Documentation
¶
Overview ¶
Package xfn is the reference implementation of Composition Functions.
Index ¶
Constants ¶
const ( UserNamespaceUIDs = 65536 UserNamespaceGIDs = 65536 MaxStdioBytes = 100 << 20 // 100 MB )
How many UIDs and GIDs to map from the parent to the child user namespace, if possible. Doing so requires CAP_SETUID and CAP_SETGID.
Variables ¶
This section is empty.
Functions ¶
func HasCapSetGID ¶
func HasCapSetGID() bool
HasCapSetGID returns true if this process has CAP_SETGID.
func HasCapSetUID ¶
func HasCapSetUID() bool
HasCapSetUID returns true if this process has CAP_SETUID.
Types ¶
type ContainerRunner ¶
type ContainerRunner struct {
v1alpha1.UnimplementedContainerizedFunctionRunnerServiceServer
// contains filtered or unexported fields
}
An ContainerRunner runs a Composition Function packaged as an OCI image by extracting it and running it as a 'rootless' container.
func NewContainerRunner ¶
func NewContainerRunner(o ...ContainerRunnerOption) *ContainerRunner
NewContainerRunner returns a new Runner that runs functions as rootless containers.
func (*ContainerRunner) ListenAndServe ¶
func (r *ContainerRunner) ListenAndServe(network, address string) error
ListenAndServe gRPC connections at the supplied address.
func (*ContainerRunner) RunFunction ¶
func (r *ContainerRunner) RunFunction(ctx context.Context, req *v1alpha1.RunFunctionRequest) (*v1alpha1.RunFunctionResponse, error)
RunFunction runs a function as a rootless OCI container. Functions that return non-zero, or that cannot be executed in the first place (e.g. because they cannot be fetched from the registry) will return an error.
type ContainerRunnerOption ¶
type ContainerRunnerOption func(*ContainerRunner)
A ContainerRunnerOption configures a new ContainerRunner.
func MapToRoot ¶
func MapToRoot(uid, gid int) ContainerRunnerOption
MapToRoot configures what UID and GID should map to root (UID/GID 0) in the user namespace in which the function will be run.
func SetUID ¶
func SetUID(s bool) ContainerRunnerOption
SetUID indicates that the container runner should attempt operations that require CAP_SETUID and CAP_SETGID, for example creating a user namespace that maps arbitrary UIDs and GIDs to the parent namespace.
func WithCacheDir ¶
func WithCacheDir(d string) ContainerRunnerOption
WithCacheDir specifies the directory used for caching function images and containers.
func WithLogger ¶
func WithLogger(l logging.Logger) ContainerRunnerOption
WithLogger configures which logger the container runner should use. Logging is disabled by default.
func WithRegistry ¶ added in v1.13.0
func WithRegistry(dr string) ContainerRunnerOption
WithRegistry specifies the default registry used to retrieve function images and containers.
type Stdio ¶
type Stdio struct {
Stdin io.WriteCloser
Stdout io.ReadCloser
Stderr io.ReadCloser
}
Stdio can be used to read and write a command's standard I/O.
func StdioPipes ¶
StdioPipes creates and returns pipes that will be connected to the supplied command's stdio when it starts. It calls fchown(2) to ensure all pipes are owned by the supplied user and group ID; this ensures that the command can read and write its stdio even when xfn is running as root (in the parent namespace) and the command is not.
Source Files