Documentation
¶
Overview ¶
Package container is the reference implementation of Composition Functions.
Index ¶
Constants ¶
const ( UserNamespaceUIDs = 65536 UserNamespaceGIDs = 65536 MaxStdioBytes = 100 << 20 // 100 MB )
How many UIDs and GIDs to map from the parent to the child user namespace, if possible. Doing so requires CAP_SETUID and CAP_SETGID.
Variables ¶
This section is empty.
Functions ¶
func HasCapSetGID ¶
func HasCapSetGID() bool
HasCapSetGID returns true if this process has CAP_SETGID.
func HasCapSetUID ¶
func HasCapSetUID() bool
HasCapSetUID returns true if this process has CAP_SETUID.
Types ¶
type Runner ¶
type Runner struct {
v1alpha1.UnimplementedContainerizedFunctionRunnerServiceServer
// contains filtered or unexported fields
}
A Runner runs a Composition Function packaged as an OCI image by extracting it and running it as a 'rootless' container.
func NewRunner ¶
func NewRunner(o ...RunnerOption) *Runner
NewRunner returns a new Runner that runs functions as rootless containers.
func (*Runner) ListenAndServe ¶
ListenAndServe gRPC connections at the supplied address.
func (*Runner) RunFunction ¶
func (r *Runner) RunFunction(ctx context.Context, req *v1alpha1.RunFunctionRequest) (*v1alpha1.RunFunctionResponse, error)
RunFunction runs a function as a rootless OCI container. Functions that return non-zero, or that cannot be executed in the first place (e.g. because they cannot be fetched from the registry) will return an error.
type RunnerOption ¶
type RunnerOption func(*Runner)
A RunnerOption configures a new Runner.
func MapToRoot ¶
func MapToRoot(uid, gid int) RunnerOption
MapToRoot configures what UID and GID should map to root (UID/GID 0) in the user namespace in which the function will be run.
func SetUID ¶
func SetUID(s bool) RunnerOption
SetUID indicates that the container runner should attempt operations that require CAP_SETUID and CAP_SETGID, for example creating a user namespace that maps arbitrary UIDs and GIDs to the parent namespace.
func WithCacheDir ¶
func WithCacheDir(d string) RunnerOption
WithCacheDir specifies the directory used for caching function images and containers.
func WithLogger ¶
func WithLogger(l logging.Logger) RunnerOption
WithLogger configures which logger the container runner should use. Logging is disabled by default.
func WithRegistry ¶
func WithRegistry(dr string) RunnerOption
WithRegistry specifies the default registry used to retrieve function images and containers.
type Stdio ¶
type Stdio struct {
Stdin io.WriteCloser
Stdout io.ReadCloser
Stderr io.ReadCloser
}
Stdio can be used to read and write a command's standard I/O.
func StdioPipes ¶
StdioPipes creates and returns pipes that will be connected to the supplied command's stdio when it starts. It calls fchown(2) to ensure all pipes are owned by the supplied user and group ID; this ensures that the command can read and write its stdio even when function-runtime-oci is running as root (in the parent namespace) and the command is not.
Source Files