runtime

package
v0.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 5, 2025 License: MIT Imports: 35 Imported by: 0

Documentation

Overview

Package runtime provides Docker runtime implementation

Package runtime provides gVisor runtime implementation

Package runtime provides Kubernetes runtime implementation

Package runtime provides a lightweight OCI image puller using only standard library

Package runtime provides interfaces and implementations for container runtimes

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Config 

type Config struct {
	Type       string            // "docker" or "kubernetes"
	Endpoint   string            // Docker socket or K8s API endpoint
	Namespace  string            // K8s namespace
	KubeConfig string            // Path to kubeconfig file
	Labels     map[string]string // Default labels for agents

	// Image validation and security settings
	EnableImageValidation bool     // Enable image validation
	EnableSecurityScan    bool     // Enable vulnerability scanning
	AllowedRegistries     []string // List of allowed registries
	BlockedRegistries     []string // List of blocked registries
	RequireImageDigest    bool     // Require images to have digest
	MaxImageAgeDays       int      // Maximum age of images in days
	EnforceTrustedImages  bool     // Require signed images

	// CVE thresholds
	AllowCriticalCVEs bool // Allow images with critical CVEs
	MaxHighCVEs       int  // Maximum allowed high severity CVEs
	MaxMediumCVEs     int  // Maximum allowed medium severity CVEs
}

Config holds runtime configuration

type DockerFactory 

type DockerFactory struct{}

DockerFactory creates Docker runtime instances

func (*DockerFactory) Create 

func (f *DockerFactory) Create(config Config) (Runtime, error)

Create creates a new Docker runtime instance

type DockerManifestList 

type DockerManifestList struct {
	SchemaVersion int    `json:"schemaVersion"`
	MediaType     string `json:"mediaType"`
	Manifests     []struct {
		MediaType string `json:"mediaType"`
		Size      int64  `json:"size"`
		Digest    string `json:"digest"`
		Platform  struct {
			Architecture string `json:"architecture"`
			OS           string `json:"os"`
		} `json:"platform"`
	} `json:"manifests"`
}

DockerManifestList for multi-arch images

type DockerRuntime 

type DockerRuntime struct {
	// contains filtered or unexported fields
}

DockerRuntime implements Runtime interface for Docker

func NewDockerRuntime 

func NewDockerRuntime(config Config) (*DockerRuntime, error)

NewDockerRuntime creates a new Docker runtime

func (*DockerRuntime) CreateAgent 

func (r *DockerRuntime) CreateAgent(ctx context.Context, agent *arctypes.Agent) error

CreateAgent creates a new agent container

func (*DockerRuntime) DestroyAgent 

func (r *DockerRuntime) DestroyAgent(ctx context.Context, agentID string) error

DestroyAgent removes an agent container

func (*DockerRuntime) ExecCommand 

func (r *DockerRuntime) ExecCommand(ctx context.Context, agentID string, cmd []string) (io.ReadCloser, error)

ExecCommand executes a command in an agent container

func (*DockerRuntime) GetAgentStatus 

func (r *DockerRuntime) GetAgentStatus(ctx context.Context, agentID string) (*arctypes.Agent, error)

GetAgentStatus returns the current status of an agent

func (*DockerRuntime) ListAgents 

func (r *DockerRuntime) ListAgents(ctx context.Context) ([]*arctypes.Agent, error)

ListAgents returns all agents managed by this runtime

func (*DockerRuntime) StartAgent 

func (r *DockerRuntime) StartAgent(ctx context.Context, agentID string) error

StartAgent starts an agent container

func (*DockerRuntime) StopAgent 

func (r *DockerRuntime) StopAgent(ctx context.Context, agentID string) error

StopAgent stops an agent container

func (*DockerRuntime) StreamLogs 

func (r *DockerRuntime) StreamLogs(ctx context.Context, agentID string) (io.ReadCloser, error)

StreamLogs streams logs from an agent container

type Factory 

type Factory interface {
	Create(config Config) (Runtime, error)
}

Factory creates runtime instances

type GVisorConfig 

type GVisorConfig struct {
	Config // Embed base config

	// gVisor specific settings
	Platform        GVisorPlatform `json:"platform,omitempty"`
	Debug           bool           `json:"debug,omitempty"`
	LogLevel        string         `json:"log_level,omitempty"`
	EnableProfiling bool           `json:"enable_profiling,omitempty"`

	// Security settings
	EnableSandbox   bool     `json:"enable_sandbox"`
	AllowedSyscalls []string `json:"allowed_syscalls,omitempty"`
	BlockedSyscalls []string `json:"blocked_syscalls,omitempty"`
	EnableSeccomp   bool     `json:"enable_seccomp"`
	EnableAppArmor  bool     `json:"enable_apparmor"`

	// Network settings
	NetworkMode string   `json:"network_mode,omitempty"` // "none", "host", "bridge"
	EnableIPv6  bool     `json:"enable_ipv6,omitempty"`
	DNSServers  []string `json:"dns_servers,omitempty"`

	// Resource settings
	EnableCgroups bool   `json:"enable_cgroups"`
	CgroupsPath   string `json:"cgroups_path,omitempty"`

	// Image settings
	ImageCacheSize int64         `json:"image_cache_size,omitempty"` // In bytes
	ImageCacheTTL  time.Duration `json:"image_cache_ttl,omitempty"`

	// Monitoring
	EnableHealthChecks  bool          `json:"enable_health_checks"`
	HealthCheckInterval time.Duration `json:"health_check_interval,omitempty"`
}

GVisorConfig extends the base Config with gVisor-specific options

type GVisorPlatform 

type GVisorPlatform string

GVisorPlatform represents supported gVisor platforms 

const (
	PlatformPtrace  GVisorPlatform = "ptrace"  // Most compatible
	PlatformKVM     GVisorPlatform = "kvm"     // Hardware virtualization
	PlatformSystrap GVisorPlatform = "systrap" // Fastest, requires kernel 4.12+
)

type GVisorRuntime 

type GVisorRuntime struct {
	// contains filtered or unexported fields
}

GVisorRuntime implements Runtime interface for gVisor with production features

func NewGVisorRuntime 

func NewGVisorRuntime(config Config) (*GVisorRuntime, error)

NewGVisorRuntime creates a new production-ready gVisor runtime

func NewGVisorRuntimeWithConfig 

func NewGVisorRuntimeWithConfig(config GVisorConfig) (*GVisorRuntime, error)

NewGVisorRuntimeWithConfig creates a new gVisor runtime with detailed configuration

func (*GVisorRuntime) CreateAgent 

func (r *GVisorRuntime) CreateAgent(ctx context.Context, agent *arctypes.Agent) error

CreateAgent creates a new agent container using gVisor

func (*GVisorRuntime) DestroyAgent 

func (r *GVisorRuntime) DestroyAgent(ctx context.Context, agentID string) error

DestroyAgent removes an agent container and cleans up resources

func (*GVisorRuntime) ExecCommand 

func (r *GVisorRuntime) ExecCommand(ctx context.Context, agentID string, cmd []string) (io.ReadCloser, error)

ExecCommand executes a command in an agent container

func (*GVisorRuntime) GetAgentLogs 

func (r *GVisorRuntime) GetAgentLogs(ctx context.Context, agentID string, follow bool) (io.ReadCloser, error)

GetAgentLogs returns logs from an agent container

func (*GVisorRuntime) GetAgentStatus 

func (r *GVisorRuntime) GetAgentStatus(ctx context.Context, agentID string) (*arctypes.Agent, error)

GetAgentStatus returns comprehensive status of an agent

func (*GVisorRuntime) GetRuntimeInfo 

func (r *GVisorRuntime) GetRuntimeInfo(ctx context.Context) (map[string]interface{}, error)

GetRuntimeInfo returns comprehensive runtime information

func (*GVisorRuntime) ListAgents 

func (r *GVisorRuntime) ListAgents(ctx context.Context) ([]*arctypes.Agent, error)

ListAgents returns all agents with enhanced metadata

func (*GVisorRuntime) Shutdown 

func (r *GVisorRuntime) Shutdown(ctx context.Context) error

Cleanup function

func (*GVisorRuntime) StartAgent 

func (r *GVisorRuntime) StartAgent(ctx context.Context, agentID string) error

StartAgent starts the agent container with enhanced security and monitoring

func (*GVisorRuntime) StopAgent 

func (r *GVisorRuntime) StopAgent(ctx context.Context, agentID string) error

StopAgent stops the agent container gracefully

func (*GVisorRuntime) StreamLogs 

func (r *GVisorRuntime) StreamLogs(ctx context.Context, agentID string) (io.ReadCloser, error)

StreamLogs streams logs from an agent container

type HealthStatus 

type HealthStatus struct {
	Status       string    `json:"status"` // healthy, unhealthy, starting
	LastCheck    time.Time `json:"last_check"`
	FailureCount int       `json:"failure_count"`
	Output       string    `json:"output,omitempty"`
}

HealthStatus represents container health information

type ImageCacheEntry 

type ImageCacheEntry struct {
	Digest   string
	Size     int64
	LastUsed time.Time
	Path     string
	Layers   []string
	Config   map[string]interface{} // Generic config, was *v1.Image
}

ImageCacheEntry represents a cached container image

type KubernetesFactory 

type KubernetesFactory struct{}

KubernetesFactory creates Kubernetes runtime instances

func (*KubernetesFactory) Create 

func (f *KubernetesFactory) Create(config Config) (Runtime, error)

Create creates a new Kubernetes runtime instance

type KubernetesRuntime 

type KubernetesRuntime struct {
	// contains filtered or unexported fields
}

KubernetesRuntime implements Runtime interface for Kubernetes

func NewKubernetesRuntime 

func NewKubernetesRuntime(config Config) (*KubernetesRuntime, error)

NewKubernetesRuntime creates a new Kubernetes runtime

func (*KubernetesRuntime) CreateAgent 

func (r *KubernetesRuntime) CreateAgent(ctx context.Context, agent *arctypes.Agent) error

CreateAgent creates a new agent pod

func (*KubernetesRuntime) DestroyAgent 

func (r *KubernetesRuntime) DestroyAgent(ctx context.Context, agentID string) error

DestroyAgent removes an agent pod immediately

func (*KubernetesRuntime) ExecCommand 

func (r *KubernetesRuntime) ExecCommand(ctx context.Context, agentID string, cmd []string) (io.ReadCloser, error)

ExecCommand executes a command in an agent pod

func (*KubernetesRuntime) GetAgentStatus 

func (r *KubernetesRuntime) GetAgentStatus(ctx context.Context, agentID string) (*arctypes.Agent, error)

GetAgentStatus returns the current status of an agent

func (*KubernetesRuntime) ListAgents 

func (r *KubernetesRuntime) ListAgents(ctx context.Context) ([]*arctypes.Agent, error)

ListAgents returns all agents managed by this runtime

func (*KubernetesRuntime) StartAgent 

func (r *KubernetesRuntime) StartAgent(ctx context.Context, agentID string) error

StartAgent starts an agent pod (pods start automatically in K8s)

func (*KubernetesRuntime) StopAgent 

func (r *KubernetesRuntime) StopAgent(ctx context.Context, agentID string) error

StopAgent stops an agent pod

func (*KubernetesRuntime) StreamLogs 

func (r *KubernetesRuntime) StreamLogs(ctx context.Context, agentID string) (io.ReadCloser, error)

StreamLogs streams logs from an agent pod

type NetworkConfig 

type NetworkConfig struct {
	Mode      string            `json:"mode"`
	IPAddress string            `json:"ip_address,omitempty"`
	Gateway   string            `json:"gateway,omitempty"`
	DNS       []string          `json:"dns,omitempty"`
	Ports     map[string]string `json:"ports,omitempty"`
}

NetworkConfig holds network configuration for a container

type OCIManifest 

type OCIManifest struct {
	SchemaVersion int    `json:"schemaVersion"`
	MediaType     string `json:"mediaType"`
	Config        struct {
		MediaType string `json:"mediaType"`
		Size      int64  `json:"size"`
		Digest    string `json:"digest"`
	} `json:"config"`
	Layers []struct {
		MediaType string `json:"mediaType"`
		Size      int64  `json:"size"`
		Digest    string `json:"digest"`
	} `json:"layers"`
}

OCIManifest represents a minimal OCI image manifest

type OCIPuller 

type OCIPuller struct {
	// contains filtered or unexported fields
}

OCIPuller handles OCI image downloading using only standard library

func NewOCIPuller 

func NewOCIPuller(cacheDir string) *OCIPuller

NewOCIPuller creates a new OCI image puller

func (*OCIPuller) ExtractLocalImage 

func (p *OCIPuller) ExtractLocalImage(ctx context.Context, tarPath string, rootfsDir string) error

ExtractLocalImage extracts a local tar archive (for pre-downloaded images)

func (*OCIPuller) PullImage 

func (p *OCIPuller) PullImage(ctx context.Context, imageRef string, rootfsDir string) error

PullImage downloads and extracts an OCI image

type ResourceUsage 

type ResourceUsage struct {
	CPUUsage    float64   `json:"cpu_usage"`
	MemoryUsage int64     `json:"memory_usage"`
	DiskUsage   int64     `json:"disk_usage"`
	NetworkRx   int64     `json:"network_rx"`
	NetworkTx   int64     `json:"network_tx"`
	UpdatedAt   time.Time `json:"updated_at"`
}

ResourceUsage tracks resource consumption

type Runtime 

type Runtime interface {
	// CreateAgent creates a new agent container
	CreateAgent(ctx context.Context, agent *types.Agent) error

	// StartAgent starts an agent container
	StartAgent(ctx context.Context, agentID string) error

	// StopAgent stops an agent container
	StopAgent(ctx context.Context, agentID string) error

	// DestroyAgent removes an agent container
	DestroyAgent(ctx context.Context, agentID string) error

	// GetAgentStatus returns the current status of an agent
	GetAgentStatus(ctx context.Context, agentID string) (*types.Agent, error)

	// ListAgents returns all agents managed by this runtime
	ListAgents(ctx context.Context) ([]*types.Agent, error)

	// StreamLogs streams logs from an agent container
	StreamLogs(ctx context.Context, agentID string) (io.ReadCloser, error)

	// ExecCommand executes a command in an agent container
	ExecCommand(ctx context.Context, agentID string, cmd []string) (io.ReadCloser, error)
}

Runtime defines the interface for container runtimes

type TokenResponse 

type TokenResponse struct {
	Token       string `json:"token"`
	AccessToken string `json:"access_token"`
	ExpiresIn   int    `json:"expires_in"`
}

TokenResponse from Docker registry auth

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.