diff --git a/.github/workflows/build-test-images.yml b/.github/workflows/build-test-images.yml index d8c21fcfe..79f280bc1 100644 --- a/.github/workflows/build-test-images.yml +++ b/.github/workflows/build-test-images.yml @@ -37,11 +37,11 @@ jobs: working-directory: src/github.com/containerd/containerd steps: - - uses: actions/setup-go@v2 + - uses: actions/setup-go@v3 with: - go-version: '1.18.7' + go-version: '1.18.9' - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: path: src/github.com/containerd/containerd diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4561eb2d9..71d9062fb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -9,6 +9,11 @@ on: - main - 'release/**' +env: + # Go version we currently use to build containerd across all CI. + # Note: don't forget to update `Binaries` step, as it contains the matrix of all supported Go versions. + GO_VERSION: '1.18.9' + jobs: # # golangci-lint @@ -20,15 +25,20 @@ jobs: strategy: matrix: - go-version: [1.18.7] - os: [ubuntu-18.04, macos-12, windows-2019] + os: [ubuntu-20.04, macos-12, windows-2019] steps: - - uses: actions/setup-go@v2 + - name: Install dependencies + if: matrix.os == 'ubuntu-20.04' + run: | + sudo apt-get update + sudo apt-get install -y libbtrfs-dev + + - uses: actions/setup-go@v3 with: - go-version: ${{ matrix.go-version }} + go-version: ${{ env.GO_VERSION }} - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - uses: golangci/golangci-lint-action@v3 with: version: v1.49.0 @@ -40,22 +50,23 @@ jobs: # project: name: Project Checks - runs-on: ubuntu-18.04 + runs-on: ubuntu-20.04 timeout-minutes: 5 steps: - - uses: actions/setup-go@v2 + - uses: actions/setup-go@v3 with: - go-version: '1.18.7' + go-version: ${{ env.GO_VERSION }} - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: path: src/github.com/containerd/containerd fetch-depth: 100 - - uses: containerd/project-checks@v1 + - uses: containerd/project-checks@v1.1.0 with: working-directory: src/github.com/containerd/containerd + repo-access-token: ${{ secrets.GITHUB_TOKEN }} - name: verify go modules and vendor directory run: | @@ -68,7 +79,7 @@ jobs: # protos: name: Protobuf - runs-on: ubuntu-18.04 + runs-on: ubuntu-20.04 timeout-minutes: 5 defaults: @@ -76,11 +87,11 @@ jobs: working-directory: src/github.com/containerd/containerd steps: - - uses: actions/setup-go@v2 + - uses: actions/setup-go@v3 with: - go-version: '1.18.7' + go-version: ${{ env.GO_VERSION }} - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: path: src/github.com/containerd/containerd @@ -104,14 +115,14 @@ jobs: man: name: Manpages - runs-on: ubuntu-18.04 + runs-on: ubuntu-20.04 timeout-minutes: 5 steps: - - uses: actions/setup-go@v2 + - uses: actions/setup-go@v3 with: - go-version: '1.18.7' - - uses: actions/checkout@v2 + go-version: ${{ env.GO_VERSION }} + - uses: actions/checkout@v3 - run: go install github.com/cpuguy83/go-md2man/v2@v2.0.1 - run: make man @@ -146,10 +157,10 @@ jobs: goarm: "7" steps: - - uses: actions/setup-go@v2 + - uses: actions/setup-go@v3 with: - go-version: '1.18.7' - - uses: actions/checkout@v2 + go-version: ${{ env.GO_VERSION }} + - uses: actions/checkout@v3 - run: | set -e -x @@ -214,11 +225,16 @@ jobs: strategy: matrix: - os: [ubuntu-18.04, macos-12, windows-2019, windows-2022] - go-version: ['1.17.13', '1.18.7'] - + os: [ubuntu-20.04, macos-12, windows-2019, windows-2022] + go-version: ["1.17.13", "1.18.9"] steps: - - uses: actions/setup-go@v2 + - name: Install dependencies + if: matrix.os == 'ubuntu-20.04' + run: | + sudo apt-get update + sudo apt-get install -y libbtrfs-dev + + - uses: actions/setup-go@v3 with: go-version: ${{ matrix.go-version }} @@ -228,7 +244,7 @@ jobs: echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV echo "${{ github.workspace }}/bin" >> $GITHUB_PATH - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: path: src/github.com/containerd/containerd @@ -260,15 +276,15 @@ jobs: working-directory: src/github.com/containerd/containerd steps: - - uses: actions/setup-go@v2 + - uses: actions/setup-go@v3 with: - go-version: '1.18.7' + go-version: ${{ env.GO_VERSION }} - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: path: src/github.com/containerd/containerd - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: repository: Microsoft/hcsshim path: src/github.com/Microsoft/hcsshim @@ -323,7 +339,7 @@ jobs: CGO_ENABLED: 1 GOTESTSUM_JUNITFILE: ${{github.workspace}}/test-integration-parallel-junit.xml run: mingw32-make.exe integration - - uses: actions/upload-artifact@v2 + - uses: actions/upload-artifact@v3 if: always() with: name: TestResults Windows @@ -332,7 +348,7 @@ jobs: integration-linux: name: Linux Integration - runs-on: ubuntu-18.04 + runs-on: ubuntu-20.04 timeout-minutes: 40 needs: [project, linters, protos, man] @@ -350,22 +366,22 @@ jobs: env: GOTEST: gotestsum -- steps: - - uses: actions/setup-go@v2 + - uses: actions/setup-go@v3 with: - go-version: '1.18.7' + go-version: ${{ env.GO_VERSION }} - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Install containerd dependencies env: RUNC_FLAVOR: ${{ matrix.runc }} - GOFLAGS: -modcacherw run: | - sudo apt-get install -y gperf - sudo -E PATH=$PATH script/setup/install-seccomp - sudo -E PATH=$PATH script/setup/install-runc - sudo -E PATH=$PATH script/setup/install-cni $(grep containernetworking/plugins go.mod | awk '{print $2}') - sudo -E PATH=$PATH script/setup/install-critools + sudo apt-get install -y gperf libbtrfs-dev + script/setup/install-seccomp + script/setup/install-runc + script/setup/install-cni $(grep containernetworking/plugins go.mod | awk '{print $2}') + script/setup/install-critools + script/setup/install-failpoint-binaries - name: Install criu run: | @@ -373,10 +389,6 @@ jobs: sudo apt-get update sudo apt-get install -y criu - - name: Install failpoint binaries - run: | - script/setup/install-failpoint-binaries - - name: Install containerd env: CGO_ENABLED: 1 @@ -384,7 +396,7 @@ jobs: make binaries GO_BUILD_FLAGS="-mod=vendor" sudo -E PATH=$PATH make install - - run: sudo -E PATH=$PATH script/setup/install-gotestsum + - run: script/setup/install-gotestsum - name: Tests env: GOTESTSUM_JUNITFILE: ${{github.workspace}}/test-unit-root-junit.xml @@ -456,7 +468,7 @@ jobs: mount df losetup -l - - uses: actions/upload-artifact@v2 + - uses: actions/upload-artifact@v3 if: always() with: name: TestResults ${{ matrix.runtime }} ${{matrix.runc}} @@ -473,16 +485,16 @@ jobs: GOTEST: gotestsum -- steps: - - uses: actions/setup-go@v2 + - uses: actions/setup-go@v3 with: - go-version: '1.18.7' - - uses: actions/checkout@v2 - - run: sudo -E PATH=$PATH script/setup/install-gotestsum + go-version: ${{ env.GO_VERSION }} + - uses: actions/checkout@v3 + - run: script/setup/install-gotestsum - name: Tests env: GOTESTSUM_JUNITFILE: "${{ github.workspace }}/macos-test-junit.xml" run: make test - - uses: actions/upload-artifact@v2 + - uses: actions/upload-artifact@v3 if: always() with: name: TestResults MacOS @@ -506,10 +518,10 @@ jobs: env: GOTEST: gotestsum -- steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: "Cache ~/.vagrant.d/boxes" - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: ~/.vagrant.d/boxes key: vagrant-${{ hashFiles('Vagrantfile*') }} @@ -551,7 +563,7 @@ jobs: vagrant plugin install vagrant-scp vagrant scp :/tmp/test-integration-junit.xml "${{ github.workspace }}/" vagrant scp :/tmp/critestreport "${{ github.workspace }}/critestreport" - - uses: actions/upload-artifact@v2 + - uses: actions/upload-artifact@v3 if: always() with: # ${{ matrix.box }} cannot be used here due to character limitation @@ -567,10 +579,10 @@ jobs: timeout-minutes: 45 needs: [project, linters, protos, man] steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: "Cache ~/.vagrant.d/boxes" - uses: actions/cache@v2 + uses: actions/cache@v3 with: path: ~/.vagrant.d/boxes key: vagrant-${{ hashFiles('Vagrantfile*') }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index f3a12dcd0..ea0fc5c08 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -22,15 +22,15 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 - - uses: actions/setup-go@v2 + - uses: actions/setup-go@v3 with: - go-version: 1.18.7 + go-version: 1.18.9 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + uses: github/codeql-action/init@v2 # Override language selection by uncommenting this and choosing your languages # with: # languages: go, javascript, csharp, python, cpp, java @@ -40,4 +40,4 @@ jobs: make - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/images.yml b/.github/workflows/images.yml index f497af083..f497b7db2 100644 --- a/.github/workflows/images.yml +++ b/.github/workflows/images.yml @@ -22,11 +22,11 @@ jobs: working-directory: src/github.com/containerd/containerd steps: - - uses: actions/setup-go@v2 + - uses: actions/setup-go@v3 with: - go-version: '1.18.7' + go-version: '1.18.9' - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: path: src/github.com/containerd/containerd diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index f07184237..d903bc656 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -6,6 +6,9 @@ on: paths: - '.github/workflows/nightly.yml' +env: + GO_VERSION: '1.18.9' + jobs: linux: name: Linux @@ -16,11 +19,11 @@ jobs: working-directory: src/github.com/containerd/containerd steps: - - uses: actions/setup-go@v2 + - uses: actions/setup-go@v3 with: - go-version: '1.18.7' + go-version: ${{ env.GO_VERSION }} - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: path: src/github.com/containerd/containerd @@ -153,11 +156,11 @@ jobs: working-directory: src/github.com/containerd/containerd steps: - - uses: actions/setup-go@v2 + - uses: actions/setup-go@v3 with: - go-version: '1.18.7' + go-version: ${{ env.GO_VERSION }} - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 with: path: src/github.com/containerd/containerd diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 3626f6668..c09a915e4 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -5,17 +5,20 @@ on: name: Containerd Release +env: + GO_VERSION: '1.18.9' + jobs: check: name: Check Signed Tag - runs-on: ubuntu-18.04 + runs-on: ubuntu-20.04 timeout-minutes: 5 outputs: stringver: ${{ steps.contentrel.outputs.stringver }} steps: - name: Checkout code - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: ref: ${{ github.ref }} path: src/github.com/containerd/containerd @@ -38,48 +41,52 @@ jobs: id: contentrel run: | RELEASEVER=${{ github.ref }} - echo "::set-output name=stringver::${RELEASEVER#refs/tags/v}" + echo "stringver=${RELEASEVER#refs/tags/v}" >> $GITHUB_OUTPUT git tag -l ${RELEASEVER#refs/tags/} -n20000 | tail -n +3 | cut -c 5- >release-notes.md working-directory: src/github.com/containerd/containerd - name: Save release notes - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: name: containerd-release-notes path: src/github.com/containerd/containerd/release-notes.md build: name: Build Release Binaries - runs-on: ubuntu-${{ matrix.ubuntu }} + runs-on: ubuntu-20.04 needs: [check] timeout-minutes: 30 strategy: matrix: include: # Choose an old release of Ubuntu to avoid glibc issue https://github.com/containerd/containerd/issues/7255 - - ubuntu: 18.04 - platform: linux/amd64 - - ubuntu: 18.04 - platform: linux/arm64 - - ubuntu: 18.04 - platform: linux/ppc64le + - dockerfile-ubuntu: 18.04 + dockerfile-platform: linux/amd64 + - dockerfile-ubuntu: 18.04 + dockerfile-platform: linux/arm64 + - dockerfile-ubuntu: 18.04 + dockerfile-platform: linux/ppc64le # riscv64 isn't supported by Ubuntu 18.04 - - ubuntu: 22.04 - platform: linux/riscv64 - - ubuntu: 18.04 - platform: windows/amd64 + - dockerfile-ubuntu: 22.04 + dockerfile-platform: linux/riscv64 + - dockerfile-ubuntu: 18.04 + dockerfile-platform: windows/amd64 steps: + - name: Install Go + uses: actions/setup-go@v3 + with: + go-version: ${{ env.GO_VERSION }} - name: Set env shell: bash env: - MOS: ubuntu-${{ matrix.ubuntu }} + MOS: ubuntu-20.04 run: | releasever=${{ github.ref }} releasever="${releasever#refs/tags/}" echo "RELEASE_VER=${releasever}" >> $GITHUB_ENV echo "GOPATH=${{ github.workspace }}" >> $GITHUB_ENV - name: Checkout containerd - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: # Intentionally use github.repository instead of containerd/containerd to # make this action runnable on forks. @@ -104,29 +111,28 @@ jobs: export PREFIX_LEN=12 BUILD_ARGS="--build-arg GATEWAY --build-arg PREFIX_LEN" fi - docker buildx build ${cache} --build-arg RELEASE_VER --build-arg UBUNTU_VERSION=${{ matrix.ubuntu }} --build-arg GO_VERSION ${BUILD_ARGS} -f .github/workflows/release/Dockerfile --platform=${PLATFORM} -o releases/ . + docker buildx build ${cache} --build-arg RELEASE_VER --build-arg UBUNTU_VERSION=${{ matrix.dockerfile-ubuntu }} --build-arg GO_VERSION ${BUILD_ARGS} -f .github/workflows/release/Dockerfile --platform=${PLATFORM} -o releases/ . echo PLATFORM_CLEAN=${PLATFORM/\//-} >> $GITHUB_ENV # Remove symlinks since we don't want these in the release Artifacts find ./releases/ -maxdepth 1 -type l | xargs rm working-directory: src/github.com/containerd/containerd env: - GO_VERSION: '1.18.7' - PLATFORM: ${{ matrix.platform }} + PLATFORM: ${{ matrix.dockerfile-platform }} - name: Save Artifacts - uses: actions/upload-artifact@v2 + uses: actions/upload-artifact@v3 with: name: release-tars-${{env.PLATFORM_CLEAN}} path: src/github.com/containerd/containerd/releases/*.tar.gz* release: name: Create containerd Release - runs-on: ubuntu-18.04 + runs-on: ubuntu-20.04 timeout-minutes: 10 needs: [build, check] steps: - name: Download builds and release notes - uses: actions/download-artifact@v2 + uses: actions/download-artifact@v3 with: path: builds - name: Create Release diff --git a/.github/workflows/windows-periodic.yml b/.github/workflows/windows-periodic.yml index 3e375bf78..20c2ad6f8 100644 --- a/.github/workflows/windows-periodic.yml +++ b/.github/workflows/windows-periodic.yml @@ -48,7 +48,7 @@ jobs: GOOGLE_BUCKET: "containerd-integration/logs/windows-ltsc2022/" runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 + - uses: actions/checkout@v3 - name: Install required packages run: | @@ -217,8 +217,8 @@ jobs: - name: AssignGcpCreds id: AssignGcpCreds run: | - echo '::set-output name=GCP_SERVICE_ACCOUNT::${{ secrets.GCP_SERVICE_ACCOUNT }}' - echo '::set-output name=GCP_WORKLOAD_IDENTITY_PROVIDER::${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}' + echo 'GCP_SERVICE_ACCOUNT=${{ secrets.GCP_SERVICE_ACCOUNT }}' >> $GITHUB_OUTPUT + echo 'GCP_WORKLOAD_IDENTITY_PROVIDER=${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}' >> $GITHUB_OUTPUT - name: AuthGcp uses: google-github-actions/auth@v0 diff --git a/Vagrantfile b/Vagrantfile index 9f8259970..24056127b 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -91,7 +91,7 @@ EOF config.vm.provision "install-golang", type: "shell", run: "once" do |sh| sh.upload_path = "/tmp/vagrant-install-golang" sh.env = { - 'GO_VERSION': ENV['GO_VERSION'] || "1.18.7", + 'GO_VERSION': ENV['GO_VERSION'] || "1.18.9", } sh.inline = <<~SHELL #!/usr/bin/env bash diff --git a/cmd/ctr/commands/images/export.go b/cmd/ctr/commands/images/export.go index 0a1394cb0..5050ff4fd 100644 --- a/cmd/ctr/commands/images/export.go +++ b/cmd/ctr/commands/images/export.go @@ -80,7 +80,7 @@ When '--all-platforms' is given all images in a manifest list must be available. } exportOpts = append(exportOpts, archive.WithPlatform(platforms.Ordered(all...))) } else { - exportOpts = append(exportOpts, archive.WithPlatform(platforms.Default())) + exportOpts = append(exportOpts, archive.WithPlatform(platforms.DefaultStrict())) } if context.Bool("all-platforms") { diff --git a/cmd/ctr/commands/images/import.go b/cmd/ctr/commands/images/import.go index bb5f2bee3..850b8a27c 100644 --- a/cmd/ctr/commands/images/import.go +++ b/cmd/ctr/commands/images/import.go @@ -89,9 +89,9 @@ If foobar.tar contains an OCI ref named "latest" and anonymous ref "sha256:deadb Action: func(context *cli.Context) error { var ( - in = context.Args().First() - opts []containerd.ImportOpt - platformMacher platforms.MatchComparer + in = context.Args().First() + opts []containerd.ImportOpt + platformMatcher platforms.MatchComparer ) prefix := context.String("base-name") @@ -126,8 +126,8 @@ If foobar.tar contains an OCI ref named "latest" and anonymous ref "sha256:deadb if err != nil { return err } - platformMacher = platforms.Only(platSpec) - opts = append(opts, containerd.WithImportPlatform(platformMacher)) + platformMatcher = platforms.OnlyStrict(platSpec) + opts = append(opts, containerd.WithImportPlatform(platformMatcher)) } opts = append(opts, containerd.WithAllPlatforms(context.Bool("all-platforms"))) @@ -160,10 +160,10 @@ If foobar.tar contains an OCI ref named "latest" and anonymous ref "sha256:deadb log.G(ctx).Debugf("unpacking %d images", len(imgs)) for _, img := range imgs { - if platformMacher == nil { // if platform not specified use default. - platformMacher = platforms.Default() + if platformMatcher == nil { // if platform not specified use default. + platformMatcher = platforms.Default() } - image := containerd.NewImageWithPlatform(client, img, platformMacher) + image := containerd.NewImageWithPlatform(client, img, platformMatcher) // TODO: Show unpack status fmt.Printf("unpacking %s (%s)...", img.Name, img.Target.Digest) diff --git a/contrib/Dockerfile.test b/contrib/Dockerfile.test index 3da88a82d..972311a6f 100644 --- a/contrib/Dockerfile.test +++ b/contrib/Dockerfile.test @@ -10,7 +10,7 @@ # # docker build -t containerd-test --build-arg RUNC_VERSION=v1.0.0-rc94 -f Dockerfile.test ../ -ARG GOLANG_VERSION=1.18.7 +ARG GOLANG_VERSION=1.18.9 ARG GOLANG_IMAGE=golang FROM ${GOLANG_IMAGE}:${GOLANG_VERSION} AS golang diff --git a/go.mod b/go.mod index 77f07d3ae..e208c17df 100644 --- a/go.mod +++ b/go.mod @@ -5,10 +5,10 @@ go 1.17 require ( github.com/AdaLogics/go-fuzz-headers v0.0.0-20210715213245-6c3934b029d8 github.com/Microsoft/go-winio v0.5.2 - github.com/Microsoft/hcsshim v0.9.4 + github.com/Microsoft/hcsshim v0.9.6 github.com/containerd/aufs v1.0.0 github.com/containerd/btrfs v1.0.0 - github.com/containerd/cgroups v1.0.3 + github.com/containerd/cgroups v1.0.4 github.com/containerd/console v1.0.3 github.com/containerd/continuity v0.3.0 github.com/containerd/fifo v1.0.0 @@ -95,7 +95,7 @@ require ( github.com/grpc-ecosystem/grpc-gateway v1.16.0 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect + github.com/matttproud/golang_protobuf_extensions v1.0.4 // indirect github.com/miekg/pkcs11 v1.1.1 // indirect github.com/mistifyio/go-zfs v2.1.2-0.20190413222219-f784269be439+incompatible // indirect github.com/moby/spdystream v0.2.0 // indirect diff --git a/go.sum b/go.sum index eefcc88f7..a9d1902af 100644 --- a/go.sum +++ b/go.sum @@ -83,8 +83,8 @@ github.com/Microsoft/hcsshim v0.8.20/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwT github.com/Microsoft/hcsshim v0.8.21/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4= github.com/Microsoft/hcsshim v0.8.23/go.mod h1:4zegtUJth7lAvFyc6cH2gGQ5B3OFQim01nnU2M8jKDg= github.com/Microsoft/hcsshim v0.9.2/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= -github.com/Microsoft/hcsshim v0.9.4 h1:mnUj0ivWy6UzbB1uLFqKR6F+ZyiDc7j4iGgHTpO+5+I= -github.com/Microsoft/hcsshim v0.9.4/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= +github.com/Microsoft/hcsshim v0.9.6 h1:VwnDOgLeoi2du6dAznfmspNqTiwczvjv4K7NxuY9jsY= +github.com/Microsoft/hcsshim v0.9.6/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= github.com/Microsoft/hcsshim/test v0.0.0-20201218223536-d3e5debf77da/go.mod h1:5hlzMzRKMLyo42nCZ9oml8AdTlq/0cvIaBv6tK1RehU= github.com/Microsoft/hcsshim/test v0.0.0-20210227013316-43a75bb4edd3/go.mod h1:mw7qgWloBUl75W/gVH3cQszUg1+gUITj7D6NY7ywVnY= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= @@ -183,8 +183,9 @@ github.com/containerd/cgroups v0.0.0-20200710171044-318312a37340/go.mod h1:s5q4S github.com/containerd/cgroups v0.0.0-20200824123100-0b889c03f102/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo= github.com/containerd/cgroups v0.0.0-20210114181951-8a68de567b68/go.mod h1:ZJeTFisyysqgcCdecO57Dj79RfL0LNeGiFUqLYQRYLE= github.com/containerd/cgroups v1.0.1/go.mod h1:0SJrPIenamHDcZhEcJMNBB85rHcUsw4f25ZfBiPYRkU= -github.com/containerd/cgroups v1.0.3 h1:ADZftAkglvCiD44c77s5YmMqaP2pzVCFZvBmAlBdAP4= github.com/containerd/cgroups v1.0.3/go.mod h1:/ofk34relqNjSGyqPrmEULrO4Sc8LJhvJmWbUCUKqj8= +github.com/containerd/cgroups v1.0.4 h1:jN/mbWBEaz+T1pi5OFtnkQ+8qnmEbAr1Oo1FRm5B0dA= +github.com/containerd/cgroups v1.0.4/go.mod h1:nLNQtsF7Sl2HxNebu77i1R0oDlhiTG+kO4JTrUzo6IA= github.com/containerd/console v0.0.0-20180822173158-c12b1e7919c1/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw= github.com/containerd/console v0.0.0-20181022165439-0650fd9eeb50/go.mod h1:Tj/on1eG8kiEhd0+fhSDzsPAFESxzBBvdyEgyryXffw= github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE= @@ -623,8 +624,9 @@ github.com/mattn/go-shellwords v1.0.3/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vq github.com/mattn/go-shellwords v1.0.6/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vqg+NOMyg4B2o= github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= -github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 h1:I0XW9+e1XWDxdcEniV4rQAIOPUGDq67JSCiRCgGCZLI= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= +github.com/matttproud/golang_protobuf_extensions v1.0.4 h1:mmDVorXM7PCGKw94cs5zkfA9PSy5pEvNWRP0ET0TIVo= +github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/pkcs11 v1.0.3/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= diff --git a/integration/client/go.mod b/integration/client/go.mod index f49dca653..2cd10f341 100644 --- a/integration/client/go.mod +++ b/integration/client/go.mod @@ -3,9 +3,9 @@ module github.com/containerd/containerd/integration/client go 1.15 require ( - github.com/Microsoft/hcsshim v0.9.4 + github.com/Microsoft/hcsshim v0.9.6 github.com/Microsoft/hcsshim/test v0.0.0-20210408205431-da33ecd607e1 - github.com/containerd/cgroups v1.0.3 + github.com/containerd/cgroups v1.0.4 // the actual version of containerd is replaced with the code at the root of this repository github.com/containerd/containerd v1.6.1 github.com/containerd/go-runc v1.0.0 diff --git a/integration/client/go.sum b/integration/client/go.sum index 9ca7044a8..dbad78fc1 100644 --- a/integration/client/go.sum +++ b/integration/client/go.sum @@ -55,8 +55,8 @@ github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v github.com/Microsoft/hcsshim v0.8.15/go.mod h1:x38A4YbHbdxJtc0sF6oIz+RG0npwSCAvn69iY6URG00= github.com/Microsoft/hcsshim v0.8.20/go.mod h1:+w2gRZ5ReXQhFOrvSQeNfhrYB/dg3oDwTOcER2fw4I4= github.com/Microsoft/hcsshim v0.9.2/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= -github.com/Microsoft/hcsshim v0.9.4 h1:mnUj0ivWy6UzbB1uLFqKR6F+ZyiDc7j4iGgHTpO+5+I= -github.com/Microsoft/hcsshim v0.9.4/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= +github.com/Microsoft/hcsshim v0.9.6 h1:VwnDOgLeoi2du6dAznfmspNqTiwczvjv4K7NxuY9jsY= +github.com/Microsoft/hcsshim v0.9.6/go.mod h1:7pLA8lDk46WKDWlVsENo92gC0XFa8rbKfyFRBqxEbCc= github.com/Microsoft/hcsshim/test v0.0.0-20210408205431-da33ecd607e1 h1:pVKfKyPkXna29XlGjxSr9J0A7vNucOUHZ/2ClcTWalw= github.com/Microsoft/hcsshim/test v0.0.0-20210408205431-da33ecd607e1/go.mod h1:Cmvnhlie15Ha2UYrJs9EhgSx76Bq9RV2FgfEiT78GhI= github.com/NYTimes/gziphandler v0.0.0-20170623195520-56545f4a5d46/go.mod h1:3wb06e3pkSAbeQ52E9H9iFoQsEEwGN64994WTCIhntQ= @@ -121,8 +121,8 @@ github.com/containerd/aufs v1.0.0/go.mod h1:kL5kd6KM5TzQjR79jljyi4olc1Vrx6XBlcyj github.com/containerd/btrfs v1.0.0/go.mod h1:zMcX3qkXTAi9GI50+0HOeuV8LU2ryCE/V2vG/ZBiTss= github.com/containerd/cgroups v0.0.0-20200824123100-0b889c03f102/go.mod h1:s5q4SojHctfxANBDvMeIaIovkq29IP48TKAxnhYRxvo= github.com/containerd/cgroups v1.0.1/go.mod h1:0SJrPIenamHDcZhEcJMNBB85rHcUsw4f25ZfBiPYRkU= -github.com/containerd/cgroups v1.0.3 h1:ADZftAkglvCiD44c77s5YmMqaP2pzVCFZvBmAlBdAP4= -github.com/containerd/cgroups v1.0.3/go.mod h1:/ofk34relqNjSGyqPrmEULrO4Sc8LJhvJmWbUCUKqj8= +github.com/containerd/cgroups v1.0.4 h1:jN/mbWBEaz+T1pi5OFtnkQ+8qnmEbAr1Oo1FRm5B0dA= +github.com/containerd/cgroups v1.0.4/go.mod h1:nLNQtsF7Sl2HxNebu77i1R0oDlhiTG+kO4JTrUzo6IA= github.com/containerd/console v0.0.0-20191206165004-02ecf6a7291e/go.mod h1:8Pf4gM6VEbTNRIT26AyyU7hxdQU3MvAvxVI0sc00XBE= github.com/containerd/console v1.0.1/go.mod h1:XUsP6YE/mKtz6bxc+I8UiKKTP04qjQL4qcS3XoQ5xkw= github.com/containerd/console v1.0.2/go.mod h1:ytZPjGgY2oeTkAONYafi2kSj0aYggsf8acV1PGKCbzQ= @@ -422,6 +422,7 @@ github.com/mattn/go-shellwords v1.0.6/go.mod h1:3xCvwCdWdlDJUrvuMn7Wuy9eWs4pE8vq github.com/mattn/go-shellwords v1.0.12/go.mod h1:EZzvwXDESEeg03EKmM+RmDnNOPKG4lLtQsUlTZDWQ8Y= github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0= github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= +github.com/matttproud/golang_protobuf_extensions v1.0.4/go.mod h1:BSXmuO+STAnVfrANrmjBb36TMTDstsz7MSK+HVaYKv4= github.com/maxbrunsfeld/counterfeiter/v6 v6.2.2/go.mod h1:eD9eIE7cdwcMi9rYluz88Jz2VyhSmden33/aXg4oVIY= github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg= github.com/miekg/pkcs11 v1.1.1/go.mod h1:XsNlhZGX73bx86s2hdc/FuaLm2CPZJemRLMA+WTFxgs= diff --git a/integration/common.go b/integration/common.go index edcb462a4..2501267cd 100644 --- a/integration/common.go +++ b/integration/common.go @@ -47,8 +47,8 @@ var ( func initImages(imageListFile string) { imageList = ImageList{ - Alpine: "docker.io/library/alpine:latest", - BusyBox: "docker.io/library/busybox:latest", + Alpine: "ghcr.io/containerd/alpine:3.14.0", + BusyBox: "ghcr.io/containerd/busybox:1.28", Pause: "registry.k8s.io/pause:3.6", ResourceConsumer: "registry.k8s.io/e2e-test-images/resource-consumer:1.10", VolumeCopyUp: "ghcr.io/containerd/volume-copy-up:2.1", diff --git a/integration/container_update_resources_test.go b/integration/container_update_resources_test.go index bcf8e414d..7096f5020 100644 --- a/integration/container_update_resources_test.go +++ b/integration/container_update_resources_test.go @@ -234,6 +234,13 @@ func TestUpdateContainerResources_MemoryLimit(t *testing.T) { EnsureImageExists(t, pauseImage) + expectedSwapLimit := func(memoryLimit int64) *int64 { + if cgroups.Mode() == cgroups.Unified { + memoryLimit = 0 + } + return &memoryLimit + } + t.Log("Create a container with memory limit") cnConfig := ContainerConfig( "container", @@ -251,6 +258,7 @@ func TestUpdateContainerResources_MemoryLimit(t *testing.T) { spec, err := container.Spec(context.Background()) require.NoError(t, err) checkMemoryLimit(t, spec, 200*1024*1024) + checkMemorySwapLimit(t, spec, expectedSwapLimit(200*1024*1024)) t.Log("Update container memory limit after created") err = runtimeService.UpdateContainerResources(cn, &runtime.LinuxContainerResources{ @@ -262,6 +270,7 @@ func TestUpdateContainerResources_MemoryLimit(t *testing.T) { spec, err = container.Spec(context.Background()) require.NoError(t, err) checkMemoryLimit(t, spec, 400*1024*1024) + checkMemorySwapLimit(t, spec, expectedSwapLimit(400*1024*1024)) t.Log("Start the container") require.NoError(t, runtimeService.StartContainer(cn)) @@ -274,6 +283,8 @@ func TestUpdateContainerResources_MemoryLimit(t *testing.T) { stat, err := cgroup.Stat(cgroups.IgnoreNotExist) require.NoError(t, err) assert.Equal(t, uint64(400*1024*1024), stat.Memory.Usage.Limit) + swapLimit := getCgroupSwapLimitForTask(t, task) + assert.Equal(t, uint64(400*1024*1024), swapLimit) t.Log("Update container memory limit after started") err = runtimeService.UpdateContainerResources(cn, &runtime.LinuxContainerResources{ @@ -285,11 +296,14 @@ func TestUpdateContainerResources_MemoryLimit(t *testing.T) { spec, err = container.Spec(context.Background()) require.NoError(t, err) checkMemoryLimit(t, spec, 800*1024*1024) + checkMemorySwapLimit(t, spec, expectedSwapLimit(800*1024*1024)) t.Log("Check memory limit in cgroup") stat, err = cgroup.Stat(cgroups.IgnoreNotExist) require.NoError(t, err) assert.Equal(t, uint64(800*1024*1024), stat.Memory.Usage.Limit) + swapLimit = getCgroupSwapLimitForTask(t, task) + assert.Equal(t, uint64(800*1024*1024), swapLimit) } func TestUpdateContainerResources_StatusUpdated(t *testing.T) { diff --git a/integration/restart_test.go b/integration/restart_test.go index 9cb660252..767752ca0 100644 --- a/integration/restart_test.go +++ b/integration/restart_test.go @@ -191,6 +191,21 @@ func TestContainerdRestart(t *testing.T) { if s.id == loaded.Id { t.Logf("Checking sandbox state for '%s'", s.name) assert.Equal(t, s.state, loaded.State) + + // See https://github.com/containerd/containerd/issues/7843 for details. + // Test that CNI result and sandbox IPs are still present after restart. + if loaded.State == runtime.PodSandboxState_SANDBOX_READY { + status, info, err := SandboxInfo(loaded.Id) + require.NoError(t, err) + + // Check that the NetNS didn't close on us, that we still have + // the CNI result, and that we still have the IP we were given + // for this pod. + require.False(t, info.NetNSClosed) + require.NotNil(t, info.CNIResult) + require.NotNil(t, status.Network) + require.NotEmpty(t, status.Network.Ip) + } break } } diff --git a/integration/sandbox_clean_remove_windows_test.go b/integration/sandbox_clean_remove_windows_test.go new file mode 100644 index 000000000..af8950e17 --- /dev/null +++ b/integration/sandbox_clean_remove_windows_test.go @@ -0,0 +1,179 @@ +//go:build windows +// +build windows + +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package integration + +import ( + "context" + "fmt" + "strconv" + "testing" + + "github.com/Microsoft/hcsshim/osversion" + "github.com/stretchr/testify/require" + "golang.org/x/sys/windows/registry" + runtime "k8s.io/cri-api/pkg/apis/runtime/v1" +) + +// Returns what nanoserver image version to use according to the build number +func getTestImage() (string, error) { + k, err := registry.OpenKey(registry.LOCAL_MACHINE, `SOFTWARE\Microsoft\Windows NT\CurrentVersion`, registry.QUERY_VALUE) + if err != nil { + return "", err + } + defer k.Close() + + b, _, _ := k.GetStringValue("CurrentBuild") + buildNum, _ := strconv.Atoi(b) + + switch buildNum { + case osversion.RS1: + return "mcr.microsoft.com/windows/nanoserver:sac2016", nil + case osversion.RS3: + return "mcr.microsoft.com/windows/nanoserver:1709", nil + case osversion.RS4: + return "mcr.microsoft.com/windows/nanoserver:1803", nil + case osversion.RS5: + return "mcr.microsoft.com/windows/nanoserver:1809", nil + case osversion.V19H1: + return "mcr.microsoft.com/windows/nanoserver:1903", nil + case osversion.V19H2: + return "mcr.microsoft.com/windows/nanoserver:1909", nil + case osversion.V20H1: + return "mcr.microsoft.com/windows/nanoserver:2004", nil + case osversion.V20H2: + return "mcr.microsoft.com/windows/nanoserver:20H2", nil + case osversion.V21H2Server: + return "mcr.microsoft.com/windows/nanoserver:ltsc2022", nil + default: + // Due to some efforts in improving down-level compatibility for Windows containers (see + // https://techcommunity.microsoft.com/t5/containers/windows-server-2022-and-beyond-for-containers/ba-p/2712487) + // the ltsc2022 image should continue to work on builds ws2022 and onwards (Windows 11 for example). With this in mind, + // if there's no mapping for the host build just use the Windows Server 2022 image. + if buildNum > osversion.V21H2Server { + return "mcr.microsoft.com/windows/nanoserver:ltsc2022", nil + } + return "", fmt.Errorf("No test image defined for Windows build version: %s", b) + } +} + +func removePodSandbox(ctx context.Context, t *testing.T, client runtime.RuntimeServiceClient, podID string) { + t.Helper() + _, err := client.RemovePodSandbox(ctx, &runtime.RemovePodSandboxRequest{ + PodSandboxId: podID, + }) + require.NoError(t, err, "failed RemovePodSandbox for sandbox: %s", podID) +} + +func stopPodSandbox(ctx context.Context, t *testing.T, client runtime.RuntimeServiceClient, podID string) { + t.Helper() + _, err := client.StopPodSandbox(ctx, &runtime.StopPodSandboxRequest{ + PodSandboxId: podID, + }) + require.NoError(t, err, "failed StopPodSandbox for sandbox: %s", podID) +} + +func stopContainer(ctx context.Context, t *testing.T, client runtime.RuntimeServiceClient, containerID string) { + t.Helper() + _, err := client.StopContainer(ctx, &runtime.StopContainerRequest{ + ContainerId: containerID, + Timeout: 0, + }) + require.NoError(t, err, "failed StopContainer request for container: %s", containerID) +} + +func startContainer(ctx context.Context, t *testing.T, client runtime.RuntimeServiceClient, containerID string) { + t.Helper() + _, err := client.StartContainer(ctx, &runtime.StartContainerRequest{ + ContainerId: containerID, + }) + require.NoError(t, err, "failed StartContainer request for container: %s", containerID) +} + +func removeContainer(ctx context.Context, t *testing.T, client runtime.RuntimeServiceClient, containerID string) { + t.Helper() + _, err := client.RemoveContainer(ctx, &runtime.RemoveContainerRequest{ + ContainerId: containerID, + }) + require.NoError(t, err, "failed RemoveContainer request for container: %s", containerID) +} + +// This test checks if create/stop and remove pods and containers work as expected +func TestCreateContainer(t *testing.T) { + testImage, err := getTestImage() + if err != nil { + t.Skip("skipping test, error: ", err) + } + client, err := RawRuntimeClient() + require.NoError(t, err, "failed to get raw grpc runtime service client") + ctx, cancel := context.WithCancel(context.Background()) + t.Cleanup(func() { cancel() }) + + t.Log("Create a pod sandbox") + sbConfig := &runtime.PodSandboxConfig{ + Metadata: &runtime.PodSandboxMetadata{ + Name: t.Name(), + }, + } + sandboxRequest := &runtime.RunPodSandboxRequest{ + Config: sbConfig, + RuntimeHandler: "runhcs-wcow-process", + } + sandBoxResponse, err := client.RunPodSandbox(ctx, sandboxRequest) + require.NoError(t, err, "failed RunPodSandbox request") + // Make sure the sandbox is cleaned up. + t.Cleanup(func() { removePodSandbox(ctx, t, client, sandBoxResponse.PodSandboxId) }) + t.Cleanup(func() { stopPodSandbox(ctx, t, client, sandBoxResponse.PodSandboxId) }) + + EnsureImageExists(t, testImage) + + t.Log("Create a container") + createCtrRequest := &runtime.CreateContainerRequest{ + Config: &runtime.ContainerConfig{ + Metadata: &runtime.ContainerMetadata{ + Name: t.Name() + "-CreateContainerTest", + }, + Image: &runtime.ImageSpec{ + Image: testImage, + }, + Command: []string{ + "cmd", + "/c", + "ping", + "-t", + "127.0.0.1", + }, + Windows: &runtime.WindowsContainerConfig{ + Resources: &runtime.WindowsContainerResources{ + CpuShares: 500, + }, + }, + }, + PodSandboxId: sandBoxResponse.PodSandboxId, + SandboxConfig: sandboxRequest.Config, + } + + createCtrResponse, err := client.CreateContainer(ctx, createCtrRequest) + require.NoError(t, err, "failed CreateContainer request in sandbox: %s", sandBoxResponse.PodSandboxId) + // Make sure the container is cleaned up. + t.Cleanup(func() { removeContainer(ctx, t, client, createCtrResponse.ContainerId) }) + + startContainer(ctx, t, client, createCtrResponse.ContainerId) + stopContainer(ctx, t, client, createCtrResponse.ContainerId) +} diff --git a/leases/lease.go b/leases/lease.go index 058d06559..fc0ca3491 100644 --- a/leases/lease.go +++ b/leases/lease.go @@ -65,10 +65,15 @@ func SynchronousDelete(ctx context.Context, o *DeleteOptions) error { return nil } -// WithLabels sets labels on a lease +// WithLabels merges labels on a lease func WithLabels(labels map[string]string) Opt { return func(l *Lease) error { - l.Labels = labels + if l.Labels == nil { + l.Labels = map[string]string{} + } + for k, v := range labels { + l.Labels[k] = v + } return nil } } diff --git a/leases/lease_test.go b/leases/lease_test.go new file mode 100644 index 000000000..2c92e697b --- /dev/null +++ b/leases/lease_test.go @@ -0,0 +1,83 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package leases + +import ( + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func TestWithLabels(t *testing.T) { + type unitTest struct { + name string + uut *Lease + labels map[string]string + expected map[string]string + } + + addLabelsToEmptyMap := &unitTest{ + name: "AddLabelsToEmptyMap", + uut: &Lease{}, + labels: map[string]string{ + "containerd.io/gc.root": "2015-12-04T00:00:00Z", + }, + expected: map[string]string{ + "containerd.io/gc.root": "2015-12-04T00:00:00Z", + }, + } + + addLabelsToNonEmptyMap := &unitTest{ + name: "AddLabelsToNonEmptyMap", + uut: &Lease{ + Labels: map[string]string{ + "containerd.io/gc.expire": "2015-12-05T00:00:00Z", + }, + }, + labels: map[string]string{ + "containerd.io/gc.root": "2015-12-04T00:00:00Z", + "containerd.io/gc.ref.snapshot.overlayfs": "sha256:87806a591ce894ff5c699c28fe02093d6cdadd6b1ad86819acea05ccb212ff3d", + }, + expected: map[string]string{ + "containerd.io/gc.root": "2015-12-04T00:00:00Z", + "containerd.io/gc.ref.snapshot.overlayfs": "sha256:87806a591ce894ff5c699c28fe02093d6cdadd6b1ad86819acea05ccb212ff3d", + "containerd.io/gc.expire": "2015-12-05T00:00:00Z", + }, + } + + testcases := []*unitTest{ + addLabelsToEmptyMap, + addLabelsToNonEmptyMap, + } + + for _, testcase := range testcases { + testcase := testcase + + t.Run(testcase.name, func(t *testing.T) { + f := WithLabels(testcase.labels) + + err := f(testcase.uut) + require.NoError(t, err) + + for k, v := range testcase.expected { + assert.Contains(t, testcase.uut.Labels, k) + assert.Equal(t, v, testcase.uut.Labels[k]) + } + }) + } +} diff --git a/pkg/cri/annotations/annotations.go b/pkg/cri/annotations/annotations.go index 181eb05c7..59624b52f 100644 --- a/pkg/cri/annotations/annotations.go +++ b/pkg/cri/annotations/annotations.go @@ -58,6 +58,11 @@ const ( // SandboxNamespace is the name of the namespace of the sandbox (pod) SandboxNamespace = "io.kubernetes.cri.sandbox-namespace" + // SandboxUID is the uid of the sandbox (pod) passed to CRI via RunPodSanbox, + // this field is useful for linking the uid created by the CRI client (e.g. kubelet) + // to the internal Sandbox.ID created by the containerd sandbox service + SandboxUID = "io.kubernetes.cri.sandbox-uid" + // SandboxName is the name of the sandbox (pod) SandboxName = "io.kubernetes.cri.sandbox-name" diff --git a/pkg/cri/opts/spec_linux.go b/pkg/cri/opts/spec_linux.go index 9306d42b6..1baf5f30a 100644 --- a/pkg/cri/opts/spec_linux.go +++ b/pkg/cri/opts/spec_linux.go @@ -28,6 +28,7 @@ import ( "sync" "syscall" + "github.com/containerd/cgroups" "github.com/containerd/containerd/containers" "github.com/containerd/containerd/log" "github.com/containerd/containerd/mount" @@ -403,6 +404,36 @@ func WithSelinuxLabels(process, mount string) oci.SpecOpts { } } +var ( + swapControllerAvailability bool + swapControllerAvailabilityOnce sync.Once +) + +func swapControllerAvailable() bool { + swapControllerAvailabilityOnce.Do(func() { + const warn = "Failed to detect the availability of the swap controller, assuming not available" + p := "/sys/fs/cgroup/memory/memory.memsw.limit_in_bytes" + if cgroups.Mode() == cgroups.Unified { + // memory.swap.max does not exist in the cgroup root, so we check /sys/fs/cgroup//memory.swap.max + _, unified, err := cgroups.ParseCgroupFileUnified("/proc/self/cgroup") + if err != nil { + err = fmt.Errorf("failed to parse /proc/self/cgroup: %w", err) + logrus.WithError(err).Warn(warn) + return + } + p = filepath.Join("/sys/fs/cgroup", unified, "memory.swap.max") + } + if _, err := os.Stat(p); err != nil { + if !errors.Is(err, os.ErrNotExist) { + logrus.WithError(err).Warn(warn) + } + return + } + swapControllerAvailability = true + }) + return swapControllerAvailability +} + // WithResources sets the provided resource restrictions func WithResources(resources *runtime.LinuxContainerResources, tolerateMissingHugetlbController, disableHugetlbController bool) oci.SpecOpts { return func(ctx context.Context, client oci.Client, c *containers.Container, s *runtimespec.Spec) (err error) { @@ -447,6 +478,10 @@ func WithResources(resources *runtime.LinuxContainerResources, tolerateMissingHu } if limit != 0 { s.Linux.Resources.Memory.Limit = &limit + // swap/memory limit should be equal to prevent container from swapping by default + if swapLimit == 0 && swapControllerAvailable() { + s.Linux.Resources.Memory.Swap = &limit + } } if swapLimit != 0 { s.Linux.Resources.Memory.Swap = &swapLimit diff --git a/pkg/cri/server/container_create_linux.go b/pkg/cri/server/container_create_linux.go index 8fb41e210..c9851b175 100644 --- a/pkg/cri/server/container_create_linux.go +++ b/pkg/cri/server/container_create_linux.go @@ -301,6 +301,7 @@ func (c *criService) containerSpec( customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeContainer), customopts.WithAnnotation(annotations.SandboxID, sandboxID), customopts.WithAnnotation(annotations.SandboxNamespace, sandboxConfig.GetMetadata().GetNamespace()), + customopts.WithAnnotation(annotations.SandboxUID, sandboxConfig.GetMetadata().GetUid()), customopts.WithAnnotation(annotations.SandboxName, sandboxConfig.GetMetadata().GetName()), customopts.WithAnnotation(annotations.ContainerName, containerName), customopts.WithAnnotation(annotations.ImageName, imageName), diff --git a/pkg/cri/server/container_create_linux_test.go b/pkg/cri/server/container_create_linux_test.go index b000616ad..9b1463455 100644 --- a/pkg/cri/server/container_create_linux_test.go +++ b/pkg/cri/server/container_create_linux_test.go @@ -179,6 +179,9 @@ func getCreateContainerTestData() (*runtime.ContainerConfig, *runtime.PodSandbox assert.Contains(t, spec.Annotations, annotations.SandboxNamespace) assert.EqualValues(t, spec.Annotations[annotations.SandboxNamespace], "test-sandbox-ns") + assert.Contains(t, spec.Annotations, annotations.SandboxUID) + assert.EqualValues(t, spec.Annotations[annotations.SandboxUID], "test-sandbox-uid") + assert.Contains(t, spec.Annotations, annotations.SandboxName) assert.EqualValues(t, spec.Annotations[annotations.SandboxName], "test-sandbox-name") diff --git a/pkg/cri/server/container_create_windows.go b/pkg/cri/server/container_create_windows.go index 05c2b8771..6a18952cc 100644 --- a/pkg/cri/server/container_create_windows.go +++ b/pkg/cri/server/container_create_windows.go @@ -128,6 +128,7 @@ func (c *criService) containerSpec( customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeContainer), customopts.WithAnnotation(annotations.SandboxID, sandboxID), customopts.WithAnnotation(annotations.SandboxNamespace, sandboxConfig.GetMetadata().GetNamespace()), + customopts.WithAnnotation(annotations.SandboxUID, sandboxConfig.GetMetadata().GetUid()), customopts.WithAnnotation(annotations.SandboxName, sandboxConfig.GetMetadata().GetName()), customopts.WithAnnotation(annotations.ContainerName, containerName), customopts.WithAnnotation(annotations.ImageName, imageName), diff --git a/pkg/cri/server/container_create_windows_test.go b/pkg/cri/server/container_create_windows_test.go index 476d14b7f..684d45bf5 100644 --- a/pkg/cri/server/container_create_windows_test.go +++ b/pkg/cri/server/container_create_windows_test.go @@ -130,6 +130,9 @@ func getCreateContainerTestData() (*runtime.ContainerConfig, *runtime.PodSandbox assert.Contains(t, spec.Annotations, annotations.SandboxNamespace) assert.EqualValues(t, spec.Annotations[annotations.SandboxNamespace], "test-sandbox-ns") + assert.Contains(t, spec.Annotations, annotations.SandboxUID) + assert.EqualValues(t, spec.Annotations[annotations.SandboxUID], "test-sandbox-uid") + assert.Contains(t, spec.Annotations, annotations.SandboxName) assert.EqualValues(t, spec.Annotations[annotations.SandboxName], "test-sandbox-name") diff --git a/pkg/cri/server/container_update_resources_linux_test.go b/pkg/cri/server/container_update_resources_linux_test.go index 1f68e3dbc..6a026e9c3 100644 --- a/pkg/cri/server/container_update_resources_linux_test.go +++ b/pkg/cri/server/container_update_resources_linux_test.go @@ -70,7 +70,10 @@ func TestUpdateOCILinuxResource(t *testing.T) { Process: &runtimespec.Process{OOMScoreAdj: oomscoreadj}, Linux: &runtimespec.Linux{ Resources: &runtimespec.LinuxResources{ - Memory: &runtimespec.LinuxMemory{Limit: proto.Int64(54321)}, + Memory: &runtimespec.LinuxMemory{ + Limit: proto.Int64(54321), + Swap: proto.Int64(54321), + }, CPU: &runtimespec.LinuxCPU{ Shares: proto.Uint64(4444), Quota: proto.Int64(5555), @@ -113,7 +116,10 @@ func TestUpdateOCILinuxResource(t *testing.T) { Process: &runtimespec.Process{OOMScoreAdj: oomscoreadj}, Linux: &runtimespec.Linux{ Resources: &runtimespec.LinuxResources{ - Memory: &runtimespec.LinuxMemory{Limit: proto.Int64(54321)}, + Memory: &runtimespec.LinuxMemory{ + Limit: proto.Int64(54321), + Swap: proto.Int64(54321), + }, CPU: &runtimespec.LinuxCPU{ Shares: proto.Uint64(4444), Quota: proto.Int64(5555), @@ -151,7 +157,10 @@ func TestUpdateOCILinuxResource(t *testing.T) { Process: &runtimespec.Process{OOMScoreAdj: oomscoreadj}, Linux: &runtimespec.Linux{ Resources: &runtimespec.LinuxResources{ - Memory: &runtimespec.LinuxMemory{Limit: proto.Int64(54321)}, + Memory: &runtimespec.LinuxMemory{ + Limit: proto.Int64(54321), + Swap: proto.Int64(54321), + }, CPU: &runtimespec.LinuxCPU{ Shares: proto.Uint64(4444), Quota: proto.Int64(5555), @@ -197,7 +206,10 @@ func TestUpdateOCILinuxResource(t *testing.T) { Process: &runtimespec.Process{OOMScoreAdj: oomscoreadj}, Linux: &runtimespec.Linux{ Resources: &runtimespec.LinuxResources{ - Memory: &runtimespec.LinuxMemory{Limit: proto.Int64(54321)}, + Memory: &runtimespec.LinuxMemory{ + Limit: proto.Int64(54321), + Swap: proto.Int64(54321), + }, CPU: &runtimespec.LinuxCPU{ Shares: proto.Uint64(4444), Quota: proto.Int64(5555), diff --git a/pkg/cri/server/helpers.go b/pkg/cri/server/helpers.go index a8498116d..f5a778189 100644 --- a/pkg/cri/server/helpers.go +++ b/pkg/cri/server/helpers.go @@ -494,7 +494,11 @@ func copyResourcesToStatus(spec *runtimespec.Spec, status containerstore.Status) if spec.Windows.Resources.CPU != nil { if spec.Windows.Resources.CPU.Shares != nil { status.Resources.Windows.CpuShares = int64(*spec.Windows.Resources.CPU.Shares) + } + if spec.Windows.Resources.CPU.Count != nil { status.Resources.Windows.CpuCount = int64(*spec.Windows.Resources.CPU.Count) + } + if spec.Windows.Resources.CPU.Maximum != nil { status.Resources.Windows.CpuMaximum = int64(*spec.Windows.Resources.CPU.Maximum) } } diff --git a/pkg/cri/server/sandbox_run.go b/pkg/cri/server/sandbox_run.go index 18657a51d..082344022 100644 --- a/pkg/cri/server/sandbox_run.go +++ b/pkg/cri/server/sandbox_run.go @@ -295,7 +295,8 @@ func (c *criService) RunPodSandbox(ctx context.Context, r *runtime.RunPodSandbox // Update spec of the container containerd.UpdateContainerOpts(containerd.WithSpec(spec)), // Update sandbox metadata to include NetNS info - containerd.UpdateContainerOpts(containerd.WithContainerExtension(sandboxMetadataExtension, &sandbox.Metadata))); err != nil { + containerd.UpdateContainerOpts(containerd.WithContainerExtension(sandboxMetadataExtension, &sandbox.Metadata)), + ); err != nil { return nil, fmt.Errorf("failed to update the network namespace for the sandbox container %q: %w", id, err) } @@ -325,6 +326,14 @@ func (c *criService) RunPodSandbox(ctx context.Context, r *runtime.RunPodSandbox return nil, fmt.Errorf("failed to setup network for sandbox %q: %w", id, err) } + // Update metadata here to save CNI result and pod IPs to disk. + if err := container.Update(ctx, + // Update sandbox metadata to include NetNS info + containerd.UpdateContainerOpts(containerd.WithContainerExtension(sandboxMetadataExtension, &sandbox.Metadata)), + ); err != nil { + return nil, fmt.Errorf("failed to update the network namespace for the sandbox container %q: %w", id, err) + } + sandboxCreateNetworkTimer.UpdateSince(netStart) } diff --git a/pkg/cri/server/sandbox_run_linux.go b/pkg/cri/server/sandbox_run_linux.go index 63e60d59c..577d25e05 100644 --- a/pkg/cri/server/sandbox_run_linux.go +++ b/pkg/cri/server/sandbox_run_linux.go @@ -175,6 +175,7 @@ func (c *criService) sandboxContainerSpec(id string, config *runtime.PodSandboxC customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeSandbox), customopts.WithAnnotation(annotations.SandboxID, id), customopts.WithAnnotation(annotations.SandboxNamespace, config.GetMetadata().GetNamespace()), + customopts.WithAnnotation(annotations.SandboxUID, config.GetMetadata().GetUid()), customopts.WithAnnotation(annotations.SandboxName, config.GetMetadata().GetName()), customopts.WithAnnotation(annotations.SandboxLogDir, config.GetLogDirectory()), ) diff --git a/pkg/cri/server/sandbox_run_linux_test.go b/pkg/cri/server/sandbox_run_linux_test.go index 22509b379..6bb2f07a7 100644 --- a/pkg/cri/server/sandbox_run_linux_test.go +++ b/pkg/cri/server/sandbox_run_linux_test.go @@ -78,6 +78,9 @@ func getRunPodSandboxTestData() (*runtime.PodSandboxConfig, *imagespec.ImageConf assert.Contains(t, spec.Annotations, annotations.SandboxNamespace) assert.EqualValues(t, spec.Annotations[annotations.SandboxNamespace], "test-ns") + assert.Contains(t, spec.Annotations, annotations.SandboxUID) + assert.EqualValues(t, spec.Annotations[annotations.SandboxUID], "test-uid") + assert.Contains(t, spec.Annotations, annotations.SandboxName) assert.EqualValues(t, spec.Annotations[annotations.SandboxName], "test-name") diff --git a/pkg/cri/server/sandbox_run_windows.go b/pkg/cri/server/sandbox_run_windows.go index 1a103db1e..10c8e5c57 100644 --- a/pkg/cri/server/sandbox_run_windows.go +++ b/pkg/cri/server/sandbox_run_windows.go @@ -84,6 +84,7 @@ func (c *criService) sandboxContainerSpec(id string, config *runtime.PodSandboxC customopts.WithAnnotation(annotations.ContainerType, annotations.ContainerTypeSandbox), customopts.WithAnnotation(annotations.SandboxID, id), customopts.WithAnnotation(annotations.SandboxNamespace, config.GetMetadata().GetNamespace()), + customopts.WithAnnotation(annotations.SandboxUID, config.GetMetadata().GetUid()), customopts.WithAnnotation(annotations.SandboxName, config.GetMetadata().GetName()), customopts.WithAnnotation(annotations.SandboxLogDir, config.GetLogDirectory()), customopts.WithAnnotation(annotations.WindowsHostProcess, strconv.FormatBool(config.GetWindows().GetSecurityContext().GetHostProcess())), diff --git a/pkg/cri/server/sandbox_run_windows_test.go b/pkg/cri/server/sandbox_run_windows_test.go index 475beefe3..358f2eacb 100644 --- a/pkg/cri/server/sandbox_run_windows_test.go +++ b/pkg/cri/server/sandbox_run_windows_test.go @@ -80,6 +80,9 @@ func getRunPodSandboxTestData() (*runtime.PodSandboxConfig, *imagespec.ImageConf assert.Contains(t, spec.Annotations, annotations.SandboxNamespace) assert.EqualValues(t, spec.Annotations[annotations.SandboxNamespace], "test-ns") + assert.Contains(t, spec.Annotations, annotations.SandboxUID) + assert.EqualValues(t, spec.Annotations[annotations.SandboxUID], "test-uid") + assert.Contains(t, spec.Annotations, annotations.SandboxName) assert.EqualValues(t, spec.Annotations[annotations.SandboxName], "test-name") diff --git a/pkg/cri/store/container/status.go b/pkg/cri/store/container/status.go index 1cf9a204e..0dedb6f6b 100644 --- a/pkg/cri/store/container/status.go +++ b/pkg/cri/store/container/status.go @@ -222,10 +222,12 @@ func deepCopyOf(s Status) Status { if s.Resources != nil && s.Resources.Linux != nil { hugepageLimits := make([]*runtime.HugepageLimit, len(s.Resources.Linux.HugepageLimits)) for _, l := range s.Resources.Linux.HugepageLimits { - hugepageLimits = append(hugepageLimits, &runtime.HugepageLimit{ - PageSize: l.PageSize, - Limit: l.Limit, - }) + if l != nil { + hugepageLimits = append(hugepageLimits, &runtime.HugepageLimit{ + PageSize: l.PageSize, + Limit: l.Limit, + }) + } } copy.Resources = &runtime.ContainerResources{ Linux: &runtime.LinuxContainerResources{ diff --git a/pkg/cri/streaming/portforward/httpstream.go b/pkg/cri/streaming/portforward/httpstream.go index f961cdb6f..685cd8b5d 100644 --- a/pkg/cri/streaming/portforward/httpstream.go +++ b/pkg/cri/streaming/portforward/httpstream.go @@ -155,11 +155,11 @@ func (h *httpStreamHandler) getStreamPair(requestID string) (*httpStreamPair, bo func (h *httpStreamHandler) monitorStreamPair(p *httpStreamPair, timeout <-chan time.Time) { select { case <-timeout: - err := fmt.Errorf("(conn=%v, request=%s) timed out waiting for streams", h.conn, p.requestID) + err := fmt.Errorf("(conn=%p, request=%s) timed out waiting for streams", h.conn, p.requestID) utilruntime.HandleError(err) p.printError(err.Error()) case <-p.complete: - klog.V(5).Infof("(conn=%v, request=%s) successfully received error and data streams", h.conn, p.requestID) + klog.V(5).Infof("(conn=%p, request=%s) successfully received error and data streams", h.conn, p.requestID) } h.removeStreamPair(p.requestID) } diff --git a/pkg/cri/streaming/remotecommand/httpstream.go b/pkg/cri/streaming/remotecommand/httpstream.go index 0417a1a9e..9177fa794 100644 --- a/pkg/cri/streaming/remotecommand/httpstream.go +++ b/pkg/cri/streaming/remotecommand/httpstream.go @@ -33,6 +33,7 @@ limitations under the License. package remotecommand import ( + gocontext "context" "encoding/json" "errors" "fmt" @@ -132,7 +133,7 @@ func createStreams(req *http.Request, w http.ResponseWriter, opts *Options, supp if ctx.resizeStream != nil { ctx.resizeChan = make(chan remotecommand.TerminalSize) - go handleResizeEvents(ctx.resizeStream, ctx.resizeChan) + go handleResizeEvents(req.Context(), ctx.resizeStream, ctx.resizeChan) } return ctx, true @@ -425,7 +426,7 @@ WaitForStreams: // supportsTerminalResizing returns false because v1ProtocolHandler doesn't support it. func (*v1ProtocolHandler) supportsTerminalResizing() bool { return false } -func handleResizeEvents(stream io.Reader, channel chan<- remotecommand.TerminalSize) { +func handleResizeEvents(ctx gocontext.Context, stream io.Reader, channel chan<- remotecommand.TerminalSize) { defer runtime.HandleCrash() defer close(channel) @@ -435,7 +436,15 @@ func handleResizeEvents(stream io.Reader, channel chan<- remotecommand.TerminalS if err := decoder.Decode(&size); err != nil { break } - channel <- size + + select { + case channel <- size: + case <-ctx.Done(): + // To avoid leaking this routine, exit if the http request finishes. This path + // would generally be hit if starting the process fails and nothing is started to + // ingest these resize events. + return + } } } diff --git a/releases/v1.6.10.toml b/releases/v1.6.10.toml new file mode 100644 index 000000000..3a89a6c6f --- /dev/null +++ b/releases/v1.6.10.toml @@ -0,0 +1,22 @@ +# commit to be tagged for new release +commit = "HEAD" + +project_name = "containerd" +github_repo = "containerd/containerd" +match_deps = "^github.com/(containerd/[a-zA-Z0-9-]+)$" + +# previous release +previous = "v1.6.9" + +pre_release = false + +preface = """\ +The tenth patch release for containerd 1.6 contains various fixes, including a CVE fix for Windows platforms. + +### Notable Updates + +* **Always check userxattr for overlay on kernels >= 5.11** ([#7646](https://github.com/containerd/containerd/pull/7646)) +* **Bump hcsshim to 0.9.5 to fix container shutdown bug on Windows** ([#7610](https://github.com/containerd/containerd/pull/7610) +* **Bump Go version to 1.18.8 to address CVE-2022-41716** ([#7634](https://github.com/containerd/containerd/pull/7634)) + +See the changelog for complete list of changes""" diff --git a/releases/v1.6.11.toml b/releases/v1.6.11.toml new file mode 100644 index 000000000..a852e9602 --- /dev/null +++ b/releases/v1.6.11.toml @@ -0,0 +1,22 @@ +# commit to be tagged for new release +commit = "HEAD" + +project_name = "containerd" +github_repo = "containerd/containerd" +match_deps = "^github.com/(containerd/[a-zA-Z0-9-]+)$" + +# previous release +previous = "v1.6.10" + +pre_release = false + +preface = """\ +The eleventh patch release for containerd 1.6 contains a various fixes and updates. + +### Notable Updates +* **Add pod UID annotation in CRI plugin** ([#7735](https://github.com/containerd/containerd/pull/7735)) +* **Fix nil pointer deference for Windows containers in CRI plugin** ([#7737](https://github.com/containerd/containerd/pull/7737)) +* **Fix lease labels unexpectedly overwriting expiration** ([#7745](https://github.com/containerd/containerd/pull/7745)) +* **Fix for simultaneous diff creation using the same parent snapshot** ([#7756](https://github.com/containerd/containerd/pull/7756)) + +See the changelog for complete list of changes""" diff --git a/releases/v1.6.12.toml b/releases/v1.6.12.toml new file mode 100644 index 000000000..cdd0819a8 --- /dev/null +++ b/releases/v1.6.12.toml @@ -0,0 +1,19 @@ +# commit to be tagged for new release +commit = "HEAD" + +project_name = "containerd" +github_repo = "containerd/containerd" +match_deps = "^github.com/(containerd/[a-zA-Z0-9-]+)$" + +# previous release +previous = "v1.6.11" + +pre_release = false + +preface = """\ +The twelfth patch release for containerd 1.6 contains a fix for CVE-2022-23471. + +### Notable Updates +* **Fix goroutine leak during Exec in CRI plugin** ([GHSA-2qjp-425j-52j9](https://github.com/containerd/containerd/security/advisories/GHSA-2qjp-425j-52j9)) + +See the changelog for complete list of changes""" diff --git a/releases/v1.6.13.toml b/releases/v1.6.13.toml new file mode 100644 index 000000000..b32a38463 --- /dev/null +++ b/releases/v1.6.13.toml @@ -0,0 +1,26 @@ +# commit to be tagged for new release +commit = "HEAD" + +project_name = "containerd" +github_repo = "containerd/containerd" +match_deps = "^github.com/(containerd/[a-zA-Z0-9-]+)$" + +# previous release +previous = "v1.6.12" + +pre_release = false + +preface = """\ +The thirteenth patch release for containerd 1.6 contains various fixes and updates. + +### Notable Updates + +* **Update overlay snapshotter to check for tmpfs when evaluating usage of userxattr** ([#7788](https://github.com/containerd/containerd/pull/7788)) +* **Update hcsschim to v0.9.6 to fix resource leak on exec** ([#7808](https://github.com/containerd/containerd/pull/7808)) +* **Make swapping disabled with memory limit in CRI plugin** ([#7815](https://github.com/containerd/containerd/pull/7815)) +* **Allow clients to remove created tasks with PID 0** ([#7816](https://github.com/containerd/containerd/pull/7816)) +* **Fix concurrent map iteration and map write in CRI port forwarding** ([#7819](https://github.com/containerd/containerd/pull/7819)) +* **Check for nil `HugepageLimits` to avoid panic in CRI plugin** ([#7820](https://github.com/containerd/containerd/pull/7820)) + + +See the changelog for complete list of changes""" diff --git a/releases/v1.6.14.toml b/releases/v1.6.14.toml new file mode 100644 index 000000000..8afb02e6a --- /dev/null +++ b/releases/v1.6.14.toml @@ -0,0 +1,20 @@ +# commit to be tagged for new release +commit = "HEAD" + +project_name = "containerd" +github_repo = "containerd/containerd" +match_deps = "^github.com/(containerd/[a-zA-Z0-9-]+)$" + +# previous release +previous = "v1.6.13" + +pre_release = false + +preface = """\ +The fourteenth patch release for containerd 1.6 fixes a regression in the CRI plugin related to swap + +### Notable Updates + +* **Fix `memory.memsw.limit_in_bytes: no such file or directory` error in CRI plugin** ([#7838](https://github.com/containerd/containerd/pull/7838)) + +See the changelog for complete list of changes""" diff --git a/releases/v1.6.15.toml b/releases/v1.6.15.toml new file mode 100644 index 000000000..7798e8153 --- /dev/null +++ b/releases/v1.6.15.toml @@ -0,0 +1,20 @@ +# commit to be tagged for new release +commit = "HEAD" + +project_name = "containerd" +github_repo = "containerd/containerd" +match_deps = "^github.com/(containerd/[a-zA-Z0-9-]+)$" + +# previous release +previous = "v1.6.14" + +pre_release = false + +preface = """\ +The fifteenth patch release for containerd 1.6 fixes an issue with CNI in the CRI plugin + +### Notable Updates + +* **Fix no CNI info for pod sandbox on restart in CRI plugin** ([#7848](https://github.com/containerd/containerd/pull/7848)) + +See the changelog for complete list of changes""" diff --git a/rootfs/diff.go b/rootfs/diff.go index f396c73ab..226cebccf 100644 --- a/rootfs/diff.go +++ b/rootfs/diff.go @@ -44,7 +44,7 @@ func CreateDiff(ctx context.Context, snapshotID string, sn snapshots.Snapshotter return ocispec.Descriptor{}, err } - lowerKey := fmt.Sprintf("%s-parent-view", info.Parent) + lowerKey := fmt.Sprintf("%s-parent-view-%s", info.Parent, uniquePart()) lower, err := sn.View(ctx, lowerKey, info.Parent) if err != nil { return ocispec.Descriptor{}, err @@ -58,7 +58,7 @@ func CreateDiff(ctx context.Context, snapshotID string, sn snapshots.Snapshotter return ocispec.Descriptor{}, err } } else { - upperKey := fmt.Sprintf("%s-view", snapshotID) + upperKey := fmt.Sprintf("%s-view-%s", snapshotID, uniquePart()) upper, err = sn.View(ctx, upperKey, snapshotID) if err != nil { return ocispec.Descriptor{}, err diff --git a/script/setup/install-cni b/script/setup/install-cni index ebbfd248f..321373ccb 100755 --- a/script/setup/install-cni +++ b/script/setup/install-cni @@ -25,6 +25,12 @@ CNI_COMMIT=${1:-$(grep containernetworking/plugins "$GOPATH"/src/github.com/cont CNI_DIR=${DESTDIR:=''}/opt/cni CNI_CONFIG_DIR=${DESTDIR}/etc/cni/net.d +# e2e and Cirrus will fail with "sudo: command not found" +SUDO='' +if (( $EUID != 0 )); then + SUDO='sudo' +fi + TMPROOT=$(mktemp -d) git clone https://github.com/containernetworking/plugins.git "${TMPROOT}"/plugins pushd "${TMPROOT}"/plugins @@ -32,8 +38,8 @@ git checkout "$CNI_COMMIT" ./build_linux.sh mkdir -p $CNI_DIR cp -r ./bin $CNI_DIR -mkdir -p $CNI_CONFIG_DIR -cat << EOF | tee $CNI_CONFIG_DIR/10-containerd-net.conflist +$SUDO mkdir -p $CNI_CONFIG_DIR +$SUDO cat << EOF | $SUDO tee $CNI_CONFIG_DIR/10-containerd-net.conflist { "cniVersion": "1.0.0", "name": "containerd-net", diff --git a/script/setup/install-critools b/script/setup/install-critools index 251a83e0b..3a8374c44 100755 --- a/script/setup/install-critools +++ b/script/setup/install-critools @@ -22,6 +22,12 @@ set -eu -o pipefail script_dir="$(cd -- "$(dirname -- "$0")" > /dev/null 2>&1; pwd -P)" +# e2e will fail with "sudo: command not found" +SUDO='' +if (( $EUID != 0 )); then + SUDO='sudo' +fi + cd "$(go env GOPATH)" go install github.com/onsi/ginkgo/v2/ginkgo@v2.1.4 @@ -33,10 +39,10 @@ git clone https://github.com/kubernetes-sigs/cri-tools.git "${TMPROOT}/cri-tools pushd "${TMPROOT}"/cri-tools git checkout "$CRITEST_COMMIT" make -make install -e DESTDIR="${DESTDIR}" BINDIR=/usr/local/bin +$SUDO make install -e DESTDIR="${DESTDIR}" BINDIR=/usr/local/bin mkdir -p "${DESTDIR}/etc/" -cat << EOF | tee "${DESTDIR}/etc/crictl.yaml" +$SUDO cat << EOF | $SUDO tee "${DESTDIR}/etc/crictl.yaml" runtime-endpoint: unix:///run/containerd/containerd.sock EOF diff --git a/script/setup/install-runc b/script/setup/install-runc index 7e0437c9b..5c314e1a5 100755 --- a/script/setup/install-runc +++ b/script/setup/install-runc @@ -20,6 +20,14 @@ # set -eu -o pipefail +script_dir="$(cd -- "$(dirname -- "$0")" > /dev/null 2>&1; pwd -P)" + +# e2e and Cirrus will fail with "sudo: command not found" +SUDO='' +if (( $EUID != 0 )); then + SUDO='sudo' +fi + function install_runc() { script_dir="$(cd -- "$(dirname -- "$0")" > /dev/null 2>&1; pwd -P)" @@ -31,15 +39,15 @@ function install_runc() { pushd "${TMPROOT}"/runc git checkout "${RUNC_VERSION}" make BUILDTAGS='seccomp' runc - make install + $SUDO make install popd rm -fR "${TMPROOT}" } function install_crun() { CRUN_VERSION=1.3 - curl -o /usr/local/sbin/runc -L https://github.com/containers/crun/releases/download/"${CRUN_VERSION}"/crun-"${CRUN_VERSION}"-linux-"$(go env GOARCH)" - chmod +x /usr/local/sbin/runc + $SUDO curl -S -o /usr/local/sbin/runc -L https://github.com/containers/crun/releases/download/"${CRUN_VERSION}"/crun-"${CRUN_VERSION}"-linux-"$(go env GOARCH)" + $SUDO chmod +x /usr/local/sbin/runc } : "${RUNC_FLAVOR:=runc}" diff --git a/script/setup/install-seccomp b/script/setup/install-seccomp index a9681562b..8a9dfb462 100755 --- a/script/setup/install-seccomp +++ b/script/setup/install-seccomp @@ -30,8 +30,8 @@ curl -fsSL "https://github.com/seccomp/libseccomp/releases/download/v${SECCOMP_V cd "$SECCOMP_PATH" ./configure --prefix=/usr/local make - make install - ldconfig + sudo make install + sudo ldconfig ) rm -rf "$SECCOMP_PATH" diff --git a/script/setup/prepare_env_windows.ps1 b/script/setup/prepare_env_windows.ps1 index 412705a20..5251f41a0 100644 --- a/script/setup/prepare_env_windows.ps1 +++ b/script/setup/prepare_env_windows.ps1 @@ -1,6 +1,6 @@ # Prepare windows environment for building and running containerd tests -$PACKAGES= @{ mingw = "10.2.0"; git = ""; golang = "1.18.7"; make = ""; nssm = "" } +$PACKAGES= @{ mingw = "10.2.0"; git = ""; golang = "1.18.9"; make = ""; nssm = "" } Write-Host "Downloading chocolatey package" curl.exe -L "https://packages.chocolatey.org/chocolatey.0.10.15.nupkg" -o 'c:\choco.zip' diff --git a/snapshots/devmapper/pool_device_test.go b/snapshots/devmapper/pool_device_test.go index f68d41609..041178473 100644 --- a/snapshots/devmapper/pool_device_test.go +++ b/snapshots/devmapper/pool_device_test.go @@ -40,8 +40,8 @@ const ( thinDevice1 = "thin-1" thinDevice2 = "thin-2" snapDevice1 = "snap-1" - device1Size = 100000 - device2Size = 200000 + device1Size = 1000000 + device2Size = 2000000 testsPrefix = "devmapper-snapshotter-tests-" ) diff --git a/snapshots/overlay/overlayutils/check.go b/snapshots/overlay/overlayutils/check.go index c5b93fc57..17e7547fe 100644 --- a/snapshots/overlay/overlayutils/check.go +++ b/snapshots/overlay/overlayutils/check.go @@ -23,13 +23,20 @@ import ( "fmt" "os" "path/filepath" + "syscall" + kernel "github.com/containerd/containerd/contrib/seccomp/kernelversion" "github.com/containerd/containerd/log" "github.com/containerd/containerd/mount" "github.com/containerd/containerd/pkg/userns" "github.com/containerd/continuity/fs" ) +const ( + // see https://man7.org/linux/man-pages/man2/statfs.2.html + tmpfsMagic = 0x01021994 +) + // SupportsMultipleLowerDir checks if the system supports multiple lowerdirs, // which is required for the overlay snapshotter. On 4.x kernels, multiple lowerdirs // are always available (so this check isn't needed), and backported to RHEL and @@ -87,6 +94,21 @@ func Supported(root string) error { return SupportsMultipleLowerDir(root) } +// IsPathOnTmpfs returns whether the path is on a tmpfs or not. +// +// It uses statfs to check if the fs type is TMPFS_MAGIC (0x01021994) +// see https://man7.org/linux/man-pages/man2/statfs.2.html +func IsPathOnTmpfs(d string) bool { + stat := syscall.Statfs_t{} + err := syscall.Statfs(d, &stat) + if err != nil { + log.L.WithError(err).Warnf("Could not retrieve statfs for %v", d) + return false + } + + return stat.Type == tmpfsMagic +} + // NeedsUserXAttr returns whether overlayfs should be mounted with the "userxattr" mount option. // // The "userxattr" option is needed for mounting overlayfs inside a user namespace with kernel >= 5.11. @@ -113,10 +135,19 @@ func NeedsUserXAttr(d string) (bool, error) { return false, nil } - // TODO: add fast path for kernel >= 5.11 . + // userxattr not permitted on tmpfs https://man7.org/linux/man-pages/man5/tmpfs.5.html + if IsPathOnTmpfs(d) { + return false, nil + } + + // Fast path on kernels >= 5.11 // - // Keep in mind that distro vendors might be going to backport the patch to older kernels. - // So we can't completely remove the check. + // Keep in mind that distro vendors might be going to backport the patch to older kernels + // so we can't completely remove the "slow path". + fiveDotEleven := kernel.KernelVersion{Kernel: 5, Major: 11} + if ok, err := kernel.GreaterEqualThan(fiveDotEleven); err == nil && ok { + return true, nil + } tdRoot := filepath.Join(d, "userxattr-check") if err := os.RemoveAll(tdRoot); err != nil { diff --git a/task.go b/task.go index 692d92c1d..105d4fbc3 100644 --- a/task.go +++ b/task.go @@ -310,6 +310,11 @@ func (t *task) Delete(ctx context.Context, opts ...ProcessDeleteOpts) (*ExitStat // On windows Created is akin to Stopped break } + if t.pid == 0 { + // allow for deletion of created tasks with PID 0 + // https://github.com/containerd/containerd/issues/7357 + break + } fallthrough default: return nil, fmt.Errorf("task must be stopped before deletion: %s: %w", status.Status, errdefs.ErrFailedPrecondition) diff --git a/vendor/github.com/Microsoft/hcsshim/internal/cow/cow.go b/vendor/github.com/Microsoft/hcsshim/internal/cow/cow.go index 27a62a723..f46af33bb 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/cow/cow.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/cow/cow.go @@ -86,6 +86,12 @@ type Container interface { // container to be terminated by some error condition (including calling // Close). Wait() error + // WaitChannel returns the wait channel of the container + WaitChannel() <-chan struct{} + // WaitError returns the container termination error. + // This function should only be called after the channel in WaitChannel() + // is closed. Otherwise it is not thread safe. + WaitError() error // Modify sends a request to modify container resources Modify(ctx context.Context, config interface{}) error } diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/errors.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/errors.go index e21354ffd..295d4b849 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/hcs/errors.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/errors.go @@ -154,7 +154,7 @@ func (e *HcsError) Error() string { func (e *HcsError) Temporary() bool { err, ok := e.Err.(net.Error) - return ok && err.Temporary() + return ok && err.Temporary() //nolint:staticcheck } func (e *HcsError) Timeout() bool { @@ -193,7 +193,7 @@ func (e *SystemError) Error() string { func (e *SystemError) Temporary() bool { err, ok := e.Err.(net.Error) - return ok && err.Temporary() + return ok && err.Temporary() //nolint:staticcheck } func (e *SystemError) Timeout() bool { @@ -224,7 +224,7 @@ func (e *ProcessError) Error() string { func (e *ProcessError) Temporary() bool { err, ok := e.Err.(net.Error) - return ok && err.Temporary() + return ok && err.Temporary() //nolint:staticcheck } func (e *ProcessError) Timeout() bool { diff --git a/vendor/github.com/Microsoft/hcsshim/internal/hcs/system.go b/vendor/github.com/Microsoft/hcsshim/internal/hcs/system.go index 1d45a703b..a76f6b253 100644 --- a/vendor/github.com/Microsoft/hcsshim/internal/hcs/system.go +++ b/vendor/github.com/Microsoft/hcsshim/internal/hcs/system.go @@ -287,11 +287,19 @@ func (computeSystem *System) waitBackground() { oc.SetSpanStatus(span, err) } +func (computeSystem *System) WaitChannel() <-chan struct{} { + return computeSystem.waitBlock +} + +func (computeSystem *System) WaitError() error { + return computeSystem.waitError +} + // Wait synchronously waits for the compute system to shutdown or terminate. If // the compute system has already exited returns the previous error (if any). func (computeSystem *System) Wait() error { - <-computeSystem.waitBlock - return computeSystem.waitError + <-computeSystem.WaitChannel() + return computeSystem.WaitError() } // ExitError returns an error describing the reason the compute system terminated. diff --git a/vendor/github.com/containerd/cgroups/README.md b/vendor/github.com/containerd/cgroups/README.md index fc2c7a9be..eccb9d984 100644 --- a/vendor/github.com/containerd/cgroups/README.md +++ b/vendor/github.com/containerd/cgroups/README.md @@ -26,7 +26,7 @@ uses the v1 implementation of cgroups. ```go shares := uint64(100) control, err := cgroups.New(cgroups.V1, cgroups.StaticPath("/test"), &specs.LinuxResources{ - CPU: &specs.CPU{ + CPU: &specs.LinuxCPU{ Shares: &shares, }, }) diff --git a/vendor/github.com/containerd/cgroups/Vagrantfile b/vendor/github.com/containerd/cgroups/Vagrantfile index 4596ad8a7..9a4aac8cb 100644 --- a/vendor/github.com/containerd/cgroups/Vagrantfile +++ b/vendor/github.com/containerd/cgroups/Vagrantfile @@ -3,19 +3,19 @@ Vagrant.configure("2") do |config| # Fedora box is used for testing cgroup v2 support - config.vm.box = "fedora/32-cloud-base" + config.vm.box = "fedora/35-cloud-base" config.vm.provider :virtualbox do |v| - v.memory = 2048 + v.memory = 4096 v.cpus = 2 end config.vm.provider :libvirt do |v| - v.memory = 2048 + v.memory = 4096 v.cpus = 2 end config.vm.provision "shell", inline: <<-SHELL set -eux -o pipefail # configuration - GO_VERSION="1.15" + GO_VERSION="1.17.7" # install gcc and Golang dnf -y install gcc diff --git a/vendor/github.com/containerd/cgroups/utils.go b/vendor/github.com/containerd/cgroups/utils.go index 2297980d9..217138975 100644 --- a/vendor/github.com/containerd/cgroups/utils.go +++ b/vendor/github.com/containerd/cgroups/utils.go @@ -261,21 +261,28 @@ func parseKV(raw string) (string, uint64, error) { // "pids": "/user.slice/user-1000.slice" // etc. // -// Note that for cgroup v2 unified hierarchy, there are no per-controller -// cgroup paths, so the resulting map will have a single element where the key -// is empty string ("") and the value is the cgroup path the is in. +// The resulting map does not have an element for cgroup v2 unified hierarchy. +// Use ParseCgroupFileUnified to get the unified path. func ParseCgroupFile(path string) (map[string]string, error) { + x, _, err := ParseCgroupFileUnified(path) + return x, err +} + +// ParseCgroupFileUnified returns legacy subsystem paths as the first value, +// and returns the unified path as the second value. +func ParseCgroupFileUnified(path string) (map[string]string, string, error) { f, err := os.Open(path) if err != nil { - return nil, err + return nil, "", err } defer f.Close() - return parseCgroupFromReader(f) + return parseCgroupFromReaderUnified(f) } -func parseCgroupFromReader(r io.Reader) (map[string]string, error) { +func parseCgroupFromReaderUnified(r io.Reader) (map[string]string, string, error) { var ( cgroups = make(map[string]string) + unified = "" s = bufio.NewScanner(r) ) for s.Scan() { @@ -284,18 +291,20 @@ func parseCgroupFromReader(r io.Reader) (map[string]string, error) { parts = strings.SplitN(text, ":", 3) ) if len(parts) < 3 { - return nil, fmt.Errorf("invalid cgroup entry: %q", text) + return nil, unified, fmt.Errorf("invalid cgroup entry: %q", text) } for _, subs := range strings.Split(parts[1], ",") { - if subs != "" { + if subs == "" { + unified = parts[2] + } else { cgroups[subs] = parts[2] } } } if err := s.Err(); err != nil { - return nil, err + return nil, unified, err } - return cgroups, nil + return cgroups, unified, nil } func getCgroupDestination(subsystem string) (string, error) { diff --git a/vendor/github.com/containerd/cgroups/v2/manager.go b/vendor/github.com/containerd/cgroups/v2/manager.go index afed14c6e..1f017509f 100644 --- a/vendor/github.com/containerd/cgroups/v2/manager.go +++ b/vendor/github.com/containerd/cgroups/v2/manager.go @@ -240,6 +240,10 @@ func (c *Manager) Controllers() ([]string, error) { return strings.Fields(string(b)), nil } +func (c *Manager) Update(resources *Resources) error { + return setResources(c.path, resources) +} + type ControllerToggle int const ( @@ -701,12 +705,39 @@ func setDevices(path string, devices []specs.LinuxDeviceCgroup) error { return nil } +// getSystemdFullPath returns the full systemd path when creating a systemd slice group. +// the reason this is necessary is because the "-" character has a special meaning in +// systemd slice. For example, when creating a slice called "my-group-112233.slice", +// systemd will create a hierarchy like this: +// /sys/fs/cgroup/my.slice/my-group.slice/my-group-112233.slice +func getSystemdFullPath(slice, group string) string { + return filepath.Join(defaultCgroup2Path, dashesToPath(slice), dashesToPath(group)) +} + +// dashesToPath converts a slice name with dashes to it's corresponding systemd filesystem path. +func dashesToPath(in string) string { + path := "" + if strings.HasSuffix(in, ".slice") && strings.Contains(in, "-") { + parts := strings.Split(in, "-") + for i := range parts { + s := strings.Join(parts[0:i+1], "-") + if !strings.HasSuffix(s, ".slice") { + s += ".slice" + } + path = filepath.Join(path, s) + } + } else { + path = filepath.Join(path, in) + } + return path +} + func NewSystemd(slice, group string, pid int, resources *Resources) (*Manager, error) { if slice == "" { slice = defaultSlice } ctx := context.TODO() - path := filepath.Join(defaultCgroup2Path, slice, group) + path := getSystemdFullPath(slice, group) conn, err := systemdDbus.NewWithContext(ctx) if err != nil { return &Manager{}, err @@ -734,12 +765,17 @@ func NewSystemd(slice, group string, pid int, resources *Resources) (*Manager, e properties = append(properties, newSystemdProperty("PIDs", []uint32{uint32(pid)})) } - if resources.Memory != nil && *resources.Memory.Max != 0 { + if resources.Memory != nil && resources.Memory.Min != nil && *resources.Memory.Min != 0 { + properties = append(properties, + newSystemdProperty("MemoryMin", uint64(*resources.Memory.Min))) + } + + if resources.Memory != nil && resources.Memory.Max != nil && *resources.Memory.Max != 0 { properties = append(properties, newSystemdProperty("MemoryMax", uint64(*resources.Memory.Max))) } - if resources.CPU != nil && *resources.CPU.Weight != 0 { + if resources.CPU != nil && resources.CPU.Weight != nil && *resources.CPU.Weight != 0 { properties = append(properties, newSystemdProperty("CPUWeight", *resources.CPU.Weight)) } @@ -796,9 +832,9 @@ func LoadSystemd(slice, group string) (*Manager, error) { if slice == "" { slice = defaultSlice } - group = filepath.Join(defaultCgroup2Path, slice, group) + path := getSystemdFullPath(slice, group) return &Manager{ - path: group, + path: path, }, nil } diff --git a/vendor/github.com/containerd/cgroups/v2/memory.go b/vendor/github.com/containerd/cgroups/v2/memory.go index 72f94b738..6f4733be6 100644 --- a/vendor/github.com/containerd/cgroups/v2/memory.go +++ b/vendor/github.com/containerd/cgroups/v2/memory.go @@ -18,6 +18,7 @@ package v2 type Memory struct { Swap *int64 + Min *int64 Max *int64 Low *int64 High *int64 @@ -30,6 +31,12 @@ func (r *Memory) Values() (o []Value) { value: *r.Swap, }) } + if r.Min != nil { + o = append(o, Value{ + filename: "memory.min", + value: *r.Min, + }) + } if r.Max != nil { o = append(o, Value{ filename: "memory.max", diff --git a/vendor/github.com/containerd/cgroups/v2/utils.go b/vendor/github.com/containerd/cgroups/v2/utils.go index 902466f51..240c92677 100644 --- a/vendor/github.com/containerd/cgroups/v2/utils.go +++ b/vendor/github.com/containerd/cgroups/v2/utils.go @@ -227,7 +227,7 @@ func ToResources(spec *specs.LinuxResources) *Resources { if i := spec.Rdma; i != nil { resources.RDMA = &RDMA{} for device, value := range spec.Rdma { - if device != "" && (value.HcaHandles != nil || value.HcaObjects != nil) { + if device != "" && (value.HcaHandles != nil && value.HcaObjects != nil) { resources.RDMA.Limit = append(resources.RDMA.Limit, RDMAEntry{ Device: device, HcaHandles: *value.HcaHandles, diff --git a/vendor/modules.txt b/vendor/modules.txt index e8bd4111c..2eb01b616 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -11,7 +11,7 @@ github.com/Microsoft/go-winio/pkg/fs github.com/Microsoft/go-winio/pkg/guid github.com/Microsoft/go-winio/pkg/security github.com/Microsoft/go-winio/vhd -# github.com/Microsoft/hcsshim v0.9.4 +# github.com/Microsoft/hcsshim v0.9.6 ## explicit; go 1.13 github.com/Microsoft/hcsshim github.com/Microsoft/hcsshim/cmd/containerd-shim-runhcs-v1/options @@ -74,8 +74,8 @@ github.com/containerd/aufs/plugin # github.com/containerd/btrfs v1.0.0 ## explicit; go 1.15 github.com/containerd/btrfs -# github.com/containerd/cgroups v1.0.3 -## explicit; go 1.16 +# github.com/containerd/cgroups v1.0.4 +## explicit; go 1.17 github.com/containerd/cgroups github.com/containerd/cgroups/stats/v1 github.com/containerd/cgroups/v2 @@ -288,7 +288,7 @@ github.com/klauspost/compress/huff0 github.com/klauspost/compress/snappy github.com/klauspost/compress/zstd github.com/klauspost/compress/zstd/internal/xxhash -# github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 +# github.com/matttproud/golang_protobuf_extensions v1.0.4 ## explicit; go 1.9 github.com/matttproud/golang_protobuf_extensions/pbutil # github.com/miekg/pkcs11 v1.1.1 diff --git a/version/version.go b/version/version.go index 2e05f65bd..7246cc0b1 100644 --- a/version/version.go +++ b/version/version.go @@ -23,7 +23,7 @@ var ( Package = "github.com/containerd/containerd" // Version holds the complete version number. Filled in at linking time. - Version = "1.6.9+unknown" + Version = "1.6.15+unknown" // Revision is filled with the VCS (e.g. git) revision being used to build // the program at linking time.