Affected by 
Documentation
¶
Index ¶
- Constants
- func GetImageInfo(imagePath string, context *IsolationResult) (*containerdisk.DiskInfo, error)
- type IsolationResult
- func (r *IsolationResult) Controller() []string
- func (r *IsolationResult) IsMounted(mountPoint string) (bool, error)
- func (r *IsolationResult) MountInfoRoot() (*MountInfo, error)
- func (r *IsolationResult) MountNamespace() string
- func (r *IsolationResult) MountRoot() string
- func (r *IsolationResult) NetNamespace() string
- func (r *IsolationResult) PIDNamespace() string
- func (r *IsolationResult) ParentMountInfoFor(mountInfo *MountInfo) (*MountInfo, error)
- func (r *IsolationResult) Pid() int
- func (r *IsolationResult) Slice() string
- type MockPodIsolationDetector
- func (_m *MockPodIsolationDetector) AdjustResources(vm *v1.VirtualMachineInstance) error
- func (_m *MockPodIsolationDetector) Detect(vm *v1.VirtualMachineInstance) (*IsolationResult, error)
- func (_m *MockPodIsolationDetector) DetectForSocket(vm *v1.VirtualMachineInstance, socket string) (*IsolationResult, error)
- func (_m *MockPodIsolationDetector) EXPECT() *_MockPodIsolationDetectorRecorder
- func (_m *MockPodIsolationDetector) Whitelist(controller []string) PodIsolationDetector
- type MountInfo
- type PodIsolationDetector
Constants ¶
View Source
const (
QEMUIMGPath = "/usr/bin/qemu-img"
)
Variables ¶
This section is empty.
Functions ¶
func GetImageInfo ¶ added in v0.20.0
func GetImageInfo(imagePath string, context *IsolationResult) (*containerdisk.DiskInfo, error)
Types ¶
type IsolationResult ¶
type IsolationResult struct {
// contains filtered or unexported fields
}
func NewIsolationResult ¶
func NewIsolationResult(pid int, slice string, controller []string) *IsolationResult
func NodeIsolationResult ¶
func NodeIsolationResult() *IsolationResult
func (*IsolationResult) Controller ¶
func (r *IsolationResult) Controller() []string
func (*IsolationResult) IsMounted ¶ added in v0.20.0
func (r *IsolationResult) IsMounted(mountPoint string) (bool, error)
IsMounted checks if a path in the mount namespace of a given process isolation result is a mount point. Works with symlinks.
func (*IsolationResult) MountInfoRoot ¶ added in v0.20.0
func (r *IsolationResult) MountInfoRoot() (*MountInfo, error)
MountInfoRoot returns information about the root entry in /proc/mountinfo
func (*IsolationResult) MountNamespace ¶ added in v0.20.0
func (r *IsolationResult) MountNamespace() string
func (*IsolationResult) MountRoot ¶
func (r *IsolationResult) MountRoot() string
func (*IsolationResult) NetNamespace ¶
func (r *IsolationResult) NetNamespace() string
func (*IsolationResult) PIDNamespace ¶
func (r *IsolationResult) PIDNamespace() string
func (*IsolationResult) ParentMountInfoFor ¶ added in v0.20.0
func (r *IsolationResult) ParentMountInfoFor(mountInfo *MountInfo) (*MountInfo, error)
ParentMountInfoFor takes the mount info from a container, and looks the corresponding entry in /proc/mountinfo of the isolation result of the given process.
func (*IsolationResult) Pid ¶
func (r *IsolationResult) Pid() int
func (*IsolationResult) Slice ¶
func (r *IsolationResult) Slice() string
type MockPodIsolationDetector ¶
type MockPodIsolationDetector struct {
// contains filtered or unexported fields
}
Mock of PodIsolationDetector interface
func NewMockPodIsolationDetector ¶
func NewMockPodIsolationDetector(ctrl *gomock.Controller) *MockPodIsolationDetector
func (*MockPodIsolationDetector) AdjustResources ¶ added in v0.21.0
func (_m *MockPodIsolationDetector) AdjustResources(vm *v1.VirtualMachineInstance) error
func (*MockPodIsolationDetector) Detect ¶
func (_m *MockPodIsolationDetector) Detect(vm *v1.VirtualMachineInstance) (*IsolationResult, error)
func (*MockPodIsolationDetector) DetectForSocket ¶ added in v0.20.0
func (_m *MockPodIsolationDetector) DetectForSocket(vm *v1.VirtualMachineInstance, socket string) (*IsolationResult, error)
func (*MockPodIsolationDetector) EXPECT ¶
func (_m *MockPodIsolationDetector) EXPECT() *_MockPodIsolationDetectorRecorder
func (*MockPodIsolationDetector) Whitelist ¶
func (_m *MockPodIsolationDetector) Whitelist(controller []string) PodIsolationDetector
type PodIsolationDetector ¶
type PodIsolationDetector interface {
// Detect takes a vm, looks up a socket based the VM and detects pid, cgroups and namespaces of the owner of that socket.
// It returns an IsolationResult containing all isolation information
Detect(vm *v1.VirtualMachineInstance) (*IsolationResult, error)
DetectForSocket(vm *v1.VirtualMachineInstance, socket string) (*IsolationResult, error)
// Whitelist allows specifying cgroup controller which should be considered to detect the cgroup slice
// It returns a PodIsolationDetector to allow configuring the PodIsolationDetector via the builder pattern.
Whitelist(controller []string) PodIsolationDetector
// Adjust system resources to run the passed VM
AdjustResources(vm *v1.VirtualMachineInstance) error
}
PodIsolationDetector helps detecting cgroups, namespaces and PIDs of Pods from outside of them. Different strategies may be applied to do that.
func NewSocketBasedIsolationDetector ¶
func NewSocketBasedIsolationDetector(socketDir string) PodIsolationDetector
NewSocketBasedIsolationDetector takes socketDir and creates a socket based IsolationDetector It returns a PodIsolationDetector which detects pid, cgroups and namespaces of the socket owner.
Source Files
Click to show internal directories.
Click to hide internal directories.