guardiancmd

package
v0.0.0-...-cf22b21 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 21, 2018 License: Apache-2.0 Imports: 64 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	LogLevelDebug = "debug"
	LogLevelInfo  = "info"
	LogLevelError = "error"
	LogLevelFatal = "fatal"
)

Variables

View Source 
var PrivilegedContainerNamespaces = []specs.LinuxNamespace{
	goci.NetworkNamespace, goci.PIDNamespace, goci.UTSNamespace, goci.IPCNamespace, goci.MountNamespace,
}

Functions

This section is empty.

Types

type CIDRFlag 

type CIDRFlag struct {
	// contains filtered or unexported fields
}

func (CIDRFlag) CIDR 

func (f CIDRFlag) CIDR() *net.IPNet

func (CIDRFlag) String 

func (f CIDRFlag) String() string

func (*CIDRFlag) UnmarshalFlag 

func (f *CIDRFlag) UnmarshalFlag(value string) error

type FileFlag 

type FileFlag string

func (FileFlag) Path 

func (f FileFlag) Path() string

func (*FileFlag) UnmarshalFlag 

func (f *FileFlag) UnmarshalFlag(value string) error

type GardenFactory 

type GardenFactory interface {
	WireResolvConfigurer() kawasaki.DnsResolvConfigurer
	WireMkdirer() runrunc.Mkdirer
	CommandRunner() commandrunner.CommandRunner
	WireVolumizer(logger lager.Logger) gardener.Volumizer
	WireCgroupsStarter(logger lager.Logger) gardener.Starter
	WireExecRunner(runMode string) runrunc.ExecRunner
	WireRootfsFileCreator() rundmc.RootfsFileCreator
}

type GdnCommand 

type GdnCommand struct {
	SetupCommand  *SetupCommand  `command:"setup"`
	ServerCommand *ServerCommand `command:"server"`

	// This must be present to stop go-flags complaining, but it's not actually
	// used. We parse this flag outside of the go-flags framework.
	ConfigFilePath string `long:"config" description:"Config file path."`
}

type IPFlag 

type IPFlag net.IP

func (IPFlag) IP 

func (f IPFlag) IP() net.IP

func (*IPFlag) UnmarshalFlag 

func (f *IPFlag) UnmarshalFlag(value string) error

type LagerFlag 

type LagerFlag struct {
	LogLevel string `` /* 134-byte string literal not displayed */
}

func (LagerFlag) Logger 

func (f LagerFlag) Logger(component string) (lager.Logger, *lager.ReconfigurableSink)

type LinuxFactory 

type LinuxFactory struct {
	// contains filtered or unexported fields
}

func (*LinuxFactory) CommandRunner 

func (f *LinuxFactory) CommandRunner() commandrunner.CommandRunner

func (*LinuxFactory) WireCgroupsStarter 

func (f *LinuxFactory) WireCgroupsStarter(logger lager.Logger) gardener.Starter

func (*LinuxFactory) WireExecRunner 

func (f *LinuxFactory) WireExecRunner(runMode string) runrunc.ExecRunner

func (*LinuxFactory) WireMkdirer 

func (f *LinuxFactory) WireMkdirer() runrunc.Mkdirer

func (*LinuxFactory) WireResolvConfigurer 

func (f *LinuxFactory) WireResolvConfigurer() kawasaki.DnsResolvConfigurer

func (*LinuxFactory) WireRootfsFileCreator 

func (f *LinuxFactory) WireRootfsFileCreator() rundmc.RootfsFileCreator

func (*LinuxFactory) WireVolumizer 

func (f *LinuxFactory) WireVolumizer(logger lager.Logger) gardener.Volumizer

type NoopMkdirer 

type NoopMkdirer struct{}

func (NoopMkdirer) MkdirAs 

func (NoopMkdirer) MkdirAs(rootFSPathFile string, uid, gid int, mode os.FileMode, recreate bool, path ...string) error

type ServerCommand 

type ServerCommand struct {
	Logger LagerFlag

	Server struct {
		BindIP   IPFlag `long:"bind-ip"   description:"Bind with TCP on the given IP."`
		BindPort uint16 `long:"bind-port" description:"Bind with TCP on the given port."`

		BindSocket string `long:"bind-socket" default:"/tmp/garden.sock" description:"Bind with Unix on the given socket path."`

		DebugBindIP   IPFlag `long:"debug-bind-ip"                   description:"Bind the debug server on the given IP."`
		DebugBindPort uint16 `long:"debug-bind-port" default:"17013" description:"Bind the debug server to the given port."`

		Tag       string `hidden:"true" long:"tag" description:"Optional 2-character identifier used for namespacing global configuration."`
		SkipSetup bool   `long:"skip-setup" description:"Skip the preparation part of the host that requires root privileges"`
	} `group:"Server Configuration"`

	Containers struct {
		Dir                        string `long:"depot" default:"/var/run/gdn/depot" description:"Directory in which to store container data."`
		PropertiesPath             string `long:"properties-path" description:"Path in which to store properties."`
		ConsoleSocketsPath         string `long:"console-sockets-path" description:"Path in which to store temporary sockets"`
		CleanupProcessDirsOnWait   bool   `long:"cleanup-process-dirs-on-wait" description:"Clean up proccess dirs on first invocation of wait"`
		DisablePrivilgedContainers bool   `long:"disable-privileged-containers" description:"Disable creation of privileged containers"`

		UIDMapStart  uint32 `long:"uid-map-start"  default:"1" description:"The lowest numerical subordinate user ID the user is allowed to map"`
		UIDMapLength uint32 `long:"uid-map-length" description:"The number of numerical subordinate user IDs the user is allowed to map"`
		GIDMapStart  uint32 `long:"gid-map-start"  default:"1" description:"The lowest numerical subordinate group ID the user is allowed to map"`
		GIDMapLength uint32 `long:"gid-map-length" description:"The number of numerical subordinate group IDs the user is allowed to map"`

		DefaultRootFS              string        `long:"default-rootfs"     description:"Default rootfs to use when not specified on container creation."`
		DefaultGraceTime           time.Duration `long:"default-grace-time" description:"Default time after which idle containers should expire."`
		DestroyContainersOnStartup bool          `long:"destroy-containers-on-startup" description:"Clean up all the existing containers on startup."`
		ApparmorProfile            string        `long:"apparmor" description:"Apparmor profile to use for unprivileged container processes"`
	} `group:"Container Lifecycle"`

	Bin struct {
		AssetsDir       string   `long:"assets-dir"     default:"/var/gdn/assets" description:"Directory in which to extract packaged assets"`
		Dadoo           FileFlag `long:"dadoo-bin"      description:"Path to the 'dadoo' binary."`
		NSTar           FileFlag `long:"nstar-bin"      description:"Path to the 'nstar' binary."`
		Tar             FileFlag `long:"tar-bin"        description:"Path to the 'tar' binary."`
		IPTables        FileFlag `long:"iptables-bin"  default:"/sbin/iptables" description:"path to the iptables binary"`
		IPTablesRestore FileFlag `long:"iptables-restore-bin"  default:"/sbin/iptables-restore" description:"path to the iptables-restore binary"`
		Init            FileFlag `long:"init-bin"       description:"Path execute as pid 1 inside each container."`
	} `group:"Binary Tools"`

	Runtime struct {
		Plugin          string   `long:"runtime-plugin"       default:"runc" description:"Path to the runtime plugin binary."`
		PluginExtraArgs []string `long:"runtime-plugin-extra-arg" description:"Extra argument to pass to the runtime plugin. Can be specified multiple times."`
	} `group:"Runtime"`

	Graph struct {
		Dir                         string   `` /* 138-byte string literal not displayed */
		CleanupThresholdInMegabytes int      `` /* 163-byte string literal not displayed */
		PersistentImages            []string `long:"persistent-image" description:"Image that should never be garbage collected. Can be specified multiple times."`
	} `group:"Image Graph"`

	Image struct {
		Plugin          FileFlag `long:"image-plugin"           description:"Path to image plugin binary."`
		PluginExtraArgs []string `` /* 150-byte string literal not displayed */

		PrivilegedPlugin          FileFlag `long:"privileged-image-plugin"           description:"Path to privileged image plugin binary."`
		PrivilegedPluginExtraArgs []string `` /* 159-byte string literal not displayed */
	} `group:"Image"`

	Docker struct {
		Registry           string   `long:"docker-registry" default:"registry-1.docker.io" description:"Docker registry API endpoint."`
		InsecureRegistries []string `` /* 137-byte string literal not displayed */
	} `group:"Docker Image Fetching"`

	Network struct {
		Pool CIDRFlag `long:"network-pool" default:"10.254.0.0/22" description:"Network range to use for dynamically allocated container subnets."`

		AllowHostAccess bool       `long:"allow-host-access" description:"Allow network access to the host machine."`
		DenyNetworks    []CIDRFlag `` /* 135-byte string literal not displayed */

		DNSServers           []IPFlag `` /* 138-byte string literal not displayed */
		AdditionalDNSServers []IPFlag `` /* 148-byte string literal not displayed */

		AdditionalHostEntries []string `` /* 151-byte string literal not displayed */

		ExternalIP             IPFlag `` /* 136-byte string literal not displayed */
		PortPoolStart          uint32 `long:"port-pool-start" default:"61001" description:"Start of the ephemeral port range used for mapped container ports."`
		PortPoolSize           uint32 `long:"port-pool-size"  default:"4534"  description:"Size of the port pool used for mapped container ports."`
		PortPoolPropertiesPath string `long:"port-pool-properties-path" description:"Path in which to store port pool properties."`

		Mtu int `` /* 169-byte string literal not displayed */

		Plugin          FileFlag `long:"network-plugin"           description:"Path to network plugin binary."`
		PluginExtraArgs []string `long:"network-plugin-extra-arg" description:"Extra argument to pass to the network plugin. Can be specified multiple times."`
	} `group:"Container Networking"`

	Limits struct {
		CPUQuotaPerShare     uint64 `` /* 146-byte string literal not displayed */
		TCPMemoryLimit       uint64 `long:"tcp-memory-limit" default:"0" description:"Set hard limit for the tcp buf memory, value in bytes"`
		DefaultBlockIOWeight uint16 `long:"default-container-blockio-weight" default:"0" description:"Default block IO weight assigned to a container"`
		MaxContainers        uint64 `long:"max-containers" default:"0" description:"Maximum number of containers that can be created."`
	} `group:"Limits"`

	Metrics struct {
		EmissionInterval time.Duration `long:"metrics-emission-interval" default:"1m" description:"Interval on which to emit metrics."`

		DropsondeOrigin      string `long:"dropsonde-origin"      default:"garden-linux"   description:"Origin identifier for Dropsonde-emitted metrics."`
		DropsondeDestination string `long:"dropsonde-destination" default:"127.0.0.1:3457" description:"Destination for Dropsonde-emitted metrics."`
	} `group:"Metrics"`
}

func (*ServerCommand) Execute 

func (cmd *ServerCommand) Execute([]string) error

func (*ServerCommand) NewGardenFactory 

func (cmd *ServerCommand) NewGardenFactory() GardenFactory

func (*ServerCommand) Run 

func (cmd *ServerCommand) Run(signals <-chan os.Signal, ready chan<- struct{}) error

type SetupCommand 

type SetupCommand struct {
	LogLevel LagerFlag
	Logger   lager.Logger

	Tag         string `hidden:"true" long:"tag" description:"Optional 2-character identifier used for namespacing global configuration."`
	RootlessUID *int   `hidden:"true" long:"rootless-uid" description:"UID that guardian will run as"`
	RootlessGID *int   `hidden:"true" long:"rootless-gid" description:"GID that guardian will run as"`
}

func (*SetupCommand) Execute 

func (cmd *SetupCommand) Execute(args []string) error

func (*SetupCommand) WireCgroupsStarter 

func (cmd *SetupCommand) WireCgroupsStarter(logger lager.Logger) gardener.Starter

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.