createconfig

package
v1.9.0-rc1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 13, 2020 License: Apache-2.0 Imports: 36 Imported by: 13

Documentation

Index

Constants

View Source
const (
	// TypeBind is the type for mounting host dir
	TypeBind = "bind"
	// TypeVolume is the type for named volumes
	TypeVolume = "volume"
	// TypeTmpfs is the type for mounting tmpfs
	TypeTmpfs = "tmpfs"
)
View Source
const CpuPeriod = 100000
View Source
const Pod = "pod"

Pod signifies a kernel namespace is being shared by a container with the pod it is associated with

Variables

This section is empty.

Functions

func AddPrivilegedDevices added in v1.8.1

func AddPrivilegedDevices(g *generate.Generator) error

AddPrivilegedDevices iterates through host devices and adds all host devices to the spec

func BlockAccessToKernelFilesystems added in v1.8.1

func BlockAccessToKernelFilesystems(privileged, pidModeIsHost bool, g *generate.Generator)

func CreatePortBinding

func CreatePortBinding(hostPort int, hostIP string) []nat.PortBinding

CreatePortBinding takes port (int) and IP (string) and creates an array of portbinding structs

func Device

func Device(d *configs.Device) spec.LinuxDevice

Device transforms a libcontainer configs.Device to a specs.LinuxDevice object.

func DevicesFromPath added in v1.8.1

func DevicesFromPath(g *generate.Generator, devicePath string) error

DevicesFromPath computes a list of devices

func ExposedPorts

func ExposedPorts(expose, publish []string, publishAll bool, imageExposedPorts map[string]struct{}) (map[nat.Port][]nat.PortBinding, error)

ExposedPorts parses user and image ports and returns binding information

func GetAvailableGids added in v1.8.1

func GetAvailableGids() (int64, error)

func GetStatFromPath added in v1.8.1

func GetStatFromPath(path string) (unix.Stat_t, error)

func InitFSMounts added in v1.8.1

func InitFSMounts(mounts []spec.Mount) error

Ensure mount options on all mounts are correct

func IsNS added in v0.7.4

func IsNS(s string) bool

IsNS returns if the specified string has a ns: prefix

func IsPod added in v0.8.4

func IsPod(s string) bool

IsPod returns if the specified string is pod

func IsValidDeviceMode added in v0.11.1

func IsValidDeviceMode(mode string) bool

IsValidDeviceMode checks if the mode for device is valid or not. IsValid mode is a composition of r (read), w (write), and m (mknod).

func NS added in v0.7.4

func NS(s string) string

NS is the path to the namespace to join.

func NatToOCIPortBindings added in v0.12.1

func NatToOCIPortBindings(ports nat.PortMap) ([]ocicni.PortMapping, error)

NatToOCIPortBindings iterates a nat.portmap slice and creates []ocicni portmapping slice

func ParseDevice added in v0.11.1

func ParseDevice(device string) (string, string, string, error)

ParseDevice parses device mapping string to a src, dest & permissions string

func SupercedeUserMounts added in v1.8.1

func SupercedeUserMounts(mounts []spec.Mount, configMount []spec.Mount) []spec.Mount

Supersede existing mounts in the spec with new, user-specified mounts. TODO: Should we unmount subtree mounts? E.g., if /tmp/ is mounted by one mount, and we already have /tmp/a and /tmp/b, should we remove the /tmp/a and /tmp/b mounts in favor of the more general /tmp?

func Valid added in v0.8.4

func Valid(s string, ns LinuxNS) bool

Valid checks the validity of a linux namespace s should be the string representation of ns

func ValidateweightDevice added in v1.8.1

func ValidateweightDevice(val string) (*weightDevice, error)

ValidateweightDevice validates that the specified string has a valid device-weight format for blkio-weight-device flag

Types

type CgroupConfig added in v1.7.0

type CgroupConfig struct {
	Cgroups      string
	Cgroupns     string
	CgroupParent string                // cgroup-parent
	CgroupMode   namespaces.CgroupMode //cgroup
}

CgroupConfig configures the cgroup namespace for the container

func (*CgroupConfig) ConfigureGenerator added in v1.7.0

func (c *CgroupConfig) ConfigureGenerator(g *generate.Generator) error

ConfigureGenerator configures the generator according to the current state of the CgroupConfig.

func (*CgroupConfig) ToCreateOptions added in v1.7.0

func (c *CgroupConfig) ToCreateOptions(runtime *libpod.Runtime) ([]libpod.CtrCreateOption, error)

ToCreateOptions converts the input to container create options.

type CreateConfig

type CreateConfig struct {
	Annotations       map[string]string
	Args              []string
	CidFile           string
	ConmonPidFile     string
	Command           []string          // Full command that will be used
	UserCommand       []string          // User-entered command (or image CMD)
	Detach            bool              // detach
	Devices           []string          // device
	Entrypoint        []string          //entrypoint
	Env               map[string]string //env
	HealthCheck       *manifest.Schema2HealthConfig
	Init              bool   // init
	InitPath          string //init-path
	Image             string
	ImageID           string
	RawImageName      string
	BuiltinImgVolumes map[string]struct{} // volumes defined in the image config
	ImageVolumeType   string              // how to handle the image volume, either bind, tmpfs, or ignore
	Interactive       bool                //interactive
	Labels            map[string]string   //label
	LogDriver         string              // log-driver
	LogDriverOpt      []string            // log-opt
	Name              string              //name
	PodmanPath        string
	Pod               string //pod
	Quiet             bool   //quiet
	Resources         CreateResourceConfig
	RestartPolicy     string
	Rm                bool           //rm
	Rmi               bool           //rmi
	StopSignal        syscall.Signal // stop-signal
	StopTimeout       uint           // stop-timeout
	Systemd           bool
	Tmpfs             []string // tmpfs
	Tty               bool     //tty
	Mounts            []spec.Mount
	MountsFlag        []string // mounts
	NamedVolumes      []*libpod.ContainerNamedVolume
	Volumes           []string //volume
	VolumesFrom       []string
	WorkDir           string //workdir
	Rootfs            string
	Security          SecurityConfig
	Syslog            bool // Whether to enable syslog on exit commands

	// Namespaces
	Pid     PidConfig
	Ipc     IpcConfig
	Cgroup  CgroupConfig
	User    UserConfig
	Uts     UtsConfig
	Network NetworkConfig
}

CreateConfig is a pre OCI spec structure. It represents user input from varlink or the CLI swagger:model CreateConfig

func (*CreateConfig) CreateBlockIO

func (c *CreateConfig) CreateBlockIO() (*spec.LinuxBlockIO, error)

CreateBlockIO returns a LinuxBlockIO struct from a CreateConfig

func (*CreateConfig) MakeContainerConfig added in v1.3.0

func (config *CreateConfig) MakeContainerConfig(runtime *libpod.Runtime, pod *libpod.Pod) (*spec.Spec, []libpod.CtrCreateOption, error)

MakeContainerConfig generates all configuration necessary to start a container with libpod from a completed CreateConfig struct.

type CreateResourceConfig

type CreateResourceConfig struct {
	BlkioWeight       uint16   // blkio-weight
	BlkioWeightDevice []string // blkio-weight-device
	CPUPeriod         uint64   // cpu-period
	CPUQuota          int64    // cpu-quota
	CPURtPeriod       uint64   // cpu-rt-period
	CPURtRuntime      int64    // cpu-rt-runtime
	CPUShares         uint64   // cpu-shares
	CPUs              float64  // cpus
	CPUsetCPUs        string
	CPUsetMems        string   // cpuset-mems
	DeviceCgroupRules []string //device-cgroup-rule
	DeviceReadBps     []string // device-read-bps
	DeviceReadIOps    []string // device-read-iops
	DeviceWriteBps    []string // device-write-bps
	DeviceWriteIOps   []string // device-write-iops
	DisableOomKiller  bool     // oom-kill-disable
	KernelMemory      int64    // kernel-memory
	Memory            int64    //memory
	MemoryReservation int64    // memory-reservation
	MemorySwap        int64    //memory-swap
	MemorySwappiness  int      // memory-swappiness
	OomScoreAdj       int      //oom-score-adj
	PidsLimit         int64    // pids-limit
	ShmSize           int64
	Ulimit            []string //ulimit
}

CreateResourceConfig represents resource elements in CreateConfig structures

type IpcConfig added in v1.7.0

type IpcConfig struct {
	IpcMode namespaces.IpcMode //ipc
}

IpcConfig configures the ipc namespace for the container

func (*IpcConfig) ConfigureGenerator added in v1.7.0

func (c *IpcConfig) ConfigureGenerator(g *generate.Generator) error

ConfigureGenerator configures the generator according to the current state of the IpcConfig.

func (*IpcConfig) ToCreateOptions added in v1.7.0

func (c *IpcConfig) ToCreateOptions(runtime *libpod.Runtime) ([]libpod.CtrCreateOption, error)

ToCreateOptions converts the input to container create options.

type LinuxNS added in v0.8.4

type LinuxNS interface {
	Valid() bool
}

LinuxNS is a struct that contains namespace information It implemented Valid to show it is a valid namespace

type NetworkConfig added in v1.7.0

type NetworkConfig struct {
	DNSOpt       []string //dns-opt
	DNSSearch    []string //dns-search
	DNSServers   []string //dns
	ExposedPorts map[nat.Port]struct{}
	HTTPProxy    bool
	IP6Address   string                 //ipv6
	IPAddress    string                 //ip
	LinkLocalIP  []string               // link-local-ip
	MacAddress   string                 //mac-address
	NetMode      namespaces.NetworkMode //net
	Network      string                 //network
	NetworkAlias []string               //network-alias
	PortBindings nat.PortMap
	Publish      []string //publish
	PublishAll   bool     //publish-all
}

NetworkConfig configures the network namespace for the container

func (*NetworkConfig) ConfigureGenerator added in v1.7.0

func (c *NetworkConfig) ConfigureGenerator(g *generate.Generator) error

ConfigureGenerator configures the generator based according to the current state of the NetworkConfig.

func (*NetworkConfig) ToCreateOptions added in v1.7.0

func (c *NetworkConfig) ToCreateOptions(runtime *libpod.Runtime, userns *UserConfig) ([]libpod.CtrCreateOption, error)

ToCreateOptions converts the input to a slice of container create options.

type PidConfig added in v1.7.0

type PidConfig struct {
	PidMode namespaces.PidMode //pid
}

PidConfig configures the pid namespace for the container

func (*PidConfig) ConfigureGenerator added in v1.7.0

func (c *PidConfig) ConfigureGenerator(g *generate.Generator) error

ConfigureGenerator configures the generator according to the current state of the PidConfig.

func (*PidConfig) ToCreateOptions added in v1.7.0

func (c *PidConfig) ToCreateOptions(runtime *libpod.Runtime) ([]libpod.CtrCreateOption, error)

ToCreateOptions converts the input to container create options.

type SecurityConfig added in v1.7.0

type SecurityConfig struct {
	CapAdd                  []string // cap-add
	CapDrop                 []string // cap-drop
	CapRequired             []string // cap-required
	LabelOpts               []string //SecurityOpts
	NoNewPrivs              bool     //SecurityOpts
	ApparmorProfile         string   //SecurityOpts
	SeccompProfilePath      string   //SecurityOpts
	SeccompProfileFromImage string   // seccomp profile from the container image
	SeccompPolicy           seccomp.Policy
	SecurityOpts            []string
	Privileged              bool              //privileged
	ReadOnlyRootfs          bool              //read-only
	ReadOnlyTmpfs           bool              //read-only-tmpfs
	Sysctl                  map[string]string //sysctl
}

SecurityConfig configures the security features for the container

func (*SecurityConfig) ConfigureGenerator added in v1.7.0

func (c *SecurityConfig) ConfigureGenerator(g *generate.Generator, user *UserConfig) error

ConfigureGenerator configures the generator according to the input.

func (*SecurityConfig) SetLabelOpts added in v1.7.0

func (c *SecurityConfig) SetLabelOpts(runtime *libpod.Runtime, pidConfig *PidConfig, ipcConfig *IpcConfig) error

SetLabelOpts sets the label options of the SecurityConfig according to the input.

func (*SecurityConfig) SetSecurityOpts added in v1.7.0

func (c *SecurityConfig) SetSecurityOpts(runtime *libpod.Runtime, securityOpts []string) error

SetSecurityOpts the the security options (labels, apparmor, seccomp, etc.).

func (*SecurityConfig) ToCreateOptions added in v1.7.0

func (c *SecurityConfig) ToCreateOptions() ([]libpod.CtrCreateOption, error)

ToCreateOptions convert the SecurityConfig to a slice of container create options.

type UserConfig added in v1.7.0

type UserConfig struct {
	GroupAdd   []string // group-add
	IDMappings *storage.IDMappingOptions
	UsernsMode namespaces.UsernsMode //userns
	User       string                //user
}

UserConfig configures the user namespace for the container

func (*UserConfig) ConfigureGenerator added in v1.7.0

func (c *UserConfig) ConfigureGenerator(g *generate.Generator) error

ConfigureGenerator configures the generator according to the current state of the UserConfig.

func (*UserConfig) InNS added in v1.7.0

func (c *UserConfig) InNS(isRootless bool) bool

InNS returns true if the UserConfig indicates to be in a dedicated user namespace.

func (*UserConfig) ToCreateOptions added in v1.7.0

func (c *UserConfig) ToCreateOptions(runtime *libpod.Runtime) ([]libpod.CtrCreateOption, error)

ToCreateOptions converts the input to container create options.

type UtsConfig added in v1.7.0

type UtsConfig struct {
	UtsMode  namespaces.UTSMode //uts
	NoHosts  bool
	HostAdd  []string //add-host
	Hostname string
}

UtsConfig configures the uts namespace for the container

func (*UtsConfig) ConfigureGenerator added in v1.7.0

func (c *UtsConfig) ConfigureGenerator(g *generate.Generator, net *NetworkConfig, runtime *libpod.Runtime) error

ConfigureGenerator configures the generator according to the current state of the UtsConfig.

func (*UtsConfig) ToCreateOptions added in v1.7.0

func (c *UtsConfig) ToCreateOptions(runtime *libpod.Runtime, pod *libpod.Pod) ([]libpod.CtrCreateOption, error)

ToCreateOptions converts the input to container create options.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL