server

package
v0.0.0-...-0639f06 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 8, 2017 License: Apache-2.0 Imports: 36 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// SysctlsPodAnnotationKey represents the key of sysctls which are set for the infrastructure
	// container of a pod. The annotation value is a comma separated list of sysctl_name=value
	// key-value pairs. Only a limited set of whitelisted and isolated sysctls is supported by
	// the kubelet. Pods with other sysctls will fail to launch.
	SysctlsPodAnnotationKey string = "security.alpha.kubernetes.io/sysctls"

	// UnsafeSysctlsPodAnnotationKey represents the key of sysctls which are set for the infrastructure
	// container of a pod. The annotation value is a comma separated list of sysctl_name=value
	// key-value pairs. Unsafe sysctls must be explicitly enabled for a kubelet. They are properly
	// namespaced to a pod or a container, but their isolation is usually unclear or weak. Their use
	// is at-your-own-risk. Pods that attempt to set an unsafe sysctl that is not enabled for a kubelet
	// will fail to launch.
	UnsafeSysctlsPodAnnotationKey string = "security.alpha.kubernetes.io/unsafe-sysctls"
)
View Source 
const (
	// SeccompModeFilter refers to the syscall argument SECCOMP_MODE_FILTER.
	SeccompModeFilter = uintptr(2)
)

Variables

This section is empty.

Functions

func SysctlsFromPodAnnotations 

func SysctlsFromPodAnnotations(a map[string]string) ([]Sysctl, []Sysctl, error)

SysctlsFromPodAnnotations parses the sysctl annotations into a slice of safe Sysctls and a slice of unsafe Sysctls. This is only a convenience wrapper around SysctlsFromPodAnnotation.

Types

type APIConfig 

type APIConfig struct {
	// Listen is the path to the AF_LOCAL socket on which cri-o will listen.
	// This may support proto://addr formats later, but currently this is just
	// a path.
	Listen string `toml:"listen"`
}

APIConfig represents the "ocid.api" TOML config table.

type Config 

type Config struct {
	RootConfig
	APIConfig
	RuntimeConfig
	ImageConfig
	NetworkConfig
}

Config represents the entire set of configuration values that can be set for the server. This is intended to be loaded from a toml-encoded config file.

func DefaultConfig 

func DefaultConfig() *Config

DefaultConfig returns the default configuration for ocid.

func (*Config) FromFile 

func (c *Config) FromFile(path string) error

FromFile populates the Config from the TOML-encoded file at the given path. Returns errors encountered when reading or parsing the files, or nil otherwise.

func (*Config) ToFile 

func (c *Config) ToFile(path string) error

ToFile outputs the given Config as a TOML-encoded file at the given path. Returns errors encountered when generating or writing the file, or nil otherwise.

type ImageConfig 

type ImageConfig struct {
	// DefaultTransport is a value we prefix to image names that fail to
	// validate source references.
	DefaultTransport string `toml:"default_transport"`
	// PauseImage is the name of an image which we use to instantiate infra
	// containers.
	PauseImage string `toml:"pause_image"`
	// PauseCommand is the path of the binary we run in an infra
	// container that's been instantiated using PauseImage.
	PauseCommand string `toml:"pause_command"`
	// SignaturePolicyPath is the name of the file which decides what sort
	// of policy we use when deciding whether or not to trust an image that
	// we've pulled.  Outside of testing situations, it is strongly advised
	// that this be left unspecified so that the default system-wide policy
	// will be used.
	SignaturePolicyPath string `toml:"signature_policy"`
}

ImageConfig represents the "ocid.image" TOML config table.

type NetworkConfig 

type NetworkConfig struct {
	// NetworkDir is where CNI network configuration files are stored.
	NetworkDir string `toml:"network_dir"`

	// PluginDir is where CNI plugin binaries are stored.
	PluginDir string `toml:"plugin_dir"`
}

NetworkConfig represents the "ocid.network" TOML config table

type RootConfig 

type RootConfig struct {
	// Root is a path to the "root directory" where data not
	// explicitly handled by other options will be stored.
	Root string `toml:"root"`

	// RunRoot is a path to the "run directory" where state information not
	// explicitly handled by other options will be stored.
	RunRoot string `toml:"runroot"`

	// Storage is the name of the storage driver which handles actually
	// storing the contents of containers.
	Storage string `toml:"storage_driver"`

	// StorageOption is a list of storage driver specific options.
	StorageOptions []string `toml:"storage_option"`

	// LogDir is the default log directory were all logs will go unless kubelet
	// tells us to put them somewhere else.
	//
	// TODO: This is currently unused until the conmon logging rewrite is done.
	LogDir string `toml:"log_dir"`
}

RootConfig represents the root of the "ocid" TOML config table.

type RuntimeConfig 

type RuntimeConfig struct {
	// Runtime is a path to the OCI runtime which ocid will be using. Currently
	// the only known working choice is runC, simply because the OCI has not
	// yet merged a CLI API (so we assume runC's API here).
	Runtime string `toml:"runtime"`

	// Conmon is the path to conmon binary, used for managing the runtime.
	Conmon string `toml:"conmon"`

	// ConmonEnv is the environment variable list for conmon process.
	ConmonEnv []string `toml:"conmon_env"`

	// SELinux determines whether or not SELinux is used for pod separation.
	SELinux bool `toml:"selinux"`

	// SeccompProfile is the seccomp json profile path which is used as the
	// default for the runtime.
	SeccompProfile string `toml:"seccomp_profile"`

	// ApparmorProfile is the apparmor profile name which is used as the
	// default for the runtime.
	ApparmorProfile string `toml:"apparmor_profile"`

	// CgroupManager is the manager implementation name which is used to
	// handle cgroups for containers.
	CgroupManager string `toml:"cgroup_manager"`
}

RuntimeConfig represents the "ocid.runtime" TOML config table.

type Server 

type Server struct {
	// contains filtered or unexported fields
}

Server implements the RuntimeService and ImageService

func New 

func New(config *Config) (*Server, error)

New creates a new Server with options provided

func (*Server) Attach 

func (s *Server) Attach(ctx context.Context, req *pb.AttachRequest) (*pb.AttachResponse, error)

Attach prepares a streaming endpoint to attach to a running container.

func (*Server) ContainerStatus 

func (s *Server) ContainerStatus(ctx context.Context, req *pb.ContainerStatusRequest) (*pb.ContainerStatusResponse, error)

ContainerStatus returns status of the container.

func (*Server) CreateContainer 

func (s *Server) CreateContainer(ctx context.Context, req *pb.CreateContainerRequest) (res *pb.CreateContainerResponse, err error)

CreateContainer creates a new container in specified PodSandbox

func (*Server) Exec 

func (s *Server) Exec(ctx context.Context, req *pb.ExecRequest) (*pb.ExecResponse, error)

Exec prepares a streaming endpoint to execute a command in the container.

func (*Server) ExecSync 

func (s *Server) ExecSync(ctx context.Context, req *pb.ExecSyncRequest) (*pb.ExecSyncResponse, error)

ExecSync runs a command in a container synchronously.

func (*Server) ImageStatus 

func (s *Server) ImageStatus(ctx context.Context, req *pb.ImageStatusRequest) (*pb.ImageStatusResponse, error)

ImageStatus returns the status of the image.

func (*Server) ListContainers 

func (s *Server) ListContainers(ctx context.Context, req *pb.ListContainersRequest) (*pb.ListContainersResponse, error)

ListContainers lists all containers by filters.

func (*Server) ListImages 

func (s *Server) ListImages(ctx context.Context, req *pb.ListImagesRequest) (*pb.ListImagesResponse, error)

ListImages lists existing images.

func (*Server) ListPodSandbox 

func (s *Server) ListPodSandbox(ctx context.Context, req *pb.ListPodSandboxRequest) (*pb.ListPodSandboxResponse, error)

ListPodSandbox returns a list of SandBoxes.

func (*Server) PodSandboxStatus 

func (s *Server) PodSandboxStatus(ctx context.Context, req *pb.PodSandboxStatusRequest) (*pb.PodSandboxStatusResponse, error)

PodSandboxStatus returns the Status of the PodSandbox.

func (*Server) PortForward 

func (s *Server) PortForward(ctx context.Context, req *pb.PortForwardRequest) (*pb.PortForwardResponse, error)

PortForward prepares a streaming endpoint to forward ports from a PodSandbox.

func (*Server) PullImage 

func (s *Server) PullImage(ctx context.Context, req *pb.PullImageRequest) (*pb.PullImageResponse, error)

PullImage pulls a image with authentication config.

func (*Server) RemoveContainer 

func (s *Server) RemoveContainer(ctx context.Context, req *pb.RemoveContainerRequest) (*pb.RemoveContainerResponse, error)

RemoveContainer removes the container. If the container is running, the container should be force removed.

func (*Server) RemoveImage 

func (s *Server) RemoveImage(ctx context.Context, req *pb.RemoveImageRequest) (*pb.RemoveImageResponse, error)

RemoveImage removes the image.

func (*Server) RemovePodSandbox 

func (s *Server) RemovePodSandbox(ctx context.Context, req *pb.RemovePodSandboxRequest) (*pb.RemovePodSandboxResponse, error)

RemovePodSandbox deletes the sandbox. If there are any running containers in the sandbox, they should be force deleted.

func (*Server) RunPodSandbox 

func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest) (resp *pb.RunPodSandboxResponse, err error)

RunPodSandbox creates and runs a pod-level sandbox.

func (*Server) Shutdown 

func (s *Server) Shutdown() error

Shutdown attempts to shut down the server's storage cleanly

func (*Server) StartContainer 

func (s *Server) StartContainer(ctx context.Context, req *pb.StartContainerRequest) (*pb.StartContainerResponse, error)

StartContainer starts the container.

func (*Server) Status 

func (s *Server) Status(ctx context.Context, req *pb.StatusRequest) (*pb.StatusResponse, error)

Status returns the status of the runtime

func (*Server) StopContainer 

func (s *Server) StopContainer(ctx context.Context, req *pb.StopContainerRequest) (*pb.StopContainerResponse, error)

StopContainer stops a running container with a grace period (i.e., timeout).

func (*Server) StopPodSandbox 

func (s *Server) StopPodSandbox(ctx context.Context, req *pb.StopPodSandboxRequest) (*pb.StopPodSandboxResponse, error)

StopPodSandbox stops the sandbox. If there are any running containers in the sandbox, they should be force terminated.

func (*Server) Update 

func (s *Server) Update()

Update makes changes to the server's state (lists of pods and containers) to reflect the list of pods and containers that are stored on disk, possibly having been modified by other parties

func (*Server) UpdateRuntimeConfig 

func (s *Server) UpdateRuntimeConfig(ctx context.Context, req *pb.UpdateRuntimeConfigRequest) (*pb.UpdateRuntimeConfigResponse, error)

UpdateRuntimeConfig updates the configuration of a running container.

func (*Server) Version 

func (s *Server) Version(ctx context.Context, req *pb.VersionRequest) (*pb.VersionResponse, error)

Version returns the runtime name, runtime version and runtime API version

type Sysctl 

type Sysctl struct {
	// Name of a property to set
	Name string `json:"name"`
	// Value of a property to set
	Value string `json:"value"`
}

Sysctl defines a kernel parameter to be set

func SysctlsFromPodAnnotation 

func SysctlsFromPodAnnotation(annotation string) ([]Sysctl, error)

SysctlsFromPodAnnotation parses an annotation value into a slice of Sysctls.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.