server

package
v0.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 2, 2017 License: Apache-2.0 Imports: 34 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// SysctlsPodAnnotationKey represents the key of sysctls which are set for the infrastructure
	// container of a pod. The annotation value is a comma separated list of sysctl_name=value
	// key-value pairs. Only a limited set of whitelisted and isolated sysctls is supported by
	// the kubelet. Pods with other sysctls will fail to launch.
	SysctlsPodAnnotationKey string = "security.alpha.kubernetes.io/sysctls"

	// UnsafeSysctlsPodAnnotationKey represents the key of sysctls which are set for the infrastructure
	// container of a pod. The annotation value is a comma separated list of sysctl_name=value
	// key-value pairs. Unsafe sysctls must be explicitly enabled for a kubelet. They are properly
	// namespaced to a pod or a container, but their isolation is usually unclear or weak. Their use
	// is at-your-own-risk. Pods that attempt to set an unsafe sysctl that is not enabled for a kubelet
	// will fail to launch.
	UnsafeSysctlsPodAnnotationKey string = "security.alpha.kubernetes.io/unsafe-sysctls"
)
View Source 
const (
	// SeccompModeFilter refers to the syscall argument SECCOMP_MODE_FILTER.
	SeccompModeFilter = uintptr(2)
)

Variables

This section is empty.

Functions

func SysctlsFromPodAnnotations 

func SysctlsFromPodAnnotations(a map[string]string) ([]Sysctl, []Sysctl, error)

SysctlsFromPodAnnotations parses the sysctl annotations into a slice of safe Sysctls and a slice of unsafe Sysctls. This is only a convenience wrapper around SysctlsFromPodAnnotation.

Types

type APIConfig 

type APIConfig struct {
	// Listen is the path to the AF_LOCAL socket on which cri-o will listen.
	// This may support proto://addr formats later, but currently this is just
	// a path.
	Listen string `toml:"listen"`
}

APIConfig represents the "ocid.api" TOML config table.

type Config 

type Config struct {
	RootConfig
	APIConfig
	RuntimeConfig
	ImageConfig
	NetworkConfig
}

Config represents the entire set of configuration values that can be set for the server. This is intended to be loaded from a toml-encoded config file.

func (*Config) FromFile 

func (c *Config) FromFile(path string) error

FromFile populates the Config from the TOML-encoded file at the given path. Returns errors encountered when reading or parsing the files, or nil otherwise.

func (*Config) ToFile 

func (c *Config) ToFile(path string) error

ToFile outputs the given Config as a TOML-encoded file at the given path. Returns errors encountered when generating or writing the file, or nil otherwise.

type ImageConfig 

type ImageConfig struct {
	// Pause is the path to the statically linked pause container binary, used
	// as the entrypoint for infra containers.
	//
	// TODO(cyphar): This should be replaced with a path to an OCI image
	// bundle, once the OCI image/storage code has been implemented.
	Pause string `toml:"pause"`

	// ImageStore is the directory where the ocid image store will be stored.
	// TODO: This is currently not really used because we don't have
	//       containers/storage integrated.
	ImageDir string `toml:"image_dir"`
}

ImageConfig represents the "ocid.image" TOML config table.

type NetworkConfig 

type NetworkConfig struct {
	// NetworkDir is where CNI network configuration files are stored.
	NetworkDir string `toml:"network_dir"`

	// PluginDir is where CNI plugin binaries are stored.
	PluginDir string `toml:"plugin_dir"`
}

NetworkConfig represents the "ocid.network" TOML config table

type RootConfig 

type RootConfig struct {
	// Root is a path to the "root directory" where all information not
	// explicitly handled by other options will be stored.
	Root string `toml:"root"`

	// SandboxDir is the directory where ocid will store all of its sandbox
	// state and other information.
	SandboxDir string `toml:"sandbox_dir"`

	// ContainerDir is the directory where ocid will store all of its container
	// state and other information.
	ContainerDir string `toml:"container_dir"`

	// LogDir is the default log directory were all logs will go unless kubelet
	// tells us to put them somewhere else.
	//
	// TODO: This is currently unused until the conmon logging rewrite is done.
	LogDir string `toml:"log_dir"`
}

RootConfig represents the root of the "ocid" TOML config table.

type RuntimeConfig 

type RuntimeConfig struct {
	// Runtime is a path to the OCI runtime which ocid will be using. Currently
	// the only known working choice is runC, simply because the OCI has not
	// yet merged a CLI API (so we assume runC's API here).
	Runtime string `toml:"runtime"`

	// Conmon is the path to conmon binary, used for managing the runtime.
	Conmon string `toml:"conmon"`

	// ConmonEnv is the environment variable list for conmon process.
	ConmonEnv []string `toml:"conmon_env"`

	// SELinux determines whether or not SELinux is used for pod separation.
	SELinux bool `toml:"selinux"`

	// SeccompProfile is the seccomp json profile path which is used as the
	// default for the runtime.
	SeccompProfile string `toml:"seccomp_profile"`

	// ApparmorProfile is the apparmor profile name which is used as the
	// default for the runtime.
	ApparmorProfile string `toml:"apparmor_profile"`

	// CgroupManager is the manager implementation name which is used to
	// handle cgroups for containers.
	CgroupManager string `toml:"cgroup_manager"`
}

RuntimeConfig represents the "ocid.runtime" TOML config table.

type Server 

type Server struct {
	// contains filtered or unexported fields
}

Server implements the RuntimeService and ImageService

func New 

func New(config *Config) (*Server, error)

New creates a new Server with options provided

func (*Server) Attach 

func (s *Server) Attach(ctx context.Context, req *pb.AttachRequest) (*pb.AttachResponse, error)

Attach prepares a streaming endpoint to attach to a running container.

func (*Server) ContainerStatus 

func (s *Server) ContainerStatus(ctx context.Context, req *pb.ContainerStatusRequest) (*pb.ContainerStatusResponse, error)

ContainerStatus returns status of the container.

func (*Server) CreateContainer 

func (s *Server) CreateContainer(ctx context.Context, req *pb.CreateContainerRequest) (res *pb.CreateContainerResponse, err error)

CreateContainer creates a new container in specified PodSandbox

func (*Server) Exec 

func (s *Server) Exec(ctx context.Context, req *pb.ExecRequest) (*pb.ExecResponse, error)

Exec prepares a streaming endpoint to execute a command in the container.

func (*Server) ExecSync 

func (s *Server) ExecSync(ctx context.Context, req *pb.ExecSyncRequest) (*pb.ExecSyncResponse, error)

ExecSync runs a command in a container synchronously.

func (*Server) ImageStatus 

func (s *Server) ImageStatus(ctx context.Context, req *pb.ImageStatusRequest) (*pb.ImageStatusResponse, error)

ImageStatus returns the status of the image.

func (*Server) ListContainers 

func (s *Server) ListContainers(ctx context.Context, req *pb.ListContainersRequest) (*pb.ListContainersResponse, error)

ListContainers lists all containers by filters.

func (*Server) ListImages 

func (s *Server) ListImages(ctx context.Context, req *pb.ListImagesRequest) (*pb.ListImagesResponse, error)

ListImages lists existing images.

func (*Server) ListPodSandbox 

func (s *Server) ListPodSandbox(ctx context.Context, req *pb.ListPodSandboxRequest) (*pb.ListPodSandboxResponse, error)

ListPodSandbox returns a list of SandBoxes.

func (*Server) PodSandboxStatus 

func (s *Server) PodSandboxStatus(ctx context.Context, req *pb.PodSandboxStatusRequest) (*pb.PodSandboxStatusResponse, error)

PodSandboxStatus returns the Status of the PodSandbox.

func (*Server) PortForward 

func (s *Server) PortForward(ctx context.Context, req *pb.PortForwardRequest) (*pb.PortForwardResponse, error)

PortForward prepares a streaming endpoint to forward ports from a PodSandbox.

func (*Server) PullImage 

func (s *Server) PullImage(ctx context.Context, req *pb.PullImageRequest) (*pb.PullImageResponse, error)

PullImage pulls a image with authentication config.

func (*Server) RemoveContainer 

func (s *Server) RemoveContainer(ctx context.Context, req *pb.RemoveContainerRequest) (*pb.RemoveContainerResponse, error)

RemoveContainer removes the container. If the container is running, the container should be force removed.

func (*Server) RemoveImage 

func (s *Server) RemoveImage(ctx context.Context, req *pb.RemoveImageRequest) (*pb.RemoveImageResponse, error)

RemoveImage removes the image.

func (*Server) RemovePodSandbox 

func (s *Server) RemovePodSandbox(ctx context.Context, req *pb.RemovePodSandboxRequest) (*pb.RemovePodSandboxResponse, error)

RemovePodSandbox deletes the sandbox. If there are any running containers in the sandbox, they should be force deleted.

func (*Server) RunPodSandbox 

func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest) (resp *pb.RunPodSandboxResponse, err error)

RunPodSandbox creates and runs a pod-level sandbox.

func (*Server) StartContainer 

func (s *Server) StartContainer(ctx context.Context, req *pb.StartContainerRequest) (*pb.StartContainerResponse, error)

StartContainer starts the container.

func (*Server) Status 

func (s *Server) Status(ctx context.Context, req *pb.StatusRequest) (*pb.StatusResponse, error)

Status returns the status of the runtime

func (*Server) StopContainer 

func (s *Server) StopContainer(ctx context.Context, req *pb.StopContainerRequest) (*pb.StopContainerResponse, error)

StopContainer stops a running container with a grace period (i.e., timeout).

func (*Server) StopPodSandbox 

func (s *Server) StopPodSandbox(ctx context.Context, req *pb.StopPodSandboxRequest) (*pb.StopPodSandboxResponse, error)

StopPodSandbox stops the sandbox. If there are any running containers in the sandbox, they should be force terminated.

func (*Server) UpdateRuntimeConfig 

func (s *Server) UpdateRuntimeConfig(ctx context.Context, req *pb.UpdateRuntimeConfigRequest) (*pb.UpdateRuntimeConfigResponse, error)

UpdateRuntimeConfig updates the configuration of a running container.

func (*Server) Version 

func (s *Server) Version(ctx context.Context, req *pb.VersionRequest) (*pb.VersionResponse, error)

Version returns the runtime name, runtime version and runtime API version

type Sysctl 

type Sysctl struct {
	// Name of a property to set
	Name string `json:"name"`
	// Value of a property to set
	Value string `json:"value"`
}

Sysctl defines a kernel parameter to be set

func SysctlsFromPodAnnotation 

func SysctlsFromPodAnnotation(annotation string) ([]Sysctl, error)

SysctlsFromPodAnnotation parses an annotation value into a slice of Sysctls.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.