modelhub

package
v0.2.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 25, 2026 License: Apache-2.0 Imports: 1 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ApplySpaceDefaultsToContainer added in v0.2.0 

func ApplySpaceDefaultsToContainer(space Space, container *ContainerSpec)

ApplySpaceDefaultsToContainer fills isolation fields on container that are unset (zero value or nil) using the defaults declared on space. Precedence: 

container spec > Space defaults > kukeon built-in defaults

Inheritance is shallow — overriding a pointer/slice field replaces the Space default outright rather than deep-merging. For example, a Container that sets Capabilities.Drop=["CAP_NET_RAW"] replaces the Space default's Drop list entirely; it does not union with it.

The merge is idempotent: calling it twice on the same container yields the same result as calling it once.

Types

type Cell 

type Cell struct {
	Metadata CellMetadata
	Spec     CellSpec
	Status   CellStatus
}

type CellMetadata 

type CellMetadata struct {
	Name   string
	Labels map[string]string
}

type CellSpec 

type CellSpec struct {
	ID              string
	RealmName       string
	SpaceName       string
	StackName       string
	RootContainerID string
	Containers      []ContainerSpec
}

type CellState 

type CellState int
const (
	CellStatePending CellState = iota
	CellStateReady
	CellStateStopped
	CellStateFailed
	CellStateUnknown
)

type CellStatus 

type CellStatus struct {
	State      CellState
	CgroupPath string
	Containers []ContainerStatus
}

type Container 

type Container struct {
	Metadata ContainerMetadata
	Spec     ContainerSpec
	Status   ContainerStatus
}

type ContainerCapabilities added in v0.2.0 

type ContainerCapabilities struct {
	Drop []string
	Add  []string
}

ContainerCapabilities groups Linux capability deltas applied relative to the image default set.

type ContainerMetadata 

type ContainerMetadata struct {
	Name   string
	Labels map[string]string
}

type ContainerResources added in v0.2.0 

type ContainerResources struct {
	MemoryLimitBytes *int64
	CPUShares        *int64
	PidsLimit        *int64
}

ContainerResources exposes the cgroup v2 knobs supported per container.

type ContainerSecret added in v0.2.0 

type ContainerSecret struct {
	Name      string
	FromFile  string
	FromEnv   string
	MountPath string
}

ContainerSecret references a credential resolved by the daemon at apply time. Only the reference is persisted in the hub; the resolved value lives only in the OCI runtime spec (for env injection) or in the staged secret file (for mount mode).

type ContainerSpec 

type ContainerSpec struct {
	ID                     string
	ContainerdID           string
	RealmName              string
	SpaceName              string
	StackName              string
	CellName               string
	Root                   bool
	Image                  string
	Command                string
	Args                   []string
	Env                    []string
	Ports                  []string
	Volumes                []VolumeMount
	Networks               []string
	NetworksAliases        []string
	Privileged             bool
	User                   string
	ReadOnlyRootFilesystem bool
	Capabilities           *ContainerCapabilities
	SecurityOpts           []string
	Tmpfs                  []ContainerTmpfsMount
	Resources              *ContainerResources
	Secrets                []ContainerSecret
	CNIConfigPath          string
	RestartPolicy          string
	Attachable             bool
}

type ContainerState 

type ContainerState int
const (
	ContainerStatePending ContainerState = iota
	ContainerStateReady
	ContainerStateStopped
	ContainerStatePaused
	ContainerStatePausing
	ContainerStateFailed
	ContainerStateUnknown
)

type ContainerStatus 

type ContainerStatus struct {
	Name         string // Container name/ID
	ID           string // Container ID (same as Name)
	State        ContainerState
	RestartCount int
	RestartTime  time.Time
	StartTime    time.Time
	FinishTime   time.Time
	ExitCode     int
	ExitSignal   string
}

type ContainerTmpfsMount added in v0.2.0 

type ContainerTmpfsMount struct {
	Path      string
	SizeBytes int64
	Options   []string
}

ContainerTmpfsMount declares a tmpfs mount inside the container.

type EgressAllowRule added in v0.2.0 

type EgressAllowRule struct {
	Host  string
	CIDR  string
	Ports []int
}

EgressAllowRule describes a single permitted destination. Exactly one of Host or CIDR must be set. Empty Ports means "any port on this destination".

type EgressDefault added in v0.2.0 

type EgressDefault string

EgressDefault is the fallthrough action when no allowlist rule matches. 

const (
	EgressDefaultAllow EgressDefault = "allow"
	EgressDefaultDeny  EgressDefault = "deny"
)

type EgressPolicy added in v0.2.0 

type EgressPolicy struct {
	Default EgressDefault
	Allow   []EgressAllowRule
}

EgressPolicy constrains outbound traffic leaving the space bridge. nil means unconstrained; EgressDefaultAllow with no allow rules matches the same unconstrained behavior.

type Realm 

type Realm struct {
	Metadata RealmMetadata
	Spec     RealmSpec
	Status   RealmStatus
}

type RealmMetadata 

type RealmMetadata struct {
	Name   string
	Labels map[string]string
}

type RealmSpec 

type RealmSpec struct {
	Namespace           string
	RegistryCredentials []RegistryCredentials
}

type RealmState 

type RealmState int
const (
	RealmStatePending RealmState = iota
	RealmStateCreating
	RealmStateReady
	RealmStateDeleting
	RealmStateFailed
	RealmStateUnknown
)

type RealmStatus 

type RealmStatus struct {
	State      RealmState
	CgroupPath string
}

type RegistryCredentials 

type RegistryCredentials struct {
	// Username is the registry username.
	Username string
	// Password is the registry password or token.
	Password string
	// ServerAddress is the registry server address (e.g., "docker.io", "registry.example.com").
	// If empty, credentials apply to the registry extracted from the image reference.
	ServerAddress string
}

RegistryCredentials contains authentication information for a container registry.

type Space 

type Space struct {
	Metadata SpaceMetadata
	Spec     SpaceSpec
	Status   SpaceStatus
}

type SpaceContainerDefaults added in v0.2.0 

type SpaceContainerDefaults struct {
	User                   string
	ReadOnlyRootFilesystem *bool
	Capabilities           *ContainerCapabilities
	SecurityOpts           []string
	Tmpfs                  []ContainerTmpfsMount
	Resources              *ContainerResources
}

SpaceContainerDefaults mirrors the isolation fields on ContainerSpec.

type SpaceDefaults added in v0.2.0 

type SpaceDefaults struct {
	Container *SpaceContainerDefaults
}

SpaceDefaults declares default values inherited by resources inside the Space unless the resource's own spec overrides the field. See the external v1beta1.SpaceDefaults type for user-facing documentation.

type SpaceMetadata 

type SpaceMetadata struct {
	Name   string
	Labels map[string]string
}

type SpaceNetwork added in v0.2.0 

type SpaceNetwork struct {
	Egress *EgressPolicy
}

SpaceNetwork groups network-scoped policy applied to the space bridge.

type SpaceSpec 

type SpaceSpec struct {
	RealmName     string
	CNIConfigPath string
	Network       *SpaceNetwork
	Defaults      *SpaceDefaults
}

type SpaceState 

type SpaceState int
const (
	SpaceStatePending SpaceState = iota
	SpaceStateCreating
	SpaceStateReady
	SpaceStateDeleting
	SpaceStateFailed
	SpaceStateUnknown
)

type SpaceStatus 

type SpaceStatus struct {
	State      SpaceState
	CgroupPath string
}

type Stack 

type Stack struct {
	Metadata StackMetadata
	Spec     StackSpec
	Status   StackStatus
}

type StackMetadata 

type StackMetadata struct {
	Name   string
	Labels map[string]string
}

type StackSpec 

type StackSpec struct {
	ID        string
	RealmName string
	SpaceName string
}

type StackState 

type StackState int
const (
	StackStatePending StackState = iota
	StackStateReady
	StackStateFailed
	StackStateUnknown
)

type StackStatus 

type StackStatus struct {
	State      StackState
	CgroupPath string
}

type VolumeMount added in v0.2.0 

type VolumeMount struct {
	Source   string
	Target   string
	ReadOnly bool
}

VolumeMount is a bind mount of a host path into a container.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.