Open
Conversation
Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
Signed-off-by: Krisztian Litkey <krisztian.litkey@intel.com>
cri,nri: bump NRI dependencies to v0.11.0
Fixes: #12700 Instead of pulling in the selinux dependency for all users of the client library for no need, just inline the one Sprintf call we were using the library for here. Signed-off-by: Wade Simmons <wade@wades.im>
Signed-off-by: Chris Adeniyi-Jones <chris.adeniyi-jones@arm.com>
Uncomment call to add options for pulling encrypted images
WithCDI currently emits logs at Info level for every container even when len(Config.CDIDevices) == 0. Move these to Debug level. Signed-off-by: Samuel Karp <samuelkarp@google.com>
cri: move noisy CDI logs to debug level
The runtimeHandler parameter was added to PullImage() but never used. Instead, the code relied on an experimental annotation (io.containerd.cri.runtime-handler) passed in the pod sandbox config. This annotation was a workaround because CRI's PullImageRequest didn't include the runtime handler. However, since cri-api v0.29.0, the runtime handler is available in the API and passed as a parameter to PullImage(). For backward compatibility with CRI clients that don't yet pass the runtime handler parameter, we fall back to the annotation if the parameter is empty. The annotation-based fallback is deprecated and will be removed in containerd 2.5. Signed-off-by: Wedson Almeida Filho <walmeida@microsoft.com> Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com>
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
Added getAllContainerNetIO() to collect stats for all interfaces in the pod's network namespace. Signed-off-by: Davanum Srinivas <davanum@gmail.com>
cri: deprecate `enable_cdi`, treat disabled CDI an error for injection requests.
…-tested-with-latest-k/k Ensure ListMetricDescriptors gets tested with latest k/k
Signed-off-by: Davanum Srinivas <davanum@gmail.com>
…andler cri: Use the runtimeHandler parameter in PullImage
…rics-in-node-e2e-tests Drop skip for `[Feature:ResourceMetrics]` in node e2e tests
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.11.1 to 3.12.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@e468171...8d2750c) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-version: 3.12.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/attest-build-provenance](https://github.com/actions/attest-build-provenance) from 3.0.0 to 3.1.0. - [Release notes](https://github.com/actions/attest-build-provenance/releases) - [Changelog](https://github.com/actions/attest-build-provenance/blob/main/RELEASE.md) - [Commits](actions/attest-build-provenance@977bb37...00014ed) --- updated-dependencies: - dependency-name: actions/attest-build-provenance dependency-version: 3.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 4.31.8 to 4.31.9. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@1b168cd...5d4e8d1) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 4.31.9 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: ChengyuZhu6 <hudson@cyzhu.com>
cri: emit warning for concurrent CreateContainer
opencontainers/runtime-spec#941 added umask field and released with v1.0.2. This commit add the missing helper function for this field. Signed-off-by: Youfu Zhang <zhangyoufu@gmail.com>
pkg/oci: add WithUmask for SpecOpts
EROFS has supported a tiny metadata-only image to reference external blobs since Linux 5.16. This eliminates the need to mount each EROFS layer one by one and is also useful for VM-based containers (e.g. nerdbox and Kata containers.) Similar to LCOW/CimFS, `snapshots.UnpackKeyPrefix` is used to trigger fsmerge generation (typically < 100 ms) on demand in Prepare(). In the future, we can also generate fsmeta in Commit() of the final unpacking layer (by introducing an annotation to keep the chainID). However, in the case of intermediate layer reuse, the Prepare() handling will still be required. ```toml [plugins."io.containerd.snapshotter.v1.erofs"] max_unmerged_layers = 1 # enable fsmerge if image layers >= 2 ``` Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
In the CreateSandbox request, which is part of the Sandbox Controller, we ignored the `Annotations` parameter which could have been set by the caller via `WithAnnotations` option. This commit rectifies the same and adds the Annotations parameter to the request. Signed-off-by: Harsh Rawat <harshrawat@microsoft.com>
Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.77.0 to 1.78.0. - [Release notes](https://github.com/grpc/grpc-go/releases) - [Commits](grpc/grpc-go@v1.77.0...v1.78.0) --- updated-dependencies: - dependency-name: google.golang.org/grpc dependency-version: 1.78.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Add support for EROFS fsmerge feature
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
Signed-off-by: Maksym Pavlenko <pavlenko.maksym@gmail.com>
ci: add build/test go1.26.0, drop go1.24
Remove Container field from sandbox metadata
It's more common for directory-paths to not have a trailing slash; strip
it so that we don't have some double slashes.
Before:
make protos
...
+ protos
(cd api && buf dep update)
(cd api && PATH="/go/src/github.com/containerd/containerd//bin:$PATH" buf generate)
After:
make protos
...
+ protos
(cd api && buf dep update)
(cd api && PATH="/go/src/github.com/containerd/containerd/bin:$PATH" buf generate)
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
The `go list` command is vendor-aware, and doesn't include the vendor dir;
go list ./... | grep 'vendor'
# (no output)
For the API module, there's no need to grep for `integration` as it does
not have that sub-directory.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Fix some mixed tabs/spaces and indentation level. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
go1.20 and up has a `-C` flag to change to a directory before running commands (see https://go.dev/cl/421436). Documentation is a bit hard to find, and doesn't mention `go mod` subcommands, but can be found in the `go build` help; go help build ... The build flags are shared by the build, clean, get, install, list, run, and test commands: -C dir Change to dir before running the command. Any files named on the command line are interpreted after changing directories. If used, this flag must be the first one in the command line. Update the Makefile to use this option where applicable, so that we can skip some `cd` and sub-shells. Also switch some assignments to use `:=` to evaluate them once. Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
contrib/apparmor: fix /proc/sys rule
cmd/protoc-gen-go-fieldpath: add support for optional fields
…rifier Don't bail out if no image verifiers available
assert the exact error message while loading a higher version drop-in config than the root config Signed-off-by: Akhil Mohan <akhilerm@gmail.com>
add check on version of drop in configs
This adds GPU vendor auto-detection from CDI specs instead of hardcoding nvidia.com. This allows the --gpus flag to work with both NVIDIA and AMD GPUs by detecting the vendor from available CDI spec files. Signed-off-by: Shiv Tyagi <Shiv.Tyagi@amd.com>
Signed-off-by: Shiv Tyagi <Shiv.Tyagi@amd.com>
Signed-off-by: Shiv Tyagi <Shiv.Tyagi@amd.com>
cmd: fix inconsistencies in command-line flags, and add missing `--version` flags
Detect vendor in cdi specs to generate deviceIDs for --gpus
Signed-off-by: Michael Zappa <michael.zappa@gmail.com>
Signed-off-by: Michael Zappa <michael.zappa@gmail.com>
Signed-off-by: Michael Zappa <michael.zappa@gmail.com>
Fix CNI issue where CNI DEL is never executed
Signed-off-by: Michael Zappa <michael.zappa@gmail.com>
Remove image service dependency from podsandbox controller
When users configure a snapshotter in the runtime config (e.g., `plugins."io.containerd.cri.v1.runtime".containerd.runtimes.kata.snapshotter`), the CRI image service was not aware of this configuration. This caused images to be pulled with the default snapshotter instead of the runtime-specific one, because the image service's runtimePlatforms map was not populated with these runtime-to-snapshotter mappings. Let's make sure that during the CRI plugin init, we iterate over all the configured runtimes, and propagate any snapshotter configuration to the image service. The issue was found while working on #12835. Signed-off-by: Fabiano Fidêncio <ffidencio@nvidia.com>
Make linter for release branches happy
Makefile: assorted cleanups
…pecific-snapshotters-to-image-service cri: propagate runtime-specific snapshotters to image service
fix: propagate `context deadline exceeded` error properly
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
See Commits and Changes for more details.
Created by
pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )