Documentation ¶
Index ¶
- Constants
- func GetIPCNamespace(pid uint32) string
- func GetNetworkNamespace(pid uint32) string
- func GetPIDNamespace(pid uint32) string
- func GetUTSNamespace(pid uint32) string
- func WithAdditionalGIDs(userstr string) oci.SpecOpts
- func WithAnnotation(k, v string) oci.SpecOpts
- func WithCapabilities(sc *runtime.LinuxContainerSecurityContext) oci.SpecOpts
- func WithContainerdShimCgroup(path string) containerd.NewTaskOpts
- func WithDefaultSandboxShares(ctx context.Context, client oci.Client, c *containers.Container, ...) error
- func WithDevices(osi osinterface.OS, config *runtime.ContainerConfig) oci.SpecOpts
- func WithDisabledCgroups(_ context.Context, _ oci.Client, c *containers.Container, s *runtimespec.Spec) error
- func WithMounts(osi osinterface.OS, config *runtime.ContainerConfig, extra []*runtime.Mount, ...) oci.SpecOpts
- func WithNewSnapshot(id string, i containerd.Image) containerd.NewContainerOpts
- func WithOOMScoreAdj(config *runtime.ContainerConfig, restrict bool) oci.SpecOpts
- func WithPodNamespaces(config *runtime.LinuxContainerSecurityContext, pid uint32) oci.SpecOpts
- func WithPodOOMScoreAdj(adj int, restrict bool) oci.SpecOpts
- func WithPrivilegedDevices(_ context.Context, _ oci.Client, _ *containers.Container, s *runtimespec.Spec) error
- func WithProcessArgs(config *runtime.ContainerConfig, image *imagespec.ImageConfig) oci.SpecOpts
- func WithRelativeRoot(root string) oci.SpecOpts
- func WithResources(resources *runtime.LinuxContainerResources) oci.SpecOpts
- func WithSelinuxLabels(process, mount string) oci.SpecOpts
- func WithSupplementalGroups(groups []int64) oci.SpecOpts
- func WithSysctls(sysctls map[string]string) oci.SpecOpts
- func WithVolumes(volumeMounts map[string]string) containerd.NewContainerOpts
- func WithoutAmbientCaps(_ context.Context, _ oci.Client, c *containers.Container, s *runtimespec.Spec) error
- func WithoutDefaultSecuritySettings(_ context.Context, _ oci.Client, c *containers.Container, s *runtimespec.Spec) error
- func WithoutNamespace(t runtimespec.LinuxNamespaceType) oci.SpecOpts
- func WithoutRunMount(_ context.Context, _ oci.Client, c *containers.Container, s *runtimespec.Spec) error
Constants ¶
const (
DefaultSandboxCPUshares = 2
)Variables ¶
This section is empty.
Functions ¶
func GetIPCNamespace ¶ added in v1.19.0
GetIPCNamespace returns the ipc namespace of a process.
func GetNetworkNamespace ¶ added in v1.19.0
GetNetworkNamespace returns the network namespace of a process.
func GetPIDNamespace ¶ added in v1.19.0
GetPIDNamespace returns the pid namespace of a process.
func GetUTSNamespace ¶ added in v1.19.0
GetUTSNamespace returns the uts namespace of a process.
func WithAdditionalGIDs ¶ added in v1.19.0
WithAdditionalGIDs adds any additional groups listed for a particular user in the /etc/groups file of the image's root filesystem to the OCI spec's additionalGids array.
func WithAnnotation ¶ added in v1.19.0
WithAnnotation sets the provided annotation
func WithCapabilities ¶ added in v1.19.0
func WithCapabilities(sc *runtime.LinuxContainerSecurityContext) oci.SpecOpts
WithCapabilities sets the provided capabilties from the security context
func WithContainerdShimCgroup ¶
func WithContainerdShimCgroup(path string) containerd.NewTaskOpts
WithContainerdShimCgroup returns function that sets the containerd shim cgroup path
func WithDefaultSandboxShares ¶ added in v1.19.0
func WithDefaultSandboxShares(ctx context.Context, client oci.Client, c *containers.Container, s *runtimespec.Spec) error
WithDefaultSandboxShares sets the default sandbox CPU shares
func WithDevices ¶ added in v1.19.0
func WithDevices(osi osinterface.OS, config *runtime.ContainerConfig) oci.SpecOpts
WithDevices sets the provided devices onto the container spec
func WithDisabledCgroups ¶ added in v1.19.0
func WithDisabledCgroups(_ context.Context, _ oci.Client, c *containers.Container, s *runtimespec.Spec) error
WithDisabledCgroups clears the Cgroups Path from the spec
func WithMounts ¶ added in v1.19.0
func WithMounts(osi osinterface.OS, config *runtime.ContainerConfig, extra []*runtime.Mount, mountLabel string) oci.SpecOpts
WithMounts sorts and adds runtime and CRI mounts to the spec
func WithNewSnapshot ¶
func WithNewSnapshot(id string, i containerd.Image) containerd.NewContainerOpts
WithNewSnapshot wraps `containerd.WithNewSnapshot` so that if creating the snapshot fails we make sure the image is actually unpacked and and retry.
func WithOOMScoreAdj ¶ added in v1.19.0
func WithOOMScoreAdj(config *runtime.ContainerConfig, restrict bool) oci.SpecOpts
WithOOMScoreAdj sets the oom score
func WithPodNamespaces ¶ added in v1.19.0
func WithPodNamespaces(config *runtime.LinuxContainerSecurityContext, pid uint32) oci.SpecOpts
WithPodNamespaces sets the pod namespaces for the container
func WithPodOOMScoreAdj ¶ added in v1.19.0
WithPodOOMScoreAdj sets the oom score for the pod sandbox
func WithPrivilegedDevices ¶
func WithPrivilegedDevices(_ context.Context, _ oci.Client, _ *containers.Container, s *runtimespec.Spec) error
WithPrivilegedDevices allows all host devices inside the container
func WithProcessArgs ¶ added in v1.19.0
func WithProcessArgs(config *runtime.ContainerConfig, image *imagespec.ImageConfig) oci.SpecOpts
WithProcessArgs sets the process args on the spec based on the image and runtime config
func WithRelativeRoot ¶ added in v1.19.0
WithRelativeRoot sets the root for the container
func WithResources ¶ added in v1.19.0
func WithResources(resources *runtime.LinuxContainerResources) oci.SpecOpts
WithResources sets the provided resource restrictions
func WithSelinuxLabels ¶ added in v1.19.0
WithSelinuxLabels sets the mount and process labels
func WithSupplementalGroups ¶ added in v1.19.0
WithSupplementalGroups sets the supplemental groups for the process
func WithSysctls ¶ added in v1.19.0
WithSysctls sets the provided sysctls onto the spec
func WithVolumes ¶
func WithVolumes(volumeMounts map[string]string) containerd.NewContainerOpts
WithVolumes copies ownership of volume in rootfs to its corresponding host path. It doesn't update runtime spec. The passed in map is a host path to container path map for all volumes.
func WithoutAmbientCaps ¶ added in v1.19.0
func WithoutAmbientCaps(_ context.Context, _ oci.Client, c *containers.Container, s *runtimespec.Spec) error
WithoutAmbientCaps removes the ambient caps from the spec
func WithoutDefaultSecuritySettings ¶ added in v1.19.0
func WithoutDefaultSecuritySettings(_ context.Context, _ oci.Client, c *containers.Container, s *runtimespec.Spec) error
WithoutDefaultSecuritySettings removes the default security settings generated on a spec
func WithoutNamespace ¶ added in v1.19.0
func WithoutNamespace(t runtimespec.LinuxNamespaceType) oci.SpecOpts
WithoutNamespace removes the provided namespace
func WithoutRunMount ¶ added in v1.19.0
func WithoutRunMount(_ context.Context, _ oci.Client, c *containers.Container, s *runtimespec.Spec) error
WithoutRunMount removes the `/run` inside the spec
Types ¶
This section is empty.