oci

package
v1.20.0-rc.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 9, 2020 License: Apache-2.0 Imports: 50 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	AttachPipeStdin  = 1
	AttachPipeStdout = 2
	AttachPipeStderr = 3
)

Sync with stdpipe_t in conmon.c

View Source 
const (
	// ContainerStateCreated represents the created state of a container
	ContainerStateCreated = "created"
	// ContainerStatePaused represents the paused state of a container
	ContainerStatePaused = "paused"
	// ContainerStateRunning represents the running state of a container
	ContainerStateRunning = "running"
	// ContainerStateStopped represents the stopped state of a container
	ContainerStateStopped = "stopped"
	// ContainerCreateTimeout represents the value of container creating timeout
	ContainerCreateTimeout = 240 * time.Second
)
View Source 
const (
	// RuntimeTypeOCI is the type representing the RuntimeOCI implementation.
	RuntimeTypeOCI = "oci"
)

Variables

View Source 
var (
	ErrContainerStopped = errors.New("container is already stopped")
	ErrNotFound         = errors.New("container process not found")
	ErrNotInitialized   = errors.New("container PID not initialized")
)

Functions

func ConmonPath added in v1.16.2 

func ConmonPath(r *Runtime) string

func GetPidStartTimeFromFile added in v1.19.0 

func GetPidStartTimeFromFile(file string) (string, error)

GetPidStartTime reads a file as if it were a /proc/$pid/stat file, looking for stime for PID. It is abstracted out to allow for unit testing

func ReadConmonPidFile added in v1.16.2 

func ReadConmonPidFile(c *Container) (int, error)

ReadConmonPidFile attempts to read conmon's pid from its pid file This function makes no verification that this file should exist it is up to the caller to verify that this container has a conmon

Types

type Container 

type Container struct {
	// contains filtered or unexported fields
}

Container represents a runtime container.

func NewContainer 

func NewContainer(id, name, bundlePath, logPath string, labels, crioAnnotations, annotations map[string]string, image, imageName, imageRef string, metadata *Metadata, sandbox string, terminal, stdin, stdinOnce bool, runtimeHandler, dir string, created time.Time, stopSignal string) (*Container, error)

NewContainer creates a container object.

func NewSpoofedContainer added in v1.19.0 

func NewSpoofedContainer(id, name string, labels map[string]string, created time.Time, dir string) *Container

func (*Container) AddVolume 

func (c *Container) AddVolume(v ContainerVolume)

AddVolume adds a volume to list of container volumes.

func (*Container) Annotations 

func (c *Container) Annotations() map[string]string

Annotations returns the annotations of the container.

func (*Container) BundlePath 

func (c *Container) BundlePath() string

BundlePath returns the bundlePath of the container.

func (*Container) CleanupConmonCgroup 

func (c *Container) CleanupConmonCgroup()

CleanupConmonCgroup cleans up conmon's group when using cgroupfs.

func (*Container) ConmonCgroupfsPath 

func (c *Container) ConmonCgroupfsPath() string

ConmonCgroupfsPath returns the path to conmon's cgroup. This is only set when cgroupfs is used as a cgroup manager.

func (*Container) Created 

func (c *Container) Created() bool

Created returns whether the container was created successfully

func (*Container) CreatedAt 

func (c *Container) CreatedAt() time.Time

CreatedAt returns the container creation time

func (*Container) CrioAnnotations 

func (c *Container) CrioAnnotations() map[string]string

CrioAnnotations returns the crio annotations of the container.

func (*Container) Description 

func (c *Container) Description() string

Description returns a description for the container

func (*Container) Dir 

func (c *Container) Dir() string

Dir returns the dir of the container

func (*Container) FromDisk 

func (c *Container) FromDisk() error

FromDisk restores container's state from disk Calls to FromDisk should always be preceded by call to Runtime.UpdateContainerStatus. This is because FromDisk() initializes the InitStartTime for the saved container state when CRI-O is being upgraded to a version that supports tracking PID, but does no verification the container is actually still running. If we assume the container is still running, we could incorrectly think a process with the same PID running on the host is our container. A call to `$runtime state` will protect us against this.

func (*Container) GetStopSignal 

func (c *Container) GetStopSignal() string

GetStopSignal returns the container's own stop signal configured from the image configuration or the default one.

func (*Container) ID 

func (c *Container) ID() string

ID returns the id of the container.

func (*Container) IDMappings 

func (c *Container) IDMappings() *idtools.IDMappings

IDMappings returns the ID/GID mappings used for the container

func (*Container) Image 

func (c *Container) Image() string

Image returns the image of the container.

func (*Container) ImageName 

func (c *Container) ImageName() string

ImageName returns the image name of the container.

func (*Container) ImageRef 

func (c *Container) ImageRef() string

ImageRef returns the image ref of the container.

func (*Container) IsAlive added in v1.19.0 

func (c *Container) IsAlive() error

IsAlive is a function that checks if a container's init PID exists. It is used to check a container state when we don't want a `$runtime state` call

func (*Container) Labels 

func (c *Container) Labels() map[string]string

Labels returns the labels of the container.

func (*Container) LogPath 

func (c *Container) LogPath() string

LogPath returns the log path of the container.

func (*Container) Metadata 

func (c *Container) Metadata() *Metadata

Metadata returns the metadata of the container.

func (*Container) MountPoint 

func (c *Container) MountPoint() string

MountPoint returns the container mount point

func (*Container) Name 

func (c *Container) Name() string

Name returns the name of the container.

func (*Container) Pid added in v1.19.0 

func (c *Container) Pid() (int, error)

Pid returns the container's init PID. It will fail if the saved PID no longer belongs to the container.

func (*Container) Sandbox 

func (c *Container) Sandbox() string

Sandbox returns the sandbox name of the container.

func (*Container) SeccompProfilePath 

func (c *Container) SeccompProfilePath() string

SeccompProfilePath returns the seccomp profile path

func (*Container) SetCreated 

func (c *Container) SetCreated()

SetCreated sets the created flag to true once container is created

func (*Container) SetIDMappings 

func (c *Container) SetIDMappings(mappings *idtools.IDMappings)

SetIDMappings sets the ID/GID mappings used for the container

func (*Container) SetMountPoint 

func (c *Container) SetMountPoint(mp string)

SetMountPoint sets the container mount point

func (*Container) SetSeccompProfilePath 

func (c *Container) SetSeccompProfilePath(pp string)

SetSeccompProfilePath sets the seccomp profile path

func (*Container) SetSpec 

func (c *Container) SetSpec(s *specs.Spec)

SetSpec loads the OCI spec in the container struct

func (*Container) SetStartFailed 

func (c *Container) SetStartFailed(err error)

SetStartFailed sets the container state appropriately after a start failure

func (*Container) ShouldBeStopped added in v1.17.5 

func (c *Container) ShouldBeStopped() error

ShouldBeStopped checks whether the container state is in a place where attempting to stop it makes sense a container is not stoppable if it's paused or stopped if it's paused, that's an error, and is reported as such

func (*Container) Spec 

func (c *Container) Spec() specs.Spec

Spec returns a copy of the spec for the container

func (*Container) Spoofed added in v1.19.0 

func (c *Container) Spoofed() bool

Spoofed returns whether this container is spoofed. A container should be spoofed when it doesn't have to exist in the container runtime, but does need to exist in the storage. The main use of this is when an infra container is not needed, but sandbox metadata should be stored with a spoofed infra container.

func (*Container) State 

func (c *Container) State() *ContainerState

State returns the state of the running container

func (*Container) StateNoLock 

func (c *Container) StateNoLock() *ContainerState

StateNoLock returns the state of a container without using a lock.

func (*Container) StatePath 

func (c *Container) StatePath() string

StatePath returns the containers state.json path

func (*Container) StdinOnce 

func (c *Container) StdinOnce() bool

StdinOnce returns whether stdin once is set for the container.

func (*Container) StopSignal 

func (c *Container) StopSignal() syscall.Signal

StopSignal returns the container's own stop signal configured from the image configuration or the default one.

func (*Container) Volumes 

func (c *Container) Volumes() []ContainerVolume

Volumes returns the list of container volumes.

type ContainerState 

type ContainerState struct {
	specs.State
	Created   time.Time `json:"created"`
	Started   time.Time `json:"started,omitempty"`
	Finished  time.Time `json:"finished,omitempty"`
	ExitCode  *int32    `json:"exitCode,omitempty"`
	OOMKilled bool      `json:"oomKilled,omitempty"`
	Error     string    `json:"error,omitempty"`
	InitPid   int       `json:"initPid,omitempty"`
	// The unix start time of the container's init PID.
	// This is used to track whether the PID we have stored
	// is the same as the corresponding PID on the host.
	InitStartTime string `json:"initStartTime,omitempty"`
}

ContainerState represents the status of a container.

func (*ContainerState) SetInitPid added in v1.19.0 

func (cstate *ContainerState) SetInitPid(pid int) error

SetInitPid initializes the InitPid and InitStartTime for the container state given a PID. These values should be set once, and not changed again.

type ContainerStats 

type ContainerStats struct {
	Container       string
	CPU             float64
	CPUNano         uint64
	SystemNano      int64
	MemUsage        uint64
	MemLimit        uint64
	MemPerc         float64
	NetInput        uint64
	NetOutput       uint64
	BlockInput      uint64
	BlockOutput     uint64
	PIDs            uint64
	WorkingSetBytes uint64
}

ContainerStats contains the statistics information for a running container

type ContainerStorer 

type ContainerStorer interface {
	// Add appends a new container to the store.
	Add(string, *Container)
	// Get returns a container from the store by the identifier it was stored with.
	Get(string) *Container
	// Delete removes a container from the store by the identifier it was stored with.
	Delete(string)
	// List returns a list of containers from the store.
	List() []*Container
	// Size returns the number of containers in the store.
	Size() int
	// First returns the first container found in the store by a given filter.
	First(StoreFilter) *Container
	// ApplyAll calls the reducer function with every container in the store.
	ApplyAll(StoreReducer)
}

ContainerStorer defines an interface that any container store must implement.

func NewMemoryStore 

func NewMemoryStore() ContainerStorer

NewMemoryStore initializes a new memory store.

type ContainerVolume 

type ContainerVolume struct {
	ContainerPath string `json:"container_path"`
	HostPath      string `json:"host_path"`
	Readonly      bool   `json:"readonly"`
}

ContainerVolume is a bind mount for the container.

type ExecSyncError 

type ExecSyncError struct {
	Stdout   bytes.Buffer
	Stderr   bytes.Buffer
	ExitCode int32
	Err      error
}

ExecSyncError wraps command's streams, exit code and error on ExecSync error.

func (*ExecSyncError) Error 

func (e *ExecSyncError) Error() string

type ExecSyncResponse 

type ExecSyncResponse struct {
	Stdout   []byte
	Stderr   []byte
	ExitCode int32
}

ExecSyncResponse is returned from ExecSync.

type History 

type History []*Container

History is a convenience type for storing a list of containers, sorted by creation date in descendant order.

func (*History) Len 

func (history *History) Len() int

Len returns the number of containers in the history.

func (*History) Less 

func (history *History) Less(i, j int) bool

Less compares two containers and returns true if the second one was created before the first one.

func (*History) Swap 

func (history *History) Swap(i, j int)

Swap switches containers i and j positions in the history.

type Metadata added in v1.20.0 

type Metadata struct {
	// Name of the container.
	Name string `json:"name,omitempty"`

	// Attempt number of creating the container.
	Attempt uint32 `json:"attempt,omitempty"`
}

Metadata holds all necessary information for building the container name. The container runtime is encouraged to expose the metadata in its user interface for better user experience.

type Runtime 

type Runtime struct {
	// contains filtered or unexported fields
}

Runtime is the generic structure holding both global and specific information about the runtime.

func New 

func New(c *config.Config) *Runtime

New creates a new Runtime with options provided

func (*Runtime) AllowCPULoadBalancingAnnotation added in v1.20.0 

func (r *Runtime) AllowCPULoadBalancingAnnotation(handler string) (bool, error)

AllowCPULoadBalancingAnnotation searches through the AllowedAnnotations for the CPU load balancing annotation, checking whether this runtime allows processing of "cpu-load-balancing.crio.io"

func (*Runtime) AllowCPUQuotaAnnotation added in v1.20.0 

func (r *Runtime) AllowCPUQuotaAnnotation(handler string) (bool, error)

AllowCPUQuotaAnnotation searches through the AllowedAnnotations for the CPU quota annotation, checking whether this runtime allows processing of "cpu-quota.crio.io"

func (*Runtime) AllowDevicesAnnotation added in v1.20.0 

func (r *Runtime) AllowDevicesAnnotation(handler string) (bool, error)

AllowDevicesAnnotation searches through the AllowedAnnotations for the devices annotation, checking whether this runtime allows processing of "io.kubernetes.cri-o.Devices"

func (*Runtime) AllowIRQLoadBalancingAnnotation added in v1.20.0 

func (r *Runtime) AllowIRQLoadBalancingAnnotation(handler string) (bool, error)

AllowIRQLoadBalancingAnnotation searches through the AllowedAnnotations for the IRQ load balancing annotation, checking whether this runtime allows processing of "irq-load-balancing.crio.io"

func (*Runtime) AllowShmSizeAnnotation added in v1.20.0 

func (r *Runtime) AllowShmSizeAnnotation(handler string) (bool, error)

func (*Runtime) AllowUsernsAnnotation added in v1.20.0 

func (r *Runtime) AllowUsernsAnnotation(handler string) (bool, error)

AllowUsernsAnnotation searches through the AllowedAnnotations for the userns annotation, checking whether this runtime allows processing of "io.kubernetes.cri-o.userns-mode"

func (*Runtime) AttachContainer 

func (r *Runtime) AttachContainer(c *Container, inputStream io.Reader, outputStream, errorStream io.WriteCloser, tty bool, resize <-chan remotecommand.TerminalSize) error

AttachContainer attaches IO to a running container.

func (*Runtime) ContainerStats 

func (r *Runtime) ContainerStats(c *Container, cgroup string) (*ContainerStats, error)

ContainerStats provides statistics of a container.

func (*Runtime) CreateContainer 

func (r *Runtime) CreateContainer(c *Container, cgroupParent string) error

CreateContainer creates a container.

func (*Runtime) DeleteContainer 

func (r *Runtime) DeleteContainer(c *Container) (err error)

DeleteContainer deletes a container.

func (*Runtime) ExecContainer 

func (r *Runtime) ExecContainer(c *Container, cmd []string, stdin io.Reader, stdout, stderr io.WriteCloser, tty bool, resize <-chan remotecommand.TerminalSize) error

ExecContainer prepares a streaming endpoint to execute a command in the container.

func (*Runtime) ExecSyncContainer 

func (r *Runtime) ExecSyncContainer(c *Container, command []string, timeout int64) (*ExecSyncResponse, error)

ExecSyncContainer execs a command in a container and returns it's stdout, stderr and return code.

func (*Runtime) PauseContainer 

func (r *Runtime) PauseContainer(c *Container) error

PauseContainer pauses a container.

func (*Runtime) PortForwardContainer 

func (r *Runtime) PortForwardContainer(ctx context.Context, c *Container, netNsPath string, port int32, stream io.ReadWriteCloser) error

PortForwardContainer forwards the specified port provides statistics of a container.

func (*Runtime) PrivilegedWithoutHostDevices added in v1.16.2 

func (r *Runtime) PrivilegedWithoutHostDevices(handler string) (bool, error)

PrivelegedRuntimeHandler returns a boolean value configured for the runtimeHandler indicating if devices on the host are passed/not passed to a container running as privileged.

func (*Runtime) ReopenContainerLog 

func (r *Runtime) ReopenContainerLog(c *Container) error

ReopenContainerLog reopens the log file of a container.

func (*Runtime) RuntimeImpl 

func (r *Runtime) RuntimeImpl(c *Container) (RuntimeImpl, error)

RuntimeImpl returns the runtime implementation for a given container

func (*Runtime) RuntimeType added in v1.19.0 

func (r *Runtime) RuntimeType(runtimeHandler string) (string, error)

RuntimeType returns the type of runtimeHandler This is needed when callers need to do specific work for oci vs vm containers, like monitor an oci container's conmon.

func (*Runtime) Runtimes 

func (r *Runtime) Runtimes() config.Runtimes

Runtimes returns the map of OCI runtimes.

func (*Runtime) SignalContainer 

func (r *Runtime) SignalContainer(c *Container, sig syscall.Signal) error

SignalContainer sends a signal to a container process.

func (*Runtime) SpoofOOM added in v1.16.2 

func (r *Runtime) SpoofOOM(c *Container)

SpoofOOM is a function that sets a container state as though it OOM'd. It's used in situations where another process in the container's cgroup (like conmon) OOM'd when it wasn't supposed to, allowing us to report to the kubelet that the container OOM'd instead.

func (*Runtime) StartContainer 

func (r *Runtime) StartContainer(c *Container) error

StartContainer starts a container.

func (*Runtime) StopContainer 

func (r *Runtime) StopContainer(ctx context.Context, c *Container, timeout int64) error

StopContainer stops a container. Timeout is given in seconds.

func (*Runtime) UnpauseContainer 

func (r *Runtime) UnpauseContainer(c *Container) error

UnpauseContainer unpauses a container.

func (*Runtime) UpdateContainer 

func (r *Runtime) UpdateContainer(c *Container, res *rspec.LinuxResources) error

UpdateContainer updates container resources

func (*Runtime) UpdateContainerStatus 

func (r *Runtime) UpdateContainerStatus(c *Container) error

UpdateContainerStatus refreshes the status of the container.

func (*Runtime) ValidateRuntimeHandler 

func (r *Runtime) ValidateRuntimeHandler(handler string) (*config.RuntimeHandler, error)

ValidateRuntimeHandler returns an error if the runtime handler string provided does not match any valid use case.

func (*Runtime) WaitContainerStateStopped 

func (r *Runtime) WaitContainerStateStopped(ctx context.Context, c *Container) error

WaitContainerStateStopped runs a loop polling UpdateStatus(), seeking for the container status to be updated to 'stopped'. Either it gets the expected status and returns nil, or it reaches the timeout and returns an error.

type RuntimeImpl 

type RuntimeImpl interface {
	CreateContainer(*Container, string) error
	StartContainer(*Container) error
	ExecContainer(*Container, []string, io.Reader, io.WriteCloser, io.WriteCloser,
		bool, <-chan remotecommand.TerminalSize) error
	ExecSyncContainer(*Container, []string, int64) (*ExecSyncResponse, error)
	UpdateContainer(*Container, *rspec.LinuxResources) error
	StopContainer(context.Context, *Container, int64) error
	DeleteContainer(*Container) error
	UpdateContainerStatus(*Container) error
	PauseContainer(*Container) error
	UnpauseContainer(*Container) error
	ContainerStats(*Container, string) (*ContainerStats, error)
	SignalContainer(*Container, syscall.Signal) error
	AttachContainer(*Container, io.Reader, io.WriteCloser, io.WriteCloser,
		bool, <-chan remotecommand.TerminalSize) error
	PortForwardContainer(context.Context, *Container, string,
		int32, io.ReadWriteCloser) error
	ReopenContainerLog(*Container) error
	WaitContainerStateStopped(context.Context, *Container) error
}

RuntimeImpl is an interface used by the caller to interact with the container runtime. The purpose of this interface being to abstract implementations and their associated assumptions regarding the way to interact with containers. This will allow for new implementations of this interface, especially useful for the case of VM based container runtimes. Assumptions based on the fact that a container process runs on the host will be limited to the RuntimeOCI implementation.

type StoreFilter 

type StoreFilter func(*Container) bool

StoreFilter defines a function to filter container in the store.

type StoreReducer 

type StoreReducer func(*Container)

StoreReducer defines a function to manipulate containers in the store

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.