Squashed commit of the following:

commit 75aab2b
Merge: 5c8993b 2f2e9c1
Author: Starnop <[email protected]>
Date:   Sat May 19 21:51:30 2018 +0800

    Merge branch 'cri-compatibility' of github.com:Starnop/pouch into cri-compatibility

commit 2f2e9c1
Merge: bd9c4fd acbd19a
Author: Starnop <[email protected]>
Date:   Fri May 18 15:32:31 2018 +0800

    Merge branch 'master' of https://github.com/alibaba/pouch into cri-compatibility

commit acbd19a
Merge: 6cef601 8e862f9
Author: Yao Zengzeng <[email protected]>
Date:   Fri May 18 15:27:01 2018 +0800

    Merge pull request AliyunContainerService#1351 from fuweid/feature_allow_use_image_by_digest_id

    feature: allow use image by digest id

commit 6cef601
Merge: 4423313 caf45ec
Author: Wei Fu <[email protected]>
Date:   Fri May 18 15:10:30 2018 +0800

    Merge pull request AliyunContainerService#1350 from Ace-Tang/version

    build: generate version information at build time

commit caf45ec
Author: Ace-Tang <[email protected]>
Date:   Fri May 18 13:31:25 2018 +0800

    build: generate version information at build time

    auto-generate git commit, build time at build time,
    fix go-version hard code.

    Signed-off-by: Ace-Tang <[email protected]>

commit 8e862f9
Author: Wei Fu <[email protected]>
Date:   Fri May 18 13:50:42 2018 +0800

    feature: allow use image by digest id

    Basically, the user can use sha256:xyz to inspect image or run
    container.

    Signed-off-by: Wei Fu <[email protected]>

commit 4423313
Merge: 8410064 f67cf08
Author: Allen Sun <[email protected]>
Date:   Fri May 18 11:44:39 2018 +0800

    Merge pull request AliyunContainerService#1326 from shaloulcy/core_volume

    feature: remote volume driver

commit 8410064
Merge: 8af60a9 852d4f4
Author: Wei Fu <[email protected]>
Date:   Fri May 18 10:39:15 2018 +0800

    Merge pull request AliyunContainerService#1339 from rhinoceros/master

    docs: Update INSTALLATION.md apt-key fingerprint BE2F475F

commit f67cf08
Author: Eric Li <[email protected]>
Date:   Mon May 14 12:19:46 2018 +0800

    feature: remote volume driver

    Signed-off-by: Eric Li <[email protected]>

commit bd9c4fd
Merge: 8d01e30 521ca7c
Author: Starnop <[email protected]>
Date:   Thu May 17 11:11:40 2018 +0800

    Merge branch 'master' of https://github.com/alibaba/pouch into cri-compatibility

commit 8af60a9
Merge: ecbe3b6 13a17b5
Author: Allen Sun <[email protected]>
Date:   Fri May 18 09:43:40 2018 +0800

    Merge pull request AliyunContainerService#1349 from pouchrobot/auto-doc-2018-05-18

    docs: auto generate pouch cli/api docs via code

commit 13a17b5
Author: pouchrobot <[email protected]>
Date:   Fri May 18 01:28:51 2018 +0000

    docs: auto generate pouch cli docs via code

    Signed-off-by: pouchrobot <[email protected]>

commit 5c8993b
Merge: 8d01e30 521ca7c
Author: Starnop <[email protected]>
Date:   Thu May 17 11:11:40 2018 +0800

    Merge branch 'master' of https://github.com/alibaba/pouch into cri-compatibility

commit ecbe3b6
Merge: 3374daf 7fc11df
Author: Wei Fu <[email protected]>
Date:   Thu May 17 18:53:20 2018 +0800

    Merge pull request AliyunContainerService#1227 from Ace-Tang/full_spec_params

    feature: add pidslimit implement

commit 7fc11df
Author: Ace-Tang <[email protected]>
Date:   Fri May 11 16:25:32 2018 +0800

    feature: add pidslimit implement

    Signed-off-by: Ace-Tang <[email protected]>

commit 3374daf
Merge: 89a5ae5 fd8e0f7
Author: Allen Sun <[email protected]>
Date:   Thu May 17 13:44:52 2018 +0800

    Merge pull request AliyunContainerService#1341 from Letty5411/0517-assertfix

    test: enhance cli related tests

commit 89a5ae5
Merge: 521ca7c 8469cea
Author: Wei Fu <[email protected]>
Date:   Thu May 17 13:17:47 2018 +0800

    Merge pull request AliyunContainerService#1331 from Letty5411/0516-doc

    doc: update test.md about how to run test

commit fd8e0f7
Author: letty <[email protected]>
Date:   Thu May 17 11:23:16 2018 +0800

    test: enhance test

    Signed-off-by: letty <[email protected]>

commit 521ca7c
Merge: 19c956b 6b2a8b4
Author: Yao Zengzeng <[email protected]>
Date:   Thu May 17 10:39:06 2018 +0800

    Merge pull request AliyunContainerService#1340 from ZouRui89/race_off

    bugfix: move IO part behind to ensure execConfig result assignment before IO closes

commit 6b2a8b4
Author: Zou Rui <[email protected]>
Date:   Wed May 16 18:03:27 2018 +0800

    bugfix: move IO part behind to ensure execConfig result assignment before IO closes

    Signed-off-by: Zou Rui <[email protected]>

commit 8d01e30
Merge: 9339a70 19c956b
Author: Starnop <[email protected]>
Date:   Wed May 16 12:57:14 2018 +0800

    Merge branch 'master' of https://github.com/alibaba/pouch into cri-compatibility

commit 852d4f4
Author: rhinoceros.xn <[email protected]>
Date:   Wed May 16 17:37:51 2018 +0800

    Update INSTALLATION.md

    $ apt-key fingerprint BE2F475F
    pub   4096R/BE2F475F 2018-02-28
          Key fingerprint = F443 EDD0 4A58 7E8B F645  9C40 CF68 F84A BE2F 475F
    uid                  opsx-admin <[email protected]>

commit 8469cea
Author: letty <[email protected]>
Date:   Wed May 16 10:08:32 2018 +0800

    doc: update test.md about how to run test

    Signed-off-by: letty <[email protected]>

commit 9339a70
Author: Starnop <[email protected]>
Date:   Tue May 15 17:35:53 2018 +0800

    cri com and up

INSTALLATION.md

@@ -36,14 +36,13 @@ sudo apt-get install curl apt-transport-https ca-certificates software-propertie
 curl -fsSL http://mirrors.aliyun.com/opsx/pouch/linux/debian/[email protected] | sudo apt-key add -
 ```
 
-Verify that you now have the key with the fingerprint `B615 DDD7 90C7 0912 582D  DC2D D7AE A5ED 439A E9EC`, by searching for the last 8 characters of the fingerprint.
+Verify that you now have the key with the fingerprint `F443 EDD0 4A58 7E8B F645  9C40 CF68 F84A BE2F 475F`, by searching for the last 8 characters of the fingerprint.
 
 ``` bash
-$ apt-key fingerprint 439AE9EC
-pub   2048R/439AE9EC 2018-01-31
-      Key fingerprint = B615 DDD7 90C7 0912 582D  DC2D D7AE A5ED 439A E9EC
-uid                  Pouch Release <[email protected]>
-sub   2048R/B3D2A915 2018-01-31
+$ apt-key fingerprint BE2F475F
+pub   4096R/BE2F475F 2018-02-28
+      Key fingerprint = F443 EDD0 4A58 7E8B F645  9C40 CF68 F84A BE2F 475F
+uid                  opsx-admin <[email protected]>
 ```
 
 **2. Set up the pouch repository**

cli/common_flags.go

@@ -84,6 +84,7 @@ func addCommonFlags(flagSet *pflag.FlagSet) *container {
 
 	flagSet.StringVarP(&c.workdir, "workdir", "w", "", "Set the working directory in a container")
 	flagSet.Var(&c.ulimit, "ulimit", "Set container ulimit")
+	flagSet.Int64Var(&c.pidsLimit, "pids-limit", -1, "Set container pids limit, -1 for unlimited")
 
 	flagSet.BoolVar(&c.rich, "rich", false, "Start container in rich container mode. (default false)")
 	flagSet.StringVar(&c.richMode, "rich-mode", "", "Choose one rich container mode. dumb-init(default), systemd, sbin-init")

cli/container.go

@@ -69,6 +69,7 @@ type container struct {
 	specAnnotation []string
 	cgroupParent   string
 	ulimit         Ulimit
+	pidsLimit      int64
 
 	//add for rich container mode
 	rich       bool
@@ -223,6 +224,7 @@ func (c *container) config() (*types.ContainerCreateConfig, error) {
 				IntelRdtL3Cbm: intelRdtL3Cbm,
 				CgroupParent:  c.cgroupParent,
 				Ulimits:       c.ulimit.value(),
+				PidsLimit:     c.pidsLimit,
 			},
 			EnableLxcfs:   c.enableLxcfs,
 			Privileged:    c.privileged,

cri/config/config.go

@@ -10,4 +10,6 @@ type Config struct {
 	NetworkPluginConfDir string
 	// SandboxImage is the image used by sandbox container.
 	SandboxImage string
+	// CriVersion is the cri version
+	CriVersion string
 }

cri/criservice.go

@@ -0,0 +1,104 @@
+package cri
+
+import (
+	criv1alpha1 "github.com/alibaba/pouch/cri/v1alpha1"
+	servicev1alpha1 "github.com/alibaba/pouch/cri/v1alpha1/service"
+	criv1alpha2 "github.com/alibaba/pouch/cri/v1alpha2"
+	servicev1alpha2 "github.com/alibaba/pouch/cri/v1alpha2/service"
+	"github.com/alibaba/pouch/daemon/config"
+	"github.com/alibaba/pouch/daemon/mgr"
+
+	"github.com/sirupsen/logrus"
+)
+
+// RunCriService start cri service if pouchd is specified with --enable-cri.
+func RunCriService(daemonconfig *config.Config, containerMgr mgr.ContainerMgr, imageMgr mgr.ImageMgr, stopCh chan error) {
+	var err error
+
+	defer func() {
+		stopCh <- err
+		close(stopCh)
+	}()
+	if !daemonconfig.IsCriEnabled {
+		return
+	}
+	switch daemonconfig.CriConfig.CriVersion {
+	case "v1alpha1":
+		runv1alpha1(daemonconfig, containerMgr, imageMgr)
+	case "v1alpha2":
+		runv1alpha2(daemonconfig, containerMgr, imageMgr)
+	}
+	return
+}
+
+func runv1alpha1(daemonconfig *config.Config, containerMgr mgr.ContainerMgr, imageMgr mgr.ImageMgr) {
+	criMgr, err := criv1alpha1.NewCriManager(daemonconfig, containerMgr, imageMgr)
+	if err != nil {
+		return
+	}
+
+	service, err := servicev1alpha1.NewService(daemonconfig, criMgr)
+	if err != nil {
+		return
+	}
+
+	grpcServerCloseCh := make(chan struct{})
+	go func() {
+		if err := service.Serve(); err != nil {
+			logrus.Errorf("failed to start grpc server: %v", err)
+		}
+		close(grpcServerCloseCh)
+	}()
+
+	streamServerCloseCh := make(chan struct{})
+	go func() {
+		if err := criMgr.StreamServerStart(); err != nil {
+			logrus.Errorf("failed to start stream server: %v", err)
+		}
+		close(streamServerCloseCh)
+	}()
+
+	<-streamServerCloseCh
+	logrus.Infof("CRI Stream server stopped")
+	<-grpcServerCloseCh
+	logrus.Infof("CRI GRPC server stopped")
+
+	logrus.Infof("CRI service stopped")
+	return
+}
+
+func runv1alpha2(daemonconfig *config.Config, containerMgr mgr.ContainerMgr, imageMgr mgr.ImageMgr) {
+	criMgr, err := criv1alpha2.NewCriManager(daemonconfig, containerMgr, imageMgr)
+	if err != nil {
+		return
+	}
+
+	service, err := servicev1alpha2.NewService(daemonconfig, criMgr)
+	if err != nil {
+		return
+	}
+
+	grpcServerCloseCh := make(chan struct{})
+	go func() {
+		if err := service.Serve(); err != nil {
+			logrus.Errorf("failed to start grpc server: %v", err)
+		}
+		close(grpcServerCloseCh)
+	}()
+
+	streamServerCloseCh := make(chan struct{})
+	go func() {
+		if err := criMgr.StreamServerStart(); err != nil {
+			logrus.Errorf("failed to start stream server: %v", err)
+		}
+		close(streamServerCloseCh)
+	}()
+
+	<-streamServerCloseCh
+	logrus.Infof("CRI Stream server stopped")
+	<-grpcServerCloseCh
+	logrus.Infof("CRI GRPC server stopped")
+
+	logrus.Infof("CRI service stopped")
+	return
+}

cri/stream/request_cache.go

@@ -19,10 +19,10 @@ var (
 	TokenLen = 8
 )
 
-// requestCache caches streaming (exec/attach/port-forward) requests and generates a single-use
+// RequestCache caches streaming (exec/attach/port-forward) requests and generates a single-use
 // random token for their retrieval. The requestCache is used for building streaming URLs without
 // the need to encode every request parameter in the URL.
-type requestCache struct {
+type RequestCache struct {
 	// tokens maps the generate token to the request for fast retrieval.
 	tokens map[string]*list.Element
 	// ll maintains an age-ordered request list for faster garbage collection of expired requests.
@@ -31,24 +31,25 @@ type requestCache struct {
 	lock sync.Mutex
 }
 
-// Type representing an *ExecRequest, *AttachRequest, or *PortForwardRequest.
-type request interface{}
+// Request representing an *ExecRequest, *AttachRequest, or *PortForwardRequest Type.
+type Request interface{}
 
 type cacheEntry struct {
 	token      string
-	req        request
+	req        Request
 	expireTime time.Time
 }
 
-func newRequestCache() *requestCache {
-	return &requestCache{
+// NewRequestCache return a RequestCache
+func NewRequestCache() *RequestCache {
+	return &RequestCache{
 		ll:     list.New(),
 		tokens: make(map[string]*list.Element),
 	}
 }
 
 // Insert the given request into the cache and returns the token used for fetching it out.
-func (c *requestCache) Insert(req request) (token string, err error) {
+func (c *RequestCache) Insert(req Request) (token string, err error) {
 	c.lock.Lock()
 	defer c.lock.Unlock()
 
@@ -69,7 +70,7 @@ func (c *requestCache) Insert(req request) (token string, err error) {
 }
 
 // Consume the token (remove it from the cache) and return the cached request, if found.
-func (c *requestCache) Consume(token string) (req request, found bool) {
+func (c *RequestCache) Consume(token string) (req Request, found bool) {
 	c.lock.Lock()
 	defer c.lock.Unlock()
 	ele, ok := c.tokens[token]
@@ -88,7 +89,7 @@ func (c *requestCache) Consume(token string) (req request, found bool) {
 }
 
 // uniqueToken generates a random URL-safe token and ensures uniqueness.
-func (c *requestCache) uniqueToken() (string, error) {
+func (c *RequestCache) uniqueToken() (string, error) {
 	const maxTries = 10
 	// Number of bytes to be TokenLen when base64 encoded.
 	tokenSize := math.Ceil(float64(TokenLen) * 6 / 8)
@@ -108,7 +109,7 @@ func (c *requestCache) uniqueToken() (string, error) {
 }
 
 // Must be write-locked prior to calling.
-func (c *requestCache) gc() {
+func (c *RequestCache) gc() {
 	now := time.Now()
 	for c.ll.Len() > 0 {
 		oldest := c.ll.Back()

cri/src/cri.go → cri/v1alpha1/cri.go

@@ -1,4 +1,4 @@
-package src
+package v1alpha1
 
 import (
 	"bytes"
@@ -9,11 +9,9 @@ import (
 	"path"
 	"path/filepath"
 	"reflect"
-	"strings"
 	"time"
 
 	apitypes "github.com/alibaba/pouch/apis/types"
-	"github.com/alibaba/pouch/cri/stream"
 	"github.com/alibaba/pouch/daemon/config"
 	"github.com/alibaba/pouch/daemon/mgr"
 	"github.com/alibaba/pouch/pkg/errtypes"
@@ -88,7 +86,7 @@ type CriManager struct {
 	CniMgr       CniMgr
 
 	// StreamServer is the stream server of CRI serves container streaming request.
-	StreamServer stream.Server
+	StreamServer Server
 
 	// SandboxBaseDir is the directory used to store sandbox files like /etc/hosts, /etc/resolv.conf, etc.
 	SandboxBaseDir string
@@ -649,7 +647,7 @@ func (c *CriManager) ContainerStatus(ctx context.Context, r *runtime.ContainerSt
 	labels, annotations := extractLabels(container.Config.Labels)
 
 	imageRef := container.Image
-	imageInfo, err := c.ImageMgr.GetImage(ctx, strings.TrimPrefix(imageRef, "sha256:"))
+	imageInfo, err := c.ImageMgr.GetImage(ctx, imageRef)
 	if err != nil {
 		return nil, fmt.Errorf("failed to get image %s: %v", imageRef, err)
 	}
@@ -826,7 +824,7 @@ func (c *CriManager) ListImages(ctx context.Context, r *runtime.ListImagesReques
 			continue
 		}
 		// NOTE: we should query image cache to get the correct image info.
-		imageInfo, err := c.ImageMgr.GetImage(ctx, strings.TrimPrefix(i.ID, "sha256:"))
+		imageInfo, err := c.ImageMgr.GetImage(ctx, i.ID)
 		if err != nil {
 			continue
 		}
@@ -850,7 +848,7 @@ func (c *CriManager) ImageStatus(ctx context.Context, r *runtime.ImageStatusRequ
 		return nil, err
 	}
 
-	imageInfo, err := c.ImageMgr.GetImage(ctx, strings.TrimPrefix(ref.String(), "sha256:"))
+	imageInfo, err := c.ImageMgr.GetImage(ctx, ref.String())
 	if err != nil {
 		// TODO: separate ErrImageNotFound with others.
 		// Now we just return empty if the error occurred.
@@ -894,7 +892,7 @@ func (c *CriManager) PullImage(ctx context.Context, r *runtime.PullImageRequest)
 
 // RemoveImage removes the image.
 func (c *CriManager) RemoveImage(ctx context.Context, r *runtime.RemoveImageRequest) (*runtime.RemoveImageResponse, error) {
-	imageRef := strings.TrimPrefix(r.GetImage().GetImage(), "sha256:")
+	imageRef := r.GetImage().GetImage()
 
 	if err := c.ImageMgr.RemoveImage(ctx, imageRef, false); err != nil {
 		if errtypes.IsNotfound(err) {

cri/src/cri_network.go → cri/v1alpha1/cri_network.go

@@ -1,4 +1,4 @@
-package src
+package v1alpha1
 
 import (
 	"fmt"

cri/src/cri_stream.go → cri/v1alpha1/cri_stream.go

@@ -1,4 +1,4 @@
-package src
+package v1alpha1
 
 import (
 	"bytes"
@@ -11,25 +11,24 @@ import (
 	"time"
 
 	apitypes "github.com/alibaba/pouch/apis/types"
-	"github.com/alibaba/pouch/cri/stream"
 	"github.com/alibaba/pouch/cri/stream/remotecommand"
 	"github.com/alibaba/pouch/daemon/mgr"
 
 	"github.com/sirupsen/logrus"
 )
 
-func newStreamServer(ctrMgr mgr.ContainerMgr, address string, port string) (stream.Server, error) {
-	config := stream.DefaultConfig
+func newStreamServer(ctrMgr mgr.ContainerMgr, address string, port string) (Server, error) {
+	config := DefaultConfig
 	config.Address = net.JoinHostPort(address, port)
 	runtime := newStreamRuntime(ctrMgr)
-	return stream.NewServer(config, runtime)
+	return NewServer(config, runtime)
 }
 
 type streamRuntime struct {
 	containerMgr mgr.ContainerMgr
 }
 
-func newStreamRuntime(ctrMgr mgr.ContainerMgr) stream.Runtime {
+func newStreamRuntime(ctrMgr mgr.ContainerMgr) Runtime {
 	return &streamRuntime{containerMgr: ctrMgr}
 }
 

cri/src/cri_types.go → cri/v1alpha1/cri_types.go

@@ -1,4 +1,4 @@
-package src
+package v1alpha1
 
 import (
 	"k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime"

cri/src/cri_utils.go → cri/v1alpha1/cri_utils.go

@@ -1,4 +1,4 @@
-package src
+package v1alpha1
 
 import (
 	"bytes"
@@ -14,8 +14,8 @@ import (
 	apitypes "github.com/alibaba/pouch/apis/types"
 	"github.com/alibaba/pouch/daemon/mgr"
 	"github.com/alibaba/pouch/pkg/utils"
-	"github.com/go-openapi/strfmt"
 
+	"github.com/go-openapi/strfmt"
 	"golang.org/x/net/context"
 	"k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime"
 )

cri/src/cri_utils_test.go → cri/v1alpha1/cri_utils_test.go

@@ -1,4 +1,4 @@
-package src
+package v1alpha1
 
 import (
 	"fmt"
@@ -8,6 +8,7 @@ import (
 
 	apitypes "github.com/alibaba/pouch/apis/types"
 	"github.com/alibaba/pouch/daemon/mgr"
+
 	"github.com/stretchr/testify/assert"
 	"golang.org/x/net/context"
 	"k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime"

cri/src/cri_wrapper.go → cri/v1alpha1/cri_wrapper.go

@@ -1,4 +1,4 @@
-package src
+package v1alpha1
 
 import (
 	"github.com/sirupsen/logrus"