sandbox

package
v0.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 10, 2026 License: Apache-2.0 Imports: 58 Imported by: 0

Documentation

Index

Constants

View Source 
const (

	// SandboxEntityLabel is the container label key used to associate containers with sandbox entities.
	SandboxEntityLabel = "runtime.computer/entity-id"
)

Variables

This section is empty.

Functions

func PauseContainerID added in v0.4.0 

func PauseContainerID(id entity.Id) string

PauseContainerID returns the containerd container ID for a sandbox's pause container.

Types

type BlobGCResult added in v0.4.0 

type BlobGCResult struct {
	DeletedBlobs  []string
	FailedBlobs   map[string]error
	TotalBlobs    int
	RetainedBlobs int
}

BlobGCResult contains information about blobs cleaned up during GC.

type Cgroups 

type Cgroups struct {
	// contains filtered or unexported fields
}

type CleanupResult 

type CleanupResult struct {
	// DeletedContainers contains IDs of containers successfully removed
	DeletedContainers []string
	// FailedContainers contains IDs and errors for containers that failed to be removed
	FailedContainers map[string]error
}

CleanupResult contains information about containers cleaned up during orphan removal

type ContainerWatchdog 

type ContainerWatchdog struct {
	Log *slog.Logger
	CC  *containerd.Client
	EAC *entityserver_v1alpha.EntityAccessClient

	Namespace string
	// CheckInterval is how often to check for orphaned containers
	CheckInterval time.Duration
	// GraceWindow is how long to wait before removing containers from non-running sandboxes
	GraceWindow time.Duration
	// Subnet is used to release IP addresses when removing orphaned containers
	Subnet *netdb.Subnet
	// contains filtered or unexported fields
}

ContainerWatchdog periodically checks that containers in containerd match what is expected by sandbox entities. It removes orphaned containers that shouldn't exist, acting as a safety mechanism to keep the container runtime clean.

func (*ContainerWatchdog) CleanupOrphanedContainers added in v0.4.0 

func (w *ContainerWatchdog) CleanupOrphanedContainers(ctx context.Context) (*CleanupResult, error)

CleanupOrphanedContainers removes containers not associated with Running sandboxes. Returns a CleanupResult containing lists of successfully deleted and failed containers.

func (*ContainerWatchdog) Start 

func (w *ContainerWatchdog) Start(ctx context.Context)

Start begins the periodic container cleanup process

func (*ContainerWatchdog) Stop 

func (w *ContainerWatchdog) Stop()

Stop gracefully stops the watchdog

type ImageGCConfig added in v0.3.0 

type ImageGCConfig struct {
	// ScheduledGCInterval is how often to run scheduled GC regardless of pressure (default: 168h/weekly)
	ScheduledGCInterval time.Duration
	// PressureCheckInterval is how often to check disk pressure (default: 1h)
	PressureCheckInterval time.Duration
	// DiskPressureThreshold is the disk usage percentage that triggers immediate GC (default: 80%)
	DiskPressureThreshold float64
}

ImageGCConfig holds configuration for the image garbage collector.

func DefaultImageGCConfig added in v0.3.0 

func DefaultImageGCConfig() ImageGCConfig

DefaultImageGCConfig returns the default configuration for image GC.

type ImageGCResult added in v0.3.0 

type ImageGCResult struct {
	// DeletedImages contains names of images successfully removed
	DeletedImages []string
	// FailedImages contains names and errors for images that failed to be removed
	FailedImages map[string]error
	// TotalImages is the total number of images before GC
	TotalImages int
	// RetainedImages is the number of images kept
	RetainedImages int
}

ImageGCResult contains information about images cleaned up during GC.

type ImageWatchdog added in v0.3.0 

type ImageWatchdog struct {
	Log *slog.Logger
	CC  *containerd.Client
	EAC *entityserver_v1alpha.EntityAccessClient

	Namespace string
	DataPath  string
	Config    ImageGCConfig
	// contains filtered or unexported fields
}

ImageWatchdog periodically garbage collects container images from containerd. It uses Artifact entity status to determine which images to remove: - Images with no corresponding Artifact are kept (infrastructure images, etc.) - Images with Artifact status "active" or empty are kept - Images with Artifact status "archived" are deleted

func (*ImageWatchdog) ParseArtifactID added in v0.4.0 

func (w *ImageWatchdog) ParseArtifactID(imageName string) string

ParseArtifactID extracts the artifact ID from an image name. Image format: cluster.local:5000/{app}:{artifact-name} Artifact ID format: artifact/{artifact-name} Returns empty string if the image doesn't match the expected format.

func (*ImageWatchdog) RunBlobGC added in v0.4.0 

func (w *ImageWatchdog) RunBlobGC(ctx context.Context) (*BlobGCResult, error)

RunBlobGC performs garbage collection of unreferenced registry blobs. It compares blob files on disk against digests referenced by non-archived artifacts and deletes any that are no longer needed.

func (*ImageWatchdog) RunGC added in v0.3.0 

func (w *ImageWatchdog) RunGC(ctx context.Context) (*ImageGCResult, error)

RunGC performs garbage collection of unused images.

func (*ImageWatchdog) Start added in v0.3.0 

func (w *ImageWatchdog) Start(ctx context.Context)

Start begins the periodic image cleanup process.

func (*ImageWatchdog) Stop added in v0.3.0 

func (w *ImageWatchdog) Stop()

Stop gracefully stops the watchdog.

type Metrics 

type Metrics struct {
	Log      *slog.Logger
	CPUUsage *metrics.CPUUsage
	MemUsage *metrics.MemoryUsage
	// contains filtered or unexported fields
}

func NewMetrics added in v0.3.0 

func NewMetrics() *Metrics

NewMetrics creates a new Metrics.

func (*Metrics) Add 

func (m *Metrics) Add(name string, pathes map[string]string, attributes map[string]string) error

func (*Metrics) Gather 

func (m *Metrics) Gather(name string) ([]*metric_v1alpha.ContainerSnapshot, error)

func (*Metrics) Monitor 

func (m *Metrics) Monitor(ctx context.Context)

func (*Metrics) Remove 

func (m *Metrics) Remove(name string) error

func (*Metrics) Snapshot 

func (m *Metrics) Snapshot(ctx context.Context, req *metric_v1alpha.SandboxMetricsSnapshot) error

type PortMonitor 

type PortMonitor struct {
	// contains filtered or unexported fields
}

PortMonitor monitors ports for containers using polling

func NewPortMonitor 

func NewPortMonitor(log *slog.Logger, ports observability.PortTracker) *PortMonitor

NewPortMonitor creates a new port monitor

func (*PortMonitor) Close 

func (pm *PortMonitor) Close() error

Close stops all monitoring

func (*PortMonitor) MonitorContainer 

func (pm *PortMonitor) MonitorContainer(containerID string, ip string, pid int, ports []int)

MonitorContainer starts monitoring ports for a container. It checks port binding by reading /proc/<pid>/net/tcp from the container's network namespace (via the pause container's PID) rather than doing a TCP dial from the host, which can be interfered with by iptables DNAT rules.

func (*PortMonitor) StopMonitoring 

func (pm *PortMonitor) StopMonitoring(containerID string)

StopMonitoring stops monitoring for a container

type SandboxController 

type SandboxController struct {
	Log *slog.Logger
	CC  *containerd.Client

	EAC *entityserver_v1alpha.EntityAccessClient

	Namespace string
	NodeId    string

	NetServ *network.ServiceManager

	Bridge string
	Subnet *netdb.Subnet

	DataPath string
	Tempdir  string

	LogsMaintainer *observability.LogsMaintainer
	LogWriter      observability.LogWriter

	StatusMon *observability.StatusMonitor

	Resolver netresolve.Resolver
	Metrics  *Metrics
	// contains filtered or unexported fields
}

func NewSandboxController added in v0.3.0 

func NewSandboxController(cfg SandboxControllerDeps) (*SandboxController, error)

NewSandboxController creates a new SandboxController with validated dependencies.

func (*SandboxController) Close 

func (c *SandboxController) Close() error

func (*SandboxController) Create 

func (c *SandboxController) Create(ctx context.Context, co *compute.Sandbox, meta *entity.Meta) error

func (*SandboxController) Delete 

func (c *SandboxController) Delete(ctx context.Context, id entity.Id, sb *compute.Sandbox) error

func (*SandboxController) Init 

func (c *SandboxController) Init(ctx context.Context) error

func (*SandboxController) Periodic 

func (c *SandboxController) Periodic(ctx context.Context, timeHorizon time.Duration) error

Periodic cleans up dead sandboxes that are older than the specified time horizon

func (*SandboxController) SetPortStatus 

func (c *SandboxController) SetPortStatus(id string, port observability.BoundPort, status observability.PortStatus)

func (*SandboxController) SetWriteTracker 

func (c *SandboxController) SetWriteTracker(wt controller.WriteTracker)

SetWriteTracker sets the write tracker for recording manual entity writes

type SandboxControllerDeps added in v0.3.0 

type SandboxControllerDeps struct {
	Log       *slog.Logger
	CC        *containerd.Client
	EAC       *entityserver_v1alpha.EntityAccessClient
	Namespace string
	NodeId    string
	NetServ   *network.ServiceManager
	Bridge    string
	Subnet    *netdb.Subnet
	DataPath  string
	Tempdir   string

	LogsMaintainer *observability.LogsMaintainer
	LogWriter      observability.LogWriter
	StatusMon      *observability.StatusMonitor
	Resolver       netresolve.Resolver
	Metrics        *Metrics
}

SandboxControllerDeps holds required dependencies for SandboxController.

type SandboxLogs 

type SandboxLogs struct {
	// contains filtered or unexported fields
}

func NewSandboxLogs 

func NewSandboxLogs(
	log *slog.Logger,
	entity string,
	attrs map[string]string,
	lw observability.LogWriter,
) *SandboxLogs

func (*SandboxLogs) Stderr 

func (s *SandboxLogs) Stderr() *SandboxLogs

func (*SandboxLogs) Write 

func (s *SandboxLogs) Write(p []byte) (n int, err error)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.