diff --git a/cli/command/service/opts.go b/cli/command/service/opts.go index ab2931e873..8e241499d5 100644 --- a/cli/command/service/opts.go +++ b/cli/command/service/opts.go @@ -237,7 +237,7 @@ func (r *resourceOptions) ToResourceRequirements() (*swarm.ResourceRequirements, } return &swarm.ResourceRequirements{ - Limits: &swarm.Resources{ + Limits: &swarm.Limit{ NanoCPUs: r.limitCPU.Value(), MemoryBytes: r.limitMemBytes.Value(), }, diff --git a/cli/command/service/update.go b/cli/command/service/update.go index b71f59d83e..da668635fa 100644 --- a/cli/command/service/update.go +++ b/cli/command/service/update.go @@ -312,7 +312,7 @@ func updateService(ctx context.Context, apiClient client.NetworkAPIClient, flags task.Resources = &swarm.ResourceRequirements{} } if task.Resources.Limits == nil { - task.Resources.Limits = &swarm.Resources{} + task.Resources.Limits = &swarm.Limit{} } if task.Resources.Reservations == nil { task.Resources.Reservations = &swarm.Resources{} diff --git a/cli/command/service/update_test.go b/cli/command/service/update_test.go index abcbe6958f..1b765dde99 100644 --- a/cli/command/service/update_test.go +++ b/cli/command/service/update_test.go @@ -656,7 +656,7 @@ func TestUpdateLimitsReservations(t *testing.T) { TaskTemplate: swarm.TaskSpec{ ContainerSpec: &swarm.ContainerSpec{}, Resources: &swarm.ResourceRequirements{ - Limits: &swarm.Resources{ + Limits: &swarm.Limit{ NanoCPUs: 1000000000, MemoryBytes: 104857600, }, diff --git a/cli/compose/convert/service.go b/cli/compose/convert/service.go index da182bbfe8..558a34e918 100644 --- a/cli/compose/convert/service.go +++ b/cli/compose/convert/service.go @@ -531,7 +531,7 @@ func convertResources(source composetypes.Resources) (*swarm.ResourceRequirement return nil, err } } - resources.Limits = &swarm.Resources{ + resources.Limits = &swarm.Limit{ NanoCPUs: cpus, MemoryBytes: int64(source.Limits.MemoryBytes), } diff --git a/cli/compose/convert/service_test.go b/cli/compose/convert/service_test.go index 8419bdbf65..a41960425e 100644 --- a/cli/compose/convert/service_test.go +++ b/cli/compose/convert/service_test.go @@ -87,7 +87,7 @@ func TestConvertResourcesFull(t *testing.T) { assert.NilError(t, err) expected := &swarm.ResourceRequirements{ - Limits: &swarm.Resources{ + Limits: &swarm.Limit{ NanoCPUs: 3000000, MemoryBytes: 300000000, }, @@ -112,7 +112,7 @@ func TestConvertResourcesOnlyMemory(t *testing.T) { assert.NilError(t, err) expected := &swarm.ResourceRequirements{ - Limits: &swarm.Resources{ + Limits: &swarm.Limit{ MemoryBytes: 300000000, }, Reservations: &swarm.Resources{ diff --git a/vendor.conf b/vendor.conf index 878ec411ee..4affcb4eae 100755 --- a/vendor.conf +++ b/vendor.conf @@ -12,7 +12,7 @@ github.com/creack/pty 3a6a957789163cacdfe0e291617a github.com/davecgh/go-spew 8991bc29aa16c548c550c7ff78260e27b9ab7c73 # v1.1.1 github.com/docker/compose-on-kubernetes 78e6a00beda64ac8ccb9fec787e601fe2ce0d5bb # v0.5.0-alpha1 github.com/docker/distribution 0d3efadf0154c2b8a4e7b6621fff9809655cc580 -github.com/docker/docker 41ac6bef8d449b3064ad1378a28d95c79c4b9350 +github.com/docker/docker aaf470eca7b588aa19e6681bff8bf08d17be1bf2 github.com/docker/docker-credential-helpers 54f0238b6bf101fc3ad3b34114cb5520beb562f5 # v0.6.3 github.com/docker/go d30aec9fd63c35133f8f79c3412ad91a3b08be06 # Contains a customized version of canonical/json and is used by Notary. The package is periodically rebased on current Go versions. github.com/docker/go-connections 7395e3f8aa162843a74ed6d48e79627d9792ac55 # v0.4.0 diff --git a/vendor/github.com/docker/docker/api/types/network/network.go b/vendor/github.com/docker/docker/api/types/network/network.go index 7927dbfffb..437b184c67 100644 --- a/vendor/github.com/docker/docker/api/types/network/network.go +++ b/vendor/github.com/docker/docker/api/types/network/network.go @@ -1,7 +1,6 @@ package network // import "github.com/docker/docker/api/types/network" import ( "github.com/docker/docker/api/types/filters" - "github.com/docker/docker/errdefs" ) // Address represents an IP address @@ -123,5 +122,5 @@ var acceptedFilters = map[string]bool{ // ValidateFilters validates the list of filter args with the available filters. func ValidateFilters(filter filters.Args) error { - return errdefs.InvalidParameter(filter.Validate(acceptedFilters)) + return filter.Validate(acceptedFilters) } diff --git a/vendor/github.com/docker/docker/api/types/swarm/container.go b/vendor/github.com/docker/docker/api/types/swarm/container.go index 2eeee9f7f5..5bbedfcf68 100644 --- a/vendor/github.com/docker/docker/api/types/swarm/container.go +++ b/vendor/github.com/docker/docker/api/types/swarm/container.go @@ -72,7 +72,6 @@ type ContainerSpec struct { Secrets []*SecretReference `json:",omitempty"` Configs []*ConfigReference `json:",omitempty"` Isolation container.Isolation `json:",omitempty"` - PidsLimit int64 `json:",omitempty"` Sysctls map[string]string `json:",omitempty"` Capabilities []string `json:",omitempty"` } diff --git a/vendor/github.com/docker/docker/api/types/swarm/task.go b/vendor/github.com/docker/docker/api/types/swarm/task.go index 9f193df37c..a6f7ab7b5c 100644 --- a/vendor/github.com/docker/docker/api/types/swarm/task.go +++ b/vendor/github.com/docker/docker/api/types/swarm/task.go @@ -91,13 +91,21 @@ type TaskSpec struct { Runtime RuntimeType `json:",omitempty"` } -// Resources represents resources (CPU/Memory). +// Resources represents resources (CPU/Memory) which can be advertised by a +// node and requested to be reserved for a task. type Resources struct { NanoCPUs int64 `json:",omitempty"` MemoryBytes int64 `json:",omitempty"` GenericResources []GenericResource `json:",omitempty"` } +// Limit describes limits on resources which can be requested by a task. +type Limit struct { + NanoCPUs int64 `json:",omitempty"` + MemoryBytes int64 `json:",omitempty"` + Pids int64 `json:",omitempty"` +} + // GenericResource represents a "user defined" resource which can // be either an integer (e.g: SSD=3) or a string (e.g: SSD=sda1) type GenericResource struct { @@ -125,7 +133,7 @@ type DiscreteGenericResource struct { // ResourceRequirements represents resources requirements. type ResourceRequirements struct { - Limits *Resources `json:",omitempty"` + Limits *Limit `json:",omitempty"` Reservations *Resources `json:",omitempty"` } diff --git a/vendor/github.com/docker/docker/pkg/idtools/idtools.go b/vendor/github.com/docker/docker/pkg/idtools/idtools.go index db1fd1a9d1..7569ac15dd 100644 --- a/vendor/github.com/docker/docker/pkg/idtools/idtools.go +++ b/vendor/github.com/docker/docker/pkg/idtools/idtools.go @@ -114,31 +114,6 @@ type IdentityMapping struct { gids []IDMap } -// NewIdentityMapping takes a requested user and group name and -// using the data from /etc/sub{uid,gid} ranges, creates the -// proper uid and gid remapping ranges for that user/group pair -func NewIdentityMapping(username, groupname string) (*IdentityMapping, error) { - subuidRanges, err := parseSubuid(username) - if err != nil { - return nil, err - } - subgidRanges, err := parseSubgid(groupname) - if err != nil { - return nil, err - } - if len(subuidRanges) == 0 { - return nil, fmt.Errorf("No subuid ranges found for user %q", username) - } - if len(subgidRanges) == 0 { - return nil, fmt.Errorf("No subgid ranges found for group %q", groupname) - } - - return &IdentityMapping{ - uids: createIDMap(subuidRanges), - gids: createIDMap(subgidRanges), - }, nil -} - // NewIDMappingsFromMaps creates a new mapping from two slices // Deprecated: this is a temporary shim while transitioning to IDMapping func NewIDMappingsFromMaps(uids []IDMap, gids []IDMap) *IdentityMapping { diff --git a/vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go b/vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go index 3981ff64d3..3d64c1b46b 100644 --- a/vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go +++ b/vendor/github.com/docker/docker/pkg/idtools/idtools_unix.go @@ -8,12 +8,14 @@ import ( "io" "os" "path/filepath" + "strconv" "strings" "sync" "syscall" "github.com/docker/docker/pkg/system" "github.com/opencontainers/runc/libcontainer/user" + "github.com/pkg/errors" ) var ( @@ -229,3 +231,48 @@ func lazyChown(p string, uid, gid int, stat *system.StatT) error { } return os.Chown(p, uid, gid) } + +// NewIdentityMapping takes a requested username and +// using the data from /etc/sub{uid,gid} ranges, creates the +// proper uid and gid remapping ranges for that user/group pair +func NewIdentityMapping(username string) (*IdentityMapping, error) { + usr, err := LookupUser(username) + if err != nil { + return nil, fmt.Errorf("Could not get user for username %s: %v", username, err) + } + + uid := strconv.Itoa(usr.Uid) + + subuidRangesWithUserName, err := parseSubuid(username) + if err != nil { + return nil, err + } + subgidRangesWithUserName, err := parseSubgid(username) + if err != nil { + return nil, err + } + + subuidRangesWithUID, err := parseSubuid(uid) + if err != nil { + return nil, err + } + subgidRangesWithUID, err := parseSubgid(uid) + if err != nil { + return nil, err + } + + subuidRanges := append(subuidRangesWithUserName, subuidRangesWithUID...) + subgidRanges := append(subgidRangesWithUserName, subgidRangesWithUID...) + + if len(subuidRanges) == 0 { + return nil, errors.Errorf("no subuid ranges found for user %q", username) + } + if len(subgidRanges) == 0 { + return nil, errors.Errorf("no subgid ranges found for user %q", username) + } + + return &IdentityMapping{ + uids: createIDMap(subuidRanges), + gids: createIDMap(subgidRanges), + }, nil +} diff --git a/vendor/github.com/docker/docker/vendor.conf b/vendor/github.com/docker/docker/vendor.conf index a21b4441be..95be2d4701 100644 --- a/vendor/github.com/docker/docker/vendor.conf +++ b/vendor/github.com/docker/docker/vendor.conf @@ -40,7 +40,7 @@ github.com/gofrs/flock 392e7fae8f1b0bdbd67dad7237d2 # libnetwork # When updating, also update LIBNETWORK_COMMIT in hack/dockerfile/install/proxy.installer accordingly -github.com/docker/libnetwork 1a17fb36132631a95fe6bb055b91e24a516ad81d +github.com/docker/libnetwork 2e24aed516bd5c836e11378bb457dd612aa868ed github.com/docker/go-events e31b211e4f1cd09aa76fe4ac244571fab96ae47f github.com/armon/go-radix e39d623f12e8e41c7b5529e9a9dd67a1e2261f80 github.com/armon/go-metrics eb0af217e5e9747e41dd5303755356b62d28e3ec @@ -122,14 +122,14 @@ github.com/googleapis/gax-go 317e0006254c44a0ac427cc52a0e google.golang.org/genproto 3f1135a288c9a07e340ae8ba4cc6c7065a3160e8 # containerd -github.com/containerd/containerd 4d242818bf55542e5d7876ca276fea83029e803c +github.com/containerd/containerd c80284d4b5291a351bb471bcdabb5c1d95e7a583 # master / v1.4.0-dev github.com/containerd/fifo ff969a566b00877c63489baf6e8c35d60af6142c github.com/containerd/continuity 26c1120b8d4107d2471b93ad78ef7ce1fc84c4c4 github.com/containerd/cgroups 44306b6a1d46985d916b48b4199f93a378af314f github.com/containerd/console 8375c3424e4d7b114e8a90a4a40c8e1b40d1d4e6 # v1.0.0 github.com/containerd/go-runc 7016d3ce2328dd2cb1192b2076ebd565c4e8df0c -github.com/containerd/typeurl b45ef1f1f737e10bd45b25b669df25f0da8b9ba0 # v1.0.0-13-gb45ef1f -github.com/containerd/ttrpc 0be804eadb152bc3b3c20c5edc314c4633833398 # v1.0.0-16-g0be804e +github.com/containerd/typeurl cd3ce7159eae562a4f60ceff37dada11a939d247 # v1.0.1 +github.com/containerd/ttrpc 72bb1b21c5b0a4a107f59dd85f6ab58e564b68d6 # v1.0.1 github.com/gogo/googleapis 01e0f9cca9b92166042241267ee2a5cdf5cff46c # v1.3.2 github.com/cilium/ebpf 60c3aa43f488292fe2ee50fb8b833b383ca8ebbb