Hello community,
here is the log from the commit of package cri-o for openSUSE:Factory checked
in at 2018-09-05 13:45:09
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/cri-o (Old)
and /work/SRC/openSUSE:Factory/.cri-o.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "cri-o"
Wed Sep 5 13:45:09 2018 rev:17 rq:630742 version:1.11.2
Changes:
--------
--- /work/SRC/openSUSE:Factory/cri-o/cri-o.changes 2018-08-15
10:38:24.912293926 +0200
+++ /work/SRC/openSUSE:Factory/.cri-o.new/cri-o.changes 2018-09-05
13:45:10.673926359 +0200
@@ -1,0 +2,47 @@
+Tue Aug 21 10:15:15 UTC 2018 - rbr...@suse.com
+
+- cri-o-kubeadm-criconfig: correct conflicts with docker-kubic
+
+-------------------------------------------------------------------
+Tue Aug 21 09:34:24 UTC 2018 - rbr...@suse.com
+
+- cri-o-kubeadm-criconfig: Remove /etc/kubernetes/runtime.conf,
+ replace with /etc/sysconfig/kublet
+
+-------------------------------------------------------------------
+Mon Aug 20 08:19:09 UTC 2018 - vrothb...@suse.com
+
+- Update crio.conf to be as close to the default one as possible:
+ * Extend crio.conf with all previously missing options; crio.conf(5) isn't
+ mentioning all of them which soon will be fixed.
+ * Uncomment options to use /etc/containers/{registries,storage}.conf where
+ appropriate.
+
+- Remove Fix-AppArmor-build.patch as the build issue is fixed with v1.11.2.
+
+- Update cri-o to v1.11.2:
+ * Fix AppArmor build
+ * Image Volumes should be bind mounted as private
+ * container_create: Set a minimum memory limit
+ * Add log-level option to conmon and crio.conf
+ * server/container_create: error out if capability is unknown
+
+-------------------------------------------------------------------
+Fri Aug 17 12:25:48 UTC 2018 - vrothb...@suse.com
+
+- Add "docker.io" to the registries list in the crio.conf to enable
+ pulling of unqualified images by default.
+
+-------------------------------------------------------------------
+Thu Aug 16 11:52:43 UTC 2018 - rbr...@suse.com
+
+- ExcludeArch i586 (does not build, nor makes sense for that arch)
+
+-------------------------------------------------------------------
+Tue Aug 14 16:38:53 UTC 2018 - rbr...@suse.com
+
+- Make crio default, docker as alternative runtime (boo#1104821)
+- Configure kubernetes CRI runtime with $runtime-kubeadm-criconfig
+ packages
+
+-------------------------------------------------------------------
Old:
----
Fix-AppArmor-build.patch
cri-o-1.11.1.tar.xz
New:
----
cri-o-1.11.2.tar.xz
kubelet.env
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ cri-o.spec ++++++
--- /var/tmp/diff_new_pack.PKtmbJ/_old 2018-09-05 13:45:11.689927871 +0200
+++ /var/tmp/diff_new_pack.PKtmbJ/_new 2018-09-05 13:45:11.693927878 +0200
@@ -31,19 +31,19 @@
%define name_source2 sysconfig.crio
%define name_source3 crio.conf
Name: cri-o
-Version: 1.11.1
+Version: 1.11.2
Release: 0
Summary: OCI-based implementation of Kubernetes Container Runtime
Interface
License: Apache-2.0
Group: System/Management
Url: https://github.com/kubernetes-incubator/cri-o
+ExcludeArch: i586
Source0: %{name}-%{version}.tar.xz
Source1: %{name_source1}
Source2: %{name_source2}
Source3: %{name_source3}
Source4: cri-o-rpmlintrc
-# Upstream PR: https://github.com/kubernetes-incubator/cri-o/pull/1718
-Patch0: Fix-AppArmor-build.patch
+Source5: kubelet.env
BuildRequires: device-mapper-devel
BuildRequires: fdupes
BuildRequires: git-core
@@ -66,6 +66,8 @@
Requires: libcontainers-storage
Requires: runc >= 1.0.0~rc4
Requires: socat
+# Provide generic cri-runtime dependency (needed by kubernetes)
+Provides: cri-runtime
# disable stripping of binaries
%{go_nostrip}
%if 0%{?with_libostree}
@@ -78,9 +80,20 @@
Interface (CRI) using OCI conformant runtimes. The scope of CRI-O is tied to
the scope of the CRI.
+%package kubeadm-criconfig
+Summary: CRI-O container runtime configuration for kubeadm
+Group: System/Management
+Requires: kubernetes-kubeadm
+Requires(post): %fillup_prereq
+Supplements: cri-o
+Provides: kubernetes-kubeadm-criconfig
+Conflicts: docker-kubic-kubeadm-criconfig
+
+%description kubeadm-criconfig
+CRI-O container runtime configuration for kubeadm
+
%prep
%setup -q
-%patch0 -p1
%build
# We can't use symlinks here because go-list gets confused by symlinks, so we
@@ -131,6 +144,9 @@
%post
%service_add_post %{name_source1}
+%post kubeadm-criconfig
+%fillup_only -n kubelet
+
%preun
%service_del_preun %{name_source1}
@@ -157,6 +173,8 @@
install -D -m 0644 %{SOURCE2} %{buildroot}%{_fillupdir}/%{name_source2}
# Systemd
install -D -m 0644 %{SOURCE1} %{buildroot}%{_unitdir}/%{name_source1}
+# place kubelet.env in fillupdir
+install -D -m 0644 %{SOURCE5} %{buildroot}%{_fillupdir}/sysconfig.kubelet
# Symlinks to rc files
install -d -m 0755 %{buildroot}%{_sbindir}
ln -sf service %{buildroot}%{_sbindir}/rccrio
@@ -187,4 +205,8 @@
%{_unitdir}/%{name_source1}
%{_sbindir}/rccrio
+%files kubeadm-criconfig
+%defattr(-,root,root)
+%{_fillupdir}/sysconfig.kubelet
+
%changelog
++++++ _service ++++++
--- /var/tmp/diff_new_pack.PKtmbJ/_old 2018-09-05 13:45:11.725927925 +0200
+++ /var/tmp/diff_new_pack.PKtmbJ/_new 2018-09-05 13:45:11.725927925 +0200
@@ -2,8 +2,8 @@
<service name="tar_scm" mode="disabled">
<param name="url">https://github.com/kubernetes-incubator/cri-o</param>
<param name="scm">git</param>
-<param name="versionformat">1.11.1</param>
-<param name="revision">v1.11.1</param>
+<param name="versionformat">1.11.2</param>
+<param name="revision">v1.11.2</param>
</service>
<service name="recompress" mode="disabled">
<param name="file">cri-o-*.tar</param>
++++++ cri-o-1.11.1.tar.xz -> cri-o-1.11.2.tar.xz ++++++
++++ 21319 lines of diff (skipped)
++++++ crio.conf ++++++
--- /var/tmp/diff_new_pack.PKtmbJ/_old 2018-09-05 13:45:13.553930648 +0200
+++ /var/tmp/diff_new_pack.PKtmbJ/_new 2018-09-05 13:45:13.553930648 +0200
@@ -1,22 +1,34 @@
-
# The "crio" table contains all of the server options.
[crio]
+# CRI-O reads its storage defaults from the containers/storage configuration
+# file, /etc/containers/storage.conf. Modify storage.conf if you want to
+# change default storage for all tools that use containers/storage. If you
+# want to modify just crio, you can change the storage configuration in this
+# file.
+
# root is a path to the "root directory". CRIO stores all of its data,
# including container images, in this directory.
-root = "/var/lib/containers/storage"
+#root = "/var/lib/containers/storage"
# run is a path to the "run directory". CRIO stores all of its state
# in this directory.
-runroot = "/var/run/containers/storage"
+#runroot = "/var/run/containers/storage"
# storage_driver select which storage driver is used to manage storage
# of images and containers.
storage_driver = "btrfs"
# storage_option is used to pass an option to the storage driver.
-storage_option = [
-]
+#storage_option = [
+#]
+
+# file_locking is whether file-based locking will be used instead of
+# in-memory locking
+file_locking = true
+
+# file_locking_path is the file used for file-based locking
+file_locking_path = "/run/crio.lock"
# The "crio.api" table contains settings for the kubelet/gRPC interface.
[crio.api]
@@ -30,9 +42,21 @@
# stream_port is the port on which the stream server will listen
stream_port = "10010"
-# file_locking is whether file-based locking will be used instead of
-# in-memory locking
-file_locking = true
+# stream_enable_tls enables encrypted tls transport of the stream server
+stream_enable_tls = false
+
+# stream_tls_cert is the x509 certificate file path used to serve the
encrypted stream.
+# This file can change, and CRIO will automatically pick up the changes within
5 minutes.
+stream_tls_cert = ""
+
+# stream_tls_key is the key file path used to serve the encrypted stream.
+# This file can change, and CRIO will automatically pick up the changes within
5 minutes.
+stream_tls_key = ""
+
+# stream_tls_ca is the x509 CA(s) file used to verify and authenticate client
+# communication with the tls encrypted stream.
+# This file can change, and CRIO will automatically pick up the changes within
5 minutes.
+stream_tls_ca = ""
# The "crio.runtime" table contains settings pertaining to the OCI
# runtime used and options for how to set up and manage the OCI runtime.
@@ -89,31 +113,87 @@
# apparmor_profile is the apparmor profile name which is used as the
# default for the runtime.
-apparmor_profile = "crio-default"
+# apparmor_profile = "crio-default"
# cgroup_manager is the cgroup management implementation to be used
# for the runtime.
cgroup_manager = "cgroupfs"
+# default_capabilities is the list of capabilities to add and can be modified
here.
+# If capabilities below is commented out, the default list of capabilities
defined in the
+# spec will be added.
+# If capabilities is empty below, only the capabilities defined in the
container json
+# file by the user/kube will be added.
+default_capabilities = [
+ "CHOWN",
+ "DAC_OVERRIDE",
+ "FSETID",
+ "FOWNER",
+ "NET_RAW",
+ "SETGID",
+ "SETUID",
+ "SETPCAP",
+ "NET_BIND_SERVICE",
+ "SYS_CHROOT",
+ "KILL",
+]
+
# hooks_dir_path is the oci hooks directory for automatically executed hooks
hooks_dir_path = "/usr/share/containers/oci/hooks.d"
# default_mounts is the mounts list to be mounted for the container when
created
+# deprecated, will be taken out in future versions, add default mounts to
either
+# /usr/share/containers/mounts.conf or /etc/containers/mounts.conf
default_mounts = [
]
+# CRI-O reads its default mounts from the following two files:
+# 1) /etc/containers/mounts.conf - this is the override file, where users can
+# either add in their own default mounts, or override the default mounts
shipped
+# with the package.
+# 2) /usr/share/containers/mounts.conf - this is the default file read for
mounts.
+# If you want CRI-O to read from a different, specific mounts file, you can
change
+# the default_mounts_file path right below. Note, if this is done, CRI-O will
only add
+# mounts it finds in this file.
+
+# default_mounts_file is the file path holding the default mounts to be
mounted for the
+# container when created.
+# default_mounts_file = ""
+
# pids_limit is the number of processes allowed in a container
pids_limit = 1024
-# enable using a shared PID namespace for containers in a pod
-enable_shared_pid_namespace = false
-
# log_size_max is the max limit for the container log size in bytes.
# Negative values indicate that no limit is imposed.
log_size_max = -1
+# container_exits_dir is the directory in which container exit files are
+# written to by conmon.
+container_exits_dir = "/var/run/crio/exits"
+
+# container_attach_socket_dir is the location for container attach sockets.
+container_attach_socket_dir = "/var/run/crio"
+
+# read-only indicates whether all containers will run in read-only mode
+read_only = false
+
+# log_level changes the verbosity of the logs printed.
+# Options are: error (default), fatal, panic, warn, info, and debug
+log_level = "error"
+
# The "crio.image" table contains settings pertaining to the
# management of OCI images.
+
+# uid_mappings specifies the UID mappings to have in the user namespace.
+# A range is specified in the form containerUID:HostUID:Size. Multiple
+# ranges are separed by comma.
+uid_mappings = ""
+
+# gid_mappings specifies the GID mappings to have in the user namespace.
+# A range is specified in the form containerGID:HostGID:Size. Multiple
+# ranges are separed by comma.
+gid_mappings = ""
+
[crio.image]
# default_transport is the prefix we try prepending to an image name if the
@@ -138,14 +218,21 @@
# The valid values are mkdir and ignore.
image_volumes = "mkdir"
+# CRI-O reads its configured registries defaults from the containers/image
configuration
+# file, /etc/containers/registries.conf. Modify registries.conf if you want to
+# change default registries for all tools that use containers/image. If you
+# want to modify just crio, you can change the registies configuration in this
+# file.
+
# insecure_registries is used to skip TLS verification when pulling images.
-insecure_registries = [
-]
+# insecure_registries = [
+# ]
# registries is used to specify a comma separated list of registries to be used
# when pulling an unqualified image (e.g. fedora:rawhide).
-registries = [
-]
+#registries = [
+# "docker.io",
+#]
# The "crio.network" table contains settings pertaining to the
# management of CNI plugins.
++++++ kubelet.env ++++++
KUBELET_EXTRA_ARGS="--container-runtime=remote
--container-runtime-endpoint=unix:///var/run/crio/crio.sock
--runtime-request-timeout=15m"
