diff --git a/completions/fish/crio.fish b/completions/fish/crio.fish index 3996fc8b231..aa50dd13392 100644 --- a/completions/fish/crio.fish +++ b/completions/fish/crio.fish @@ -114,7 +114,7 @@ complete -c crio -n '__fish_crio_no_subcommand' -f -l read-only -d 'Setup all un complete -c crio -n '__fish_crio_no_subcommand' -f -l registry -r -d 'Registry to be prepended when pulling unqualified images, can be specified multiple times' complete -c crio -n '__fish_crio_no_subcommand' -l root -s r -r -d 'The CRI-O root directory' complete -c crio -n '__fish_crio_no_subcommand' -l runroot -r -d 'The CRI-O state directory' -complete -c crio -n '__fish_crio_no_subcommand' -f -l runtimes -r -d 'OCI runtimes, format is runtime_name:runtime_path:runtime_root:runtime_type:privileged_without_host_devices' +complete -c crio -n '__fish_crio_no_subcommand' -f -l runtimes -r -d 'OCI runtimes, format is runtime_name:runtime_path:runtime_root:runtime_type:privileged_without_host_devices:runtime_config_path' complete -c crio -n '__fish_crio_no_subcommand' -l seccomp-profile -r -d 'Path to the seccomp.json profile to be used as the runtime\'s default. If not specified, then the internal default seccomp profile will be used. (default: "")' complete -c crio -n '__fish_crio_no_subcommand' -f -l seccomp-use-default-when-empty -r -d 'Use the default seccomp profile when an empty one is specified (default: false)' complete -c crio -n '__fish_crio_no_subcommand' -f -l selinux -d 'Enable selinux support (default: false)' diff --git a/docs/crio.8.md b/docs/crio.8.md index b29efc9be54..7fe6e080b7b 100644 --- a/docs/crio.8.md +++ b/docs/crio.8.md @@ -292,7 +292,7 @@ crio [GLOBAL OPTIONS] command [COMMAND OPTIONS] [ARGUMENTS...] **--runroot**="": The CRI-O state directory (default: /run/containers/storage) -**--runtimes**="": OCI runtimes, format is runtime_name:runtime_path:runtime_root:runtime_type:privileged_without_host_devices (default: []) +**--runtimes**="": OCI runtimes, format is runtime_name:runtime_path:runtime_root:runtime_type:privileged_without_host_devices:runtime_config_path (default: []) **--seccomp-profile**="": Path to the seccomp.json profile to be used as the runtime's default. If not specified, then the internal default seccomp profile will be used. (default: "") diff --git a/docs/crio.conf.5.md b/docs/crio.conf.5.md index c17f489e1a9..62d242419b5 100644 --- a/docs/crio.conf.5.md +++ b/docs/crio.conf.5.md @@ -268,6 +268,9 @@ The "crio.runtime.runtimes" table defines a list of OCI compatible runtimes. Th **runtime_type**="oci" Type of the runtime used for this runtime handler. "oci", "vm" +**runtime_config_path**="" + Path to the runtime configuration file, should only be used with VM runtime types + **privileged_without_host_devices**=false Whether this runtime handler prevents host devices from being passed to privileged containers. diff --git a/go.mod b/go.mod index e75d965ec26..32fa61eb389 100644 --- a/go.mod +++ b/go.mod @@ -8,6 +8,7 @@ require ( github.com/blang/semver v3.5.1+incompatible github.com/containerd/cgroups v1.0.1 github.com/containerd/containerd v1.5.2 + github.com/containerd/cri-containerd v1.19.0 github.com/containerd/ttrpc v1.0.2 github.com/containerd/typeurl v1.0.2 github.com/containernetworking/cni v0.8.1 diff --git a/go.sum b/go.sum index 57b3d656b96..96f67a88668 100644 --- a/go.sum +++ b/go.sum @@ -264,6 +264,8 @@ github.com/containerd/continuity v0.0.0-20201208142359-180525291bb7/go.mod h1:kR github.com/containerd/continuity v0.0.0-20210208174643-50096c924a4e/go.mod h1:EXlVlkqNba9rJe3j7w3Xa924itAMLgZH4UD/Q4PExuQ= github.com/containerd/continuity v0.1.0 h1:UFRRY5JemiAhPZrr/uE0n8fMTLcZsUvySPr1+D7pgr8= github.com/containerd/continuity v0.1.0/go.mod h1:ICJu0PwR54nI0yPEnJ6jcS+J7CZAUXrLh8lPo2knzsM= +github.com/containerd/cri-containerd v1.19.0 h1:PcTvvl+SHaekCMQZFQkYjn1RKlYrK6khYbuhOeF68k0= +github.com/containerd/cri-containerd v1.19.0/go.mod h1:wxbGdReWGCalzGOEpifoHeYCK4xAgnj4o/4bVB+9voU= github.com/containerd/fifo v0.0.0-20180307165137-3d5202aec260/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= github.com/containerd/fifo v0.0.0-20190226154929-a9fb20d87448/go.mod h1:ODA38xgv3Kuk8dQz2ZQXpnv/UZZUHUCL7pnLehbXgQI= github.com/containerd/fifo v0.0.0-20200410184934-f15a3290365b/go.mod h1:jPQ2IAeZRCYxpS/Cm1495vGFww6ecHmMk1YJH2Q5ln0= diff --git a/internal/criocli/criocli.go b/internal/criocli/criocli.go index 7fde777576b..f148f9e8e96 100644 --- a/internal/criocli/criocli.go +++ b/internal/criocli/criocli.go @@ -137,8 +137,12 @@ func mergeConfig(config *libconfig.Config, ctx *cli.Context) error { runtimeType := libconfig.DefaultRuntimeType privilegedWithoutHostDevices := false + runtimeConfigPath := "" switch len(fields) { + case 6: + runtimeConfigPath = fields[5] + fallthrough case 5: if fields[4] == "true" { privilegedWithoutHostDevices = true @@ -153,6 +157,7 @@ func mergeConfig(config *libconfig.Config, ctx *cli.Context) error { RuntimeRoot: fields[2], RuntimeType: runtimeType, PrivilegedWithoutHostDevices: privilegedWithoutHostDevices, + RuntimeConfigPath: runtimeConfigPath, } default: return fmt.Errorf("wrong format for --runtimes: %q", r) @@ -538,7 +543,7 @@ func getCrioFlags(defConf *libconfig.Config) []cli.Flag { }, &cli.StringSliceFlag{ Name: "runtimes", - Usage: "OCI runtimes, format is runtime_name:runtime_path:runtime_root:runtime_type:privileged_without_host_devices", + Usage: "OCI runtimes, format is runtime_name:runtime_path:runtime_root:runtime_type:privileged_without_host_devices:runtime_config_path", EnvVars: []string{"CONTAINER_RUNTIMES"}, }, &cli.StringFlag{ diff --git a/internal/oci/oci.go b/internal/oci/oci.go index 087a52b65e1..717581dac87 100644 --- a/internal/oci/oci.go +++ b/internal/oci/oci.go @@ -230,7 +230,7 @@ func (r *Runtime) newRuntimeImpl(c *Container) (RuntimeImpl, error) { } if rh.RuntimeType == config.RuntimeTypeVM { - return newRuntimeVM(rh.RuntimePath, rh.RuntimeRoot), nil + return newRuntimeVM(rh.RuntimePath, rh.RuntimeRoot, rh.RuntimeConfigPath), nil } // If the runtime type is different from "vm", then let's fallback diff --git a/internal/oci/oci_test.go b/internal/oci/oci_test.go index d59c53679bf..cb4c3221564 100644 --- a/internal/oci/oci_test.go +++ b/internal/oci/oci_test.go @@ -65,6 +65,7 @@ var _ = t.Describe("Oci", func() { RuntimeType: "vm", RuntimeRoot: "/run/vc", PrivilegedWithoutHostDevices: true, + RuntimeConfigPath: "/opt/kata-containers/config.toml", }, } diff --git a/internal/oci/runtime_vm.go b/internal/oci/runtime_vm.go index a063986957b..394b750ad28 100644 --- a/internal/oci/runtime_vm.go +++ b/internal/oci/runtime_vm.go @@ -16,6 +16,7 @@ import ( "github.com/containerd/containerd/namespaces" client "github.com/containerd/containerd/runtime/v2/shim" "github.com/containerd/containerd/runtime/v2/task" + runtimeoptions "github.com/containerd/cri-containerd/pkg/api/runtimeoptions/v1" "github.com/containerd/ttrpc" "github.com/containerd/typeurl" conmonconfig "github.com/containers/conmon/runner/config" @@ -27,6 +28,7 @@ import ( "github.com/cri-o/cri-o/utils/fifo" cio "github.com/cri-o/cri-o/utils/io" cioutil "github.com/cri-o/cri-o/utils/ioutil" + ptypes "github.com/gogo/protobuf/types" rspec "github.com/opencontainers/runtime-spec/specs-go" "github.com/pkg/errors" "github.com/sirupsen/logrus" @@ -40,11 +42,12 @@ import ( // runtimeVM is the Runtime interface implementation that is more appropriate // for VM based container runtimes. type runtimeVM struct { - path string - fifoDir string - ctx context.Context - client *ttrpc.Client - task task.TaskService + path string + fifoDir string + configPath string + ctx context.Context + client *ttrpc.Client + task task.TaskService sync.Mutex ctrs map[string]containerInfo @@ -60,7 +63,7 @@ const ( ) // newRuntimeVM creates a new runtimeVM instance -func newRuntimeVM(path, root string) RuntimeImpl { +func newRuntimeVM(path, root, configPath string) RuntimeImpl { logrus.Debug("oci.newRuntimeVM() start") defer logrus.Debug("oci.newRuntimeVM() end") @@ -77,10 +80,11 @@ func newRuntimeVM(path, root string) RuntimeImpl { typeurl.Register(&rspec.WindowsResources{}, prefix, "opencontainers/runtime-spec", major, "WindowsResources") return &runtimeVM{ - path: path, - fifoDir: filepath.Join(root, "crio", "fifo"), - ctx: context.Background(), - ctrs: make(map[string]containerInfo), + path: path, + configPath: configPath, + fifoDir: filepath.Join(root, "crio", "fifo"), + ctx: context.Background(), + ctrs: make(map[string]containerInfo), } } @@ -93,6 +97,24 @@ func (r *runtimeVM) CreateContainer(ctx context.Context, c *Container, cgroupPar c.opLock.Lock() defer c.opLock.Unlock() + // Lets ensure we're able to properly get construct the Options + // that we'll pass to the ContainerCreateTask, as admins can set + // the runtime_config_path to an arbitrary location. Also, lets + // fail early if something goes wrong. + var opts *ptypes.Any = nil + if r.configPath != "" { + runtimeOptions := &runtimeoptions.Options{ + ConfigPath: r.configPath, + } + + marshaledOtps, err := typeurl.MarshalAny(runtimeOptions) + if err != nil { + return err + } + + opts = marshaledOtps + } + // First thing, we need to start the runtime daemon if err := r.startRuntimeDaemon(ctx, c); err != nil { return err @@ -158,6 +180,7 @@ func (r *runtimeVM) CreateContainer(ctx context.Context, c *Container, cgroupPar Stdout: containerIO.Config().Stdout, Stderr: containerIO.Config().Stderr, Terminal: containerIO.Config().Terminal, + Options: opts, } createdCh := make(chan error) diff --git a/pkg/config/config.go b/pkg/config/config.go index 09171476ef2..d11732c3cbe 100644 --- a/pkg/config/config.go +++ b/pkg/config/config.go @@ -161,9 +161,11 @@ type RootConfig struct { // RuntimeHandler represents each item of the "crio.runtime.runtimes" TOML // config table. type RuntimeHandler struct { - RuntimePath string `toml:"runtime_path"` - RuntimeType string `toml:"runtime_type"` - RuntimeRoot string `toml:"runtime_root"` + RuntimeConfigPath string `toml:"runtime_config_path"` + RuntimePath string `toml:"runtime_path"` + RuntimeType string `toml:"runtime_type"` + RuntimeRoot string `toml:"runtime_root"` + // PrivilegedWithoutHostDevices can be used to restrict passing host devices // to a container running as privileged. PrivilegedWithoutHostDevices bool `toml:"privileged_without_host_devices,omitempty"` @@ -821,9 +823,10 @@ func (c *RuntimeConfig) Validate(systemContext *types.SystemContext, onExecution // first. If it does not exist then we add runc + its path to the runtimes map. if _, ok := c.Runtimes[defaultRuntime]; !ok { c.Runtimes[defaultRuntime] = &RuntimeHandler{ - RuntimePath: "", - RuntimeType: DefaultRuntimeType, - RuntimeRoot: DefaultRuntimeRoot, + RuntimePath: "", + RuntimeType: DefaultRuntimeType, + RuntimeRoot: DefaultRuntimeRoot, + RuntimeConfigPath: "", } } // Set the DefaultRuntime to runc so we don't fail further along in the code @@ -1088,6 +1091,9 @@ func (r *RuntimeHandler) Validate(name string) error { if err := r.ValidateRuntimePath(name); err != nil { return err } + if err := r.ValidateRuntimeConfigPath(name); err != nil { + return err + } if err := r.ValidateRuntimeAllowedAnnotations(); err != nil { return err } @@ -1146,6 +1152,21 @@ func (r *RuntimeHandler) ValidateRuntimeType(name string) error { return nil } +// ValidateRuntimeConfigPath checks if the `RuntimeConfigPath` exists. +func (r *RuntimeHandler) ValidateRuntimeConfigPath(name string) error { + if r.RuntimeConfigPath == "" { + return nil + } + if r.RuntimeType != RuntimeTypeVM { + return fmt.Errorf("runtime_config_path can only be used with the 'vm' runtime type") + } + if _, err := os.Stat(r.RuntimeConfigPath); err != nil && os.IsNotExist(err) { + return fmt.Errorf("invalid runtime_config_path for runtime '%s': %q", + name, err) + } + return nil +} + func (r *RuntimeHandler) ValidateRuntimeAllowedAnnotations() error { disallowedAnnotations := make(map[string]struct{}) for _, ann := range annotations.AllAllowedAnnotations { diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go index 93aed25528c..4023b79008c 100644 --- a/pkg/config/config_test.go +++ b/pkg/config/config_test.go @@ -1015,4 +1015,45 @@ var _ = t.Describe("Config", func() { Expect(ok).To(BeFalse()) }) }) + + t.Describe("ValidateRuntimeConfigPath", func() { + It("should fail with OCI runtime type when runtime_config_path is used", func() { + // Given + sut.Runtimes["runc"] = &config.RuntimeHandler{ + RuntimeConfigPath: validFilePath, RuntimeType: config.DefaultRuntimeType, + } + + // When + err := sut.Runtimes["runc"].ValidateRuntimeConfigPath("runc") + + // Then + Expect(err).NotTo(BeNil()) + }) + + It("should fail with VM runtime type and runtime_config_path points to an invalid path", func() { + // Given + sut.Runtimes["kata"] = &config.RuntimeHandler{ + RuntimeConfigPath: invalidPath, RuntimeType: config.RuntimeTypeVM, + } + + // When + err := sut.Runtimes["kata"].ValidateRuntimeConfigPath("kata") + + // Then + Expect(err).NotTo(BeNil()) + }) + + It("should succeed with VM runtime type and runtime_config_path points to a valid path", func() { + // Given + sut.Runtimes["kata"] = &config.RuntimeHandler{ + RuntimeConfigPath: validFilePath, RuntimeType: config.RuntimeTypeVM, + } + + // When + err := sut.Runtimes["kata"].ValidateRuntimeConfigPath("kata") + + // Then + Expect(err).To(BeNil()) + }) + }) }) diff --git a/pkg/config/template.go b/pkg/config/template.go index addc826f8d6..31a32340e3b 100644 --- a/pkg/config/template.go +++ b/pkg/config/template.go @@ -951,6 +951,8 @@ const templateStringCrioRuntimeRuntimesRuntimeHandler = `# The "crio.runtime.run # omitted, an "oci" runtime is assumed. # - runtime_root (optional, string): root directory for storage of containers # state. +# - runtime_config_path (optional, string): the path for the runtime configuration +# file. This can only be used with when using the VM runtime_type. # - privileged_without_host_devices (optional, bool): an option for restricting # host devices from being passed to privileged containers. # - allowed_annotations (optional, array of strings): an option for specifying @@ -967,6 +969,7 @@ const templateStringCrioRuntimeRuntimesRuntimeHandler = `# The "crio.runtime.run runtime_path = "{{ $runtime_handler.RuntimePath }}" runtime_type = "{{ $runtime_handler.RuntimeType }}" runtime_root = "{{ $runtime_handler.RuntimeRoot }}" +runtime_config_path = "{{ $runtime_handler.RuntimeConfigPath }}" {{ if $runtime_handler.PrivilegedWithoutHostDevices }} privileged_without_host_devices = {{ $runtime_handler.PrivilegedWithoutHostDevices }} {{ end }} diff --git a/test/helpers.bash b/test/helpers.bash index 14b4740654a..1e3f9cecae1 100644 --- a/test/helpers.bash +++ b/test/helpers.bash @@ -39,6 +39,7 @@ CONTAINER_DEFAULT_RUNTIME=${CONTAINER_DEFAULT_RUNTIME:-runc} RUNTIME_BINARY_PATH=$(command -v "$CONTAINER_DEFAULT_RUNTIME") RUNTIME_TYPE=${RUNTIME_TYPE:-oci} PRIVILEGED_WITHOUT_HOST_DEVICES=${PRIVILEGED_WITHOUT_HOST_DEVICES:-} +RUNTIME_CONFIG_PATH=${RUNTIME_CONFIG_PATH:-""} # Path of the apparmor_parser binary. APPARMOR_PARSER_BINARY=${APPARMOR_PARSER_BINARY:-/sbin/apparmor_parser} # Path of the apparmor profile for test. @@ -261,7 +262,7 @@ function setup_crio() { RUNTIME_ROOT=${RUNTIME_ROOT:-"$TESTDIR/crio-runtime-root"} # export here so direct calls to crio later inherit the variable - export CONTAINER_RUNTIMES=${CONTAINER_RUNTIMES:-$CONTAINER_DEFAULT_RUNTIME:$RUNTIME_BINARY_PATH:$RUNTIME_ROOT:$RUNTIME_TYPE:$PRIVILEGED_WITHOUT_HOST_DEVICES} + export CONTAINER_RUNTIMES=${CONTAINER_RUNTIMES:-$CONTAINER_DEFAULT_RUNTIME:$RUNTIME_BINARY_PATH:$RUNTIME_ROOT:$RUNTIME_TYPE:$PRIVILEGED_WITHOUT_HOST_DEVICES:$RUNTIME_CONFIG_PATH} # generate the default config file "$CRIO_BINARY_PATH" config --default >"$CRIO_CONFIG" diff --git a/vendor/github.com/containerd/cri-containerd/LICENSE b/vendor/github.com/containerd/cri-containerd/LICENSE new file mode 100644 index 00000000000..8dada3edaf5 --- /dev/null +++ b/vendor/github.com/containerd/cri-containerd/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "{}" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright {yyyy} {name of copyright owner} + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/vendor/github.com/containerd/cri-containerd/pkg/api/runtimeoptions/v1/api.pb.go b/vendor/github.com/containerd/cri-containerd/pkg/api/runtimeoptions/v1/api.pb.go new file mode 100644 index 00000000000..bf0cf3d41be --- /dev/null +++ b/vendor/github.com/containerd/cri-containerd/pkg/api/runtimeoptions/v1/api.pb.go @@ -0,0 +1,394 @@ +/* + Copyright The containerd Authors. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +*/ +// Code generated by protoc-gen-gogo. DO NOT EDIT. +// source: api.proto + +/* + Package cri_runtimeoptions_v1 is a generated protocol buffer package. + + It is generated from these files: + api.proto + + It has these top-level messages: + Options +*/ +package cri_runtimeoptions_v1 + +import proto "github.com/gogo/protobuf/proto" +import fmt "fmt" +import math "math" +import _ "github.com/gogo/protobuf/gogoproto" + +import strings "strings" +import reflect "reflect" + +import io "io" + +// Reference imports to suppress errors if they are not otherwise used. +var _ = proto.Marshal +var _ = fmt.Errorf +var _ = math.Inf + +// This is a compile-time assertion to ensure that this generated file +// is compatible with the proto package it is being compiled against. +// A compilation error at this line likely means your copy of the +// proto package needs to be updated. +const _ = proto.GoGoProtoPackageIsVersion2 // please upgrade the proto package + +type Options struct { + // TypeUrl specifies the type of the content inside the config file. + TypeUrl string `protobuf:"bytes,1,opt,name=type_url,json=typeUrl,proto3" json:"type_url,omitempty"` + // ConfigPath specifies the filesystem location of the config file + // used by the runtime. + ConfigPath string `protobuf:"bytes,2,opt,name=config_path,json=configPath,proto3" json:"config_path,omitempty"` +} + +func (m *Options) Reset() { *m = Options{} } +func (*Options) ProtoMessage() {} +func (*Options) Descriptor() ([]byte, []int) { return fileDescriptorApi, []int{0} } + +func (m *Options) GetTypeUrl() string { + if m != nil { + return m.TypeUrl + } + return "" +} + +func (m *Options) GetConfigPath() string { + if m != nil { + return m.ConfigPath + } + return "" +} + +func init() { + proto.RegisterType((*Options)(nil), "cri.runtimeoptions.v1.Options") +} +func (m *Options) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalTo(dAtA) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *Options) MarshalTo(dAtA []byte) (int, error) { + var i int + _ = i + var l int + _ = l + if len(m.TypeUrl) > 0 { + dAtA[i] = 0xa + i++ + i = encodeVarintApi(dAtA, i, uint64(len(m.TypeUrl))) + i += copy(dAtA[i:], m.TypeUrl) + } + if len(m.ConfigPath) > 0 { + dAtA[i] = 0x12 + i++ + i = encodeVarintApi(dAtA, i, uint64(len(m.ConfigPath))) + i += copy(dAtA[i:], m.ConfigPath) + } + return i, nil +} + +func encodeVarintApi(dAtA []byte, offset int, v uint64) int { + for v >= 1<<7 { + dAtA[offset] = uint8(v&0x7f | 0x80) + v >>= 7 + offset++ + } + dAtA[offset] = uint8(v) + return offset + 1 +} +func (m *Options) Size() (n int) { + var l int + _ = l + l = len(m.TypeUrl) + if l > 0 { + n += 1 + l + sovApi(uint64(l)) + } + l = len(m.ConfigPath) + if l > 0 { + n += 1 + l + sovApi(uint64(l)) + } + return n +} + +func sovApi(x uint64) (n int) { + for { + n++ + x >>= 7 + if x == 0 { + break + } + } + return n +} +func sozApi(x uint64) (n int) { + return sovApi(uint64((x << 1) ^ uint64((int64(x) >> 63)))) +} +func (this *Options) String() string { + if this == nil { + return "nil" + } + s := strings.Join([]string{`&Options{`, + `TypeUrl:` + fmt.Sprintf("%v", this.TypeUrl) + `,`, + `ConfigPath:` + fmt.Sprintf("%v", this.ConfigPath) + `,`, + `}`, + }, "") + return s +} +func valueToStringApi(v interface{}) string { + rv := reflect.ValueOf(v) + if rv.IsNil() { + return "nil" + } + pv := reflect.Indirect(rv).Interface() + return fmt.Sprintf("*%v", pv) +} +func (m *Options) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApi + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: Options: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: Options: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field TypeUrl", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApi + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthApi + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.TypeUrl = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field ConfigPath", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowApi + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthApi + } + postIndex := iNdEx + intStringLen + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.ConfigPath = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipApi(dAtA[iNdEx:]) + if err != nil { + return err + } + if skippy < 0 { + return ErrInvalidLengthApi + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func skipApi(dAtA []byte) (n int, err error) { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowApi + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + wireType := int(wire & 0x7) + switch wireType { + case 0: + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowApi + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + iNdEx++ + if dAtA[iNdEx-1] < 0x80 { + break + } + } + return iNdEx, nil + case 1: + iNdEx += 8 + return iNdEx, nil + case 2: + var length int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowApi + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + length |= (int(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + iNdEx += length + if length < 0 { + return 0, ErrInvalidLengthApi + } + return iNdEx, nil + case 3: + for { + var innerWire uint64 + var start int = iNdEx + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return 0, ErrIntOverflowApi + } + if iNdEx >= l { + return 0, io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + innerWire |= (uint64(b) & 0x7F) << shift + if b < 0x80 { + break + } + } + innerWireType := int(innerWire & 0x7) + if innerWireType == 4 { + break + } + next, err := skipApi(dAtA[start:]) + if err != nil { + return 0, err + } + iNdEx = start + next + } + return iNdEx, nil + case 4: + return iNdEx, nil + case 5: + iNdEx += 4 + return iNdEx, nil + default: + return 0, fmt.Errorf("proto: illegal wireType %d", wireType) + } + } + panic("unreachable") +} + +var ( + ErrInvalidLengthApi = fmt.Errorf("proto: negative length found during unmarshaling") + ErrIntOverflowApi = fmt.Errorf("proto: integer overflow") +) + +func init() { proto.RegisterFile("api.proto", fileDescriptorApi) } + +var fileDescriptorApi = []byte{ + // 183 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0xe2, 0x4c, 0x2c, 0xc8, 0xd4, + 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x12, 0x4d, 0x2e, 0xca, 0xd4, 0x2b, 0x2a, 0xcd, 0x2b, 0xc9, + 0xcc, 0x4d, 0xcd, 0x2f, 0x28, 0xc9, 0xcc, 0xcf, 0x2b, 0xd6, 0x2b, 0x33, 0x94, 0xd2, 0x4d, 0xcf, + 0x2c, 0xc9, 0x28, 0x4d, 0xd2, 0x4b, 0xce, 0xcf, 0xd5, 0x4f, 0xcf, 0x4f, 0xcf, 0xd7, 0x07, 0xab, + 0x4e, 0x2a, 0x4d, 0x03, 0xf3, 0xc0, 0x1c, 0x30, 0x0b, 0x62, 0x8a, 0x92, 0x2b, 0x17, 0xbb, 0x3f, + 0x44, 0xb3, 0x90, 0x24, 0x17, 0x47, 0x49, 0x65, 0x41, 0x6a, 0x7c, 0x69, 0x51, 0x8e, 0x04, 0xa3, + 0x02, 0xa3, 0x06, 0x67, 0x10, 0x3b, 0x88, 0x1f, 0x5a, 0x94, 0x23, 0x24, 0xcf, 0xc5, 0x9d, 0x9c, + 0x9f, 0x97, 0x96, 0x99, 0x1e, 0x5f, 0x90, 0x58, 0x92, 0x21, 0xc1, 0x04, 0x96, 0xe5, 0x82, 0x08, + 0x05, 0x24, 0x96, 0x64, 0x38, 0xc9, 0x9c, 0x78, 0x28, 0xc7, 0x78, 0xe3, 0xa1, 0x1c, 0x43, 0xc3, + 0x23, 0x39, 0xc6, 0x13, 0x8f, 0xe4, 0x18, 0x2f, 0x3c, 0x92, 0x63, 0x7c, 0xf0, 0x48, 0x8e, 0x71, + 0xc2, 0x63, 0x39, 0x86, 0x24, 0x36, 0xb0, 0x5d, 0xc6, 0x80, 0x00, 0x00, 0x00, 0xff, 0xff, 0x07, + 0x00, 0xf2, 0x18, 0xbe, 0x00, 0x00, 0x00, +} diff --git a/vendor/github.com/containerd/cri-containerd/pkg/api/runtimeoptions/v1/api.proto b/vendor/github.com/containerd/cri-containerd/pkg/api/runtimeoptions/v1/api.proto new file mode 100644 index 00000000000..f907d609c43 --- /dev/null +++ b/vendor/github.com/containerd/cri-containerd/pkg/api/runtimeoptions/v1/api.proto @@ -0,0 +1,22 @@ +// To regenerate api.pb.go run `make proto` +syntax = "proto3"; + +package cri.runtimeoptions.v1; + +import "github.com/gogo/protobuf/gogoproto/gogo.proto"; + +option (gogoproto.goproto_stringer_all) = false; +option (gogoproto.stringer_all) = true; +option (gogoproto.goproto_getters_all) = true; +option (gogoproto.marshaler_all) = true; +option (gogoproto.sizer_all) = true; +option (gogoproto.unmarshaler_all) = true; +option (gogoproto.goproto_unrecognized_all) = false; + +message Options { + // TypeUrl specifies the type of the content inside the config file. + string type_url = 1; + // ConfigPath specifies the filesystem location of the config file + // used by the runtime. + string config_path = 2; +} diff --git a/vendor/modules.txt b/vendor/modules.txt index 36fcf9776c1..35009cd45f4 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -137,6 +137,9 @@ github.com/containerd/containerd/version # github.com/containerd/continuity v0.1.0 github.com/containerd/continuity/fs github.com/containerd/continuity/sysx +# github.com/containerd/cri-containerd v1.19.0 +## explicit +github.com/containerd/cri-containerd/pkg/api/runtimeoptions/v1 # github.com/containerd/fifo v1.0.0 github.com/containerd/fifo # github.com/containerd/go-runc v1.0.0