Merge pull request #4703 from afbjorklund/crio-v1.15.0

Upgrade crio to 1.15.0
pull/4763/head
Anders Björklund 2019-07-16 10:03:12 +02:00 committed by GitHub
commit 35753aa2da
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 141 additions and 41 deletions

View File

@ -0,0 +1,9 @@
#if !defined(CONFIG_H)
#define CONFIG_H
#define BUF_SIZE 8192
#define STDIO_BUF_SIZE 8192
#define DEFAULT_SOCKET_PATH "/var/run/crio"
#endif // CONFIG_H

View File

@ -5,3 +5,4 @@ sha256 92588998dbb79002c38f65f84602b5659f0d0ef1cd36b1a568a2e40269b66816 v1.13.0.
sha256 48e7cf64a757d62a3edf214e1b93b74d99f090ca924f956ede2494a260eab2db v1.13.1.tar.gz
sha256 7435c4745017f06c260973b049440d924efe65b0df008d14175dfb8f5e23b599 v1.14.0.tar.gz
sha256 1f6f72b1f89d4286b2d5b54a48f4d5ed4c0c01065d484635dcb343a706feb743 v1.14.1.tar.gz
sha256 f7041a92e2d3a4c341be8df58f1076ba57ecb5daa02b6c65e652530c5f242739 v1.15.0.tar.gz

View File

@ -4,9 +4,9 @@
#
################################################################################
CRIO_BIN_VERSION = v1.14.1
CRIO_BIN_COMMIT = b7644f67e6383cc862b3e37fb74fba334b0b2721
CRIO_BIN_SITE = https://github.com/kubernetes-sigs/cri-o/archive
CRIO_BIN_VERSION = v1.15.0
CRIO_BIN_COMMIT = 485227d727401fa0472a449b5df3b0537e314ebb
CRIO_BIN_SITE = https://github.com/cri-o/cri-o/archive
CRIO_BIN_SOURCE = $(CRIO_BIN_VERSION).tar.gz
CRIO_BIN_DEPENDENCIES = host-go libgpgme
CRIO_BIN_GOPATH = $(@D)/_output
@ -23,8 +23,10 @@ define CRIO_BIN_USERS
endef
define CRIO_BIN_CONFIGURE_CMDS
mkdir -p $(CRIO_BIN_GOPATH)/src/github.com/kubernetes-sigs
ln -sf $(@D) $(CRIO_BIN_GOPATH)/src/github.com/kubernetes-sigs/cri-o
mkdir -p $(CRIO_BIN_GOPATH)/src/github.com/cri-o
ln -sf $(@D) $(CRIO_BIN_GOPATH)/src/github.com/cri-o/cri-o
# Generate conmon/config.h with a simplified bin/crio-config
$(CRIO_BIN_ENV) $(MAKE) $(TARGET_CONFIGURE_OPTS) -C $(@D) BUILDTAGS="containers_image_ostree_stub exclude_graphdriver_btrfs exclude_graphdriver_devicemapper containers_image_openpgp" conmon/config.h
endef
define CRIO_BIN_BUILD_CMDS
@ -45,9 +47,6 @@ define CRIO_BIN_INSTALL_TARGET_CMDS
$(INSTALL) -Dm755 \
$(@D)/bin/pause \
$(TARGET_DIR)/usr/libexec/crio/pause
$(INSTALL) -Dm644 \
$(@D)/seccomp.json \
$(TARGET_DIR)/etc/crio/seccomp.json
$(INSTALL) -Dm644 \
$(BR2_EXTERNAL_MINIKUBE_PATH)/package/crio-bin/crio.conf \
$(TARGET_DIR)/etc/crio/crio.conf

View File

@ -0,0 +1,39 @@
diff --git a/Makefile b/Makefile
index de79f63..a9ea13b 100644
--- a/Makefile
+++ b/Makefile
@@ -136,7 +136,7 @@ crio.conf: bin/crio
release-note: ${RELEASE_TOOL}
${RELEASE_TOOL} -n $(release)
-conmon/config.h: git-vars cmd/crio-config/config.go oci/oci.go
+conmon/config.h: cmd/crio-config/config.go oci/oci.go
$(GO) build $(LDFLAGS) -tags "$(BUILDTAGS)" -o bin/crio-config $(PROJECT)/cmd/crio-config
( cd conmon && $(CURDIR)/bin/crio-config )
diff --git a/cmd/crio/main.go b/cmd/crio/main.go
index 0bc347a..ab9969f 100644
--- a/cmd/crio/main.go
+++ b/cmd/crio/main.go
@@ -207,7 +207,7 @@ func mergeConfig(config *server.Config, ctx *cli.Context) (string, error) {
}
func writeCrioGoroutineStacks() {
- path := filepath.Join("/tmp", fmt.Sprintf("crio-goroutine-stacks-%s.log", strings.ReplaceAll(time.Now().Format(time.RFC3339), ":", "")))
+ path := filepath.Join("/tmp", fmt.Sprintf("crio-goroutine-stacks-%s.log", strings.Replace(time.Now().Format(time.RFC3339), ":", "", -1)))
if err := utils.WriteGoroutineStacksToFile(path); err != nil {
logrus.Warnf("Failed to write goroutine stacks: %s", err)
}
diff --git a/oci/runtime_vm.go b/oci/runtime_vm.go
index 57a1fde..64f853f 100644
--- a/oci/runtime_vm.go
+++ b/oci/runtime_vm.go
@@ -172,7 +172,7 @@ func (r *runtimeVM) startRuntimeDaemon(c *Container) error {
args = append(args, "start")
// Modify the runtime path so that it complies with v2 shim API
- newRuntimePath := strings.ReplaceAll(r.path, "-", ".")
+ newRuntimePath := strings.Replace(r.path, "-", ".", -1)
// Setup default namespace
r.ctx = namespaces.WithNamespace(r.ctx, namespaces.Default)

View File

@ -5,6 +5,11 @@
#
# Please refer to crio.conf(5) for details of all configuration options.
# CRI-O supports partial configuration reload during runtime, which can be
# done by sending SIGHUP to the running process. Currently supported options
# are explicitly mentioned with: 'This option supports live configuration
# reload'.
# CRI-O reads its storage defaults from the containers-storage.conf(5) file
# located at /etc/containers/storage.conf. Modify this storage configuration if
# you want to change the system's defaults. If you want to modify storage just
@ -28,9 +33,11 @@ storage_driver = "overlay"
#]
# If set to false, in-memory locking will be used instead of file-based locking.
file_locking = true
# **Deprecated** this option will be removed in the future.
file_locking = false
# Path to the lock file.
# **Deprecated** this option will be removed in the future.
file_locking_path = "/run/crio.lock"
@ -90,6 +97,9 @@ no_pivot = true
# Path to the conmon binary, used for monitoring the OCI runtime.
conmon = "/usr/libexec/crio/conmon"
# Cgroup setting for conmon
conmon_cgroup = "pod"
# Environment variable list for the conmon process, used for passing necessary
# environment variables to conmon or the runtime.
conmon_env = [
@ -100,8 +110,9 @@ conmon_env = [
selinux = false
# Path to the seccomp.json profile which is used as the default seccomp profile
# for the runtime.
seccomp_profile = "/etc/crio/seccomp.json"
# for the runtime. If not specified, then the internal default seccomp profile
# will be used.
seccomp_profile = ""
# Used to change the name of the default AppArmor profile of CRI-O. The default
# profile name is "crio-default-" followed by the version string of CRI-O.
@ -185,9 +196,13 @@ container_attach_socket_dir = "/var/run/crio"
read_only = false
# Changes the verbosity of the logs based on the level it is set to. Options
# are fatal, panic, error, warn, info, and debug.
# are fatal, panic, error, warn, info, and debug. This option supports live
# configuration reload.
log_level = "error"
# The default log directory where all logs will go unless directly specified by the kubelet
log_dir = "/var/log/crio/pods"
# The UID mappings for the user namespace of each container. A range is
# specified in the form containerUID:HostUID:Size. Multiple ranges must be
# separated by comma.
@ -202,6 +217,10 @@ gid_mappings = ""
# regarding the proper termination of the container.
ctr_stop_timeout = 0
# ManageNetworkNSLifecycle determines whether we pin and remove network namespace
# and manage its lifecycle.
manage_network_ns_lifecycle = false
# The "crio.runtime.runtimes" table defines a list of OCI compatible runtimes.
# The runtime to use is picked based on the runtime_handler provided by the CRI.
# If no runtime_handler is provided, the runtime will be picked based on the level
@ -210,7 +229,7 @@ ctr_stop_timeout = 0
[crio.runtime.runtimes.runc]
runtime_path = "/usr/bin/runc"
runtime_type = "oci"
runtime_root = "/run/runc"
# The crio.image table contains settings pertaining to the management of OCI images.
@ -225,14 +244,21 @@ ctr_stop_timeout = 0
# Default transport for pulling images from a remote container storage.
default_transport = "docker://"
# The path to a file containing credentials necessary for pulling images from
# secure registries. The file is similar to that of /var/lib/kubelet/config.json
global_auth_file = ""
# The image used to instantiate infra containers.
# This option supports live configuration reload.
pause_image = "k8s.gcr.io/pause:3.1"
# If not empty, the path to a docker/config.json-like file containing credentials
# necessary for pulling the image specified by pause_image above.
# The path to a file containing credentials specific for pulling the pause_image from
# above. The file is similar to that of /var/lib/kubelet/config.json
# This option supports live configuration reload.
pause_image_auth_file = ""
# The command to run to have a container stay in the paused state.
# This option supports live configuration reload.
pause_command = "/pause"
# Path to the file which decides what sort of policy we use when deciding
@ -264,6 +290,6 @@ registries = [
network_dir = "/etc/cni/net.d/"
# Paths to directories where CNI plugin binaries are located.
plugin_dir = [
plugin_dirs = [
"/opt/cni/bin/",
]

View File

@ -5,6 +5,11 @@
#
# Please refer to crio.conf(5) for details of all configuration options.
# CRI-O supports partial configuration reload during runtime, which can be
# done by sending SIGHUP to the running process. Currently supported options
# are explicitly mentioned with: 'This option supports live configuration
# reload'.
# CRI-O reads its storage defaults from the containers-storage.conf(5) file
# located at /etc/containers/storage.conf. Modify this storage configuration if
# you want to change the system's defaults. If you want to modify storage just
@ -20,7 +25,7 @@
# Storage driver used to manage the storage of images and containers. Please
# refer to containers-storage.conf(5) to see all available storage drivers.
#storage_driver = "overlay"
#storage_driver = ""
# List to pass options to the storage driver. Please refer to
# containers-storage.conf(5) to see all available storage options.
@ -28,9 +33,11 @@
#]
# If set to false, in-memory locking will be used instead of file-based locking.
file_locking = true
# **Deprecated** this option will be removed in the future.
file_locking = false
# Path to the lock file.
# **Deprecated** this option will be removed in the future.
file_locking_path = "/run/crio.lock"
@ -90,6 +97,9 @@ no_pivot = false
# Path to the conmon binary, used for monitoring the OCI runtime.
conmon = "/usr/local/libexec/crio/conmon"
# Cgroup setting for conmon
conmon_cgroup = "pod"
# Environment variable list for the conmon process, used for passing necessary
# environment variables to conmon or the runtime.
conmon_env = [
@ -100,8 +110,9 @@ conmon_env = [
selinux = false
# Path to the seccomp.json profile which is used as the default seccomp profile
# for the runtime.
seccomp_profile = "/etc/crio/seccomp.json"
# for the runtime. If not specified, then the internal default seccomp profile
# will be used.
seccomp_profile = ""
# Used to change the name of the default AppArmor profile of CRI-O. The default
# profile name is "crio-default-" followed by the version string of CRI-O.
@ -185,9 +196,13 @@ container_attach_socket_dir = "/var/run/crio"
read_only = false
# Changes the verbosity of the logs based on the level it is set to. Options
# are fatal, panic, error, warn, info, and debug.
# are fatal, panic, error, warn, info, and debug. This option supports live
# configuration reload.
log_level = "error"
# The default log directory where all logs will go unless directly specified by the kubelet
log_dir = "/var/log/crio/pods"
# The UID mappings for the user namespace of each container. A range is
# specified in the form containerUID:HostUID:Size. Multiple ranges must be
# separated by comma.
@ -202,15 +217,19 @@ gid_mappings = ""
# regarding the proper termination of the container.
ctr_stop_timeout = 0
# ManageNetworkNSLifecycle determines whether we pin and remove network namespace
# and manage its lifecycle.
manage_network_ns_lifecycle = false
# The "crio.runtime.runtimes" table defines a list of OCI compatible runtimes.
# The runtime to use is picked based on the runtime_handler provided by the CRI.
# If no runtime_handler is provided, the runtime will be picked based on the level
# of trust of the workload.
[crio.runtime.runtimes.runc]
runtime_path = "/usr/bin/runc"
runtime_path = ""
runtime_type = "oci"
runtime_root = "/run/runc"
# The crio.image table contains settings pertaining to the management of OCI images.
@ -225,14 +244,21 @@ ctr_stop_timeout = 0
# Default transport for pulling images from a remote container storage.
default_transport = "docker://"
# The path to a file containing credentials necessary for pulling images from
# secure registries. The file is similar to that of /var/lib/kubelet/config.json
global_auth_file = ""
# The image used to instantiate infra containers.
# This option supports live configuration reload.
pause_image = "k8s.gcr.io/pause:3.1"
# If not empty, the path to a docker/config.json-like file containing credentials
# necessary for pulling the image specified by pause_image above.
# The path to a file containing credentials specific for pulling the pause_image from
# above. The file is similar to that of /var/lib/kubelet/config.json
# This option supports live configuration reload.
pause_image_auth_file = ""
# The command to run to have a container stay in the paused state.
# This option supports live configuration reload.
pause_command = "/pause"
# Path to the file which decides what sort of policy we use when deciding
@ -263,6 +289,6 @@ image_volumes = "mkdir"
network_dir = "/etc/cni/net.d/"
# Paths to directories where CNI plugin binaries are located.
plugin_dir = [
plugin_dirs = [
"/opt/cni/bin/",
]