lib

package
v0.0.0-...-ec24d73 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 10, 2019 License: Apache-2.0 Imports: 38 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// DefaultPidsLimit is the default value for maximum number of processes
	// allowed inside a container
	DefaultPidsLimit = 1024

	// DefaultLogSizeMax is the default value for the maximum log size
	// allowed for a container. Negative values mean that no limit is imposed.
	DefaultLogSizeMax = -1

	// DefaultLogToJournald is the default value for whether conmon should
	// log to journald in addition to kubernetes log file.
	DefaultLogToJournald = false
)

Variables

View Source
var DefaultCapabilities = []string{
	"CHOWN",
	"DAC_OVERRIDE",
	"FSETID",
	"FOWNER",
	"NET_RAW",
	"SETGID",
	"SETUID",
	"SETPCAP",
	"NET_BIND_SERVICE",
	"SYS_CHROOT",
	"KILL",
}

DefaultCapabilities for the default_capabilities option in the crio.conf file

Functions

This section is empty.

Types

type Config

Config represents the entire set of configuration values that can be set for the server. This is intended to be loaded from a toml-encoded config file.

func DefaultConfig

func DefaultConfig() (*Config, error)

DefaultConfig returns the default configuration for crio.

func (*Config) GetData

func (c *Config) GetData() *Config

GetData returns the Config of a ConfigIface

func (*Config) GetStore

func (c *Config) GetStore() (cstorage.Store, error)

GetStore returns the container storage for a given configuration

func (*Config) ToFile

func (c *Config) ToFile(path string) error

ToFile outputs the given Config as a TOML-encoded file at the given path. Returns errors encountered when generating or writing the file, or nil otherwise.

func (*Config) UpdateFromFile

func (c *Config) UpdateFromFile(path string) error

UpdateFromFile populates the Config from the TOML-encoded file at the given path. Returns errors encountered when reading or parsing the files, or nil otherwise.

type ConfigIface

type ConfigIface interface {
	GetStore() (cstorage.Store, error)
	GetData() *Config
}

ConfigIface provides a config interface for data encapsulation

type ContainerServer

type ContainerServer struct {
	Hooks *hooks.Manager
	// contains filtered or unexported fields
}

ContainerServer implements the ImageServer

func New

func New(ctx context.Context, configIface ConfigIface) (*ContainerServer, error)

New creates a new ContainerServer with options provided

func (*ContainerServer) AddContainer

func (c *ContainerServer) AddContainer(ctr *oci.Container)

AddContainer adds a container to the container state store

func (*ContainerServer) AddInfraContainer

func (c *ContainerServer) AddInfraContainer(ctr *oci.Container)

AddInfraContainer adds a container to the container state store

func (*ContainerServer) AddSandbox

func (c *ContainerServer) AddSandbox(sb *sandbox.Sandbox)

AddSandbox adds a sandbox to the sandbox state store

func (*ContainerServer) Config

func (c *ContainerServer) Config() *Config

Config gets the configuration for the ContainerServer

func (*ContainerServer) ContainerKill

func (c *ContainerServer) ContainerKill(container string, killSignal syscall.Signal) (string, error)

ContainerKill sends the user provided signal to the containers primary process.

func (*ContainerServer) ContainerPause

func (c *ContainerServer) ContainerPause(container string) (string, error)

ContainerPause pauses a running container.

func (*ContainerServer) ContainerRename

func (c *ContainerServer) ContainerRename(container, name string) error

ContainerRename renames the given container

func (*ContainerServer) ContainerStateFromDisk

func (c *ContainerServer) ContainerStateFromDisk(ctr *oci.Container) error

ContainerStateFromDisk retrieves information on the state of a running container from the disk

func (*ContainerServer) ContainerStateToDisk

func (c *ContainerServer) ContainerStateToDisk(ctr *oci.Container) error

ContainerStateToDisk writes the container's state information to a JSON file on disk

func (*ContainerServer) ContainerStop

func (c *ContainerServer) ContainerStop(ctx context.Context, container string, timeout int64) (string, error)

ContainerStop stops a running container with a grace period (i.e., timeout).

func (*ContainerServer) ContainerUnpause

func (c *ContainerServer) ContainerUnpause(container string) (string, error)

ContainerUnpause unpauses a running container with a grace period (i.e., timeout).

func (*ContainerServer) ContainerWait

func (c *ContainerServer) ContainerWait(container string) (int32, error)

ContainerWait stops a running container with a grace period (i.e., timeout).

func (*ContainerServer) CtrIDIndex

func (c *ContainerServer) CtrIDIndex() *truncindex.TruncIndex

CtrIDIndex returns the TruncIndex for the ContainerServer

func (*ContainerServer) CtrNameIndex

func (c *ContainerServer) CtrNameIndex() *registrar.Registrar

CtrNameIndex returns the Registrar for the ContainerServer

func (*ContainerServer) GetContainer

func (c *ContainerServer) GetContainer(id string) *oci.Container

GetContainer returns a container by its ID

func (*ContainerServer) GetContainerFromShortID

func (c *ContainerServer) GetContainerFromShortID(cid string) (*oci.Container, error)

GetContainerFromShortID gets an oci container matching the specified full or partial id

func (*ContainerServer) GetContainerRootFsSize

func (c *ContainerServer) GetContainerRootFsSize(containerID string) (int64, error)

GetContainerRootFsSize gets the size of the container's root filesystem A container FS is split into two parts. The first is the top layer, a mutable layer, and the rest is the RootFS: the set of immutable layers that make up the image on which the container is based

func (*ContainerServer) GetContainerRwSize

func (c *ContainerServer) GetContainerRwSize(containerID string) (int64, error)

GetContainerRwSize Gets the size of the mutable top layer of the container

func (*ContainerServer) GetContainerTopLayerID

func (c *ContainerServer) GetContainerTopLayerID(containerID string) (string, error)

GetContainerTopLayerID gets the ID of the top layer of the given container

func (*ContainerServer) GetInfraContainer

func (c *ContainerServer) GetInfraContainer(id string) *oci.Container

GetInfraContainer returns a container by its ID

func (*ContainerServer) GetLogs

func (c *ContainerServer) GetLogs(container string, logChan chan string, opts LogOptions) error

GetLogs gets each line of a log file and, if it matches the criteria in logOptions, sends it down logChan

func (*ContainerServer) GetSandbox

func (c *ContainerServer) GetSandbox(id string) *sandbox.Sandbox

GetSandbox returns a sandbox by its ID

func (*ContainerServer) GetSandboxContainer

func (c *ContainerServer) GetSandboxContainer(id string) *oci.Container

GetSandboxContainer returns a sandbox's infra container

func (*ContainerServer) GetStorageContainer

func (c *ContainerServer) GetStorageContainer(container string) (*cstorage.Container, error)

GetStorageContainer searches for a container with the given name or ID in the given store

func (*ContainerServer) HasContainer

func (c *ContainerServer) HasContainer(id string) bool

HasContainer checks if a container exists in the state

func (*ContainerServer) HasSandbox

func (c *ContainerServer) HasSandbox(id string) bool

HasSandbox checks if a sandbox exists in the state

func (*ContainerServer) ImageContext

func (c *ContainerServer) ImageContext() *types.SystemContext

ImageContext returns the SystemContext for the ContainerServer

func (*ContainerServer) ListContainers

func (c *ContainerServer) ListContainers(filters ...func(*oci.Container) bool) ([]*oci.Container, error)

ListContainers returns a list of all containers stored by the server state that match the given filter function

func (*ContainerServer) ListSandboxes

func (c *ContainerServer) ListSandboxes() []*sandbox.Sandbox

ListSandboxes lists all sandboxes in the state store

func (*ContainerServer) LoadContainer

func (c *ContainerServer) LoadContainer(id string) error

LoadContainer loads a container from the disk into the container store

func (*ContainerServer) LoadSandbox

func (c *ContainerServer) LoadSandbox(id string) error

LoadSandbox loads a sandbox from the disk into the sandbox store

func (*ContainerServer) LookupContainer

func (c *ContainerServer) LookupContainer(idOrName string) (*oci.Container, error)

LookupContainer returns the container with the given name or full or partial id

func (*ContainerServer) LookupSandbox

func (c *ContainerServer) LookupSandbox(idOrName string) (*sandbox.Sandbox, error)

LookupSandbox returns the pod sandbox with the given name or full or partial id

func (*ContainerServer) PodIDIndex

func (c *ContainerServer) PodIDIndex() *truncindex.TruncIndex

PodIDIndex returns the index of pod IDs

func (*ContainerServer) PodNameIndex

func (c *ContainerServer) PodNameIndex() *registrar.Registrar

PodNameIndex returns the index of pod names

func (*ContainerServer) ReleaseContainerName

func (c *ContainerServer) ReleaseContainerName(name string)

ReleaseContainerName releases a container name from the index so that it can be used by other containers

func (*ContainerServer) ReleasePodName

func (c *ContainerServer) ReleasePodName(name string)

ReleasePodName releases a pod name from the index so it can be used by other pods

func (*ContainerServer) Remove

func (c *ContainerServer) Remove(ctx context.Context, container string, force bool) (string, error)

Remove removes a container

func (*ContainerServer) RemoveContainer

func (c *ContainerServer) RemoveContainer(ctr *oci.Container)

RemoveContainer removes a container from the container state store

func (*ContainerServer) RemoveInfraContainer

func (c *ContainerServer) RemoveInfraContainer(ctr *oci.Container)

RemoveInfraContainer removes a container from the container state store

func (*ContainerServer) RemoveSandbox

func (c *ContainerServer) RemoveSandbox(id string)

RemoveSandbox removes a sandbox from the state store

func (*ContainerServer) ReserveContainerName

func (c *ContainerServer) ReserveContainerName(id, name string) (string, error)

ReserveContainerName holds a name for a container that is being created

func (*ContainerServer) ReservePodName

func (c *ContainerServer) ReservePodName(id, name string) (string, error)

ReservePodName holds a name for a pod that is being created

func (*ContainerServer) Runtime

func (c *ContainerServer) Runtime() oci.RuntimeImpl

Runtime returns the oci runtime for the ContainerServer

func (*ContainerServer) SetRuntime

func (c *ContainerServer) SetRuntime(runtime oci.RuntimeImpl)

SetRuntime can be used to explicitly specify a runtime.

In production cases calling this function has no need because the runtime will already be set by `New()`.

func (*ContainerServer) Shutdown

func (c *ContainerServer) Shutdown() error

Shutdown attempts to shut down the server's storage cleanly

func (*ContainerServer) StorageImageServer

func (c *ContainerServer) StorageImageServer() storage.ImageServer

StorageImageServer returns the ImageServer for the ContainerServer

func (*ContainerServer) StorageRuntimeServer

func (c *ContainerServer) StorageRuntimeServer() storage.RuntimeServer

StorageRuntimeServer gets the runtime server for the ContainerServer

func (*ContainerServer) Store

func (c *ContainerServer) Store() cstorage.Store

Store returns the Store for the ContainerServer

func (*ContainerServer) Update

func (c *ContainerServer) Update() error

Update makes changes to the server's state (lists of pods and containers) to reflect the list of pods and containers that are stored on disk, possibly having been modified by other parties

type ImageConfig

type ImageConfig struct {
	// DefaultTransport is a value we prefix to image names that fail to
	// validate source references.
	DefaultTransport string `toml:"default_transport"`
	// GlobalAuthFile is a path to a file like /var/lib/kubelet/config.json
	// containing credentials necessary for pulling images from secure
	// registries.
	GlobalAuthFile string `toml:"global_auth_file"`
	// PauseImage is the name of an image which we use to instantiate infra
	// containers.
	PauseImage string `toml:"pause_image"`
	// PauseImageAuthFile, if not empty, is a path to a file like
	// /var/lib/kubelet/config.json containing credentials necessary
	// for pulling PauseImage
	PauseImageAuthFile string `toml:"pause_image_auth_file"`
	// PauseCommand is the path of the binary we run in an infra
	// container that's been instantiated using PauseImage.
	PauseCommand string `toml:"pause_command"`
	// SignaturePolicyPath is the name of the file which decides what sort
	// of policy we use when deciding whether or not to trust an image that
	// we've pulled.  Outside of testing situations, it is strongly advised
	// that this be left unspecified so that the default system-wide policy
	// will be used.
	SignaturePolicyPath string `toml:"signature_policy"`
	// InsecureRegistries is a list of registries that must be contacted w/o
	// TLS verification.
	InsecureRegistries []string `toml:"insecure_registries"`
	// ImageVolumes controls how volumes specified in image config are handled
	ImageVolumes ImageVolumesType `toml:"image_volumes"`
	// Registries holds a list of registries used to pull unqualified images
	Registries []string `toml:"registries"`
}

ImageConfig represents the "crio.image" TOML config table.

type ImageVolumesType

type ImageVolumesType string

ImageVolumesType describes image volume handling strategies

const (
	// ImageVolumesMkdir option is for using mkdir to handle image volumes
	ImageVolumesMkdir ImageVolumesType = "mkdir"
	// ImageVolumesIgnore option is for ignoring image volumes altogether
	ImageVolumesIgnore ImageVolumesType = "ignore"
	// ImageVolumesBind option is for using bind mounted volumes
	ImageVolumesBind ImageVolumesType = "bind"
)

type LogOptions

type LogOptions struct {
	Details   bool
	Follow    bool
	SinceTime time.Time
	Tail      uint64
}

LogOptions contains all of the options for displaying logs in podman

type NetworkConfig

type NetworkConfig struct {
	// NetworkDir is where CNI network configuration files are stored.
	NetworkDir string `toml:"network_dir"`

	// PluginDir is where CNI plugin binaries are stored.
	PluginDir string `toml:"plugin_dir,omitempty"`

	// PluginDirs is where CNI plugin binaries are stored.
	PluginDirs []string `toml:"plugin_dirs"`
}

NetworkConfig represents the "crio.network" TOML config table

func (*NetworkConfig) Validate

func (c *NetworkConfig) Validate(onExecution bool) error

Validate is the main entry point for network configuration validation. The parameter `onExecution` specifies if the validation should include execution checks. It returns an `error` on validation failure, otherwise `nil`.

type RootConfig

type RootConfig struct {
	// Root is a path to the "root directory" where data not
	// explicitly handled by other options will be stored.
	Root string `toml:"root"`

	// RunRoot is a path to the "run directory" where state information not
	// explicitly handled by other options will be stored.
	RunRoot string `toml:"runroot"`

	// Storage is the name of the storage driver which handles actually
	// storing the contents of containers.
	Storage string `toml:"storage_driver"`

	// StorageOption is a list of storage driver specific options.
	StorageOptions []string `toml:"storage_option"`

	// LogDir is the default log directory were all logs will go unless kubelet
	// tells us to put them somewhere else.
	LogDir string `toml:"log_dir"`

	// FileLocking specifies whether to use file-based or in-memory locking
	// File-based locking is required when multiple users of lib are
	// present on the same system
	FileLocking bool `toml:"file_locking"`

	// FileLockingPath specifies the path to use for the locking.
	FileLockingPath string `toml:"file_locking_path"`
}

RootConfig represents the root of the "crio" TOML config table.

type RuntimeConfig

type RuntimeConfig struct {
	// ConmonEnv is the environment variable list for conmon process.
	ConmonEnv []string `toml:"conmon_env"`

	// HooksDir holds paths to the directories containing hooks
	// configuration files.  When the same filename is present in in
	// multiple directories, the file in the directory listed last in
	// this slice takes precedence.
	HooksDir []string `toml:"hooks_dir"`

	// DefaultMounts is the list of mounts to be mounted for each container
	// The format of each mount is "host-path:container-path"
	DefaultMounts []string `toml:"default_mounts"`

	// Capabilities to add to all containers.
	DefaultCapabilities []string `toml:"default_capabilities"`

	// Sysctls to add to all containers.
	DefaultSysctls []string `toml:"default_sysctls"`

	// DefaultUlimits specifies the default ulimits to apply to containers
	DefaultUlimits []string `toml:"default_ulimits"`

	// Devices to add to containers
	AdditionalDevices []string `toml:"additional_devices"`

	// DefaultRuntime is the _name_ of the OCI runtime to be used as the default.
	// The name is matched against the Runtimes map below.
	DefaultRuntime string `toml:"default_runtime"`

	// Conmon is the path to conmon binary, used for managing the runtime.
	Conmon string `toml:"conmon"`

	// SeccompProfile is the seccomp json profile path which is used as the
	// default for the runtime.
	SeccompProfile string `toml:"seccomp_profile"`

	// ApparmorProfile is the apparmor profile name which is used as the
	// default for the runtime.
	ApparmorProfile string `toml:"apparmor_profile"`

	// CgroupManager is the manager implementation name which is used to
	// handle cgroups for containers.
	CgroupManager string `toml:"cgroup_manager"`

	// DefaultMountsFile is the file path for the default mounts to be mounted for the container
	// Note, for testing purposes mainly
	DefaultMountsFile string `toml:"default_mounts_file"`

	// ContainerExitsDir is the directory in which container exit files are
	// written to by conmon.
	ContainerExitsDir string `toml:"container_exits_dir"`

	// ContainerAttachSocketDir is the location for container attach sockets.
	ContainerAttachSocketDir string `toml:"container_attach_socket_dir"`

	// BindMountPrefix is the prefix to use for the source of the bind mounts.
	BindMountPrefix string `toml:"bind_mount_prefix"`

	// UIDMappings specifies the UID mappings to have in the user namespace.
	// A range is specified in the form containerUID:HostUID:Size.  Multiple
	// ranges are separated by comma.
	UIDMappings string `toml:"uid_mappings"`

	// GIDMappings specifies the GID mappings to have in the user namespace.
	// A range is specified in the form containerUID:HostUID:Size.  Multiple
	// ranges are separated by comma.
	GIDMappings string `toml:"gid_mappings"`

	// LogLevel determines the verbosity of the logs based on the level it is set to.
	// Options are fatal, panic, error (default), warn, info, and debug.
	LogLevel string `toml:"log_level"`

	// Runtimes defines a list of OCI compatible runtimes. The runtime to
	// use is picked based on the runtime_handler provided by the CRI. If
	// no runtime_handler is provided, the runtime will be picked based on
	// the level of trust of the workload.
	Runtimes map[string]oci.RuntimeHandler `toml:"runtimes"`

	// PidsLimit is the number of processes each container is restricted to
	// by the cgroup process number controller.
	PidsLimit int64 `toml:"pids_limit"`

	// LogSizeMax is the maximum number of bytes after which the log file
	// will be truncated. It can be expressed as a human-friendly string
	// that is parsed to bytes.
	// Negative values indicate that the log file won't be truncated.
	LogSizeMax int64 `toml:"log_size_max"`

	// CtrStopTimeout specifies the time to wait before to generate an
	// error because the container state is still tagged as "running".
	CtrStopTimeout int64 `toml:"ctr_stop_timeout"`

	// NoPivot instructs the runtime to not use `pivot_root`, but instead use `MS_MOVE`
	NoPivot bool `toml:"no_pivot"`

	// SELinux determines whether or not SELinux is used for pod separation.
	SELinux bool `toml:"selinux"`

	// Whether container output should be logged to journald in addition
	// to the kuberentes log file
	LogToJournald bool `toml:"log_to_journald"`

	// ManageNetworkNSLifecycle determines whether we pin and remove network namespace
	// and manage its lifecycle
	ManageNetworkNSLifecycle bool `toml:"manage_network_ns_lifecycle"`

	// ReadOnly run all pods/containers in read-only mode.
	// This mode will mount tmpfs on /run, /tmp and /var/tmp, if those are not mountpoints
	// Will also set the readonly flag in the OCI Runtime Spec.  In this mode containers
	// will only be able to write to volumes mounted into them
	ReadOnly bool `toml:"read_only"`
}

RuntimeConfig represents the "crio.runtime" TOML config table.

func (*RuntimeConfig) Validate

func (c *RuntimeConfig) Validate(onExecution bool) error

Validate is the main entry point for runtime configuration validation The parameter `onExecution` specifies if the validation should include execution checks. It returns an `error` on validation failure, otherwise `nil`.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL