| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
As of commit cc4ec43a2b657fb4c58429ab14f1edc2473c1327 [go: Drop fork
of unpack code, mandate GO_SRCURI_DESTSUFFIX] we require this
variable in our go recipes.
We also adjust our WORKDIR reference to use UNPACKDIR instead
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Bumping cri-o to version v1.29.0-44-g5aff11c7c, which comprises the following commits:
1b9754486 fix missing line ending on crio.8.md
3cbaa5294 fix grep for whitespace
8dea35388 add metrics_host to config
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping cri-o to version v1.27.0-662-gf8ccf314a, which comprises the following commits:
3b7ab35ff build(deps): bump crate-ci/typos from 1.16.17 to 1.16.18
f7d3228a7 Avoid an unnecessary c/storage lookup in ListImages
96e6aa9b5 Inline getImageCacheItem into ListImages
e4f2b888d Split imageIsBeingPulled from ListImages
c7188518d Simplify ListImages more
1cfe3c8bb Simplify appendCachedResult
ae597ba16 Remove the "filter" parameter to ListImages
e0750462f Turn ListImages(filter) into ImageStatus
50ce23e89 Simplify storageImageStatus a bit
2cb166512 Simplify ImageStatus a bit
1b0e82a22 Split storageImageStatus from ImageStatus
ad8be44cc Simplify error handling in ImageStatus
203612b23 Move the ImageResult -> ImageStatusResponse conversion out of the loop
97329e4fa build(deps): bump ossf/scorecard-action from 2.2.0 to 2.3.0
013a0998c Update release-notes to v0.16.1
dc44bac35 Fix quoting issue in usage help text
f22040da2 crio: add support for --imagestore
1d0e5d074 build(deps): bump crate-ci/typos from 1.16.15 to 1.16.17
bb4ab8110 Run GitHub actions in `update-nixpkgs-*` branches
45a6e70e7 Update nixpkgs
8ec74c5fa contrib/test: pin the latest release of runc
2505851e0 Update crun to 1.9.2
f3e53a058 test: Add test for image pinning behavior
12cabc651 internal/storage: compute Pinned field from recently loaded image
0fd641c6d build(deps): bump crate-ci/typos from 1.16.14 to 1.16.15
347194d3f build(deps): bump crate-ci/typos from 1.16.13 to 1.16.14
f532cbd89 Add nixpkgs update cron
8fa9260fc build(deps): bump crate-ci/typos from 1.16.12 to 1.16.13
72280f09c Update install.md removed spaces (markdown lint error)
fe9ed4e3a storage: add support to split filesystem using imagestore
544db3209 RFC: Use RuntimeContainerMetadata for passing container data
c9309ebb6 Add a layer name in one step
4f5a2e95c Microoptimize reference creation
3a77cc956 Eliminate the now unused imageAuthFile and isPauseImage parameters
61d86923c Simplify createContainerOrPodSandbox again
a936e6861 Simplify CreatePodSandbox
39095cbb4 CHANGE: Simplify CreateContainer image lookup
a09320639 Eliminate the clearly dead part of the just copy&pasted code
a7f841955 Blindly copy the image handling code from createContainerOrPodSandbox into callers
6cabaaee1 Remove an imageID parameter to CreatePodSandbox
2b4652c52 Fix/Add error handling
8e1e1e672 update containers storage to 1.50.2
5d8538318 build(deps): bump DavidAnson/markdownlint-cli2-action from 12 to 13
6c1574efc Fix nix `dirty` build
d951faa32 Make the release branch fast forward a cronjob
5dee42bcf build(deps): bump crate-ci/typos from 1.16.11 to 1.16.12
91b83b10c Fix release notes job
096f803a3 Bump golang dependencies
7d86c2e25 docs: fix CI failure
f182fb411 Bump version to 1.29.0
51bae7a96 Remove the IsFullIdentifier check from Server.pullImage again
7eb248b1a Don't silently modify the caller's SystemContext
2d72e13e6 Fix a VERY misleading comment.
472d2c5f9 Remove an unnecessary check
23d7c35d5 Remove an unnecessary parse call
6f9a7173f Remove an unnecessary check
8c3e301da Optimize handling of full image IDs
5f45d232a Remove the ErrCannotParseImageID special case
335d4b0f3 Fix a VERY misleading comment
b489507c9 Remove a completely unused ErrImageMultiplyTagged
98f171147 Make Server.pullImage responsible for rejecting image IDs
e292f17c0 docs: Update the containers/image branch name
6005b03f2 contrib/test/ci: remove the redundant golang setup file
059a7b5f8 Add conmon-rs binary to bundle
4ac3aeef2 internal/storage: address unpredictable behavior of image names
61a0b7c79 config/server: add functions to check IDMap support in runtime
9ce778351 Remove golang-go from debian installation
3d450274e Pause container during checkpointing
e069cc827 contrib/test: fix golang version extraction for CI
0774b644d build(deps): bump actions/checkout from 3 to 4
d6f4c7100 Adopters.md: fix linting issue
d805d28fd Add new adopter
940de5009 build(deps): bump crate-ci/typos from 1.16.10 to 1.16.11
ac9c6fbfe Don't vendor main Kubernetes repo any more
4a1e406b0 Mention Roadmap GitHub Project in README.md
bacc5e638 build(deps): bump crate-ci/typos from 1.16.9 to 1.16.10
9cbd8d555 build(deps): bump cachix/install-nix-action from 22 to 23
798a8d701 build(deps): bump actions/checkout from 3 to 4
758e3d8c3 cgmgr: reorder setting of sched_load_balance for pod cgroup
0e6b13e08 build(deps): bump crate-ci/typos from 1.16.8 to 1.16.9
ff434ba27 build(deps): bump github.com/containers/podman/v4 from 4.6.1 to 4.6.2
0002792fa build(deps): bump DavidAnson/markdownlint-cli2-action from 11 to 12
3aa18aff3 Switch to go 1.21
5b9f7f96d Add dependabot group for OTEL deps
d7ad3fcbf build(deps): bump github.com/containers/buildah from 1.31.2 to 1.31.3
85c3d9db1 Bump conmon and crun dependencies
5ab387fe5 build(deps): bump github.com/containers/common from 0.55.3 to 0.55.4
a4f2d8071 server: remove deprecated functionality
28ae1f81a Fix bundle e2e tests
a9afa0442 Add ppc64le binaries to release notes
c8f8ca498 Add Kubernetes package test for static binary bundle
734e1538c build(deps): bump github.com/google/uuid from 1.3.0 to 1.3.1
873c0f420 Policy: Allow backport of independent features
bebd421b5 Configure systemd install path based on OS
ec4bbac12 feat(cmdrunner): add support for context
59f9b823d move shmSetup in server/sandbox to internal/factory/sandbox
d1946b30a blockio: add blockio_reload option
ce1cdfa54 main: create parent crio dir before creating clean.shutdown.supported
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping cri-o to version v1.28.0, which comprises the following commits:
23dec8c7d version: bump to v1.28.0
c104a0608 build(deps): bump github.com/containers/storage from 1.48.0 to 1.49.0
5524b65d3 add info about pulling image before doing the tutorial
922573ffe build(deps): bump crate-ci/typos from 1.16.6 to 1.16.8
67724cb6f build(deps): bump github.com/containers/podman/v4 from 4.6.0 to 4.6.1
a2d46ae01 build(deps): bump github.com/containers/ocicrypt from 1.1.7 to 1.1.8
7e3522a9c Added a flag internal-repair
39ea33e29 feat: Added a feature to check at reboot time shutdown was clean or not, If it was not clean then apply repair logic
c5def7f72 build(deps): bump crate-ci/typos from 1.16.5 to 1.16.6
b873985b8 Add `conmon` to ppc64le static bundle
3e3f70c22 Update install.md
9c3d622a6 Vendor Kubernetes v1.28.0
a7f160b49 build(deps): bump crate-ci/typos from 1.16.3 to 1.16.5
d2fa125a4 Update nixpkgs and use overlay
80fdf486e Add containers_events_dropped_total metric
e19002329 Fix indentation in installation instructions
94f5e75c8 Update cri-tools to v1.28.0
a8d7c29e1 Vendor Kubernetes v1.28.0-rc.1
23f51c3e1 Update OWNERS_ALIASES
f1bb83127 Update runc to v1.1.9
581a388ac build(deps): bump crate-ci/typos from 1.16.2 to 1.16.3
5022d956a test/image.bats: add test for checking crun-wasm workflow
05ef7a189 *: add platform_runtime_paths to RuntimeHandler
6a0c4b9ec build(deps): bump github.com/containers/image/v5 from 5.26.1 to 5.27.0
f18d122e8 Revert "devices: fill the FileMode field in spec"
8937245b0 build-static: misc fixes needed for 1.25.4 generation
abfc2d616 build(deps): bump crate-ci/typos from 1.16.1 to 1.16.2
3f06640cf contrib/test/ci: add crun-wasm
3a9232c62 build(deps): bump google.golang.org/grpc from 1.56.2 to 1.57.0
bb98e2b2a Set mount type HostToContainer for mounts that include container storage root
309d045ec add script bumping
927843ea4 test/metrics: simplify oom test, add debug
64fdfbcaa build(deps): bump github.com/opencontainers/image-spec
15a586215 build(deps): bump github.com/opencontainers/runtime-spec
f30ef84ad build(deps): bump github.com/onsi/gomega from 1.27.8 to 1.27.10
ecd7f9a3e cri: implement RuntimeConfig rpc
2463fdf78 vendor: update Kubernetes to v1.28.0-beta.0
edc5ece7b build(deps): bump github.com/containers/podman/v4
ef1653c8e internal/config/seccomp: Sync call signature of (*Config).Setup
67b43c4b5 internal/config/cgmgr: add non-linux stubs
1dffd7e71 internal/config/node: add non-linux stubs
ecb372986 internal/config/device: add non-linux stubs
10168b534 internal/config/nsmgr: add non-linux stubs
8edfbfd45 internal/config/capabilities: add non-linux stubs
2bd7fcbd8 internal/config/apparmor: add non-linux stubs
da69490d0 oci: update unit tests for new stop code
be5bac87b oci: simplify stopping code
7371b1e77 oci: don't return ErrContainerStopped from StopContainer
c0e34644c build(deps): bump github.com/containers/buildah from 1.31.0 to 1.31.1
41b13e28d Fix ImageRef field for containers to default to an image ID
930f49889 runc: 1.1.7 -> 1.1.8
b563cd728 Add Adobe to ADOPTERS.md
3bc609eb1 build(deps): bump sigs.k8s.io/release-sdk from 0.10.2 to 0.10.3
4e0f88970 build(deps): bump github.com/opencontainers/runc from 1.1.7 to 1.1.8
e6af91f6a oci: change IsAlive to Living
320671ed2 devices: fill the FileMode field in spec
126bd4ca9 build(deps): bump crate-ci/typos from 1.16.0 to 1.16.1
b79391fe1 Update bats to v1.10.0
5e86a5261 build(deps): bump github.com/go-chi/chi/v5 from 5.0.8 to 5.0.10
92e1d1910 Bump vendored Podman to v4.6-rc2
a3d229acf internal/factory/container: get CDI devices from CRI field.
21181672b Add Debian 12 as a supported OS to the install doc
b7c826d38 build(deps): bump github.com/containers/common from 0.55.1 to 0.55.2
151572a56 build(deps): bump github.com/container-orchestrated-devices/container-device-interface
c0c7ce5ae Add OpenSSF best practices badge in favor of CII
0d92db47e build(deps): bump golang.org/x/net from 0.11.0 to 0.12.0
70e5b76ca build(deps): bump google.golang.org/grpc from 1.56.1 to 1.56.2
79859a9d9 build(deps): bump crate-ci/typos from 1.15.10 to 1.16.0
7ebe2f614 Update vendored Kubernetes to v1.28.0-alpha.4
c28303fad container_test: fix "AddCapabilities ALL" test case
e176397c8 vendor: drop podman replace and update runc
eff07b834 Run irqbalance tests in serial within the actual suite
059dce220 build(deps): bump crate-ci/typos from 1.15.9 to 1.15.10
d43833d61 Bump bats in ci jobs to latest release
66ac754c7 build(deps): bump github.com/containers/buildah from 1.30.0 to 1.31.0
59952bf00 build(deps): bump github.com/containers/common from 0.54.0 to 0.55.1
ff3bb58db build(deps): bump crate-ci/typos from 1.15.7 to 1.15.9
4fe0b8164 build(deps): bump github.com/containers/image/v5 from 5.26.0 to 5.26.1
cb51739b1 server: use platform struct to set OS details
bac73aa42 Pre-check request values on container creation
5a85cfc95 Remove non existent Debian builds from install instructions
73cf5597a test: fix make mockgen test failure
dfdd2acde vendor: update release-sdk to v0.10.2
abcf50239 build(deps): bump google.golang.org/grpc from 1.55.0 to 1.56.1
9c78a1e23 vendor: update containers/storage to v1.48.0
87b126342 build(deps): bump github.com/intel/goresctrl from 0.3.0 to 0.4.0
8a9d4ef17 vendor: update containers/common to v0.54.0
cb247caf5 build(deps): bump github.com/containers/image/v5 from 5.25.0 to 5.26.0
ad3dd698b build(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0
b8bb276a0 build(deps): bump github.com/uptrace/opentelemetry-go-extra/otellogrus
0882a1dcb build(deps): bump crate-ci/typos from 1.15.6 to 1.15.7
6b9e49d3b Try to find `CONTAINER_CNI_PLUGIN_DIR` by binary lookup
40bbe8218 vendor: fix vendoring issue
f6317807c typos: add WRONLY to the list of extend-ignore-re
6a10113c7 build(deps): bump crate-ci/typos from 1.14.12 to 1.15.6
1062a4cd3 build(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0
91d6bd38b vendor: bump github.com/onsi/ginkgo/v2 to 2.11.0
7f66c1428 build(deps): bump cachix/install-nix-action from 21 to 22
d0526337e vendor: bump github.com/urfave/cli/v2 to 2.25.7
7a2b9a220 vendor: bump golang.org/x/sync to 0.3.0
ba0751938 vendor: bump golang.org/x/net to 0.11.0
9f0680cde vendor: bump github.com/prometheus/client_golang to 1.16.0
67a132dc6 runtime handler hooks: run default hook when container stops gracefully
49d9efe8b vendor: bump github.com/stretchr/testify to 1.8.4
001733570 vendor: bump github.com/sigstore/rekor to 1.2.1
d274dd121 Use a variable to manage the version of kata used for testing.
4a7d0857b Update supported version and variable guide for adding repository
0534d7eff governance: tweak voting behavior
bfc7cf55a Use kata 3.0 for testing
db4b8eaab kata tests: Enabling more than one test file for kata tests.
0f08aeb6f kata tests: Update list of skipped tests for the ctr.bats file
4310e3342 Modify ansible files to re-enable kata tests
8224bd8a5 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
f84eb7874 Move reload watcher into `Server`
e3b7406b9 Update golangci-lint and config
159aaf6c6 utils: make this package build on non-linux platforms
c088d69aa fix function name in comment
c702bb78a build(deps): bump DavidAnson/markdownlint-cli2-action from 10 to 11
098fbebf7 Add a test for log linking
5620764ae linklogs: add support for symlinking container directory
5d7ecfe4b Add support for linking pods logs
a7d314bea build(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3
e614bc756 server: ensure pod labels are present
d84cc85c5 build(deps): bump github.com/BurntSushi/toml from 1.3.1 to 1.3.2
72b735603 OCPBUGS-14750: Pod termination must succeed when a hook fails
98c43d537 Add OSFF scorecard action
85c7e712e main: Added a call to GarbageCollect
ccb91bc8a docs: fix eol test
08f7c0776 build(deps): bump github.com/onsi/gomega from 1.27.7 to 1.27.8
f2feb7c6f Use staging k8s.io/kubelet/cri/streaming package
72011b3c4 Add support for namespaced signature policies
3939fba97 Apply markdown linting, cleanup docs and fix broken links #6890
96e6aed74 Apply markdown linting on the tutorials folder #6890
2ead2413a Apply markdown linting on the contrib folder #6890
5d7b64018 Add markdown linter action #6890
d58f408f5 test: fix timeout metric test
5f74e7994 build(deps): bump github.com/BurntSushi/toml from 1.3.0 to 1.3.1
c87b11115 server: do not take lock to populate pid in container status and inspect
28b34889a build(deps): bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3
b373909cf build(deps): bump github.com/containerd/containerd from 1.7.1 to 1.7.2
d456a11ef crio: deprecate config migration
259e7980c metrics: add metric for resource stalled at stage
85a4ba091 build(deps): bump crate-ci/typos from 1.14.11 to 1.14.12
75aacdb04 Drop support for path based seccomp profiles
e18e2e90a test/helpers: rm useless code
b7d1c2e61 test/helpers: use cli to set container dirs
459372c24 test: adapt for sched_load_balance disable after stop
6da8e46b1 runtime handler hooks: add DefaultCPULoadBalanceHooks
23b9179f9 server: call hooks and NRI in stopContainer
e1c68ea2a Update `README.md` version table
56ac8ac79 crio: remove DefaultsPath config feature
b2a20a418 server: call hooks on infra container creation
2efd04aa4 high perf hooks: workaround libcontainer quirk when disabling cpu quota
9ec701691 cgmgr: export CrioPrefix and use containerCgroupPath more
775690b1e build(deps): bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.9.7
cf7e0946e tests/timeout: skip for conmon-rs
c1c431836 ci/gha: add space-at-eol check, fix existing ones
0a35354c4 build(deps): bump github.com/BurntSushi/toml from 1.2.1 to 1.3.0
65792546b ci: bump shellcheck to 0.9.0
6b2f35e2c test: fix a few cases of SC2086
d6b793c46 contrib/kube-local/kube-local: rm unreachable code
b6014826c test/copyimg: use log.Fatalf
587e3d595 test/*.bats: rm useless echo "$output"
bdb765635 test: rm explicit $status checks
933e33c1c test: simplify assigning IDs
22978429a test/status.bats: simplify exit code checks
ff7bc1b52 test: simplify non-zero exit status checks
0bf509d35 test/cdi.bats: rm run_cmd, use run
21e5dcebe test/nri.bats: fix checking exit code
2fab13028 test/README.md: fix wrong bats example
9c2fcb3bd test/*bats: drop fail()
84ee0c931 Fix using ! in bats tests
045c026da test/timeout: fix "dup ctr" test
1da9bf5f7 ci: require bats 1.9.0
c5a1c1b1e test: separate var setting and img preload
7b9e5201b ci: bump bats to 1.9.0
9ad33da53 build(deps): bump github.com/containers/podman/v4 from 4.5.0 to 4.5.1
2604665cc Update nix and nixpkgs
792a5d0ad test: limit number of parallel jobs
1cc1958de test/cgroup: fix for cgroupfs
aa86e94f0 ci/gha: fix double caching
47c13e037 [FEAT] Add new parameter disable_hostport_mapping in CRI-O
df7df847d build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
f7f085f6f Makefile: Remove GOPATH references
1eeaad851 build(deps): bump cachix/install-nix-action from 20 to 21
7cc3e206c build(deps): bump github.com/onsi/gomega from 1.27.6 to 1.27.7
3b5c9f115 build(deps): bump crate-ci/typos from 1.14.10 to 1.14.11
7003312b0 OCPNODE-1286: Add a CI job to run cri-o e2e tests by enabling the evented pleg feature
47958dc0b Update crun to v1.8.5
9b6a4cff7 Wrap CRI errors on image pull
defdf1c9e build(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.2
6a3ee4e6b docs: update cri-o podman doc and remove stale information
7ed2cfc7f deps: bump runc to 1.1.7
f59c1f72a sandbox: Handle PodLinuxOverhead and PodLinuxResources CRI fields
f5e58c0ea build(deps): bump crate-ci/typos from 1.14.9 to 1.14.10
1009668bb build(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3
42e0f7fac go.{mod,sum}, vendor: update NRI.
d97ac8a10 contrib/test: reenable Statefulset Basic tests
3761965f8 contrib/test: re-enable block volmod tests
003edc26c high perf hooks: disable CPU quota with libcontainer as a pre start hook
a875ef486 test: add test for cpu-quota.crio.io
e1c3cf960 Check and fix typos in CI
fa57ffd3e *: switch to go-chi/chi mux
6330b1d5f build(deps): bump github.com/cloudflare/circl from 1.1.0 to 1.3.3
786109a6e build(deps): bump github.com/containerd/containerd from 1.7.0 to 1.7.1
ecc712850 Support image policy verification error
ccaef6a7d build(deps): bump github.com/onsi/ginkgo/v2 from 2.9.4 to 2.9.5
484870532 build(deps): bump sigs.k8s.io/release-utils from 0.7.3 to 0.7.4
3480e9efa Fix GitHub action `bundles` test
937ed8cf6 - Convert status cli as a subcommand of crio - Moved commands to the internal criocli package and used them in the crio and crio-status binaries - Adding the status subcommands directly to the binary
a247c52d9 pkg/config: update the description for templateStringCrioImagePinnedImages
4fadec5f1 internal/storge: fix CompileRegexpsForPinnedImages test case
5e751fda3 vendor: fix vendoring
5ecc82e6f contrib/metrics-explorer: fix nested modules
640624ec9 Update CNI plugins to v1.3.0
9fc177ed4 build(deps): bump golang.org/x/net in /contrib/metrics-exporter
8b230dec7 clients connected to container event stream now receive the same data
3fd71bdc9 vendor: fix CI due to incosistent vendoring
20fd7770e fix kubectl version in bug report template
21b47b11c *: update sandbox/pause image to 3.9
edbd4890f internal/storage: add sandbox/pause image to the list of pinned_images
b0531365f build(deps): bump github.com/containernetworking/plugins
22ad8957b Changes to build binaries for ppc64le architecture.
32ec246ba Update README.md and associated files
f10ea341d build(deps): bump golang.org/x/net from 0.9.0 to 0.10.0
c9bb988d1 *: fix warnings related to gosec
0e65290c4 .github/worflows: add go vulnerability management check for cri-o
f9abf50c9 pkg/config: reload pinned_images when the new config is provided
bbe9a7a2c *: add support for pinned_images in crio configuration
dfcf222c3 refactoring vars
386509caf Use native crierrors package for registry unavailable
a90d00103 build(deps): bump golang.org/x/sys from 0.7.0 to 0.8.0
16ab25339 Vendor latest Kubernetes master
6a095aef7 build(deps): bump google.golang.org/grpc from 1.54.0 to 1.55.0
5c064914f build(deps): bump golang.org/x/sync from 0.1.0 to 0.2.0
639b6dddf OWNERS: add sohankunkerkar to cri-o-reviewers
4477a804b tests: add a fake pinns call to delay things and cause the timeout
6fa761497 tests: use crictl binary directly when checking its capabilities
1ff3303df cni: configure cgroupPath capability arg
e52e63a41 vendor: bump ocicni to tip
914763fb1 Remove vendor specific changes
08cd56fc9 Migrate image registry to registry.k8s.io
3311658af build(deps): bump github.com/uptrace/opentelemetry-go-extra/otellogrus
02fe074f2 build(deps): bump github.com/onsi/ginkgo/v2 from 2.9.2 to 2.9.4
0b8a2c068 build(deps): bump github.com/sigstore/rekor from 1.1.0 to 1.1.1
660b63bd7 cgmgr: set sched_load_balance to disabled on sandbox cgroup
5a1707e4c test/pod.bats: update to current setup
f83a4faba cgmgr: create cgroups for systemd cgroup driver for dropped infra pods
f21e178f8 build(deps): bump github.com/prometheus/client_golang
bf23f5c01 Support `RegistryUnavailable` type
e80464e07 Update generated docs
ed9c419e7 OWNERS: allow cri-o reviewers to approve dependabot PRs
58c101634 build(deps): bump github.com/urfave/cli/v2 from 2.25.1 to 2.25.3
a4fc119af .github/workflows: remove auto-approve workflow
a0009cb25 build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
541b6563d Extend cpu-c-states.crio.io annotation to add max latency
2417374a6 build(deps): bump k8s.io/klog/v2 from 2.90.1 to 2.100.1
249c340d3 contrib/test/ci: fix the bin folder location for cri-tools
cf30845e7 #6833 user ns: Fix segfault while constructing id mappings
38774e14a Use ImageRef instead of ImageName for restore
1f224d1e0 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
7c6676f02 contrib/test/ci/build: use `force:yes` while linking crictl/critest
c9cc1529f .github/workflows: fix the github_token field
a1c09ad99 .github/workflows: fix the token field
30ddd6d89 Fix events generated by Evented PLEG
b8d8ff14b Update c/common to v0.53.0
b34038f8f build(deps): bump actions/setup-go from 3 to 4
4c828dc48 build(deps): bump github.com/opencontainers/runtime-spec
928d5d49c build(deps): bump github.com/prometheus/client_golang
e806005d6 test/network: skip flaky test running on a node with cgroupv2
e914f0e15 test: combined oom test to avoid CI flake
d5048e7ff test/seccomp: fix the syscall
473ee6b73 contrib/test/ci: remove duplicate code
a1c6ae7e4 test/*: consolidate images used for integration tests
25fb4fa76 build(deps): bump github.com/Microsoft/go-winio from 0.6.0 to 0.6.1
a950c837d Download more dependencies instead of vendoring
839bd1203 build(deps): bump github.com/containers/conmon-rs from 0.5.0 to 0.5.1
edbe9c27e build(deps): bump github.com/go-logr/logr from 1.2.3 to 1.2.4
e53dcc003 Stop vendoring release notes tool
1c26776cb .github/workflows: auto approve dependabot PRs
e967a178c user ns: fix segfault when host id mapping is empty
19c0b4d7b server: fix failing tests
edf6a88a9 build(deps): bump k8s.io/release from 0.15.0 to 0.15.1
7a612bc4b Allow restoring of containers with different names
86b36ee6e build(deps): bump lumaxis/shellcheck-problem-matchers from 1 to 2
6da5b1272 build(deps): bump actions/stale from 7 to 8
1c1cfb92a Fix Flannel PodCIDR in kubeadm tutorial
bac3a79b6 adding support for configmap namespace
603f176a0 Add debug to identify when a relabel was not requested
f9fa10915 Update tutorials/debugging.md
75c8b181b Added documentation to force the Go garbage collector for CRI-O
11f5c4326 Remove remnants of CONTAINER_MANAGE_NS_LIFECYCLE
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping cri-o to version v1.27.1-7-gab7845e07, which comprises the following commits:
fbfca3a52 oci: update unit tests for new stop code
6dec88e7c oci: simplify stopping code
5b7b82f56 oci: don't return ErrContainerStopped from StopContainer
0e4df2e9c oci: change IsAlive to Living
92b455156 devices: fill the FileMode field in spec
e54504a00 version: bump to 1.27.1
a61082768 vendor: drop podman replace and actually update runc
9c86a1269 vendor: bump runc to 1.1.6
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping cri-o to version v1.27.0-48-g3abbef701, which comprises the following commits:
a61082768 vendor: drop podman replace and actually update runc
9c86a1269 vendor: bump runc to 1.1.6
1d6f5a00c [1.27] Add support for namespaced signature policies
35afa9859 runtime handler hooks: run default hook when container stops gracefully
3907696a4 main: Added a call to GarbageCollect
ee6868938 Add a test for log linking
5319875b4 linklogs: add support for symlinking container directory
13f8ae560 Add support for linking pods logs
605e4d935 server: ensure pod labels are present
15d6d5977 OCPBUGS-14750: Pod termination must succeed when a hook fails
ccd7e23af server: do not take lock to populate pid in container status and inspect
57662c6f8 go.{mod,sum}, vendor: update NRI.
ef90744ae test: adapt for sched_load_balance disable after stop
169220817 runtime handler hooks: add DefaultCPULoadBalanceHooks
a74999eb6 server: call hooks and NRI in stopContainer
ea3297939 server: call hooks on infra container creation
37518c031 high perf hooks: workaround libcontainer quirk when disabling cpu quota
eca28447d cgmgr: export CrioPrefix and use containerCgroupPath more
49cfa2060 *: update sandbox/pause image to 3.9
bf9eec8cb Add debug to identify when a relabel was not requested
2ee3398cb high perf hooks: disable CPU quota with libcontainer as a pre start hook
11141ac32 test: add test for cpu-quota.crio.io
69a6d6fc2 Fix events generated by Evented PLEG
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Renato Caldas <renato@calgera.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping cri-o to version v1.27.0-14-g81ac4cea5, which comprises the following commits:
69a6d6fc2 Fix events generated by Evented PLEG
86cae21ec cgmgr: set sched_load_balance to disabled on sandbox cgroup
47d6d6c82 test/pod.bats: update to current setup
2b7f614e0 cgmgr: create cgroups for systemd cgroup driver for dropped infra pods
b415e72d6 Fix vendoring
6df1f0711 Update c/common to v0.53.0
cd9636049 Download more dependencies instead of vendoring
230e28acb Stop vendoring release notes tool
a2b280af4 build(deps): bump k8s.io/release from 0.15.0 to 0.15.1
cc00b5a62 version: bump to 1.27.0
f5ce04e04 bump cri-tools to 1.27.0
bc45b9021 Fix restore tests
8d6b49db2 build(deps): bump github.com/containers/podman/v4 from 4.4.2 to 4.5.0
a28b1e760 Add unit test for crictl info with verbose
875c3a2b1 Add basic crictl info config with sandboxImage
070668a35 Bump crun to v1.8.4
48bc2bd8d contrib/test/ci: cache runc and crun setup unconditionally
48cf728dd config: mark seccomp-use-default-when-empty as deprecated
a2961f8c3 Bump runc to v1.1.6
efaea1060 high perf hooks: move cpu-quota disable handling to container creation
566aa128a high perf hooks: remove test for cpu load balancing
65d25545e high perf hooks: update cpu load balancing to be cgroup based
cc50b438b test: add cpu load balancing test
cf77d5383 build(deps): bump github.com/onsi/gomega from 1.27.2 to 1.27.6
acd4d30ba Bump Kubernetes to v1.27.0
0087d0ee7 Don't use KUBE-MARK-MASQ in hostport rules
c1c52191d Update template.go
4bc36eabd contrib/test: don't cache the cri-o content
6fcbca13f Don't print `Dependencies` if `crio version` it not verbose
4073764a8 Update nixpkgs
9aa7afcec Update golangci-lint and config
cb70d29b9 internal: fix the release version for release notes
3890a7222 internal/storage.runtimeService.createContainerOrPodSandbox(): read ID maps
b325ad692 Set umask for crio container
28f910952 build(deps): bump github.com/docker/docker
53431c68a runtimeVM: fix Exec(sync) overwriting the initial spec args
400793fab vendor: use go-github to fetch the latest tag from github
e9a932f04 Update bom and use binary directly
4edb9e8ea Fixed signature check for commit-based downloads
a86fbb63e Fixed issues found by shellcheck
0c029c62e Fixed signature check
9e5b533a3 Fixed version substitution
bbe4b04a5 Generate proper signature check
683e4f858 test: run irqbalance tests serially to avoid race condition
e07246fc1 Update crun to v1.8.3 and runc to v1.5.1
fd35a25b1 OCPBUGS-10970: Fix the interrupt mask width when encoding
934765cf6 Update zeitgeist to v0.4.1
5e512d6ef create the metrics endpoint with correct shutdown logic
2b7efa752 build(deps): bump github.com/urfave/cli/v2 from 2.24.4 to 2.25.1
604e7bb6b Remove `scripts/node_e2e_installer`
f1e9c0e8c server: wire support for userns volumes
973c51a7b vendor: bump cri-api
a8bd24c60 test: add irqbalance dependency to CI
ed7bbaf28 contrib/test/ci: disable failing sig-network test for v1.27 release
2184981ea Remove SELinux policy download
e57047253 Add spdx signature and cert to release notes
d7cf40b7e oci: Enable checkpointing of file locks
d719028aa build(deps): bump golang.org/x/sys from 0.5.0 to 0.6.0
c4c583014 go.mod: update CDI dependency to 0.5.4.
11cbc5fd7 build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
44d878e93 test: add irqbalance dependency
f74da33a7 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
4bb2e930e Fix get script
f556f5a58 build(deps): bump sigstore/cosign-installer from 2 to 3
244982179 Bump crun to v1.8.1
246c59139 go.mod: update github.com/containerd/nri to 0.3.0.
be2cc0eb5 build(deps): bump cachix/install-nix-action from 19 to 20
11c9401a8 build(deps): bump github.com/onsi/gomega from 1.27.1 to 1.27.2
cd8346082 Pin nix version to fix static builds
f112d497d Add new parameter hostnetwork-disable-selinux
96906a86c [CI] Fix validate-completion
ab8fc4f7d build(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.2
dde09588c build(deps): bump github.com/containers/storage from 1.45.3 to 1.45.4
b769f0dbb build(deps): bump github.com/containers/podman/v4 from 4.4.1 to 4.4.2
9f9fc8a19 build(deps): bump github.com/containerd/containerd
1a488f516 test: Avoid parallel execution
b74d76c79 test: add integration test for irqbalance
e15854938 highperfhooks: add option to configure irqbalance restore
3f9d21c7e Fix cgroup leak for systemd cgroup driver
7af09fa0a unit-test: call UpdateContainerResources when nri enabled
828ad0200 nri: add protection against nil dereference
97b03c338 build(deps): bump github.com/containerd/fifo from 1.0.0 to 1.1.0
b267ed784 highperfhooks: add logs in the irqbalance restore
3774df887 highperfhooks: test: use ExpectWithOffset
e21dd08e9 highperfhook: use internal/.log, not logrus
9ee51c429 docs-validation: try String() for struct field values.
ab3b401b0 internal/oci: don't crash when getting unset Spec.
fa2abd239 test: update NRI BATS test.
1d0ca6fd1 completions, docs: update completions and man pages.
f5afa87ce config,criocli: update NRI deps, configuration.
7cfdaebb6 Update to c/image 5.24.2
a78a7d470 build(deps): bump github.com/onsi/gomega from 1.27.0 to 1.27.1
38455da55 build(deps): bump github.com/psampaz/go-mod-outdated from 0.8.0 to 0.9.0
221a7d0f9 build(deps): bump github.com/onsi/ginkgo/v2 from 2.8.1 to 2.8.3
95f5c57aa build(deps): bump cachix/install-nix-action from 18 to 19
1f909bc5e test/*: add test for checking the /etc folder permission
ef164da82 server: fix the permission issue for `/etc`
7b812d0ab build(deps): bump github.com/containers/buildah from 1.29.0 to 1.29.1
7c21bc7d7 build(deps): bump github.com/onsi/gomega from 1.26.0 to 1.27.0
a091d6c8f build(deps): bump github.com/urfave/cli/v2 from 2.24.3 to 2.24.4
25b06a987 Remove `zeitgeist` from golang dependencies
ba4d53c14 Bump golang dependencies
9216a817a Revert "main: shutdown server only once"
d573f0406 Drop `ENABLE_POD_EVENTS` var from e2e installer script
79a6d4fec Fix roadmap links
b59e59572 test: use container_sleep for idempotent test
169908b5a Update github.com/containers/image to v5.24.0
62173e974 main: shutdown server only once
2f2d152d8 Bump the CRIO commit to the latest main
10a6096f9 Add documentation about how to use tracing
66b6bb3bc Switch to go 1.20 for CI jobs
49cbab56a dependencies: bump conmon to v2.1.6
679bbbf20 Closes #5653 Return ContainerResources in ContainerStatusResponse Signed-off-by: T K Chandra Hasan <t.k.chandra.hasan@ibm.com>
0e7fdcaf0 Update opencontainers/runtime-tools to a6a073817ab0.
4cf3d3774 runtimeVM: ignore missing shim path for deleted containers
c80ae0acd runtimeVM: notify server that the container exited
5d23b6a02 contrib/test/ci/*: refactor CI to build a cache image
7600cb4e3 contrib/test/ci: adds time information to tasks
1fb1771bd go.mod: update github.com/containerd/nri.
905bd1b37 Take MaskedPaths and ReadonlyPaths from checkpointed container
cd406494f build(deps): bump google.golang.org/grpc from 1.52.0 to 1.52.3
9a2dae755 Fix unit tests
1edf19505 build(deps): bump k8s.io/klog/v2 from 2.80.1 to 2.90.0
193ae758c build(deps): bump github.com/onsi/gomega from 1.25.0 to 1.26.0
a6a95fe96 Add container stats to the ListPodSandboxStats response
8b3fca69a contrib/cni: provide more context around file selection
f648ff47f build(deps): bump github.com/urfave/cli/v2 from 2.23.7 to 2.24.1
72e54a7de Add additional metadata to inspect and checkpoint
a9d845a6b Update to latest version of checkpointctl
7a8f62f1b Removed pod checkpointing support
f291de93a Make storage unmount less strict
f3ed08a35 build(deps): bump k8s.io/release from 0.14.0 to 0.15.0
1226a601c packit: install wget before build
8e42d5360 build(deps): bump github.com/containers/ocicrypt from 1.1.6 to 1.1.7
d85a8b3cf Update OTEL dependencies
42c00941b Update CNI plugins to v1.2.0
437d7bbf9 GOVERNANCE: add org member tier
8fc1e91d3 CoC: replace with CNCF one
0059f24a6 mention MAINTAINERS file in GOVERNANCE
dbf1ee997 Add MAINTAINERS.md document
700fe6590 README: add roadmap
35cce86f8 add a public roadmap
ae9712231 update GOVERNANCE.md file
5ef5271b3 build(deps): bump mvdan.cc/sh/v3 from 3.5.1 to 3.6.0
34a7052a8 build(deps): bump helm.sh/helm/v3 from 3.10.0 to 3.10.3
1cc037f57 build(deps): bump github.com/onsi/gomega from 1.24.1 to 1.25.0
ff3aa8105 build(deps): bump sigs.k8s.io/release-sdk from 0.9.3 to 0.9.7
f57e36946 build(deps): bump github.com/sigstore/cosign from 1.11.1 to 1.12.0
ae60a2bb6 Update vendor of opencontainers/runtime-tools
47922035d Allow cross building from non-linux
dfc43f7ba Inject release-notes branch from GitHub actions
6d35f54d7 build(deps): bump google.golang.org/grpc from 1.51.0 to 1.52.0
faeaceddb ci-verify: Run get-scripts only on main branch
752bf4d69 Update critest parameters
89029ed43 hostport: use generic Set
dcc7437db server: update streaming interface to take context
1135dbad5 ci: bump cri-o.spec file to 1.26
5ae6ba51d static: bump go version
9e1b732a9 bump to cri-tools 1.26.0
2d0457814 server: add support for new CRI calls
9f1c91349 server/streaming: add context to methods
eb4719b55 vendor: bump kube to 1.26.0
815a426e8 Enable upstream CI to test node e2e with evented pleg feature
404afb004 Bump e2e-installer script with the latest commit
a410ce6e8 mocks: update with new c/storage mocks
43ed06ee4 vendor: bump storage to v1.44.1-0.20230101110555-a747b27fe4ca
fadc73bc7 job get script: fix conflist path
666a9e91c fix inconsistent documentation for default value of
b78350830 build(deps): bump actions/stale from 6 to 7
79b1b5937 Pass tracer to conmon-rs client
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping cri-o to version v1.26.2-10-gc0557b868, which comprises the following commits:
6ee82e547 Update crun to v1.8.3 and runc to v1.5.1
4bea0d45b create the metrics endpoint with correct shutdown logic
778169257 Update CNI plugins to v1.2.0
8f943a9cc Add spdx signature and cert to release notes
ab5daed67 Fix release notes build for release-1.26 branch
fc032744b version: bump to v1.26.2
141c69ac6 build(deps): bump sigstore/cosign-installer from 2 to 3
46e4d5286 Bump crun to v1.8.1
12cc52830 Pin nix version to fix static builds
2c3c8c7d8 unit-test: call UpdateContainerResources when nri enabled
d3504291c nri: add protection against nil dereference
8438fdf40 docs-validation: try String() for struct field values.
b997d9a61 internal/oci: don't crash when getting unset Spec.
96c12e147 test: update NRI BATS test.
d19c65049 completions, docs: update completions and man pages.
3c1bb518c config,criocli: update NRI deps, configuration.
9831dddef Fix cgroup leak for systemd cgroup driver
0c32aa50d Update to c/image 5.24.2
0015d0477 test/*: add test for checking the /etc folder permission
b1113fa78 server: fix the permission issue for `/etc`
7f60e0419 Update github.com/containers/image to v5.24.0
1f0b14da9 Update opencontainers/runtime-tools to a6a073817ab0.
0841fe69a Add container stats to the ListPodSandboxStats response
3facc028e Make storage unmount less strict
b93180c99 Inject release-notes branch from GitHub actions
5ce93c60e ci-verify: Run get-scripts only on main branch
d8c6707bd version: bump to 1.26.1
741be35fa vendor: bump storage to v1.44.1-0.20230101110555-a747b27fe4ca
f49c3b608 Update critest parameters
1b1b95af8 hostport: use generic Set
1e66eb86e server: update streaming interface to take context
2adc326f6 ci: bump cri-o.spec file to 1.26
ae0a0d5f9 static: bump go version
8f8228b77 bump to cri-tools 1.26.0
fff07d82f server: add support for new CRI calls
cac6a729e server/streaming: add context to methods
ec5beb231 vendor: bump kube to 1.26.0
8ffb14733 mocks: update with new c/storage mocks
48d0bf4ca job get script: fix conflist path
7705f9942 bump to v1.26.0
d06cae7c9 contrib/cni: use cniVersion 0.3.1 for ipv4 only bridge config
5526fae33 bundle: use ipv4 only config because of gh action limitation
1b8b28433 Support evented PLEG in CRI-O
5783c3254 Bump cri-api to support evented pleg
29ce5a7b2 get script: fix conflist path
f317b267d Fix-6080: Update the CNI version to 1.0.0
54b7b5fc0 test, Makefile: hook NRI tests into localintegration.
ab73c1dcd test/nri: add a test client with basic NRI tests.
36305e7bd server: hook NRI into request processing.
773e6e005 nri: add experimental NRI adaptation interface.
907f4edf5 config,cli: add support for NRI configuration.
a6430c8c8 Add test for conmonrs cgroup with no infra container
b6f92b04f Add test for default conmon cgroup type
f323d022c Fix applying cgroup for conmonrs when pinned
6c62954e8 Remove cri wrapper package
093d680dd server/metrics: Update seccomp notifier metrics to reduce cardinality
fe2458341 ci: make golangci-lint happy
da96d6be4 Support checkpointing infra less containers
4a541607e build(deps): bump github.com/onsi/ginkgo/v2 from 2.5.0 to 2.6.1
ebe73f411 build(deps): bump google.golang.org/grpc from 1.50.1 to 1.51.0
7d8f2328f Merge log and metrics interceptor
cb8aa99d7 ResourceStore: delete entries after they're used
1b42a3d4c Use containerd v1.7.0-beta.0
41dca27cb server: fail if HOME variable has a newline
c1d7c54fa systemd: use on-failure as restart policy
88782d59c contrib/test/ci: fix SELinux permission issue on RHEL9
8132ef511 ci: update system-packages.yml to install gpgme-devel on fedora
ac319a568 OWNERS: move vrothberg to emeritus approvers
c095c4781 build(deps): bump github.com/urfave/cli/v2 from 2.23.5 to 2.23.7
7150ba10b contrib/test/ci: fix the when condition for CentOS Stream 9
0ffec79a4 contrib/test/ci: enable crb repo for CentOS Stream 9
905e8485a Update security process
3232ffe2a Downgrade cgroupfs test to Ubuntu 20.04
7d848b3c1 Fix GitHub actions CI
b6b4f8235 Add Reddit to ADOPTERS.md
189e9f7eb Disable typecheck linter
b9d94374b Bump golang dependencies
5e71e4f9c contrib/test: set env variables for integration tests
22249fcf9 build(deps): bump sigs.k8s.io/bom from 0.3.0 to 0.4.1
a67e7776c Port remaining logrus with internal/log
14547d489 Pass ctx so that more tracing spans could be created
19bc7330f internal/log: add a function to start new tracing span
834b60336 Setup logrus hook to attach logs to traces
ef3bed00b Remove CRI v1alpha2 support
c9316ec2a Update golangci-lint and config
3b631242b Add seccomp notifier feature
e3416bda9 build(deps): bump cachix/cachix-action from 11 to 12
71252c17b Disable checkpoint image check as early as possible
658a11552 Correctly extend $PATH before calling conmon during restore
a93201a8e Use correct key for tracing hostname field
923f665ca Add docs that `tracing-sampling-rate-per-million` set to 1000000 refers to always sample
999ba7f59 Fix CI
1e8229d45 build(deps): bump github.com/urfave/cli/v2 from 2.19.2 to 2.20.2
3327991b0 build(deps): bump cachix/cachix-action from 10 to 11
0ce9fb039 build(deps): bump google.golang.org/grpc from 1.50.0 to 1.50.1
1f8221f07 build(deps): bump cachix/install-nix-action from 17 to 18
376f7e9df Update dependencies
316830590 Add logs to OpenTelemetry traces
e56855dc7 docs: updated kubernetes tutorial
53e631663 Update conmon-rs to latest `main`
8bf89f341 Minor Checkpoint/Restore improvements
62d77513b Track type of all bind mounts during checkpointing
331f30bfb build(deps): bump google.golang.org/grpc from 1.49.0 to 1.50.0
997032dec .github/CODEOWNERS: drop runcom
a7a279c84 build(deps): bump sigs.k8s.io/zeitgeist from 0.3.2 to 0.3.5
fb66985f1 config: avoid segfault when workloads.resources is nil
0244fee08 support checkpointing to oci image
ae5d39c74 Fix lint CI on `main`
eabfdb404 [#5240] update supported OS versions
26614cad9 build(deps): bump github.com/urfave/cli/v2 from 2.15.0 to 2.17.1
f7c9c2754 build(deps): bump github.com/Microsoft/go-winio from 0.5.2 to 0.6.0
42bb61393 fix: give loopback a name
9ee3457ff test/README: Update url for kata containers
f1be99faa images/os/Dockerfile: Delete this, it's dead code
570a4c1b9 config: translate monitor fields when printing config
32e6520ff Update config readme
5d20c76fb Allow complete Runtimes config to change
88cc2f9b9 build(deps): bump k8s.io/klog/v2 from 2.70.1 to 2.80.1
28861ed60 build(deps): bump actions/stale from 5 to 6
88c1f772f build(deps): bump github.com/opencontainers/image-spec
b6755fc94 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
c9ba93e08 build(deps): bump github.com/containers/podman/v4 from 4.2.0 to 4.2.1
2a876f1a7 build(deps): bump github.com/containers/buildah from 1.27.0 to 1.28.0
db20b31e1 Do not use deprecated SetNames
4ea5eeddf build(deps): bump github.com/container-orchestrated-devices/container-device-interface
481683497 config: do not remove runc if different default runtime
f24ea6702 workloads: fix whitespace
b3f877a64 template: fix whitespace and comments in runtimes table
b7b56c202 contrib/test: set LOG_DIR to debug kubernetes issues
0b0e16b1c Update conmon-rs
8e1a561e8 Bump conmon-rs code to latest `main`
506e0cbef contrib/test: drop userns integration tests
9db3e8e64 Add basic integration tests for runtime reload
877b5fbdc Add notes on runtime reload support to documentation
a3fb007fb Reload runtime configs on reload
29bff1526 Invert conditional check in ValidateDefaultRuntime
2ba6ee2ed Move default runtime validation to its own function
018657b37 use cri-tools version from dependencies.yaml
406f367cb use AddInheritableCapabilities
9070d982d config: add field AddInheritableCapabilities
9d5fbfd90 resourcestore: add test for stages
40d41e3fb server: update stages according to progress with resource creation
bce2bc388 resource store: return stage when a watcher is requested
a8e2fc166 resource store: introduce stages
1955be644 Add conmon-rs e2e to ansible playbook
24304da5e server: return already created ID for duplicated requests
6b627cbc0 cli: fix some inconsistencies in the help text
0cdd90155 Update vendored files
14926effc go.mod: update goresctrl to v0.3.0
53182dd9b build(deps): bump github.com/urfave/cli/v2 from 2.11.2 to 2.15.0
3b6b98872 Add scripts to run node e2e tests using custom cri-o builds
6d66ea7e6 Fix integration CI runs
7a0b131f5 build(deps): bump sigs.k8s.io/zeitgeist from 0.3.1 to 0.3.2
388032759 metrics: close listener on shutdown
ee5d97254 cgmgr: use NewSystemd from createSandboxCgroup
aede1956a contrib/test/ci: add rhel9 variant-specific changes
8ec499266 removes async
b2a72cbd8 migrates tests to run on GCP
76ec212ea Update build instructions for RHEL 8 distribution
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Rather than using virtual-runc (which choses between the old docker and
opencontainer variants), use the newly added
VIRTUAL-RUNTIME_container-runtime variable, which allows switching
betwen runc and crun.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The /etc/containers/policy.json[1] file is used to specify verification
policy. For now, we can see it's used by both cri-o and skopeo. To avoid
conflict, we use container-host-config to provide this file and make both
skopeo and cri-o depend on it.
[1] https://github.com/containers/image/blob/main/docs/containers-policy.json.5.md
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
crio.service now reports the following error messages:
level=error msg="Writing clean shutdown supported file: \
open /var/lib/crio/clean.shutdown.supported: no such file or directory"
level=error msg="Failed to sync parent directory of clean \
shutdown file: open /var/lib/crio: no such file or directory"
Create /var/lib/crio to avoid such error message.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
For cri-o, libselinux is optional, this can be seen from
its Makefile. So let's make selinux optional by using PACKAGECONFIG,
whose default value is determined by the DISTRO_FEATURES. In this
way, meta-selinux dependency is not necessary.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
libseccomp is not in oe-core. There's no need to check
meta-security any more.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping cri-o to version v1.25.2-11-g1a6bb9c9b, which comprises the following commits:
32d1cb665 mocks: update with new c/storage mocks
fb2753ee2 bump c/storage to fix map leak
3a9449924 Make storage unmount less strict
63f413530 Inject release-notes branch from GitHub actions
7037d1568 ResourceStore: delete entries after they're used
dfff7e6b4 ci-verify: Run get-scripts only on main branch
51d3621c2 Fix GitHub actions CI
aba30569c version: bump to 1.25.2
2845bb5f5 Update c/storage to v1.44.0
c431b53ca Use containerd v1.7.0-beta.0
36c4d1bc2 Bump conmon-rs to v0.4.0
dc9a6b1a8 version: bump to 1.25.1
2863b7d6e Fix lint CI on `main`
e7e849359 config: translate monitor fields when printing config
9edf0c5c7 workloads: fix whitespace
bea0f973d template: fix whitespace and comments in runtimes table
aa329a1e3 Update config README
556d85231 Allow complete Runtimes config to change
9dc1a70b4 Add basic integration tests for runtime reload
7fcef1dbd Add notes on runtime reload support to documentation
d51a01ad3 Reload runtime configs on reload
f06c01231 Invert conditional check in ValidateDefaultRuntime
7ef8fac1a Move default runtime validation to its own function
23081649b config: do not remove runc if different default runtime
b6b835512 use AddInheritableCapabilities
4e4749a27 config: add field AddInheritableCapabilities
24feb7778 server: return already created ID for duplicated requests
e2cce29fc resourcestore: add test for stages
7e7a8d923 server: update stages according to progress with resource creation
b15581620 resource store: return stage when a watcher is requested
398964d9e resource store: introduce stages
706f920f9 cli: fix some inconsistencies in the help text
ebc644a68 Update runc to v1.1.4
a05ddfb4a Fix lint CI
f253c4b7c test: add checkpoint/restore tests
b033570b3 test: do not hard code CNI location
15ec8f36c Provide support for checkpoint and restore
f06e5c8d5 vendor: bump conmon-rs to latest main
7076f72ab oci: add --systemd-cgroup to all runtime commands
f09c1d31b oci: refactor runtime command handling
08ce6edce oci: take ExecCmd
4f5ca801b Update golangci-lint, config and timeout
db3b399a8 server: add container GID to additional groups
b3f970d0f build(deps): bump google.golang.org/grpc from 1.48.0 to 1.49.0
f68121a5b build(deps): bump github.com/containers/kubensmnt from 1.1.3 to 1.2.0
cd90ce156 Bump Kubernetes to v1.25.0
3ba908fdd build(deps): bump github.com/containers/kubensmnt from 1.1.2 to 1.1.3
b241c32d8 Adding annotations for image and sandbox name.
9ef68e8e7 Fix bundle e2e tests
45966c89c build(deps): bump github.com/container-orchestrated-devices/container-device-interface
4b6936f8f bump cri-api to k8s 1.25 rc0
e27f28868 build(deps): bump github.com/urfave/cli/v2 from 2.11.1 to 2.11.2
1ecd63643 build(deps): bump github.com/containers/podman/v4
10069a178 build(deps): bump github.com/containerd/containerd from 1.6.6 to 1.6.8
4b10ed79f build(deps): bump github.com/prometheus/client_golang
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping cri-o to version v1.24.0-292-gda7b5b1d9, which comprises the following commits:
4b6936f8f bump cri-api to k8s 1.25 rc0
1988e00f0 server: handle exit files asynchronously
45a55ed20 server: remove exit file in exit monitor
ced6fdaca server: cleanup exit monitor function
1e27ac3eb server: allow for kubelet to specify -1 for swap
3e7fd1de9 Add packit configuration
66b2ccc34 fix lint errors from 1.19 bump
9b49723de golangci: drop nolintlint
1e2f0055f bump golangci-lint to 1.48.0
7fe1f1b9e dependencies: update with new ci
c42d0d464 bump golang to 1.19
2426f669f fix documentation issue in contrib/cni/README.md: build-output changed
cc933c7a8 build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
30bb89319 utils/RunUnderSystemdScope: fix
3e0aa19bd oci: take opLock for UpdateContainer
a560c8d8f node_e2e_installer: use runc/crun from PATH
1c4d63c41 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
3d0fc3630 fix documentation issues in contrib/cni/README.md
33fbbcde1 Fix possible panic in pod runtime attach
784245033 Pin containers/* dependencies
e82c16b16 migrate image_list to quay.io
f7d02e2c4 add critest-images mirror
dc5769f4f add GCP vagrant environment
76c96ce83 build(deps): bump github.com/containernetworking/cni from 1.1.1 to 1.1.2
2e8612255 Add bundle e2e and integration tests using conmonrs
d4530cb40 Fix nginx based integration tests
45badb2a0 add vagrantfile to test CI and fixes
7f4ddeca6 build(deps): bump sigs.k8s.io/release-utils from 0.7.2 to 0.7.3
19ae364e0 Enter mount namespace if set in $KUBENSMNT environment
483fd0cf0 bats: Alter cleanup_testdir to handle nested mountpoints
65b52fb80 highperfhooks: avoid unbound growth of irqbalance
e09fe0efa Add support for max log size in runtime pod
d3cd7a07b unzips cri-o to the go dir
c60fd9473 Bump crun: 1.4.5 -> 1.5
c2984518d build(deps): bump github.com/urfave/cli/v2 from 2.11.0 to 2.11.1
c42240355 build(deps): bump github.com/BurntSushi/toml from 1.1.0 to 1.2.0
9d5abc2ad Add Lyft to adopters
eff3a3191 build(deps): bump github.com/sirupsen/logrus from 1.8.1 to 1.9.0
74fa8341f Re-enable conmon-rs attach test
ad5f650bd Remove etcd dependency replacement
f6d6ba4c7 updates ansible for use with prow instead of jenkins
d8e76f15e copies test/integration to test/ci
35f4900ba Pin sigs.k8s.io/bom to v0.3.0
edb06fbf9 Switch to `github.com/blang/semver/v4`
6a1b6b581 Fallback to default seccomp profile if not found on disk
639843795 build(deps): bump google.golang.org/grpc from 1.47.0 to 1.48.0
7dc5333c6 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
222051ffb build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
45304727c build(deps): bump github.com/urfave/cli/v2 from 2.10.3 to 2.11.0
084dbcf4d build(deps): bump github.com/emicklei/go-restful
8c66b2aa3 remove succinct option to fix jenkins
4f75284ff build(deps): bump k8s.io/klog/v2 from 2.70.0 to 2.70.1
4ca27d0b0 Remove enable_custom_shm_size
f71d92ed8 Retry dependency report push if failed
410258613 Fix Unmasked ProcMountType
8e6895172 Add a unit test around configuring taskset on InfraCtrCPUSet
5a59d9f58 Add test for "Canonize selinux label"
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping cri-o to version v1.24.0-189-g78992d160, which comprises the following commits:
3e085ffc3 build(deps): bump github.com/containers/buildah from 1.26.1 to 1.26.2
4ca27d0b0 Remove enable_custom_shm_size
4149fa03e Add annotations to allow power management configuration
0f4d79209 Fix release notes pull behavior
44d42542f oci: unconditionally set as not stopping after a stop stops stopping
56b807510 container_server: drop StopContainerAndWait
b4ddab0e7 server: take container server Stop method
7cda39bb4 container server: drop duplicated Remove function
f03e563ec config: set version-file-persist to empty by default
935652c90 version: don't wipe if filename is empty
2e3b19475 bundle: always install runc
c57d3b05c scripts: install runc if not found in get script
6d729cd4d remove Vagrantfile
87a4e8eb7 Fix a link in install.md building section about dependencies
e8e523dda Retry release notes push if failed
ee80a2b9e Bump version to 1.25.0
c00962a51 build(deps): bump github.com/stretchr/testify from 1.7.5 to 1.8.0
a2d1ca204 server: userns support
41f67c326 vendor, kubernetes: update to kubernetes-1.25.0-alpha.2
df5e39094 Fix release-notes tag determination
b068d17cf Upload release notes for each tag
66d33db6b Fix unit test coverage
f61332ed9 hostport: don't use unexported symbol
01a7c0276 server: use k8s.io/utils/clock
20ef6c73e update ubuntu releases
8a981fef4 Pin upstream node e2e test to latest `main`
7f0604ceb Verify SBOM for static binary bundle
489caa132 Use default token for stale bot
0a3bfc078 Switch to golang native error wrapping
b86d8c343 build(deps): bump github.com/stretchr/testify from 1.7.4 to 1.7.5
80d1d7908 Run more stale operations
da2dce1e1 chore: Set permissions for GitHub actions
c800d043b build(deps): bump github.com/urfave/cli/v2 from 2.10.2 to 2.10.3
e30ae00a1 Add stale bot workflow
863d1a334 cgmgr/systemd: don't recalculate cgroup path
d94e48924 build(deps): bump sigs.k8s.io/bom from 0.3.0-rc1 to 0.3.0-rc.2
8c7cc72e4 Generate SBOM for static binary bundle
26138ec52 build(deps): bump k8s.io/klog/v2 from 2.60.1 to 2.70.0
0cdf37c86 Verify signed artifacts via `get` script
fdb6c3b30 server: unify logging in resourcecleaner
896456bc8 server: move cleanup funcs closer to function that provisioned resource
49ad4b0ad build(deps): bump github.com/urfave/cli/v2 from 2.10.1 to 2.10.2
7b2475303 build(deps): bump github.com/stretchr/testify from 1.7.3 to 1.7.4
0f46b58cb Fix container status for HostToContainer propagation
99d86536e Fix docs validation
9f105d8f0 build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.3
748fd5d2e build(deps): bump github.com/urfave/cli/v2 from 2.8.1 to 2.10.1
93fc6b72e build(deps): bump github.com/containers/podman/v4 from 4.1.0 to 4.1.1
491b03a30 Update cgroupfs cgroup manager
de8672f7e contrib/test/int/build/runc: rm build tags
0b3153d7d Bump runc to v1.1.3
a3171b395 Sign static binary bundle via cosign
704f9aeb6 dependencies: update conmon
333cc8988 contrib/test/integration: skip installing conmon via ansible
4b120cbef Fix lint CI
40df9c9ae Bump `go.opentelemetry.io/*` dependencies
06b6e86b2 Bump `containers/*` dependencies
67c18103e Cleanup: remove BuildContainerdBinaryName as it is not called anymore.
b480e8a3b Bump golang dependency on containerd
864733f77 build(deps): bump actions/checkout from 2 to 3
e2a32f36c bump ocicni to v0.4.0
63399460e build(deps): bump github.com/containers/ocicrypt from 1.1.3 to 1.1.5
e67e36753 build(deps): bump google.golang.org/grpc from 1.46.2 to 1.47.0
24d401919 Bump golang dependencies
f72969022 Fix unit tests
37c1a01fe drop use of deprecated package io/ioutil
8bdadc77c security: add 2022 audit report
79e404fa5 conmonmgr: query help text to see if it supports log-global-size-max
a4080bb34 add support for conmon log-global-size-max
b7f15ac3d oci: cap exec sync length
1e277b836 utils/RunUnderSystemdScope: fix wrt channel deadlock
03e4aa482 Bump cri-tools to v1.24.2
2fbf71963 test: set cri stats more idiomatically
efff3878c server: reduce object creation in List{Containers,PodSandboxes}
0cde0a6de update kubeadm init instructions
e5bb0c600 docs: update for CNI package change
62a14cf91 oci: reuse helper function to reduce duplication
9fea6e219 oci: kill children of container if it is in the host pid namespace
f6d963871 Add pause/unpause description to readme
35ca21623 Fix review issues
fa435f79c Use a default umask of `0o022`
6293c07b9 Fix it case failed
5d75cc24a Fix review issues
26432e631 changesinREADME
908111147 move 1.23 to 1.24 in README
85bcbe8d1 OWNERS: remove fgiudici
eb41d30e0 build(deps): bump actions/download-artifact from 2 to 3
c14faa62e build(deps): bump golangci/golangci-lint-action from 2 to 3
7fe39c7bc Add integration test for remove paused ctr
33997ae93 vendor: bump crypto package
8a090364d 1.When in paused state, stop contianer should unpause it 2.We should treat paused state as running, or kubelet will delete it and restart one
1e61f1318 build(deps): bump actions/setup-go from 2 to 3
c40fa5350 fix review issues
985c182a4 build(deps): bump google.golang.org/grpc from 1.43.0 to 1.46.2
cef56110d build(deps): bump actions/upload-artifact from 2 to 3
e932964fc build(deps): bump cachix/install-nix-action from 12 to 17
bf67bfd4f build(deps): bump actions/cache from 2 to 3
7db2b3b39 Try to force delete ctr when in paused state
0c1bf03fa chore: Included githubactions in the dependabot config
c657f4623 Fix some uses of Atoi
54d7da638 typo fix
2b8a7055c Typo fix
d4ec76bd4 Add CodeQL Github actions
ed53fa23b Use go 1.18 buildinfo for version output
21c8f6bde Bump third party dependencies
d68931ddb Run critest with conmonrs
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping cri-o to version v1.24.1-18-gb0d2ef327, which comprises the following commits:
81ef20b38 Fix unit test coverage
7b4941478 Fix release-notes tag determination
0dde66a3c Upload release notes for each tag
29762438c Fix container status for HostToContainer propagation
2cf9cf9df bump ocicni to 0.4.0
5481d35e9 Fix unit tests
b0040ddd9 test: set cri stats more idiomatically
cf0037d1a utils/RunUnderSystemdScope: fix wrt channel deadlock
5b75a4763 oci: kill children of container if it is in the host pid namespace
489819e33 bump to v1.24.1
8acadd3f4 conmonmgr: query help text to see if it supports log-global-size-max
fc852b402 add support for conmon log-global-size-max
77f0429d9 oci: cap exec sync length
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping cri-o to version v1.24.1
We refresh one patch, add add textrel to our QA check skip list.
Which imports the following commits:
489819e33 bump to v1.24.1
8acadd3f4 conmonmgr: query help text to see if it supports log-global-size-max
fc852b402 add support for conmon log-global-size-max
77f0429d9 oci: cap exec sync length
9441b6700 Fix review issues
ee1a8519f Fix it case failed
027ab3f50 Fix review issues
db4a4aa51 Add integration test for remove paused ctr
76d1a929e 1.When in paused state, stop contianer should unpause it 2.We should treat paused state as running, or kubelet will delete it and restart one
3b25e48e4 fix review issues
eff3af248 Try to force delete ctr when in paused state
62d81d722 vendor: bump crypto package
3d516c53b oci: Move exec probe process to container cgroup, if enabled
8294126fa config: Add monitor_exec_cgroup config option
9a2723cb4 Reenable pod runtime in package spec
ae024bd0a dependencies: Upversion conmon dependency to v2.0.27
1737a4702 Sanitize conmonrs log level and print used version
5658fd35a Wrap runtime pod errors
b4bbd4d94 openshift test: use go 1.18
aa13dfb7b openshift test: add skip_pod_runtime to cri-o spec
d6aff5b63 Bump nixpkgs and use go1.18
4864ffc60 Fix golangci-lint errors
d0664581d add runtime pod
c33e14fc1 vendor conmon-rs
3b80d009b oci: add IsInfra method
0f601939e oci: lock for runtime creation
1376307fb test: use go 1.18 for lint
b98f15851 Move WillRunSystemd call after iterating the mounts
2a75c8307 Add sha256sum bundle files to uploaded artifacts
9f6a6724d crio:fix a bug about log container
901310bdd oci: use runtime handler level monitor fields
12758b2b3 config: assume default conmon cgroup if it's not specified
240de5f3f template: add comment to runtimes table
5a8223c75 config: replace Conmon specific fields with runtime handler versions
de2105a17 main(): don't treat reexec.Init() == true as an error
1de3e5ed2 crio:try fix integration test failed, because unpause not on time
6dfc68de4 config: increase pids limit to unlimited and deprecate it and logSizeMax
9ff165b4e bump ocicni to 0.3.1
b447dff77 bump containernetworking cni to 1.1.0
3fa33fe48 crio: unpause ctr after test
8e9ddee87 crio:fix golint check warning
019c578fa fix(stats): incorrect id on zfs driver
153bb668c crio:fix crun it failed
87f7f00f3 crio:update status after pause/unpause container
54912d7c8 oci: cleanup log path if the container failed to create
7a65dc340 utils: remove unused io related packages
9b111b532 runtime_vm: use containerd deps for container io directly
2da7482db remove the external dependency on the conntrack binary
1955cc167 go.{mod,sum}: update CDI deps to v0.3.2.
a8687861c server: no longer use hardcoded timeouts
64270ef91 fix builds by passing -buildvcs=false on 386
48230e006 test: bump to go 1.18.1
d41e3cbe6 Disable systemd-mode cgroup detection conditionally
e10376810 crio: Fix review issues and make format shell file
78308acd4 Add bats test to ensure namespaces are cleaned up on pod stop
ec1414424 pinns: Check calloc return value
adfe57b5d bump to 4.11 image
5e72b4133 crio: Fix code style
270d195ec crio: implement extended interface for pause/unpause container
31c278301 seccomp: drop unshare syscall from default profile
1098cc9b9 Retry to set CPU load balancing before return the error
7ccafd559 build(deps): bump github.com/BurntSushi/toml from 0.4.1 to 1.1.0
9b735153b Fix integration tests
862b27b8c Switch to registry.k8s.io for the sandbox Image:
9ebdeef1e Change the mcs order in selinux.bats to test the canonization of selinux label
1a9a3fdae Canonize selinux label for comparison with filesystem label
b106fcd71 oci: fix segfault in pod stop code
3e9d77257 capabilities: drop inheritable
afe738b18 Bump ocicni to v0.3.0
7b5a67f51 Switch to ginkgo/v2
1999baa2f Add bats test for infra_ctr_cpuset taskset
9fada28f7 Add bats test for zombie conmon cleanup
15afd20ee Update golangci-lint and config
13d7b9738 Bump golang to 1.18.x
1af1f8af2 pinns: Pass sysctls as repeated '-s' arguments
eb8715d30 Fix shell format
c3095bf20 README: Update EOL & Version Skew links
05c443b06 config/sysctl: fail if there is a + in the value
ea39e74f2 Fix critest
739379b0c Enable `--seccomp-use-default-when-empty` by default
98c18d1cb test: update to new runc behavior
4cb2407a2 Automatically chcon and restorecon on get script
bef94e1f8 Pin `github.com/u-root/u-root`
3be4dba79 Switch to `main` for `get` script
09399e41f Bump nixpkgs
51a800af0 Pin nixos/nix version
97df87f71 test: allow state of failing tests to be kept intact.
32d682800 factory: take capabilities setup
a643dad27 Add dedicated security information
d65414758 test/crio-wipe.bats: don't nuke $TESTDIR too early.
ff36ee6e0 test/cgroups.bats: fix incorrect setup order.
128165130 test/cdi.bat: add CDI integration tests.
a0d3fd8aa config,cli: add configuration for CDI.
f35fba448 pkg/container: implement CDI device injection.
572616137 go.{mod,sum}: update deps, vendor.
683baa221 contrib/test: force BATS symlink in place.
0be4d0611 contrib/test: always install BATS for integration.
2426bdb4c openshift e2e: bump cri-o version
e337fa364 bump to 1.24.0
5cad5f287 test: avoid concurrent crictl config writes.
bc240fd4c server: stop deleting pod from idIndex if already gone
a4b5f0c15 CI: use kubernetes from git tip
03064f4ca test/e2e: update skipped test list
65f93912d contrib/test/int/build/kubernetes: rm deprecated RunAsGroup
2e7a4d375 server: use syncfs instead of fsync
d9102e748 config/sysctls: validate against invalid spaces
230409570 [gitpod] use latest workspace full
6c3144af2 hack/build-rpms.sh: fix yum-builddep failures
52adfe025 ci: bump shellcheck to 0.8.0
92edea6dd test/apparmor: suppress bogus SC2031/2031
ca10da055 test/cni_plugin_helper: suppress shellcheck warning
0655dd213 test/test_runner: rm eval, fix comment
1acde4379 OWNERS: move rhatdan to emeritus approvers
d280c71ce OWNERS: move runcom to emeritus approvers
4041adc55 utils: Sync: use f.Sync
14d742672 Deny empty `localhost/` AppArmor profiles
bd02dac92 OWNERS: add first round of reviewers
626446e5c OWNERS: Move @sboeuf to emeritus approver
8aab1e8f2 int/storage: getReferences: fix gocritic warning
f1ca25bc5 server: fix (rather than ignore) gocritic warning
bc839156e server/streaming: specify the linter
fa2fd247f ci: bump golangci-lint to 1.44.0
cc6ed292b scripts/release-notes: fix printf args
f0e70901e scripts: fix a typo
b1705dc28 int/version: fix forcetypeassert linter warning
851916f0d server/container_create_linux: fix forcetypeassert warning
a2760072b utils: fix forcetypeassert linter warnings
d295f8b24 server/streaming: fix nolintlint warning
dd70c87ab int/storage: fix gosimple warning
f26fafdc5 int/config/cgmgr: fix stylecheck warnings
bc91cdb57 Format code using gofumpt 0.2.1
98d945cc9 Makefile: fix a comment
bb96cd907 test/crio-wipe: fixups
107fe3853 ISSUE_TEMPLATE: fix grammatical error
1affa13d9 OWNERS: move @sameo to emeritus_approvers
4dc761f9f ISSUE_TEMPLATES: update membership form to be reviewer form
592aa5159 ISSUE_TEMPLATES: add a couple of more
238e4d009 image: use imageCache value for ImageStatus()
411e15058 contrib/bundle: remove deprecated kubelet option.
15048929c minor edit: removed dead link from TOC
0dd5d2d00 oci: drop WaitContainerStateStopped
6449ff0d3 oci: fix a leaked goroutine
40165cb5b internal/factory/container: initialize from pkg/container
0dabb91b3 internal/factory/sandbox: initialize from pkg/sandbox
6e2472c92 README: update branches
a0f88d3a5 Updated format
a53f1d221 Generate checksum files for artifacts
728731808 test: add test for skipped sysctls
1667b5a66 server: skip sysctls that would affect the host
a7ac4683c deep copy List{PodSandbox,Container} structs
183ac018f GOVERNANCE: fix links
18dfcd273 oci: always have conmon log to syslog
c424e85e7 README: add reference to governance
008b3541a add GOVERNANCE.md
33063001c issue templates: add membership request form
aa8130f62 Add Debian_11 OS variable on installation instructions of Debian Signed-off-by: Wang Kai <persistence201306@gmail.com>
e5dad09ee criocli: produce diff-friendlier zsh completions.
b299c80c5 ci: use main branch for conmon
bcf069b12 server: fix race with kubelet
0769411bb Fix runtime panic on pod sandbox stats retrieval
ef1746095 update go to 1.17 in go.mod
acde72556 Reuse createContainerIO in CreateContainer
0731a9b57 Fix vm containers couldn't restore after CRI-O restart
386d4a447 ci: use main version of runc
28585442e openshift e2e: bump ci image
35c02b56e server: fix a potential NULL-pointer dereference.
20370fa95 Documentation: expand on CNI CIDRs in the kubeadm tutorial
143a623ad test: update tests for allowed_devices
56929cdb9 config: add AllowedDevices option
2aceed0f0 pass the main mount point to fix crypto profiles binding
6b887e9c3 Add Nestybox to the CRI-O adopters list.
33e25b47b server: drop duplicate log message
25a2eec40 pkg/container: fix container device GID fallback.
a68b239af bump crio commit for upstream k8s CI
d7da8b2b0 adds config template linting
86e43fc28 adds comments to default values
ff2a04e8b server: don't set memory swap when it's not enabled
5ebc4a407 Inherits storage configurations from storage.conf if crio config does not set
d0d8fb3a7 use cmdrunner singleton
2237f2658 conmonmgr: refactor for new CommandRunner
878040d10 cmdrunner: update mocks and add target to makefile
b3bb86659 config: prepend commands with taskset if InfraCtrCPUSet is configured
e9f0bb6c8 cmdrunner: add tests for prepended commands
04e9c61e3 cmdrunner: create singleton
fd2e2aeec Use timeout for conmon cgroup move
9af5e3363 build(deps): bump google.golang.org/grpc from 1.42.0 to 1.43.0
9a051dede Fixed a problem where metricImagePullsBytesTotal was getting updated twice and on second call getting incorrect labels
347f04161 test: add test ensuring a stopped pod is restored
86fd03b81 sandbox stop: remove namespaces
e02d5bf15 restore: handle removed namespaces
334e925ac Partially revert "restore: restore stop before managing namespace"
948b92bd7 restore: ensure containers are wiped on reboot
c3f75859b build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
78e1c80af build(deps): bump github.com/opencontainers/runc from 1.0.2 to 1.0.3
d8ea9f6ca vendor: bump c/image to 5.17.0
11c127f3d pinns: Add LDFLAGS to Makefile
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping cri-o to version v1.23.1-16-g1607c6ec2, which comprises the following commits:
f2d8f69e3 config/sysctls: validate against invalid spaces
b1932286d server: stop deleting pod from idIndex if already gone
bccfd5110 [1.23] ci: use kubernetes 1.23, cri-tools 1.23
2630e0f88 contrib/test/int/build/kubernetes: rm deprecated RunAsGroup
e50405e5a hack/build-rpms.sh: fix yum-builddep failures
574393461 image: use imageCache value for ImageStatus()
4559c3328 oci: fix a leaked goroutine
e19f812f9 Reuse createContainerIO in CreateContainer
c9b4eb84e Fix vm containers couldn't restore after CRI-O restart
3899601f9 release-notes: add args for checksum fields
abe57a58b Updated format
b2fba4cf7 Generate checksum files for artifacts
0c619fc21 bump to v1.23.1
24092dd77 test: add test for skipped sysctls
b2ac1b7ca server: skip sysctls that would affect the host
8d512cbac server: don't set memory swap when it's not enabled
ac75b6cf0 deep copy List{PodSandbox,Container} structs
76e9feca0 ci: use main branch for conmon
54b6b7932 server: fix race with kubelet
987bd1366 Fix runtime panic on pod sandbox stats retrieval
a8513868c ci: use main version of runc
a6d6d3dde openshift e2e: bump ci image
8520be5fc server: fix a potential NULL-pointer dereference.
bc38aa734 pass the main mount point to fix crypto profiles binding
dc4bea916 test: update tests for allowed_devices
0f57bf75c config: add AllowedDevices option
dc224daf3 server: drop duplicate log message
11ffa6cbe test: add test ensuring a stopped pod is restored
a1ada429a sandbox stop: remove namespaces
89eccb5fc restore: handle removed namespaces
873414dbf Partially revert "restore: restore stop before managing namespace"
fe0e69dc8 restore: ensure containers are wiped on reboot
b905626d9 use cmdrunner singleton
228f82dbb conmonmgr: refactor for new CommandRunner
97bbe0637 cmdrunner: update mocks and add target to makefile
8ec9ce138 config: prepend commands with taskset if InfraCtrCPUSet is configured
81761eb2e cmdrunner: add tests for prepended commands
9c915e269 cmdrunner: create singleton
499540011 Use timeout for conmon cgroup move
04e8e4081 Fixed a problem where metricImagePullsBytesTotal was getting updated twice and on second call getting incorrect labels
021b5ba00 vendor: bump c/image to 5.17.0
dba27ab7e Add new metrics that match Prometheus best practices and reduce cardinality * add metrics with new names that match naming best practices * use _total for all counters * use base unit seconds, bytes * metrics that do not follow best practices have been marked deprecated, these can be removed in a future release, it is to ensure non-breaking change for couple of releases
e7aa30fdc unit test: fix relative log test
acc746e52 unit tests: update pinns path in case it isn't found in PATH
9f584ca4c test: skip target tests for userns
972c29c2d test: add test for target namespace
0176d5f92 add support for target PID namespaces
da0de5373 test: give testunit sudo
4b0d40ad4 oci: add managed pidns to container object
1fa69c707 pkg/container: take container namespace configuration
546732eed nsmgrtest: take some namespace related test code
440ba9feb nsmgr: add function to pin existing namespace
e122cb4f0 nsmgr: take (and rename) NamespacePathFromProc
8db9a89a5 pkg/sandbox: take config initialization
6f4e7bf8c Bump Kubernetes to v1.23.0
da8f9a07e set user.max_user_namespaces in case it's not
b8a766213 lint: bump cyclo complexity
0864aed84 gh-actions/contrib: setup sub{g,u}id
067551101 docs: add tutorial for setting up user namespaces
5d3c5a67f oci: put conmon in infra ctr cpuset if it is in the pod cgroup
231a358d2 test: add tests for user namespace annotations
ce3699969 test: move workload creation function to helpers
87aede8d5 cni manager: catch server shutdown
f3d2c601e server: notify user when network isn't ready yet
99e93ee58 stop using hardcoded "pod" const
9f81e4a00 oci: always reap conmon zombies
ab1b1aaaa clarify some error messages
96679844e Drop intermediate CRI types
3162e0552 Relabel containerenv files
f154c7c3c Add minimum_mappable_(u|g)id settings
bbc944cf6 Fix runtime panic on stats server shutdown
efcf8afe6 restore: restore stop before managing namespace
dec3bf5c9 server: add {,List}SandboxStats
5ba5cb0be server: refactor sandbox list
64870e3d8 server: use stats server to get container stats
b17b7dfd9 container server: use stats server
7f136833c stats: add stats server
43db34fb6 config: add StatsCollectionPeriod field
2569255c9 cgmgr: move most of stats handling to cgmgr
c6efa96ee oci: make changes in preparation for moving stats functionality:
536c08423 server: stub {List,}PodSandboxStats
542eb5580 server/cri: add PodSandboxStats support
ad71bd9ff vendor: bump cri-api
c5dd30dd1 server/cri: refactor to make stats processing unified
a598debac pkg/config: use iota
40dcd6da9 Add go 1.17+ go:build tags
6fbd6773f Remove redundant build tags
3064a9d7a Add containerenv file to containers This file indicates that the current environment is inside a container environment. The same technique is used by podman and docker. The same file name/path as podman was used, as it is vendor agnostic.
86538358a build(deps): bump github.com/containerd/containerd from 1.5.7 to 1.5.8
5fb7618d5 config: merge runtime and workload allowed annotations
28b01dad2 Updates kubeadm.md: The cgroup property is removed in [kubeadm-config.v1beta3](https://kubernetes.io/docs/reference/config-api/kubeadm-config.v1beta3/)
5a510ad7f build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
99027c321 Specify runtime table format in the error message
1f7b886d7 build(deps): bump github.com/containerd/ttrpc from 1.0.2 to 1.1.0
cbfab09d5 server: fix segfault when using cgroupv2
0f99f3348 gh-actions: add sed for kube e2e
880744562 release-notes: update to main
60615f0a3 build(deps): bump github.com/onsi/gomega from 1.16.0 to 1.17.0
8530f0a38 build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
8daa9039a Bug 2012838: fix override storage options from storage.conf
0ce45a372 oci: fix deadlock in container stop code
cf7f6f5af build(deps): bump google.golang.org/grpc from 1.41.0 to 1.42.0
a216d3d24 oci: always close chControl
1e8e40aaa oci: make some channels buffered
3036101b0 build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
cf3524471 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
2e1048422 build(deps): bump github.com/godbus/dbus/v5 from 5.0.5 to 5.0.6
10f8f17c4 Add annotation that makes /sys/fs/cgroup writable
7f747dde0 Add support for CNI plugins v1.0.1
ec6305762 bump(deps-opentelemetry)
37418e122 pin go.opentelemetry grpc/otelgrpc v0.25.0
c16429eb1 opentelemetry: add gRPC tracing
2a5623a2e build(deps): bump k8s.io/klog/v2 from 2.20.0 to 2.30.0
3571d9c74 build(deps): bump github.com/go-logr/logr from 1.1.0 to 1.2.0
ca38caa74 version: bump to 1.23.0
808681227 build(deps): bump github.com/containers/podman/v3 from 3.3.1 to 3.4.1
0b1b2061f build(deps): bump github.com/containers/common from 0.43.2 to 0.46.0
8f1daefc6 test: drop swap disable playbook
f253acb15 server: add support for CRI unified field
cd8bc4c1f server: implement swap support
9ab385d44 server/cri: add support for 1.22 features
aca331db3 test: bump cri-tools version
518fceb63 scripts: pin cri-tools version
97773983e server: reduce needless copying for sb.NamespaceOptions
b8b2f308d oci: refactor internal structure to use CRI type
9c813715d oci: use server CRI metadata type for containers
91289b929 sandbox: refactor internal structure to use CRI type
e45403022 sandbox: save createdAt as a int64
99cb4a362 build(deps): bump github.com/containerd/cgroups from 1.0.1 to 1.0.2
c119e253d build(deps): bump github.com/creack/pty from 1.1.16 to 1.1.17
6845b4233 build(deps): bump github.com/Microsoft/go-winio from 0.5.0 to 0.5.1
f61a4e097 Bump Kubernetes to v1.22.2
2cf307d2e sandbox: use server CRI metadata type
01ee37390 docs: emphasize deprecation notice
b7a80f137 update documentation for workloads
83518f098 add allowed annotations to workloads
b6b3f4cbb Log HTTP response writer message instead an error
20ad4f609 oci: use c/common signal parsing function
13182e64b Skip volume relabel for super privileged containers
cd2b0028a oci: chown stdin pipe to user in the container
c0a8f339c test: fix selinux test failures
f27efb28a build(deps): bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5
cd7f7cb46 Fix runtime handler docs
63d69d2a7 build(deps): bump github.com/containers/image/v5 from 5.15.2 to 5.16.1
b753b04a2 scripts: fix release branch forward script
87b8e5d05 server: FilterDisallowedAnnotations of containers earlier
0e02798d6 server: conditionally relabel volumes given annotation
99dac5fb8 build(deps): bump github.com/containers/storage from 1.36.0 to 1.37.0
6ec1ec47c test: refactor allowed_annotation tests
e70542f26 server: reduce args in addOCIBindMounts
f3106693c build(deps): bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1
74177a645 test: add label for openshift e2e in dockerfile
b2e665754 build(deps): bump github.com/containerd/containerd from 1.5.5 to 1.5.7
28043f5a9 test: skip certificate check for downloading parallel
086386bb1 Remove usge of deprecated apt-key in Ubuntu install
7ca329409 Fix install.md links
0f455e285 build(deps): bump google.golang.org/grpc from 1.40.0 to 1.41.0
245a88040 use a more appropriate console with code block
8c088319f build(deps): bump k8s.io/api from 0.22.1 to 0.22.2
ef861e8c7 build(deps): bump k8s.io/cri-api from 0.22.1 to 0.22.2
c7e8c26f5 build(deps): bump sigs.k8s.io/yaml from 1.2.0 to 1.3.0
757c863d5 build(deps): bump github.com/creack/pty from 1.1.15 to 1.1.16
5dd999e05 build(deps): bump k8s.io/apimachinery from 0.22.1 to 0.22.2
683428d75 fix node e2e
756543ec8 build(deps): bump github.com/intel/goresctrl from 0.1.0 to 0.2.0
d56449c4c bump crio commit used by node e2e installer
615ba94fd server: mount cgroup if hostNetwork
77b1a6e62 server: use container level host network setting
45366c8c7 server: don't recalculate hostnet
6493d8640 Fix typo in install.md
7071e5b3d Remove one of the explanations for `bind_mount_prefix` because it is duplicated.
7fe435d7d node e2e: keep infra container
c6f1ed4d5 add unit test for the `server/sandbox_remove`.
ce96d93c2 test: fix journald test for new conmon
9ada36be0 fix shfmt
19fb1db10 update `install.md` for debian and ubuntu
5b1c43bbb build(deps): bump github.com/json-iterator/go from 1.1.11 to 1.1.12
0833f62f3 build(deps): bump k8s.io/client-go from 0.22.1 to 0.22.2
f5ebb6c23 fix shfmt
61e08418a server: set spec when dropping infra
68c8989f8 Update 'master' branch links to 'main'
7fc2f88ce bumps pause image to 3.6
3fd1cd226 server: don't wait forever on conmon cgroup move fail
a9add6909 build(deps): bump github.com/containers/storage from 1.34.1 to 1.36.0
d7cc66fe8 Remove bashism in sh script
15f7f7e4e Do not log if Intel RDT is not supported
b9ad2de69 build(deps): bump github.com/godbus/dbus/v5 from 5.0.4 to 5.0.5
eb45b4891 Fix cluster.yaml for kubectl create
69e88512a call cmd.Wait() in all cases we call Start()
07328622a oci: call wait on conmon if cgroup move fails
a377aec52 build(deps): bump github.com/go-logr/logr from 1.0.0 to 1.1.0
38f41c16a Fix `crio_image_pulls_layer_size_` metrics docs
9195a3417 Adapt to klog incompatible changes
a5716420b build(deps): bump k8s.io/klog/v2 from 2.10.0 to 2.20.0
6b96358ef Add `--profile-cpu` and `--profile-mem` options
ed0eca0f1 build(deps): bump github.com/containers/podman/v3 from 3.3.0 to 3.3.1
88f5e154d server: remove ineffective `updateLock`.
05e662469 Fix missing quantile in `latency_microseconds_total` metrics
681aa32ed Update crio commit for node e2e
94b9b8688 build(deps): bump github.com/fsnotify/fsnotify from 1.4.9 to 1.5.1
c8ecab3da Bump runc binary to 1.0.2
0d640e6f9 Switch to go1.17 for CI
8bbbbf2b5 fix debian 10 build doc
639d494cd test/testdata/sandbox_config.json: fix the dns_config
af555c038 adds updating instructions to install.md
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
oe-core has remove PNBLACKLIST in favour of SKIP_RECIPE, so we update
our recipe accordingly to avoid warnings.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping cri-o to version v1.22.1-5-ge3dfe61ca, which comprises the following commits:
d89a55e91 gh-actions: add sed for kube e2e
b1ac0896f release-notes: update to main
a90fcad56 test: add label for openshift e2e in dockerfile
1495b80e8 bump to 1.22.1
4ce3396b9 Skip volume relabel for super privileged containers
66e3210e0 test: skip certificate check for downloading parallel
91acfb2e7 test: fix shmft
325ec64d5 vendor: update to selinux 1.9.1
8bacf3132 test: fix selinux test failures
116eff337 server: FilterDisallowedAnnotations of containers earlier
e595eeb06 server: conditionally relabel volumes given annotation
69dfc4bc4 test: refactor allowed_annotation tests
92810c137 server: reduce args in addOCIBindMounts
54f343719 server: mount cgroup if hostNetwork
b40d9220b server: use container level host network setting
53755727a server: don't recalculate hostnet
a220ddf71 server: set spec when dropping infra
85043dab6 server: don't wait forever on conmon cgroup move fail
764e83f44 Do not log if Intel RDT is not supported
4542e5166 call cmd.Wait() in all cases we call Start()
2bd8e315b oci: call wait on conmon if cgroup move fails
d45f1f112 Fix missing quantile in `latency_microseconds_total` metrics
6a8cb41cd oci: use conmon for exec again
ddef4d063 install dependency in test step
f74d274fa blockio: apply annotations and blockio classes to Linux.Resources
7b3f68fa8 blockio: handle class configuration file if set
d7444c86d blockio: enable setting blockio class configuration file
5aacbedb2 fix checking in openpgp_tag.sh
2bfcfb6fb config: set internal_wipe to true by default, and deprecate the option
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
cri-o has joined the projects switching their default branch to
main (and removing the old one).
We update our recipe to avoid fetcher errors.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
github is removing git:// access, and fetches will start experiencing
interruptions in service, and eventually will fail completely.
bitbake will also begin to warn on github src_uri's that don't use
https. So we convert the meta-virt instances to use protocol=https
(done using the oe-core contrib conversion script)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Similar to the oe-core commit:
commit 93ac180d8c389f16964bce8bd5538d9389e970e6
Author: Michael Opdenacker <michael.opdenacker@bootlin.com>
Date: Wed Sep 1 11:20:20 2021 +0200
meta: stop using "virtual/" in RPROVIDES and RDEPENDS
Fixes [YOCTO #14538]
Recipes shouldn't use the "virtual/" string in RPROVIDES and RDEPENDS.
That's confusing because "virtual/" has no special meaning in
RPROVIDES and RDEPENDS (unlike in PROVIDES and DEPENDS).
Instead, using "virtual-" instead of "virtual/"
as already done in the glibc recipe.
We stop rproviding virtual/containerd to keep the namespace clean.
There aren't many users of this virtual provides, but we keep
it around (for now) to maintain compatibility.
At the same time we convert the RPROVIDES to virtual-containerd, to keep
it available and consistent with oe-core use virtual-libc, etc.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Similar to the oe-core commit:
commit 93ac180d8c389f16964bce8bd5538d9389e970e6
Author: Michael Opdenacker <michael.opdenacker@bootlin.com>
Date: Wed Sep 1 11:20:20 2021 +0200
meta: stop using "virtual/" in RPROVIDES and RDEPENDS
Fixes [YOCTO #14538]
Recipes shouldn't use the "virtual/" string in RPROVIDES and RDEPENDS.
That's confusing because "virtual/" has no special meaning in
RPROVIDES and RDEPENDS (unlike in PROVIDES and DEPENDS).
Instead, using "virtual-" instead of "virtual/"
as already done in the glibc recipe.
We stop rproviding virtual/runc to keep the namespace clean.
There aren't many users of this virtual provides, but we keep
it around (for now) to maintain compatibility.
At the same time we convert the RPROVIDES to virtual-runc, to keep
it available and consistent with oe-core use virtual-libc, etc.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
Updating to the latest cri-o development branches to align with
k*s testing and dev.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
OEcore/bitbake are moving to use the clearer ":" as an overrides
separator.
This is pass one of updating the meta-virt recipes to use that
syntax.
This has only been minimally build/runtime tested, more changes
will be required for missed overrides, or incorrect conversions
Note: A recent bitbake is required:
commit 75fad23fc06c008a03414a1fc288a8614c6af9ca
Author: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: Sun Jul 18 12:59:15 2021 +0100
bitbake: data_smart/parse: Allow ':' characters in variable/function names
It is becomming increasingly clear we need to find a way to show what
is/is not an override in our syntax. We need to do this in a way which
is clear to users, readable and in a way we can transition to.
The most effective way I've found to this is to use the ":" charater
to directly replace "_" where an override is being specified. This
includes "append", "prepend" and "remove" which are effectively special
override directives.
This patch simply adds the character to the parser so bitbake accepts
the value but maps it back to "_" internally so there is no behaviour
change.
This change is simple enough it could potentially be backported to older
version of bitbake meaning layers using the new syntax/markup could
work with older releases. Even if other no other changes are accepted
at this time and we don't backport, it does set us on a path where at
some point in future we could
require a more explict syntax.
I've tested this patch by converting oe-core/meta-yocto to the new
syntax for overrides (9000+ changes) and then seeing that builds
continue to work with this patch.
(Bitbake rev: 0dbbb4547cb2570d2ce607e9a53459df3c0ac284)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
Since seccomp depends on libseccomp, and seccomp is only available
when the distro feature is enabled, we add the same dependency and
distro feature check to this recipe.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
| |
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping the latest 1.21 release changes, which comprise the
following commits:
bce3e6c5f Fix tests
ec1a512ac Bump to v3.1.1-dev
9f09fb62c Bump to v3.1.0
1386f9046 Fix test failure
38bb77c5b Update release notes for v3.1.0 final release
670e1ac67 [NO TESTS NEEDED] Turn on podman-remote build --isolation
ac4bdd265 Fix long option format on docs.podman.io
96ffce219 Fix containers list/prune http api filter behaviour
e772719bf [CI:DOCS] Add note to mappings for user/group userns in build
52cd3ce2d Validate passed in timezone from tz option
633ae014e Generate Kubernetes PersistentVolumeClaims from named volumes
c9640bab7 libpod/image: unit tests: use a `registries.conf` for aliases
43c772aa2 libpod/image: unit tests: defer cleanup
396a59b02 libpod/image: unit tests: use `require.NoError`
a01b387e8 Unification of until filter across list/prune endpoints
183a68a81 Unification of label filter across list/prune endpoints
d1589f280 fixup
31351ad94 fix: build endpoint for compat API
7148544df [NO TESTS NEEDED] Remove /tmp/containers-users-* files on reboot
88672b58c Check if stdin is a term in --interactive --tty mode
23f3805df [NO TESTS NEEDED] Fix rootless volume plugins
5e3445e6e Ensure manually-created volumes have correct ownership
6b6989206 Support multi doc yaml for generate/play kube
d560f168f Correct json field name
573ed9220 Fix filters in image http compat/libpod api endpoints
1b349d79a podman generate systemd --new do not duplicate params
1089f83a4 Fix podman build --pull-never
be02c8581 man pages: correct seccomp-policy label
62b49e176 [NO TESTS NEEDED] Use same function podman-remote rmi as podman
3d1aaffdb Add problematic volume name to kube play error messages
d498022fd Fix list pods filter handling in libpod api
66b1c2bd9 [NO TESTS NEEDED] Fix for kernel without CONFIG_USER_NS
b55730180 Remove resize race condition
e7dc66d83 [NO TESTS NEEDED] Vendor in containers/buildah v1.20.0
57e0d8f29 Use TMPDIR when commiting images
505f43c08 Add RequiresMountsFor= to systemd generate
15da607d1 Fix swapped dimensions from terminal.GetSize
0127cc184 Revert go-systemd to v2.22.0
4f11517c0 Cirrus: Update configuration for v3.1 branch
834f4caaa Bump to v3.1.0-dev
1b56ea2d9 Bump to v3.1.0-rc2
1ae87ff46 Update release notes for v3.1.0-RC2
3b609a706 Bump github.com/coreos/go-systemd/v22 from 22.1.0 to 22.3.0
1dfbdd5d9 Fix system prune cmd user message with options
afce37671 System tests: reenable a bunch of skipped tests
417f36281 Cleanup /libpod/images/load handler
adf652e2a vendor: drop replace for github.com/syndtr/gocapability
e85cf8f4a security: use the bounding caps with --privileged
f46b34ecd Bump github.com/containers/common from 0.35.0 to 0.35.3
5a18b5eb7 Bump k8s.io/apimachinery from 0.20.4 to 0.20.5
aa2d6e6e6 Fix volumes and networks list/prune filters in http api
ec1651fbf Bump github.com/containers/storage from 1.25.0 to 1.28.0
1ca74b00d add a dependabot config to automate vendoring
a596d1f5d Bump github.com/onsi/ginkgo from 1.15.1 to 1.15.2
8ea02d0b6 network prune filters for http compat and libpod api
8da5fd820 test: check for io.stat existence on cgroup v2
592aae4f9 test: fix test for last crun/runc
1c873c7da test: simplify cgroup path
af3499db5 Latest crun/runc should handle blkio-weight test
82858a97c fix user message image prune --all
3d01d42f2 Docs: removing secrets is safe for in-use secrets
21f229a3d Downgrade github.com/coreos/go-systemd/v22
e8918ff10 pkg/bindings/images.Build(): fix a race condition in error reporting
310eae4ba Switch all builds to pull-never
963d19c75 System test cleanup
f4b2d597a Fix for volumes prune in http compat api
8de560703 Fix remote client timezone test
57e8c6632 Do not leak libpod package into the remote client
762148deb Split libpod/network package
955aaccc5 fix use with localhost (testing)
9251b6c8c add /auth for docker compatibility
3803d0a4a create endpoint for querying libpod networks
12fb9e465 Bump github.com/sirupsen/logrus from 1.8.0 to 1.8.1
660a72993 sdnotify tests: try real hard to kill socat processes
7b0155cf7 Fix array instead of one elem network http api
92a8d69a7 Delete all containers and pods between tests
258749e43 apiv2 tests: finally fix POST as originally intended
c9ef26071 Document CONTAINERS_CONF/CONTAINERS_STORAGE_CONF Env variables
f1eb8e816 Removing a non existing container API should return 404
dc0c72a48 Docs: Add docs to access APIs inside container
6d4899745 options: append CLI graph driver options
930bec4d3 podman load: fix error handling
1f2f7e745 podman cp: evaluate symlink correctly when copying from container
2033fa4c7 rm pkg/api/handlers/libpod/copy.go
31b11b5cd podman cp: fix copying to a non-existent dir
a61d70cf8 podman cp: fix ownership
2abfef380 podman cp: ignore EPERMs in rootless mode
d175fbfdb vendor buildah@v1.19.8
e33f52390 apiv2 tests: add helpers to start/stop a local registry
e926b5d73 Bump to v3.1.0-dev
aa9616cd4 Bump to v3.1.0-rc1
e9db60492 allow the removal of storage images
9eac4a7f7 podman-remote build does not support volumes
d1878cc67 Compat API: Avoid trying to create volumes if they already exist
7e289833e Bump github.com/onsi/gomega from 1.10.5 to 1.11.0
0e36e65ea Allow users to generate a kubernetes yaml off non running containers
80390dd18 Bump github.com/onsi/ginkgo from 1.15.0 to 1.15.1
d0d084dd8 turn hidden --trace into a NOP
320df8388 pkg/terminal: use c/storage/pkg/homedir
cc7a7568a Update nix pin with `make nixpkgs`
9e75cafd5 build-arg
326f3eda3 Handle podman build --dns-search
01ffe2c30 podman build --build-arg should fall back to environment
2c500a814 Add support for podman build --ignorefile
1a33b7648 replace local mount consts with libpod/define
e4da5096b separate file with mount consts in libpod/define
9fc29f63e Correct compat images/{name}/push response
a910f74ea [NO TESTS NEEDED] Bump pre-commit-hooks version
3ae580b0e [ci skip] Bad formatting fix in build documentation
803e58b36 Bump github.com/containernetworking/plugins to v0.9.1
d107c3729 podman-remote stop -time 0 does not work
5bb8fa30b Do not return from c.stop() before re-locking
2bcc95257 Fix for podman network rm (-f) workflow
3396343d4 Bump github.com/coreos/go-systemd/v22 from 22.1.0 to 22.2.0
efc592fba Bump github.com/containers/buildah from 1.19.6 to 1.19.7
793c52dd5 Add tests for selinux kvm/init labels
8453424e2 Respect NanoCpus in Compat Create
a090301bb podman cp: support copying on tmpfs mounts
e43385eca image removal: ignore unknown-layer errors
aa0a57f09 Fix cni teardown errors
f86d64130 Use version package to track all versions
252aec1c9 Check for supportsKVM based on basename of the runtime
53d22c779 Compat API: create volume source dirs on the host
61e626c85 Makefile: add install.docker-docs-nobuild for packaging use
81a3f8a43 Add /sys/fs/cgroup as readonly path in docs
8f2192922 Add network summary to compat ps
4eed89aca Fix possible panic with podman build --iidfile
9391bfc52 Add version field to secret compat list/inspect api
b19791c0b Tidy duplicate log tests
5df625140 Fix support for podman build --timestamp
43e899c2e Rewrite Rename backend in a more atomic fashion
91b2f07d5 Use functions and defines from checkpointctl
bf92e2111 Move checkpoint/restore code to pkg/checkpoint/crutils
bd819ef7d Vendor in checkpointctl
2c8c5393a Support label type dict on compat build
ac992e4b0 Makefile: install systemd services conditionally
63a3b8a09 podman-system-service.1.md: fix timeout example
774aea45e swagger: update the libpodPutArchive operation verb
3908c0079 Makefile: split install.docker-docs from install.docker
2f0fc2911 Bump RootlessKit v0.14.0-beta.0
8b7caa6d0 Compat api containers/json Ports field is null
14d5bd164 Bump github.com/cri-o/ocicni to latest master
7927fe01f Refactor python tests to run against python3.9
9435e5b79 APIv2 tests: make more maintainable
e9d94dc90 [CI:DOCS] Improve release process docs
375201633 podman rmi: handle corrupted storage better
d9cb135b6 Enable cgroupsv2 rw mount via security-opt unmask
cc679d952 podman-image-sign.1.md: typo fix
f54ed7269 compat api network ls accept both format options
680dacaea Enable no_hosts from containers.conf
fcce1da1b Correct compat images/create?fromImage response
ba319e3ba [Compat API] Also print successfully tagging images in /build endpoint
43d010bd0 Fix parsing of Tmpfs field in compat create
24d9bda7f prune remotecommand dependency
bee21f1e4 system test image: build it multiarch
ef549235e Updated based on Jhonce comments
ccbe4ff73 updated common to 0.35.0
836bfebb4 Refactored file
1aa96ed2e swagger: removes the schema type for PodSpecGenerator $ref
431f75519 podman-system-connection.1.md: fix copy/paste error
90050671b Add dns search domains from cni response to resolv.conf
f152f9cf0 Network connect error if net mode is not bridge
fc32ec768 Sort CapDrop in inspect to guarantee order
79eaadd3f podman upgrade tests
3947feb4b test: ignore named hierarchies for cgroups=split
e5ac28f3b container removal: handle already removed containers
a775c5920 Bump github.com/rootless-containers/rootlesskit from 0.13.1 to 0.13.2
0ab32d11d Bump k8s.io/apimachinery from 0.20.3 to 0.20.4
874f2327e Add U volume flag to chown source volumes
fcf669fd9 Replace Labels and Options nulls with {} in NetworkResource
4875a8fb4 Cirrus: Temp. disable prior-fedora (F32) testing
f3a8e3324 podman cp: test /dev/stdin correctly
8577be72e podman cp: treat /dev/stdout correctly
e87c5b6c1 cgroup: change cgroup deletion logic on v1
9d818be73 Fix podman network IDs handling
d9655b0f0 pr-should-include-tests: recognized "renamed" tests
d2f3098c6 --no-header flag implementation for generate systemd
af7a68fa8 [NO TESTS NEEDED] Make binding util internal
c236aebb9 Two variations of --new flag added to e2e
a2e1b3eab swagger: add missing schema properties
5dded6fae bump go module to v3
d333ef82b Fix 'storage.options' indent
d886cd930 Bump github.com/sirupsen/logrus from 1.7.1 to 1.8.0
b40d778f4 Bump github.com/containers/buildah from 1.19.4 to 1.19.6
05eb06f56 Turn on journald and k8s file logging tests
f06dd45e0 Allow podman play kube to read yaml file from stdin
43a581904 Log working dir when chdir fails
d6b0b5412 Fix segfault in run with memory-swap
e1ad50654 leak fix in rootless_linux.c fcn can_use_shortcut
612ba6aa8 Fix journald logs with more than 1 container
9016387bb Fix journald logs --follow
f2d057c94 Fix journald logs --since
fbc50e528 fix journald logs --tail 0
cf2a55189 [CI:DOCS]basic networking guide
71689052a cp: treat "." and "/." correctly
caa0bc157 [CI:DOCS] [NO TESTS NEEDED] Update swagger doc for libpod container wait
31eca5c20 Bump k8s.io/apimachinery from 0.20.2 to 0.20.3
e022c1975 Don't switch on a single case
3e168b19f Quote URL
b3f9559c8 bindings: support simple types that implement fmt.Stringer interface
9699e81a0 API: fix libpod's container wait endpoint condition conversion
a9d548bf7 Change source path resolution for volume copy-up
e2d5a1d05 podman ps --format '{{ .Size }}' requires --size option
12b6342c3 infra: downgrade warning to debug
12a577aea Ignore entrypoint=[\"\"]
684290725 Bump github.com/sirupsen/logrus from 1.7.0 to 1.7.1
68a8d397c Add missing early returns in compat API
5d1ec2960 Do not reset storage when running inside of a container
958f90143 podman kill should report rawInput not container id
759fc9334 Fix an issue where copyup could fail with ENOENT
2ec0e3b65 do not set empty $HOME
2a21ecafa images/create: always pull image
f2f18768a Fix panic in pod creation
0fd480708 Bump github.com/rootless-containers/rootlesskit from 0.13.0 to 0.13.1
2845f7b83 podman build: pass runtime to buildah
39c1fdb15 correct startup error message
690c02f60 Add missing params for podman-remote build
a532994f8 Fix typo podman run doc in flag -pid=mode "efault"
4a9bd7a18 When stopping a container, print rawInput
714acf326 fix create container: handle empty host port
3d50393f0 Don't chown workdir if it already exists
bf083c185 Fix broken podman generate systemd --new with pods
227c54813 fix dns resolution on ubuntu
0ab5bfd31 e2e: fix network alias test
704fa8b55 fix failing image e2e test
9a24d5098 Update troubleshooting.md
6ffd05d0b [NO TESTS NEEDED] Refactor generated code
2c31f3839 Fix superfluous response.WriteHeader call in WaitContainerLibpod()
4067f3a4d change ps Created to unix
78b419909 Enable more golangci-lint linters
adfcb7460 make layer-tree lookup errors non-fatal
78c8a8736 Enable whitespace linter
69ab67bf9 Enable golint linter
ef2fc90f2 Enable stylecheck linter
40c3c972d Update Master to reflect the 3.0 release
660a06f2f utils: takes the longest path on cgroup v1
5f999b6bc container ps json format miscue
8e2fae186 Bump github.com/spf13/cobra from 1.1.2 to 1.1.3
1b5f3ed24 utils: create parent cgroups
9196a5ce3 utils: ignore unified on cgroupv1 if not present
f4fd25a00 utils: skip empty lines
f28b08fe9 Correct compat network prune response
5ccb1596b Display correct value for unlimited ulimit
fdf39e169 apiv2: handle docker-java clients pulling
ea910fc53 Rewrite copy-up to use buildah Copier
31b2b2cc2 bump to v3.1.0-dev
68133414f [NO TESTS NEEDED] Update linter
46b014bad Bump github.com/spf13/cobra from 1.1.1 to 1.1.2
1cc387bf7 Add shell completion tests for secrets
f4ece018b Docker APIv2 push sends digest in response body
f2a856203 Fix compat networks endpoint for a empty result
21deafba8 hardening flags for fedora rpmbuilds
e15e170ac [CI:DOCS]First pass at release process
46385dd60 Restart service when CONTAINERS_CONF changes
cc846a8cd Support annotations from containers.conf
68414537c vendor github.com/containers/image v5.10.2
ea704da72 APIv2 tests: lots of cleanup
721a1e104 Fix Docker APIv2 push endpoint
48c612cf6 generate kube: support --privileged
08d8290f1 Bump github.com/containers/ocicrypt from 1.0.3 to 1.1.0
832a69b0b Implement Secrets
45981ba29 Bump containers/buildah to v1.19.4
1caace8f4 Allow path completion for podman create/run --rootfs
6c75419a8 Cirrus: Send cirrus-cron report e-mail to list.
feecdf919 make `podman rmi` more robust
407e86dcd Implement missing arguments for podman build
3c3e644c1 vendor latest containers/common
91ea3fabd add network prune
821ef6486 fix logic when not creating a workdir
002f2aca7 Bump remote API version to 3.0.0
6c713984e play kube selinux test case
5c6ab3075 Fix podman network disconnect wrong NetworkStatus number
05444cb2c Fix per review request
c995b5460 generate kube: handle entrypoint
96adf0e2a play kube selinux test case
2b8d6ca09 Increase timeouts in some tests
3c57bc845 Add test for Docker APIv2 wait
4a219aa23 Implement Docker wait conditions
fc385806d Improve ContainerEngine.ContainerWait()
570e1587d Improve container libpod.Wait*() functions
6a6e86829 Cirrus: Collect ginkgo node logs artifacts
ebc42f508 Bump github.com/containers/storage from 1.24.5 to 1.25.0
9dc795191 Bump github.com/containernetworking/cni from 0.8.0 to 0.8.1
bc149a4dd bindings: attach: warn correct error
d87f54fbb Fix invalid wait condition on kill
dfa9a340a Makefile: make bin/* real targets!
3d105015f typo
c40cd1be9 Bump github.com/onsi/gomega from 1.10.4 to 1.10.5
bda95bdb6 Update nix pin with `make nixpkgs`
1c50e09b0 System test for #9096 (truncated stdout)
432ee04c5 play kube selinux label test case
e0bc8ffb5 Gating tests: diff test: workaround for RHEL8 failure
bde23a021 [NO TESTS NEEDED] style: indendation
89df89b5f [NO TESTS NEEDED] fixup: remove debug code
7e4d696d9 Report StatusConflict on Pod opt partial failures
bd0e22ed1 Honor network options for macvlan networks
095919680 Make slirp MTU configurable (network_cmd_options)
ac3bd4c33 [NO TESTS NEEDED] Generated files
5a746c08f [NO TESTS NEEDED] Improve generator
c68b59f97 play kube selinux label issue
e9f936a29 Makefile: refactor ginkgo * ginkgo-remote
931ea939a Allow pods to use --net=none
323ab314e Bump github.com/onsi/ginkgo from 1.14.2 to 1.15.0
077fd670b Update release notes for v3.0.0
ee8ee651d New 'make completions' target
e11d8f15e add macvlan as a supported network driver
5352df226 Fix podman generate systemd --new special char handling
eaafd975a Bump github.com/rootless-containers/rootlesskit from 0.12.0 to 0.13.0
51c11fea8 Endpoint that lists containers does not return correct Status value
3cfd4ce45 Fix --network parsing for podman pod create
9b5b03d1e list volumes before pruning
4a6d042c2 Docker ignores mount flags that begin with constency
cdbbc6120 podman generate kube ignores --network=host
073f76c13 Switch podman stop/kill/wait handlers to use abi
b842d97f5 [CI:DOCS]build instructions for macOS
280f332bd Vendor in containers/buildah v1.19.3
ca0dd76bf Honor custom DNS in play|generate kube
d7c356552 Podman-remote push can support --format
b74f939fb Bump github.com/containers/image/v5 from 5.10.0 to 5.10.1
8d979e093 Cirrus: Build static podman-remote
c0bf0ba9e podman build --pull: refine help message and docs
c450092fd Revert "podman build --pull: use correct policy"
75c3b3389 Bump github.com/containers/image/v5 from 5.9.0 to 5.10.0
59076888d Cleanup bindings for image pull
89bb8a9b3 Don't fail if one of the cgroups is not setup
1fac43654 Add support for rootless network-aliases
c717b3cac Allow static ip and mac with rootless cni network
15caebfe5 podman build --pull: use correct policy
bfc1b66be Cirrus: Fix running Validate task on branches
f8bf509d1 Fix static build cache by using cachix
84f7bdc4d Switch podman image push handlers to use abi
fee2fadc3 e2e tests: synchronize test results
21cb3043f podman-remote ps --external --pod --sort do not work.
f79d68eea Fix podman history --no-trunc for the CREATED BY field
c63599d36 remote exec: write conmon error on hijacked connection
e9f4fb975 Fix #9100 Change console mode message to debug
02ec5299f Add default net info in container inspect
1ae410d19 Ensure the Volumes field in Compat Create is honored
35c89ccc5 [CI:DOCS]update state of restful service
0f668aa08 workdir presence checks
7b186dcb9 libpod: add (*Container).ResolvePath()
74a63df05 Fixup search
97f5e9458 Pass DefaultMountsFile to podman build
5350254f0 Ensure shutdown handler access is syncronized
33179c281 System tests: cover gaps from the last month
5623cb9d3 Fix --arch and --os flags to work correctly
a86d23c75 Bump github.com/google/uuid from 1.1.5 to 1.2.0
75698b4b7 Fix typo
393a8f026 disable dnsname when --internal
ef76b92b8 swagger.go: Fix compilation error
8c1768e38 Fix fish completion issue if the command is prefixed with a space
a457c5c92 Bump golang.org/x/crypto
0ba1942f2 networking: lookup child IP in networks
c182091b0 Small API test improvement for compatibility search endpoint
6e6a38b41 podman manifest exists
c9baa6b93 Accept and ignore 'null' as value for X-Registry-Auth
4b8df5903 Turn on some remote test
94f96c78a Add a notice to remove pod before starting service
ef654941d libpod: move slirp magic IPs to consts
5e65f0ba3 rootlessport: set source IP to slirp4netns device
37319dec1 vendor: update rootlesskit to v0.12.0
2fa67fe4b api: fix import image swagger definition
9d31fed5f podman volume exists
4e4d318b7 Cirrus: Upload swagger YAML in every context
dbb99433d [CI:DOCS] Cirrus: Skip smoke task on branch-push
836fa4c49 Move the cni lock file into the cni config dir
c1cd512cb Use random network names in the e2e tests
3fedb2b6d [CI:DOCS] Update project name in Code of Conduct
f43046745 Set log driver for compatability containers
c3cbaa355 Make generate systemd --new robust against double curly braces
6518391e8 Fix man page for fuse-overlayfs config in rootless mode
a3621a7cf Cirrus: add bindings checks
e7df73efa Fix handling of container remove
41a7e11c7 make bindings generation explicit
f302ce578 make bindings generation more robuts
175fc3867 Revert "ginkgo: install on demand via `go get -u`"
37abec240 [CI:DOCS] fix go-md2man HTMLSpan warnings
9f6bb3563 CI: smoke test: insist on adding tests on PRs
a45d22a1d podman network exists
de05e5816 ginkgo: install on demand via `go get -u`
d2ee3d815 runner.sh : deal with bash 'set -e'
4ccb0729b Add binding options for container|pod exists
683bab03f [CI:DOCS]Do not run compose tests with CI:DOCS
2df59829e simplify bindings generation
462994268 make: generate bindings: use vendor
caaaa2c5e hack/install_golangci.sh: smarter install
f38b7f48c golangci-lint: install to ./bin
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
calling bb.parse.SkipRecipe with conditional PNBLACKLISTs
* PNBLACKLISTs are IMHO a bit easier to read and easier to override from distro
which e.g. provides own recipe for libseccomp
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping to the 1.21 release branch. Although this still in development,
there are some depreciations and other features we want to get into the
release, so we bump now for extra testing.
This comprises the following commits:
7b4b8b2de bump protobuf to 1.3.2
cf1e612eb server: support setting raw unified cgroupv2 settings
fc69fe15c vendor: update runtime-specs
fcc278427 cgroup: implement fix for swap memcg on cgroup v2
7b7efa307 server: leave swap mem limit unset if not supported
2d857bf21 test: skip ServiceAccountIssuerDiscovery test
dcf651d91 hostport manager clean up host ports
6f096c58e allows stream timeout to be set from config
056f8161d Bump containers image to v5.10.1
26aa60644 Move unit tests to GitHub actions
04185fc4f Move go1.14 and 386 builds to GitHub actions
f91c4f0ca set kubelet node IP
26491d154 Fix validate-completions GitHub action
ebafe7536 Add integration test for pprof over unix socket
109b412af Add a flag for enabling profile over unix socket
a09423d60 Lookup echo command for unit tests
c1a724770 Move static build to GitHub actions
85feffc1f pinns: Fixup 'pwarn' output to match 'pwarnf' output
e30c3975f pinns: Don't put errno in the exit message for argument checks
fd8e390ad nsmgr: use host option
76a89b938 nsmgr: Use config struct for NewPodNamespaces
969505130 pinns: support pinning host ns
4394eee77 Remove implicit GitHub action `name` fields
a0568ace6 Move docs and completions validation to GitHub actions
fa3741f1d Make config tests work rootless
2a8f2b11b Make rootless namespace unit test execution work
2670d8598 Do not log file path on ioutil.ReadFile
a6e8ae41d fixes version_test.go
841913db8 Close the stdin/tty on server start to avoid shortname prompts
e430b1df6 Update debian repository url to use https
3f4bef945 docs: fix http link
c2b9d0fd8 docs: update kubeadm tutorial
b64e716a9 Fix `make lint`
f36c64dbd Return runtime API version based on protocol
cce49c0e4 Update compatibility matrix to mention v1.20
77f1b7c36 add method comment
84b616b79 restore irqbalance config only on system restart
aa46a2393 add blurb in doc and more informative name for unit tests
13be7ae5a add is-enabled check for irqbalance service
9930cc33d fix unit tests
ce9973796 add unit tests
b3b48b31f fix bash/zsh completions
3cd55b226 fix the docs validation
cf61f947d handle irqbalance service
7a1939882 runtime_vm: set finished time when containers stop
78c91cbf9 nsmgr: fix/add calls to GetNamespace
177250f74 managed namespaces: move to dedicated package
10c9e4961 Provide integration test for infra-ctr-cpuset feature
5f9dbb1a2 Set CPUs for the infra containers during the creation
b3fb25b44 Add shell completion for infra-containers-cpu flag
e0f7ccc32 Add new infra-containers-cpus to the CLI and config file
30b0aea2e refine `registries` deprecation message
ac8e51bfd Circle CI: install test/registries.conf
d0e9b8b0c crio.8.md: runroot defaults to /run/containers/storage
2e49302ed support short-name aliases
22417169d pull: do check for blocked registries
83974bbdd config: deprecate registries
4879bba02 Rollback gocapability vendor bump
78261109b vendor: bump containers/storage to v1.24.4
d25bfe297 Update nix pin with `make nixpkgs`
709e4d170 contrib/test/int: add Kata Containers runtime support
ce0beec25 contrib/test/int: enforce linking in parallel build process
85e67f811 contrib/test/int: build parallel from sources in CentOS
b18fe2cbf contrib/test/int: allow to skip user namespace testing
506e7c2e7 contrib/test/int: allow to configure test timeout
cc9d037c3 Capitalize Kubernetes
c85474476 modify the error url of podctl
1b7e811fb Add Digital Science to adopters
e0bf8bc94 pinns: make binary not always static
0aeb7d27e server: use IsAlive() more
2460f6d26 Support CRI v1 and v1alpha2 at the same time
1633196c1 drop support for ManageNSLifecycle
b395cd224 test/timeout.bats: increase timeout to fix flakes
ab2626872 release-notes: fix flags
fa6a34381 test/timeout.bats: fix comments
553123b19 int/resourcestore: fix comment about Put
de186def3 test/image.bats: simplify some loops
0a30ab479 test/helpers.bats: simplify cleanup_*
cfdf40e4b test: add timeout.bats
521fa1948 bump network creation timeout to 5 minutes
87977f19d resourcecache: add watcher idiom
1d2328aa8 server: use ResourceCache instead of dropping progress
4bdc500ba Add unit tests for ResourceCache
76ebcac66 Introduce ResourceCache
a4588db28 moves shmsize to a handler allowed annotation
8e8f164f2 image pull: close progress chan
1fffd7210 test/ctr.bats: fix a "ctr execsync" flake
2bca8ec2b Fix the functions' name in completions
5e80372b7 Increase release-notes run timeout to 30m
7150db5ba Bump k/release to v0.6.0
eabdf7e4e ci: enable shellcheck for bats files
829053a41 test/network.bats: silence shellcheck SC1090
0c42734b2 test/network.bats: s/which/command -v/
c50658467 test/inspect.bats: fix SC2086
e62136838 test/image.bats: rm unused code
03f8eae37 test/network.bats: fix shellcheck warnings
149619d93 test/devices.bats: fix a shellcheck warning
15a3cb785 test/pod.bats: use jq to edit json
64c0fb2a0 test/network.bats: use jq to edit json
7053a2c39 test/*bats: rm unneeded stop_crio
99e521b23 test/testdata/container_config_sleep.json: rm
2a40a639a test/ctr_seccomp.bats: rm testdata/container_config_seccomp.json
9ca6eeab4 test/selinux.bats: rename a test
d309db54b test/selinux: rm testdata/sandbox_config_selinux.json
6ca29591a test/pod: rm testdata/sandbox_config_sysctl.json
f1fc4626f test/ctr.bats: do not create files in $TESTDATA
25a559237 test/image: rm container_config_by_imageid.json
f10a38851 Use own metadata types
09f929216 test: use jq to manipulate json
029bb46bf test/*bats: rm excessive runs
25db96707 Add CRI glue types for v1alpha2 and v1 usage
e8127e0e7 Add CRI v1 API
c4df5708c Fix make vendor GOSUMDB
d0e2cfdfd make: drop link to crio.service
5ad548b38 test: rm "run ctr with image with Config.Volumes"
39ff75035 test: add no-pull-on-run=true
ea9d2ab31 circleci: use updated images
284779311 Check allowed_annotations under performance hooks and drop deprecation warning
91ea6ac1a Add clean v1alpha2 CRI API interface
63bd12659 contrib/test/int/build: bump a few deps
abf049f6b circleci: use go 1.15 for vendor
302b36c0f ci: bump go to 1.15.5
bafa2a870 circleci: bump go to 1.15.5
7f046e2af Pass runtime to the handler hooks
bd5ae5de2 Provide methods to check allowed_annotations for high-performance runtime handler
38f8e9da5 Provide a better value for features specific annotationis
bd78f7e89 don't do unnecesary iptables restore
942e6255f switch CRI-O to use its own hostport manager
d17d157e0 dual-stack host port manager
a86d258c7 fix upstream hostport manager
76f6d342f Add README to hostport folder
7dbafacd1 fork hosport kubernetes code
90ae7e2d7 ignore test binaries
8dd12dc42 fix cleanup func wording
7244e40ca server: refactor handling of cleanup funcs
d2b341659 Make NamespaceOption an internal type in sandbox
49d0de238 test/e2e: disable a flaky test
22ce1d7a3 contrib/test/int/e2e-features: skip Serial tests
f1b6fde01 contrib/test/int/e2e-features: rework "skip" regex
fd15db07f contrib/test/int/e2e: rework "skip" regex
5e57f4215 contrib/test/int/e2e: rm obsoleted TODO
9ef215fb7 ci: move check vendor to github actions
437f1c1b8 Makefile: rm GIT_MERGE_BASE
a4309e000 circleci: fix cri-tools install
b59718676 alphabetize OS
ad043ae9a Update install.md
d22c37e71 ci: move docs-valication to github actions
9dd630514 ci: move shfmt from circleci to github actions
2489684ac ci: move shellcheck from circleci to github actions
7f9f09801 ci: move golangci-lint from circleci to GH actions
9fe43d28d github/PR template: add /kind ci, other
359c60f2a vendor: bump containers/storage to v1.24.0
99081ef41 Makefile: bump golangci-lint to 1.32.2
936e21890 circleci: rm build-test-binaries job
b3000eb70 test/devices.bats: fix "additional device permissions" case
22d9e7e8f do not enforce seccomp profiles if disabled
1eddc1b9b ci: use cri-tools from git head
a53c2a70e test/devices.bats: rm unneeded run
7b910a08f test/devices.bats: skip earlier
329ccbafb Add wrongly removed word
7ff1fbc05 Update the crictl tutorial and simplify a few steps
fedd00c0d Make CNI setup instructions a bit more clear and fix nits
205711e5e Fix links to installation documentation
24b7e4f83 move is_cgroup_v2 to helpers
ddcfee824 oci: add Devices to allowed annotations structure
54477302e restore.bats: allow userns tests
61dad864c test_runner: test userns with manage_ns_lifecycle
ba3d36c00 test/ctr_userns: rely on global userns testing
34d0aacbb Allow userns together with ManageNSLifecycle
1daaa067c server.createContainerPlatform: fix userns + spoofed infra
4e0cb03fe server: add userns mappings for spoofed infra
6e897b8e5 runtime_vm: Ensure closeIOChan is not nil inside CloseStdin's function
b256264f1 test/command.bats: fix device test
7646b5b74 server: fix some nits about resolveSymbolicLink
917d39c66 move device handling to container iface
c3370fb0c move additionalDevices handling to separate package
c8e270f23 Bandwidht CNI plugin reserved an upper limit on burst,in which banned include boundary. See: https://github.com/containernetworking/plugins/blob/v0.8.7/plugins/meta/bandwidth/main.go#L113
fe8c25a1d Update nix pin with `make nixpkgs`
3ca6f8dae pinns: fix ownership for created namespaces
d7d8f7a29 pinns: use a socketpair instead of a pipe
374415de8 vendor: pin shfmt to v3.2.0
f4301256d OWNERS: add myself
bd364cd2c Log version at startup
88159bb7b test: rm disabling selinux from userns tests
e54203c8a curl: add -S where -s is used
98fbf5bab ci: bump crun to 0.15/HEAD
be3ec3c1e nix: fix static build
0cfc673cd test: bring back userns testing
c9290e44c test/network_ping.bats: skip with userns
a3d0b391d test/restore.bats: skip some tests with userns
6931ee743 test/network.bats: skip hostnetwork test with userns
b7db612de test/image_volume.bats: fix userns check
b4d692617 test/drop_infra.bats: skip if userns is enabled
03cfc2fcc test/ctr.bats: skip privileged test when userns
f147b4a9e Preserve sandbox annotations for handling OCI hooks
3e6b81904 Increase integration test timeout to 30min
9750103ae Upload bundle in separate CI step
ecece5641 vendor: update containers/storage to v1.23.7
35f64617e test: disable crictl pull on create
f41aa4ae5 Update maintenance versions in README.md
d22514351 test/image.bats: pull the image to be used
a400561a7 circleci: use ubuntu 20.04 image
468d49427 removes runs
70f73ab7b circle-ci: use go 1.15.3
8a2f5f189 Add SUSE CaaS Platform and openSUSE Kubic to adopters
58328a6af Error if GitHub release could not be found
ca11353f8 Update e2e-aws logic for 4.7
95f285103 drop error in finalizeUserMapping as well
455a1b6b5 Adding Oracle Linux Cloud Native Environment to the list of adopters.
4cfde377e userns: use the same ID if the mapping is missing
0de968083 Add KubeCon EU 2020 talks to awesome list
99a21e919 use correct mappings when they exist
ba9c0c245 drop AllowUsernsAnnotations
1a5553ebd add allowed_annotations to runtime handler
1d0f68156 update documentation of privileged_without_host_devices
f0fab44c4 template: move default_runtime closer to runtimes map
5c9085a9f Fix release notes generation
23e0ed065 begin ADOPTERS.md file
4cf0a2915 test/testdata: rm container_redis_default_mounts.json
7e88c2cd6 test: mv test-specific setup out of setup_test()
b8af8c4f0 test/reload_image.bats: nits
35b7de3c8 test/default_mounts: rm --deprecated-mounts test
e1ffae3b5 test/default_mounts.bats: rm excessive run
5a59e514e test/testdata: rm *namespace*.json
ba126e6de test/namespaces.bats: rm excessive run and cleanup
83fe6c285 test/testdata: rm sandbox?_config.json
2a0076143 test/testdata: rm *_hostport.json
3fbdf6fa4 Remove last traces of --default-mounts
023c57ac7 test: improve/rename parse_pod_ip -> pod_ip
bc9d66793 test/helpers: improve test_pod_from_pod
417f0591f test/network: improve "Check for valid pod netns CIDR"
d7babd6ac test/network_ping: merge the two cases
905511a2f test/helpers: show crio.log after the test
8343d16fc test/helpers: hide crictl info output
2bdf0e109 test/helpers: rm temp_sandbox_conf, switch to jq
a6c985492 test/shm_size.bats: fix SC2002
a035e1561 test: simplify check_journald check
0483c62b2 .gitignore: rm conmon
e6ef7221b test: simplify check_metrics_port -> port_listens
5502607e1 container_create: fix /etc/resolv.conf to be ro
d04aa9092 test/testdata: rm container_config_resolvconf*.json
979dabda1 test/testdata: rm sandbox_config_privileged.json
347b03e01 test: rm testdata/container_redis_env_custom.json
1dbd73dc5 test/testdata: rm some unused files
2ba965644 test/pod.bats removes excessive runs
9784199e6 test/pod.bats removes unneeded teardown
5f4774efc runtime_vm: Ignore ttrpc.ErrClosed when removing a container
802b4e4fe runtime_vm: StopContainers() should not fail when the VM is shutdown
85f341c32 runtime_vm: Don't let wait() return ttrpc.ErrClosed
0f2a07053 runtime_vm: Fix updateContainerStatus() logic
fecf1a1d8 network stop: don't segfault if sandbox isn't created yet
2fb259791 Revert "Move back network setup to after adding infra container"
06b6e129f test/ctr.bats: use $newconfig
54959f5b8 test/ctr.bats: replace sed with jq
a7746c2dd test/ctr.bats: convert python calls to jq
bbd70e433 test: rm edit_json, use jq directly
ae7ac6105 test/ctr.bats: shfmt it
6693d79c5 CI: add shfmt check for bats files
4953fb28c test/*.bats: format using shfmt
4c9984603 shfmt: update to current master
407603303 introduce SeccompOverrideEmpty
e9d9b3011 server: cleanup container in runtime after failed creation
685f275d3 defer removal of container in storage immediately
cf79dc39f test/status.bats: use shfmt
0ea616973 test/status.bats: rm excessive use of run
70ea166d3 test/status.bats: minor refactor
7bc848cbe test/image_remove.bats: rewrite
510e5325a test: tidy image prefetch
6e0d7a3c2 test/image: rm unused var
4ab412848 test/ctr.bats: fix SC2086
27dd454a2 test/ctr: rm excessive use of run
eea57ad02 ctr.bats: fix jq checks
19e521422 test/ctr: fix "privileged ctr -- check for rw mounts"
86596bdcc test/ctr.bats: fix "annotations passed through" test
bea64ec68 test/ctr.bats: add is_cgroup_v2, fix SC2046
601e1e4ca test/ctr.bats: rm unneeded cleanup
37c9c24ed test/ctr.bats: fix SC2002
96b8890e5 test/version.bats: fix/improve
b45e341ee test: fix SC2086
dd3c394e3 crio: add new option --separate-pull-cgroup
fbed1b37e crio: move in a new cgroup on reexec
26cf82891 test/command.bats: fix shellcheck warnings
e60a04514 test/crio-wipe.bats: rm excessive run usage
6c69b4495 test/crio-wipe: simplify code
f0e081865 test/apparmor: simplify is_apparmor_enabled
e5bea7e08 pull: move image pull to a new process
7cc83932b crio: force garbage collection with SIGUSR2
4b549f542 test/network.bats: fix "Clean up network" tests
9da1a3ea8 Update nix pin with `make nixpkgs`
e559d8e0e test/helpers.bash: rm "echo 0"
caebae40e Support passing properties to RunUnderSystemScope
ada8cfcaa test/network_ping.bats: simplify
b03195eb5 test/network.bats: simplify, fix shellcheck
ef07f7192 Move back network setup to after adding infra container
178872342 Bump master version to 1.20.0-dev
39a0e7984 server: use more GetContainerFromShortID and less GetContainer
965b70fad server: do not do container operations on a not created container
928edf243 server: do not stop/create container if pod is not created
9284c007d defer network stop ASAP after network start
83169c578 network: create as early as possible
00bf747aa Bump Kubernetes to v1.20.0-alpha.1
a78651ff8 Bump logrus to v1.7.0
6913515c8 runtime_vm: set Pid and InitPid for VM runtimes
1a35fce0c go.mod/sum: update
309b3d07e contrib/test/ci/cri-o.spec: rm GO111MODULE=off
6445c1418 Makefile: rm GO111MODULE=on and -mod=vendor
8eb6575c6 CONTRIBUTING: no need to set GO111MODULE
012e52db9 Makefile: fix vendor target
bd3aa8151 internal/config/node: add checkFsMayDetachMounts
a2bc9d35c Fix bogus CI test failures
056b43d11 runtime: parse oom file for VM type runtimes
c49ee2362 test: use crun 0.15
b66ec3f42 test: adapt test to new crun output
bac4a3ea0 moves spec generation to container
40709d286 test: drop infra container
4aa7d4c51 test/config: fix shellcheck warning
94ef42cbc test/config: fix "config dir should fail with invalid option"
1d097f7d5 cni: fix ipv4 configuration file
4f1e4efae [feature] support custom shm size and docs
deba2580b Update nix pin with `make nixpkgs`
a20c3a4de Verify Cgroup Memory - cgroupfs
7eaede753 deprecate manage_ns_lifecycle option
aac00ea84 Enable debug logs for release notes generation
0d878de1e Bump GRPC to v1.27.0
53b72efe1 test: skip MetricsGrabber tests
9afdd35c3 drop infra container when appropriate
25383e728 server: no longer assume some infra containers will be nil
e42b2b1c5 sandbox: add NeedsInfra function
fdab97f50 oci: add Spoofed() function
33de444ce introduce pkg/annotations
4ff61bb49 portforward: rework to not need infra container
3c241bdbb pinns: fix pinning cgroup namespace
26de5b665 pinns: allow sysctls to be passed
3f655aa2b test: configure self when kata-runtime is the CONTAINER_RUNTIME
9e337b0ab test: add tests for dropping infra
3978b8cf5 add --drop-infra-ctr option
7d56d27b1 broken link
dff47619b update link for podman
3fd6ff726 add the integration tests for handling default runtime
db3f22b4c Update containers/* dependencies and vendor libpod/v2
0f9a374ea test: remove generated file
e5940bc87 Updating documentation of kubeadm with offline configurations. Signed-off-by: Athanasios Garyfalos garyfalos@cpan.org
6bda9b5e0 Force pkg dependencies to older ones compatible with gogo/protobuf
1635b0d26 Switch to Kubernetes AppArmor unconfined const
ca1c46636 Update crictl.yaml to reflect cri-tools v1.19.0 configs
40b9d971f Bump cri-tools to v1.19.0, CNI plugins and golang
6f9341d5d Add image layer reuse docs to metrics.md
167fed492 oci: parse stat file instead of using ctime
12a5cb458 Print seccomp profile JSON only on trace log level
ec69e86fa oci: return IsAlive error instead of logging
687202247 sandbox config: Improve validation error message
7b1e83595 pinNamespaces: fix cleanup and error returned
2b5a80d57 pinNamespaces: set capacity for returnedNamespaces
9925188dd pinNamespaces: use string concat instead of fmt.Sprintf
525d5b760 sandbox: ignore enoent on shm unmount
b66da412d Revert "runtime_vm: Cleanup process when the Container is Stopped"
bc9dd6fe2 test: deflake stats test
635ab5f5d oci: improve error message for verifyPid()
b6db1d8a0 Fix pinns compilation for TEMP_FAILURE_RETRY
4a3f8b87d Vendor Kubernetes v1.19.0
8152e00f3 config: set internal RootConfig to default storage if not specified
827eb0bfc Revert "dual stack portmap support"
f45c631ab Update nix pin with `make nixpkgs`
773f6b0b5 branch forward: stop on rc
5011a7b2f added irq smp balance and cpu cfs quota control
6a3f71112 Code clean up in containers_create_linux.go
7b942ed73 Remove git-validation in favor of prow/golangci-lint
f97ad7fd3 dual stack portmap support
f0d987acb Switch to containers/common for AppArmor
017e62dc1 Unset GOSUMDB when vendoring
4bf30158a storage: delete layer if mapped
ad2ed3b79 mapping: add support for userns-mode annotation
f035d6077 server: make paths to chown also accessible
d9d3789cd vendor: update containers/storage to v1.23.1
7f8c00e5e server, systemd: export container env variable
2716da1de remove --runtime option
0afa35525 fix high performance hook self-exit container issue
9e112eebd oci: move channel close to writer goroutine
3472cc5c8 test: fix container stats test
d4c32cb00 test/stats.bats: fix/improve container stats test
d1e2ea04a test/stats.bats: improve test case
d05a6335e test/stats.bats: fix typo in a variable name
9a1490531 managed ns: report namespace cleanup failure by default
4ed669482 managed ns: ignore `PID not initialized` on sandbox creation
ff6d989fb test/apparmor: add missing test case call
aca64980b test/cgroups.bats: enable pids test for cgroup v2
01432f5d6 test/cgroups.bats: simplify and fix
0aacb5b53 test/critest.bats: move setup/cleanup out of test
b811a2040 test/apparmor: simplify
6f169692f test/apparmor.bats: add teardown function
b4eb95602 test/cleanup_test: improve
5bce7486a test/wait_until_reachable: fix
d6405601a test/ping_pod_from_pod: fix
60a04790f test/pull_test_containers: fix
8bf151454 test/critest.bats: fix
d2ded1d73 handle runc not present on the system
838ab4aed Add fidencio to OWNERS file
ab82e12e0 Use Unmount w/o prior Mounted check
15375c94c Don't limit the size on /run for systemd based containers
8c7c8028e oci: reorder conmon args
80609e566 config: check conmon version before assuming features
5dcf88604 test/image.bats: rm useless code
c5d29b355 test/*bats: fix excessive use of export
616b7855e test/ctr_seccomp.bats: unify common code
2a45877ae test/ctr_seccomp.bats: unify/simplify seccomp check
149e13b07 test/ctr.bats: properly declare readonly var
2c4d5de9b test/apparmor.bats: fix shellcheck SC2030,SC2031
f2469036e Remove duplicate check for enabled seccomp
d9ea3921d Bump test images to go1.15
61736cbe3 runtime_vm: Store logs in the correct format
8e45b939e Revert "Fix potentially unclosed file in runtimeVM#CreateContainer"
e3e4385d1 selinux: override only specified values
8cbe37722 Fix container cgroup under cgroupfs
3609f6475 server: reduce complexity of getSourceMount
7a48cf993 server/addOCIBindMounts: speed up
6dd52f2ac Reuse Kubernetes API consts for seccomp profiles
dca828597 oci_linux: fix working set calculation for cgroupv2
18fa73d9e Switch to go 1.15
49d121594 Add /sys/dev as a masked path path
eddf148a1 oci_linux: fix working set calculation
059934138 test/image_volume.bats: fixes
79c52eb1e Revert "tests: adjust test to not depend on runc behavior"
76c7e8657 test/*.bats: fix checks that id is not present
bf10fcafe test/*bats: fix shellcheck SC2076
a881562a2 Fix logs that have wrong func names
f90a1dda0 Ensure CloseIO is called after Start for exec
e21f21edd Add layer reuse metrics
ae5630f72 Bump golangci-lint to v1.30.0
e790775d9 Vendor Kubernetes v1.19.0-rc.4
dfcd1691a config: create hooks dir if not present
cbc7c514c docs: Move logo location
d69d6d728 docs: update installation instructions
371a60093 use errors.Is() instead of errors.Cause()
e1eb96fc8 Fix lint pipeline by gofumpt'ing cgmgr_test.go
c99023d50 Parameterize strip binary in pinns/Makefile for cross-compilation
0bfefee51 Make filter container list be able to filter short pod IDs
44e0c0db7 drop findprocess
009ccb65e oci: rarely access Pid directly
5b3c5b655 exec sync: check pid instead of calling runtime state
1d672d139 server/createSandboxContainer: minor optimization
b44a6cafa setCPUSLoadBalancing: nit
042a4a76c setCPUSLoadBalancing: optimize
82b339265 setCPUSLoadBalancing: rm repeated call to c.Spec()
484551e15 shouldCPULoadBalancingBeDisabled: simplify
5a5aa34cb Remove unused global vars in memory storer
e8d4b0bc6 exec sync: be more careful about temp files
814c1bb01 runtime_vm: Cleanup process when the Container is Stopped
8b4ffe784 docs: fix cni documentation
79de63e63 contrib: update the crun version to the last release
b55168f78 test: fix regex to look at the beginning of the line
4d21cd3f0 add stats list unit tests
857bcd34c stats: skipped stopped containers on container list stats
ae69fd7f6 crio: use json-iterator/go instead of encoding/json
91d3d2791 Do not remove existing runtime handler
964d0d3a2 Speedup static build by utilizing CI cache on `/nix` folder
3f7d13e62 Add `make release` target
f64d6d5e9 runtime_vm: set container creation time
cd9e835c2 test/command: add test for --profile
1aa5f89a4 test/helpers: rm start_crio_* twins
eb9321386 Remove unnecessary err assignment
faad1a446 runtime_vm: Avoid possible deadlock on UpdateContainerStatus()
1313a9a2b Fix unit-tests and regenerate mocks
e6e3c4ad0 Bring back pprof
9d4195941 Add testcase for createdAt timestamp restore
f7f4a8664 Restore Sandbox createdAt timestamp on cri-o restart
2a260703f Fix gofumpt lints
300380462 name is reserved: give more informative error
fb3cb0a2f Restore CPU load balancing just when an error appears
d34d57c94 Add unittest for the high-performance hooks
fe69fd2b1 Add RuntimeHandlerHooks interface
dd5abc1c5 Add gofumpt linter and apply lint fixes
e115e4cc8 Cleanup nix derivation for static builds
496f1e426 Provide unittest for the CPU load balancing method
8a48ff5d3 Provide functionality to disable and enable back the CPU load balancing
6886573e6 makes containerstats just get one container instead of whole pod
5cbbd289d Update UpdateContainerResources unittests
e29c3ffe4 Update the container resources under the spec
1ee062c85 Make integration-cgroupfs tests depdent on results
a2ec1d40d Copy spec to not touch original spec on exec(sync)
74a94b546 Add volume mount option for SELinux labeling
00c33525f Implement BigFilesTemporaryDir
65b692268 Perform log directory validation early in Server#runPodSandbox
ce5825f1a Remove resolvPath when Relabel fails
abecfdf31 remove all cases of returning an error named err
fdb2df175 container: handle SelinuxLabels
9b881b0b5 container: add ReadOnly()
b852ad675 container: add Image()
6e883db15 container: add fips disable handling
1f51d6d5d Revert "container_server: disable fdatasync() for atomic writes"
77cf58c91 node: fix panic if /sys/fs/cgroup failed to stat
4810ca3e3 Use /usr/bin/env bash in crio-shutdown.service
c4795b496 Fix static binary mode retrieval for musl toolchains
c180faac7 change variable name err to retErr for deferred comparisons
705381c46 runtime_vm: Improve CreateContainer cleanup in case of failures
d785c14fc runtime_vm: Create deleteContainer() helper
11ae5b78d Close the done channel in runtimeOCI#ReopenContainerLog
d5920c866 Update golang dependencies
924a8e983 Fix potentially unclosed file in runtimeVM#CreateContainer
65fe2c5fb Bump testimage versions including golang
15264b7e5 Enable more feature tests
9bf8e5397 Vendor Kubernetes v1.19.0-rc.1
7170231d8 internal/oci/runtime_vm: lock around map access
cbd32ae9d internal/oci/runtime_vm: fix resizePty signature
11ec0bcda circle: save output for debugging
ce0921e74 test: add circle job that runs with cgroupfs
d8615ec46 managed ns: don't remove namespaces on sandbox stop
d33995bd8 managed ns fixes
02d8bb96f runtime_vm: Ignore ttrpc.ErrClosed when shutting the container down
b6b4d1023 Update golangci lint to v1.28.3
c2255b718 oci: add debug logs for runtime state calls
b058683c5 Return empty DecryptConfig when no keys to force decryption
fd07083b4 test: drop cgroupfs override
fa9e413c2 Make release notes generator capable of handling tags
a97c66840 Validate cgroupfs conmon cgroup on start
83e8282c4 contrib: enable debugging on the kubelet
77bb73c29 contrib, e2e: force systemd system session
b803107b0 server, root: unset XDG_RUNTIME_DIR, DBUS_SESSION_BUS_ADDRESS
945adb00b contrib, cgroup v2: use kubernetes master
aee425b19 pods.bats: force usage of the system bus
04c44932f config: fix systemd version parsing
ceb473cf3 skip another failing test
a69782498 e2e: skip failing test
0a2c92d17 use cgroupfs to fix tests temporarily
e8c12b348 Streamline how done channel is closed in Runtime#WaitContainerStateStopped
83ec8f8ed test: bump go version to 1.14
23193ea43 Add runtime_type as an option of "--runtimes"
bb54e152e runtime_vm: Apply the correct label before the sandbox is created
56140296b sandbox_run_linux: Use libconfig alias
c0da93f0d test: use node readiness as an indicator to run kubetest
ab8f1acdc Add logic for running openshift e2e-aws tests
164f46cc6 server: re-add gocyclo skip
6b6a604e2 Restore version output from crio --version
00af53a89 Enable SCTP and seccomp e2e tests
6b9dfc6e8 criocli: Avoid parsing the config twice
35a8caf8a StringSliceTrySplit: return a copy of the underlying slice
3d2cd5a4c Remove the protocol filter from the portMappings constructor.
a296edd66 test: fix seccomp tests
3e063339a pkg/container: handle logPath
859a65099 Use the container_kvm_t label when using kata as the runtime
978a0bc3d use inactive-or-failed CollectMode if appropriate
861297e93 Close the done channel in waitContainerStop
dee450550 Send only single error to stdinDone
8e4a4b774 config: add ulimits package
3752167dc logs: fix some problems
63e8f1f07 oci: check state before stop atomically
c0f5c1679 Container should only be added once after passing filter
5571a88dd Add info logs for image pull and status CRI calls
490d651cc server: store container privilege bool in pkg/container
44607af0d bump runc to v1.0.0-rc90
1fed461fe config: add node package
ac966530c oci: make failure to move conmon to new cgroup fatal
058d6b926 config: add cgmgr
fa6114234 managed_ns: deflake tests
a083494ff Add crun to static binary bundle
764d5caac Add crun to config template
87c26e6bb Update k/release to 0.3.2
954585ddc Add sandbox IPs if there is no error in IP retrieval
832e6fc19 Cleanup default info logs
aa8f005d9 Check whether seccomp is enabled before making assertion
2e5aad445 Close the done channel when there is watcher error
4033c7ac4 vendor: update seccomp/containers-golang to v0.4.1
99d7f7256 Add unit test for sandbox response verbose mode
83e01c296 sandbox_status: Fix typo in error message
cd85ebf7f Use correct format for logPath removal log
b689ae675 Use one deferred func to execute cleanup func's
a5bc7193d test: Add a test for pod pause image
166bd36d8 Return verbose information for a pod
525b1d335 Store pause image information for a pod
9197a5568 Added signature - Fixed standard cidr and typo
52dadcf42 Update golang dependencies
613cbdbee Add image pull success and failure metrics
3584fa451 attach: Don't return early for non-tty attach if there is no stdin
35c0c79e2 Fix the kubeadm command
7512d3166 Remove socat runtime dependency
de262316f sandbox iface: don't fail if uid is not specified
67fc28844 Exclude failing conntrack e2e test
247d465e8 Add `privileged` indicator to container status
e7e0746e3 Check that SecurityContext is not nil before dereferencing
3c7f385b3 Allow release notes for release branches
d686db64c crio wipe: log less
1ffd66949 Update nix image and dependencies
92f9f68f9 container_server: disable fdatasync() for atomic writes
a02f21766 vendor: update containers/storage to v1.19.2
25fcca87a bump version of libpod to get selinux
e62039468 Automatically label containers running systemd with the correct label
0fda6777d Add metrics exporter and documentation
9a53c232e crio wipe: add version-file-persist
e1f3fe0af Update k/release repo and use go templates
4a841df26 Update golangci lint to v1.26.0
0c3a5dff5 Switch to logrus 1.6.0
a9ff43ce9 Remove containerd/release-tool dependency
a6e8db404 Update Kubernetes to 1.19.0-alpha.3
de45cf1dd Avoid unnecessary locking on runtimeImplMap
2ec6e6a73 Add `--metrics-socket`/`metrics_socket` config option
a96823544 Cleanup go modules and vendor
cffb00c88 Missing `cd ~/.ansible/roles` Before `git clone`
fac15d5da Close done channel if the wait for ContainerStateStopped times out
086eeaa5f version: return empty link mode on failure
de0f51822 version: omitempty on String()
3007180b0 Delete container Id only when impl.DeleteContainer(c) passes
727b3a116 Delete container Id from ctrIDIndex if podIDIndex.Add fails
0540afc0a Add support for making reproducible builds
8e7d4d2c0 Adds Ubuntu 20.04 to install instructions
604eeb1b3 oci: drop container level privileged flag
7b6696b65 port error: check for error
4d6d96c1e port forward: add stream nil check to pass unit tests
7016c3e13 port forward: drain the stream on error
351af8519 Vendor in v1.9.1 containers/libpod
93420c499 Fix naming unit test
c83b0040a Check error return from os.Create before closing file
ed3d80f87 Close channels in runtimeOCI
192621d9d Remove latest-version script
0b105b24a Remove crio-wipe and crio-shutdown systemd units from bundle
9b80a5818 Avoid removing container twice
d04755a08 Return an error if context has been cancelled or deadline exceeded
b5fdabc22 Use correct upload URL for binary uploads
4a6beaa9b Close the channel for syncStruct
0806f14e2 Remove unnecessary error wrapping for runtimeVM#StartContainer
65d8bb6cd Fix CI by re-generating mocks
2079196f8 cni ctx: call cancel func
6171dcf39 give fraction of timeout to network{start,stop} calls
1ad8ce652 Pass context from caller to ocicni
870cd9b7d Update ocicni vendor code to get new methods that support context argument
926daa840 Use bats v1.2.0 release for CI
ae353585c Fix Linkmode path resolution
78badc81c test: check for rw mounts
c6233a2b4 Makefile: include -nobuild install targets
ed34636da Close childStartPipe if cmd.Start() fails
d1172d693 Do not hold lock when ExponentialBackoff() is called
3eff5407b readme: drop support for unsupported branches
8f01225a4 Fix incorrect image digest for test image
83257214a test: update digests and test
fa2db8d8a test: update image digest to fix test
2843f551e Fix linkmode for static binaries
e785dd2fd Check for context erroring before returning from longer requests
5daa5ac79 Allow comma separated string slice parsing
cd5d1a08c Add info logs where needed
dc945b31d Add Installation Guide with Ansible
39a35cb30 Use absolute path to binary when retrieving linkmode
dff32318b Makefile: allow customization of go commands
3261c2a75 vendor: bump ocicni to b197cd13855bae919c7c75c191c976fcc48610b9
5d2494793 Add Codecov badge to README
f7896341f Fix static build DNS resolving with netgo
9b2ee751e Add docs and completions for default_env
b92a3e6f7 Add a test for container default env
cfcee0126 Add support for default_env in crio configuration
c0b466e86 Stop container when there is error in createSandboxContainer
0c8b231c1 contrib,crun: use version which correctly writes swap
9f334aabd test: refactor handling of mem swap
7bdf93819 only set swap if we have the swap cgroup
51cfd5c76 SetLinuxResourcesMemorySwap to the LinuxResourcesMemoryLimit
44dda8b52 Add release-1.18 reference to documentation
3816fb11f Update cri-tools to v1.18.0
307be36a7 Validate capabilities on CRI-O start
d67eea300 stats: spoof stats on a cgroupless ctr
f25db77b3 add haircommander to OWNERS file
0361c5e37 Fix GitHub artifact upload via new upload-artifacts target
a7e117e44 Update libpod to v1.9.0
ec26619e3 more retErr fixes
2e494c323 Use named error return for container_server
66dc81696 config migrate: add pause image and namespace dir
62c02af51 add stop container for StorageRuntimeServer on error
95d5ab215 bump default PauseImage to 3.2
39aef1a09 Add shellcheck linter and apply fixes
b7be5b673 Update go-mod-outdated to v0.6.0
b5242b807 Add dependency report badge
be8e876cd Add runtimeSpec field to container stats info
99388a706 Add OCI image spec to image stats info
7f4ac3b7d Move crio defaults back to /etc/crio/crio.conf
4e795832a Fix lint reports for setnameandid test
3f89b9539 Use proper variable for error return in Server#createSandboxContainer
10f522002 Update installation steps for CentOS
89ff7c1b9 Fix CircleCI job race accessing gh-pages branch
5ae550efd manage ns: don't remove top level directories on pod teardown
fabb871e4 manage ns: debug output of pinns
ffede601e branch foward: skip release candidates
55bec4dae server: skip setting memory limit to 0
c36a8ebb9 Upload release bundle automatically to GitHub
ac1112c45 Update dependencies
c24e99945 Generate dependencies file in gh-pages root
086982d61 systemd unit: drop requirement of crio wipe
1e0419df5 makefile: allow version to be overridden
af2509fe1 Update kubeadm docs
e5397f81b Add dependency report to gh-pages and CircleCI
d8a709f8a Assume hugetlb is not supported by default
80d1a2466 Update shfmt to 3.1.0
96e76dd2e Enable debug symbols for binaries when make DEBUG=1
2e5b40a62 Vendor in latest containers/storage
7501a08aa Skip already uploaded artifacts with gsutil
d0d099a90 restore tests: verify some namespace lifecycle cases work
92aeb50b6 fail on failed pinns
c443e9b88 pinns: pin to /var/run/*ns instead of /var/run/crio/ns/*
1dcf7b931 Fix typo in apparmor tests
92863e3b3 sandbox: Make sure the label annotation is proper JSON
9afd5ff71 container_server: Wrap a few more errors in LoadSandbox
2bc9e13f5 Add image labels to ImageStatus Info
5281f1382 bump to conmon 2.0.15
5146d6c63 Add the mounts that are required by systemd
b297abab6 Skip already uploaded artifacts with gsutil
1806cabfa Add release branch forward to CircleCI
5cc33b558 Update Kubernetes to v1.18.0
474d29407 Test for master tag if release branch contains none
2d5cedabe Add SetNameAndID to Sandbox interface
e540ef3a8 Make release notes require results in CircleCI
ab431e66d Add crio config --migrate feature
717425df0 vendor: use directly github.com/creack/pty
9e10f54d3 Use HEAD for runc built from source
b91d80994 Do not take config dir into account on config creation
360177a6f Make docs-generation and completions work rootless
63230017a Move CNI plugin into NetworkConfig
3027070ca build: clean generated bin/ dir
f2ffe39fb Downgrade golangci-lint to v1.23.8
856ad18aa test: drop make install.{systemd,config}
c2ec5aed7 test: set cri-o systemd restart policy to no
3d110a307 build: Makefile - add shfmt target to help
dfed40b4a contrib: Add kube-local tool
759f498ae Add description to magic test value
d672ed1de Do not Wrapf errors if no format is specified
9d6326b4a config: remove unneeded empty values
b4808eac5 skip ipv6 ping pod from pod for rhel 7
7c535f29e return default-mounts-file
66b5814ab use fedora-ping image
6a0f33ae0 unify sysctl handling
b35ecf1ab test: switch from dnf to yum
88e0c419c Fix specifying string slices
a5db2aee2 drop net raw: add some test fixes to update ami
63b9f4ec9 Remove NET_RAW and SYS_CHROOT capabilities
58657488e Add cni-default-network option
c2b25b4ea Add hint to release notes on gh-pages to README.md
b9db8f3b8 Drop musl build from nix to update to go 1.14
1963aea3e Add shell format check and apply diff
e265ad0ce server/ContainerStatus: don't lock for c.State()
f8f35ba32 drop conmonmon
239ac2049 stats: fix some style nits
976e9b061 Add linkmode to crio version output
309a5bf3d Add release-branch-forward script
3e3725d5b Fix gh-pages push for remote branch
5f49b2c1f Added integration test to make sure annotations are passed through to the runtime
1ed7eb389 tree_status: show the git diff
ff7609400 Add kind/dependency-change label
648b94860 Add further kinds to pull request template
92ec88f99 Fix unit tests for locally configured registries
b039ef652 Add SetNameAndID to Container interface
6885d9088 Publish release notes on gh-pages branch
38ba09453 avoid parallel pulls of the same image
9ae49dad8 vendor github.com/containers/image/v5@v5.3.0
60c01cc24 Switch back to machine executor for CI lint stage
e1f6d2ab1 stats: prevent a segfault
15f1f14ac server: Return grpc code NotFound when we can't find container or pod
7615871d6 test: move readonly_rootfs and privileged to correct place
f757e0a2d Mention starting cri-o for running with kubernetes
64e46e789 Move bundle to contrib and reuse version vars
3ac1d93bb Simplify container log path handling
f3eeee275 build: make uninstall - remove systemd/config files
ad7125fcc Remove utils.ExecCmdWithStdStreams in favor of utils.ExecCmd
f7730c325 Add PodSandboxConfig (get/set) to Sandbox interface
03c7bd758 Avoid filename collisions in JUNIT_PATH
57b3b608d sandbox_run: import internal/lib/sandbox as libsandbox
dbbfd7865 Remove github.com/docker/docker dependency
9f556378a bump conmon to 2.0.12
e02dd7ead vendor: bump github.com/containers/libpod from v1.8.0 to v1.8.1
a3bab821c Update golangci-lint to v1.24.0
7e66be6f3 Remove Update() method
fb6525374 docs: add TOC to setup.md
f038600d4 Skip release notes generation for forks
e8ffd6e17 Add container config (set/get) to Container interface
d1d165abb crun: use version 0.13
97d990230 Add target release version to generated notes
01d40e5cf Add gRPC method name to logs
40d247042 Take localhost/ images into account during pull
0f4b6d6fd fix some remaining instances of assuming cgroupfs default
bb23a494d bundle/test: drop cgroupfs override
a6ae391a3 stats: fix stats when systemd cgroups are used
e4cc02850 integration tests: switch to systemd cgroups
9ccd5ac97 bump to conmon 2.0.11
c862e1fbd Support pulling image specified by tag and digest.
b0717fc3f Restore sandbox selinux labels directly from config.json
345952cb7 Update Makefile targets and docs to crio.conf.d
12918b25e Add runc, conmon, crictl and CNI plugins to bundle
c07429a56 Render latest release notes
73f42d35a Use static runc binary in CircleCI
5f745fa7d Let CRI-O start when `runc` is not in $PATH and not configured
2fae47c00 test/pod: TerminationGracePeriod: skip on CircleCI
34ee0d9ba test/pod: TerminationGracePeriod passthru test
23177bd84 Use `Value` field in CLI for non-default values
211393d25 Upload every successful built bundle to the GCS bucket
11b1fa661 Update golangci-lint to v1.23.8
97b9587f1 Add DEFAULTS_PATH to Makefile
eb9cc161c Flatten internal/pkg/* packages to internal/*
4bec101bd Fix 32bit build by vendoring latest go-selinux
3c48743f8 test/conmonmon: fix getting conmon pid
3d7c5ae58 skip failing storage test
c0f0c897c Add crio.conf.d(5) man-page to the bundle
4bf557482 Cleanup: minor wording adjustments in documentation
5110df3bf Fix some minor whitespace issues in crio documentation
b22b31c58 Add crio.conf.d man page
bb0a68503 Move pkg/config/seccomp package to internal/config/seccomp
f9f058f2f Update dependencies
6ab73e82e Upgrade CI to use go 1.14
b91cb5e56 Apply Kubernetes PR template
07d329e97 Add live configuration reload to AppArmor profile
1f856928c CreateContainer: pass TerminationGracePeriod
43a03bff8 Add CI bundle tests
d81de1839 Remove extra check for go modules in Makefile
917c3e764 Rebuild bin/* targets on *.go file changes
d1696ce6b Improve crio --version / version output
f13aad99c Make bin/pinns a PHONY target
fa3d37c0c Bump kubernetes to v1.18.0-beta.0
295240116 Fix markdown for generated crio/crio-status docs
3010195bb Cleanup config default values
d83645127 Drop support for golang < v1.12
eff11105a server, cgroupv2: do not create cgroupns
e48d23aab Automatically retrieve digest in test image builds
61f9ca072 Add high level Sandbox and Container interface
2c422eb42 Auto inject CRI-O version
c23a169d6 Change CircleCI config to build all jobs for all tags
56d48195c Uppercase first log char per default
ffda0f3be Add cgroup namespace unsharing to pinns
06257791d Add live configuration reload to seccomp profile
9ec3b8dc2 cgroups: parse cgroup.controllers once
d45ad21d7 Fix Fedora based integration tests
2e1d04393 Update docs and completions for crio wipe --force
153c0002e tests: update to crun 0.12.2.1
59c63a611 restore: specify runtime root to the OCI runtime
d1bcb14c9 test/ctr: adapt test to cgroupv2
94c9876d8 wipe: Add a force flag for skipping version check
dde9af43e Remove version marker from AppArmor profile
92d3eaf59 test: adapt to python3
0ed6aa6dd test: look for substring
c12fa5a5b contrib: install crun also at /usr/local/bin/runc
e502d70d3 contrib: fix ansible warning
94799c992 contrib: set crun in crio.conf when build_crun
032baf175 contrib: add tests for cgroup v2
8da112216 container: ignore hugetlb limits if not supported
5c5eb7124 Add user-notice about minimal ctr_stop_timeout
92f899ccb Update pinns build and add small cleanups
007080ec5 conmonmon: errorf when OOM killing
fd88a5bd5 klog: don't write to /tmp
f31362e45 Pass down the integer value of the stop signal
5a112abf4 exec: Close pipe fds to prevent hangs
23582bdd5 Add live reload to DecryptionKeysPath
ad75e22be Update nix package dependencies and cleanup default.nix
a5119bdc9 Make SIGHUP reload for drop-in config dir work
0bb5a2abc update installation info for debian and forks
c2535c68e Add pinns binary to static bundle
f838631f7 contrib: drop system containers
fa8d49cb1 contrib: use crun from the containers repository
a56b2f9a4 Remove trailing whitespaces from configuration template
1280b5d61 oci: Handle timeouts correctly for probes
f6fa7760e fix server restore to not remove podman containers
2c311967c Bump containers storage to v1.15.8
6cefdcca7 drop host_ip from crio.conf.5.md
f4449b681 vendor github.com/containers/image@v5.2.0
1d7d7a0fc Unwrap errors from label.Relabel() before checking for ENOTSUP
00fd41c97 Fix reload behavior for unqualified search registries
0eec45416 Skip invalid hooks directories by default
e48fa304b Add log context to container stats
f4214be7c contrib: 10-crio-bridge.conf change subnet
e962246a5 Update dependencies
720545fbf Add `crio version` subcommand
ee8b72e11 Update golangci-lint to v1.23.3
78e9ee352 Setup container environment variables before user
f7424e9c5 fail on network stop
5284c0a0a docs: improve setup.md
11535c489 Add the container IDs that cri-o assigns to various logs
1a12f8125 move default version file location a tmpfs
764bcf5fb sandbox: skip memory check if set to "max"
ff234bb71 build: make install providing systemd and config
14a2905bf fix nit from #3165
a1cdad7e9 drop host_ip and host_ips
1f1132700 Move SystemContext from Server into Config
0a8efeb0a Update Kubernetes to v1.18.0-alpha.2
2ef722b9d Update urfave/cli to latest version
ea0217e36 Use new containerd/release-tool path
437fb7356 Update libpod and ocicni
68e94e249 Remove unused getHostIPs and validateHostIPs functions
59ef3883d stream server: Bind to all addresses
0074990d6 Fix integration/unit tests
34b7b7008 Vendor in latest opencontainers/runtime-tools
faad45a91 Enable AppArmor tests in CircleCI
4cba27d88 docs: add a blurb about AppArmor profile precedence
0628b3dc8 Fix network ping integration test in CircleCI
b74ec1c3c Add support for crio drop-in config files
d43e2f359 Fix unit tests for rootless runs
65049475d Refactor sysctl handling and add unit tests
e34dad0b3 Log path location when using binaries discovered in $PATH
6a51b90a1 server: allow an apparmor-unconfined container
9ec532c7f Switch default cgroup manager to systemd
50942473b Add documentation about stream_port="0"
a014aa4de Fail to start when stream server port already allocated
964245f94 Run integration tests natively in CI
35e8ad4d6 Fail to start when already listening on socket
211fb388e Update golangci-lint to v1.23.1
ef1152b88 Allow server to start without config
49310bb02 Fix generated docs formatting
512fdb2f9 Take total_inactive_file into consideration for memory usage
66ef0b326 docs: remove mention to RHEL-8 beta repo in setup.md
5d38a07d6 Mention latest release branch in docs
eecbc3655 Fix typos in test descriptions
aa9293e95 Add image pull metrics
a94e0b779 container_create_linux: refactor common code
4bb04824b Fix man page header
31ce68627 persist exit: fix some nits
1ae3626d6 Fixes to better handle exit code
914adc516 Save exit file for container in persistent directory
62d09afcd doc: improve setup.md
8fd34a082 server: create cgroupns when running on cgroup v2
bcecd7941 Destroy the pod's network when it can't be restored
36b73a8c9 Add `namespaces{-_}dir` CLI and config option
9ddf6d7d4 Update CNI plugins to v0.8.4
ee1df54f0 Use UUID generator for namespace path
5fb3192f1 Add new NSType for available namespaces
a3afb54c3 Fix pinns path mismatch for install and uninstall
6c5ec8486 remove ErrClosedNS
9d7f8ed21 Fix possible segmentation fault in namespace removal
8bcefec51 Change AppArmor profile handling to fallback to the default
a0cb8161d Update to conmon v2.0.9
0c02f5453 Fix possible segmentation fault in error handling
20b449bbf Cleanup sandbox shared memory before removing it
1c28b2395 update createSandboxContainer to parse hugepages limit from CRI message
7646a7fd5 Update vendor to v1.18.0-alpha.1
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Uprev to the latest release of cri-o to pick up some fixes and
CVEs. Makefile updates along with updates to the go.bbclass allow us
to remove most of the do_compile() tweaks that were in place. To test
that these removals are sane builds were done for x86_64 and arm64 in
docker containers with network=none, no issues were found.
Quite a few runtime tests were done as well since we are stepping up 2
releases, and we also just uprev'd 'cni' and wanted to validate its
runtime as well.
Once the system is started and cri-o is given time to start you can
use the new 'crio-status info' command to retrieve the runtime status
of cri-o:
root@qemux86-64:~# crio-status info
cgroup driver: cgroupfs
storage driver:
storage root: /var/lib/containers/storage
default GID mappings (format <container>:<host>:<size>):
0:0:4294967295
default UID mappings (format <container>:<host>:<size>):
0:0:4294967295
Additionally 'crictl' was installed (the recipe will be submitted
shortly) and the cri-o Tutorial found here was run
(https://github.com/cri-o/cri-o/blob/master/tutorials/crictl.md)
In order to run the tutorial /etc/cni/net.d/99-loopback.conf and
/etc/containers/policy.json were taken from
./contrib/cni/99-loopback.conf and ./contrib/policy.json in the cri-o
src repo. The sandbox_config.json and container_redis.json were taken
from https://github.com/cri-o/cri-o/blob/master/test/testdata (note:
using core-image-minimal with systemd enabled I had to remove
"cpu_period": 10000 and "cpu_quota": 20000 to get the tutorial to
work). We are not able to use the loopback networking to telnet to the
redis container, but we can use other techniques to validate that it
is running.
root@qemux86-64:~# /usr/lib/go/src/import/_output/crictl --runtime-endpoint unix:///var/run/crio/crio.sock ps
CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID
72718714360ef quay.io/crio/redis:alpine 47 seconds ago Running podsandbox1-redis 0 38b97e5a7bb99
root@qemux86-64:~# /usr/lib/go/src/import/_output/crictl --runtime-endpoint unix:///var/run/crio/crio.sock exec -i 72718714360ef cat /etc/issue
Welcome to Alpine Linux 3.7
Kernel \r on an \m (\l)
The CRIO_BUILD_CROSS approach was no longer valid and was
dropped. There is most likely some other cleanup we can do but this
gets us to a good state on the latest release.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since go was upgraded to 1.13, there is a failure:
...
| src/vendor/golang.org/x/net/http2/frame.go:17:2: use of vendored package not allowed
| ../../../recipe-sysroot/usr/lib64/go/src/net/http/h2_bundle.go:49:2: use of vendored package not allowed
...
Refer upstream suggestion [1]:
`or copying your vendor contents into GOPATH/src rather than
mapping them in to GOPATH/src/vendor.'
[1] https://github.com/golang/go/issues/34068
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Since commit [a092153 containerd: Disable for all mips machines] applied,
and the cri-o runtime depends `virtual/containerd', it should do the same
thing to disable for all mips machines
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
ostree is now provided by meta-oe, which is a required layer so
we can drop it from the anonymous python checks for layers.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Since comit 3f64779e in meta-oe:
[ libdevmapper/lvm2: force recipe libdevmapper to populate sysroot only ]
libdevmapper recipe does not provide package any more, we need RDEPENDS
on libdevmapper which is being provided by lvm2 recipe.
Signed-off-by: Ming Liu <liu.ming50@gmail.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
cri-o depends on ostree, libselinux and libseccomp
and we should check if the layer which provides these
recipes exist or not before go on.
Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When the go-lang container recipes were first created there were issues
with strip and the resulting binaries. As such, strip was inhibited for
the various packages.
This variable is now set in the default classes, and tests show that
strip works on the binaries (saving up to 2M on disk for some binaries)
with no runtime issues found.
So we drop our explicit set of the inhibit and let the build proceed
by the defaults.
If issues are found, we can re-enable the setting or bbappends can
turn it back on for builds showing issues.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updating to the 1.15 release.
With this update there are significant new build constraints and
dependencies. As such, the cross binaries are now being be built
by default, with the old (non-cross) build being kept around as
an optional way to build the components.
There are still issues with the non-cross build, so it will
require more work in the future.
We also document the requirement for selinux and seccomp in the
README as dependencies if you build cri-o.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Part of building cri-o is the generation of the 'conmon/config.h'
file. The content of this file is dynamic in that it has buffer sizes
and a socket path which will depend on constants that are set in other
parts of the code. For example the socket path can be setup for
Windows or for Linux.
To generate 'conmon/config.h' a small GO application is built and run
called crio-config. This isn't really suitable for a -native package
but we do have to run crio-config on the build host so we don't want
to cross compile it. We therefor use the native GO to build this. This
change allows things to work when the build host arch and the target
arch don't match. A small update to the Makefile avoids mixing build
host arch and target arch GO packages.
Finally, We drop the crio-config binary from the install as it is only
used to create the conmon/config.h as part of the build. This is
consistent with the Makefile's install rule which does not install
this binary as it has no use on the target.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After oe-core commits
5f48939e2640 [goarch.bbclass: use MACHINEOVERRIDES and simplify go_map_arm()]
6300c4a83f7c [go.bbclass:Export more GO* environment variables]
we see a build failure with cri-o:
| go build runtime/cgo: attempting to install package runtime/cgo into read-only GOROOT
| Makefile:112: recipe for target 'conmon/config.h' failed
| make: *** [conmon/config.h] Error 1
to avoid this we should not overwrite the GO* environment being setup
by the go.bbclass, so we drop most of our GO* exports here.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
| |
Bumping to the next cri-o release branch
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Since kubernetes is now on 1.12, we need to sync our cri-o release
to match.
There are some build changes to the utilities, and a patch refresh,
but otherwise, this is very similar to the exiting build of cri-o.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
| |
|
|
|
|
|
|
|
|
| |
We aren't running any ptests for cri-o (it is hard to test in
isolation), and the update to go 1.11 has broken the build in the
ptest phase.
For now, we remove the task to get the build running again.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
To prepare for native kubernetes support without docker on a target,
we integrate the cri-o incubator project.
cri-o is meant to provide an integration path between OCI conformant
runtimes and the kubelet. Specifically, it implements the Kubelet
Container Runtime Interface (CRI) using OCI conformant runtimes.
The scope of cri-o is tied to the scope of the CRI.
This initial introduction is build + packaging only. It is expected
that configuration and deployment tweaks are done at the distro
level.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
