Documentation
¶
Overview ¶
Package config defines the SOCI snapshotter default configuration and utility commands for parsing configuration from a TOML file.
Index ¶
- Constants
- func TrimSocketAddress(address string) string
- type BackgroundFetchConfig
- type BlobConfig
- type CRIKeychainConfig
- type Config
- type ContentStoreConfig
- type ContentStoreType
- type DecompressStream
- type DirectoryCacheConfig
- type ExternalArtifactStoreConfig
- type FSConfig
- type FuseConfig
- type HostConfig
- type KubeconfigKeychainConfig
- type MirrorConfig
- type Parallel
- type ParallelConfig
- type PrefetchConfig
- type PullModes
- type ResolverConfig
- type RetryConfig
- type RetryableHTTPClientConfig
- type ServiceConfig
- type SnapshotterConfig
- type TimeoutConfig
- type V1
- type V2
Constants ¶
View Source
const ( // DefaultDaemonRootPath is the default filesystem path for the node daemon root directory. DefaultDaemonRootPath = "/var/lib/hermes-daemon/" // DefaultConfigPath is the default filesystem path for the node daemon configuration file. DefaultConfigPath = "/etc/hermes-daemon/config.toml" )
View Source
const ( // DefaultContentStore chooses the soci or containerd content store as the default DefaultContentStoreType = "containerd" // DefaultSOCIV1Enable is the default value for whether SOCI v1 is enabled DefaultSOCIV1Enable = false // DefaultSOCIV2Enable is the default value for whether SOCI v2 is enabled DefaultSOCIV2Enable = true // DefaultParallelPullEnable is the default value for whether parallel pull and unpack is enabled DefaultParallelPullUnpackEnable = false // DefaultParallelPullAsFallback is the default value for whether parallel pull is used // as a fallback when lazy-load finds no SOCI index. // This is EXPERIMENTAL: lazy-load with containerd content store may have // garbage collection edge cases. DefaultExperimentalParallelPullAsFallback = false )
FSConfig defaults
View Source
const (
DefaultImageServiceAddress = "/run/containerd/containerd.sock"
)
ServiceConfig defaults
View Source
const (
Unbounded = -1
)
ParallelPullUnpack defaults
Variables ¶
This section is empty.
Functions ¶
func TrimSocketAddress ¶
Types ¶
type BackgroundFetchConfig ¶
type BackgroundFetchConfig struct {
Disable bool `toml:"disable"`
// SilencePeriodMsec defines the time (in ms) the background fetcher
// will be paused for when a new image is mounted.
SilencePeriodMsec int64 `toml:"silence_period_msec"`
// FetchPeriodMsec specifies how often a background fetch will occur.
// The background fetcher will fetch one span every FetchPeriodMsec.
FetchPeriodMsec int64 `toml:"fetch_period_msec"`
// MaxQueueSize specifies the maximum size of the work queue
// i.e., the maximum number of span managers that can be queued
// in the background fetcher.
MaxQueueSize int `toml:"max_queue_size"`
// EmitMetricPeriodSec is the amount of interval (in second) at which the background
// fetcher emits metrics
EmitMetricPeriodSec int64 `toml:"emit_metric_period_sec"`
}
type BlobConfig ¶
type BlobConfig struct {
ValidInterval int64 `toml:"valid_interval"`
FetchTimeoutSec int64 `toml:"fetching_timeout_sec"`
MaxRetries int `toml:"max_retries"`
MinWaitMsec int64 `toml:"min_wait_msec"`
MaxWaitMsec int64 `toml:"max_wait_msec"`
CheckAlways bool `toml:"check_always"`
ForceSingleRangeMode bool `toml:"force_single_range_mode"`
// MaxSpanVerificationRetries defines the number of additional times fetch
// will be invoked in case of span verification failure.
MaxSpanVerificationRetries int `toml:"max_span_verification_retries"`
}
BlobConfig is config for layer blob management.
type CRIKeychainConfig ¶
type CRIKeychainConfig struct {
// EnableKeychain enables CRI-based keychain
EnableKeychain bool `toml:"enable_keychain"`
// ImageServicePath is the path to the unix socket of backing CRI Image Service (e.g. containerd CRI plugin)
ImageServicePath string `toml:"image_service_path"`
}
CRIKeychainConfig is config for CRI-based keychain.
type Config ¶
type Config struct {
ServiceConfig
// MetricsAddress is address for the metrics API
MetricsAddress string `toml:"metrics_address"`
// MetricsNetwork is the type of network for the metrics API (e.g. tcp or unix)
MetricsNetwork string `toml:"metrics_network"`
// NoPrometheus is a flag to disable the emission of the metrics
NoPrometheus bool `toml:"no_prometheus"`
// DebugAddress is a Unix domain socket address where the snapshotter exposes /debug/ endpoints.
DebugAddress string `toml:"debug_address"`
// MetadataStore is the type of the metadata store to use.
MetadataStore string `toml:"metadata_store"`
// SkipCheckSnapshotterSupported is a flag to skip check for overlayfs support needed to confirm if SOCI can work
SkipCheckSnapshotterSupported bool `toml:"skip_check_snapshotter_supported"`
}
func NewConfig ¶
func NewConfig() *Config
NewConfig returns an initialized Config with default values set.
func NewConfigFromToml ¶
type ContentStoreConfig ¶
type ContentStoreConfig struct {
Type ContentStoreType `toml:"type"`
// ContainerdAddress is the containerd socket address.
// Applicable if and only if using containerd content store.
ContainerdAddress string `toml:"containerd_address"`
}
ContentStoreConfig chooses and configures the content store
type ContentStoreType ¶
type ContentStoreType string
const ( ContainerdContentStoreType ContentStoreType = "containerd" SociContentStoreType ContentStoreType = "soci" )
type DecompressStream ¶
type DecompressStream struct {
// Path is the system path to the decompression binary.
Path string `toml:"path"`
// Args is a list of command arguments passed to the decompression binary.
Args []string `toml:"args"`
}
DecompressStream specifies the configuration for a decompression implementation.
type DirectoryCacheConfig ¶
type DirectoryCacheConfig struct {
MaxLRUCacheEntry int `toml:"max_lru_cache_entry"`
MaxCacheFds int `toml:"max_cache_fds"`
SyncAdd bool `toml:"sync_add"`
Direct bool `toml:"direct"`
}
DirectoryCacheConfig is config for directory-based cache.
type ExternalArtifactStoreConfig ¶
type ExternalArtifactStoreConfig struct {
Enable bool `toml:"enable"`
Endpoint string `toml:"endpoint"`
TimeoutSec int64 `toml:"timeout_sec"`
Platform string `toml:"platform"`
FallbackToRegistry bool `toml:"fallback_to_registry"`
}
ExternalArtifactStoreConfig configures an optional Hermes controller artifact store.
type FSConfig ¶
type FSConfig struct {
HTTPCacheType string `toml:"http_cache_type"`
FSCacheType string `toml:"filesystem_cache_type"`
ResolveResultEntry int `toml:"resolve_result_entry"`
Debug bool `toml:"debug"`
DisableVerification bool `toml:"disable_verification"`
MaxConcurrency int64 `toml:"max_concurrency"`
NoPrometheus bool `toml:"no_prometheus"`
MountTimeoutSec int64 `toml:"mount_timeout_sec"`
FuseMetricsEmitWaitDurationSec int64 `toml:"fuse_metrics_emit_wait_duration_sec"`
RetryableHTTPClientConfig `toml:"http"`
BlobConfig `toml:"blob"`
DirectoryCacheConfig `toml:"directory_cache"`
FuseConfig `toml:"fuse"`
BackgroundFetchConfig `toml:"background_fetch"`
ContentStoreConfig `toml:"content_store"`
PrefetchConfig `toml:"prefetch"`
ExternalArtifactStoreConfig `toml:"external_artifact_store"`
}
type FuseConfig ¶
type FuseConfig struct {
// AttrTimeout defines overall timeout attribute for a file system in seconds.
AttrTimeout int64 `toml:"attr_timeout"`
// EntryTimeout defines TTL for directory, name lookup in seconds.
EntryTimeout int64 `toml:"entry_timeout"`
// NegativeTimeout defines the overall entry timeout for failed lookups.
NegativeTimeout int64 `toml:"negative_timeout"`
// LogFuseOperations enables logging of operations on FUSE FS. This is to be used
// for debugging purposes only. This option may emit sensitive information,
// e.g. filenames and paths within an image
LogFuseOperations bool `toml:"log_fuse_operations"`
}
type HostConfig ¶
type HostConfig struct {
Mirrors []MirrorConfig `toml:"mirrors"`
}
type KubeconfigKeychainConfig ¶
type KubeconfigKeychainConfig struct {
// EnableKeychain enables kubeconfig-based keychain
EnableKeychain bool `toml:"enable_keychain"`
// KubeconfigPath is the path to kubeconfig which can be used to sync
// secrets on the cluster into this snapshotter.
KubeconfigPath string `toml:"kubeconfig_path"`
}
KubeconfigKeychainConfig is config for kubeconfig-based keychain.
type MirrorConfig ¶
type MirrorConfig struct {
// Host is the hostname of the host.
Host string `toml:"host"`
// Insecure is true means use http scheme instead of https.
Insecure bool `toml:"insecure"`
// RequestTimeoutSec is timeout seconds of each request to the registry.
// RequestTimeoutSec == 0 indicates the default timeout (defaultRequestTimeoutSec).
// RequestTimeoutSec < 0 indicates no timeout.
RequestTimeoutSec int64 `toml:"request_timeout_sec"`
}
type Parallel ¶
type Parallel struct {
ParallelConfig
Enable bool `toml:"enable"`
// ParallelPullAsFallback enables parallel-pull as an automatic fallback
// when lazy-load is the primary mode but no SOCI index is found for an image.
// When true (and Enable is false), the snapshotter will first attempt lazy-load;
// if no SOCI index exists, it falls back to parallel-pull instead of deferring
// to the container runtime's slower sequential pull.
// If Enable is true, this option is a no-op (parallel-pull is already the primary mode).
//
// EXPERIMENTAL: This requires the containerd content store for both lazy-load
// and parallel-pull (unless discard_unpacked_layers = true).
// Lazy-load with the containerd content store may have garbage collection
// edge cases.
ExperimentalParallelPullAsFallback bool `toml:"experimental_parallel_pull_as_fallback"`
}
Parallel contains config for parallel pull and unpacks Parallel mode does not implment lazy loading strategy but aims to speed up the process via concurrent operations.
type ParallelConfig ¶
type ParallelConfig struct {
MaxConcurrentDownloads int64 `toml:"max_concurrent_downloads"`
MaxConcurrentDownloadsPerImage int64 `toml:"max_concurrent_downloads_per_image"`
ConcurrentDownloadChunkSizeStr string `toml:"concurrent_download_chunk_size"`
ConcurrentDownloadChunkSize int64 `toml:"-"`
MaxConcurrentUnpacks int64 `toml:"max_concurrent_unpacks"`
MaxConcurrentUnpacksPerImage int64 `toml:"max_concurrent_unpacks_per_image"`
// DecompressStreams modifies the implementations used to unpack compressed layer tarballs.
DecompressStreams map[string]DecompressStream `toml:"decompress_streams"`
DiscardUnpackedLayers bool `toml:"discard_unpacked_layers"`
}
ParallelConfig modifies behavior for eager image pulls. Set any of the TOML vals to negative to unbound any of these operations.
type PrefetchConfig ¶
type PrefetchConfig struct {
// Enable controls whether the prefetch feature is enabled.
Enable bool `toml:"enable"`
// MaxConcurrency limits the maximum number of layers that can perform
// prefetch operations concurrently at the snapshotter level.
// 0 means no limit.
MaxConcurrency int64 `toml:"max_concurrency"`
}
PrefetchConfig configures the prefetch feature for downloading specified files before marking a layer download as complete.
type PullModes ¶
type PullModes struct {
SOCIv1 V1 `toml:"soci_v1"`
SOCIv2 V2 `toml:"soci_v2"`
Parallel Parallel `toml:"parallel_pull_unpack"`
}
PullModes contain config related to the ways in in which the SOCI snapshotter can pull images
func DefaultPullModes ¶
func DefaultPullModes() PullModes
DefaultPullModes returns a PullModes struct with the SOCI defaults set.
type ResolverConfig ¶
type ResolverConfig struct {
Host map[string]HostConfig `toml:"host"`
}
ResolverConfig is config for resolving registries.
type RetryConfig ¶
type RetryConfig struct {
// MaxRetries is the maximum number of retries before giving up on a retryable request.
// This does not include the initial request so the total number of attempts will be MaxRetries + 1.
MaxRetries int
// MinWait is the minimum wait time between attempts. The actual wait time is governed by the BackoffStrategy,
// but the wait time will never be shorter than this duration.
MinWaitMsec int64
// MaxWait is the maximum wait time between attempts. The actual wait time is governed by the BackoffStrategy,
// but the wait time will never be longer than this duration.
MaxWaitMsec int64
}
RetryConfig represents the settings for retries in a retryable http client.
type RetryableHTTPClientConfig ¶
type RetryableHTTPClientConfig struct {
TimeoutConfig
RetryConfig
}
RetryableHTTPClientConfig is the complete config for a retryable http client
type ServiceConfig ¶
type ServiceConfig struct {
FSConfig
// PullModes controls which pull modes are enabled
// and their implementation-specific config
PullModes PullModes `toml:"pull_modes"`
// KubeconfigKeychainConfig is config for kubeconfig-based keychain.
KubeconfigKeychainConfig `toml:"kubeconfig_keychain"`
// CRIKeychainConfig is config for CRI-based keychain.
CRIKeychainConfig `toml:"cri_keychain"`
// ResolverConfig is config for resolving registries.
ResolverConfig `toml:"resolver"`
// SnapshotterConfig is snapshotter-related config.
SnapshotterConfig `toml:"snapshotter"`
}
type SnapshotterConfig ¶
type SnapshotterConfig struct {
// MinLayerSize skips remote mounting of smaller layers
MinLayerSize int64 `toml:"min_layer_size"`
// AllowInvalidMountsOnRestart allows that there are snapshot mounts that cannot access to the
// data source when restarting the snapshotter.
// NOTE: User needs to manually remove the snapshots from containerd's metadata store using
// ctr (e.g. `ctr snapshot rm`).
AllowInvalidMountsOnRestart bool `toml:"allow_invalid_mounts_on_restart"`
}
SnapshotterConfig is snapshotter-related config.
type TimeoutConfig ¶
type TimeoutConfig struct {
// DialTimeout is the maximum duration that connection can take before a request attempt is timed out.
DialTimeoutMsec int64
// ResponseHeaderTimeout is the maximum duration waiting for response headers before a request attempt is timed out.
// This starts after the entire request body is uploaded to the remote endpoint and stops when the request headers
// are fully read. It does not include reading the body.
ResponseHeaderTimeoutMsec int64
// RequestTimeout is the maximum duration before the entire request attempt is timed out. This starts when the
// client starts the connection attempt and ends when the entire response body is read.
RequestTimeoutMsec int64
}
TimeoutConfig represents the settings for timeout at various points in a request lifecycle in a retryable http client.
Source Files
Click to show internal directories.
Click to hide internal directories.