server

package
v1.0.0-alpha.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 20, 2017 License: Apache-2.0 Imports: 56 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	AttachPipeStdin  = 1
	AttachPipeStdout = 2
	AttachPipeStderr = 3
)

Sync with stdpipe_t in conmon.c

View Source 
const (
	// SysctlsPodAnnotationKey represents the key of sysctls which are set for the infrastructure
	// container of a pod. The annotation value is a comma separated list of sysctl_name=value
	// key-value pairs. Only a limited set of whitelisted and isolated sysctls is supported by
	// the kubelet. Pods with other sysctls will fail to launch.
	SysctlsPodAnnotationKey string = "security.alpha.kubernetes.io/sysctls"

	// UnsafeSysctlsPodAnnotationKey represents the key of sysctls which are set for the infrastructure
	// container of a pod. The annotation value is a comma separated list of sysctl_name=value
	// key-value pairs. Unsafe sysctls must be explicitly enabled for a kubelet. They are properly
	// namespaced to a pod or a container, but their isolation is usually unclear or weak. Their use
	// is at-your-own-risk. Pods that attempt to set an unsafe sysctl that is not enabled for a kubelet
	// will fail to launch.
	UnsafeSysctlsPodAnnotationKey string = "security.alpha.kubernetes.io/unsafe-sysctls"
)

Variables

This section is empty.

Functions

func SysctlsFromPodAnnotations 

func SysctlsFromPodAnnotations(a map[string]string) ([]Sysctl, []Sysctl, error)

SysctlsFromPodAnnotations parses the sysctl annotations into a slice of safe Sysctls and a slice of unsafe Sysctls. This is only a convenience wrapper around SysctlsFromPodAnnotation.

Types

type APIConfig 

type APIConfig struct {
	// Listen is the path to the AF_LOCAL socket on which cri-o will listen.
	// This may support proto://addr formats later, but currently this is just
	// a path.
	Listen string `toml:"listen"`

	// StreamAddress is the IP address on which the stream server will listen.
	StreamAddress string `toml:"stream_address"`

	// StreamPort is the port on which the stream server will listen.
	StreamPort string `toml:"stream_port"`
}

APIConfig represents the "crio.api" TOML config table.

type Config 

type Config struct {
	RootConfig
	APIConfig
	RuntimeConfig
	ImageConfig
	NetworkConfig
}

Config represents the entire set of configuration values that can be set for the server. This is intended to be loaded from a toml-encoded config file.

func DefaultConfig added in v1.0.0 

func DefaultConfig() *Config

DefaultConfig returns the default configuration for crio.

func (*Config) FromFile 

func (c *Config) FromFile(path string) error

FromFile populates the Config from the TOML-encoded file at the given path. Returns errors encountered when reading or parsing the files, or nil otherwise.

func (*Config) ToFile 

func (c *Config) ToFile(path string) error

ToFile outputs the given Config as a TOML-encoded file at the given path. Returns errors encountered when generating or writing the file, or nil otherwise.

type ImageConfig 

type ImageConfig struct {
	// DefaultTransport is a value we prefix to image names that fail to
	// validate source references.
	DefaultTransport string `toml:"default_transport"`
	// PauseImage is the name of an image which we use to instantiate infra
	// containers.
	PauseImage string `toml:"pause_image"`
	// PauseCommand is the path of the binary we run in an infra
	// container that's been instantiated using PauseImage.
	PauseCommand string `toml:"pause_command"`
	// SignaturePolicyPath is the name of the file which decides what sort
	// of policy we use when deciding whether or not to trust an image that
	// we've pulled.  Outside of testing situations, it is strongly advised
	// that this be left unspecified so that the default system-wide policy
	// will be used.
	SignaturePolicyPath string `toml:"signature_policy"`
	// InsecureRegistries is a list of registries that must be contacted w/o
	// TLS verification.
	InsecureRegistries []string `toml:"insecure_registries"`
}

ImageConfig represents the "crio.image" TOML config table.

type NetworkConfig 

type NetworkConfig struct {
	// NetworkDir is where CNI network configuration files are stored.
	NetworkDir string `toml:"network_dir"`

	// PluginDir is where CNI plugin binaries are stored.
	PluginDir string `toml:"plugin_dir"`
}

NetworkConfig represents the "crio.network" TOML config table

type RootConfig 

type RootConfig struct {
	// Root is a path to the "root directory" where data not
	// explicitly handled by other options will be stored.
	Root string `toml:"root"`

	// RunRoot is a path to the "run directory" where state information not
	// explicitly handled by other options will be stored.
	RunRoot string `toml:"runroot"`

	// Storage is the name of the storage driver which handles actually
	// storing the contents of containers.
	Storage string `toml:"storage_driver"`

	// StorageOption is a list of storage driver specific options.
	StorageOptions []string `toml:"storage_option"`

	// LogDir is the default log directory were all logs will go unless kubelet
	// tells us to put them somewhere else.
	LogDir string `toml:"log_dir"`
}

RootConfig represents the root of the "crio" TOML config table.

type RuntimeConfig 

type RuntimeConfig struct {
	// Runtime is the OCI compatible runtime used for trusted container workloads.
	// This is a mandatory setting as this runtime will be the default one and
	// will also be used for untrusted container workloads if
	// RuntimeUntrustedWorkload is not set.
	Runtime string `toml:"runtime"`

	// RuntimeUntrustedWorkload is the OCI compatible runtime used for untrusted
	// container workloads. This is an optional setting, except if
	// DefaultWorkloadTrust is set to "untrusted".
	RuntimeUntrustedWorkload string `toml:"runtime_untrusted_workload"`

	// DefaultWorkloadTrust is the default level of trust crio puts in container
	// workloads. This can either be "trusted" or "untrusted" and the default
	// is "trusted"
	// Containers can be run through different container runtimes, depending on
	// the trust hints we receive from kubelet:
	// - If kubelet tags a container workload as untrusted, crio will try first
	// to run it through the untrusted container workload runtime. If it is not
	// set, crio will use the trusted runtime.
	// - If kubelet does not provide any information about the container workload trust
	// level, the selected runtime will depend on the DefaultWorkloadTrust setting.
	// If it is set to "untrusted", then all containers except for the host privileged
	// ones, will be run by the RuntimeUntrustedWorkload runtime. Host privileged
	// containers are by definition trusted and will always use the trusted container
	// runtime. If DefaultWorkloadTrust is set to "trusted", crio will use the trusted
	// container runtime for all containers.
	DefaultWorkloadTrust string `toml:"default_workload_trust"`

	// Conmon is the path to conmon binary, used for managing the runtime.
	Conmon string `toml:"conmon"`

	// ConmonEnv is the environment variable list for conmon process.
	ConmonEnv []string `toml:"conmon_env"`

	// SELinux determines whether or not SELinux is used for pod separation.
	SELinux bool `toml:"selinux"`

	// SeccompProfile is the seccomp json profile path which is used as the
	// default for the runtime.
	SeccompProfile string `toml:"seccomp_profile"`

	// ApparmorProfile is the apparmor profile name which is used as the
	// default for the runtime.
	ApparmorProfile string `toml:"apparmor_profile"`

	// CgroupManager is the manager implementation name which is used to
	// handle cgroups for containers.
	CgroupManager string `toml:"cgroup_manager"`
}

RuntimeConfig represents the "crio.runtime" TOML config table.

type Server 

type Server struct {
	// contains filtered or unexported fields
}

Server implements the RuntimeService and ImageService

func New 

func New(config *Config) (*Server, error)

New creates a new Server with options provided

func (*Server) Attach 

func (s *Server) Attach(ctx context.Context, req *pb.AttachRequest) (*pb.AttachResponse, error)

Attach prepares a streaming endpoint to attach to a running container.

func (*Server) ContainerStatus 

func (s *Server) ContainerStatus(ctx context.Context, req *pb.ContainerStatusRequest) (*pb.ContainerStatusResponse, error)

ContainerStatus returns status of the container.

func (*Server) CreateContainer 

func (s *Server) CreateContainer(ctx context.Context, req *pb.CreateContainerRequest) (res *pb.CreateContainerResponse, err error)

CreateContainer creates a new container in specified PodSandbox

func (*Server) Exec 

func (s *Server) Exec(ctx context.Context, req *pb.ExecRequest) (*pb.ExecResponse, error)

Exec prepares a streaming endpoint to execute a command in the container.

func (*Server) ExecSync 

func (s *Server) ExecSync(ctx context.Context, req *pb.ExecSyncRequest) (*pb.ExecSyncResponse, error)

ExecSync runs a command in a container synchronously.

func (*Server) GetAttach added in v1.0.0 

func (s *Server) GetAttach(req *pb.AttachRequest) (*pb.AttachResponse, error)

GetAttach returns attach stream request

func (*Server) GetContainer added in v1.0.0 

func (s *Server) GetContainer(id string) *oci.Container

GetContainer returns a container by its ID

func (*Server) GetExec added in v1.0.0 

func (s *Server) GetExec(req *pb.ExecRequest) (*pb.ExecResponse, error)

GetExec returns exec stream request

func (*Server) GetPortForward added in v1.0.0 

func (s *Server) GetPortForward(req *pb.PortForwardRequest) (*pb.PortForwardResponse, error)

GetPortForward returns port forward stream request

func (*Server) GetSandboxContainer added in v1.0.0 

func (s *Server) GetSandboxContainer(id string) *oci.Container

GetSandboxContainer returns the infra container for a given sandbox

func (*Server) ImageStatus 

func (s *Server) ImageStatus(ctx context.Context, req *pb.ImageStatusRequest) (*pb.ImageStatusResponse, error)

ImageStatus returns the status of the image.

func (*Server) ListContainers 

func (s *Server) ListContainers(ctx context.Context, req *pb.ListContainersRequest) (*pb.ListContainersResponse, error)

ListContainers lists all containers by filters.

func (*Server) ListImages 

func (s *Server) ListImages(ctx context.Context, req *pb.ListImagesRequest) (*pb.ListImagesResponse, error)

ListImages lists existing images.

func (*Server) ListPodSandbox 

func (s *Server) ListPodSandbox(ctx context.Context, req *pb.ListPodSandboxRequest) (*pb.ListPodSandboxResponse, error)

ListPodSandbox returns a list of SandBoxes.

func (*Server) PodSandboxStatus 

func (s *Server) PodSandboxStatus(ctx context.Context, req *pb.PodSandboxStatusRequest) (*pb.PodSandboxStatusResponse, error)

PodSandboxStatus returns the Status of the PodSandbox.

func (*Server) PortForward 

func (s *Server) PortForward(ctx context.Context, req *pb.PortForwardRequest) (*pb.PortForwardResponse, error)

PortForward prepares a streaming endpoint to forward ports from a PodSandbox.

func (*Server) PullImage 

func (s *Server) PullImage(ctx context.Context, req *pb.PullImageRequest) (*pb.PullImageResponse, error)

PullImage pulls a image with authentication config.

func (*Server) RemoveContainer 

func (s *Server) RemoveContainer(ctx context.Context, req *pb.RemoveContainerRequest) (*pb.RemoveContainerResponse, error)

RemoveContainer removes the container. If the container is running, the container should be force removed.

func (*Server) RemoveImage 

func (s *Server) RemoveImage(ctx context.Context, req *pb.RemoveImageRequest) (*pb.RemoveImageResponse, error)

RemoveImage removes the image.

func (*Server) RemovePodSandbox 

func (s *Server) RemovePodSandbox(ctx context.Context, req *pb.RemovePodSandboxRequest) (*pb.RemovePodSandboxResponse, error)

RemovePodSandbox deletes the sandbox. If there are any running containers in the sandbox, they should be force deleted.

func (*Server) RunPodSandbox 

func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest) (resp *pb.RunPodSandboxResponse, err error)

RunPodSandbox creates and runs a pod-level sandbox.

func (*Server) Shutdown added in v1.0.0 

func (s *Server) Shutdown() error

Shutdown attempts to shut down the server's storage cleanly

func (*Server) StartContainer 

func (s *Server) StartContainer(ctx context.Context, req *pb.StartContainerRequest) (*pb.StartContainerResponse, error)

StartContainer starts the container.

func (*Server) Status 

func (s *Server) Status(ctx context.Context, req *pb.StatusRequest) (*pb.StatusResponse, error)

Status returns the status of the runtime

func (*Server) StopAllPodSandboxes added in v1.0.0 

func (s *Server) StopAllPodSandboxes()

StopAllPodSandboxes removes all pod sandboxes

func (*Server) StopContainer 

func (s *Server) StopContainer(ctx context.Context, req *pb.StopContainerRequest) (*pb.StopContainerResponse, error)

StopContainer stops a running container with a grace period (i.e., timeout).

func (*Server) StopPodSandbox 

func (s *Server) StopPodSandbox(ctx context.Context, req *pb.StopPodSandboxRequest) (*pb.StopPodSandboxResponse, error)

StopPodSandbox stops the sandbox. If there are any running containers in the sandbox, they should be force terminated.

func (*Server) Update added in v1.0.0 

func (s *Server) Update()

Update makes changes to the server's state (lists of pods and containers) to reflect the list of pods and containers that are stored on disk, possibly having been modified by other parties

func (*Server) UpdateRuntimeConfig 

func (s *Server) UpdateRuntimeConfig(ctx context.Context, req *pb.UpdateRuntimeConfigRequest) (*pb.UpdateRuntimeConfigResponse, error)

UpdateRuntimeConfig updates the configuration of a running container.

func (*Server) Version 

func (s *Server) Version(ctx context.Context, req *pb.VersionRequest) (*pb.VersionResponse, error)

Version returns the runtime name, runtime version and runtime API version

type Sysctl 

type Sysctl struct {
	// Name of a property to set
	Name string `json:"name"`
	// Value of a property to set
	Value string `json:"value"`
}

Sysctl defines a kernel parameter to be set

func SysctlsFromPodAnnotation 

func SysctlsFromPodAnnotation(annotation string) ([]Sysctl, error)

SysctlsFromPodAnnotation parses an annotation value into a slice of Sysctls.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.