mirror of https://github.com/k3s-io/k3s
Merge pull request #933 from erikwilson/bump-cri
Bump containerd, cri, & cri-toolspull/942/head v0.10.0
commit
f9888ca3bb
6
go.mod
6
go.mod
|
@ -7,7 +7,7 @@ replace (
|
|||
github.com/containerd/btrfs => github.com/containerd/btrfs v0.0.0-20181101203652-af5082808c83
|
||||
github.com/containerd/cgroups => github.com/containerd/cgroups v0.0.0-20190717030353-c4b9ac5c7601
|
||||
github.com/containerd/console => github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50
|
||||
github.com/containerd/containerd => github.com/rancher/containerd v1.3.0-k3s.1
|
||||
github.com/containerd/containerd => github.com/rancher/containerd v1.3.0-k3s.2
|
||||
github.com/containerd/continuity => github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02
|
||||
github.com/containerd/fifo => github.com/containerd/fifo v0.0.0-20190816180239-bda0ff6ed73c
|
||||
github.com/containerd/go-runc => github.com/containerd/go-runc v0.0.0-20190911050354-e029b79d8cda
|
||||
|
@ -23,7 +23,7 @@ replace (
|
|||
github.com/golangci/gosec => github.com/golangci/gosec v0.0.0-20190211064107-66fb7fc33547
|
||||
github.com/golangci/ineffassign => github.com/golangci/ineffassign v0.0.0-20190609212857-42439a7714cc
|
||||
github.com/golangci/lint-1 => github.com/golangci/lint-1 v0.0.0-20190420132249-ee948d087217
|
||||
github.com/kubernetes-sigs/cri-tools => github.com/rancher/cri-tools v1.16.0-k3s.1
|
||||
github.com/kubernetes-sigs/cri-tools => github.com/rancher/cri-tools v1.16.1-k3s.1
|
||||
github.com/matryer/moq => github.com/rancher/moq v0.0.0-20190404221404-ee5226d43009
|
||||
github.com/opencontainers/runtime-spec => github.com/opencontainers/runtime-spec v0.0.0-20180911193056-5684b8af48c1
|
||||
github.com/prometheus/client_golang => github.com/prometheus/client_golang v0.9.2
|
||||
|
@ -67,7 +67,7 @@ require (
|
|||
github.com/containerd/cgroups v0.0.0-20190923161937-abd0b19954a6 // indirect
|
||||
github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69
|
||||
github.com/containerd/continuity v0.0.0-20190827140505-75bee3e2ccb6 // indirect
|
||||
github.com/containerd/cri v1.11.1-0.20190909171321-f4d75d321c89
|
||||
github.com/containerd/cri v1.11.1-0.20191009213552-1fb415d208be
|
||||
github.com/containerd/fifo v0.0.0-20190816180239-bda0ff6ed73c // indirect
|
||||
github.com/containerd/go-cni v0.0.0-20190904155053-d20b7eebc7ee // indirect
|
||||
github.com/containerd/go-runc v0.0.0-20190923131748-a2952bc25f51 // indirect
|
||||
|
|
12
go.sum
12
go.sum
|
@ -100,8 +100,8 @@ github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50 h1:WMpHmC6AxwWb
|
|||
github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw=
|
||||
github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02 h1:tN9D97v5A5QuKdcKHKt+UMKrkQ5YXUnD8iM7IAAjEfI=
|
||||
github.com/containerd/continuity v0.0.0-20190815185530-f2a389ac0a02/go.mod h1:GL3xCUCBDV3CZiTSEKksMWbLE66hEyuu9qyDOOqM47Y=
|
||||
github.com/containerd/cri v1.11.1-0.20190909171321-f4d75d321c89 h1:RIq5tp1MCjyzXik4Bh8S8nKkhrp/NoFAdND3FEQ+5H0=
|
||||
github.com/containerd/cri v1.11.1-0.20190909171321-f4d75d321c89/go.mod h1:DavH5Qa8+6jOmeOMO3dhWoqksucZDe06LfuhBz/xPZs=
|
||||
github.com/containerd/cri v1.11.1-0.20191009213552-1fb415d208be h1:KHWCXlSziZmCfhtrX1YuWzL/EJ7OBViYvUn4wJzHZ0E=
|
||||
github.com/containerd/cri v1.11.1-0.20191009213552-1fb415d208be/go.mod h1:DavH5Qa8+6jOmeOMO3dhWoqksucZDe06LfuhBz/xPZs=
|
||||
github.com/containerd/fifo v0.0.0-20190816180239-bda0ff6ed73c h1:KFbqHhDeaHM7IfFtXHfUHMDaUStpM2YwBR+iJCIOsKk=
|
||||
github.com/containerd/fifo v0.0.0-20190816180239-bda0ff6ed73c/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI=
|
||||
github.com/containerd/go-cni v0.0.0-20190904155053-d20b7eebc7ee h1:fV37ZKnYs79fSyI3mu/XZFJVezrVsXBLbfojcTPpdXM=
|
||||
|
@ -559,10 +559,10 @@ github.com/quasilyte/go-consistent v0.0.0-20190521200055-c6f3937de18c/go.mod h1:
|
|||
github.com/quobyte/api v0.1.2/go.mod h1:jL7lIHrmqQ7yh05OJ+eEEdHr0u/kmT1Ff9iHd+4H6VI=
|
||||
github.com/rakelkar/gonetsh v0.0.0-20190719023240-501daadcadf8 h1:83l9gPhYtgxODlZKU0Odq4pQuDcMZEVgAh364+PV3OU=
|
||||
github.com/rakelkar/gonetsh v0.0.0-20190719023240-501daadcadf8/go.mod h1:4XHkfaUj+URzGO9sohoAgt2V9Y8nIW7fugpu0E6gShk=
|
||||
github.com/rancher/containerd v1.3.0-k3s.1 h1:8dz25shb4egTLl0nOXQdtllx20LEXsuOs4qJi/jnqqg=
|
||||
github.com/rancher/containerd v1.3.0-k3s.1/go.mod h1:ZMfzmqce2Z+QSEqdHMfeJs1TZ/UeJ1aDrazjpQT4ehM=
|
||||
github.com/rancher/cri-tools v1.16.0-k3s.1 h1:cv/iVFkfvDLfpSqGFwgyQbMKLGRzcXo8AALUsd8s5qE=
|
||||
github.com/rancher/cri-tools v1.16.0-k3s.1/go.mod h1:TEKhKv2EJIZp+p9jnEy4C63g8CosJzsI4kyKKkHag+8=
|
||||
github.com/rancher/containerd v1.3.0-k3s.2 h1:l3hHJRVNreflDuePWkJiONdSylPqNnNoqBkerqWUcFQ=
|
||||
github.com/rancher/containerd v1.3.0-k3s.2/go.mod h1:ZMfzmqce2Z+QSEqdHMfeJs1TZ/UeJ1aDrazjpQT4ehM=
|
||||
github.com/rancher/cri-tools v1.16.1-k3s.1 h1:iporgQ46noE6dtLzq6fWcIO2qjyPZy2m42d2P+UnGJg=
|
||||
github.com/rancher/cri-tools v1.16.1-k3s.1/go.mod h1:TEKhKv2EJIZp+p9jnEy4C63g8CosJzsI4kyKKkHag+8=
|
||||
github.com/rancher/dynamiclistener v0.1.1-0.20191010011134-8a2488bc860a h1:1bUYAv5U/Ky4YJ9o8gWxX+vNcjpIL3JWNBao70OlkFE=
|
||||
github.com/rancher/dynamiclistener v0.1.1-0.20191010011134-8a2488bc860a/go.mod h1:8hbGf35mB7ormKEFqsAgjgeI5rLbj5N764jG41dNhps=
|
||||
github.com/rancher/flannel v0.11.0-k3s.1 h1:mIwnfWDafjzQgFkZeJ1AkFrrAT3EdBaA1giE0eLJKo8=
|
||||
|
|
|
@ -77,6 +77,7 @@ script:
|
|||
- go build -i .
|
||||
- make check
|
||||
- if [ "$GOOS" = "linux" ]; then make check-protos check-api-descriptors; fi
|
||||
- if [ "$TRAVIS_GOOS" = "linux" ]; then make man ; fi
|
||||
- make build
|
||||
- make binaries
|
||||
- if [ "$TRAVIS_GOOS" = "linux" ]; then sudo make install ; fi
|
||||
|
|
|
@ -203,11 +203,19 @@ man: mandir $(addprefix man/,$(MANPAGES))
|
|||
mandir:
|
||||
@mkdir -p man
|
||||
|
||||
genman: FORCE
|
||||
go run cmd/gen-manpages/main.go man/
|
||||
# Kept for backwards compatability
|
||||
genman: man/containerd.1 man/ctr.1
|
||||
|
||||
man/containerd.1: FORCE
|
||||
@echo "$(WHALE) $@"
|
||||
go run cmd/gen-manpages/main.go containerd man/
|
||||
|
||||
man/ctr.1: FORCE
|
||||
@echo "$(WHALE) $@"
|
||||
go run cmd/gen-manpages/main.go ctr man/
|
||||
|
||||
man/%: docs/man/%.md FORCE
|
||||
@echo "$(WHALE) $<"
|
||||
@echo "$(WHALE) $@"
|
||||
go-md2man -in "$<" -out "$@"
|
||||
|
||||
define installmanpage
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
[Unit]
|
||||
Description=containerd container runtime
|
||||
Documentation=https://containerd.io
|
||||
After=network.target
|
||||
After=network.target local-fs.target
|
||||
|
||||
[Service]
|
||||
ExecStartPre=-/sbin/modprobe overlay
|
||||
|
|
|
@ -40,7 +40,9 @@ import (
|
|||
|
||||
var bufPool = sync.Pool{
|
||||
New: func() interface{} {
|
||||
buffer := make([]byte, 32<<10)
|
||||
// setting to 4096 to align with PIPE_BUF
|
||||
// http://man7.org/linux/man-pages/man7/pipe.7.html
|
||||
buffer := make([]byte, 4096)
|
||||
return &buffer
|
||||
},
|
||||
}
|
||||
|
|
|
@ -91,9 +91,12 @@ func (t *Task) PID() uint32 {
|
|||
|
||||
// Delete the task and return the exit status
|
||||
func (t *Task) Delete(ctx context.Context) (*runtime.Exit, error) {
|
||||
rsp, err := t.shim.Delete(ctx, empty)
|
||||
if err != nil && !errdefs.IsNotFound(err) {
|
||||
return nil, errdefs.FromGRPC(err)
|
||||
rsp, shimErr := t.shim.Delete(ctx, empty)
|
||||
if shimErr != nil {
|
||||
shimErr = errdefs.FromGRPC(shimErr)
|
||||
if !errdefs.IsNotFound(shimErr) {
|
||||
return nil, shimErr
|
||||
}
|
||||
}
|
||||
t.tasks.Delete(ctx, t.id)
|
||||
if err := t.shim.KillShim(ctx); err != nil {
|
||||
|
@ -102,6 +105,9 @@ func (t *Task) Delete(ctx context.Context) (*runtime.Exit, error) {
|
|||
if err := t.bundle.Delete(); err != nil {
|
||||
log.G(ctx).WithError(err).Error("failed to delete bundle")
|
||||
}
|
||||
if shimErr != nil {
|
||||
return nil, shimErr
|
||||
}
|
||||
t.events.Publish(ctx, runtime.TaskDeleteEventTopic, &eventstypes.TaskDelete{
|
||||
ContainerID: t.id,
|
||||
ExitStatus: rsp.ExitStatus,
|
||||
|
|
|
@ -55,7 +55,7 @@ var (
|
|||
empty = &ptypes.Empty{}
|
||||
bufPool = sync.Pool{
|
||||
New: func() interface{} {
|
||||
buffer := make([]byte, 32<<10)
|
||||
buffer := make([]byte, 4096)
|
||||
return &buffer
|
||||
},
|
||||
}
|
||||
|
@ -217,7 +217,7 @@ func (s *Service) Delete(ctx context.Context, r *ptypes.Empty) (*shimapi.DeleteR
|
|||
return nil, err
|
||||
}
|
||||
if err := p.Delete(ctx); err != nil {
|
||||
return nil, err
|
||||
return nil, errdefs.ToGRPC(err)
|
||||
}
|
||||
s.mu.Lock()
|
||||
delete(s.processes, s.id)
|
||||
|
@ -240,7 +240,7 @@ func (s *Service) DeleteProcess(ctx context.Context, r *shimapi.DeleteProcessReq
|
|||
return nil, err
|
||||
}
|
||||
if err := p.Delete(ctx); err != nil {
|
||||
return nil, err
|
||||
return nil, errdefs.ToGRPC(err)
|
||||
}
|
||||
s.mu.Lock()
|
||||
delete(s.processes, r.ID)
|
||||
|
|
|
@ -55,6 +55,7 @@ func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console
|
|||
io.CopyBuffer(epollConsole, in, *bp)
|
||||
// we need to shutdown epollConsole when pipe broken
|
||||
epollConsole.Shutdown(p.epoller.CloseConsole)
|
||||
epollConsole.Close()
|
||||
}()
|
||||
}
|
||||
|
||||
|
@ -73,9 +74,8 @@ func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console
|
|||
p := bufPool.Get().(*[]byte)
|
||||
defer bufPool.Put(p)
|
||||
io.CopyBuffer(outw, epollConsole, *p)
|
||||
epollConsole.Close()
|
||||
outr.Close()
|
||||
outw.Close()
|
||||
outr.Close()
|
||||
wg.Done()
|
||||
}()
|
||||
cwg.Wait()
|
||||
|
|
|
@ -32,7 +32,9 @@ import (
|
|||
|
||||
var bufPool = sync.Pool{
|
||||
New: func() interface{} {
|
||||
buffer := make([]byte, 32<<10)
|
||||
// setting to 4096 to align with PIPE_BUF
|
||||
// http://man7.org/linux/man-pages/man7/pipe.7.html
|
||||
buffer := make([]byte, 4096)
|
||||
return &buffer
|
||||
},
|
||||
}
|
||||
|
@ -77,6 +79,7 @@ func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console
|
|||
io.CopyBuffer(epollConsole, in, *bp)
|
||||
// we need to shutdown epollConsole when pipe broken
|
||||
epollConsole.Shutdown(p.epoller.CloseConsole)
|
||||
epollConsole.Close()
|
||||
}()
|
||||
}
|
||||
|
||||
|
@ -95,9 +98,9 @@ func (p *linuxPlatform) CopyConsole(ctx context.Context, console console.Console
|
|||
buf := bufPool.Get().(*[]byte)
|
||||
defer bufPool.Put(buf)
|
||||
io.CopyBuffer(outw, epollConsole, *buf)
|
||||
epollConsole.Close()
|
||||
outr.Close()
|
||||
|
||||
outw.Close()
|
||||
outr.Close()
|
||||
wg.Done()
|
||||
}()
|
||||
cwg.Wait()
|
||||
|
|
|
@ -222,11 +222,14 @@ func (s *shim) Close() error {
|
|||
}
|
||||
|
||||
func (s *shim) Delete(ctx context.Context) (*runtime.Exit, error) {
|
||||
response, err := s.task.Delete(ctx, &task.DeleteRequest{
|
||||
response, shimErr := s.task.Delete(ctx, &task.DeleteRequest{
|
||||
ID: s.ID(),
|
||||
})
|
||||
if err != nil && !errdefs.IsNotFound(err) {
|
||||
return nil, errdefs.FromGRPC(err)
|
||||
if shimErr != nil {
|
||||
shimErr = errdefs.FromGRPC(shimErr)
|
||||
if !errdefs.IsNotFound(shimErr) {
|
||||
return nil, shimErr
|
||||
}
|
||||
}
|
||||
// remove self from the runtime task list
|
||||
// this seems dirty but it cleans up the API across runtimes, tasks, and the service
|
||||
|
@ -238,6 +241,9 @@ func (s *shim) Delete(ctx context.Context) (*runtime.Exit, error) {
|
|||
if err := s.bundle.Delete(); err != nil {
|
||||
log.G(ctx).WithError(err).Error("failed to delete bundle")
|
||||
}
|
||||
if shimErr != nil {
|
||||
return nil, shimErr
|
||||
}
|
||||
return &runtime.Exit{
|
||||
Status: response.ExitStatus,
|
||||
Timestamp: response.ExitedAt,
|
||||
|
|
|
@ -241,7 +241,7 @@ func (l *local) Delete(ctx context.Context, r *api.DeleteTaskRequest, _ ...grpc.
|
|||
}
|
||||
exit, err := t.Delete(ctx)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, errdefs.ToGRPC(err)
|
||||
}
|
||||
return &api.DeleteResponse{
|
||||
ExitStatus: exit.Status,
|
||||
|
@ -257,7 +257,7 @@ func (l *local) DeleteProcess(ctx context.Context, r *api.DeleteProcessRequest,
|
|||
}
|
||||
process, err := t.Process(ctx, r.ExecID)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, errdefs.ToGRPC(err)
|
||||
}
|
||||
exit, err := process.Delete(ctx)
|
||||
if err != nil {
|
||||
|
|
|
@ -286,7 +286,15 @@ func (o *snapshotter) createSnapshot(ctx context.Context, kind snapshots.Kind, k
|
|||
if td != "" {
|
||||
if len(s.ParentIDs) > 0 {
|
||||
parent := o.getSnapshotDir(s.ParentIDs[0])
|
||||
if err := fs.CopyDir(td, parent); err != nil {
|
||||
xattrErrorHandler := func(dst, src, xattrKey string, copyErr error) error {
|
||||
// security.* xattr cannot be copied in most cases (moby/buildkit#1189)
|
||||
log.G(ctx).WithError(copyErr).Debugf("failed to copy xattr %q", xattrKey)
|
||||
return nil
|
||||
}
|
||||
copyDirOpts := []fs.CopyDirOpt{
|
||||
fs.WithXAttrErrorHandler(xattrErrorHandler),
|
||||
}
|
||||
if err := fs.CopyDir(td, parent, copyDirOpts...); err != nil {
|
||||
return nil, errors.Wrap(err, "copying of parent failed")
|
||||
}
|
||||
}
|
||||
|
|
|
@ -20,7 +20,7 @@ github.com/gogo/protobuf v1.2.1
|
|||
github.com/gogo/googleapis v1.2.0
|
||||
github.com/golang/protobuf v1.2.0
|
||||
github.com/opencontainers/runtime-spec 29686dbc5559d93fb1ef402eeda3e35c38d75af4 # v1.0.1-59-g29686db
|
||||
github.com/opencontainers/runc 3e425f80a8c931f88e6d94a8c831b9d5aa481657 # v1.0.0-rc8+ CVE-2019-16884
|
||||
github.com/opencontainers/runc d736ef14f0288d6993a1845745d6756cfc9ddd5a # v1.0.0-rc9
|
||||
github.com/konsorten/go-windows-terminal-sequences v1.0.1
|
||||
github.com/sirupsen/logrus v1.4.1
|
||||
github.com/urfave/cli v1.22.0
|
||||
|
|
|
@ -21,14 +21,14 @@ cache:
|
|||
- "${HOME}/google-cloud-sdk/"
|
||||
|
||||
before_install:
|
||||
# libseccomp in trusty is not new enough, need backports version.
|
||||
- sudo sh -c "echo 'deb http://archive.ubuntu.com/ubuntu trusty-backports main restricted universe multiverse' > /etc/apt/sources.list.d/backports.list"
|
||||
- sudo apt-get update
|
||||
# Enable ipv6 for dualstack integration test.
|
||||
- sudo sysctl net.ipv6.conf.all.disable_ipv6=0
|
||||
|
||||
install:
|
||||
- sudo apt-get install btrfs-tools
|
||||
- sudo apt-get install libseccomp2/trusty-backports
|
||||
- sudo apt-get install libseccomp-dev/trusty-backports
|
||||
- sudo apt-get install libseccomp2
|
||||
- sudo apt-get install libseccomp-dev
|
||||
- sudo apt-get install socat
|
||||
|
||||
before_script:
|
||||
|
|
|
@ -170,7 +170,10 @@ install.tools: .install.gitvalidation .install.golangci-lint .install.vndr ## in
|
|||
|
||||
.install.golangci-lint:
|
||||
@echo "$(WHALE) $@"
|
||||
$(GO) get -u github.com/golangci/golangci-lint/cmd/golangci-lint
|
||||
$(GO) get -d github.com/golangci/golangci-lint/cmd/golangci-lint
|
||||
@cd $(GOPATH)/src/github.com/golangci/golangci-lint/cmd/golangci-lint; \
|
||||
git checkout v1.18.0; \
|
||||
go install
|
||||
|
||||
.install.vndr:
|
||||
@echo "$(WHALE) $@"
|
||||
|
|
|
@ -85,8 +85,9 @@ type CniConfig struct {
|
|||
NetworkPluginMaxConfNum int `toml:"max_conf_num" json:"maxConfNum"`
|
||||
// NetworkPluginConfTemplate is the file path of golang template used to generate
|
||||
// cni config.
|
||||
// When it is set, containerd will get cidr from kubelet to replace {{.PodCIDR}} in
|
||||
// the template, and write the config into NetworkPluginConfDir.
|
||||
// When it is set, containerd will get cidr(s) from kubelet to replace {{.PodCIDR}},
|
||||
// {{.PodCIDRRanges}} or {{.Routes}} in the template, and write the config into
|
||||
// NetworkPluginConfDir.
|
||||
// Ideally the cni config should be placed by system admin or cni daemon like calico,
|
||||
// weaveworks etc. However, there are still users using kubenet
|
||||
// (https://kubernetes.io/docs/concepts/cluster-administration/network-plugins/#kubenet)
|
||||
|
|
|
@ -331,6 +331,7 @@ func (c *criService) generateContainerSpec(id string, sandboxID string, sandboxP
|
|||
customopts.WithoutDefaultSecuritySettings,
|
||||
customopts.WithRelativeRoot(relativeRootfsPath),
|
||||
customopts.WithProcessArgs(config, imageConfig),
|
||||
oci.WithDefaultPathEnv,
|
||||
// this will be set based on the security context below
|
||||
oci.WithNewPrivileges,
|
||||
}
|
||||
|
|
|
@ -139,14 +139,13 @@ func (c *criService) RunPodSandbox(ctx context.Context, r *runtime.RunPodSandbox
|
|||
// In this case however caching the IP will add a subtle performance enhancement by avoiding
|
||||
// calls to network namespace of the pod to query the IP of the veth interface on every
|
||||
// SandboxStatus request.
|
||||
sandbox.IP, sandbox.CNIResult, err = c.setupPod(ctx, id, sandbox.NetNSPath, config)
|
||||
if err != nil {
|
||||
if err := c.setupPodNetwork(ctx, &sandbox); err != nil {
|
||||
return nil, errors.Wrapf(err, "failed to setup network for sandbox %q", id)
|
||||
}
|
||||
defer func() {
|
||||
if retErr != nil {
|
||||
// Teardown network if an error is returned.
|
||||
if err := c.teardownPod(ctx, id, sandbox.NetNSPath, config); err != nil {
|
||||
if err := c.teardownPodNetwork(ctx, sandbox); err != nil {
|
||||
log.G(ctx).WithError(err).Errorf("Failed to destroy network for sandbox %q", id)
|
||||
}
|
||||
}
|
||||
|
@ -544,10 +543,15 @@ func (c *criService) unmountSandboxFiles(id string, config *runtime.PodSandboxCo
|
|||
return nil
|
||||
}
|
||||
|
||||
// setupPod setups up the network for a pod
|
||||
func (c *criService) setupPod(ctx context.Context, id string, path string, config *runtime.PodSandboxConfig) (string, *cni.CNIResult, error) {
|
||||
// setupPodNetwork setups up the network for a pod
|
||||
func (c *criService) setupPodNetwork(ctx context.Context, sandbox *sandboxstore.Sandbox) error {
|
||||
var (
|
||||
id = sandbox.ID
|
||||
config = sandbox.Config
|
||||
path = sandbox.NetNSPath
|
||||
)
|
||||
if c.netPlugin == nil {
|
||||
return "", nil, errors.New("cni config not initialized")
|
||||
return errors.New("cni config not initialized")
|
||||
}
|
||||
|
||||
labels := getPodCNILabels(id, config)
|
||||
|
@ -556,7 +560,7 @@ func (c *criService) setupPod(ctx context.Context, id string, path string, confi
|
|||
// or an unreasonable valure see validateBandwidthIsReasonable()
|
||||
bandWidth, err := toCNIBandWidth(config.Annotations)
|
||||
if err != nil {
|
||||
return "", nil, errors.Wrap(err, "failed to get bandwidth info from annotations")
|
||||
return errors.Wrap(err, "failed to get bandwidth info from annotations")
|
||||
}
|
||||
|
||||
result, err := c.netPlugin.Setup(ctx, id,
|
||||
|
@ -567,18 +571,20 @@ func (c *criService) setupPod(ctx context.Context, id string, path string, confi
|
|||
)
|
||||
|
||||
if err != nil {
|
||||
return "", nil, err
|
||||
return err
|
||||
}
|
||||
logDebugCNIResult(ctx, id, result)
|
||||
// Check if the default interface has IP config
|
||||
if configs, ok := result.Interfaces[defaultIfName]; ok && len(configs.IPConfigs) > 0 {
|
||||
return selectPodIP(configs.IPConfigs), result, nil
|
||||
sandbox.IP, sandbox.AdditionalIPs = selectPodIPs(configs.IPConfigs)
|
||||
sandbox.CNIResult = result
|
||||
return nil
|
||||
}
|
||||
// If it comes here then the result was invalid so destroy the pod network and return error
|
||||
if err := c.teardownPod(ctx, id, path, config); err != nil {
|
||||
if err := c.teardownPodNetwork(ctx, *sandbox); err != nil {
|
||||
log.G(ctx).WithError(err).Errorf("Failed to destroy network for sandbox %q", id)
|
||||
}
|
||||
return "", result, errors.Errorf("failed to find network info for sandbox %q", id)
|
||||
return errors.Errorf("failed to find network info for sandbox %q", id)
|
||||
}
|
||||
|
||||
// toCNIBandWidth converts CRI annotations to CNI bandwidth.
|
||||
|
@ -623,14 +629,28 @@ func toCNIPortMappings(criPortMappings []*runtime.PortMapping) []cni.PortMapping
|
|||
return portMappings
|
||||
}
|
||||
|
||||
// selectPodIP select an ip from the ip list. It prefers ipv4 more than ipv6.
|
||||
func selectPodIP(ipConfigs []*cni.IPConfig) string {
|
||||
// selectPodIPs select an ip from the ip list. It prefers ipv4 more than ipv6
|
||||
// and returns the additional ips
|
||||
// TODO(random-liu): Revisit the ip order in the ipv6 beta stage. (cri#1278)
|
||||
func selectPodIPs(ipConfigs []*cni.IPConfig) (string, []string) {
|
||||
var (
|
||||
additionalIPs []string
|
||||
ip string
|
||||
)
|
||||
for _, c := range ipConfigs {
|
||||
if c.IP.To4() != nil {
|
||||
return c.IP.String()
|
||||
if c.IP.To4() != nil && ip == "" {
|
||||
ip = c.IP.String()
|
||||
} else {
|
||||
additionalIPs = append(additionalIPs, c.IP.String())
|
||||
}
|
||||
}
|
||||
return ipConfigs[0].IP.String()
|
||||
if ip != "" {
|
||||
return ip, additionalIPs
|
||||
}
|
||||
if len(ipConfigs) == 1 {
|
||||
return additionalIPs[0], nil
|
||||
}
|
||||
return additionalIPs[0], additionalIPs[1:]
|
||||
}
|
||||
|
||||
// untrustedWorkload returns true if the sandbox contains untrusted workload.
|
||||
|
|
|
@ -37,11 +37,11 @@ func (c *criService) PodSandboxStatus(ctx context.Context, r *runtime.PodSandbox
|
|||
return nil, errors.Wrap(err, "an error occurred when try to find sandbox")
|
||||
}
|
||||
|
||||
ip, err := c.getIP(sandbox)
|
||||
ip, additionalIPs, err := c.getIPs(sandbox)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "failed to get sandbox ip")
|
||||
}
|
||||
status := toCRISandboxStatus(sandbox.Metadata, sandbox.Status.Get(), ip)
|
||||
status := toCRISandboxStatus(sandbox.Metadata, sandbox.Status.Get(), ip, additionalIPs)
|
||||
if status.GetCreatedAt() == 0 {
|
||||
// CRI doesn't allow CreatedAt == 0.
|
||||
info, err := sandbox.Container.Info(ctx)
|
||||
|
@ -66,38 +66,45 @@ func (c *criService) PodSandboxStatus(ctx context.Context, r *runtime.PodSandbox
|
|||
}, nil
|
||||
}
|
||||
|
||||
func (c *criService) getIP(sandbox sandboxstore.Sandbox) (string, error) {
|
||||
func (c *criService) getIPs(sandbox sandboxstore.Sandbox) (string, []string, error) {
|
||||
config := sandbox.Config
|
||||
|
||||
if config.GetLinux().GetSecurityContext().GetNamespaceOptions().GetNetwork() == runtime.NamespaceMode_NODE {
|
||||
// For sandboxes using the node network we are not
|
||||
// responsible for reporting the IP.
|
||||
return "", nil
|
||||
return "", nil, nil
|
||||
}
|
||||
|
||||
if closed, err := sandbox.NetNS.Closed(); err != nil {
|
||||
return "", errors.Wrap(err, "check network namespace closed")
|
||||
return "", nil, errors.Wrap(err, "check network namespace closed")
|
||||
} else if closed {
|
||||
return "", nil
|
||||
return "", nil, nil
|
||||
}
|
||||
|
||||
return sandbox.IP, nil
|
||||
return sandbox.IP, sandbox.AdditionalIPs, nil
|
||||
}
|
||||
|
||||
// toCRISandboxStatus converts sandbox metadata into CRI pod sandbox status.
|
||||
func toCRISandboxStatus(meta sandboxstore.Metadata, status sandboxstore.Status, ip string) *runtime.PodSandboxStatus {
|
||||
func toCRISandboxStatus(meta sandboxstore.Metadata, status sandboxstore.Status, ip string, additionalIPs []string) *runtime.PodSandboxStatus {
|
||||
// Set sandbox state to NOTREADY by default.
|
||||
state := runtime.PodSandboxState_SANDBOX_NOTREADY
|
||||
if status.State == sandboxstore.StateReady {
|
||||
state = runtime.PodSandboxState_SANDBOX_READY
|
||||
}
|
||||
nsOpts := meta.Config.GetLinux().GetSecurityContext().GetNamespaceOptions()
|
||||
var ips []*runtime.PodIP
|
||||
for _, additionalIP := range additionalIPs {
|
||||
ips = append(ips, &runtime.PodIP{Ip: additionalIP})
|
||||
}
|
||||
return &runtime.PodSandboxStatus{
|
||||
Id: meta.ID,
|
||||
Metadata: meta.Config.GetMetadata(),
|
||||
State: state,
|
||||
CreatedAt: status.CreatedAt.UnixNano(),
|
||||
Network: &runtime.PodSandboxNetworkStatus{Ip: ip},
|
||||
Network: &runtime.PodSandboxNetworkStatus{
|
||||
Ip: ip,
|
||||
AdditionalIps: ips,
|
||||
},
|
||||
Linux: &runtime.LinuxPodSandboxStatus{
|
||||
Namespaces: &runtime.Namespace{
|
||||
Options: &runtime.NamespaceOption{
|
||||
|
|
|
@ -72,15 +72,14 @@ func (c *criService) StopPodSandbox(ctx context.Context, r *runtime.StopPodSandb
|
|||
|
||||
// Teardown network for sandbox.
|
||||
if sandbox.NetNS != nil {
|
||||
netNSPath := sandbox.NetNSPath
|
||||
// Use empty netns path if netns is not available. This is defined in:
|
||||
// https://github.com/containernetworking/cni/blob/v0.7.0-alpha1/SPEC.md
|
||||
if closed, err := sandbox.NetNS.Closed(); err != nil {
|
||||
return nil, errors.Wrap(err, "failed to check network namespace closed")
|
||||
} else if closed {
|
||||
netNSPath = ""
|
||||
sandbox.NetNSPath = ""
|
||||
}
|
||||
if err := c.teardownPod(ctx, id, netNSPath, sandbox.Config); err != nil {
|
||||
if err := c.teardownPodNetwork(ctx, sandbox); err != nil {
|
||||
return nil, errors.Wrapf(err, "failed to destroy network for sandbox %q", id)
|
||||
}
|
||||
if err = sandbox.NetNS.Remove(); err != nil {
|
||||
|
@ -156,12 +155,17 @@ func (c *criService) waitSandboxStop(ctx context.Context, sandbox sandboxstore.S
|
|||
}
|
||||
}
|
||||
|
||||
// teardownPod removes the network from the pod
|
||||
func (c *criService) teardownPod(ctx context.Context, id string, path string, config *runtime.PodSandboxConfig) error {
|
||||
// teardownPodNetwork removes the network from the pod
|
||||
func (c *criService) teardownPodNetwork(ctx context.Context, sandbox sandboxstore.Sandbox) error {
|
||||
if c.netPlugin == nil {
|
||||
return errors.New("cni config not initialized")
|
||||
}
|
||||
|
||||
var (
|
||||
id = sandbox.ID
|
||||
path = sandbox.NetNSPath
|
||||
config = sandbox.Config
|
||||
)
|
||||
labels := getPodCNILabels(id, config)
|
||||
return c.netPlugin.Remove(ctx, id,
|
||||
path,
|
||||
|
|
|
@ -17,8 +17,10 @@ limitations under the License.
|
|||
package server
|
||||
|
||||
import (
|
||||
"net"
|
||||
"os"
|
||||
"path/filepath"
|
||||
"strings"
|
||||
"text/template"
|
||||
|
||||
"github.com/containerd/containerd/log"
|
||||
|
@ -33,17 +35,36 @@ import (
|
|||
type cniConfigTemplate struct {
|
||||
// PodCIDR is the cidr for pods on the node.
|
||||
PodCIDR string
|
||||
// PodCIDRRanges is the cidr ranges for pods on the node.
|
||||
PodCIDRRanges []string
|
||||
// Routes is a list of routes configured.
|
||||
Routes []string
|
||||
}
|
||||
|
||||
// cniConfigFileName is the name of cni config file generated by containerd.
|
||||
const cniConfigFileName = "10-containerd-net.conflist"
|
||||
const (
|
||||
// cniConfigFileName is the name of cni config file generated by containerd.
|
||||
cniConfigFileName = "10-containerd-net.conflist"
|
||||
// zeroCIDRv6 is the null route for IPv6.
|
||||
zeroCIDRv6 = "::/0"
|
||||
// zeroCIDRv4 is the null route for IPv4.
|
||||
zeroCIDRv4 = "0.0.0.0/0"
|
||||
)
|
||||
|
||||
// UpdateRuntimeConfig updates the runtime config. Currently only handles podCIDR updates.
|
||||
func (c *criService) UpdateRuntimeConfig(ctx context.Context, r *runtime.UpdateRuntimeConfigRequest) (*runtime.UpdateRuntimeConfigResponse, error) {
|
||||
podCIDR := r.GetRuntimeConfig().GetNetworkConfig().GetPodCidr()
|
||||
if podCIDR == "" {
|
||||
podCIDRs := r.GetRuntimeConfig().GetNetworkConfig().GetPodCidr()
|
||||
if podCIDRs == "" {
|
||||
return &runtime.UpdateRuntimeConfigResponse{}, nil
|
||||
}
|
||||
cidrs := strings.Split(podCIDRs, ",")
|
||||
for i := range cidrs {
|
||||
cidrs[i] = strings.TrimSpace(cidrs[i])
|
||||
}
|
||||
routes, err := getRoutes(cidrs)
|
||||
if err != nil {
|
||||
return nil, errors.Wrap(err, "get routes")
|
||||
}
|
||||
|
||||
confTemplate := c.config.NetworkPluginConfTemplate
|
||||
if confTemplate == "" {
|
||||
log.G(ctx).Info("No cni config template is specified, wait for other system components to drop the config.")
|
||||
|
@ -71,8 +92,38 @@ func (c *criService) UpdateRuntimeConfig(ctx context.Context, r *runtime.UpdateR
|
|||
return nil, errors.Wrapf(err, "failed to open cni config file %q", confFile)
|
||||
}
|
||||
defer f.Close()
|
||||
if err := t.Execute(f, cniConfigTemplate{PodCIDR: podCIDR}); err != nil {
|
||||
if err := t.Execute(f, cniConfigTemplate{
|
||||
PodCIDR: cidrs[0],
|
||||
PodCIDRRanges: cidrs,
|
||||
Routes: routes,
|
||||
}); err != nil {
|
||||
return nil, errors.Wrapf(err, "failed to generate cni config file %q", confFile)
|
||||
}
|
||||
return &runtime.UpdateRuntimeConfigResponse{}, nil
|
||||
}
|
||||
|
||||
// getRoutes generates required routes for the passed in cidrs.
|
||||
func getRoutes(cidrs []string) ([]string, error) {
|
||||
var (
|
||||
routes []string
|
||||
hasV4, hasV6 bool
|
||||
)
|
||||
for _, c := range cidrs {
|
||||
_, cidr, err := net.ParseCIDR(c)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if cidr.IP.To4() != nil {
|
||||
hasV4 = true
|
||||
} else {
|
||||
hasV6 = true
|
||||
}
|
||||
}
|
||||
if hasV4 {
|
||||
routes = append(routes, zeroCIDRv4)
|
||||
}
|
||||
if hasV6 {
|
||||
routes = append(routes, zeroCIDRv6)
|
||||
}
|
||||
return routes, nil
|
||||
}
|
||||
|
|
|
@ -55,6 +55,8 @@ type Metadata struct {
|
|||
NetNSPath string
|
||||
// IP of Pod if it is attached to non host network
|
||||
IP string
|
||||
// AdditionalIPs of the Pod if it is attached to non host network
|
||||
AdditionalIPs []string
|
||||
// RuntimeHandler is the runtime handler name of the pod.
|
||||
RuntimeHandler string
|
||||
// CNIresult resulting configuration for attached network namespace interfaces
|
||||
|
|
|
@ -36,41 +36,42 @@ github.com/docker/go-metrics 4ea375f7759c82740c893fc030bc37088d2ec098
|
|||
github.com/docker/go-events 9461782956ad83b30282bf90e31fa6a70c255ba9
|
||||
github.com/coreos/go-systemd v14
|
||||
github.com/containerd/typeurl a93fcdb778cd272c6e9b3028b2f42d813e785d40
|
||||
github.com/containerd/ttrpc 1fb3814edf44a76e0ccf503decf726d994919a9a
|
||||
github.com/containerd/go-runc 9007c2405372fe28918845901a3276c0915689a1
|
||||
github.com/containerd/fifo 3d5202aec260678c48179c56f40e6f38a095738c
|
||||
github.com/containerd/continuity bd77b46c8352f74eb12c85bdc01f4b90f69d66b4
|
||||
github.com/containerd/containerd a3a30635ef713b544ea7feff0d12a768fd1ed636
|
||||
github.com/containerd/ttrpc 92c8520ef9f86600c650dd540266a007bf03670f
|
||||
github.com/containerd/go-runc e029b79d8cda8374981c64eba71f28ec38e5526f
|
||||
github.com/containerd/fifo bda0ff6ed73c67bfb5e62bc9c697f146b7fd7f13
|
||||
github.com/containerd/continuity f2a389ac0a02ce21c09edd7344677a601970f41c
|
||||
github.com/containerd/containerd d4802a64f9737f02db3426751f380d97fc878dec
|
||||
github.com/containerd/console 0650fd9eeb50bab4fc99dceb9f2e14cf58f36e7f
|
||||
github.com/containerd/cgroups c4b9ac5c7601384c965b9646fc515884e091ebb9
|
||||
github.com/beorn7/perks 4c0e84591b9aa9e6dcfdf3e020114cd81f89d5f9
|
||||
github.com/Microsoft/hcsshim 8abdbb8205e4192c68b5f84c31197156f31be517
|
||||
github.com/Microsoft/hcsshim 9e921883ac929bbe515b39793ece99ce3a9d7706
|
||||
github.com/Microsoft/go-winio v0.4.14
|
||||
github.com/BurntSushi/toml v0.3.1
|
||||
github.com/imdario/mergo v0.3.7
|
||||
|
||||
# kubernetes dependencies
|
||||
sigs.k8s.io/yaml v1.1.0
|
||||
k8s.io/utils c2654d5206da6b7b6ace12841e8f359bb89b443c
|
||||
k8s.io/kubernetes v1.15.0
|
||||
k8s.io/klog v0.3.1
|
||||
k8s.io/cri-api kubernetes-1.15.0
|
||||
k8s.io/client-go kubernetes-1.15.0
|
||||
k8s.io/api kubernetes-1.15.0
|
||||
k8s.io/apiserver kubernetes-1.15.0
|
||||
k8s.io/apimachinery kubernetes-1.15.0
|
||||
gopkg.in/yaml.v2 v2.2.1
|
||||
k8s.io/kubernetes v1.16.0-rc.2
|
||||
k8s.io/klog v0.4.0
|
||||
k8s.io/cri-api kubernetes-1.16.0-rc.2
|
||||
k8s.io/client-go kubernetes-1.16.0-rc.2
|
||||
k8s.io/api kubernetes-1.16.0-rc.2
|
||||
k8s.io/apiserver kubernetes-1.16.0-rc.2
|
||||
k8s.io/apimachinery kubernetes-1.16.0-rc.2
|
||||
gopkg.in/yaml.v2 v2.2.2
|
||||
gopkg.in/inf.v0 v0.9.0
|
||||
golang.org/x/time f51c12702a4d776e4c1fa9b0fabab841babae631
|
||||
golang.org/x/oauth2 9f3314589c9a9136388751d9adae6b0ed400978a
|
||||
golang.org/x/crypto 88737f569e3a9c7ab309cdc09a07fe7fc87233c3
|
||||
github.com/stretchr/testify v1.2.2
|
||||
golang.org/x/time 85acf8d2951cb2a3bde7632f9ff273ef0379bcbd
|
||||
golang.org/x/oauth2 0f29369cfe4552d0e4bcddc57cc75f4d7e672a33
|
||||
golang.org/x/crypto 5c40567a22f818bd14a1ea7245dad9f8ef0691aa
|
||||
github.com/stretchr/testify v1.3.0
|
||||
github.com/seccomp/libseccomp-golang v0.9.1
|
||||
github.com/pmezard/go-difflib v1.0.0
|
||||
github.com/modern-go/reflect2 1.0.1
|
||||
github.com/modern-go/concurrent 1.0.3
|
||||
github.com/json-iterator/go 1.1.5
|
||||
github.com/google/gofuzz 24818f796faf91cd76ec7bddd72458fbced7a6c1
|
||||
github.com/emicklei/go-restful v2.2.1
|
||||
github.com/json-iterator/go v1.1.7
|
||||
github.com/google/gofuzz v1.0.0
|
||||
github.com/emicklei/go-restful v2.9.5
|
||||
github.com/docker/spdystream 449fdfce4d962303d702fec724ef0ad181c92528
|
||||
github.com/davecgh/go-spew v1.1.1
|
||||
|
||||
|
|
|
@ -574,7 +574,7 @@ func CreateContainer(
|
|||
|
||||
// Try to pull the image before container creation
|
||||
image := config.GetImage().GetImage()
|
||||
if _, err := PullImage(iClient, image, auth); err != nil {
|
||||
if _, err := PullImageWithSandbox(iClient, image, auth, podConfig); err != nil {
|
||||
return "", err
|
||||
}
|
||||
}
|
||||
|
|
|
@ -478,12 +478,6 @@ func normalizeRepoDigest(repoDigests []string) (string, string) {
|
|||
return repoDigestPair[0], repoDigestPair[1]
|
||||
}
|
||||
|
||||
// PullImage sends a PullImageRequest to the server, and parses
|
||||
// the returned PullImageResponse.
|
||||
func PullImage(client pb.ImageServiceClient, image string, auth *pb.AuthConfig) (resp *pb.PullImageResponse, err error) {
|
||||
return PullImageWithSandbox(client, image, auth, nil)
|
||||
}
|
||||
|
||||
// PullImageWithSandbox sends a PullImageRequest to the server, and parses
|
||||
// the returned PullImageResponse.
|
||||
func PullImageWithSandbox(client pb.ImageServiceClient, image string, auth *pb.AuthConfig, sandbox *pb.PodSandboxConfig) (resp *pb.PullImageResponse, err error) {
|
||||
|
|
|
@ -92,7 +92,7 @@ var statsCommand = cli.Command{
|
|||
defer closeConnection(context, runtimeConn)
|
||||
|
||||
id := context.String("id")
|
||||
if id == "" && context.Args() != nil {
|
||||
if id == "" && context.NArg() > 0 {
|
||||
id = context.Args()[0]
|
||||
}
|
||||
|
||||
|
|
|
@ -210,7 +210,7 @@ func outputProtobufObjAsYAML(obj proto.Message) error {
|
|||
|
||||
func outputStatusInfo(status string, info map[string]string, format string) error {
|
||||
// Sort all keys
|
||||
keys := make([]string, len(info))
|
||||
keys := []string{}
|
||||
for k := range info {
|
||||
keys = append(keys, k)
|
||||
}
|
||||
|
@ -267,7 +267,7 @@ func marshalMapInOrder(m map[string]interface{}, t interface{}) (string, error)
|
|||
v := reflect.ValueOf(t)
|
||||
for i := 0; i < v.Type().NumField(); i++ {
|
||||
field := jsonFieldFromTag(v.Type().Field(i).Tag)
|
||||
if field == "" {
|
||||
if field == "" || field == "-" {
|
||||
continue
|
||||
}
|
||||
value, err := json.Marshal(m[field])
|
||||
|
|
|
@ -151,7 +151,7 @@ github.com/container-storage-interface/spec/lib/go/csi
|
|||
github.com/containerd/cgroups
|
||||
# github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1 => github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50
|
||||
github.com/containerd/console
|
||||
# github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69 => github.com/rancher/containerd v1.3.0-k3s.1
|
||||
# github.com/containerd/containerd v1.3.0-beta.2.0.20190828155532-0293cbd26c69 => github.com/rancher/containerd v1.3.0-k3s.2
|
||||
github.com/containerd/containerd
|
||||
github.com/containerd/containerd/api/events
|
||||
github.com/containerd/containerd/api/services/containers/v1
|
||||
|
@ -288,7 +288,7 @@ github.com/containerd/continuity/pathdriver
|
|||
github.com/containerd/continuity/proto
|
||||
github.com/containerd/continuity/syscallx
|
||||
github.com/containerd/continuity/sysx
|
||||
# github.com/containerd/cri v1.11.1-0.20190909171321-f4d75d321c89
|
||||
# github.com/containerd/cri v1.11.1-0.20191009213552-1fb415d208be
|
||||
github.com/containerd/cri
|
||||
github.com/containerd/cri/pkg/annotations
|
||||
github.com/containerd/cri/pkg/api/runtimeoptions/v1
|
||||
|
@ -619,7 +619,7 @@ github.com/juju/errors
|
|||
github.com/karrick/godirwalk
|
||||
# github.com/konsorten/go-windows-terminal-sequences v1.0.2
|
||||
github.com/konsorten/go-windows-terminal-sequences
|
||||
# github.com/kubernetes-sigs/cri-tools v0.0.0-00010101000000-000000000000 => github.com/rancher/cri-tools v1.16.0-k3s.1
|
||||
# github.com/kubernetes-sigs/cri-tools v0.0.0-00010101000000-000000000000 => github.com/rancher/cri-tools v1.16.1-k3s.1
|
||||
github.com/kubernetes-sigs/cri-tools/cmd/crictl
|
||||
github.com/kubernetes-sigs/cri-tools/pkg/version
|
||||
# github.com/lib/pq v1.1.1
|
||||
|
|
Loading…
Reference in New Issue