From 53b7cad27929e27a58a7c1094c140ae17c16a992 Mon Sep 17 00:00:00 2001 From: Sebastien Boeuf Date: Fri, 2 Jun 2017 15:58:23 -0700 Subject: [PATCH] vendor: Add CRI-O vendoring to our list of dependencies Signed-off-by: Sebastien Boeuf --- Gopkg.lock | 8 +- Gopkg.toml | 4 + .../kubernetes-incubator/cri-o/.gitignore | 17 + .../kubernetes-incubator/cri-o/.travis.yml | 32 + .../kubernetes-incubator/cri-o/Dockerfile | 81 ++ .../kubernetes-incubator/cri-o/LICENSE | 201 ++++ .../kubernetes-incubator/cri-o/Makefile | 212 ++++ .../kubernetes-incubator/cri-o/OWNERS | 7 + .../kubernetes-incubator/cri-o/README.md | 185 ++++ .../cri-o/code-of-conduct.md | 55 ++ .../kubernetes-incubator/cri-o/kubernetes.md | 105 ++ .../kubernetes-incubator/cri-o/lock.json | 929 ++++++++++++++++++ .../kubernetes-incubator/cri-o/manifest.json | 43 + .../cri-o/pkg/annotations/annotations.go | 66 ++ .../kubernetes-incubator/cri-o/seccomp.json | 701 +++++++++++++ .../kubernetes-incubator/cri-o/tutorial.md | 424 ++++++++ 16 files changed, 3069 insertions(+), 1 deletion(-) create mode 100644 vendor/github.com/kubernetes-incubator/cri-o/.gitignore create mode 100644 vendor/github.com/kubernetes-incubator/cri-o/.travis.yml create mode 100644 vendor/github.com/kubernetes-incubator/cri-o/Dockerfile create mode 100644 vendor/github.com/kubernetes-incubator/cri-o/LICENSE create mode 100644 vendor/github.com/kubernetes-incubator/cri-o/Makefile create mode 100644 vendor/github.com/kubernetes-incubator/cri-o/OWNERS create mode 100644 vendor/github.com/kubernetes-incubator/cri-o/README.md create mode 100644 vendor/github.com/kubernetes-incubator/cri-o/code-of-conduct.md create mode 100644 vendor/github.com/kubernetes-incubator/cri-o/kubernetes.md create mode 100644 vendor/github.com/kubernetes-incubator/cri-o/lock.json create mode 100644 vendor/github.com/kubernetes-incubator/cri-o/manifest.json create mode 100644 vendor/github.com/kubernetes-incubator/cri-o/pkg/annotations/annotations.go create mode 100644 vendor/github.com/kubernetes-incubator/cri-o/seccomp.json create mode 100644 vendor/github.com/kubernetes-incubator/cri-o/tutorial.md diff --git a/Gopkg.lock b/Gopkg.lock index 7c439030..524476fb 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -1,4 +1,4 @@ -memo = "917f44d6975d69f6054c2dffad960b595e8c0071442c56c5a1bc892f34909b92" +memo = "575f5788244dd156352286fcf1ec74ff5d76afcd464d7e277ea3b0c43e2ceb87" [[projects]] branch = "master" @@ -29,6 +29,12 @@ memo = "917f44d6975d69f6054c2dffad960b595e8c0071442c56c5a1bc892f34909b92" revision = "346938d642f2ec3594ed81d874461961cd0faa76" version = "v1.1.0" +[[projects]] + branch = "master" + name = "github.com/kubernetes-incubator/cri-o" + packages = ["pkg/annotations"] + revision = "a8848bc0283ddb0fe06f4c5095aab0ec9a79387d" + [[projects]] branch = "master" name = "github.com/mitchellh/mapstructure" diff --git a/Gopkg.toml b/Gopkg.toml index b8e536a7..43a9ef97 100644 --- a/Gopkg.toml +++ b/Gopkg.toml @@ -15,6 +15,10 @@ branch = "master" name = "github.com/containernetworking/cni" +[[dependencies]] + branch = "master" + name = "github.com/kubernetes-incubator/cri-o" + [[dependencies]] branch = "master" name = "github.com/mitchellh/mapstructure" diff --git a/vendor/github.com/kubernetes-incubator/cri-o/.gitignore b/vendor/github.com/kubernetes-incubator/cri-o/.gitignore new file mode 100644 index 00000000..f9c8e7d9 --- /dev/null +++ b/vendor/github.com/kubernetes-incubator/cri-o/.gitignore @@ -0,0 +1,17 @@ +/.artifacts/ +/_output/ +/conmon/conmon +/conmon/conmon.o +/docs/*.[158] +/docs/*.[158].gz +/kpod +/crioctl +/crio +/crio.conf +*.o +*.orig +/pause/pause +/pause/pause.o +/test/bin2img/bin2img +/test/checkseccomp/checkseccomp +/test/copyimg/copyimg diff --git a/vendor/github.com/kubernetes-incubator/cri-o/.travis.yml b/vendor/github.com/kubernetes-incubator/cri-o/.travis.yml new file mode 100644 index 00000000..5308620f --- /dev/null +++ b/vendor/github.com/kubernetes-incubator/cri-o/.travis.yml @@ -0,0 +1,32 @@ +language: go +go: + - 1.6.x + - 1.7.x + - 1.8.x + - tip + +sudo: required + +services: + - docker + +before_install: + - sudo apt-get -qq update + - sudo apt-get -qq install btrfs-tools libdevmapper-dev libgpgme11-dev libapparmor-dev libseccomp-dev + +install: + - make install.tools + +before_script: + - export PATH=$HOME/gopath/bin:$PATH + +script: + - make .gitvalidation + - make gofmt + - make lint + - make integration + - make docs + - make + +notifications: + irc: "chat.freenode.net#crio" diff --git a/vendor/github.com/kubernetes-incubator/cri-o/Dockerfile b/vendor/github.com/kubernetes-incubator/cri-o/Dockerfile new file mode 100644 index 00000000..99b0d343 --- /dev/null +++ b/vendor/github.com/kubernetes-incubator/cri-o/Dockerfile @@ -0,0 +1,81 @@ +FROM golang:1.7 + +# libseccomp in jessie is not _quite_ new enough -- need backports version +RUN echo 'deb http://httpredir.debian.org/debian jessie-backports main' > /etc/apt/sources.list.d/backports.list + +RUN apt-get update && apt-get install -y \ + build-essential \ + curl \ + gawk \ + iptables \ + pkg-config \ + libaio-dev \ + libcap-dev \ + libprotobuf-dev \ + libprotobuf-c0-dev \ + libseccomp2/jessie-backports \ + libseccomp-dev/jessie-backports \ + protobuf-c-compiler \ + protobuf-compiler \ + python-minimal \ + libglib2.0-dev \ + libapparmor-dev \ + btrfs-tools \ + libdevmapper1.02.1 \ + libdevmapper-dev \ + libgpgme11-dev \ + --no-install-recommends \ + && apt-get clean + +# install bats +RUN cd /tmp \ + && git clone https://github.com/sstephenson/bats.git \ + && cd bats \ + && git reset --hard 03608115df2071fff4eaaff1605768c275e5f81f \ + && ./install.sh /usr/local + +# install criu +ENV CRIU_VERSION 1.7 +RUN mkdir -p /usr/src/criu \ + && curl -sSL https://github.com/xemul/criu/archive/v${CRIU_VERSION}.tar.gz | tar -v -C /usr/src/criu/ -xz --strip-components=1 \ + && cd /usr/src/criu \ + && make install-criu \ + && rm -rf /usr/src/criu + +# Install runc +ENV RUNC_COMMIT 639454475cb9c8b861cc599f8bcd5c8c790ae402 +RUN set -x \ + && export GOPATH="$(mktemp -d)" \ + && git clone https://github.com/opencontainers/runc.git "$GOPATH/src/github.com/opencontainers/runc" \ + && cd "$GOPATH/src/github.com/opencontainers/runc" \ + && git fetch origin --tags \ + && git checkout -q "$RUNC_COMMIT" \ + && make static BUILDTAGS="seccomp selinux" \ + && cp runc /usr/local/bin/runc \ + && rm -rf "$GOPATH" + +# Install CNI plugins +ENV CNI_COMMIT dcf7368eeab15e2affc6256f0bb1e84dd46a34de +RUN set -x \ + && export GOPATH="$(mktemp -d)" \ + && git clone https://github.com/containernetworking/plugins.git "$GOPATH/src/github.com/containernetworking/plugins" \ + && cd "$GOPATH/src/github.com/containernetworking/plugins" \ + && git checkout -q "$CNI_COMMIT" \ + && ./build.sh \ + && mkdir -p /opt/cni/bin \ + && cp bin/* /opt/cni/bin/ \ + && rm -rf "$GOPATH" + +COPY test/plugin_test_args.bash /opt/cni/bin/plugin_test_args.bash + +# Make sure we have some policy for pulling images +RUN mkdir -p /etc/containers +COPY test/policy.json /etc/containers/policy.json + +WORKDIR /go/src/github.com/kubernetes-incubator/cri-o + +ADD . /go/src/github.com/kubernetes-incubator/cri-o + +RUN make copyimg \ + && mkdir -p .artifacts/redis-image \ + && ./test/copyimg/copyimg --import-from=docker://redis --export-to=dir:.artifacts/redis-image --signature-policy ./test/policy.json diff --git a/vendor/github.com/kubernetes-incubator/cri-o/LICENSE b/vendor/github.com/kubernetes-incubator/cri-o/LICENSE new file mode 100644 index 00000000..8dada3ed --- /dev/null +++ b/vendor/github.com/kubernetes-incubator/cri-o/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/github.com/kubernetes-incubator/cri-o/Makefile b/vendor/github.com/kubernetes-incubator/cri-o/Makefile new file mode 100644 index 00000000..d5de9e49 --- /dev/null +++ b/vendor/github.com/kubernetes-incubator/cri-o/Makefile @@ -0,0 +1,212 @@ +GO ?= go +EPOCH_TEST_COMMIT ?= 1cc5a27 +PROJECT := github.com/kubernetes-incubator/cri-o +GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null) +GIT_BRANCH_CLEAN := $(shell echo $(GIT_BRANCH) | sed -e "s/[^[:alnum:]]/-/g") +CRIO_IMAGE := crio_dev$(if $(GIT_BRANCH_CLEAN),:$(GIT_BRANCH_CLEAN)) +CRIO_INSTANCE := crio_dev +PREFIX ?= ${DESTDIR}/usr/local +BINDIR ?= ${PREFIX}/bin +LIBEXECDIR ?= ${PREFIX}/libexec +MANDIR ?= ${PREFIX}/share/man +ETCDIR ?= ${DESTDIR}/etc +ETCDIR_CRIO ?= ${ETCDIR}/crio +BUILDTAGS := selinux seccomp $(shell hack/btrfs_tag.sh) $(shell hack/libdm_tag.sh) +BASHINSTALLDIR=${PREFIX}/share/bash-completion/completions + +# If GOPATH not specified, use one in the local directory +ifeq ($(GOPATH),) +export GOPATH := $(CURDIR)/_output +unexport GOBIN +endif +GOPKGDIR := $(GOPATH)/src/$(PROJECT) +GOPKGBASEDIR := $(shell dirname "$(GOPKGDIR)") + +# Update VPATH so make finds .gopathok +VPATH := $(VPATH):$(GOPATH) + +all: binaries crio.conf docs + +default: help + +help: + @echo "Usage: make " + @echo + @echo " * 'install' - Install binaries to system locations" + @echo " * 'binaries' - Build crio, conmon and crioctl" + @echo " * 'integration' - Execute integration tests" + @echo " * 'clean' - Clean artifacts" + @echo " * 'lint' - Execute the source code linter" + @echo " * 'gofmt' - Verify the source code gofmt" + +.gopathok: +ifeq ("$(wildcard $(GOPKGDIR))","") + mkdir -p "$(GOPKGBASEDIR)" + ln -s "$(CURDIR)" "$(GOPKGBASEDIR)" +endif + touch "$(GOPATH)/.gopathok" + +lint: .gopathok + @echo "checking lint" + @./.tool/lint + +gofmt: + @./hack/verify-gofmt.sh + +conmon: + $(MAKE) -C $@ + +pause: + $(MAKE) -C $@ + +bin2img: .gopathok $(wildcard test/bin2img/*.go) + go build -tags "$(BUILDTAGS)" -o test/bin2img/$@ $(PROJECT)/test/bin2img + +copyimg: .gopathok $(wildcard test/copyimg/*.go) + go build -tags "$(BUILDTAGS)" -o test/copyimg/$@ $(PROJECT)/test/copyimg + +checkseccomp: .gopathok $(wildcard test/checkseccomp/*.go) + go build -o test/checkseccomp/$@ $(PROJECT)/test/checkseccomp + +crio: .gopathok $(shell hack/find-godeps.sh $(GOPKGDIR) cmd/crio $(PROJECT)) + $(GO) build -o $@ \ + -tags "$(BUILDTAGS)" \ + $(PROJECT)/cmd/crio + +crioctl: .gopathok $(shell hack/find-godeps.sh $(GOPKGDIR) cmd/crioctl $(PROJECT)) + $(GO) build -o $@ $(PROJECT)/cmd/crioctl + +kpod: .gopathok $(shell hack/find-godeps.sh $(GOPKGDIR) cmd/kpod $(PROJECT)) + $(GO) build -o $@ $(PROJECT)/cmd/kpod + +crio.conf: crio + ./crio --config="" config --default > crio.conf + +clean: +ifneq ($(GOPATH),) + rm -f "$(GOPATH)/.gopathok" +endif + rm -rf _output + rm -f docs/*.1 docs/*.5 docs/*.8 + rm -fr test/testdata/redis-image + find . -name \*~ -delete + find . -name \#\* -delete + rm -f crioctl crio kpod + make -C conmon clean + make -C pause clean + rm -f test/bin2img/bin2img + rm -f test/copyimg/copyimg + rm -f test/checkseccomp/checkseccomp + +crioimage: + docker build -t ${CRIO_IMAGE} . + +dbuild: crioimage + docker run --name=${CRIO_INSTANCE} --privileged ${CRIO_IMAGE} -v ${PWD}:/go/src/${PROJECT} --rm make binaries + +integration: crioimage + docker run -e TESTFLAGS -e TRAVIS -t --privileged --rm -v ${CURDIR}:/go/src/${PROJECT} ${CRIO_IMAGE} make localintegration + +localintegration: clean binaries + ./test/test_runner.sh ${TESTFLAGS} + +binaries: crio crioctl kpod conmon pause bin2img copyimg checkseccomp + +MANPAGES_MD := $(wildcard docs/*.md) +MANPAGES := $(MANPAGES_MD:%.md=%) + +docs/%.1: docs/%.1.md .gopathok + go-md2man -in $< -out $@.tmp && touch $@.tmp && mv $@.tmp $@ || $(GOPATH)/bin/go-md2man -in $< -out $@.tmp && touch $@.tmp && mv $@.tmp $@ + +docs/%.5: docs/%.5.md .gopathok + go-md2man -in $< -out $@.tmp && touch $@.tmp && mv $@.tmp $@ || $(GOPATH)/bin/go-md2man -in $< -out $@.tmp && touch $@.tmp && mv $@.tmp $@ + +docs/%.8: docs/%.8.md .gopathok + go-md2man -in $< -out $@.tmp && touch $@.tmp && mv $@.tmp $@ || $(GOPATH)/bin/go-md2man -in $< -out $@.tmp && touch $@.tmp && mv $@.tmp $@ + +docs: $(MANPAGES) + +install: .gopathok + install -D -m 755 crio $(BINDIR)/crio + install -D -m 755 crioctl $(BINDIR)/crioctl + install -D -m 755 kpod $(BINDIR)/kpod + install -D -m 755 conmon/conmon $(LIBEXECDIR)/crio/conmon + install -D -m 755 pause/pause $(LIBEXECDIR)/crio/pause + install -d -m 755 $(MANDIR)/man1 + install -d -m 755 $(MANDIR)/man5 + install -d -m 755 $(MANDIR)/man8 + install -m 644 $(filter %.1,$(MANPAGES)) -t $(MANDIR)/man1 + install -m 644 $(filter %.5,$(MANPAGES)) -t $(MANDIR)/man5 + install -m 644 $(filter %.8,$(MANPAGES)) -t $(MANDIR)/man8 + +install.config: + install -D -m 644 crio.conf $(ETCDIR_CRIO)/crio.conf + install -D -m 644 seccomp.json $(ETCDIR_CRIO)/seccomp.json + +install.completions: + install -d -m 755 ${BASHINSTALLDIR} + install -m 644 -D completions/bash/kpod ${BASHINSTALLDIR} + +install.systemd: + install -D -m 644 contrib/systemd/crio.service $(PREFIX)/lib/systemd/system/crio.service + install -D -m 644 contrib/systemd/crio-shutdown.service $(PREFIX)/lib/systemd/system/crio-shutdown.service + +uninstall: + rm -f $(BINDIR)/crio + rm -f $(BINDIR)/crioctl + rm -f $(LIBEXECDIR)/crio/conmon + rm -f $(LIBEXECDIR)/crio/pause + for i in $(filter %.1,$(MANPAGES)); do \ + rm -f $(MANDIR)/man8/$$(basename $${i}); \ + done + for i in $(filter %.5,$(MANPAGES)); do \ + rm -f $(MANDIR)/man5/$$(basename $${i}); \ + done + for i in $(filter %.8,$(MANPAGES)); do \ + rm -f $(MANDIR)/man8/$$(basename $${i}); \ + done + +.PHONY: .gitvalidation +# When this is running in travis, it will only check the travis commit range +.gitvalidation: .gopathok +ifeq ($(TRAVIS),true) + $(GOPATH)/bin/git-validation -q -run DCO,short-subject,dangling-whitespace +else + $(GOPATH)/bin/git-validation -v -run DCO,short-subject,dangling-whitespace -range $(EPOCH_TEST_COMMIT)..HEAD +endif + +.PHONY: install.tools + +install.tools: .install.gitvalidation .install.gometalinter .install.md2man + +.install.gitvalidation: .gopathok + if [ ! -x "$(GOPATH)/bin/git-validation" ]; then \ + go get -u github.com/vbatts/git-validation; \ + fi + +.install.gometalinter: .gopathok + if [ ! -x "$(GOPATH)/bin/gometalinter" ]; then \ + go get -u github.com/alecthomas/gometalinter; \ + $(GOPATH)/bin/gometalinter --install; \ + fi + +.install.md2man: .gopathok + if [ ! -x "$(GOPATH)/bin/go-md2man" ]; then \ + go get -u github.com/cpuguy83/go-md2man; \ + fi + +.PHONY: \ + bin2img \ + binaries \ + checkseccomp \ + clean \ + conmon \ + copyimg \ + default \ + docs \ + gofmt \ + help \ + install \ + lint \ + pause \ + uninstall diff --git a/vendor/github.com/kubernetes-incubator/cri-o/OWNERS b/vendor/github.com/kubernetes-incubator/cri-o/OWNERS new file mode 100644 index 00000000..629b6df0 --- /dev/null +++ b/vendor/github.com/kubernetes-incubator/cri-o/OWNERS @@ -0,0 +1,7 @@ +assignees: + - mrunalp + - runcom + - cyphar + - mikebrow + - feiskyer + - sameo diff --git a/vendor/github.com/kubernetes-incubator/cri-o/README.md b/vendor/github.com/kubernetes-incubator/cri-o/README.md new file mode 100644 index 00000000..3f4fdf5d --- /dev/null +++ b/vendor/github.com/kubernetes-incubator/cri-o/README.md @@ -0,0 +1,185 @@ +![cri-o logo](https://cdn.rawgit.com/kubernetes-incubator/cri-o/master/logo/crio-logo.svg) +# cri-o - OCI-based implementation of Kubernetes Container Runtime Interface + +[![Build Status](https://img.shields.io/travis/kubernetes-incubator/cri-o.svg?maxAge=2592000&style=flat-square)](https://travis-ci.org/kubernetes-incubator/cri-o) +[![Go Report Card](https://goreportcard.com/badge/github.com/kubernetes-incubator/cri-o?style=flat-square)](https://goreportcard.com/report/github.com/kubernetes-incubator/cri-o) + +### Status: pre-alpha + +## What is the scope of this project? + +cri-o is meant to provide an integration path between OCI conformant runtimes and the kubelet. +Specifically, it implements the Kubelet Container Runtime Interface (CRI) using OCI conformant runtimes. +The scope of cri-o is tied to the scope of the CRI. + +At a high level, we expect the scope of cri-o to be restricted to the following functionalities: + +* Support multiple image formats including the existing Docker image format +* Support for multiple means to download images including trust & image verification +* Container image management (managing image layers, overlay filesystems, etc) +* Container process lifecycle management +* Monitoring and logging required to satisfy the CRI +* Resource isolation as required by the CRI + +## What is not in scope for this project? + +* Building, signing and pushing images to various image storages +* A CLI utility for interacting with cri-o. Any CLIs built as part of this project are only meant for testing this project and there will be no guarantees on the backwards compatibility with it. + +This is an implementation of the Kubernetes Container Runtime Interface (CRI) that will allow Kubernetes to directly launch and manage Open Container Initiative (OCI) containers. + +The plan is to use OCI projects and best of breed libraries for different aspects: +- Runtime: [runc](https://github.com/opencontainers/runc) (or any OCI runtime-spec implementation) and [oci runtime tools](https://github.com/opencontainers/runtime-tools) +- Images: Image management using [containers/image](https://github.com/containers/image) +- Storage: Storage and management of image layers using [containers/storage](https://github.com/containers/storage) +- Networking: Networking support through use of [CNI](https://github.com/containernetworking/cni) + +It is currently in active development in the Kubernetes community through the [design proposal](https://github.com/kubernetes/kubernetes/pull/26788). Questions and issues should be raised in the Kubernetes [sig-node Slack channel](https://kubernetes.slack.com/archives/sig-node). + +## Getting started + +### Prerequisites + +`runc` version 1.0.0.rc1 or greater is expected to be installed on the system. It is picked up as the default runtime by crio. + +### Build Dependencies + +**Required** + +Fedora, CentOS, RHEL, and related distributions: + +```bash +yum install -y \ + btrfs-progs-devel \ + device-mapper-devel \ + glib2-devel \ + glibc-devel \ + glibc-static \ + gpgme-devel \ + libassuan-devel \ + libgpg-error-devel \ + libseccomp-devel \ + libselinux-devel \ + pkgconfig \ + runc +``` + +Debian, Ubuntu, and related distributions: + +```bash +apt install -y \ + btrfs-tools \ + libassuan-dev \ + libdevmapper-dev \ + libglib2.0-dev \ + libc6-dev \ + libgpgme11-dev \ + libgpg-error-dev \ + libseccomp-dev \ + libselinux1-dev \ + pkg-config \ + runc +``` + +If using an older release or a long-term support release, be careful to double-check that the version of `runc` is new enough, or else build your own. + +**Optional** + +Fedora, CentOS, RHEL, and related distributions: + +(no optional packages) + +Debian, Ubuntu, and related distributions: + +```bash +apt install -y \ + libapparmor-dev +``` + +### Get Source Code + +As with other Go projects, cri-o must be cloned into a directory structure like: + +``` +GOPATH +└── src + └── github.com + └── kubernetes-incubator + └── cri-o +``` + +First, configure a `GOPATH` (if you are using go1.8 or later, this defaults to `~/go`). + +```bash +export GOPATH=~/go +mkdir -p $GOPATH +``` + +Next, clone the source code using: + +```bash +mkdir -p $GOPATH/src/github.com/kubernetes-incubator +cd $_ # or cd $GOPATH/src/github.com/kubernetes-incubator +git clone https://github.com/kubernetes-incubator/cri-o # or your fork +cd cri-o +``` + +### Build + +```bash +make install.tools +make +sudo make install +``` + +Otherwise, if you do not want to build `cri-o` with seccomp support you can add `BUILDTAGS=""` when running make. + +```bash +make BUILDTAGS="" +sudo make install +``` + +#### Build Tags + +`cri-o` supports optional build tags for compiling support of various features. +To add build tags to the make option the `BUILDTAGS` variable must be set. + +```bash +make BUILDTAGS='seccomp apparmor' +``` + +| Build Tag | Feature | Dependency | +|-----------|------------------------------------|-------------| +| seccomp | syscall filtering | libseccomp | +| selinux | selinux process and mount labeling | libselinux | +| apparmor | apparmor profile support | libapparmor | + +### Running pods and containers + +Follow this [tutorial](tutorial.md) to get started with CRI-O. + +### Setup CNI networking + +A proper description of setting up CNI networking is given in the +[`contrib/cni` README](contrib/cni/README.md). But the gist is that you need to +have some basic network configurations enabled and CNI plugins installed on +your system. + +### Running with kubernetes + +You can run a local version of kubernetes with cri-o using `local-up-cluster.sh`: + +1. Clone the [kubernetes repository](https://github.com/kubernetes/kubernetes) +1. Start the cri-o daemon (`crio`) +1. From the kubernetes project directory, run: `CONTAINER_RUNTIME=remote CONTAINER_RUNTIME_ENDPOINT='/var/run/crio.sock --runtime-request-timeout=15m' ./hack/local-up-cluster.sh` + +To run a full cluster, see [the instructions](kubernetes.md). + +### Current Roadmap + +1. Basic pod/container lifecycle, basic image pull (already works) +1. Support for tty handling and state management +1. Basic integration with kubelet once client side changes are ready +1. Support for log management, networking integration using CNI, pluggable image/storage management +1. Support for exec/attach +1. Target fully automated kubernetes testing without failures diff --git a/vendor/github.com/kubernetes-incubator/cri-o/code-of-conduct.md b/vendor/github.com/kubernetes-incubator/cri-o/code-of-conduct.md new file mode 100644 index 00000000..ae282f58 --- /dev/null +++ b/vendor/github.com/kubernetes-incubator/cri-o/code-of-conduct.md @@ -0,0 +1,55 @@ +## Kubernetes Community Code of Conduct + +### Contributor Code of Conduct + +As contributors and maintainers of this project, and in the interest of fostering +an open and welcoming community, we pledge to respect all people who contribute +through reporting issues, posting feature requests, updating documentation, +submitting pull requests or patches, and other activities. + +We are committed to making participation in this project a harassment-free experience for +everyone, regardless of level of experience, gender, gender identity and expression, +sexual orientation, disability, personal appearance, body size, race, ethnicity, age, +religion, or nationality. + +Examples of unacceptable behavior by participants include: + +* The use of sexualized language or imagery +* Personal attacks +* Trolling or insulting/derogatory comments +* Public or private harassment +* Publishing other's private information, such as physical or electronic addresses, + without explicit permission +* Other unethical or unprofessional conduct. + +Project maintainers have the right and responsibility to remove, edit, or reject +comments, commits, code, wiki edits, issues, and other contributions that are not +aligned to this Code of Conduct. By adopting this Code of Conduct, project maintainers +commit themselves to fairly and consistently applying these principles to every aspect +of managing this project. Project maintainers who do not follow or enforce the Code of +Conduct may be permanently removed from the project team. + +This code of conduct applies both within project spaces and in public spaces +when an individual is representing the project or its community. + +Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting one or more maintainers. + +This Code of Conduct is adapted from the Contributor Covenant +(http://contributor-covenant.org), version 1.2.0, available at +http://contributor-covenant.org/version/1/2/0/ + +### Kubernetes Events Code of Conduct + +Kubernetes events are working conferences intended for professional networking and collaboration in the +Kubernetes community. Attendees are expected to behave according to professional standards and in accordance +with their employer's policies on appropriate workplace behavior. + +While at Kubernetes events or related social networking opportunities, attendees should not engage in +discriminatory or offensive speech or actions regarding gender, sexuality, race, or religion. Speakers should +be especially aware of these concerns. + +The Kubernetes team does not condone any statements by speakers contrary to these standards. The Kubernetes +team reserves the right to deny entrance and/or eject from an event (without refund) any individual found to +be engaging in discriminatory or offensive speech or actions. + +Please bring any concerns to to the immediate attention of Kubernetes event staff diff --git a/vendor/github.com/kubernetes-incubator/cri-o/kubernetes.md b/vendor/github.com/kubernetes-incubator/cri-o/kubernetes.md new file mode 100644 index 00000000..5585c494 --- /dev/null +++ b/vendor/github.com/kubernetes-incubator/cri-o/kubernetes.md @@ -0,0 +1,105 @@ +# Running cri-o on kubernetes cluster + +## Switching runtime from docker to cri-o + +In standard docker kubernetes cluster, kubelet is running on each node as systemd service and is taking care of communication between runtime and api service. +It is reponsible for starting microservices pods (such as `kube-proxy`, `kubedns`, etc. - they can be different for various ways of deploying k8s) and user pods. +Configuration of kubelet determines which runtime is used and in what way. + +Kubelet itself is executed in docker container (as we can see in `kubelet.service`), but, what is important, **it's not** a kubernetes pod (at least for now), +so we can keep kubelet running inside container (as well as directly on the host), and regardless of this, run pods in chosen runtime. + +Below, you can find an instruction how to switch one or more nodes on running kubernetes cluster from docker to cri-o. + +### Preparing crio + +You must prepare and install `crio` on each node you would like to switch. Here's the list of files that must be provided: + +| File path | Description | Location | +|--------------------------------------------|----------------------------|-----------------------------------------------------| +| `/etc/crio/crio.conf` | crio configuration | Generated on cri-o `make install` | +| `/etc/crio/seccomp.conf` | seccomp config | Example stored in cri-o repository | +| `/etc/containers/policy.json` | containers policy | Example stored in cri-o repository | +| `/bin/{crio, runc}` | `crio` and `runc` binaries | Built from cri-o repository | +| `/usr/local/libexec/crio/conmon` | `conmon` binary | Built from cri-o repository | +| `/opt/cni/bin/{flannel, bridge,...}` | CNI plugins binaries | Can be built from sources `containernetworking/cni` | +| `/etc/cni/net.d/10-mynet.conf` | Network config | Example stored in [README file](README.md) | + +`crio` binary can be executed directly on host, inside the container or in any way. +However, recommended way is to set it as a systemd service. +Here's the example of unit file: + +``` +# cat /etc/systemd/system/crio.service +[Unit] +Description=CRI-O daemon +Documentation=https://github.com/kubernetes-incubator/cri-o + +[Service] +ExecStart=/bin/crio --runtime /bin/runc --log /root/crio.log --debug +Restart=always +RestartSec=10s + +[Install] +WantedBy=multi-user.target +``` + +### Preparing kubelet +At first, you need to stop kubelet service working on the node: +``` +# systemctl stop kubelet +``` +and stop all kubelet docker containers that are still runing. + +``` +# docker stop $(docker ps | grep k8s_ | awk '{print $1}') +``` + +We have to be sure that `kubelet.service` will start after `crio.service`. +It can be done by adding `crio.service` to `Wants=` section in `/etc/systemd/system/kubelet.service`: + +``` +# cat /etc/systemd/system/kubelet.service | grep Wants +Wants=docker.socket crio.service +``` + +If you'd like to change the way of starting kubelet (e.g. directly on host instead of docker container), you can change it here, but, as mentioned, it's not necessary. + + +Kubelet parameters are stored in `/etc/kubernetes/kubelet.env` file. +``` +# cat /etc/kubernetes/kubelet.env | grep KUBELET_ARGS +KUBELET_ARGS="--pod-manifest-path=/etc/kubernetes/manifests +--pod-infra-container-image=gcr.io/google_containers/pause-amd64:3.0 +--cluster_dns=10.233.0.3 --cluster_domain=cluster.local +--resolv-conf=/etc/resolv.conf --kubeconfig=/etc/kubernetes/node-kubeconfig.yaml +--require-kubeconfig" +``` + +You need to add following parameters to `KUBELET_ARGS`: +* `--experimental-cri=true` - Use Container Runtime Interface. Will be true by default from kubernetes 1.6 release. +* `--container-runtime=remote` - Use remote runtime with provided socket. +* `--container-runtime-endpoint=/var/run/crio.sock` - Socket for remote runtime (default `crio` socket localization). +* `--runtime-request-timeout=10m` - Optional but useful. Some requests, especially pulling huge images, may take longer than default (2 minutes) and will cause an error. + +Kubelet is prepared now. + +## Flannel network +If your cluster is using flannel network, your network configuration should be like: +``` +# cat /etc/cni/net.d/10-mynet.conf +{ + "name": "mynet", + "type": "flannel" +} +``` +Then, kubelet will take parameters from `/run/flannel/subnet.env` - file generated by flannel kubelet microservice. + +## Starting kubelet with cri-o +Start crio first, then kubelet. If you created `crio` service: +``` +# systemctl start crio +# systemctl start kubelet +``` + +You can follow the progress of preparing node using `kubectl get nodes` or `kubectl get pods --all-namespaces` on kubernetes master. diff --git a/vendor/github.com/kubernetes-incubator/cri-o/lock.json b/vendor/github.com/kubernetes-incubator/cri-o/lock.json new file mode 100644 index 00000000..70ed0529 --- /dev/null +++ b/vendor/github.com/kubernetes-incubator/cri-o/lock.json @@ -0,0 +1,929 @@ +{ + "memo": "93ab0fa7baac600756f69c227eb4ffb24afbc057bd81a3c504ee64e5aec41a81", + "projects": [ + { + "name": "cloud.google.com/go", + "version": "v0.7.0", + "revision": "2e6a95edb1071d750f6d7db777bf66cd2997af6c", + "packages": [ + "compute/metadata", + "internal" + ] + }, + { + "name": "github.com/Azure/go-ansiterm", + "branch": "master", + "revision": "fa152c58bc15761d0200cb75fe958b89a9d4888e", + "packages": [ + ".", + "winterm" + ] + }, + { + "name": "github.com/BurntSushi/toml", + "version": "v0.2.0", + "revision": "bbd5bb678321a0d6e58f1099321dfa73391c1b6f", + "packages": [ + "." + ] + }, + { + "name": "github.com/Microsoft/go-winio", + "version": "v0.3.7", + "revision": "24a3e3d3fc7451805e09d11e11e95d9a0a4f205e", + "packages": [ + ".", + "archive/tar", + "backuptar" + ] + }, + { + "name": "github.com/Microsoft/hcsshim", + "version": "v0.5.11", + "revision": "0f615c198a84e0344b4ed49c464d8833d4648dfc", + "packages": [ + "." + ] + }, + { + "name": "github.com/PuerkitoBio/purell", + "version": "v1.1.0", + "revision": "0bcb03f4b4d0a9428594752bd2a3b9aa0a9d4bd4", + "packages": [ + "." + ] + }, + { + "name": "github.com/PuerkitoBio/urlesc", + "branch": "master", + "revision": "5bd2802263f21d8788851d5305584c82a5c75d7e", + "packages": [ + "." + ] + }, + { + "name": "github.com/Sirupsen/logrus", + "branch": "master", + "revision": "61e43dc76f7ee59a82bdf3d71033dc12bea4c77d", + "packages": [ + "." + ] + }, + { + "name": "github.com/blang/semver", + "version": "v3.5.0", + "revision": "b38d23b8782a487059e8fc8773e9a5b228a77cb6", + "packages": [ + "." + ] + }, + { + "name": "github.com/containernetworking/cni", + "version": "v0.4.0", + "revision": "530dd71e193012895ff7beee42cd64a02e1993da", + "packages": [ + "libcni", + "pkg/invoke", + "pkg/ns", + "pkg/types", + "pkg/version" + ] + }, + { + "name": "github.com/containers/image", + "branch": "master", + "revision": "84d3787ee366601bdb0a31ca26261c20a0a60e64", + "packages": [ + "copy", + "directory", + "directory/explicitfilepath", + "docker", + "docker/archive", + "docker/daemon", + "docker/policyconfiguration", + "docker/reference", + "docker/tarfile", + "image", + "manifest", + "oci/layout", + "openshift", + "ostree", + "pkg/compression", + "pkg/strslice", + "signature", + "storage", + "transports", + "transports/alltransports", + "types", + "version" + ] + }, + { + "name": "github.com/containers/storage", + "branch": "master", + "revision": "2c75d14b978bff468e7d5ec3ff8a003eca443209", + "packages": [ + ".", + "drivers", + "drivers/aufs", + "drivers/btrfs", + "drivers/devmapper", + "drivers/overlay", + "drivers/register", + "drivers/vfs", + "drivers/windows", + "drivers/zfs", + "pkg/archive", + "pkg/chrootarchive", + "pkg/devicemapper", + "pkg/directory", + "pkg/fileutils", + "pkg/homedir", + "pkg/idtools", + "pkg/ioutils", + "pkg/longpath", + "pkg/loopback", + "pkg/mount", + "pkg/parsers", + "pkg/parsers/kernel", + "pkg/plugins", + "pkg/plugins/transport", + "pkg/pools", + "pkg/promise", + "pkg/random", + "pkg/reexec", + "pkg/stringid", + "pkg/system", + "pkg/truncindex", + "storageversion" + ] + }, + { + "name": "github.com/coreos/go-oidc", + "branch": "master", + "revision": "be73733bb8cc830d0205609b95d125215f8e9c70", + "packages": [ + "http", + "jose", + "key", + "oauth2", + "oidc" + ] + }, + { + "name": "github.com/coreos/go-systemd", + "version": "v14", + "revision": "48702e0da86bd25e76cfef347e2adeb434a0d0a6", + "packages": [ + "daemon", + "dbus", + "util" + ] + }, + { + "name": "github.com/coreos/pkg", + "version": "v3", + "revision": "3ac0863d7acf3bc44daf49afef8919af12f704ef", + "packages": [ + "dlopen", + "health", + "httputil", + "timeutil" + ] + }, + { + "name": "github.com/davecgh/go-spew", + "version": "v1.1.0", + "revision": "346938d642f2ec3594ed81d874461961cd0faa76", + "packages": [ + "spew" + ] + }, + { + "name": "github.com/docker/distribution", + "branch": "master", + "revision": "fb0bebc4b64e3881cc52a2478d749845ed76d2a8", + "packages": [ + ".", + "context", + "digestset", + "reference", + "registry/api/errcode", + "registry/api/v2", + "registry/client", + "registry/client/auth/challenge", + "registry/client/transport", + "registry/storage/cache", + "registry/storage/cache/memory", + "uuid" + ] + }, + { + "name": "github.com/docker/docker", + "version": "v1.13.0", + "revision": "49bf474f9ed7ce7143a59d1964ff7b7fd9b52178", + "packages": [ + "api/types", + "api/types/blkiodev", + "api/types/container", + "api/types/events", + "api/types/filters", + "api/types/mount", + "api/types/network", + "api/types/reference", + "api/types/registry", + "api/types/strslice", + "api/types/swarm", + "api/types/time", + "api/types/versions", + "api/types/volume", + "client", + "pkg/ioutils", + "pkg/longpath", + "pkg/random", + "pkg/registrar", + "pkg/stringid", + "pkg/stringutils", + "pkg/symlink", + "pkg/system", + "pkg/term", + "pkg/term/windows", + "pkg/tlsconfig", + "pkg/truncindex", + "utils/templates" + ] + }, + { + "name": "github.com/docker/go-connections", + "branch": "master", + "revision": "4ccf312bf1d35e5dbda654e57a9be4c3f3cd0366", + "packages": [ + "nat", + "sockets", + "tlsconfig" + ] + }, + { + "name": "github.com/docker/go-units", + "version": "v0.3.1", + "revision": "f2d77a61e3c169b43402a0a1e84f06daf29b8190", + "packages": [ + "." + ] + }, + { + "name": "github.com/docker/libtrust", + "branch": "master", + "revision": "aabc10ec26b754e797f9028f4589c5b7bd90dc20", + "packages": [ + "." + ] + }, + { + "name": "github.com/docker/spdystream", + "branch": "master", + "revision": "ed496381df8283605c435b86d4fdd6f4f20b8c6e", + "packages": [ + ".", + "spdy" + ] + }, + { + "name": "github.com/emicklei/go-restful", + "branch": "master", + "revision": "09691a3b6378b740595c1002f40c34dd5f218a22", + "packages": [ + ".", + "log", + "swagger" + ] + }, + { + "name": "github.com/fsnotify/fsnotify", + "branch": "master", + "revision": "7d7316ed6e1ed2de075aab8dfc76de5d158d66e1", + "packages": [ + "." + ] + }, + { + "name": "github.com/ghodss/yaml", + "branch": "master", + "revision": "04f313413ffd65ce25f2541bfd2b2ceec5c0908c", + "packages": [ + "." + ] + }, + { + "name": "github.com/go-openapi/jsonpointer", + "branch": "master", + "revision": "779f45308c19820f1a69e9a4cd965f496e0da10f", + "packages": [ + "." + ] + }, + { + "name": "github.com/go-openapi/jsonreference", + "branch": "master", + "revision": "36d33bfe519efae5632669801b180bf1a245da3b", + "packages": [ + "." + ] + }, + { + "name": "github.com/go-openapi/spec", + "branch": "master", + "revision": "02fb9cd3430ed0581e0ceb4804d5d4b3cc702694", + "packages": [ + "." + ] + }, + { + "name": "github.com/go-openapi/swag", + "branch": "master", + "revision": "d5f8ebc3b1c55a4cf6489eeae7354f338cfe299e", + "packages": [ + "." + ] + }, + { + "name": "github.com/godbus/dbus", + "version": "v4.0.0", + "revision": "5f6efc7ef2759c81b7ba876593971bfce311eab3", + "packages": [ + "." + ] + }, + { + "name": "github.com/gogo/protobuf", + "version": "v0.3", + "revision": "909568be09de550ed094403c2bf8a261b5bb730a", + "packages": [ + "gogoproto", + "proto", + "protoc-gen-gogo/descriptor", + "sortkeys" + ] + }, + { + "name": "github.com/golang/glog", + "branch": "master", + "revision": "23def4e6c14b4da8ac2ed8007337bc5eb5007998", + "packages": [ + "." + ] + }, + { + "name": "github.com/golang/groupcache", + "branch": "master", + "revision": "b710c8433bd175204919eb38776e944233235d03", + "packages": [ + "lru" + ] + }, + { + "name": "github.com/golang/protobuf", + "branch": "master", + "revision": "8ee79997227bf9b34611aee7946ae64735e6fd93", + "packages": [ + "proto" + ] + }, + { + "name": "github.com/google/gofuzz", + "branch": "master", + "revision": "44d81051d367757e1c7c6a5a86423ece9afcf63c", + "packages": [ + "." + ] + }, + { + "name": "github.com/googleapis/gax-go", + "branch": "master", + "revision": "9af46dd5a1713e8b5cd71106287eba3cefdde50b", + "packages": [ + "." + ] + }, + { + "name": "github.com/gorilla/context", + "version": "v1.1", + "revision": "1ea25387ff6f684839d82767c1733ff4d4d15d0a", + "packages": [ + "." + ] + }, + { + "name": "github.com/gorilla/mux", + "version": "v1.3.0", + "revision": "392c28fe23e1c45ddba891b0320b3b5df220beea", + "packages": [ + "." + ] + }, + { + "name": "github.com/imdario/mergo", + "version": "0.2.2", + "revision": "3e95a51e0639b4cf372f2ccf74c86749d747fbdc", + "packages": [ + "." + ] + }, + { + "name": "github.com/jonboulle/clockwork", + "version": "v0.1.0", + "revision": "2eee05ed794112d45db504eb05aa693efd2b8b09", + "packages": [ + "." + ] + }, + { + "name": "github.com/juju/ratelimit", + "branch": "master", + "revision": "acf38b000a03e4ab89e40f20f1e548f4e6ac7f72", + "packages": [ + "." + ] + }, + { + "name": "github.com/kr/pty", + "version": "v1.0.0", + "revision": "2c10821df3c3cf905230d078702dfbe9404c9b23", + "packages": [ + "." + ] + }, + { + "name": "github.com/mailru/easyjson", + "branch": "master", + "revision": "99e922cf9de1bc0ab38310c277cff32c2147e747", + "packages": [ + "buffer", + "jlexer", + "jwriter" + ] + }, + { + "name": "github.com/mattn/go-runewidth", + "version": "v0.0.1", + "revision": "d6bea18f789704b5f83375793155289da36a3c7f", + "packages": [ + "." + ] + }, + { + "name": "github.com/mattn/go-shellwords", + "version": "v1.0.1", + "revision": "753a2322a99f87c0eff284980e77f53041555bc6", + "packages": [ + "." + ] + }, + { + "name": "github.com/mistifyio/go-zfs", + "version": "v2.1.1", + "revision": "cdc0f941c4d0e0e94d85348285568d921891e138", + "packages": [ + "." + ] + }, + { + "name": "github.com/mitchellh/go-wordwrap", + "branch": "master", + "revision": "ad45545899c7b13c020ea92b2072220eefad42b8", + "packages": [ + "." + ] + }, + { + "name": "github.com/mtrmac/gpgme", + "branch": "master", + "revision": "b2432428689ca58c2b8e8dea9449d3295cf96fc9", + "packages": [ + "." + ] + }, + { + "name": "github.com/opencontainers/go-digest", + "version": "v1.0.0-rc0", + "revision": "aa2ec055abd10d26d539eb630a92241b781ce4bc", + "packages": [ + "." + ] + }, + { + "name": "github.com/opencontainers/image-spec", + "version": "v1.0.0-rc6", + "revision": "1a6593ab6c3ab5902072b4694a22ff19425396ae", + "packages": [ + "specs-go", + "specs-go/v1" + ] + }, + { + "name": "github.com/opencontainers/runc", + "branch": "master", + "revision": "b263a43430ac6996a4302b891688544225197294", + "packages": [ + "libcontainer/apparmor", + "libcontainer/cgroups", + "libcontainer/cgroups/fs", + "libcontainer/cgroups/systemd", + "libcontainer/configs", + "libcontainer/devices", + "libcontainer/system", + "libcontainer/user", + "libcontainer/utils" + ] + }, + { + "name": "github.com/opencontainers/runtime-spec", + "version": "v1.0.0-rc5", + "revision": "035da1dca3dfbb00d752eb58b0b158d6129f3776", + "packages": [ + "specs-go" + ] + }, + { + "name": "github.com/opencontainers/runtime-tools", + "branch": "master", + "revision": "c522fd3e80dd35b292e45c5057754a746fdcfa17", + "packages": [ + "generate", + "generate/seccomp", + "validate" + ] + }, + { + "name": "github.com/opencontainers/selinux", + "branch": "master", + "revision": "ba1aefe8057f1d0cfb8e88d0ec1dc85925ef987d", + "packages": [ + "go-selinux", + "go-selinux/label" + ] + }, + { + "name": "github.com/pkg/errors", + "version": "v0.8.0", + "revision": "645ef00459ed84a119197bfb8d8205042c6df63d", + "packages": [ + "." + ] + }, + { + "name": "github.com/seccomp/libseccomp-golang", + "version": "v0.9.0", + "revision": "e3496e3a417d1dc9ecdceca5af2513271fed37a0", + "packages": [ + "." + ] + }, + { + "name": "github.com/spf13/pflag", + "branch": "master", + "revision": "9ff6c6923cfffbcd502984b8e0c80539a94968b7", + "packages": [ + "." + ] + }, + { + "name": "github.com/syndtr/gocapability", + "branch": "master", + "revision": "e7cb7fa329f456b3855136a2642b197bad7366ba", + "packages": [ + "capability" + ] + }, + { + "name": "github.com/tchap/go-patricia", + "version": "v2.2.6", + "revision": "666120de432aea38ab06bd5c818f04f4129882c9", + "packages": [ + "patricia" + ] + }, + { + "name": "github.com/ugorji/go", + "branch": "master", + "revision": "d23841a297e5489e787e72fceffabf9d2994b52a", + "packages": [ + "codec" + ] + }, + { + "name": "github.com/urfave/cli", + "version": "v1.19.1", + "revision": "0bdeddeeb0f650497d603c4ad7b20cfe685682f6", + "packages": [ + "." + ] + }, + { + "name": "github.com/vbatts/tar-split", + "version": "v0.10.1", + "revision": "d3f1b54304d656376e58f9406a9cb4775799a357", + "packages": [ + "archive/tar", + "tar/asm", + "tar/storage" + ] + }, + { + "name": "golang.org/x/crypto", + "branch": "master", + "revision": "dc137beb6cce2043eb6b5f223ab8bf51c32459f4", + "packages": [ + "cast5", + "openpgp", + "openpgp/armor", + "openpgp/elgamal", + "openpgp/errors", + "openpgp/packet", + "openpgp/s2k" + ] + }, + { + "name": "golang.org/x/net", + "branch": "master", + "revision": "f2499483f923065a842d38eb4c7f1927e6fc6e6d", + "packages": [ + "context", + "context/ctxhttp", + "http2", + "http2/hpack", + "idna", + "internal/timeseries", + "lex/httplex", + "proxy", + "trace", + "websocket" + ] + }, + { + "name": "golang.org/x/oauth2", + "branch": "master", + "revision": "a6bd8cefa1811bd24b86f8902872e4e8225f74c4", + "packages": [ + ".", + "google", + "internal", + "jws", + "jwt" + ] + }, + { + "name": "golang.org/x/sys", + "branch": "master", + "revision": "d75a52659825e75fff6158388dddc6a5b04f9ba5", + "packages": [ + "unix", + "windows" + ] + }, + { + "name": "golang.org/x/text", + "branch": "master", + "revision": "dafb3384ad25363d928a9e97ce4ad3a2f0667e34", + "packages": [ + "internal/gen", + "internal/triegen", + "internal/ucd", + "transform", + "unicode/cldr", + "unicode/norm", + "width" + ] + }, + { + "name": "google.golang.org/appengine", + "version": "v1.0.0", + "revision": "150dc57a1b433e64154302bdc40b6bb8aefa313a", + "packages": [ + ".", + "internal", + "internal/app_identity", + "internal/base", + "internal/datastore", + "internal/log", + "internal/modules", + "internal/remote_api", + "internal/urlfetch", + "urlfetch" + ] + }, + { + "name": "google.golang.org/grpc", + "version": "v1.0.1-GA", + "revision": "0032a855ba5c8a3c8e0d71c2deef354b70af1584", + "packages": [ + ".", + "codes", + "credentials", + "grpclog", + "internal", + "metadata", + "naming", + "peer", + "transport" + ] + }, + { + "name": "gopkg.in/cheggaaa/pb.v1", + "version": "v1.0.7", + "revision": "d7e6ca3010b6f084d8056847f55d7f572f180678", + "packages": [ + "." + ] + }, + { + "name": "gopkg.in/inf.v0", + "version": "v0.9.0", + "revision": "3887ee99ecf07df5b447e9b00d9c0b2adaa9f3e4", + "packages": [ + "." + ] + }, + { + "name": "gopkg.in/yaml.v2", + "branch": "v2", + "revision": "4c78c975fe7c825c6d1466c42be594d1d6f3aba6", + "packages": [ + "." + ] + }, + { + "name": "k8s.io/apimachinery", + "branch": "master", + "revision": "21807b270ec15d19215659a5caa08b17f66d6f44", + "packages": [ + "pkg/api/errors", + "pkg/api/meta", + "pkg/apimachinery", + "pkg/apimachinery/announced", + "pkg/apimachinery/registered", + "pkg/apis/meta/v1", + "pkg/apis/meta/v1/unstructured", + "pkg/conversion", + "pkg/conversion/queryparams", + "pkg/fields", + "pkg/labels", + "pkg/openapi", + "pkg/runtime", + "pkg/runtime/schema", + "pkg/runtime/serializer", + "pkg/runtime/serializer/json", + "pkg/runtime/serializer/protobuf", + "pkg/runtime/serializer/recognizer", + "pkg/runtime/serializer/streaming", + "pkg/runtime/serializer/versioning", + "pkg/selection", + "pkg/types", + "pkg/util/errors", + "pkg/util/framer", + "pkg/util/json", + "pkg/util/net", + "pkg/util/rand", + "pkg/util/runtime", + "pkg/util/sets", + "pkg/util/validation", + "pkg/util/validation/field", + "pkg/util/wait", + "pkg/util/yaml", + "pkg/version", + "pkg/watch", + "third_party/forked/golang/reflect" + ] + }, + { + "name": "k8s.io/apiserver", + "branch": "master", + "revision": "18254ddaaab8024609bdf570493103036d72f86d", + "packages": [ + "pkg/server/httplog", + "pkg/util/wsstream" + ] + }, + { + "name": "k8s.io/client-go", + "branch": "master", + "revision": "b766ef93a46ce6dc863462254658ca2861a53314", + "packages": [ + "pkg/api", + "pkg/api/resource", + "pkg/api/v1", + "pkg/apis/autoscaling", + "pkg/apis/extensions", + "pkg/util", + "pkg/util/intstr", + "pkg/util/labels", + "pkg/util/parsers", + "pkg/version", + "plugin/pkg/client/auth", + "plugin/pkg/client/auth/gcp", + "plugin/pkg/client/auth/oidc", + "rest", + "rest/watch", + "third_party/forked/golang/template", + "tools/clientcmd/api", + "tools/metrics", + "transport", + "util/cert", + "util/clock", + "util/flowcontrol", + "util/homedir", + "util/integer", + "util/jsonpath" + ] + }, + { + "name": "k8s.io/kubernetes", + "branch": "master", + "revision": "760d8e98e8f6ad27aaf50b1a030cb9e7b6859aab", + "packages": [ + "pkg/api", + "pkg/api/install", + "pkg/api/resource", + "pkg/api/v1", + "pkg/apis/apps", + "pkg/apis/apps/install", + "pkg/apis/apps/v1beta1", + "pkg/apis/authentication", + "pkg/apis/authentication/install", + "pkg/apis/authentication/v1beta1", + "pkg/apis/authorization", + "pkg/apis/authorization/install", + "pkg/apis/authorization/v1beta1", + "pkg/apis/autoscaling", + "pkg/apis/autoscaling/install", + "pkg/apis/autoscaling/v1", + "pkg/apis/batch", + "pkg/apis/batch/install", + "pkg/apis/batch/v1", + "pkg/apis/batch/v2alpha1", + "pkg/apis/certificates", + "pkg/apis/certificates/install", + "pkg/apis/certificates/v1beta1", + "pkg/apis/extensions", + "pkg/apis/extensions/install", + "pkg/apis/extensions/v1beta1", + "pkg/apis/policy", + "pkg/apis/policy/install", + "pkg/apis/policy/v1beta1", + "pkg/apis/rbac", + "pkg/apis/rbac/install", + "pkg/apis/rbac/v1alpha1", + "pkg/apis/rbac/v1beta1", + "pkg/apis/storage", + "pkg/apis/storage/install", + "pkg/apis/storage/v1beta1", + "pkg/client/clientset_generated/clientset", + "pkg/client/clientset_generated/clientset/typed/apps/v1beta1", + "pkg/client/clientset_generated/clientset/typed/authentication/v1beta1", + "pkg/client/clientset_generated/clientset/typed/authorization/v1beta1", + "pkg/client/clientset_generated/clientset/typed/autoscaling/v1", + "pkg/client/clientset_generated/clientset/typed/batch/v1", + "pkg/client/clientset_generated/clientset/typed/batch/v2alpha1", + "pkg/client/clientset_generated/clientset/typed/certificates/v1beta1", + "pkg/client/clientset_generated/clientset/typed/core/v1", + "pkg/client/clientset_generated/clientset/typed/extensions/v1beta1", + "pkg/client/clientset_generated/clientset/typed/policy/v1beta1", + "pkg/client/clientset_generated/clientset/typed/rbac/v1alpha1", + "pkg/client/clientset_generated/clientset/typed/rbac/v1beta1", + "pkg/client/clientset_generated/clientset/typed/storage/v1beta1", + "pkg/client/record", + "pkg/client/typed/discovery", + "pkg/client/unversioned/remotecommand", + "pkg/cloudprovider", + "pkg/kubelet/api/v1alpha1/runtime", + "pkg/kubelet/container", + "pkg/kubelet/server/portforward", + "pkg/kubelet/server/remotecommand", + "pkg/kubelet/server/streaming", + "pkg/kubelet/util/format", + "pkg/kubelet/util/ioutils", + "pkg/util", + "pkg/util/chmod", + "pkg/util/chown", + "pkg/util/exec", + "pkg/util/hash", + "pkg/util/httpstream", + "pkg/util/httpstream/spdy", + "pkg/util/interrupt", + "pkg/util/intstr", + "pkg/util/io", + "pkg/util/labels", + "pkg/util/mount", + "pkg/util/parsers", + "pkg/util/strategicpatch", + "pkg/util/term", + "pkg/version", + "pkg/volume", + "pkg/volume/util", + "third_party/forked/golang/expansion", + "third_party/forked/golang/json", + "third_party/forked/golang/netutil" + ] + } + ] +} diff --git a/vendor/github.com/kubernetes-incubator/cri-o/manifest.json b/vendor/github.com/kubernetes-incubator/cri-o/manifest.json new file mode 100644 index 00000000..4e7bde2e --- /dev/null +++ b/vendor/github.com/kubernetes-incubator/cri-o/manifest.json @@ -0,0 +1,43 @@ +{ + "dependencies": { + "github.com/Sirupsen/logrus": { + "branch": "master" + }, + "github.com/containers/image": { + "branch": "master" + }, + "github.com/opencontainers/image-spec": { + "version": "v1.0.0-rc6" + }, + "github.com/containers/storage": { + "branch": "master" + }, + "github.com/docker/distribution": { + "branch": "master" + }, + "github.com/fsnotify/fsnotify": { + "branch": "master" + }, + "github.com/godbus/dbus": { + "version": "^4.0.0" + }, + "github.com/opencontainers/runc": { + "branch": "master" + }, + "github.com/opencontainers/runtime-spec": { + "version": "v1.0.0-rc5" + }, + "github.com/opencontainers/runtime-tools": { + "branch": "master" + }, + "github.com/opencontainers/selinux": { + "branch": "master" + }, + "google.golang.org/grpc": { + "version": "v1.0.1-GA" + }, + "k8s.io/kubernetes": { + "branch": "master" + } + } +} diff --git a/vendor/github.com/kubernetes-incubator/cri-o/pkg/annotations/annotations.go b/vendor/github.com/kubernetes-incubator/cri-o/pkg/annotations/annotations.go new file mode 100644 index 00000000..5f85a204 --- /dev/null +++ b/vendor/github.com/kubernetes-incubator/cri-o/pkg/annotations/annotations.go @@ -0,0 +1,66 @@ +package annotations + +const ( + // Annotations carries the received Kubelet annotations + Annotations = "io.kubernetes.cri-o.Annotations" + + // ContainerID is the container ID annotation + ContainerID = "io.kubernetes.cri-o.ContainerID" + + // ContainerName is the container name annotation + ContainerName = "io.kubernetes.cri-o.ContainerName" + + // ContainerType is the container type (sandbox or container) annotation + ContainerType = "io.kubernetes.cri-o.ContainerType" + + // Created is the container creation time annotation + Created = "io.kubernetes.cri-o.Created" + + // HostName is the container host name annotation + HostName = "io.kubernetes.cri-o.HostName" + + // Image is the container image ID annotation + Image = "io.kubernetes.cri-o.Image" + + // KubeName is the kubernetes name annotation + KubeName = "io.kubernetes.cri-o.KubeName" + + // Labels are the kubernetes labels annotation + Labels = "io.kubernetes.cri-o.Labels" + + // LogPath is the container logging path annotation + LogPath = "io.kubernetes.cri-o.LogPath" + + // Metadata is the container metadata annotation + Metadata = "io.kubernetes.cri-o.Metadata" + + // Name is the pod name annotation + Name = "io.kubernetes.cri-o.Name" + + // PrivilegedRuntime is the annotation for the privileged runtime path + PrivilegedRuntime = "io.kubernetes.cri-o.PrivilegedRuntime" + + // ResolvPath is the resolver configuration path annotation + ResolvPath = "io.kubernetes.cri-o.ResolvPath" + + // SandboxID is the sandbox ID annotation + SandboxID = "io.kubernetes.cri-o.SandboxID" + + // SandboxName is the sandbox name annotation + SandboxName = "io.kubernetes.cri-o.SandboxName" + + // ShmPath is the shared memory path annotation + ShmPath = "io.kubernetes.cri-o.ShmPath" + + // TTY is the terminal path annotation + TTY = "io.kubernetes.cri-o.TTY" +) + +// ContainerType values +const ( + // ContainerTypeSandbox represents a pod sandbox container + ContainerTypeSandbox = "sandbox" + + // ContainerTypeContainer represents a container running within a pod + ContainerTypeContainer = "container" +) diff --git a/vendor/github.com/kubernetes-incubator/cri-o/seccomp.json b/vendor/github.com/kubernetes-incubator/cri-o/seccomp.json new file mode 100644 index 00000000..b9a4564d --- /dev/null +++ b/vendor/github.com/kubernetes-incubator/cri-o/seccomp.json @@ -0,0 +1,701 @@ +{ + "defaultAction": "SCMP_ACT_ERRNO", + "archMap": [ + { + "architecture": "SCMP_ARCH_X86_64", + "subArchitectures": [ + "SCMP_ARCH_X86", + "SCMP_ARCH_X32" + ] + }, + { + "architecture": "SCMP_ARCH_AARCH64", + "subArchitectures": [ + "SCMP_ARCH_ARM" + ] + }, + { + "architecture": "SCMP_ARCH_MIPS64", + "subArchitectures": [ + "SCMP_ARCH_MIPS", + "SCMP_ARCH_MIPS64N32" + ] + }, + { + "architecture": "SCMP_ARCH_MIPS64N32", + "subArchitectures": [ + "SCMP_ARCH_MIPS", + "SCMP_ARCH_MIPS64" + ] + }, + { + "architecture": "SCMP_ARCH_MIPSEL64", + "subArchitectures": [ + "SCMP_ARCH_MIPSEL", + "SCMP_ARCH_MIPSEL64N32" + ] + }, + { + "architecture": "SCMP_ARCH_MIPSEL64N32", + "subArchitectures": [ + "SCMP_ARCH_MIPSEL", + "SCMP_ARCH_MIPSEL64" + ] + }, + { + "architecture": "SCMP_ARCH_S390X", + "subArchitectures": [ + "SCMP_ARCH_S390" + ] + } + ], + "syscalls": [ + { + "names": [ + "accept", + "accept4", + "access", + "alarm", + "alarm", + "bind", + "brk", + "capget", + "capset", + "chdir", + "chmod", + "chown", + "chown32", + "clock_getres", + "clock_gettime", + "clock_nanosleep", + "close", + "connect", + "copy_file_range", + "creat", + "dup", + "dup2", + "dup3", + "epoll_create", + "epoll_create1", + "epoll_ctl", + "epoll_ctl_old", + "epoll_pwait", + "epoll_wait", + "epoll_wait_old", + "eventfd", + "eventfd2", + "execve", + "execveat", + "exit", + "exit_group", + "faccessat", + "fadvise64", + "fadvise64_64", + "fallocate", + "fanotify_mark", + "fchdir", + "fchmod", + "fchmodat", + "fchown", + "fchown32", + "fchownat", + "fcntl", + "fcntl64", + "fdatasync", + "fgetxattr", + "flistxattr", + "flock", + "fork", + "fremovexattr", + "fsetxattr", + "fstat", + "fstat64", + "fstatat64", + "fstatfs", + "fstatfs64", + "fsync", + "ftruncate", + "ftruncate64", + "futex", + "futimesat", + "getcpu", + "getcwd", + "getdents", + "getdents64", + "getegid", + "getegid32", + "geteuid", + "geteuid32", + "getgid", + "getgid32", + "getgroups", + "getgroups32", + "getitimer", + "getpeername", + "getpgid", + "getpgrp", + "getpid", + "getppid", + "getpriority", + "getrandom", + "getresgid", + "getresgid32", + "getresuid", + "getresuid32", + "getrlimit", + "get_robust_list", + "getrusage", + "getsid", + "getsockname", + "getsockopt", + "get_thread_area", + "gettid", + "gettimeofday", + "getuid", + "getuid32", + "getxattr", + "inotify_add_watch", + "inotify_init", + "inotify_init1", + "inotify_rm_watch", + "io_cancel", + "ioctl", + "io_destroy", + "io_getevents", + "ioprio_get", + "ioprio_set", + "io_setup", + "io_submit", + "ipc", + "kill", + "lchown", + "lchown32", + "lgetxattr", + "link", + "linkat", + "listen", + "listxattr", + "llistxattr", + "_llseek", + "lremovexattr", + "lseek", + "lsetxattr", + "lstat", + "lstat64", + "madvise", + "memfd_create", + "mincore", + "mkdir", + "mkdirat", + "mknod", + "mknodat", + "mlock", + "mlock2", + "mlockall", + "mmap", + "mmap2", + "mprotect", + "mq_getsetattr", + "mq_notify", + "mq_open", + "mq_timedreceive", + "mq_timedsend", + "mq_unlink", + "mremap", + "msgctl", + "msgget", + "msgrcv", + "msgsnd", + "msync", + "munlock", + "munlockall", + "munmap", + "nanosleep", + "newfstatat", + "_newselect", + "open", + "openat", + "pause", + "pipe", + "pipe2", + "poll", + "ppoll", + "prctl", + "pread64", + "preadv", + "prlimit64", + "pselect6", + "pwrite64", + "pwritev", + "read", + "readahead", + "readlink", + "readlinkat", + "readv", + "recv", + "recvfrom", + "recvmmsg", + "recvmsg", + "remap_file_pages", + "removexattr", + "rename", + "renameat", + "renameat2", + "restart_syscall", + "rmdir", + "rt_sigaction", + "rt_sigpending", + "rt_sigprocmask", + "rt_sigqueueinfo", + "rt_sigreturn", + "rt_sigsuspend", + "rt_sigtimedwait", + "rt_tgsigqueueinfo", + "sched_getaffinity", + "sched_getattr", + "sched_getparam", + "sched_get_priority_max", + "sched_get_priority_min", + "sched_getscheduler", + "sched_rr_get_interval", + "sched_setaffinity", + "sched_setattr", + "sched_setparam", + "sched_setscheduler", + "sched_yield", + "seccomp", + "select", + "semctl", + "semget", + "semop", + "semtimedop", + "send", + "sendfile", + "sendfile64", + "sendmmsg", + "sendmsg", + "sendto", + "setfsgid", + "setfsgid32", + "setfsuid", + "setfsuid32", + "setgid", + "setgid32", + "setgroups", + "setgroups32", + "setitimer", + "setpgid", + "setpriority", + "setregid", + "setregid32", + "setresgid", + "setresgid32", + "setresuid", + "setresuid32", + "setreuid", + "setreuid32", + "setrlimit", + "set_robust_list", + "setsid", + "setsockopt", + "set_thread_area", + "set_tid_address", + "setuid", + "setuid32", + "setxattr", + "shmat", + "shmctl", + "shmdt", + "shmget", + "shutdown", + "sigaltstack", + "signalfd", + "signalfd4", + "sigreturn", + "socket", + "socketcall", + "socketpair", + "splice", + "stat", + "stat64", + "statfs", + "statfs64", + "symlink", + "symlinkat", + "sync", + "sync_file_range", + "syncfs", + "sysinfo", + "syslog", + "tee", + "tgkill", + "time", + "timer_create", + "timer_delete", + "timerfd_create", + "timerfd_gettime", + "timerfd_settime", + "timer_getoverrun", + "timer_gettime", + "timer_settime", + "times", + "tkill", + "truncate", + "truncate64", + "ugetrlimit", + "umask", + "uname", + "unlink", + "unlinkat", + "utime", + "utimensat", + "utimes", + "vfork", + "vmsplice", + "wait4", + "waitid", + "waitpid", + "write", + "writev", + "mount", + "umount2", + "reboot", + "name_to_handle_at", + "unshare" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": {}, + "excludes": {} + }, + { + "names": [ + "personality" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 0, + "value": 0, + "valueTwo": 0, + "op": "SCMP_CMP_EQ" + } + ], + "comment": "", + "includes": {}, + "excludes": {} + }, + { + "names": [ + "personality" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 0, + "value": 8, + "valueTwo": 0, + "op": "SCMP_CMP_EQ" + } + ], + "comment": "", + "includes": {}, + "excludes": {} + }, + { + "names": [ + "personality" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 0, + "value": 4294967295, + "valueTwo": 0, + "op": "SCMP_CMP_EQ" + } + ], + "comment": "", + "includes": {}, + "excludes": {} + }, + { + "names": [ + "breakpoint", + "cacheflush", + "set_tls" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "arches": [ + "arm", + "arm64" + ] + }, + "excludes": {} + }, + { + "names": [ + "arch_prctl" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "arches": [ + "amd64", + "x32" + ] + }, + "excludes": {} + }, + { + "names": [ + "modify_ldt" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "arches": [ + "amd64", + "x32", + "x86" + ] + }, + "excludes": {} + }, + { + "names": [ + "s390_pci_mmio_read", + "s390_pci_mmio_write", + "s390_runtime_instr" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "arches": [ + "s390", + "s390x" + ] + }, + "excludes": {} + }, + { + "names": [ + "open_by_handle_at" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_DAC_READ_SEARCH" + ] + }, + "excludes": {} + }, + { + "names": [ + "bpf", + "clone", + "fanotify_init", + "lookup_dcookie", + "mount", + "name_to_handle_at", + "perf_event_open", + "setdomainname", + "sethostname", + "setns", + "umount", + "umount2", + "unshare" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_ADMIN" + ] + }, + "excludes": {} + }, + { + "names": [ + "clone" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 0, + "value": 2080505856, + "valueTwo": 0, + "op": "SCMP_CMP_MASKED_EQ" + } + ], + "comment": "", + "includes": {}, + "excludes": { + "caps": [ + "CAP_SYS_ADMIN" + ], + "arches": [ + "s390", + "s390x" + ] + } + }, + { + "names": [ + "clone" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 1, + "value": 2080505856, + "valueTwo": 0, + "op": "SCMP_CMP_MASKED_EQ" + } + ], + "comment": "s390 parameter ordering for clone is different", + "includes": { + "arches": [ + "s390", + "s390x" + ] + }, + "excludes": { + "caps": [ + "CAP_SYS_ADMIN" + ] + } + }, + { + "names": [ + "reboot" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_BOOT" + ] + }, + "excludes": {} + }, + { + "names": [ + "chroot" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_CHROOT" + ] + }, + "excludes": {} + }, + { + "names": [ + "delete_module", + "init_module", + "finit_module", + "query_module" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_MODULE" + ] + }, + "excludes": {} + }, + { + "names": [ + "acct" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_PACCT" + ] + }, + "excludes": {} + }, + { + "names": [ + "kcmp", + "process_vm_readv", + "process_vm_writev", + "ptrace" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_PTRACE" + ] + }, + "excludes": {} + }, + { + "names": [ + "iopl", + "ioperm" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_RAWIO" + ] + }, + "excludes": {} + }, + { + "names": [ + "settimeofday", + "stime", + "adjtimex" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_TIME" + ] + }, + "excludes": {} + }, + { + "names": [ + "vhangup" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_TTY_CONFIG" + ] + }, + "excludes": {} + } + ] +} \ No newline at end of file diff --git a/vendor/github.com/kubernetes-incubator/cri-o/tutorial.md b/vendor/github.com/kubernetes-incubator/cri-o/tutorial.md new file mode 100644 index 00000000..e981f892 --- /dev/null +++ b/vendor/github.com/kubernetes-incubator/cri-o/tutorial.md @@ -0,0 +1,424 @@ +# cri-o Tutorial + +This tutorial will walk you through the installation of [cri-o](https://github.com/kubernetes-incubator/cri-o), an Open Container Initiative-based implementation of [Kubernetes Container Runtime Interface](https://github.com/kubernetes/kubernetes/blob/master/docs/proposals/container-runtime-interface-v1.md), and the creation of [Redis](https://redis.io/) server running in a [Pod](http://kubernetes.io/docs/user-guide/pods/). + +## Prerequisites + +A Linux machine is required to download and build the `cri-o` components and run the commands in this tutorial. + +Create a machine running Ubuntu 16.10: + +``` +gcloud compute instances create cri-o \ + --machine-type n1-standard-2 \ + --image-family ubuntu-1610 \ + --image-project ubuntu-os-cloud +``` + +SSH into the machine: + +``` +gcloud compute ssh cri-o +``` + +## Installation + +This section will walk you through installing the following components: + +* crio - The implementation of the Kubernetes CRI, which manages Pods. +* crioctl - The crio client for testing. +* cni - The Container Network Interface +* runc - The OCI runtime to launch the container + + +### runc + +Download the `runc` release binary: + +``` +wget https://github.com/opencontainers/runc/releases/download/v1.0.0-rc2/runc-linux-amd64 +``` + +Set the executable bit and copy the `runc` binary into your PATH: + +``` +chmod +x runc-linux-amd64 +``` + +``` +sudo mv runc-linux-amd64 /usr/bin/runc +``` + +Print the `runc` version: + +``` +runc -version +``` +``` +runc version 1.0.0-rc2 +commit: c91b5bea4830a57eac7882d7455d59518cdf70ec +spec: 1.0.0-rc2-dev +``` + +### crio + +The `crio` project does not ship binary releases so you'll need to build it from source. + +#### Install the Go runtime and tool chain + +Download the Go 1.7.4 binary release: + +``` +wget https://storage.googleapis.com/golang/go1.7.4.linux-amd64.tar.gz +``` + +Install Go 1.7.4: + +``` +sudo tar -xvf go1.7.4.linux-amd64.tar.gz -C /usr/local/ +``` + +``` +mkdir -p $HOME/go/src +``` + +``` +export GOPATH=$HOME/go +``` + +``` +export PATH=$PATH:/usr/local/go/bin:$GOPATH/bin +``` + +At this point the Go 1.7.4 tool chain should be installed: + +``` +go version +``` + +``` +go version go1.7.4 linux/amd64 +``` + +#### Build crio from source + +``` +sudo apt-get install -y libglib2.0-dev libseccomp-dev libapparmor-dev +``` + +``` +go get -d github.com/kubernetes-incubator/cri-o +``` + +``` +cd $GOPATH/src/github.com/kubernetes-incubator/cri-o +``` + +``` +make install.tools +``` + +``` +make +``` + +``` +sudo make install +``` + +Output: + +``` +install -D -m 755 kpod /usr/local/bin/kpod +install -D -m 755 crio /usr/local/bin/crio +install -D -m 755 crioctl /usr/local/bin/crioctl +install -D -m 755 conmon/conmon /usr/local/libexec/crio/conmon +install -D -m 755 pause/pause /usr/local/libexec/crio/pause +install -d -m 755 /usr/local/share/man/man{1,5,8} +install -m 644 docs/kpod.1 docs/kpod-launch.1 -t /usr/local/share/man/man1 +install -m 644 docs/crio.conf.5 -t /usr/local/share/man/man5 +install -m 644 docs/crio.8 -t /usr/local/share/man/man8 +install -D -m 644 crio.conf /etc/crio/crio.conf +install -D -m 644 seccomp.json /etc/crio/seccomp.json +``` + +If you are installing for the first time, generate config as follows: + +``` +make install.config +``` + +Output: + +``` +install -D -m 644 crio.conf /etc/crio/crio.conf +install -D -m 644 seccomp.json /etc/crio/seccomp.json +``` + +#### Start the crio system daemon + +``` +sudo sh -c 'echo "[Unit] +Description=OCI-based implementation of Kubernetes Container Runtime Interface +Documentation=https://github.com/kubernetes-incubator/cri-o + +[Service] +ExecStart=/usr/local/bin/crio --debug +Restart=on-failure +RestartSec=5 + +[Install] +WantedBy=multi-user.target" > /etc/systemd/system/crio.service' +``` + +``` +sudo systemctl daemon-reload +``` +``` +sudo systemctl enable crio +``` +``` +sudo systemctl start crio +``` + +#### Ensure the crio service is running + +``` +sudo crioctl runtimeversion +``` +``` +VersionResponse: Version: 0.1.0, RuntimeName: runc, RuntimeVersion: 1.0.0-rc2, RuntimeApiVersion: v1alpha1 +``` + +### cni + +This tutorial will use the latest version of `cni` from the master branch and build it from source. + +Download the `cni` source tree: + +``` +go get -d github.com/containernetworking/cni +``` + +``` +cd $GOPATH/src/github.com/containernetworking/cni +``` + +Build the `cni` binaries: + +``` +./build.sh +``` + +Output: + +``` +Building API +Building reference CLI +Building plugins + flannel + tuning + bridge + ipvlan + loopback + macvlan + ptp + dhcp + host-local + noop +``` + +Install the `cni` binaries: + +``` +sudo mkdir -p /opt/cni/bin +``` + +``` +sudo cp bin/* /opt/cni/bin/ +``` + +#### Configure CNI + +``` +sudo mkdir -p /etc/cni/net.d +``` + +``` +sudo sh -c 'cat >/etc/cni/net.d/10-mynet.conf <<-EOF +{ + "cniVersion": "0.2.0", + "name": "mynet", + "type": "bridge", + "bridge": "cni0", + "isGateway": true, + "ipMasq": true, + "ipam": { + "type": "host-local", + "subnet": "10.88.0.0/16", + "routes": [ + { "dst": "0.0.0.0/0" } + ] + } +} +EOF' +``` + +``` +sudo sh -c 'cat >/etc/cni/net.d/99-loopback.conf <<-EOF +{ + "cniVersion": "0.2.0", + "type": "loopback" +} +EOF' +``` + +At this point `cni` is installed and configured to allocation IP address to containers from the `10.88.0.0/16` subnet. + +## Pod Tutorial + +Now that the `cri-o` components have been installed and configured we are ready to create a Pod. This section will walk you through lauching a Redis server in a Pod. Once the Redis server is running we'll use telnet to verify it's working, then we'll stop the Redis server and clean up the Pod. + +### Creating a Pod + +First we need to setup a Pod sandbox using a Pod configuration, which can be found in the `cri-o` source tree: + +``` +cd $GOPATH/src/github.com/kubernetes-incubator/cri-o +``` + +Next create the Pod and capture the Pod ID for later use: + +``` +POD_ID=$(sudo crioctl pod run --config test/testdata/sandbox_config.json) +``` + +> sudo crioctl pod run --config test/testdata/sandbox_config.json + +Use the `crioctl` command to get the status of the Pod: + +``` +sudo crioctl pod status --id $POD_ID +``` + +Output: + +``` +ID: cd6c0883663c6f4f99697aaa15af8219e351e03696bd866bc3ac055ef289702a +Name: podsandbox1 +UID: redhat-test-crio +Namespace: redhat.test.crio +Attempt: 1 +Status: SANDBOX_READY +Created: 2016-12-14 15:59:04.373680832 +0000 UTC +Network namespace: /var/run/netns/cni-bc37b858-fb4d-41e6-58b0-9905d0ba23f8 +IP Address: 10.88.0.2 +Labels: + group -> test +Annotations: + owner -> hmeng + security.alpha.kubernetes.io/seccomp/pod -> unconfined + security.alpha.kubernetes.io/sysctls -> kernel.shm_rmid_forced=1,net.ipv4.ip_local_port_range=1024 65000 + security.alpha.kubernetes.io/unsafe-sysctls -> kernel.msgmax=8192 +``` + +### Create a Redis container inside the Pod + +Use the `crioctl` command to create a redis container from a container configuration and attach it to the Pod created earlier: + +``` +CONTAINER_ID=$(sudo crioctl ctr create --pod $POD_ID --config test/testdata/container_redis.json) +``` + +> sudo crioctl ctr create --pod $POD_ID --config test/testdata/container_redis.json + +The `crioctl ctr create` command will take a few seconds to return because the redis container needs to be pulled. + +Start the Redis container: + +``` +sudo crioctl ctr start --id $CONTAINER_ID +``` + +Get the status for the Redis container: + +``` +sudo crioctl ctr status --id $CONTAINER_ID +``` + +Output: + +``` +ID: d0147eb67968d81aaddbccc46cf1030211774b5280fad35bce2fdb0a507a2e7a +Name: podsandbox1-redis +Status: CONTAINER_RUNNING +Created: 2016-12-14 16:00:42.889089352 +0000 UTC +Started: 2016-12-14 16:01:56.733704267 +0000 UTC +``` + +### Test the Redis container + +Connect to the Pod IP on port 6379: + +``` +telnet 10.88.0.2 6379 +``` + +``` +Trying 10.88.0.2... +Connected to 10.88.0.2. +Escape character is '^]'. +``` + +At the prompt type `MONITOR`: + +``` +Trying 10.88.0.2... +Connected to 10.88.0.2. +Escape character is '^]'. +MONITOR ++OK +``` + +Exit the telnet session by typing `ctrl-]` and `quit` at the prompt: + +``` +^] + +telnet> quit +Connection closed. +``` + +#### Viewing the Redis logs + +The Redis logs are logged to the stderr of the crio service, which can be viewed using `journalctl`: + +``` +sudo journalctl -u crio --no-pager +``` + +### Stop the redis container and delete the Pod + +``` +sudo crioctl ctr stop --id $CONTAINER_ID +``` + +``` +sudo crioctl ctr remove --id $CONTAINER_ID +``` + +``` +sudo crioctl pod stop --id $POD_ID +``` + +``` +sudo crioctl pod remove --id $POD_ID +``` + +``` +sudo crioctl pod list +``` + +``` +sudo crioctl ctr list +```