This commit replaces every place where the "types" package from the
Kata agent was used, with the new "types" package from virtcontainers.
In order to do so, it introduces a few translation functions between
the agent and virtcontainers types, since this is needed by the kata
agent implementation.
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Instead of relying on the kata agent to define generic structures,
the logic is to define those as virtcontainers "types" package.
This way, all consumers of those structures, such as kata-runtime,
kata-netmon, and kata-containerd-shim, don't have to import some
dependency from the kata-agent.
Fixes#876
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
After we scan the netns, we should hotplug the network interface to
the guest after it is kicked off running.
Fixes: #871
Signed-off-by: Peng Tao <bergwolf@gmail.com>
Both of the netmon and proxy should use the right path
figured out from the configure instead of the default settings
to get their versions.
Fixes: #868
Signed-off-by: Fupan Li <lifupan@gmail.com>
Add support for specifying an optional drop-in path for guest OCI hooks.
This is the runtime side for leveraging the agent change introduced in
kata-containers/agent@980023ec62Fixes: #720
Co-authored-by: Edward Guzman <eguzman@nvidia.com>
Co-authored-by: Felix Abecassis <fabecassis@nvidia.com>
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
Fixes#344
Add host cgroup support for kata.
This commits only adds cpu.cfs_period and cpu.cfs_quota support.
It will create 3-level hierarchy, take "cpu" cgroup as an example:
```
/sys/fs/cgroup
|---cpu
|---kata
|---<sandbox-id>
|--vcpu
|---<sandbox-id>
```
* `vc` cgroup is common parent for all kata-container sandbox, it won't be removed
after sandbox removed. This cgroup has no limitation.
* `<sandbox-id>` cgroup is the layer for each sandbox, it contains all other qemu
threads except for vcpu threads. In future, we can consider putting all shim
processes and proxy process here. This cgroup has no limitation yet.
* `vcpu` cgroup contains vcpu threads from qemu. Currently cpu quota and period
constraint applies to this cgroup.
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
Signed-off-by: Jingxiao Lu <lujingxiao@huawei.com>
Add new vendor library "github.com/containerd/cgroups"
commit: 5017d4e9a9cf2d4381db99eacd9baf84b95bfb14
This library is for host cgroup support for next commit.
Signed-off-by: Wei Zhang <zhangwei555@huawei.com>
Now that the agent has split the generic types in their own package,
kata-netmon can use them directly and get rid of the duplication of
those. This is very helpful as it will prevent structures from being
out of sync between kata-netmon and the kata-runtime, without bringing
in the huge overhead that the initial grpc package was introducing.
Fixes#857
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Some agent types definition that were generic enough to be reused
everywhere, have been split from the initial grpc package.
This prevents from importing the entire protobuf package through
the grpc one, and prevents binaries such as kata-netmon to stay
in sync with the types definitions.
Fixes#856
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
Introduce constants for the network model strings, so as to
avoid using the strings directly at multiple places.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Introduce a new mode that uses tc filters to redirect traffic from
the network interface created by the network plugin to a
tap interface that we connect to the VM.
This mode will help support ipvlan as well.
Fixes#144
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Move to golang version 1.10.4 -- the oldest stable golang release at the
time of writing -- since golang 1.10+ is needed to make namespace
handling safe.
Re-ordered a couple of structs (moved `sync.WaitGroup` fields) to keep
the `maligned` linter happy. Previously:
``
virtcontainers/pkg/mock/cc_proxy_mock.go:24:18⚠️ struct of size 160 could be 152 (maligned)
virtcontainers/monitor.go:15:14⚠️ struct of size 80 could be 72 (maligned)
```
See:
- https://github.com/golang/go/issues/20676
- 2595fe7fb6
Also bumped `languages.golang.meta.newest-version` to golang version
1.11, which is the newest stable release at the time of writing.
Fixes#148.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Updated `externals.cri-containerd.version` in `versions.yaml` to the
newest version that includes the fix for building on golang 1.10.2:
- 8b0d53c09c
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Instead of using ethtool for getting the driver for network
devices, use sysfs instead. This is because in case of virtio
devices, ethtool returns virtio-net instead of virtio-pci for
virtio network devices. We need to bind/unbind from virtio-pci
driver in case of virtio-net devices.
Fixes#612
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Refactor these functions so differernt types of endpoints can use a unified
function to hotplug nics.
Fixes#731
Signed-off-by: Ruidong Cao <caoruidong@huawei.com>
reflect.DeepEqual would return false when comparing nil map/slice with
empty map/slice. We would want to return success in such case, since it
is possible for upper layers to send these kind of configs.
Fixes: #844
Signed-off-by: Peng Tao <bergwolf@gmail.com>
The bundle path was documented as defaulting to the current directory
but was not being set to that value if not explicitly specified.
Also moved factory creation code to a new `handleFactory()` function to
avoid cyclomatic complexity issues.
Fixes#821.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
As we try to make sure we don't pull unneeded dependency when using
QEMU or NEMU as the hypervisor, and because SeaBIOS and OVMF firmware
already handle what's done by the default efi-virtio.rom binary, this
commit gets rid of this dependency by providing a default empty one.
Fixes#812
Signed-off-by: Sebastien Boeuf <sebastien.boeuf@intel.com>
