Enable oci hooks through API settings #1872
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
arnaldo2792
changed the title
samuelkarp
reviewed
Dec 17, 2021
|
We need a migration to remove this setting on downgrade, as discussed out of github. But this otherwise LGTM. |
webern
reviewed
Dec 17, 2021
| @@ -1,7 +1,6 @@ | |||
| %global _cross_first_party 1 | |||
| %global _is_k8s_variant %(if echo %{_cross_variant} | grep -Fqw "k8s"; then echo 1; else echo 0; fi) | |||
| %global _is_aws_variant %(if echo %{_cross_variant} | grep -Fqw "aws"; then echo 1; else echo 0; fi) | |||
| %global _is_vendor_variant %(if echo %{_cross_variant} | grep -Fqw "nvidia"; then echo 1; else echo 0; fi) | |||
There was a problem hiding this comment.
It was, yeah, the line was added with shimpei, because we didn't want to use it as the default runtime for all variants. But now we do 👍
Oh, things are happening to fast, I can't keep up 😅 |
arnaldo2792
force-pushed
the
log4j-hotpatch
branch
from
d6e1828
to
47ecbaf
Compare
|
Forced push includes:
|
arnaldo2792
force-pushed
the
log4j-hotpatch
branch
from
47ecbaf
to
b4b0e7a
Compare
|
Forced push includes rebase to upstream. |
With shimpei as the default runtime for container runtimes, we can run OCI hooks provided through API settings. This commit needs the OCI settings to properly work, since shimpei reads a hooks file generated by changes in the settings. Signed-off-by: Arnaldo Garcia Rincon <[email protected]>
arnaldo2792
force-pushed
the
log4j-hotpatch
branch
from
b4b0e7a
to
59f1b0f
Compare
|
Forced push includes:
|
cbgbt
reviewed
Dec 17, 2021
README.md
Outdated
| #### OCI Hooks settings | ||
|
|
||
| Bottlerocket allows you to opt-in to use additional [OCI hooks](https://github.com/opencontainers/runtime-spec/blob/main/runtime.md#lifecycle) for your orchestrated containers. | ||
| Once you opt-in to use additional OCI hooks, the new orchestrated containers will be configured with them, but the existing containers won't be changed. |
There was a problem hiding this comment.
nit:
Suggested change
| Once you opt-in to use additional OCI hooks, the new orchestrated containers will be configured with them, but the existing containers won't be changed. | |
| Once you opt-in to using additional OCI hooks, newly-orchestrated containers will be configured with them. Existing containers won't be changed. |
bcressey
reviewed
Dec 17, 2021
We always include log4j-hotpatch in all variants Signed-off-by: Arnaldo Garcia Rincon <[email protected]>
The oci-hooks setting allows a user to enable OCI hooks provided by the OS. For the time being, the only OCI hook provided is the `log4j2-hotpatch`, which applies the hotpatch for Apache Log4j2 to containers running JVMs. Signed-off-by: Arnaldo Garcia Rincon <[email protected]>
arnaldo2792
force-pushed
the
log4j-hotpatch
branch
from
59f1b0f
to
709db49
Compare
|
Forced push includes:
|
bcressey
approved these changes
Dec 17, 2021
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue number:
N / A
Description of changes:
The oci-hooks setting allows a user to enable OCI hooks provided by the OS. For the time being, the only OCI hook provided is the
log4j2-hotpatch, which applies the hotpatch for Apache Log4j2 to containers running JVMs.Remaining work:
Testing done:
In aws-ecs/aws-k8s-1.21:
Run workloads with java services, with and without enabling the
log4j-hotpatchhook. I saw the containers being patched, and the logs generated in/dev/shm/hotdog.log.Terms of contribution:
By submitting this pull request, I agree that this contribution is dual-licensed under the terms of both the Apache License, version 2.0, and the MIT license.