commit c88c82db8b1a7f8a07782c970e1d0dfb453f9f66
author Lorenz Brun <lorenz@nexantic.com> Fri May 08 14:35:04 2020 +0200
committer Lorenz Brun <lorenz@nexantic.com> Fri May 08 14:35:04 2020 +0200
tree 22072c4f18e4aaa855577ff0b42a86ef77a9c4cb
parent 60febd9db40970a31a2f49bdb969897a37c11cc6

Add containerd & gVisor support

This adds containerd, CNI, gVisor and all the necessary shims
and supporting infrastructure. It also enables all relevant features in
the Linux kernel. containerd is designed as a simple supervisor.Runnable.
It is not being started yet, this will happen in D497.

Split out from feature/kubelet.

Test Plan:
Has been tested in conjunction with the rest of D497, will be
covered by a K8s E2E test there.

X-Origin-Diff: phab/D509
GitOrigin-RevId: 92523516b7e361a30da330eb187787e6045bfd17

third_party/go/patches/gvisor-shim-root.patch

diff --git a/third_party/go/patches/gvisor-shim-root.patch b/third_party/go/patches/gvisor-shim-root.patch
new file mode 100644
index 0000000..6b10797
--- /dev/null
+++ b/third_party/go/patches/gvisor-shim-root.patch
@@ -0,0 +1,67 @@
+Copyright 2020 The Monogon Project Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+  http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+
+
+From 6cbcb8e61b60046e51ff79674b78031707739401 Mon Sep 17 00:00:00 2001
+From: Lorenz Brun <lorenz@brun.one>
+Date: Wed, 6 May 2020 18:52:14 +0200
+Subject: [PATCH] Fix externally-configured non-standard root paths
+
+Going upstream as https://github.com/google/gvisor-containerd-shim/pull/60
+
+---
+ pkg/v2/service.go | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/pkg/v2/service.go b/pkg/v2/service.go
+index c1df4b8..f7f5847 100644
+--- a/pkg/v2/service.go
++++ b/pkg/v2/service.go
+@@ -103,6 +103,7 @@ type service struct {
+ 	processes map[string]process.Process
+ 	events    chan interface{}
+ 	platform  stdio.Platform
++	opts      options.Options
+ 	ec        chan proc.Exit
+ 
+ 	id     string
+@@ -194,7 +195,7 @@ func (s *service) Cleanup(ctx context.Context) (*taskAPI.DeleteResponse, error)
+ 	if err != nil {
+ 		return nil, err
+ 	}
+-	r := proc.NewRunsc(proc.RunscRoot, path, ns, runtime, nil)
++	r := proc.NewRunsc(s.opts.Root, path, ns, runtime, nil)
+ 	if err := r.Delete(ctx, s.id, &runsc.DeleteOpts{
+ 		Force: true,
+ 	}); err != nil {
+@@ -344,6 +345,7 @@ func (s *service) Create(ctx context.Context, r *taskAPI.CreateTaskRequest) (_ *
+ 	s.id = r.ID
+ 	s.bundle = r.Bundle
+ 	s.task = process
++	s.opts = opts
+ 	return &taskAPI.CreateTaskResponse{
+ 		Pid: uint32(process.Pid()),
+ 	}, nil
+@@ -577,7 +579,7 @@ func (s *service) Stats(ctx context.Context, r *taskAPI.StatsRequest) (*taskAPI.
+ 	if err != nil {
+ 		return nil, err
+ 	}
+-	rs := proc.NewRunsc(proc.RunscRoot, path, ns, runtime, nil)
++	rs := proc.NewRunsc(s.opts.Root, path, ns, runtime, nil)
+ 	stats, err := rs.Stats(ctx, s.id)
+ 	if err != nil {
+ 		return nil, err
+-- 
+2.25.1
+