Documentation

Index

Constants

View Source
const (
	CredCreationSucceededCount    = "CredCreationSucceededCount"
	CredCreationSucceededDuration = "CredCreationSucceededDuration"
	CredCreationFailedCount       = "CredCreationFailedCount"
)
View Source
const (
	StartProxyPort = 61001
	EndProxyPort   = 65534

	TimeOut = 250000000

	IngressListener = "ingress_listener"
	TcpProxy        = "envoy.tcp_proxy"
	AdsClusterName  = "pilot-ads"

	AdminAccessLog = os.DevNull
)
View Source
const (
	GardenContainerCreationSucceededDuration    = "GardenContainerCreationSucceededDuration"
	GardenContainerCreationFailedDuration       = "GardenContainerCreationFailedDuration"
	GardenContainerDestructionSucceededDuration = "GardenContainerDestructionSucceededDuration"
	GardenContainerDestructionFailedDuration    = "GardenContainerDestructionFailedDuration"
	ContainerSetupFailedDuration                = "ContainerSetupFailedDuration"
)

    To be deprecated

    View Source
    const BindMountCleanupFailed = "failed to cleanup bindmount artifacts"
    View Source
    const ContainerCompletedCount = "ContainerCompletedCount"
    View Source
    const ContainerCreationFailedMessage = "failed to create container"
    View Source
    const ContainerExitedOnTimeoutCount = "ContainerExitedOnTimeoutCount"
    View Source
    const ContainerExpirationMessage = "expired container"
    View Source
    const ContainerMissingMessage = "missing garden container"
    View Source
    const CredDirFailed = "failed to create credentials directory"
    View Source
    const DownloadCachedDependenciesFailed = "failed to download cached artifacts"
    View Source
    const VolmanMountFailed = "failed to mount volume"

    Variables

    View Source
    var (
    	ErrNoPortsAvailable   = errors.New("no ports available")
    	ErrInvalidCertificate = errors.New("cannot parse invalid certificate")
    
    	SupportedCipherSuites = []string{"ECDHE-RSA-AES256-GCM-SHA384", "ECDHE-RSA-AES128-GCM-SHA256"}
    )
    View Source
    var (
    	ErrFailedToCAS = errors.New("failed-to-cas")
    )
    View Source
    var ErrIPRangeConversionFailed = errors.New("failed to convert destination to ip range")

    Functions

    This section is empty.

    Types

    type BindMountCacheKey

    type BindMountCacheKey struct {
    	CacheKey string
    	Dir      string
    }

    func NewbindMountCacheKey

    func NewbindMountCacheKey(cacheKey, dir string) BindMountCacheKey

    type BindMounts

    type BindMounts struct {
    	CacheKeys        []BindMountCacheKey
    	GardenBindMounts []garden.BindMount
    }

    func NewBindMounts

    func NewBindMounts(capacity int) BindMounts

    func (*BindMounts) AddBindMount

    func (b *BindMounts) AddBindMount(cacheKey string, mount garden.BindMount)

    type ContainerConfig

    type ContainerConfig struct {
    	OwnerName    string
    	INodeLimit   uint64
    	MaxCPUShares uint64
    	SetCPUWeight bool
    
    	ReservedExpirationTime             time.Duration
    	ReapInterval                       time.Duration
    	MaxLogLinesPerSecond               int
    	LogRateLimitExceededReportInterval time.Duration
    }

    type ContainerStore

    type ContainerStore interface {
    	// Setters
    	Reserve(logger lager.Logger, req *executor.AllocationRequest) (executor.Container, error)
    	Destroy(logger lager.Logger, guid string) error
    
    	// Container Operations
    	Initialize(logger lager.Logger, req *executor.RunRequest) error
    	Create(logger lager.Logger, guid string) (executor.Container, error)
    	Run(logger lager.Logger, guid string) error
    	Stop(logger lager.Logger, guid string) error
    
    	// Getters
    	Get(logger lager.Logger, guid string) (executor.Container, error)
    	List(logger lager.Logger) []executor.Container
    	Metrics(logger lager.Logger) (map[string]executor.ContainerMetrics, error)
    	RemainingResources(logger lager.Logger) executor.ExecutorResources
    	GetFiles(logger lager.Logger, guid, sourcePath string) (io.ReadCloser, error)
    
    	// Cleanup
    	NewRegistryPruner(logger lager.Logger) ifrit.Runner
    	NewContainerReaper(logger lager.Logger) ifrit.Runner
    
    	// shutdown the dependency manager
    	Cleanup(logger lager.Logger)
    }

    func New

    func New(
    	containerConfig ContainerConfig,
    	totalCapacity *executor.ExecutorResources,
    	gardenClient garden.Client,
    	dependencyManager DependencyManager,
    	volumeManager volman.Manager,
    	credManager CredManager,
    	clock clock.Clock,
    	eventEmitter event.Hub,
    	transformer transformer.Transformer,
    	trustedSystemCertificatesPath string,
    	metronClient loggingclient.IngressClient,
    	rootFSSizer configuration.RootFSSizer,
    	useDeclarativeHealthCheck bool,
    	declarativeHealthcheckPath string,
    	proxyConfigHandler ProxyManager,
    	cellID string,
    	enableUnproxiedPortMappings bool,
    	advertisePreferenceForInstanceAddress bool,
    ) ContainerStore

    type CredManager

    type CredManager interface {
    	CreateCredDir(lager.Logger, executor.Container) ([]garden.BindMount, []executor.EnvironmentVariable, error)
    	RemoveCredDir(lager.Logger, executor.Container) error
    	Runner(lager.Logger, executor.Container) ifrit.Runner
    }

      go:generate counterfeiter -o containerstorefakes/fake_cred_manager.go . CredManager

      func NewCredManager

      func NewCredManager(
      	logger lager.Logger,
      	metronClient loggingclient.IngressClient,
      	validityPeriod time.Duration,
      	entropyReader io.Reader,
      	clock clock.Clock,
      	CaCert *x509.Certificate,
      	privateKey *rsa.PrivateKey,
      	handlers ...CredentialHandler,
      ) CredManager

      func NewNoopCredManager

      func NewNoopCredManager() CredManager

      type Credential

      type Credential struct {
      	Cert string
      	Key  string
      }

      type CredentialHandler

      type CredentialHandler interface {
      	// Called to create the necessary directory
      	CreateDir(logger lager.Logger, container executor.Container) ([]garden.BindMount, []executor.EnvironmentVariable, error)
      
      	// Called during shutdown to remove directory created in CreateDir
      	RemoveDir(logger lager.Logger, container executor.Container) error
      
      	// Called periodically as new valid certificate/key pair are generated
      	Update(credentials Credential, container executor.Container) error
      
      	// Called when the CredManager is preparing to exit. This is mainly to update
      	// the EnvoyProxy with invalid certificates and prevent it from accepting
      	// more incoming traffic from the gorouter
      	Close(invalidCredentials Credential, container executor.Container) error
      }

        CredentialHandler handles new credential generated by the CredManager.

        type DependencyManager

        type DependencyManager interface {
        	DownloadCachedDependencies(logger lager.Logger, mounts []executor.CachedDependency, logStreamer log_streamer.LogStreamer) (BindMounts, error)
        	ReleaseCachedDependencies(logger lager.Logger, keys []BindMountCacheKey) error
        	Stop(logger lager.Logger)
        }

        func NewDependencyManager

        func NewDependencyManager(cache cacheddownloader.CachedDownloader, downloadRateLimiter chan struct{}) DependencyManager

        type InstanceIdentityHandler

        type InstanceIdentityHandler struct {
        	// contains filtered or unexported fields
        }

        func NewInstanceIdentityHandler

        func NewInstanceIdentityHandler(
        	credDir string,
        	containerMountPath string,
        ) *InstanceIdentityHandler

        func (*InstanceIdentityHandler) Close

        func (h *InstanceIdentityHandler) Close(cred Credential, container executor.Container) error

        func (*InstanceIdentityHandler) CreateDir

        func (*InstanceIdentityHandler) RemoveDir

        func (h *InstanceIdentityHandler) RemoveDir(logger lager.Logger, container executor.Container) error

        func (*InstanceIdentityHandler) Update

        func (h *InstanceIdentityHandler) Update(cred Credential, container executor.Container) error

        type NoopProxyConfigHandler

        type NoopProxyConfigHandler struct{}

        func NewNoopProxyConfigHandler

        func NewNoopProxyConfigHandler() *NoopProxyConfigHandler

        func (*NoopProxyConfigHandler) Close

        func (p *NoopProxyConfigHandler) Close(invalidCredentials Credential, container executor.Container) error

        func (*NoopProxyConfigHandler) CreateDir

        func (*NoopProxyConfigHandler) ProxyPorts

        func (*NoopProxyConfigHandler) RemoveDir

        func (p *NoopProxyConfigHandler) RemoveDir(logger lager.Logger, container executor.Container) error

        func (*NoopProxyConfigHandler) RemoveProxyConfigDir

        func (p *NoopProxyConfigHandler) RemoveProxyConfigDir(logger lager.Logger, container executor.Container) error

        func (*NoopProxyConfigHandler) Runner

        func (p *NoopProxyConfigHandler) Runner(logger lager.Logger, container executor.Container, credRotatedChan <-chan Credential) (ifrit.Runner, error)

        func (*NoopProxyConfigHandler) Update

        func (p *NoopProxyConfigHandler) Update(credentials Credential, container executor.Container) error

        type ProxyConfigHandler

        type ProxyConfigHandler struct {
        	// contains filtered or unexported fields
        }

        func NewProxyConfigHandler

        func NewProxyConfigHandler(
        	logger lager.Logger,
        	containerProxyPath string,
        	containerProxyConfigPath string,
        	ContainerProxyTrustedCACerts []string,
        	ContainerProxyVerifySubjectAltName []string,
        	containerProxyRequireClientCerts bool,
        	reloadDuration time.Duration,
        	reloadClock clock.Clock,
        	adsServers []string,
        ) *ProxyConfigHandler

        func (*ProxyConfigHandler) Close

        func (p *ProxyConfigHandler) Close(invalidCredentials Credential, container executor.Container) error

        func (*ProxyConfigHandler) CreateDir

        func (*ProxyConfigHandler) ProxyPorts

        func (p *ProxyConfigHandler) ProxyPorts(logger lager.Logger, container *executor.Container) ([]executor.ProxyPortMapping, []uint16)

          This modifies the container pointer in order to create garden NetIn rules in the storenode.Create

          func (*ProxyConfigHandler) RemoveDir

          func (p *ProxyConfigHandler) RemoveDir(logger lager.Logger, container executor.Container) error

          func (*ProxyConfigHandler) Update

          func (p *ProxyConfigHandler) Update(credentials Credential, container executor.Container) error

          type ProxyManager

          type ProxyManager interface {
          	CredentialHandler
          	ProxyPorts(lager.Logger, *executor.Container) ([]executor.ProxyPortMapping, []uint16)
          }

            go:generate counterfeiter -o containerstorefakes/fake_proxymanager.go . ProxyManager

            Directories

            Path Synopsis
            Code generated by counterfeiter.
            Code generated by counterfeiter.