createconfig

package
v2.0.6-rc1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 28, 2020 License: Apache-2.0 Imports: 37 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// TypeBind is the type for mounting host dir
	TypeBind = "bind"
	// TypeVolume is the type for named volumes
	TypeVolume = "volume"
	// TypeTmpfs is the type for mounting tmpfs
	TypeTmpfs = "tmpfs"
)
View Source 
const CpuPeriod = 100000
View Source 
const DefaultKernelNamespaces = "cgroup,ipc,net,uts"

DefaultKernelNamespaces is a comma-separated list of default kernel namespaces.

View Source 
const Pod = "pod"

Pod signifies a kernel namespace is being shared by a container with the pod it is associated with

Variables

This section is empty.

Functions

func AddPrivilegedDevices 

func AddPrivilegedDevices(g *generate.Generator) error

AddPrivilegedDevices iterates through host devices and adds all host devices to the spec

func BlockAccessToKernelFilesystems 

func BlockAccessToKernelFilesystems(privileged, pidModeIsHost bool, g *generate.Generator)

func CreateContainerFromCreateConfig 

func CreateContainerFromCreateConfig(ctx context.Context, r *libpod.Runtime, createConfig *CreateConfig, pod *libpod.Pod) (*libpod.Container, error)

func CreatePortBinding 

func CreatePortBinding(hostPort int, hostIP string) []nat.PortBinding

CreatePortBinding takes port (int) and IP (string) and creates an array of portbinding structs

func Device 

func Device(d *configs.Device) spec.LinuxDevice

Device transforms a libcontainer configs.Device to a specs.LinuxDevice object.

func DevicesFromPath 

func DevicesFromPath(g *generate.Generator, devicePath string) error

DevicesFromPath computes a list of devices

func ExposedPorts 

func ExposedPorts(expose, publish []string, publishAll bool, imageExposedPorts map[string]struct{}) (map[nat.Port][]nat.PortBinding, error)

ExposedPorts parses user and image ports and returns binding information

func GetAvailableGids 

func GetAvailableGids() (int64, error)

func GetStatFromPath 

func GetStatFromPath(path string) (unix.Stat_t, error)

func InitFSMounts 

func InitFSMounts(mounts []spec.Mount) error

Ensure mount options on all mounts are correct

func IsNS 

func IsNS(s string) bool

IsNS returns if the specified string has a ns: prefix

func IsPod 

func IsPod(s string) bool

IsPod returns if the specified string is pod

func IsValidDeviceMode 

func IsValidDeviceMode(mode string) bool

IsValidDeviceMode checks if the mode for device is valid or not. IsValid mode is a composition of r (read), w (write), and m (mknod).

func NS 

func NS(s string) string

NS is the path to the namespace to join.

func NatToOCIPortBindings 

func NatToOCIPortBindings(ports nat.PortMap) ([]ocicni.PortMapping, error)

NatToOCIPortBindings iterates a nat.portmap slice and creates []ocicni portmapping slice

func ParseDevice 

func ParseDevice(device string) (string, string, string, error)

ParseDevice parses device mapping string to a src, dest & permissions string

func SupercedeUserMounts 

func SupercedeUserMounts(mounts []spec.Mount, configMount []spec.Mount) []spec.Mount

Supersede existing mounts in the spec with new, user-specified mounts. TODO: Should we unmount subtree mounts? E.g., if /tmp/ is mounted by one mount, and we already have /tmp/a and /tmp/b, should we remove the /tmp/a and /tmp/b mounts in favor of the more general /tmp?

func Valid 

func Valid(s string, ns LinuxNS) bool

Valid checks the validity of a linux namespace s should be the string representation of ns

func ValidateweightDevice 

func ValidateweightDevice(val string) (*weightDevice, error)

ValidateweightDevice validates that the specified string has a valid device-weight format for blkio-weight-device flag

Types

type CgroupConfig 

type CgroupConfig struct {
	Cgroups      string
	Cgroupns     string
	CgroupParent string                // cgroup-parent
	CgroupMode   namespaces.CgroupMode //cgroup
}

CgroupConfig configures the cgroup namespace for the container

func (*CgroupConfig) ConfigureGenerator 

func (c *CgroupConfig) ConfigureGenerator(g *generate.Generator) error

ConfigureGenerator configures the generator according to the current state of the CgroupConfig.

func (*CgroupConfig) ToCreateOptions 

func (c *CgroupConfig) ToCreateOptions(runtime *libpod.Runtime) ([]libpod.CtrCreateOption, error)

ToCreateOptions converts the input to container create options.

type CreateConfig 

type CreateConfig struct {
	Annotations       map[string]string
	Args              []string
	CidFile           string
	ConmonPidFile     string
	Command           []string          // Full command that will be used
	UserCommand       []string          // User-entered command (or image CMD)
	Detach            bool              // detach
	Devices           []string          // device
	Entrypoint        []string          //entrypoint
	Env               map[string]string //env
	HealthCheck       *manifest.Schema2HealthConfig
	Init              bool   // init
	InitPath          string //init-path
	Image             string
	ImageID           string
	RawImageName      string
	BuiltinImgVolumes map[string]struct{} // volumes defined in the image config
	ImageVolumeType   string              // how to handle the image volume, either bind, tmpfs, or ignore
	Interactive       bool                //interactive
	Labels            map[string]string   //label
	LogDriver         string              // log-driver
	LogDriverOpt      []string            // log-opt
	Name              string              //name
	PodmanPath        string
	Pod               string //pod
	Quiet             bool   //quiet
	Resources         CreateResourceConfig
	RestartPolicy     string
	Rm                bool           //rm
	Rmi               bool           //rmi
	StopSignal        syscall.Signal // stop-signal
	StopTimeout       uint           // stop-timeout
	Systemd           bool
	Tmpfs             []string // tmpfs
	Tty               bool     //tty
	Mounts            []spec.Mount
	MountsFlag        []string // mounts
	NamedVolumes      []*libpod.ContainerNamedVolume
	Volumes           []string //volume
	VolumesFrom       []string
	WorkDir           string //workdir
	Rootfs            string
	Security          SecurityConfig
	Syslog            bool // Whether to enable syslog on exit commands

	// Namespaces
	Pid     PidConfig
	Ipc     IpcConfig
	Cgroup  CgroupConfig
	User    UserConfig
	Uts     UtsConfig
	Network NetworkConfig
}

CreateConfig is a pre OCI spec structure. It represents user input from varlink or the CLI swagger:model CreateConfig

func (*CreateConfig) CreateBlockIO 

func (c *CreateConfig) CreateBlockIO() (*spec.LinuxBlockIO, error)

CreateBlockIO returns a LinuxBlockIO struct from a CreateConfig

func (*CreateConfig) MakeContainerConfig 

func (config *CreateConfig) MakeContainerConfig(runtime *libpod.Runtime, pod *libpod.Pod) (*spec.Spec, []libpod.CtrCreateOption, error)

MakeContainerConfig generates all configuration necessary to start a container with libpod from a completed CreateConfig struct.

type CreateResourceConfig 

type CreateResourceConfig struct {
	BlkioWeight       uint16   // blkio-weight
	BlkioWeightDevice []string // blkio-weight-device
	CPUPeriod         uint64   // cpu-period
	CPUQuota          int64    // cpu-quota
	CPURtPeriod       uint64   // cpu-rt-period
	CPURtRuntime      int64    // cpu-rt-runtime
	CPUShares         uint64   // cpu-shares
	CPUs              float64  // cpus
	CPUsetCPUs        string
	CPUsetMems        string   // cpuset-mems
	DeviceCgroupRules []string //device-cgroup-rule
	DeviceReadBps     []string // device-read-bps
	DeviceReadIOps    []string // device-read-iops
	DeviceWriteBps    []string // device-write-bps
	DeviceWriteIOps   []string // device-write-iops
	DisableOomKiller  bool     // oom-kill-disable
	KernelMemory      int64    // kernel-memory
	Memory            int64    //memory
	MemoryReservation int64    // memory-reservation
	MemorySwap        int64    //memory-swap
	MemorySwappiness  int      // memory-swappiness
	OomScoreAdj       int      //oom-score-adj
	PidsLimit         int64    // pids-limit
	ShmSize           int64
	Ulimit            []string //ulimit
}

CreateResourceConfig represents resource elements in CreateConfig structures

type IpcConfig 

type IpcConfig struct {
	IpcMode namespaces.IpcMode //ipc
}

IpcConfig configures the ipc namespace for the container

func (*IpcConfig) ConfigureGenerator 

func (c *IpcConfig) ConfigureGenerator(g *generate.Generator) error

ConfigureGenerator configures the generator according to the current state of the IpcConfig.

func (*IpcConfig) ToCreateOptions 

func (c *IpcConfig) ToCreateOptions(runtime *libpod.Runtime) ([]libpod.CtrCreateOption, error)

ToCreateOptions converts the input to container create options.

type LinuxNS 

type LinuxNS interface {
	Valid() bool
}

LinuxNS is a struct that contains namespace information It implemented Valid to show it is a valid namespace

type NetworkConfig 

type NetworkConfig struct {
	DNSOpt       []string //dns-opt
	DNSSearch    []string //dns-search
	DNSServers   []string //dns
	ExposedPorts map[nat.Port]struct{}
	HTTPProxy    bool
	IP6Address   string                 //ipv6
	IPAddress    string                 //ip
	LinkLocalIP  []string               // link-local-ip
	MacAddress   string                 //mac-address
	NetMode      namespaces.NetworkMode //net
	Network      string                 //network
	NetworkAlias []string               //network-alias
	PortBindings nat.PortMap
	Publish      []string //publish
	PublishAll   bool     //publish-all
}

NetworkConfig configures the network namespace for the container

func (*NetworkConfig) ConfigureGenerator 

func (c *NetworkConfig) ConfigureGenerator(g *generate.Generator) error

ConfigureGenerator configures the generator based according to the current state of the NetworkConfig.

func (*NetworkConfig) ToCreateOptions 

func (c *NetworkConfig) ToCreateOptions(runtime *libpod.Runtime, userns *UserConfig) ([]libpod.CtrCreateOption, error)

ToCreateOptions converts the input to a slice of container create options.

type PidConfig 

type PidConfig struct {
	PidMode namespaces.PidMode //pid
}

PidConfig configures the pid namespace for the container

func (*PidConfig) ConfigureGenerator 

func (c *PidConfig) ConfigureGenerator(g *generate.Generator) error

ConfigureGenerator configures the generator according to the current state of the PidConfig.

func (*PidConfig) ToCreateOptions 

func (c *PidConfig) ToCreateOptions(runtime *libpod.Runtime) ([]libpod.CtrCreateOption, error)

ToCreateOptions converts the input to container create options.

type SecurityConfig 

type SecurityConfig struct {
	CapAdd                  []string // cap-add
	CapDrop                 []string // cap-drop
	CapRequired             []string // cap-required
	LabelOpts               []string //SecurityOpts
	NoNewPrivs              bool     //SecurityOpts
	ApparmorProfile         string   //SecurityOpts
	SeccompProfilePath      string   //SecurityOpts
	SeccompProfileFromImage string   // seccomp profile from the container image
	SeccompPolicy           seccomp.Policy
	SecurityOpts            []string
	Privileged              bool              //privileged
	ReadOnlyRootfs          bool              //read-only
	ReadOnlyTmpfs           bool              //read-only-tmpfs
	Sysctl                  map[string]string //sysctl
}

SecurityConfig configures the security features for the container

func (*SecurityConfig) ConfigureGenerator 

func (c *SecurityConfig) ConfigureGenerator(g *generate.Generator, user *UserConfig) error

ConfigureGenerator configures the generator according to the input.

func (*SecurityConfig) SetLabelOpts 

func (c *SecurityConfig) SetLabelOpts(runtime *libpod.Runtime, pidConfig *PidConfig, ipcConfig *IpcConfig) error

SetLabelOpts sets the label options of the SecurityConfig according to the input.

func (*SecurityConfig) SetSecurityOpts 

func (c *SecurityConfig) SetSecurityOpts(runtime *libpod.Runtime, securityOpts []string) error

SetSecurityOpts the the security options (labels, apparmor, seccomp, etc.).

func (*SecurityConfig) ToCreateOptions 

func (c *SecurityConfig) ToCreateOptions() ([]libpod.CtrCreateOption, error)

ToCreateOptions convert the SecurityConfig to a slice of container create options.

type UserConfig 

type UserConfig struct {
	GroupAdd   []string // group-add
	IDMappings *storage.IDMappingOptions
	UsernsMode namespaces.UsernsMode //userns
	User       string                //user
}

UserConfig configures the user namespace for the container

func (*UserConfig) ConfigureGenerator 

func (c *UserConfig) ConfigureGenerator(g *generate.Generator) error

ConfigureGenerator configures the generator according to the current state of the UserConfig.

func (*UserConfig) InNS 

func (c *UserConfig) InNS(isRootless bool) bool

InNS returns true if the UserConfig indicates to be in a dedicated user namespace.

func (*UserConfig) ToCreateOptions 

func (c *UserConfig) ToCreateOptions(runtime *libpod.Runtime) ([]libpod.CtrCreateOption, error)

ToCreateOptions converts the input to container create options.

type UtsConfig 

type UtsConfig struct {
	UtsMode  namespaces.UTSMode //uts
	NoHosts  bool
	HostAdd  []string //add-host
	Hostname string
}

UtsConfig configures the uts namespace for the container

func (*UtsConfig) ConfigureGenerator 

func (c *UtsConfig) ConfigureGenerator(g *generate.Generator, net *NetworkConfig, runtime *libpod.Runtime) error

ConfigureGenerator configures the generator according to the current state of the UtsConfig.

func (*UtsConfig) ToCreateOptions 

func (c *UtsConfig) ToCreateOptions(runtime *libpod.Runtime, pod *libpod.Pod) ([]libpod.CtrCreateOption, error)

ToCreateOptions converts the input to container create options.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.