Documentation ¶
Index ¶
- Constants
- func CreatePortBinding(hostPort int, hostIP string) []nat.PortBinding
- func Device(d *configs.Device) spec.LinuxDevice
- func ExposedPorts(expose, publish []string, publishAll bool, ...) (map[nat.Port][]nat.PortBinding, error)
- func IsNS(s string) bool
- func IsPod(s string) bool
- func IsValidDeviceMode(mode string) bool
- func NS(s string) string
- func NatToOCIPortBindings(ports nat.PortMap) ([]ocicni.PortMapping, error)
- func ParseDevice(device string) (string, string, string, error)
- func Valid(s string, ns LinuxNS) bool
- type CgroupConfig
- type CreateConfig
- type CreateResourceConfig
- type IpcConfig
- type LinuxNS
- type NetworkConfig
- type PidConfig
- type SeccompPolicy
- type SecurityConfig
- func (c *SecurityConfig) ConfigureGenerator(g *generate.Generator, user *UserConfig) error
- func (c *SecurityConfig) SetLabelOpts(runtime *libpod.Runtime, pidConfig *PidConfig, ipcConfig *IpcConfig) error
- func (c *SecurityConfig) SetSecurityOpts(runtime *libpod.Runtime, securityOpts []string) error
- func (c *SecurityConfig) ToCreateOptions() ([]libpod.CtrCreateOption, error)
- type UserConfig
- type UtsConfig
Constants ¶
const ( // TypeBind is the type for mounting host dir TypeBind = "bind" // TypeVolume is the type for named volumes TypeVolume = "volume" // TypeTmpfs is the type for mounting tmpfs TypeTmpfs = "tmpfs" )
const Pod = "pod"
Pod signifies a kernel namespace is being shared by a container with the pod it is associated with
Variables ¶
This section is empty.
Functions ¶
func CreatePortBinding ¶
func CreatePortBinding(hostPort int, hostIP string) []nat.PortBinding
CreatePortBinding takes port (int) and IP (string) and creates an array of portbinding structs
func Device ¶
func Device(d *configs.Device) spec.LinuxDevice
Device transforms a libcontainer configs.Device to a specs.LinuxDevice object.
func ExposedPorts ¶
func ExposedPorts(expose, publish []string, publishAll bool, imageExposedPorts map[string]struct{}) (map[nat.Port][]nat.PortBinding, error)
ExposedPorts parses user and image ports and returns binding information
func IsValidDeviceMode ¶ added in v0.11.1
IsValidDeviceMode checks if the mode for device is valid or not. IsValid mode is a composition of r (read), w (write), and m (mknod).
func NatToOCIPortBindings ¶ added in v0.12.1
func NatToOCIPortBindings(ports nat.PortMap) ([]ocicni.PortMapping, error)
NatToOCIPortBindings iterates a nat.portmap slice and creates []ocicni portmapping slice
func ParseDevice ¶ added in v0.11.1
ParseDevice parses device mapping string to a src, dest & permissions string
Types ¶
type CgroupConfig ¶ added in v1.7.0
type CgroupConfig struct { Cgroups string Cgroupns string CgroupParent string // cgroup-parent CgroupMode namespaces.CgroupMode //cgroup }
CgroupConfig configures the cgroup namespace for the container
func (*CgroupConfig) ConfigureGenerator ¶ added in v1.7.0
func (c *CgroupConfig) ConfigureGenerator(g *generate.Generator) error
ConfigureGenerator configures the generator according to the current state of the CgroupConfig.
func (*CgroupConfig) ToCreateOptions ¶ added in v1.7.0
func (c *CgroupConfig) ToCreateOptions(runtime *libpod.Runtime) ([]libpod.CtrCreateOption, error)
ToCreateOptions converts the input to container create options.
type CreateConfig ¶
type CreateConfig struct { Annotations map[string]string Args []string CidFile string ConmonPidFile string Command []string // Full command that will be used UserCommand []string // User-entered command (or image CMD) Detach bool // detach Devices []string // device Entrypoint []string //entrypoint Env map[string]string //env HealthCheck *manifest.Schema2HealthConfig Init bool // init InitPath string //init-path Image string ImageID string BuiltinImgVolumes map[string]struct{} // volumes defined in the image config ImageVolumeType string // how to handle the image volume, either bind, tmpfs, or ignore Interactive bool //interactive Labels map[string]string //label LogDriver string // log-driver LogDriverOpt []string // log-opt Name string //name PodmanPath string Pod string //pod Quiet bool //quiet Resources CreateResourceConfig RestartPolicy string Rm bool //rm StopSignal syscall.Signal // stop-signal StopTimeout uint // stop-timeout Systemd bool Tmpfs []string // tmpfs Tty bool //tty Mounts []spec.Mount MountsFlag []string // mounts NamedVolumes []*libpod.ContainerNamedVolume Volumes []string //volume VolumesFrom []string WorkDir string //workdir Rootfs string Security SecurityConfig Syslog bool // Whether to enable syslog on exit commands // Namespaces Pid PidConfig Ipc IpcConfig Cgroup CgroupConfig User UserConfig Uts UtsConfig Network NetworkConfig }
CreateConfig is a pre OCI spec structure. It represents user input from varlink or the CLI
func (*CreateConfig) AddPrivilegedDevices ¶
func (c *CreateConfig) AddPrivilegedDevices(g *generate.Generator) error
AddPrivilegedDevices iterates through host devices and adds all host devices to the spec
func (*CreateConfig) CreateBlockIO ¶
func (c *CreateConfig) CreateBlockIO() (*spec.LinuxBlockIO, error)
CreateBlockIO returns a LinuxBlockIO struct from a CreateConfig
func (*CreateConfig) MakeContainerConfig ¶ added in v1.3.0
func (config *CreateConfig) MakeContainerConfig(runtime *libpod.Runtime, pod *libpod.Pod) (*spec.Spec, []libpod.CtrCreateOption, error)
MakeContainerConfig generates all configuration necessary to start a container with libpod from a completed CreateConfig struct.
type CreateResourceConfig ¶
type CreateResourceConfig struct { BlkioWeight uint16 // blkio-weight BlkioWeightDevice []string // blkio-weight-device CPUPeriod uint64 // cpu-period CPUQuota int64 // cpu-quota CPURtPeriod uint64 // cpu-rt-period CPURtRuntime int64 // cpu-rt-runtime CPUs float64 // cpus CPUsetCPUs string CPUsetMems string // cpuset-mems DeviceReadBps []string // device-read-bps DeviceReadIOps []string // device-read-iops DeviceWriteBps []string // device-write-bps DeviceWriteIOps []string // device-write-iops DisableOomKiller bool // oom-kill-disable KernelMemory int64 // kernel-memory Memory int64 //memory MemoryReservation int64 // memory-reservation MemorySwap int64 //memory-swap MemorySwappiness int // memory-swappiness OomScoreAdj int //oom-score-adj PidsLimit int64 // pids-limit ShmSize int64 Ulimit []string //ulimit }
CreateResourceConfig represents resource elements in CreateConfig structures
type IpcConfig ¶ added in v1.7.0
type IpcConfig struct {
IpcMode namespaces.IpcMode //ipc
}
IpcConfig configures the ipc namespace for the container
func (*IpcConfig) ConfigureGenerator ¶ added in v1.7.0
ConfigureGenerator configures the generator according to the current state of the IpcConfig.
func (*IpcConfig) ToCreateOptions ¶ added in v1.7.0
ToCreateOptions converts the input to container create options.
type LinuxNS ¶ added in v0.8.4
type LinuxNS interface {
Valid() bool
}
LinuxNS is a struct that contains namespace information It implemented Valid to show it is a valid namespace
type NetworkConfig ¶ added in v1.7.0
type NetworkConfig struct { DNSOpt []string //dns-opt DNSSearch []string //dns-search DNSServers []string //dns ExposedPorts map[nat.Port]struct{} HTTPProxy bool IP6Address string //ipv6 IPAddress string //ip LinkLocalIP []string // link-local-ip MacAddress string //mac-address NetMode namespaces.NetworkMode //net Network string //network NetworkAlias []string //network-alias PortBindings nat.PortMap Publish []string //publish PublishAll bool //publish-all }
NetworkConfig configures the network namespace for the container
func (*NetworkConfig) ConfigureGenerator ¶ added in v1.7.0
func (c *NetworkConfig) ConfigureGenerator(g *generate.Generator) error
ConfigureGenerator configures the generator based according to the current state of the NetworkConfig.
func (*NetworkConfig) ToCreateOptions ¶ added in v1.7.0
func (c *NetworkConfig) ToCreateOptions(runtime *libpod.Runtime, userns *UserConfig) ([]libpod.CtrCreateOption, error)
ToCreateOptions converts the input to a slice of container create options.
type PidConfig ¶ added in v1.7.0
type PidConfig struct {
PidMode namespaces.PidMode //pid
}
PidConfig configures the pid namespace for the container
func (*PidConfig) ConfigureGenerator ¶ added in v1.7.0
ConfigureGenerator configures the generator according to the current state of the PidConfig.
func (*PidConfig) ToCreateOptions ¶ added in v1.7.0
ToCreateOptions converts the input to container create options.
type SeccompPolicy ¶ added in v1.8.0
type SeccompPolicy int
SeccompPolicy determines which seccomp profile gets applied to the container.
const ( // SeccompPolicyDefault - if set use SecurityConfig.SeccompProfilePath, // otherwise use the default profile. The SeccompProfilePath might be // explicitly set by the user. SeccompPolicyDefault SeccompPolicy = iota // SeccompPolicyImage - if set use SecurityConfig.SeccompProfileFromImage, // otherwise follow SeccompPolicyDefault. SeccompPolicyImage )
func LookupSeccompPolicy ¶ added in v1.8.0
func LookupSeccompPolicy(s string) (SeccompPolicy, error)
LookupSeccompPolicy looksup the corresponding SeccompPolicy for the specified string. If none is found, an errors is returned including the list of supported policies. Note that an empty string resolved to SeccompPolicyDefault.
type SecurityConfig ¶ added in v1.7.0
type SecurityConfig struct { CapAdd []string // cap-add CapDrop []string // cap-drop LabelOpts []string //SecurityOpts NoNewPrivs bool //SecurityOpts ApparmorProfile string //SecurityOpts SeccompProfilePath string //SecurityOpts SeccompProfileFromImage string // seccomp profile from the container image SeccompPolicy SeccompPolicy SecurityOpts []string Privileged bool //privileged ReadOnlyRootfs bool //read-only ReadOnlyTmpfs bool //read-only-tmpfs Sysctl map[string]string //sysctl }
SecurityConfig configures the security features for the container
func (*SecurityConfig) ConfigureGenerator ¶ added in v1.7.0
func (c *SecurityConfig) ConfigureGenerator(g *generate.Generator, user *UserConfig) error
ConfigureGenerator configures the generator according to the input.
func (*SecurityConfig) SetLabelOpts ¶ added in v1.7.0
func (c *SecurityConfig) SetLabelOpts(runtime *libpod.Runtime, pidConfig *PidConfig, ipcConfig *IpcConfig) error
SetLabelOpts sets the label options of the SecurityConfig according to the input.
func (*SecurityConfig) SetSecurityOpts ¶ added in v1.7.0
func (c *SecurityConfig) SetSecurityOpts(runtime *libpod.Runtime, securityOpts []string) error
SetSecurityOpts the the security options (labels, apparmor, seccomp, etc.).
func (*SecurityConfig) ToCreateOptions ¶ added in v1.7.0
func (c *SecurityConfig) ToCreateOptions() ([]libpod.CtrCreateOption, error)
ToCreateOptions convert the SecurityConfig to a slice of container create options.
type UserConfig ¶ added in v1.7.0
type UserConfig struct { GroupAdd []string // group-add IDMappings *storage.IDMappingOptions UsernsMode namespaces.UsernsMode //userns User string //user }
UserConfig configures the user namespace for the container
func (*UserConfig) ConfigureGenerator ¶ added in v1.7.0
func (c *UserConfig) ConfigureGenerator(g *generate.Generator) error
ConfigureGenerator configures the generator according to the current state of the UserConfig.
func (*UserConfig) InNS ¶ added in v1.7.0
func (c *UserConfig) InNS(isRootless bool) bool
InNS returns true if the UserConfig indicates to be in a dedicated user namespace.
func (*UserConfig) ToCreateOptions ¶ added in v1.7.0
func (c *UserConfig) ToCreateOptions(runtime *libpod.Runtime) ([]libpod.CtrCreateOption, error)
ToCreateOptions converts the input to container create options.
type UtsConfig ¶ added in v1.7.0
type UtsConfig struct { UtsMode namespaces.UTSMode //uts NoHosts bool HostAdd []string //add-host Hostname string }
UtsConfig configures the uts namespace for the container
func (*UtsConfig) ConfigureGenerator ¶ added in v1.7.0
func (c *UtsConfig) ConfigureGenerator(g *generate.Generator, net *NetworkConfig, runtime *libpod.Runtime) error
ConfigureGenerator configures the generator according to the current state of the UtsConfig.
func (*UtsConfig) ToCreateOptions ¶ added in v1.7.0
func (c *UtsConfig) ToCreateOptions(runtime *libpod.Runtime, pod *libpod.Pod) ([]libpod.CtrCreateOption, error)
ToCreateOptions converts the input to container create options.