|
install ${S}/src/import/bin/pinns ${D}/${localbindir}/
|
|
|
|
install -m 0644 ${S}/src/import/contrib/systemd/crio.service ${D}${systemd_unitdir}/system/
|
|
install -m 0644 ${S}/src/import/contrib/systemd/crio-shutdown.service ${D}${systemd_unitdir}/system/
|
|
install -m 0644 ${S}/src/import/contrib/systemd/crio-wipe.service ${D}${systemd_unitdir}/system/
|
|
}
|
|
|
|
FILES_${PN}-config = "${sysconfdir}/crio/config/*"
|
|
FILES_${PN} += "${systemd_unitdir}/system/*"
|
|
FILES_${PN} += "/usr/local/bin/*"
|
|
FILES_${PN} += "/usr/share/containers/oci/hooks.d"
|
|
|
|
# don't clobber hooks.d
|
|
ALLOW_EMPTY_${PN} = "1"
|
|
|
|
INSANE_SKIP_${PN} += "ldflags already-stripped"
|
|
|
|
deltask compile_ptest_base
|
|
|
|
COMPATIBLE_HOST = "^(?!(qemu)?mips).*"
|