containerstore

package
v0.1442.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 27, 2024 License: Apache-2.0 Imports: 63 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	CredCreationSucceededCount       = "CredCreationSucceededCount"
	CredCreationSucceededDuration    = "CredCreationSucceededDuration"
	CredCreationFailedCount          = "CredCreationFailedCount"
	C2CCredCreationSucceededCount    = "C2CCredCreationSucceededCount"
	C2CCredCreationSucceededDuration = "C2CCredCreationSucceededDuration"
	C2CCredCreationFailedCount       = "C2CCredCreationFailedCount"
)
View Source 
const (
	StartProxyPort  = 61001
	EndProxyPort    = 65534
	DefaultHTTPPort = 8080
	C2CTLSPort      = 61443

	TimeOut = 250000000

	IngressListener = "ingress_listener"
	TcpProxy        = "envoy.tcp_proxy"
	AdsClusterName  = "pilot-ads"

	AdminAccessLog = os.DevNull
)
View Source 
const (
	GardenContainerCreationSucceededDuration    = "GardenContainerCreationSucceededDuration"
	GardenContainerCreationFailedDuration       = "GardenContainerCreationFailedDuration"
	GardenContainerDestructionSucceededDuration = "GardenContainerDestructionSucceededDuration"
	GardenContainerDestructionFailedDuration    = "GardenContainerDestructionFailedDuration"
	ContainerSetupFailedDuration                = "ContainerSetupFailedDuration"
)

To be deprecated

View Source 
const BindMountCleanupFailed = "failed to cleanup bindmount artifacts"
View Source 
const ContainerCompletedCount = "ContainerCompletedCount"
View Source 
const ContainerCreationFailedMessage = "failed to create container"
View Source 
const ContainerExitedOnTimeoutCount = "ContainerExitedOnTimeoutCount"
View Source 
const ContainerExpirationMessage = "expired container"
View Source 
const ContainerMissingMessage = "missing garden container"
View Source 
const CredDirFailed = "failed to create credentials directory"
View Source 
const DownloadCachedDependenciesFailed = "failed to download cached artifacts"
View Source 
const VolmanMountFailed = "failed to mount volume"

Variables

View Source 
var (
	ErrNoPortsAvailable     = errors.New("no ports available")
	ErrInvalidCertificate   = errors.New("cannot parse invalid certificate")
	ErrC2CTLSPortIsReserved = fmt.Errorf("port %d is reserved for container networking", C2CTLSPort)

	AlpnProtocols         = []string{"h2,http/1.1"}
	SupportedCipherSuites = []string{"ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-RSA-AES128-GCM-SHA256"}
)
View Source 
var (
	ErrFailedToCAS = errors.New("failed-to-cas")
)
View Source 
var ErrIPRangeConversionFailed = errors.New("failed to convert destination to ip range")

Functions

This section is empty.

Types

type BindMountCacheKey 

type BindMountCacheKey struct {
	CacheKey string
	Dir      string
}

func NewbindMountCacheKey 

func NewbindMountCacheKey(cacheKey, dir string) BindMountCacheKey

type BindMounts 

type BindMounts struct {
	CacheKeys        []BindMountCacheKey
	GardenBindMounts []garden.BindMount
}

func NewBindMounts 

func NewBindMounts(capacity int) BindMounts

func (*BindMounts) AddBindMount 

func (b *BindMounts) AddBindMount(cacheKey string, mount garden.BindMount)

type ContainerConfig 

type ContainerConfig struct {
	OwnerName    string
	INodeLimit   uint64
	MaxCPUShares uint64
	SetCPUWeight bool

	ReservedExpirationTime time.Duration
	ReapInterval           time.Duration
	MaxLogLinesPerSecond   int
	MetricReportInterval   time.Duration
}

type ContainerInfoProvider 

type ContainerInfoProvider interface {
	Info() executor.Container
}

type ContainerStore 

type ContainerStore interface {
	// Setters
	Reserve(logger lager.Logger, traceID string, req *executor.AllocationRequest) (executor.Container, error)
	Destroy(logger lager.Logger, traceID string, guid string) error

	// Container Operations
	Initialize(logger lager.Logger, req *executor.RunRequest) error
	Create(logger lager.Logger, traceID string, guid string) (executor.Container, error)
	Run(logger lager.Logger, traceID string, guid string) error
	Update(logger lager.Logger, req *executor.UpdateRequest) error
	Stop(logger lager.Logger, traceID string, guid string) error

	// Getters
	Get(logger lager.Logger, guid string) (executor.Container, error)
	List(logger lager.Logger) []executor.Container
	Metrics(logger lager.Logger) (map[string]executor.ContainerMetrics, error)
	RemainingResources(logger lager.Logger) executor.ExecutorResources
	GetFiles(logger lager.Logger, guid, sourcePath string) (io.ReadCloser, error)

	// Cleanup
	NewRegistryPruner(logger lager.Logger) ifrit.Runner
	NewContainerReaper(logger lager.Logger) ifrit.Runner

	// shutdown the dependency manager
	Cleanup(logger lager.Logger)
}

func New 

func New(
	containerConfig ContainerConfig,
	totalCapacity *executor.ExecutorResources,
	gardenClientFactory GardenClientFactory,
	dependencyManager DependencyManager,
	volumeManager volman.Manager,
	credManager CredManager,
	logManager LogManager,
	clock clock.Clock,
	eventEmitter event.Hub,
	transformer transformer.Transformer,
	trustedSystemCertificatesPath string,
	metronClient loggingclient.IngressClient,
	rootFSSizer configuration.RootFSSizer,
	useDeclarativeHealthCheck bool,
	declarativeHealthcheckPath string,
	proxyConfigHandler ProxyManager,
	cellID string,
	enableUnproxiedPortMappings bool,
	advertisePreferenceForInstanceAddress bool,
	jsonMarshaller func(any) ([]byte, error),
) ContainerStore

type CredManager 

type CredManager interface {
	CreateCredDir(lager.Logger, executor.Container) ([]garden.BindMount, []executor.EnvironmentVariable, error)
	RemoveCredDir(lager.Logger, executor.Container) error
	Runner(lager.Logger, ContainerInfoProvider, <-chan struct{}) ifrit.Runner
}

func NewCredManager 

func NewCredManager(
	logger lager.Logger,
	metronClient loggingclient.IngressClient,
	validityPeriod time.Duration,
	entropyReader io.Reader,
	clock clock.Clock,
	CaCert *x509.Certificate,
	privateKey *rsa.PrivateKey,
	handlers ...CredentialHandler,
) CredManager

func NewNoopCredManager 

func NewNoopCredManager() CredManager

type Credential 

type Credential struct {
	Cert string
	Key  string
}

func (Credential) IsEmpty 

func (c Credential) IsEmpty() bool

type CredentialHandler 

type CredentialHandler interface {
	// Called to create the necessary directory
	CreateDir(logger lager.Logger, container executor.Container) ([]garden.BindMount, []executor.EnvironmentVariable, error)

	// Called during shutdown to remove directory created in CreateDir
	RemoveDir(logger lager.Logger, container executor.Container) error

	// Called periodically as new valid certificate/key pair are generated
	Update(credentials Credentials, container executor.Container) error

	// Called when the CredManager is preparing to exit. This is mainly to update
	// the EnvoyProxy with invalid certificates and prevent it from accepting
	// more incoming traffic from the gorouter
	Close(invalidCredentials Credentials, container executor.Container) error
}

CredentialHandler handles new credential generated by the CredManager.

type Credentials 

type Credentials struct {
	InstanceIdentityCredential Credential
	C2CCredential              Credential
}

type DependencyManager 

type DependencyManager interface {
	DownloadCachedDependencies(logger lager.Logger, mounts []executor.CachedDependency, logconfig executor.LogConfig, metronClient loggingclient.IngressClient) (BindMounts, error)
	ReleaseCachedDependencies(logger lager.Logger, keys []BindMountCacheKey) error
	Stop(logger lager.Logger)
}

func NewDependencyManager 

func NewDependencyManager(cache cacheddownloader.CachedDownloader, downloadRateLimiter chan struct{}) DependencyManager

type GardenClientFactory 

type GardenClientFactory interface {
	NewGardenClient(logger lager.Logger, traceID string) garden.Client
}

func NewGardenClientFactory 

func NewGardenClientFactory(network, address string) GardenClientFactory

type InstanceIdentityHandler 

type InstanceIdentityHandler struct {
	// contains filtered or unexported fields
}

func NewInstanceIdentityHandler 

func NewInstanceIdentityHandler(
	credDir string,
	containerMountPath string,
) *InstanceIdentityHandler

func (*InstanceIdentityHandler) Close 

func (h *InstanceIdentityHandler) Close(creds Credentials, container executor.Container) error

func (*InstanceIdentityHandler) CreateDir 

func (h *InstanceIdentityHandler) CreateDir(logger lager.Logger, container executor.Container) ([]garden.BindMount, []executor.EnvironmentVariable, error)

func (*InstanceIdentityHandler) RemoveDir 

func (h *InstanceIdentityHandler) RemoveDir(logger lager.Logger, container executor.Container) error

func (*InstanceIdentityHandler) Update 

func (h *InstanceIdentityHandler) Update(creds Credentials, container executor.Container) error

type LogManager 

type LogManager interface {
	NewLogStreamer(conf executor.LogConfig, metronClient loggingclient.IngressClient, maxLogLinesPerSecond int, maxLogBytesPerSecond int64, metricReportInterval time.Duration) log_streamer.LogStreamer
}

func NewLogManager 

func NewLogManager() LogManager

type NoopProxyConfigHandler 

type NoopProxyConfigHandler struct{}

func NewNoopProxyConfigHandler 

func NewNoopProxyConfigHandler() *NoopProxyConfigHandler

func (*NoopProxyConfigHandler) Close 

func (p *NoopProxyConfigHandler) Close(invalidCredentials Credentials, container executor.Container) error

func (*NoopProxyConfigHandler) CreateDir 

func (p *NoopProxyConfigHandler) CreateDir(logger lager.Logger, container executor.Container) ([]garden.BindMount, []executor.EnvironmentVariable, error)

func (*NoopProxyConfigHandler) ProxyPorts 

func (p *NoopProxyConfigHandler) ProxyPorts(lager.Logger, *executor.Container) ([]executor.ProxyPortMapping, []uint16, error)

func (*NoopProxyConfigHandler) RemoveDir 

func (p *NoopProxyConfigHandler) RemoveDir(logger lager.Logger, container executor.Container) error

func (*NoopProxyConfigHandler) RemoveProxyConfigDir 

func (p *NoopProxyConfigHandler) RemoveProxyConfigDir(logger lager.Logger, container executor.Container) error

func (*NoopProxyConfigHandler) Runner 

func (p *NoopProxyConfigHandler) Runner(logger lager.Logger, container executor.Container, credRotatedChan <-chan Credential) (ifrit.Runner, error)

func (*NoopProxyConfigHandler) Update 

func (p *NoopProxyConfigHandler) Update(credentials Credentials, container executor.Container) error

type ProxyConfigHandler 

type ProxyConfigHandler struct {
	// contains filtered or unexported fields
}

func NewProxyConfigHandler 

func NewProxyConfigHandler(
	logger lager.Logger,
	containerProxyPath string,
	containerProxyConfigPath string,
	ContainerProxyTrustedCACerts []string,
	ContainerProxyVerifySubjectAltName []string,
	containerProxyRequireClientCerts bool,
	reloadDuration time.Duration,
	reloadClock clock.Clock,
	adsServers []string,
	http2Enabled bool,
) *ProxyConfigHandler

func (*ProxyConfigHandler) Close 

func (p *ProxyConfigHandler) Close(invalidCredentials Credentials, container executor.Container) error

func (*ProxyConfigHandler) CreateDir 

func (p *ProxyConfigHandler) CreateDir(logger lager.Logger, container executor.Container) ([]garden.BindMount, []executor.EnvironmentVariable, error)

func (*ProxyConfigHandler) ProxyPorts 

func (p *ProxyConfigHandler) ProxyPorts(logger lager.Logger, container *executor.Container) ([]executor.ProxyPortMapping, []uint16, error)

This modifies the container pointer in order to create garden NetIn rules in the storenode.Create

func (*ProxyConfigHandler) RemoveDir 

func (p *ProxyConfigHandler) RemoveDir(logger lager.Logger, container executor.Container) error

func (*ProxyConfigHandler) Update 

func (p *ProxyConfigHandler) Update(credentials Credentials, container executor.Container) error

type ProxyManager 

type ProxyManager interface {
	CredentialHandler
	ProxyPorts(lager.Logger, *executor.Container) ([]executor.ProxyPortMapping, []uint16, error)
}

Source Files

View all Source files

Directories

Path Synopsis
Code generated by counterfeiter.
 Code generated by counterfeiter.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.