Affected by 
Documentation
¶
Index ¶
- Constants
- func GetImageInfo(imagePath string, context IsolationResult) (*containerdisk.DiskInfo, error)
- func NodeIsolationResult() *realIsolationResult
- type IsolationResult
- type MockIsolationResult
- func (_m *MockIsolationResult) DoNetNS(_param0 func() error) error
- func (_m *MockIsolationResult) EXPECT() *_MockIsolationResultRecorder
- func (_m *MockIsolationResult) MountInfoRoot() (*MountInfo, error)
- func (_m *MockIsolationResult) MountNamespace() string
- func (_m *MockIsolationResult) MountRoot() string
- func (_m *MockIsolationResult) NetNamespace() string
- func (_m *MockIsolationResult) PIDNamespace() string
- func (_m *MockIsolationResult) Pid() int
- func (_m *MockIsolationResult) Slice() string
- type MockPodIsolationDetector
- func (_m *MockPodIsolationDetector) AdjustResources(vm *v1.VirtualMachineInstance) error
- func (_m *MockPodIsolationDetector) Detect(vm *v1.VirtualMachineInstance) (IsolationResult, error)
- func (_m *MockPodIsolationDetector) DetectForSocket(vm *v1.VirtualMachineInstance, socket string) (IsolationResult, error)
- func (_m *MockPodIsolationDetector) EXPECT() *_MockPodIsolationDetectorRecorder
- func (_m *MockPodIsolationDetector) Whitelist(controller []string) PodIsolationDetector
- type MountInfo
- type PodIsolationDetector
Constants ¶
View Source
const (
QEMUIMGPath = "/usr/bin/qemu-img"
)
Variables ¶
This section is empty.
Functions ¶
func GetImageInfo ¶ added in v0.20.0
func GetImageInfo(imagePath string, context IsolationResult) (*containerdisk.DiskInfo, error)
func NodeIsolationResult ¶
func NodeIsolationResult() *realIsolationResult
Types ¶
type IsolationResult ¶
type IsolationResult interface {
// cgroup slice
Slice() string
// process ID
Pid() int
// full path to the process namespace
PIDNamespace() string
// full path to the process root mount
MountRoot() string
// retrieve additional information about the process root mount
MountInfoRoot() (*MountInfo, error)
// full path to the mount namespace
MountNamespace() string
// full path to the network namespace
NetNamespace() string
// execute a function in the process network namespace
DoNetNS(func() error) error
}
func NewIsolationResult ¶
func NewIsolationResult(pid int, slice string, controller []string) IsolationResult
type MockIsolationResult ¶ added in v0.27.0
type MockIsolationResult struct {
// contains filtered or unexported fields
}
Mock of IsolationResult interface
func NewMockIsolationResult ¶ added in v0.27.0
func NewMockIsolationResult(ctrl *gomock.Controller) *MockIsolationResult
func (*MockIsolationResult) DoNetNS ¶ added in v0.27.0
func (_m *MockIsolationResult) DoNetNS(_param0 func() error) error
func (*MockIsolationResult) EXPECT ¶ added in v0.27.0
func (_m *MockIsolationResult) EXPECT() *_MockIsolationResultRecorder
func (*MockIsolationResult) MountInfoRoot ¶ added in v0.27.0
func (_m *MockIsolationResult) MountInfoRoot() (*MountInfo, error)
func (*MockIsolationResult) MountNamespace ¶ added in v0.27.0
func (_m *MockIsolationResult) MountNamespace() string
func (*MockIsolationResult) MountRoot ¶ added in v0.27.0
func (_m *MockIsolationResult) MountRoot() string
func (*MockIsolationResult) NetNamespace ¶ added in v0.27.0
func (_m *MockIsolationResult) NetNamespace() string
func (*MockIsolationResult) PIDNamespace ¶ added in v0.27.0
func (_m *MockIsolationResult) PIDNamespace() string
func (*MockIsolationResult) Pid ¶ added in v0.27.0
func (_m *MockIsolationResult) Pid() int
func (*MockIsolationResult) Slice ¶ added in v0.27.0
func (_m *MockIsolationResult) Slice() string
type MockPodIsolationDetector ¶
type MockPodIsolationDetector struct {
// contains filtered or unexported fields
}
Mock of PodIsolationDetector interface
func NewMockPodIsolationDetector ¶
func NewMockPodIsolationDetector(ctrl *gomock.Controller) *MockPodIsolationDetector
func (*MockPodIsolationDetector) AdjustResources ¶ added in v0.21.0
func (_m *MockPodIsolationDetector) AdjustResources(vm *v1.VirtualMachineInstance) error
func (*MockPodIsolationDetector) Detect ¶
func (_m *MockPodIsolationDetector) Detect(vm *v1.VirtualMachineInstance) (IsolationResult, error)
func (*MockPodIsolationDetector) DetectForSocket ¶ added in v0.20.0
func (_m *MockPodIsolationDetector) DetectForSocket(vm *v1.VirtualMachineInstance, socket string) (IsolationResult, error)
func (*MockPodIsolationDetector) EXPECT ¶
func (_m *MockPodIsolationDetector) EXPECT() *_MockPodIsolationDetectorRecorder
func (*MockPodIsolationDetector) Whitelist ¶
func (_m *MockPodIsolationDetector) Whitelist(controller []string) PodIsolationDetector
type PodIsolationDetector ¶
type PodIsolationDetector interface {
// Detect takes a vm, looks up a socket based the VM and detects pid, cgroups and namespaces of the owner of that socket.
// It returns an IsolationResult containing all isolation information
Detect(vm *v1.VirtualMachineInstance) (IsolationResult, error)
DetectForSocket(vm *v1.VirtualMachineInstance, socket string) (IsolationResult, error)
// Whitelist allows specifying cgroup controller which should be considered to detect the cgroup slice
// It returns a PodIsolationDetector to allow configuring the PodIsolationDetector via the builder pattern.
Whitelist(controller []string) PodIsolationDetector
// Adjust system resources to run the passed VM
AdjustResources(vm *v1.VirtualMachineInstance) error
}
PodIsolationDetector helps detecting cgroups, namespaces and PIDs of Pods from outside of them. Different strategies may be applied to do that.
func NewSocketBasedIsolationDetector ¶
func NewSocketBasedIsolationDetector(socketDir string, cgroupParser cgroup.Parser) PodIsolationDetector
NewSocketBasedIsolationDetector takes socketDir and creates a socket based IsolationDetector It returns a PodIsolationDetector which detects pid, cgroups and namespaces of the socket owner.
Source Files
Click to show internal directories.
Click to hide internal directories.