annotations

package

v1.30.4 Latest Latest Go to latest Published: Aug 1, 2024 License: Apache-2.0 Imports: 1 Imported by: 14

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cri-o/cri-o

Links

Open Source Insights

Documentation ¶

Constants ¶

View Source

const (
	// UsernsMode is the user namespace mode to use
	UsernsModeAnnotation = "io.kubernetes.cri-o.userns-mode"

	// CgroupRW specifies mounting v2 cgroups as an rw filesystem.
	Cgroup2RWAnnotation = "io.kubernetes.cri-o.cgroup2-mount-hierarchy-rw"

	// UnifiedCgroupAnnotation specifies the unified configuration for cgroup v2
	UnifiedCgroupAnnotation = "io.kubernetes.cri-o.UnifiedCgroup"

	// SpoofedContainer indicates a container was spoofed in the runtime
	SpoofedContainer = "io.kubernetes.cri-o.Spoofed"

	// ShmSizeAnnotation is the K8S annotation used to set custom shm size
	ShmSizeAnnotation = "io.kubernetes.cri-o.ShmSize"

	// DevicesAnnotation is a set of devices to give to the container
	DevicesAnnotation = "io.kubernetes.cri-o.Devices"

	// CPULoadBalancingAnnotation indicates that load balancing should be disabled for CPUs used by the container
	CPULoadBalancingAnnotation = "cpu-load-balancing.crio.io"

	// CPUQuotaAnnotation indicates that CPU quota should be disabled for CPUs used by the container
	CPUQuotaAnnotation = "cpu-quota.crio.io"

	// IRQLoadBalancingAnnotation indicates that IRQ load balancing should be disabled for CPUs used by the container
	IRQLoadBalancingAnnotation = "irq-load-balancing.crio.io"

	// OCISeccompBPFHookAnnotation is the annotation used by the OCI seccomp BPF hook for tracing container syscalls
	OCISeccompBPFHookAnnotation = "io.containers.trace-syscall"

	// TrySkipVolumeSELinuxLabelAnnotation is the annotation used for optionally skipping relabeling a volume
	// with the specified SELinux label.  The relabeling will be skipped if the top layer is already labeled correctly.
	TrySkipVolumeSELinuxLabelAnnotation = "io.kubernetes.cri-o.TrySkipVolumeSELinuxLabel"

	// CPUCStatesAnnotation indicates that c-states should be enabled or disabled for CPUs used by the container
	CPUCStatesAnnotation = "cpu-c-states.crio.io"

	// CPUFreqGovernorAnnotation sets the cpufreq governor for CPUs used by the container
	CPUFreqGovernorAnnotation = "cpu-freq-governor.crio.io"

	// CPUSharedAnnotation indicate that a container which is part of a guaranteed QoS pod,
	// wants access to shared cpus.
	// the container name should be appended at the end of the annotation
	// example:  cpu-shared.crio.io/containerA
	CPUSharedAnnotation = "cpu-shared.crio.io"

	// SeccompNotifierActionAnnotation indicates a container is allowed to use the seccomp notifier feature.
	SeccompNotifierActionAnnotation = "io.kubernetes.cri-o.seccompNotifierAction"

	// UmaskAnnotation is the umask to use in the container init process
	UmaskAnnotation = "io.kubernetes.cri-o.umask"

	// SeccompNotifierActionStop indicates that a container should be stopped if used via the SeccompNotifierActionAnnotation key.
	SeccompNotifierActionStop = "stop"

	// PodLinuxOverhead indicates the overheads associated with the pod
	PodLinuxOverhead = "io.kubernetes.cri-o.PodLinuxOverhead"

	// PodLinuxResources indicates the sum of container resources for this pod
	PodLinuxResources = "io.kubernetes.cri-o.PodLinuxResources"

	// LinkLogsAnnotations indicates that CRI-O should link the pod containers logs into the specified
	// emptyDir volume
	LinkLogsAnnotation = "io.kubernetes.cri-o.LinkLogs"

	// PlatformRuntimePath indicates the runtime path that CRI-O should use for a specific platform.
	PlatformRuntimePath = "io.kubernetes.cri-o.PlatformRuntimePath"

	// SeccompProfileAnnotation can be used to set the seccomp profile for:
	// - a specific container by using: `seccomp-profile.kubernetes.cri-o.io/<CONTAINER_NAME>`
	// - a whole pod by using: `seccomp-profile.kubernetes.cri-o.io/POD`
	// Note that the annotation works on containers as well as on images.
	// For images, the plain annotation `seccomp-profile.kubernetes.cri-o.io`
	// can be used without the required `/POD` suffix or a container name.
	SeccompProfileAnnotation = "seccomp-profile.kubernetes.cri-o.io"

	// DisableFIPSAnnotation is used to disable FIPS mode for a pod within a FIPS-enabled Kubernetes cluster.
	DisableFIPSAnnotation = "io.kubernetes.cri-o.DisableFIPS"
)

View Source

const (
	// CheckpointAnnotationName is used by Container Checkpoint when creating a checkpoint image to specify the
	// original human-readable name for the container.
	CheckpointAnnotationName = "io.kubernetes.cri-o.annotations.checkpoint.name"

	// CheckpointAnnotationRawImageName is used by Container Checkpoint when
	// creating a checkpoint image to specify the original unprocessed name of
	// the image used to create the container (as specified by the user).
	CheckpointAnnotationRawImageName = "io.kubernetes.cri-o.annotations.checkpoint.rawImageName"

	// CheckpointAnnotationRootfsImageID is used by Container Checkpoint when
	// creating a checkpoint image to specify the original ID of the image used
	// to create the container.
	CheckpointAnnotationRootfsImageID = "io.kubernetes.cri-o.annotations.checkpoint.rootfsImageID"

	// CheckpointAnnotationRootfsImageName is used by Container Checkpoint when
	// creating a checkpoint image to specify the original image name used to
	// create the container.
	CheckpointAnnotationRootfsImageName = "io.kubernetes.cri-o.annotations.checkpoint.rootfsImageName"

	// CheckpointAnnotationCRIOVersion is used by Container Checkpoint when
	// creating a checkpoint image to specify the version of CRI-O used on the
	// host where the checkpoint was created.
	CheckpointAnnotationCRIOVersion = "io.kubernetes.cri-o.annotations.checkpoint.cri-o.version"

	// CheckpointAnnotationCriuVersion is used by Container Checkpoint when
	// creating a checkpoint image to specify the version of CRIU used on the
	// host where the checkpoint was created.
	CheckpointAnnotationCriuVersion = "io.kubernetes.cri-o.annotations.checkpoint.criu.version"
)

View Source

const (
	// Annotations carries the received Kubelet annotations.
	Annotations = "io.kubernetes.cri-o.Annotations"

	// ContainerID is the container ID annotation.
	ContainerID = "io.kubernetes.cri-o.ContainerID"

	// ContainerName is the container name annotation.
	ContainerName = "io.kubernetes.cri-o.ContainerName"

	// ContainerType is the container type (sandbox or container) annotation.
	ContainerType = "io.kubernetes.cri-o.ContainerType"

	// Created is the container creation time annotation.
	Created = "io.kubernetes.cri-o.Created"

	// HostName is the container host name annotation.
	HostName = "io.kubernetes.cri-o.HostName"

	// CgroupParent is the sandbox cgroup parent.
	CgroupParent = "io.kubernetes.cri-o.CgroupParent"

	// IP is the container ipv4 or ipv6 address.
	IP = "io.kubernetes.cri-o.IP"

	// NamespaceOptions store the options for namespaces.
	NamespaceOptions = "io.kubernetes.cri-o.NamespaceOptions"

	// SeccompProfilePath is the node seccomp profile path.
	SeccompProfilePath = "io.kubernetes.cri-o.SeccompProfilePath"

	// Image is the container image ID annotation.
	Image = "io.kubernetes.cri-o.Image"

	// ImageName is the container image name annotation.
	ImageName = "io.kubernetes.cri-o.ImageName"

	// ImageRef is the container image ref annotation.
	ImageRef = "io.kubernetes.cri-o.ImageRef"

	// KubeName is the kubernetes name annotation.
	KubeName = "io.kubernetes.cri-o.KubeName"

	// PortMappings holds the port mappings for the sandbox.
	PortMappings = "io.kubernetes.cri-o.PortMappings"

	// Labels are the kubernetes labels annotation.
	Labels = "io.kubernetes.cri-o.Labels"

	// LogPath is the container logging path annotation.
	LogPath = "io.kubernetes.cri-o.LogPath"

	// Metadata is the container metadata annotation.
	Metadata = "io.kubernetes.cri-o.Metadata"

	// Name is the pod name annotation.
	Name = "io.kubernetes.cri-o.Name"

	// Namespace is the pod namespace annotation.
	Namespace = "io.kubernetes.cri-o.Namespace"

	// PrivilegedRuntime is the annotation for the privileged runtime path.
	PrivilegedRuntime = "io.kubernetes.cri-o.PrivilegedRuntime"

	// ResolvPath is the resolver configuration path annotation.
	ResolvPath = "io.kubernetes.cri-o.ResolvPath"

	// HostnamePath is the path to /etc/hostname to bind mount annotation.
	HostnamePath = "io.kubernetes.cri-o.HostnamePath"

	// SandboxID is the sandbox ID annotation.
	SandboxID = "io.kubernetes.cri-o.SandboxID"

	// SandboxName is the sandbox name annotation.
	SandboxName = "io.kubernetes.cri-o.SandboxName"

	// ShmPath is the shared memory path annotation.
	ShmPath = "io.kubernetes.cri-o.ShmPath"

	// MountPoint is the mount point of the container rootfs.
	MountPoint = "io.kubernetes.cri-o.MountPoint"

	// RuntimeHandler is the annotation for runtime handler.
	RuntimeHandler = "io.kubernetes.cri-o.RuntimeHandler"

	// TTY is the terminal path annotation.
	TTY = "io.kubernetes.cri-o.TTY"

	// Stdin is the stdin annotation.
	Stdin = "io.kubernetes.cri-o.Stdin"

	// StdinOnce is the stdin_once annotation.
	StdinOnce = "io.kubernetes.cri-o.StdinOnce"

	// Volumes is the volumes annotation.
	Volumes = "io.kubernetes.cri-o.Volumes"

	// HostNetwork indicates whether the host network namespace is used or not.
	HostNetwork = "io.kubernetes.cri-o.HostNetwork"

	// CNIResult is the JSON string representation of the Result from CNI.
	CNIResult = "io.kubernetes.cri-o.CNIResult"

	// ContainerManager is the annotation key for indicating the creator and
	// manager of the container.
	ContainerManager = "io.container.manager"
)

View Source

const (
	// ContainerTypeSandbox represents a pod sandbox container.
	ContainerTypeSandbox = "sandbox"

	// ContainerTypeContainer represents a container running within a pod.
	ContainerTypeContainer = "container"
)

ContainerType values

View Source

const ContainerManagerLibpod = "libpod"

ContainerManagerLibpod indicates that libpod created and manages the container.

Variables ¶

View Source

var AllAllowedAnnotations = []string{
	UsernsModeAnnotation,
	Cgroup2RWAnnotation,
	UnifiedCgroupAnnotation,
	ShmSizeAnnotation,
	DevicesAnnotation,
	CPULoadBalancingAnnotation,
	CPUQuotaAnnotation,
	IRQLoadBalancingAnnotation,
	OCISeccompBPFHookAnnotation,
	rdt.RdtContainerAnnotation,
	TrySkipVolumeSELinuxLabelAnnotation,
	CPUCStatesAnnotation,
	CPUFreqGovernorAnnotation,
	SeccompNotifierActionAnnotation,
	UmaskAnnotation,
	PodLinuxOverhead,
	PodLinuxResources,
	LinkLogsAnnotation,
	CPUSharedAnnotation,
	SeccompProfileAnnotation,
	DisableFIPSAnnotation,

	"bundle",
	"org.systemd.property.",
	"org.criu.config",

	"module.wasm.image/variant",
	"io.kubernetes.cri.container-type",
	"run.oci.",
}

Functions ¶

This section is empty.

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL