hostoptions

package
v1.0.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 9, 2025 License: MIT Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Capability 

type Capability string
const (
	// GRANTED BY DEFAULT
	// Write records to audit log
	AUDIT_WRITE Capability = "AUDIT_WRITE"

	// Make arbitrary changes to file ownership
	CHOWN Capability = "CHOWN"

	// Bypass file read/write/execute permission checks
	DAC_OVERRIDE Capability = "DAC_OVERRIDE"

	// Bypass file ownership checks
	FOWNER Capability = "FOWNER"

	// Set process UID/GID
	FSETID Capability = "FSETID"

	// Terminate processes
	KILL Capability = "KILL"

	// Create special files
	MKNOD Capability = "MKNOD"

	// Bind to low-numbered ports
	NET_BIND_SERVICE Capability = "NET_BIND_SERVICE"

	// Use raw sockets
	NET_RAW Capability = "NET_RAW"

	// Set file capabilities
	SETFCAP Capability = "SETFCAP"

	// Set group ID
	SETGID Capability = "SETGID"

	// Set process capabilities
	SETPCAP Capability = "SETPCAP"

	// Set user ID
	SETUID Capability = "SETUID"

	// Use chroot()
	SYS_CHROOT Capability = "SYS_CHROOT"

	// Configure auditing and audit rules
	AUDIT_CONTROL Capability = "AUDIT_CONTROL"

	// Read auditing and audit rules
	AUDIT_READ Capability = "AUDIT_READ"

	// Employ block devices
	BLOCK_SUSPEND Capability = "BLOCK_SUSPEND"

	// Use BPF (Berkeley Packet Filter)
	BPF Capability = "BPF"

	// Use process checkpoint/restore
	CHECKPOINT_RESTORE Capability = "CHECKPOINT_RESTORE"

	// Read files and directories
	DAC_READ_SEARCH Capability = "DAC_READ_SEARCH"

	// Lock memory
	IPC_LOCK Capability = "IPC_LOCK"

	// Become IPC namespace owner
	IPC_OWNER Capability = "IPC_OWNER"

	// Establish leases on filesystem objects
	LEASE Capability = "LEASE"

	// Set immutable attributes on files
	LINUX_IMMUTABLE Capability = "LINUX_IMMUTABLE"

	// Configure MAC (Mandatory Access Control) policy
	MAC_ADMIN Capability = "MAC_ADMIN"

	// Override MAC policy
	MAC_OVERRIDE Capability = "MAC_OVERRIDE"

	// Perform network administration tasks
	NET_ADMIN Capability = "NET_ADMIN"

	// Broadcast and listen to multicast
	NET_BROADCAST Capability = "NET_BROADCAST"

	// Access perf_event Open() hypercall
	PERFMON Capability = "PERFMON"

	// Perform admin tasks, like mount filesystems
	SYS_ADMIN Capability = "SYS_ADMIN"

	// Use reboot()
	SYS_BOOT Capability = "SYS_BOOT"

	// Load and unload kernel modules
	SYS_MODULE Capability = "SYS_MODULE"

	// Modify priority for arbitrary processes
	SYS_NICE Capability = "SYS_NICE"

	// Configure process accounting
	SYS_PACCT Capability = "SYS_PACCT"

	// Trace arbitrary processes using ptrace
	SYS_PTRACE Capability = "SYS_PTRACE"

	// Perform I/O port operations
	SYS_RAWIO Capability = "SYS_RAWIO"

	// Override resource limits
	SYS_RESOURCE Capability = "SYS_RESOURCE"

	// Set system time
	SYS_TIME Capability = "SYS_TIME"

	// Configure tty devices
	SYS_TTY_CONFIG Capability = "SYS_TTY_CONFIG"

	// Configure syslog
	SYSLOG Capability = "SYSLOG"

	// Set alarm to wake system
	WAKE_ALARM Capability = "WAKE_ALARM"
)

type MountType 

type MountType mount.Type

MountType is constant for the type of mount 

    "bind"
	// TypeVolume is the type for remote storage volumes
	"volume"
	// TypeTmpfs is the type for mounting tmpfs
	"tmpfs"
	// TypeNamedPipe is the type for mounting Windows named pipes
	"npipe"

type SetHostOptFn 

type SetHostOptFn func(options *container.HostConfig)

func AddDevice 

func AddDevice(device string, pathInContainer string, permissions string) SetHostOptFn

Adds a device to the host configuration. 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.AddDevice("/dev/net/tun", "/dev/net/tun", "rwm"),
)

func AutoRemove 

func AutoRemove() SetHostOptFn

AutoRemove adds an auto-remove option to the host configuration, ensuring the container is removed after it exits.

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.AutoRemove(),
)

This function sets the auto-remove flag in the host configuration. When enabled, the container will be automatically removed once it exits, helping to clean up resources and avoid manual cleanup operations.

Note: Calling this function enables the auto-remove behavior for the container.

func Bind 

func Bind(bind string) SetHostOptFn

Bind adds volume bindings to the host configuration for the container.

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.Bind("/host/path:/container/path:ro"),
)

This function allows you to specify volume bindings between the host and the container. Volume bindings enable sharing files and directories between the host and the container. The format for each binding is "/host/path:/container/path:options", where "options" can include "ro" for read-only access or "rw" for read-write access.

Note: Each call to this function adds a new volume binding to the configuration.

func BlkioDeviceReadBps 

func BlkioDeviceReadBps(devicePath string, rate uint64) SetHostOptFn

BlkioDeviceReadBps sets the rate at which a device can be read in bytes per second.

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.BlkioDeviceReadBps("/dev/sda", 1024*1024), // 1MB/s
)

func BlkioDeviceReadIOps 

func BlkioDeviceReadIOps(devicePath string, rate uint64) SetHostOptFn

BlkioDeviceReadIOps sets the rate at which read operations can be performed on a device.

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.BlkioDeviceReadIOps("/dev/sda", 1000), // 1000 IOPS
)

func BlkioDeviceWriteBps 

func BlkioDeviceWriteBps(devicePath string, rate uint64) SetHostOptFn

BlkioDeviceWriteBps sets the rate at which a device can be written in bytes per second.

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.BlkioDeviceWriteBps("/dev/sda", 1024*1024), // 1MB/s
)

func BlkioDeviceWriteIOps 

func BlkioDeviceWriteIOps(devicePath string, rate uint64) SetHostOptFn

BlkioDeviceWriteIOps sets the rate at which write operations can be performed on a device.

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.BlkioDeviceWriteIOps("/dev/sda", 1000), // 1000 IOPS
)

func BlkioWeight 

func BlkioWeight(weight uint16) SetHostOptFn

BlkioWeight sets the block IO weight (relative weight) for the container. Weight is a value between 10 and 1000.

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.BlkioWeight(500),
)

func CPUPeriod 

func CPUPeriod(period int64) SetHostOptFn

CPUPeriod sets the CPU CFS (Completely Fair Scheduler) period

func CPUQuota 

func CPUQuota(quota int64) SetHostOptFn

CPUQuota sets the CPU CFS (Completely Fair Scheduler) quota

func CPURealtimePeriod 

func CPURealtimePeriod(period int64) SetHostOptFn

CPURealtimePeriod sets the CPU real-time period in microseconds. This option is only applicable when running containers on operating systems that support CPU real-time scheduler.

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.CPURealtimePeriod(100000),
)

func CPURealtimeRuntime 

func CPURealtimeRuntime(runtime int64) SetHostOptFn

CPURealtimeRuntime sets the CPU real-time runtime in microseconds. This option is only applicable when running containers on operating systems that support CPU real-time scheduler.

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.CPURealtimeRuntime(95000),
)

func CPUShares 

func CPUShares(shares int64) SetHostOptFn

CPUShares sets the CPU shares (relative weight) for the container

func CapAdd 

func CapAdd(caps ...Capability) SetHostOptFn

CapAdd adds specified capabilities to the host configuration for the container.

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.CapAdd(Capability("NET_ADMIN")),
)

This function allows you to add specific Linux capabilities to the container's process, enabling controlled access to privileged actions within the container.

Note: Each call to this function adds one or more capabilities to the configuration.

func CapDrop 

func CapDrop(caps ...Capability) SetHostOptFn

CapDrop removes specified capabilities from the host configuration for the container.

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.CapDrop(Capability("MAC_ADMIN")),
)

This function allows you to remove specific Linux capabilities from the container's process, enhancing security by limiting the privileges that the container's processes possess.

Note: Each call to this function removes one or more capabilities from the configuration.

func Cgroup 

func Cgroup(cgroup string) SetHostOptFn

Adds a Cgroup to use for the container in the host configuration 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.Cgroup("cpu,memory"),
)

func CgroupParent 

func CgroupParent(parent string) SetHostOptFn

CgroupParent sets the parent cgroup for the container. This allows for resource sharing and limits inheritance from a parent cgroup.

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.CgroupParent("/my/custom/cgroup"),
)

func ConsoleSize 

func ConsoleSize(height uint, width uint) SetHostOptFn

ConsoleSize sets the initial console size for the container's terminal in the host configuration. This function is intended for use in Windows environments.

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.ConsoleSize(uint(300), uint(300)),
)

Note: This function is applicable only in Windows environments. It sets the initial dimensions of the container's terminal console as a [height, width] array. For non-Windows platforms, it has no effect and leaves the host configuration unchanged.

func ContainerIDFile 

func ContainerIDFile(containerIDFile string) SetHostOptFn

Adds a containerIDFile to the host configuration. After running this command, the /path/to/container-id.txt file will contain the ID of the started container. 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.ContainerIDFile("/path/to/container-id.txt"),
)

func CpusetCpus 

func CpusetCpus(cpus string) SetHostOptFn

CpusetCpus sets the CPUs in which execution is allowed

func CpusetMems 

func CpusetMems(mems string) SetHostOptFn

CpusetMems sets the memory nodes in which execution is allowed. Only effective on NUMA systems.

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.CpusetMems("0-1"),
)

func DNSOptions 

func DNSOptions(dnsOption ...string) SetHostOptFn

DNSOptions adds a list of DNS resolver options to the host configuration for the container.

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.DNSOptions("use-vc", "attempts:1"),
)

This function allows you to specify additional DNS resolver options that the container's processes can use for customizing DNS resolution behavior. DNS resolver options modify how DNS queries are performed, such as enabling validation of responses or limiting the number of attempts.

Note: Each call to this function adds one or more DNS resolver options to the configuration.

func DNSSearch 

func DNSSearch(search ...string) SetHostOptFn

DNSSearch adds a list of DNS search domains to the host configuration for the container.

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.DNSSearch("example.com", "example.org"),
)

This function allows you to specify additional DNS search domains that the container's processes can use for name resolution. DNS search domains are used to complete unqualified domain names when performing DNS lookups within the container.

Note: Each call to this function adds one or more DNS search domains to the configuration.

func DeviceCgroupRules 

func DeviceCgroupRules(rules []string) SetHostOptFn

DeviceCgroupRules sets a list of cgroup rules to allow the container to access devices. The rules are in the format specified by the Linux kernel documentation.

Usage example: 

rules := []string{
	"c 1:3 rwm",
	"a 7:* rmw",
}
myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.DeviceCgroupRules(rules),
)

func DeviceRequest 

func DeviceRequest(driver string, count int, deviceIDs []string, capabilities []string) SetHostOptFn

DeviceRequest adds a device request for the container. This is commonly used for requesting access to GPUs or other specialized hardware.

Usage example: 

myContainer := container.NewConfig("my_container")
// Request a specific NVIDIA GPU
myContainer.SetHostOptions(
	hostoptions.DeviceRequest("nvidia", 1, []string{"0"}, []string{"gpu", "compute", "utility"}),
)

// Request any two NVIDIA GPUs
myContainer.SetHostOptions(
	hostoptions.DeviceRequest("nvidia", 2, nil, []string{"gpu", "compute"}),
)

func ExtraHosts 

func ExtraHosts(extraHosts ...string) SetHostOptFn

ExtraHosts adds a list of custom host-to-IP mappings to the host configuration for the container.

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.ExtraHosts("docker.io", "docker.com"),
)

This function allows you to specify additional host-to-IP mappings that the container's processes can use for DNS lookups. These mappings can be used to override DNS resolutions for specific hosts within the container.

Note: Each call to this function adds one or more custom host mappings to the configuration.

func GroupAdd 

func GroupAdd(group ...string) SetHostOptFn

GroupAdd adds supplementary groups to the host configuration for the container.

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.GroupAdd("wheel"),
)

This function allows you to specify additional supplementary groups for the container's processes. Supplementary groups provide access to shared resources or permissions that are granted based on group membership.

Note: Each call to this function adds one or more supplementary groups to the configuration.

func Init 

func Init() SetHostOptFn

Init runs an init inside the container

func IpcMode 

func IpcMode(mode string) SetHostOptFn

Adds a IPC namespace to use for the container in the host configuration the default value is "private" IPC sharing mode for the container. Possible values are: 

"none"
"private"
"shareable"
"container"
"host"

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.IPCMode("host"),
)

func Isolation 

func Isolation(isolation string) SetHostOptFn

Isolation sets the isolation mode to be used for the container in the host configuration. This function is intended for use in Windows environments.

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.Isolation("hyperv"),
)

Note: This function applies isolation settings only in Windows environments. For other operating systems, it has no effect and leaves the host configuration unchanged.

func KernelMemory 

func KernelMemory(memory int64) SetHostOptFn

KernelMemory sets the kernel memory limit in bytes. This is the hard limit for kernel memory that cannot be swapped out.

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.KernelMemory(int64(50 * 1024 * 1024)), // 50MB kernel memory
)

func LogConfig 

func LogConfig(configType string, configData map[string]string) SetHostOptFn

LogConfig adds a log configuration to the host configuration for the container. The default log type is "none".

Usage example: 

logConfigData := map[string]string{
	"max-size": "10m", // Maximum log file size
	"max-file": "3",   // Maximum number of log files to retain
}
myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.LogConfig("json-file", logConfigData),
)

This function allows you to specify the log configuration for the container's logging output. You can choose from various log types, such as "json-file", "syslog", "journald", "gelf", "fluentd", "awslogs", "splunk", "etwlogs", or "none".

The log configuration can include additional data specific to the chosen log type. Pass the `configData` parameter as a map[string]string containing the configuration details for the selected log type.

Note: If an unsupported log type is provided, the function will set the log type to "none" by default.

func LookupDNS 

func LookupDNS(dns ...string) SetHostOptFn

LookupDNS adds a list of custom DNS servers to the host configuration for the container.

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.LookupDNS("8.8.8.8", "1.1.1.1"),
)

This function allows you to specify additional DNS server IP addresses that the container's processes can use for DNS lookups. Custom DNS servers can be used to override the default DNS server configuration for the container.

Note: Each call to this function adds one or more custom DNS server IP addresses to the configuration.

func MaskedPaths 

func MaskedPaths(maskPaths ...string) SetHostOptFn

Adds a list of paths to be masked inside the container in the host configuration (this overrides the default set of paths).

When you use MaskedPaths, the specified files or directories will not be visible or accessible from within the container, even if they exist in the underlying image. This can help prevent accidental or intentional modifications to critical files or directories within the container. 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.MaskPaths("/proc", "/sys"),
)

func Memory 

func Memory(memory int64) SetHostOptFn

Memory sets a memory limit (in bytes) for the container in the host configuration.

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.Memory(int64(512 * 1024 * 1024)), // Set memory limit to 512MB
)

This function allows you to specify a memory limit for the container's processes. The container's memory usage will be restricted to the specified limit, preventing excessive memory consumption.

Note: Calling this function sets the memory limit for the container in bytes.

func MemoryReservation 

func MemoryReservation(memory int64) SetHostOptFn

MemoryReservation sets the memory soft limit

func MemorySwap 

func MemorySwap(memorySwap int64) SetHostOptFn

MemorySwap sets the total memory limit (memory + swap)

func MemorySwappiness 

func MemorySwappiness(swappiness *int64) SetHostOptFn

MemorySwappiness tunes container memory swappiness (0 to 100). - A value of 0 turns off anonymous page swapping. - A value of 100 sets the host's swappiness value. - Values between 0 and 100 modify the swappiness level accordingly.

Usage example: 

swappiness := int64(60)
myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.MemorySwappiness(&swappiness),
)

func Mount 

func Mount(mountType MountType, source, target string, readOnly bool) SetHostOptFn

Mount configures a volume mount between the host and the container in the host configuration.

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.Mount(hostoptions.MountType., "/host/source", "/container/target", true),
)

This function allows you to specify volume mounts for sharing files or directories between the host and the container. You can choose the mount type from predefined options using the MountType enum, such as Bind, Volume, or Tmpfs.

Note: Each call to this function adds a volume mount configuration to the host configuration.

func NetworkMode 

func NetworkMode(mode string) SetHostOptFn

Adds a network mode to the host configuration. Accepted values are: - "bridge": Use Docker's default bridge network - "host": Use the host's network stack - "none": No network access - "container:<name|id>": Use another container's network namespace - "<network-name>": Connect to a user-defined network

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	// Use host network
	hostoptions.NetworkMode("host"),
	// Or connect to a user-defined network
	hostoptions.NetworkMode("my-custom-network"),
	// Or share network namespace with another container
	hostoptions.NetworkMode("container:another-container"),
)

func NoNewPrivileges 

func NoNewPrivileges() SetHostOptFn

NoNewPrivileges disables new privileges from being acquired

func OomScoreAdj 

func OomScoreAdj(score int) SetHostOptFn

Sets an integer value containing the score given to the container in order to tune OOM killer preferences to the host configuration. valid values are integers in the range of -1000 to 1000

The OomScoreAdj is a kernel-level mechanism in Linux that allows you to adjust the OOM (Out-of-Memory) killer score of a process. The OOM killer is a part of the Linux kernel that's responsible for selecting and killing processes when the system runs out of available memory to prevent the entire system from becoming unresponsive due to memory exhaustion.

The OOM score of a process determines its likelihood of being killed by the OOM killer. A lower OOM score indicates a higher priority for being killed, while a higher OOM score indicates a lower priority. 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.OomScoreAdj(100),
)

func PidMode 

func PidMode(mode string) SetHostOptFn

Sets the PID mode to the host configuration.

"host": In this mode, the container uses the same PID namespace as the host system. This means the processes inside the container are not isolated from the hosts processes. This mode can be useful when you need processes in the container to interact with or manage host-level processes directly.

"container:<container_id>": In this mode, the container shares the PID namespace with another container specified by its ID. This mode allows processes in both containers to see each other's processes as if they were in the same PID namespace.

(empty string, default): In this mode, the container gets its own isolated PID namespace, which is the default behavior. 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.PidMode("host"),
)

func PidsLimit 

func PidsLimit(limit *int64) SetHostOptFn

PidsLimit sets the container's PIDs limit. Set to -1 for unlimited PIDs.

Usage example: 

limit := int64(100)
myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.PidsLimit(&limit),
)

func PortBindings 

func PortBindings(hostIP, hostPort, containerPort string) SetHostOptFn

PortBindings sets up port mappings between the host and the container in the host configuration.

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.PortBindings("0.0.0.0", "8080", "80"),
)

This function allows you to specify port mappings for forwarding traffic between the host and the container. You can map a specific host IP address and port to a container port. The host IP can be "0.0.0.0" to bind to all available interfaces.

Note: Each call to this function adds a port mapping configuration to the host configuration.

func Privileged 

func Privileged() SetHostOptFn

Sets the Privileged mode to the host configuration which allows the following:

1. Access to All Devices: Containers in privileged mode can access all devices on the host system, which includes raw disk devices and hardware devices.

2. Capability to Modify Network Configuration: Containers can modify network settings and configurations, potentially affecting the host network and other containers.

3. Ability to Load Kernel Modules: Containers can load and unload kernel modules, which can have a broad impact on the host system's kernel.

4. Bypassing User and Namespace Isolation: Containers in privileged mode have access to the host's user namespace and can potentially perform actions that would require higher privileges.

5. Access to Hosts Process Space: Containers can interact with processes running on the host system. 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
hostoptions.Privileged(),
)

func PublishAllPorts 

func PublishAllPorts() SetHostOptFn

Publishes all ports in the host configuration When this flag is enabled, all exposed ports in the container are automatically mapped to random ports on the host system. This allows external systems to access services running inside the container without explicitly specifying port mappings. 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.PublishAllPorts(),
)

func ReadonlyPaths 

func ReadonlyPaths(paths ...string) SetHostOptFn

ReadonlyPaths adds a list of files or directories within the container's filesystem that you want to mark as read-only.

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.ReadonlyPaths("/etc", "/usr/share"),
)

This function allows you to specify a set of paths within the container's filesystem that should be marked as read-only. When marked as read-only, changes to these paths are not allowed, enhancing data integrity and security.

Note: Calling this function adds one or more read-only paths to the container's configuration.

func ReadonlyRootfs 

func ReadonlyRootfs() SetHostOptFn

Adds options to mount the container's root filesystem as read only. 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.ReadOnlyRootfs(),
)

func RestartAlways 

func RestartAlways() SetHostOptFn

RestartAlways adds a restart policy that ensures the container is always restarted upon exit.

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.RestartAlways(),
)

This function sets up a restart policy in the host configuration that instructs Docker to always restart the container automatically when it exits, ensuring continuous availability of the service.

Note: Calling this function enables the "always" restart policy for the container.

func RestartPolicy 

func RestartPolicy(mode string, maxRetryCount int) SetHostOptFn

RestartPolicy adds a restart policy to the host configuration.

Valid restart policy options: - "no" (default policy) - "on-failure"[:maxRetryCount] - "always"

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.RestartPolicy("on-failure", 5),
)

This function allows you to specify a restart policy for the container's behavior upon exit or failure. Choose from predefined restart policies: "no", "on-failure", "always", or "unless-stopped", optionally with a maximum retry count.

Note: Calling this function sets the restart policy and, if applicable, the maximum retry count for the container.

func Runtime 

func Runtime(runtime string) SetHostOptFn

Runtime sets the runtime to be used for this container in the host configuration.

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.Runtime("runc"),
)

This function allows you to specify the container runtime that will be used to execute the processes within the container. It is applied to the host configuration.

Note: The impact of this function may vary depending on the container runtime environment. Make sure to use a runtime that is compatible with the host and container's requirements.

func SecurityOpt 

func SecurityOpt(opts ...string) SetHostOptFn

Adds a list of string values to customize labels for MLS systems, such as SELinux. 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.SecurityOpts("label:disable"),
)

func ShmSize 

func ShmSize(size int64) SetHostOptFn

ShmSize sets the size of the shared memory file system (/dev/shm) for the container in the host configuration.

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.ShmSize(int64(67108864)),
)

This function allows you to specify the size of the shared memory filesystem used by processes within the container. By default, if omitted, the system allocates 64MB for /dev/shm.

Note: If a negative size is provided, the function will have no effect, and the system's default size will be used.

func StorageOpt 

func StorageOpt(key, value string) SetHostOptFn

Adds storage driver options per container to the host configuration. 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.StorageOpt("size", "20G"),
)

func Sysctls 

func Sysctls(sysctls map[string]string) SetHostOptFn

Sysctls sets namespaced kernel parameters (sysctls) in the container. These parameters can be used to tune and configure container behavior.

Usage example: 

sysctls := map[string]string{
	"net.ipv4.ip_forward": "1",
}
myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.Sysctls(sysctls),
)

func Tmpfs 

func Tmpfs(key, value string) SetHostOptFn

Adds to a map of tmpfs (mounts) used for the container 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.Tmpfs("size", "100m"), // Set the size limit
)

func UTSMode 

func UTSMode(mode string) SetHostOptFn

UTSMode sets the UTS (Unix Timesharing System) namespace mode to be used for the container in the host configuration.

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.UTSMode("host"),
)

This function allows you to specify the UTS namespace mode for the container. The UTS namespace isolates the nodename and domain name identifiers between the host and containers. The available modes are "host" and "container".

Note: The effect of this function depends on the container runtime environment and host configuration. Select the appropriate UTS namespace mode based on your isolation and naming requirements.

func Ulimits 

func Ulimits(ulimits []*units.Ulimit) SetHostOptFn

Ulimits sets ulimit options

func UserNSMode 

func UserNSMode(mode string) SetHostOptFn

UserNSMode sets the user namespace mode to be used for the container in the host configuration.

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.UserNSMode("host"),
)

This function allows you to specify the user namespace mode for the container. The user namespace provides isolation for user and group IDs between the host and containers. The available modes are "host", "private", "shareable", and "container".

Note: The effect of this function depends on the container runtime environment and host configuration. Make sure to use the appropriate user namespace mode that suits your security and isolation requirements.

func VolumeDriver 

func VolumeDriver(driver string) SetHostOptFn

Adds a volume driver option to the host configuration. 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.VolumeDriver("local"),
)

func VolumesFrom 

func VolumesFrom(from string) SetHostOptFn

VolumesFrom adds a list of volumes to inherit from another container, specified in the form <container name>[:<ro|rw>].

Usage example: 

myContainer := container.NewConfig("my_container")
myContainer.SetHostOptions(
	hostoptions.VolumesFrom("my_other_container:rw"),
)

This function allows you to specify a list of volumes to inherit from another container. The format is <container name>[:<ro|rw>], where <container name> is the name of the source container and ":rw" or ":ro" specifies whether the volume should be mounted read-write or read-only.

Note: Calling this function adds one or more volume sources to the container's configuration.

type ThrottleDevice 

type ThrottleDevice struct {
	Path string
	Rate uint64
}

ThrottleDevice represents a structure for rate limiting device operations

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.