Documentation ¶
Index ¶
- Constants
- type Config
- type ContainerServer
- func (c *ContainerServer) AddContainer(ctr *oci.Container)
- func (c *ContainerServer) AddHook(hookPath string)
- func (c *ContainerServer) AddInfraContainer(ctr *oci.Container)
- func (c *ContainerServer) AddSandbox(sb *sandbox.Sandbox)
- func (c *ContainerServer) Config() *Config
- func (c *ContainerServer) ContainerKill(container string, killSignal syscall.Signal) (string, error)
- func (c *ContainerServer) ContainerPause(container string) (string, error)
- func (c *ContainerServer) ContainerRename(container, name string) error
- func (c *ContainerServer) ContainerStateFromDisk(ctr *oci.Container) error
- func (c *ContainerServer) ContainerStateToDisk(ctr *oci.Container) error
- func (c *ContainerServer) ContainerStop(ctx context.Context, container string, timeout int64) (string, error)
- func (c *ContainerServer) ContainerUnpause(container string) (string, error)
- func (c *ContainerServer) ContainerWait(container string) (int32, error)
- func (c *ContainerServer) CtrIDIndex() *truncindex.TruncIndex
- func (c *ContainerServer) CtrNameIndex() *registrar.Registrar
- func (c *ContainerServer) GetContainer(id string) *oci.Container
- func (c *ContainerServer) GetContainerFromShortID(cid string) (*oci.Container, error)
- func (c *ContainerServer) GetContainerRootFsSize(containerID string) (int64, error)
- func (c *ContainerServer) GetContainerRwSize(containerID string) (int64, error)
- func (c *ContainerServer) GetContainerStats(ctr *oci.Container, previousStats *ContainerStats) (*ContainerStats, error)
- func (c *ContainerServer) GetContainerTopLayerID(containerID string) (string, error)
- func (c *ContainerServer) GetInfraContainer(id string) *oci.Container
- func (c *ContainerServer) GetLogs(container string, logChan chan string, opts LogOptions) error
- func (c *ContainerServer) GetSandbox(id string) *sandbox.Sandbox
- func (c *ContainerServer) GetSandboxContainer(id string) *oci.Container
- func (c *ContainerServer) GetStorageContainer(container string) (*cstorage.Container, error)
- func (c *ContainerServer) HasContainer(id string) bool
- func (c *ContainerServer) HasSandbox(id string) bool
- func (c *ContainerServer) Hooks() map[string]HookParams
- func (c *ContainerServer) ImageContext() *types.SystemContext
- func (c *ContainerServer) ListContainers(filters ...func(*oci.Container) bool) ([]*oci.Container, error)
- func (c *ContainerServer) ListSandboxes() []*sandbox.Sandbox
- func (c *ContainerServer) LoadContainer(id string) error
- func (c *ContainerServer) LoadSandbox(id string) error
- func (c *ContainerServer) LookupContainer(idOrName string) (*oci.Container, error)
- func (c *ContainerServer) LookupSandbox(idOrName string) (*sandbox.Sandbox, error)
- func (c *ContainerServer) PodIDIndex() *truncindex.TruncIndex
- func (c *ContainerServer) PodNameIndex() *registrar.Registrar
- func (c *ContainerServer) ReleaseContainerName(name string)
- func (c *ContainerServer) ReleasePodName(name string)
- func (c *ContainerServer) Remove(ctx context.Context, container string, force bool) (string, error)
- func (c *ContainerServer) RemoveContainer(ctr *oci.Container)
- func (c *ContainerServer) RemoveHook(hook string)
- func (c *ContainerServer) RemoveInfraContainer(ctr *oci.Container)
- func (c *ContainerServer) RemoveSandbox(id string)
- func (c *ContainerServer) ReserveContainerName(id, name string) (string, error)
- func (c *ContainerServer) ReservePodName(id, name string) (string, error)
- func (c *ContainerServer) Runtime() *oci.Runtime
- func (c *ContainerServer) Shutdown() error
- func (c *ContainerServer) StorageImageServer() storage.ImageServer
- func (c *ContainerServer) StorageRuntimeServer() storage.RuntimeServer
- func (c *ContainerServer) Store() cstorage.Store
- func (c *ContainerServer) Update() error
- type ContainerStats
- type HookParams
- type ImageConfig
- type ImageVolumesType
- type LogOptions
- type NetworkConfig
- type RootConfig
- type RuntimeConfig
Constants ¶
const ( // DefaultPidsLimit is the default value for maximum number of processes // allowed inside a container DefaultPidsLimit = 1024 // DefaultLogSizeMax is the default value for the maximum log size // allowed for a container. Negative values mean that no limit is imposed. DefaultLogSizeMax = -1 )
const ( // DefaultHooksDirPath Default directory containing hooks config files DefaultHooksDirPath = "/usr/share/containers/oci/hooks.d" // OverrideHooksDirPath Directory where admin can override the default configuration OverrideHooksDirPath = "/etc/containers/oci/hooks.d" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { RootConfig RuntimeConfig ImageConfig NetworkConfig }
Config represents the entire set of configuration values that can be set for the server. This is intended to be loaded from a toml-encoded config file.
func DefaultConfig ¶
func DefaultConfig() *Config
DefaultConfig returns the default configuration for crio.
func (*Config) ToFile ¶
ToFile outputs the given Config as a TOML-encoded file at the given path. Returns errors encountered when generating or writing the file, or nil otherwise.
func (*Config) UpdateFromFile ¶
UpdateFromFile populates the Config from the TOML-encoded file at the given path. Returns errors encountered when reading or parsing the files, or nil otherwise.
type ContainerServer ¶
type ContainerServer struct {
// contains filtered or unexported fields
}
ContainerServer implements the ImageServer
func New ¶
func New(config *Config) (*ContainerServer, error)
New creates a new ContainerServer with options provided
func (*ContainerServer) AddContainer ¶
func (c *ContainerServer) AddContainer(ctr *oci.Container)
AddContainer adds a container to the container state store
func (*ContainerServer) AddHook ¶ added in v1.10.0
func (c *ContainerServer) AddHook(hookPath string)
AddHook adds an hook by hook's path
func (*ContainerServer) AddInfraContainer ¶
func (c *ContainerServer) AddInfraContainer(ctr *oci.Container)
AddInfraContainer adds a container to the container state store
func (*ContainerServer) AddSandbox ¶
func (c *ContainerServer) AddSandbox(sb *sandbox.Sandbox)
AddSandbox adds a sandbox to the sandbox state store
func (*ContainerServer) Config ¶
func (c *ContainerServer) Config() *Config
Config gets the configuration for the ContainerServer
func (*ContainerServer) ContainerKill ¶
func (c *ContainerServer) ContainerKill(container string, killSignal syscall.Signal) (string, error)
ContainerKill sends the user provided signal to the containers primary process.
func (*ContainerServer) ContainerPause ¶
func (c *ContainerServer) ContainerPause(container string) (string, error)
ContainerPause pauses a running container.
func (*ContainerServer) ContainerRename ¶
func (c *ContainerServer) ContainerRename(container, name string) error
ContainerRename renames the given container
func (*ContainerServer) ContainerStateFromDisk ¶
func (c *ContainerServer) ContainerStateFromDisk(ctr *oci.Container) error
ContainerStateFromDisk retrieves information on the state of a running container from the disk
func (*ContainerServer) ContainerStateToDisk ¶
func (c *ContainerServer) ContainerStateToDisk(ctr *oci.Container) error
ContainerStateToDisk writes the container's state information to a JSON file on disk
func (*ContainerServer) ContainerStop ¶
func (c *ContainerServer) ContainerStop(ctx context.Context, container string, timeout int64) (string, error)
ContainerStop stops a running container with a grace period (i.e., timeout).
func (*ContainerServer) ContainerUnpause ¶
func (c *ContainerServer) ContainerUnpause(container string) (string, error)
ContainerUnpause unpauses a running container with a grace period (i.e., timeout).
func (*ContainerServer) ContainerWait ¶
func (c *ContainerServer) ContainerWait(container string) (int32, error)
ContainerWait stops a running container with a grace period (i.e., timeout).
func (*ContainerServer) CtrIDIndex ¶
func (c *ContainerServer) CtrIDIndex() *truncindex.TruncIndex
CtrIDIndex returns the TruncIndex for the ContainerServer
func (*ContainerServer) CtrNameIndex ¶
func (c *ContainerServer) CtrNameIndex() *registrar.Registrar
CtrNameIndex returns the Registrar for the ContainerServer
func (*ContainerServer) GetContainer ¶
func (c *ContainerServer) GetContainer(id string) *oci.Container
GetContainer returns a container by its ID
func (*ContainerServer) GetContainerFromShortID ¶ added in v1.10.0
func (c *ContainerServer) GetContainerFromShortID(cid string) (*oci.Container, error)
GetContainerFromShortID gets an oci container matching the specified full or partial id
func (*ContainerServer) GetContainerRootFsSize ¶
func (c *ContainerServer) GetContainerRootFsSize(containerID string) (int64, error)
GetContainerRootFsSize gets the size of the container's root filesystem A container FS is split into two parts. The first is the top layer, a mutable layer, and the rest is the RootFS: the set of immutable layers that make up the image on which the container is based
func (*ContainerServer) GetContainerRwSize ¶
func (c *ContainerServer) GetContainerRwSize(containerID string) (int64, error)
GetContainerRwSize Gets the size of the mutable top layer of the container
func (*ContainerServer) GetContainerStats ¶
func (c *ContainerServer) GetContainerStats(ctr *oci.Container, previousStats *ContainerStats) (*ContainerStats, error)
GetContainerStats gets the running stats for a given container
func (*ContainerServer) GetContainerTopLayerID ¶
func (c *ContainerServer) GetContainerTopLayerID(containerID string) (string, error)
GetContainerTopLayerID gets the ID of the top layer of the given container
func (*ContainerServer) GetInfraContainer ¶
func (c *ContainerServer) GetInfraContainer(id string) *oci.Container
GetInfraContainer returns a container by its ID
func (*ContainerServer) GetLogs ¶
func (c *ContainerServer) GetLogs(container string, logChan chan string, opts LogOptions) error
GetLogs gets each line of a log file and, if it matches the criteria in logOptions, sends it down logChan
func (*ContainerServer) GetSandbox ¶
func (c *ContainerServer) GetSandbox(id string) *sandbox.Sandbox
GetSandbox returns a sandbox by its ID
func (*ContainerServer) GetSandboxContainer ¶
func (c *ContainerServer) GetSandboxContainer(id string) *oci.Container
GetSandboxContainer returns a sandbox's infra container
func (*ContainerServer) GetStorageContainer ¶
func (c *ContainerServer) GetStorageContainer(container string) (*cstorage.Container, error)
GetStorageContainer searches for a container with the given name or ID in the given store
func (*ContainerServer) HasContainer ¶
func (c *ContainerServer) HasContainer(id string) bool
HasContainer checks if a container exists in the state
func (*ContainerServer) HasSandbox ¶
func (c *ContainerServer) HasSandbox(id string) bool
HasSandbox checks if a sandbox exists in the state
func (*ContainerServer) Hooks ¶
func (c *ContainerServer) Hooks() map[string]HookParams
Hooks returns the oci hooks for the ContainerServer
func (*ContainerServer) ImageContext ¶
func (c *ContainerServer) ImageContext() *types.SystemContext
ImageContext returns the SystemContext for the ContainerServer
func (*ContainerServer) ListContainers ¶
func (c *ContainerServer) ListContainers(filters ...func(*oci.Container) bool) ([]*oci.Container, error)
ListContainers returns a list of all containers stored by the server state that match the given filter function
func (*ContainerServer) ListSandboxes ¶
func (c *ContainerServer) ListSandboxes() []*sandbox.Sandbox
ListSandboxes lists all sandboxes in the state store
func (*ContainerServer) LoadContainer ¶
func (c *ContainerServer) LoadContainer(id string) error
LoadContainer loads a container from the disk into the container store
func (*ContainerServer) LoadSandbox ¶
func (c *ContainerServer) LoadSandbox(id string) error
LoadSandbox loads a sandbox from the disk into the sandbox store
func (*ContainerServer) LookupContainer ¶
func (c *ContainerServer) LookupContainer(idOrName string) (*oci.Container, error)
LookupContainer returns the container with the given name or full or partial id
func (*ContainerServer) LookupSandbox ¶
func (c *ContainerServer) LookupSandbox(idOrName string) (*sandbox.Sandbox, error)
LookupSandbox returns the pod sandbox with the given name or full or partial id
func (*ContainerServer) PodIDIndex ¶
func (c *ContainerServer) PodIDIndex() *truncindex.TruncIndex
PodIDIndex returns the index of pod IDs
func (*ContainerServer) PodNameIndex ¶
func (c *ContainerServer) PodNameIndex() *registrar.Registrar
PodNameIndex returns the index of pod names
func (*ContainerServer) ReleaseContainerName ¶
func (c *ContainerServer) ReleaseContainerName(name string)
ReleaseContainerName releases a container name from the index so that it can be used by other containers
func (*ContainerServer) ReleasePodName ¶
func (c *ContainerServer) ReleasePodName(name string)
ReleasePodName releases a pod name from the index so it can be used by other pods
func (*ContainerServer) RemoveContainer ¶
func (c *ContainerServer) RemoveContainer(ctr *oci.Container)
RemoveContainer removes a container from the container state store
func (*ContainerServer) RemoveHook ¶ added in v1.10.0
func (c *ContainerServer) RemoveHook(hook string)
RemoveHook removes an hook by name
func (*ContainerServer) RemoveInfraContainer ¶
func (c *ContainerServer) RemoveInfraContainer(ctr *oci.Container)
RemoveInfraContainer removes a container from the container state store
func (*ContainerServer) RemoveSandbox ¶
func (c *ContainerServer) RemoveSandbox(id string)
RemoveSandbox removes a sandbox from the state store
func (*ContainerServer) ReserveContainerName ¶
func (c *ContainerServer) ReserveContainerName(id, name string) (string, error)
ReserveContainerName holds a name for a container that is being created
func (*ContainerServer) ReservePodName ¶
func (c *ContainerServer) ReservePodName(id, name string) (string, error)
ReservePodName holds a name for a pod that is being created
func (*ContainerServer) Runtime ¶
func (c *ContainerServer) Runtime() *oci.Runtime
Runtime returns the oci runtime for the ContainerServer
func (*ContainerServer) Shutdown ¶
func (c *ContainerServer) Shutdown() error
Shutdown attempts to shut down the server's storage cleanly
func (*ContainerServer) StorageImageServer ¶
func (c *ContainerServer) StorageImageServer() storage.ImageServer
StorageImageServer returns the ImageServer for the ContainerServer
func (*ContainerServer) StorageRuntimeServer ¶
func (c *ContainerServer) StorageRuntimeServer() storage.RuntimeServer
StorageRuntimeServer gets the runtime server for the ContainerServer
func (*ContainerServer) Store ¶
func (c *ContainerServer) Store() cstorage.Store
Store returns the Store for the ContainerServer
func (*ContainerServer) Update ¶
func (c *ContainerServer) Update() error
Update makes changes to the server's state (lists of pods and containers) to reflect the list of pods and containers that are stored on disk, possibly having been modified by other parties
type ContainerStats ¶
type ContainerStats struct { Container string CPU float64 CPUNano uint64 SystemNano int64 MemUsage uint64 MemLimit uint64 MemPerc float64 NetInput uint64 NetOutput uint64 BlockInput uint64 BlockOutput uint64 PIDs uint64 }
ContainerStats contains the statistics information for a running container
type HookParams ¶
type HookParams struct { Hook string `json:"hook"` Stage []string `json:"stage"` Cmds []string `json:"cmd"` Annotations []string `json:"annotation"` HasBindMounts bool `json:"hasbindmounts"` Arguments []string `json:"arguments"` }
HookParams is the structure returned from read the hooks configuration
type ImageConfig ¶
type ImageConfig struct { // DefaultTransport is a value we prefix to image names that fail to // validate source references. DefaultTransport string `toml:"default_transport"` // PauseImage is the name of an image which we use to instantiate infra // containers. PauseImage string `toml:"pause_image"` // PauseCommand is the path of the binary we run in an infra // container that's been instantiated using PauseImage. PauseCommand string `toml:"pause_command"` // SignaturePolicyPath is the name of the file which decides what sort // of policy we use when deciding whether or not to trust an image that // we've pulled. Outside of testing situations, it is strongly advised // that this be left unspecified so that the default system-wide policy // will be used. SignaturePolicyPath string `toml:"signature_policy"` // InsecureRegistries is a list of registries that must be contacted w/o // TLS verification. InsecureRegistries []string `toml:"insecure_registries"` // ImageVolumes controls how volumes specified in image config are handled ImageVolumes ImageVolumesType `toml:"image_volumes"` // Registries holds a list of registries used to pull unqualified images Registries []string `toml:"registries"` }
ImageConfig represents the "crio.image" TOML config table.
type ImageVolumesType ¶
type ImageVolumesType string
ImageVolumesType describes image volume handling strategies
const ( // ImageVolumesMkdir option is for using mkdir to handle image volumes ImageVolumesMkdir ImageVolumesType = "mkdir" // ImageVolumesIgnore option is for ignoring image volumes altogether ImageVolumesIgnore ImageVolumesType = "ignore" // ImageVolumesBind option is for using bind mounted volumes ImageVolumesBind ImageVolumesType = "bind" )
type LogOptions ¶
LogOptions contains all of the options for displaying logs in podman
type NetworkConfig ¶
type NetworkConfig struct { // NetworkDir is where CNI network configuration files are stored. NetworkDir string `toml:"network_dir"` // PluginDir is where CNI plugin binaries are stored. PluginDir string `toml:"plugin_dir"` }
NetworkConfig represents the "crio.network" TOML config table
type RootConfig ¶
type RootConfig struct { // Root is a path to the "root directory" where data not // explicitly handled by other options will be stored. Root string `toml:"root"` // RunRoot is a path to the "run directory" where state information not // explicitly handled by other options will be stored. RunRoot string `toml:"runroot"` // Storage is the name of the storage driver which handles actually // storing the contents of containers. Storage string `toml:"storage_driver"` // StorageOption is a list of storage driver specific options. StorageOptions []string `toml:"storage_option"` // LogDir is the default log directory were all logs will go unless kubelet // tells us to put them somewhere else. LogDir string `toml:"log_dir"` // FileLocking specifies whether to use file-based or in-memory locking // File-based locking is required when multiple users of lib are // present on the same system FileLocking bool `toml:"file_locking"` }
RootConfig represents the root of the "crio" TOML config table.
type RuntimeConfig ¶
type RuntimeConfig struct { // Runtime is the OCI compatible runtime used for trusted container workloads. // This is a mandatory setting as this runtime will be the default one and // will also be used for untrusted container workloads if // RuntimeUntrustedWorkload is not set. Runtime string `toml:"runtime"` // RuntimeUntrustedWorkload is the OCI compatible runtime used for untrusted // container workloads. This is an optional setting, except if // DefaultWorkloadTrust is set to "untrusted". RuntimeUntrustedWorkload string `toml:"runtime_untrusted_workload"` // DefaultWorkloadTrust is the default level of trust crio puts in container // workloads. This can either be "trusted" or "untrusted" and the default // is "trusted" // Containers can be run through different container runtimes, depending on // the trust hints we receive from kubelet: // - If kubelet tags a container workload as untrusted, crio will try first // to run it through the untrusted container workload runtime. If it is not // set, crio will use the trusted runtime. // - If kubelet does not provide any information about the container workload trust // level, the selected runtime will depend on the DefaultWorkloadTrust setting. // If it is set to "untrusted", then all containers except for the host privileged // ones, will be run by the RuntimeUntrustedWorkload runtime. Host privileged // containers are by definition trusted and will always use the trusted container // runtime. If DefaultWorkloadTrust is set to "trusted", crio will use the trusted // container runtime for all containers. DefaultWorkloadTrust string `toml:"default_workload_trust"` // NoPivot instructs the runtime to not use `pivot_root`, but instead use `MS_MOVE` NoPivot bool `toml:"no_pivot"` // Conmon is the path to conmon binary, used for managing the runtime. Conmon string `toml:"conmon"` // ConmonEnv is the environment variable list for conmon process. ConmonEnv []string `toml:"conmon_env"` // SELinux determines whether or not SELinux is used for pod separation. SELinux bool `toml:"selinux"` // SeccompProfile is the seccomp json profile path which is used as the // default for the runtime. SeccompProfile string `toml:"seccomp_profile"` // ApparmorProfile is the apparmor profile name which is used as the // default for the runtime. ApparmorProfile string `toml:"apparmor_profile"` // CgroupManager is the manager implementation name which is used to // handle cgroups for containers. CgroupManager string `toml:"cgroup_manager"` // HooksDirPath location of oci hooks config files HooksDirPath string `toml:"hooks_dir_path"` // DefaultMounts is the list of mounts to be mounted for each container // The format of each mount is "host-path:container-path" DefaultMounts []string `toml:"default_mounts"` // Hooks List of hooks to run with container Hooks map[string]HookParams // PidsLimit is the number of processes each container is restricted to // by the cgroup process number controller. PidsLimit int64 `toml:"pids_limit"` // LogSizeMax is the maximum number of bytes after which the log file // will be truncated. It can be expressed as a human-friendly string // that is parsed to bytes. // Negative values indicate that the log file won't be truncated. LogSizeMax int64 `toml:"log_size_max"` // ContainerExitsDir is the directory in which container exit files are // written to by conmon. ContainerExitsDir string `toml:"container_exits_dir"` // ManageNetworkNSLifecycle determines whether we pin and remove network namespace // and manage its lifecycle ManageNetworkNSLifecycle bool `toml:"manage_network_ns_lifecycle"` }
RuntimeConfig represents the "crio.runtime" TOML config table.