Documentation

Overview

    Package rkt contains the Containerruntime interface implementation for rkt.

    This file contains all image related functions for rkt runtime.

    Index

    Constants

    View Source
    const (
    	CAP_CHOWN = iota
    	CAP_DAC_OVERRIDE
    	CAP_DAC_READ_SEARCH
    	CAP_FOWNER
    	CAP_FSETID
    	CAP_KILL
    	CAP_SETGID
    	CAP_SETUID
    	CAP_SETPCAP
    	CAP_LINUX_IMMUTABLE
    	CAP_NET_BIND_SERVICE
    	CAP_NET_BROADCAST
    	CAP_NET_ADMIN
    	CAP_NET_RAW
    	CAP_IPC_LOCK
    	CAP_IPC_OWNER
    	CAP_SYS_MODULE
    	CAP_SYS_RAWIO
    	CAP_SYS_CHROOT
    	CAP_SYS_PTRACE
    	CAP_SYS_PACCT
    	CAP_SYS_ADMIN
    	CAP_SYS_BOOT
    	CAP_SYS_NICE
    	CAP_SYS_RESOURCE
    	CAP_SYS_TIME
    	CAP_SYS_TTY_CONFIG
    	CAP_MKNOD
    	CAP_LEASE
    	CAP_AUDIT_WRITE
    	CAP_AUDIT_CONTROL
    	CAP_SETFCAP
    	CAP_MAC_OVERRIDE
    	CAP_MAC_ADMIN
    	CAP_SYSLOG
    	CAP_WAKE_ALARM
    	CAP_BLOCK_SUSPEND
    	CAP_AUDIT_READ
    )

      TODO(yifan): Export this to higher level package.

      View Source
      const (
      	RktType                      = "rkt"
      	DefaultRktAPIServiceEndpoint = "localhost:15441"
      )

      Variables

      This section is empty.

      Functions

      This section is empty.

      Types

      type Config

      type Config struct {
      	// The absolute path to the binary, or leave empty to find it in $PATH.
      	Path string
      	// The rkt data directory.
      	Dir string
      	// The image to use as stage1.
      	Stage1Image string
      	// The debug flag for rkt.
      	Debug bool
      	// Comma-separated list of security features to disable.
      	// Allowed values: "none", "image", "tls", "ondisk", "http", "all".
      	InsecureOptions string
      	// The local config directory.
      	LocalConfigDir string
      	// The user config directory.
      	UserConfigDir string
      	// The system config directory.
      	SystemConfigDir string
      }

        Config stores the global configuration for the rkt runtime. Detailed documents can be found at: https://github.com/coreos/rkt/blob/master/Documentation/commands.md#global-options

        type Runtime

        type Runtime struct {
        	// contains filtered or unexported fields
        }

          Runtime implements the Containerruntime for rkt. The implementation uses systemd, so in order to run this runtime, systemd must be installed on the machine.

          func New

          func New(
          	apiEndpoint string,
          	config *Config,
          	runtimeHelper kubecontainer.RuntimeHelper,
          	recorder record.EventRecorder,
          	containerRefManager *kubecontainer.RefManager,
          	podGetter podGetter,
          	livenessManager proberesults.Manager,
          	httpClient types.HttpGetter,
          	networkPlugin network.NetworkPlugin,
          	hairpinMode bool,
          	execer utilexec.Interface,
          	os kubecontainer.OSInterface,
          	imageBackOff *flowcontrol.Backoff,
          	serializeImagePulls bool,
          	imagePullQPS float32,
          	imagePullBurst int,
          	requestTimeout time.Duration,
          ) (*Runtime, error)

            New creates the rkt container runtime which implements the container runtime interface. It will test if the rkt binary is in the $PATH, and whether we can get the version of it. If so, creates the rkt container runtime, otherwise returns an error.

            func (*Runtime) APIVersion

            func (r *Runtime) APIVersion() (kubecontainer.Version, error)

            func (*Runtime) AttachContainer

            func (r *Runtime) AttachContainer(containerID kubecontainer.ContainerID, stdin io.Reader, stdout, stderr io.WriteCloser, tty bool, resize <-chan term.Size) error

            func (*Runtime) DeleteContainer

            func (r *Runtime) DeleteContainer(containerID kubecontainer.ContainerID) error

            func (*Runtime) ExecInContainer

            func (r *Runtime) ExecInContainer(containerID kubecontainer.ContainerID, cmd []string, stdin io.Reader, stdout, stderr io.WriteCloser, tty bool, resize <-chan term.Size, timeout time.Duration) error

              Note: In rkt, the container ID is in the form of "UUID:appName", where UUID is the rkt UUID, and appName is the container name. TODO(yifan): If the rkt is using lkvm as the stage1 image, then this function will fail.

              func (*Runtime) GarbageCollect

              func (r *Runtime) GarbageCollect(gcPolicy kubecontainer.ContainerGCPolicy, allSourcesReady bool) error

                GarbageCollect collects the pods/containers. After one GC iteration: - The deleted pods will be removed. - If the number of containers exceeds gcPolicy.MaxContainers,

                then containers whose ages are older than gcPolicy.minAge will
                be removed.
                

                func (*Runtime) GetContainerLogs

                func (r *Runtime) GetContainerLogs(pod *v1.Pod, containerID kubecontainer.ContainerID, logOptions *v1.PodLogOptions, stdout, stderr io.Writer) error

                  GetContainerLogs uses rkt's GetLogs API to get the logs of the container. By default, it returns a snapshot of the container log. Set |follow| to true to stream the log. Set |follow| to false and specify the number of lines (e.g. "100" or "all") to tail the log.

                  TODO(yifan): This doesn't work with lkvm stage1 yet.

                  func (*Runtime) GetImageRef

                  func (r *Runtime) GetImageRef(image kubecontainer.ImageSpec) (string, error)

                  func (*Runtime) GetNetNS

                  func (r *Runtime) GetNetNS(containerID kubecontainer.ContainerID) (string, error)

                    GetNetNS returns the network namespace path for the given container

                    func (*Runtime) GetPodContainerID

                    func (r *Runtime) GetPodContainerID(pod *kubecontainer.Pod) (kubecontainer.ContainerID, error)

                    func (*Runtime) GetPodStatus

                    func (r *Runtime) GetPodStatus(uid kubetypes.UID, name, namespace string) (*kubecontainer.PodStatus, error)

                      GetPodStatus returns the status for a pod specified by a given UID, name, and namespace. It will attempt to find pod's information via a request to the rkt api server. An error will be returned if the api server returns an error. If the api server doesn't error, but doesn't provide meaningful information about the pod, a status with no information (other than the passed in arguments) is returned anyways.

                      func (*Runtime) GetPods

                      func (r *Runtime) GetPods(all bool) ([]*kubecontainer.Pod, error)

                        GetPods runs 'rkt list' to get the list of rkt pods. Then it will use the result to construct a list of container runtime pods. If all is false, then only running pods will be returned, otherwise all pods will be returned.

                        func (*Runtime) ImageStats

                        func (r *Runtime) ImageStats() (*kubecontainer.ImageStats, error)

                          ImageStats returns the image stat (total storage bytes).

                          func (*Runtime) KillPod

                          func (r *Runtime) KillPod(pod *v1.Pod, runningPod kubecontainer.Pod, gracePeriodOverride *int64) error

                            KillPod invokes 'systemctl kill' to kill the unit that runs the pod. TODO: add support for gracePeriodOverride which is used in eviction scenarios

                            func (*Runtime) ListImages

                            func (r *Runtime) ListImages() ([]kubecontainer.Image, error)

                              ListImages lists all the available appc images on the machine by invoking 'rkt image list'.

                              func (*Runtime) PortForward

                              func (r *Runtime) PortForward(pod *kubecontainer.Pod, port int32, stream io.ReadWriteCloser) error

                                PortForward executes socat in the pod's network namespace and copies data between stream (representing the user's local connection on their computer) and the specified port in the container.

                                TODO:

                                - match cgroups of container
                                - should we support nsenter + socat on the host? (current impl)
                                - should we support nsenter + socat in a container, running with elevated privs and --pid=host?
                                

                                TODO(yifan): Merge with the same function in dockertools.

                                func (*Runtime) PullImage

                                func (r *Runtime) PullImage(image kubecontainer.ImageSpec, pullSecrets []v1.Secret) (string, error)

                                  PullImage invokes 'rkt fetch' to download an aci. TODO(yifan): Now we only support docker images, this should be changed once the format of image is landed, see:

                                  http://issue.k8s.io/7203

                                  func (*Runtime) RemoveImage

                                  func (r *Runtime) RemoveImage(image kubecontainer.ImageSpec) error

                                    RemoveImage removes an on-disk image using 'rkt image rm'.

                                    func (*Runtime) RunCommand

                                    func (r *Runtime) RunCommand(config *Config, args ...string) ([]string, error)

                                      RunCommand invokes rkt binary with arguments and returns the result from stdout in a list of strings. Each string in the list is a line. If config is non-nil, it will use the given config instead of the config inferred from rkt API service.

                                      func (*Runtime) RunPod

                                      func (r *Runtime) RunPod(pod *v1.Pod, pullSecrets []v1.Secret) error

                                        RunPod first creates the unit file for a pod, and then starts the unit over d-bus.

                                        func (*Runtime) Status

                                        func (r *Runtime) Status() (*kubecontainer.RuntimeStatus, error)

                                          Status returns error if rkt is unhealthy, nil otherwise.

                                          func (*Runtime) SyncPod

                                          func (r *Runtime) SyncPod(pod *v1.Pod, _ v1.PodStatus, podStatus *kubecontainer.PodStatus, pullSecrets []v1.Secret, backOff *flowcontrol.Backoff) (result kubecontainer.PodSyncResult)

                                            SyncPod syncs the running pod to match the specified desired pod.

                                            func (*Runtime) Type

                                            func (r *Runtime) Type() string

                                            func (*Runtime) UpdatePodCIDR

                                            func (r *Runtime) UpdatePodCIDR(podCIDR string) error

                                              UpdatePodCIDR updates the runtimeconfig with the podCIDR. Currently no-ops, just implemented to satisfy the cri.

                                              func (*Runtime) Version

                                              func (r *Runtime) Version() (kubecontainer.Version, error)