Container api port watcher#2
Closed
Nino-K wants to merge 69 commits into
Closed
Conversation
Nino-K
force-pushed
the
container-api-port-watcher
branch
3 times, most recently
from
e79b166 to
6768030
Compare
Nino-K
force-pushed
the
container-api-port-watcher
branch
4 times, most recently
from
73f40ee to
9f2a092
Compare
Signed-off-by: Ansuman Sahoo <anshumansahoo500@gmail.com>
Nino-K
force-pushed
the
container-api-port-watcher
branch
2 times, most recently
from
24ac908 to
708a883
Compare
Nino-K
pushed a commit
that referenced
this pull request
Jul 11, 2025
agetty segfaults on Ubuntu 25.04 (x86_64): (gdb) bt #0 __strncmp_evex () at ../sysdeps/x86_64/multiarch/strcmp-evex.S:316 #1 0x000061700a0d3ee3 in parse_args (argc=9, argv=0x7ffc93bd6298, op=0x7ffc93bd4080) at term-utils/agetty.c:939 #2 main (argc=9, argv=0x7ffc93bd6298) at term-utils/agetty.c:403 Should be fixed in Ubuntu 25.10 with util-linux >= 2.41 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Nino-K
force-pushed
the
container-api-port-watcher
branch
from
708a883 to
0c77e7e
Compare
Signed-off-by: Ansuman Sahoo <anshumansahoo500@gmail.com>
Nino-K
force-pushed
the
container-api-port-watcher
branch
from
0c77e7e to
c5c68f2
Compare
jandubois
reviewed
Jul 11, 2025
Comment on lines
+23
to
+28
| strip_array() { | ||
| val="${1#[}" # remove leading [ | ||
| val="${val%]}" # remove trailing ] | ||
| printf '%s\n' "$val" | xargs # trim spaces | ||
| } | ||
|
|
There was a problem hiding this comment.
Why is this necessary? There should be no brackets in the strings.
| --kubernetes-configs \"{LIMA_CIDATA_KUBERNETES_SERVICE_WATCHER_CONFIGS}" \ | ||
| --vsock-port \"${LIMA_CIDATA_VSOCK_PORT}\" \ | ||
| --virtio-port \"${LIMA_CIDATA_VIRTIO_PORT}\"" | ||
| command_background=true pidfile="/run/lima-guestagent.pid" |
There was a problem hiding this comment.
Keep them on separate lines:
Suggested change
| command_background=true pidfile="/run/lima-guestagent.pid" | |
| command_background=true | |
| pidfile="/run/lima-guestagent.pid" |
Comment on lines
+66
to
+70
| docker_args="" | ||
| docker_items="$(strip_array "${LIMA_CIDATA_DOCKER_PORT_MONITOR_SOCKETS}")" | ||
| if [ -n "$docker_items" ]; then | ||
| docker_args="--docker-sockets=${LIMA_CIDATA_DOCKER_PORT_MONITOR_SOCKETS}" | ||
| fi |
There was a problem hiding this comment.
strip_array should not be necessary. And the app should do the right thing when called with an empty argument --docker-sockets=. So I think this can be just
Suggested change
| docker_args="" | |
| docker_items="$(strip_array "${LIMA_CIDATA_DOCKER_PORT_MONITOR_SOCKETS}")" | |
| if [ -n "$docker_items" ]; then | |
| docker_args="--docker-sockets=${LIMA_CIDATA_DOCKER_PORT_MONITOR_SOCKETS}" | |
| fi | |
| docker_args="--docker-sockets=${LIMA_CIDATA_DOCKER_PORT_MONITOR_SOCKETS}" |
Same argument applies to the next 2 conditionals.
Comment on lines
+87
to
+89
| ${docker_args:+${docker_args}} \ | ||
| ${containerd_args:+${containerd_args}} \ | ||
| ${kubernetes_args:+${kubernetes_args}} |
There was a problem hiding this comment.
They are never empty, so this could just be:
Suggested change
| ${docker_args:+${docker_args}} \ | |
| ${containerd_args:+${containerd_args}} \ | |
| ${kubernetes_args:+${kubernetes_args}} | |
| ${docker_args} \ | |
| ${containerd_args} \ | |
| ${kubernetes_args} |
Same in the next 2 blocks.
There was a problem hiding this comment.
The naming convention is to call this file containerd_others.go and not _stub.
Comment on lines
+603
to
+564
| if out, err := executeGuestTemplate(y.PortMonitors.Docker.Sockets[i], instDir, y.User, y.Param); err == nil { | ||
| y.PortMonitors.Docker.Sockets[i] = out.String() | ||
| } else { | ||
| logrus.WithError(err).Warnf("Couldn't process Docker socket %q as a template", y.PortMonitors.Docker.Sockets[i]) | ||
| } |
There was a problem hiding this comment.
Maybe simplify:
Suggested change
| if out, err := executeGuestTemplate(y.PortMonitors.Docker.Sockets[i], instDir, y.User, y.Param); err == nil { | |
| y.PortMonitors.Docker.Sockets[i] = out.String() | |
| } else { | |
| logrus.WithError(err).Warnf("Couldn't process Docker socket %q as a template", y.PortMonitors.Docker.Sockets[i]) | |
| } | |
| socket := &y.PortMonitors.Docker.Sockets[i] | |
| if out, err := executeGuestTemplate(*socket, instDir, y.User, y.Param); err == nil { | |
| *socket = out.String() | |
| } else { | |
| logrus.WithError(err).Warnf("Couldn't process Docker socket %q as a template", *socket) | |
| } |
| } | ||
|
|
||
| if y.Containerd.System != nil && *y.Containerd.System { | ||
| if out, err := executeGuestTemplate("/run/containerd/containerd.sock", instDir, y.User, y.Param); err == nil { |
There was a problem hiding this comment.
There are no variables in the filename, so no need to run it through the templating.
| Certs []string `yaml:"certs,omitempty" json:"certs,omitempty" jsonschema:"nullable"` | ||
| } | ||
|
|
||
| // Engine is the name of the container engine, e.g. "docker", "containerd". |
There was a problem hiding this comment.
The comment sounds wrong. Engine is a list of socket locations, not the name of the container engine.
|
|
||
| func validateSocket(engine, socket string) error { | ||
| if socket == "" { | ||
| return fmt.Errorf("%s socket path must not be empty", engine) |
There was a problem hiding this comment.
The normal format of validation errors would look more like
field `portMonitor.docker.sockets[1]` must not be empty
You will need to pass in the index too.
Owner
Author
There was a problem hiding this comment.
The validateSocket gets called in a loop, so no need for the index. The socket is individual and not a list.
There was a problem hiding this comment.
No, the sockets are a list, so you should provide the list index for the error message. You can pass in the field name instead of the index if you want the caller to assemble it. But since it is called from 2 places, it would be simpler to pass in the index.
Suggested change
| return fmt.Errorf("%s socket path must not be empty", engine) | |
| return fmt.Errorf("field `portMonitor.%s.sockets[%d]` must not be empty", engine, i) |
| portMonitors: | ||
| docker: | ||
| sockets: | ||
| - "/var/run/docker.sock" |
There was a problem hiding this comment.
You don't really need to put quotes around paths that don't contain template variables. But I guess it doesn't hurt either.
Owner
Author
There was a problem hiding this comment.
I just wanted to keep it consistent with the reset of the file e.g:
portForwards:
- guestSocket: "/var/run/docker.sock"
hostSocket: "{{.Dir}}/sock/docker.sock"
…system Feature: Internal driver plugin system
Signed-off-by: Viktor Oreshkin <imselfish@stek29.rocks>
The UDP port forwarder previously used a single gRPC stream for all clients, which could cause responses from the guest to be sent to the wrong client on the host. This occurred because the stream was created before client connections were demultiplexed by `gvisor-tap-vsock`'s `UDPProxy`. The root cause is the interaction with `gvisor-tap-vsock`'s `UDPProxy`, which handles client demultiplexing internally based on the source address of incoming datagrams. It expects its `dialer` function to return a new `net.Conn` for each new client it detects. This commit moves the gRPC stream creation into the `UDPProxy` dialer function. This ensures a new, dedicated stream is created for each new client, fixing the incorrect response routing. Signed-off-by: Viktor Oreshkin <imselfish@stek29.rocks>
this setting is not necessary anymore on Oracle Linux 9, but produces a warning on vz vm types Signed-off-by: Nandor Kracser <bonifaido@gmail.com>
remove unnecessary legacyBIOS setting
Signed-off-by: Ansuman Sahoo <anshumansahoo500@gmail.com>
I've spent some time debugging issues with UDP forwarding and got sidetracked because of this constant, so I decieded to submit this PR suggesting to change it there's no "established" for the UDP, and 0x7 is usually called UNCONN in tools like net-tools or ss Signed-off-by: Viktor Oreshkin <imselfish@stek29.rocks>
guestagent cidata: pass debug flag to guestagent systemd unit
…system Feature: External driver plugin system and update Makefile
rename UDPEstablished to UDPUnconnected
Signed-off-by: Andrei Gaivoronskii <plandem@gmail.com>
The major version is now updated to highlight the introduction of the pluggable VM driver framework. See issue 3712 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Create k0s template
Fix issue 3639 Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Remove Kconfig and config.mk
Nino-K
force-pushed
the
container-api-port-watcher
branch
from
732f92d to
ca0b9a0
Compare
refactor: migrate `cpuType` to `vmOpts.qemu`
Nino-K
force-pushed
the
container-api-port-watcher
branch
2 times, most recently
from
c77f895 to
6e7b12f
Compare
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.29.4 to 3.29.5. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@4e828ff...51f7732) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.29.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
…s/github/codeql-action-3.29.5 build(deps): bump github/codeql-action from 3.29.4 to 3.29.5
Nino-K
force-pushed
the
container-api-port-watcher
branch
3 times, most recently
from
9b6df83 to
dbf9ca7
Compare
Subscribe to the Docker API to monitor container creation and deletion events. Upon receiving these events, the event monitor immediately sends them as API events down the aggregated event channel. Signed-off-by: Nino Kodabande <nkodabande@suse.com>
Subscribe to the containerd API to monitor published ports for containers. Upon receiving these events, the event monitor immediately sends them as API events down the aggregated event channel. Signed-off-by: Nino Kodabande <nkodabande@suse.com>
Subscribes to kube API for the published ports from NodePort and Loadbalancer type. Signed-off-by: Nino Kodabande <nkodabande@suse.com>
The Kubernetes service is not needed since it has been replaced by the event-driven process. Signed-off-by: Nino Kodabande <nkodabande@suse.com>
Signed-off-by: Nino Kodabande <nkodabande@suse.com>
Also, handle the defaults for Docker, Containerd Signed-off-by: Nino Kodabande <nkodabande@suse.com>
This changes the Docker event monitor to accept socket and create a per socket client to monitor events. Signed-off-by: Nino Kodabande <nkodabande@suse.com>
This will start a containerd client per socket Signed-off-by: Nino Kodabande <nkodabande@suse.com>
Changes the kubernetes service watcher to accept a list of config paths. Signed-off-by: Nino Kodabande <nkodabande@suse.com>
Signed-off-by: Nino Kodabande <nkodabande@suse.com>
Signed-off-by: Nino Kodabande <nkodabande@suse.com>
Signed-off-by: Nino Kodabande <nkodabande@suse.com>
Signed-off-by: Nino Kodabande <nkodabande@suse.com>
Signed-off-by: Nino Kodabande <nkodabande@suse.com>
Signed-off-by: Nino Kodabande <nkodabande@suse.com>
Signed-off-by: Nino Kodabande <nkodabande@suse.com>
Signed-off-by: Nino Kodabande <nkodabande@suse.com>
Signed-off-by: Nino Kodabande <nkodabande@suse.com>
Signed-off-by: Nino Kodabande <nkodabande@suse.com>
Nino-K
force-pushed
the
container-api-port-watcher
branch
from
dbf9ca7 to
f49244d
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
9 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Subscribe to the Docker API to monitor container creation and deletion events. Upon receiving these events, the event monitor immediately sends them as API events down the aggregated event channel.