Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func IsNamespaceSupported ¶
func IsNamespaceSupported(ns NamespaceType) bool
IsNamespaceSupported returns whether a namespace is available or not
func NsName ¶
func NsName(ns NamespaceType) string
NsName converts the namespace type to its filename
Types ¶
type Command ¶
type CommandHook ¶
type CommandHook struct {
Command
}
func NewCommandHook ¶
func NewCommandHook(cmd Command) CommandHook
NewCommandHook will execute the provided command when the hook is run.
type Config ¶
type Config struct {
// ParentDeathSignal specifies the signal that is sent to the container's process in the case
// that the parent process dies.
ParentDeathSignal int `json:"parent_death_signal"`
// Path to a directory containing the container's root filesystem.
Rootfs string `json:"rootfs"`
// Namespaces specifies the container's namespaces that it should setup when cloning the init process
// If a namespace is not provided that namespace is shared from the container's parent process
Namespaces Namespaces `json:"namespaces"`
// Networks specifies the container's network setup to be created
Networks []*Network `json:"networks"`
// Routes can be specified to create entries in the route table as the container is started
Routes []*Route `json:"routes"`
// AppArmorProfile specifies the profile to apply to the process running in the container and is
// change at the time the process is execed
AppArmorProfile string `json:"apparmor_profile,omitempty"`
// ProcessLabel specifies the label to apply to the process running in the container. It is
// commonly used by selinux
ProcessLabel string `json:"process_label,omitempty"`
// Hooks are a collection of actions to perform at various container lifecycle events.
// CommandHooks are serialized to JSON, but other hooks are not.
Hooks Hooks
// Version is the version of opencontainer specification that is supported.
Version string `json:"version"`
// Labels are user defined metadata that is stored in the config and populated on the state
Labels []string `json:"labels"`
}
Config defines configuration options for executing a process inside a contained environment.
type Hook ¶
type Hook interface {
// Run executes the hook with the provided state.
Run(*specs.State) error
}
type HookName ¶
type HookName string
const ( // Prestart commands are executed after the container namespaces are created, // but before the user supplied command is executed from init. // Note: This hook is now deprecated // Prestart commands are called in the Runtime namespace. Prestart HookName = "prestart" // CreateRuntime commands MUST be called as part of the create operation after // the runtime environment has been created but before the pivot_root has been executed. // CreateRuntime is called immediately after the deprecated Prestart hook. // CreateRuntime commands are called in the Runtime Namespace. CreateRuntime HookName = "createRuntime" // CreateContainer commands MUST be called as part of the create operation after // the runtime environment has been created but before the pivot_root has been executed. // CreateContainer commands are called in the Container namespace. CreateContainer HookName = "createContainer" // StartContainer commands MUST be called as part of the start operation and before // the container process is started. // StartContainer commands are called in the Container namespace. StartContainer HookName = "startContainer" // Poststart commands are executed after the container init process starts. // Poststart commands are called in the Runtime Namespace. Poststart HookName = "poststart" // Poststop commands are executed after the container init process exits. // Poststop commands are called in the Runtime Namespace. Poststop HookName = "poststop" )
type Namespace ¶
type Namespace struct {
Type NamespaceType `json:"type"`
Path string `json:"path"`
}
Namespace defines configuration for each namespace. It specifies an alternate path that is able to be joined via setns.
type NamespaceType ¶
type NamespaceType string
const (
NEWNET NamespaceType = "NEWNET"
)
func NamespaceTypes ¶
func NamespaceTypes() []NamespaceType
type Namespaces ¶
type Namespaces []Namespace
func (*Namespaces) Add ¶
func (n *Namespaces) Add(t NamespaceType, path string)
func (*Namespaces) CloneFlags ¶
func (n *Namespaces) CloneFlags() uintptr
CloneFlags parses the container's Namespaces options to set the correct flags on clone, unshare. This function returns flags only for new namespaces.
func (*Namespaces) Contains ¶
func (n *Namespaces) Contains(t NamespaceType) bool
func (*Namespaces) PathOf ¶
func (n *Namespaces) PathOf(t NamespaceType) string
type Network ¶
type Network struct {
// Type sets the networks type, commonly veth and loopback
Type string `json:"type"`
// Name of the network interface
Name string `json:"name"`
// The bridge to use.
Bridge string `json:"bridge"`
// MacAddress contains the MAC address to set on the network interface
MacAddress string `json:"mac_address"`
// Address contains the IPv4 and mask to set on the network interface
Address string `json:"address"`
// Gateway sets the gateway address that is used as the default for the interface
Gateway string `json:"gateway"`
// IPv6Address contains the IPv6 and mask to set on the network interface
IPv6Address string `json:"ipv6_address"`
// IPv6Gateway sets the ipv6 gateway address that is used as the default for the interface
IPv6Gateway string `json:"ipv6_gateway"`
// Mtu sets the mtu value for the interface and will be mirrored on both the host and
// container's interfaces if a pair is created, specifically in the case of type veth
// Note: This does not apply to loopback interfaces.
Mtu int `json:"mtu"`
// TxQueueLen sets the tx_queuelen value for the interface and will be mirrored on both the host and
// container's interfaces if a pair is created, specifically in the case of type veth
// Note: This does not apply to loopback interfaces.
TxQueueLen int `json:"txqueuelen"`
// HostInterfaceName is a unique name of a veth pair that resides on in the host interface of the
// container.
HostInterfaceName string `json:"host_interface_name"`
// HairpinMode specifies if hairpin NAT should be enabled on the virtual interface
// bridge port in the case of type veth
// Note: This is unsupported on some systems.
// Note: This does not apply to loopback interfaces.
HairpinMode bool `json:"hairpin_mode"`
}
Network defines configuration for a container's networking stack
The network configuration can be omitted from a container causing the container to be setup with the host's networking stack
type Route ¶
type Route struct {
// Destination specifies the destination IP address and mask in the CIDR form.
Destination string `json:"destination"`
// Source specifies the source IP address and mask in the CIDR form.
Source string `json:"source"`
// Gateway specifies the gateway IP address.
Gateway string `json:"gateway"`
// InterfaceName specifies the device to set this route up for, for example eth0.
InterfaceName string `json:"interface_name"`
}
Route defines a routing table entry.
Routes can be specified to create entries in the routing table as the container is started.
All of destination, source, and gateway should be either IPv4 or IPv6. One of the three options must be present, and omitted entries will use their IP family default for the route table. For IPv4 for example, setting the gateway to 1.2.3.4 and the interface to eth0 will set up a standard destination of 0.0.0.0(or *) when viewed in the route table.
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.