diff --git a/docs/design/kata-design-requirements.md b/docs/design/kata-design-requirements.md index 22edac97e6..5706e03476 100644 --- a/docs/design/kata-design-requirements.md +++ b/docs/design/kata-design-requirements.md @@ -30,7 +30,7 @@ The Kata Containers runtime **MUST** implement the following command line option The Kata Containers project **MUST** provide two interfaces for CRI shims to manage hardware virtualization based Kubernetes pods and containers: - An OCI and `runc` compatible command line interface, as described in the previous section. -This interface is used by implementations such as [`CRI-O`](http://cri-o.io) and [`cri-containerd`](https://github.com/containerd/cri-containerd), for example. +This interface is used by implementations such as [`CRI-O`](http://cri-o.io) and [`containerd`](https://github.com/containerd/containerd), for example. - A hardware virtualization runtime library API for CRI shims to consume and provide a more CRI native implementation. The [`frakti`](https://github.com/kubernetes/frakti) CRI shim is an example of such a consumer. diff --git a/docs/how-to/README.md b/docs/how-to/README.md index 177083c159..44ffa21d3a 100644 --- a/docs/how-to/README.md +++ b/docs/how-to/README.md @@ -5,7 +5,7 @@ - [Run Kata containers with `crictl`](run-kata-with-crictl.md) - [Run Kata Containers with Kubernetes](run-kata-with-k8s.md) - [How to use Kata Containers and Containerd](containerd-kata.md) -- [How to use Kata Containers and CRI (containerd plugin) with Kubernetes](how-to-use-k8s-with-cri-containerd-and-kata.md) +- [How to use Kata Containers and CRI (containerd) with Kubernetes](how-to-use-k8s-with-cri-containerd-and-kata.md) - [Kata Containers and service mesh for Kubernetes](service-mesh.md) - [How to import Kata Containers logs into Fluentd](how-to-import-kata-logs-with-fluentd.md) diff --git a/docs/how-to/how-to-use-k8s-with-cri-containerd-and-kata.md b/docs/how-to/how-to-use-k8s-with-cri-containerd-and-kata.md index 47687fa6ba..4df8c111cd 100644 --- a/docs/how-to/how-to-use-k8s-with-cri-containerd-and-kata.md +++ b/docs/how-to/how-to-use-k8s-with-cri-containerd-and-kata.md @@ -3,7 +3,7 @@ This document describes how to set up a single-machine Kubernetes (k8s) cluster. The Kubernetes cluster will use the -[CRI containerd plugin](https://github.com/containerd/containerd/tree/main/pkg/cri) and +[CRI containerd](https://github.com/containerd/containerd/) and [Kata Containers](https://katacontainers.io) to launch untrusted workloads. ## Requirements diff --git a/docs/how-to/privileged.md b/docs/how-to/privileged.md index 32ee486b70..fcffb58da5 100644 --- a/docs/how-to/privileged.md +++ b/docs/how-to/privileged.md @@ -16,9 +16,9 @@ from the host, a potentially undesirable side-effect that decreases the security The following sections document how to configure this behavior in different container runtimes. -#### Containerd and CRI +#### Containerd -The Containerd CRI allows configuring the privileged host devices behavior for each runtime in the CRI config. This is +The Containerd allows configuring the privileged host devices behavior for each runtime in the containerd config. This is done with the `privileged_without_host_devices` option. Setting this to `true` will disable hot plugging of the host devices into the guest, even when privileged is enabled. @@ -41,7 +41,7 @@ See below example config: ``` - [Kata Containers with Containerd and CRI documentation](how-to-use-k8s-with-cri-containerd-and-kata.md) - - [Containerd CRI config documentation](https://github.com/containerd/cri/blob/master/docs/config.md) + - [Containerd CRI config documentation](https://github.com/containerd/containerd/blob/main/docs/cri/config.md) #### CRI-O diff --git a/docs/how-to/run-kata-with-k8s.md b/docs/how-to/run-kata-with-k8s.md index 011d2b6bb4..98da0622fa 100644 --- a/docs/how-to/run-kata-with-k8s.md +++ b/docs/how-to/run-kata-with-k8s.md @@ -9,7 +9,7 @@ Kubernetes CRI (Container Runtime Interface) implementations allow using any OCI-compatible runtime with Kubernetes, such as the Kata Containers runtime. Kata Containers support both the [CRI-O](https://github.com/kubernetes-incubator/cri-o) and -[CRI-containerd](https://github.com/containerd/cri) CRI implementations. +[containerd](https://github.com/containerd/containerd) CRI implementations. After choosing one CRI implementation, you must make the appropriate configuration to ensure it integrates with Kata Containers. @@ -111,11 +111,7 @@ manage_ns_lifecycle = true ``` -### containerd with CRI plugin - -If you select containerd with `cri` plugin, follow the "Getting Started for Developers" -instructions [here](https://github.com/containerd/cri#getting-started-for-developers) -to properly install it. +### containerd To customize containerd to select Kata Containers runtime, follow our "Configure containerd to use Kata Containers" internal documentation @@ -160,7 +156,7 @@ $ sudo systemctl restart kubelet # If using CRI-O $ sudo kubeadm init --ignore-preflight-errors=all --cri-socket /var/run/crio/crio.sock --pod-network-cidr=10.244.0.0/16 -# If using CRI-containerd +# If using containerd $ sudo kubeadm init --ignore-preflight-errors=all --cri-socket /run/containerd/containerd.sock --pod-network-cidr=10.244.0.0/16 $ export KUBECONFIG=/etc/kubernetes/admin.conf diff --git a/docs/how-to/service-mesh.md b/docs/how-to/service-mesh.md index ca69ad9828..0c6502192f 100644 --- a/docs/how-to/service-mesh.md +++ b/docs/how-to/service-mesh.md @@ -34,7 +34,7 @@ as the proxy starts. Follow the [instructions](../install/README.md) to get Kata Containers properly installed and configured with Kubernetes. -You can choose between CRI-O and CRI-containerd, both are supported +You can choose between CRI-O and containerd, both are supported through this document. For both cases, select the workloads as _trusted_ by default. This way, @@ -159,7 +159,7 @@ containers with `privileged: true` to `privileged: false`. There is no difference between Istio and Linkerd in this section. It is about which CRI implementation you use. -For both CRI-O and CRI-containerd, you have to add an annotation indicating +For both CRI-O and containerd, you have to add an annotation indicating the workload for this deployment is not _trusted_, which will trigger `kata-runtime` to be called instead of `runc`. @@ -193,9 +193,9 @@ spec: ... ``` -__CRI-containerd:__ +__containerd:__ -Add the following annotation for CRI-containerd +Add the following annotation for containerd ```yaml io.kubernetes.cri.untrusted-workload: "true" ``` diff --git a/src/runtime/go.mod b/src/runtime/go.mod index f6b3e83260..90e8e40409 100644 --- a/src/runtime/go.mod +++ b/src/runtime/go.mod @@ -9,7 +9,6 @@ require ( github.com/containerd/cgroups v1.0.1 github.com/containerd/console v1.0.2 github.com/containerd/containerd v1.5.7 - github.com/containerd/cri-containerd v1.11.1-0.20190125013620-4dd6735020f5 github.com/containerd/fifo v1.0.0 github.com/containerd/ttrpc v1.0.2 github.com/containerd/typeurl v1.0.2 diff --git a/src/runtime/go.sum b/src/runtime/go.sum index 0f5e905352..3706943100 100644 --- a/src/runtime/go.sum +++ b/src/runtime/go.sum @@ -114,8 +114,6 @@ github.com/containerd/containerd v1.5.7/go.mod h1:gyvv6+ugqY25TiXxcZC3L5yOeYgEw0 github.com/containerd/continuity v0.0.0-20210208174643-50096c924a4e/go.mod h1:EXlVlkqNba9rJe3j7w3Xa924itAMLgZH4UD/Q4PExuQ= github.com/containerd/continuity v0.1.0 h1:UFRRY5JemiAhPZrr/uE0n8fMTLcZsUvySPr1+D7pgr8= github.com/containerd/continuity v0.1.0/go.mod h1:ICJu0PwR54nI0yPEnJ6jcS+J7CZAUXrLh8lPo2knzsM= -github.com/containerd/cri-containerd v1.11.1-0.20190125013620-4dd6735020f5 h1:/srF029I+oDfm/qeltxCGJyJ8urmlqWGOQmQ7HvwrRc= -github.com/containerd/cri-containerd v1.11.1-0.20190125013620-4dd6735020f5/go.mod h1:wxbGdReWGCalzGOEpifoHeYCK4xAgnj4o/4bVB+9voU= github.com/containerd/fifo v1.0.0 h1:6PirWBr9/L7GDamKr+XM0IeUFXu5mf3M/BPpH9gaLBU= github.com/containerd/fifo v1.0.0/go.mod h1:ocF/ME1SX5b1AOlWi9r677YJmCPSwwWnQ9O123vzpE4= github.com/containerd/go-cni v1.0.2/go.mod h1:nrNABBHzu0ZwCug9Ije8hL2xBCYh/pjfMb1aZGrrohk= diff --git a/src/runtime/pkg/containerd-shim-v2/create.go b/src/runtime/pkg/containerd-shim-v2/create.go index 3a0814e86a..ce09981262 100644 --- a/src/runtime/pkg/containerd-shim-v2/create.go +++ b/src/runtime/pkg/containerd-shim-v2/create.go @@ -27,10 +27,11 @@ import ( "github.com/pkg/errors" // only register the proto type - crioption "github.com/containerd/containerd/pkg/runtimeoptions/v1" _ "github.com/containerd/containerd/runtime/linux/runctypes" _ "github.com/containerd/containerd/runtime/v2/runc/options" - oldcrioption "github.com/containerd/cri-containerd/pkg/api/runtimeoptions/v1" + + crioption "github.com/containerd/containerd/pkg/runtimeoptions/v1" + oldcrioption "github.com/containerd/containerd/pkg/runtimeoptions/v1" "github.com/kata-containers/kata-containers/src/runtime/pkg/katautils" "github.com/kata-containers/kata-containers/src/runtime/pkg/katautils/katatrace" diff --git a/src/runtime/pkg/containerd-shim-v2/create_test.go b/src/runtime/pkg/containerd-shim-v2/create_test.go index d2e0b58244..0cf42da79b 100644 --- a/src/runtime/pkg/containerd-shim-v2/create_test.go +++ b/src/runtime/pkg/containerd-shim-v2/create_test.go @@ -16,8 +16,8 @@ import ( "testing" "github.com/containerd/containerd/namespaces" + crioption "github.com/containerd/containerd/pkg/runtimeoptions/v1" taskAPI "github.com/containerd/containerd/runtime/v2/task" - crioption "github.com/containerd/cri-containerd/pkg/api/runtimeoptions/v1" "github.com/containerd/typeurl" specs "github.com/opencontainers/runtime-spec/specs-go" "github.com/stretchr/testify/assert" diff --git a/src/runtime/vendor/github.com/containerd/containerd/pkg/cri/annotations/annotations.go b/src/runtime/vendor/github.com/containerd/containerd/pkg/cri/annotations/annotations.go new file mode 100644 index 0000000000..68a0f48373 --- /dev/null +++ b/src/runtime/vendor/github.com/containerd/containerd/pkg/cri/annotations/annotations.go @@ -0,0 +1,62 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ + +package annotations + +// ContainerType values +// Following OCI annotations are used by katacontainers now. +// We'll switch to standard secure pod API after it is defined in CRI. +const ( + // ContainerTypeSandbox represents a pod sandbox container + ContainerTypeSandbox = "sandbox" + + // ContainerTypeContainer represents a container running within a pod + ContainerTypeContainer = "container" + + // ContainerType is the container type (sandbox or container) annotation + ContainerType = "io.kubernetes.cri.container-type" + + // SandboxID is the sandbox ID annotation + SandboxID = "io.kubernetes.cri.sandbox-id" + + // SandboxLogDir is the pod log directory annotation. + // If the sandbox needs to generate any log, it will put it into this directory. + // Kubelet will be responsible for: + // 1) Monitoring the disk usage of the log, and including it as part of the pod + // ephemeral storage usage. + // 2) Cleaning up the logs when the pod is deleted. + // NOTE: Kubelet is not responsible for rotating the logs. + SandboxLogDir = "io.kubernetes.cri.sandbox-log-directory" + + // UntrustedWorkload is the sandbox annotation for untrusted workload. Untrusted + // workload can only run on dedicated runtime for untrusted workload. + UntrustedWorkload = "io.kubernetes.cri.untrusted-workload" + + // SandboxNamespace is the name of the namespace of the sandbox (pod) + SandboxNamespace = "io.kubernetes.cri.sandbox-namespace" + + // SandboxName is the name of the sandbox (pod) + SandboxName = "io.kubernetes.cri.sandbox-name" + + // ContainerName is the name of the container in the pod + ContainerName = "io.kubernetes.cri.container-name" + + // ImageName is the name of the image used to create the container + ImageName = "io.kubernetes.cri.image-name" + + // PodAnnotations are the annotations of the pod + PodAnnotations = "io.kubernetes.cri.pod-annotations" +) diff --git a/src/runtime/vendor/github.com/containerd/cri-containerd/LICENSE b/src/runtime/vendor/github.com/containerd/cri-containerd/LICENSE deleted file mode 100644 index 8dada3edaf..0000000000 --- a/src/runtime/vendor/github.com/containerd/cri-containerd/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "{}" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright {yyyy} {name of copyright owner} - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/src/runtime/vendor/github.com/containerd/cri-containerd/pkg/annotations/annotations.go b/src/runtime/vendor/github.com/containerd/cri-containerd/pkg/annotations/annotations.go deleted file mode 100644 index be63ba27a4..0000000000 --- a/src/runtime/vendor/github.com/containerd/cri-containerd/pkg/annotations/annotations.go +++ /dev/null @@ -1,38 +0,0 @@ -/* -Copyright 2018 The Containerd Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package annotations - -// ContainerType values -// Following OCI annotations are used by katacontainers now. -// We'll switch to standard secure pod API after it is defined in CRI. -const ( - // ContainerTypeSandbox represents a pod sandbox container - ContainerTypeSandbox = "sandbox" - - // ContainerTypeContainer represents a container running within a pod - ContainerTypeContainer = "container" - - // ContainerType is the container type (sandbox or container) annotation - ContainerType = "io.kubernetes.cri.container-type" - - // SandboxID is the sandbox ID annotation - SandboxID = "io.kubernetes.cri.sandbox-id" - - // UntrustedWorkload is the sandbox annotation for untrusted workload. Untrusted - // workload can only run on dedicated runtime for untrusted workload. - UntrustedWorkload = "io.kubernetes.cri.untrusted-workload" -) diff --git a/src/runtime/vendor/github.com/containerd/cri-containerd/pkg/api/runtimeoptions/v1/api.pb.go b/src/runtime/vendor/github.com/containerd/cri-containerd/pkg/api/runtimeoptions/v1/api.pb.go deleted file mode 100644 index 71341ec78d..0000000000 --- a/src/runtime/vendor/github.com/containerd/cri-containerd/pkg/api/runtimeoptions/v1/api.pb.go +++ /dev/null @@ -1,394 +0,0 @@ -/* -Copyright 2019 The containerd Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ -// Code generated by protoc-gen-gogo. DO NOT EDIT. -// source: api.proto - -/* - Package cri_runtimeoptions_v1 is a generated protocol buffer package. - - It is generated from these files: - api.proto - - It has these top-level messages: - Options -*/ -package cri_runtimeoptions_v1 - -import proto "github.com/gogo/protobuf/proto" -import fmt "fmt" -import math "math" -import _ "github.com/gogo/protobuf/gogoproto" - -import strings "strings" -import reflect "reflect" - -import io "io" - -// Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf - -// This is a compile-time assertion to ensure that this generated file -// is compatible with the proto package it is being compiled against. -// A compilation error at this line likely means your copy of the -// proto package needs to be updated. -const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package - -type Options struct { - // TypeUrl specifies the type of the content inside the config file. - TypeUrl string `protobuf:"bytes,1,opt,name=type_url,json=typeUrl,proto3" json:"type_url,omitempty"` - // ConfigPath specifies the filesystem location of the config file - // used by the runtime. - ConfigPath string `protobuf:"bytes,2,opt,name=config_path,json=configPath,proto3" json:"config_path,omitempty"` -} - -func (m *Options) Reset() { *m = Options{} } -func (*Options) ProtoMessage() {} -func (*Options) Descriptor() ([]byte, []int) { return fileDescriptorApi, []int{0} } - -func (m *Options) GetTypeUrl() string { - if m != nil { - return m.TypeUrl - } - return "" -} - -func (m *Options) GetConfigPath() string { - if m != nil { - return m.ConfigPath - } - return "" -} - -func init() { - proto.RegisterType((*Options)(nil), "cri.runtimeoptions.v1.Options") -} -func (m *Options) Marshal() (dAtA []byte, err error) { - size := m.Size() - dAtA = make([]byte, size) - n, err := m.MarshalTo(dAtA) - if err != nil { - return nil, err - } - return dAtA[:n], nil -} - -func (m *Options) MarshalTo(dAtA []byte) (int, error) { - var i int - _ = i - var l int - _ = l - if len(m.TypeUrl) > 0 { - dAtA[i] = 0xa - i++ - i = encodeVarintApi(dAtA, i, uint64(len(m.TypeUrl))) - i += copy(dAtA[i:], m.TypeUrl) - } - if len(m.ConfigPath) > 0 { - dAtA[i] = 0x12 - i++ - i = encodeVarintApi(dAtA, i, uint64(len(m.ConfigPath))) - i += copy(dAtA[i:], m.ConfigPath) - } - return i, nil -} - -func encodeVarintApi(dAtA []byte, offset int, v uint64) int { - for v >= 1<<7 { - dAtA[offset] = uint8(v&0x7f | 0x80) - v >>= 7 - offset++ - } - dAtA[offset] = uint8(v) - return offset + 1 -} -func (m *Options) Size() (n int) { - var l int - _ = l - l = len(m.TypeUrl) - if l > 0 { - n += 1 + l + sovApi(uint64(l)) - } - l = len(m.ConfigPath) - if l > 0 { - n += 1 + l + sovApi(uint64(l)) - } - return n -} - -func sovApi(x uint64) (n int) { - for { - n++ - x >>= 7 - if x == 0 { - break - } - } - return n -} -func sozApi(x uint64) (n int) { - return sovApi(uint64((x << 1) ^ uint64((int64(x) >> 63)))) -} -func (this *Options) String() string { - if this == nil { - return "nil" - } - s := strings.Join([]string{`&Options{`, - `TypeUrl:` + fmt.Sprintf("%v", this.TypeUrl) + `,`, - `ConfigPath:` + fmt.Sprintf("%v", this.ConfigPath) + `,`, - `}`, - }, "") - return s -} -func valueToStringApi(v interface{}) string { - rv := reflect.ValueOf(v) - if rv.IsNil() { - return "nil" - } - pv := reflect.Indirect(rv).Interface() - return fmt.Sprintf("*%v", pv) -} -func (m *Options) Unmarshal(dAtA []byte) error { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - preIndex := iNdEx - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowApi - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - fieldNum := int32(wire >> 3) - wireType := int(wire & 0x7) - if wireType == 4 { - return fmt.Errorf("proto: Options: wiretype end group for non-group") - } - if fieldNum <= 0 { - return fmt.Errorf("proto: Options: illegal tag %d (wire type %d)", fieldNum, wire) - } - switch fieldNum { - case 1: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field TypeUrl", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowApi - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthApi - } - postIndex := iNdEx + intStringLen - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.TypeUrl = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - case 2: - if wireType != 2 { - return fmt.Errorf("proto: wrong wireType = %d for field ConfigPath", wireType) - } - var stringLen uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return ErrIntOverflowApi - } - if iNdEx >= l { - return io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - stringLen |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - intStringLen := int(stringLen) - if intStringLen < 0 { - return ErrInvalidLengthApi - } - postIndex := iNdEx + intStringLen - if postIndex > l { - return io.ErrUnexpectedEOF - } - m.ConfigPath = string(dAtA[iNdEx:postIndex]) - iNdEx = postIndex - default: - iNdEx = preIndex - skippy, err := skipApi(dAtA[iNdEx:]) - if err != nil { - return err - } - if skippy < 0 { - return ErrInvalidLengthApi - } - if (iNdEx + skippy) > l { - return io.ErrUnexpectedEOF - } - iNdEx += skippy - } - } - - if iNdEx > l { - return io.ErrUnexpectedEOF - } - return nil -} -func skipApi(dAtA []byte) (n int, err error) { - l := len(dAtA) - iNdEx := 0 - for iNdEx < l { - var wire uint64 - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowApi - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - wire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - wireType := int(wire & 0x7) - switch wireType { - case 0: - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowApi - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - iNdEx++ - if dAtA[iNdEx-1] < 0x80 { - break - } - } - return iNdEx, nil - case 1: - iNdEx += 8 - return iNdEx, nil - case 2: - var length int - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowApi - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - length |= (int(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - iNdEx += length - if length < 0 { - return 0, ErrInvalidLengthApi - } - return iNdEx, nil - case 3: - for { - var innerWire uint64 - var start int = iNdEx - for shift := uint(0); ; shift += 7 { - if shift >= 64 { - return 0, ErrIntOverflowApi - } - if iNdEx >= l { - return 0, io.ErrUnexpectedEOF - } - b := dAtA[iNdEx] - iNdEx++ - innerWire |= (uint64(b) & 0x7F) << shift - if b < 0x80 { - break - } - } - innerWireType := int(innerWire & 0x7) - if innerWireType == 4 { - break - } - next, err := skipApi(dAtA[start:]) - if err != nil { - return 0, err - } - iNdEx = start + next - } - return iNdEx, nil - case 4: - return iNdEx, nil - case 5: - iNdEx += 4 - return iNdEx, nil - default: - return 0, fmt.Errorf("proto: illegal wireType %d", wireType) - } - } - panic("unreachable") -} - -var ( - ErrInvalidLengthApi = fmt.Errorf("proto: negative length found during unmarshaling") - ErrIntOverflowApi = fmt.Errorf("proto: integer overflow") -) - -func init() { proto.RegisterFile("api.proto", fileDescriptorApi) } - -var fileDescriptorApi = []byte{ - // 183 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x4c, 0x2c, 0xc8, 0xd4, - 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x12, 0x4d, 0x2e, 0xca, 0xd4, 0x2b, 0x2a, 0xcd, 0x2b, 0xc9, - 0xcc, 0x4d, 0xcd, 0x2f, 0x28, 0xc9, 0xcc, 0xcf, 0x2b, 0xd6, 0x2b, 0x33, 0x94, 0xd2, 0x4d, 0xcf, - 0x2c, 0xc9, 0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0x4f, 0xcf, 0x4f, 0xcf, 0xd7, 0x07, 0xab, - 0x4e, 0x2a, 0x4d, 0x03, 0xf3, 0xc0, 0x1c, 0x30, 0x0b, 0x62, 0x8a, 0x92, 0x2b, 0x17, 0xbb, 0x3f, - 0x44, 0xb3, 0x90, 0x24, 0x17, 0x47, 0x49, 0x65, 0x41, 0x6a, 0x7c, 0x69, 0x51, 0x8e, 0x04, 0xa3, - 0x02, 0xa3, 0x06, 0x67, 0x10, 0x3b, 0x88, 0x1f, 0x5a, 0x94, 0x23, 0x24, 0xcf, 0xc5, 0x9d, 0x9c, - 0x9f, 0x97, 0x96, 0x99, 0x1e, 0x5f, 0x90, 0x58, 0x92, 0x21, 0xc1, 0x04, 0x96, 0xe5, 0x82, 0x08, - 0x05, 0x24, 0x96, 0x64, 0x38, 0xc9, 0x9c, 0x78, 0x28, 0xc7, 0x78, 0xe3, 0xa1, 0x1c, 0x43, 0xc3, - 0x23, 0x39, 0xc6, 0x13, 0x8f, 0xe4, 0x18, 0x2f, 0x3c, 0x92, 0x63, 0x7c, 0xf0, 0x48, 0x8e, 0x71, - 0xc2, 0x63, 0x39, 0x86, 0x24, 0x36, 0xb0, 0x5d, 0xc6, 0x80, 0x00, 0x00, 0x00, 0xff, 0xff, 0x07, - 0x00, 0xf2, 0x18, 0xbe, 0x00, 0x00, 0x00, -} diff --git a/src/runtime/vendor/github.com/containerd/cri-containerd/pkg/api/runtimeoptions/v1/api.proto b/src/runtime/vendor/github.com/containerd/cri-containerd/pkg/api/runtimeoptions/v1/api.proto deleted file mode 100644 index f907d609c4..0000000000 --- a/src/runtime/vendor/github.com/containerd/cri-containerd/pkg/api/runtimeoptions/v1/api.proto +++ /dev/null @@ -1,22 +0,0 @@ -// To regenerate api.pb.go run `make proto` -syntax = "proto3"; - -package cri.runtimeoptions.v1; - -import "github.com/gogo/protobuf/gogoproto/gogo.proto"; - -option (gogoproto.goproto_stringer_all) = false; -option (gogoproto.stringer_all) = true; -option (gogoproto.goproto_getters_all) = true; -option (gogoproto.marshaler_all) = true; -option (gogoproto.sizer_all) = true; -option (gogoproto.unmarshaler_all) = true; -option (gogoproto.goproto_unrecognized_all) = false; - -message Options { - // TypeUrl specifies the type of the content inside the config file. - string type_url = 1; - // ConfigPath specifies the filesystem location of the config file - // used by the runtime. - string config_path = 2; -} diff --git a/src/runtime/vendor/modules.txt b/src/runtime/vendor/modules.txt index f962bd9a5a..b96c3cbe9d 100644 --- a/src/runtime/vendor/modules.txt +++ b/src/runtime/vendor/modules.txt @@ -66,6 +66,7 @@ github.com/containerd/containerd/identifiers github.com/containerd/containerd/log github.com/containerd/containerd/mount github.com/containerd/containerd/namespaces +github.com/containerd/containerd/pkg/cri/annotations github.com/containerd/containerd/pkg/dialer github.com/containerd/containerd/pkg/runtimeoptions/v1 github.com/containerd/containerd/pkg/ttrpcutil @@ -78,10 +79,6 @@ github.com/containerd/containerd/runtime/v2/task github.com/containerd/containerd/sys github.com/containerd/containerd/sys/reaper github.com/containerd/containerd/version -# github.com/containerd/cri-containerd v1.11.1-0.20190125013620-4dd6735020f5 -## explicit -github.com/containerd/cri-containerd/pkg/annotations -github.com/containerd/cri-containerd/pkg/api/runtimeoptions/v1 # github.com/containerd/fifo v1.0.0 ## explicit github.com/containerd/fifo diff --git a/src/runtime/virtcontainers/pkg/oci/utils.go b/src/runtime/virtcontainers/pkg/oci/utils.go index bd2cb2e6a1..ba7977db19 100644 --- a/src/runtime/virtcontainers/pkg/oci/utils.go +++ b/src/runtime/virtcontainers/pkg/oci/utils.go @@ -17,7 +17,7 @@ import ( "strings" "syscall" - criContainerdAnnotations "github.com/containerd/cri-containerd/pkg/annotations" + criContainerdAnnotations "github.com/containerd/containerd/pkg/cri/annotations" crioAnnotations "github.com/cri-o/cri-o/pkg/annotations" specs "github.com/opencontainers/runtime-spec/specs-go" "github.com/sirupsen/logrus" diff --git a/tools/packaging/release/release-notes.sh b/tools/packaging/release/release-notes.sh index cc1c0cdc66..e890c671d4 100755 --- a/tools/packaging/release/release-notes.sh +++ b/tools/packaging/release/release-notes.sh @@ -47,20 +47,20 @@ repos=( get_release_info() { - docker_version=$(get_from_kata_deps "externals.docker.version" "${new_release}") + docker_version=$(get_from_kata_deps "externals.docker.version") crio_version=$(get_from_kata_deps "externals.crio.version") - cri_containerd_version=$(get_from_kata_deps "externals.cri-containerd.version" "${new_release}") - kubernetes_version=$(get_from_kata_deps "externals.kubernetes.version" "${new_release}") - oci_spec_version=$(get_from_kata_deps "specs.oci.version" "${new_release}") + containerd_version=$(get_from_kata_deps "externals.containerd.version") + kubernetes_version=$(get_from_kata_deps "externals.kubernetes.version") + oci_spec_version=$(get_from_kata_deps "specs.oci.version") #Image information - image_info=$(get_from_kata_deps "assets.image" "${new_release}") + image_info=$(get_from_kata_deps "assets.image") # Initrd information - initrd_info=$(get_from_kata_deps "assets.initrd" "${new_release}") + initrd_info=$(get_from_kata_deps "assets.initrd") - kernel_version=$(get_from_kata_deps "assets.kernel.version" "${new_release}") - kernel_url=$(get_from_kata_deps "assets.kernel.url" "${new_release}") + kernel_version=$(get_from_kata_deps "assets.kernel.version") + kernel_url=$(get_from_kata_deps "assets.kernel.url") kata_kernel_config_version="${new_release}-kernel-config" kata_kernel_config_version="${new_release}-kernel-config" @@ -101,8 +101,8 @@ EOT ## Compatibility with CRI-O Kata Containers ${runtime_version} is compatible with CRI-O ${crio_version} -## Compatibility with cri-containerd -Kata Containers ${runtime_version} is compatible with cri-contaienrd ${cri_containerd_version} +## Compatibility with containerd +Kata Containers ${runtime_version} is compatible with contaienrd ${containerd_version} ## OCI Runtime Specification Kata Containers ${runtime_version} support the OCI Runtime Specification [${oci_spec_version}][ocispec] diff --git a/versions.yaml b/versions.yaml index e8cad7ff2c..4a53fcc3bf 100644 --- a/versions.yaml +++ b/versions.yaml @@ -189,6 +189,16 @@ externals: # version older than them. version: "v1.5.2" + containerd: + description: | + Containerd for Kubernetes Container Runtime Interface. + url: "github.com/containerd/containerd" + tarball_url: "https://github.com/containerd/containerd/releases/download" + # containerd from v1.5.0 used the path unix socket + # instead of abstract socket, thus kata wouldn's support the containerd's + # version older than them. + version: "v1.5.2" + critools: description: "CLI tool for Container Runtime Interface (CRI)" url: "https://github.com/kubernetes-sigs/cri-tools"