Documentation ¶
Index ¶
- Constants
- Variables
- type Config
- type ConfigIface
- type ContainerServer
- func (c *ContainerServer) AddContainer(ctr *oci.Container)
- func (c *ContainerServer) AddInfraContainer(ctr *oci.Container)
- func (c *ContainerServer) AddSandbox(sb *sandbox.Sandbox)
- func (c *ContainerServer) Config() *Config
- func (c *ContainerServer) ContainerKill(container string, killSignal syscall.Signal) (string, error)
- func (c *ContainerServer) ContainerPause(container string) (string, error)
- func (c *ContainerServer) ContainerRename(container, name string) error
- func (c *ContainerServer) ContainerStateFromDisk(ctr *oci.Container) error
- func (c *ContainerServer) ContainerStateToDisk(ctr *oci.Container) error
- func (c *ContainerServer) ContainerStop(ctx context.Context, container string, timeout int64) (string, error)
- func (c *ContainerServer) ContainerUnpause(container string) (string, error)
- func (c *ContainerServer) ContainerWait(container string) (int32, error)
- func (c *ContainerServer) CtrIDIndex() *truncindex.TruncIndex
- func (c *ContainerServer) CtrNameIndex() *registrar.Registrar
- func (c *ContainerServer) GetContainer(id string) *oci.Container
- func (c *ContainerServer) GetContainerFromShortID(cid string) (*oci.Container, error)
- func (c *ContainerServer) GetContainerRootFsSize(containerID string) (int64, error)
- func (c *ContainerServer) GetContainerRwSize(containerID string) (int64, error)
- func (c *ContainerServer) GetContainerTopLayerID(containerID string) (string, error)
- func (c *ContainerServer) GetInfraContainer(id string) *oci.Container
- func (c *ContainerServer) GetLogs(container string, logChan chan string, opts LogOptions) error
- func (c *ContainerServer) GetSandbox(id string) *sandbox.Sandbox
- func (c *ContainerServer) GetSandboxContainer(id string) *oci.Container
- func (c *ContainerServer) GetStorageContainer(container string) (*cstorage.Container, error)
- func (c *ContainerServer) HasContainer(id string) bool
- func (c *ContainerServer) HasSandbox(id string) bool
- func (c *ContainerServer) ImageContext() *types.SystemContext
- func (c *ContainerServer) ListContainers(filters ...func(*oci.Container) bool) ([]*oci.Container, error)
- func (c *ContainerServer) ListSandboxes() []*sandbox.Sandbox
- func (c *ContainerServer) LoadContainer(id string) error
- func (c *ContainerServer) LoadSandbox(id string) error
- func (c *ContainerServer) LookupContainer(idOrName string) (*oci.Container, error)
- func (c *ContainerServer) LookupSandbox(idOrName string) (*sandbox.Sandbox, error)
- func (c *ContainerServer) PodIDIndex() *truncindex.TruncIndex
- func (c *ContainerServer) PodNameIndex() *registrar.Registrar
- func (c *ContainerServer) ReleaseContainerName(name string)
- func (c *ContainerServer) ReleasePodName(name string)
- func (c *ContainerServer) Remove(ctx context.Context, container string, force bool) (string, error)
- func (c *ContainerServer) RemoveContainer(ctr *oci.Container)
- func (c *ContainerServer) RemoveInfraContainer(ctr *oci.Container)
- func (c *ContainerServer) RemoveSandbox(id string)
- func (c *ContainerServer) ReserveContainerName(id, name string) (string, error)
- func (c *ContainerServer) ReservePodName(id, name string) (string, error)
- func (c *ContainerServer) Runtime() oci.RuntimeImpl
- func (c *ContainerServer) SetRuntime(runtime oci.RuntimeImpl)
- func (c *ContainerServer) Shutdown() error
- func (c *ContainerServer) StorageImageServer() storage.ImageServer
- func (c *ContainerServer) StorageRuntimeServer() storage.RuntimeServer
- func (c *ContainerServer) Store() cstorage.Store
- func (c *ContainerServer) Update() error
- type ImageConfig
- type ImageVolumesType
- type LogOptions
- type NetworkConfig
- type RootConfig
- type RuntimeConfig
Constants ¶
const ( // DefaultPidsLimit is the default value for maximum number of processes // allowed inside a container DefaultPidsLimit = 1024 // DefaultLogSizeMax is the default value for the maximum log size // allowed for a container. Negative values mean that no limit is imposed. DefaultLogSizeMax = -1 // DefaultLogToJournald is the default value for whether conmon should // log to journald in addition to kubernetes log file. DefaultLogToJournald = false )
Variables ¶
var DefaultCapabilities = []string{
"CHOWN",
"DAC_OVERRIDE",
"FSETID",
"FOWNER",
"NET_RAW",
"SETGID",
"SETUID",
"SETPCAP",
"NET_BIND_SERVICE",
"SYS_CHROOT",
"KILL",
}
DefaultCapabilities for the default_capabilities option in the crio.conf file
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { RootConfig RuntimeConfig ImageConfig NetworkConfig }
Config represents the entire set of configuration values that can be set for the server. This is intended to be loaded from a toml-encoded config file.
func DefaultConfig ¶
DefaultConfig returns the default configuration for crio.
func (*Config) ToFile ¶
ToFile outputs the given Config as a TOML-encoded file at the given path. Returns errors encountered when generating or writing the file, or nil otherwise.
func (*Config) UpdateFromFile ¶
UpdateFromFile populates the Config from the TOML-encoded file at the given path. Returns errors encountered when reading or parsing the files, or nil otherwise.
type ConfigIface ¶
ConfigIface provides a config interface for data encapsulation
type ContainerServer ¶
ContainerServer implements the ImageServer
func New ¶
func New(ctx context.Context, configIface ConfigIface) (*ContainerServer, error)
New creates a new ContainerServer with options provided
func (*ContainerServer) AddContainer ¶
func (c *ContainerServer) AddContainer(ctr *oci.Container)
AddContainer adds a container to the container state store
func (*ContainerServer) AddInfraContainer ¶
func (c *ContainerServer) AddInfraContainer(ctr *oci.Container)
AddInfraContainer adds a container to the container state store
func (*ContainerServer) AddSandbox ¶
func (c *ContainerServer) AddSandbox(sb *sandbox.Sandbox)
AddSandbox adds a sandbox to the sandbox state store
func (*ContainerServer) Config ¶
func (c *ContainerServer) Config() *Config
Config gets the configuration for the ContainerServer
func (*ContainerServer) ContainerKill ¶
func (c *ContainerServer) ContainerKill(container string, killSignal syscall.Signal) (string, error)
ContainerKill sends the user provided signal to the containers primary process.
func (*ContainerServer) ContainerPause ¶
func (c *ContainerServer) ContainerPause(container string) (string, error)
ContainerPause pauses a running container.
func (*ContainerServer) ContainerRename ¶
func (c *ContainerServer) ContainerRename(container, name string) error
ContainerRename renames the given container
func (*ContainerServer) ContainerStateFromDisk ¶
func (c *ContainerServer) ContainerStateFromDisk(ctr *oci.Container) error
ContainerStateFromDisk retrieves information on the state of a running container from the disk
func (*ContainerServer) ContainerStateToDisk ¶
func (c *ContainerServer) ContainerStateToDisk(ctr *oci.Container) error
ContainerStateToDisk writes the container's state information to a JSON file on disk
func (*ContainerServer) ContainerStop ¶
func (c *ContainerServer) ContainerStop(ctx context.Context, container string, timeout int64) (string, error)
ContainerStop stops a running container with a grace period (i.e., timeout).
func (*ContainerServer) ContainerUnpause ¶
func (c *ContainerServer) ContainerUnpause(container string) (string, error)
ContainerUnpause unpauses a running container with a grace period (i.e., timeout).
func (*ContainerServer) ContainerWait ¶
func (c *ContainerServer) ContainerWait(container string) (int32, error)
ContainerWait stops a running container with a grace period (i.e., timeout).
func (*ContainerServer) CtrIDIndex ¶
func (c *ContainerServer) CtrIDIndex() *truncindex.TruncIndex
CtrIDIndex returns the TruncIndex for the ContainerServer
func (*ContainerServer) CtrNameIndex ¶
func (c *ContainerServer) CtrNameIndex() *registrar.Registrar
CtrNameIndex returns the Registrar for the ContainerServer
func (*ContainerServer) GetContainer ¶
func (c *ContainerServer) GetContainer(id string) *oci.Container
GetContainer returns a container by its ID
func (*ContainerServer) GetContainerFromShortID ¶
func (c *ContainerServer) GetContainerFromShortID(cid string) (*oci.Container, error)
GetContainerFromShortID gets an oci container matching the specified full or partial id
func (*ContainerServer) GetContainerRootFsSize ¶
func (c *ContainerServer) GetContainerRootFsSize(containerID string) (int64, error)
GetContainerRootFsSize gets the size of the container's root filesystem A container FS is split into two parts. The first is the top layer, a mutable layer, and the rest is the RootFS: the set of immutable layers that make up the image on which the container is based
func (*ContainerServer) GetContainerRwSize ¶
func (c *ContainerServer) GetContainerRwSize(containerID string) (int64, error)
GetContainerRwSize Gets the size of the mutable top layer of the container
func (*ContainerServer) GetContainerTopLayerID ¶
func (c *ContainerServer) GetContainerTopLayerID(containerID string) (string, error)
GetContainerTopLayerID gets the ID of the top layer of the given container
func (*ContainerServer) GetInfraContainer ¶
func (c *ContainerServer) GetInfraContainer(id string) *oci.Container
GetInfraContainer returns a container by its ID
func (*ContainerServer) GetLogs ¶
func (c *ContainerServer) GetLogs(container string, logChan chan string, opts LogOptions) error
GetLogs gets each line of a log file and, if it matches the criteria in logOptions, sends it down logChan
func (*ContainerServer) GetSandbox ¶
func (c *ContainerServer) GetSandbox(id string) *sandbox.Sandbox
GetSandbox returns a sandbox by its ID
func (*ContainerServer) GetSandboxContainer ¶
func (c *ContainerServer) GetSandboxContainer(id string) *oci.Container
GetSandboxContainer returns a sandbox's infra container
func (*ContainerServer) GetStorageContainer ¶
func (c *ContainerServer) GetStorageContainer(container string) (*cstorage.Container, error)
GetStorageContainer searches for a container with the given name or ID in the given store
func (*ContainerServer) HasContainer ¶
func (c *ContainerServer) HasContainer(id string) bool
HasContainer checks if a container exists in the state
func (*ContainerServer) HasSandbox ¶
func (c *ContainerServer) HasSandbox(id string) bool
HasSandbox checks if a sandbox exists in the state
func (*ContainerServer) ImageContext ¶
func (c *ContainerServer) ImageContext() *types.SystemContext
ImageContext returns the SystemContext for the ContainerServer
func (*ContainerServer) ListContainers ¶
func (c *ContainerServer) ListContainers(filters ...func(*oci.Container) bool) ([]*oci.Container, error)
ListContainers returns a list of all containers stored by the server state that match the given filter function
func (*ContainerServer) ListSandboxes ¶
func (c *ContainerServer) ListSandboxes() []*sandbox.Sandbox
ListSandboxes lists all sandboxes in the state store
func (*ContainerServer) LoadContainer ¶
func (c *ContainerServer) LoadContainer(id string) error
LoadContainer loads a container from the disk into the container store
func (*ContainerServer) LoadSandbox ¶
func (c *ContainerServer) LoadSandbox(id string) error
LoadSandbox loads a sandbox from the disk into the sandbox store
func (*ContainerServer) LookupContainer ¶
func (c *ContainerServer) LookupContainer(idOrName string) (*oci.Container, error)
LookupContainer returns the container with the given name or full or partial id
func (*ContainerServer) LookupSandbox ¶
func (c *ContainerServer) LookupSandbox(idOrName string) (*sandbox.Sandbox, error)
LookupSandbox returns the pod sandbox with the given name or full or partial id
func (*ContainerServer) PodIDIndex ¶
func (c *ContainerServer) PodIDIndex() *truncindex.TruncIndex
PodIDIndex returns the index of pod IDs
func (*ContainerServer) PodNameIndex ¶
func (c *ContainerServer) PodNameIndex() *registrar.Registrar
PodNameIndex returns the index of pod names
func (*ContainerServer) ReleaseContainerName ¶
func (c *ContainerServer) ReleaseContainerName(name string)
ReleaseContainerName releases a container name from the index so that it can be used by other containers
func (*ContainerServer) ReleasePodName ¶
func (c *ContainerServer) ReleasePodName(name string)
ReleasePodName releases a pod name from the index so it can be used by other pods
func (*ContainerServer) RemoveContainer ¶
func (c *ContainerServer) RemoveContainer(ctr *oci.Container)
RemoveContainer removes a container from the container state store
func (*ContainerServer) RemoveInfraContainer ¶
func (c *ContainerServer) RemoveInfraContainer(ctr *oci.Container)
RemoveInfraContainer removes a container from the container state store
func (*ContainerServer) RemoveSandbox ¶
func (c *ContainerServer) RemoveSandbox(id string)
RemoveSandbox removes a sandbox from the state store
func (*ContainerServer) ReserveContainerName ¶
func (c *ContainerServer) ReserveContainerName(id, name string) (string, error)
ReserveContainerName holds a name for a container that is being created
func (*ContainerServer) ReservePodName ¶
func (c *ContainerServer) ReservePodName(id, name string) (string, error)
ReservePodName holds a name for a pod that is being created
func (*ContainerServer) Runtime ¶
func (c *ContainerServer) Runtime() oci.RuntimeImpl
Runtime returns the oci runtime for the ContainerServer
func (*ContainerServer) SetRuntime ¶
func (c *ContainerServer) SetRuntime(runtime oci.RuntimeImpl)
SetRuntime can be used to explicitly specify a runtime.
In production cases calling this function has no need because the runtime will already be set by `New()`.
func (*ContainerServer) Shutdown ¶
func (c *ContainerServer) Shutdown() error
Shutdown attempts to shut down the server's storage cleanly
func (*ContainerServer) StorageImageServer ¶
func (c *ContainerServer) StorageImageServer() storage.ImageServer
StorageImageServer returns the ImageServer for the ContainerServer
func (*ContainerServer) StorageRuntimeServer ¶
func (c *ContainerServer) StorageRuntimeServer() storage.RuntimeServer
StorageRuntimeServer gets the runtime server for the ContainerServer
func (*ContainerServer) Store ¶
func (c *ContainerServer) Store() cstorage.Store
Store returns the Store for the ContainerServer
func (*ContainerServer) Update ¶
func (c *ContainerServer) Update() error
Update makes changes to the server's state (lists of pods and containers) to reflect the list of pods and containers that are stored on disk, possibly having been modified by other parties
type ImageConfig ¶
type ImageConfig struct { // DefaultTransport is a value we prefix to image names that fail to // validate source references. DefaultTransport string `toml:"default_transport"` // GlobalAuthFile is a path to a file like /var/lib/kubelet/config.json // containing credentials necessary for pulling images from secure // registries. GlobalAuthFile string `toml:"global_auth_file"` // PauseImage is the name of an image which we use to instantiate infra // containers. PauseImage string `toml:"pause_image"` // PauseImageAuthFile, if not empty, is a path to a file like // /var/lib/kubelet/config.json containing credentials necessary // for pulling PauseImage PauseImageAuthFile string `toml:"pause_image_auth_file"` // PauseCommand is the path of the binary we run in an infra // container that's been instantiated using PauseImage. PauseCommand string `toml:"pause_command"` // SignaturePolicyPath is the name of the file which decides what sort // of policy we use when deciding whether or not to trust an image that // we've pulled. Outside of testing situations, it is strongly advised // that this be left unspecified so that the default system-wide policy // will be used. SignaturePolicyPath string `toml:"signature_policy"` // InsecureRegistries is a list of registries that must be contacted w/o // TLS verification. InsecureRegistries []string `toml:"insecure_registries"` // ImageVolumes controls how volumes specified in image config are handled ImageVolumes ImageVolumesType `toml:"image_volumes"` // Registries holds a list of registries used to pull unqualified images Registries []string `toml:"registries"` }
ImageConfig represents the "crio.image" TOML config table.
type ImageVolumesType ¶
type ImageVolumesType string
ImageVolumesType describes image volume handling strategies
const ( // ImageVolumesMkdir option is for using mkdir to handle image volumes ImageVolumesMkdir ImageVolumesType = "mkdir" // ImageVolumesIgnore option is for ignoring image volumes altogether ImageVolumesIgnore ImageVolumesType = "ignore" // ImageVolumesBind option is for using bind mounted volumes ImageVolumesBind ImageVolumesType = "bind" )
type LogOptions ¶
LogOptions contains all of the options for displaying logs in podman
type NetworkConfig ¶
type NetworkConfig struct { // NetworkDir is where CNI network configuration files are stored. NetworkDir string `toml:"network_dir"` // PluginDir is where CNI plugin binaries are stored. PluginDir string `toml:"plugin_dir,omitempty"` // PluginDirs is where CNI plugin binaries are stored. PluginDirs []string `toml:"plugin_dirs"` }
NetworkConfig represents the "crio.network" TOML config table
func (*NetworkConfig) Validate ¶
func (c *NetworkConfig) Validate(onExecution bool) error
Validate is the main entry point for network configuration validation. The parameter `onExecution` specifies if the validation should include execution checks. It returns an `error` on validation failure, otherwise `nil`.
type RootConfig ¶
type RootConfig struct { // Root is a path to the "root directory" where data not // explicitly handled by other options will be stored. Root string `toml:"root"` // RunRoot is a path to the "run directory" where state information not // explicitly handled by other options will be stored. RunRoot string `toml:"runroot"` // Storage is the name of the storage driver which handles actually // storing the contents of containers. Storage string `toml:"storage_driver"` // StorageOption is a list of storage driver specific options. StorageOptions []string `toml:"storage_option"` // LogDir is the default log directory were all logs will go unless kubelet // tells us to put them somewhere else. LogDir string `toml:"log_dir"` // FileLocking specifies whether to use file-based or in-memory locking // File-based locking is required when multiple users of lib are // present on the same system FileLocking bool `toml:"file_locking"` // FileLockingPath specifies the path to use for the locking. FileLockingPath string `toml:"file_locking_path"` }
RootConfig represents the root of the "crio" TOML config table.
type RuntimeConfig ¶
type RuntimeConfig struct { // ConmonEnv is the environment variable list for conmon process. ConmonEnv []string `toml:"conmon_env"` // HooksDir holds paths to the directories containing hooks // configuration files. When the same filename is present in in // multiple directories, the file in the directory listed last in // this slice takes precedence. HooksDir []string `toml:"hooks_dir"` // DefaultMounts is the list of mounts to be mounted for each container // The format of each mount is "host-path:container-path" DefaultMounts []string `toml:"default_mounts"` // Capabilities to add to all containers. DefaultCapabilities []string `toml:"default_capabilities"` // Sysctls to add to all containers. DefaultSysctls []string `toml:"default_sysctls"` // DefaultUlimits specifies the default ulimits to apply to containers DefaultUlimits []string `toml:"default_ulimits"` // Devices to add to containers AdditionalDevices []string `toml:"additional_devices"` // DefaultRuntime is the _name_ of the OCI runtime to be used as the default. // The name is matched against the Runtimes map below. DefaultRuntime string `toml:"default_runtime"` // Conmon is the path to conmon binary, used for managing the runtime. Conmon string `toml:"conmon"` // SeccompProfile is the seccomp json profile path which is used as the // default for the runtime. SeccompProfile string `toml:"seccomp_profile"` // ApparmorProfile is the apparmor profile name which is used as the // default for the runtime. ApparmorProfile string `toml:"apparmor_profile"` // CgroupManager is the manager implementation name which is used to // handle cgroups for containers. CgroupManager string `toml:"cgroup_manager"` // DefaultMountsFile is the file path for the default mounts to be mounted for the container // Note, for testing purposes mainly DefaultMountsFile string `toml:"default_mounts_file"` // ContainerExitsDir is the directory in which container exit files are // written to by conmon. ContainerExitsDir string `toml:"container_exits_dir"` // ContainerAttachSocketDir is the location for container attach sockets. ContainerAttachSocketDir string `toml:"container_attach_socket_dir"` // BindMountPrefix is the prefix to use for the source of the bind mounts. BindMountPrefix string `toml:"bind_mount_prefix"` // UIDMappings specifies the UID mappings to have in the user namespace. // A range is specified in the form containerUID:HostUID:Size. Multiple // ranges are separated by comma. UIDMappings string `toml:"uid_mappings"` // GIDMappings specifies the GID mappings to have in the user namespace. // A range is specified in the form containerUID:HostUID:Size. Multiple // ranges are separated by comma. GIDMappings string `toml:"gid_mappings"` // LogLevel determines the verbosity of the logs based on the level it is set to. // Options are fatal, panic, error (default), warn, info, and debug. LogLevel string `toml:"log_level"` // Runtimes defines a list of OCI compatible runtimes. The runtime to // use is picked based on the runtime_handler provided by the CRI. If // no runtime_handler is provided, the runtime will be picked based on // the level of trust of the workload. Runtimes map[string]oci.RuntimeHandler `toml:"runtimes"` // PidsLimit is the number of processes each container is restricted to // by the cgroup process number controller. PidsLimit int64 `toml:"pids_limit"` // LogSizeMax is the maximum number of bytes after which the log file // will be truncated. It can be expressed as a human-friendly string // that is parsed to bytes. // Negative values indicate that the log file won't be truncated. LogSizeMax int64 `toml:"log_size_max"` // CtrStopTimeout specifies the time to wait before to generate an // error because the container state is still tagged as "running". CtrStopTimeout int64 `toml:"ctr_stop_timeout"` // NoPivot instructs the runtime to not use `pivot_root`, but instead use `MS_MOVE` NoPivot bool `toml:"no_pivot"` // SELinux determines whether or not SELinux is used for pod separation. SELinux bool `toml:"selinux"` // Whether container output should be logged to journald in addition // to the kuberentes log file LogToJournald bool `toml:"log_to_journald"` // ManageNetworkNSLifecycle determines whether we pin and remove network namespace // and manage its lifecycle ManageNetworkNSLifecycle bool `toml:"manage_network_ns_lifecycle"` // ReadOnly run all pods/containers in read-only mode. // This mode will mount tmpfs on /run, /tmp and /var/tmp, if those are not mountpoints // Will also set the readonly flag in the OCI Runtime Spec. In this mode containers // will only be able to write to volumes mounted into them ReadOnly bool `toml:"read_only"` }
RuntimeConfig represents the "crio.runtime" TOML config table.
func (*RuntimeConfig) Validate ¶
func (c *RuntimeConfig) Validate(onExecution bool) error
Validate is the main entry point for runtime configuration validation The parameter `onExecution` specifies if the validation should include execution checks. It returns an `error` on validation failure, otherwise `nil`.