Documentation ¶
Index ¶
- Constants
- func GetIPCNamespace(pid uint32) string
- func GetNetworkNamespace(pid uint32) string
- func GetPIDNamespace(pid uint32) string
- func GetUTSNamespace(pid uint32) string
- func IsCgroup2UnifiedMode() bool
- func WithAdditionalGIDs(userstr string) oci.SpecOpts
- func WithAnnotation(k, v string) oci.SpecOpts
- func WithCapabilities(sc *runtime.LinuxContainerSecurityContext, allCaps []string) oci.SpecOpts
- func WithContainerdShimCgroup(path string) containerd.NewTaskOpts
- func WithDefaultSandboxShares(ctx context.Context, client oci.Client, c *containers.Container, ...) error
- func WithDevices(osi osinterface.OS, config *runtime.ContainerConfig, ...) oci.SpecOpts
- func WithDisabledCgroups(_ context.Context, _ oci.Client, c *containers.Container, s *runtimespec.Spec) error
- func WithMounts(osi osinterface.OS, config *runtime.ContainerConfig, extra []*runtime.Mount, ...) oci.SpecOpts
- func WithNewSnapshot(id string, i containerd.Image, opts ...snapshots.Opt) containerd.NewContainerOpts
- func WithOOMScoreAdj(config *runtime.ContainerConfig, restrict bool) oci.SpecOpts
- func WithPodNamespaces(config *runtime.LinuxContainerSecurityContext, sandboxPid uint32, ...) oci.SpecOpts
- func WithPodOOMScoreAdj(adj int, restrict bool) oci.SpecOpts
- func WithProcessArgs(config *runtime.ContainerConfig, image *imagespec.ImageConfig) oci.SpecOpts
- func WithRelativeRoot(root string) oci.SpecOpts
- func WithResources(resources *runtime.LinuxContainerResources, ...) oci.SpecOpts
- func WithSelinuxLabels(process, mount string) oci.SpecOpts
- func WithSupplementalGroups(groups []int64) oci.SpecOpts
- func WithSysctls(sysctls map[string]string) oci.SpecOpts
- func WithVolumes(volumeMounts map[string]string) containerd.NewContainerOpts
- func WithoutAmbientCaps(_ context.Context, _ oci.Client, c *containers.Container, s *runtimespec.Spec) error
- func WithoutDefaultSecuritySettings(_ context.Context, _ oci.Client, c *containers.Container, s *runtimespec.Spec) error
- func WithoutNamespace(t runtimespec.LinuxNamespaceType) oci.SpecOpts
- func WithoutRoot(ctx context.Context, client oci.Client, c *containers.Container, ...) error
Constants ¶
DefaultSandboxCPUshares is default cpu shares for sandbox container. TODO(windows): Revisit cpu shares for windows (https://github.com/containerd/cri/issues/1297)
Variables ¶
This section is empty.
Functions ¶
func GetIPCNamespace ¶
GetIPCNamespace returns the ipc namespace of a process.
func GetNetworkNamespace ¶
GetNetworkNamespace returns the network namespace of a process.
func GetPIDNamespace ¶
GetPIDNamespace returns the pid namespace of a process.
func GetUTSNamespace ¶
GetUTSNamespace returns the uts namespace of a process.
func IsCgroup2UnifiedMode ¶
func IsCgroup2UnifiedMode() bool
IsCgroup2UnifiedMode returns whether we are running in cgroup v2 unified mode.
func WithAdditionalGIDs ¶
WithAdditionalGIDs adds any additional groups listed for a particular user in the /etc/groups file of the image's root filesystem to the OCI spec's additionalGids array.
func WithAnnotation ¶
WithAnnotation sets the provided annotation
func WithCapabilities ¶
func WithCapabilities(sc *runtime.LinuxContainerSecurityContext, allCaps []string) oci.SpecOpts
WithCapabilities sets the provided capabilities from the security context
func WithContainerdShimCgroup ¶
func WithContainerdShimCgroup(path string) containerd.NewTaskOpts
WithContainerdShimCgroup returns function that sets the containerd shim cgroup path
func WithDefaultSandboxShares ¶
func WithDefaultSandboxShares(ctx context.Context, client oci.Client, c *containers.Container, s *runtimespec.Spec) error
WithDefaultSandboxShares sets the default sandbox CPU shares
func WithDevices ¶
func WithDevices(osi osinterface.OS, config *runtime.ContainerConfig, enableDeviceOwnershipFromSecurityContext bool) oci.SpecOpts
WithDevices sets the provided devices onto the container spec
func WithDisabledCgroups ¶
func WithDisabledCgroups(_ context.Context, _ oci.Client, c *containers.Container, s *runtimespec.Spec) error
WithDisabledCgroups clears the Cgroups Path from the spec
func WithMounts ¶
func WithMounts(osi osinterface.OS, config *runtime.ContainerConfig, extra []*runtime.Mount, mountLabel string) oci.SpecOpts
WithMounts sorts and adds runtime and CRI mounts to the spec
func WithNewSnapshot ¶
func WithNewSnapshot(id string, i containerd.Image, opts ...snapshots.Opt) containerd.NewContainerOpts
WithNewSnapshot wraps `containerd.WithNewSnapshot` so that if creating the snapshot fails we make sure the image is actually unpacked and retry.
func WithOOMScoreAdj ¶
func WithOOMScoreAdj(config *runtime.ContainerConfig, restrict bool) oci.SpecOpts
WithOOMScoreAdj sets the oom score
func WithPodNamespaces ¶
func WithPodNamespaces(config *runtime.LinuxContainerSecurityContext, sandboxPid uint32, targetPid uint32) oci.SpecOpts
WithPodNamespaces sets the pod namespaces for the container
func WithPodOOMScoreAdj ¶
WithPodOOMScoreAdj sets the oom score for the pod sandbox
func WithProcessArgs ¶
func WithProcessArgs(config *runtime.ContainerConfig, image *imagespec.ImageConfig) oci.SpecOpts
WithProcessArgs sets the process args on the spec based on the image and runtime config
func WithRelativeRoot ¶
WithRelativeRoot sets the root for the container
func WithResources ¶
func WithResources(resources *runtime.LinuxContainerResources, tolerateMissingHugetlbController, disableHugetlbController bool) oci.SpecOpts
WithResources sets the provided resource restrictions
func WithSelinuxLabels ¶
WithSelinuxLabels sets the mount and process labels
func WithSupplementalGroups ¶
WithSupplementalGroups sets the supplemental groups for the process
func WithSysctls ¶
WithSysctls sets the provided sysctls onto the spec
func WithVolumes ¶
func WithVolumes(volumeMounts map[string]string) containerd.NewContainerOpts
WithVolumes copies ownership of volume in rootfs to its corresponding host path. It doesn't update runtime spec. The passed in map is a host path to container path map for all volumes.
func WithoutAmbientCaps ¶
func WithoutAmbientCaps(_ context.Context, _ oci.Client, c *containers.Container, s *runtimespec.Spec) error
WithoutAmbientCaps removes the ambient caps from the spec
func WithoutDefaultSecuritySettings ¶
func WithoutDefaultSecuritySettings(_ context.Context, _ oci.Client, c *containers.Container, s *runtimespec.Spec) error
WithoutDefaultSecuritySettings removes the default security settings generated on a spec
func WithoutNamespace ¶
func WithoutNamespace(t runtimespec.LinuxNamespaceType) oci.SpecOpts
WithoutNamespace removes the provided namespace
func WithoutRoot ¶
func WithoutRoot(ctx context.Context, client oci.Client, c *containers.Container, s *runtimespec.Spec) error
WithoutRoot sets the root to nil for the container.
Types ¶
This section is empty.