summaryrefslogtreecommitdiffhomepage
path: root/images
AgeCommit message (Collapse)Author
2020-12-09Refactor the Makefile to avoid recursive Make.Adin Scannell
Recursive make is difficult to follow and debug. Drop this by using internal functions, which, while difficult, are easier than trying to following recursive invokations. Further simplify the Makefile by collapsing the image bits and removing the tools/vm directory, which is effectively unused. Fixes #4952 PiperOrigin-RevId: 346569133
2020-12-07Support icmpv6 transport protocolPeter Johnston
PiperOrigin-RevId: 346101076
2020-12-02Add BuildKite agent.Adin Scannell
This has no effect on the continuous integration system, and simply publishes a cached container image containing the agent and metrics agent with known provenance. PiperOrigin-RevId: 345274375
2020-11-23Clean up build output.Adin Scannell
This change also simplifies and documents the build_cmd pipeline, and reduces general noise for debugging Makefile issues. It also drops the mapping for /etc/docker/daemon.json, which if it does not exist initially will create this as a directory (causing lots of confusion and breaks). PiperOrigin-RevId: 343932456
2020-10-30Add the gVisor admission webhookKevin Krakauer
PiperOrigin-RevId: 339913577
2020-10-22Add a platform portability blog postIan Lewis
Also fixes the docker_image bazel rule, and website-server make target. Fixes #3273 PiperOrigin-RevId: 338606668
2020-10-15Add easier-to-use docker_image target.Adin Scannell
PiperOrigin-RevId: 337415009
2020-10-08Improve multi-arch support.Adin Scannell
This change allows Dockerfiles named Dockerfile.$(ARCH) and makes list-images list only supported architectures. Updates #2847 PiperOrigin-RevId: 336108293
2020-09-24Fix Nginx Startup and Size Benchmarks.Zach Koopmans
Changes in Nginx Benchmarks in network_tests also affect Startup/Size Nginx Benchmarks. Make sure the commands line up. PiperOrigin-RevId: 333543697
2020-09-18Add "Containing a Real Vulnerability" blog postFabricio Voznika
PiperOrigin-RevId: 332477119
2020-09-11Clean up image constructionTamir Duberstein
- Skip `docker inspect`; `docker pull` is idempotent - Remove unnecessary CMD directives in Dockerfiles - Run bazel before building images to catch errors sooner PiperOrigin-RevId: 331107815
2020-09-09Add syntax highlighting to websiteIan Lewis
Adds a syntax highlighting theme css so that code snippets are highlighted properly. PiperOrigin-RevId: 330733737
2020-09-02Add support to run packetimpact tests against FuchsiaZeling Feng
blaze test <test_name>_fuchsia_test will run the corresponding packetimpact test against fuchsia. PiperOrigin-RevId: 329835290
2020-09-02Add Docs to nginx benchmark.Zach Koopmans
Adds docs to nginx and refactors both Httpd and Nginx benchmarks. Key changes: - Add docs and make nginx tests the same as httpd (reverse, all docs, etc.). - Make requests scale on c * b.N -> a request per thread. This works well with both --test.benchtime=10m (do a run that lasts at least 10m) and --test.benchtime=10x (do b.N = 10). -- Remove a doc from both tests (1000Kb) as 1024Kb exists. PiperOrigin-RevId: 329751091
2020-08-07Port Ruby benchmark.Zach Koopmans
PiperOrigin-RevId: 325500772
2020-08-07Port Startup and Density Benchmarks.Zach Koopmans
PiperOrigin-RevId: 325497346
2020-08-06Add LinkAt support to goferFabricio Voznika
Updates #1198 PiperOrigin-RevId: 325350818
2020-08-04Port sysbench benchmark.Zach Koopmans
PiperOrigin-RevId: 324918229
2020-08-04docs: tools/images.mk does not exist.Kevin Krakauer
PiperOrigin-RevId: 324833018
2020-07-30Port nginx and move parsers to own package.Zach Koopmans
This change: - Ports the nginx benchmark. - Switches the Httpd benchmark to use 'hey' as a client. - Moves all parsers to their own package 'tools'. Parsers are moved to their own package because 1) parsing output of a command is often dependent on the format of the command (e.g. 'fio --json'), 2) to enable easier reuse, and 3) clean up and simplify actual running benchmarks (no TestParser functions and ugly sample output in benchmark files). PiperOrigin-RevId: 324144165
2020-07-30Call lseek(0, SEEK_CUR) unconditionally in runsc fsgofer's Readdir(offset=0).Jamie Liu
9P2000.L is silent as to how readdir RPCs interact with directory mutation. The most performant option is for Treaddir with offset=0 to restart iteration, avoiding needing to walk+open+clunk a new directory fid between invocations of getdents64(2), and the VFS2 gofer client assumes this is the case. Make this actually true for the runsc fsgofer. Fixes #3344, #3345, #3355 PiperOrigin-RevId: 324090384
2020-07-30Add runsc build benchmark.Zach Koopmans
PiperOrigin-RevId: 324071377
2020-07-29Port fio benchmarkZach Koopmans
PiperOrigin-RevId: 323810654
2020-07-29Port node benchmark.Zach Koopmans
PiperOrigin-RevId: 323810235
2020-07-28Port tensorflow benchmark.Zach Koopmans
PiperOrigin-RevId: 323633737
2020-07-27Merge pull request #2797 from Rajpratik71:optimization/pip-no-cachegVisor bot
PiperOrigin-RevId: 323508910
2020-07-27Port ffmpeg benchmarkZach Koopmans
PiperOrigin-RevId: 323383320
2020-07-27Port redis benchmarkZach Koopmans
PiperOrigin-RevId: 323381964
2020-07-25optimize size and time using "--no-cache-dir"Pratik raj
Using "--no-cache-dir" flag in pip install ,make sure dowloaded packages by pip don't cached on system . This is a best practise which make sure to fetch ftom repo instead of using local cached one . Further , in case of Docker Containers , by restricing caching , we can reduce image size. In term of stats , it depends upon the number of python packages multiplied by their respective size . e.g for heavy packages with a lot of dependencies it reduce a lot by don't caching pip packages. Further , more detail information can be found at https://medium.com/sciforce/strategies-of-docker-images-optimization-2ca9cc5719b6
2020-07-23Convert go_generics tests to starlark.Adin Scannell
For some reason these tests were broken when run via the bazel docker container. The mechanism used was a bit crazy (self-extracting bundle), so convert them to use straight-forward starlark rules. This has the added advantaged that they are now independent tests.
2020-07-20Add standard entrypoints for test targets.Adin Scannell
PiperOrigin-RevId: 322265513
2020-07-17Clean up html on the website.Ian Lewis
- Fixes some html validation issues. - Fixes links on security basics blog post. - Adds rel=noopener to links with target=_blank and adds a check to htmlproofer. - Add favicon check to htmlproofer. Fixes #3286 Fixes #3284 PiperOrigin-RevId: 321892602
2020-07-17Update README on cross-building images.Ting-Yu Wang
PiperOrigin-RevId: 321887956
2020-07-15Port httpd benchmarkZach Koopmans
PiperOrigin-RevId: 321478001
2020-07-13Initial golang BenchmarksZach Koopmans
PiperOrigin-RevId: 321021071
2020-06-05Merge pull request #2789 from Rajpratik71:optimization/git-cloneNicolas Lacasse
PiperOrigin-RevId: 314855924
2020-05-28optimization in git clone using --depthPratik Raj
optimize the git clone using --depth flag in term of size of clone and also in term's of time taken to fetch the files and commit history of whole repository . More detail can be found at blog https://www.atlassian.com/git/tutorials/big-repositories Signed-off-by: Pratik Raj <rajpratik71@gmail.com>
2020-05-27Ensure sitemap is generated.Adin Scannell
PiperOrigin-RevId: 313478820
2020-05-21Fix TestTmpFileFabricio Voznika
Split check for file in /tmp from working directory test. Fix readonly case which should not fail to create working dir. PiperOrigin-RevId: 312702930
2020-05-13Enable overlayfs_stale_read by default for runsc.Jamie Liu
Linux 4.18 and later make reads and writes coherent between pre-copy-up and post-copy-up FDs representing the same file on an overlay filesystem. However, memory mappings remain incoherent: - Documentation/filesystems/overlayfs.rst, "Non-standard behavior": "If a file residing on a lower layer is opened for read-only and then memory mapped with MAP_SHARED, then subsequent changes to the file are not reflected in the memory mapping." - fs/overlay/file.c:ovl_mmap() passes through to the underlying FD without any management of coherence in the overlay. - Experimentally on Linux 5.2: ``` $ cat mmap_cat_page.c #include <err.h> #include <fcntl.h> #include <stdio.h> #include <string.h> #include <sys/mman.h> #include <unistd.h> int main(int argc, char **argv) { if (argc < 2) { errx(1, "syntax: %s [FILE]", argv[0]); } const int fd = open(argv[1], O_RDONLY); if (fd < 0) { err(1, "open(%s)", argv[1]); } const size_t page_size = sysconf(_SC_PAGE_SIZE); void* page = mmap(NULL, page_size, PROT_READ, MAP_SHARED, fd, 0); if (page == MAP_FAILED) { err(1, "mmap"); } for (;;) { write(1, page, strnlen(page, page_size)); if (getc(stdin) == EOF) { break; } } return 0; } $ gcc -O2 -o mmap_cat_page mmap_cat_page.c $ mkdir lowerdir upperdir workdir overlaydir $ echo old > lowerdir/file $ sudo mount -t overlay -o "lowerdir=lowerdir,upperdir=upperdir,workdir=workdir" none overlaydir $ ./mmap_cat_page overlaydir/file old ^Z [1]+ Stopped ./mmap_cat_page overlaydir/file $ echo new > overlaydir/file $ cat overlaydir/file new $ fg ./mmap_cat_page overlaydir/file old ``` Therefore, while the VFS1 gofer client's behavior of reopening read FDs is only necessary pre-4.18, replacing existing memory mappings (in both sentry and application address spaces) with mappings of the new FD is required regardless of kernel version, and this latter behavior is common to both VFS1 and VFS2. Re-document accordingly, and change the runsc flag to enabled by default. New test: - Before this CL: https://source.cloud.google.com/results/invocations/5b222d2c-e918-4bae-afc4-407f5bac509b - After this CL: https://source.cloud.google.com/results/invocations/f28c747e-d89c-4d8c-a461-602b33e71aab PiperOrigin-RevId: 311361267
2020-05-12Merge pull request #2513 from amscanne:website-integratedgVisor bot
PiperOrigin-RevId: 311184385
2020-05-06Add atom feed (at previous URL).Adin Scannell
2020-05-06Adapt website to use g3doc sources and bazel.Adin Scannell
This adapts the merged website repository to use the image and bazel build framework. It explicitly avoids the container_image rules provided by bazel, opting instead to build with direct docker commands when necessary. The relevant build commands are incorporated into the top-level Makefile.
2020-04-24Standardize all Docker images.Adin Scannell
This change moves all Docker images to a standard location, and abstracts the build process so that they can be maintained in an automated fashion. This also allows the images to be architecture-independent. All images will now be referred to by the test framework via the canonical `gvisor.dev/images/<name>`, where `<name>` is a function of the path within the source tree. In a subsequent change, continuous integration will be added so that the images will always be correct and available locally. In the end, using `bazel` for Docker containers is simply not possible. Given that we already have the need to use `make` with the base container (for Docker), we extend this approach to get more flexibility. This change also adds a self-documenting and powerful Makefile that is intended to replace the collection of scripts in scripts. Canonical (self-documenting) targets can be added here for targets that understand which images need to be loaded and/or built. PiperOrigin-RevId: 308322438