in old specs.Spec, Capabilities is [] string, but we don't use CompatOCISpec
for compatibility in kataAgent/createContainer.
fixes#333
Signed-off-by: y00316549 <yangshukui@huawei.com>
Instead of pausing the sanbox, this patch just pauses the container
allowing the communication with the agent. The communication with the agent
should be still possible even if all containers are paused, because of we don't
know when a new container can be created in the same sandbox.
Depends-on: github.com/kata-containers/agent#246
fixes#317
Signed-off-by: Julio Montes <julio.montes@intel.com>
Pause and resume container functions allow us to just pause/resume a
specific container not all the sanbox, in that way different containers
can be paused or running in the same sanbox.
Signed-off-by: Julio Montes <julio.montes@intel.com>
When a container is updated, those modifications are stored, to
avoid race conditions with other operations, a RW lock should be used.
fixes#346
Signed-off-by: Julio Montes <julio.montes@intel.com>
Since the vendoring included changes introducing PauseContainer
and ResumeContainer changes, fix the tests to satisfy the grpc api.
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
k8s provides a configuration for sharing PID namespace
among containers. In case of crio and cri plugin, an infra
container is started first. All following containers are
supposed to share the pid namespace of this container.
In case a non-empty pid namespace path is provided for a container,
we check for the above condition while creating a container
and pass this out to the kata agent in the CreatContainer
request as SandboxPidNs flag. We clear out the PID namespaces
in the configuration passed to the kata agent.
Fixes#343
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Remove the rootfs tree before attempting to generate one to avoid
picking up any stale information if the function is run multiple times.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Moved the variable specifying the path to the osbuilder metadata file
to the top of the script and made it readonly.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Some of the globals were set as read-only variables whilst others
weren't. However, they can all be read-only.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
As the comment in the code showed, now that
https://github.com/kata-containers/osbuilder/issues/25 is fixed, it is
no longer necessary to specify an image size to the image builder as it
will auto-calculate it.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
This includes the addition of "SandboxPidNs" in the
CreateContainerRequest api.
Shortlog:
a30395a grpc: signal frozen containers
08674c0 agent: Add support for ephemeral volumes
c517125 ci: Refactor to pass metalinter checks
ad9c33d tests: Modify tests to take into account if pid ns needs to be
shared
e334596 namespace: Share pid namespace of containers
1e72fbb agent: Get cgroup mounts info from /proc/cgroups
ab6c4ff namespaces: Create persistent UTS and IPC namespaces
be3993e release: Kata Containers 1.0.0
75c6fc0 grpc: implement pause and resume commands
9da1fea release: Kata Containers 0.3.0
4bad43e grpc: honour CPU constraints in Kubernetes
11d5c56 grpc: log errors in async commands
7b47559 channel: Support Epoll on Arm64
a7033a7 release: update version to 0.2.0
5c3c000 signal: Backtrace on SIGUSR1
a0880aa signal: Switch to standard signal handling
f8081ca main: Improve logging in signal handling loop
075ad56 main: Rename signal functions for clarity
899bc6d main: Log errors on failure
6689db0 agent: Fix typo
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Add the version of config and patches we are using in a package.
Kernel version before:
4.14.22-128
Now:
4.14.22.1-128
Fixes: #45
Signed-off-by: Jose Carlos Venegas Munoz <jose.carlos.venegas.munoz@intel.com>
In order to track the changes that we add to the kernel, lets
add a kata_config_version file that should be bumped whenever
a change is added to the kernel directory
Fixes#43.
Signed-off-by: Salvador Fuentes <salvador.fuentes@intel.com>
Don't default to a hard-coded Intel architecture - default to the host
architecture.
This requires the `coreutils` package to be installed both inside each
docker image (for `USE_DOCKER=true`) and in the host environments.
Added missing SPDX headers to `Dockerfile` templates to pacify the CI checks.
Fixes#100.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Add details to documentation requirements document explaining how we use
and format notes.
Fixes#125.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
Update the install README and the install guides to point to the
upgrading document.
Fixes#119.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
