createconfig

package
v2.0.6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 1, 2020 License: Apache-2.0 Imports: 37 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// TypeBind is the type for mounting host dir
	TypeBind = "bind"
	// TypeVolume is the type for named volumes
	TypeVolume = "volume"
	// TypeTmpfs is the type for mounting tmpfs
	TypeTmpfs = "tmpfs"
)
View Source
const CpuPeriod = 100000
View Source
const DefaultKernelNamespaces = "cgroup,ipc,net,uts"

DefaultKernelNamespaces is a comma-separated list of default kernel namespaces.

View Source
const Pod = "pod"

Pod signifies a kernel namespace is being shared by a container with the pod it is associated with

Variables

This section is empty.

Functions

func AddPrivilegedDevices

func AddPrivilegedDevices(g *generate.Generator) error

AddPrivilegedDevices iterates through host devices and adds all host devices to the spec

func BlockAccessToKernelFilesystems

func BlockAccessToKernelFilesystems(privileged, pidModeIsHost bool, g *generate.Generator)

func CreateContainerFromCreateConfig

func CreateContainerFromCreateConfig(ctx context.Context, r *libpod.Runtime, createConfig *CreateConfig, pod *libpod.Pod) (*libpod.Container, error)

func CreatePortBinding

func CreatePortBinding(hostPort int, hostIP string) []nat.PortBinding

CreatePortBinding takes port (int) and IP (string) and creates an array of portbinding structs

func Device

func Device(d *configs.Device) spec.LinuxDevice

Device transforms a libcontainer configs.Device to a specs.LinuxDevice object.

func DevicesFromPath

func DevicesFromPath(g *generate.Generator, devicePath string) error

DevicesFromPath computes a list of devices

func ExposedPorts

func ExposedPorts(expose, publish []string, publishAll bool, imageExposedPorts map[string]struct{}) (map[nat.Port][]nat.PortBinding, error)

ExposedPorts parses user and image ports and returns binding information

func GetAvailableGids

func GetAvailableGids() (int64, error)

func GetStatFromPath

func GetStatFromPath(path string) (unix.Stat_t, error)

func InitFSMounts

func InitFSMounts(mounts []spec.Mount) error

Ensure mount options on all mounts are correct

func IsNS

func IsNS(s string) bool

IsNS returns if the specified string has a ns: prefix

func IsPod

func IsPod(s string) bool

IsPod returns if the specified string is pod

func IsValidDeviceMode

func IsValidDeviceMode(mode string) bool

IsValidDeviceMode checks if the mode for device is valid or not. IsValid mode is a composition of r (read), w (write), and m (mknod).

func NS

func NS(s string) string

NS is the path to the namespace to join.

func NatToOCIPortBindings

func NatToOCIPortBindings(ports nat.PortMap) ([]ocicni.PortMapping, error)

NatToOCIPortBindings iterates a nat.portmap slice and creates []ocicni portmapping slice

func ParseDevice

func ParseDevice(device string) (string, string, string, error)

ParseDevice parses device mapping string to a src, dest & permissions string

func SupercedeUserMounts

func SupercedeUserMounts(mounts []spec.Mount, configMount []spec.Mount) []spec.Mount

Supersede existing mounts in the spec with new, user-specified mounts. TODO: Should we unmount subtree mounts? E.g., if /tmp/ is mounted by one mount, and we already have /tmp/a and /tmp/b, should we remove the /tmp/a and /tmp/b mounts in favor of the more general /tmp?

func Valid

func Valid(s string, ns LinuxNS) bool

Valid checks the validity of a linux namespace s should be the string representation of ns

func ValidateweightDevice

func ValidateweightDevice(val string) (*weightDevice, error)

ValidateweightDevice validates that the specified string has a valid device-weight format for blkio-weight-device flag

Types

type CgroupConfig

type CgroupConfig struct {
	Cgroups      string
	Cgroupns     string
	CgroupParent string                // cgroup-parent
	CgroupMode   namespaces.CgroupMode //cgroup
}

CgroupConfig configures the cgroup namespace for the container

func (*CgroupConfig) ConfigureGenerator

func (c *CgroupConfig) ConfigureGenerator(g *generate.Generator) error

ConfigureGenerator configures the generator according to the current state of the CgroupConfig.

func (*CgroupConfig) ToCreateOptions

func (c *CgroupConfig) ToCreateOptions(runtime *libpod.Runtime) ([]libpod.CtrCreateOption, error)

ToCreateOptions converts the input to container create options.

type CreateConfig

type CreateConfig struct {
	Annotations       map[string]string
	Args              []string
	CidFile           string
	ConmonPidFile     string
	Command           []string          // Full command that will be used
	UserCommand       []string          // User-entered command (or image CMD)
	Detach            bool              // detach
	Devices           []string          // device
	Entrypoint        []string          //entrypoint
	Env               map[string]string //env
	HealthCheck       *manifest.Schema2HealthConfig
	Init              bool   // init
	InitPath          string //init-path
	Image             string
	ImageID           string
	RawImageName      string
	BuiltinImgVolumes map[string]struct{} // volumes defined in the image config
	ImageVolumeType   string              // how to handle the image volume, either bind, tmpfs, or ignore
	Interactive       bool                //interactive
	Labels            map[string]string   //label
	LogDriver         string              // log-driver
	LogDriverOpt      []string            // log-opt
	Name              string              //name
	PodmanPath        string
	Pod               string //pod
	Quiet             bool   //quiet
	Resources         CreateResourceConfig
	RestartPolicy     string
	Rm                bool           //rm
	Rmi               bool           //rmi
	StopSignal        syscall.Signal // stop-signal
	StopTimeout       uint           // stop-timeout
	Systemd           bool
	Tmpfs             []string // tmpfs
	Tty               bool     //tty
	Mounts            []spec.Mount
	MountsFlag        []string // mounts
	NamedVolumes      []*libpod.ContainerNamedVolume
	Volumes           []string //volume
	VolumesFrom       []string
	WorkDir           string //workdir
	Rootfs            string
	Security          SecurityConfig
	Syslog            bool // Whether to enable syslog on exit commands

	// Namespaces
	Pid     PidConfig
	Ipc     IpcConfig
	Cgroup  CgroupConfig
	User    UserConfig
	Uts     UtsConfig
	Network NetworkConfig
}

CreateConfig is a pre OCI spec structure. It represents user input from varlink or the CLI swagger:model CreateConfig

func (*CreateConfig) CreateBlockIO

func (c *CreateConfig) CreateBlockIO() (*spec.LinuxBlockIO, error)

CreateBlockIO returns a LinuxBlockIO struct from a CreateConfig

func (*CreateConfig) MakeContainerConfig

func (config *CreateConfig) MakeContainerConfig(runtime *libpod.Runtime, pod *libpod.Pod) (*spec.Spec, []libpod.CtrCreateOption, error)

MakeContainerConfig generates all configuration necessary to start a container with libpod from a completed CreateConfig struct.

type CreateResourceConfig

type CreateResourceConfig struct {
	BlkioWeight       uint16   // blkio-weight
	BlkioWeightDevice []string // blkio-weight-device
	CPUPeriod         uint64   // cpu-period
	CPUQuota          int64    // cpu-quota
	CPURtPeriod       uint64   // cpu-rt-period
	CPURtRuntime      int64    // cpu-rt-runtime
	CPUShares         uint64   // cpu-shares
	CPUs              float64  // cpus
	CPUsetCPUs        string
	CPUsetMems        string   // cpuset-mems
	DeviceCgroupRules []string //device-cgroup-rule
	DeviceReadBps     []string // device-read-bps
	DeviceReadIOps    []string // device-read-iops
	DeviceWriteBps    []string // device-write-bps
	DeviceWriteIOps   []string // device-write-iops
	DisableOomKiller  bool     // oom-kill-disable
	KernelMemory      int64    // kernel-memory
	Memory            int64    //memory
	MemoryReservation int64    // memory-reservation
	MemorySwap        int64    //memory-swap
	MemorySwappiness  int      // memory-swappiness
	OomScoreAdj       int      //oom-score-adj
	PidsLimit         int64    // pids-limit
	ShmSize           int64
	Ulimit            []string //ulimit
}

CreateResourceConfig represents resource elements in CreateConfig structures

type IpcConfig

type IpcConfig struct {
	IpcMode namespaces.IpcMode //ipc
}

IpcConfig configures the ipc namespace for the container

func (*IpcConfig) ConfigureGenerator

func (c *IpcConfig) ConfigureGenerator(g *generate.Generator) error

ConfigureGenerator configures the generator according to the current state of the IpcConfig.

func (*IpcConfig) ToCreateOptions

func (c *IpcConfig) ToCreateOptions(runtime *libpod.Runtime) ([]libpod.CtrCreateOption, error)

ToCreateOptions converts the input to container create options.

type LinuxNS

type LinuxNS interface {
	Valid() bool
}

LinuxNS is a struct that contains namespace information It implemented Valid to show it is a valid namespace

type NetworkConfig

type NetworkConfig struct {
	DNSOpt       []string //dns-opt
	DNSSearch    []string //dns-search
	DNSServers   []string //dns
	ExposedPorts map[nat.Port]struct{}
	HTTPProxy    bool
	IP6Address   string                 //ipv6
	IPAddress    string                 //ip
	LinkLocalIP  []string               // link-local-ip
	MacAddress   string                 //mac-address
	NetMode      namespaces.NetworkMode //net
	Network      string                 //network
	NetworkAlias []string               //network-alias
	PortBindings nat.PortMap
	Publish      []string //publish
	PublishAll   bool     //publish-all
}

NetworkConfig configures the network namespace for the container

func (*NetworkConfig) ConfigureGenerator

func (c *NetworkConfig) ConfigureGenerator(g *generate.Generator) error

ConfigureGenerator configures the generator based according to the current state of the NetworkConfig.

func (*NetworkConfig) ToCreateOptions

func (c *NetworkConfig) ToCreateOptions(runtime *libpod.Runtime, userns *UserConfig) ([]libpod.CtrCreateOption, error)

ToCreateOptions converts the input to a slice of container create options.

type PidConfig

type PidConfig struct {
	PidMode namespaces.PidMode //pid
}

PidConfig configures the pid namespace for the container

func (*PidConfig) ConfigureGenerator

func (c *PidConfig) ConfigureGenerator(g *generate.Generator) error

ConfigureGenerator configures the generator according to the current state of the PidConfig.

func (*PidConfig) ToCreateOptions

func (c *PidConfig) ToCreateOptions(runtime *libpod.Runtime) ([]libpod.CtrCreateOption, error)

ToCreateOptions converts the input to container create options.

type SecurityConfig

type SecurityConfig struct {
	CapAdd                  []string // cap-add
	CapDrop                 []string // cap-drop
	CapRequired             []string // cap-required
	LabelOpts               []string //SecurityOpts
	NoNewPrivs              bool     //SecurityOpts
	ApparmorProfile         string   //SecurityOpts
	SeccompProfilePath      string   //SecurityOpts
	SeccompProfileFromImage string   // seccomp profile from the container image
	SeccompPolicy           seccomp.Policy
	SecurityOpts            []string
	Privileged              bool              //privileged
	ReadOnlyRootfs          bool              //read-only
	ReadOnlyTmpfs           bool              //read-only-tmpfs
	Sysctl                  map[string]string //sysctl
}

SecurityConfig configures the security features for the container

func (*SecurityConfig) ConfigureGenerator

func (c *SecurityConfig) ConfigureGenerator(g *generate.Generator, user *UserConfig) error

ConfigureGenerator configures the generator according to the input.

func (*SecurityConfig) SetLabelOpts

func (c *SecurityConfig) SetLabelOpts(runtime *libpod.Runtime, pidConfig *PidConfig, ipcConfig *IpcConfig) error

SetLabelOpts sets the label options of the SecurityConfig according to the input.

func (*SecurityConfig) SetSecurityOpts

func (c *SecurityConfig) SetSecurityOpts(runtime *libpod.Runtime, securityOpts []string) error

SetSecurityOpts the the security options (labels, apparmor, seccomp, etc.).

func (*SecurityConfig) ToCreateOptions

func (c *SecurityConfig) ToCreateOptions() ([]libpod.CtrCreateOption, error)

ToCreateOptions convert the SecurityConfig to a slice of container create options.

type UserConfig

type UserConfig struct {
	GroupAdd   []string // group-add
	IDMappings *storage.IDMappingOptions
	UsernsMode namespaces.UsernsMode //userns
	User       string                //user
}

UserConfig configures the user namespace for the container

func (*UserConfig) ConfigureGenerator

func (c *UserConfig) ConfigureGenerator(g *generate.Generator) error

ConfigureGenerator configures the generator according to the current state of the UserConfig.

func (*UserConfig) InNS

func (c *UserConfig) InNS(isRootless bool) bool

InNS returns true if the UserConfig indicates to be in a dedicated user namespace.

func (*UserConfig) ToCreateOptions

func (c *UserConfig) ToCreateOptions(runtime *libpod.Runtime) ([]libpod.CtrCreateOption, error)

ToCreateOptions converts the input to container create options.

type UtsConfig

type UtsConfig struct {
	UtsMode  namespaces.UTSMode //uts
	NoHosts  bool
	HostAdd  []string //add-host
	Hostname string
}

UtsConfig configures the uts namespace for the container

func (*UtsConfig) ConfigureGenerator

func (c *UtsConfig) ConfigureGenerator(g *generate.Generator, net *NetworkConfig, runtime *libpod.Runtime) error

ConfigureGenerator configures the generator according to the current state of the UtsConfig.

func (*UtsConfig) ToCreateOptions

func (c *UtsConfig) ToCreateOptions(runtime *libpod.Runtime, pod *libpod.Pod) ([]libpod.CtrCreateOption, error)

ToCreateOptions converts the input to container create options.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL