Documentation ¶
Index ¶
- Constants
- Variables
- func NewDockerClientFromConfig(config *ClientConfig) libdocker.DockerClientInterface
- type ClientConfig
- type ContainerID
- type ContainerRuntimeOptions
- type HairpinMode
- type HairpinModeValue
- type NetworkPluginSettings
- type OSInterface
- type PortMapping
- type Protocol
- type RealOS
- func (RealOS) Chmod(path string, perm os.FileMode) error
- func (RealOS) Chtimes(path string, atime time.Time, mtime time.Time) error
- func (RealOS) Create(path string) (*os.File, error)
- func (RealOS) Glob(pattern string) ([]string, error)
- func (RealOS) Hostname() (name string, err error)
- func (RealOS) MkdirAll(path string, perm os.FileMode) error
- func (RealOS) Open(name string) (*os.File, error)
- func (RealOS) OpenFile(name string, flag int, perm os.FileMode) (*os.File, error)
- func (RealOS) Pipe() (r *os.File, w *os.File, err error)
- func (RealOS) ReadDir(dirname string) ([]os.DirEntry, error)
- func (RealOS) Remove(path string) error
- func (RealOS) RemoveAll(path string) error
- func (RealOS) Rename(oldpath, newpath string) error
- func (RealOS) Stat(path string) (os.FileInfo, error)
- func (RealOS) Symlink(oldname string, newname string) error
- type UID
Constants ¶
const ( KubernetesPodNameLabel = "io.kubernetes.pod.name" KubernetesPodNamespaceLabel = "io.kubernetes.pod.namespace" KubernetesPodUIDLabel = "io.kubernetes.pod.uid" KubernetesContainerNameLabel = "io.kubernetes.container.name" // PodInfraContainerName is used in a few places outside of Kubelet, such as indexing // into the container info. PodInfraContainerName = "POD" )
Labels
const ( // MaxPodTerminationMessageLogLength is the maximum bytes any one pod may have written // as termination message output across all containers. Containers will be evenly truncated // until output is below this limit. MaxPodTerminationMessageLogLength = 1024 * 12 // MaxContainerTerminationMessageLength is the upper bound any one container may write to // its termination message path. Contents above this length will be truncated. MaxContainerTerminationMessageLength = 1024 * 4 // MaxContainerTerminationMessageLogLength is the maximum bytes any one container will // have written to its termination message when the message is read from the logs. MaxContainerTerminationMessageLogLength = 1024 * 2 // MaxContainerTerminationMessageLogLines is the maximum number of previous lines of // log output that the termination message can contain. MaxContainerTerminationMessageLogLines = 80 )
Container logging constants
const ( // ImagePolicyFailedOpenKey is added to pods created by failing open when the image policy // webhook backend fails. ImagePolicyFailedOpenKey string = "alpha.image-policy.k8s.io/failed-open" // PodPresetOptOutAnnotationKey represents the annotation key for a pod to exempt itself from pod preset manipulation PodPresetOptOutAnnotationKey string = "podpreset.admission.kubernetes.io/exclude" // MirrorAnnotationKey represents the annotation key set by kubelets when creating mirror pods MirrorPodAnnotationKey string = "kubernetes.io/config.mirror" // TolerationsAnnotationKey represents the key of tolerations data (json serialized) // in the Annotations of a Pod. TolerationsAnnotationKey string = "scheduler.alpha.kubernetes.io/tolerations" // TaintsAnnotationKey represents the key of taints data (json serialized) // in the Annotations of a Node. TaintsAnnotationKey string = "scheduler.alpha.kubernetes.io/taints" // SeccompPodAnnotationKey represents the key of a seccomp profile applied // to all containers of a pod. // Deprecated: set a pod security context `seccompProfile` field. SeccompPodAnnotationKey string = "seccomp.security.alpha.kubernetes.io/pod" // SeccompContainerAnnotationKeyPrefix represents the key of a seccomp profile applied // to one container of a pod. SeccompContainerAnnotationKeyPrefix string = "container.seccomp.security.alpha.kubernetes.io/" // SeccompProfileRuntimeDefault represents the default seccomp profile used by container runtime. SeccompProfileRuntimeDefault string = "runtime/default" // SeccompProfileNameUnconfined is the unconfined seccomp profile. SeccompProfileNameUnconfined string = "unconfined" // SeccompLocalhostProfileNamePrefix is the prefix for specifying profiles loaded from the node's disk. SeccompLocalhostProfileNamePrefix = "localhost/" // AppArmorBetaContainerAnnotationKeyPrefix is the prefix to an annotation key specifying a container's apparmor profile. AppArmorBetaContainerAnnotationKeyPrefix = "container.apparmor.security.beta.kubernetes.io/" // AppArmorBetaDefaultProfileAnnotatoinKey is the annotation key specifying the default AppArmor profile. AppArmorBetaDefaultProfileAnnotationKey = "apparmor.security.beta.kubernetes.io/defaultProfileName" // AppArmorBetaAllowedProfileAnnotationKey is the annotation key specifying the allowed AppArmor profiles. AppArmorBetaAllowedProfilesAnnotationKey = "apparmor.security.beta.kubernetes.io/allowedProfileNames" // AppArmorBetaProfileRuntimeDefault is the profile specifying the runtime default. AppArmorBetaProfileRuntimeDefault = "runtime/default" // AppArmorBetaProfileNamePrefix is the prefix for specifying profiles loaded on the node. AppArmorBetaProfileNamePrefix = "localhost/" // AppArmorBetaProfileNameUnconfined is the Unconfined AppArmor profile AppArmorBetaProfileNameUnconfined = "unconfined" // DeprecatedSeccompProfileDockerDefault represents the default seccomp profile used by docker. DeprecatedSeccompProfileDockerDefault string = "docker/default" // PreferAvoidPodsAnnotationKey represents the key of preferAvoidPods data (json serialized) // in the Annotations of a Node. PreferAvoidPodsAnnotationKey string = "scheduler.alpha.kubernetes.io/preferAvoidPods" // ObjectTTLAnnotations represents a suggestion for kubelet for how long it can cache // an object (e.g. secret, config map) before fetching it again from apiserver. // This annotation can be attached to node. ObjectTTLAnnotationKey string = "node.alpha.kubernetes.io/ttl" // annotation key prefix used to identify non-convertible json paths. NonConvertibleAnnotationPrefix = "non-convertible.kubernetes.io" // LastAppliedConfigAnnotation is the annotation used to store the previous // configuration of a resource for use in a three way diff by UpdateApplyAnnotation. LastAppliedConfigAnnotation = kubectlPrefix + "last-applied-configuration" // AnnotationLoadBalancerSourceRangesKey is the key of the annotation on a service to set allowed ingress ranges on their LoadBalancers // // It should be a comma-separated list of CIDRs, e.g. `0.0.0.0/0` to // allow full access (the default) or `18.0.0.0/8,56.0.0.0/8` to allow // access only from the CIDRs currently allocated to MIT & the USPS. // // Not all cloud providers support this annotation, though AWS & GCE do. AnnotationLoadBalancerSourceRangesKey = "service.beta.kubernetes.io/load-balancer-source-ranges" // EndpointsLastChangeTriggerTime is the annotation key, set for endpoints objects, that // represents the timestamp (stored as RFC 3339 date-time string, e.g. '2018-10-22T19:32:52.1Z') // of the last change, of some Pod or Service object, that triggered the endpoints object change. // In other words, if a Pod / Service changed at time T0, that change was observed by endpoints // controller at T1, and the Endpoints object was changed at T2, the // EndpointsLastChangeTriggerTime would be set to T0. // // The "endpoints change trigger" here means any Pod or Service change that resulted in the // Endpoints object change. // // Given the definition of the "endpoints change trigger", please note that this annotation will // be set ONLY for endpoints object changes triggered by either Pod or Service change. If the // Endpoints object changes due to other reasons, this annotation won't be set (or updated if it's // already set). // // This annotation will be used to compute the in-cluster network programming latency SLI, see // https://github.com/kubernetes/community/blob/master/sig-scalability/slos/network_programming_latency.md EndpointsLastChangeTriggerTime = "endpoints.kubernetes.io/last-change-trigger-time" // MigratedPluginsAnnotationKey is the annotation key, set for CSINode objects, that is a comma-separated // list of in-tree plugins that will be serviced by the CSI backend on the Node represented by CSINode. // This annotation is used by the Attach Detach Controller to determine whether to use the in-tree or // CSI Backend for a volume plugin on a specific node. MigratedPluginsAnnotationKey = "storage.alpha.kubernetes.io/migrated-plugins" // CRIVersion is the latest CRI version supported by the CRI plugin. CRIVersion = "v1" // CRIVersionAlpha is the alpha version of CRI supported by the CRI plugin. CRIVersionAlpha = "v1alpha2" )
Security constants
Variables ¶
var IPv6DualStackEnabled bool
enableIPv6DualStack allows dual-homed pods
Functions ¶
func NewDockerClientFromConfig ¶
func NewDockerClientFromConfig(config *ClientConfig) libdocker.DockerClientInterface
NewDockerClientFromConfig create a docker client from given configure return nil if nil configure is given.
Types ¶
type ClientConfig ¶
type ClientConfig struct { DockerEndpoint string RuntimeRequestTimeout time.Duration ImagePullProgressDeadline time.Duration // Configuration for fake docker client EnableSleep bool WithTraceDisabled bool }
ClientConfig is parameters used to initialize docker client
type ContainerID ¶
type ContainerID struct { // The type of the container runtime. Type string // The identification of the container. ID string }
ContainerID is a type that identifies a container.
func BuildContainerID ¶
func BuildContainerID(typ, ID string) ContainerID
BuildContainerID returns the ContainerID given type and id.
func (*ContainerID) ParseString ¶
func (c *ContainerID) ParseString(data string) error
ParseString converts given string into ContainerID
type ContainerRuntimeOptions ¶
type ContainerRuntimeOptions struct { //// driver that the kubelet uses to manipulate cgroups on the host (cgroupfs or systemd) CgroupDriver string // RuntimeCgroups that container runtime is expected to be isolated in. RuntimeCgroups string // CriDockerdRootDirectory is the path to the cri-dockerd root directory. Defaults to // /var/lib/cri-dockerd if unset. Exposed for integration testing (e.g. in OpenShift). CriDockerdRootDirectory string // PodSandboxImage is the image whose network/ipc namespaces // containers in each pod will use. PodSandboxImage string // DockerEndpoint is the path to the docker endpoint to communicate with. DockerEndpoint string // If no pulling progress is made before the deadline imagePullProgressDeadline, // the image pulling will be cancelled. Defaults to 1m0s. // +optional ImagePullProgressDeadline v1.Duration // runtimeRequestTimeout is the timeout for all runtime requests except long-running // requests - pull, logs, exec and attach. RuntimeRequestTimeout v1.Duration // streamingConnectionIdleTimeout is the maximum time a streaming connection // can be idle before the connection is automatically closed. StreamingConnectionIdleTimeout v1.Duration // StreamingBindAddr is the address to bind the CRI streaming server to. // If not specified, it will bind to all addresses StreamingBindAddr string // The CIDR to use for pod IP addresses, only used in standalone mode. // In cluster mode, this is obtained from the master. PodCIDR string // enableIPv6DualStack allows dual-homed pods IPv6DualStackEnabled bool // networkPluginName is the name of the network plugin to be invoked for // various events in kubelet/pod lifecycle NetworkPluginName string // NetworkPluginMTU is the MTU to be passed to the network plugin, // and overrides the default MTU for cases where it cannot be automatically // computed (such as IPSEC). NetworkPluginMTU int32 // CNIConfDir is the full path of the directory in which to search for // CNI config files CNIConfDir string // CNIBinDir is the full path of the directory in which to search for // CNI plugin binaries CNIBinDir string // CNICacheDir is the full path of the directory in which CNI should store // cache files CNICacheDir string // HairpinMode is the mode used to allow endpoints of a Service to load // balance back to themselves if they should try to access their own Service HairpinMode HairpinMode }
ContainerRuntimeOptions contains runtime options
func (*ContainerRuntimeOptions) AddFlags ¶
func (s *ContainerRuntimeOptions) AddFlags(fs *pflag.FlagSet)
AddFlags has the set of flags needed by cri-dockerd
type HairpinMode ¶
type HairpinMode string
HairpinMode is the type of network hairpin modes
const ( PromiscuousBridge HairpinMode = "promiscuous-bridge" HairpinVeth HairpinMode = "hairpin-veth" HairpinNone HairpinMode = "none" )
type HairpinModeValue ¶ added in v0.2.2
type HairpinModeValue struct {
// contains filtered or unexported fields
}
HairpinModeValue implements pflag's Value interface
var HairpinModeVar HairpinModeValue
HairpinModeVar contains the value of the hairpin-mode flag
func (*HairpinModeValue) Mode ¶ added in v0.2.2
func (h *HairpinModeValue) Mode() HairpinMode
func (*HairpinModeValue) Set ¶ added in v0.2.2
func (h *HairpinModeValue) Set(mode string) error
func (*HairpinModeValue) String ¶ added in v0.2.2
func (h *HairpinModeValue) String() string
func (*HairpinModeValue) Type ¶ added in v0.2.2
func (h *HairpinModeValue) Type() string
type NetworkPluginSettings ¶
type NetworkPluginSettings struct { // HairpinMode is best described by comments surrounding the kubelet arg HairpinMode HairpinMode // NonMasqueradeCIDR is the range of ips which should *not* be included // in any MASQUERADE rules applied by the plugin NonMasqueradeCIDR string // PluginName is the name of the plugin, runtime shim probes for PluginName string // PluginBinDirString is a list of directories delimited by commas, in // which the binaries for the plugin with PluginName may be found. PluginBinDirString string // PluginBinDirs is an array of directories in which the binaries for // the plugin with PluginName may be found. The admin is responsible for // provisioning these binaries before-hand. PluginBinDirs []string // PluginConfDir is the directory in which the admin places a CNI conf. // Depending on the plugin, this may be an optional field, eg: kubenet // generates its own plugin conf. PluginConfDir string // PluginCacheDir is the directory in which CNI should store cache files. PluginCacheDir string // MTU is the desired MTU for network devices created by the plugin. MTU int }
NetworkPluginSettings is the subset of kubelet runtime args we pass to the container runtime so it can probe for network plugins. In the future we will feed these directly to a standalone container runtime process.w
type OSInterface ¶
type OSInterface interface { MkdirAll(path string, perm os.FileMode) error Symlink(oldname string, newname string) error Stat(path string) (os.FileInfo, error) Remove(path string) error RemoveAll(path string) error Create(path string) (*os.File, error) Chmod(path string, perm os.FileMode) error Hostname() (name string, err error) Chtimes(path string, atime time.Time, mtime time.Time) error Pipe() (r *os.File, w *os.File, err error) ReadDir(dirname string) ([]os.DirEntry, error) Glob(pattern string) ([]string, error) Open(name string) (*os.File, error) OpenFile(name string, flag int, perm os.FileMode) (*os.File, error) Rename(oldpath, newpath string) error }
OSInterface collects system level operations that need to be mocked out during tests.
type PortMapping ¶
type PortMapping struct { // Protocol of the port mapping. Protocol *Protocol `json:"protocol,omitempty"` // Port number within the container. ContainerPort *int32 `json:"container_port,omitempty"` // Port number on the host. HostPort *int32 `json:"host_port,omitempty"` // Host ip to expose. HostIP string `json:"host_ip,omitempty"` }
PortMapping is the port mapping configurations of a sandbox.
type RealOS ¶
type RealOS struct{}
RealOS is used to dispatch the real system level operations.
func (RealOS) Glob ¶
Glob will call filepath.Glob to return the names of all files matching pattern.