Documentation
¶
Index ¶
- Constants
- func CreatePortBinding(hostPort int, hostIP string) []nat.PortBinding
- func Device(d *configs.Device) spec.LinuxDevice
- func ExposedPorts(expose, publish []string, publishAll bool, ...) (map[nat.Port][]nat.PortBinding, error)
- func IsNS(s string) bool
- func IsPod(s string) bool
- func IsValidDeviceMode(mode string) bool
- func NS(s string) string
- func NatToOCIPortBindings(ports nat.PortMap) ([]ocicni.PortMapping, error)
- func ParseDevice(device string) (string, string, string, error)
- func Valid(s string, ns LinuxNS) bool
- type CgroupConfig
- type CreateConfig
- type CreateResourceConfig
- type IpcConfig
- type LinuxNS
- type NetworkConfig
- type PidConfig
- type SecurityConfig
- func (c *SecurityConfig) ConfigureGenerator(g *generate.Generator, user *UserConfig) error
- func (c *SecurityConfig) SetLabelOpts(runtime *libpod.Runtime, pidConfig *PidConfig, ipcConfig *IpcConfig) error
- func (c *SecurityConfig) SetSecurityOpts(runtime *libpod.Runtime, securityOpts []string) error
- func (c *SecurityConfig) ToCreateOptions() ([]libpod.CtrCreateOption, error)
- type UserConfig
- type UtsConfig
Constants ¶
View Source
const ( // TypeBind is the type for mounting host dir TypeBind = "bind" // TypeVolume is the type for named volumes TypeVolume = "volume" // TypeTmpfs is the type for mounting tmpfs TypeTmpfs = "tmpfs" )
View Source
const Pod = "pod"
Pod signifies a kernel namespace is being shared by a container with the pod it is associated with
Variables ¶
This section is empty.
Functions ¶
func CreatePortBinding ¶
func CreatePortBinding(hostPort int, hostIP string) []nat.PortBinding
CreatePortBinding takes port (int) and IP (string) and creates an array of portbinding structs
func Device ¶
func Device(d *configs.Device) spec.LinuxDevice
Device transforms a libcontainer configs.Device to a specs.LinuxDevice object.
func ExposedPorts ¶
func ExposedPorts(expose, publish []string, publishAll bool, imageExposedPorts map[string]struct{}) (map[nat.Port][]nat.PortBinding, error)
ExposedPorts parses user and image ports and returns binding information
func IsValidDeviceMode ¶
IsValidDeviceMode checks if the mode for device is valid or not. IsValid mode is a composition of r (read), w (write), and m (mknod).
func NatToOCIPortBindings ¶
func NatToOCIPortBindings(ports nat.PortMap) ([]ocicni.PortMapping, error)
NatToOCIPortBindings iterates a nat.portmap slice and creates []ocicni portmapping slice
func ParseDevice ¶
ParseDevice parses device mapping string to a src, dest & permissions string
Types ¶
type CgroupConfig ¶
type CgroupConfig struct {
Cgroups string
Cgroupns string
CgroupParent string // cgroup-parent
CgroupMode namespaces.CgroupMode //cgroup
}
CgroupConfig configures the cgroup namespace for the container
func (*CgroupConfig) ConfigureGenerator ¶
func (c *CgroupConfig) ConfigureGenerator(g *generate.Generator) error
func (*CgroupConfig) ToCreateOptions ¶
func (c *CgroupConfig) ToCreateOptions(runtime *libpod.Runtime) ([]libpod.CtrCreateOption, error)
type CreateConfig ¶
type CreateConfig struct {
Annotations map[string]string
Args []string
CidFile string
ConmonPidFile string
Command []string // Full command that will be used
UserCommand []string // User-entered command (or image CMD)
Detach bool // detach
Devices []string // device
Entrypoint []string //entrypoint
Env map[string]string //env
HealthCheck *manifest.Schema2HealthConfig
Init bool // init
InitPath string //init-path
Image string
ImageID string
BuiltinImgVolumes map[string]struct{} // volumes defined in the image config
ImageVolumeType string // how to handle the image volume, either bind, tmpfs, or ignore
Interactive bool //interactive
Labels map[string]string //label
LogDriver string // log-driver
LogDriverOpt []string // log-opt
Name string //name
PodmanPath string
Pod string //pod
Quiet bool //quiet
Resources CreateResourceConfig
RestartPolicy string
Rm bool //rm
StopSignal syscall.Signal // stop-signal
StopTimeout uint // stop-timeout
Systemd bool
Tmpfs []string // tmpfs
Tty bool //tty
Mounts []spec.Mount
MountsFlag []string // mounts
NamedVolumes []*libpod.ContainerNamedVolume
Volumes []string //volume
VolumesFrom []string
WorkDir string //workdir
Rootfs string
Security SecurityConfig
Syslog bool // Whether to enable syslog on exit commands
// Namespaces
Pid PidConfig
Ipc IpcConfig
Cgroup CgroupConfig
User UserConfig
Uts UtsConfig
Network NetworkConfig
}
CreateConfig is a pre OCI spec structure. It represents user input from varlink or the CLI
func (*CreateConfig) AddPrivilegedDevices ¶
func (c *CreateConfig) AddPrivilegedDevices(g *generate.Generator) error
AddPrivilegedDevices iterates through host devices and adds all host devices to the spec
func (*CreateConfig) CreateBlockIO ¶
func (c *CreateConfig) CreateBlockIO() (*spec.LinuxBlockIO, error)
CreateBlockIO returns a LinuxBlockIO struct from a CreateConfig
func (*CreateConfig) MakeContainerConfig ¶
func (config *CreateConfig) MakeContainerConfig(runtime *libpod.Runtime, pod *libpod.Pod) (*spec.Spec, []libpod.CtrCreateOption, error)
MakeContainerConfig generates all configuration necessary to start a container with libpod from a completed CreateConfig struct.
type CreateResourceConfig ¶
type CreateResourceConfig struct {
BlkioWeight uint16 // blkio-weight
BlkioWeightDevice []string // blkio-weight-device
CPUPeriod uint64 // cpu-period
CPUQuota int64 // cpu-quota
CPURtPeriod uint64 // cpu-rt-period
CPURtRuntime int64 // cpu-rt-runtime
CPUs float64 // cpus
CPUsetCPUs string
CPUsetMems string // cpuset-mems
DeviceReadBps []string // device-read-bps
DeviceReadIOps []string // device-read-iops
DeviceWriteBps []string // device-write-bps
DeviceWriteIOps []string // device-write-iops
DisableOomKiller bool // oom-kill-disable
KernelMemory int64 // kernel-memory
Memory int64 //memory
MemoryReservation int64 // memory-reservation
MemorySwap int64 //memory-swap
MemorySwappiness int // memory-swappiness
OomScoreAdj int //oom-score-adj
PidsLimit int64 // pids-limit
ShmSize int64
Ulimit []string //ulimit
}
CreateResourceConfig represents resource elements in CreateConfig structures
type IpcConfig ¶
type IpcConfig struct {
IpcMode namespaces.IpcMode //ipc
}
IpcConfig configures the ipc namespace for the container
func (*IpcConfig) ConfigureGenerator ¶
func (*IpcConfig) ToCreateOptions ¶
type LinuxNS ¶
type LinuxNS interface {
Valid() bool
}
LinuxNS is a struct that contains namespace information It implemented Valid to show it is a valid namespace
type NetworkConfig ¶
type NetworkConfig struct {
DNSOpt []string //dns-opt
DNSSearch []string //dns-search
DNSServers []string //dns
ExposedPorts map[nat.Port]struct{}
HTTPProxy bool
IP6Address string //ipv6
IPAddress string //ip
LinkLocalIP []string // link-local-ip
MacAddress string //mac-address
NetMode namespaces.NetworkMode //net
Network string //network
NetworkAlias []string //network-alias
PortBindings nat.PortMap
Publish []string //publish
PublishAll bool //publish-all
}
NetworkConfig configures the network namespace for the container
func (*NetworkConfig) ConfigureGenerator ¶
func (c *NetworkConfig) ConfigureGenerator(g *generate.Generator) error
func (*NetworkConfig) ToCreateOptions ¶
func (c *NetworkConfig) ToCreateOptions(runtime *libpod.Runtime, userns *UserConfig) ([]libpod.CtrCreateOption, error)
type PidConfig ¶
type PidConfig struct {
PidMode namespaces.PidMode //pid
}
PidConfig configures the pid namespace for the container
func (*PidConfig) ConfigureGenerator ¶
func (*PidConfig) ToCreateOptions ¶
type SecurityConfig ¶
type SecurityConfig struct {
CapAdd []string // cap-add
CapDrop []string // cap-drop
LabelOpts []string //SecurityOpts
NoNewPrivs bool //SecurityOpts
ApparmorProfile string //SecurityOpts
SeccompProfilePath string //SecurityOpts
SecurityOpts []string
Privileged bool //privileged
ReadOnlyRootfs bool //read-only
ReadOnlyTmpfs bool //read-only-tmpfs
Sysctl map[string]string //sysctl
}
SecurityConfig configures the security features for the container
func (*SecurityConfig) ConfigureGenerator ¶
func (c *SecurityConfig) ConfigureGenerator(g *generate.Generator, user *UserConfig) error
func (*SecurityConfig) SetLabelOpts ¶
func (*SecurityConfig) SetSecurityOpts ¶
func (c *SecurityConfig) SetSecurityOpts(runtime *libpod.Runtime, securityOpts []string) error
func (*SecurityConfig) ToCreateOptions ¶
func (c *SecurityConfig) ToCreateOptions() ([]libpod.CtrCreateOption, error)
type UserConfig ¶
type UserConfig struct {
GroupAdd []string // group-add
IDMappings *storage.IDMappingOptions
UsernsMode namespaces.UsernsMode //userns
User string //user
}
UserConfig configures the user namespace for the container
func (*UserConfig) ConfigureGenerator ¶
func (c *UserConfig) ConfigureGenerator(g *generate.Generator) error
func (*UserConfig) InNS ¶
func (c *UserConfig) InNS(isRootless bool) bool
func (*UserConfig) ToCreateOptions ¶
func (c *UserConfig) ToCreateOptions(runtime *libpod.Runtime) ([]libpod.CtrCreateOption, error)
type UtsConfig ¶
type UtsConfig struct {
UtsMode namespaces.UTSMode //uts
NoHosts bool
HostAdd []string //add-host
Hostname string
}
UtsConfig configures the uts namespace for the container
func (*UtsConfig) ConfigureGenerator ¶
func (*UtsConfig) ToCreateOptions ¶
Source Files
Click to show internal directories.
Click to hide internal directories.