Export trace spans from the github.com/microsoft/hcsshim module, which
is instrumented with OpenCensus, to the daemon's OpenTelemetry exporter
to provide more visibility into Windows container lifecycle operations.
Signed-off-by: Cory Snider <csnider@mirantis.com>
The priority order for determining image store choice was incorrect when
a prior graphdriver existed.
The issue occurred because the prior graphdriver check happened after
processing explicit driver configuration, effectively ignoring user
intent when prior state existed.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit 391247ce96)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
If the DNS name still resolves to an IP address, and that address is
assigned to a running container, the ping command will run indefinitely
and the test suite will time out for 10 mins.
This is confusing, as it looks like a daemon hang, or a test suite hang,
whereas it's just a test failure. Add '-c1' to ping to make it return
immediately.
Signed-off-by: Albin Kerouanton <albin.kerouanton@docker.com>
(cherry picked from commit 53ea70ea46)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Previous commit reverted a faulty change that broke DNS resolution for
non swarm-scoped networks once a node has joined a Swarm cluster.
This commit adds an integration test to verify that we don't break DNS
resolution again.
Signed-off-by: Albin Kerouanton <albin.kerouanton@docker.com>
(cherry picked from commit 47bd247d4d)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Commit a8b9eff90 removed a call to Network.updateSvcRecord from
Network.createEndpoint on the grounds that:
> all callers of Network.createEndpoint follow up with an Endpoint.Join,
> which also sets up the DNS entry.
However, the original call in Network.createEndpoint was gated by:
```
if !n.getController().isSwarmNode() || n.Scope() != scope.Swarm || !n.driverIsMultihost() {
n.updateSvcRecord(context.WithoutCancel(ctx), ep, true)
}
```
whereas the call in Endpoint.sbJoin() (invoked by Endpoint.Join()) is
gated by:
```
if !n.getController().isAgent() {
if !n.getController().isSwarmNode() || n.Scope() != scope.Swarm || !n.driverIsMultihost() {
n.updateSvcRecord(context.WithoutCancel(ctx), ep, true)
}
}
```
As a result, once a node has joined a Swarm cluster, no DNS entries are
created for non swarm-scoped networks.
Change the condition used by `sbJoin` to match the original condition
used in `createEndpoint`.
Signed-off-by: Albin Kerouanton <albin.kerouanton@docker.com>
(cherry picked from commit 2e41476a5f)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
The image exporter wrapper was unconditionally setting `unpack=true` for
all build exports, preventing users from controlling this behavior
through buildkit's output image exporter option.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit b4f9bd1cb3)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Running sub-package tests from the root module without readding the
replace rules wasn't running the tests from the local in-tree versions
of these submodules.
Fix by cd-ing into their directories before running tests.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
(cherry picked from commit 0f597561e8)
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
If the DNS name still resolves to an IP address, and that address is
assigned to a running container, the ping command will run indefinitely
and the test suite will time out for 10 mins.
This is confusing, as it looks like a daemon hang, or a test suite hang,
whereas it's just a test failure. Add '-c1' to ping to make it return
immediately.
Signed-off-by: Albin Kerouanton <albin.kerouanton@docker.com>
Previous commit reverted a faulty change that broke DNS resolution for
non swarm-scoped networks once a node has joined a Swarm cluster.
This commit adds an integration test to verify that we don't break DNS
resolution again.
Signed-off-by: Albin Kerouanton <albin.kerouanton@docker.com>
Commit a8b9eff90 removed a call to Network.updateSvcRecord from
Network.createEndpoint on the grounds that:
> all callers of Network.createEndpoint follow up with an Endpoint.Join,
> which also sets up the DNS entry.
However, the original call in Network.createEndpoint was gated by:
```
if !n.getController().isSwarmNode() || n.Scope() != scope.Swarm || !n.driverIsMultihost() {
n.updateSvcRecord(context.WithoutCancel(ctx), ep, true)
}
```
whereas the call in Endpoint.sbJoin() (invoked by Endpoint.Join()) is
gated by:
```
if !n.getController().isAgent() {
if !n.getController().isSwarmNode() || n.Scope() != scope.Swarm || !n.driverIsMultihost() {
n.updateSvcRecord(context.WithoutCancel(ctx), ep, true)
}
}
```
As a result, once a node has joined a Swarm cluster, no DNS entries are
created for non swarm-scoped networks.
Change the condition used by `sbJoin` to match the original condition
used in `createEndpoint`.
Signed-off-by: Albin Kerouanton <albin.kerouanton@docker.com>
The priority order for determining image store choice was incorrect when
a prior graphdriver existed.
The issue occurred because the prior graphdriver check happened after
processing explicit driver configuration, effectively ignoring user
intent when prior state existed.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Add WithAPIVersion and WithAPIVersionFromEnv to be more clear on
the intent, and to align with other related options and fields.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Running sub-package tests from the root module without readding the
replace rules wasn't running the tests from the local in-tree versions
of these submodules.
Fix by cd-ing into their directories before running tests.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
this was introduced in c950796596, but
likely due to the "replace" rules not being present, CI tested the
current version of the module instead of the code in the repository.
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
Updates docker pull to pull related attestation manifest and
any signatures for that manifest in cosign referrer objects.
These objects are transferred with the image when running
docker save and docker load and can be used to identify
the image in future updates.
Push is not updated atm as the currect push semantics
in containerd mode do not have correct immutability
guaranteed and don't work with image indexes.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
The image exporter wrapper was unconditionally setting `unpack=true` for
all build exports, preventing users from controlling this behavior
through buildkit's output image exporter option.
Signed-off-by: Paweł Gronowski <pawel.gronowski@docker.com>
Currently requires replace rule for swarmkit etcd.
BuildKit itself doesn't use etcd but version gets bumped
via unused dependency.
Signed-off-by: Tonis Tiigi <tonistiigi@gmail.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
