Documentation ¶
Index ¶
Constants ¶
const ( // DefaultPidsLimit is the default value for maximum number of processes // allowed inside a container DefaultPidsLimit = 1024 // DefaultLogSizeMax is the default value for the maximum log size // allowed for a container. Negative values mean that no limit is imposed. DefaultLogSizeMax = -1 )
const ( // DefaultHooksDirPath Default directory containing hooks config files DefaultHooksDirPath = "/usr/share/containers/oci/hooks.d" // OverrideHooksDirPath Directory where admin can override the default configuration OverrideHooksDirPath = "/etc/containers/oci/hooks.d" )
import (
"encoding/json" "io/ioutil" "os" "path/filepath" "regexp" "strings" "syscall" "github.com/pkg/errors" "github.com/sirupsen/logrus"
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { RootConfig RuntimeConfig ImageConfig NetworkConfig }
Config represents the entire set of configuration values that can be set for the server. This is intended to be loaded from a toml-encoded config file.
func DefaultConfig ¶
func DefaultConfig() *Config
DefaultConfig returns the default configuration for crio.
func (*Config) ToFile ¶
ToFile outputs the given Config as a TOML-encoded file at the given path. Returns errors encountered when generating or writing the file, or nil otherwise.
func (*Config) UpdateFromFile ¶
UpdateFromFile populates the Config from the TOML-encoded file at the given path. Returns errors encountered when reading or parsing the files, or nil otherwise.
type HookParams ¶
type HookParams struct { Hook string `json:"hook"` Stage []string `json:"stage"` Cmds []string `json:"cmd"` Annotations []string `json:"annotation"` HasBindMounts bool `json:"hasbindmounts"` }
HookParams is the structure returned from read the hooks configuration
type ImageConfig ¶
type ImageConfig struct { // DefaultTransport is a value we prefix to image names that fail to // validate source references. DefaultTransport string `toml:"default_transport"` // PauseImage is the name of an image which we use to instantiate infra // containers. PauseImage string `toml:"pause_image"` // PauseCommand is the path of the binary we run in an infra // container that's been instantiated using PauseImage. PauseCommand string `toml:"pause_command"` // SignaturePolicyPath is the name of the file which decides what sort // of policy we use when deciding whether or not to trust an image that // we've pulled. Outside of testing situations, it is strongly advised // that this be left unspecified so that the default system-wide policy // will be used. SignaturePolicyPath string `toml:"signature_policy"` // InsecureRegistries is a list of registries that must be contacted w/o // TLS verification. InsecureRegistries []string `toml:"insecure_registries"` // ImageVolumes controls how volumes specified in image config are handled ImageVolumes ImageVolumesType `toml:"image_volumes"` // Registries holds a list of registries used to pull unqualified images Registries []string `toml:"registries"` }
ImageConfig represents the "crio.image" TOML config table.
type ImageVolumesType ¶
type ImageVolumesType string
ImageVolumesType describes image volume handling strategies
const ( // ImageVolumesMkdir option is for using mkdir to handle image volumes ImageVolumesMkdir ImageVolumesType = "mkdir" // ImageVolumesIgnore option is for ignoring image volumes altogether ImageVolumesIgnore ImageVolumesType = "ignore" // ImageVolumesBind option is for using bind mounted volumes ImageVolumesBind ImageVolumesType = "bind" )
type NetworkConfig ¶
type NetworkConfig struct { // NetworkDir is where CNI network configuration files are stored. NetworkDir string `toml:"network_dir"` // PluginDir is where CNI plugin binaries are stored. PluginDir string `toml:"plugin_dir"` }
NetworkConfig represents the "crio.network" TOML config table
type RootConfig ¶
type RootConfig struct { // Root is a path to the "root directory" where data not // explicitly handled by other options will be stored. Root string `toml:"root"` // RunRoot is a path to the "run directory" where state information not // explicitly handled by other options will be stored. RunRoot string `toml:"runroot"` // Storage is the name of the storage driver which handles actually // storing the contents of containers. Storage string `toml:"storage_driver"` // StorageOption is a list of storage driver specific options. StorageOptions []string `toml:"storage_option"` // LogDir is the default log directory were all logs will go unless kubelet // tells us to put them somewhere else. LogDir string `toml:"log_dir"` // FileLocking specifies whether to use file-based or in-memory locking // File-based locking is required when multiple users of libkpod are // present on the same system FileLocking bool `toml:"file_locking"` }
RootConfig represents the root of the "crio" TOML config table.
type RuntimeConfig ¶
type RuntimeConfig struct { // Runtime is the OCI compatible runtime used for trusted container workloads. // This is a mandatory setting as this runtime will be the default one and // will also be used for untrusted container workloads if // RuntimeUntrustedWorkload is not set. Runtime string `toml:"runtime"` // RuntimeUntrustedWorkload is the OCI compatible runtime used for untrusted // container workloads. This is an optional setting, except if // DefaultWorkloadTrust is set to "untrusted". RuntimeUntrustedWorkload string `toml:"runtime_untrusted_workload"` // DefaultWorkloadTrust is the default level of trust crio puts in container // workloads. This can either be "trusted" or "untrusted" and the default // is "trusted" // Containers can be run through different container runtimes, depending on // the trust hints we receive from kubelet: // - If kubelet tags a container workload as untrusted, crio will try first // to run it through the untrusted container workload runtime. If it is not // set, crio will use the trusted runtime. // - If kubelet does not provide any information about the container workload trust // level, the selected runtime will depend on the DefaultWorkloadTrust setting. // If it is set to "untrusted", then all containers except for the host privileged // ones, will be run by the RuntimeUntrustedWorkload runtime. Host privileged // containers are by definition trusted and will always use the trusted container // runtime. If DefaultWorkloadTrust is set to "trusted", crio will use the trusted // container runtime for all containers. DefaultWorkloadTrust string `toml:"default_workload_trust"` // NoPivot instructs the runtime to not use `pivot_root`, but instead use `MS_MOVE` NoPivot bool `toml:"no_pivot"` // Conmon is the path to conmon binary, used for managing the runtime. Conmon string `toml:"conmon"` // ConmonEnv is the environment variable list for conmon process. ConmonEnv []string `toml:"conmon_env"` // SELinux determines whether or not SELinux is used for pod separation. SELinux bool `toml:"selinux"` // SeccompProfile is the seccomp json profile path which is used as the // default for the runtime. SeccompProfile string `toml:"seccomp_profile"` // ApparmorProfile is the apparmor profile name which is used as the // default for the runtime. ApparmorProfile string `toml:"apparmor_profile"` // CgroupManager is the manager implementation name which is used to // handle cgroups for containers. CgroupManager string `toml:"cgroup_manager"` // HooksDirPath location of oci hooks config files HooksDirPath string `toml:"hooks_dir_path"` // DefaultMounts is the list of mounts to be mounted for each container // The format of each mount is "host-path:container-path" DefaultMounts []string `toml:"default_mounts"` // Hooks List of hooks to run with container Hooks map[string]HookParams // PidsLimit is the number of processes each container is restricted to // by the cgroup process number controller. PidsLimit int64 `toml:"pids_limit"` // LogSizeMax is the maximum number of bytes after which the log file // will be truncated. It can be expressed as a human-friendly string // that is parsed to bytes. // Negative values indicate that the log file won't be truncated. LogSizeMax int64 `toml:"log_size_max"` // ContainerExitsDir is the directory in which container exit files are // written to by conmon. ContainerExitsDir string `toml:"container_exits_dir"` }
RuntimeConfig represents the "crio.runtime" TOML config table.