| Commit message (Collapse) | Author | Age |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This shifts the matching logic out of libpod/container_internal and
into the hook package, where we can reuse it after vendoring into
CRI-O. It also adds unit tests with almost-complete coverage. Now
libpod is even more isolated from the hook internals, which makes it
fairly straightforward to bump the hook config file to 1.0.0. I've
dubbed the old format 0.1.0, although it doesn't specify an explicit
version. Motivation for some of my changes with 1.0.0:
* Add an explicit version field. This will make any future JSON
structure migrations more straightforward by avoiding the need for
version-guessing heuristics.
* Collect the matching properties in a new When sub-structure. This
makes the root Hook structure easier to understand, because you
don't have to read over all the matching properties when wrapping
your head around Hook.
* Replace the old 'hook' and 'arguments' with a direct embedding of
the runtime-spec's hook structure. This provides access to
additional upstream properties (args[0], env, and timeout) and
avoids the complication of a CRI-O-specific analog structure.
* Add a 'when.always' property. You can usually accomplish this
effect in another way (e.g. when.commands = [".*"]), but having a
boolean explicitly for this use-case makes for easier reading and
writing.
* Replace the previous annotations array with an annotations map. The
0.1.0 approach matched only the values regardless of key, and that
seems unreliable.
* Replace 'cmds' with 'when.commands', because while there are a few
ways to abbreviate "commands", there's only one way to write it out
in full ;). This gives folks one less thing to remember when
writing hook JSON.
* Replace the old "inject if any specified condition matches" with
"inject if all specified conditions match". This allows for more
precise targeting. Users that need more generous targeting can
recover the previous behavior by creating a separate 1.0.0 hook file
for each specified 0.1.0 condition.
I've added doc-compat support for the various pluralizations of the
0.1.0 properties. Previously, the docs and code were not in
agreement. More on this particular facet in [1].
I've updated the docs to point out that the annotations being matched
are the OCI config annotations. This differs from CRI-O, where the
annotations used are the Kubernetes-supplied annotations [2,3]. For
example, io.kubernetes.cri-o.Volumes [4] is part of CRI-O's runtime
config annotations [5], but not part of the Kubernetes-supplied
annotations CRI-O uses for matching hooks.
The Monitor method supports the CRI-O use-case [6]. podman doesn't
need it directly, but CRI-O will need it when we vendor this package
there.
I've used nvidia-container-runtime-hook for the annotation examples
because Dan mentioned the Nvidia folks as the motivation behind
annotation matching. The environment variables are documented in [7].
The 0.1.0 hook config, which does not allow for environment variables,
only works because runc currently leaks the host environment into the
hooks [8]. I haven't been able to find documentation for their usual
annotation trigger or hook-install path, so I'm just guessing there.
[1]: https://github.com/kubernetes-incubator/cri-o/pull/1235
[2]: https://github.com/kubernetes-incubator/cri-o/blob/v1.10.0/server/container_create.go#L760
[3]: https://github.com/kubernetes-incubator/cri-o/blob/v1.10.0/server/container_create.go#L772
[4]: https://github.com/kubernetes-incubator/cri-o/blob/v1.10.0/pkg/annotations/annotations.go#L97-L98
[5]: https://github.com/kubernetes-incubator/cri-o/blob/v1.10.0/server/container_create.go#L830-L834
[6]: https://github.com/kubernetes-incubator/cri-o/pull/1345/
[7]: https://github.com/NVIDIA/nvidia-container-runtime/tree/v1.3.0-1#environment-variables-oci-spec
[8]: https://github.com/opencontainers/runc/pull/1738
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #686
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
Closes: #754
Approved by: baude
|
|
|
|
|
|
|
|
|
|
| |
Using varlink's idl parser, we generate API documentation for the podman
API relying on the .varlink file as the source.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #734
Approved by: baude
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Make that information more easily discoverable. And since
CONTRIBUTING.md already mentions IRC, we can drop the IRC reference
from the README to DRY things up.
Also update CONTRIBUTING.md to replace the stale #cri-o reference left
over from the initial libpod/podman fork. While I was touching this
line, I also shuffled some of the wording around to tighten that
sentence up.
Signed-off-by: W. Trevor King <wking@tremily.us>
Closes: #687
Approved by: rhatdan
|
|
|
|
| |
Signed-off-by: Tomas Tomecek <ttomecek@redhat.com>
|
|
|
|
|
|
|
| |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #337
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #269
Approved by: TomSweeneyRedHat
|
|
|
|
|
|
|
|
|
|
|
|
| |
conmon should not be built in two different places.
conmon is now a separate package in Fedora so we can just
add requires, for use on Ubuntu we can just require cri-o to
be installed.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #151
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #243
Approved by: mheon
|
|
|
|
| |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
How to build, install, and use podman on Fedora. The ubuntu instructions
are currently commented out due to issue #166.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #170
Approved by: baude
|
|
|
|
|
|
|
| |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #162
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #159
Approved by: TomSweeneyRedHat
|
|
|
|
|
|
|
|
|
| |
The decision is in, kpod is going to be named podman.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #145
Approved by: umohnani8
|
|
|
|
|
|
|
|
|
| |
Display information about processes in a running container.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #121
Approved by: rhatdan
|
|
|
|
|
|
|
| |
Signed-off-by: TomSweeneyRedHat <tsweeney@redhat.com>
Closes: #120
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Initial wiring of kpod exec. We wont support the following options
for exec:
* detach -- unsure of use case
* detach-keys -- not supported by runc
* interactive -- all terminals will be interactive
Not adding exec tests as we need to think about how to support a
test that requires console access but our CI tests have no console.
Signed-off-by: baude <bbaude@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Attach to a running container
Signed-off-by: baude <bbaude@redhat.com>
Closes: #95
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
| |
Starts one or more containers.
Signed-off-by: baude <bbaude@redhat.com>
Closes: #83
Approved by: rhatdan
|
|
|
|
|
|
|
|
|
|
| |
Should be mostly self-evident. I dropped the `is meant to` as it feels too
passive.
Signed-off-by: Colin Walters <walters@verbum.org>
Closes: #35
Approved by: mheon
|
|
|
|
|
|
|
| |
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
Closes: #20
Approved by: rhatdan
|
|
|
|
|
|
| |
Copy the README from CRI-O and convert it for libpod.
Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
|
|
|
|
| |
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|
|
Signed-off-by: Matthew Heon <matthew.heon@gmail.com>
|