diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 99c2842e1f2b..1205a355040e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -587,7 +587,7 @@ jobs: matrix: box: - fedora/39-cloud-base - - rockylinux/8@8.0.0 + - rockylinux/8@9.0.0 env: BOX: ${{ matrix.box }} diff --git a/.github/workflows/links.yml b/.github/workflows/links.yml index 86721d0d32b4..dd0c2a33e9f8 100644 --- a/.github/workflows/links.yml +++ b/.github/workflows/links.yml @@ -17,7 +17,7 @@ jobs: steps: - uses: actions/checkout@v4 - - uses: lycheeverse/lychee-action@v1.9.1 + - uses: lycheeverse/lychee-action@v1.9.3 with: # Fail action on broken links fail: true diff --git a/.mailmap b/.mailmap index aac1a4422015..a3125cda6a06 100644 --- a/.mailmap +++ b/.mailmap @@ -18,6 +18,7 @@ Arnaud Porterie Arnaud Porterie Bob Mader Boris Popovschi +bot <49699333+dependabot[bot]@users.noreply.github.com> Bowen Yan Brent Baude Cao Zhihao @@ -54,7 +55,8 @@ haoyun Harry Zhang Hu Shuai Hu Shuai -Iceber Gu +Iceber Gu +Iceber Gu Jaana Burcu Dogan Jess Valarezo Jess Valarezo @@ -177,3 +179,4 @@ Zhoulin Xie Zhoulin Xie <42261994+JoeWrightss@users.noreply.github.com> zounengren 张潇 +张钰 diff --git a/RELEASES.md b/RELEASES.md index 32c52e936dc5..6b9061b2d011 100644 --- a/RELEASES.md +++ b/RELEASES.md @@ -461,6 +461,25 @@ version = 2

+## Other breaking changes +### containerd v2.0 +#### CRI plugin treats read-only mounts recursively read-only +Starting with containerd v2.0, the CRI plugin treats read-only mounts +as recursively read-only mounts when running on Linux kernel v5.12 or later. + +To rollback to the legacy behavior that corresponds to containerd v1.x, +set the following config: +```toml +version = 2 +[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] + # treat_ro_mounts_as_rro ("Enabled"|"IfPossible"|"Disabled") + # treats read-only mounts as recursive read-only mounts. + # An empty string means "IfPossible". + # "Enabled" requires Linux kernel v5.12 or later. + # This configuration does not apply to non-volume mounts such as "/sys/fs/cgroup". + treat_ro_mounts_as_rro = "Disabled" +``` + ## Experimental features Experimental features are new features added to containerd which do not have the diff --git a/api/Protobuild.toml b/api/Protobuild.toml index b75f815a4f50..71776052cecd 100644 --- a/api/Protobuild.toml +++ b/api/Protobuild.toml @@ -24,7 +24,7 @@ generators = ["go", "go-ttrpc", "go-fieldpath"] [[overrides]] prefixes = ["github.com/containerd/containerd/api/services/ttrpc/events/v1"] -generators = ["go", "go-ttrpc", "go-fieldpath"] +generators = ["go", "go-ttrpc"] [[overrides]] # enable ttrpc and disable fieldpath and grpc for the shim diff --git a/api/next.pb.txt b/api/next.pb.txt index ff003a1444d8..0519c764734b 100644 --- a/api/next.pb.txt +++ b/api/next.pb.txt @@ -3962,13 +3962,59 @@ file { } syntax: "proto3" } +file { + name: "github.com/containerd/containerd/api/types/event.proto" + package: "containerd.types" + dependency: "github.com/containerd/containerd/api/types/fieldpath.proto" + dependency: "google/protobuf/any.proto" + dependency: "google/protobuf/timestamp.proto" + message_type { + name: "Envelope" + field { + name: "timestamp" + number: 1 + label: LABEL_OPTIONAL + type: TYPE_MESSAGE + type_name: ".google.protobuf.Timestamp" + json_name: "timestamp" + } + field { + name: "namespace" + number: 2 + label: LABEL_OPTIONAL + type: TYPE_STRING + json_name: "namespace" + } + field { + name: "topic" + number: 3 + label: LABEL_OPTIONAL + type: TYPE_STRING + json_name: "topic" + } + field { + name: "event" + number: 4 + label: LABEL_OPTIONAL + type: TYPE_MESSAGE + type_name: ".google.protobuf.Any" + json_name: "event" + } + options { + 64400: 1 + } + } + options { + go_package: "github.com/containerd/containerd/v2/api/types;types" + } + syntax: "proto3" +} file { name: "github.com/containerd/containerd/api/services/events/v1/events.proto" package: "containerd.services.events.v1" - dependency: "github.com/containerd/containerd/api/types/fieldpath.proto" + dependency: "github.com/containerd/containerd/api/types/event.proto" dependency: "google/protobuf/any.proto" dependency: "google/protobuf/empty.proto" - dependency: "google/protobuf/timestamp.proto" message_type { name: "PublishRequest" field { @@ -3994,7 +4040,7 @@ file { number: 1 label: LABEL_OPTIONAL type: TYPE_MESSAGE - type_name: ".containerd.services.events.v1.Envelope" + type_name: ".containerd.types.Envelope" json_name: "envelope" } } @@ -4008,42 +4054,6 @@ file { json_name: "filters" } } - message_type { - name: "Envelope" - field { - name: "timestamp" - number: 1 - label: LABEL_OPTIONAL - type: TYPE_MESSAGE - type_name: ".google.protobuf.Timestamp" - json_name: "timestamp" - } - field { - name: "namespace" - number: 2 - label: LABEL_OPTIONAL - type: TYPE_STRING - json_name: "namespace" - } - field { - name: "topic" - number: 3 - label: LABEL_OPTIONAL - type: TYPE_STRING - json_name: "topic" - } - field { - name: "event" - number: 4 - label: LABEL_OPTIONAL - type: TYPE_MESSAGE - type_name: ".google.protobuf.Any" - json_name: "event" - } - options { - 64400: 1 - } - } service { name: "Events" method { @@ -4059,7 +4069,7 @@ file { method { name: "Subscribe" input_type: ".containerd.services.events.v1.SubscribeRequest" - output_type: ".containerd.services.events.v1.Envelope" + output_type: ".containerd.types.Envelope" server_streaming: true } } @@ -7070,10 +7080,8 @@ file { file { name: "github.com/containerd/containerd/api/services/ttrpc/events/v1/events.proto" package: "containerd.services.events.ttrpc.v1" - dependency: "github.com/containerd/containerd/api/types/fieldpath.proto" - dependency: "google/protobuf/any.proto" + dependency: "github.com/containerd/containerd/api/types/event.proto" dependency: "google/protobuf/empty.proto" - dependency: "google/protobuf/timestamp.proto" message_type { name: "ForwardRequest" field { @@ -7081,46 +7089,10 @@ file { number: 1 label: LABEL_OPTIONAL type: TYPE_MESSAGE - type_name: ".containerd.services.events.ttrpc.v1.Envelope" + type_name: ".containerd.types.Envelope" json_name: "envelope" } } - message_type { - name: "Envelope" - field { - name: "timestamp" - number: 1 - label: LABEL_OPTIONAL - type: TYPE_MESSAGE - type_name: ".google.protobuf.Timestamp" - json_name: "timestamp" - } - field { - name: "namespace" - number: 2 - label: LABEL_OPTIONAL - type: TYPE_STRING - json_name: "namespace" - } - field { - name: "topic" - number: 3 - label: LABEL_OPTIONAL - type: TYPE_STRING - json_name: "topic" - } - field { - name: "event" - number: 4 - label: LABEL_OPTIONAL - type: TYPE_MESSAGE - type_name: ".google.protobuf.Any" - json_name: "event" - } - options { - 64400: 1 - } - } service { name: "Events" method { diff --git a/api/services/events/v1/events.pb.go b/api/services/events/v1/events.pb.go index 3de72d49c840..909edc956085 100644 --- a/api/services/events/v1/events.pb.go +++ b/api/services/events/v1/events.pb.go @@ -22,12 +22,11 @@ package events import ( - _ "github.com/containerd/containerd/v2/api/types" + types "github.com/containerd/containerd/v2/api/types" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" anypb "google.golang.org/protobuf/types/known/anypb" emptypb "google.golang.org/protobuf/types/known/emptypb" - timestamppb "google.golang.org/protobuf/types/known/timestamppb" reflect "reflect" sync "sync" ) @@ -99,7 +98,7 @@ type ForwardRequest struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Envelope *Envelope `protobuf:"bytes,1,opt,name=envelope,proto3" json:"envelope,omitempty"` + Envelope *types.Envelope `protobuf:"bytes,1,opt,name=envelope,proto3" json:"envelope,omitempty"` } func (x *ForwardRequest) Reset() { @@ -134,7 +133,7 @@ func (*ForwardRequest) Descriptor() ([]byte, []int) { return file_github_com_containerd_containerd_api_services_events_v1_events_proto_rawDescGZIP(), []int{1} } -func (x *ForwardRequest) GetEnvelope() *Envelope { +func (x *ForwardRequest) GetEnvelope() *types.Envelope { if x != nil { return x.Envelope } @@ -188,77 +187,6 @@ func (x *SubscribeRequest) GetFilters() []string { return nil } -type Envelope struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Timestamp *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=timestamp,proto3" json:"timestamp,omitempty"` - Namespace string `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"` - Topic string `protobuf:"bytes,3,opt,name=topic,proto3" json:"topic,omitempty"` - Event *anypb.Any `protobuf:"bytes,4,opt,name=event,proto3" json:"event,omitempty"` -} - -func (x *Envelope) Reset() { - *x = Envelope{} - if protoimpl.UnsafeEnabled { - mi := &file_github_com_containerd_containerd_api_services_events_v1_events_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Envelope) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Envelope) ProtoMessage() {} - -func (x *Envelope) ProtoReflect() protoreflect.Message { - mi := &file_github_com_containerd_containerd_api_services_events_v1_events_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Envelope.ProtoReflect.Descriptor instead. -func (*Envelope) Descriptor() ([]byte, []int) { - return file_github_com_containerd_containerd_api_services_events_v1_events_proto_rawDescGZIP(), []int{3} -} - -func (x *Envelope) GetTimestamp() *timestamppb.Timestamp { - if x != nil { - return x.Timestamp - } - return nil -} - -func (x *Envelope) GetNamespace() string { - if x != nil { - return x.Namespace - } - return "" -} - -func (x *Envelope) GetTopic() string { - if x != nil { - return x.Topic - } - return "" -} - -func (x *Envelope) GetEvent() *anypb.Any { - if x != nil { - return x.Event - } - return nil -} - var File_github_com_containerd_containerd_api_services_events_v1_events_proto protoreflect.FileDescriptor var file_github_com_containerd_containerd_api_services_events_v1_events_proto_rawDesc = []byte{ @@ -268,63 +196,48 @@ var file_github_com_containerd_containerd_api_services_events_v1_events_proto_ra 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x2f, 0x76, 0x31, 0x2f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x1d, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x65, 0x76, 0x65, 0x6e, - 0x74, 0x73, 0x2e, 0x76, 0x31, 0x1a, 0x3a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, + 0x74, 0x73, 0x2e, 0x76, 0x31, 0x1a, 0x36, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x74, 0x79, 0x70, 0x65, - 0x73, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x70, 0x61, 0x74, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x1a, 0x19, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, - 0x75, 0x66, 0x2f, 0x61, 0x6e, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x65, 0x6d, - 0x70, 0x74, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, - 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x52, 0x0a, 0x0e, 0x50, 0x75, - 0x62, 0x6c, 0x69, 0x73, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x14, 0x0a, 0x05, - 0x74, 0x6f, 0x70, 0x69, 0x63, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x74, 0x6f, 0x70, - 0x69, 0x63, 0x12, 0x2a, 0x0a, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x14, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x41, 0x6e, 0x79, 0x52, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x22, 0x55, - 0x0a, 0x0e, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, - 0x12, 0x43, 0x0a, 0x08, 0x65, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, - 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x2e, - 0x76, 0x31, 0x2e, 0x45, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x52, 0x08, 0x65, 0x6e, 0x76, - 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x22, 0x2c, 0x0a, 0x10, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, - 0x62, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x66, 0x69, 0x6c, - 0x74, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x66, 0x69, 0x6c, 0x74, - 0x65, 0x72, 0x73, 0x22, 0xaa, 0x01, 0x0a, 0x08, 0x45, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, - 0x12, 0x38, 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, - 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, - 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, - 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x6f, 0x70, 0x69, - 0x63, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x74, 0x6f, 0x70, 0x69, 0x63, 0x12, 0x2a, - 0x0a, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, - 0x41, 0x6e, 0x79, 0x52, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x3a, 0x04, 0x80, 0xb9, 0x1f, 0x01, - 0x32, 0x95, 0x02, 0x0a, 0x06, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x50, 0x0a, 0x07, 0x50, - 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x12, 0x2d, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, - 0x65, 0x72, 0x64, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x65, 0x76, 0x65, - 0x6e, 0x74, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x12, 0x50, 0x0a, - 0x07, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x12, 0x2d, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, - 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x65, - 0x76, 0x65, 0x6e, 0x74, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, - 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x12, - 0x67, 0x0a, 0x09, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x12, 0x2f, 0x2e, 0x63, - 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x73, 0x2e, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x75, 0x62, - 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x27, 0x2e, + 0x73, 0x2f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x19, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x61, + 0x6e, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x52, 0x0a, 0x0e, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x6f, 0x70, 0x69, 0x63, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x74, 0x6f, 0x70, 0x69, 0x63, 0x12, 0x2a, 0x0a, + 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x41, + 0x6e, 0x79, 0x52, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x22, 0x48, 0x0a, 0x0e, 0x46, 0x6f, 0x72, + 0x77, 0x61, 0x72, 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x36, 0x0a, 0x08, 0x65, + 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, + 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x73, + 0x2e, 0x45, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x52, 0x08, 0x65, 0x6e, 0x76, 0x65, 0x6c, + 0x6f, 0x70, 0x65, 0x22, 0x2c, 0x0a, 0x10, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x18, 0x0a, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65, + 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, + 0x73, 0x32, 0x88, 0x02, 0x0a, 0x06, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x50, 0x0a, 0x07, + 0x50, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x12, 0x2d, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, + 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x65, 0x76, + 0x65, 0x6e, 0x74, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x52, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x12, 0x50, + 0x0a, 0x07, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x12, 0x2d, 0x2e, 0x63, 0x6f, 0x6e, 0x74, + 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, + 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, + 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x45, 0x6d, 0x70, 0x74, 0x79, + 0x12, 0x5a, 0x0a, 0x09, 0x53, 0x75, 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x12, 0x2f, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x73, 0x2e, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x45, 0x6e, - 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x30, 0x01, 0x42, 0x43, 0x5a, 0x41, 0x67, 0x69, 0x74, 0x68, - 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, - 0x64, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2f, 0x76, 0x32, 0x2f, - 0x61, 0x70, 0x69, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2f, 0x65, 0x76, 0x65, - 0x6e, 0x74, 0x73, 0x2f, 0x76, 0x31, 0x3b, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x62, 0x06, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x63, 0x65, 0x73, 0x2e, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x2e, 0x76, 0x31, 0x2e, 0x53, 0x75, + 0x62, 0x73, 0x63, 0x72, 0x69, 0x62, 0x65, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x1a, + 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x74, 0x79, 0x70, 0x65, + 0x73, 0x2e, 0x45, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x30, 0x01, 0x42, 0x43, 0x5a, 0x41, + 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x61, + 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, + 0x2f, 0x76, 0x32, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, + 0x2f, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x2f, 0x76, 0x31, 0x3b, 0x65, 0x76, 0x65, 0x6e, 0x74, + 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -339,32 +252,29 @@ func file_github_com_containerd_containerd_api_services_events_v1_events_proto_r return file_github_com_containerd_containerd_api_services_events_v1_events_proto_rawDescData } -var file_github_com_containerd_containerd_api_services_events_v1_events_proto_msgTypes = make([]protoimpl.MessageInfo, 4) +var file_github_com_containerd_containerd_api_services_events_v1_events_proto_msgTypes = make([]protoimpl.MessageInfo, 3) var file_github_com_containerd_containerd_api_services_events_v1_events_proto_goTypes = []interface{}{ - (*PublishRequest)(nil), // 0: containerd.services.events.v1.PublishRequest - (*ForwardRequest)(nil), // 1: containerd.services.events.v1.ForwardRequest - (*SubscribeRequest)(nil), // 2: containerd.services.events.v1.SubscribeRequest - (*Envelope)(nil), // 3: containerd.services.events.v1.Envelope - (*anypb.Any)(nil), // 4: google.protobuf.Any - (*timestamppb.Timestamp)(nil), // 5: google.protobuf.Timestamp - (*emptypb.Empty)(nil), // 6: google.protobuf.Empty + (*PublishRequest)(nil), // 0: containerd.services.events.v1.PublishRequest + (*ForwardRequest)(nil), // 1: containerd.services.events.v1.ForwardRequest + (*SubscribeRequest)(nil), // 2: containerd.services.events.v1.SubscribeRequest + (*anypb.Any)(nil), // 3: google.protobuf.Any + (*types.Envelope)(nil), // 4: containerd.types.Envelope + (*emptypb.Empty)(nil), // 5: google.protobuf.Empty } var file_github_com_containerd_containerd_api_services_events_v1_events_proto_depIdxs = []int32{ - 4, // 0: containerd.services.events.v1.PublishRequest.event:type_name -> google.protobuf.Any - 3, // 1: containerd.services.events.v1.ForwardRequest.envelope:type_name -> containerd.services.events.v1.Envelope - 5, // 2: containerd.services.events.v1.Envelope.timestamp:type_name -> google.protobuf.Timestamp - 4, // 3: containerd.services.events.v1.Envelope.event:type_name -> google.protobuf.Any - 0, // 4: containerd.services.events.v1.Events.Publish:input_type -> containerd.services.events.v1.PublishRequest - 1, // 5: containerd.services.events.v1.Events.Forward:input_type -> containerd.services.events.v1.ForwardRequest - 2, // 6: containerd.services.events.v1.Events.Subscribe:input_type -> containerd.services.events.v1.SubscribeRequest - 6, // 7: containerd.services.events.v1.Events.Publish:output_type -> google.protobuf.Empty - 6, // 8: containerd.services.events.v1.Events.Forward:output_type -> google.protobuf.Empty - 3, // 9: containerd.services.events.v1.Events.Subscribe:output_type -> containerd.services.events.v1.Envelope - 7, // [7:10] is the sub-list for method output_type - 4, // [4:7] is the sub-list for method input_type - 4, // [4:4] is the sub-list for extension type_name - 4, // [4:4] is the sub-list for extension extendee - 0, // [0:4] is the sub-list for field type_name + 3, // 0: containerd.services.events.v1.PublishRequest.event:type_name -> google.protobuf.Any + 4, // 1: containerd.services.events.v1.ForwardRequest.envelope:type_name -> containerd.types.Envelope + 0, // 2: containerd.services.events.v1.Events.Publish:input_type -> containerd.services.events.v1.PublishRequest + 1, // 3: containerd.services.events.v1.Events.Forward:input_type -> containerd.services.events.v1.ForwardRequest + 2, // 4: containerd.services.events.v1.Events.Subscribe:input_type -> containerd.services.events.v1.SubscribeRequest + 5, // 5: containerd.services.events.v1.Events.Publish:output_type -> google.protobuf.Empty + 5, // 6: containerd.services.events.v1.Events.Forward:output_type -> google.protobuf.Empty + 4, // 7: containerd.services.events.v1.Events.Subscribe:output_type -> containerd.types.Envelope + 5, // [5:8] is the sub-list for method output_type + 2, // [2:5] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name } func init() { file_github_com_containerd_containerd_api_services_events_v1_events_proto_init() } @@ -409,18 +319,6 @@ func file_github_com_containerd_containerd_api_services_events_v1_events_proto_i return nil } } - file_github_com_containerd_containerd_api_services_events_v1_events_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Envelope); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } } type x struct{} out := protoimpl.TypeBuilder{ @@ -428,7 +326,7 @@ func file_github_com_containerd_containerd_api_services_events_v1_events_proto_i GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_github_com_containerd_containerd_api_services_events_v1_events_proto_rawDesc, NumEnums: 0, - NumMessages: 4, + NumMessages: 3, NumExtensions: 0, NumServices: 1, }, diff --git a/api/services/events/v1/events.proto b/api/services/events/v1/events.proto index 948c31e662d6..a0518536bf8d 100644 --- a/api/services/events/v1/events.proto +++ b/api/services/events/v1/events.proto @@ -18,10 +18,9 @@ syntax = "proto3"; package containerd.services.events.v1; -import "github.com/containerd/containerd/api/types/fieldpath.proto"; +import "github.com/containerd/containerd/api/types/event.proto"; import "google/protobuf/any.proto"; import "google/protobuf/empty.proto"; -import "google/protobuf/timestamp.proto"; option go_package = "github.com/containerd/containerd/v2/api/services/events/v1;events"; @@ -46,7 +45,7 @@ service Events { // from all namespaces unless otherwise specified. If this is not desired, // a filter can be provided in the format 'namespace==' to // restrict the received events. - rpc Subscribe(SubscribeRequest) returns (stream Envelope); + rpc Subscribe(SubscribeRequest) returns (stream containerd.types.Envelope); } message PublishRequest { @@ -55,17 +54,9 @@ message PublishRequest { } message ForwardRequest { - Envelope envelope = 1; + containerd.types.Envelope envelope = 1; } message SubscribeRequest { repeated string filters = 1; } - -message Envelope { - option (containerd.types.fieldpath) = true; - google.protobuf.Timestamp timestamp = 1; - string namespace = 2; - string topic = 3; - google.protobuf.Any event = 4; -} diff --git a/api/services/events/v1/events_grpc.pb.go b/api/services/events/v1/events_grpc.pb.go index 768306555cf1..d88fc077f3b2 100644 --- a/api/services/events/v1/events_grpc.pb.go +++ b/api/services/events/v1/events_grpc.pb.go @@ -8,6 +8,7 @@ package events import ( context "context" + types "github.com/containerd/containerd/v2/api/types" grpc "google.golang.org/grpc" codes "google.golang.org/grpc/codes" status "google.golang.org/grpc/status" @@ -86,7 +87,7 @@ func (c *eventsClient) Subscribe(ctx context.Context, in *SubscribeRequest, opts } type Events_SubscribeClient interface { - Recv() (*Envelope, error) + Recv() (*types.Envelope, error) grpc.ClientStream } @@ -94,8 +95,8 @@ type eventsSubscribeClient struct { grpc.ClientStream } -func (x *eventsSubscribeClient) Recv() (*Envelope, error) { - m := new(Envelope) +func (x *eventsSubscribeClient) Recv() (*types.Envelope, error) { + m := new(types.Envelope) if err := x.ClientStream.RecvMsg(m); err != nil { return nil, err } @@ -199,7 +200,7 @@ func _Events_Subscribe_Handler(srv interface{}, stream grpc.ServerStream) error } type Events_SubscribeServer interface { - Send(*Envelope) error + Send(*types.Envelope) error grpc.ServerStream } @@ -207,7 +208,7 @@ type eventsSubscribeServer struct { grpc.ServerStream } -func (x *eventsSubscribeServer) Send(m *Envelope) error { +func (x *eventsSubscribeServer) Send(m *types.Envelope) error { return x.ServerStream.SendMsg(m) } diff --git a/api/services/ttrpc/events/v1/events.pb.go b/api/services/ttrpc/events/v1/events.pb.go index ad450b905436..c0376bac970c 100644 --- a/api/services/ttrpc/events/v1/events.pb.go +++ b/api/services/ttrpc/events/v1/events.pb.go @@ -22,12 +22,10 @@ package events import ( - _ "github.com/containerd/containerd/v2/api/types" + types "github.com/containerd/containerd/v2/api/types" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" - anypb "google.golang.org/protobuf/types/known/anypb" emptypb "google.golang.org/protobuf/types/known/emptypb" - timestamppb "google.golang.org/protobuf/types/known/timestamppb" reflect "reflect" sync "sync" ) @@ -44,7 +42,7 @@ type ForwardRequest struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - Envelope *Envelope `protobuf:"bytes,1,opt,name=envelope,proto3" json:"envelope,omitempty"` + Envelope *types.Envelope `protobuf:"bytes,1,opt,name=envelope,proto3" json:"envelope,omitempty"` } func (x *ForwardRequest) Reset() { @@ -79,84 +77,13 @@ func (*ForwardRequest) Descriptor() ([]byte, []int) { return file_github_com_containerd_containerd_api_services_ttrpc_events_v1_events_proto_rawDescGZIP(), []int{0} } -func (x *ForwardRequest) GetEnvelope() *Envelope { +func (x *ForwardRequest) GetEnvelope() *types.Envelope { if x != nil { return x.Envelope } return nil } -type Envelope struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - Timestamp *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=timestamp,proto3" json:"timestamp,omitempty"` - Namespace string `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"` - Topic string `protobuf:"bytes,3,opt,name=topic,proto3" json:"topic,omitempty"` - Event *anypb.Any `protobuf:"bytes,4,opt,name=event,proto3" json:"event,omitempty"` -} - -func (x *Envelope) Reset() { - *x = Envelope{} - if protoimpl.UnsafeEnabled { - mi := &file_github_com_containerd_containerd_api_services_ttrpc_events_v1_events_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *Envelope) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*Envelope) ProtoMessage() {} - -func (x *Envelope) ProtoReflect() protoreflect.Message { - mi := &file_github_com_containerd_containerd_api_services_ttrpc_events_v1_events_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use Envelope.ProtoReflect.Descriptor instead. -func (*Envelope) Descriptor() ([]byte, []int) { - return file_github_com_containerd_containerd_api_services_ttrpc_events_v1_events_proto_rawDescGZIP(), []int{1} -} - -func (x *Envelope) GetTimestamp() *timestamppb.Timestamp { - if x != nil { - return x.Timestamp - } - return nil -} - -func (x *Envelope) GetNamespace() string { - if x != nil { - return x.Namespace - } - return "" -} - -func (x *Envelope) GetTopic() string { - if x != nil { - return x.Topic - } - return "" -} - -func (x *Envelope) GetEvent() *anypb.Any { - if x != nil { - return x.Event - } - return nil -} - var File_github_com_containerd_containerd_api_services_ttrpc_events_v1_events_proto protoreflect.FileDescriptor var file_github_com_containerd_containerd_api_services_ttrpc_events_v1_events_proto_rawDesc = []byte{ @@ -167,32 +94,16 @@ var file_github_com_containerd_containerd_api_services_ttrpc_events_v1_events_pr 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x23, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x2e, 0x74, 0x74, 0x72, 0x70, 0x63, 0x2e, 0x76, - 0x31, 0x1a, 0x3a, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, + 0x31, 0x1a, 0x36, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, - 0x65, 0x72, 0x64, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2f, 0x66, 0x69, - 0x65, 0x6c, 0x64, 0x70, 0x61, 0x74, 0x68, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x19, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x61, - 0x6e, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x65, 0x6d, 0x70, 0x74, 0x79, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x5b, 0x0a, 0x0e, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, - 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x49, 0x0a, 0x08, 0x65, 0x6e, 0x76, 0x65, - 0x6c, 0x6f, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x63, 0x6f, 0x6e, - 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, - 0x2e, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x2e, 0x74, 0x74, 0x72, 0x70, 0x63, 0x2e, 0x76, 0x31, - 0x2e, 0x45, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x52, 0x08, 0x65, 0x6e, 0x76, 0x65, 0x6c, - 0x6f, 0x70, 0x65, 0x22, 0xaa, 0x01, 0x0a, 0x08, 0x45, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, - 0x12, 0x38, 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, - 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, - 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, - 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x6f, 0x70, 0x69, - 0x63, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x74, 0x6f, 0x70, 0x69, 0x63, 0x12, 0x2a, - 0x0a, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, - 0x41, 0x6e, 0x79, 0x52, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x3a, 0x04, 0x80, 0xb9, 0x1f, 0x01, + 0x65, 0x72, 0x64, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2f, 0x65, 0x76, + 0x65, 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x65, 0x6d, 0x70, 0x74, 0x79, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x48, 0x0a, 0x0e, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, + 0x64, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x36, 0x0a, 0x08, 0x65, 0x6e, 0x76, 0x65, + 0x6c, 0x6f, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x63, 0x6f, 0x6e, + 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2e, 0x45, 0x6e, + 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x52, 0x08, 0x65, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x32, 0x60, 0x0a, 0x06, 0x45, 0x76, 0x65, 0x6e, 0x74, 0x73, 0x12, 0x56, 0x0a, 0x07, 0x46, 0x6f, 0x72, 0x77, 0x61, 0x72, 0x64, 0x12, 0x33, 0x2e, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x2e, 0x65, 0x76, 0x65, 0x6e, @@ -219,25 +130,21 @@ func file_github_com_containerd_containerd_api_services_ttrpc_events_v1_events_p return file_github_com_containerd_containerd_api_services_ttrpc_events_v1_events_proto_rawDescData } -var file_github_com_containerd_containerd_api_services_ttrpc_events_v1_events_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_github_com_containerd_containerd_api_services_ttrpc_events_v1_events_proto_msgTypes = make([]protoimpl.MessageInfo, 1) var file_github_com_containerd_containerd_api_services_ttrpc_events_v1_events_proto_goTypes = []interface{}{ - (*ForwardRequest)(nil), // 0: containerd.services.events.ttrpc.v1.ForwardRequest - (*Envelope)(nil), // 1: containerd.services.events.ttrpc.v1.Envelope - (*timestamppb.Timestamp)(nil), // 2: google.protobuf.Timestamp - (*anypb.Any)(nil), // 3: google.protobuf.Any - (*emptypb.Empty)(nil), // 4: google.protobuf.Empty + (*ForwardRequest)(nil), // 0: containerd.services.events.ttrpc.v1.ForwardRequest + (*types.Envelope)(nil), // 1: containerd.types.Envelope + (*emptypb.Empty)(nil), // 2: google.protobuf.Empty } var file_github_com_containerd_containerd_api_services_ttrpc_events_v1_events_proto_depIdxs = []int32{ - 1, // 0: containerd.services.events.ttrpc.v1.ForwardRequest.envelope:type_name -> containerd.services.events.ttrpc.v1.Envelope - 2, // 1: containerd.services.events.ttrpc.v1.Envelope.timestamp:type_name -> google.protobuf.Timestamp - 3, // 2: containerd.services.events.ttrpc.v1.Envelope.event:type_name -> google.protobuf.Any - 0, // 3: containerd.services.events.ttrpc.v1.Events.Forward:input_type -> containerd.services.events.ttrpc.v1.ForwardRequest - 4, // 4: containerd.services.events.ttrpc.v1.Events.Forward:output_type -> google.protobuf.Empty - 4, // [4:5] is the sub-list for method output_type - 3, // [3:4] is the sub-list for method input_type - 3, // [3:3] is the sub-list for extension type_name - 3, // [3:3] is the sub-list for extension extendee - 0, // [0:3] is the sub-list for field type_name + 1, // 0: containerd.services.events.ttrpc.v1.ForwardRequest.envelope:type_name -> containerd.types.Envelope + 0, // 1: containerd.services.events.ttrpc.v1.Events.Forward:input_type -> containerd.services.events.ttrpc.v1.ForwardRequest + 2, // 2: containerd.services.events.ttrpc.v1.Events.Forward:output_type -> google.protobuf.Empty + 2, // [2:3] is the sub-list for method output_type + 1, // [1:2] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name } func init() { file_github_com_containerd_containerd_api_services_ttrpc_events_v1_events_proto_init() } @@ -258,18 +165,6 @@ func file_github_com_containerd_containerd_api_services_ttrpc_events_v1_events_p return nil } } - file_github_com_containerd_containerd_api_services_ttrpc_events_v1_events_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Envelope); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } } type x struct{} out := protoimpl.TypeBuilder{ @@ -277,7 +172,7 @@ func file_github_com_containerd_containerd_api_services_ttrpc_events_v1_events_p GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_github_com_containerd_containerd_api_services_ttrpc_events_v1_events_proto_rawDesc, NumEnums: 0, - NumMessages: 2, + NumMessages: 1, NumExtensions: 0, NumServices: 1, }, diff --git a/api/services/ttrpc/events/v1/events.proto b/api/services/ttrpc/events/v1/events.proto index eabaf3cb9200..699ea3381f39 100644 --- a/api/services/ttrpc/events/v1/events.proto +++ b/api/services/ttrpc/events/v1/events.proto @@ -18,10 +18,8 @@ syntax = "proto3"; package containerd.services.events.ttrpc.v1; -import "github.com/containerd/containerd/api/types/fieldpath.proto"; -import "google/protobuf/any.proto"; +import "github.com/containerd/containerd/api/types/event.proto"; import "google/protobuf/empty.proto"; -import "google/protobuf/timestamp.proto"; option go_package = "github.com/containerd/containerd/v2/api/services/ttrpc/events/v1;events"; @@ -35,13 +33,5 @@ service Events { } message ForwardRequest { - Envelope envelope = 1; -} - -message Envelope { - option (containerd.types.fieldpath) = true; - google.protobuf.Timestamp timestamp = 1; - string namespace = 2; - string topic = 3; - google.protobuf.Any event = 4; + containerd.types.Envelope envelope = 1; } diff --git a/api/services/ttrpc/events/v1/events_fieldpath.pb.go b/api/services/ttrpc/events/v1/events_fieldpath.pb.go deleted file mode 100644 index ad48127be919..000000000000 --- a/api/services/ttrpc/events/v1/events_fieldpath.pb.go +++ /dev/null @@ -1,55 +0,0 @@ -// Code generated by protoc-gen-go-fieldpath. DO NOT EDIT. -// source: github.com/containerd/containerd/api/services/ttrpc/events/v1/events.proto -package events - -import ( - v2 "github.com/containerd/typeurl/v2" -) - -// Field returns the value for the given fieldpath as a string, if defined. -// If the value is not defined, the second value will be false. -func (m *ForwardRequest) Field(fieldpath []string) (string, bool) { - if len(fieldpath) == 0 { - return "", false - } - switch fieldpath[0] { - case "envelope": - // NOTE(stevvooe): This is probably not correct in many cases. - // We assume that the target message also implements the Field - // method, which isn't likely true in a lot of cases. - // - // If you have a broken build and have found this comment, - // you may be closer to a solution. - if m.Envelope == nil { - return "", false - } - return m.Envelope.Field(fieldpath[1:]) - } - return "", false -} - -// Field returns the value for the given fieldpath as a string, if defined. -// If the value is not defined, the second value will be false. -func (m *Envelope) Field(fieldpath []string) (string, bool) { - if len(fieldpath) == 0 { - return "", false - } - switch fieldpath[0] { - // unhandled: timestamp - case "namespace": - return string(m.Namespace), len(m.Namespace) > 0 - case "topic": - return string(m.Topic), len(m.Topic) > 0 - case "event": - decoded, err := v2.UnmarshalAny(m.Event) - if err != nil { - return "", false - } - adaptor, ok := decoded.(interface{ Field([]string) (string, bool) }) - if !ok { - return "", false - } - return adaptor.Field(fieldpath[1:]) - } - return "", false -} diff --git a/api/types/event.pb.go b/api/types/event.pb.go new file mode 100644 index 000000000000..5d5630dd4d68 --- /dev/null +++ b/api/types/event.pb.go @@ -0,0 +1,209 @@ +// +//Copyright The containerd Authors. +// +//Licensed under the Apache License, Version 2.0 (the "License"); +//you may not use this file except in compliance with the License. +//You may obtain a copy of the License at +// +//http://www.apache.org/licenses/LICENSE-2.0 +// +//Unless required by applicable law or agreed to in writing, software +//distributed under the License is distributed on an "AS IS" BASIS, +//WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +//See the License for the specific language governing permissions and +//limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.28.1 +// protoc v3.20.1 +// source: github.com/containerd/containerd/api/types/event.proto + +package types + +import ( + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + anypb "google.golang.org/protobuf/types/known/anypb" + timestamppb "google.golang.org/protobuf/types/known/timestamppb" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type Envelope struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Timestamp *timestamppb.Timestamp `protobuf:"bytes,1,opt,name=timestamp,proto3" json:"timestamp,omitempty"` + Namespace string `protobuf:"bytes,2,opt,name=namespace,proto3" json:"namespace,omitempty"` + Topic string `protobuf:"bytes,3,opt,name=topic,proto3" json:"topic,omitempty"` + Event *anypb.Any `protobuf:"bytes,4,opt,name=event,proto3" json:"event,omitempty"` +} + +func (x *Envelope) Reset() { + *x = Envelope{} + if protoimpl.UnsafeEnabled { + mi := &file_github_com_containerd_containerd_api_types_event_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Envelope) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Envelope) ProtoMessage() {} + +func (x *Envelope) ProtoReflect() protoreflect.Message { + mi := &file_github_com_containerd_containerd_api_types_event_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Envelope.ProtoReflect.Descriptor instead. +func (*Envelope) Descriptor() ([]byte, []int) { + return file_github_com_containerd_containerd_api_types_event_proto_rawDescGZIP(), []int{0} +} + +func (x *Envelope) GetTimestamp() *timestamppb.Timestamp { + if x != nil { + return x.Timestamp + } + return nil +} + +func (x *Envelope) GetNamespace() string { + if x != nil { + return x.Namespace + } + return "" +} + +func (x *Envelope) GetTopic() string { + if x != nil { + return x.Topic + } + return "" +} + +func (x *Envelope) GetEvent() *anypb.Any { + if x != nil { + return x.Event + } + return nil +} + +var File_github_com_containerd_containerd_api_types_event_proto protoreflect.FileDescriptor + +var file_github_com_containerd_containerd_api_types_event_proto_rawDesc = []byte{ + 0x0a, 0x36, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x6e, + 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, + 0x72, 0x64, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2f, 0x65, 0x76, 0x65, + 0x6e, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x10, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, + 0x6e, 0x65, 0x72, 0x64, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x73, 0x1a, 0x3a, 0x67, 0x69, 0x74, 0x68, + 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, + 0x64, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2f, 0x61, 0x70, 0x69, + 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x70, 0x61, 0x74, 0x68, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x19, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x61, 0x6e, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, + 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x22, 0xaa, 0x01, 0x0a, 0x08, 0x45, 0x6e, 0x76, 0x65, 0x6c, 0x6f, 0x70, 0x65, 0x12, + 0x38, 0x0a, 0x09, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x09, + 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, + 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, + 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x74, 0x6f, 0x70, 0x69, 0x63, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x74, 0x6f, 0x70, 0x69, 0x63, 0x12, 0x2a, 0x0a, + 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x14, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x41, + 0x6e, 0x79, 0x52, 0x05, 0x65, 0x76, 0x65, 0x6e, 0x74, 0x3a, 0x04, 0x80, 0xb9, 0x1f, 0x01, 0x42, + 0x35, 0x5a, 0x33, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x63, 0x6f, + 0x6e, 0x74, 0x61, 0x69, 0x6e, 0x65, 0x72, 0x64, 0x2f, 0x63, 0x6f, 0x6e, 0x74, 0x61, 0x69, 0x6e, + 0x65, 0x72, 0x64, 0x2f, 0x76, 0x32, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x74, 0x79, 0x70, 0x65, 0x73, + 0x3b, 0x74, 0x79, 0x70, 0x65, 0x73, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_github_com_containerd_containerd_api_types_event_proto_rawDescOnce sync.Once + file_github_com_containerd_containerd_api_types_event_proto_rawDescData = file_github_com_containerd_containerd_api_types_event_proto_rawDesc +) + +func file_github_com_containerd_containerd_api_types_event_proto_rawDescGZIP() []byte { + file_github_com_containerd_containerd_api_types_event_proto_rawDescOnce.Do(func() { + file_github_com_containerd_containerd_api_types_event_proto_rawDescData = protoimpl.X.CompressGZIP(file_github_com_containerd_containerd_api_types_event_proto_rawDescData) + }) + return file_github_com_containerd_containerd_api_types_event_proto_rawDescData +} + +var file_github_com_containerd_containerd_api_types_event_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_github_com_containerd_containerd_api_types_event_proto_goTypes = []interface{}{ + (*Envelope)(nil), // 0: containerd.types.Envelope + (*timestamppb.Timestamp)(nil), // 1: google.protobuf.Timestamp + (*anypb.Any)(nil), // 2: google.protobuf.Any +} +var file_github_com_containerd_containerd_api_types_event_proto_depIdxs = []int32{ + 1, // 0: containerd.types.Envelope.timestamp:type_name -> google.protobuf.Timestamp + 2, // 1: containerd.types.Envelope.event:type_name -> google.protobuf.Any + 2, // [2:2] is the sub-list for method output_type + 2, // [2:2] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name +} + +func init() { file_github_com_containerd_containerd_api_types_event_proto_init() } +func file_github_com_containerd_containerd_api_types_event_proto_init() { + if File_github_com_containerd_containerd_api_types_event_proto != nil { + return + } + file_github_com_containerd_containerd_api_types_fieldpath_proto_init() + if !protoimpl.UnsafeEnabled { + file_github_com_containerd_containerd_api_types_event_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Envelope); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_github_com_containerd_containerd_api_types_event_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_github_com_containerd_containerd_api_types_event_proto_goTypes, + DependencyIndexes: file_github_com_containerd_containerd_api_types_event_proto_depIdxs, + MessageInfos: file_github_com_containerd_containerd_api_types_event_proto_msgTypes, + }.Build() + File_github_com_containerd_containerd_api_types_event_proto = out.File + file_github_com_containerd_containerd_api_types_event_proto_rawDesc = nil + file_github_com_containerd_containerd_api_types_event_proto_goTypes = nil + file_github_com_containerd_containerd_api_types_event_proto_depIdxs = nil +} diff --git a/api/types/event.proto b/api/types/event.proto new file mode 100644 index 000000000000..fdb04f0880fb --- /dev/null +++ b/api/types/event.proto @@ -0,0 +1,33 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +syntax = "proto3"; + +package containerd.types; + +import "github.com/containerd/containerd/api/types/fieldpath.proto"; +import "google/protobuf/any.proto"; +import "google/protobuf/timestamp.proto"; + +option go_package = "github.com/containerd/containerd/v2/api/types;types"; + +message Envelope { + option (containerd.types.fieldpath) = true; + google.protobuf.Timestamp timestamp = 1; + string namespace = 2; + string topic = 3; + google.protobuf.Any event = 4; +} diff --git a/client/events.go b/client/events.go index 9f261d9f8174..80f42212cc65 100644 --- a/client/events.go +++ b/client/events.go @@ -20,6 +20,7 @@ import ( "context" eventsapi "github.com/containerd/containerd/v2/api/services/events/v1" + "github.com/containerd/containerd/v2/api/types" "github.com/containerd/containerd/v2/pkg/events" "github.com/containerd/containerd/v2/protobuf" "github.com/containerd/errdefs" @@ -62,7 +63,7 @@ func (e *eventRemote) Publish(ctx context.Context, topic string, event events.Ev func (e *eventRemote) Forward(ctx context.Context, envelope *events.Envelope) error { req := &eventsapi.ForwardRequest{ - Envelope: &eventsapi.Envelope{ + Envelope: &types.Envelope{ Timestamp: protobuf.ToTimestamp(envelope.Timestamp), Namespace: envelope.Namespace, Topic: envelope.Topic, diff --git a/cmd/containerd-stress/cri_worker.go b/cmd/containerd-stress/cri_worker.go index a206f0534217..332227cfb485 100644 --- a/cmd/containerd-stress/cri_worker.go +++ b/cmd/containerd-stress/cri_worker.go @@ -24,7 +24,7 @@ import ( "time" internalapi "github.com/containerd/containerd/v2/integration/cri-api/pkg/apis" - "github.com/containerd/containerd/v2/pkg/cri/util" + "github.com/containerd/containerd/v2/internal/cri/util" "github.com/containerd/log" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" ) diff --git a/cmd/containerd/builtins/cri.go b/cmd/containerd/builtins/cri.go index 3673889d378e..4e68b40dda31 100644 --- a/cmd/containerd/builtins/cri.go +++ b/cmd/containerd/builtins/cri.go @@ -19,6 +19,7 @@ package builtins import ( - _ "github.com/containerd/containerd/v2/pkg/cri" + _ "github.com/containerd/containerd/v2/plugins/cri" _ "github.com/containerd/containerd/v2/plugins/cri/images" + _ "github.com/containerd/containerd/v2/plugins/cri/runtime" ) diff --git a/contrib/fuzz/builtins.go b/contrib/fuzz/builtins.go index 2b7c7fe12461..a5e5c2c1bae0 100644 --- a/contrib/fuzz/builtins.go +++ b/contrib/fuzz/builtins.go @@ -19,10 +19,11 @@ package fuzz import ( // base containerd imports _ "github.com/containerd/containerd/v2/core/runtime/v2" - _ "github.com/containerd/containerd/v2/pkg/cri" _ "github.com/containerd/containerd/v2/pkg/events/plugin" _ "github.com/containerd/containerd/v2/pkg/nri/plugin" + _ "github.com/containerd/containerd/v2/plugins/cri" _ "github.com/containerd/containerd/v2/plugins/cri/images" + _ "github.com/containerd/containerd/v2/plugins/cri/runtime" _ "github.com/containerd/containerd/v2/plugins/diff/walking/plugin" _ "github.com/containerd/containerd/v2/plugins/gc" _ "github.com/containerd/containerd/v2/plugins/imageverifier" diff --git a/contrib/fuzz/cri_fuzzer.go b/contrib/fuzz/cri_fuzzer.go index 6a08fc241537..24818c2025bc 100644 --- a/contrib/fuzz/cri_fuzzer.go +++ b/contrib/fuzz/cri_fuzzer.go @@ -24,10 +24,10 @@ import ( fuzz "github.com/AdaLogics/go-fuzz-headers" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - "github.com/containerd/containerd/v2/pkg/cri/server" - "github.com/containerd/containerd/v2/pkg/cri/server/images" - containerstore "github.com/containerd/containerd/v2/pkg/cri/store/container" - sandboxstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" + "github.com/containerd/containerd/v2/internal/cri/server" + "github.com/containerd/containerd/v2/internal/cri/server/images" + containerstore "github.com/containerd/containerd/v2/internal/cri/store/container" + sandboxstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" ) var ( diff --git a/contrib/fuzz/cri_server_fuzzer.go b/contrib/fuzz/cri_server_fuzzer.go index adb9a388b364..3eaaa514b55a 100644 --- a/contrib/fuzz/cri_server_fuzzer.go +++ b/contrib/fuzz/cri_server_fuzzer.go @@ -24,11 +24,12 @@ import ( runtime "k8s.io/cri-api/pkg/apis/runtime/v1" containerd "github.com/containerd/containerd/v2/client" - criconfig "github.com/containerd/containerd/v2/pkg/cri/config" - "github.com/containerd/containerd/v2/pkg/cri/instrument" - "github.com/containerd/containerd/v2/pkg/cri/server" - "github.com/containerd/containerd/v2/pkg/cri/server/images" + criconfig "github.com/containerd/containerd/v2/internal/cri/config" + "github.com/containerd/containerd/v2/internal/cri/instrument" + "github.com/containerd/containerd/v2/internal/cri/server" + "github.com/containerd/containerd/v2/internal/cri/server/images" "github.com/containerd/containerd/v2/pkg/oci" + "github.com/containerd/errdefs" ) func FuzzCRIServer(data []byte) int { @@ -42,7 +43,6 @@ func FuzzCRIServer(data []byte) int { } defer client.Close() - config := criconfig.Config{} imageConfig := criconfig.ImageConfig{} imageService, err := images.NewService(imageConfig, &images.CRIImageServiceOptions{ @@ -52,10 +52,10 @@ func FuzzCRIServer(data []byte) int { panic(err) } - c, rs, err := server.NewCRIService(config, &server.CRIServiceOptions{ - ImageService: imageService, - Client: client, - BaseOCISpecs: map[string]*oci.Spec{}, + c, rs, err := server.NewCRIService(&server.CRIServiceOptions{ + RuntimeService: &fakeRuntimeService{}, + ImageService: imageService, + Client: client, }) if err != nil { panic(err) @@ -68,6 +68,16 @@ func FuzzCRIServer(data []byte) int { }) } +type fakeRuntimeService struct{} + +func (fakeRuntimeService) Config() criconfig.Config { + return criconfig.Config{} +} + +func (fakeRuntimeService) LoadOCISpec(string) (*oci.Spec, error) { + return nil, errdefs.ErrNotFound +} + type service struct { server.CRIService runtime.RuntimeServiceServer diff --git a/core/remotes/docker/auth/fetch.go b/core/remotes/docker/auth/fetch.go index 007afe424610..0091624628fc 100644 --- a/core/remotes/docker/auth/fetch.go +++ b/core/remotes/docker/auth/fetch.go @@ -86,11 +86,11 @@ type TokenOptions struct { // OAuthTokenResponse is response from fetching token with a OAuth POST request type OAuthTokenResponse struct { - AccessToken string `json:"access_token"` - RefreshToken string `json:"refresh_token"` - ExpiresIn int `json:"expires_in"` - IssuedAt time.Time `json:"issued_at"` - Scope string `json:"scope"` + AccessToken string `json:"access_token"` + RefreshToken string `json:"refresh_token"` + ExpiresInSeconds int `json:"expires_in"` + IssuedAt time.Time `json:"issued_at"` + Scope string `json:"scope"` } // FetchTokenWithOAuth fetches a token using a POST request @@ -152,11 +152,11 @@ func FetchTokenWithOAuth(ctx context.Context, client *http.Client, headers http. // FetchTokenResponse is response from fetching token with GET request type FetchTokenResponse struct { - Token string `json:"token"` - AccessToken string `json:"access_token"` - ExpiresIn int `json:"expires_in"` - IssuedAt time.Time `json:"issued_at"` - RefreshToken string `json:"refresh_token"` + Token string `json:"token"` + AccessToken string `json:"access_token"` + ExpiresInSeconds int `json:"expires_in"` + IssuedAt time.Time `json:"issued_at"` + RefreshToken string `json:"refresh_token"` } // FetchToken fetches a token using a GET request diff --git a/core/remotes/docker/authorizer.go b/core/remotes/docker/authorizer.go index e9af2f76be52..01fc792fa4a9 100644 --- a/core/remotes/docker/authorizer.go +++ b/core/remotes/docker/authorizer.go @@ -24,6 +24,7 @@ import ( "net/http" "strings" "sync" + "time" "github.com/containerd/containerd/v2/core/remotes/docker/auth" remoteerrors "github.com/containerd/containerd/v2/core/remotes/errors" @@ -205,9 +206,10 @@ func (a *dockerAuthorizer) AddResponses(ctx context.Context, responses []*http.R // authResult is used to control limit rate. type authResult struct { sync.WaitGroup - token string - refreshToken string - err error + token string + refreshToken string + expirationTime *time.Time + err error } // authHandler is used to handle auth request per registry server. @@ -270,8 +272,12 @@ func (ah *authHandler) doBearerAuth(ctx context.Context) (token, refreshToken st // Docs: https://docs.docker.com/registry/spec/auth/scope scoped := strings.Join(to.Scopes, " ") + // Keep track of the expiration time of cached bearer tokens so they can be + // refreshed when they expire without a server roundtrip. + var expirationTime *time.Time + ah.Lock() - if r, exist := ah.scopedTokens[scoped]; exist { + if r, exist := ah.scopedTokens[scoped]; exist && (r.expirationTime == nil || r.expirationTime.After(time.Now())) { ah.Unlock() r.Wait() return r.token, r.refreshToken, r.err @@ -285,7 +291,7 @@ func (ah *authHandler) doBearerAuth(ctx context.Context) (token, refreshToken st defer func() { token = fmt.Sprintf("Bearer %s", token) - r.token, r.refreshToken, r.err = token, refreshToken, err + r.token, r.refreshToken, r.err, r.expirationTime = token, refreshToken, err, expirationTime r.Done() }() @@ -311,6 +317,7 @@ func (ah *authHandler) doBearerAuth(ctx context.Context) (token, refreshToken st if err != nil { return "", "", err } + expirationTime = getExpirationTime(resp.ExpiresInSeconds) return resp.Token, resp.RefreshToken, nil } log.G(ctx).WithFields(log.Fields{ @@ -320,6 +327,7 @@ func (ah *authHandler) doBearerAuth(ctx context.Context) (token, refreshToken st } return "", "", err } + expirationTime = getExpirationTime(resp.ExpiresInSeconds) return resp.AccessToken, resp.RefreshToken, nil } // do request anonymously @@ -327,9 +335,18 @@ func (ah *authHandler) doBearerAuth(ctx context.Context) (token, refreshToken st if err != nil { return "", "", fmt.Errorf("failed to fetch anonymous token: %w", err) } + expirationTime = getExpirationTime(resp.ExpiresInSeconds) return resp.Token, resp.RefreshToken, nil } +func getExpirationTime(expiresInSeconds int) *time.Time { + if expiresInSeconds <= 0 { + return nil + } + expirationTime := time.Now().Add(time.Duration(expiresInSeconds) * time.Second) + return &expirationTime +} + func invalidAuthorization(ctx context.Context, c auth.Challenge, responses []*http.Response) (retry bool, _ error) { errStr := c.Parameters["error"] if errStr == "" { diff --git a/core/runtime/v2/shim/publisher.go b/core/runtime/v2/shim/publisher.go index 3628a2c6bed5..cf97f8266903 100644 --- a/core/runtime/v2/shim/publisher.go +++ b/core/runtime/v2/shim/publisher.go @@ -22,6 +22,7 @@ import ( "time" v1 "github.com/containerd/containerd/v2/api/services/ttrpc/events/v1" + "github.com/containerd/containerd/v2/api/types" "github.com/containerd/containerd/v2/pkg/events" "github.com/containerd/containerd/v2/pkg/namespaces" "github.com/containerd/containerd/v2/pkg/ttrpcutil" @@ -36,7 +37,7 @@ const ( ) type item struct { - ev *v1.Envelope + ev *types.Envelope ctx context.Context count int } @@ -115,7 +116,7 @@ func (l *RemoteEventsPublisher) Publish(ctx context.Context, topic string, event return err } i := &item{ - ev: &v1.Envelope{ + ev: &types.Envelope{ Timestamp: protobuf.ToTimestamp(time.Now()), Namespace: ns, Topic: topic, diff --git a/defaults/defaults_differ_windows.go b/defaults/defaults_differ_windows.go new file mode 100644 index 000000000000..0762d259eeec --- /dev/null +++ b/defaults/defaults_differ_windows.go @@ -0,0 +1,23 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package defaults + +const ( + // DefaultDiffer will set the default differ for the platform. + // This differ should be compatible with the windows snapshotter. + DefaultDiffer = "windows" +) diff --git a/docs/cri/config.md b/docs/cri/config.md index 63041db7543d..09008e260798 100644 --- a/docs/cri/config.md +++ b/docs/cri/config.md @@ -369,6 +369,14 @@ version = 2 # See https://github.com/containerd/containerd/issues/6657 for context. snapshotter = "" + # treat_ro_mounts_as_rro ("Enabled"|"IfPossible"|"Disabled") + # treats read-only mounts as recursive read-only mounts. + # An empty string means "IfPossible". + # "Enabled" requires Linux kernel v5.12 or later. + # Introduced in containerd v2.0. + # This configuration does not apply to non-volume mounts such as "/sys/fs/cgroup". + treat_ro_mounts_as_rro = "" + # 'plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc.options' is options specific to # "io.containerd.runc.v1" and "io.containerd.runc.v2". Its corresponding options type is: # https://github.com/containerd/containerd/blob/v1.3.2/runtime/v2/runc/options/oci.pb.go#L26 . diff --git a/docs/cri/installation.md b/docs/cri/installation.md deleted file mode 100644 index ff5beb0547ed..000000000000 --- a/docs/cri/installation.md +++ /dev/null @@ -1,146 +0,0 @@ -This documentation was merged into [`../getting-started.md`](../getting-started.md). -Please update your bookmark. - - -- - - - -
-Show the original content (DEPRECATED) - -

- -# Install Containerd with Release Tarball -This document provides the steps to install `containerd` and its dependencies with the release tarball, and bring up a Kubernetes cluster using kubeadm. - -These steps have been verified on Ubuntu 16.04. For other OS distributions, the steps may differ. Please feel free to file issues or PRs if you encounter any problems on other OS distributions. - -*Note: You need to run the following steps on each node you are planning to use in your Kubernetes cluster.* - -## Release Tarball -For each `containerd` release, we'll publish a release tarball specifically for Kubernetes named `cri-containerd-cni-${VERSION}-${OS}-${ARCH}.tar.gz`. This release tarball contains all required binaries and files for using `containerd` with Kubernetes. For example, the 1.4.3 version is available at https://github.com/containerd/containerd/releases/download/v1.4.3/cri-containerd-cni-1.4.3-linux-amd64.tar.gz. - -### Content -As shown below, the release tarball contains: - -- `containerd`, `containerd-shim-runc-v2`, `ctr`: binaries for containerd. -- `runc`: runc binary. -- `/opt/cni/bin`: binaries for [Container Network Interface](https://github.com/containernetworking/cni) -- `crictl`, `crictl.yaml`: command line tools for CRI container runtime and its config file. -- `critest`: binary to run [CRI validation test](https://github.com/kubernetes-sigs/cri-tools/blob/master/docs/validation.md). -- `containerd.service`: Systemd unit for containerd. -- `/opt/containerd/cluster/`: scripts for `kube-up.sh`. - -```console -$ tar -tf cri-containerd-cni-1.4.3-linux-amd64.tar.gz -etc/ -etc/cni/ -etc/cni/net.d/ -etc/cni/net.d/10-containerd-net.conflist -etc/crictl.yaml -etc/systemd/ -etc/systemd/system/ -etc/systemd/system/containerd.service -usr/ -usr/local/ -usr/local/bin/ -usr/local/bin/containerd-shim-runc-v2 -usr/local/bin/ctr -usr/local/bin/containerd-shim -usr/local/bin/containerd-shim-runc-v1 -usr/local/bin/crictl -usr/local/bin/critest -usr/local/bin/containerd -usr/local/sbin/ -usr/local/sbin/runc -opt/ -opt/cni/ -opt/cni/bin/ -opt/cni/bin/vlan -opt/cni/bin/host-local -opt/cni/bin/flannel -opt/cni/bin/bridge -opt/cni/bin/host-device -opt/cni/bin/tuning -opt/cni/bin/firewall -opt/cni/bin/bandwidth -opt/cni/bin/ipvlan -opt/cni/bin/sbr -opt/cni/bin/dhcp -opt/cni/bin/portmap -opt/cni/bin/ptp -opt/cni/bin/static -opt/cni/bin/macvlan -opt/cni/bin/loopback -opt/containerd/ -opt/containerd/cluster/ -opt/containerd/cluster/version -opt/containerd/cluster/gce/ -opt/containerd/cluster/gce/cni.template -opt/containerd/cluster/gce/configure.sh -opt/containerd/cluster/gce/cloud-init/ -opt/containerd/cluster/gce/cloud-init/master.yaml -opt/containerd/cluster/gce/cloud-init/node.yaml -opt/containerd/cluster/gce/env -``` - -### Binary Information -Information about the binaries in the release tarball: - -| Binary Name | Support | OS | Architecture | -|:------------------------------:|:------------------:|:-----:|:------------:| -| containerd | seccomp, apparmor, selinux
overlay, btrfs | linux | amd64 | -| containerd-shim | overlay, btrfs | linux | amd64 | -| runc | seccomp, apparmor, selinux | linux | amd64 | - - -If you have other requirements for the binaries, e.g. another architecture support etc., you need to build the binaries yourself following [the instructions](../../BUILDING.md). - -### Download - -The release tarball could be downloaded from the release page https://github.com/containerd/containerd/releases. - -## Step 0: Install Dependent Libraries -Install required library for seccomp. -```bash -sudo apt-get update -sudo apt-get install libseccomp2 -``` -Note that: -1) If you are using Ubuntu <=Trusty or Debian <=jessie, a backported version of `libseccomp2` is needed. (See the [trusty-backports](https://packages.ubuntu.com/trusty-backports/libseccomp2) and [buster-backports](https://packages.debian.org/buster-backports/libseccomp2)). -## Step 1: Download Release Tarball -Download release tarball for the `containerd` version you want to install from the GCS bucket. -```bash -wget https://github.com/containerd/containerd/releases/download/v${VERSION}/cri-containerd-cni-${VERSION}-linux-amd64.tar.gz -``` -Validate checksum of the release tarball: -```bash -wget https://github.com/containerd/containerd/releases/download/v${VERSION}/cri-containerd-cni-${VERSION}-linux-amd64.tar.gz.sha256sum -sha256sum --check cri-containerd-cni-${VERSION}-linux-amd64.tar.gz.sha256sum -``` -## Step 2: Install Containerd -If you are using systemd, just simply unpack the tarball to the root directory: -```bash -sudo tar --no-overwrite-dir -C / -xzf cri-containerd-cni-${VERSION}-linux-amd64.tar.gz -sudo systemctl daemon-reload -sudo systemctl start containerd -``` -If you are not using systemd, please unpack all binaries into a directory in your `PATH`, and start `containerd` as monitored long running services with the service manager you are using e.g. `supervisord`, `upstart` etc. -## Step 3: Install Kubeadm, Kubelet and Kubectl -Follow [the instructions](https://kubernetes.io/docs/setup/independent/install-kubeadm/) to install kubeadm, kubelet and kubectl. -## Step 4: Create Systemd Drop-In for Containerd -Create the systemd drop-in file `/etc/systemd/system/kubelet.service.d/0-containerd.conf`: -``` -[Service] -Environment="KUBELET_EXTRA_ARGS=--container-runtime=remote --runtime-request-timeout=15m --container-runtime-endpoint=unix:///run/containerd/containerd.sock" -``` -And reload systemd configuration: -```bash -systemctl daemon-reload -``` -## Bring Up the Cluster -Now you should have properly installed all required binaries and dependencies on each of your node. - -The next step is to use kubeadm to bring up the Kubernetes cluster. It is the same with [the ansible installer](../../contrib/ansible). Please follow the steps 2-4 [here](../../contrib/ansible/README.md#step-2). - -

-
diff --git a/docs/hosts.md b/docs/hosts.md index af19c0e3a96a..2560db95a1da 100644 --- a/docs/hosts.md +++ b/docs/hosts.md @@ -333,7 +333,7 @@ override_path = true ## host field(s) (in the toml table format) -`[host]."https://namespace"` and `[host].http://namespace` entries in the +`[host]."https://namespace"` and `[host]."http://namespace"` entries in the `hosts.toml` configuration are registry namespaces used in lieu of the default registry host namespace. These hosts are sometimes called mirrors because they may contain a copy of the container images and artifacts you are attempting to diff --git a/go.mod b/go.mod index 7d6fec5efbfa..387b6182953f 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( github.com/containerd/log v0.1.0 github.com/containerd/nri v0.5.0 github.com/containerd/platforms v0.1.1 - github.com/containerd/plugin v0.0.0-20231101173250-7ec69893e1e7 + github.com/containerd/plugin v0.1.0 github.com/containerd/ttrpc v1.2.2 github.com/containerd/typeurl/v2 v2.1.1 github.com/containernetworking/cni v1.1.2 @@ -32,11 +32,11 @@ require ( github.com/docker/go-units v0.5.0 github.com/fsnotify/fsnotify v1.7.0 github.com/google/go-cmp v0.6.0 - github.com/google/uuid v1.5.0 + github.com/google/uuid v1.6.0 github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 github.com/grpc-ecosystem/go-grpc-prometheus v1.2.0 github.com/intel/goresctrl v0.6.0 - github.com/klauspost/compress v1.17.4 + github.com/klauspost/compress v1.17.5 github.com/minio/sha256-simd v1.0.1 github.com/moby/locker v1.0.1 github.com/moby/sys/mountinfo v0.7.1 @@ -69,7 +69,7 @@ require ( golang.org/x/sync v0.6.0 golang.org/x/sys v0.16.0 google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0 - google.golang.org/grpc v1.60.1 + google.golang.org/grpc v1.61.0 google.golang.org/protobuf v1.32.0 k8s.io/apimachinery v0.28.4 k8s.io/client-go v0.28.4 @@ -118,13 +118,13 @@ require ( go.opentelemetry.io/proto/otlp v1.0.0 // indirect golang.org/x/exp v0.0.0-20231214170342-aacd6d4b4611 // indirect golang.org/x/net v0.19.0 // indirect - golang.org/x/oauth2 v0.13.0 // indirect + golang.org/x/oauth2 v0.14.0 // indirect golang.org/x/term v0.15.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.16.0 // indirect google.golang.org/appengine v1.6.8 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/go.sum b/go.sum index 9f0f79903245..107aed92beb4 100644 --- a/go.sum +++ b/go.sum @@ -1,6 +1,6 @@ cloud.google.com/go v0.26.0 h1:e0WKqKTd5BnrG8aKH3J3h+QvEIQtSUcf2n5UZ5ZgLtQ= cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= -cloud.google.com/go/compute v1.23.0 h1:tP41Zoavr8ptEqaW6j+LQOnyBBhO7OkOMAGrgLopTwY= +cloud.google.com/go/compute v1.23.3 h1:6sVlXXBmbd7jNX0Ipq0trII3e4n1/MsADLK6a+aiVlk= cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= dario.cat/mergo v1.0.0 h1:AGCNq9Evsj31mOgNPcLyXc+4PNABt905YmuqPYYpBWk= @@ -37,7 +37,7 @@ github.com/cilium/ebpf v0.11.0 h1:V8gS/bTCCjX9uUnkUFUpPsksM8n1lXBAvHcpiFk1X2Y= github.com/cilium/ebpf v0.11.0/go.mod h1:WE7CZAnqOL2RouJ4f1uyNhqr2P4CCvXFIqdRDUgWsVs= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= -github.com/cncf/xds/go v0.0.0-20230607035331-e9ce68804cb4 h1:/inchEIKaYC1Akx+H+gqO04wryn5h75LSazbRlnya1k= +github.com/cncf/xds/go v0.0.0-20231109132714-523115ebc101 h1:7To3pQ+pZo0i3dsWEbinPNFs5gPSBOsJtx3wTT94VBY= github.com/containerd/btrfs/v2 v2.0.0 h1:FN4wsx7KQrYoLXN7uLP0vBV4oVWHOIKDRQ1G2Z0oL5M= github.com/containerd/btrfs/v2 v2.0.0/go.mod h1:swkD/7j9HApWpzl8OHfrHNxppPd9l44DFZdF94BUj9k= github.com/containerd/cgroups/v3 v3.0.3 h1:S5ByHZ/h9PMe5IOQoN7E+nMc2UcLEM/V48DGDJ9kip0= @@ -62,8 +62,8 @@ github.com/containerd/nri v0.5.0 h1:bwCtKpi8i5FCA8g8WjIZNod91CEfIloYpV0+TH2prnQ= github.com/containerd/nri v0.5.0/go.mod h1:qIu2NlP3r/qK4YGnNuQf0De4VPqQWP2i2CVBfAZbGzg= github.com/containerd/platforms v0.1.1 h1:gp0xXBoY+1CjH54gJDon0kBjIbK2C4XSX1BGwP5ptG0= github.com/containerd/platforms v0.1.1/go.mod h1:XOM2BS6kN6gXafPLg80V6y/QUib+xoLyC3qVmHzibko= -github.com/containerd/plugin v0.0.0-20231101173250-7ec69893e1e7 h1:MUbtIMHEcMzj+8mPgHd5ett0WVbY/KYHa5tMvFs5Ejs= -github.com/containerd/plugin v0.0.0-20231101173250-7ec69893e1e7/go.mod h1:j6HlpMtkiZMgT4UsfVNxPBUkwdw9KQGU6nCLfRxnq+w= +github.com/containerd/plugin v0.1.0 h1:CYMyZk9beRAIe1FEKItbMLLAz/z16aXrGc+B+nv0fU4= +github.com/containerd/plugin v0.1.0/go.mod h1:j6HlpMtkiZMgT4UsfVNxPBUkwdw9KQGU6nCLfRxnq+w= github.com/containerd/ttrpc v1.2.2 h1:9vqZr0pxwOF5koz6N0N3kJ0zDHokrcPxIR/ZR2YFtOs= github.com/containerd/ttrpc v1.2.2/go.mod h1:sIT6l32Ph/H9cvnJsfXM5drIVzTr5A2flTf1G5tYZak= github.com/containerd/typeurl/v2 v2.1.1 h1:3Q4Pt7i8nYwy2KmQWIw2+1hTvwTE/6w9FqcttATPO/4= @@ -164,8 +164,8 @@ github.com/google/pprof v0.0.0-20210407192527-94a9f03dee38/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20230323073829-e72429f035bd h1:r8yyd+DJDmsUhGrRBxH5Pj7KeFK5l+Y3FsgT8keqKtk= github.com/google/uuid v1.1.2/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= -github.com/google/uuid v1.5.0 h1:1p67kYwdtXjb0gL0BPiP1Av9wiZPo5A8z2cWkTZ+eyU= -github.com/google/uuid v1.5.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= +github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 h1:UH//fgunKIs4JdUbpDl1VZCDaL56wXCB/5+wF6uHfaI= github.com/grpc-ecosystem/go-grpc-middleware v1.4.0/go.mod h1:g5qyo/la0ALbONm6Vbp88Yd8NsDy6rZz+RcrMPxvld8= @@ -189,8 +189,8 @@ github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHm github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.17.4 h1:Ej5ixsIri7BrIjBkRZLTo6ghwrEtHFk7ijlczPW4fZ4= -github.com/klauspost/compress v1.17.4/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= +github.com/klauspost/compress v1.17.5 h1:d4vBd+7CHydUqpFBgUEKkSdtSugf9YFmSkvUYPquI5E= +github.com/klauspost/compress v1.17.5/go.mod h1:/dCuZOvVtNoHsyb+cuJD3itjs3NbnF6KH9zAO4BDxPM= github.com/klauspost/cpuid/v2 v2.2.5 h1:0E5MSMDEoAulmXNFquVs//DdoomxaoTY1kUhbc/qbZg= github.com/klauspost/cpuid/v2 v2.2.5/go.mod h1:Lcz8mBdAVJIBVzewtcLocK12l3Y+JytZYpaMropDUws= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= @@ -394,8 +394,8 @@ golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= -golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY= -golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0= +golang.org/x/oauth2 v0.14.0 h1:P0Vrf/2538nmC0H+pEQ3MNFRRnVR7RlqyVw+bvm26z0= +golang.org/x/oauth2 v0.14.0/go.mod h1:lAtNWgaWfL4cm7j2OV8TxGi9Qb7ECORx8DktCY74OwM= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -477,8 +477,8 @@ google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfG google.golang.org/genproto v0.0.0-20200423170343-7949de9c1215/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c= google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20231211222908-989df2bf70f3 h1:1hfbdAfFbkmpg41000wDVqr7jUpK/Yo+LPnIxxGzmkg= -google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97 h1:W18sezcAYs+3tDZX4F80yctqa12jcP1PUS2gQu1zTPU= -google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97/go.mod h1:iargEX0SFPm3xcfMI0d1domjg0ZF4Aa0p2awqyxhvF0= +google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 h1:JpwMPBpFN3uKhdaekDpiNlImDdkUAyiJ6ez/uxGaUSo= +google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:0xJLfVdJqpAPl8tDg1ujOCGzx6LFLttXT5NhllGOXY4= google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0 h1:/jFB8jK5R3Sq3i/lmeZO0cATSzFfZaJq1J2Euan3XKU= google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0/go.mod h1:FUoWkonphQm3RhTS+kOEhF8h0iDpm4tdXolVCeZ9KKA= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= @@ -488,8 +488,8 @@ google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8 google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.29.1/go.mod h1:itym6AZVZYACWQqET3MqgPpjcuV5QH3BxFS3IjizoKk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.60.1 h1:26+wFr+cNqSGFcOXcabYC0lUVJVRa2Sb2ortSK7VrEU= -google.golang.org/grpc v1.60.1/go.mod h1:OlCHIeLYqSSsLi6i49B5QGdzaMZK9+M7LXN2FKz4eGM= +google.golang.org/grpc v1.61.0 h1:TOvOcuXn30kRao+gfcvsebNEa5iZIiLkisYEkf7R7o0= +google.golang.org/grpc v1.61.0/go.mod h1:VUbo7IFqmF1QtCAstipjG0GIoq49KvMe9+h1jFLBNJs= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= diff --git a/integration/build_local_containerd_helper_test.go b/integration/build_local_containerd_helper_test.go index f9577485eaf5..1a3a44193008 100644 --- a/integration/build_local_containerd_helper_test.go +++ b/integration/build_local_containerd_helper_test.go @@ -27,7 +27,7 @@ import ( ctrdsrv "github.com/containerd/containerd/v2/cmd/containerd/server" srvconfig "github.com/containerd/containerd/v2/cmd/containerd/server/config" "github.com/containerd/containerd/v2/core/content" - "github.com/containerd/containerd/v2/pkg/cri/constants" + "github.com/containerd/containerd/v2/internal/cri/constants" "github.com/containerd/containerd/v2/plugins" "github.com/containerd/log/logtest" "github.com/containerd/platforms" @@ -38,6 +38,7 @@ import ( _ "github.com/containerd/containerd/v2/core/runtime/v2/runc/options" _ "github.com/containerd/containerd/v2/pkg/events/plugin" _ "github.com/containerd/containerd/v2/plugins/cri/images" + _ "github.com/containerd/containerd/v2/plugins/cri/runtime" _ "github.com/containerd/containerd/v2/plugins/diff/walking/plugin" _ "github.com/containerd/containerd/v2/plugins/gc" _ "github.com/containerd/containerd/v2/plugins/leases" diff --git a/integration/client/client_ttrpc_test.go b/integration/client/client_ttrpc_test.go index 7d327645dfcd..d3f9d66206d7 100644 --- a/integration/client/client_ttrpc_test.go +++ b/integration/client/client_ttrpc_test.go @@ -22,6 +22,7 @@ import ( "time" v1 "github.com/containerd/containerd/v2/api/services/ttrpc/events/v1" + apitypes "github.com/containerd/containerd/v2/api/types" "github.com/containerd/containerd/v2/pkg/namespaces" "github.com/containerd/containerd/v2/pkg/ttrpcutil" "github.com/containerd/containerd/v2/protobuf" @@ -56,7 +57,7 @@ func TestClientTTRPC_Reconnect(t *testing.T) { // Send test request to make sure its alive after reconnect _, err = service.Forward(context.Background(), &v1.ForwardRequest{ - Envelope: &v1.Envelope{ + Envelope: &apitypes.Envelope{ Timestamp: protobuf.ToTimestamp(time.Now()), Namespace: namespaces.Default, Topic: "/test", @@ -82,7 +83,7 @@ func TestClientTTRPC_Close(t *testing.T) { err = client.Close() assert.NoError(t, err) - _, err = service.Forward(context.Background(), &v1.ForwardRequest{Envelope: &v1.Envelope{}}) + _, err = service.Forward(context.Background(), &v1.ForwardRequest{Envelope: &apitypes.Envelope{}}) assert.Equal(t, err, ttrpc.ErrClosed) err = client.Close() diff --git a/integration/container_update_resources_test.go b/integration/container_update_resources_test.go index 5bdcf16e648d..a489c48ff645 100644 --- a/integration/container_update_resources_test.go +++ b/integration/container_update_resources_test.go @@ -30,7 +30,7 @@ import ( cgroupsv2 "github.com/containerd/cgroups/v3/cgroup2" containerd "github.com/containerd/containerd/v2/client" "github.com/containerd/containerd/v2/integration/images" - criopts "github.com/containerd/containerd/v2/pkg/cri/opts" + criopts "github.com/containerd/containerd/v2/internal/cri/opts" runtimespec "github.com/opencontainers/runtime-spec/specs-go" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" diff --git a/integration/container_volume_linux_test.go b/integration/container_volume_linux_test.go new file mode 100644 index 000000000000..9fd62e3628c0 --- /dev/null +++ b/integration/container_volume_linux_test.go @@ -0,0 +1,149 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package integration + +import ( + "fmt" + "os" + "path/filepath" + "syscall" + "testing" + "time" + + "github.com/containerd/containerd/v2/core/mount" + "github.com/containerd/containerd/v2/integration/images" + "github.com/containerd/containerd/v2/pkg/kernelversion" + "github.com/opencontainers/selinux/go-selinux" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + runtime "k8s.io/cri-api/pkg/apis/runtime/v1" +) + +func testReadonlyMounts(t *testing.T, mode string, expectRRO bool) { + workDir := t.TempDir() + mntSrcDir := filepath.Join(workDir, "mnt") // "/mnt" in the container + require.NoError(t, os.MkdirAll(mntSrcDir, 0755)) + tmpfsDir := filepath.Join(mntSrcDir, "tmpfs") // "/mnt/tmpfs" in the container + require.NoError(t, os.MkdirAll(tmpfsDir, 0755)) + tmpfsMount := mount.Mount{ + Type: "tmpfs", + Source: "none", + } + require.NoError(t, tmpfsMount.Mount(tmpfsDir)) + t.Cleanup(func() { + require.NoError(t, mount.UnmountAll(tmpfsDir, 0)) + }) + + podLogDir := filepath.Join(workDir, "podLogDir") + require.NoError(t, os.MkdirAll(podLogDir, 0755)) + + config := `version = 2 +` + if mode != "" { + config += fmt.Sprintf(` +[plugins."io.containerd.grpc.v1.cri".containerd.runtimes.runc] + treat_ro_mount_as_rro = %q +`, mode) + } + require.NoError(t, os.WriteFile(filepath.Join(workDir, "config.toml"), + []byte(config), 0644)) + ctrdProc := newCtrdProc(t, "containerd", workDir) + t.Cleanup(func() { + cleanupPods(t, ctrdProc.criRuntimeService(t)) + require.NoError(t, ctrdProc.kill(syscall.SIGTERM)) + require.NoError(t, ctrdProc.wait(5*time.Minute)) + if t.Failed() { + dumpFileContent(t, ctrdProc.logPath()) + } + }) + runtimeServiceOrig, imageServiceOrig := runtimeService, imageService + runtimeService, imageService = ctrdProc.criRuntimeService(t), ctrdProc.criImageService(t) + t.Cleanup(func() { + runtimeService, imageService = runtimeServiceOrig, imageServiceOrig + }) + require.NoError(t, ctrdProc.isReady()) + + sb, sbConfig := PodSandboxConfigWithCleanup(t, "sandbox", "test-ro-mounts", + WithPodLogDirectory(podLogDir), + ) + + testImage := images.Get(images.BusyBox) + EnsureImageExists(t, testImage) + + containerName := "test-container" + cnConfig := ContainerConfig( + containerName, + testImage, + WithCommand("/bin/touch", "/mnt/tmpfs/file"), + WithLogPath(containerName), + func(c *runtime.ContainerConfig) { + c.Mounts = append(c.Mounts, &runtime.Mount{ + HostPath: mntSrcDir, + ContainerPath: "/mnt", + SelinuxRelabel: selinux.GetEnabled(), + Readonly: true, + }) + }, + ) + + cn, err := runtimeService.CreateContainer(sb, cnConfig, sbConfig) + require.NoError(t, err) + + t.Log("Start the container") + require.NoError(t, runtimeService.StartContainer(cn)) + + t.Log("Wait for container to finish running") + exitCode := -1 + require.NoError(t, Eventually(func() (bool, error) { + s, err := runtimeService.ContainerStatus(cn) + if err != nil { + return false, err + } + if s.GetState() == runtime.ContainerState_CONTAINER_EXITED { + exitCode = int(s.ExitCode) + return true, nil + } + return false, nil + }, time.Second, 30*time.Second)) + + output, err := os.ReadFile(filepath.Join(podLogDir, containerName)) + assert.NoError(t, err) + t.Logf("exitCode=%d, output=%q", exitCode, output) + + if expectRRO { + require.NotEqual(t, 0, exitCode) + require.Contains(t, string(output), "stderr F touch: /mnt/tmpfs/file: Read-only file system\n") + } else { + require.Equal(t, 0, exitCode) + } +} + +func TestReadonlyMounts(t *testing.T) { + kernelSupportsRRO, err := kernelversion.GreaterEqualThan(kernelversion.KernelVersion{Kernel: 5, Major: 12}) + require.NoError(t, err) + t.Run("Default", func(t *testing.T) { + testReadonlyMounts(t, "", kernelSupportsRRO) + }) + t.Run("Disabled", func(t *testing.T) { + testReadonlyMounts(t, "Disabled", false) + }) + if kernelSupportsRRO { + t.Run("Enabled", func(t *testing.T) { + testReadonlyMounts(t, "Enabled", true) + }) + } +} diff --git a/integration/containerd_image_test.go b/integration/containerd_image_test.go index 03955b51c9f0..57e4f0b9a386 100644 --- a/integration/containerd_image_test.go +++ b/integration/containerd_image_test.go @@ -27,7 +27,7 @@ import ( containerd "github.com/containerd/containerd/v2/client" "github.com/containerd/containerd/v2/integration/images" - "github.com/containerd/containerd/v2/pkg/cri/labels" + "github.com/containerd/containerd/v2/internal/cri/labels" "github.com/containerd/containerd/v2/pkg/namespaces" "github.com/containerd/errdefs" "github.com/stretchr/testify/assert" diff --git a/integration/image_pull_timeout_test.go b/integration/image_pull_timeout_test.go index 3492fb26ed86..cc9a846921c9 100644 --- a/integration/image_pull_timeout_test.go +++ b/integration/image_pull_timeout_test.go @@ -42,9 +42,9 @@ import ( "github.com/containerd/containerd/v2/core/content" "github.com/containerd/containerd/v2/core/leases" "github.com/containerd/containerd/v2/defaults" - criconfig "github.com/containerd/containerd/v2/pkg/cri/config" - criserver "github.com/containerd/containerd/v2/pkg/cri/server" - "github.com/containerd/containerd/v2/pkg/cri/server/images" + criconfig "github.com/containerd/containerd/v2/internal/cri/config" + criserver "github.com/containerd/containerd/v2/internal/cri/server" + "github.com/containerd/containerd/v2/internal/cri/server/images" "github.com/containerd/containerd/v2/pkg/namespaces" ) diff --git a/integration/main_test.go b/integration/main_test.go index bfe37eb1799a..4d4f8ec46b5c 100644 --- a/integration/main_test.go +++ b/integration/main_test.go @@ -49,10 +49,10 @@ import ( _ "github.com/containerd/containerd/v2/integration/images" // Keep this around to parse `imageListFile` command line var "github.com/containerd/containerd/v2/integration/remote" dialer "github.com/containerd/containerd/v2/integration/remote/util" - criconfig "github.com/containerd/containerd/v2/pkg/cri/config" - "github.com/containerd/containerd/v2/pkg/cri/constants" - "github.com/containerd/containerd/v2/pkg/cri/server/base" - "github.com/containerd/containerd/v2/pkg/cri/util" + criconfig "github.com/containerd/containerd/v2/internal/cri/config" + "github.com/containerd/containerd/v2/internal/cri/constants" + "github.com/containerd/containerd/v2/internal/cri/types" + "github.com/containerd/containerd/v2/internal/cri/util" ) const ( @@ -686,7 +686,7 @@ func CRIConfig() (*criconfig.Config, error) { } // SandboxInfo gets sandbox info. -func SandboxInfo(id string) (*runtime.PodSandboxStatus, *base.SandboxInfo, error) { +func SandboxInfo(id string) (*runtime.PodSandboxStatus, *types.SandboxInfo, error) { client, err := RawRuntimeClient() if err != nil { return nil, nil, fmt.Errorf("failed to get raw runtime client: %w", err) @@ -699,7 +699,7 @@ func SandboxInfo(id string) (*runtime.PodSandboxStatus, *base.SandboxInfo, error return nil, nil, fmt.Errorf("failed to get sandbox status: %w", err) } status := resp.GetStatus() - var info base.SandboxInfo + var info types.SandboxInfo if err := json.Unmarshal([]byte(resp.GetInfo()["info"]), &info); err != nil { return nil, nil, fmt.Errorf("failed to unmarshal sandbox info: %w", err) } diff --git a/integration/restart_linux_test.go b/integration/restart_linux_test.go new file mode 100644 index 000000000000..c802acd1dffa --- /dev/null +++ b/integration/restart_linux_test.go @@ -0,0 +1,78 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package integration + +import ( + "syscall" + "testing" + "time" + + "github.com/stretchr/testify/assert" + runtime "k8s.io/cri-api/pkg/apis/runtime/v1" +) + +func TestContainerdRestartSandboxRecover(t *testing.T) { + sbStatuses := map[string]runtime.PodSandboxState{ + // Sandbox with unknown status will be NotReady when returned from ListPodSandbox + "sandbox_unknown": runtime.PodSandboxState_SANDBOX_NOTREADY, + "sandbox_not_ready": runtime.PodSandboxState_SANDBOX_NOTREADY, + "sandbox_ready": runtime.PodSandboxState_SANDBOX_READY, + } + + sbReadyConfig := PodSandboxConfig("sandbox_ready", "sandbox_ready") + _, err := runtimeService.RunPodSandbox(sbReadyConfig, *runtimeHandler) + assert.NoError(t, err) + + sbNotReadyConfig := PodSandboxConfig("sandbox_not_ready", "sandbox_not_ready") + notReadyID, err := runtimeService.RunPodSandbox(sbNotReadyConfig, *runtimeHandler) + assert.NoError(t, err) + err = runtimeService.StopPodSandbox(notReadyID) + assert.NoError(t, err) + + t.Logf("Create a pod config with shim create delay") + sbUnknownConfig := PodSandboxConfig("sandbox_unknown", "sandbox_unknown_status") + injectShimFailpoint(t, sbUnknownConfig, map[string]string{ + "Create": "1*delay(2000)", + }) + waitCh := make(chan struct{}) + go func() { + time.Sleep(time.Second) + t.Logf("Create a sandbox with shim create delay") + RestartContainerd(t, syscall.SIGTERM) + waitCh <- struct{}{} + }() + t.Logf("Create a sandbox with shim create delay") + _, err = runtimeService.RunPodSandbox(sbUnknownConfig, failpointRuntimeHandler) + assert.Error(t, err) + <-waitCh + sbs, err := runtimeService.ListPodSandbox(nil) + assert.NoError(t, err) + foundUnkownSb := false + for _, sb := range sbs { + if sb.Metadata.Name == "sandbox_unknown" { + foundUnkownSb = true + } + if status, ok := sbStatuses[sb.Metadata.Name]; ok { + assert.Equal(t, status, sb.State) + err = runtimeService.StopPodSandbox(sb.Id) + assert.NoError(t, err) + err = runtimeService.RemovePodSandbox(sb.Id) + assert.NoError(t, err) + } + } + assert.True(t, foundUnkownSb) +} diff --git a/integration/sandbox_run_rollback_test.go b/integration/sandbox_run_rollback_test.go index cfaeab1c51ab..41d068f60ef2 100644 --- a/integration/sandbox_run_rollback_test.go +++ b/integration/sandbox_run_rollback_test.go @@ -35,8 +35,8 @@ import ( "github.com/stretchr/testify/require" criapiv1 "k8s.io/cri-api/pkg/apis/runtime/v1" + "github.com/containerd/containerd/v2/internal/cri/types" "github.com/containerd/containerd/v2/internal/failpoint" - "github.com/containerd/containerd/v2/pkg/cri/server/base" ) const ( @@ -299,7 +299,7 @@ func TestRunPodSandboxAndTeardownCNISlow(t *testing.T) { } // sbserverSandboxInfo gets sandbox info. -func sbserverSandboxInfo(id string) (*criapiv1.PodSandboxStatus, *base.SandboxInfo, error) { +func sbserverSandboxInfo(id string) (*criapiv1.PodSandboxStatus, *types.SandboxInfo, error) { client, err := RawRuntimeClient() if err != nil { return nil, nil, fmt.Errorf("failed to get raw runtime client: %w", err) @@ -312,7 +312,7 @@ func sbserverSandboxInfo(id string) (*criapiv1.PodSandboxStatus, *base.SandboxIn return nil, nil, fmt.Errorf("failed to get sandbox status: %w", err) } status := resp.GetStatus() - var info base.SandboxInfo + var info types.SandboxInfo if err := json.Unmarshal([]byte(resp.GetInfo()["info"]), &info); err != nil { return nil, nil, fmt.Errorf("failed to unmarshal sandbox info: %w", err) } diff --git a/pkg/cri/annotations/annotations.go b/internal/cri/annotations/annotations.go similarity index 98% rename from pkg/cri/annotations/annotations.go rename to internal/cri/annotations/annotations.go index 0288be67f22f..a6aa15109ddf 100644 --- a/pkg/cri/annotations/annotations.go +++ b/internal/cri/annotations/annotations.go @@ -17,7 +17,7 @@ package annotations import ( - customopts "github.com/containerd/containerd/v2/pkg/cri/opts" + customopts "github.com/containerd/containerd/v2/internal/cri/opts" "github.com/containerd/containerd/v2/pkg/oci" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" ) diff --git a/pkg/cri/bandwidth/doc.go b/internal/cri/bandwidth/doc.go similarity index 100% rename from pkg/cri/bandwidth/doc.go rename to internal/cri/bandwidth/doc.go diff --git a/pkg/cri/bandwidth/fake_shaper.go b/internal/cri/bandwidth/fake_shaper.go similarity index 100% rename from pkg/cri/bandwidth/fake_shaper.go rename to internal/cri/bandwidth/fake_shaper.go diff --git a/pkg/cri/bandwidth/interfaces.go b/internal/cri/bandwidth/interfaces.go similarity index 100% rename from pkg/cri/bandwidth/interfaces.go rename to internal/cri/bandwidth/interfaces.go diff --git a/pkg/cri/bandwidth/linux.go b/internal/cri/bandwidth/linux.go similarity index 100% rename from pkg/cri/bandwidth/linux.go rename to internal/cri/bandwidth/linux.go diff --git a/pkg/cri/bandwidth/unsupported.go b/internal/cri/bandwidth/unsupported.go similarity index 100% rename from pkg/cri/bandwidth/unsupported.go rename to internal/cri/bandwidth/unsupported.go diff --git a/pkg/cri/bandwidth/utils.go b/internal/cri/bandwidth/utils.go similarity index 100% rename from pkg/cri/bandwidth/utils.go rename to internal/cri/bandwidth/utils.go diff --git a/pkg/cri/config/config.go b/internal/cri/config/config.go similarity index 81% rename from pkg/cri/config/config.go rename to internal/cri/config/config.go index 1ae4f1341293..e28d3f2eddc3 100644 --- a/pkg/cri/config/config.go +++ b/internal/cri/config/config.go @@ -18,23 +18,39 @@ package config import ( "context" + "encoding/json" "errors" "fmt" "net/url" + goruntime "runtime" + "strconv" "time" + introspectionapi "github.com/containerd/containerd/v2/api/services/introspection/v1" + apitypes "github.com/containerd/containerd/v2/api/types" + "github.com/containerd/containerd/v2/protobuf" "github.com/containerd/log" + "github.com/containerd/typeurl/v2" "github.com/pelletier/go-toml/v2" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" + "k8s.io/kubelet/pkg/cri/streaming" runhcsoptions "github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options" runcoptions "github.com/containerd/containerd/v2/core/runtime/v2/runc/options" - "github.com/containerd/containerd/v2/pkg/cri/annotations" + "github.com/containerd/containerd/v2/internal/cri/annotations" "github.com/containerd/containerd/v2/pkg/deprecation" runtimeoptions "github.com/containerd/containerd/v2/pkg/runtimeoptions/v1" "github.com/containerd/containerd/v2/plugins" + "github.com/opencontainers/image-spec/specs-go" + "github.com/opencontainers/runtime-spec/specs-go/features" ) +func init() { + const prefix = "types.containerd.io" + major := strconv.Itoa(specs.VersionMajor) + typeurl.Register(&features.Features{}, prefix, "opencontainers/runtime-spec", major, "features", "Features") +} + const ( // defaultImagePullProgressTimeoutDuration is the default value of imagePullProgressTimeout. // @@ -72,6 +88,17 @@ const ( DefaultSandboxImage = "registry.k8s.io/pause:3.9" ) +// Ternary represents a ternary value. +// Ternary is needed because TOML does not accept "null" for boolean values. +type Ternary = string + +const ( + TernaryEmpty Ternary = "" // alias for IfPossible + TernaryEnabled Ternary = "Enabled" + TernaryIfPossible Ternary = "IfPossible" + TernaryDisabled Ternary = "Disabled" +) + // Runtime struct to contain the type(ID), engine, and root variables for a default runtime // and a runtime for untrusted workload. type Runtime struct { @@ -115,6 +142,15 @@ type Runtime struct { // shim - means use whatever Controller implementation provided by shim (e.g. use RemoteController). // podsandbox - means use Controller implementation from sbserver podsandbox package. Sandboxer string `toml:"sandboxer" json:"sandboxer"` + + // TreatRoMountsAsRro ("Enabled"|"IfPossible"|"Disabled") + // treats read-only mounts as recursive read-only mounts. + // An empty string means "IfPossible". + // "Enabled" requires Linux kernel v5.12 or later. + // Introduced in containerd v2.0. + // This configuration does not apply to non-volume mounts such as "/sys/fs/cgroup". + TreatRoMountsAsRro Ternary `toml:"treat_ro_mount_as_rro" json:"treatRoMountsAsRro"` + TreatRoMountsAsRroResolved bool `toml:"-" json:"-"` // Do not set manually } // ContainerdConfig contains toml config related to containerd @@ -312,33 +348,18 @@ type ImageConfig struct { StatsCollectPeriod int `toml:"stats_collect_period" json:"statsCollectPeriod"` } -// PluginConfig contains toml config related to CRI plugin, +// RuntimeConfig contains toml config related to CRI plugin, // it is a subset of Config. -type PluginConfig struct { +type RuntimeConfig struct { // ContainerdConfig contains config related to containerd ContainerdConfig `toml:"containerd" json:"containerd"` // CniConfig contains config related to cni CniConfig `toml:"cni" json:"cni"` - // DisableTCPService disables serving CRI on the TCP server. - DisableTCPService bool `toml:"disable_tcp_service" json:"disableTCPService"` - // StreamServerAddress is the ip address streaming server is listening on. - StreamServerAddress string `toml:"stream_server_address" json:"streamServerAddress"` - // StreamServerPort is the port streaming server is listening on. - StreamServerPort string `toml:"stream_server_port" json:"streamServerPort"` - // StreamIdleTimeout is the maximum time a streaming connection - // can be idle before the connection is automatically closed. - // The string is in the golang duration format, see: - // https://golang.org/pkg/time/#ParseDuration - StreamIdleTimeout string `toml:"stream_idle_timeout" json:"streamIdleTimeout"` // EnableSelinux indicates to enable the selinux support. EnableSelinux bool `toml:"enable_selinux" json:"enableSelinux"` // SelinuxCategoryRange allows the upper bound on the category range to be set. // If not specified or set to 0, defaults to 1024 from the selinux package. SelinuxCategoryRange int `toml:"selinux_category_range" json:"selinuxCategoryRange"` - // EnableTLSStreaming indicates to enable the TLS streaming support. - EnableTLSStreaming bool `toml:"enable_tls_streaming" json:"enableTLSStreaming"` - // X509KeyPairStreaming is a x509 key pair used for TLS streaming - X509KeyPairStreaming `toml:"x509_key_pair_streaming" json:"x509KeyPairStreaming"` // MaxContainerLogLineSize is the maximum log line size in bytes for a container. // Log line longer than the limit will be split into multiple lines. Non-positive // value means no limit. @@ -418,10 +439,10 @@ type X509KeyPairStreaming struct { TLSKeyFile string `toml:"tls_key_file" json:"tlsKeyFile"` } -// Config contains all configurations for cri server. +// Config contains all configurations for CRI runtime plugin. type Config struct { - // PluginConfig is the config for CRI plugin. - PluginConfig + // RuntimeConfig is the config for CRI runtime. + RuntimeConfig // ContainerdRootDir is the root directory path for containerd. ContainerdRootDir string `json:"containerdRootDir"` // ContainerdEndpoint is the containerd endpoint path. @@ -433,6 +454,25 @@ type Config struct { StateDir string `json:"stateDir"` } +// ServerConfig contains all the configuration for the CRI API server. +type ServerConfig struct { + // DisableTCPService disables serving CRI on the TCP server. + DisableTCPService bool `toml:"disable_tcp_service" json:"disableTCPService"` + // StreamServerAddress is the ip address streaming server is listening on. + StreamServerAddress string `toml:"stream_server_address" json:"streamServerAddress"` + // StreamServerPort is the port streaming server is listening on. + StreamServerPort string `toml:"stream_server_port" json:"streamServerPort"` + // StreamIdleTimeout is the maximum time a streaming connection + // can be idle before the connection is automatically closed. + // The string is in the golang duration format, see: + // https://golang.org/pkg/time/#ParseDuration + StreamIdleTimeout string `toml:"stream_idle_timeout" json:"streamIdleTimeout"` + // EnableTLSStreaming indicates to enable the TLS streaming support. + EnableTLSStreaming bool `toml:"enable_tls_streaming" json:"enableTLSStreaming"` + // X509KeyPairStreaming is a x509 key pair used for TLS streaming + X509KeyPairStreaming `toml:"x509_key_pair_streaming" json:"x509KeyPairStreaming"` +} + const ( // RuntimeUntrusted is the implicit runtime defined for ContainerdConfig.UntrustedWorkloadRuntime RuntimeUntrusted = "untrusted" @@ -494,8 +534,120 @@ func ValidateImageConfig(ctx context.Context, c *ImageConfig) ([]deprecation.War return warnings, nil } -// ValidatePluginConfig validates the given plugin configuration. -func ValidatePluginConfig(ctx context.Context, c *PluginConfig) ([]deprecation.Warning, error) { +func introspectRuntimeFeatures(ctx context.Context, introspectionClient introspectionapi.IntrospectionClient, r Runtime) (*features.Features, error) { + if introspectionClient == nil { // happens for unit tests + return nil, errors.New("introspectionClient is nil") + } + infoReq := &introspectionapi.PluginInfoRequest{ + Type: string(plugins.RuntimePluginV2), + ID: "task", + } + rr := &apitypes.RuntimeRequest{ + RuntimePath: r.Type, + } + if r.Path != "" { + rr.RuntimePath = r.Path + } + options, err := GenerateRuntimeOptions(r) + if err != nil { + return nil, err + } + rr.Options, err = protobuf.MarshalAnyToProto(options) + if err != nil { + return nil, fmt.Errorf("failed to marshal %T: %w", options, err) + } + infoReq.Options, err = protobuf.MarshalAnyToProto(rr) + if err != nil { + return nil, fmt.Errorf("failed to marshal %T: %w", rr, err) + } + infoResp, err := introspectionClient.PluginInfo(ctx, infoReq) + if err != nil { + return nil, fmt.Errorf("failed to call PluginInfo: %w", err) + } + var info apitypes.RuntimeInfo + if err := typeurl.UnmarshalTo(infoResp.Extra, &info); err != nil { + return nil, fmt.Errorf("failed to get runtime info from plugin info: %w", err) + } + featuresX, err := typeurl.UnmarshalAny(info.Features) + if err != nil { + return nil, fmt.Errorf("failed to unmarshal Features (%T): %w", info.Features, err) + } + features, ok := featuresX.(*features.Features) + if !ok { + return nil, fmt.Errorf("unknown features type %T", featuresX) + } + return features, nil +} + +// resolveTreatRoMountsAsRro resolves r.TreatRoMountsAsRro string into a boolean. +func resolveTreatRoMountsAsRro(ctx context.Context, introspectionClient introspectionapi.IntrospectionClient, r Runtime) (bool, error) { + debugPrefix := "treat_ro_mounts_as_rro" + if r.Type != "" { + debugPrefix += fmt.Sprintf("[%s]", r.Type) + } + if binaryName := r.Options["BinaryName"]; binaryName != "" { + debugPrefix += fmt.Sprintf("[%v]", binaryName) + } + debugPrefix += ": " + + var runtimeSupportsRro bool + if r.Type == plugins.RuntimeRuncV2 { + features, err := introspectRuntimeFeatures(ctx, introspectionClient, r) + if err != nil { + log.G(ctx).WithError(err).Warnf(debugPrefix + "failed to introspect runtime features (binary is not compatible with runc v1.1?)") + } else { + log.G(ctx).Debugf(debugPrefix+"Features: %+v", features) + for _, s := range features.MountOptions { + if s == "rro" { + runtimeSupportsRro = true + break + } + } + } + } + + switch r.TreatRoMountsAsRro { + case TernaryDisabled: + log.G(ctx).Debug(debugPrefix + "rro mounts are explicitly disabled") + return false, nil + case TernaryEnabled: + log.G(ctx).Debug(debugPrefix + "rro mounts are explicitly enabled") + if !kernelSupportsRro { + return true, fmt.Errorf("invalid `treat_ro_mounts_as_rro`: %q: needs Linux kernel v5.12 or later", TernaryEnabled) + } + if !runtimeSupportsRro { + return true, fmt.Errorf("invalid `treat_ro_mounts_as_rro`: %q: needs a runtime that is compatible with runc v1.1", TernaryEnabled) + } + return true, nil + case TernaryEmpty, TernaryIfPossible: + if r.Type != plugins.RuntimeRuncV2 { + log.G(ctx).Debugf(debugPrefix+"rro mounts are not supported by runtime %q, disabling rro mounts", r.Type) + return false, nil + } + if !kernelSupportsRro { + msg := debugPrefix + "rro mounts are not supported by kernel, disabling rro mounts" + if goruntime.GOOS == "linux" { + msg += " (Hint: upgrade the kernel to v5.12 or later)" + log.G(ctx).Warn(msg) + } else { + log.G(ctx).Debug(msg) + } + return false, nil + } + if !runtimeSupportsRro { + log.G(ctx).Warn(debugPrefix + "rro mounts are not supported by runtime, disabling rro mounts (Hint: use a runtime that is compatible with runc v1.1)") + return false, nil + } + log.G(ctx).Debug(debugPrefix + "rro mounts are implicitly enabled") + return true, nil + default: + return false, fmt.Errorf("invalid `treat_ro_mounts_as_rro`: %q (must be %q, %q, or %q)", + r.TreatRoMountsAsRro, TernaryDisabled, TernaryEnabled, TernaryIfPossible) + } +} + +// ValidateRuntimeConfig validates the given runtime configuration. +func ValidateRuntimeConfig(ctx context.Context, c *RuntimeConfig, introspectionClient introspectionapi.IntrospectionClient) ([]deprecation.Warning, error) { var warnings []deprecation.Warning if c.ContainerdConfig.Runtimes == nil { c.ContainerdConfig.Runtimes = make(map[string]Runtime) @@ -516,15 +668,15 @@ func ValidatePluginConfig(ctx context.Context, c *PluginConfig) ([]deprecation.W // If empty, use default podSandbox mode if len(r.Sandboxer) == 0 { r.Sandboxer = string(ModePodSandbox) - c.ContainerdConfig.Runtimes[k] = r } - } - // Validation for stream_idle_timeout - if c.StreamIdleTimeout != "" { - if _, err := time.ParseDuration(c.StreamIdleTimeout); err != nil { - return warnings, fmt.Errorf("invalid stream idle timeout: %w", err) + // Resolve r.TreatRoMountsAsRro (string; empty value must not be ignored) into r.TreatRoMountsAsRroResolved (bool) + var err error + r.TreatRoMountsAsRroResolved, err = resolveTreatRoMountsAsRro(ctx, introspectionClient, r) + if err != nil { + return warnings, err } + c.ContainerdConfig.Runtimes[k] = r } // Validation for drain_exec_sync_io_timeout @@ -539,6 +691,18 @@ func ValidatePluginConfig(ctx context.Context, c *PluginConfig) ([]deprecation.W return warnings, nil } +// ValidateServerConfig validates the given server configuration. +func ValidateServerConfig(ctx context.Context, c *ServerConfig) ([]deprecation.Warning, error) { + var warnings []deprecation.Warning + // Validation for stream_idle_timeout + if c.StreamIdleTimeout != "" { + if _, err := time.ParseDuration(c.StreamIdleTimeout); err != nil { + return warnings, fmt.Errorf("invalid stream idle timeout: %w", err) + } + } + return warnings, nil +} + func (config *Config) GetSandboxRuntime(podSandboxConfig *runtime.PodSandboxConfig, runtimeHandler string) (Runtime, error) { if untrustedWorkload(podSandboxConfig) { // If the untrusted annotation is provided, runtimeHandler MUST be empty. @@ -610,6 +774,16 @@ func GenerateRuntimeOptions(r Runtime) (interface{}, error) { // For generic configuration, if no config path specified (preserving old behavior), pass // the whole TOML configuration section to the runtime. if runtimeOpts, ok := options.(*runtimeoptions.Options); ok && runtimeOpts.ConfigPath == "" { + if runtimeOpts.TypeUrl != "" { + body, err := json.Marshal(r.Options) + if err != nil { + return nil, fmt.Errorf("failed to marshal config body as JSON for runtime %q: %v", r.Type, err) + } + + runtimeOpts.ConfigBody = body + return options, nil + } + runtimeOpts.ConfigBody = b } @@ -627,3 +801,17 @@ func getRuntimeOptionsType(t string) interface{} { return &runtimeoptions.Options{} } } + +func DefaultServerConfig() ServerConfig { + return ServerConfig{ + DisableTCPService: true, + StreamServerAddress: "127.0.0.1", + StreamServerPort: "0", + StreamIdleTimeout: streaming.DefaultConfig.StreamIdleTimeout.String(), // 4 hour + EnableTLSStreaming: false, + X509KeyPairStreaming: X509KeyPairStreaming{ + TLSKeyFile: "", + TLSCertFile: "", + }, + } +} diff --git a/pkg/cri/config/config_kernel_linux.go b/internal/cri/config/config_kernel_linux.go similarity index 78% rename from pkg/cri/config/config_kernel_linux.go rename to internal/cri/config/config_kernel_linux.go index 9da860750339..296e104bc38a 100644 --- a/pkg/cri/config/config_kernel_linux.go +++ b/internal/cri/config/config_kernel_linux.go @@ -28,7 +28,7 @@ import ( var kernelGreaterEqualThan = kernel.GreaterEqualThan -func ValidateEnableUnprivileged(ctx context.Context, c *PluginConfig) error { +func ValidateEnableUnprivileged(ctx context.Context, c *RuntimeConfig) error { if c.EnableUnprivilegedICMP || c.EnableUnprivilegedPorts { fourDotEleven := kernel.KernelVersion{Kernel: 4, Major: 11} ok, err := kernelGreaterEqualThan(fourDotEleven) @@ -41,3 +41,13 @@ func ValidateEnableUnprivileged(ctx context.Context, c *PluginConfig) error { } return nil } + +var kernelSupportsRro bool + +func init() { + var err error + kernelSupportsRro, err = kernelGreaterEqualThan(kernel.KernelVersion{Kernel: 5, Major: 12}) + if err != nil { + panic(fmt.Errorf("check current system kernel version error: %w", err)) + } +} diff --git a/pkg/cri/config/config_kernel_linux_test.go b/internal/cri/config/config_kernel_linux_test.go similarity index 96% rename from pkg/cri/config/config_kernel_linux_test.go rename to internal/cri/config/config_kernel_linux_test.go index 703178282982..0afc57420d40 100644 --- a/pkg/cri/config/config_kernel_linux_test.go +++ b/internal/cri/config/config_kernel_linux_test.go @@ -32,13 +32,13 @@ func TestValidateEnableUnprivileged(t *testing.T) { tests := []struct { name string - config *PluginConfig + config *RuntimeConfig kernelGreater bool expectedErr string }{ { name: "disable unprivileged_icmp and unprivileged_port", - config: &PluginConfig{ + config: &RuntimeConfig{ ContainerdConfig: ContainerdConfig{ DefaultRuntimeName: RuntimeDefault, Runtimes: map[string]Runtime{ @@ -54,7 +54,7 @@ func TestValidateEnableUnprivileged(t *testing.T) { }, { name: "enable unprivileged_icmp or unprivileged_port, but kernel version is smaller than 4.11", - config: &PluginConfig{ + config: &RuntimeConfig{ ContainerdConfig: ContainerdConfig{ DefaultRuntimeName: RuntimeDefault, Runtimes: map[string]Runtime{ @@ -71,7 +71,7 @@ func TestValidateEnableUnprivileged(t *testing.T) { }, { name: "enable unprivileged_icmp or unprivileged_port, but kernel version is greater than or equal 4.11", - config: &PluginConfig{ + config: &RuntimeConfig{ ContainerdConfig: ContainerdConfig{ DefaultRuntimeName: RuntimeDefault, Runtimes: map[string]Runtime{ diff --git a/pkg/cri/config/config_kernel_other.go b/internal/cri/config/config_kernel_other.go similarity index 86% rename from pkg/cri/config/config_kernel_other.go rename to internal/cri/config/config_kernel_other.go index b4012e163eab..bc675414f213 100644 --- a/pkg/cri/config/config_kernel_other.go +++ b/internal/cri/config/config_kernel_other.go @@ -22,6 +22,8 @@ import ( "context" ) -func ValidateEnableUnprivileged(ctx context.Context, c *PluginConfig) error { +func ValidateEnableUnprivileged(ctx context.Context, c *RuntimeConfig) error { return nil } + +var kernelSupportsRro bool diff --git a/pkg/cri/config/config_test.go b/internal/cri/config/config_test.go similarity index 78% rename from pkg/cri/config/config_test.go rename to internal/cri/config/config_test.go index a52b87df5ba3..8a982d95dc6c 100644 --- a/pkg/cri/config/config_test.go +++ b/internal/cri/config/config_test.go @@ -28,29 +28,32 @@ import ( func TestValidateConfig(t *testing.T) { for desc, test := range map[string]struct { - config *PluginConfig - expectedErr string - expected *PluginConfig - imageConfig *ImageConfig - imageExpectedErr string - imageExpected *ImageConfig - warnings []deprecation.Warning + runtimeConfig *RuntimeConfig + runtimeExpectedErr string + runtimeExpected *RuntimeConfig + imageConfig *ImageConfig + imageExpectedErr string + imageExpected *ImageConfig + serverConfig *ServerConfig + serverExpectedErr string + serverExpected *ServerConfig + warnings []deprecation.Warning }{ "no default_runtime_name": { - config: &PluginConfig{}, - expectedErr: "`default_runtime_name` is empty", + runtimeConfig: &RuntimeConfig{}, + runtimeExpectedErr: "`default_runtime_name` is empty", }, "no runtime[default_runtime_name]": { - config: &PluginConfig{ + runtimeConfig: &RuntimeConfig{ ContainerdConfig: ContainerdConfig{ DefaultRuntimeName: RuntimeDefault, }, }, - expectedErr: "no corresponding runtime configured in `containerd.runtimes` for `containerd` `default_runtime_name = \"default\"", + runtimeExpectedErr: "no corresponding runtime configured in `containerd.runtimes` for `containerd` `default_runtime_name = \"default\"", }, "deprecated auths": { - config: &PluginConfig{ + runtimeConfig: &RuntimeConfig{ ContainerdConfig: ContainerdConfig{ DefaultRuntimeName: RuntimeDefault, Runtimes: map[string]Runtime{ @@ -58,7 +61,7 @@ func TestValidateConfig(t *testing.T) { }, }, }, - expected: &PluginConfig{ + runtimeExpected: &RuntimeConfig{ ContainerdConfig: ContainerdConfig{ DefaultRuntimeName: RuntimeDefault, Runtimes: map[string]Runtime{ @@ -92,18 +95,10 @@ func TestValidateConfig(t *testing.T) { warnings: []deprecation.Warning{deprecation.CRIRegistryAuths}, }, "invalid stream_idle_timeout": { - config: &PluginConfig{ + serverConfig: &ServerConfig{ StreamIdleTimeout: "invalid", - ContainerdConfig: ContainerdConfig{ - DefaultRuntimeName: RuntimeDefault, - Runtimes: map[string]Runtime{ - RuntimeDefault: { - Type: "default", - }, - }, - }, }, - expectedErr: "invalid stream idle timeout", + serverExpectedErr: "invalid stream idle timeout", }, "conflicting mirror registry config": { imageConfig: &ImageConfig{ @@ -117,7 +112,7 @@ func TestValidateConfig(t *testing.T) { imageExpectedErr: "`mirrors` cannot be set when `config_path` is provided", }, "deprecated mirrors": { - config: &PluginConfig{ + runtimeConfig: &RuntimeConfig{ ContainerdConfig: ContainerdConfig{ DefaultRuntimeName: RuntimeDefault, Runtimes: map[string]Runtime{ @@ -132,7 +127,7 @@ func TestValidateConfig(t *testing.T) { }, }, }, - expected: &PluginConfig{ + runtimeExpected: &RuntimeConfig{ ContainerdConfig: ContainerdConfig{ DefaultRuntimeName: RuntimeDefault, Runtimes: map[string]Runtime{ @@ -152,7 +147,7 @@ func TestValidateConfig(t *testing.T) { warnings: []deprecation.Warning{deprecation.CRIRegistryMirrors}, }, "deprecated configs": { - config: &PluginConfig{ + runtimeConfig: &RuntimeConfig{ ContainerdConfig: ContainerdConfig{ DefaultRuntimeName: RuntimeDefault, Runtimes: map[string]Runtime{ @@ -171,7 +166,7 @@ func TestValidateConfig(t *testing.T) { }, }, }, - expected: &PluginConfig{ + runtimeExpected: &RuntimeConfig{ ContainerdConfig: ContainerdConfig{ DefaultRuntimeName: RuntimeDefault, Runtimes: map[string]Runtime{ @@ -195,7 +190,7 @@ func TestValidateConfig(t *testing.T) { warnings: []deprecation.Warning{deprecation.CRIRegistryConfigs}, }, "privileged_without_host_devices_all_devices_allowed without privileged_without_host_devices": { - config: &PluginConfig{ + runtimeConfig: &RuntimeConfig{ ContainerdConfig: ContainerdConfig{ DefaultRuntimeName: RuntimeDefault, Runtimes: map[string]Runtime{ @@ -207,10 +202,10 @@ func TestValidateConfig(t *testing.T) { }, }, }, - expectedErr: "`privileged_without_host_devices_all_devices_allowed` requires `privileged_without_host_devices` to be enabled", + runtimeExpectedErr: "`privileged_without_host_devices_all_devices_allowed` requires `privileged_without_host_devices` to be enabled", }, "invalid drain_exec_sync_io_timeout input": { - config: &PluginConfig{ + runtimeConfig: &RuntimeConfig{ ContainerdConfig: ContainerdConfig{ DefaultRuntimeName: RuntimeDefault, Runtimes: map[string]Runtime{ @@ -221,18 +216,18 @@ func TestValidateConfig(t *testing.T) { }, DrainExecSyncIOTimeout: "10", }, - expectedErr: "invalid `drain_exec_sync_io_timeout`", + runtimeExpectedErr: "invalid `drain_exec_sync_io_timeout`", }, } { t.Run(desc, func(t *testing.T) { var warnings []deprecation.Warning - if test.config != nil { - w, err := ValidatePluginConfig(context.Background(), test.config) - if test.expectedErr != "" { - assert.Contains(t, err.Error(), test.expectedErr) + if test.runtimeConfig != nil { + w, err := ValidateRuntimeConfig(context.Background(), test.runtimeConfig, nil) + if test.runtimeExpectedErr != "" { + assert.Contains(t, err.Error(), test.runtimeExpectedErr) } else { assert.NoError(t, err) - assert.Equal(t, test.expected, test.config) + assert.Equal(t, test.runtimeExpected, test.runtimeConfig) } warnings = append(warnings, w...) } @@ -246,6 +241,16 @@ func TestValidateConfig(t *testing.T) { } warnings = append(warnings, w...) } + if test.serverConfig != nil { + w, err := ValidateServerConfig(context.Background(), test.serverConfig) + if test.serverExpectedErr != "" { + assert.Contains(t, err.Error(), test.serverExpectedErr) + } else { + assert.NoError(t, err) + assert.Equal(t, test.serverExpected, test.serverConfig) + } + warnings = append(warnings, w...) + } if len(test.warnings) > 0 { assert.ElementsMatch(t, test.warnings, warnings) diff --git a/pkg/cri/config/config_unix.go b/internal/cri/config/config_unix.go similarity index 84% rename from pkg/cri/config/config_unix.go rename to internal/cri/config/config_unix.go index 7a0405566090..d31b090a1ab8 100644 --- a/pkg/cri/config/config_unix.go +++ b/internal/cri/config/config_unix.go @@ -21,7 +21,6 @@ package config import ( "github.com/containerd/containerd/v2/defaults" "github.com/pelletier/go-toml/v2" - "k8s.io/kubelet/pkg/cri/streaming" ) func DefaultImageConfig() ImageConfig { @@ -41,8 +40,8 @@ func DefaultImageConfig() ImageConfig { } } -// DefaultConfig returns default configurations of cri plugin. -func DefaultConfig() PluginConfig { +// DefaultRuntimeConfig returns default configurations of cri plugin. +func DefaultRuntimeConfig() RuntimeConfig { defaultRuncV2Opts := ` # NoNewKeyring disables new keyring for the container. NoNewKeyring = false @@ -71,7 +70,7 @@ func DefaultConfig() PluginConfig { var m map[string]interface{} toml.Unmarshal([]byte(defaultRuncV2Opts), &m) - return PluginConfig{ + return RuntimeConfig{ CniConfig: CniConfig{ NetworkPluginBinDir: "/opt/cni/bin", NetworkPluginConfDir: "/etc/cni/net.d", @@ -89,17 +88,8 @@ func DefaultConfig() PluginConfig { }, }, }, - DisableTCPService: true, - StreamServerAddress: "127.0.0.1", - StreamServerPort: "0", - StreamIdleTimeout: streaming.DefaultConfig.StreamIdleTimeout.String(), // 4 hour - EnableSelinux: false, - SelinuxCategoryRange: 1024, - EnableTLSStreaming: false, - X509KeyPairStreaming: X509KeyPairStreaming{ - TLSKeyFile: "", - TLSCertFile: "", - }, + EnableSelinux: false, + SelinuxCategoryRange: 1024, MaxContainerLogLineSize: 16 * 1024, DisableProcMount: false, TolerateMissingHugetlbController: true, diff --git a/pkg/cri/config/config_windows.go b/internal/cri/config/config_windows.go similarity index 86% rename from pkg/cri/config/config_windows.go rename to internal/cri/config/config_windows.go index 9c2eeac158f5..a1d4b072c37c 100644 --- a/pkg/cri/config/config_windows.go +++ b/internal/cri/config/config_windows.go @@ -21,7 +21,6 @@ import ( "path/filepath" "github.com/containerd/containerd/v2/defaults" - "k8s.io/kubelet/pkg/cri/streaming" ) func DefaultImageConfig() ImageConfig { @@ -39,9 +38,9 @@ func DefaultImageConfig() ImageConfig { } } -// DefaultConfig returns default configurations of cri plugin. -func DefaultConfig() PluginConfig { - return PluginConfig{ +// DefaultRuntimeConfig returns default configurations of cri plugin. +func DefaultRuntimeConfig() RuntimeConfig { + return RuntimeConfig{ CniConfig: CniConfig{ NetworkPluginBinDir: filepath.Join(os.Getenv("ProgramFiles"), "containerd", "cni", "bin"), NetworkPluginConfDir: filepath.Join(os.Getenv("ProgramFiles"), "containerd", "cni", "conf"), @@ -78,15 +77,6 @@ func DefaultConfig() PluginConfig { }, }, }, - DisableTCPService: true, - StreamServerAddress: "127.0.0.1", - StreamServerPort: "0", - StreamIdleTimeout: streaming.DefaultConfig.StreamIdleTimeout.String(), // 4 hour - EnableTLSStreaming: false, - X509KeyPairStreaming: X509KeyPairStreaming{ - TLSKeyFile: "", - TLSCertFile: "", - }, MaxContainerLogLineSize: 16 * 1024, IgnoreImageDefinedVolumes: false, // TODO(windows): Add platform specific config, so that most common defaults can be shared. diff --git a/internal/cri/config/streaming.go b/internal/cri/config/streaming.go new file mode 100644 index 000000000000..b02e0bd58b83 --- /dev/null +++ b/internal/cri/config/streaming.go @@ -0,0 +1,163 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package config + +import ( + "crypto/tls" + "errors" + "fmt" + "net" + "os" + "time" + + k8snet "k8s.io/apimachinery/pkg/util/net" + k8scert "k8s.io/client-go/util/cert" + + "k8s.io/kubelet/pkg/cri/streaming" +) + +type streamListenerMode int + +const ( + x509KeyPairTLS streamListenerMode = iota + selfSignTLS + withoutTLS +) + +func getStreamListenerMode(config *ServerConfig) (streamListenerMode, error) { + if config.EnableTLSStreaming { + if config.X509KeyPairStreaming.TLSCertFile != "" && config.X509KeyPairStreaming.TLSKeyFile != "" { + return x509KeyPairTLS, nil + } + if config.X509KeyPairStreaming.TLSCertFile != "" && config.X509KeyPairStreaming.TLSKeyFile == "" { + return -1, errors.New("must set X509KeyPairStreaming.TLSKeyFile") + } + if config.X509KeyPairStreaming.TLSCertFile == "" && config.X509KeyPairStreaming.TLSKeyFile != "" { + return -1, errors.New("must set X509KeyPairStreaming.TLSCertFile") + } + return selfSignTLS, nil + } + if config.X509KeyPairStreaming.TLSCertFile != "" { + return -1, errors.New("X509KeyPairStreaming.TLSCertFile is set but EnableTLSStreaming is not set") + } + if config.X509KeyPairStreaming.TLSKeyFile != "" { + return -1, errors.New("X509KeyPairStreaming.TLSKeyFile is set but EnableTLSStreaming is not set") + } + return withoutTLS, nil +} + +func (c *ServerConfig) StreamingConfig() (streaming.Config, error) { + var ( + addr = c.StreamServerAddress + port = c.StreamServerPort + streamIdleTimeout = c.StreamIdleTimeout + ) + if addr == "" { + a, err := k8snet.ResolveBindAddress(nil) + if err != nil { + return streaming.Config{}, fmt.Errorf("failed to get stream server address: %w", err) + } + addr = a.String() + } + config := streaming.DefaultConfig + if streamIdleTimeout != "" { + var err error + config.StreamIdleTimeout, err = time.ParseDuration(streamIdleTimeout) + if err != nil { + return streaming.Config{}, fmt.Errorf("invalid stream idle timeout: %w", err) + } + } + config.Addr = net.JoinHostPort(addr, port) + + tlsMode, err := getStreamListenerMode(c) + if err != nil { + return streaming.Config{}, fmt.Errorf("invalid stream server configuration: %w", err) + } + switch tlsMode { + case x509KeyPairTLS: + tlsCert, err := tls.LoadX509KeyPair(c.X509KeyPairStreaming.TLSCertFile, c.X509KeyPairStreaming.TLSKeyFile) + if err != nil { + return streaming.Config{}, fmt.Errorf("failed to load x509 key pair for stream server: %w", err) + } + config.TLSConfig = &tls.Config{ + Certificates: []tls.Certificate{tlsCert}, + } + case selfSignTLS: + tlsCert, err := newTLSCert() + if err != nil { + return streaming.Config{}, fmt.Errorf("failed to generate tls certificate for stream server: %w", err) + } + config.TLSConfig = &tls.Config{ + Certificates: []tls.Certificate{tlsCert}, + } + case withoutTLS: + default: + return streaming.Config{}, errors.New("invalid configuration for the stream listener") + } + return config, nil +} + +// newTLSCert returns a self CA signed tls.certificate. +// TODO (mikebrow): replace / rewrite this function to support using CA +// signing of the certificate. Requires a security plan for kubernetes regarding +// CRI connections / streaming, etc. For example, kubernetes could configure or +// require a CA service and pass a configuration down through CRI. +func newTLSCert() (tls.Certificate, error) { + fail := func(err error) (tls.Certificate, error) { return tls.Certificate{}, err } + + hostName, err := os.Hostname() + if err != nil { + return fail(fmt.Errorf("failed to get hostname: %w", err)) + } + + addrs, err := net.InterfaceAddrs() + if err != nil { + return fail(fmt.Errorf("failed to get host IP addresses: %w", err)) + } + + var alternateIPs []net.IP + var alternateDNS []string + for _, addr := range addrs { + var ip net.IP + + switch v := addr.(type) { + case *net.IPNet: + ip = v.IP + case *net.IPAddr: + ip = v.IP + default: + continue + } + + alternateIPs = append(alternateIPs, ip) + alternateDNS = append(alternateDNS, ip.String()) + } + + // Generate a self signed certificate key (CA is self) + certPem, keyPem, err := k8scert.GenerateSelfSignedCertKey(hostName, alternateIPs, alternateDNS) + if err != nil { + return fail(fmt.Errorf("certificate key could not be created: %w", err)) + } + + // Load the tls certificate + tlsCert, err := tls.X509KeyPair(certPem, keyPem) + if err != nil { + return fail(fmt.Errorf("certificate could not be loaded: %w", err)) + } + + return tlsCert, nil +} diff --git a/internal/cri/config/streaming_test.go b/internal/cri/config/streaming_test.go new file mode 100644 index 000000000000..cb86cc6f6385 --- /dev/null +++ b/internal/cri/config/streaming_test.go @@ -0,0 +1,130 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package config + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +func TestValidateStreamServer(t *testing.T) { + for _, test := range []struct { + desc string + config ServerConfig + tlsMode streamListenerMode + expectErr bool + }{ + { + desc: "should pass with default withoutTLS", + config: DefaultServerConfig(), + tlsMode: withoutTLS, + expectErr: false, + }, + { + desc: "should pass with x509KeyPairTLS", + config: ServerConfig{ + EnableTLSStreaming: true, + X509KeyPairStreaming: X509KeyPairStreaming{ + TLSKeyFile: "non-empty", + TLSCertFile: "non-empty", + }, + }, + tlsMode: x509KeyPairTLS, + expectErr: false, + }, + { + desc: "should pass with selfSign", + config: ServerConfig{ + EnableTLSStreaming: true, + }, + tlsMode: selfSignTLS, + expectErr: false, + }, + { + desc: "should return error with X509 keypair but not EnableTLSStreaming", + config: ServerConfig{ + EnableTLSStreaming: false, + X509KeyPairStreaming: X509KeyPairStreaming{ + TLSKeyFile: "non-empty", + TLSCertFile: "non-empty", + }, + }, + tlsMode: -1, + expectErr: true, + }, + { + desc: "should return error with X509 TLSCertFile empty", + config: ServerConfig{ + EnableTLSStreaming: true, + X509KeyPairStreaming: X509KeyPairStreaming{ + TLSKeyFile: "non-empty", + TLSCertFile: "", + }, + }, + tlsMode: -1, + expectErr: true, + }, + { + desc: "should return error with X509 TLSKeyFile empty", + config: ServerConfig{ + EnableTLSStreaming: true, + X509KeyPairStreaming: X509KeyPairStreaming{ + TLSKeyFile: "", + TLSCertFile: "non-empty", + }, + }, + tlsMode: -1, + expectErr: true, + }, + { + desc: "should return error without EnableTLSStreaming and only TLSCertFile set", + config: ServerConfig{ + EnableTLSStreaming: false, + X509KeyPairStreaming: X509KeyPairStreaming{ + TLSKeyFile: "", + TLSCertFile: "non-empty", + }, + }, + tlsMode: -1, + expectErr: true, + }, + { + desc: "should return error without EnableTLSStreaming and only TLSKeyFile set", + config: ServerConfig{ + EnableTLSStreaming: false, + X509KeyPairStreaming: X509KeyPairStreaming{ + TLSKeyFile: "non-empty", + TLSCertFile: "", + }, + }, + tlsMode: -1, + expectErr: true, + }, + } { + test := test + t.Run(test.desc, func(t *testing.T) { + tlsMode, err := getStreamListenerMode(&test.config) + if test.expectErr { + assert.Error(t, err) + return + } + assert.NoError(t, err) + assert.Equal(t, test.tlsMode, tlsMode) + }) + } +} diff --git a/pkg/cri/constants/constants.go b/internal/cri/constants/constants.go similarity index 100% rename from pkg/cri/constants/constants.go rename to internal/cri/constants/constants.go diff --git a/pkg/cri/instrument/instrumented_service.go b/internal/cri/instrument/instrumented_service.go similarity index 99% rename from pkg/cri/instrument/instrumented_service.go rename to internal/cri/instrument/instrumented_service.go index a030bc7f8168..97c9a617202c 100644 --- a/pkg/cri/instrument/instrumented_service.go +++ b/internal/cri/instrument/instrumented_service.go @@ -24,7 +24,7 @@ import ( "github.com/containerd/log" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - ctrdutil "github.com/containerd/containerd/v2/pkg/cri/util" + ctrdutil "github.com/containerd/containerd/v2/internal/cri/util" ) const ( diff --git a/pkg/cri/io/container_io.go b/internal/cri/io/container_io.go similarity index 99% rename from pkg/cri/io/container_io.go rename to internal/cri/io/container_io.go index 1b7152df0261..c916df55c341 100644 --- a/pkg/cri/io/container_io.go +++ b/internal/cri/io/container_io.go @@ -25,7 +25,7 @@ import ( "github.com/containerd/containerd/v2/pkg/cio" "github.com/containerd/log" - "github.com/containerd/containerd/v2/pkg/cri/util" + "github.com/containerd/containerd/v2/internal/cri/util" cioutil "github.com/containerd/containerd/v2/pkg/ioutil" ) diff --git a/pkg/cri/io/exec_io.go b/internal/cri/io/exec_io.go similarity index 100% rename from pkg/cri/io/exec_io.go rename to internal/cri/io/exec_io.go diff --git a/pkg/cri/io/helpers.go b/internal/cri/io/helpers.go similarity index 100% rename from pkg/cri/io/helpers.go rename to internal/cri/io/helpers.go diff --git a/pkg/cri/io/helpers_unix.go b/internal/cri/io/helpers_unix.go similarity index 100% rename from pkg/cri/io/helpers_unix.go rename to internal/cri/io/helpers_unix.go diff --git a/pkg/cri/io/helpers_windows.go b/internal/cri/io/helpers_windows.go similarity index 100% rename from pkg/cri/io/helpers_windows.go rename to internal/cri/io/helpers_windows.go diff --git a/pkg/cri/io/logger.go b/internal/cri/io/logger.go similarity index 100% rename from pkg/cri/io/logger.go rename to internal/cri/io/logger.go diff --git a/pkg/cri/io/logger_test.go b/internal/cri/io/logger_test.go similarity index 100% rename from pkg/cri/io/logger_test.go rename to internal/cri/io/logger_test.go diff --git a/pkg/cri/io/metrics.go b/internal/cri/io/metrics.go similarity index 100% rename from pkg/cri/io/metrics.go rename to internal/cri/io/metrics.go diff --git a/pkg/cri/labels/labels.go b/internal/cri/labels/labels.go similarity index 100% rename from pkg/cri/labels/labels.go rename to internal/cri/labels/labels.go diff --git a/pkg/cri/nri/nri_api.go b/internal/cri/nri/nri_api.go similarity index 82% rename from pkg/cri/nri/nri_api.go rename to internal/cri/nri/nri_api.go index 26df03cfdbbd..97ef52f37bec 100644 --- a/pkg/cri/nri/nri_api.go +++ b/internal/cri/nri/nri_api.go @@ -20,9 +20,9 @@ import ( "context" "time" - criconfig "github.com/containerd/containerd/v2/pkg/cri/config" - cstore "github.com/containerd/containerd/v2/pkg/cri/store/container" - sstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" + criconfig "github.com/containerd/containerd/v2/internal/cri/config" + cstore "github.com/containerd/containerd/v2/internal/cri/store/container" + sstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" cri "k8s.io/cri-api/pkg/apis/runtime/v1" ) diff --git a/pkg/cri/nri/nri_api_linux.go b/internal/cri/nri/nri_api_linux.go similarity index 98% rename from pkg/cri/nri/nri_api_linux.go rename to internal/cri/nri/nri_api_linux.go index e01aebe34440..5387415b7bc9 100644 --- a/pkg/cri/nri/nri_api_linux.go +++ b/internal/cri/nri/nri_api_linux.go @@ -23,12 +23,12 @@ import ( containerd "github.com/containerd/containerd/v2/client" "github.com/containerd/containerd/v2/core/containers" + "github.com/containerd/containerd/v2/internal/cri/annotations" + "github.com/containerd/containerd/v2/internal/cri/constants" + cstore "github.com/containerd/containerd/v2/internal/cri/store/container" + sstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" + ctrdutil "github.com/containerd/containerd/v2/internal/cri/util" "github.com/containerd/containerd/v2/pkg/blockio" - "github.com/containerd/containerd/v2/pkg/cri/annotations" - "github.com/containerd/containerd/v2/pkg/cri/constants" - cstore "github.com/containerd/containerd/v2/pkg/cri/store/container" - sstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" - ctrdutil "github.com/containerd/containerd/v2/pkg/cri/util" "github.com/containerd/errdefs" "github.com/containerd/log" "github.com/containerd/typeurl/v2" diff --git a/pkg/cri/nri/nri_api_other.go b/internal/cri/nri/nri_api_other.go similarity index 94% rename from pkg/cri/nri/nri_api_other.go rename to internal/cri/nri/nri_api_other.go index dc791527b1c6..33ae5891bcfa 100644 --- a/pkg/cri/nri/nri_api_other.go +++ b/internal/cri/nri/nri_api_other.go @@ -23,12 +23,12 @@ import ( containerd "github.com/containerd/containerd/v2/client" "github.com/containerd/containerd/v2/core/containers" - cstore "github.com/containerd/containerd/v2/pkg/cri/store/container" - sstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" + cstore "github.com/containerd/containerd/v2/internal/cri/store/container" + sstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" "github.com/opencontainers/runtime-spec/specs-go" cri "k8s.io/cri-api/pkg/apis/runtime/v1" - "github.com/containerd/containerd/v2/pkg/cri/constants" + "github.com/containerd/containerd/v2/internal/cri/constants" "github.com/containerd/containerd/v2/pkg/nri" "github.com/containerd/nri/pkg/api" diff --git a/pkg/cri/opts/container.go b/internal/cri/opts/container.go similarity index 100% rename from pkg/cri/opts/container.go rename to internal/cri/opts/container.go diff --git a/pkg/cri/opts/spec_darwin_opts.go b/internal/cri/opts/spec_darwin_opts.go similarity index 100% rename from pkg/cri/opts/spec_darwin_opts.go rename to internal/cri/opts/spec_darwin_opts.go diff --git a/pkg/cri/opts/spec_linux.go b/internal/cri/opts/spec_linux.go similarity index 100% rename from pkg/cri/opts/spec_linux.go rename to internal/cri/opts/spec_linux.go diff --git a/pkg/cri/opts/spec_linux_opts.go b/internal/cri/opts/spec_linux_opts.go similarity index 93% rename from pkg/cri/opts/spec_linux_opts.go rename to internal/cri/opts/spec_linux_opts.go index 806a35d1b64e..10325b3639b5 100644 --- a/pkg/cri/opts/spec_linux_opts.go +++ b/internal/cri/opts/spec_linux_opts.go @@ -38,8 +38,14 @@ import ( "github.com/containerd/log" ) +// RuntimeConfig is a subset of [github.com/containerd/containerd/v2/internal/cri/config]. +// Needed for avoiding circular imports. +type RuntimeConfig struct { + TreatRoMountsAsRro bool // only applies to volumes +} + // WithMounts sorts and adds runtime and CRI mounts to the spec -func WithMounts(osi osinterface.OS, config *runtime.ContainerConfig, extra []*runtime.Mount, mountLabel string) oci.SpecOpts { +func WithMounts(osi osinterface.OS, config *runtime.ContainerConfig, extra []*runtime.Mount, mountLabel string, rtConfig *RuntimeConfig) oci.SpecOpts { return func(ctx context.Context, client oci.Client, _ *containers.Container, s *runtimespec.Spec) (err error) { // mergeMounts merge CRI mounts with extra mounts. If a mount destination // is mounted by both a CRI mount and an extra mount, the CRI mount will @@ -67,6 +73,7 @@ func WithMounts(osi osinterface.OS, config *runtime.ContainerConfig, extra []*ru sort.Sort(orderedMounts(mounts)) // Mount cgroup into the container as readonly, which inherits docker's behavior. + // TreatRoMountsAsRro does not apply here, as /sys/fs/cgroup is not a volume. s.Mounts = append(s.Mounts, runtimespec.Mount{ Source: "cgroup", Destination: "/sys/fs/cgroup", @@ -148,10 +155,25 @@ func WithMounts(osi osinterface.OS, config *runtime.ContainerConfig, extra []*ru options = append(options, "rprivate") } + var srcIsDir bool + if srcSt, err := osi.Stat(src); err != nil { + if errors.Is(err, os.ErrNotExist) { // happens when osi is FakeOS + srcIsDir = true // assume src to be dir + } else { + return fmt.Errorf("failed to stat mount source %q: %w", src, err) + } + } else if srcSt != nil { // srcSt can be nil when osi is FakeOS + srcIsDir = srcSt.IsDir() + } + // NOTE(random-liu): we don't change all mounts to `ro` when root filesystem // is readonly. This is different from docker's behavior, but make more sense. if mount.GetReadonly() { - options = append(options, "ro") + if rtConfig != nil && rtConfig.TreatRoMountsAsRro && srcIsDir { + options = append(options, "rro") + } else { + options = append(options, "ro") + } } else { options = append(options, "rw") } diff --git a/pkg/cri/opts/spec_linux_test.go b/internal/cri/opts/spec_linux_test.go similarity index 100% rename from pkg/cri/opts/spec_linux_test.go rename to internal/cri/opts/spec_linux_test.go diff --git a/pkg/cri/opts/spec_nonlinux.go b/internal/cri/opts/spec_nonlinux.go similarity index 100% rename from pkg/cri/opts/spec_nonlinux.go rename to internal/cri/opts/spec_nonlinux.go diff --git a/pkg/cri/opts/spec_nonwindows.go b/internal/cri/opts/spec_nonwindows.go similarity index 100% rename from pkg/cri/opts/spec_nonwindows.go rename to internal/cri/opts/spec_nonwindows.go diff --git a/pkg/cri/opts/spec_opts.go b/internal/cri/opts/spec_opts.go similarity index 99% rename from pkg/cri/opts/spec_opts.go rename to internal/cri/opts/spec_opts.go index b3d61cec7e19..49dc70076f51 100644 --- a/pkg/cri/opts/spec_opts.go +++ b/internal/cri/opts/spec_opts.go @@ -30,7 +30,7 @@ import ( runtime "k8s.io/cri-api/pkg/apis/runtime/v1" "github.com/containerd/containerd/v2/core/containers" - "github.com/containerd/containerd/v2/pkg/cri/util" + "github.com/containerd/containerd/v2/internal/cri/util" "github.com/containerd/containerd/v2/pkg/oci" ) diff --git a/pkg/cri/opts/spec_opts_test.go b/internal/cri/opts/spec_opts_test.go similarity index 100% rename from pkg/cri/opts/spec_opts_test.go rename to internal/cri/opts/spec_opts_test.go diff --git a/pkg/cri/opts/spec_windows.go b/internal/cri/opts/spec_windows.go similarity index 100% rename from pkg/cri/opts/spec_windows.go rename to internal/cri/opts/spec_windows.go diff --git a/pkg/cri/opts/spec_windows_opts.go b/internal/cri/opts/spec_windows_opts.go similarity index 100% rename from pkg/cri/opts/spec_windows_opts.go rename to internal/cri/opts/spec_windows_opts.go diff --git a/pkg/cri/opts/spec_windows_test.go b/internal/cri/opts/spec_windows_test.go similarity index 100% rename from pkg/cri/opts/spec_windows_test.go rename to internal/cri/opts/spec_windows_test.go diff --git a/pkg/cri/server/blockio_linux.go b/internal/cri/server/blockio_linux.go similarity index 100% rename from pkg/cri/server/blockio_linux.go rename to internal/cri/server/blockio_linux.go diff --git a/pkg/cri/server/blockio_stub.go b/internal/cri/server/blockio_stub.go similarity index 100% rename from pkg/cri/server/blockio_stub.go rename to internal/cri/server/blockio_stub.go diff --git a/pkg/cri/server/cni_conf_syncer.go b/internal/cri/server/cni_conf_syncer.go similarity index 100% rename from pkg/cri/server/cni_conf_syncer.go rename to internal/cri/server/cni_conf_syncer.go diff --git a/pkg/cri/server/container_attach.go b/internal/cri/server/container_attach.go similarity index 97% rename from pkg/cri/server/container_attach.go rename to internal/cri/server/container_attach.go index 696653ebae6d..cd7bea720db3 100644 --- a/pkg/cri/server/container_attach.go +++ b/internal/cri/server/container_attach.go @@ -26,7 +26,7 @@ import ( "k8s.io/client-go/tools/remotecommand" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - cio "github.com/containerd/containerd/v2/pkg/cri/io" + cio "github.com/containerd/containerd/v2/internal/cri/io" ) // Attach prepares a streaming endpoint to attach to a running container, and returns the address. diff --git a/pkg/cri/server/container_checkpoint.go b/internal/cri/server/container_checkpoint.go similarity index 100% rename from pkg/cri/server/container_checkpoint.go rename to internal/cri/server/container_checkpoint.go diff --git a/pkg/cri/server/container_create.go b/internal/cri/server/container_create.go similarity index 98% rename from pkg/cri/server/container_create.go rename to internal/cri/server/container_create.go index 272096aafe0e..8f85fbf982ef 100644 --- a/pkg/cri/server/container_create.go +++ b/internal/cri/server/container_create.go @@ -36,14 +36,14 @@ import ( containerd "github.com/containerd/containerd/v2/client" "github.com/containerd/containerd/v2/core/containers" + "github.com/containerd/containerd/v2/internal/cri/annotations" + criconfig "github.com/containerd/containerd/v2/internal/cri/config" + cio "github.com/containerd/containerd/v2/internal/cri/io" + crilabels "github.com/containerd/containerd/v2/internal/cri/labels" + customopts "github.com/containerd/containerd/v2/internal/cri/opts" + containerstore "github.com/containerd/containerd/v2/internal/cri/store/container" + "github.com/containerd/containerd/v2/internal/cri/util" "github.com/containerd/containerd/v2/pkg/blockio" - "github.com/containerd/containerd/v2/pkg/cri/annotations" - criconfig "github.com/containerd/containerd/v2/pkg/cri/config" - cio "github.com/containerd/containerd/v2/pkg/cri/io" - crilabels "github.com/containerd/containerd/v2/pkg/cri/labels" - customopts "github.com/containerd/containerd/v2/pkg/cri/opts" - containerstore "github.com/containerd/containerd/v2/pkg/cri/store/container" - "github.com/containerd/containerd/v2/pkg/cri/util" "github.com/containerd/containerd/v2/pkg/oci" "github.com/containerd/platforms" ) @@ -394,9 +394,9 @@ func (c *criService) runtimeSpec(id string, platform platforms.Platform, baseSpe container := &containers.Container{ID: id} if baseSpecFile != "" { - baseSpec, ok := c.baseOCISpecs[baseSpecFile] - if !ok { - return nil, fmt.Errorf("can't find base OCI spec %q", baseSpecFile) + baseSpec, err := c.LoadOCISpec(baseSpecFile) + if err != nil { + return nil, fmt.Errorf("can't load base OCI spec %q: %w", baseSpecFile, err) } spec := oci.Spec{} @@ -683,7 +683,9 @@ func (c *criService) buildLinuxSpec( } }() - specOpts = append(specOpts, customopts.WithMounts(c.os, config, extraMounts, mountLabel)) + specOpts = append(specOpts, customopts.WithMounts(c.os, config, extraMounts, mountLabel, &customopts.RuntimeConfig{ + TreatRoMountsAsRro: ociRuntime.TreatRoMountsAsRroResolved, + })) if !c.config.DisableProcMount { // Change the default masked/readonly paths to empty slices diff --git a/pkg/cri/server/container_create_linux.go b/internal/cri/server/container_create_linux.go similarity index 99% rename from pkg/cri/server/container_create_linux.go rename to internal/cri/server/container_create_linux.go index aecd80527866..e2e69b6e162a 100644 --- a/pkg/cri/server/container_create_linux.go +++ b/internal/cri/server/container_create_linux.go @@ -33,7 +33,7 @@ import ( "github.com/containerd/containerd/v2/core/snapshots" "github.com/containerd/containerd/v2/pkg/oci" - customopts "github.com/containerd/containerd/v2/pkg/cri/opts" + customopts "github.com/containerd/containerd/v2/internal/cri/opts" ) const ( diff --git a/pkg/cri/server/container_create_linux_test.go b/internal/cri/server/container_create_linux_test.go similarity index 98% rename from pkg/cri/server/container_create_linux_test.go rename to internal/cri/server/container_create_linux_test.go index f106d327c58a..9968c5558bc9 100644 --- a/pkg/cri/server/container_create_linux_test.go +++ b/internal/cri/server/container_create_linux_test.go @@ -39,13 +39,13 @@ import ( runtime "k8s.io/cri-api/pkg/apis/runtime/v1" "tags.cncf.io/container-device-interface/pkg/cdi" + "github.com/containerd/containerd/v2/internal/cri/annotations" + "github.com/containerd/containerd/v2/internal/cri/config" + "github.com/containerd/containerd/v2/internal/cri/opts" + customopts "github.com/containerd/containerd/v2/internal/cri/opts" + "github.com/containerd/containerd/v2/internal/cri/util" + ctrdutil "github.com/containerd/containerd/v2/internal/cri/util" "github.com/containerd/containerd/v2/pkg/cap" - "github.com/containerd/containerd/v2/pkg/cri/annotations" - "github.com/containerd/containerd/v2/pkg/cri/config" - "github.com/containerd/containerd/v2/pkg/cri/opts" - customopts "github.com/containerd/containerd/v2/pkg/cri/opts" - "github.com/containerd/containerd/v2/pkg/cri/util" - ctrdutil "github.com/containerd/containerd/v2/pkg/cri/util" ostesting "github.com/containerd/containerd/v2/pkg/os/testing" ) @@ -597,7 +597,7 @@ func TestMountPropagation(t *testing.T) { var spec runtimespec.Spec spec.Linux = &runtimespec.Linux{} - err := opts.WithMounts(c.os, config, []*runtime.Mount{test.criMount}, "")(context.Background(), nil, nil, &spec) + err := opts.WithMounts(c.os, config, []*runtime.Mount{test.criMount}, "", nil)(context.Background(), nil, nil, &spec) if test.expectErr { require.Error(t, err) } else { @@ -1680,23 +1680,24 @@ func TestPrivilegedDevices(t *testing.T) { } func TestBaseOCISpec(t *testing.T) { - c := newTestCRIService() baseLimit := int64(100) - c.baseOCISpecs = map[string]*oci.Spec{ - "/etc/containerd/cri-base.json": { - Process: &runtimespec.Process{ - User: runtimespec.User{AdditionalGids: []uint32{9999}}, - Capabilities: &runtimespec.LinuxCapabilities{ - Permitted: []string{"CAP_SETUID"}, + c := newTestCRIService(withRuntimeService(&fakeRuntimeService{ + ocispecs: map[string]*oci.Spec{ + "/etc/containerd/cri-base.json": { + Process: &runtimespec.Process{ + User: runtimespec.User{AdditionalGids: []uint32{9999}}, + Capabilities: &runtimespec.LinuxCapabilities{ + Permitted: []string{"CAP_SETUID"}, + }, }, - }, - Linux: &runtimespec.Linux{ - Resources: &runtimespec.LinuxResources{ - Memory: &runtimespec.LinuxMemory{Limit: &baseLimit}, // Will be overwritten by `getCreateContainerTestData` + Linux: &runtimespec.Linux{ + Resources: &runtimespec.LinuxResources{ + Memory: &runtimespec.LinuxMemory{Limit: &baseLimit}, // Will be overwritten by `getCreateContainerTestData` + }, }, }, }, - } + })) ociRuntime := config.Runtime{} ociRuntime.BaseRuntimeSpec = "/etc/containerd/cri-base.json" diff --git a/pkg/cri/server/container_create_other.go b/internal/cri/server/container_create_other.go similarity index 100% rename from pkg/cri/server/container_create_other.go rename to internal/cri/server/container_create_other.go diff --git a/pkg/cri/server/container_create_other_test.go b/internal/cri/server/container_create_other_test.go similarity index 98% rename from pkg/cri/server/container_create_other_test.go rename to internal/cri/server/container_create_other_test.go index b801d912208c..4b3c6174404d 100644 --- a/pkg/cri/server/container_create_other_test.go +++ b/internal/cri/server/container_create_other_test.go @@ -26,7 +26,7 @@ import ( "github.com/stretchr/testify/assert" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - "github.com/containerd/containerd/v2/pkg/cri/annotations" + "github.com/containerd/containerd/v2/internal/cri/annotations" ) // checkMount is defined by all tests but not used here diff --git a/pkg/cri/server/container_create_test.go b/internal/cri/server/container_create_test.go similarity index 97% rename from pkg/cri/server/container_create_test.go rename to internal/cri/server/container_create_test.go index f0f93fcbbac4..b2b2c9678532 100644 --- a/pkg/cri/server/container_create_test.go +++ b/internal/cri/server/container_create_test.go @@ -33,9 +33,9 @@ import ( "github.com/stretchr/testify/require" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - "github.com/containerd/containerd/v2/pkg/cri/config" - "github.com/containerd/containerd/v2/pkg/cri/constants" - "github.com/containerd/containerd/v2/pkg/cri/opts" + "github.com/containerd/containerd/v2/internal/cri/config" + "github.com/containerd/containerd/v2/internal/cri/constants" + "github.com/containerd/containerd/v2/internal/cri/opts" "github.com/containerd/containerd/v2/pkg/oci" ) @@ -524,13 +524,14 @@ func TestContainerAnnotationPassthroughContainerSpec(t *testing.T) { } func TestBaseRuntimeSpec(t *testing.T) { - c := newTestCRIService() - c.baseOCISpecs = map[string]*oci.Spec{ - "/etc/containerd/cri-base.json": { - Version: "1.0.2", - Hostname: "old", + c := newTestCRIService(withRuntimeService(&fakeRuntimeService{ + ocispecs: map[string]*oci.Spec{ + "/etc/containerd/cri-base.json": { + Version: "1.0.2", + Hostname: "old", + }, }, - } + })) out, err := c.runtimeSpec( "id1", @@ -546,8 +547,10 @@ func TestBaseRuntimeSpec(t *testing.T) { assert.Equal(t, "new-domain", out.Domainname) // Make sure original base spec not changed - assert.NotEqual(t, out, c.baseOCISpecs["/etc/containerd/cri-base.json"]) - assert.Equal(t, c.baseOCISpecs["/etc/containerd/cri-base.json"].Hostname, "old") + spec, err := c.LoadOCISpec("/etc/containerd/cri-base.json") + assert.NoError(t, err) + assert.NotEqual(t, out, spec) + assert.Equal(t, spec.Hostname, "old") assert.Equal(t, filepath.Join("/", constants.K8sContainerdNamespace, "id1"), out.Linux.CgroupsPath) } diff --git a/pkg/cri/server/container_create_windows.go b/internal/cri/server/container_create_windows.go similarity index 100% rename from pkg/cri/server/container_create_windows.go rename to internal/cri/server/container_create_windows.go diff --git a/pkg/cri/server/container_create_windows_test.go b/internal/cri/server/container_create_windows_test.go similarity index 99% rename from pkg/cri/server/container_create_windows_test.go rename to internal/cri/server/container_create_windows_test.go index 9a5e11f5ded1..6a33c44eadc8 100644 --- a/pkg/cri/server/container_create_windows_test.go +++ b/internal/cri/server/container_create_windows_test.go @@ -26,8 +26,8 @@ import ( "github.com/stretchr/testify/assert" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - "github.com/containerd/containerd/v2/pkg/cri/annotations" - "github.com/containerd/containerd/v2/pkg/cri/config" + "github.com/containerd/containerd/v2/internal/cri/annotations" + "github.com/containerd/containerd/v2/internal/cri/config" ) func getSandboxConfig() *runtime.PodSandboxConfig { diff --git a/pkg/cri/server/container_events.go b/internal/cri/server/container_events.go similarity index 100% rename from pkg/cri/server/container_events.go rename to internal/cri/server/container_events.go diff --git a/pkg/cri/server/container_exec.go b/internal/cri/server/container_exec.go similarity index 100% rename from pkg/cri/server/container_exec.go rename to internal/cri/server/container_exec.go diff --git a/pkg/cri/server/container_execsync.go b/internal/cri/server/container_execsync.go similarity index 98% rename from pkg/cri/server/container_execsync.go rename to internal/cri/server/container_execsync.go index 53160e1d8d30..44197d4b2ba0 100644 --- a/pkg/cri/server/container_execsync.go +++ b/internal/cri/server/container_execsync.go @@ -32,8 +32,8 @@ import ( "k8s.io/client-go/tools/remotecommand" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - cio "github.com/containerd/containerd/v2/pkg/cri/io" - "github.com/containerd/containerd/v2/pkg/cri/util" + cio "github.com/containerd/containerd/v2/internal/cri/io" + "github.com/containerd/containerd/v2/internal/cri/util" cioutil "github.com/containerd/containerd/v2/pkg/ioutil" ) diff --git a/pkg/cri/server/container_execsync_test.go b/internal/cri/server/container_execsync_test.go similarity index 100% rename from pkg/cri/server/container_execsync_test.go rename to internal/cri/server/container_execsync_test.go diff --git a/pkg/cri/server/container_list.go b/internal/cri/server/container_list.go similarity index 97% rename from pkg/cri/server/container_list.go rename to internal/cri/server/container_list.go index eb8025cefe25..3552f92cf810 100644 --- a/pkg/cri/server/container_list.go +++ b/internal/cri/server/container_list.go @@ -22,7 +22,7 @@ import ( runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - containerstore "github.com/containerd/containerd/v2/pkg/cri/store/container" + containerstore "github.com/containerd/containerd/v2/internal/cri/store/container" ) // ListContainers lists all containers matching the filter. diff --git a/pkg/cri/server/container_list_test.go b/internal/cri/server/container_list_test.go similarity index 98% rename from pkg/cri/server/container_list_test.go rename to internal/cri/server/container_list_test.go index e618f4772666..6c197c54f7d1 100644 --- a/pkg/cri/server/container_list_test.go +++ b/internal/cri/server/container_list_test.go @@ -25,8 +25,8 @@ import ( "github.com/stretchr/testify/require" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - containerstore "github.com/containerd/containerd/v2/pkg/cri/store/container" - sandboxstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" + containerstore "github.com/containerd/containerd/v2/internal/cri/store/container" + sandboxstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" ) func TestToCRIContainer(t *testing.T) { diff --git a/pkg/cri/server/container_log_reopen.go b/internal/cri/server/container_log_reopen.go similarity index 100% rename from pkg/cri/server/container_log_reopen.go rename to internal/cri/server/container_log_reopen.go diff --git a/pkg/cri/server/container_remove.go b/internal/cri/server/container_remove.go similarity index 98% rename from pkg/cri/server/container_remove.go rename to internal/cri/server/container_remove.go index 1bf53f8ba619..c3e4d000e7b8 100644 --- a/pkg/cri/server/container_remove.go +++ b/internal/cri/server/container_remove.go @@ -23,7 +23,7 @@ import ( "time" containerd "github.com/containerd/containerd/v2/client" - containerstore "github.com/containerd/containerd/v2/pkg/cri/store/container" + containerstore "github.com/containerd/containerd/v2/internal/cri/store/container" "github.com/containerd/errdefs" "github.com/containerd/log" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" diff --git a/pkg/cri/server/container_remove_test.go b/internal/cri/server/container_remove_test.go similarity index 96% rename from pkg/cri/server/container_remove_test.go rename to internal/cri/server/container_remove_test.go index 6e6c99b341d9..bf6ea5f8bcdd 100644 --- a/pkg/cri/server/container_remove_test.go +++ b/internal/cri/server/container_remove_test.go @@ -22,7 +22,7 @@ import ( "github.com/stretchr/testify/assert" - containerstore "github.com/containerd/containerd/v2/pkg/cri/store/container" + containerstore "github.com/containerd/containerd/v2/internal/cri/store/container" ) // TestSetContainerRemoving tests setContainerRemoving sets removing diff --git a/pkg/cri/server/container_start.go b/internal/cri/server/container_start.go similarity index 96% rename from pkg/cri/server/container_start.go rename to internal/cri/server/container_start.go index 2a80d683ba3c..8207335a5858 100644 --- a/pkg/cri/server/container_start.go +++ b/internal/cri/server/container_start.go @@ -29,10 +29,10 @@ import ( "github.com/containerd/log" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - cio "github.com/containerd/containerd/v2/pkg/cri/io" - containerstore "github.com/containerd/containerd/v2/pkg/cri/store/container" - sandboxstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" - ctrdutil "github.com/containerd/containerd/v2/pkg/cri/util" + cio "github.com/containerd/containerd/v2/internal/cri/io" + containerstore "github.com/containerd/containerd/v2/internal/cri/store/container" + sandboxstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" + ctrdutil "github.com/containerd/containerd/v2/internal/cri/util" cioutil "github.com/containerd/containerd/v2/pkg/ioutil" ) diff --git a/pkg/cri/server/container_start_test.go b/internal/cri/server/container_start_test.go similarity index 97% rename from pkg/cri/server/container_start_test.go rename to internal/cri/server/container_start_test.go index ce3d56b8b47f..a2da3595e2e2 100644 --- a/pkg/cri/server/container_start_test.go +++ b/internal/cri/server/container_start_test.go @@ -22,7 +22,7 @@ import ( "github.com/stretchr/testify/assert" - containerstore "github.com/containerd/containerd/v2/pkg/cri/store/container" + containerstore "github.com/containerd/containerd/v2/internal/cri/store/container" ) // TestSetContainerStarting tests setContainerStarting sets removing diff --git a/pkg/cri/server/container_stats.go b/internal/cri/server/container_stats.go similarity index 100% rename from pkg/cri/server/container_stats.go rename to internal/cri/server/container_stats.go diff --git a/pkg/cri/server/container_stats_list.go b/internal/cri/server/container_stats_list.go similarity index 99% rename from pkg/cri/server/container_stats_list.go rename to internal/cri/server/container_stats_list.go index 363a51a082c9..4279c544aa3c 100644 --- a/pkg/cri/server/container_stats_list.go +++ b/internal/cri/server/container_stats_list.go @@ -32,8 +32,8 @@ import ( "github.com/containerd/containerd/v2/api/services/tasks/v1" "github.com/containerd/containerd/v2/api/types" - containerstore "github.com/containerd/containerd/v2/pkg/cri/store/container" - "github.com/containerd/containerd/v2/pkg/cri/store/stats" + containerstore "github.com/containerd/containerd/v2/internal/cri/store/container" + "github.com/containerd/containerd/v2/internal/cri/store/stats" "github.com/containerd/containerd/v2/protobuf" "github.com/containerd/errdefs" ) diff --git a/pkg/cri/server/container_stats_list_test.go b/internal/cri/server/container_stats_list_test.go similarity index 98% rename from pkg/cri/server/container_stats_list_test.go rename to internal/cri/server/container_stats_list_test.go index 90b66ae95c1f..5d042ce85e34 100644 --- a/pkg/cri/server/container_stats_list_test.go +++ b/internal/cri/server/container_stats_list_test.go @@ -26,8 +26,8 @@ import ( v1 "github.com/containerd/cgroups/v3/cgroup1/stats" v2 "github.com/containerd/cgroups/v3/cgroup2/stats" "github.com/containerd/containerd/v2/api/types" - containerstore "github.com/containerd/containerd/v2/pkg/cri/store/container" - sandboxstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" + containerstore "github.com/containerd/containerd/v2/internal/cri/store/container" + sandboxstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" "github.com/stretchr/testify/assert" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" ) diff --git a/pkg/cri/server/container_status.go b/internal/cri/server/container_status.go similarity index 97% rename from pkg/cri/server/container_status.go rename to internal/cri/server/container_status.go index 7100e12e138a..9091212eba27 100644 --- a/pkg/cri/server/container_status.go +++ b/internal/cri/server/container_status.go @@ -21,8 +21,8 @@ import ( "encoding/json" "fmt" - containerstore "github.com/containerd/containerd/v2/pkg/cri/store/container" - "github.com/containerd/containerd/v2/pkg/cri/util" + containerstore "github.com/containerd/containerd/v2/internal/cri/store/container" + "github.com/containerd/containerd/v2/internal/cri/util" "github.com/containerd/errdefs" runtimespec "github.com/opencontainers/runtime-spec/specs-go" diff --git a/pkg/cri/server/container_status_test.go b/internal/cri/server/container_status_test.go similarity index 96% rename from pkg/cri/server/container_status_test.go rename to internal/cri/server/container_status_test.go index d20d1f12a84e..284cf4e9925b 100644 --- a/pkg/cri/server/container_status_test.go +++ b/internal/cri/server/container_status_test.go @@ -22,13 +22,13 @@ import ( "testing" "time" - criconfig "github.com/containerd/containerd/v2/pkg/cri/config" - snapshotstore "github.com/containerd/containerd/v2/pkg/cri/store/snapshot" + criconfig "github.com/containerd/containerd/v2/internal/cri/config" + snapshotstore "github.com/containerd/containerd/v2/internal/cri/store/snapshot" "github.com/stretchr/testify/assert" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - containerstore "github.com/containerd/containerd/v2/pkg/cri/store/container" - imagestore "github.com/containerd/containerd/v2/pkg/cri/store/image" + containerstore "github.com/containerd/containerd/v2/internal/cri/store/container" + imagestore "github.com/containerd/containerd/v2/internal/cri/store/image" ) func getContainerStatusTestData() (*containerstore.Metadata, *containerstore.Status, diff --git a/pkg/cri/server/container_stop.go b/internal/cri/server/container_stop.go similarity index 98% rename from pkg/cri/server/container_stop.go rename to internal/cri/server/container_stop.go index 0c7047d72c2f..ea667e061216 100644 --- a/pkg/cri/server/container_stop.go +++ b/internal/cri/server/container_stop.go @@ -24,8 +24,8 @@ import ( "time" eventtypes "github.com/containerd/containerd/v2/api/events" - containerstore "github.com/containerd/containerd/v2/pkg/cri/store/container" - ctrdutil "github.com/containerd/containerd/v2/pkg/cri/util" + containerstore "github.com/containerd/containerd/v2/internal/cri/store/container" + ctrdutil "github.com/containerd/containerd/v2/internal/cri/util" "github.com/containerd/containerd/v2/protobuf" "github.com/containerd/errdefs" "github.com/containerd/log" diff --git a/pkg/cri/server/container_stop_test.go b/internal/cri/server/container_stop_test.go similarity index 96% rename from pkg/cri/server/container_stop_test.go rename to internal/cri/server/container_stop_test.go index 48df17e5892a..765940bafce0 100644 --- a/pkg/cri/server/container_stop_test.go +++ b/internal/cri/server/container_stop_test.go @@ -23,7 +23,7 @@ import ( "github.com/stretchr/testify/assert" - containerstore "github.com/containerd/containerd/v2/pkg/cri/store/container" + containerstore "github.com/containerd/containerd/v2/internal/cri/store/container" ) func TestWaitContainerStop(t *testing.T) { diff --git a/pkg/cri/server/container_update_resources.go b/internal/cri/server/container_update_resources.go similarity index 97% rename from pkg/cri/server/container_update_resources.go rename to internal/cri/server/container_update_resources.go index 605056d2b1f3..58366665ec9c 100644 --- a/pkg/cri/server/container_update_resources.go +++ b/internal/cri/server/container_update_resources.go @@ -32,8 +32,8 @@ import ( "github.com/containerd/errdefs" "github.com/containerd/log" - containerstore "github.com/containerd/containerd/v2/pkg/cri/store/container" - ctrdutil "github.com/containerd/containerd/v2/pkg/cri/util" + containerstore "github.com/containerd/containerd/v2/internal/cri/store/container" + ctrdutil "github.com/containerd/containerd/v2/internal/cri/util" ) // UpdateContainerResources updates ContainerConfig of the container. diff --git a/pkg/cri/server/container_update_resources_linux.go b/internal/cri/server/container_update_resources_linux.go similarity index 89% rename from pkg/cri/server/container_update_resources_linux.go rename to internal/cri/server/container_update_resources_linux.go index 2bf25f229569..c4ece123e32a 100644 --- a/pkg/cri/server/container_update_resources_linux.go +++ b/internal/cri/server/container_update_resources_linux.go @@ -23,9 +23,9 @@ import ( runtimespec "github.com/opencontainers/runtime-spec/specs-go" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - criconfig "github.com/containerd/containerd/v2/pkg/cri/config" - "github.com/containerd/containerd/v2/pkg/cri/opts" - "github.com/containerd/containerd/v2/pkg/cri/util" + criconfig "github.com/containerd/containerd/v2/internal/cri/config" + "github.com/containerd/containerd/v2/internal/cri/opts" + "github.com/containerd/containerd/v2/internal/cri/util" ) // updateOCIResource updates container resource limit. diff --git a/pkg/cri/server/container_update_resources_linux_test.go b/internal/cri/server/container_update_resources_linux_test.go similarity index 97% rename from pkg/cri/server/container_update_resources_linux_test.go rename to internal/cri/server/container_update_resources_linux_test.go index e81ef70be3ca..1e3132b17911 100644 --- a/pkg/cri/server/container_update_resources_linux_test.go +++ b/internal/cri/server/container_update_resources_linux_test.go @@ -25,8 +25,8 @@ import ( "google.golang.org/protobuf/proto" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - criconfig "github.com/containerd/containerd/v2/pkg/cri/config" - criopts "github.com/containerd/containerd/v2/pkg/cri/opts" + criconfig "github.com/containerd/containerd/v2/internal/cri/config" + criopts "github.com/containerd/containerd/v2/internal/cri/opts" ) func TestUpdateOCILinuxResource(t *testing.T) { @@ -239,7 +239,7 @@ func TestUpdateOCILinuxResource(t *testing.T) { test := test t.Run(test.desc, func(t *testing.T) { config := criconfig.Config{ - PluginConfig: criconfig.PluginConfig{ + RuntimeConfig: criconfig.RuntimeConfig{ TolerateMissingHugetlbController: true, DisableHugetlbController: false, }, diff --git a/pkg/cri/server/container_update_resources_other.go b/internal/cri/server/container_update_resources_other.go similarity index 94% rename from pkg/cri/server/container_update_resources_other.go rename to internal/cri/server/container_update_resources_other.go index b87f74735312..40c906352ff7 100644 --- a/pkg/cri/server/container_update_resources_other.go +++ b/internal/cri/server/container_update_resources_other.go @@ -24,7 +24,7 @@ import ( runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - containerstore "github.com/containerd/containerd/v2/pkg/cri/store/container" + containerstore "github.com/containerd/containerd/v2/internal/cri/store/container" ) // UpdateContainerResources updates ContainerConfig of the container. diff --git a/pkg/cri/server/container_update_resources_windows.go b/internal/cri/server/container_update_resources_windows.go similarity index 89% rename from pkg/cri/server/container_update_resources_windows.go rename to internal/cri/server/container_update_resources_windows.go index 8fd6f9fc3113..110e6e02cacc 100644 --- a/pkg/cri/server/container_update_resources_windows.go +++ b/internal/cri/server/container_update_resources_windows.go @@ -23,9 +23,9 @@ import ( runtimespec "github.com/opencontainers/runtime-spec/specs-go" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - criconfig "github.com/containerd/containerd/v2/pkg/cri/config" - "github.com/containerd/containerd/v2/pkg/cri/opts" - "github.com/containerd/containerd/v2/pkg/cri/util" + criconfig "github.com/containerd/containerd/v2/internal/cri/config" + "github.com/containerd/containerd/v2/internal/cri/opts" + "github.com/containerd/containerd/v2/internal/cri/util" ) // updateOCIResource updates container resource limit. diff --git a/pkg/cri/server/events.go b/internal/cri/server/events.go similarity index 98% rename from pkg/cri/server/events.go rename to internal/cri/server/events.go index 0b88da227dc0..c8fc067864cf 100644 --- a/pkg/cri/server/events.go +++ b/internal/cri/server/events.go @@ -31,11 +31,11 @@ import ( eventtypes "github.com/containerd/containerd/v2/api/events" apitasks "github.com/containerd/containerd/v2/api/services/tasks/v1" containerd "github.com/containerd/containerd/v2/client" + "github.com/containerd/containerd/v2/internal/cri/constants" + containerstore "github.com/containerd/containerd/v2/internal/cri/store/container" + sandboxstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" + ctrdutil "github.com/containerd/containerd/v2/internal/cri/util" containerdio "github.com/containerd/containerd/v2/pkg/cio" - "github.com/containerd/containerd/v2/pkg/cri/constants" - containerstore "github.com/containerd/containerd/v2/pkg/cri/store/container" - sandboxstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" - ctrdutil "github.com/containerd/containerd/v2/pkg/cri/util" "github.com/containerd/containerd/v2/pkg/events" "github.com/containerd/containerd/v2/protobuf" "github.com/containerd/errdefs" diff --git a/pkg/cri/server/events_test.go b/internal/cri/server/events_test.go similarity index 100% rename from pkg/cri/server/events_test.go rename to internal/cri/server/events_test.go diff --git a/pkg/cri/server/fuzz.go b/internal/cri/server/fuzz.go similarity index 92% rename from pkg/cri/server/fuzz.go rename to internal/cri/server/fuzz.go index d37d76088998..d217d0ec760a 100644 --- a/pkg/cri/server/fuzz.go +++ b/internal/cri/server/fuzz.go @@ -21,7 +21,7 @@ package server import ( "fmt" - "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" + "github.com/containerd/containerd/v2/internal/cri/store/sandbox" ) func SandboxStore(cs CRIService) (*sandbox.Store, error) { diff --git a/pkg/cri/server/helpers.go b/internal/cri/server/helpers.go similarity index 98% rename from pkg/cri/server/helpers.go rename to internal/cri/server/helpers.go index a5b1fe8e8cfc..d94360b7cd0a 100644 --- a/pkg/cri/server/helpers.go +++ b/internal/cri/server/helpers.go @@ -33,9 +33,9 @@ import ( containerd "github.com/containerd/containerd/v2/client" "github.com/containerd/containerd/v2/core/containers" - crilabels "github.com/containerd/containerd/v2/pkg/cri/labels" - containerstore "github.com/containerd/containerd/v2/pkg/cri/store/container" - imagestore "github.com/containerd/containerd/v2/pkg/cri/store/image" + crilabels "github.com/containerd/containerd/v2/internal/cri/labels" + containerstore "github.com/containerd/containerd/v2/internal/cri/store/container" + imagestore "github.com/containerd/containerd/v2/internal/cri/store/image" clabels "github.com/containerd/containerd/v2/pkg/labels" "github.com/containerd/errdefs" "github.com/containerd/log" diff --git a/pkg/cri/server/helpers_linux.go b/internal/cri/server/helpers_linux.go similarity index 100% rename from pkg/cri/server/helpers_linux.go rename to internal/cri/server/helpers_linux.go diff --git a/pkg/cri/server/helpers_other.go b/internal/cri/server/helpers_other.go similarity index 100% rename from pkg/cri/server/helpers_other.go rename to internal/cri/server/helpers_other.go diff --git a/pkg/cri/server/helpers_test.go b/internal/cri/server/helpers_test.go similarity index 98% rename from pkg/cri/server/helpers_test.go rename to internal/cri/server/helpers_test.go index 795af0327f49..d2c347837ca2 100644 --- a/pkg/cri/server/helpers_test.go +++ b/internal/cri/server/helpers_test.go @@ -28,9 +28,9 @@ import ( "github.com/containerd/containerd/v2/core/containers" runcoptions "github.com/containerd/containerd/v2/core/runtime/v2/runc/options" - criconfig "github.com/containerd/containerd/v2/pkg/cri/config" - crilabels "github.com/containerd/containerd/v2/pkg/cri/labels" - containerstore "github.com/containerd/containerd/v2/pkg/cri/store/container" + criconfig "github.com/containerd/containerd/v2/internal/cri/config" + crilabels "github.com/containerd/containerd/v2/internal/cri/labels" + containerstore "github.com/containerd/containerd/v2/internal/cri/store/container" "github.com/containerd/containerd/v2/pkg/oci" "github.com/containerd/containerd/v2/plugins" "github.com/containerd/containerd/v2/protobuf/types" diff --git a/pkg/cri/server/helpers_windows.go b/internal/cri/server/helpers_windows.go similarity index 100% rename from pkg/cri/server/helpers_windows.go rename to internal/cri/server/helpers_windows.go diff --git a/pkg/cri/server/helpers_windows_test.go b/internal/cri/server/helpers_windows_test.go similarity index 100% rename from pkg/cri/server/helpers_windows_test.go rename to internal/cri/server/helpers_windows_test.go diff --git a/pkg/cri/server/images/check.go b/internal/cri/server/images/check.go similarity index 100% rename from pkg/cri/server/images/check.go rename to internal/cri/server/images/check.go diff --git a/pkg/cri/server/images/image_list.go b/internal/cri/server/images/image_list.go similarity index 100% rename from pkg/cri/server/images/image_list.go rename to internal/cri/server/images/image_list.go diff --git a/pkg/cri/server/images/image_list_test.go b/internal/cri/server/images/image_list_test.go similarity index 97% rename from pkg/cri/server/images/image_list_test.go rename to internal/cri/server/images/image_list_test.go index 919851205c3b..fd046183f82b 100644 --- a/pkg/cri/server/images/image_list_test.go +++ b/internal/cri/server/images/image_list_test.go @@ -25,7 +25,7 @@ import ( "github.com/stretchr/testify/require" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - imagestore "github.com/containerd/containerd/v2/pkg/cri/store/image" + imagestore "github.com/containerd/containerd/v2/internal/cri/store/image" ) func TestListImages(t *testing.T) { diff --git a/pkg/cri/server/images/image_pull.go b/internal/cri/server/images/image_pull.go similarity index 99% rename from pkg/cri/server/images/image_pull.go rename to internal/cri/server/images/image_pull.go index 6355a161f723..a1df05c1b00d 100644 --- a/pkg/cri/server/images/image_pull.go +++ b/internal/cri/server/images/image_pull.go @@ -44,9 +44,9 @@ import ( containerdimages "github.com/containerd/containerd/v2/core/images" "github.com/containerd/containerd/v2/core/remotes/docker" "github.com/containerd/containerd/v2/core/remotes/docker/config" - "github.com/containerd/containerd/v2/pkg/cri/annotations" - criconfig "github.com/containerd/containerd/v2/pkg/cri/config" - crilabels "github.com/containerd/containerd/v2/pkg/cri/labels" + "github.com/containerd/containerd/v2/internal/cri/annotations" + criconfig "github.com/containerd/containerd/v2/internal/cri/config" + crilabels "github.com/containerd/containerd/v2/internal/cri/labels" snpkg "github.com/containerd/containerd/v2/pkg/snapshotters" "github.com/containerd/containerd/v2/pkg/tracing" "github.com/containerd/errdefs" diff --git a/pkg/cri/server/images/image_pull_test.go b/internal/cri/server/images/image_pull_test.go similarity index 98% rename from pkg/cri/server/images/image_pull_test.go rename to internal/cri/server/images/image_pull_test.go index a3994e689013..4ef6d7d79920 100644 --- a/pkg/cri/server/images/image_pull_test.go +++ b/internal/cri/server/images/image_pull_test.go @@ -26,9 +26,9 @@ import ( "github.com/stretchr/testify/assert" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - "github.com/containerd/containerd/v2/pkg/cri/annotations" - criconfig "github.com/containerd/containerd/v2/pkg/cri/config" - "github.com/containerd/containerd/v2/pkg/cri/labels" + "github.com/containerd/containerd/v2/internal/cri/annotations" + criconfig "github.com/containerd/containerd/v2/internal/cri/config" + "github.com/containerd/containerd/v2/internal/cri/labels" "github.com/containerd/platforms" ) diff --git a/pkg/cri/server/images/image_remove.go b/internal/cri/server/images/image_remove.go similarity index 100% rename from pkg/cri/server/images/image_remove.go rename to internal/cri/server/images/image_remove.go diff --git a/pkg/cri/server/images/image_status.go b/internal/cri/server/images/image_status.go similarity index 96% rename from pkg/cri/server/images/image_status.go rename to internal/cri/server/images/image_status.go index cc4f022dc1c5..1bb85549a8f3 100644 --- a/pkg/cri/server/images/image_status.go +++ b/internal/cri/server/images/image_status.go @@ -23,8 +23,8 @@ import ( "strconv" "strings" - imagestore "github.com/containerd/containerd/v2/pkg/cri/store/image" - "github.com/containerd/containerd/v2/pkg/cri/util" + imagestore "github.com/containerd/containerd/v2/internal/cri/store/image" + "github.com/containerd/containerd/v2/internal/cri/util" "github.com/containerd/containerd/v2/pkg/tracing" "github.com/containerd/errdefs" "github.com/containerd/log" diff --git a/pkg/cri/server/images/image_status_test.go b/internal/cri/server/images/image_status_test.go similarity index 96% rename from pkg/cri/server/images/image_status_test.go rename to internal/cri/server/images/image_status_test.go index cc38b2237889..e4405be787a5 100644 --- a/pkg/cri/server/images/image_status_test.go +++ b/internal/cri/server/images/image_status_test.go @@ -25,8 +25,8 @@ import ( "github.com/stretchr/testify/require" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - imagestore "github.com/containerd/containerd/v2/pkg/cri/store/image" - "github.com/containerd/containerd/v2/pkg/cri/util" + imagestore "github.com/containerd/containerd/v2/internal/cri/store/image" + "github.com/containerd/containerd/v2/internal/cri/util" ) func TestImageStatus(t *testing.T) { diff --git a/pkg/cri/server/images/imagefs_info.go b/internal/cri/server/images/imagefs_info.go similarity index 97% rename from pkg/cri/server/images/imagefs_info.go rename to internal/cri/server/images/imagefs_info.go index abb3c478752f..02809554689c 100644 --- a/pkg/cri/server/images/imagefs_info.go +++ b/internal/cri/server/images/imagefs_info.go @@ -20,7 +20,7 @@ import ( "context" "time" - "github.com/containerd/containerd/v2/pkg/cri/store/snapshot" + "github.com/containerd/containerd/v2/internal/cri/store/snapshot" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" ) diff --git a/pkg/cri/server/images/imagefs_info_test.go b/internal/cri/server/images/imagefs_info_test.go similarity index 96% rename from pkg/cri/server/images/imagefs_info_test.go rename to internal/cri/server/images/imagefs_info_test.go index e61edbfcfe99..edc3861f05ef 100644 --- a/pkg/cri/server/images/imagefs_info_test.go +++ b/internal/cri/server/images/imagefs_info_test.go @@ -25,7 +25,7 @@ import ( "github.com/stretchr/testify/require" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - snapshotstore "github.com/containerd/containerd/v2/pkg/cri/store/snapshot" + snapshotstore "github.com/containerd/containerd/v2/internal/cri/store/snapshot" ) func TestImageFsInfo(t *testing.T) { diff --git a/pkg/cri/server/images/metrics.go b/internal/cri/server/images/metrics.go similarity index 100% rename from pkg/cri/server/images/metrics.go rename to internal/cri/server/images/metrics.go diff --git a/pkg/cri/server/images/service.go b/internal/cri/server/images/service.go similarity index 96% rename from pkg/cri/server/images/service.go rename to internal/cri/server/images/service.go index a73f988b16f5..40d695cc6c13 100644 --- a/pkg/cri/server/images/service.go +++ b/internal/cri/server/images/service.go @@ -24,10 +24,10 @@ import ( "github.com/containerd/containerd/v2/core/content" "github.com/containerd/containerd/v2/core/images" "github.com/containerd/containerd/v2/core/snapshots" + criconfig "github.com/containerd/containerd/v2/internal/cri/config" + imagestore "github.com/containerd/containerd/v2/internal/cri/store/image" + snapshotstore "github.com/containerd/containerd/v2/internal/cri/store/snapshot" "github.com/containerd/containerd/v2/internal/kmutex" - criconfig "github.com/containerd/containerd/v2/pkg/cri/config" - imagestore "github.com/containerd/containerd/v2/pkg/cri/store/image" - snapshotstore "github.com/containerd/containerd/v2/pkg/cri/store/snapshot" "github.com/containerd/containerd/v2/pkg/events" "github.com/containerd/log" "github.com/containerd/platforms" diff --git a/pkg/cri/server/images/service_test.go b/internal/cri/server/images/service_test.go similarity index 94% rename from pkg/cri/server/images/service_test.go rename to internal/cri/server/images/service_test.go index 0e9272e6681b..edd93f5ce25a 100644 --- a/pkg/cri/server/images/service_test.go +++ b/internal/cri/server/images/service_test.go @@ -20,9 +20,9 @@ import ( "context" "testing" - criconfig "github.com/containerd/containerd/v2/pkg/cri/config" - imagestore "github.com/containerd/containerd/v2/pkg/cri/store/image" - snapshotstore "github.com/containerd/containerd/v2/pkg/cri/store/snapshot" + criconfig "github.com/containerd/containerd/v2/internal/cri/config" + imagestore "github.com/containerd/containerd/v2/internal/cri/store/image" + snapshotstore "github.com/containerd/containerd/v2/internal/cri/store/snapshot" "github.com/containerd/errdefs" "github.com/containerd/platforms" "github.com/stretchr/testify/assert" diff --git a/pkg/cri/server/images/snapshots.go b/internal/cri/server/images/snapshots.go similarity index 96% rename from pkg/cri/server/images/snapshots.go rename to internal/cri/server/images/snapshots.go index d8c98d69eae9..bd41e163d889 100644 --- a/pkg/cri/server/images/snapshots.go +++ b/internal/cri/server/images/snapshots.go @@ -22,8 +22,8 @@ import ( "time" snapshot "github.com/containerd/containerd/v2/core/snapshots" - snapshotstore "github.com/containerd/containerd/v2/pkg/cri/store/snapshot" - ctrdutil "github.com/containerd/containerd/v2/pkg/cri/util" + snapshotstore "github.com/containerd/containerd/v2/internal/cri/store/snapshot" + ctrdutil "github.com/containerd/containerd/v2/internal/cri/util" "github.com/containerd/errdefs" "github.com/containerd/log" ) diff --git a/pkg/cri/server/list_metric_descriptors.go b/internal/cri/server/list_metric_descriptors.go similarity index 100% rename from pkg/cri/server/list_metric_descriptors.go rename to internal/cri/server/list_metric_descriptors.go diff --git a/pkg/cri/server/list_pod_sandbox_metrics.go b/internal/cri/server/list_pod_sandbox_metrics.go similarity index 100% rename from pkg/cri/server/list_pod_sandbox_metrics.go rename to internal/cri/server/list_pod_sandbox_metrics.go diff --git a/pkg/cri/server/metrics.go b/internal/cri/server/metrics.go similarity index 100% rename from pkg/cri/server/metrics.go rename to internal/cri/server/metrics.go diff --git a/pkg/cri/server/nri.go b/internal/cri/server/nri.go similarity index 78% rename from pkg/cri/server/nri.go rename to internal/cri/server/nri.go index 58ac0798e90d..f9f769e5f94b 100644 --- a/pkg/cri/server/nri.go +++ b/internal/cri/server/nri.go @@ -17,10 +17,10 @@ package server import ( - criconfig "github.com/containerd/containerd/v2/pkg/cri/config" - crilabels "github.com/containerd/containerd/v2/pkg/cri/labels" - cstore "github.com/containerd/containerd/v2/pkg/cri/store/container" - sstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" + criconfig "github.com/containerd/containerd/v2/internal/cri/config" + crilabels "github.com/containerd/containerd/v2/internal/cri/labels" + cstore "github.com/containerd/containerd/v2/internal/cri/store/container" + sstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" ) type criImplementation struct { diff --git a/pkg/cri/server/nri_linux.go b/internal/cri/server/nri_linux.go similarity index 93% rename from pkg/cri/server/nri_linux.go rename to internal/cri/server/nri_linux.go index 6c33b01dbdf4..4f78f338041b 100644 --- a/pkg/cri/server/nri_linux.go +++ b/internal/cri/server/nri_linux.go @@ -22,7 +22,7 @@ import ( "context" "time" - cstore "github.com/containerd/containerd/v2/pkg/cri/store/container" + cstore "github.com/containerd/containerd/v2/internal/cri/store/container" cri "k8s.io/cri-api/pkg/apis/runtime/v1" ) diff --git a/pkg/cri/server/nri_other.go b/internal/cri/server/nri_other.go similarity index 93% rename from pkg/cri/server/nri_other.go rename to internal/cri/server/nri_other.go index 51c7d3ccba5e..f4e8dfe109fe 100644 --- a/pkg/cri/server/nri_other.go +++ b/internal/cri/server/nri_other.go @@ -22,7 +22,7 @@ import ( "context" "time" - cstore "github.com/containerd/containerd/v2/pkg/cri/store/container" + cstore "github.com/containerd/containerd/v2/internal/cri/store/container" cri "k8s.io/cri-api/pkg/apis/runtime/v1" ) diff --git a/pkg/cri/server/podsandbox/container_linux.go b/internal/cri/server/podsandbox/container_linux.go similarity index 100% rename from pkg/cri/server/podsandbox/container_linux.go rename to internal/cri/server/podsandbox/container_linux.go diff --git a/pkg/cri/server/podsandbox/controller.go b/internal/cri/server/podsandbox/controller.go similarity index 82% rename from pkg/cri/server/podsandbox/controller.go rename to internal/cri/server/podsandbox/controller.go index 6ab04411282c..bce542912036 100644 --- a/pkg/cri/server/podsandbox/controller.go +++ b/internal/cri/server/podsandbox/controller.go @@ -29,12 +29,11 @@ import ( eventtypes "github.com/containerd/containerd/v2/api/events" containerd "github.com/containerd/containerd/v2/client" "github.com/containerd/containerd/v2/core/sandbox" - criconfig "github.com/containerd/containerd/v2/pkg/cri/config" - "github.com/containerd/containerd/v2/pkg/cri/constants" - "github.com/containerd/containerd/v2/pkg/cri/server/base" - "github.com/containerd/containerd/v2/pkg/cri/server/podsandbox/types" - imagestore "github.com/containerd/containerd/v2/pkg/cri/store/image" - ctrdutil "github.com/containerd/containerd/v2/pkg/cri/util" + criconfig "github.com/containerd/containerd/v2/internal/cri/config" + "github.com/containerd/containerd/v2/internal/cri/constants" + "github.com/containerd/containerd/v2/internal/cri/server/podsandbox/types" + imagestore "github.com/containerd/containerd/v2/internal/cri/store/image" + ctrdutil "github.com/containerd/containerd/v2/internal/cri/util" "github.com/containerd/containerd/v2/pkg/oci" osinterface "github.com/containerd/containerd/v2/pkg/os" "github.com/containerd/containerd/v2/plugins" @@ -51,8 +50,7 @@ func init() { plugins.EventPlugin, plugins.LeasePlugin, plugins.SandboxStorePlugin, - plugins.InternalPlugin, - plugins.CRIImagePlugin, + plugins.CRIServicePlugin, plugins.ServicePlugin, }, InitFn: func(ic *plugin.InitContext) (interface{}, error) { @@ -66,26 +64,26 @@ func init() { return nil, fmt.Errorf("unable to init client for podsandbox: %w", err) } - // Get base CRI dependencies. - criBasePlugin, err := ic.GetByID(plugins.InternalPlugin, "cri") + // Get runtime service. + criRuntimePlugin, err := ic.GetByID(plugins.CRIServicePlugin, "runtime") if err != nil { - return nil, fmt.Errorf("unable to load CRI service base dependencies: %w", err) + return nil, fmt.Errorf("unable to load CRI runtime service plugin dependency: %w", err) } - criBase := criBasePlugin.(*base.CRIBase) + runtimeService := criRuntimePlugin.(RuntimeService) // Get image service. - criImagePlugin, err := ic.GetSingle(plugins.CRIImagePlugin) + criImagePlugin, err := ic.GetByID(plugins.CRIServicePlugin, "images") if err != nil { return nil, fmt.Errorf("unable to load CRI image service plugin dependency: %w", err) } c := Controller{ - client: client, - config: criBase.Config, - os: osinterface.RealOS{}, - baseOCISpecs: criBase.BaseOCISpecs, - imageService: criImagePlugin.(ImageService), - store: NewStore(), + client: client, + config: runtimeService.Config(), + os: osinterface.RealOS{}, + runtimeService: runtimeService, + imageService: criImagePlugin.(ImageService), + store: NewStore(), } return &c, nil }, @@ -99,6 +97,12 @@ type CRIService interface { BackOffEvent(id string, event interface{}) } +// RuntimeService specifies dependencies to CRI runtime service. +type RuntimeService interface { + Config() criconfig.Config + LoadOCISpec(string) (*oci.Spec, error) +} + // ImageService specifies dependencies to CRI image service. type ImageService interface { LocalResolve(refOrID string) (imagestore.Image, error) @@ -113,14 +117,14 @@ type Controller struct { config criconfig.Config // client is an instance of the containerd client client *containerd.Client + // runtimeService is a dependency to CRI runtime service. + runtimeService RuntimeService // imageService is a dependency to CRI image service. imageService ImageService // os is an interface for all required os operations. os osinterface.OS // cri is CRI service that provides missing gaps needed by controller. cri CRIService - // baseOCISpecs contains cached OCI specs loaded via `Runtime.BaseRuntimeSpec` - baseOCISpecs map[string]*oci.Spec store *Store } diff --git a/pkg/cri/server/podsandbox/controller_test.go b/internal/cri/server/podsandbox/controller_test.go similarity index 89% rename from pkg/cri/server/podsandbox/controller_test.go rename to internal/cri/server/podsandbox/controller_test.go index e71edf5809a5..fccc240735f5 100644 --- a/pkg/cri/server/podsandbox/controller_test.go +++ b/internal/cri/server/podsandbox/controller_test.go @@ -24,9 +24,9 @@ import ( "github.com/stretchr/testify/assert" containerd "github.com/containerd/containerd/v2/client" - criconfig "github.com/containerd/containerd/v2/pkg/cri/config" - "github.com/containerd/containerd/v2/pkg/cri/server/podsandbox/types" - sandboxstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" + criconfig "github.com/containerd/containerd/v2/internal/cri/config" + "github.com/containerd/containerd/v2/internal/cri/server/podsandbox/types" + sandboxstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" ostesting "github.com/containerd/containerd/v2/pkg/os/testing" ) @@ -38,7 +38,7 @@ const ( var testConfig = criconfig.Config{ RootDir: testRootDir, StateDir: testStateDir, - PluginConfig: criconfig.PluginConfig{ + RuntimeConfig: criconfig.RuntimeConfig{ TolerateMissingHugetlbController: true, }, } diff --git a/pkg/cri/server/podsandbox/helpers.go b/internal/cri/server/podsandbox/helpers.go similarity index 93% rename from pkg/cri/server/podsandbox/helpers.go rename to internal/cri/server/podsandbox/helpers.go index 3fa231181328..3a0c376b6e9c 100644 --- a/pkg/cri/server/podsandbox/helpers.go +++ b/internal/cri/server/podsandbox/helpers.go @@ -31,10 +31,10 @@ import ( containerd "github.com/containerd/containerd/v2/client" "github.com/containerd/containerd/v2/core/containers" - crilabels "github.com/containerd/containerd/v2/pkg/cri/labels" - imagestore "github.com/containerd/containerd/v2/pkg/cri/store/image" - sandboxstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" - ctrdutil "github.com/containerd/containerd/v2/pkg/cri/util" + crilabels "github.com/containerd/containerd/v2/internal/cri/labels" + imagestore "github.com/containerd/containerd/v2/internal/cri/store/image" + sandboxstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" + ctrdutil "github.com/containerd/containerd/v2/internal/cri/util" clabels "github.com/containerd/containerd/v2/pkg/labels" "github.com/containerd/containerd/v2/pkg/oci" ) @@ -159,9 +159,9 @@ func (c *Controller) runtimeSpec(id string, baseSpecFile string, opts ...oci.Spe container := &containers.Container{ID: id} if baseSpecFile != "" { - baseSpec, ok := c.baseOCISpecs[baseSpecFile] - if !ok { - return nil, fmt.Errorf("can't find base OCI spec %q", baseSpecFile) + baseSpec, err := c.runtimeService.LoadOCISpec(baseSpecFile) + if err != nil { + return nil, fmt.Errorf("can't load base OCI spec %q: %w", baseSpecFile, err) } spec := oci.Spec{} diff --git a/pkg/cri/server/podsandbox/helpers_linux.go b/internal/cri/server/podsandbox/helpers_linux.go similarity index 100% rename from pkg/cri/server/podsandbox/helpers_linux.go rename to internal/cri/server/podsandbox/helpers_linux.go diff --git a/pkg/cri/server/podsandbox/helpers_linux_test.go b/internal/cri/server/podsandbox/helpers_linux_test.go similarity index 100% rename from pkg/cri/server/podsandbox/helpers_linux_test.go rename to internal/cri/server/podsandbox/helpers_linux_test.go diff --git a/pkg/cri/server/podsandbox/helpers_other.go b/internal/cri/server/podsandbox/helpers_other.go similarity index 100% rename from pkg/cri/server/podsandbox/helpers_other.go rename to internal/cri/server/podsandbox/helpers_other.go diff --git a/pkg/cri/server/podsandbox/helpers_selinux_linux_test.go b/internal/cri/server/podsandbox/helpers_selinux_linux_test.go similarity index 100% rename from pkg/cri/server/podsandbox/helpers_selinux_linux_test.go rename to internal/cri/server/podsandbox/helpers_selinux_linux_test.go diff --git a/pkg/cri/server/podsandbox/helpers_test.go b/internal/cri/server/podsandbox/helpers_test.go similarity index 99% rename from pkg/cri/server/podsandbox/helpers_test.go rename to internal/cri/server/podsandbox/helpers_test.go index 5bff0cd5a482..af4112169e73 100644 --- a/pkg/cri/server/podsandbox/helpers_test.go +++ b/internal/cri/server/podsandbox/helpers_test.go @@ -22,7 +22,7 @@ import ( "strings" "testing" - crilabels "github.com/containerd/containerd/v2/pkg/cri/labels" + crilabels "github.com/containerd/containerd/v2/internal/cri/labels" "github.com/containerd/containerd/v2/pkg/oci" docker "github.com/distribution/reference" imagedigest "github.com/opencontainers/go-digest" diff --git a/pkg/cri/server/podsandbox/helpers_windows.go b/internal/cri/server/podsandbox/helpers_windows.go similarity index 100% rename from pkg/cri/server/podsandbox/helpers_windows.go rename to internal/cri/server/podsandbox/helpers_windows.go diff --git a/pkg/cri/server/podsandbox/opts.go b/internal/cri/server/podsandbox/opts.go similarity index 100% rename from pkg/cri/server/podsandbox/opts.go rename to internal/cri/server/podsandbox/opts.go diff --git a/pkg/cri/server/podsandbox/recover.go b/internal/cri/server/podsandbox/recover.go similarity index 91% rename from pkg/cri/server/podsandbox/recover.go rename to internal/cri/server/podsandbox/recover.go index 6ae3214c222c..1693c43c11ef 100644 --- a/pkg/cri/server/podsandbox/recover.go +++ b/internal/cri/server/podsandbox/recover.go @@ -27,9 +27,9 @@ import ( containerd "github.com/containerd/containerd/v2/client" sandbox2 "github.com/containerd/containerd/v2/core/sandbox" - "github.com/containerd/containerd/v2/pkg/cri/server/podsandbox/types" - sandboxstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" - ctrdutil "github.com/containerd/containerd/v2/pkg/cri/util" + "github.com/containerd/containerd/v2/internal/cri/server/podsandbox/types" + sandboxstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" + ctrdutil "github.com/containerd/containerd/v2/internal/cri/util" "github.com/containerd/containerd/v2/pkg/netns" "github.com/containerd/errdefs" ) @@ -96,13 +96,17 @@ func (c *Controller) RecoverContainer(ctx context.Context, cntr containerd.Conta status.State = sandboxstore.StateNotReady } else { if taskStatus.Status == containerd.Running { - status.State = sandboxstore.StateReady - status.Pid = t.Pid() exitCh, err := t.Wait(ctrdutil.NamespacedContext()) if err != nil { - return status, channel, fmt.Errorf("failed to wait for sandbox container task: %w", err) + if !errdefs.IsNotFound(err) { + return status, channel, fmt.Errorf("failed to wait for sandbox container task: %w", err) + } + status.State = sandboxstore.StateNotReady + } else { + status.State = sandboxstore.StateReady + status.Pid = t.Pid() + channel = exitCh } - channel = exitCh } else { // Task is not running. Delete the task and set sandbox state as NOTREADY. if _, err := t.Delete(ctx, containerd.WithProcessKill); err != nil && !errdefs.IsNotFound(err) { diff --git a/internal/cri/server/podsandbox/recover_test.go b/internal/cri/server/podsandbox/recover_test.go new file mode 100644 index 000000000000..e9979c40bf5b --- /dev/null +++ b/internal/cri/server/podsandbox/recover_test.go @@ -0,0 +1,420 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package podsandbox + +import ( + "context" + "errors" + "syscall" + "testing" + "time" + + "github.com/containerd/errdefs" + "github.com/containerd/typeurl/v2" + "github.com/opencontainers/runtime-spec/specs-go" + "github.com/stretchr/testify/assert" + + "github.com/containerd/containerd/v2/api/types" + containerd "github.com/containerd/containerd/v2/client" + "github.com/containerd/containerd/v2/core/containers" + criconfig "github.com/containerd/containerd/v2/internal/cri/config" + crilabels "github.com/containerd/containerd/v2/internal/cri/labels" + "github.com/containerd/containerd/v2/internal/cri/store/sandbox" + "github.com/containerd/containerd/v2/pkg/cio" + "github.com/containerd/containerd/v2/pkg/oci" +) + +type fakeContainer struct { + c containers.Container + t fakeTask + taskErr error +} + +type fakeTask struct { + id string + pid uint32 + status containerd.Status + statusErr error + waitErr error + deleteErr error + waitExitCh chan struct{} +} + +func (f *fakeTask) ID() string { + return f.id +} + +func (f *fakeTask) Pid() uint32 { + return f.pid +} + +func (f *fakeTask) Start(ctx context.Context) error { + return nil +} + +func (f *fakeTask) Delete(ctx context.Context, opts ...containerd.ProcessDeleteOpts) (*containerd.ExitStatus, error) { + if f.deleteErr != nil { + return nil, f.deleteErr + } + return containerd.NewExitStatus(f.status.ExitStatus, f.status.ExitTime, nil), nil +} + +func (f *fakeTask) Kill(ctx context.Context, signal syscall.Signal, opts ...containerd.KillOpts) error { + return errdefs.ErrNotImplemented +} + +func (f *fakeTask) Wait(ctx context.Context) (<-chan containerd.ExitStatus, error) { + if f.waitErr != nil { + return nil, f.waitErr + } + ch := make(chan containerd.ExitStatus, 1) + if f.waitExitCh != nil { + go func() { + <-f.waitExitCh + ch <- *containerd.NewExitStatus(f.status.ExitStatus, f.status.ExitTime, nil) + }() + } + + return ch, nil +} + +func (f *fakeTask) CloseIO(ctx context.Context, opts ...containerd.IOCloserOpts) error { + return errdefs.ErrNotImplemented +} + +func (f *fakeTask) Resize(ctx context.Context, w, h uint32) error { + return errdefs.ErrNotImplemented +} + +func (f *fakeTask) IO() cio.IO { + return nil +} + +func (f *fakeTask) Status(ctx context.Context) (containerd.Status, error) { + if f.statusErr != nil { + return containerd.Status{}, f.statusErr + } + return f.status, nil +} + +func (f *fakeTask) Pause(ctx context.Context) error { + return errdefs.ErrNotImplemented +} + +func (f *fakeTask) Resume(ctx context.Context) error { + return errdefs.ErrNotImplemented +} + +func (f *fakeTask) Exec(ctx context.Context, s string, process *specs.Process, creator cio.Creator) (containerd.Process, error) { + return nil, errdefs.ErrNotImplemented +} + +func (f *fakeTask) Pids(ctx context.Context) ([]containerd.ProcessInfo, error) { + return []containerd.ProcessInfo{}, errdefs.ErrNotImplemented +} + +func (f *fakeTask) Checkpoint(ctx context.Context, opts ...containerd.CheckpointTaskOpts) (containerd.Image, error) { + return nil, errdefs.ErrNotImplemented +} + +func (f *fakeTask) Update(ctx context.Context, opts ...containerd.UpdateTaskOpts) error { + return errdefs.ErrNotImplemented +} + +func (f *fakeTask) LoadProcess(ctx context.Context, s string, attach cio.Attach) (containerd.Process, error) { + return nil, errdefs.ErrNotImplemented +} + +func (f *fakeTask) Metrics(ctx context.Context) (*types.Metric, error) { + return nil, errdefs.ErrNotImplemented +} + +func (f *fakeTask) Spec(ctx context.Context) (*oci.Spec, error) { + return nil, errdefs.ErrNotImplemented +} + +func (f *fakeContainer) ID() string { + return f.c.ID +} + +func (f *fakeContainer) Info(ctx context.Context, opts ...containerd.InfoOpts) (containers.Container, error) { + return f.c, nil +} + +func (f *fakeContainer) Delete(ctx context.Context, opts ...containerd.DeleteOpts) error { + return nil +} + +func (f *fakeContainer) NewTask(ctx context.Context, creator cio.Creator, opts ...containerd.NewTaskOpts) (containerd.Task, error) { + return nil, errdefs.ErrNotImplemented +} + +func (f *fakeContainer) Spec(ctx context.Context) (*oci.Spec, error) { + return nil, errdefs.ErrNotImplemented +} + +func (f *fakeContainer) Task(ctx context.Context, attach cio.Attach) (containerd.Task, error) { + if f.taskErr != nil { + return nil, f.taskErr + } + return &f.t, nil +} + +func (f *fakeContainer) Image(ctx context.Context) (containerd.Image, error) { + return nil, errdefs.ErrNotImplemented +} + +func (f *fakeContainer) Labels(ctx context.Context) (map[string]string, error) { + return f.c.Labels, nil +} + +func (f *fakeContainer) SetLabels(ctx context.Context, m map[string]string) (map[string]string, error) { + return nil, errdefs.ErrNotImplemented +} + +func (f *fakeContainer) Extensions(ctx context.Context) (map[string]typeurl.Any, error) { + return f.c.Extensions, nil +} + +func (f *fakeContainer) Update(ctx context.Context, opts ...containerd.UpdateContainerOpts) error { + return errdefs.ErrNotImplemented +} + +func (f *fakeContainer) Checkpoint(ctx context.Context, s string, opts ...containerd.CheckpointOpts) (containerd.Image, error) { + return nil, errdefs.ErrNotImplemented +} + +func sandboxExtension(id string) map[string]typeurl.Any { + metadata := sandbox.Metadata{ + ID: id, + } + + ext, _ := typeurl.MarshalAny(&metadata) + return map[string]typeurl.Any{ + crilabels.SandboxMetadataExtension: ext, + } +} + +func TestRecoverContainer(t *testing.T) { + controller := &Controller{ + config: criconfig.Config{}, + store: NewStore(), + } + containers := []struct { + container fakeContainer + expectedState sandbox.State + expectedPid uint32 + expectedExitCode uint32 + }{ + // sandbox container with task status running, and wait returns exit after 100 millisecond + { + container: fakeContainer{ + c: containers.Container{ + ID: "sandbox_ready_container", + CreatedAt: time.Time{}, + UpdatedAt: time.Time{}, + Extensions: sandboxExtension("sandbox_ready_container"), + }, + t: fakeTask{ + id: "sandbox_ready_task", + pid: 233333, + status: containerd.Status{ + Status: containerd.Running, + ExitStatus: 128, + ExitTime: time.Time{}, + }, + statusErr: nil, + waitErr: nil, + waitExitCh: make(chan struct{}), + }, + }, + expectedState: sandbox.StateReady, + expectedPid: 233333, + expectedExitCode: 128, + }, + + // sandbox container with task status return error + { + container: fakeContainer{ + c: containers.Container{ + ID: "sandbox_task_error", + CreatedAt: time.Time{}, + UpdatedAt: time.Time{}, + Extensions: sandboxExtension("sandbox_task_error"), + }, + t: fakeTask{ + id: "task_status_error", + statusErr: errors.New("some unknown error"), + }, + }, + expectedState: sandbox.StateUnknown, + }, + + // sandbox container with task status return not found + { + container: fakeContainer{ + c: containers.Container{ + ID: "sandbox_task_status_not_found", + CreatedAt: time.Time{}, + UpdatedAt: time.Time{}, + Extensions: sandboxExtension("sandbox_task_status_not_found"), + }, + t: fakeTask{ + id: "task_status_not_found", + statusErr: errdefs.ErrNotFound, + }, + }, + expectedState: sandbox.StateNotReady, + }, + + // sandbox container with task not found + { + container: fakeContainer{ + c: containers.Container{ + ID: "sandbox_task_not_found", + CreatedAt: time.Time{}, + UpdatedAt: time.Time{}, + Extensions: sandboxExtension("sandbox_task_not_found"), + }, + taskErr: errdefs.ErrNotFound, + }, + expectedState: sandbox.StateNotReady, + }, + + // sandbox container with error when call Task() + { + container: fakeContainer{ + c: containers.Container{ + ID: "sandbox_task_error", + CreatedAt: time.Time{}, + UpdatedAt: time.Time{}, + Extensions: sandboxExtension("sandbox_task_error"), + }, + taskErr: errors.New("some unknown error"), + }, + expectedState: sandbox.StateUnknown, + }, + + // sandbox container with task wait error + { + container: fakeContainer{ + c: containers.Container{ + ID: "sandbox_task_wait_error", + CreatedAt: time.Time{}, + UpdatedAt: time.Time{}, + Extensions: sandboxExtension("sandbox_task_wait_error"), + }, + t: fakeTask{ + id: "task_wait_error", + pid: 10000, + status: containerd.Status{ + Status: containerd.Running, + }, + waitErr: errors.New("some unknown error"), + }, + }, + expectedState: sandbox.StateUnknown, + }, + + // sandbox container with task wait not found + { + container: fakeContainer{ + c: containers.Container{ + ID: "sandbox_task_wait_not_found", + CreatedAt: time.Time{}, + UpdatedAt: time.Time{}, + Extensions: sandboxExtension("sandbox_task_wait_not_found"), + }, + t: fakeTask{ + id: "task_wait_not_found", + pid: 10000, + status: containerd.Status{ + Status: containerd.Running, + }, + waitErr: errdefs.ErrNotFound, + }, + }, + expectedState: sandbox.StateNotReady, + }, + + // sandbox container with task delete error + { + container: fakeContainer{ + c: containers.Container{ + ID: "sandbox_task_delete_error", + CreatedAt: time.Time{}, + UpdatedAt: time.Time{}, + Extensions: sandboxExtension("sandbox_task_delete_error"), + }, + t: fakeTask{ + id: "task_delete_error", + status: containerd.Status{ + Status: containerd.Stopped, + ExitStatus: 128, + ExitTime: time.Time{}, + }, + deleteErr: errors.New("some unknown error"), + }, + }, + expectedState: sandbox.StateUnknown, + }, + + // sandbox container with task delete not found + { + container: fakeContainer{ + c: containers.Container{ + ID: "sandbox_task_delete_not_found", + CreatedAt: time.Time{}, + UpdatedAt: time.Time{}, + Extensions: sandboxExtension("sandbox_task_delete_not_found"), + }, + t: fakeTask{ + id: "task_delete_not_found", + status: containerd.Status{ + Status: containerd.Created, + ExitStatus: 128, + ExitTime: time.Time{}, + }, + deleteErr: errdefs.ErrNotFound, + }, + }, + expectedState: sandbox.StateNotReady, + }, + } + + for _, c := range containers { + cont := c.container + sb, err := controller.RecoverContainer(context.Background(), &cont) + assert.NoError(t, err) + + pSb := controller.store.Get(cont.ID()) + assert.NotNil(t, pSb) + assert.Equal(t, c.expectedState, pSb.State, "%s state is not expected", cont.ID()) + + if c.expectedExitCode > 0 { + cont.t.waitExitCh <- struct{}{} + exitStatus, _ := pSb.Wait(context.Background()) + assert.Equal(t, c.expectedExitCode, exitStatus.ExitCode(), "%s state is not expected", cont.ID()) + } + status := sb.Status.Get() + assert.Equal(t, c.expectedState, status.State, "%s sandbox state is not expected", cont.ID()) + if c.expectedPid > 0 { + assert.Equal(t, c.expectedPid, status.Pid, "%s sandbox pid is not expected", cont.ID()) + } + } + +} diff --git a/pkg/cri/server/podsandbox/sandbox_delete.go b/internal/cri/server/podsandbox/sandbox_delete.go similarity index 100% rename from pkg/cri/server/podsandbox/sandbox_delete.go rename to internal/cri/server/podsandbox/sandbox_delete.go diff --git a/pkg/cri/server/podsandbox/sandbox_run.go b/internal/cri/server/podsandbox/sandbox_run.go similarity index 95% rename from pkg/cri/server/podsandbox/sandbox_run.go rename to internal/cri/server/podsandbox/sandbox_run.go index c791ff7efd14..98b52d27e358 100644 --- a/pkg/cri/server/podsandbox/sandbox_run.go +++ b/internal/cri/server/podsandbox/sandbox_run.go @@ -32,14 +32,14 @@ import ( containerd "github.com/containerd/containerd/v2/client" "github.com/containerd/containerd/v2/core/sandbox" "github.com/containerd/containerd/v2/core/snapshots" + criconfig "github.com/containerd/containerd/v2/internal/cri/config" + crilabels "github.com/containerd/containerd/v2/internal/cri/labels" + customopts "github.com/containerd/containerd/v2/internal/cri/opts" + "github.com/containerd/containerd/v2/internal/cri/server/podsandbox/types" + imagestore "github.com/containerd/containerd/v2/internal/cri/store/image" + sandboxstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" + ctrdutil "github.com/containerd/containerd/v2/internal/cri/util" containerdio "github.com/containerd/containerd/v2/pkg/cio" - criconfig "github.com/containerd/containerd/v2/pkg/cri/config" - crilabels "github.com/containerd/containerd/v2/pkg/cri/labels" - customopts "github.com/containerd/containerd/v2/pkg/cri/opts" - "github.com/containerd/containerd/v2/pkg/cri/server/podsandbox/types" - imagestore "github.com/containerd/containerd/v2/pkg/cri/store/image" - sandboxstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" - ctrdutil "github.com/containerd/containerd/v2/pkg/cri/util" "github.com/containerd/errdefs" ) diff --git a/pkg/cri/server/podsandbox/sandbox_run_linux.go b/internal/cri/server/podsandbox/sandbox_run_linux.go similarity index 96% rename from pkg/cri/server/podsandbox/sandbox_run_linux.go rename to internal/cri/server/podsandbox/sandbox_run_linux.go index a21bab9b8b12..125756b3174f 100644 --- a/pkg/cri/server/podsandbox/sandbox_run_linux.go +++ b/internal/cri/server/podsandbox/sandbox_run_linux.go @@ -30,8 +30,8 @@ import ( runtime "k8s.io/cri-api/pkg/apis/runtime/v1" "github.com/containerd/containerd/v2/core/snapshots" - "github.com/containerd/containerd/v2/pkg/cri/annotations" - customopts "github.com/containerd/containerd/v2/pkg/cri/opts" + "github.com/containerd/containerd/v2/internal/cri/annotations" + customopts "github.com/containerd/containerd/v2/internal/cri/opts" "github.com/containerd/containerd/v2/pkg/userns" ) @@ -268,25 +268,21 @@ func (c *Controller) setupSandboxFiles(id string, config *runtime.PodSandboxConf } // Set DNS options. Maintain a resolv.conf for the sandbox. - var err error - resolvContent := "" + resolvPath := c.getResolvPath(id) + if dnsConfig := config.GetDnsConfig(); dnsConfig != nil { - resolvContent, err = parseDNSOptions(dnsConfig.Servers, dnsConfig.Searches, dnsConfig.Options) + resolvContent, err := parseDNSOptions(dnsConfig.Servers, dnsConfig.Searches, dnsConfig.Options) if err != nil { return fmt.Errorf("failed to parse sandbox DNSConfig %+v: %w", dnsConfig, err) } - } - resolvPath := c.getResolvPath(id) - if resolvContent == "" { - // copy host's resolv.conf to resolvPath - err = c.os.CopyFile(resolvConfPath, resolvPath, 0644) - if err != nil { - return fmt.Errorf("failed to copy host's resolv.conf to %q: %w", resolvPath, err) + if err := c.os.WriteFile(resolvPath, []byte(resolvContent), 0644); err != nil { + return fmt.Errorf("failed to write resolv content to %q: %w", resolvPath, err) } } else { - err = c.os.WriteFile(resolvPath, []byte(resolvContent), 0644) - if err != nil { - return fmt.Errorf("failed to write resolv content to %q: %w", resolvPath, err) + // The DnsConfig was nil - we interpret that to mean "use the global + // default", which is dubious but backwards-compatible. + if err := c.os.CopyFile(resolvConfPath, resolvPath, 0644); err != nil { + return fmt.Errorf("failed to copy host's resolv.conf to %q: %w", resolvPath, err) } } diff --git a/pkg/cri/server/podsandbox/sandbox_run_linux_test.go b/internal/cri/server/podsandbox/sandbox_run_linux_test.go similarity index 91% rename from pkg/cri/server/podsandbox/sandbox_run_linux_test.go rename to internal/cri/server/podsandbox/sandbox_run_linux_test.go index 335c210cb62c..2c480da9870e 100644 --- a/pkg/cri/server/podsandbox/sandbox_run_linux_test.go +++ b/internal/cri/server/podsandbox/sandbox_run_linux_test.go @@ -30,8 +30,8 @@ import ( runtime "k8s.io/cri-api/pkg/apis/runtime/v1" v1 "k8s.io/cri-api/pkg/apis/runtime/v1" - "github.com/containerd/containerd/v2/pkg/cri/annotations" - "github.com/containerd/containerd/v2/pkg/cri/opts" + "github.com/containerd/containerd/v2/internal/cri/annotations" + "github.com/containerd/containerd/v2/internal/cri/opts" ostesting "github.com/containerd/containerd/v2/pkg/os/testing" ) @@ -511,6 +511,82 @@ options timeout:1 }, }, }, + { + desc: "should create empty /etc/resolv.conf if DNSOptions is empty", + dnsConfig: &runtime.DNSConfig{}, + ipcMode: runtime.NamespaceMode_NODE, + expectedCalls: []ostesting.CalledDetail{ + { + Name: "Hostname", + }, + { + Name: "WriteFile", + Arguments: []interface{}{ + filepath.Join(testRootDir, sandboxesDir, testID, "hostname"), + []byte(realhostname + "\n"), + os.FileMode(0644), + }, + }, + { + Name: "CopyFile", + Arguments: []interface{}{ + "/etc/hosts", + filepath.Join(testRootDir, sandboxesDir, testID, "hosts"), + os.FileMode(0644), + }, + }, + { + Name: "WriteFile", + Arguments: []interface{}{ + filepath.Join(testRootDir, sandboxesDir, testID, "resolv.conf"), + []byte{}, + os.FileMode(0644), + }, + }, + { + Name: "Stat", + Arguments: []interface{}{"/dev/shm"}, + }, + }, + }, + { + desc: "should copy host /etc/resolv.conf if DNSOptions is not set", + dnsConfig: nil, + ipcMode: runtime.NamespaceMode_NODE, + expectedCalls: []ostesting.CalledDetail{ + { + Name: "Hostname", + }, + { + Name: "WriteFile", + Arguments: []interface{}{ + filepath.Join(testRootDir, sandboxesDir, testID, "hostname"), + []byte(realhostname + "\n"), + os.FileMode(0644), + }, + }, + { + Name: "CopyFile", + Arguments: []interface{}{ + "/etc/hosts", + filepath.Join(testRootDir, sandboxesDir, testID, "hosts"), + os.FileMode(0644), + }, + }, + { + Name: "CopyFile", + Arguments: []interface{}{ + filepath.Join("/etc/resolv.conf"), + filepath.Join(testRootDir, sandboxesDir, testID, "resolv.conf"), + os.FileMode(0644), + }, + }, + { + Name: "Stat", + Arguments: []interface{}{"/dev/shm"}, + }, + }, + }, { desc: "should create sandbox shm when ipc namespace mode is not NODE", ipcMode: runtime.NamespaceMode_POD, diff --git a/pkg/cri/server/podsandbox/sandbox_run_other.go b/internal/cri/server/podsandbox/sandbox_run_other.go similarity index 97% rename from pkg/cri/server/podsandbox/sandbox_run_other.go rename to internal/cri/server/podsandbox/sandbox_run_other.go index e3799b9340bc..9aef21b8bfc6 100644 --- a/pkg/cri/server/podsandbox/sandbox_run_other.go +++ b/internal/cri/server/podsandbox/sandbox_run_other.go @@ -20,7 +20,7 @@ package podsandbox import ( "github.com/containerd/containerd/v2/core/snapshots" - "github.com/containerd/containerd/v2/pkg/cri/annotations" + "github.com/containerd/containerd/v2/internal/cri/annotations" "github.com/containerd/containerd/v2/pkg/oci" imagespec "github.com/opencontainers/image-spec/specs-go/v1" runtimespec "github.com/opencontainers/runtime-spec/specs-go" diff --git a/pkg/cri/server/podsandbox/sandbox_run_other_test.go b/internal/cri/server/podsandbox/sandbox_run_other_test.go similarity index 100% rename from pkg/cri/server/podsandbox/sandbox_run_other_test.go rename to internal/cri/server/podsandbox/sandbox_run_other_test.go diff --git a/pkg/cri/server/podsandbox/sandbox_run_test.go b/internal/cri/server/podsandbox/sandbox_run_test.go similarity index 98% rename from pkg/cri/server/podsandbox/sandbox_run_test.go rename to internal/cri/server/podsandbox/sandbox_run_test.go index 5399fe1e04c7..f74a24dc33fb 100644 --- a/pkg/cri/server/podsandbox/sandbox_run_test.go +++ b/internal/cri/server/podsandbox/sandbox_run_test.go @@ -26,7 +26,7 @@ import ( "github.com/stretchr/testify/assert" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - sandboxstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" + sandboxstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" ) func TestSandboxContainerSpec(t *testing.T) { diff --git a/pkg/cri/server/podsandbox/sandbox_run_windows.go b/internal/cri/server/podsandbox/sandbox_run_windows.go similarity index 96% rename from pkg/cri/server/podsandbox/sandbox_run_windows.go rename to internal/cri/server/podsandbox/sandbox_run_windows.go index e34aa63a4707..cf8cad493ee1 100644 --- a/pkg/cri/server/podsandbox/sandbox_run_windows.go +++ b/internal/cri/server/podsandbox/sandbox_run_windows.go @@ -26,8 +26,8 @@ import ( runtime "k8s.io/cri-api/pkg/apis/runtime/v1" "github.com/containerd/containerd/v2/core/snapshots" - "github.com/containerd/containerd/v2/pkg/cri/annotations" - customopts "github.com/containerd/containerd/v2/pkg/cri/opts" + "github.com/containerd/containerd/v2/internal/cri/annotations" + customopts "github.com/containerd/containerd/v2/internal/cri/opts" ) func (c *Controller) sandboxContainerSpec(id string, config *runtime.PodSandboxConfig, diff --git a/pkg/cri/server/podsandbox/sandbox_run_windows_test.go b/internal/cri/server/podsandbox/sandbox_run_windows_test.go similarity index 97% rename from pkg/cri/server/podsandbox/sandbox_run_windows_test.go rename to internal/cri/server/podsandbox/sandbox_run_windows_test.go index 6d13385f1c24..d31ec68355e9 100644 --- a/pkg/cri/server/podsandbox/sandbox_run_windows_test.go +++ b/internal/cri/server/podsandbox/sandbox_run_windows_test.go @@ -24,8 +24,8 @@ import ( "github.com/stretchr/testify/assert" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - "github.com/containerd/containerd/v2/pkg/cri/annotations" - "github.com/containerd/containerd/v2/pkg/cri/opts" + "github.com/containerd/containerd/v2/internal/cri/annotations" + "github.com/containerd/containerd/v2/internal/cri/opts" ) func getRunPodSandboxTestData() (*runtime.PodSandboxConfig, *imagespec.ImageConfig, func(*testing.T, string, *runtimespec.Spec)) { diff --git a/pkg/cri/server/podsandbox/sandbox_stats.go b/internal/cri/server/podsandbox/sandbox_stats.go similarity index 100% rename from pkg/cri/server/podsandbox/sandbox_stats.go rename to internal/cri/server/podsandbox/sandbox_stats.go diff --git a/pkg/cri/server/podsandbox/sandbox_status.go b/internal/cri/server/podsandbox/sandbox_status.go similarity index 96% rename from pkg/cri/server/podsandbox/sandbox_status.go rename to internal/cri/server/podsandbox/sandbox_status.go index d75b376f54d5..e6925b3dc542 100644 --- a/pkg/cri/server/podsandbox/sandbox_status.go +++ b/internal/cri/server/podsandbox/sandbox_status.go @@ -26,8 +26,8 @@ import ( containerd "github.com/containerd/containerd/v2/client" "github.com/containerd/containerd/v2/core/containers" "github.com/containerd/containerd/v2/core/sandbox" - "github.com/containerd/containerd/v2/pkg/cri/server/base" - "github.com/containerd/containerd/v2/pkg/cri/server/podsandbox/types" + "github.com/containerd/containerd/v2/internal/cri/server/podsandbox/types" + critypes "github.com/containerd/containerd/v2/internal/cri/types" "github.com/containerd/errdefs" ) @@ -63,7 +63,7 @@ func (c *Controller) Status(ctx context.Context, sandboxID string, verbose bool) // toCRISandboxInfo converts internal container object information to CRI sandbox status response info map. func toCRISandboxInfo(ctx context.Context, sb *types.PodSandbox) (map[string]string, error) { - si := &base.SandboxInfo{ + si := &critypes.SandboxInfo{ Pid: sb.Pid, Config: sb.Metadata.Config, RuntimeHandler: sb.Metadata.RuntimeHandler, diff --git a/pkg/cri/server/podsandbox/sandbox_stop.go b/internal/cri/server/podsandbox/sandbox_stop.go similarity index 95% rename from pkg/cri/server/podsandbox/sandbox_stop.go rename to internal/cri/server/podsandbox/sandbox_stop.go index d0c30580fd83..b625621f5e6c 100644 --- a/pkg/cri/server/podsandbox/sandbox_stop.go +++ b/internal/cri/server/podsandbox/sandbox_stop.go @@ -27,9 +27,9 @@ import ( eventtypes "github.com/containerd/containerd/v2/api/events" containerd "github.com/containerd/containerd/v2/client" "github.com/containerd/containerd/v2/core/sandbox" - "github.com/containerd/containerd/v2/pkg/cri/server/podsandbox/types" - sandboxstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" - ctrdutil "github.com/containerd/containerd/v2/pkg/cri/util" + "github.com/containerd/containerd/v2/internal/cri/server/podsandbox/types" + sandboxstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" + ctrdutil "github.com/containerd/containerd/v2/internal/cri/util" "github.com/containerd/containerd/v2/protobuf" "github.com/containerd/errdefs" ) diff --git a/pkg/cri/server/podsandbox/store.go b/internal/cri/server/podsandbox/store.go similarity index 93% rename from pkg/cri/server/podsandbox/store.go rename to internal/cri/server/podsandbox/store.go index 31248f1e1e5e..c04d9228c5a3 100644 --- a/pkg/cri/server/podsandbox/store.go +++ b/internal/cri/server/podsandbox/store.go @@ -20,7 +20,7 @@ import ( "fmt" "sync" - "github.com/containerd/containerd/v2/pkg/cri/server/podsandbox/types" + "github.com/containerd/containerd/v2/internal/cri/server/podsandbox/types" ) type Store struct { diff --git a/pkg/cri/server/podsandbox/types/podsandbox.go b/internal/cri/server/podsandbox/types/podsandbox.go similarity index 93% rename from pkg/cri/server/podsandbox/types/podsandbox.go rename to internal/cri/server/podsandbox/types/podsandbox.go index 321d845a788f..5dd08e5bb7ba 100644 --- a/pkg/cri/server/podsandbox/types/podsandbox.go +++ b/internal/cri/server/podsandbox/types/podsandbox.go @@ -23,8 +23,8 @@ import ( containerd "github.com/containerd/containerd/v2/client" "github.com/containerd/containerd/v2/core/sandbox" - "github.com/containerd/containerd/v2/pkg/cri/store" - sandboxstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" + "github.com/containerd/containerd/v2/internal/cri/store" + sandboxstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" ) type PodSandbox struct { diff --git a/pkg/cri/server/rdt.go b/internal/cri/server/rdt.go similarity index 100% rename from pkg/cri/server/rdt.go rename to internal/cri/server/rdt.go diff --git a/pkg/cri/server/rdt_stub.go b/internal/cri/server/rdt_stub.go similarity index 100% rename from pkg/cri/server/rdt_stub.go rename to internal/cri/server/rdt_stub.go diff --git a/pkg/cri/server/restart.go b/internal/cri/server/restart.go similarity index 97% rename from pkg/cri/server/restart.go rename to internal/cri/server/restart.go index a6353bc9c865..63b87b37c17e 100644 --- a/pkg/cri/server/restart.go +++ b/internal/cri/server/restart.go @@ -24,10 +24,10 @@ import ( "time" containerd "github.com/containerd/containerd/v2/client" + criconfig "github.com/containerd/containerd/v2/internal/cri/config" + crilabels "github.com/containerd/containerd/v2/internal/cri/labels" + "github.com/containerd/containerd/v2/internal/cri/server/podsandbox" containerdio "github.com/containerd/containerd/v2/pkg/cio" - criconfig "github.com/containerd/containerd/v2/pkg/cri/config" - crilabels "github.com/containerd/containerd/v2/pkg/cri/labels" - "github.com/containerd/containerd/v2/pkg/cri/server/podsandbox" "github.com/containerd/containerd/v2/pkg/netns" "github.com/containerd/errdefs" "github.com/containerd/log" @@ -35,10 +35,10 @@ import ( "golang.org/x/sync/errgroup" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - cio "github.com/containerd/containerd/v2/pkg/cri/io" - containerstore "github.com/containerd/containerd/v2/pkg/cri/store/container" - sandboxstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" - ctrdutil "github.com/containerd/containerd/v2/pkg/cri/util" + cio "github.com/containerd/containerd/v2/internal/cri/io" + containerstore "github.com/containerd/containerd/v2/internal/cri/store/container" + sandboxstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" + ctrdutil "github.com/containerd/containerd/v2/internal/cri/util" ) // NOTE: The recovery logic has following assumption: when the cri plugin is down: diff --git a/pkg/cri/server/runtime_config.go b/internal/cri/server/runtime_config.go similarity index 100% rename from pkg/cri/server/runtime_config.go rename to internal/cri/server/runtime_config.go diff --git a/pkg/cri/server/runtime_config_linux.go b/internal/cri/server/runtime_config_linux.go similarity index 97% rename from pkg/cri/server/runtime_config_linux.go rename to internal/cri/server/runtime_config_linux.go index 2768620eae0d..f2cce470cccb 100644 --- a/pkg/cri/server/runtime_config_linux.go +++ b/internal/cri/server/runtime_config_linux.go @@ -21,7 +21,7 @@ import ( "sort" runcoptions "github.com/containerd/containerd/v2/core/runtime/v2/runc/options" - criconfig "github.com/containerd/containerd/v2/pkg/cri/config" + criconfig "github.com/containerd/containerd/v2/internal/cri/config" "github.com/containerd/containerd/v2/pkg/systemd" "github.com/containerd/log" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" diff --git a/pkg/cri/server/runtime_config_linux_test.go b/internal/cri/server/runtime_config_linux_test.go similarity index 93% rename from pkg/cri/server/runtime_config_linux_test.go rename to internal/cri/server/runtime_config_linux_test.go index 63768081cf35..e42547974105 100644 --- a/pkg/cri/server/runtime_config_linux_test.go +++ b/internal/cri/server/runtime_config_linux_test.go @@ -20,7 +20,7 @@ import ( "context" "testing" - criconfig "github.com/containerd/containerd/v2/pkg/cri/config" + criconfig "github.com/containerd/containerd/v2/internal/cri/config" "github.com/containerd/containerd/v2/pkg/systemd" "github.com/containerd/containerd/v2/plugins" "github.com/stretchr/testify/assert" @@ -94,8 +94,8 @@ func TestRuntimeConfig(t *testing.T) { test := test t.Run(test.desc, func(t *testing.T) { c := newTestCRIService() - c.config.PluginConfig.ContainerdConfig.DefaultRuntimeName = test.defaultRuntime - c.config.PluginConfig.ContainerdConfig.Runtimes = test.runtimes + c.config.RuntimeConfig.ContainerdConfig.DefaultRuntimeName = test.defaultRuntime + c.config.RuntimeConfig.ContainerdConfig.Runtimes = test.runtimes resp, err := c.RuntimeConfig(context.TODO(), &runtime.RuntimeConfigRequest{}) assert.NoError(t, err) diff --git a/pkg/cri/server/runtime_config_other.go b/internal/cri/server/runtime_config_other.go similarity index 100% rename from pkg/cri/server/runtime_config_other.go rename to internal/cri/server/runtime_config_other.go diff --git a/pkg/cri/server/sandbox_list.go b/internal/cri/server/sandbox_list.go similarity index 97% rename from pkg/cri/server/sandbox_list.go rename to internal/cri/server/sandbox_list.go index 890112c2e673..f8eb4c54c04e 100644 --- a/pkg/cri/server/sandbox_list.go +++ b/internal/cri/server/sandbox_list.go @@ -22,7 +22,7 @@ import ( runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - sandboxstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" + sandboxstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" ) // ListPodSandbox returns a list of Sandbox. diff --git a/pkg/cri/server/sandbox_list_test.go b/internal/cri/server/sandbox_list_test.go similarity index 98% rename from pkg/cri/server/sandbox_list_test.go rename to internal/cri/server/sandbox_list_test.go index b4fa895e5a61..a4e9c6cfbc83 100644 --- a/pkg/cri/server/sandbox_list_test.go +++ b/internal/cri/server/sandbox_list_test.go @@ -23,7 +23,7 @@ import ( "github.com/stretchr/testify/assert" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - sandboxstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" + sandboxstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" ) func TestToCRISandbox(t *testing.T) { diff --git a/pkg/cri/server/sandbox_portforward.go b/internal/cri/server/sandbox_portforward.go similarity index 94% rename from pkg/cri/server/sandbox_portforward.go rename to internal/cri/server/sandbox_portforward.go index e4595cdc938a..6b3478cecb2a 100644 --- a/pkg/cri/server/sandbox_portforward.go +++ b/internal/cri/server/sandbox_portforward.go @@ -23,7 +23,7 @@ import ( runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - sandboxstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" + sandboxstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" ) // PortForward prepares a streaming endpoint to forward ports from a PodSandbox, and returns the address. diff --git a/pkg/cri/server/sandbox_portforward_linux.go b/internal/cri/server/sandbox_portforward_linux.go similarity index 100% rename from pkg/cri/server/sandbox_portforward_linux.go rename to internal/cri/server/sandbox_portforward_linux.go diff --git a/pkg/cri/server/sandbox_portforward_other.go b/internal/cri/server/sandbox_portforward_other.go similarity index 100% rename from pkg/cri/server/sandbox_portforward_other.go rename to internal/cri/server/sandbox_portforward_other.go diff --git a/pkg/cri/server/sandbox_portforward_windows.go b/internal/cri/server/sandbox_portforward_windows.go similarity index 96% rename from pkg/cri/server/sandbox_portforward_windows.go rename to internal/cri/server/sandbox_portforward_windows.go index cdb75a917c76..d6c4316f542e 100644 --- a/pkg/cri/server/sandbox_portforward_windows.go +++ b/internal/cri/server/sandbox_portforward_windows.go @@ -24,7 +24,7 @@ import ( "k8s.io/utils/exec" - sandboxstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" + sandboxstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" cioutil "github.com/containerd/containerd/v2/pkg/ioutil" ) diff --git a/pkg/cri/server/sandbox_remove.go b/internal/cri/server/sandbox_remove.go similarity index 100% rename from pkg/cri/server/sandbox_remove.go rename to internal/cri/server/sandbox_remove.go diff --git a/pkg/cri/server/sandbox_run.go b/internal/cri/server/sandbox_run.go similarity index 98% rename from pkg/cri/server/sandbox_run.go rename to internal/cri/server/sandbox_run.go index 516ab3ac8087..d2d6822bdd0b 100644 --- a/pkg/cri/server/sandbox_run.go +++ b/internal/cri/server/sandbox_run.go @@ -33,12 +33,12 @@ import ( containerd "github.com/containerd/containerd/v2/client" sb "github.com/containerd/containerd/v2/core/sandbox" - "github.com/containerd/containerd/v2/pkg/cri/annotations" - "github.com/containerd/containerd/v2/pkg/cri/bandwidth" - criconfig "github.com/containerd/containerd/v2/pkg/cri/config" - "github.com/containerd/containerd/v2/pkg/cri/server/podsandbox" - sandboxstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" - "github.com/containerd/containerd/v2/pkg/cri/util" + "github.com/containerd/containerd/v2/internal/cri/annotations" + "github.com/containerd/containerd/v2/internal/cri/bandwidth" + criconfig "github.com/containerd/containerd/v2/internal/cri/config" + "github.com/containerd/containerd/v2/internal/cri/server/podsandbox" + sandboxstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" + "github.com/containerd/containerd/v2/internal/cri/util" "github.com/containerd/containerd/v2/pkg/netns" ) diff --git a/pkg/cri/server/sandbox_run_test.go b/internal/cri/server/sandbox_run_test.go similarity index 100% rename from pkg/cri/server/sandbox_run_test.go rename to internal/cri/server/sandbox_run_test.go diff --git a/pkg/cri/server/sandbox_service.go b/internal/cri/server/sandbox_service.go similarity index 95% rename from pkg/cri/server/sandbox_service.go rename to internal/cri/server/sandbox_service.go index 4371bca86b27..b4041ccd5a47 100644 --- a/pkg/cri/server/sandbox_service.go +++ b/internal/cri/server/sandbox_service.go @@ -23,7 +23,7 @@ import ( "github.com/containerd/containerd/v2/client" "github.com/containerd/containerd/v2/core/sandbox" - criconfig "github.com/containerd/containerd/v2/pkg/cri/config" + criconfig "github.com/containerd/containerd/v2/internal/cri/config" ) type criSandboxService struct { diff --git a/pkg/cri/server/sandbox_stats.go b/internal/cri/server/sandbox_stats.go similarity index 100% rename from pkg/cri/server/sandbox_stats.go rename to internal/cri/server/sandbox_stats.go diff --git a/pkg/cri/server/sandbox_stats_linux.go b/internal/cri/server/sandbox_stats_linux.go similarity index 98% rename from pkg/cri/server/sandbox_stats_linux.go rename to internal/cri/server/sandbox_stats_linux.go index a781db4a010d..e1e07d99d286 100644 --- a/pkg/cri/server/sandbox_stats_linux.go +++ b/internal/cri/server/sandbox_stats_linux.go @@ -24,7 +24,7 @@ import ( "github.com/containerd/cgroups/v3" "github.com/containerd/cgroups/v3/cgroup1" cgroupsv2 "github.com/containerd/cgroups/v3/cgroup2" - sandboxstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" + sandboxstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" "github.com/containerd/errdefs" "github.com/containerd/log" "github.com/containernetworking/plugins/pkg/ns" diff --git a/pkg/cri/server/sandbox_stats_list.go b/internal/cri/server/sandbox_stats_list.go similarity index 96% rename from pkg/cri/server/sandbox_stats_list.go rename to internal/cri/server/sandbox_stats_list.go index 95381bbb79b0..a4f9f826f0a3 100644 --- a/pkg/cri/server/sandbox_stats_list.go +++ b/internal/cri/server/sandbox_stats_list.go @@ -21,7 +21,7 @@ import ( "errors" "fmt" - sandboxstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" + sandboxstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" "github.com/containerd/errdefs" "github.com/containerd/log" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" diff --git a/pkg/cri/server/sandbox_stats_other.go b/internal/cri/server/sandbox_stats_other.go similarity index 92% rename from pkg/cri/server/sandbox_stats_other.go rename to internal/cri/server/sandbox_stats_other.go index 585a478cac44..c84ea50d206f 100644 --- a/pkg/cri/server/sandbox_stats_other.go +++ b/internal/cri/server/sandbox_stats_other.go @@ -22,7 +22,7 @@ import ( "context" "fmt" - sandboxstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" + sandboxstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" "github.com/containerd/errdefs" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" ) diff --git a/pkg/cri/server/sandbox_stats_windows.go b/internal/cri/server/sandbox_stats_windows.go similarity index 98% rename from pkg/cri/server/sandbox_stats_windows.go rename to internal/cri/server/sandbox_stats_windows.go index 6fb9773f9619..bc5e77142dd6 100644 --- a/pkg/cri/server/sandbox_stats_windows.go +++ b/internal/cri/server/sandbox_stats_windows.go @@ -26,10 +26,10 @@ import ( "github.com/Microsoft/hcsshim/hcn" "github.com/containerd/containerd/v2/api/services/tasks/v1" "github.com/containerd/containerd/v2/api/types" - containerstore "github.com/containerd/containerd/v2/pkg/cri/store/container" - sandboxstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" - "github.com/containerd/containerd/v2/pkg/cri/store/stats" - ctrdutil "github.com/containerd/containerd/v2/pkg/cri/util" + containerstore "github.com/containerd/containerd/v2/internal/cri/store/container" + sandboxstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" + "github.com/containerd/containerd/v2/internal/cri/store/stats" + ctrdutil "github.com/containerd/containerd/v2/internal/cri/util" "github.com/containerd/containerd/v2/protobuf" "github.com/containerd/errdefs" "github.com/containerd/log" diff --git a/pkg/cri/server/sandbox_stats_windows_test.go b/internal/cri/server/sandbox_stats_windows_test.go similarity index 98% rename from pkg/cri/server/sandbox_stats_windows_test.go rename to internal/cri/server/sandbox_stats_windows_test.go index 17d5872c97d5..c14d9b11e6a1 100644 --- a/pkg/cri/server/sandbox_stats_windows_test.go +++ b/internal/cri/server/sandbox_stats_windows_test.go @@ -21,9 +21,9 @@ import ( "time" wstats "github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/stats" - containerstore "github.com/containerd/containerd/v2/pkg/cri/store/container" - sandboxstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" - "github.com/containerd/containerd/v2/pkg/cri/store/stats" + containerstore "github.com/containerd/containerd/v2/internal/cri/store/container" + sandboxstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" + "github.com/containerd/containerd/v2/internal/cri/store/stats" "github.com/containerd/containerd/v2/protobuf" "github.com/stretchr/testify/assert" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" diff --git a/pkg/cri/server/sandbox_status.go b/internal/cri/server/sandbox_status.go similarity index 97% rename from pkg/cri/server/sandbox_status.go rename to internal/cri/server/sandbox_status.go index 1bbd539f527f..b0c1f728f661 100644 --- a/pkg/cri/server/sandbox_status.go +++ b/internal/cri/server/sandbox_status.go @@ -24,8 +24,8 @@ import ( runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - "github.com/containerd/containerd/v2/pkg/cri/server/base" - sandboxstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" + sandboxstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" + "github.com/containerd/containerd/v2/internal/cri/types" "github.com/containerd/errdefs" ) @@ -152,7 +152,7 @@ func toCRISandboxStatus(meta sandboxstore.Metadata, status string, createdAt tim // but if controller.Status() returns a NotFound error, // we should fallback to get SandboxInfo from cached sandbox itself. func toDeletedCRISandboxInfo(sandbox sandboxstore.Sandbox) (map[string]string, error) { - si := &base.SandboxInfo{ + si := &types.SandboxInfo{ Pid: sandbox.Status.Get().Pid, Config: sandbox.Config, RuntimeHandler: sandbox.RuntimeHandler, diff --git a/pkg/cri/server/sandbox_status_test.go b/internal/cri/server/sandbox_status_test.go similarity index 97% rename from pkg/cri/server/sandbox_status_test.go rename to internal/cri/server/sandbox_status_test.go index 19975ce88579..3516ab8d38be 100644 --- a/pkg/cri/server/sandbox_status_test.go +++ b/internal/cri/server/sandbox_status_test.go @@ -23,7 +23,7 @@ import ( "github.com/stretchr/testify/assert" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - sandboxstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" + sandboxstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" ) func TestPodSandboxStatus(t *testing.T) { diff --git a/pkg/cri/server/sandbox_stop.go b/internal/cri/server/sandbox_stop.go similarity index 98% rename from pkg/cri/server/sandbox_stop.go rename to internal/cri/server/sandbox_stop.go index 6879627265ff..889bd75ec193 100644 --- a/pkg/cri/server/sandbox_stop.go +++ b/internal/cri/server/sandbox_stop.go @@ -25,7 +25,7 @@ import ( "github.com/containerd/log" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - sandboxstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" + sandboxstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" "github.com/containerd/errdefs" ) diff --git a/pkg/cri/server/sandbox_stop_test.go b/internal/cri/server/sandbox_stop_test.go similarity index 96% rename from pkg/cri/server/sandbox_stop_test.go rename to internal/cri/server/sandbox_stop_test.go index 7fad6b01bffc..34844c743df4 100644 --- a/pkg/cri/server/sandbox_stop_test.go +++ b/internal/cri/server/sandbox_stop_test.go @@ -23,7 +23,7 @@ import ( "github.com/stretchr/testify/assert" - sandboxstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" + sandboxstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" ) func TestWaitSandboxStop(t *testing.T) { diff --git a/pkg/cri/server/service.go b/internal/cri/server/service.go similarity index 88% rename from pkg/cri/server/service.go rename to internal/cri/server/service.go index 708088b92312..1f77da0e821e 100644 --- a/pkg/cri/server/service.go +++ b/internal/cri/server/service.go @@ -33,17 +33,17 @@ import ( containerd "github.com/containerd/containerd/v2/client" "github.com/containerd/containerd/v2/core/sandbox" + criconfig "github.com/containerd/containerd/v2/internal/cri/config" + "github.com/containerd/containerd/v2/internal/cri/nri" + "github.com/containerd/containerd/v2/internal/cri/server/podsandbox" + containerstore "github.com/containerd/containerd/v2/internal/cri/store/container" + imagestore "github.com/containerd/containerd/v2/internal/cri/store/image" + "github.com/containerd/containerd/v2/internal/cri/store/label" + sandboxstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" + snapshotstore "github.com/containerd/containerd/v2/internal/cri/store/snapshot" + ctrdutil "github.com/containerd/containerd/v2/internal/cri/util" "github.com/containerd/containerd/v2/internal/eventq" "github.com/containerd/containerd/v2/internal/registrar" - criconfig "github.com/containerd/containerd/v2/pkg/cri/config" - "github.com/containerd/containerd/v2/pkg/cri/nri" - "github.com/containerd/containerd/v2/pkg/cri/server/podsandbox" - containerstore "github.com/containerd/containerd/v2/pkg/cri/store/container" - imagestore "github.com/containerd/containerd/v2/pkg/cri/store/image" - "github.com/containerd/containerd/v2/pkg/cri/store/label" - sandboxstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" - snapshotstore "github.com/containerd/containerd/v2/pkg/cri/store/snapshot" - ctrdutil "github.com/containerd/containerd/v2/pkg/cri/util" "github.com/containerd/containerd/v2/pkg/oci" osinterface "github.com/containerd/containerd/v2/pkg/os" ) @@ -65,6 +65,15 @@ type sandboxService interface { SandboxController(config *runtime.PodSandboxConfig, runtimeHandler string) (sandbox.Controller, error) } +// RuntimeService specifies dependencies to runtime service which provides +// the runtime configuration and OCI spec loading. +type RuntimeService interface { + Config() criconfig.Config + + // LoadCISpec loads cached OCI specs via `Runtime.BaseRuntimeSpec` + LoadOCISpec(string) (*oci.Spec, error) +} + // ImageService specifies dependencies to image service. type ImageService interface { RuntimeSnapshotter(ctx context.Context, ociRuntime criconfig.Runtime) string @@ -84,6 +93,7 @@ type ImageService interface { // criService implements CRIService. type criService struct { + RuntimeService ImageService // config contains all configurations. config criconfig.Config @@ -115,8 +125,6 @@ type criService struct { // cniNetConfMonitor is used to reload cni network conf if there is // any valid fs change events from cni network conf dir. cniNetConfMonitor map[string]*cniNetConfSyncer - // baseOCISpecs contains cached OCI specs loaded via `Runtime.BaseRuntimeSpec` - baseOCISpecs map[string]*oci.Spec // allCaps is the list of the capabilities. // When nil, parsed from CapEff of /proc/self/status. allCaps []string //nolint:nolintlint,unused // Ignore on non-Linux @@ -130,16 +138,17 @@ type criService struct { } type CRIServiceOptions struct { + RuntimeService RuntimeService + ImageService ImageService + StreamingConfig streaming.Config + NRI *nri.API // SandboxControllers is a map of all the loaded sandbox controllers SandboxControllers map[string]sandbox.Controller - // BaseOCISpecs contains cached OCI specs loaded via `Runtime.BaseRuntimeSpec` - BaseOCISpecs map[string]*oci.Spec - // Client is the base containerd client used for accessing services, // // TODO: Replace this gradually with directly configured instances @@ -147,18 +156,18 @@ type CRIServiceOptions struct { } // NewCRIService returns a new instance of CRIService -// TODO: Add criBase.BaseOCISpecs to options -func NewCRIService(config criconfig.Config, options *CRIServiceOptions) (CRIService, runtime.RuntimeServiceServer, error) { +func NewCRIService(options *CRIServiceOptions) (CRIService, runtime.RuntimeServiceServer, error) { var err error labels := label.NewStore() + config := options.RuntimeService.Config() c := &criService{ + RuntimeService: options.RuntimeService, ImageService: options.ImageService, config: config, client: options.Client, imageFSPaths: options.ImageService.ImageFSPaths(), os: osinterface.RealOS{}, - baseOCISpecs: options.BaseOCISpecs, sandboxStore: sandboxstore.NewStore(labels), containerStore: containerstore.NewStore(labels), sandboxNameIndex: registrar.NewRegistrar(), @@ -182,7 +191,7 @@ func NewCRIService(config criconfig.Config, options *CRIServiceOptions) (CRIServ } // prepare streaming server - c.streamServer, err = newStreamServer(c, config.StreamServerAddress, config.StreamServerPort, config.StreamIdleTimeout) + c.streamServer, err = streaming.NewServer(options.StreamingConfig, newStreamRuntime(c)) if err != nil { return nil, nil, fmt.Errorf("failed to create stream server: %w", err) } diff --git a/pkg/cri/server/service_linux.go b/internal/cri/server/service_linux.go similarity index 100% rename from pkg/cri/server/service_linux.go rename to internal/cri/server/service_linux.go diff --git a/pkg/cri/server/service_other.go b/internal/cri/server/service_other.go similarity index 100% rename from pkg/cri/server/service_other.go rename to internal/cri/server/service_other.go diff --git a/pkg/cri/server/service_test.go b/internal/cri/server/service_test.go similarity index 71% rename from pkg/cri/server/service_test.go rename to internal/cri/server/service_test.go index 4d8cc047bdc3..2507632bb15f 100644 --- a/pkg/cri/server/service_test.go +++ b/internal/cri/server/service_test.go @@ -24,11 +24,13 @@ import ( "github.com/containerd/containerd/v2/api/types" "github.com/containerd/containerd/v2/core/sandbox" + criconfig "github.com/containerd/containerd/v2/internal/cri/config" + containerstore "github.com/containerd/containerd/v2/internal/cri/store/container" + "github.com/containerd/containerd/v2/internal/cri/store/label" + sandboxstore "github.com/containerd/containerd/v2/internal/cri/store/sandbox" + servertesting "github.com/containerd/containerd/v2/internal/cri/testing" "github.com/containerd/containerd/v2/internal/registrar" - containerstore "github.com/containerd/containerd/v2/pkg/cri/store/container" - "github.com/containerd/containerd/v2/pkg/cri/store/label" - sandboxstore "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" - servertesting "github.com/containerd/containerd/v2/pkg/cri/testing" + "github.com/containerd/containerd/v2/pkg/oci" ostesting "github.com/containerd/containerd/v2/pkg/os/testing" "github.com/containerd/errdefs" "github.com/containerd/platforms" @@ -74,11 +76,34 @@ func (f fakeSandboxController) Metrics(ctx context.Context, sandboxID string) (* return &types.Metric{}, errdefs.ErrNotImplemented } +type fakeRuntimeService struct { + ocispecs map[string]*oci.Spec +} + +func (f fakeRuntimeService) Config() criconfig.Config { + return testConfig +} + +func (f fakeRuntimeService) LoadOCISpec(filename string) (*oci.Spec, error) { + spec, ok := f.ocispecs[filename] + if !ok { + return nil, errdefs.ErrNotFound + } + return spec, nil +} + +type testOpt func(*criService) + +func withRuntimeService(rs RuntimeService) testOpt { + return func(service *criService) { + service.RuntimeService = rs + } +} + // newTestCRIService creates a fake criService for test. -func newTestCRIService() *criService { +func newTestCRIService(opts ...testOpt) *criService { labels := label.NewStore() - return &criService{ - ImageService: &fakeImageService{}, + service := &criService{ config: testConfig, os: ostesting.NewFakeOS(), sandboxStore: sandboxstore.NewStore(labels), @@ -90,4 +115,15 @@ func newTestCRIService() *criService { }, sandboxService: &fakeSandboxService{}, } + for _, opt := range opts { + opt(service) + } + if service.RuntimeService == nil { + service.RuntimeService = &fakeRuntimeService{} + } + if service.ImageService == nil { + service.ImageService = &fakeImageService{} + } + + return service } diff --git a/pkg/cri/server/service_windows.go b/internal/cri/server/service_windows.go similarity index 100% rename from pkg/cri/server/service_windows.go rename to internal/cri/server/service_windows.go diff --git a/pkg/cri/server/status.go b/internal/cri/server/status.go similarity index 100% rename from pkg/cri/server/status.go rename to internal/cri/server/status.go diff --git a/internal/cri/server/streaming.go b/internal/cri/server/streaming.go new file mode 100644 index 000000000000..9cf1870b49da --- /dev/null +++ b/internal/cri/server/streaming.go @@ -0,0 +1,103 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package server + +import ( + "context" + "fmt" + "io" + "math" + + "k8s.io/apimachinery/pkg/util/runtime" + "k8s.io/client-go/tools/remotecommand" + "k8s.io/utils/exec" + + ctrdutil "github.com/containerd/containerd/v2/internal/cri/util" + "k8s.io/kubelet/pkg/cri/streaming" +) + +type streamRuntime struct { + c *criService +} + +func newStreamRuntime(c *criService) streaming.Runtime { + return &streamRuntime{c: c} +} + +// Exec executes a command inside the container. exec.ExitError is returned if the command +// returns non-zero exit code. +func (s *streamRuntime) Exec(ctx context.Context, containerID string, cmd []string, stdin io.Reader, stdout, stderr io.WriteCloser, + tty bool, resize <-chan remotecommand.TerminalSize) error { + exitCode, err := s.c.execInContainer(ctrdutil.WithNamespace(ctx), containerID, execOptions{ + cmd: cmd, + stdin: stdin, + stdout: stdout, + stderr: stderr, + tty: tty, + resize: resize, + }) + if err != nil { + return fmt.Errorf("failed to exec in container: %w", err) + } + if *exitCode == 0 { + return nil + } + return &exec.CodeExitError{ + Err: fmt.Errorf("error executing command %v, exit code %d", cmd, *exitCode), + Code: int(*exitCode), + } +} + +func (s *streamRuntime) Attach(ctx context.Context, containerID string, in io.Reader, out, err io.WriteCloser, tty bool, + resize <-chan remotecommand.TerminalSize) error { + return s.c.attachContainer(ctrdutil.WithNamespace(ctx), containerID, in, out, err, tty, resize) +} + +func (s *streamRuntime) PortForward(ctx context.Context, podSandboxID string, port int32, stream io.ReadWriteCloser) error { + if port <= 0 || port > math.MaxUint16 { + return fmt.Errorf("invalid port %d", port) + } + ctx = ctrdutil.WithNamespace(ctx) + return s.c.portForward(ctx, podSandboxID, port, stream) +} + +// handleResizing spawns a goroutine that processes the resize channel, calling resizeFunc for each +// remotecommand.TerminalSize received from the channel. +func handleResizing(ctx context.Context, resize <-chan remotecommand.TerminalSize, resizeFunc func(size remotecommand.TerminalSize)) { + if resize == nil { + return + } + + go func() { + defer runtime.HandleCrash() + + for { + select { + case <-ctx.Done(): + return + case size, ok := <-resize: + if !ok { + return + } + if size.Height < 1 || size.Width < 1 { + continue + } + resizeFunc(size) + } + } + }() +} diff --git a/pkg/cri/server/test_config.go b/internal/cri/server/test_config.go similarity index 90% rename from pkg/cri/server/test_config.go rename to internal/cri/server/test_config.go index a0ec785ff7a9..bbec77160d0a 100644 --- a/pkg/cri/server/test_config.go +++ b/internal/cri/server/test_config.go @@ -16,7 +16,7 @@ package server -import criconfig "github.com/containerd/containerd/v2/pkg/cri/config" +import criconfig "github.com/containerd/containerd/v2/internal/cri/config" const ( testRootDir = "/test/root" @@ -26,7 +26,7 @@ const ( var testConfig = criconfig.Config{ RootDir: testRootDir, StateDir: testStateDir, - PluginConfig: criconfig.PluginConfig{ + RuntimeConfig: criconfig.RuntimeConfig{ TolerateMissingHugetlbController: true, ContainerdConfig: criconfig.ContainerdConfig{ DefaultRuntimeName: "runc", diff --git a/pkg/cri/server/update_runtime_config.go b/internal/cri/server/update_runtime_config.go similarity index 100% rename from pkg/cri/server/update_runtime_config.go rename to internal/cri/server/update_runtime_config.go diff --git a/pkg/cri/server/update_runtime_config_test.go b/internal/cri/server/update_runtime_config_test.go similarity index 96% rename from pkg/cri/server/update_runtime_config_test.go rename to internal/cri/server/update_runtime_config_test.go index a78b64a20c3e..85a6612b4ea1 100644 --- a/pkg/cri/server/update_runtime_config_test.go +++ b/internal/cri/server/update_runtime_config_test.go @@ -27,8 +27,8 @@ import ( "github.com/stretchr/testify/require" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - criconfig "github.com/containerd/containerd/v2/pkg/cri/config" - servertesting "github.com/containerd/containerd/v2/pkg/cri/testing" + criconfig "github.com/containerd/containerd/v2/internal/cri/config" + servertesting "github.com/containerd/containerd/v2/internal/cri/testing" ) func TestUpdateRuntimeConfig(t *testing.T) { diff --git a/pkg/cri/server/version.go b/internal/cri/server/version.go similarity index 95% rename from pkg/cri/server/version.go rename to internal/cri/server/version.go index ef68e9f439b9..6c9415dbaf0a 100644 --- a/pkg/cri/server/version.go +++ b/internal/cri/server/version.go @@ -22,7 +22,7 @@ import ( "github.com/containerd/containerd/v2/version" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - "github.com/containerd/containerd/v2/pkg/cri/constants" + "github.com/containerd/containerd/v2/internal/cri/constants" ) const ( diff --git a/pkg/cri/store/container/container.go b/internal/cri/store/container/container.go similarity index 95% rename from pkg/cri/store/container/container.go rename to internal/cri/store/container/container.go index e3839c6d4784..6054a157629a 100644 --- a/pkg/cri/store/container/container.go +++ b/internal/cri/store/container/container.go @@ -20,11 +20,11 @@ import ( "sync" containerd "github.com/containerd/containerd/v2/client" + cio "github.com/containerd/containerd/v2/internal/cri/io" + "github.com/containerd/containerd/v2/internal/cri/store" + "github.com/containerd/containerd/v2/internal/cri/store/label" + "github.com/containerd/containerd/v2/internal/cri/store/stats" "github.com/containerd/containerd/v2/internal/truncindex" - cio "github.com/containerd/containerd/v2/pkg/cri/io" - "github.com/containerd/containerd/v2/pkg/cri/store" - "github.com/containerd/containerd/v2/pkg/cri/store/label" - "github.com/containerd/containerd/v2/pkg/cri/store/stats" "github.com/containerd/errdefs" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" diff --git a/pkg/cri/store/container/container_test.go b/internal/cri/store/container/container_test.go similarity index 97% rename from pkg/cri/store/container/container_test.go rename to internal/cri/store/container/container_test.go index 56143c5b52e9..ee41422c90b4 100644 --- a/pkg/cri/store/container/container_test.go +++ b/internal/cri/store/container/container_test.go @@ -21,9 +21,9 @@ import ( "testing" "time" - cio "github.com/containerd/containerd/v2/pkg/cri/io" - "github.com/containerd/containerd/v2/pkg/cri/store/label" - "github.com/containerd/containerd/v2/pkg/cri/store/stats" + cio "github.com/containerd/containerd/v2/internal/cri/io" + "github.com/containerd/containerd/v2/internal/cri/store/label" + "github.com/containerd/containerd/v2/internal/cri/store/stats" "github.com/containerd/errdefs" "github.com/opencontainers/selinux/go-selinux" diff --git a/pkg/cri/store/container/fake_status.go b/internal/cri/store/container/fake_status.go similarity index 100% rename from pkg/cri/store/container/fake_status.go rename to internal/cri/store/container/fake_status.go diff --git a/pkg/cri/store/container/metadata.go b/internal/cri/store/container/metadata.go similarity index 100% rename from pkg/cri/store/container/metadata.go rename to internal/cri/store/container/metadata.go diff --git a/pkg/cri/store/container/metadata_test.go b/internal/cri/store/container/metadata_test.go similarity index 100% rename from pkg/cri/store/container/metadata_test.go rename to internal/cri/store/container/metadata_test.go diff --git a/pkg/cri/store/container/status.go b/internal/cri/store/container/status.go similarity index 100% rename from pkg/cri/store/container/status.go rename to internal/cri/store/container/status.go diff --git a/pkg/cri/store/container/status_test.go b/internal/cri/store/container/status_test.go similarity index 100% rename from pkg/cri/store/container/status_test.go rename to internal/cri/store/container/status_test.go diff --git a/pkg/cri/store/image/fake_image.go b/internal/cri/store/image/fake_image.go similarity index 100% rename from pkg/cri/store/image/fake_image.go rename to internal/cri/store/image/fake_image.go diff --git a/pkg/cri/store/image/image.go b/internal/cri/store/image/image.go similarity index 98% rename from pkg/cri/store/image/image.go rename to internal/cri/store/image/image.go index bcbd515df933..5887e757b87a 100644 --- a/pkg/cri/store/image/image.go +++ b/internal/cri/store/image/image.go @@ -25,8 +25,8 @@ import ( "github.com/containerd/containerd/v2/core/content" "github.com/containerd/containerd/v2/core/images" "github.com/containerd/containerd/v2/core/images/usage" - "github.com/containerd/containerd/v2/pkg/cri/labels" - "github.com/containerd/containerd/v2/pkg/cri/util" + "github.com/containerd/containerd/v2/internal/cri/labels" + "github.com/containerd/containerd/v2/internal/cri/util" "github.com/containerd/errdefs" "github.com/containerd/platforms" docker "github.com/distribution/reference" diff --git a/pkg/cri/store/image/image_test.go b/internal/cri/store/image/image_test.go similarity index 100% rename from pkg/cri/store/image/image_test.go rename to internal/cri/store/image/image_test.go diff --git a/pkg/cri/store/label/label.go b/internal/cri/store/label/label.go similarity index 100% rename from pkg/cri/store/label/label.go rename to internal/cri/store/label/label.go diff --git a/pkg/cri/store/label/label_test.go b/internal/cri/store/label/label_test.go similarity index 100% rename from pkg/cri/store/label/label_test.go rename to internal/cri/store/label/label_test.go diff --git a/pkg/cri/store/sandbox/metadata.go b/internal/cri/store/sandbox/metadata.go similarity index 100% rename from pkg/cri/store/sandbox/metadata.go rename to internal/cri/store/sandbox/metadata.go diff --git a/pkg/cri/store/sandbox/metadata_test.go b/internal/cri/store/sandbox/metadata_test.go similarity index 100% rename from pkg/cri/store/sandbox/metadata_test.go rename to internal/cri/store/sandbox/metadata_test.go diff --git a/pkg/cri/store/sandbox/sandbox.go b/internal/cri/store/sandbox/sandbox.go similarity index 95% rename from pkg/cri/store/sandbox/sandbox.go rename to internal/cri/store/sandbox/sandbox.go index 9e4aa58cb233..40074069ef16 100644 --- a/pkg/cri/store/sandbox/sandbox.go +++ b/internal/cri/store/sandbox/sandbox.go @@ -20,10 +20,10 @@ import ( "sync" containerd "github.com/containerd/containerd/v2/client" + "github.com/containerd/containerd/v2/internal/cri/store" + "github.com/containerd/containerd/v2/internal/cri/store/label" + "github.com/containerd/containerd/v2/internal/cri/store/stats" "github.com/containerd/containerd/v2/internal/truncindex" - "github.com/containerd/containerd/v2/pkg/cri/store" - "github.com/containerd/containerd/v2/pkg/cri/store/label" - "github.com/containerd/containerd/v2/pkg/cri/store/stats" "github.com/containerd/containerd/v2/pkg/netns" "github.com/containerd/errdefs" ) diff --git a/pkg/cri/store/sandbox/sandbox_test.go b/internal/cri/store/sandbox/sandbox_test.go similarity index 97% rename from pkg/cri/store/sandbox/sandbox_test.go rename to internal/cri/store/sandbox/sandbox_test.go index 5e70f75d2d8a..a79df9092b04 100644 --- a/pkg/cri/store/sandbox/sandbox_test.go +++ b/internal/cri/store/sandbox/sandbox_test.go @@ -20,8 +20,8 @@ import ( "testing" "time" - "github.com/containerd/containerd/v2/pkg/cri/store/label" - "github.com/containerd/containerd/v2/pkg/cri/store/stats" + "github.com/containerd/containerd/v2/internal/cri/store/label" + "github.com/containerd/containerd/v2/internal/cri/store/stats" "github.com/containerd/errdefs" assertlib "github.com/stretchr/testify/assert" diff --git a/pkg/cri/store/sandbox/status.go b/internal/cri/store/sandbox/status.go similarity index 100% rename from pkg/cri/store/sandbox/status.go rename to internal/cri/store/sandbox/status.go diff --git a/pkg/cri/store/sandbox/status_test.go b/internal/cri/store/sandbox/status_test.go similarity index 100% rename from pkg/cri/store/sandbox/status_test.go rename to internal/cri/store/sandbox/status_test.go diff --git a/pkg/cri/store/snapshot/snapshot.go b/internal/cri/store/snapshot/snapshot.go similarity index 100% rename from pkg/cri/store/snapshot/snapshot.go rename to internal/cri/store/snapshot/snapshot.go diff --git a/pkg/cri/store/snapshot/snapshot_test.go b/internal/cri/store/snapshot/snapshot_test.go similarity index 100% rename from pkg/cri/store/snapshot/snapshot_test.go rename to internal/cri/store/snapshot/snapshot_test.go diff --git a/pkg/cri/store/stats/stats.go b/internal/cri/store/stats/stats.go similarity index 100% rename from pkg/cri/store/stats/stats.go rename to internal/cri/store/stats/stats.go diff --git a/pkg/cri/store/util.go b/internal/cri/store/util.go similarity index 100% rename from pkg/cri/store/util.go rename to internal/cri/store/util.go diff --git a/pkg/cri/testing/fake_cni_plugin.go b/internal/cri/testing/fake_cni_plugin.go similarity index 100% rename from pkg/cri/testing/fake_cni_plugin.go rename to internal/cri/testing/fake_cni_plugin.go diff --git a/pkg/cri/server/base/sandbox_info.go b/internal/cri/types/sandbox_info.go similarity index 96% rename from pkg/cri/server/base/sandbox_info.go rename to internal/cri/types/sandbox_info.go index c38dd081bb8c..bfb36f2e4675 100644 --- a/pkg/cri/server/base/sandbox_info.go +++ b/internal/cri/types/sandbox_info.go @@ -14,14 +14,14 @@ limitations under the License. */ -package base +package types import ( "github.com/containerd/go-cni" "github.com/opencontainers/runtime-spec/specs-go" runtime "k8s.io/cri-api/pkg/apis/runtime/v1" - "github.com/containerd/containerd/v2/pkg/cri/store/sandbox" + "github.com/containerd/containerd/v2/internal/cri/store/sandbox" ) // SandboxInfo is extra information for sandbox. diff --git a/pkg/cri/util/deep_copy.go b/internal/cri/util/deep_copy.go similarity index 100% rename from pkg/cri/util/deep_copy.go rename to internal/cri/util/deep_copy.go diff --git a/pkg/cri/util/deep_copy_test.go b/internal/cri/util/deep_copy_test.go similarity index 100% rename from pkg/cri/util/deep_copy_test.go rename to internal/cri/util/deep_copy_test.go diff --git a/pkg/cri/util/id.go b/internal/cri/util/id.go similarity index 100% rename from pkg/cri/util/id.go rename to internal/cri/util/id.go diff --git a/pkg/cri/util/references.go b/internal/cri/util/references.go similarity index 100% rename from pkg/cri/util/references.go rename to internal/cri/util/references.go diff --git a/pkg/cri/util/strings.go b/internal/cri/util/strings.go similarity index 100% rename from pkg/cri/util/strings.go rename to internal/cri/util/strings.go diff --git a/pkg/cri/util/strings_test.go b/internal/cri/util/strings_test.go similarity index 100% rename from pkg/cri/util/strings_test.go rename to internal/cri/util/strings_test.go diff --git a/pkg/cri/util/util.go b/internal/cri/util/util.go similarity index 95% rename from pkg/cri/util/util.go rename to internal/cri/util/util.go index 0f641b72da36..3eb1d644db05 100644 --- a/pkg/cri/util/util.go +++ b/internal/cri/util/util.go @@ -22,7 +22,7 @@ import ( "github.com/containerd/containerd/v2/pkg/namespaces" - "github.com/containerd/containerd/v2/pkg/cri/constants" + "github.com/containerd/containerd/v2/internal/cri/constants" ) // deferCleanupTimeout is the default timeout for containerd cleanup operations diff --git a/pkg/cri/server/streaming.go b/pkg/cri/server/streaming.go deleted file mode 100644 index 50ae7cb09385..000000000000 --- a/pkg/cri/server/streaming.go +++ /dev/null @@ -1,240 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package server - -import ( - "context" - "crypto/tls" - "errors" - "fmt" - "io" - "math" - "net" - "os" - "time" - - k8snet "k8s.io/apimachinery/pkg/util/net" - "k8s.io/apimachinery/pkg/util/runtime" - "k8s.io/client-go/tools/remotecommand" - k8scert "k8s.io/client-go/util/cert" - "k8s.io/utils/exec" - - ctrdutil "github.com/containerd/containerd/v2/pkg/cri/util" - "k8s.io/kubelet/pkg/cri/streaming" -) - -type streamListenerMode int - -const ( - x509KeyPairTLS streamListenerMode = iota - selfSignTLS - withoutTLS -) - -func getStreamListenerMode(c *criService) (streamListenerMode, error) { - if c.config.EnableTLSStreaming { - if c.config.X509KeyPairStreaming.TLSCertFile != "" && c.config.X509KeyPairStreaming.TLSKeyFile != "" { - return x509KeyPairTLS, nil - } - if c.config.X509KeyPairStreaming.TLSCertFile != "" && c.config.X509KeyPairStreaming.TLSKeyFile == "" { - return -1, errors.New("must set X509KeyPairStreaming.TLSKeyFile") - } - if c.config.X509KeyPairStreaming.TLSCertFile == "" && c.config.X509KeyPairStreaming.TLSKeyFile != "" { - return -1, errors.New("must set X509KeyPairStreaming.TLSCertFile") - } - return selfSignTLS, nil - } - if c.config.X509KeyPairStreaming.TLSCertFile != "" { - return -1, errors.New("X509KeyPairStreaming.TLSCertFile is set but EnableTLSStreaming is not set") - } - if c.config.X509KeyPairStreaming.TLSKeyFile != "" { - return -1, errors.New("X509KeyPairStreaming.TLSKeyFile is set but EnableTLSStreaming is not set") - } - return withoutTLS, nil -} - -func newStreamServer(c *criService, addr, port, streamIdleTimeout string) (streaming.Server, error) { - if addr == "" { - a, err := k8snet.ResolveBindAddress(nil) - if err != nil { - return nil, fmt.Errorf("failed to get stream server address: %w", err) - } - addr = a.String() - } - config := streaming.DefaultConfig - if streamIdleTimeout != "" { - var err error - config.StreamIdleTimeout, err = time.ParseDuration(streamIdleTimeout) - if err != nil { - return nil, fmt.Errorf("invalid stream idle timeout: %w", err) - } - } - config.Addr = net.JoinHostPort(addr, port) - run := newStreamRuntime(c) - tlsMode, err := getStreamListenerMode(c) - if err != nil { - return nil, fmt.Errorf("invalid stream server configuration: %w", err) - } - switch tlsMode { - case x509KeyPairTLS: - tlsCert, err := tls.LoadX509KeyPair(c.config.X509KeyPairStreaming.TLSCertFile, c.config.X509KeyPairStreaming.TLSKeyFile) - if err != nil { - return nil, fmt.Errorf("failed to load x509 key pair for stream server: %w", err) - } - config.TLSConfig = &tls.Config{ - Certificates: []tls.Certificate{tlsCert}, - } - return streaming.NewServer(config, run) - case selfSignTLS: - tlsCert, err := newTLSCert() - if err != nil { - return nil, fmt.Errorf("failed to generate tls certificate for stream server: %w", err) - } - config.TLSConfig = &tls.Config{ - Certificates: []tls.Certificate{tlsCert}, - InsecureSkipVerify: true, - } - return streaming.NewServer(config, run) - case withoutTLS: - return streaming.NewServer(config, run) - default: - return nil, errors.New("invalid configuration for the stream listener") - } -} - -type streamRuntime struct { - c *criService -} - -func newStreamRuntime(c *criService) streaming.Runtime { - return &streamRuntime{c: c} -} - -// Exec executes a command inside the container. exec.ExitError is returned if the command -// returns non-zero exit code. -func (s *streamRuntime) Exec(ctx context.Context, containerID string, cmd []string, stdin io.Reader, stdout, stderr io.WriteCloser, - tty bool, resize <-chan remotecommand.TerminalSize) error { - exitCode, err := s.c.execInContainer(ctrdutil.WithNamespace(ctx), containerID, execOptions{ - cmd: cmd, - stdin: stdin, - stdout: stdout, - stderr: stderr, - tty: tty, - resize: resize, - }) - if err != nil { - return fmt.Errorf("failed to exec in container: %w", err) - } - if *exitCode == 0 { - return nil - } - return &exec.CodeExitError{ - Err: fmt.Errorf("error executing command %v, exit code %d", cmd, *exitCode), - Code: int(*exitCode), - } -} - -func (s *streamRuntime) Attach(ctx context.Context, containerID string, in io.Reader, out, err io.WriteCloser, tty bool, - resize <-chan remotecommand.TerminalSize) error { - return s.c.attachContainer(ctrdutil.WithNamespace(ctx), containerID, in, out, err, tty, resize) -} - -func (s *streamRuntime) PortForward(ctx context.Context, podSandboxID string, port int32, stream io.ReadWriteCloser) error { - if port <= 0 || port > math.MaxUint16 { - return fmt.Errorf("invalid port %d", port) - } - ctx = ctrdutil.WithNamespace(ctx) - return s.c.portForward(ctx, podSandboxID, port, stream) -} - -// handleResizing spawns a goroutine that processes the resize channel, calling resizeFunc for each -// remotecommand.TerminalSize received from the channel. -func handleResizing(ctx context.Context, resize <-chan remotecommand.TerminalSize, resizeFunc func(size remotecommand.TerminalSize)) { - if resize == nil { - return - } - - go func() { - defer runtime.HandleCrash() - - for { - select { - case <-ctx.Done(): - return - case size, ok := <-resize: - if !ok { - return - } - if size.Height < 1 || size.Width < 1 { - continue - } - resizeFunc(size) - } - } - }() -} - -// newTLSCert returns a self CA signed tls.certificate. -// TODO (mikebrow): replace / rewrite this function to support using CA -// signing of the certificate. Requires a security plan for kubernetes regarding -// CRI connections / streaming, etc. For example, kubernetes could configure or -// require a CA service and pass a configuration down through CRI. -func newTLSCert() (tls.Certificate, error) { - fail := func(err error) (tls.Certificate, error) { return tls.Certificate{}, err } - - hostName, err := os.Hostname() - if err != nil { - return fail(fmt.Errorf("failed to get hostname: %w", err)) - } - - addrs, err := net.InterfaceAddrs() - if err != nil { - return fail(fmt.Errorf("failed to get host IP addresses: %w", err)) - } - - var alternateIPs []net.IP - var alternateDNS []string - for _, addr := range addrs { - var ip net.IP - - switch v := addr.(type) { - case *net.IPNet: - ip = v.IP - case *net.IPAddr: - ip = v.IP - default: - continue - } - - alternateIPs = append(alternateIPs, ip) - alternateDNS = append(alternateDNS, ip.String()) - } - - // Generate a self signed certificate key (CA is self) - certPem, keyPem, err := k8scert.GenerateSelfSignedCertKey(hostName, alternateIPs, alternateDNS) - if err != nil { - return fail(fmt.Errorf("certificate key could not be created: %w", err)) - } - - // Load the tls certificate - tlsCert, err := tls.X509KeyPair(certPem, keyPem) - if err != nil { - return fail(fmt.Errorf("certificate could not be loaded: %w", err)) - } - - return tlsCert, nil -} diff --git a/pkg/cri/server/streaming_test.go b/pkg/cri/server/streaming_test.go deleted file mode 100644 index d93945d6bbe6..000000000000 --- a/pkg/cri/server/streaming_test.go +++ /dev/null @@ -1,163 +0,0 @@ -/* - Copyright The containerd Authors. - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. -*/ - -package server - -import ( - "testing" - - "github.com/containerd/containerd/v2/pkg/cri/config" - "github.com/stretchr/testify/assert" -) - -func TestValidateStreamServer(t *testing.T) { - for _, test := range []struct { - desc string - *criService - tlsMode streamListenerMode - expectErr bool - }{ - { - desc: "should pass with default withoutTLS", - criService: &criService{ - config: config.Config{ - PluginConfig: config.DefaultConfig(), - }, - }, - tlsMode: withoutTLS, - expectErr: false, - }, - { - desc: "should pass with x509KeyPairTLS", - criService: &criService{ - config: config.Config{ - PluginConfig: config.PluginConfig{ - EnableTLSStreaming: true, - X509KeyPairStreaming: config.X509KeyPairStreaming{ - TLSKeyFile: "non-empty", - TLSCertFile: "non-empty", - }, - }, - }, - }, - tlsMode: x509KeyPairTLS, - expectErr: false, - }, - { - desc: "should pass with selfSign", - criService: &criService{ - config: config.Config{ - PluginConfig: config.PluginConfig{ - EnableTLSStreaming: true, - }, - }, - }, - tlsMode: selfSignTLS, - expectErr: false, - }, - { - desc: "should return error with X509 keypair but not EnableTLSStreaming", - criService: &criService{ - config: config.Config{ - PluginConfig: config.PluginConfig{ - EnableTLSStreaming: false, - X509KeyPairStreaming: config.X509KeyPairStreaming{ - TLSKeyFile: "non-empty", - TLSCertFile: "non-empty", - }, - }, - }, - }, - tlsMode: -1, - expectErr: true, - }, - { - desc: "should return error with X509 TLSCertFile empty", - criService: &criService{ - config: config.Config{ - PluginConfig: config.PluginConfig{ - EnableTLSStreaming: true, - X509KeyPairStreaming: config.X509KeyPairStreaming{ - TLSKeyFile: "non-empty", - TLSCertFile: "", - }, - }, - }, - }, - tlsMode: -1, - expectErr: true, - }, - { - desc: "should return error with X509 TLSKeyFile empty", - criService: &criService{ - config: config.Config{ - PluginConfig: config.PluginConfig{ - EnableTLSStreaming: true, - X509KeyPairStreaming: config.X509KeyPairStreaming{ - TLSKeyFile: "", - TLSCertFile: "non-empty", - }, - }, - }, - }, - tlsMode: -1, - expectErr: true, - }, - { - desc: "should return error without EnableTLSStreaming and only TLSCertFile set", - criService: &criService{ - config: config.Config{ - PluginConfig: config.PluginConfig{ - EnableTLSStreaming: false, - X509KeyPairStreaming: config.X509KeyPairStreaming{ - TLSKeyFile: "", - TLSCertFile: "non-empty", - }, - }, - }, - }, - tlsMode: -1, - expectErr: true, - }, - { - desc: "should return error without EnableTLSStreaming and only TLSKeyFile set", - criService: &criService{ - config: config.Config{ - PluginConfig: config.PluginConfig{ - EnableTLSStreaming: false, - X509KeyPairStreaming: config.X509KeyPairStreaming{ - TLSKeyFile: "non-empty", - TLSCertFile: "", - }, - }, - }, - }, - tlsMode: -1, - expectErr: true, - }, - } { - test := test - t.Run(test.desc, func(t *testing.T) { - tlsMode, err := getStreamListenerMode(test.criService) - if test.expectErr { - assert.Error(t, err) - return - } - assert.NoError(t, err) - assert.Equal(t, test.tlsMode, tlsMode) - }) - } -} diff --git a/pkg/runtimeoptions/v1/api.pb.go b/pkg/runtimeoptions/v1/api.pb.go index eb0d66ee56a9..b2b47dca7afb 100644 --- a/pkg/runtimeoptions/v1/api.pb.go +++ b/pkg/runtimeoptions/v1/api.pb.go @@ -32,8 +32,10 @@ type Options struct { // ConfigPath specifies the filesystem location of the config file // used by the runtime. ConfigPath string `protobuf:"bytes,2,opt,name=config_path,json=configPath,proto3" json:"config_path,omitempty"` - // Blob specifies an in-memory TOML blob passed from containerd's configuration section - // for this runtime. This will be used if config_path is not specified. + // Blob specifies an in-memory blob passed from containerd's configuration section + // for this runtime. If the typeurl is specified, this will be a JSON blob which can be + // interpreted as the type represented by the typeurl. Otherwise, this will be a TOML + // blob. This will be used if config_path is not specified. ConfigBody []byte `protobuf:"bytes,3,opt,name=config_body,json=configBody,proto3" json:"config_body,omitempty"` } diff --git a/pkg/runtimeoptions/v1/api.proto b/pkg/runtimeoptions/v1/api.proto index 2e0730ff2c86..4bc20753f54b 100644 --- a/pkg/runtimeoptions/v1/api.proto +++ b/pkg/runtimeoptions/v1/api.proto @@ -11,7 +11,9 @@ message Options { // ConfigPath specifies the filesystem location of the config file // used by the runtime. string config_path = 2; - // Blob specifies an in-memory TOML blob passed from containerd's configuration section - // for this runtime. This will be used if config_path is not specified. + // Blob specifies an in-memory blob passed from containerd's configuration section + // for this runtime. If the typeurl is specified, this will be a JSON blob which can be + // interpreted as the type represented by the typeurl. Otherwise, this will be a TOML + // blob. This will be used if config_path is not specified. bytes config_body = 3; } diff --git a/pkg/cri/cri.go b/plugins/cri/cri.go similarity index 68% rename from pkg/cri/cri.go rename to plugins/cri/cri.go index 3488b9915d24..1747b6b4fb53 100644 --- a/pkg/cri/cri.go +++ b/plugins/cri/cri.go @@ -17,6 +17,7 @@ package cri import ( + "context" "fmt" "io" @@ -25,15 +26,16 @@ import ( "github.com/containerd/plugin/registry" containerd "github.com/containerd/containerd/v2/client" + srvconfig "github.com/containerd/containerd/v2/cmd/containerd/server/config" "github.com/containerd/containerd/v2/core/sandbox" - criconfig "github.com/containerd/containerd/v2/pkg/cri/config" - "github.com/containerd/containerd/v2/pkg/cri/constants" - "github.com/containerd/containerd/v2/pkg/cri/instrument" - "github.com/containerd/containerd/v2/pkg/cri/nri" - "github.com/containerd/containerd/v2/pkg/cri/server" - "github.com/containerd/containerd/v2/pkg/cri/server/base" + criconfig "github.com/containerd/containerd/v2/internal/cri/config" + "github.com/containerd/containerd/v2/internal/cri/constants" + "github.com/containerd/containerd/v2/internal/cri/instrument" + "github.com/containerd/containerd/v2/internal/cri/nri" + "github.com/containerd/containerd/v2/internal/cri/server" nriservice "github.com/containerd/containerd/v2/pkg/nri" "github.com/containerd/containerd/v2/plugins" + "github.com/containerd/containerd/v2/plugins/services/warning" "github.com/containerd/platforms" "google.golang.org/grpc" @@ -43,13 +45,12 @@ import ( // Register CRI service plugin func init() { - + defaultConfig := criconfig.DefaultServerConfig() registry.Register(&plugin.Registration{ Type: plugins.GRPCPlugin, ID: "cri", Requires: []plugin.Type{ - plugins.CRIImagePlugin, - plugins.InternalPlugin, + plugins.CRIServicePlugin, plugins.SandboxControllerPlugin, plugins.NRIApiPlugin, plugins.EventPlugin, @@ -57,6 +58,29 @@ func init() { plugins.LeasePlugin, plugins.SandboxStorePlugin, plugins.TransferPlugin, + plugins.WarningPlugin, + }, + Config: &defaultConfig, + ConfigMigration: func(ctx context.Context, version int, pluginConfigs map[string]interface{}) error { + if version >= srvconfig.CurrentConfigVersion { + return nil + } + const pluginName = string(plugins.GRPCPlugin) + ".cri" + original, ok := pluginConfigs[pluginName] + if !ok { + return nil + } + src := original.(map[string]interface{}) + + // Currently only a single key migrated + if val, ok := src["disable_tcp_service"]; ok { + pluginConfigs[pluginName] = map[string]interface{}{ + "disable_tcp_service": val, + } + } else { + delete(pluginConfigs, pluginName) + } + return nil }, InitFn: initCRIService, }) @@ -64,21 +88,33 @@ func init() { func initCRIService(ic *plugin.InitContext) (interface{}, error) { ctx := ic.Context + config := ic.Config.(*criconfig.ServerConfig) - // Get base CRI dependencies. - criBasePlugin, err := ic.GetByID(plugins.InternalPlugin, "cri") + // Get runtime service. + criRuntimePlugin, err := ic.GetByID(plugins.CRIServicePlugin, "runtime") if err != nil { - return nil, fmt.Errorf("unable to load CRI service base dependencies: %w", err) + return nil, fmt.Errorf("unable to load CRI runtime service plugin dependency: %w", err) } - criBase := criBasePlugin.(*base.CRIBase) - c := criBase.Config // Get image service. - criImagePlugin, err := ic.GetSingle(plugins.CRIImagePlugin) + criImagePlugin, err := ic.GetByID(plugins.CRIServicePlugin, "images") if err != nil { return nil, fmt.Errorf("unable to load CRI image service plugin dependency: %w", err) } + if warnings, err := criconfig.ValidateServerConfig(ic.Context, config); err != nil { + return nil, fmt.Errorf("invalid cri image config: %w", err) + } else if len(warnings) > 0 { + ws, err := ic.GetSingle(plugins.WarningPlugin) + if err != nil { + return nil, err + } + warn := ws.(warning.Service) + for _, w := range warnings { + warn.Emit(ic.Context, w) + } + } + log.G(ctx).Info("Connect containerd service") client, err := containerd.New( "", @@ -97,16 +133,22 @@ func initCRIService(ic *plugin.InitContext) (interface{}, error) { string(criconfig.ModeShim): client.SandboxController(string(criconfig.ModeShim)), } + streamingConfig, err := config.StreamingConfig() + if err != nil { + return nil, fmt.Errorf("failed to get streaming config: %w", err) + } + options := &server.CRIServiceOptions{ + RuntimeService: criRuntimePlugin.(server.RuntimeService), ImageService: criImagePlugin.(server.ImageService), + StreamingConfig: streamingConfig, NRI: getNRIAPI(ic), Client: client, SandboxControllers: sbControllers, - BaseOCISpecs: criBase.BaseOCISpecs, } is := criImagePlugin.(imageService).GRPCService() - s, rs, err := server.NewCRIService(criBase.Config, options) + s, rs, err := server.NewCRIService(options) if err != nil { return nil, fmt.Errorf("failed to create CRI service: %w", err) } @@ -127,7 +169,7 @@ func initCRIService(ic *plugin.InitContext) (interface{}, error) { initializer: s, } - if c.DisableTCPService { + if config.DisableTCPService { return service, nil } diff --git a/plugins/cri/images/plugin.go b/plugins/cri/images/plugin.go index c297a28a5af4..f2ae02f4ebf5 100644 --- a/plugins/cri/images/plugin.go +++ b/plugins/cri/images/plugin.go @@ -25,11 +25,12 @@ import ( srvconfig "github.com/containerd/containerd/v2/cmd/containerd/server/config" "github.com/containerd/containerd/v2/core/metadata" "github.com/containerd/containerd/v2/core/snapshots" - criconfig "github.com/containerd/containerd/v2/pkg/cri/config" - "github.com/containerd/containerd/v2/pkg/cri/constants" - "github.com/containerd/containerd/v2/pkg/cri/server/images" + criconfig "github.com/containerd/containerd/v2/internal/cri/config" + "github.com/containerd/containerd/v2/internal/cri/constants" + "github.com/containerd/containerd/v2/internal/cri/server/images" "github.com/containerd/containerd/v2/pkg/events" "github.com/containerd/containerd/v2/plugins" + "github.com/containerd/containerd/v2/plugins/services/warning" "github.com/containerd/log" "github.com/containerd/platforms" "github.com/containerd/plugin" @@ -40,17 +41,17 @@ func init() { config := criconfig.DefaultImageConfig() registry.Register(&plugin.Registration{ - Type: plugins.CRIImagePlugin, - ID: "local", + Type: plugins.CRIServicePlugin, + ID: "images", Config: &config, Requires: []plugin.Type{ plugins.LeasePlugin, plugins.EventPlugin, plugins.MetadataPlugin, plugins.SandboxStorePlugin, - plugins.InternalPlugin, // For config migration ordering plugins.ServicePlugin, // For client plugins.SnapshotPlugin, // For root directory properties + plugins.WarningPlugin, }, InitFn: func(ic *plugin.InitContext) (interface{}, error) { m, err := ic.GetSingle(plugins.MetadataPlugin) @@ -64,6 +65,19 @@ func init() { return nil, err } + if warnings, err := criconfig.ValidateImageConfig(ic.Context, &config); err != nil { + return nil, fmt.Errorf("invalid cri image config: %w", err) + } else if len(warnings) > 0 { + ws, err := ic.GetSingle(plugins.WarningPlugin) + if err != nil { + return nil, err + } + warn := ws.(warning.Service) + for _, w := range warnings { + warn.Emit(ic.Context, w) + } + } + options := &images.CRIImageServiceOptions{ Content: mdb.ContentStore(), Images: metadata.NewImageStore(mdb), @@ -152,12 +166,12 @@ func configMigration(ctx context.Context, version int, pluginConfigs map[string] if version >= srvconfig.CurrentConfigVersion { return nil } - original, ok := pluginConfigs[string(plugins.InternalPlugin)+".cri"] + original, ok := pluginConfigs[string(plugins.GRPCPlugin)+".cri"] if !ok { return nil } src := original.(map[string]interface{}) - updated, ok := pluginConfigs[string(plugins.CRIImagePlugin)+".local"] + updated, ok := pluginConfigs[string(plugins.CRIServicePlugin)+".images"] var dst map[string]interface{} if ok { dst = updated.(map[string]interface{}) @@ -166,7 +180,7 @@ func configMigration(ctx context.Context, version int, pluginConfigs map[string] } migrateConfig(dst, src) - pluginConfigs[string(plugins.CRIImagePlugin)+".local"] = dst + pluginConfigs[string(plugins.CRIServicePlugin)+".images"] = dst return nil } func migrateConfig(dst, src map[string]interface{}) { diff --git a/pkg/cri/server/base/cri_base_test.go b/plugins/cri/runtime/load_test.go similarity index 94% rename from pkg/cri/server/base/cri_base_test.go rename to plugins/cri/runtime/load_test.go index 07e79664053a..a808e6df80dc 100644 --- a/pkg/cri/server/base/cri_base_test.go +++ b/plugins/cri/runtime/load_test.go @@ -14,7 +14,7 @@ limitations under the License. */ -package base +package runtime import ( "encoding/json" @@ -24,7 +24,7 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - criconfig "github.com/containerd/containerd/v2/pkg/cri/config" + criconfig "github.com/containerd/containerd/v2/internal/cri/config" "github.com/containerd/containerd/v2/pkg/oci" ) diff --git a/pkg/cri/server/base/cri_base.go b/plugins/cri/runtime/plugin.go similarity index 72% rename from pkg/cri/server/base/cri_base.go rename to plugins/cri/runtime/plugin.go index a28070700a90..8b97752d01c4 100644 --- a/pkg/cri/server/base/cri_base.go +++ b/plugins/cri/runtime/plugin.go @@ -14,7 +14,7 @@ limitations under the License. */ -package base +package runtime import ( "context" @@ -24,6 +24,7 @@ import ( "os" "path/filepath" + introspectionapi "github.com/containerd/containerd/v2/api/services/introspection/v1" "github.com/containerd/log" "github.com/containerd/plugin" "github.com/containerd/plugin/registry" @@ -31,57 +32,62 @@ import ( "k8s.io/klog/v2" srvconfig "github.com/containerd/containerd/v2/cmd/containerd/server/config" - criconfig "github.com/containerd/containerd/v2/pkg/cri/config" - "github.com/containerd/containerd/v2/pkg/cri/constants" + criconfig "github.com/containerd/containerd/v2/internal/cri/config" + "github.com/containerd/containerd/v2/internal/cri/constants" "github.com/containerd/containerd/v2/pkg/oci" "github.com/containerd/containerd/v2/plugins" + "github.com/containerd/containerd/v2/plugins/services" "github.com/containerd/containerd/v2/plugins/services/warning" + "github.com/containerd/errdefs" "github.com/containerd/platforms" ) -// CRIBase contains common dependencies for CRI's runtime, image, and podsandbox services. -type CRIBase struct { - // Config contains all configurations. - Config criconfig.Config - // BaseOCISpecs contains cached OCI specs loaded via `Runtime.BaseRuntimeSpec` - BaseOCISpecs map[string]*oci.Spec -} - func init() { - config := criconfig.DefaultConfig() + config := criconfig.DefaultRuntimeConfig() // Base plugin that other CRI services depend on. registry.Register(&plugin.Registration{ - Type: plugins.InternalPlugin, - ID: "cri", + Type: plugins.CRIServicePlugin, + ID: "runtime", Config: &config, Requires: []plugin.Type{ plugins.WarningPlugin, + plugins.ServicePlugin, }, - ConfigMigration: func(ctx context.Context, version int, plugins map[string]interface{}) error { + ConfigMigration: func(ctx context.Context, version int, pluginConfigs map[string]interface{}) error { if version >= srvconfig.CurrentConfigVersion { return nil } - c, ok := plugins["io.containerd.grpc.v1.cri"] + c, ok := pluginConfigs[string(plugins.GRPCPlugin)+".cri"] if !ok { return nil } conf := c.(map[string]interface{}) migrateConfig(conf) - plugins["io.containerd.internal.v1.cri"] = conf - delete(plugins, "io.containerd.grpc.v1.cri") + pluginConfigs[string(plugins.CRIServicePlugin)+".runtime"] = conf return nil }, - InitFn: initCRIBase, + InitFn: initCRIRuntime, }) } -func initCRIBase(ic *plugin.InitContext) (interface{}, error) { +func initCRIRuntime(ic *plugin.InitContext) (interface{}, error) { ic.Meta.Platforms = []imagespec.Platform{platforms.DefaultSpec()} ic.Meta.Exports = map[string]string{"CRIVersion": constants.CRIVersion} ctx := ic.Context - pluginConfig := ic.Config.(*criconfig.PluginConfig) - if warnings, err := criconfig.ValidatePluginConfig(ctx, pluginConfig); err != nil { + pluginConfig := ic.Config.(*criconfig.RuntimeConfig) + + introspectionService, err := ic.GetByID(plugins.ServicePlugin, services.IntrospectionService) + if err != nil { + return nil, fmt.Errorf("failed to get plugin (%q, %q): %w", + plugins.ServicePlugin, services.IntrospectionService, err) + } + introspectionClient, ok := introspectionService.(introspectionapi.IntrospectionClient) + if !ok { + return nil, fmt.Errorf("%+v does not implement IntrospectionClient interfae", introspectionService) + } + + if warnings, err := criconfig.ValidateRuntimeConfig(ctx, pluginConfig, introspectionClient); err != nil { return nil, fmt.Errorf("invalid plugin config: %w", err) } else if len(warnings) > 0 { ws, err := ic.GetSingle(plugins.WarningPlugin) @@ -100,7 +106,7 @@ func initCRIBase(ic *plugin.InitContext) (interface{}, error) { containerdStateDir := filepath.Dir(ic.Properties[plugins.PropertyStateDir]) stateDir := filepath.Join(containerdStateDir, "io.containerd.grpc.v1.cri") c := criconfig.Config{ - PluginConfig: *pluginConfig, + RuntimeConfig: *pluginConfig, ContainerdRootDir: containerdRootDir, ContainerdEndpoint: ic.Properties[plugins.PropertyGRPCAddress], RootDir: rootDir, @@ -118,12 +124,33 @@ func initCRIBase(ic *plugin.InitContext) (interface{}, error) { return nil, fmt.Errorf("failed to create load basic oci spec: %w", err) } - return &CRIBase{ - Config: c, - BaseOCISpecs: ociSpec, + return &runtime{ + config: c, + baseOCISpecs: ociSpec, }, nil } +// runtime contains common dependencies for CRI's runtime, image, and podsandbox services. +type runtime struct { + // Config contains all configurations. + config criconfig.Config + // BaseOCISpecs contains cached OCI specs loaded via `Runtime.BaseRuntimeSpec` + baseOCISpecs map[string]*oci.Spec +} + +func (r *runtime) Config() criconfig.Config { + return r.config +} + +func (r *runtime) LoadOCISpec(filename string) (*oci.Spec, error) { + spec, ok := r.baseOCISpecs[filename] + if !ok { + // TODO: Load here or only allow preloading... + return nil, errdefs.ErrNotFound + } + return spec, nil +} + func loadBaseOCISpecs(config *criconfig.Config) (map[string]*oci.Spec, error) { specs := map[string]*oci.Spec{} for _, cfg := range config.Runtimes { diff --git a/plugins/gc/scheduler.go b/plugins/gc/scheduler.go index a673a25cd8f6..3213ba3ddf8b 100644 --- a/plugins/gc/scheduler.go +++ b/plugins/gc/scheduler.go @@ -23,6 +23,7 @@ import ( "sync" "time" + "github.com/containerd/containerd/v2/internal/tomlext" "github.com/containerd/containerd/v2/pkg/gc" "github.com/containerd/containerd/v2/plugins" "github.com/containerd/log" @@ -70,7 +71,7 @@ type config struct { // schedule. Use suffix "ms" for millisecond and "s" for second. // // Default is "0ms" - ScheduleDelay duration `toml:"schedule_delay"` + ScheduleDelay tomlext.Duration `toml:"schedule_delay"` // StartupDelay is the delay duration to do an initial garbage // collection after startup. The initial garbage collection is used to @@ -79,22 +80,7 @@ type config struct { // "ms" for millisecond and "s" for second. // // Default is "100ms" - StartupDelay duration `toml:"startup_delay"` -} - -type duration time.Duration - -func (d *duration) UnmarshalText(text []byte) error { - ed, err := time.ParseDuration(string(text)) - if err != nil { - return err - } - *d = duration(ed) - return nil -} - -func (d duration) MarshalText() (text []byte, err error) { - return []byte(time.Duration(d).String()), nil + StartupDelay tomlext.Duration `toml:"startup_delay"` } func init() { @@ -108,8 +94,8 @@ func init() { PauseThreshold: 0.02, DeletionThreshold: 0, MutationThreshold: 100, - ScheduleDelay: duration(0), - StartupDelay: duration(100 * time.Millisecond), + ScheduleDelay: tomlext.FromStdTime(0), + StartupDelay: tomlext.FromStdTime(100 * time.Millisecond), }, InitFn: func(ic *plugin.InitContext) (interface{}, error) { md, err := ic.GetSingle(plugins.MetadataPlugin) diff --git a/plugins/gc/scheduler_test.go b/plugins/gc/scheduler_test.go index befd375400ce..643d37630dcc 100644 --- a/plugins/gc/scheduler_test.go +++ b/plugins/gc/scheduler_test.go @@ -22,6 +22,7 @@ import ( "testing" "time" + "github.com/containerd/containerd/v2/internal/tomlext" "github.com/containerd/containerd/v2/pkg/gc" "github.com/stretchr/testify/assert" ) @@ -152,7 +153,7 @@ func TestStartupDelay(t *testing.T) { cfg = &config{ // Prevent GC from scheduling again before check PauseThreshold: 0.001, - StartupDelay: duration(startupDelay), + StartupDelay: tomlext.Duration(startupDelay), } tc = &testCollector{ d: time.Second, diff --git a/plugins/restart/monitor.go b/plugins/restart/monitor.go index b47442025eb5..4016159e16d2 100644 --- a/plugins/restart/monitor.go +++ b/plugins/restart/monitor.go @@ -25,6 +25,7 @@ import ( containerd "github.com/containerd/containerd/v2/client" "github.com/containerd/containerd/v2/core/runtime/restart" + "github.com/containerd/containerd/v2/internal/tomlext" "github.com/containerd/containerd/v2/pkg/namespaces" "github.com/containerd/containerd/v2/plugins" "github.com/containerd/log" @@ -32,24 +33,10 @@ import ( "github.com/containerd/plugin/registry" ) -type duration struct { - time.Duration -} - -func (d *duration) UnmarshalText(text []byte) error { - var err error - d.Duration, err = time.ParseDuration(string(text)) - return err -} - -func (d duration) MarshalText() ([]byte, error) { - return []byte(d.Duration.String()), nil -} - // Config for the restart monitor type Config struct { // Interval for how long to wait to check for state changes - Interval duration `toml:"interval"` + Interval tomlext.Duration `toml:"interval"` } func init() { @@ -61,9 +48,7 @@ func init() { }, ID: "restart", Config: &Config{ - Interval: duration{ - Duration: 10 * time.Second, - }, + Interval: tomlext.FromStdTime(10 * time.Second), }, InitFn: func(ic *plugin.InitContext) (interface{}, error) { ic.Meta.Capabilities = []string{"no", "always", "on-failure", "unless-stopped"} @@ -74,7 +59,7 @@ func init() { m := &monitor{ client: client, } - go m.run(ic.Config.(*Config).Interval.Duration) + go m.run(tomlext.ToStdTime(ic.Config.(*Config).Interval)) return m, nil }, }) diff --git a/plugins/services/events/service.go b/plugins/services/events/service.go index 3bea13467079..29fbd9812375 100644 --- a/plugins/services/events/service.go +++ b/plugins/services/events/service.go @@ -22,6 +22,7 @@ import ( api "github.com/containerd/containerd/v2/api/services/events/v1" apittrpc "github.com/containerd/containerd/v2/api/services/ttrpc/events/v1" + "github.com/containerd/containerd/v2/api/types" "github.com/containerd/containerd/v2/pkg/events" "github.com/containerd/containerd/v2/pkg/events/exchange" "github.com/containerd/containerd/v2/plugins" @@ -114,8 +115,8 @@ func (s *service) Subscribe(req *api.SubscribeRequest, srv api.Events_SubscribeS } } -func toProto(env *events.Envelope) *api.Envelope { - return &api.Envelope{ +func toProto(env *events.Envelope) *types.Envelope { + return &types.Envelope{ Timestamp: protobuf.ToTimestamp(env.Timestamp), Namespace: env.Namespace, Topic: env.Topic, @@ -123,7 +124,7 @@ func toProto(env *events.Envelope) *api.Envelope { } } -func fromProto(env *api.Envelope) *events.Envelope { +func fromProto(env *types.Envelope) *events.Envelope { return &events.Envelope{ Timestamp: protobuf.FromTimestamp(env.Timestamp), Namespace: env.Namespace, diff --git a/plugins/services/events/ttrpc.go b/plugins/services/events/ttrpc.go index dc0d4f4fc7eb..fcc1bd85b6af 100644 --- a/plugins/services/events/ttrpc.go +++ b/plugins/services/events/ttrpc.go @@ -20,6 +20,7 @@ import ( "context" api "github.com/containerd/containerd/v2/api/services/ttrpc/events/v1" + "github.com/containerd/containerd/v2/api/types" "github.com/containerd/containerd/v2/pkg/events" "github.com/containerd/containerd/v2/pkg/events/exchange" "github.com/containerd/containerd/v2/protobuf" @@ -39,7 +40,7 @@ func (s *ttrpcService) Forward(ctx context.Context, r *api.ForwardRequest) (*pty return &ptypes.Empty{}, nil } -func fromTProto(env *api.Envelope) *events.Envelope { +func fromTProto(env *types.Envelope) *events.Envelope { return &events.Envelope{ Timestamp: protobuf.FromTimestamp(env.Timestamp), Namespace: env.Namespace, diff --git a/plugins/transfer/plugin.go b/plugins/transfer/plugin.go index 5737b2936571..49842b12a2f3 100644 --- a/plugins/transfer/plugin.go +++ b/plugins/transfer/plugin.go @@ -22,7 +22,6 @@ import ( "github.com/containerd/containerd/v2/core/diff" "github.com/containerd/containerd/v2/core/leases" "github.com/containerd/containerd/v2/core/metadata" - "github.com/containerd/containerd/v2/defaults" "github.com/containerd/containerd/v2/pkg/imageverifier" "github.com/containerd/containerd/v2/pkg/transfer/local" "github.com/containerd/containerd/v2/pkg/unpack" @@ -81,12 +80,7 @@ func init() { // If UnpackConfiguration is not defined, set the default. // If UnpackConfiguration is defined and empty, ignore. if config.UnpackConfiguration == nil { - config.UnpackConfiguration = []unpackConfiguration{ - { - Platform: platforms.Format(platforms.DefaultSpec()), - Snapshotter: defaults.DefaultSnapshotter, - }, - } + config.UnpackConfiguration = defaultUnpackConfig() } for _, uc := range config.UnpackConfiguration { p, err := platforms.Parse(uc.Platform) @@ -122,7 +116,7 @@ func init() { continue } if applier != nil { - log.G(ic.Context).Warnf("multiple differs match for platform, set `differ` option to choose, skipping %q", name) + log.G(ic.Context).Warnf("multiple differs match for platform, set `differ` option to choose, skipping %q", plugin.Registration.ID) continue } inst, err := plugin.Instance() diff --git a/plugins/transfer/plugin_defaults_other.go b/plugins/transfer/plugin_defaults_other.go new file mode 100644 index 000000000000..23b948eebf95 --- /dev/null +++ b/plugins/transfer/plugin_defaults_other.go @@ -0,0 +1,33 @@ +//go:build !windows + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package transfer + +import ( + "github.com/containerd/containerd/v2/defaults" + "github.com/containerd/platforms" +) + +func defaultUnpackConfig() []unpackConfiguration { + return []unpackConfiguration{ + { + Platform: platforms.Format(platforms.DefaultSpec()), + Snapshotter: defaults.DefaultSnapshotter, + }, + } +} diff --git a/plugins/transfer/plugin_defaults_windows.go b/plugins/transfer/plugin_defaults_windows.go new file mode 100644 index 000000000000..74946bb4ba62 --- /dev/null +++ b/plugins/transfer/plugin_defaults_windows.go @@ -0,0 +1,32 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package transfer + +import ( + "github.com/containerd/containerd/v2/defaults" + "github.com/containerd/platforms" +) + +func defaultUnpackConfig() []unpackConfiguration { + return []unpackConfiguration{ + { + Platform: platforms.Format(platforms.DefaultSpec()), + Snapshotter: defaults.DefaultSnapshotter, + Differ: defaults.DefaultDiffer, + }, + } +} diff --git a/plugins/types.go b/plugins/types.go index 740e2d2532e7..c0973444396b 100644 --- a/plugins/types.go +++ b/plugins/types.go @@ -67,8 +67,8 @@ const ( ImageVerifierPlugin plugin.Type = "io.containerd.image-verifier.v1" // WarningPlugin implements a warning service WarningPlugin plugin.Type = "io.containerd.warning.v1" - // CRIImagePlugin implements a cri image service - CRIImagePlugin plugin.Type = "io.containerd.cri.image.v1" + // CRIServicePlugin implements a cri service + CRIServicePlugin plugin.Type = "io.containerd.cri.v1" ) const ( diff --git a/releases/v2.0.0-beta.toml b/releases/v2.0.0-beta.toml index 2a0d2a56075d..7f963e845579 100644 --- a/releases/v2.0.0-beta.toml +++ b/releases/v2.0.0-beta.toml @@ -33,3 +33,5 @@ See also the [Getting Started](https://github.com/containerd/containerd/blob/mai override_deps."github.com/containerd/log".previous = "cf9777876edf6a4aa230c739bc7eec5ab8349e9c" override_deps."github.com/containerd/plugin".previous = "497c49344a4b9894a7e26497420cb7fa817facba" +override_deps."github.com/containerd/platforms".previous = "f18f3c661f7de73d5569f61ff72d98dae1c1700a" +override_deps."github.com/containerd/errdefs".previous = "f18f3c661f7de73d5569f61ff72d98dae1c1700a" diff --git a/script/setup/crun-version b/script/setup/crun-version index 809bdcb851df..63738cc28dcf 100644 --- a/script/setup/crun-version +++ b/script/setup/crun-version @@ -1 +1 @@ -1.12 +1.14 diff --git a/script/setup/runc-version b/script/setup/runc-version index 183679ecba04..19f5e1b57edb 100644 --- a/script/setup/runc-version +++ b/script/setup/runc-version @@ -1 +1 @@ -v1.1.11 +v1.1.12 diff --git a/vendor/github.com/google/uuid/CHANGELOG.md b/vendor/github.com/google/uuid/CHANGELOG.md index c9fb829dc64f..7ec5ac7ea909 100644 --- a/vendor/github.com/google/uuid/CHANGELOG.md +++ b/vendor/github.com/google/uuid/CHANGELOG.md @@ -1,5 +1,18 @@ # Changelog +## [1.6.0](https://github.com/google/uuid/compare/v1.5.0...v1.6.0) (2024-01-16) + + +### Features + +* add Max UUID constant ([#149](https://github.com/google/uuid/issues/149)) ([c58770e](https://github.com/google/uuid/commit/c58770eb495f55fe2ced6284f93c5158a62e53e3)) + + +### Bug Fixes + +* fix typo in version 7 uuid documentation ([#153](https://github.com/google/uuid/issues/153)) ([016b199](https://github.com/google/uuid/commit/016b199544692f745ffc8867b914129ecb47ef06)) +* Monotonicity in UUIDv7 ([#150](https://github.com/google/uuid/issues/150)) ([a2b2b32](https://github.com/google/uuid/commit/a2b2b32373ff0b1a312b7fdf6d38a977099698a6)) + ## [1.5.0](https://github.com/google/uuid/compare/v1.4.0...v1.5.0) (2023-12-12) diff --git a/vendor/github.com/google/uuid/hash.go b/vendor/github.com/google/uuid/hash.go index b404f4bec274..dc60082d3b3b 100644 --- a/vendor/github.com/google/uuid/hash.go +++ b/vendor/github.com/google/uuid/hash.go @@ -17,6 +17,12 @@ var ( NameSpaceOID = Must(Parse("6ba7b812-9dad-11d1-80b4-00c04fd430c8")) NameSpaceX500 = Must(Parse("6ba7b814-9dad-11d1-80b4-00c04fd430c8")) Nil UUID // empty UUID, all zeros + + // The Max UUID is special form of UUID that is specified to have all 128 bits set to 1. + Max = UUID{ + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + } ) // NewHash returns a new UUID derived from the hash of space concatenated with diff --git a/vendor/github.com/google/uuid/version7.go b/vendor/github.com/google/uuid/version7.go index ba9dd5eb689b..3167b643d459 100644 --- a/vendor/github.com/google/uuid/version7.go +++ b/vendor/github.com/google/uuid/version7.go @@ -44,7 +44,7 @@ func NewV7FromReader(r io.Reader) (UUID, error) { // makeV7 fill 48 bits time (uuid[0] - uuid[5]), set version b0111 (uuid[6]) // uuid[8] already has the right version number (Variant is 10) -// see function NewV7 and NewV7FromReader +// see function NewV7 and NewV7FromReader func makeV7(uuid []byte) { /* 0 1 2 3 @@ -52,7 +52,7 @@ func makeV7(uuid []byte) { +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | unix_ts_ms | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ - | unix_ts_ms | ver | rand_a | + | unix_ts_ms | ver | rand_a (12 bit seq) | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ |var| rand_b | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ @@ -61,7 +61,7 @@ func makeV7(uuid []byte) { */ _ = uuid[15] // bounds check - t := timeNow().UnixMilli() + t, s := getV7Time() uuid[0] = byte(t >> 40) uuid[1] = byte(t >> 32) @@ -70,6 +70,35 @@ func makeV7(uuid []byte) { uuid[4] = byte(t >> 8) uuid[5] = byte(t) - uuid[6] = 0x70 | (uuid[6] & 0x0F) - // uuid[8] has already has right version + uuid[6] = 0x70 | (0x0F & byte(s>>8)) + uuid[7] = byte(s) +} + +// lastV7time is the last time we returned stored as: +// +// 52 bits of time in milliseconds since epoch +// 12 bits of (fractional nanoseconds) >> 8 +var lastV7time int64 + +const nanoPerMilli = 1000000 + +// getV7Time returns the time in milliseconds and nanoseconds / 256. +// The returned (milli << 12 + seq) is guarenteed to be greater than +// (milli << 12 + seq) returned by any previous call to getV7Time. +func getV7Time() (milli, seq int64) { + timeMu.Lock() + defer timeMu.Unlock() + + nano := timeNow().UnixNano() + milli = nano / nanoPerMilli + // Sequence number is between 0 and 3906 (nanoPerMilli>>8) + seq = (nano - milli*nanoPerMilli) >> 8 + now := milli<<12 + seq + if now <= lastV7time { + now = lastV7time + 1 + milli = now >> 12 + seq = now & 0xfff + } + lastV7time = now + return milli, seq } diff --git a/vendor/github.com/klauspost/compress/README.md b/vendor/github.com/klauspost/compress/README.md index 7e83f583c00a..c918f11d8b55 100644 --- a/vendor/github.com/klauspost/compress/README.md +++ b/vendor/github.com/klauspost/compress/README.md @@ -16,6 +16,18 @@ This package provides various compression algorithms. # changelog +* Dec 1st, 2023 - [v1.17.4](https://github.com/klauspost/compress/releases/tag/v1.17.4) + * huff0: Speed up symbol counting by @greatroar in https://github.com/klauspost/compress/pull/887 + * huff0: Remove byteReader by @greatroar in https://github.com/klauspost/compress/pull/886 + * gzhttp: Allow overriding decompression on transport https://github.com/klauspost/compress/pull/892 + * gzhttp: Clamp compression level https://github.com/klauspost/compress/pull/890 + * gzip: Error out if reserved bits are set https://github.com/klauspost/compress/pull/891 + +* Nov 15th, 2023 - [v1.17.3](https://github.com/klauspost/compress/releases/tag/v1.17.3) + * fse: Fix max header size https://github.com/klauspost/compress/pull/881 + * zstd: Improve better/best compression https://github.com/klauspost/compress/pull/877 + * gzhttp: Fix missing content type on Close https://github.com/klauspost/compress/pull/883 + * Oct 22nd, 2023 - [v1.17.2](https://github.com/klauspost/compress/releases/tag/v1.17.2) * zstd: Fix rare *CORRUPTION* output in "best" mode. See https://github.com/klauspost/compress/pull/876 @@ -554,7 +566,7 @@ For direct deflate use, NewStatelessWriter and StatelessDeflate are available. S A `bufio.Writer` can of course be used to control write sizes. For example, to use a 4KB buffer: -``` +```go // replace 'ioutil.Discard' with your output. gzw, err := gzip.NewWriterLevel(ioutil.Discard, gzip.StatelessCompression) if err != nil { diff --git a/vendor/github.com/klauspost/compress/s2sx.mod b/vendor/github.com/klauspost/compress/s2sx.mod index 2263853fcade..5a4412f90701 100644 --- a/vendor/github.com/klauspost/compress/s2sx.mod +++ b/vendor/github.com/klauspost/compress/s2sx.mod @@ -1,4 +1,4 @@ module github.com/klauspost/compress -go 1.16 +go 1.19 diff --git a/vendor/github.com/klauspost/compress/zstd/decodeheader.go b/vendor/github.com/klauspost/compress/zstd/decodeheader.go index f6a240970d46..6a5a2988b6f3 100644 --- a/vendor/github.com/klauspost/compress/zstd/decodeheader.go +++ b/vendor/github.com/klauspost/compress/zstd/decodeheader.go @@ -95,42 +95,54 @@ type Header struct { // If there isn't enough input, io.ErrUnexpectedEOF is returned. // The FirstBlock.OK will indicate if enough information was available to decode the first block header. func (h *Header) Decode(in []byte) error { + _, err := h.DecodeAndStrip(in) + return err +} + +// DecodeAndStrip will decode the header from the beginning of the stream +// and on success return the remaining bytes. +// This will decode the frame header and the first block header if enough bytes are provided. +// It is recommended to provide at least HeaderMaxSize bytes. +// If the frame header cannot be read an error will be returned. +// If there isn't enough input, io.ErrUnexpectedEOF is returned. +// The FirstBlock.OK will indicate if enough information was available to decode the first block header. +func (h *Header) DecodeAndStrip(in []byte) (remain []byte, err error) { *h = Header{} if len(in) < 4 { - return io.ErrUnexpectedEOF + return nil, io.ErrUnexpectedEOF } h.HeaderSize += 4 b, in := in[:4], in[4:] if string(b) != frameMagic { if string(b[1:4]) != skippableFrameMagic || b[0]&0xf0 != 0x50 { - return ErrMagicMismatch + return nil, ErrMagicMismatch } if len(in) < 4 { - return io.ErrUnexpectedEOF + return nil, io.ErrUnexpectedEOF } h.HeaderSize += 4 h.Skippable = true h.SkippableID = int(b[0] & 0xf) h.SkippableSize = binary.LittleEndian.Uint32(in) - return nil + return in[4:], nil } // Read Window_Descriptor // https://github.com/facebook/zstd/blob/dev/doc/zstd_compression_format.md#window_descriptor if len(in) < 1 { - return io.ErrUnexpectedEOF + return nil, io.ErrUnexpectedEOF } fhd, in := in[0], in[1:] h.HeaderSize++ h.SingleSegment = fhd&(1<<5) != 0 h.HasCheckSum = fhd&(1<<2) != 0 if fhd&(1<<3) != 0 { - return errors.New("reserved bit set on frame header") + return nil, errors.New("reserved bit set on frame header") } if !h.SingleSegment { if len(in) < 1 { - return io.ErrUnexpectedEOF + return nil, io.ErrUnexpectedEOF } var wd byte wd, in = in[0], in[1:] @@ -148,7 +160,7 @@ func (h *Header) Decode(in []byte) error { size = 4 } if len(in) < int(size) { - return io.ErrUnexpectedEOF + return nil, io.ErrUnexpectedEOF } b, in = in[:size], in[size:] h.HeaderSize += int(size) @@ -178,7 +190,7 @@ func (h *Header) Decode(in []byte) error { if fcsSize > 0 { h.HasFCS = true if len(in) < fcsSize { - return io.ErrUnexpectedEOF + return nil, io.ErrUnexpectedEOF } b, in = in[:fcsSize], in[fcsSize:] h.HeaderSize += int(fcsSize) @@ -199,7 +211,7 @@ func (h *Header) Decode(in []byte) error { // Frame Header done, we will not fail from now on. if len(in) < 3 { - return nil + return in, nil } tmp := in[:3] bh := uint32(tmp[0]) | (uint32(tmp[1]) << 8) | (uint32(tmp[2]) << 16) @@ -209,7 +221,7 @@ func (h *Header) Decode(in []byte) error { cSize := int(bh >> 3) switch blockType { case blockTypeReserved: - return nil + return in, nil case blockTypeRLE: h.FirstBlock.Compressed = true h.FirstBlock.DecompressedSize = cSize @@ -225,5 +237,25 @@ func (h *Header) Decode(in []byte) error { } h.FirstBlock.OK = true - return nil + return in, nil +} + +// AppendTo will append the encoded header to the dst slice. +// There is no error checking performed on the header values. +func (h *Header) AppendTo(dst []byte) ([]byte, error) { + if h.Skippable { + magic := [4]byte{0x50, 0x2a, 0x4d, 0x18} + magic[0] |= byte(h.SkippableID & 0xf) + dst = append(dst, magic[:]...) + f := h.SkippableSize + return append(dst, uint8(f), uint8(f>>8), uint8(f>>16), uint8(f>>24)), nil + } + f := frameHeader{ + ContentSize: h.FrameContentSize, + WindowSize: uint32(h.WindowSize), + SingleSegment: h.SingleSegment, + Checksum: h.HasCheckSum, + DictID: h.DictionaryID, + } + return f.appendTo(dst), nil } diff --git a/vendor/github.com/klauspost/compress/zstd/encoder_options.go b/vendor/github.com/klauspost/compress/zstd/encoder_options.go index faaf81921cd7..20671dcb91d9 100644 --- a/vendor/github.com/klauspost/compress/zstd/encoder_options.go +++ b/vendor/github.com/klauspost/compress/zstd/encoder_options.go @@ -94,7 +94,7 @@ func WithEncoderConcurrency(n int) EOption { // The value must be a power of two between MinWindowSize and MaxWindowSize. // A larger value will enable better compression but allocate more memory and, // for above-default values, take considerably longer. -// The default value is determined by the compression level. +// The default value is determined by the compression level and max 8MB. func WithWindowSize(n int) EOption { return func(o *encoderOptions) error { switch { @@ -232,9 +232,9 @@ func WithEncoderLevel(l EncoderLevel) EOption { case SpeedDefault: o.windowSize = 8 << 20 case SpeedBetterCompression: - o.windowSize = 16 << 20 + o.windowSize = 8 << 20 case SpeedBestCompression: - o.windowSize = 32 << 20 + o.windowSize = 8 << 20 } } if !o.customALEntropy { diff --git a/vendor/github.com/klauspost/compress/zstd/frameenc.go b/vendor/github.com/klauspost/compress/zstd/frameenc.go index 2f5d5ed45466..667ca06794e2 100644 --- a/vendor/github.com/klauspost/compress/zstd/frameenc.go +++ b/vendor/github.com/klauspost/compress/zstd/frameenc.go @@ -76,7 +76,7 @@ func (f frameHeader) appendTo(dst []byte) []byte { if f.SingleSegment { dst = append(dst, uint8(f.ContentSize)) } - // Unless SingleSegment is set, framessizes < 256 are nto stored. + // Unless SingleSegment is set, framessizes < 256 are not stored. case 1: f.ContentSize -= 256 dst = append(dst, uint8(f.ContentSize), uint8(f.ContentSize>>8)) diff --git a/vendor/github.com/klauspost/compress/zstd/fse_decoder_generic.go b/vendor/github.com/klauspost/compress/zstd/fse_decoder_generic.go index 332e51fe44fa..8adfebb02979 100644 --- a/vendor/github.com/klauspost/compress/zstd/fse_decoder_generic.go +++ b/vendor/github.com/klauspost/compress/zstd/fse_decoder_generic.go @@ -20,10 +20,9 @@ func (s *fseDecoder) buildDtable() error { if v == -1 { s.dt[highThreshold].setAddBits(uint8(i)) highThreshold-- - symbolNext[i] = 1 - } else { - symbolNext[i] = uint16(v) + v = 1 } + symbolNext[i] = uint16(v) } } @@ -35,10 +34,12 @@ func (s *fseDecoder) buildDtable() error { for ss, v := range s.norm[:s.symbolLen] { for i := 0; i < int(v); i++ { s.dt[position].setAddBits(uint8(ss)) - position = (position + step) & tableMask - for position > highThreshold { + for { // lowprob area position = (position + step) & tableMask + if position <= highThreshold { + break + } } } } diff --git a/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.s b/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.s index 974b99725fdc..5b06174b8981 100644 --- a/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.s +++ b/vendor/github.com/klauspost/compress/zstd/seqdec_amd64.s @@ -157,8 +157,7 @@ sequenceDecs_decode_amd64_ll_update_zero: // Update Literal Length State MOVBQZX DI, R14 - SHRQ $0x10, DI - MOVWQZX DI, DI + SHRL $0x10, DI LEAQ (BX)(R14*1), CX MOVQ DX, R15 MOVQ CX, BX @@ -177,8 +176,7 @@ sequenceDecs_decode_amd64_ll_update_zero: // Update Match Length State MOVBQZX R8, R14 - SHRQ $0x10, R8 - MOVWQZX R8, R8 + SHRL $0x10, R8 LEAQ (BX)(R14*1), CX MOVQ DX, R15 MOVQ CX, BX @@ -197,8 +195,7 @@ sequenceDecs_decode_amd64_ll_update_zero: // Update Offset State MOVBQZX R9, R14 - SHRQ $0x10, R9 - MOVWQZX R9, R9 + SHRL $0x10, R9 LEAQ (BX)(R14*1), CX MOVQ DX, R15 MOVQ CX, BX @@ -459,8 +456,7 @@ sequenceDecs_decode_56_amd64_ll_update_zero: // Update Literal Length State MOVBQZX DI, R14 - SHRQ $0x10, DI - MOVWQZX DI, DI + SHRL $0x10, DI LEAQ (BX)(R14*1), CX MOVQ DX, R15 MOVQ CX, BX @@ -479,8 +475,7 @@ sequenceDecs_decode_56_amd64_ll_update_zero: // Update Match Length State MOVBQZX R8, R14 - SHRQ $0x10, R8 - MOVWQZX R8, R8 + SHRL $0x10, R8 LEAQ (BX)(R14*1), CX MOVQ DX, R15 MOVQ CX, BX @@ -499,8 +494,7 @@ sequenceDecs_decode_56_amd64_ll_update_zero: // Update Offset State MOVBQZX R9, R14 - SHRQ $0x10, R9 - MOVWQZX R9, R9 + SHRL $0x10, R9 LEAQ (BX)(R14*1), CX MOVQ DX, R15 MOVQ CX, BX @@ -772,11 +766,10 @@ sequenceDecs_decode_bmi2_fill_2_end: BZHIQ R14, R15, R15 // Update Offset State - BZHIQ R8, R15, CX - SHRXQ R8, R15, R15 - MOVQ $0x00001010, R14 - BEXTRQ R14, R8, R8 - ADDQ CX, R8 + BZHIQ R8, R15, CX + SHRXQ R8, R15, R15 + SHRL $0x10, R8 + ADDQ CX, R8 // Load ctx.ofTable MOVQ ctx+16(FP), CX @@ -784,11 +777,10 @@ sequenceDecs_decode_bmi2_fill_2_end: MOVQ (CX)(R8*8), R8 // Update Match Length State - BZHIQ DI, R15, CX - SHRXQ DI, R15, R15 - MOVQ $0x00001010, R14 - BEXTRQ R14, DI, DI - ADDQ CX, DI + BZHIQ DI, R15, CX + SHRXQ DI, R15, R15 + SHRL $0x10, DI + ADDQ CX, DI // Load ctx.mlTable MOVQ ctx+16(FP), CX @@ -796,10 +788,9 @@ sequenceDecs_decode_bmi2_fill_2_end: MOVQ (CX)(DI*8), DI // Update Literal Length State - BZHIQ SI, R15, CX - MOVQ $0x00001010, R14 - BEXTRQ R14, SI, SI - ADDQ CX, SI + BZHIQ SI, R15, CX + SHRL $0x10, SI + ADDQ CX, SI // Load ctx.llTable MOVQ ctx+16(FP), CX @@ -1032,11 +1023,10 @@ sequenceDecs_decode_56_bmi2_fill_end: BZHIQ R14, R15, R15 // Update Offset State - BZHIQ R8, R15, CX - SHRXQ R8, R15, R15 - MOVQ $0x00001010, R14 - BEXTRQ R14, R8, R8 - ADDQ CX, R8 + BZHIQ R8, R15, CX + SHRXQ R8, R15, R15 + SHRL $0x10, R8 + ADDQ CX, R8 // Load ctx.ofTable MOVQ ctx+16(FP), CX @@ -1044,11 +1034,10 @@ sequenceDecs_decode_56_bmi2_fill_end: MOVQ (CX)(R8*8), R8 // Update Match Length State - BZHIQ DI, R15, CX - SHRXQ DI, R15, R15 - MOVQ $0x00001010, R14 - BEXTRQ R14, DI, DI - ADDQ CX, DI + BZHIQ DI, R15, CX + SHRXQ DI, R15, R15 + SHRL $0x10, DI + ADDQ CX, DI // Load ctx.mlTable MOVQ ctx+16(FP), CX @@ -1056,10 +1045,9 @@ sequenceDecs_decode_56_bmi2_fill_end: MOVQ (CX)(DI*8), DI // Update Literal Length State - BZHIQ SI, R15, CX - MOVQ $0x00001010, R14 - BEXTRQ R14, SI, SI - ADDQ CX, SI + BZHIQ SI, R15, CX + SHRL $0x10, SI + ADDQ CX, SI // Load ctx.llTable MOVQ ctx+16(FP), CX @@ -1967,8 +1955,7 @@ sequenceDecs_decodeSync_amd64_ll_update_zero: // Update Literal Length State MOVBQZX DI, R13 - SHRQ $0x10, DI - MOVWQZX DI, DI + SHRL $0x10, DI LEAQ (BX)(R13*1), CX MOVQ DX, R14 MOVQ CX, BX @@ -1987,8 +1974,7 @@ sequenceDecs_decodeSync_amd64_ll_update_zero: // Update Match Length State MOVBQZX R8, R13 - SHRQ $0x10, R8 - MOVWQZX R8, R8 + SHRL $0x10, R8 LEAQ (BX)(R13*1), CX MOVQ DX, R14 MOVQ CX, BX @@ -2007,8 +1993,7 @@ sequenceDecs_decodeSync_amd64_ll_update_zero: // Update Offset State MOVBQZX R9, R13 - SHRQ $0x10, R9 - MOVWQZX R9, R9 + SHRL $0x10, R9 LEAQ (BX)(R13*1), CX MOVQ DX, R14 MOVQ CX, BX @@ -2514,11 +2499,10 @@ sequenceDecs_decodeSync_bmi2_fill_2_end: BZHIQ R13, R14, R14 // Update Offset State - BZHIQ R8, R14, CX - SHRXQ R8, R14, R14 - MOVQ $0x00001010, R13 - BEXTRQ R13, R8, R8 - ADDQ CX, R8 + BZHIQ R8, R14, CX + SHRXQ R8, R14, R14 + SHRL $0x10, R8 + ADDQ CX, R8 // Load ctx.ofTable MOVQ ctx+16(FP), CX @@ -2526,11 +2510,10 @@ sequenceDecs_decodeSync_bmi2_fill_2_end: MOVQ (CX)(R8*8), R8 // Update Match Length State - BZHIQ DI, R14, CX - SHRXQ DI, R14, R14 - MOVQ $0x00001010, R13 - BEXTRQ R13, DI, DI - ADDQ CX, DI + BZHIQ DI, R14, CX + SHRXQ DI, R14, R14 + SHRL $0x10, DI + ADDQ CX, DI // Load ctx.mlTable MOVQ ctx+16(FP), CX @@ -2538,10 +2521,9 @@ sequenceDecs_decodeSync_bmi2_fill_2_end: MOVQ (CX)(DI*8), DI // Update Literal Length State - BZHIQ SI, R14, CX - MOVQ $0x00001010, R13 - BEXTRQ R13, SI, SI - ADDQ CX, SI + BZHIQ SI, R14, CX + SHRL $0x10, SI + ADDQ CX, SI // Load ctx.llTable MOVQ ctx+16(FP), CX @@ -3055,8 +3037,7 @@ sequenceDecs_decodeSync_safe_amd64_ll_update_zero: // Update Literal Length State MOVBQZX DI, R13 - SHRQ $0x10, DI - MOVWQZX DI, DI + SHRL $0x10, DI LEAQ (BX)(R13*1), CX MOVQ DX, R14 MOVQ CX, BX @@ -3075,8 +3056,7 @@ sequenceDecs_decodeSync_safe_amd64_ll_update_zero: // Update Match Length State MOVBQZX R8, R13 - SHRQ $0x10, R8 - MOVWQZX R8, R8 + SHRL $0x10, R8 LEAQ (BX)(R13*1), CX MOVQ DX, R14 MOVQ CX, BX @@ -3095,8 +3075,7 @@ sequenceDecs_decodeSync_safe_amd64_ll_update_zero: // Update Offset State MOVBQZX R9, R13 - SHRQ $0x10, R9 - MOVWQZX R9, R9 + SHRL $0x10, R9 LEAQ (BX)(R13*1), CX MOVQ DX, R14 MOVQ CX, BX @@ -3704,11 +3683,10 @@ sequenceDecs_decodeSync_safe_bmi2_fill_2_end: BZHIQ R13, R14, R14 // Update Offset State - BZHIQ R8, R14, CX - SHRXQ R8, R14, R14 - MOVQ $0x00001010, R13 - BEXTRQ R13, R8, R8 - ADDQ CX, R8 + BZHIQ R8, R14, CX + SHRXQ R8, R14, R14 + SHRL $0x10, R8 + ADDQ CX, R8 // Load ctx.ofTable MOVQ ctx+16(FP), CX @@ -3716,11 +3694,10 @@ sequenceDecs_decodeSync_safe_bmi2_fill_2_end: MOVQ (CX)(R8*8), R8 // Update Match Length State - BZHIQ DI, R14, CX - SHRXQ DI, R14, R14 - MOVQ $0x00001010, R13 - BEXTRQ R13, DI, DI - ADDQ CX, DI + BZHIQ DI, R14, CX + SHRXQ DI, R14, R14 + SHRL $0x10, DI + ADDQ CX, DI // Load ctx.mlTable MOVQ ctx+16(FP), CX @@ -3728,10 +3705,9 @@ sequenceDecs_decodeSync_safe_bmi2_fill_2_end: MOVQ (CX)(DI*8), DI // Update Literal Length State - BZHIQ SI, R14, CX - MOVQ $0x00001010, R13 - BEXTRQ R13, SI, SI - ADDQ CX, SI + BZHIQ SI, R14, CX + SHRL $0x10, SI + ADDQ CX, SI // Load ctx.llTable MOVQ ctx+16(FP), CX diff --git a/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go b/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go index 5954801122ad..e9e97d451115 100644 --- a/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go +++ b/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go @@ -430,7 +430,7 @@ type ClientHeader struct { MethodName string `protobuf:"bytes,2,opt,name=method_name,json=methodName,proto3" json:"method_name,omitempty"` // A single process may be used to run multiple virtual // servers with different identities. - // The authority is the name of such a server identitiy. + // The authority is the name of such a server identity. // It is typically a portion of the URI in the form of // or : . Authority string `protobuf:"bytes,3,opt,name=authority,proto3" json:"authority,omitempty"` diff --git a/vendor/google.golang.org/grpc/clientconn.go b/vendor/google.golang.org/grpc/clientconn.go index e6f2625b6844..f6e815e6bfc8 100644 --- a/vendor/google.golang.org/grpc/clientconn.go +++ b/vendor/google.golang.org/grpc/clientconn.go @@ -1860,27 +1860,15 @@ func (cc *ClientConn) determineAuthority() error { } endpoint := cc.parsedTarget.Endpoint() - target := cc.target - switch { - case authorityFromDialOption != "": + if authorityFromDialOption != "" { cc.authority = authorityFromDialOption - case authorityFromCreds != "": + } else if authorityFromCreds != "" { cc.authority = authorityFromCreds - case strings.HasPrefix(target, "unix:") || strings.HasPrefix(target, "unix-abstract:"): - // TODO: remove when the unix resolver implements optional interface to - // return channel authority. - cc.authority = "localhost" - case strings.HasPrefix(endpoint, ":"): + } else if auth, ok := cc.resolverBuilder.(resolver.AuthorityOverrider); ok { + cc.authority = auth.OverrideAuthority(cc.parsedTarget) + } else if strings.HasPrefix(endpoint, ":") { cc.authority = "localhost" + endpoint - default: - // TODO: Define an optional interface on the resolver builder to return - // the channel authority given the user's dial target. For resolvers - // which don't implement this interface, we will use the endpoint from - // "scheme://authority/endpoint" as the default authority. - // Escape the endpoint to handle use cases where the endpoint - // might not be a valid authority by default. - // For example an endpoint which has multiple paths like - // 'a/b/c', which is not a valid authority by default. + } else { cc.authority = encodeAuthority(endpoint) } channelz.Infof(logger, cc.channelzID, "Channel authority set to %q", cc.authority) diff --git a/vendor/google.golang.org/grpc/internal/internal.go b/vendor/google.golang.org/grpc/internal/internal.go index 2549fe8e3b88..6c7ea6a5336f 100644 --- a/vendor/google.golang.org/grpc/internal/internal.go +++ b/vendor/google.golang.org/grpc/internal/internal.go @@ -57,7 +57,7 @@ var ( // GetXDSHandshakeInfoForTesting returns a pointer to the xds.HandshakeInfo // stored in the passed in attributes. This is set by // credentials/xds/xds.go. - GetXDSHandshakeInfoForTesting any // func (*attributes.Attributes) *xds.HandshakeInfo + GetXDSHandshakeInfoForTesting any // func (*attributes.Attributes) *unsafe.Pointer // GetServerCredentials returns the transport credentials configured on a // gRPC server. An xDS-enabled server needs to know what type of credentials // is configured on the underlying gRPC server. This is set by server.go. @@ -68,11 +68,6 @@ var ( // This is used in the 1.0 release of gcp/observability, and thus must not be // deleted or changed. CanonicalString any // func (codes.Code) string - // DrainServerTransports initiates a graceful close of existing connections - // on a gRPC server accepted on the provided listener address. An - // xDS-enabled server invokes this method on a grpc.Server when a particular - // listener moves to "not-serving" mode. - DrainServerTransports any // func(*grpc.Server, string) // IsRegisteredMethod returns whether the passed in method is registered as // a method on the server. IsRegisteredMethod any // func(*grpc.Server, string) bool @@ -188,6 +183,19 @@ var ( ExitIdleModeForTesting any // func(*grpc.ClientConn) error ChannelzTurnOffForTesting func() + + // TriggerXDSResourceNameNotFoundForTesting triggers the resource-not-found + // error for a given resource type and name. This is usually triggered when + // the associated watch timer fires. For testing purposes, having this + // function makes events more predictable than relying on timer events. + TriggerXDSResourceNameNotFoundForTesting any // func(func(xdsresource.Type, string), string, string) error + + // TriggerXDSResourceNotFoundClient invokes the testing xDS Client singleton + // to invoke resource not found for a resource type name and resource name. + TriggerXDSResourceNameNotFoundClient any // func(string, string) error + + // FromOutgoingContextRaw returns the un-merged, intermediary contents of metadata.rawMD. + FromOutgoingContextRaw any // func(context.Context) (metadata.MD, [][]string, bool) ) // HealthChecker defines the signature of the client-side LB channel health checking function. diff --git a/vendor/google.golang.org/grpc/internal/resolver/unix/unix.go b/vendor/google.golang.org/grpc/internal/resolver/unix/unix.go index 160911687738..27cd81af9e5f 100644 --- a/vendor/google.golang.org/grpc/internal/resolver/unix/unix.go +++ b/vendor/google.golang.org/grpc/internal/resolver/unix/unix.go @@ -61,6 +61,10 @@ func (b *builder) Scheme() string { return b.scheme } +func (b *builder) OverrideAuthority(resolver.Target) string { + return "localhost" +} + type nopResolver struct { } diff --git a/vendor/google.golang.org/grpc/internal/tcp_keepalive_nonunix.go b/vendor/google.golang.org/grpc/internal/tcp_keepalive_others.go similarity index 96% rename from vendor/google.golang.org/grpc/internal/tcp_keepalive_nonunix.go rename to vendor/google.golang.org/grpc/internal/tcp_keepalive_others.go index aeffd3e1c7b1..4f347edd423e 100644 --- a/vendor/google.golang.org/grpc/internal/tcp_keepalive_nonunix.go +++ b/vendor/google.golang.org/grpc/internal/tcp_keepalive_others.go @@ -1,4 +1,4 @@ -//go:build !unix +//go:build !unix && !windows /* * Copyright 2023 gRPC authors. diff --git a/vendor/google.golang.org/grpc/internal/tcp_keepalive_windows.go b/vendor/google.golang.org/grpc/internal/tcp_keepalive_windows.go new file mode 100644 index 000000000000..fd7d43a8907b --- /dev/null +++ b/vendor/google.golang.org/grpc/internal/tcp_keepalive_windows.go @@ -0,0 +1,54 @@ +//go:build windows + +/* + * Copyright 2023 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package internal + +import ( + "net" + "syscall" + "time" + + "golang.org/x/sys/windows" +) + +// NetDialerWithTCPKeepalive returns a net.Dialer that enables TCP keepalives on +// the underlying connection with OS default values for keepalive parameters. +// +// TODO: Once https://github.com/golang/go/issues/62254 lands, and the +// appropriate Go version becomes less than our least supported Go version, we +// should look into using the new API to make things more straightforward. +func NetDialerWithTCPKeepalive() *net.Dialer { + return &net.Dialer{ + // Setting a negative value here prevents the Go stdlib from overriding + // the values of TCP keepalive time and interval. It also prevents the + // Go stdlib from enabling TCP keepalives by default. + KeepAlive: time.Duration(-1), + // This method is called after the underlying network socket is created, + // but before dialing the socket (or calling its connect() method). The + // combination of unconditionally enabling TCP keepalives here, and + // disabling the overriding of TCP keepalive parameters by setting the + // KeepAlive field to a negative value above, results in OS defaults for + // the TCP keealive interval and time parameters. + Control: func(_, _ string, c syscall.RawConn) error { + return c.Control(func(fd uintptr) { + windows.SetsockoptInt(windows.Handle(fd), windows.SOL_SOCKET, windows.SO_KEEPALIVE, 1) + }) + }, + } +} diff --git a/vendor/google.golang.org/grpc/internal/transport/http2_client.go b/vendor/google.golang.org/grpc/internal/transport/http2_client.go index 59f67655a854..c33ac5961b2f 100644 --- a/vendor/google.golang.org/grpc/internal/transport/http2_client.go +++ b/vendor/google.golang.org/grpc/internal/transport/http2_client.go @@ -59,6 +59,8 @@ import ( // atomically. var clientConnectionCounter uint64 +var metadataFromOutgoingContextRaw = internal.FromOutgoingContextRaw.(func(context.Context) (metadata.MD, [][]string, bool)) + // http2Client implements the ClientTransport interface with HTTP2. type http2Client struct { lastRead int64 // Keep this field 64-bit aligned. Accessed atomically. @@ -568,7 +570,7 @@ func (t *http2Client) createHeaderFields(ctx context.Context, callHdr *CallHdr) headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-trace-bin", Value: encodeBinHeader(b)}) } - if md, added, ok := metadata.FromOutgoingContextRaw(ctx); ok { + if md, added, ok := metadataFromOutgoingContextRaw(ctx); ok { var k string for k, vv := range md { // HTTP doesn't allow you to set pseudoheaders after non pseudoheaders were set. @@ -1323,10 +1325,8 @@ func (t *http2Client) handleGoAway(f *http2.GoAwayFrame) { for streamID, stream := range t.activeStreams { if streamID > id && streamID <= upperLimit { // The stream was unprocessed by the server. - if streamID > id && streamID <= upperLimit { - atomic.StoreUint32(&stream.unprocessed, 1) - streamsToClose = append(streamsToClose, stream) - } + atomic.StoreUint32(&stream.unprocessed, 1) + streamsToClose = append(streamsToClose, stream) } } t.mu.Unlock() diff --git a/vendor/google.golang.org/grpc/internal/transport/http2_server.go b/vendor/google.golang.org/grpc/internal/transport/http2_server.go index 680c9eba0b17..f6bac0e8a00d 100644 --- a/vendor/google.golang.org/grpc/internal/transport/http2_server.go +++ b/vendor/google.golang.org/grpc/internal/transport/http2_server.go @@ -960,7 +960,12 @@ func (t *http2Server) WriteHeader(s *Stream, md metadata.MD) error { } } if err := t.writeHeaderLocked(s); err != nil { - return status.Convert(err).Err() + switch e := err.(type) { + case ConnectionError: + return status.Error(codes.Unavailable, e.Desc) + default: + return status.Convert(err).Err() + } } return nil } diff --git a/vendor/google.golang.org/grpc/metadata/metadata.go b/vendor/google.golang.org/grpc/metadata/metadata.go index 49446825763b..1e9485fd6e26 100644 --- a/vendor/google.golang.org/grpc/metadata/metadata.go +++ b/vendor/google.golang.org/grpc/metadata/metadata.go @@ -25,8 +25,14 @@ import ( "context" "fmt" "strings" + + "google.golang.org/grpc/internal" ) +func init() { + internal.FromOutgoingContextRaw = fromOutgoingContextRaw +} + // DecodeKeyValue returns k, v, nil. // // Deprecated: use k and v directly instead. @@ -238,16 +244,13 @@ func copyOf(v []string) []string { return vals } -// FromOutgoingContextRaw returns the un-merged, intermediary contents of rawMD. +// fromOutgoingContextRaw returns the un-merged, intermediary contents of rawMD. // // Remember to perform strings.ToLower on the keys, for both the returned MD (MD // is a map, there's no guarantee it's created using our helper functions) and // the extra kv pairs (AppendToOutgoingContext doesn't turn them into // lowercase). -// -// This is intended for gRPC-internal use ONLY. Users should use -// FromOutgoingContext instead. -func FromOutgoingContextRaw(ctx context.Context) (MD, [][]string, bool) { +func fromOutgoingContextRaw(ctx context.Context) (MD, [][]string, bool) { raw, ok := ctx.Value(mdOutgoingKey{}).(rawMD) if !ok { return nil, nil, false diff --git a/vendor/google.golang.org/grpc/resolver/resolver.go b/vendor/google.golang.org/grpc/resolver/resolver.go index bd1c7d01b7ec..adf89dd9cfe0 100644 --- a/vendor/google.golang.org/grpc/resolver/resolver.go +++ b/vendor/google.golang.org/grpc/resolver/resolver.go @@ -314,3 +314,13 @@ type Resolver interface { // Close closes the resolver. Close() } + +// AuthorityOverrider is implemented by Builders that wish to override the +// default authority for the ClientConn. +// By default, the authority used is target.Endpoint(). +type AuthorityOverrider interface { + // OverrideAuthority returns the authority to use for a ClientConn with the + // given target. The implementation must generate it without blocking, + // typically in line, and must keep it unchanged. + OverrideAuthority(Target) string +} diff --git a/vendor/google.golang.org/grpc/rpc_util.go b/vendor/google.golang.org/grpc/rpc_util.go index b7723aa09cbb..a4b6bc6873c3 100644 --- a/vendor/google.golang.org/grpc/rpc_util.go +++ b/vendor/google.golang.org/grpc/rpc_util.go @@ -640,14 +640,18 @@ func encode(c baseCodec, msg any) ([]byte, error) { return b, nil } -// compress returns the input bytes compressed by compressor or cp. If both -// compressors are nil, returns nil. +// compress returns the input bytes compressed by compressor or cp. +// If both compressors are nil, or if the message has zero length, returns nil, +// indicating no compression was done. // // TODO(dfawley): eliminate cp parameter by wrapping Compressor in an encoding.Compressor. func compress(in []byte, cp Compressor, compressor encoding.Compressor) ([]byte, error) { if compressor == nil && cp == nil { return nil, nil } + if len(in) == 0 { + return nil, nil + } wrapErr := func(err error) error { return status.Errorf(codes.Internal, "grpc: error while compressing: %v", err.Error()) } diff --git a/vendor/google.golang.org/grpc/server.go b/vendor/google.golang.org/grpc/server.go index 682fa1831ec8..e89c5ac6136c 100644 --- a/vendor/google.golang.org/grpc/server.go +++ b/vendor/google.golang.org/grpc/server.go @@ -74,9 +74,6 @@ func init() { return srv.isRegisteredMethod(method) } internal.ServerFromContext = serverFromContext - internal.DrainServerTransports = func(srv *Server, addr string) { - srv.drainServerTransports(addr) - } internal.AddGlobalServerOptions = func(opt ...ServerOption) { globalServerOptions = append(globalServerOptions, opt...) } @@ -139,7 +136,8 @@ type Server struct { quit *grpcsync.Event done *grpcsync.Event channelzRemoveOnce sync.Once - serveWG sync.WaitGroup // counts active Serve goroutines for GracefulStop + serveWG sync.WaitGroup // counts active Serve goroutines for Stop/GracefulStop + handlersWG sync.WaitGroup // counts active method handler goroutines channelzID *channelz.Identifier czData *channelzData @@ -176,6 +174,7 @@ type serverOptions struct { headerTableSize *uint32 numServerWorkers uint32 recvBufferPool SharedBufferPool + waitForHandlers bool } var defaultServerOptions = serverOptions{ @@ -573,6 +572,21 @@ func NumStreamWorkers(numServerWorkers uint32) ServerOption { }) } +// WaitForHandlers cause Stop to wait until all outstanding method handlers have +// exited before returning. If false, Stop will return as soon as all +// connections have closed, but method handlers may still be running. By +// default, Stop does not wait for method handlers to return. +// +// # Experimental +// +// Notice: This API is EXPERIMENTAL and may be changed or removed in a +// later release. +func WaitForHandlers(w bool) ServerOption { + return newFuncServerOption(func(o *serverOptions) { + o.waitForHandlers = w + }) +} + // RecvBufferPool returns a ServerOption that configures the server // to use the provided shared buffer pool for parsing incoming messages. Depending // on the application's workload, this could result in reduced memory allocation. @@ -932,6 +946,12 @@ func (s *Server) handleRawConn(lisAddr string, rawConn net.Conn) { return } + if cc, ok := rawConn.(interface { + PassServerTransport(transport.ServerTransport) + }); ok { + cc.PassServerTransport(st) + } + if !s.addConn(lisAddr, st) { return } @@ -941,15 +961,6 @@ func (s *Server) handleRawConn(lisAddr string, rawConn net.Conn) { }() } -func (s *Server) drainServerTransports(addr string) { - s.mu.Lock() - conns := s.conns[addr] - for st := range conns { - st.Drain("") - } - s.mu.Unlock() -} - // newHTTP2Transport sets up a http/2 transport (using the // gRPC http2 server transport in transport/http2_server.go). func (s *Server) newHTTP2Transport(c net.Conn) transport.ServerTransport { @@ -1010,9 +1021,11 @@ func (s *Server) serveStreams(ctx context.Context, st transport.ServerTransport, streamQuota := newHandlerQuota(s.opts.maxConcurrentStreams) st.HandleStreams(ctx, func(stream *transport.Stream) { + s.handlersWG.Add(1) streamQuota.acquire() f := func() { defer streamQuota.release() + defer s.handlersWG.Done() s.handleStream(st, stream) } @@ -1911,6 +1924,10 @@ func (s *Server) stop(graceful bool) { s.serverWorkerChannelClose() } + if graceful || s.opts.waitForHandlers { + s.handlersWG.Wait() + } + if s.events != nil { s.events.Finish() s.events = nil diff --git a/vendor/google.golang.org/grpc/stream.go b/vendor/google.golang.org/grpc/stream.go index b14b2fbea2eb..d621f52b1ab1 100644 --- a/vendor/google.golang.org/grpc/stream.go +++ b/vendor/google.golang.org/grpc/stream.go @@ -48,6 +48,8 @@ import ( "google.golang.org/grpc/status" ) +var metadataFromOutgoingContextRaw = internal.FromOutgoingContextRaw.(func(context.Context) (metadata.MD, [][]string, bool)) + // StreamHandler defines the handler called by gRPC server to complete the // execution of a streaming RPC. // @@ -184,7 +186,7 @@ func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth // when the RPC completes. opts = append([]CallOption{OnFinish(func(error) { cc.idlenessMgr.OnCallEnd() })}, opts...) - if md, added, ok := metadata.FromOutgoingContextRaw(ctx); ok { + if md, added, ok := metadataFromOutgoingContextRaw(ctx); ok { // validate md if err := imetadata.Validate(md); err != nil { return nil, status.Error(codes.Internal, err.Error()) diff --git a/vendor/google.golang.org/grpc/version.go b/vendor/google.golang.org/grpc/version.go index dc2cea59c939..1ad1ba2ad689 100644 --- a/vendor/google.golang.org/grpc/version.go +++ b/vendor/google.golang.org/grpc/version.go @@ -19,4 +19,4 @@ package grpc // Version is the current grpc version. -const Version = "1.60.1" +const Version = "1.61.0" diff --git a/vendor/google.golang.org/grpc/vet.sh b/vendor/google.golang.org/grpc/vet.sh index 896dc38f5063..5da38a40996f 100644 --- a/vendor/google.golang.org/grpc/vet.sh +++ b/vendor/google.golang.org/grpc/vet.sh @@ -88,7 +88,7 @@ not git grep -l 'x/net/context' -- "*.go" git grep -l '"math/rand"' -- "*.go" 2>&1 | not grep -v '^examples\|^interop/stress\|grpcrand\|^benchmark\|wrr_test' # - Do not use "interface{}"; use "any" instead. -git grep -l 'interface{}' -- "*.go" 2>&1 | not grep -v '\.pb\.go\|protoc-gen-go-grpc' +git grep -l 'interface{}' -- "*.go" 2>&1 | not grep -v '\.pb\.go\|protoc-gen-go-grpc\|grpc_testing_not_regenerate' # - Do not call grpclog directly. Use grpclog.Component instead. git grep -l -e 'grpclog.I' --or -e 'grpclog.W' --or -e 'grpclog.E' --or -e 'grpclog.F' --or -e 'grpclog.V' -- "*.go" | not grep -v '^grpclog/component.go\|^internal/grpctest/tlogger_test.go' @@ -127,7 +127,7 @@ staticcheck -go 1.19 -checks 'all' ./... > "${SC_OUT}" || true grep -v "(ST1000)" "${SC_OUT}" | grep -v "(SA1019)" | grep -v "(ST1003)" | not grep -v "(ST1019)\|\(other import of\)" # Exclude underscore checks for generated code. -grep "(ST1003)" "${SC_OUT}" | not grep -v '\(.pb.go:\)\|\(code_string_test.go:\)' +grep "(ST1003)" "${SC_OUT}" | not grep -v '\(.pb.go:\)\|\(code_string_test.go:\)\|\(grpc_testing_not_regenerate\)' # Error for duplicate imports not including grpc protos. grep "(ST1019)\|\(other import of\)" "${SC_OUT}" | not grep -Fv 'XXXXX PleaseIgnoreUnused @@ -152,6 +152,7 @@ grep "(SA1019)" "${SC_OUT}" | not grep -Fv 'XXXXX PleaseIgnoreUnused XXXXX Protobuf related deprecation errors: "github.com/golang/protobuf .pb.go: +grpc_testing_not_regenerate : ptypes. proto.RegisterType XXXXX gRPC internal usage deprecation errors: @@ -184,9 +185,6 @@ GetSafeRegexMatch GetSuffixMatch GetTlsCertificateCertificateProviderInstance GetValidationContextCertificateProviderInstance -XXXXX TODO: Remove the below deprecation usages: -CloseNotifier -Roots.Subjects XXXXX PleaseIgnoreUnused' echo SUCCESS diff --git a/vendor/modules.txt b/vendor/modules.txt index 3559ca6c14ee..a5fc36410699 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -145,7 +145,7 @@ github.com/containerd/nri/types/v1 # github.com/containerd/platforms v0.1.1 ## explicit; go 1.20 github.com/containerd/platforms -# github.com/containerd/plugin v0.0.0-20231101173250-7ec69893e1e7 +# github.com/containerd/plugin v0.1.0 ## explicit; go 1.20 github.com/containerd/plugin github.com/containerd/plugin/dynamic @@ -242,7 +242,7 @@ github.com/google/go-cmp/cmp/internal/value ## explicit; go 1.12 github.com/google/gofuzz github.com/google/gofuzz/bytesource -# github.com/google/uuid v1.5.0 +# github.com/google/uuid v1.6.0 ## explicit github.com/google/uuid # github.com/grpc-ecosystem/go-grpc-middleware v1.4.0 @@ -267,7 +267,7 @@ github.com/intel/goresctrl/pkg/utils # github.com/json-iterator/go v1.1.12 ## explicit; go 1.12 github.com/json-iterator/go -# github.com/klauspost/compress v1.17.4 +# github.com/klauspost/compress v1.17.5 ## explicit; go 1.19 github.com/klauspost/compress github.com/klauspost/compress/fse @@ -486,7 +486,7 @@ golang.org/x/net/internal/timeseries golang.org/x/net/proxy golang.org/x/net/trace golang.org/x/net/websocket -# golang.org/x/oauth2 v0.13.0 +# golang.org/x/oauth2 v0.14.0 ## explicit; go 1.18 golang.org/x/oauth2 golang.org/x/oauth2/internal @@ -545,7 +545,7 @@ google.golang.org/appengine/internal/log google.golang.org/appengine/internal/remote_api google.golang.org/appengine/internal/urlfetch google.golang.org/appengine/urlfetch -# google.golang.org/genproto/googleapis/api v0.0.0-20231002182017-d307bd883b97 +# google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 ## explicit; go 1.19 google.golang.org/genproto/googleapis/api/httpbody # google.golang.org/genproto/googleapis/rpc v0.0.0-20231212172506-995d672761c0 @@ -553,7 +553,7 @@ google.golang.org/genproto/googleapis/api/httpbody google.golang.org/genproto/googleapis/rpc/code google.golang.org/genproto/googleapis/rpc/errdetails google.golang.org/genproto/googleapis/rpc/status -# google.golang.org/grpc v1.60.1 +# google.golang.org/grpc v1.61.0 ## explicit; go 1.19 google.golang.org/grpc google.golang.org/grpc/attributes diff --git a/version/version.go b/version/version.go index 1ed753290f4c..3ef0bf431e9d 100644 --- a/version/version.go +++ b/version/version.go @@ -23,7 +23,7 @@ var ( Package = "github.com/containerd/containerd/v2" // Version holds the complete version number. Filled in at linking time. - Version = "2.0.0-beta.1+unknown" + Version = "2.0.0-beta.2+unknown" // Revision is filled with the VCS (e.g. git) revision being used to build // the program at linking time.