createconfig

package
v1.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 6, 2020 License: Apache-2.0 Imports: 35 Imported by: 13

Documentation

Index

Constants

View Source 
const (
	// TypeBind is the type for mounting host dir
	TypeBind = "bind"
	// TypeVolume is the type for named volumes
	TypeVolume = "volume"
	// TypeTmpfs is the type for mounting tmpfs
	TypeTmpfs = "tmpfs"
)
View Source 
const Pod = "pod"

Pod signifies a kernel namespace is being shared by a container with the pod it is associated with

Variables

This section is empty.

Functions

func CreatePortBinding 

func CreatePortBinding(hostPort int, hostIP string) []nat.PortBinding

CreatePortBinding takes port (int) and IP (string) and creates an array of portbinding structs

func Device 

func Device(d *configs.Device) spec.LinuxDevice

Device transforms a libcontainer configs.Device to a specs.LinuxDevice object.

func ExposedPorts 

func ExposedPorts(expose, publish []string, publishAll bool, imageExposedPorts map[string]struct{}) (map[nat.Port][]nat.PortBinding, error)

ExposedPorts parses user and image ports and returns binding information

func IsNS added in v0.7.4 

func IsNS(s string) bool

IsNS returns if the specified string has a ns: prefix

func IsPod added in v0.8.4 

func IsPod(s string) bool

IsPod returns if the specified string is pod

func IsValidDeviceMode added in v0.11.1 

func IsValidDeviceMode(mode string) bool

IsValidDeviceMode checks if the mode for device is valid or not. IsValid mode is a composition of r (read), w (write), and m (mknod).

func NS added in v0.7.4 

func NS(s string) string

NS is the path to the namespace to join.

func NatToOCIPortBindings added in v0.12.1 

func NatToOCIPortBindings(ports nat.PortMap) ([]ocicni.PortMapping, error)

NatToOCIPortBindings iterates a nat.portmap slice and creates []ocicni portmapping slice

func ParseDevice added in v0.11.1 

func ParseDevice(device string) (string, string, string, error)

ParseDevice parses device mapping string to a src, dest & permissions string

func Valid added in v0.8.4 

func Valid(s string, ns LinuxNS) bool

Valid checks the validity of a linux namespace s should be the string representation of ns

Types

type CgroupConfig added in v1.7.0 

type CgroupConfig struct {
	Cgroups      string
	Cgroupns     string
	CgroupParent string                // cgroup-parent
	CgroupMode   namespaces.CgroupMode //cgroup
}

CgroupConfig configures the cgroup namespace for the container

func (*CgroupConfig) ConfigureGenerator added in v1.7.0 

func (c *CgroupConfig) ConfigureGenerator(g *generate.Generator) error

ConfigureGenerator configures the generator according to the current state of the CgroupConfig.

func (*CgroupConfig) ToCreateOptions added in v1.7.0 

func (c *CgroupConfig) ToCreateOptions(runtime *libpod.Runtime) ([]libpod.CtrCreateOption, error)

ToCreateOptions converts the input to container create options.

type CreateConfig 

type CreateConfig struct {
	Annotations       map[string]string
	Args              []string
	CidFile           string
	ConmonPidFile     string
	Command           []string          // Full command that will be used
	UserCommand       []string          // User-entered command (or image CMD)
	Detach            bool              // detach
	Devices           []string          // device
	Entrypoint        []string          //entrypoint
	Env               map[string]string //env
	HealthCheck       *manifest.Schema2HealthConfig
	Init              bool   // init
	InitPath          string //init-path
	Image             string
	ImageID           string
	BuiltinImgVolumes map[string]struct{} // volumes defined in the image config
	ImageVolumeType   string              // how to handle the image volume, either bind, tmpfs, or ignore
	Interactive       bool                //interactive
	Labels            map[string]string   //label
	LogDriver         string              // log-driver
	LogDriverOpt      []string            // log-opt
	Name              string              //name
	PodmanPath        string
	Pod               string //pod
	Quiet             bool   //quiet
	Resources         CreateResourceConfig
	RestartPolicy     string
	Rm                bool           //rm
	StopSignal        syscall.Signal // stop-signal
	StopTimeout       uint           // stop-timeout
	Systemd           bool
	Tmpfs             []string // tmpfs
	Tty               bool     //tty
	Mounts            []spec.Mount
	MountsFlag        []string // mounts
	NamedVolumes      []*libpod.ContainerNamedVolume
	Volumes           []string //volume
	VolumesFrom       []string
	WorkDir           string //workdir
	Rootfs            string
	Security          SecurityConfig
	Syslog            bool // Whether to enable syslog on exit commands

	// Namespaces
	Pid     PidConfig
	Ipc     IpcConfig
	Cgroup  CgroupConfig
	User    UserConfig
	Uts     UtsConfig
	Network NetworkConfig
}

CreateConfig is a pre OCI spec structure. It represents user input from varlink or the CLI

func (*CreateConfig) AddPrivilegedDevices 

func (c *CreateConfig) AddPrivilegedDevices(g *generate.Generator) error

AddPrivilegedDevices iterates through host devices and adds all host devices to the spec

func (*CreateConfig) CreateBlockIO 

func (c *CreateConfig) CreateBlockIO() (*spec.LinuxBlockIO, error)

CreateBlockIO returns a LinuxBlockIO struct from a CreateConfig

func (*CreateConfig) MakeContainerConfig added in v1.3.0 

func (config *CreateConfig) MakeContainerConfig(runtime *libpod.Runtime, pod *libpod.Pod) (*spec.Spec, []libpod.CtrCreateOption, error)

MakeContainerConfig generates all configuration necessary to start a container with libpod from a completed CreateConfig struct.

type CreateResourceConfig 

type CreateResourceConfig struct {
	BlkioWeight       uint16   // blkio-weight
	BlkioWeightDevice []string // blkio-weight-device
	CPUPeriod         uint64   // cpu-period
	CPUQuota          int64    // cpu-quota
	CPURtPeriod       uint64   // cpu-rt-period
	CPURtRuntime      int64    // cpu-rt-runtime
	CPUShares         uint64   // cpu-shares
	CPUs              float64  // cpus
	CPUsetCPUs        string
	CPUsetMems        string   // cpuset-mems
	DeviceReadBps     []string // device-read-bps
	DeviceReadIOps    []string // device-read-iops
	DeviceWriteBps    []string // device-write-bps
	DeviceWriteIOps   []string // device-write-iops
	DisableOomKiller  bool     // oom-kill-disable
	KernelMemory      int64    // kernel-memory
	Memory            int64    //memory
	MemoryReservation int64    // memory-reservation
	MemorySwap        int64    //memory-swap
	MemorySwappiness  int      // memory-swappiness
	OomScoreAdj       int      //oom-score-adj
	PidsLimit         int64    // pids-limit
	ShmSize           int64
	Ulimit            []string //ulimit
}

CreateResourceConfig represents resource elements in CreateConfig structures

type IpcConfig added in v1.7.0 

type IpcConfig struct {
	IpcMode namespaces.IpcMode //ipc
}

IpcConfig configures the ipc namespace for the container

func (*IpcConfig) ConfigureGenerator added in v1.7.0 

func (c *IpcConfig) ConfigureGenerator(g *generate.Generator) error

ConfigureGenerator configures the generator according to the current state of the IpcConfig.

func (*IpcConfig) ToCreateOptions added in v1.7.0 

func (c *IpcConfig) ToCreateOptions(runtime *libpod.Runtime) ([]libpod.CtrCreateOption, error)

ToCreateOptions converts the input to container create options.

type LinuxNS added in v0.8.4 

type LinuxNS interface {
	Valid() bool
}

LinuxNS is a struct that contains namespace information It implemented Valid to show it is a valid namespace

type NetworkConfig added in v1.7.0 

type NetworkConfig struct {
	DNSOpt       []string //dns-opt
	DNSSearch    []string //dns-search
	DNSServers   []string //dns
	ExposedPorts map[nat.Port]struct{}
	HTTPProxy    bool
	IP6Address   string                 //ipv6
	IPAddress    string                 //ip
	LinkLocalIP  []string               // link-local-ip
	MacAddress   string                 //mac-address
	NetMode      namespaces.NetworkMode //net
	Network      string                 //network
	NetworkAlias []string               //network-alias
	PortBindings nat.PortMap
	Publish      []string //publish
	PublishAll   bool     //publish-all
}

NetworkConfig configures the network namespace for the container

func (*NetworkConfig) ConfigureGenerator added in v1.7.0 

func (c *NetworkConfig) ConfigureGenerator(g *generate.Generator) error

ConfigureGenerator configures the generator based according to the current state of the NetworkConfig.

func (*NetworkConfig) ToCreateOptions added in v1.7.0 

func (c *NetworkConfig) ToCreateOptions(runtime *libpod.Runtime, userns *UserConfig) ([]libpod.CtrCreateOption, error)

ToCreateOptions converts the input to a slice of container create options.

type PidConfig added in v1.7.0 

type PidConfig struct {
	PidMode namespaces.PidMode //pid
}

PidConfig configures the pid namespace for the container

func (*PidConfig) ConfigureGenerator added in v1.7.0 

func (c *PidConfig) ConfigureGenerator(g *generate.Generator) error

ConfigureGenerator configures the generator according to the current state of the PidConfig.

func (*PidConfig) ToCreateOptions added in v1.7.0 

func (c *PidConfig) ToCreateOptions(runtime *libpod.Runtime) ([]libpod.CtrCreateOption, error)

ToCreateOptions converts the input to container create options.

type SeccompPolicy added in v1.8.0 

type SeccompPolicy int

SeccompPolicy determines which seccomp profile gets applied to the container. 

const (
	// SeccompPolicyDefault - if set use SecurityConfig.SeccompProfilePath,
	// otherwise use the default profile.  The SeccompProfilePath might be
	// explicitly set by the user.
	SeccompPolicyDefault SeccompPolicy = iota
	// SeccompPolicyImage - if set use SecurityConfig.SeccompProfileFromImage,
	// otherwise follow SeccompPolicyDefault.
	SeccompPolicyImage
)

func LookupSeccompPolicy added in v1.8.0 

func LookupSeccompPolicy(s string) (SeccompPolicy, error)

LookupSeccompPolicy looksup the corresponding SeccompPolicy for the specified string. If none is found, an errors is returned including the list of supported policies. Note that an empty string resolved to SeccompPolicyDefault.

type SecurityConfig added in v1.7.0 

type SecurityConfig struct {
	CapAdd                  []string // cap-add
	CapDrop                 []string // cap-drop
	LabelOpts               []string //SecurityOpts
	NoNewPrivs              bool     //SecurityOpts
	ApparmorProfile         string   //SecurityOpts
	SeccompProfilePath      string   //SecurityOpts
	SeccompProfileFromImage string   // seccomp profile from the container image
	SeccompPolicy           SeccompPolicy
	SecurityOpts            []string
	Privileged              bool              //privileged
	ReadOnlyRootfs          bool              //read-only
	ReadOnlyTmpfs           bool              //read-only-tmpfs
	Sysctl                  map[string]string //sysctl
}

SecurityConfig configures the security features for the container

func (*SecurityConfig) ConfigureGenerator added in v1.7.0 

func (c *SecurityConfig) ConfigureGenerator(g *generate.Generator, user *UserConfig) error

ConfigureGenerator configures the generator according to the input.

func (*SecurityConfig) SetLabelOpts added in v1.7.0 

func (c *SecurityConfig) SetLabelOpts(runtime *libpod.Runtime, pidConfig *PidConfig, ipcConfig *IpcConfig) error

SetLabelOpts sets the label options of the SecurityConfig according to the input.

func (*SecurityConfig) SetSecurityOpts added in v1.7.0 

func (c *SecurityConfig) SetSecurityOpts(runtime *libpod.Runtime, securityOpts []string) error

SetSecurityOpts the the security options (labels, apparmor, seccomp, etc.).

func (*SecurityConfig) ToCreateOptions added in v1.7.0 

func (c *SecurityConfig) ToCreateOptions() ([]libpod.CtrCreateOption, error)

ToCreateOptions convert the SecurityConfig to a slice of container create options.

type UserConfig added in v1.7.0 

type UserConfig struct {
	GroupAdd   []string // group-add
	IDMappings *storage.IDMappingOptions
	UsernsMode namespaces.UsernsMode //userns
	User       string                //user
}

UserConfig configures the user namespace for the container

func (*UserConfig) ConfigureGenerator added in v1.7.0 

func (c *UserConfig) ConfigureGenerator(g *generate.Generator) error

ConfigureGenerator configures the generator according to the current state of the UserConfig.

func (*UserConfig) InNS added in v1.7.0 

func (c *UserConfig) InNS(isRootless bool) bool

InNS returns true if the UserConfig indicates to be in a dedicated user namespace.

func (*UserConfig) ToCreateOptions added in v1.7.0 

func (c *UserConfig) ToCreateOptions(runtime *libpod.Runtime) ([]libpod.CtrCreateOption, error)

ToCreateOptions converts the input to container create options.

type UtsConfig added in v1.7.0 

type UtsConfig struct {
	UtsMode  namespaces.UTSMode //uts
	NoHosts  bool
	HostAdd  []string //add-host
	Hostname string
}

UtsConfig configures the uts namespace for the container

func (*UtsConfig) ConfigureGenerator added in v1.7.0 

func (c *UtsConfig) ConfigureGenerator(g *generate.Generator, net *NetworkConfig, runtime *libpod.Runtime) error

ConfigureGenerator configures the generator according to the current state of the UtsConfig.

func (*UtsConfig) ToCreateOptions added in v1.7.0 

func (c *UtsConfig) ToCreateOptions(runtime *libpod.Runtime, pod *libpod.Pod) ([]libpod.CtrCreateOption, error)

ToCreateOptions converts the input to container create options.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.