containerstore

package
v0.1442.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 27, 2024 License: Apache-2.0 Imports: 63 Imported by: 3

Documentation

Index

Constants

View Source
const (
	CredCreationSucceededCount       = "CredCreationSucceededCount"
	CredCreationSucceededDuration    = "CredCreationSucceededDuration"
	CredCreationFailedCount          = "CredCreationFailedCount"
	C2CCredCreationSucceededCount    = "C2CCredCreationSucceededCount"
	C2CCredCreationSucceededDuration = "C2CCredCreationSucceededDuration"
	C2CCredCreationFailedCount       = "C2CCredCreationFailedCount"
)
View Source
const (
	StartProxyPort  = 61001
	EndProxyPort    = 65534
	DefaultHTTPPort = 8080
	C2CTLSPort      = 61443

	TimeOut = 250000000

	IngressListener = "ingress_listener"
	TcpProxy        = "envoy.tcp_proxy"
	AdsClusterName  = "pilot-ads"

	AdminAccessLog = os.DevNull
)
View Source
const (
	GardenContainerCreationSucceededDuration    = "GardenContainerCreationSucceededDuration"
	GardenContainerCreationFailedDuration       = "GardenContainerCreationFailedDuration"
	GardenContainerDestructionSucceededDuration = "GardenContainerDestructionSucceededDuration"
	GardenContainerDestructionFailedDuration    = "GardenContainerDestructionFailedDuration"
	ContainerSetupFailedDuration                = "ContainerSetupFailedDuration"
)

To be deprecated

View Source
const BindMountCleanupFailed = "failed to cleanup bindmount artifacts"
View Source
const ContainerCompletedCount = "ContainerCompletedCount"
View Source
const ContainerCreationFailedMessage = "failed to create container"
View Source
const ContainerExitedOnTimeoutCount = "ContainerExitedOnTimeoutCount"
View Source
const ContainerExpirationMessage = "expired container"
View Source
const ContainerMissingMessage = "missing garden container"
View Source
const CredDirFailed = "failed to create credentials directory"
View Source
const DownloadCachedDependenciesFailed = "failed to download cached artifacts"
View Source
const VolmanMountFailed = "failed to mount volume"

Variables

View Source
var (
	ErrNoPortsAvailable     = errors.New("no ports available")
	ErrInvalidCertificate   = errors.New("cannot parse invalid certificate")
	ErrC2CTLSPortIsReserved = fmt.Errorf("port %d is reserved for container networking", C2CTLSPort)

	AlpnProtocols         = []string{"h2,http/1.1"}
	SupportedCipherSuites = []string{"ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-RSA-AES128-GCM-SHA256"}
)
View Source
var (
	ErrFailedToCAS = errors.New("failed-to-cas")
)
View Source
var ErrIPRangeConversionFailed = errors.New("failed to convert destination to ip range")

Functions

This section is empty.

Types

type BindMountCacheKey

type BindMountCacheKey struct {
	CacheKey string
	Dir      string
}

func NewbindMountCacheKey

func NewbindMountCacheKey(cacheKey, dir string) BindMountCacheKey

type BindMounts

type BindMounts struct {
	CacheKeys        []BindMountCacheKey
	GardenBindMounts []garden.BindMount
}

func NewBindMounts

func NewBindMounts(capacity int) BindMounts

func (*BindMounts) AddBindMount

func (b *BindMounts) AddBindMount(cacheKey string, mount garden.BindMount)

type ContainerConfig

type ContainerConfig struct {
	OwnerName    string
	INodeLimit   uint64
	MaxCPUShares uint64
	SetCPUWeight bool

	ReservedExpirationTime time.Duration
	ReapInterval           time.Duration
	MaxLogLinesPerSecond   int
	MetricReportInterval   time.Duration
}

type ContainerInfoProvider

type ContainerInfoProvider interface {
	Info() executor.Container
}

type ContainerStore

type ContainerStore interface {
	// Setters
	Reserve(logger lager.Logger, traceID string, req *executor.AllocationRequest) (executor.Container, error)
	Destroy(logger lager.Logger, traceID string, guid string) error

	// Container Operations
	Initialize(logger lager.Logger, req *executor.RunRequest) error
	Create(logger lager.Logger, traceID string, guid string) (executor.Container, error)
	Run(logger lager.Logger, traceID string, guid string) error
	Update(logger lager.Logger, req *executor.UpdateRequest) error
	Stop(logger lager.Logger, traceID string, guid string) error

	// Getters
	Get(logger lager.Logger, guid string) (executor.Container, error)
	List(logger lager.Logger) []executor.Container
	Metrics(logger lager.Logger) (map[string]executor.ContainerMetrics, error)
	RemainingResources(logger lager.Logger) executor.ExecutorResources
	GetFiles(logger lager.Logger, guid, sourcePath string) (io.ReadCloser, error)

	// Cleanup
	NewRegistryPruner(logger lager.Logger) ifrit.Runner
	NewContainerReaper(logger lager.Logger) ifrit.Runner

	// shutdown the dependency manager
	Cleanup(logger lager.Logger)
}

func New

func New(
	containerConfig ContainerConfig,
	totalCapacity *executor.ExecutorResources,
	gardenClientFactory GardenClientFactory,
	dependencyManager DependencyManager,
	volumeManager volman.Manager,
	credManager CredManager,
	logManager LogManager,
	clock clock.Clock,
	eventEmitter event.Hub,
	transformer transformer.Transformer,
	trustedSystemCertificatesPath string,
	metronClient loggingclient.IngressClient,
	rootFSSizer configuration.RootFSSizer,
	useDeclarativeHealthCheck bool,
	declarativeHealthcheckPath string,
	proxyConfigHandler ProxyManager,
	cellID string,
	enableUnproxiedPortMappings bool,
	advertisePreferenceForInstanceAddress bool,
	jsonMarshaller func(any) ([]byte, error),
) ContainerStore

type CredManager

type CredManager interface {
	CreateCredDir(lager.Logger, executor.Container) ([]garden.BindMount, []executor.EnvironmentVariable, error)
	RemoveCredDir(lager.Logger, executor.Container) error
	Runner(lager.Logger, ContainerInfoProvider, <-chan struct{}) ifrit.Runner
}

func NewCredManager

func NewCredManager(
	logger lager.Logger,
	metronClient loggingclient.IngressClient,
	validityPeriod time.Duration,
	entropyReader io.Reader,
	clock clock.Clock,
	CaCert *x509.Certificate,
	privateKey *rsa.PrivateKey,
	handlers ...CredentialHandler,
) CredManager

func NewNoopCredManager

func NewNoopCredManager() CredManager

type Credential

type Credential struct {
	Cert string
	Key  string
}

func (Credential) IsEmpty

func (c Credential) IsEmpty() bool

type CredentialHandler

type CredentialHandler interface {
	// Called to create the necessary directory
	CreateDir(logger lager.Logger, container executor.Container) ([]garden.BindMount, []executor.EnvironmentVariable, error)

	// Called during shutdown to remove directory created in CreateDir
	RemoveDir(logger lager.Logger, container executor.Container) error

	// Called periodically as new valid certificate/key pair are generated
	Update(credentials Credentials, container executor.Container) error

	// Called when the CredManager is preparing to exit. This is mainly to update
	// the EnvoyProxy with invalid certificates and prevent it from accepting
	// more incoming traffic from the gorouter
	Close(invalidCredentials Credentials, container executor.Container) error
}

CredentialHandler handles new credential generated by the CredManager.

type Credentials

type Credentials struct {
	InstanceIdentityCredential Credential
	C2CCredential              Credential
}

type DependencyManager

type DependencyManager interface {
	DownloadCachedDependencies(logger lager.Logger, mounts []executor.CachedDependency, logconfig executor.LogConfig, metronClient loggingclient.IngressClient) (BindMounts, error)
	ReleaseCachedDependencies(logger lager.Logger, keys []BindMountCacheKey) error
	Stop(logger lager.Logger)
}

func NewDependencyManager

func NewDependencyManager(cache cacheddownloader.CachedDownloader, downloadRateLimiter chan struct{}) DependencyManager

type GardenClientFactory

type GardenClientFactory interface {
	NewGardenClient(logger lager.Logger, traceID string) garden.Client
}

func NewGardenClientFactory

func NewGardenClientFactory(network, address string) GardenClientFactory

type InstanceIdentityHandler

type InstanceIdentityHandler struct {
	// contains filtered or unexported fields
}

func NewInstanceIdentityHandler

func NewInstanceIdentityHandler(
	credDir string,
	containerMountPath string,
) *InstanceIdentityHandler

func (*InstanceIdentityHandler) Close

func (h *InstanceIdentityHandler) Close(creds Credentials, container executor.Container) error

func (*InstanceIdentityHandler) CreateDir

func (h *InstanceIdentityHandler) CreateDir(logger lager.Logger, container executor.Container) ([]garden.BindMount, []executor.EnvironmentVariable, error)

func (*InstanceIdentityHandler) RemoveDir

func (h *InstanceIdentityHandler) RemoveDir(logger lager.Logger, container executor.Container) error

func (*InstanceIdentityHandler) Update

func (h *InstanceIdentityHandler) Update(creds Credentials, container executor.Container) error

type LogManager

type LogManager interface {
	NewLogStreamer(conf executor.LogConfig, metronClient loggingclient.IngressClient, maxLogLinesPerSecond int, maxLogBytesPerSecond int64, metricReportInterval time.Duration) log_streamer.LogStreamer
}

func NewLogManager

func NewLogManager() LogManager

type NoopProxyConfigHandler

type NoopProxyConfigHandler struct{}

func NewNoopProxyConfigHandler

func NewNoopProxyConfigHandler() *NoopProxyConfigHandler

func (*NoopProxyConfigHandler) Close

func (p *NoopProxyConfigHandler) Close(invalidCredentials Credentials, container executor.Container) error

func (*NoopProxyConfigHandler) CreateDir

func (p *NoopProxyConfigHandler) CreateDir(logger lager.Logger, container executor.Container) ([]garden.BindMount, []executor.EnvironmentVariable, error)

func (*NoopProxyConfigHandler) ProxyPorts

func (p *NoopProxyConfigHandler) ProxyPorts(lager.Logger, *executor.Container) ([]executor.ProxyPortMapping, []uint16, error)

func (*NoopProxyConfigHandler) RemoveDir

func (p *NoopProxyConfigHandler) RemoveDir(logger lager.Logger, container executor.Container) error

func (*NoopProxyConfigHandler) RemoveProxyConfigDir

func (p *NoopProxyConfigHandler) RemoveProxyConfigDir(logger lager.Logger, container executor.Container) error

func (*NoopProxyConfigHandler) Runner

func (p *NoopProxyConfigHandler) Runner(logger lager.Logger, container executor.Container, credRotatedChan <-chan Credential) (ifrit.Runner, error)

func (*NoopProxyConfigHandler) Update

func (p *NoopProxyConfigHandler) Update(credentials Credentials, container executor.Container) error

type ProxyConfigHandler

type ProxyConfigHandler struct {
	// contains filtered or unexported fields
}

func NewProxyConfigHandler

func NewProxyConfigHandler(
	logger lager.Logger,
	containerProxyPath string,
	containerProxyConfigPath string,
	ContainerProxyTrustedCACerts []string,
	ContainerProxyVerifySubjectAltName []string,
	containerProxyRequireClientCerts bool,
	reloadDuration time.Duration,
	reloadClock clock.Clock,
	adsServers []string,
	http2Enabled bool,
) *ProxyConfigHandler

func (*ProxyConfigHandler) Close

func (p *ProxyConfigHandler) Close(invalidCredentials Credentials, container executor.Container) error

func (*ProxyConfigHandler) CreateDir

func (p *ProxyConfigHandler) CreateDir(logger lager.Logger, container executor.Container) ([]garden.BindMount, []executor.EnvironmentVariable, error)

func (*ProxyConfigHandler) ProxyPorts

func (p *ProxyConfigHandler) ProxyPorts(logger lager.Logger, container *executor.Container) ([]executor.ProxyPortMapping, []uint16, error)

This modifies the container pointer in order to create garden NetIn rules in the storenode.Create

func (*ProxyConfigHandler) RemoveDir

func (p *ProxyConfigHandler) RemoveDir(logger lager.Logger, container executor.Container) error

func (*ProxyConfigHandler) Update

func (p *ProxyConfigHandler) Update(credentials Credentials, container executor.Container) error

type ProxyManager

type ProxyManager interface {
	CredentialHandler
	ProxyPorts(lager.Logger, *executor.Container) ([]executor.ProxyPortMapping, []uint16, error)
}

Directories

Path Synopsis
Code generated by counterfeiter.
Code generated by counterfeiter.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL