mirror of
https://github.com/aljazceru/kata-containers.git
synced 2026-02-18 04:54:31 +01:00
961aaff004
inotify/watchable-mount changes... - Allow up to 16 files. It isn't that uncommon to have 3 files in a secret. In Kubernetes, this results in 9 files in the mount (the presented files, which are symlinks to the latest files, which are symlinks to actual files which are in a seperate hidden directoy on the mount). Bumping from eight to 16 will help ensure we can support "most" secret/tokens, and is still a pretty small number to scan... - Now we will only replace the watched storage with a bindmount if we observe that there are too many files or if its too large. Since the scanning/updating is racy, we should expect that we'll occassionally run into errors (ie, a file deleted between scan / update). Rather than stopping and making a bind mount, continue updating, as the changes will be updated the next time check is called for that entry (every 2 seconds today). To facilitate the 'oversized' handling, we create specific errors for too large or too many files, and handle these specific errors when scanning the storage entry. - When handling an oversided mount, do not remove the prior files -- we'll just overwrite them with the bindmount. This'll help avoid the files disappearing from the user, avoid racy cleanup and simplifies the flow. Similarly, only mark it as a non-watched storage device after the bindmount is created successfully. - When creating bind mount, make sure destination exists. If we hadn't had a successful scan before, this wouldn't exist and the mount would fail. Update logic and unit test to cover this. - In several spots, we were returning when there was an error (both in scan and update). For update case, let's just log an warning and continue; since the scan/update is racy, we should expect that we'll have transient errors which should resolve the next time the watcher runs. Fixes: #2402 Signed-off-by: Eric Ernst <eric_ernst@apple.com>
73 lines
1.7 KiB
TOML
73 lines
1.7 KiB
TOML
[package]
|
|
name = "kata-agent"
|
|
version = "0.1.0"
|
|
authors = ["The Kata Containers community <kata-dev@lists.katacontainers.io>"]
|
|
edition = "2018"
|
|
|
|
[dependencies]
|
|
oci = { path = "oci" }
|
|
logging = { path = "../../pkg/logging" }
|
|
rustjail = { path = "rustjail" }
|
|
protocols = { path = "protocols" }
|
|
lazy_static = "1.3.0"
|
|
ttrpc = { version = "0.5.0", features = ["async", "protobuf-codec"], default-features = false }
|
|
protobuf = "=2.14.0"
|
|
libc = "0.2.58"
|
|
nix = "0.21.0"
|
|
capctl = "0.2.0"
|
|
serde_json = "1.0.39"
|
|
scan_fmt = "0.2.3"
|
|
scopeguard = "1.0.0"
|
|
thiserror = "1.0.26"
|
|
regex = "1"
|
|
|
|
# Async helpers
|
|
async-trait = "0.1.42"
|
|
async-recursion = "0.3.2"
|
|
futures = "0.3.12"
|
|
|
|
# Async runtime
|
|
tokio = { version = "1", features = ["full"] }
|
|
tokio-vsock = "0.3.1"
|
|
|
|
netlink-sys = { version = "0.7.0", features = ["tokio_socket",]}
|
|
rtnetlink = "0.8.0"
|
|
netlink-packet-utils = "0.4.1"
|
|
ipnetwork = "0.17.0"
|
|
|
|
# slog:
|
|
# - Dynamic keys required to allow HashMap keys to be slog::Serialized.
|
|
# - The 'max_*' features allow changing the log level at runtime
|
|
# (by stopping the compiler from removing log calls).
|
|
slog = { version = "2.5.2", features = ["dynamic-keys", "max_level_trace", "release_max_level_info"] }
|
|
slog-scope = "4.1.2"
|
|
|
|
# Redirect ttrpc log calls
|
|
slog-stdlog = "4.0.0"
|
|
log = "0.4.11"
|
|
|
|
prometheus = { version = "0.9.0", features = ["process"] }
|
|
procfs = "0.7.9"
|
|
anyhow = "1.0.32"
|
|
cgroups = { package = "cgroups-rs", version = "0.2.5" }
|
|
|
|
# Tracing
|
|
tracing = "0.1.26"
|
|
tracing-subscriber = "0.2.18"
|
|
tracing-opentelemetry = "0.13.0"
|
|
opentelemetry = { version = "0.14.0", features = ["rt-tokio-current-thread"]}
|
|
vsock-exporter = { path = "vsock-exporter" }
|
|
|
|
[dev-dependencies]
|
|
tempfile = "3.1.0"
|
|
|
|
[workspace]
|
|
members = [
|
|
"oci",
|
|
"protocols",
|
|
"rustjail",
|
|
]
|
|
|
|
[profile.release]
|
|
lto = true
|