| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping cri-o to version v1.33.0-63-g87ce1c120, which comprises the following commits:
b9bc2a2cd Upgrade netlink
8d0965635 Downgrade otelgrpc
bc9516250 build(deps): bump the gomod group across 1 directory with 20 updates
e90924e83 Revert "temporarily enable debug symbols"
6870ad334 test/ctr.bats: fix wrt new CPU units to weight conversion
2491f8124 Mark v1.30 as EOL
ba6a88448 fix prettier
7cf556a6f update nixpkgs
4450e698d Bump go version to 1.24.3
f8084ff63 build(deps): bump github.com/go-chi/chi/v5 from 5.2.1 to 5.2.2
ab7d879dc temporarily enable debug symbols
1e751b490 fix deadlock when the container is in uninterruptible sleep
cb2965f42 [revert] internal/oci: fix terminal resize race condition
0d449e00e internal/oci: fix terminal resize race condition
662474e9b fix verify command
ebabdc929 unit tests fixup
85665a6fe code fixup
5944f40fc HighPerformanceHooks: Remove dead code ShouldCPUQuotaBeDisabled
a22b5dad9 FreeBSD fixup
ebee282d3 HighPerformanceHooks: Unit tests for Fix IRQ SMP affinity race
c50e4e0de HighPerformanceHooks: Fix IRQ SMP affinity race conditions
239f9ee61 install: drop outdated flatcar installation instructions
bfe3b83cf increase timeout of critests
5912f0483 change conmon install
25b3dfb58 UpdateContainerStatus: fix error logging
6062ff148 internal/hostport: fix linter warning
b3f139431 Redo metaHostportManager construction, fix bug
801383af3 Improve iptables error handling when there's no iptables binary
0a0b33208 deps: bump to runc 1.3
3f4b82fa6 Finish switching to opencontainers/cgroups
dc3d6b6ec pass down apparmor errors
608b8a0e9 Retry failed tests
290edee86 sandbox: use created/stopped instead of infra container for readiness
4996d1050 Extend checkpoint/restore test for container logs
f52c04277 Add coverage report from integration tests
6b20443c5 Fix `OS_RPM_NAME="$(rpmspec -q --qf '%{name}\n' "${OS_RPM_SPECFILE}" | head -1)"` exited with status 141. error
eea79c782 Switch to v1.34.0 as development version of `main`
a51c99a2c Decrease actual version
aa52c9329 Add option to allow seccomp profiles for privileged containers
4fc529bf8 Support multi architecture artifacts
d94a8f37c Add signature verification for image volumes
15bbcca97 build(deps): bump github.com/opencontainers/cgroups in the gomod group
d063f8293 Add v1.33 to supported versions
9b0142eb0 Update CNI plugins to v1.7.1
aecad95c3 Improve timeout integration tests
f499c0a96 Make metaHostportManager handle iptables vs nftables
982c191d9 Add an nftables HostPortManager
dda8739ea Move iptables HostPortManager code into its own file.
beb362521 Move hostport conntrack cleanup to metaHostportManager
dec4bda08 Move hostport IP family filtering to metaHostportManager
b7731057a Remove hostport.PodPortMapping
5db94b36b Revert "Squash MetaHostPortManager into HostPortManager"
6fd9131eb New UpdatePodSandboxResources CRI API handler
1a9acebff Fix build
30d575118 build(deps): bump the gomod group across 1 directory with 25 updates
479a8070c Fix GitHub actions CI test setup
766a81efb Fix container_create_freebsd.go
9660da25e remove runDir
b5f51739e remove storageRoot
e042f84b2 Remove mountLabel
52b81926b Remove absentMountSourcesToReject
5c9803b19 Remove bindMountPrefix
569e8d3db Update nixpkgs
2ac913d18 Support artifact mount sub paths
6df6cfc6f Update linter and fix reports
87ee7a4af Support `artifactType` OCI artifacts
4ae753afe Fix lint CI
dd38a1805 emit crio runtime config as part of CRI API's StatusResponse
fd5db98e6 Add the option to disable/enable OCI Artifact mount
68fe1936b Remove unused imports
bb9223fc0 Add container_spec_memory_limit_bytes metric
087e2ce46 build(deps): bump golang.org/x/net from 0.37.0 to 0.38.0
44d9073dd Disable pull-progress-timeout per default
ab9acb6f9 Add support for CNAI models
9cc9b0763 Add README for CI playbooks and remove cri-tools task
fe4378b38 .golangci.yml: remove gofmt
560bf28a1 .golangci.yml: remove some unused linters
7ddf15274 .golangci.yml: remove legacy preset from exclusions
8250128de internal/ociartifact: rename MarshalJSON -> ToJSON
a904a4e0e test/mocks: regenerate
8c3ce800f Run make mockgen
310a66356 .golangci.yml: rm some unused exclusions
c02c3a54d Run mockgen
b5b96dfdf Refactor metrics descriptors
012b6cde5 Increase pull-progress-timeout to `30s`
d3f7cb491 Update nixpkgs
6a4a3ee9b test
7c4fbadc4 Add container stop signal feature (KEP-4960)
a1f07bc4b Fix build
3feb9ad31 build(deps): bump the gomod group across 1 directory with 6 updates
a9a660579 Fix image status so that it can get artifact with canonical name and short name
6b244a90a Switch to golangci-lint v2
2fa08cfa2 Use `strings.SplitSeq` instead of `strings.Split`
704932bc3 fix schema v1 images not resolve to image ID error
f554c58ea Address linter complaint
62aeb65ce Remove Krzysztof WilczyĆski as maintainer
19adbe020 Set default masked paths
f5d0ff28e crio wipe should remove storage only once per reboot
e429f75ee OCPNODE-3016: support mount OCI artifact
64567e976 Fix comment location about error message
f4cff283d build(deps): bump the gomod group with 2 updates
fca4ea622 Add image volume subpath support
db553b0be Use go version requirements from go.mod
2dc6d0831 Add lint-fix target
7f7d77ace build(deps): bump github.com/containerd/containerd from 1.7.26 to 1.7.27
109872da3 Cleanup: ensure image volume path
24452a56c build(deps): bump github.com/containers/common in the gomod group
29c662a5b build(deps): bump the kubernetes group with 6 updates
ab6bc86b8 Fix release notes download location
c2f55509f Update debug flag
a0ffef29a build(deps): bump github.com/containers/image/v5 in the gomod group
25775fdb3 build(deps): bump the gomod group across 1 directory with 2 updates
662f8cab6 Require go 1.24 for build
512d33bc5 build(deps): bump the gomod group with 7 updates
00a7117dc Improve artifact error logs
9824edb9d build(deps): bump the gomod group with 5 updates
3f1398477 build(deps): bump the gomod group with 3 updates
3507a2a5b Update the release-notes tool to v0.18.0
9e69a709f Update conmon to v2.1.13
663066d99 build(deps): bump the gomod group across 1 directory with 2 updates
754a1ed24 Add OCI artifact support
e69571c34 Drop image status log message
b638954fe Switch to go 1.24
f46b83d3f build(deps): bump github.com/containerd/containerd in the gomod group
826ef8052 build(deps): bump the gomod group across 1 directory with 5 updates
c3363e0c3 add --extra-experimental-features nix-command flag to build-static target
dfc2778ee build(deps): bump github.com/go-jose/go-jose/v4 from 4.0.4 to 4.0.5
92fd877a0 Update golangci-lint config and fix reports
8c9fa54ba Add validate method for sandbox
32854c9d1 server: fix races in GetContainerEvents
6fdd6b3bc Updating install docs
0a81f1ef7 build(deps): bump the kubernetes group with 6 updates
8287e4159 server: don't dereference Config.Linux if it is nil
3c7337fb9 server: move createSandboxContainer and related functions to container_create.go
7cdfc7938 server: factor out adding /dev/shm mount
e533ab281 server: factor out adding sysfs mounts
20b17df06 server: add no-op stub for makeOCIConfigurationRootless
5035c19a0 server: factor out creating the security context
286e7e24f internal/factory/container: add no-op stub for SpecAddDevices on FreeBSD
7f104e5da internal/factory/container: make SpecAddNamespaces platform-specific
68091febb internal/factory/container: make (*container).SelinuxLabel platform-specific
29a85ace4 internal/linklogs: add stub for freebsd
2f4bc00c2 internal/config/device: add stub for DevicesFromAnnotation
2efa5b35f Fix context cancellation when image pull progress timeout is `0`
10070a556 Fix build
d9d5def74 build(deps): bump sigs.k8s.io/release-sdk in the kubernetes group
29e76f138 Remove `exclude_graphdriver_devicemapper` build tag
a4c67cc6c Fix: If cgroup manager is cgroupfs then allow conmon_cgroup to be empty
dcfb01965 build(deps): bump google.golang.org/protobuf in the gomod group
2193e6280 Update mocks
864e43306 build(deps): bump the gomod group across 1 directory with 8 updates
a961ed207 Mark v1.29 as EOL
60c3697ac Fix typo in version_update_mask regex
77f2041ea Change nixpkgs update to monthly
4ceeaddaa Switch to golang native error joining and errgroup
0b6a04bea test: add test coverage for LinkLogs malicious paths
910f6e5d6 internal/linklogs: sanitize the directory path before using it
d5ab7c46c build(deps): bump sigs.k8s.io/release-utils in the kubernetes group
6dbfcec98 Downgrade github.com/cyphar/filepath-securejoin
b27a733c8 Remove `LimitNOFILE` from systemd service file
ecd3b6dce build(deps): bump the gomod group across 1 directory with 8 updates
6b4fd0741 Add warning log for a process having an uninterruptible child.
d19a9d641 Enable `wsl` and `nlreturn` linters
0979d3497 Integrate native GitHub arm64 runners
a371ae1c3 Log error when failing to update container status from exit file
03472dd92 Enable linters and auto-fix
630b608f0 Add documentation hint how to handle the versions
6691836a5 Revert 'Add 1.33 to supported minor version'
f67859446 watchdog: decouple CNI plugin initialization from CRI-O health checks
e87f86c1b Switch to our log module for logging in iptables module
1b06fc09d Add `release-1.33` to active prerelease version
1f60a95cc internal/config/ociartifact/ociartifact: Do not hard-code 'sha256' in error message
6dc287d45 vendor: downgrade github.com/cyphar/filepath-securejoin to v0.3.6
db4ca1752 * : fix lint/vendor issues to update dependabot updates
16289cad3 Update nixpkgs
271146940 Fix klog-shim to close the bracket properly
1005e0e32 build(deps): bump the gomod group across 1 directory with 17 updates
05296551a Avoid using UpdateContainerStatus for ReopenContainerLog and add logs tests
1a6765b73 Makefile: introduce GO_TEST for more flexible configuration
a9e7d29b3 Improve `sync.Map` iterators with an implicit call
807943105 Remove Fedora 39 content
ddaed68a3 Makefile: fixes wrt crio.conf
f5e6d6f7f Update nixpkgs to the latest HEAD commit
78c45f865 Update nix release to v2.24.11
458137a7a Update release-notes release to v0.17.11
3b94f59b1 Update gosec release to v2.21.4
a9aa6072f Update shfmt release to v3.10.0
fbc3ce557 Update golangci-lint release to v1.63.4
0fe4097af Update buildah release to v1.38.0
72f95429a Update bats release to v1.11.1
6da7ef28b Update containernetworking/plugins Go package release to v1.6.2
3f0f86965 Update multiple dependencies to newer releases
997e4fbd3 server: fix panic when default annotations are specified
b473c6c04 Fetch latest containernetworking/plugins tag instead of v1.1.1
6e0df0924 Update CRI-O version and add checks
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Basically we pass "-buildmode=pie" to fix textrel QA issue.
A new patch is added and submitted to upstream:
0001-Makefile-introduce-GO_TEST-for-more-flexible-configu.patch.
With this new patch, the old patch, 0001-Add-trimpath-to-build-nri.test.patch,
could be dropped.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping cri-o to version v1.31.4, which comprises the following commits:
8aa8c7e42 server: fix panic when default annotations are specified
88939baf2 version: bump to 1.31.4
284eb9327 config: add default_annotations
26bb3c96a Allow to remove pod sandbox on netns removal
cf112c696 Disable actuated runners
0b449cebc version: bump to 1.31.3
ee2d73252 Fix container restore lint report
6aa6cbcb4 Only restore container if all bind mounts are defined
165504928 Add `--pull-progress-timeout` / `pull_progress_timeout` option
d3f39eaa9 RuntimeHandler inheritance bug-fix
c65eb63b1 RuntimeHandler inheritance
c918a52d1 nix: don't build gpgme with `--enable-fixed-path`
677d91db3 version: bump to 1.31.2
f334f80c3 config: fix validation of allowed annotations
e0fe09609 Cherry-pick changes from containers/storage/pull#2134
cae8a3ab5 Cherry-pick changes from containers/common/pull#2185
e9deb6cde version: bump to 1.31.1
b6226b8a3 config: pass down PullOptions from the storage configuration
a673a7ca4 test: fix empty pinned_images test
7d4f035b5 tests: improve wait_for_log to allow multiple calls for the same message
2d27da0f3 image: serialize RegistryImageReferences when checking signatures
4b55a1107 Pin govulncheck to specific version to match Go version requirements
abb6a439d Use nanosecond timestamp for evented pleg pod status
fbd73b339 test: fix CR test by unsetting SIGNATURE_POLICY
a379923f5 server/restore: mark signature validation incompatible with restore
1a9d36494 server: document difference between userRequestedImage/userSpecifiedImage
50075247a server: use imageID instead of a random digest
0dd7eaffe server: only check signatures if namespaced policy is defined
ec8545d2d server: use cached restore value instead of recomputing
7a67eb72b store canonical ref differently
1444e69d9 test: fix crun-wasm test to handle requirement of user_specified_image
6edecf30e Image verificaiton for namespaced policies
9d3da707d Revert "contrib: temporarily move to crun 1.15 to fix CI"
e54ea3407 Fix invalid syntax in test workflow
fc262592f ci: run setup commands for e2e because they weren't done for some reason
d24529f7d build(deps): bump the actions group with 2 updates
efa1690c0 test: setup runtimes correctly so drop-ins work
bfc509cd7 test: comment out ARM image digest as it's unused
45ee51d01 test: update memory limit tests to not be in image.bats
29803ef24 test: fix config test
fe5bdeb3b gh actions: set crun instead of runc
f174d5a3d oci: allow double delete
624b15b9c gh actions: spoof crun for unit tests on arm64
afe78eb68 config: refactor min memory handling a bit
d2cb4e4ae config: update min memory to account for crun
5e21d495c config: default to crun
c32f7b02a build(deps): bump crate-ci/typos in the actions group
2b8dfdf48 build(deps): bump github.com/opencontainers/runc in the gomod group
3fe3b4e81 build(deps): bump peter-evans/create-pull-request in the actions group
d23951276 refactor seccomp
f81fea25f Modify test case to verify blocking of clone
7d0d6ad49 Filter namespace creation args to clone in default seccomp policy
cc8b071b1 build(deps): bump the gomod group across 1 directory with 3 updates
f7fee64a7 build(deps): bump the actions group with 2 updates
dd0cb08d8 Update golangci-lint to v1.60.3 for better go 1.23 compatibility
1f212dc7b Add Makefile help
9ad5c5aed Add additional bind mount to image volumes
ff73a7a0b Fix Makefile `$PWD` when running using `sudo`
2c37d262f Make `prettier` target run in a privileged container
33fb00528 Fix lint
b1bf40749 build(deps): bump google-github-actions/upload-cloud-storage
1beb59cb8 build(deps): bump the gomod group across 1 directory with 8 updates
ba846966f config: add /dev/net/tun to default allowed devices
3ef7f9de4 build(deps): bump crate-ci/typos in the actions group
f7e8682ef Add `{verify-}prettier` makefile targets
53d958fa3 Change default tracing endpoint to 127.0.0.1
9d1a5f437 build(deps): bump crate-ci/typos in the actions group
13e701563 build(deps): bump github.com/onsi/ginkgo/v2 in the gomod group
e83973d7d Run prettier on supported files
8269859fd Make static build a GitHub action matrix
09bb40438 Change profile endpoint to 127.0.0.1
5f95cb5ce build(deps): bump the gomod group across 1 directory with 3 updates
aa1ca0d47 build(deps): bump google-github-actions/auth in the actions group
f83861120 build(deps): bump google-github-actions/upload-cloud-storage
a8950ce30 Pass around more contexts in hooks and metrics
7472e56e9 Trigger `test` workflow after release branch fast forward
6fb6e8d16 Run the runtime RuntimeType validation first
dff5305bb Avoid potential reallocs by pre-sizing some slices
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The ptest build for cri-o was previously disabled due to issues
introduced with Go 1.11, which borken the build process. With the
current Go version, these issues no longer occur, and the ptest build is
now functional.
This commit enables ptest support and resolves the "TMPDIR
[buildpaths]" issue encountered during the ptest build process.
A total of 382 test cases were executed, with the following results:
PASS: 317
FAIL: 33
SKIP: 32
Signed-off-by: Zhang Peng <peng.zhang1.cn@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping cri-o to version v1.28.0, which comprises the following commits:
23dec8c7d version: bump to v1.28.0
c104a0608 build(deps): bump github.com/containers/storage from 1.48.0 to 1.49.0
5524b65d3 add info about pulling image before doing the tutorial
922573ffe build(deps): bump crate-ci/typos from 1.16.6 to 1.16.8
67724cb6f build(deps): bump github.com/containers/podman/v4 from 4.6.0 to 4.6.1
a2d46ae01 build(deps): bump github.com/containers/ocicrypt from 1.1.7 to 1.1.8
7e3522a9c Added a flag internal-repair
39ea33e29 feat: Added a feature to check at reboot time shutdown was clean or not, If it was not clean then apply repair logic
c5def7f72 build(deps): bump crate-ci/typos from 1.16.5 to 1.16.6
b873985b8 Add `conmon` to ppc64le static bundle
3e3f70c22 Update install.md
9c3d622a6 Vendor Kubernetes v1.28.0
a7f160b49 build(deps): bump crate-ci/typos from 1.16.3 to 1.16.5
d2fa125a4 Update nixpkgs and use overlay
80fdf486e Add containers_events_dropped_total metric
e19002329 Fix indentation in installation instructions
94f5e75c8 Update cri-tools to v1.28.0
a8d7c29e1 Vendor Kubernetes v1.28.0-rc.1
23f51c3e1 Update OWNERS_ALIASES
f1bb83127 Update runc to v1.1.9
581a388ac build(deps): bump crate-ci/typos from 1.16.2 to 1.16.3
5022d956a test/image.bats: add test for checking crun-wasm workflow
05ef7a189 *: add platform_runtime_paths to RuntimeHandler
6a0c4b9ec build(deps): bump github.com/containers/image/v5 from 5.26.1 to 5.27.0
f18d122e8 Revert "devices: fill the FileMode field in spec"
8937245b0 build-static: misc fixes needed for 1.25.4 generation
abfc2d616 build(deps): bump crate-ci/typos from 1.16.1 to 1.16.2
3f06640cf contrib/test/ci: add crun-wasm
3a9232c62 build(deps): bump google.golang.org/grpc from 1.56.2 to 1.57.0
bb98e2b2a Set mount type HostToContainer for mounts that include container storage root
309d045ec add script bumping
927843ea4 test/metrics: simplify oom test, add debug
64fdfbcaa build(deps): bump github.com/opencontainers/image-spec
15a586215 build(deps): bump github.com/opencontainers/runtime-spec
f30ef84ad build(deps): bump github.com/onsi/gomega from 1.27.8 to 1.27.10
ecd7f9a3e cri: implement RuntimeConfig rpc
2463fdf78 vendor: update Kubernetes to v1.28.0-beta.0
edc5ece7b build(deps): bump github.com/containers/podman/v4
ef1653c8e internal/config/seccomp: Sync call signature of (*Config).Setup
67b43c4b5 internal/config/cgmgr: add non-linux stubs
1dffd7e71 internal/config/node: add non-linux stubs
ecb372986 internal/config/device: add non-linux stubs
10168b534 internal/config/nsmgr: add non-linux stubs
8edfbfd45 internal/config/capabilities: add non-linux stubs
2bd7fcbd8 internal/config/apparmor: add non-linux stubs
da69490d0 oci: update unit tests for new stop code
be5bac87b oci: simplify stopping code
7371b1e77 oci: don't return ErrContainerStopped from StopContainer
c0e34644c build(deps): bump github.com/containers/buildah from 1.31.0 to 1.31.1
41b13e28d Fix ImageRef field for containers to default to an image ID
930f49889 runc: 1.1.7 -> 1.1.8
b563cd728 Add Adobe to ADOPTERS.md
3bc609eb1 build(deps): bump sigs.k8s.io/release-sdk from 0.10.2 to 0.10.3
4e0f88970 build(deps): bump github.com/opencontainers/runc from 1.1.7 to 1.1.8
e6af91f6a oci: change IsAlive to Living
320671ed2 devices: fill the FileMode field in spec
126bd4ca9 build(deps): bump crate-ci/typos from 1.16.0 to 1.16.1
b79391fe1 Update bats to v1.10.0
5e86a5261 build(deps): bump github.com/go-chi/chi/v5 from 5.0.8 to 5.0.10
92e1d1910 Bump vendored Podman to v4.6-rc2
a3d229acf internal/factory/container: get CDI devices from CRI field.
21181672b Add Debian 12 as a supported OS to the install doc
b7c826d38 build(deps): bump github.com/containers/common from 0.55.1 to 0.55.2
151572a56 build(deps): bump github.com/container-orchestrated-devices/container-device-interface
c0c7ce5ae Add OpenSSF best practices badge in favor of CII
0d92db47e build(deps): bump golang.org/x/net from 0.11.0 to 0.12.0
70e5b76ca build(deps): bump google.golang.org/grpc from 1.56.1 to 1.56.2
79859a9d9 build(deps): bump crate-ci/typos from 1.15.10 to 1.16.0
7ebe2f614 Update vendored Kubernetes to v1.28.0-alpha.4
c28303fad container_test: fix "AddCapabilities ALL" test case
e176397c8 vendor: drop podman replace and update runc
eff07b834 Run irqbalance tests in serial within the actual suite
059dce220 build(deps): bump crate-ci/typos from 1.15.9 to 1.15.10
d43833d61 Bump bats in ci jobs to latest release
66ac754c7 build(deps): bump github.com/containers/buildah from 1.30.0 to 1.31.0
59952bf00 build(deps): bump github.com/containers/common from 0.54.0 to 0.55.1
ff3bb58db build(deps): bump crate-ci/typos from 1.15.7 to 1.15.9
4fe0b8164 build(deps): bump github.com/containers/image/v5 from 5.26.0 to 5.26.1
cb51739b1 server: use platform struct to set OS details
bac73aa42 Pre-check request values on container creation
5a85cfc95 Remove non existent Debian builds from install instructions
73cf5597a test: fix make mockgen test failure
dfdd2acde vendor: update release-sdk to v0.10.2
abcf50239 build(deps): bump google.golang.org/grpc from 1.55.0 to 1.56.1
9c78a1e23 vendor: update containers/storage to v1.48.0
87b126342 build(deps): bump github.com/intel/goresctrl from 0.3.0 to 0.4.0
8a9d4ef17 vendor: update containers/common to v0.54.0
cb247caf5 build(deps): bump github.com/containers/image/v5 from 5.25.0 to 5.26.0
ad3dd698b build(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0
b8bb276a0 build(deps): bump github.com/uptrace/opentelemetry-go-extra/otellogrus
0882a1dcb build(deps): bump crate-ci/typos from 1.15.6 to 1.15.7
6b9e49d3b Try to find `CONTAINER_CNI_PLUGIN_DIR` by binary lookup
40bbe8218 vendor: fix vendoring issue
f6317807c typos: add WRONLY to the list of extend-ignore-re
6a10113c7 build(deps): bump crate-ci/typos from 1.14.12 to 1.15.6
1062a4cd3 build(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0
91d6bd38b vendor: bump github.com/onsi/ginkgo/v2 to 2.11.0
7f66c1428 build(deps): bump cachix/install-nix-action from 21 to 22
d0526337e vendor: bump github.com/urfave/cli/v2 to 2.25.7
7a2b9a220 vendor: bump golang.org/x/sync to 0.3.0
ba0751938 vendor: bump golang.org/x/net to 0.11.0
9f0680cde vendor: bump github.com/prometheus/client_golang to 1.16.0
67a132dc6 runtime handler hooks: run default hook when container stops gracefully
49d9efe8b vendor: bump github.com/stretchr/testify to 1.8.4
001733570 vendor: bump github.com/sigstore/rekor to 1.2.1
d274dd121 Use a variable to manage the version of kata used for testing.
4a7d0857b Update supported version and variable guide for adding repository
0534d7eff governance: tweak voting behavior
bfc7cf55a Use kata 3.0 for testing
db4b8eaab kata tests: Enabling more than one test file for kata tests.
0f08aeb6f kata tests: Update list of skipped tests for the ctr.bats file
4310e3342 Modify ansible files to re-enable kata tests
8224bd8a5 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
f84eb7874 Move reload watcher into `Server`
e3b7406b9 Update golangci-lint and config
159aaf6c6 utils: make this package build on non-linux platforms
c088d69aa fix function name in comment
c702bb78a build(deps): bump DavidAnson/markdownlint-cli2-action from 10 to 11
098fbebf7 Add a test for log linking
5620764ae linklogs: add support for symlinking container directory
5d7ecfe4b Add support for linking pods logs
a7d314bea build(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3
e614bc756 server: ensure pod labels are present
d84cc85c5 build(deps): bump github.com/BurntSushi/toml from 1.3.1 to 1.3.2
72b735603 OCPBUGS-14750: Pod termination must succeed when a hook fails
98c43d537 Add OSFF scorecard action
85c7e712e main: Added a call to GarbageCollect
ccb91bc8a docs: fix eol test
08f7c0776 build(deps): bump github.com/onsi/gomega from 1.27.7 to 1.27.8
f2feb7c6f Use staging k8s.io/kubelet/cri/streaming package
72011b3c4 Add support for namespaced signature policies
3939fba97 Apply markdown linting, cleanup docs and fix broken links #6890
96e6aed74 Apply markdown linting on the tutorials folder #6890
2ead2413a Apply markdown linting on the contrib folder #6890
5d7b64018 Add markdown linter action #6890
d58f408f5 test: fix timeout metric test
5f74e7994 build(deps): bump github.com/BurntSushi/toml from 1.3.0 to 1.3.1
c87b11115 server: do not take lock to populate pid in container status and inspect
28b34889a build(deps): bump github.com/sirupsen/logrus from 1.9.2 to 1.9.3
b373909cf build(deps): bump github.com/containerd/containerd from 1.7.1 to 1.7.2
d456a11ef crio: deprecate config migration
259e7980c metrics: add metric for resource stalled at stage
85a4ba091 build(deps): bump crate-ci/typos from 1.14.11 to 1.14.12
75aacdb04 Drop support for path based seccomp profiles
e18e2e90a test/helpers: rm useless code
b7d1c2e61 test/helpers: use cli to set container dirs
459372c24 test: adapt for sched_load_balance disable after stop
6da8e46b1 runtime handler hooks: add DefaultCPULoadBalanceHooks
23b9179f9 server: call hooks and NRI in stopContainer
e1c68ea2a Update `README.md` version table
56ac8ac79 crio: remove DefaultsPath config feature
b2a20a418 server: call hooks on infra container creation
2efd04aa4 high perf hooks: workaround libcontainer quirk when disabling cpu quota
9ec701691 cgmgr: export CrioPrefix and use containerCgroupPath more
775690b1e build(deps): bump github.com/onsi/ginkgo/v2 from 2.9.5 to 2.9.7
cf7e0946e tests/timeout: skip for conmon-rs
c1c431836 ci/gha: add space-at-eol check, fix existing ones
0a35354c4 build(deps): bump github.com/BurntSushi/toml from 1.2.1 to 1.3.0
65792546b ci: bump shellcheck to 0.9.0
6b2f35e2c test: fix a few cases of SC2086
d6b793c46 contrib/kube-local/kube-local: rm unreachable code
b6014826c test/copyimg: use log.Fatalf
587e3d595 test/*.bats: rm useless echo "$output"
bdb765635 test: rm explicit $status checks
933e33c1c test: simplify assigning IDs
22978429a test/status.bats: simplify exit code checks
ff7bc1b52 test: simplify non-zero exit status checks
0bf509d35 test/cdi.bats: rm run_cmd, use run
21e5dcebe test/nri.bats: fix checking exit code
2fab13028 test/README.md: fix wrong bats example
9c2fcb3bd test/*bats: drop fail()
84ee0c931 Fix using ! in bats tests
045c026da test/timeout: fix "dup ctr" test
1da9bf5f7 ci: require bats 1.9.0
c5a1c1b1e test: separate var setting and img preload
7b9e5201b ci: bump bats to 1.9.0
9ad33da53 build(deps): bump github.com/containers/podman/v4 from 4.5.0 to 4.5.1
2604665cc Update nix and nixpkgs
792a5d0ad test: limit number of parallel jobs
1cc1958de test/cgroup: fix for cgroupfs
aa86e94f0 ci/gha: fix double caching
47c13e037 [FEAT] Add new parameter disable_hostport_mapping in CRI-O
df7df847d build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
f7f085f6f Makefile: Remove GOPATH references
1eeaad851 build(deps): bump cachix/install-nix-action from 20 to 21
7cc3e206c build(deps): bump github.com/onsi/gomega from 1.27.6 to 1.27.7
3b5c9f115 build(deps): bump crate-ci/typos from 1.14.10 to 1.14.11
7003312b0 OCPNODE-1286: Add a CI job to run cri-o e2e tests by enabling the evented pleg feature
47958dc0b Update crun to v1.8.5
9b6a4cff7 Wrap CRI errors on image pull
defdf1c9e build(deps): bump github.com/sirupsen/logrus from 1.9.0 to 1.9.2
6a3ee4e6b docs: update cri-o podman doc and remove stale information
7ed2cfc7f deps: bump runc to 1.1.7
f59c1f72a sandbox: Handle PodLinuxOverhead and PodLinuxResources CRI fields
f5e58c0ea build(deps): bump crate-ci/typos from 1.14.9 to 1.14.10
1009668bb build(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.3
42e0f7fac go.{mod,sum}, vendor: update NRI.
d97ac8a10 contrib/test: reenable Statefulset Basic tests
3761965f8 contrib/test: re-enable block volmod tests
003edc26c high perf hooks: disable CPU quota with libcontainer as a pre start hook
a875ef486 test: add test for cpu-quota.crio.io
e1c3cf960 Check and fix typos in CI
fa57ffd3e *: switch to go-chi/chi mux
6330b1d5f build(deps): bump github.com/cloudflare/circl from 1.1.0 to 1.3.3
786109a6e build(deps): bump github.com/containerd/containerd from 1.7.0 to 1.7.1
ecc712850 Support image policy verification error
ccaef6a7d build(deps): bump github.com/onsi/ginkgo/v2 from 2.9.4 to 2.9.5
484870532 build(deps): bump sigs.k8s.io/release-utils from 0.7.3 to 0.7.4
3480e9efa Fix GitHub action `bundles` test
937ed8cf6 - Convert status cli as a subcommand of crio - Moved commands to the internal criocli package and used them in the crio and crio-status binaries - Adding the status subcommands directly to the binary
a247c52d9 pkg/config: update the description for templateStringCrioImagePinnedImages
4fadec5f1 internal/storge: fix CompileRegexpsForPinnedImages test case
5e751fda3 vendor: fix vendoring
5ecc82e6f contrib/metrics-explorer: fix nested modules
640624ec9 Update CNI plugins to v1.3.0
9fc177ed4 build(deps): bump golang.org/x/net in /contrib/metrics-exporter
8b230dec7 clients connected to container event stream now receive the same data
3fd71bdc9 vendor: fix CI due to incosistent vendoring
20fd7770e fix kubectl version in bug report template
21b47b11c *: update sandbox/pause image to 3.9
edbd4890f internal/storage: add sandbox/pause image to the list of pinned_images
b0531365f build(deps): bump github.com/containernetworking/plugins
22ad8957b Changes to build binaries for ppc64le architecture.
32ec246ba Update README.md and associated files
f10ea341d build(deps): bump golang.org/x/net from 0.9.0 to 0.10.0
c9bb988d1 *: fix warnings related to gosec
0e65290c4 .github/worflows: add go vulnerability management check for cri-o
f9abf50c9 pkg/config: reload pinned_images when the new config is provided
bbe9a7a2c *: add support for pinned_images in crio configuration
dfcf222c3 refactoring vars
386509caf Use native crierrors package for registry unavailable
a90d00103 build(deps): bump golang.org/x/sys from 0.7.0 to 0.8.0
16ab25339 Vendor latest Kubernetes master
6a095aef7 build(deps): bump google.golang.org/grpc from 1.54.0 to 1.55.0
5c064914f build(deps): bump golang.org/x/sync from 0.1.0 to 0.2.0
639b6dddf OWNERS: add sohankunkerkar to cri-o-reviewers
4477a804b tests: add a fake pinns call to delay things and cause the timeout
6fa761497 tests: use crictl binary directly when checking its capabilities
1ff3303df cni: configure cgroupPath capability arg
e52e63a41 vendor: bump ocicni to tip
914763fb1 Remove vendor specific changes
08cd56fc9 Migrate image registry to registry.k8s.io
3311658af build(deps): bump github.com/uptrace/opentelemetry-go-extra/otellogrus
02fe074f2 build(deps): bump github.com/onsi/ginkgo/v2 from 2.9.2 to 2.9.4
0b8a2c068 build(deps): bump github.com/sigstore/rekor from 1.1.0 to 1.1.1
660b63bd7 cgmgr: set sched_load_balance to disabled on sandbox cgroup
5a1707e4c test/pod.bats: update to current setup
f83a4faba cgmgr: create cgroups for systemd cgroup driver for dropped infra pods
f21e178f8 build(deps): bump github.com/prometheus/client_golang
bf23f5c01 Support `RegistryUnavailable` type
e80464e07 Update generated docs
ed9c419e7 OWNERS: allow cri-o reviewers to approve dependabot PRs
58c101634 build(deps): bump github.com/urfave/cli/v2 from 2.25.1 to 2.25.3
a4fc119af .github/workflows: remove auto-approve workflow
a0009cb25 build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
541b6563d Extend cpu-c-states.crio.io annotation to add max latency
2417374a6 build(deps): bump k8s.io/klog/v2 from 2.90.1 to 2.100.1
249c340d3 contrib/test/ci: fix the bin folder location for cri-tools
cf30845e7 #6833 user ns: Fix segfault while constructing id mappings
38774e14a Use ImageRef instead of ImageName for restore
1f224d1e0 build(deps): bump go.opentelemetry.io/otel/exporters/otlp/otlptrace/otlptracegrpc
7c6676f02 contrib/test/ci/build: use `force:yes` while linking crictl/critest
c9cc1529f .github/workflows: fix the github_token field
a1c09ad99 .github/workflows: fix the token field
30ddd6d89 Fix events generated by Evented PLEG
b8d8ff14b Update c/common to v0.53.0
b34038f8f build(deps): bump actions/setup-go from 3 to 4
4c828dc48 build(deps): bump github.com/opencontainers/runtime-spec
928d5d49c build(deps): bump github.com/prometheus/client_golang
e806005d6 test/network: skip flaky test running on a node with cgroupv2
e914f0e15 test: combined oom test to avoid CI flake
d5048e7ff test/seccomp: fix the syscall
473ee6b73 contrib/test/ci: remove duplicate code
a1c6ae7e4 test/*: consolidate images used for integration tests
25fb4fa76 build(deps): bump github.com/Microsoft/go-winio from 0.6.0 to 0.6.1
a950c837d Download more dependencies instead of vendoring
839bd1203 build(deps): bump github.com/containers/conmon-rs from 0.5.0 to 0.5.1
edbe9c27e build(deps): bump github.com/go-logr/logr from 1.2.3 to 1.2.4
e53dcc003 Stop vendoring release notes tool
1c26776cb .github/workflows: auto approve dependabot PRs
e967a178c user ns: fix segfault when host id mapping is empty
19c0b4d7b server: fix failing tests
edf6a88a9 build(deps): bump k8s.io/release from 0.15.0 to 0.15.1
7a612bc4b Allow restoring of containers with different names
86b36ee6e build(deps): bump lumaxis/shellcheck-problem-matchers from 1 to 2
6da5b1272 build(deps): bump actions/stale from 7 to 8
1c1cfb92a Fix Flannel PodCIDR in kubeadm tutorial
bac3a79b6 adding support for configmap namespace
603f176a0 Add debug to identify when a relabel was not requested
f9fa10915 Update tutorials/debugging.md
75c8b181b Added documentation to force the Go garbage collector for CRI-O
11f5c4326 Remove remnants of CONTAINER_MANAGE_NS_LIFECYCLE
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The old crio.conf file can cause cri-o start failure. The error
message is as below.
validating runtime config: runtime validation: failed to \
translate monitor fields for runtime runc: cgroupfs manager \
conmon cgroup should be 'pod' or empty
Use new crio.conf file to solve this issue. The file is generated
by 'crio --config="" config --default' command, as indicated in
the old crio.conf file.
With this config file update, the crio.service can now start correctly.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While the insane.bbclass upstream-status check hasn't been made
default, users of meta-virtualization may have it enabled in their
distros .. so the effect is the same. We must have this tracking
tag in out patches.
This is a bulk update to add the tag and silence the QA message.
As packages get updated, the normal/routine process of checking
the patches will continue, and the status fields may (or may not)
get more useful.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping cri-o to version v1.24.1
We refresh one patch, add add textrel to our QA check skip list.
Which imports the following commits:
489819e33 bump to v1.24.1
8acadd3f4 conmonmgr: query help text to see if it supports log-global-size-max
fc852b402 add support for conmon log-global-size-max
77f0429d9 oci: cap exec sync length
9441b6700 Fix review issues
ee1a8519f Fix it case failed
027ab3f50 Fix review issues
db4a4aa51 Add integration test for remove paused ctr
76d1a929e 1.When in paused state, stop contianer should unpause it 2.We should treat paused state as running, or kubelet will delete it and restart one
3b25e48e4 fix review issues
eff3af248 Try to force delete ctr when in paused state
62d81d722 vendor: bump crypto package
3d516c53b oci: Move exec probe process to container cgroup, if enabled
8294126fa config: Add monitor_exec_cgroup config option
9a2723cb4 Reenable pod runtime in package spec
ae024bd0a dependencies: Upversion conmon dependency to v2.0.27
1737a4702 Sanitize conmonrs log level and print used version
5658fd35a Wrap runtime pod errors
b4bbd4d94 openshift test: use go 1.18
aa13dfb7b openshift test: add skip_pod_runtime to cri-o spec
d6aff5b63 Bump nixpkgs and use go1.18
4864ffc60 Fix golangci-lint errors
d0664581d add runtime pod
c33e14fc1 vendor conmon-rs
3b80d009b oci: add IsInfra method
0f601939e oci: lock for runtime creation
1376307fb test: use go 1.18 for lint
b98f15851 Move WillRunSystemd call after iterating the mounts
2a75c8307 Add sha256sum bundle files to uploaded artifacts
9f6a6724d crio:fix a bug about log container
901310bdd oci: use runtime handler level monitor fields
12758b2b3 config: assume default conmon cgroup if it's not specified
240de5f3f template: add comment to runtimes table
5a8223c75 config: replace Conmon specific fields with runtime handler versions
de2105a17 main(): don't treat reexec.Init() == true as an error
1de3e5ed2 crio:try fix integration test failed, because unpause not on time
6dfc68de4 config: increase pids limit to unlimited and deprecate it and logSizeMax
9ff165b4e bump ocicni to 0.3.1
b447dff77 bump containernetworking cni to 1.1.0
3fa33fe48 crio: unpause ctr after test
8e9ddee87 crio:fix golint check warning
019c578fa fix(stats): incorrect id on zfs driver
153bb668c crio:fix crun it failed
87f7f00f3 crio:update status after pause/unpause container
54912d7c8 oci: cleanup log path if the container failed to create
7a65dc340 utils: remove unused io related packages
9b111b532 runtime_vm: use containerd deps for container io directly
2da7482db remove the external dependency on the conntrack binary
1955cc167 go.{mod,sum}: update CDI deps to v0.3.2.
a8687861c server: no longer use hardcoded timeouts
64270ef91 fix builds by passing -buildvcs=false on 386
48230e006 test: bump to go 1.18.1
d41e3cbe6 Disable systemd-mode cgroup detection conditionally
e10376810 crio: Fix review issues and make format shell file
78308acd4 Add bats test to ensure namespaces are cleaned up on pod stop
ec1414424 pinns: Check calloc return value
adfe57b5d bump to 4.11 image
5e72b4133 crio: Fix code style
270d195ec crio: implement extended interface for pause/unpause container
31c278301 seccomp: drop unshare syscall from default profile
1098cc9b9 Retry to set CPU load balancing before return the error
7ccafd559 build(deps): bump github.com/BurntSushi/toml from 0.4.1 to 1.1.0
9b735153b Fix integration tests
862b27b8c Switch to registry.k8s.io for the sandbox Image:
9ebdeef1e Change the mcs order in selinux.bats to test the canonization of selinux label
1a9a3fdae Canonize selinux label for comparison with filesystem label
b106fcd71 oci: fix segfault in pod stop code
3e9d77257 capabilities: drop inheritable
afe738b18 Bump ocicni to v0.3.0
7b5a67f51 Switch to ginkgo/v2
1999baa2f Add bats test for infra_ctr_cpuset taskset
9fada28f7 Add bats test for zombie conmon cleanup
15afd20ee Update golangci-lint and config
13d7b9738 Bump golang to 1.18.x
1af1f8af2 pinns: Pass sysctls as repeated '-s' arguments
eb8715d30 Fix shell format
c3095bf20 README: Update EOL & Version Skew links
05c443b06 config/sysctl: fail if there is a + in the value
ea39e74f2 Fix critest
739379b0c Enable `--seccomp-use-default-when-empty` by default
98c18d1cb test: update to new runc behavior
4cb2407a2 Automatically chcon and restorecon on get script
bef94e1f8 Pin `github.com/u-root/u-root`
3be4dba79 Switch to `main` for `get` script
09399e41f Bump nixpkgs
51a800af0 Pin nixos/nix version
97df87f71 test: allow state of failing tests to be kept intact.
32d682800 factory: take capabilities setup
a643dad27 Add dedicated security information
d65414758 test/crio-wipe.bats: don't nuke $TESTDIR too early.
ff36ee6e0 test/cgroups.bats: fix incorrect setup order.
128165130 test/cdi.bat: add CDI integration tests.
a0d3fd8aa config,cli: add configuration for CDI.
f35fba448 pkg/container: implement CDI device injection.
572616137 go.{mod,sum}: update deps, vendor.
683baa221 contrib/test: force BATS symlink in place.
0be4d0611 contrib/test: always install BATS for integration.
2426bdb4c openshift e2e: bump cri-o version
e337fa364 bump to 1.24.0
5cad5f287 test: avoid concurrent crictl config writes.
bc240fd4c server: stop deleting pod from idIndex if already gone
a4b5f0c15 CI: use kubernetes from git tip
03064f4ca test/e2e: update skipped test list
65f93912d contrib/test/int/build/kubernetes: rm deprecated RunAsGroup
2e7a4d375 server: use syncfs instead of fsync
d9102e748 config/sysctls: validate against invalid spaces
230409570 [gitpod] use latest workspace full
6c3144af2 hack/build-rpms.sh: fix yum-builddep failures
52adfe025 ci: bump shellcheck to 0.8.0
92edea6dd test/apparmor: suppress bogus SC2031/2031
ca10da055 test/cni_plugin_helper: suppress shellcheck warning
0655dd213 test/test_runner: rm eval, fix comment
1acde4379 OWNERS: move rhatdan to emeritus approvers
d280c71ce OWNERS: move runcom to emeritus approvers
4041adc55 utils: Sync: use f.Sync
14d742672 Deny empty `localhost/` AppArmor profiles
bd02dac92 OWNERS: add first round of reviewers
626446e5c OWNERS: Move @sboeuf to emeritus approver
8aab1e8f2 int/storage: getReferences: fix gocritic warning
f1ca25bc5 server: fix (rather than ignore) gocritic warning
bc839156e server/streaming: specify the linter
fa2fd247f ci: bump golangci-lint to 1.44.0
cc6ed292b scripts/release-notes: fix printf args
f0e70901e scripts: fix a typo
b1705dc28 int/version: fix forcetypeassert linter warning
851916f0d server/container_create_linux: fix forcetypeassert warning
a2760072b utils: fix forcetypeassert linter warnings
d295f8b24 server/streaming: fix nolintlint warning
dd70c87ab int/storage: fix gosimple warning
f26fafdc5 int/config/cgmgr: fix stylecheck warnings
bc91cdb57 Format code using gofumpt 0.2.1
98d945cc9 Makefile: fix a comment
bb96cd907 test/crio-wipe: fixups
107fe3853 ISSUE_TEMPLATE: fix grammatical error
1affa13d9 OWNERS: move @sameo to emeritus_approvers
4dc761f9f ISSUE_TEMPLATES: update membership form to be reviewer form
592aa5159 ISSUE_TEMPLATES: add a couple of more
238e4d009 image: use imageCache value for ImageStatus()
411e15058 contrib/bundle: remove deprecated kubelet option.
15048929c minor edit: removed dead link from TOC
0dd5d2d00 oci: drop WaitContainerStateStopped
6449ff0d3 oci: fix a leaked goroutine
40165cb5b internal/factory/container: initialize from pkg/container
0dabb91b3 internal/factory/sandbox: initialize from pkg/sandbox
6e2472c92 README: update branches
a0f88d3a5 Updated format
a53f1d221 Generate checksum files for artifacts
728731808 test: add test for skipped sysctls
1667b5a66 server: skip sysctls that would affect the host
a7ac4683c deep copy List{PodSandbox,Container} structs
183ac018f GOVERNANCE: fix links
18dfcd273 oci: always have conmon log to syslog
c424e85e7 README: add reference to governance
008b3541a add GOVERNANCE.md
33063001c issue templates: add membership request form
aa8130f62 Add Debian_11 OS variable on installation instructions of Debian Signed-off-by: Wang Kai <persistence201306@gmail.com>
e5dad09ee criocli: produce diff-friendlier zsh completions.
b299c80c5 ci: use main branch for conmon
bcf069b12 server: fix race with kubelet
0769411bb Fix runtime panic on pod sandbox stats retrieval
ef1746095 update go to 1.17 in go.mod
acde72556 Reuse createContainerIO in CreateContainer
0731a9b57 Fix vm containers couldn't restore after CRI-O restart
386d4a447 ci: use main version of runc
28585442e openshift e2e: bump ci image
35c02b56e server: fix a potential NULL-pointer dereference.
20370fa95 Documentation: expand on CNI CIDRs in the kubeadm tutorial
143a623ad test: update tests for allowed_devices
56929cdb9 config: add AllowedDevices option
2aceed0f0 pass the main mount point to fix crypto profiles binding
6b887e9c3 Add Nestybox to the CRI-O adopters list.
33e25b47b server: drop duplicate log message
25a2eec40 pkg/container: fix container device GID fallback.
a68b239af bump crio commit for upstream k8s CI
d7da8b2b0 adds config template linting
86e43fc28 adds comments to default values
ff2a04e8b server: don't set memory swap when it's not enabled
5ebc4a407 Inherits storage configurations from storage.conf if crio config does not set
d0d8fb3a7 use cmdrunner singleton
2237f2658 conmonmgr: refactor for new CommandRunner
878040d10 cmdrunner: update mocks and add target to makefile
b3bb86659 config: prepend commands with taskset if InfraCtrCPUSet is configured
e9f0bb6c8 cmdrunner: add tests for prepended commands
04e9c61e3 cmdrunner: create singleton
fd2e2aeec Use timeout for conmon cgroup move
9af5e3363 build(deps): bump google.golang.org/grpc from 1.42.0 to 1.43.0
9a051dede Fixed a problem where metricImagePullsBytesTotal was getting updated twice and on second call getting incorrect labels
347f04161 test: add test ensuring a stopped pod is restored
86fd03b81 sandbox stop: remove namespaces
e02d5bf15 restore: handle removed namespaces
334e925ac Partially revert "restore: restore stop before managing namespace"
948b92bd7 restore: ensure containers are wiped on reboot
c3f75859b build(deps): bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
78e1c80af build(deps): bump github.com/opencontainers/runc from 1.0.2 to 1.0.3
d8ea9f6ca vendor: bump c/image to 5.17.0
11c127f3d pinns: Add LDFLAGS to Makefile
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Uprev to the latest release of cri-o to pick up some fixes and
CVEs. Makefile updates along with updates to the go.bbclass allow us
to remove most of the do_compile() tweaks that were in place. To test
that these removals are sane builds were done for x86_64 and arm64 in
docker containers with network=none, no issues were found.
Quite a few runtime tests were done as well since we are stepping up 2
releases, and we also just uprev'd 'cni' and wanted to validate its
runtime as well.
Once the system is started and cri-o is given time to start you can
use the new 'crio-status info' command to retrieve the runtime status
of cri-o:
root@qemux86-64:~# crio-status info
cgroup driver: cgroupfs
storage driver:
storage root: /var/lib/containers/storage
default GID mappings (format <container>:<host>:<size>):
0:0:4294967295
default UID mappings (format <container>:<host>:<size>):
0:0:4294967295
Additionally 'crictl' was installed (the recipe will be submitted
shortly) and the cri-o Tutorial found here was run
(https://github.com/cri-o/cri-o/blob/master/tutorials/crictl.md)
In order to run the tutorial /etc/cni/net.d/99-loopback.conf and
/etc/containers/policy.json were taken from
./contrib/cni/99-loopback.conf and ./contrib/policy.json in the cri-o
src repo. The sandbox_config.json and container_redis.json were taken
from https://github.com/cri-o/cri-o/blob/master/test/testdata (note:
using core-image-minimal with systemd enabled I had to remove
"cpu_period": 10000 and "cpu_quota": 20000 to get the tutorial to
work). We are not able to use the loopback networking to telnet to the
redis container, but we can use other techniques to validate that it
is running.
root@qemux86-64:~# /usr/lib/go/src/import/_output/crictl --runtime-endpoint unix:///var/run/crio/crio.sock ps
CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID
72718714360ef quay.io/crio/redis:alpine 47 seconds ago Running podsandbox1-redis 0 38b97e5a7bb99
root@qemux86-64:~# /usr/lib/go/src/import/_output/crictl --runtime-endpoint unix:///var/run/crio/crio.sock exec -i 72718714360ef cat /etc/issue
Welcome to Alpine Linux 3.7
Kernel \r on an \m (\l)
The CRIO_BUILD_CROSS approach was no longer valid and was
dropped. There is most likely some other cleanup we can do but this
gets us to a good state on the latest release.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Use a standard location to store the cni tools and plugins. This
is more in line how other distributions package cni. Keep a symlink
to /opt/cni/bin for backward compatibility.
Signed-off-by: Stefan Agner <stefan.agner@toradex.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Part of building cri-o is the generation of the 'conmon/config.h'
file. The content of this file is dynamic in that it has buffer sizes
and a socket path which will depend on constants that are set in other
parts of the code. For example the socket path can be setup for
Windows or for Linux.
To generate 'conmon/config.h' a small GO application is built and run
called crio-config. This isn't really suitable for a -native package
but we do have to run crio-config on the build host so we don't want
to cross compile it. We therefor use the native GO to build this. This
change allows things to work when the build host arch and the target
arch don't match. A small update to the Makefile avoids mixing build
host arch and target arch GO packages.
Finally, We drop the crio-config binary from the install as it is only
used to create the conmon/config.h as part of the build. This is
consistent with the Makefile's install rule which does not install
this binary as it has no use on the target.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Since kubernetes is now on 1.12, we need to sync our cri-o release
to match.
There are some build changes to the utilities, and a patch refresh,
but otherwise, this is very similar to the exiting build of cri-o.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
|
|
To prepare for native kubernetes support without docker on a target,
we integrate the cri-o incubator project.
cri-o is meant to provide an integration path between OCI conformant
runtimes and the kubelet. Specifically, it implements the Kubelet
Container Runtime Interface (CRI) using OCI conformant runtimes.
The scope of cri-o is tied to the scope of the CRI.
This initial introduction is build + packaging only. It is expected
that configuration and deployment tweaks are done at the distro
level.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
|
