controller

package
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 14, 2026 License: Apache-2.0 Imports: 25 Imported by: 0

Documentation

Index

Constants

View Source 
const DefaultDaemonStopGracePeriod = 5 * time.Second

DefaultDaemonStopGracePeriod is the SIGTERM-to-SIGKILL grace window. Five seconds matches the issue's "wait up to ~5s" — long enough for a clean JSON-RPC drain on a quiescent daemon, short enough that a wedged daemon does not block uninstall noticeably.

Variables

This section is empty.

Functions

func SortDocumentsByKind 

func SortDocumentsByKind(docs []parser.Document, reverse bool) []parser.Document

SortDocumentsByKind sorts documents by kind order. If reverse is true, sorts in reverse dependency order (Container → Cell → Stack → Space → Realm). If reverse is false, sorts in dependency order (Realm → Space → Stack → Cell → Container). Within the same kind, documents are sorted by their original index.

Types

type ApplyResult 

type ApplyResult struct {
	Resources []ResourceResult
}

ApplyResult represents the result of applying a set of resources.

type BootstrapReport 

type BootstrapReport struct {
	RunPath string

	KukeonCgroupExistsPre  bool
	KukeonCgroupExistsPost bool
	KukeonCgroupCreated    bool

	// CNI bootstrap details
	CniConfigDir           string
	CniCacheDir            string
	CniBinDir              string
	CniConfigDirExistsPre  bool
	CniCacheDirExistsPre   bool
	CniBinDirExistsPre     bool
	CniConfigDirCreated    bool
	CniCacheDirCreated     bool
	CniBinDirCreated       bool
	CniConfigDirExistsPost bool
	CniCacheDirExistsPost  bool
	CniBinDirExistsPost    bool

	// Default user hierarchy (realm=default, space=default, stack=default, no cell).
	DefaultRealm RealmSection
	DefaultSpace SpaceSection
	DefaultStack StackSection

	// System hierarchy (realm=kuke-system, space=kukeon, stack=kukeon, cell=kukeond).
	SystemRealm RealmSection
	SystemSpace SpaceSection
	SystemStack StackSection
	SystemCell  CellSection

	// KukeondImage is the resolved image reference provisioned for the kukeond
	// container inside the system cell.
	KukeondImage string
}

type CellSection 

type CellSection struct {
	CellName                    string
	CellMetadataExistsPre       bool
	CellMetadataExistsPost      bool
	CellCreated                 bool
	CellCgroupExistsPre         bool
	CellCgroupExistsPost        bool
	CellCgroupCreated           bool
	CellRootContainerExistsPre  bool
	CellRootContainerExistsPost bool
	CellRootContainerCreated    bool
	CellStartedPre              bool
	CellStartedPost             bool
	CellStarted                 bool
}

CellSection holds the bootstrap outcome for a single cell.

type ContainerCreationOutcome 

type ContainerCreationOutcome struct {
	Name       string
	ExistsPre  bool
	ExistsPost bool
	Created    bool
}

type Controller 

type Controller interface {
	Bootstrap() (BootstrapReport, error)
	CreateRealm(realm intmodel.Realm) (CreateRealmResult, error)
	CreateSpace(space intmodel.Space) (CreateSpaceResult, error)
	CreateStack(stack intmodel.Stack) (CreateStackResult, error)
	CreateCell(cell intmodel.Cell) (CreateCellResult, error)
	CreateContainer(container intmodel.Container) (CreateContainerResult, error)
	DeleteRealm(realm intmodel.Realm, force, cascade bool) (DeleteRealmResult, error)
	DeleteSpace(space intmodel.Space, force, cascade bool) (DeleteSpaceResult, error)
	DeleteStack(stack intmodel.Stack, force, cascade bool) (DeleteStackResult, error)
	DeleteCell(cell intmodel.Cell) (DeleteCellResult, error)
	DeleteContainer(container intmodel.Container) (DeleteContainerResult, error)
	GetRealm(realm intmodel.Realm) (GetRealmResult, error)
	ListRealms() ([]intmodel.Realm, error)
	GetSpace(space intmodel.Space) (GetSpaceResult, error)
	ListSpaces(realmName string) ([]intmodel.Space, error)
	GetStack(stack intmodel.Stack) (GetStackResult, error)
	ListStacks(realmName, spaceName string) ([]intmodel.Stack, error)
	GetCell(cell intmodel.Cell) (GetCellResult, error)
	ListCells(realmName, spaceName, stackName string) ([]intmodel.Cell, error)
	GetContainer(container intmodel.Container) (GetContainerResult, error)
	ListContainers(realmName, spaceName, stackName, cellName string) ([]intmodel.ContainerSpec, error)
	StartCell(cell intmodel.Cell) (StartCellResult, error)
	StartContainer(container intmodel.Container) (StartContainerResult, error)
	StopCell(cell intmodel.Cell) (StopCellResult, error)
	StopContainer(container intmodel.Container) (StopContainerResult, error)
	KillCell(cell intmodel.Cell) (KillCellResult, error)
	KillContainer(container intmodel.Container) (KillContainerResult, error)
	PurgeRealm(realm intmodel.Realm, force, cascade bool) (PurgeRealmResult, error)
	PurgeSpace(space intmodel.Space, force, cascade bool) (PurgeSpaceResult, error)
	PurgeStack(stack intmodel.Stack, force, cascade bool) (PurgeStackResult, error)
	PurgeCell(cell intmodel.Cell, force, cascade bool) (PurgeCellResult, error)
	PurgeContainer(container intmodel.Container) (PurgeContainerResult, error)
	RefreshAll() (RefreshResult, error)
	ReconcileCells() (ReconcileResult, error)
	Uninstall(opts UninstallOptions) (UninstallReport, error)
	Close() error
}

type CreateCellResult 

type CreateCellResult struct {
	Cell intmodel.Cell

	MetadataExistsPre       bool
	MetadataExistsPost      bool
	CgroupExistsPre         bool
	CgroupExistsPost        bool
	CgroupCreated           bool
	RootContainerExistsPre  bool
	RootContainerExistsPost bool
	RootContainerCreated    bool
	StartedPre              bool
	StartedPost             bool
	Started                 bool
	Created                 bool

	Containers []ContainerCreationOutcome
}

CreateCellResult reports reconciliation outcomes for a cell.

type CreateContainerResult 

type CreateContainerResult struct {
	Container intmodel.Container

	CellMetadataExistsPre  bool
	CellMetadataExistsPost bool
	ContainerExistsPre     bool
	ContainerExistsPost    bool
	ContainerCreated       bool
	Started                bool
}

CreateContainerResult reports reconciliation outcomes for container creation within a cell.

type CreateRealmResult 

type CreateRealmResult struct {
	Realm intmodel.Realm

	MetadataExistsPre             bool
	MetadataExistsPost            bool
	CgroupExistsPre               bool
	CgroupExistsPost              bool
	CgroupCreated                 bool
	ContainerdNamespaceExistsPre  bool
	ContainerdNamespaceExistsPost bool
	ContainerdNamespaceCreated    bool
	Created                       bool
}

CreateRealmResult reports the reconciliation outcomes for a realm.

type CreateSpaceResult 

type CreateSpaceResult struct {
	Space intmodel.Space

	MetadataExistsPre    bool
	MetadataExistsPost   bool
	CgroupExistsPre      bool
	CgroupExistsPost     bool
	CgroupCreated        bool
	CNINetworkExistsPre  bool
	CNINetworkExistsPost bool
	CNINetworkCreated    bool
	Created              bool
}

CreateSpaceResult reports reconciliation outcomes for a space.

type CreateStackResult 

type CreateStackResult struct {
	Stack intmodel.Stack

	MetadataExistsPre  bool
	MetadataExistsPost bool
	CgroupExistsPre    bool
	CgroupExistsPost   bool
	CgroupCreated      bool
	Created            bool
}

CreateStackResult reports reconciliation outcomes for a stack.

type DaemonStopReport added in v0.3.0 

type DaemonStopReport struct {
	PIDFilePresent bool
	PIDFile        string
	PID            int
	Signalled      bool
	ForceKilled    bool
}

DaemonStopReport summarizes the outcome of the daemon-stop step run at the top of Uninstall.

The fields cover the three observable states the operator cares about: (1) was a PID file present at all (PIDFilePresent), (2) was a signal actually delivered (Signalled — false when the PID was already dead by the time we read the file, or the file held garbage), and (3) did the daemon require SIGKILL (ForceKilled) — that is the operator-facing tell that the daemon ignored SIGTERM during the grace window.

type DaemonStopper added in v0.3.0 

type DaemonStopper func(ctx context.Context, pidFile string, gracePeriod time.Duration) (DaemonStopReport, error)

DaemonStopper is the injection point for the daemon-stop step. The default implementation reads the PID file, sends SIGTERM, waits up to gracePeriod for the process to exit, then escalates to SIGKILL. Tests stub this to avoid touching real processes.

type DeleteCellResult 

type DeleteCellResult struct {
	Cell              intmodel.Cell
	ContainersDeleted bool
	CgroupDeleted     bool
	MetadataDeleted   bool
}

DeleteCellResult reports what was deleted during cell deletion.

type DeleteContainerResult 

type DeleteContainerResult struct {
	Container          intmodel.Container
	CellMetadataExists bool
	ContainerExists    bool
	Deleted            []string // Resources that were deleted (container, task)
}

DeleteContainerResult mirrors GetContainerResult but also reports what was deleted.

type DeleteImageResult added in v0.3.0 

type DeleteImageResult struct {
	Realm     string
	Namespace string
	Ref       string
}

DeleteImageResult reports the outcome of a `kuke image delete` removal.

type DeleteRealmResult 

type DeleteRealmResult struct {
	Realm                      intmodel.Realm
	Deleted                    []string // Resources that were deleted (metadata, cgroup, namespace, cascaded resources)
	MetadataDeleted            bool
	CgroupDeleted              bool
	ContainerdNamespaceDeleted bool
}

DeleteRealmResult reports what was deleted during realm deletion.

type DeleteResult 

type DeleteResult struct {
	Resources []ResourceDeleteResult
}

DeleteResult represents the result of deleting a set of resources.

type DeleteSpaceResult 

type DeleteSpaceResult struct {
	SpaceName string
	RealmName string
	Space     intmodel.Space

	MetadataDeleted   bool
	CgroupDeleted     bool
	CNINetworkDeleted bool

	Deleted []string // Resources that were deleted (metadata, cgroup, network, cascaded resources)
}

DeleteSpaceResult reports what was deleted during space deletion.

type DeleteStackResult 

type DeleteStackResult struct {
	StackName string
	RealmName string
	SpaceName string
	Stack     intmodel.Stack

	MetadataDeleted bool
	CgroupDeleted   bool

	Deleted []string // Resources that were deleted (metadata, cgroup, cascaded resources)
}

DeleteStackResult reports what was deleted during stack deletion.

type Exec 

type Exec struct {
	// contains filtered or unexported fields
}

func NewControllerExec 

func NewControllerExec(ctx context.Context, logger *slog.Logger, opts Options) *Exec

func NewControllerExecForTesting 

func NewControllerExecForTesting(ctx context.Context, logger *slog.Logger, opts Options, r runner.Runner) *Exec

NewControllerExecForTesting creates a controller with a custom runner for testing. This function is exported for testing purposes only.

func (*Exec) ApplyDocuments 

func (b *Exec) ApplyDocuments(docs []parser.Document) (ApplyResult, error)

ApplyDocuments applies a set of resource documents in dependency order. Documents are sorted: Realm → Space → Stack → Cell → Container. Returns a summary of actions taken for each resource.

func (*Exec) Bootstrap 

func (b *Exec) Bootstrap() (BootstrapReport, error)

func (*Exec) Close 

func (b *Exec) Close() error

Close closes the controller and releases all resources, including the containerd connection.

func (*Exec) CreateCell 

func (b *Exec) CreateCell(cell intmodel.Cell) (CreateCellResult, error)

CreateCell creates a new cell or ensures an existing cell's resources exist. It returns a CreateCellResult and an error. The CreateCellResult reports the state of cell resources before and after the operation, indicating what was created vs what already existed, including container-level outcomes. The error is returned if the cell name is required, the realm name is required, the space name is required, the stack name is required, the cell cgroup does not exist, the root container does not exist, or the cell creation fails.

func (*Exec) CreateContainer 

func (b *Exec) CreateContainer(container intmodel.Container) (CreateContainerResult, error)

func (*Exec) CreateRealm 

func (b *Exec) CreateRealm(realm intmodel.Realm) (CreateRealmResult, error)

CreateRealm creates a new realm or ensures an existing realm's resources exist. It returns a CreateRealmResult and an error. The CreateRealmResult reports the state of realm resources before and after the operation, indicating what was created vs what already existed. The error is returned if the realm name is required, the namespace is required, the realm cgroup does not exist, the containerd namespace does not exist, or the realm creation fails.

func (*Exec) CreateSpace 

func (b *Exec) CreateSpace(space intmodel.Space) (CreateSpaceResult, error)

CreateSpace creates a new space or ensures an existing space's resources exist. It returns a CreateSpaceResult and an error. The CreateSpaceResult reports the state of space resources before and after the operation, indicating what was created vs what already existed. The error is returned if the space name is required, the realm name is required, the space cgroup does not exist, the cni network does not exist, or the space creation fails.

func (*Exec) CreateStack 

func (b *Exec) CreateStack(stack intmodel.Stack) (CreateStackResult, error)

CreateStack creates a new stack or ensures an existing stack's resources exist. It returns a CreateStackResult and an error. The CreateStackResult reports the state of stack resources before and after the operation, indicating what was created vs what already existed. The error is returned if the stack name is required, the realm name is required, the space name is required, the stack cgroup does not exist, or the stack creation fails.

func (*Exec) DeleteCell 

func (b *Exec) DeleteCell(cell intmodel.Cell) (DeleteCellResult, error)

DeleteCell deletes a cell. Always deletes all containers first.

func (*Exec) DeleteContainer 

func (b *Exec) DeleteContainer(container intmodel.Container) (DeleteContainerResult, error)

DeleteContainer deletes a single container. Cascade flag is not applicable.

func (*Exec) DeleteDocuments 

func (b *Exec) DeleteDocuments(docs []parser.Document, cascade, force bool) (DeleteResult, error)

DeleteDocuments deletes a set of resource documents in reverse dependency order. Documents are sorted: Container → Cell → Stack → Space → Realm. Returns a summary of actions taken for each resource.

func (*Exec) DeleteImage added in v0.3.0 

func (b *Exec) DeleteImage(realm, ref string) (DeleteImageResult, error)

DeleteImage removes the named image ref from the realm's containerd namespace. errdefs.ErrImageNotFound is propagated unchanged so callers (CLI, RPC) can map it to a clean "image not found" message.

func (*Exec) DeleteRealm 

func (b *Exec) DeleteRealm(realm intmodel.Realm, force, cascade bool) (DeleteRealmResult, error)

DeleteRealm deletes a realm. If cascade is true, deletes all spaces first. If force is true, skips validation of child resources.

func (*Exec) DeleteSpace 

func (b *Exec) DeleteSpace(space intmodel.Space, force, cascade bool) (DeleteSpaceResult, error)

DeleteSpace deletes a space. If cascade is true, deletes all stacks first. If force is true, skips validation of child resources.

func (*Exec) DeleteStack 

func (b *Exec) DeleteStack(stack intmodel.Stack, force, cascade bool) (DeleteStackResult, error)

DeleteStack deletes a stack. If cascade is true, deletes all cells first. If force is true, skips validation of child resources.

func (*Exec) GetCell 

func (b *Exec) GetCell(cell intmodel.Cell) (GetCellResult, error)

GetCell retrieves a single cell and reports its current state.

func (*Exec) GetContainer 

func (b *Exec) GetContainer(container intmodel.Container) (GetContainerResult, error)

GetContainer retrieves a single container and reports its current state.

func (*Exec) GetImage added in v0.3.0 

func (b *Exec) GetImage(realm, ref string) (GetImageResult, error)

GetImage returns metadata for the named image ref in the realm's containerd namespace. errdefs.ErrImageNotFound is propagated unchanged so callers (CLI, RPC) can map it to a clean "image not found" message.

func (*Exec) GetRealm 

func (b *Exec) GetRealm(realm intmodel.Realm) (GetRealmResult, error)

GetRealm retrieves a single realm and reports its current state.

func (*Exec) GetSpace 

func (b *Exec) GetSpace(space intmodel.Space) (GetSpaceResult, error)

GetSpace retrieves a single space and reports its current state.

func (*Exec) GetStack 

func (b *Exec) GetStack(stack intmodel.Stack) (GetStackResult, error)

GetStack retrieves a single stack and reports its current state.

func (*Exec) KillCell 

func (b *Exec) KillCell(cell intmodel.Cell) (KillCellResult, error)

KillCell immediately force-kills all containers in a cell and updates the cell metadata state.

func (*Exec) KillContainer 

func (b *Exec) KillContainer(container intmodel.Container) (KillContainerResult, error)

KillContainer immediately force-kills a specific container in a cell and updates the cell metadata.

func (*Exec) ListCells 

func (b *Exec) ListCells(realmName, spaceName, stackName string) ([]intmodel.Cell, error)

ListCells lists all cells, optionally filtered by realm, space, and/or stack.

func (*Exec) ListContainers 

func (b *Exec) ListContainers(realmName, spaceName, stackName, cellName string) ([]intmodel.ContainerSpec, error)

ListContainers lists all containers, optionally filtered by realm, space, stack, and/or cell.

func (*Exec) ListImages added in v0.3.0 

func (b *Exec) ListImages(realm string) (ListImagesResult, error)

ListImages enumerates images in the realm's containerd namespace. The realm is validated up-front so callers see ErrRealmNotFound before any containerd round-trip; the namespace mapping mirrors LoadImage.

func (*Exec) ListRealms 

func (b *Exec) ListRealms() ([]intmodel.Realm, error)

ListRealms lists all realms.

func (*Exec) ListSpaces 

func (b *Exec) ListSpaces(realmName string) ([]intmodel.Space, error)

ListSpaces lists all spaces, optionally filtered by realm.

func (*Exec) ListStacks 

func (b *Exec) ListStacks(realmName, spaceName string) ([]intmodel.Stack, error)

ListStacks lists all stacks, optionally filtered by realm and/or space.

func (*Exec) LoadImage added in v0.3.0 

func (b *Exec) LoadImage(realm string, reader io.Reader) (LoadImageResult, error)

LoadImage imports an OCI/docker image tarball into the realm's containerd namespace. The realm name is mapped to a containerd namespace via consts.RealmNamespace, the same source of truth used by `kuke init` and every other realm operation.

func (*Exec) PurgeCell 

func (b *Exec) PurgeCell(cell intmodel.Cell, force, cascade bool) (PurgeCellResult, error)

PurgeCell purges a cell with comprehensive cleanup. Always purges all containers first. If force is true, skips validation (currently unused but recorded for auditing).

func (*Exec) PurgeContainer 

func (b *Exec) PurgeContainer(container intmodel.Container) (PurgeContainerResult, error)

PurgeContainer purges a single container with comprehensive cleanup. Cascade flag is not applicable.

func (*Exec) PurgeRealm 

func (b *Exec) PurgeRealm(realm intmodel.Realm, force, cascade bool) (PurgeRealmResult, error)

PurgeRealm purges a realm with comprehensive cleanup. If cascade is true, purges all spaces first. If force is true, skips validation of child resources.

func (*Exec) PurgeSpace 

func (b *Exec) PurgeSpace(space intmodel.Space, force, cascade bool) (PurgeSpaceResult, error)

PurgeSpace purges a space with comprehensive cleanup. If cascade is true, purges all stacks first. If force is true, skips validation of child resources.

func (*Exec) PurgeStack 

func (b *Exec) PurgeStack(stack intmodel.Stack, force, cascade bool) (PurgeStackResult, error)

PurgeStack purges a stack with comprehensive cleanup. If cascade is true, purges all cells first. If force is true, skips validation of child resources.

func (*Exec) ReconcileCells added in v0.4.0 

func (b *Exec) ReconcileCells() (ReconcileResult, error)

ReconcileCells walks every realm/space/stack and reconciles each cell's status against observed container state. Errors at any level are logged and recorded in Errors; the walk continues so a single bad cell does not silence the rest of the host.

func (*Exec) RefreshAll 

func (b *Exec) RefreshAll() (RefreshResult, error)

RefreshAll refreshes all metadata entities by introspecting containerd and CNI.

func (*Exec) RunPath added in v0.2.0 

func (b *Exec) RunPath() string

RunPath returns the configured kukeon run path. Surfaced for callers that need to derive host paths from the same root the controller writes to — notably the in-process AttachContainer endpoint, which resolves the per-container sbsh socket via fs.ContainerSocketPath.

func (*Exec) StartCell 

func (b *Exec) StartCell(cell intmodel.Cell) (StartCellResult, error)

StartCell starts all containers in a cell and updates the cell metadata state.

func (*Exec) StartContainer 

func (b *Exec) StartContainer(container intmodel.Container) (StartContainerResult, error)

StartContainer starts a specific container in a cell and updates the cell metadata.

func (*Exec) StopCell 

func (b *Exec) StopCell(cell intmodel.Cell) (StopCellResult, error)

StopCell stops all containers in a cell and updates the cell metadata state.

func (*Exec) StopContainer 

func (b *Exec) StopContainer(container intmodel.Container) (StopContainerResult, error)

StopContainer stops a specific container in a cell and updates the cell metadata.

func (*Exec) Uninstall added in v0.3.0 

func (b *Exec) Uninstall(opts UninstallOptions) (UninstallReport, error)

Uninstall performs a comprehensive teardown of all kukeon runtime state. Steps (in order):

  1. Stop the kukeond daemon (SIGTERM, then SIGKILL after a short grace) when a PID file is present. Doing this before any per-realm purge prevents the live daemon from racing the in-process containerd cleanup and pinning containers in `kuke-system.kukeon.io` while we are trying to drain it.
  2. Purge every realm with --cascade --force (drains spaces/stacks/cells/ containers + tasks; the kukeond cell living inside `kuke-system` is killed and deleted as part of that cascade). Realms are enumerated by merging on-disk metadata with the set of containerd namespaces whose name carries the `.kukeon.io` suffix, so user-created realms whose metadata was wiped before `kuke uninstall` (the #193 partial-state path) still get their namespaces cleaned up. The two well-known realms (`default`, `kuke-system`) are kept as a safety floor so a containerd-list failure cannot strand them.
  3. Release live kukeon-owned bind mounts under SocketDir, then RemoveAll on SocketDir (typically /run/kukeon). The unmount step is what makes a post-attach uninstall succeed: kuketty leaves a /run/kukeon/tty bind mount behind, and rmdir refuses to descend through it (the #434 regression). A plain umount is tried first, falling back to lazy MNT_DETACH so the parent dir can still be removed when the mount has stragglers holding it open.
  4. The same release + RemoveAll for the run path (typically /opt/kukeon).
  5. Remove the kukeon system user and group (no-op if absent).

Steps 2–4 are gated on every realm reporting NamespaceRemoved=true. When at least one realm fails to drop its containerd namespace, the report's CleanupSkipped flag is set and the filesystem + user/group teardown is left for a follow-up run — see issue #287 for the half-cleaned-host failure mode this prevents.

Any step's error is recorded in the report. The first non-nil step error is returned so callers can surface "uninstall failed at step X" without dropping subsequent best-effort cleanup.

type GetCellResult 

type GetCellResult struct {
	Cell                intmodel.Cell
	MetadataExists      bool
	CgroupExists        bool
	RootContainerExists bool
}

GetCellResult reports the current state of a cell.

type GetContainerResult 

type GetContainerResult struct {
	Container          intmodel.Container
	CellMetadataExists bool
	ContainerExists    bool
}

GetContainerResult reports the current state of a container.

type GetImageResult added in v0.3.0 

type GetImageResult struct {
	Realm     string
	Namespace string
	Image     ImageInfo
}

GetImageResult reports the metadata of one named image in a realm.

type GetRealmResult 

type GetRealmResult struct {
	Realm                     intmodel.Realm
	MetadataExists            bool
	CgroupExists              bool
	ContainerdNamespaceExists bool
}

GetRealmResult reports the current state of a realm.

type GetSpaceResult 

type GetSpaceResult struct {
	Space            intmodel.Space
	MetadataExists   bool
	CgroupExists     bool
	CNINetworkExists bool
}

GetSpaceResult reports the current state of a space.

type GetStackResult 

type GetStackResult struct {
	Stack          intmodel.Stack
	MetadataExists bool
	CgroupExists   bool
}

GetStackResult reports the current state of a stack.

type ImageInfo added in v0.3.0 

type ImageInfo struct {
	Name      string
	Size      int64
	CreatedAt time.Time
	Digest    string
	MediaType string
	Labels    map[string]string
}

ImageInfo is the controller-layer view of a containerd image. The fields are a re-export of internal/ctr's ImageInfo so transports above the controller never need to import the ctr package.

type KillCellResult 

type KillCellResult struct {
	Cell   intmodel.Cell
	Killed bool
}

KillCellResult reports the outcome of killing a cell.

type KillContainerResult 

type KillContainerResult struct {
	Container intmodel.Container
	Killed    bool
}

KillContainerResult reports the outcome of killing a container.

type ListImagesResult added in v0.3.0 

type ListImagesResult struct {
	Realm     string
	Namespace string
	Images    []ImageInfo
}

ListImagesResult reports the images present in a realm's containerd namespace.

type LoadImageResult added in v0.3.0 

type LoadImageResult struct {
	Realm     string
	Namespace string
	Images    []string
}

LoadImageResult reports the outcome of a `kuke image load` import.

type MountReleaseAttempt added in v0.5.0 

type MountReleaseAttempt struct {
	Target   string
	Released bool
	Err      error
}

MountReleaseAttempt records the outcome of trying to release a single mountpoint enumerated under a kukeon-owned directory at uninstall time.

Released is true when the mount no longer pins the host directory (either because the plain unmount succeeded or the lazy MNT_DETACH fallback did). Err is non-nil only on the residual-mount path: the plain unmount and the lazy detach both failed, so the operator must intervene by hand.

type MountReleaser added in v0.5.0 

type MountReleaser func(root string) ([]MountReleaseAttempt, error)

MountReleaser releases live bind mounts under the given root directory so the subsequent rmdir of root succeeds. The production implementation reads /proc/self/mounts and calls syscall.Unmount; tests inject a stub.

The empty return slice means "no mounts under root" — distinct from an error, which signals the enumerator itself failed (e.g., /proc/self/mounts is unreadable).

type Options 

type Options struct {
	RunPath          string
	ContainerdSocket string
	// KukeondImage is the container image for the kukeond system cell. If empty,
	// bootstrap will skip provisioning the system cell (but still provision the
	// system realm/space/stack).
	KukeondImage string
	// KukeondSocket is the unix socket path kukeond serves on. Used by bootstrap
	// to build the bind-mount for the system cell.
	KukeondSocket string
	// KukeondSocketGID, when non-zero, is passed to the kukeond cell as
	// --socket-gid <gid> so the daemon can chown its listener socket on every
	// restart. Set by `kuke init` to the kukeon group's numeric GID.
	KukeondSocketGID int
	// KukeondConfiguration, when set, is passed to the kukeond cell as
	// --configuration <path> and bind-mounted into the cell so the daemon
	// re-reads the same ServerConfiguration on every restart.
	KukeondConfiguration string
	// ForceRegenerateCNI forces bootstrap to rewrite space conflists even when
	// they already exist with the expected bridge name. Surfaces via
	// `kuke init --force-regenerate-cni`.
	ForceRegenerateCNI bool
}

type PurgeCellResult 

type PurgeCellResult struct {
	Cell              intmodel.Cell
	ContainersDeleted bool
	CgroupDeleted     bool
	MetadataDeleted   bool
	PurgeSucceeded    bool
	Force             bool
	Cascade           bool
	Deleted           []string // Resources that were deleted (standard cleanup)
	Purged            []string // Additional resources purged (CNI, orphaned containers, etc.)
}

PurgeCellResult reports what was purged during cell purging.

type PurgeContainerResult 

type PurgeContainerResult struct {
	Container          intmodel.Container
	CellMetadataExists bool
	ContainerExists    bool
	Deleted            []string // Resources that were deleted (standard cleanup)
	Purged             []string // Additional resources purged (CNI, orphaned containers, etc.)
}

PurgeContainerResult reports what was purged during container purging.

type PurgeRealmResult 

type PurgeRealmResult struct {
	Realm            intmodel.Realm
	RealmDeleted     bool     // Whether realm deletion succeeded
	PurgeSucceeded   bool     // Whether comprehensive purge succeeded
	NamespaceRemoved bool     // Whether the containerd namespace was actually removed
	Force            bool     // Force flag that was used
	Cascade          bool     // Cascade flag that was used
	Deleted          []string // Resources that were deleted (standard cleanup)
	Purged           []string // Additional resources purged (CNI, orphaned containers, etc.)
}

PurgeRealmResult reports what was purged during realm purging.

type PurgeSpaceResult 

type PurgeSpaceResult struct {
	Space intmodel.Space

	MetadataDeleted   bool
	CgroupDeleted     bool
	CNINetworkDeleted bool
	PurgeSucceeded    bool
	Force             bool
	Cascade           bool

	Deleted []string // Resources that were deleted (standard cleanup)
	Purged  []string // Additional resources purged (CNI, orphaned containers, etc.)
}

PurgeSpaceResult reports what was purged during space purging.

type PurgeStackResult 

type PurgeStackResult struct {
	Stack   intmodel.Stack
	Deleted []string // Resources that were deleted (standard cleanup)
	Purged  []string // Additional resources purged (CNI, orphaned containers, etc.)
}

PurgeStackResult reports what was purged during stack purging.

type RealmPurgeOutcome added in v0.3.0 

type RealmPurgeOutcome struct {
	Name             string
	Namespace        string
	Purged           bool
	NamespaceRemoved bool
	Err              error
}

RealmPurgeOutcome reports the result of purging a single realm.

Purged is the high-level "did the cleanup function complete without a fatal error" flag; NamespaceRemoved is the narrower "did the containerd namespace actually get removed" signal — the residual-namespace bug from issue #193 is the case where Purged was true but NamespaceRemoved was false, leaving the caller with a misleading "purged" report.

type RealmSection 

type RealmSection struct {
	RealmName                          string
	RealmContainerdNamespace           string
	RealmMetadataExistsPre             bool
	RealmMetadataExistsPost            bool
	RealmContainerdNamespaceExistsPre  bool
	RealmContainerdNamespaceExistsPost bool
	RealmContainerdNamespaceCreated    bool
	RealmCreated                       bool
	RealmCgroupExistsPre               bool
	RealmCgroupExistsPost              bool
	RealmCgroupCreated                 bool
}

RealmSection holds the bootstrap outcome for a single realm.

type ReconcileResult added in v0.4.0 

type ReconcileResult struct {
	CellsScanned int
	CellsUpdated int
	// CellsDeleted counts cells the reconciler removed during the pass
	// because Spec.AutoDelete=true and the root container's task had
	// exited. Tracked separately from CellsUpdated so callers can tell
	// "state flip persisted" apart from "cell is gone".
	CellsDeleted int
	CellsErrored int
	Errors       []string
}

ReconcileResult summarizes a single pass of the daemon's background cell-reconciliation loop. Counts are scoped to cells (v1 of #161 is cell-only); per-pass errors are collected so the loop can keep ticking.

type RefreshResult 

type RefreshResult struct {
	RealmsFound       []string
	SpacesFound       []string
	StacksFound       []string
	CellsFound        []string
	ContainersFound   []string
	RealmsUpdated     []string
	SpacesUpdated     []string
	StacksUpdated     []string
	CellsUpdated      []string
	ContainersUpdated []string
	Errors            []string
}

RefreshResult contains the summary of the refresh operation.

type ResourceDeleteResult 

type ResourceDeleteResult struct {
	Index    int
	Kind     string
	Name     string
	Action   string // "deleted", "not found", "failed"
	Error    error
	Cascaded []string // Child resources deleted (if cascade=true)
	Details  map[string]string
}

ResourceDeleteResult represents the result of deleting a single resource.

func (ResourceDeleteResult) MarshalJSON 

func (r ResourceDeleteResult) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler for ResourceDeleteResult.

func (ResourceDeleteResult) MarshalYAML 

func (r ResourceDeleteResult) MarshalYAML() (interface{}, error)

MarshalYAML implements yaml.Marshaler for ResourceDeleteResult.

type ResourceResult 

type ResourceResult struct {
	Index   int
	Kind    string
	Name    string
	Action  string // "created", "updated", "unchanged", "failed"
	Error   error
	Changes []string
	Details map[string]string
}

ResourceResult represents the result of applying a single resource.

func (ResourceResult) MarshalJSON 

func (r ResourceResult) MarshalJSON() ([]byte, error)

MarshalJSON implements json.Marshaler for ResourceResult.

func (ResourceResult) MarshalYAML 

func (r ResourceResult) MarshalYAML() (interface{}, error)

MarshalYAML implements yaml.Marshaler for ResourceResult.

type SpaceSection 

type SpaceSection struct {
	SpaceName                 string
	SpaceCNINetworkName       string
	SpaceMetadataExistsPre    bool
	SpaceMetadataExistsPost   bool
	SpaceCNINetworkExistsPre  bool
	SpaceCNINetworkExistsPost bool
	SpaceCNINetworkCreated    bool
	SpaceCreated              bool
	SpaceCgroupExistsPre      bool
	SpaceCgroupExistsPost     bool
	SpaceCgroupCreated        bool
}

SpaceSection holds the bootstrap outcome for a single space.

type StackSection 

type StackSection struct {
	StackName               string
	StackMetadataExistsPre  bool
	StackMetadataExistsPost bool
	StackCreated            bool
	StackCgroupExistsPre    bool
	StackCgroupExistsPost   bool
	StackCgroupCreated      bool
}

StackSection holds the bootstrap outcome for a single stack.

type StartCellResult 

type StartCellResult struct {
	Cell    intmodel.Cell
	Started bool
}

StartCellResult reports the outcome of starting a cell.

type StartContainerResult 

type StartContainerResult struct {
	Container intmodel.Container
	Started   bool
}

StartContainerResult reports the outcome of starting a container.

type StopCellResult 

type StopCellResult struct {
	Cell    intmodel.Cell
	Stopped bool
}

StopCellResult reports the outcome of stopping a cell.

type StopContainerResult 

type StopContainerResult struct {
	Container intmodel.Container
	Stopped   bool
}

StopContainerResult reports the outcome of stopping a container.

type UninstallOptions added in v0.3.0 

type UninstallOptions struct {
	// SocketDir is the parent directory of the kukeond unix socket
	// (typically /run/kukeon). Removed recursively when non-empty.
	SocketDir string
	// SystemUser/SystemGroup are the names of the kukeon system user and
	// group to remove. Defaults to "kukeon"/"kukeon" when empty.
	SystemUser  string
	SystemGroup string
	// SkipUserGroup skips userdel/groupdel. Set in tests where touching
	// the host's /etc/passwd is undesirable.
	SkipUserGroup bool
	// UserGroupRemover overrides the default userdel/groupdel routine.
	// Tests inject a stub; production callers leave it nil.
	UserGroupRemover UserGroupRemover
	// KukeondPIDFile points at the kukeond PID file. The daemon-stop step
	// signals the live daemon before any realm purge, so a fight between
	// the in-process PurgeRealm and the running daemon's containerd session
	// can never block the namespace delete with "namespace not empty".
	// Empty disables the daemon-stop step; absent file is a no-op (the
	// partial-uninstall path from #193).
	KukeondPIDFile string
	// DaemonStopper overrides the default PID-file-based stopper. Tests
	// inject a stub; production callers leave it nil.
	DaemonStopper DaemonStopper
	// DaemonStopGracePeriod is the SIGTERM→SIGKILL grace window. Zero uses
	// DefaultDaemonStopGracePeriod (5s).
	DaemonStopGracePeriod time.Duration
	// MountReleaser releases live bind mounts under SocketDir and RunPath
	// before the rmdir step. Production callers leave it nil (defaults to
	// reading /proc/self/mounts + syscall.Unmount); tests inject a stub so
	// they do not have to provision real mounts.
	MountReleaser MountReleaser
}

UninstallOptions configures Uninstall.

type UninstallReport added in v0.3.0 

type UninstallReport struct {
	Daemon          DaemonStopReport
	Realms          []RealmPurgeOutcome
	CleanupSkipped  bool
	SocketDir       string
	SocketDirExists bool
	SocketDirRemove bool
	// SocketDirMounts records every kukeon-owned bind mount found under
	// SocketDir at uninstall time and whether it was released. A non-empty
	// list with all entries Released=true is the success path: the rmdir
	// step that follows can now reach an empty directory. Any entry with
	// Err!=nil names a mountpoint the kernel refused to detach — surfacing
	// the busy target so the operator does not have to grep /proc/mounts to
	// find what blocked the teardown (the #434 regression).
	SocketDirMounts []MountReleaseAttempt
	RunPath         string
	RunPathExists   bool
	RunPathRemove   bool
	// RunPathMounts is the RunPath analogue of SocketDirMounts; the run
	// path is checked separately so a busy mount under /opt/kukeon does not
	// mask a busy mount under /run/kukeon (and vice versa).
	RunPathMounts []MountReleaseAttempt
	UserName      string
	UserExisted   bool
	UserRemoved   bool
	GroupName     string
	GroupExisted  bool
	GroupRemoved  bool
}

UninstallReport summarizes what Uninstall did.

CleanupSkipped is true when the filesystem + user/group teardown steps were skipped because at least one realm failed to drop its containerd namespace. Tearing out /opt/kukeon while a residual namespace is still pinning overlay mounts on disk left a half-cleaned host where the next `kuke init` had to coexist with stale containerd state — see issue #287.

type UserGroupRemovalReport added in v0.3.0 

type UserGroupRemovalReport struct {
	UserExisted  bool
	UserRemoved  bool
	GroupExisted bool
	GroupRemoved bool
}

UserGroupRemovalReport mirrors the user/group fields on UninstallReport without forcing the implementation to know the report type's layout.

type UserGroupRemover added in v0.3.0 

type UserGroupRemover func(ctx context.Context, user, group string) (UserGroupRemovalReport, error)

UserGroupRemover removes a system user and group from the host. The real implementation shells out to userdel/groupdel; tests inject a stub.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.