Add containerd & gVisor support
This adds containerd, CNI, gVisor and all the necessary shims
and supporting infrastructure. It also enables all relevant features in
the Linux kernel. containerd is designed as a simple supervisor.Runnable.
It is not being started yet, this will happen in D497.
Split out from feature/kubelet.
Test Plan:
Has been tested in conjunction with the rest of D497, will be
covered by a K8s E2E test there.
X-Origin-Diff: phab/D509
GitOrigin-RevId: 92523516b7e361a30da330eb187787e6045bfd17
diff --git a/third_party/go/gazelle-deps.sh b/third_party/go/gazelle-deps.sh
index 4ae30ed..f5e9816 100755
--- a/third_party/go/gazelle-deps.sh
+++ b/third_party/go/gazelle-deps.sh
@@ -108,7 +108,35 @@
],
patch_args = ["-p1"],
)
+ go_repository(
+ name = "com_github_google_gvisor_containerd_shim",
+ importpath = "github.com/google/gvisor-containerd-shim",
+ sum = "h1:RdBNQHpoQ3ekzfXYIV4+nQJ3a2xLnIHuZJkM40OEtyA=",
+ version = "v0.0.4",
+ patches = [
+ "//third_party/go/patches:gvisor-containerd-shim.patch",
+ "//third_party/go/patches:gvisor-containerd-shim-build.patch",
+ # Patches below are being upstreamed
+ "//third_party/go/patches:gvisor-containerd-shim-nogo.patch",
+ "//third_party/go/patches:gvisor-shim-root.patch",
+ ],
+ patch_args = ["-p1"],
+ )
+ # containerd, Not an actual release, pinned to commit 8e685f78cf66e2901b2fbed2fdddd64449a74ab9 that has support for the required build tags.
+ # Also patched for pure mode and some other issues
+ go_repository(
+ name = "com_github_containerd_containerd",
+ build_file_proto_mode = "disable",
+ build_tags = ["no_zfs", "no_aufs", "no_devicemapper", "no_btrfs"],
+ importpath = "github.com/containerd/containerd",
+ sum = "h1:IeFaEbvx6mQe9K1cXG2K7zynPwge3YUrQlLTyiNiveU=",
+ version = "v1.3.1-0.20200218165203-8e685f78cf66",
+ patches = [
+ "//third_party/go/patches:containerd-build.patch",
+ ],
+ patch_args = ["-p1"],
+ )
EOF