Documentation ¶
Index ¶
- Constants
- func GetConflictFreeLabels(labels []string) ([]string, error)
- func IsPermissibleC8dRuntimeName(name string) bool
- func MaskCredentials(rawURL string) string
- func ParseGenericResources(value []string) ([]swarm.GenericResource, error)
- func Reload(configFile string, flags *pflag.FlagSet, reload func(*Config)) error
- func Validate(config *Config) error
- type BridgeConfig
- type BuilderConfig
- type BuilderEntitlements
- type BuilderGCConfig
- type BuilderGCFilter
- type BuilderGCRule
- type CommonConfig
- type CommonTLSOptions
- type Config
- func (conf *Config) GetAllRuntimes() map[string]types.Runtime
- func (conf *Config) GetDefaultRuntimeName() string
- func (conf *Config) GetExecRoot() string
- func (conf *Config) GetInitPath() string
- func (conf *Config) GetResolvConf() string
- func (conf *Config) GetRuntime(name string) *types.Runtime
- func (conf *Config) IsRootless() bool
- func (conf *Config) IsSwarmCompatible() error
- func (conf *Config) IsValueSet(name string) bool
- func (conf *Config) ValidatePlatformConfig() error
- type DNSConfig
- type LogConfig
- type NetworkConfig
- type Proxies
Constants ¶
const ( // DefaultMaxConcurrentDownloads is the default value for // maximum number of downloads that // may take place at a time for each pull. DefaultMaxConcurrentDownloads = 3 // DefaultMaxConcurrentUploads is the default value for // maximum number of uploads that // may take place at a time for each push. DefaultMaxConcurrentUploads = 5 // DefaultDownloadAttempts is the default value for // maximum number of attempts that // may take place at a time for each pull when the connection is lost. DefaultDownloadAttempts = 5 // DefaultShmSize is the default value for container's shm size (64 MiB) DefaultShmSize int64 = 64 * 1024 * 1024 // DefaultNetworkMtu is the default value for network MTU DefaultNetworkMtu = 1500 // DisableNetworkBridge is the default value of the option to disable network bridge DisableNetworkBridge = "none" // DefaultShutdownTimeout is the default shutdown timeout (in seconds) for // the daemon for containers to stop when it is shutting down. DefaultShutdownTimeout = 15 // DefaultInitBinary is the name of the default init binary DefaultInitBinary = "docker-init" // DefaultRuntimeBinary is the default runtime to be used by // containerd if none is specified DefaultRuntimeBinary = "runc" // DefaultContainersNamespace is the name of the default containerd namespace used for users containers. DefaultContainersNamespace = "moby" // DefaultPluginNamespace is the name of the default containerd namespace used for plugins. DefaultPluginNamespace = "plugins.moby" // LinuxV2RuntimeName is the runtime used to specify the containerd v2 runc shim LinuxV2RuntimeName = "io.containerd.runc.v2" // SeccompProfileDefault is the built-in default seccomp profile. SeccompProfileDefault = "builtin" // SeccompProfileUnconfined is a special profile name for seccomp to use an // "unconfined" seccomp profile. SeccompProfileUnconfined = "unconfined" )
const ( // DefaultIpcMode is default for container's IpcMode, if not set otherwise DefaultIpcMode = container.IPCModePrivate // DefaultCgroupNamespaceMode is the default mode for containers cgroup namespace when using cgroups v2. DefaultCgroupNamespaceMode = container.CgroupnsModePrivate // DefaultCgroupV1NamespaceMode is the default mode for containers cgroup namespace when using cgroups v1. DefaultCgroupV1NamespaceMode = container.CgroupnsModeHost // StockRuntimeName is the reserved name/alias used to represent the // OCI runtime being shipped with the docker daemon package. StockRuntimeName = "runc" )
Variables ¶
This section is empty.
Functions ¶
func GetConflictFreeLabels ¶
GetConflictFreeLabels validates Labels for conflict In swarm the duplicates for labels are removed so we only take same values here, no conflict values If the key-value is the same we will only take the last label
func IsPermissibleC8dRuntimeName ¶
IsPermissibleC8dRuntimeName tests whether name is safe to pass into containerd as a runtime name, and whether the name is well-formed. It does not check if the runtime is installed.
A runtime name containing slash characters is interpreted by containerd as the path to a runtime binary. If we allowed this, anyone with Engine API access could get containerd to execute an arbitrary binary as root. Although Engine API access is already equivalent to root on the host, the runtime name has not historically been a vector to run arbitrary code as root so users are not expecting it to become one.
This restriction is not configurable. There are viable workarounds for legitimate use cases: administrators and runtime developers can make runtimes available for use with Docker by installing them onto PATH following the binary naming convention for containerd Runtime v2.
func MaskCredentials ¶
MaskCredentials masks credentials that are in an URL.
func ParseGenericResources ¶
func ParseGenericResources(value []string) ([]swarm.GenericResource, error)
ParseGenericResources parses and validates the specified string as a list of GenericResource
Types ¶
type BridgeConfig ¶
type BridgeConfig struct { // Fields below here are platform specific. DefaultIP net.IP `json:"ip,omitempty"` IP string `json:"bip,omitempty"` DefaultGatewayIPv4 net.IP `json:"default-gateway,omitempty"` DefaultGatewayIPv6 net.IP `json:"default-gateway-v6,omitempty"` InterContainerCommunication bool `json:"icc,omitempty"` EnableIPv6 bool `json:"ipv6,omitempty"` EnableIPTables bool `json:"iptables,omitempty"` EnableIP6Tables bool `json:"ip6tables,omitempty"` EnableIPForward bool `json:"ip-forward,omitempty"` EnableIPMasq bool `json:"ip-masq,omitempty"` EnableUserlandProxy bool `json:"userland-proxy,omitempty"` UserlandProxyPath string `json:"userland-proxy-path,omitempty"` FixedCIDRv6 string `json:"fixed-cidr-v6,omitempty"` // contains filtered or unexported fields }
BridgeConfig stores all the bridge driver specific configuration.
type BuilderConfig ¶
type BuilderConfig struct { GC BuilderGCConfig `json:",omitempty"` Entitlements BuilderEntitlements `json:",omitempty"` }
BuilderConfig contains config for the builder
type BuilderEntitlements ¶
type BuilderEntitlements struct { NetworkHost *bool `json:"network-host,omitempty"` SecurityInsecure *bool `json:"security-insecure,omitempty"` }
BuilderEntitlements contains settings to enable/disable entitlements
type BuilderGCConfig ¶
type BuilderGCConfig struct { Enabled bool `json:",omitempty"` Policy []BuilderGCRule `json:",omitempty"` DefaultKeepStorage string `json:",omitempty"` }
BuilderGCConfig contains GC config for a buildkit builder
type BuilderGCFilter ¶
BuilderGCFilter contains garbage-collection filter rules for a BuildKit builder
func (*BuilderGCFilter) MarshalJSON ¶
func (x *BuilderGCFilter) MarshalJSON() ([]byte, error)
MarshalJSON returns a JSON byte representation of the BuilderGCFilter
func (*BuilderGCFilter) UnmarshalJSON ¶
func (x *BuilderGCFilter) UnmarshalJSON(data []byte) error
UnmarshalJSON fills the BuilderGCFilter values structure from JSON input
type BuilderGCRule ¶
type BuilderGCRule struct { All bool `json:",omitempty"` Filter BuilderGCFilter `json:",omitempty"` KeepStorage string `json:",omitempty"` }
BuilderGCRule represents a GC rule for buildkit cache
type CommonConfig ¶
type CommonConfig struct { AuthzMiddleware *authorization.Middleware `json:"-"` AuthorizationPlugins []string `json:"authorization-plugins,omitempty"` // AuthorizationPlugins holds list of authorization plugins AutoRestart bool `json:"-"` Context map[string][]string `json:"-"` DisableBridge bool `json:"-"` ExecOptions []string `json:"exec-opts,omitempty"` GraphDriver string `json:"storage-driver,omitempty"` GraphOptions []string `json:"storage-opts,omitempty"` Labels []string `json:"labels,omitempty"` Mtu int `json:"mtu,omitempty"` NetworkDiagnosticPort int `json:"network-diagnostic-port,omitempty"` Pidfile string `json:"pidfile,omitempty"` RawLogs bool `json:"raw-logs,omitempty"` RootDeprecated string `json:"graph,omitempty"` // Deprecated: use Root instead. TODO(thaJeztah): remove in next release. Root string `json:"data-root,omitempty"` ExecRoot string `json:"exec-root,omitempty"` SocketGroup string `json:"group,omitempty"` CorsHeaders string `json:"api-cors-header,omitempty"` // Proxies holds the proxies that are configured for the daemon. Proxies `json:"proxies"` // TrustKeyPath is used to generate the daemon ID and for signing schema 1 manifests // when pushing to a registry which does not support schema 2. This field is marked as // deprecated because schema 1 manifests are deprecated in favor of schema 2 and the // daemon ID will use a dedicated identifier not shared with exported signatures. TrustKeyPath string `json:"deprecated-key-path,omitempty"` // LiveRestoreEnabled determines whether we should keep containers // alive upon daemon shutdown/start LiveRestoreEnabled bool `json:"live-restore,omitempty"` // MaxConcurrentDownloads is the maximum number of downloads that // may take place at a time for each pull. MaxConcurrentDownloads int `json:"max-concurrent-downloads,omitempty"` // MaxConcurrentUploads is the maximum number of uploads that // may take place at a time for each push. MaxConcurrentUploads int `json:"max-concurrent-uploads,omitempty"` // MaxDownloadAttempts is the maximum number of attempts that // may take place at a time for each push. MaxDownloadAttempts int `json:"max-download-attempts,omitempty"` // ShutdownTimeout is the timeout value (in seconds) the daemon will wait for the container // to stop when daemon is being shutdown ShutdownTimeout int `json:"shutdown-timeout,omitempty"` Debug bool `json:"debug,omitempty"` Hosts []string `json:"hosts,omitempty"` LogLevel string `json:"log-level,omitempty"` TLS *bool `json:"tls,omitempty"` TLSVerify *bool `json:"tlsverify,omitempty"` // Embedded structs that allow config // deserialization without the full struct. CommonTLSOptions // SwarmDefaultAdvertiseAddr is the default host/IP or network interface // to use if a wildcard address is specified in the ListenAddr value // given to the /swarm/init endpoint and no advertise address is // specified. SwarmDefaultAdvertiseAddr string `json:"swarm-default-advertise-addr"` // SwarmRaftHeartbeatTick is the number of ticks in time for swarm mode raft quorum heartbeat // Typical value is 1 SwarmRaftHeartbeatTick uint32 `json:"swarm-raft-heartbeat-tick"` // SwarmRaftElectionTick is the number of ticks to elapse before followers in the quorum can propose // a new round of leader election. Default, recommended value is at least 10X that of Heartbeat tick. // Higher values can make the quorum less sensitive to transient faults in the environment, but this also // means it takes longer for the managers to detect a down leader. SwarmRaftElectionTick uint32 `json:"swarm-raft-election-tick"` MetricsAddress string `json:"metrics-addr"` DNSConfig LogConfig BridgeConfig // bridgeConfig holds bridge network specific configuration. NetworkConfig registry.ServiceOptions sync.Mutex // FIXME(vdemeester) This part is not that clear and is mainly dependent on cli flags // It should probably be handled outside this package. ValuesSet map[string]interface{} `json:"-"` Experimental bool `json:"experimental"` // Experimental indicates whether experimental features should be exposed or not // Exposed node Generic Resources // e.g: ["orange=red", "orange=green", "orange=blue", "apple=3"] NodeGenericResources []string `json:"node-generic-resources,omitempty"` // ContainerAddr is the address used to connect to containerd if we're // not starting it ourselves ContainerdAddr string `json:"containerd,omitempty"` // CriContainerd determines whether a supervised containerd instance // should be configured with the CRI plugin enabled. This allows using // Docker's containerd instance directly with a Kubernetes kubelet. CriContainerd bool `json:"cri-containerd,omitempty"` // Features contains a list of feature key value pairs indicating what features are enabled or disabled. // If a certain feature doesn't appear in this list then it's unset (i.e. neither true nor false). Features map[string]bool `json:"features,omitempty"` Builder BuilderConfig `json:"builder,omitempty"` ContainerdNamespace string `json:"containerd-namespace,omitempty"` ContainerdPluginNamespace string `json:"containerd-plugin-namespace,omitempty"` DefaultRuntime string `json:"default-runtime,omitempty"` }
CommonConfig defines the configuration of a docker daemon which is common across platforms. It includes json tags to deserialize configuration from a file using the same names that the flags in the command line use.
type CommonTLSOptions ¶
type CommonTLSOptions struct { CAFile string `json:"tlscacert,omitempty"` CertFile string `json:"tlscert,omitempty"` KeyFile string `json:"tlskey,omitempty"` }
CommonTLSOptions defines TLS configuration for the daemon server. It includes json tags to deserialize configuration from a file using the same names that the flags in the command line use.
type Config ¶
type Config struct { CommonConfig // Fields below here are platform specific. Runtimes map[string]types.Runtime `json:"runtimes,omitempty"` DefaultInitBinary string `json:"default-init,omitempty"` CgroupParent string `json:"cgroup-parent,omitempty"` EnableSelinuxSupport bool `json:"selinux-enabled,omitempty"` RemappedRoot string `json:"userns-remap,omitempty"` Ulimits map[string]*units.Ulimit `json:"default-ulimits,omitempty"` CPURealtimePeriod int64 `json:"cpu-rt-period,omitempty"` CPURealtimeRuntime int64 `json:"cpu-rt-runtime,omitempty"` OOMScoreAdjust int `json:"oom-score-adjust,omitempty"` Init bool `json:"init,omitempty"` InitPath string `json:"init-path,omitempty"` SeccompProfile string `json:"seccomp-profile,omitempty"` ShmSize opts.MemBytes `json:"default-shm-size,omitempty"` NoNewPrivileges bool `json:"no-new-privileges,omitempty"` IpcMode string `json:"default-ipc-mode,omitempty"` CgroupNamespaceMode string `json:"default-cgroupns-mode,omitempty"` // ResolvConf is the path to the configuration of the host resolver ResolvConf string `json:"resolv-conf,omitempty"` Rootless bool `json:"rootless,omitempty"` }
Config defines the configuration of a docker daemon. It includes json tags to deserialize configuration from a file using the same names that the flags in the command line uses.
func MergeDaemonConfigurations ¶
func MergeDaemonConfigurations(flagsConfig *Config, flags *pflag.FlagSet, configFile string) (*Config, error)
MergeDaemonConfigurations reads a configuration file, loads the file configuration in an isolated structure, and merges the configuration provided from flags on top if there are no conflicts.
func (*Config) GetAllRuntimes ¶
GetAllRuntimes returns a copy of the runtimes map
func (*Config) GetDefaultRuntimeName ¶
GetDefaultRuntimeName returns the current default runtime
func (*Config) GetExecRoot ¶
GetExecRoot returns the user configured Exec-root
func (*Config) GetInitPath ¶
GetInitPath returns the configured docker-init path
func (*Config) GetResolvConf ¶
GetResolvConf returns the appropriate resolv.conf Check setupResolvConf on how this is selected
func (*Config) GetRuntime ¶
GetRuntime returns the runtime path and arguments for a given runtime name
func (*Config) IsRootless ¶
IsRootless returns conf.Rootless on Linux but false on Windows
func (*Config) IsSwarmCompatible ¶
IsSwarmCompatible defines if swarm mode can be enabled in this config
func (*Config) IsValueSet ¶
IsValueSet returns true if a configuration value was explicitly set in the configuration file.
func (*Config) ValidatePlatformConfig ¶
ValidatePlatformConfig checks if any platform-specific configuration settings are invalid.
type DNSConfig ¶
type DNSConfig struct { DNS []string `json:"dns,omitempty"` DNSOptions []string `json:"dns-opts,omitempty"` DNSSearch []string `json:"dns-search,omitempty"` HostGatewayIP net.IP `json:"host-gateway-ip,omitempty"` }
DNSConfig defines the DNS configurations.
type LogConfig ¶
type LogConfig struct { Type string `json:"log-driver,omitempty"` Config map[string]string `json:"log-opts,omitempty"` }
LogConfig represents the default log configuration. It includes json tags to deserialize configuration from a file using the same names that the flags in the command line use.
type NetworkConfig ¶
type NetworkConfig struct { // Default address pools for docker networks DefaultAddressPools opts.PoolsOpt `json:"default-address-pools,omitempty"` // NetworkControlPlaneMTU allows to specify the control plane MTU, this will allow to optimize the network use in some components NetworkControlPlaneMTU int `json:"network-control-plane-mtu,omitempty"` }
NetworkConfig stores the daemon-wide networking configurations