Documentation
¶
Index ¶
- Variables
- func CompileRegexpsForPinnedImages(patterns []string) []*regexp.Regexp
- func CopyDetachable(dst io.Writer, src io.Reader, keys []byte) (int64, error)
- func DetectUID() (int, error)
- func DetectUserDbusSessionBusAddress() (string, error)
- func EnsureSaneLogPath(logPath string) error
- func FilterPinnedImage(image string, pinnedImages []*regexp.Regexp) bool
- func GenerateID() (string, error)
- func GeneratePasswd(username string, uid, gid uint32, homedir, rootfs, rundir string) (string, error)
- func GetLabelOptions(selinuxOptions *types.SELinuxOption) []string
- func GetUser(containerMount, userIDorName string) (*user.User, error)
- func GetUserInfo(rootfs, userName string) (uid, gid uint32, additionalGids []uint32, _ error)
- func HandleResizing(resize <-chan remotecommand.TerminalSize, ...)
- func ImagePush(ctx context.Context, newImageRef, registryAuthToken string) error
- func Int32Ptr(i int32) *int32
- func RootfsCheckpoint(ctx context.Context, ctrDir, dest, ctrID string, specgen *rspec.Spec) (string, error)
- func RootfsMerge(ctx context.Context, ...) error
- func RunUnderSystemdScope(mgr *DbusConnManager, pid int, slice, unitName string, ...) (err error)
- func StatusToExitCode(status int) int
- func Sync(path string) error
- func SyncParent(path string) error
- func Syncfs(path string) error
- func SysboxChown(ctx context.Context, containerID, root string) error
- func WriteGoroutineStacksToFile(path string) error
- type CgroupPullConfiguration
- type DbusConnManager
- type DetachError
- type ImageCopyOptions
- type ImageResult
- type ImageServer
- type RegistryImageReference
- type StorageImageID
- type StorageTransport
Constants ¶
This section is empty.
Variables ¶
var ImageBeingPulled sync.Map
ImageBeingPulled map[string]bool to keep track of the images haven't done pulling.
Functions ¶
func CompileRegexpsForPinnedImages ¶
CompileRegexpsForPinnedImages compiles regular expressions for the given list of pinned images.
func CopyDetachable ¶
CopyDetachable is similar to io.Copy but support a detach key sequence to break out.
func DetectUID ¶
DetectUID detects UID from the OwnerUID field of `busctl --user status` if running in userNS. The value corresponds to sd_bus_creds_get_owner_uid(3) .
Otherwise returns os.Getuid() .
func DetectUserDbusSessionBusAddress ¶
DetectUserDbusSessionBusAddress returns $DBUS_SESSION_BUS_ADDRESS if set. Otherwise returns "unix:path=$XDG_RUNTIME_DIR/bus" if $XDG_RUNTIME_DIR/bus exists. Otherwise parses the value from `systemctl --user show-environment` .
func EnsureSaneLogPath ¶
EnsureSaneLogPath is a hack to fix https://issues.k8s.io/44043 which causes logPath to be a broken symlink to some magical Docker path. Ideally we wouldn't have to deal with this, but until that issue is fixed we have to remove the path if it's a broken symlink.
func FilterPinnedImage ¶
FilterPinnedImage checks if the given image needs to be pinned and excluded from kubelet's image GC.
func GeneratePasswd ¶
func GeneratePasswd(username string, uid, gid uint32, homedir, rootfs, rundir string) (string, error)
GeneratePasswd generates a container specific passwd file, iff uid is not defined in the containers /etc/passwd
func GetLabelOptions ¶
func GetLabelOptions(selinuxOptions *types.SELinuxOption) []string
func GetUser ¶
GetUser takes a containermount path and user name or ID and returns a matching User structure from /etc/passwd. If it cannot locate a user with the provided information, an ErrNoPasswdEntries is returned. When the provided user name was an ID, a User structure with Uid set is returned along with ErrNoPasswdEntries.
func GetUserInfo ¶
GetUserInfo returns UID, GID and additional groups for specified user by looking them up in /etc/passwd and /etc/group
func HandleResizing ¶
func HandleResizing(resize <-chan remotecommand.TerminalSize, resizeFunc func(size remotecommand.TerminalSize))
HandleResizing spawns a goroutine that processes the resize channel, calling resizeFunc for each TerminalSize received from the channel. The resize channel must be closed elsewhere to stop the goroutine.
func RootfsCheckpoint ¶
func RootfsMerge ¶ added in v0.9.212
func RunUnderSystemdScope ¶
func RunUnderSystemdScope(mgr *DbusConnManager, pid int, slice, unitName string, properties ...systemdDbus.Property) (err error)
RunUnderSystemdScope adds the specified pid to a systemd scope
func StatusToExitCode ¶
StatusToExitCode converts wait status code to an exit code
func SyncParent ¶
SyncParent ensures a path's parent directory is synced to disk
func SysboxChown ¶ added in v0.9.212
func WriteGoroutineStacksToFile ¶
WriteGoroutineStacksToFile write goroutine stacks to the specified file.
Types ¶
type CgroupPullConfiguration ¶
CgroupPullConfiguration WARNING: All of imageLookupService must be JSON-representable because it is included in pullImageArgs.
type DbusConnManager ¶
type DbusConnManager struct{}
func NewDbusConnManager ¶
func NewDbusConnManager(rootless bool) *DbusConnManager
NewDbusConnManager initializes systemd dbus connection manager.
func (*DbusConnManager) GetConnection ¶
func (d *DbusConnManager) GetConnection() (*systemdDbus.Conn, error)
getConnection lazily initializes and returns systemd dbus connection.
func (*DbusConnManager) RetryOnDisconnect ¶
func (d *DbusConnManager) RetryOnDisconnect(op func(*systemdDbus.Conn) error) error
RetryOnDisconnect calls op, and if the error it returns is about closed dbus connection, the connection is re-established and the op is retried. This helps with the situation when dbus is restarted and we have a stale connection.
type DetachError ¶
type DetachError struct{}
DetachError is special error which returned in case of container detach.
func (DetachError) Error ¶
func (DetachError) Error() string
type ImageCopyOptions ¶
type ImageCopyOptions struct {
SourceCtx *types.SystemContext
DestinationCtx *types.SystemContext
OciDecryptConfig *encconfig.DecryptConfig
ProgressInterval time.Duration
Progress chan types.ProgressProperties `json:"-"`
CgroupPull CgroupPullConfiguration
}
subset of copy.Options that is supported by reexec. WARNING: All ofImageCopyOptions must be JSON-representable because it is included in pullImageArgs.
type ImageResult ¶
type ImageResult struct {
ID StorageImageID
// May be nil if the image was referenced by ID and has no names.
// It also has NO RELATIONSHIP to user input when returned by ImageStatusByName.
SomeNameOfThisImage *RegistryImageReference
RepoTags []string
RepoDigests []string
Size *uint64
Digest digest.Digest
ConfigDigest digest.Digest
User string
PreviousName string
Labels map[string]string
OCIConfig *specs.Image
Annotations map[string]string
Pinned bool // pinned image to prevent it from garbage collection
}
ImageResult wraps a subset of information about an image: its ID, its names, and the size, if known, or nil if it isn't.
type ImageServer ¶
type ImageServer interface {
// ListImages returns list of all images.
ListImages(systemContext *types.SystemContext) ([]ImageResult, error)
// ImageStatusByID returns status of a single image
ImageStatusByID(systemContext *types.SystemContext, id StorageImageID) (*ImageResult, error)
// ImageStatusByName returns status of an image tagged with name.
ImageStatusByName(systemContext *types.SystemContext, name RegistryImageReference) (*ImageResult, error)
// PrepareImage returns an Image where the config digest can be grabbed
// for further analysis. Call Close() on the resulting image.
PrepareImage(systemContext *types.SystemContext, imageName RegistryImageReference) (types.ImageCloser, error)
// PullImage imports an image from the specified location.
PullImage(ctx context.Context, imageName RegistryImageReference, options *ImageCopyOptions) (types.ImageReference, error)
// DeleteImage deletes a storage image (impacting all its tags)
DeleteImage(systemContext *types.SystemContext, id StorageImageID) error
// UntagImage removes a name from the specified image, and if it was
// the only name the image had, removes the image.
UntagImage(systemContext *types.SystemContext, name RegistryImageReference) error
// GetStore returns the reference to the storage library Store which
// the image server uses to hold images, and is the destination used
// when it's asked to pull an image.
GetStore() storage.Store
// HeuristicallyTryResolvingStringAsIDPrefix checks if heuristicInput could be a valid image ID or a prefix, and returns
// a StorageImageID if so, or nil if the input can be something else.
// DO NOT CALL THIS from in-process callers who know what their input is and don't NEED to involve heuristics.
HeuristicallyTryResolvingStringAsIDPrefix(heuristicInput string) *StorageImageID
// CandidatesForPotentiallyShortImageName resolves an image name into a set of fully-qualified image names (domain/repo/image:tag|@digest).
// It will only return an empty slice if err != nil.
CandidatesForPotentiallyShortImageName(systemContext *types.SystemContext, imageName string) ([]RegistryImageReference, error)
// UpdatePinnedImagesList updates pinned and pause images list in imageService.
UpdatePinnedImagesList(imageList []string)
}
ImageServer wraps up various CRI-related activities into a reusable implementation.
func GetImageService ¶
func GetImageService(ctx context.Context, store storage.Store, storageTransport StorageTransport, serverConfig *config.Config) (ImageServer, error)
GetImageService returns an ImageServer that uses the passed-in store, and which will prepend the passed-in DefaultTransport value to an image name if a name that's passed to its PullImage() method can't be resolved to an image in the store and can't be resolved to a source on its own.
type RegistryImageReference ¶
type RegistryImageReference struct {
// contains filtered or unexported fields
}
RegistryImageReference is a name of a specific image location on a registry. The image may or may not exist, and, in general, what image the name points to may change over time.
More specifically: - The name always specifies a registry; it is not an alias nor a short name input to a search - The name contains a tag or digest; it does not specify just a repo.
This is intended to be a value type; if a value exists, it contains a valid reference.
func ParseRegistryImageReferenceFromOutOfProcessData ¶
func ParseRegistryImageReferenceFromOutOfProcessData(input string) (RegistryImageReference, error)
ParseRegistryImageReferenceFromOutOfProcessData constructs a RegistryImageReference from a string.
It is only intended for communication with OUT-OF-PROCESS APIs, like registry references provided by CRI by Kubelet.
func RegistryImageReferenceFromRaw ¶
func RegistryImageReferenceFromRaw(rawNamed reference.Named) RegistryImageReference
RegistryImageReferenceFromRaw is an internal constructor of a RegistryImageReference.
This should only be called from internal/storage. It’s the caller’s responsibility to provide a valid value (!IsNameOnly, and registry-qualified)
func (RegistryImageReference) Format ¶
func (ref RegistryImageReference) Format(f fmt.State, verb rune)
Format() is implemented so that log entries can be written, without providing a convenient String() method.
func (RegistryImageReference) Raw ¶
func (ref RegistryImageReference) Raw() reference.Named
Raw returns the underlying reference.Named.
The return value is !IsNameOnly, and the repo is registry-qualified.
This should only be called from internal/storage.
func (RegistryImageReference) Registry ¶
func (ref RegistryImageReference) Registry() string
Registry returns the host[:port] part of the reference
func (RegistryImageReference) StringForOutOfProcessConsumptionOnly ¶
func (ref RegistryImageReference) StringForOutOfProcessConsumptionOnly() string
StringForOutOfProcessConsumptionOnly is only intended for communication with OUT-OF-PROCESS APIs, like image names in CRI status objects.
RegistryImageReference intentionally does not implement String(). Use typed values wherever possible.
type StorageImageID ¶
type StorageImageID struct {
// contains filtered or unexported fields
}
StorageImageID is a stable identifier for a (deduplicated) image in a local storage. The image referenced by the ID is _mostly_ immutable, notably the layers and config will never change; the names and some other metadata may change (as images are deduplicated).
An ID might not refer to an image (e.g. if the image was deleted, or if the ID never referred to an image in the first place).
This is intended to be a value type; if a value exists, it is a correctly-formatted ID. The values can be compared for equality, or used as map keys.
func ParseStorageImageIDFromOutOfProcessData ¶
func ParseStorageImageIDFromOutOfProcessData(input string) (StorageImageID, error)
ParseStorageImageIDFromOutOfProcessData constructs a StorageImageID from a string. It is only intended for communication with OUT-OF-PROCESS APIs, like image IDs provided by CRI by Kubelet (who got it from CRI-O’s StorageImageID.IDStringForOutOfProcessConsumptionOnly() in the first place).
func (StorageImageID) Format ¶
func (id StorageImageID) Format(f fmt.State, verb rune)
Format() is implemented so that log entries can be written, without providing a convenient String() method.
func (StorageImageID) IDStringForOutOfProcessConsumptionOnly ¶
func (id StorageImageID) IDStringForOutOfProcessConsumptionOnly() string
IDStringForOutOfProcessConsumptionOnly is only intended for communication with OUT-OF-PROCESS APIs, like image IDs in CRI to provide stable identifiers to Kubelet.
StorageImageID intentionally does not implement String(). Use typed values wherever possible.
type StorageTransport ¶
type StorageTransport interface {
ResolveReference(ref types.ImageReference) (types.ImageReference, *storage.Image, error)
}
StorageTransport is a level of indirection to allow mocking istorage.ResolveReference
Source Files