opts

package
v1.6.0-beta.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 6, 2022 License: Apache-2.0 Imports: 28 Imported by: 4

Documentation

Index

Constants

View Source
const DefaultSandboxCPUshares = 2

DefaultSandboxCPUshares is default cpu shares for sandbox container. TODO(windows): Revisit cpu shares for windows (https://github.com/containerd/cri/issues/1297)

Variables

This section is empty.

Functions

func GetIPCNamespace

func GetIPCNamespace(pid uint32) string

GetIPCNamespace returns the ipc namespace of a process.

func GetNetworkNamespace

func GetNetworkNamespace(pid uint32) string

GetNetworkNamespace returns the network namespace of a process.

func GetPIDNamespace

func GetPIDNamespace(pid uint32) string

GetPIDNamespace returns the pid namespace of a process.

func GetUTSNamespace

func GetUTSNamespace(pid uint32) string

GetUTSNamespace returns the uts namespace of a process.

func IsCgroup2UnifiedMode

func IsCgroup2UnifiedMode() bool

IsCgroup2UnifiedMode returns whether we are running in cgroup v2 unified mode.

func WithAdditionalGIDs

func WithAdditionalGIDs(userstr string) oci.SpecOpts

WithAdditionalGIDs adds any additional groups listed for a particular user in the /etc/groups file of the image's root filesystem to the OCI spec's additionalGids array.

func WithAnnotation

func WithAnnotation(k, v string) oci.SpecOpts

WithAnnotation sets the provided annotation

func WithCapabilities

func WithCapabilities(sc *runtime.LinuxContainerSecurityContext, allCaps []string) oci.SpecOpts

WithCapabilities sets the provided capabilities from the security context

func WithContainerdShimCgroup

func WithContainerdShimCgroup(path string) containerd.NewTaskOpts

WithContainerdShimCgroup returns function that sets the containerd shim cgroup path

func WithDefaultSandboxShares

func WithDefaultSandboxShares(ctx context.Context, client oci.Client, c *containers.Container, s *runtimespec.Spec) error

WithDefaultSandboxShares sets the default sandbox CPU shares

func WithDevices

func WithDevices(osi osinterface.OS, config *runtime.ContainerConfig, enableDeviceOwnershipFromSecurityContext bool) oci.SpecOpts

WithDevices sets the provided devices onto the container spec

func WithDisabledCgroups

func WithDisabledCgroups(_ context.Context, _ oci.Client, c *containers.Container, s *runtimespec.Spec) error

WithDisabledCgroups clears the Cgroups Path from the spec

func WithMounts

func WithMounts(osi osinterface.OS, config *runtime.ContainerConfig, extra []*runtime.Mount, mountLabel string) oci.SpecOpts

WithMounts sorts and adds runtime and CRI mounts to the spec

func WithNewSnapshot

func WithNewSnapshot(id string, i containerd.Image, opts ...snapshots.Opt) containerd.NewContainerOpts

WithNewSnapshot wraps `containerd.WithNewSnapshot` so that if creating the snapshot fails we make sure the image is actually unpacked and and retry.

func WithOOMScoreAdj

func WithOOMScoreAdj(config *runtime.ContainerConfig, restrict bool) oci.SpecOpts

WithOOMScoreAdj sets the oom score

func WithPodNamespaces

func WithPodNamespaces(config *runtime.LinuxContainerSecurityContext, sandboxPid uint32, targetPid uint32) oci.SpecOpts

WithPodNamespaces sets the pod namespaces for the container

func WithPodOOMScoreAdj

func WithPodOOMScoreAdj(adj int, restrict bool) oci.SpecOpts

WithPodOOMScoreAdj sets the oom score for the pod sandbox

func WithProcessArgs

func WithProcessArgs(config *runtime.ContainerConfig, image *imagespec.ImageConfig) oci.SpecOpts

WithProcessArgs sets the process args on the spec based on the image and runtime config

func WithRelativeRoot

func WithRelativeRoot(root string) oci.SpecOpts

WithRelativeRoot sets the root for the container

func WithResources

func WithResources(resources *runtime.LinuxContainerResources, tolerateMissingHugetlbController, disableHugetlbController bool) oci.SpecOpts

WithResources sets the provided resource restrictions

func WithSelinuxLabels

func WithSelinuxLabels(process, mount string) oci.SpecOpts

WithSelinuxLabels sets the mount and process labels

func WithSupplementalGroups

func WithSupplementalGroups(groups []int64) oci.SpecOpts

WithSupplementalGroups sets the supplemental groups for the process

func WithSysctls

func WithSysctls(sysctls map[string]string) oci.SpecOpts

WithSysctls sets the provided sysctls onto the spec

func WithVolumes

func WithVolumes(volumeMounts map[string]string) containerd.NewContainerOpts

WithVolumes copies ownership of volume in rootfs to its corresponding host path. It doesn't update runtime spec. The passed in map is a host path to container path map for all volumes.

func WithoutAmbientCaps

func WithoutAmbientCaps(_ context.Context, _ oci.Client, c *containers.Container, s *runtimespec.Spec) error

WithoutAmbientCaps removes the ambient caps from the spec

func WithoutDefaultSecuritySettings

func WithoutDefaultSecuritySettings(_ context.Context, _ oci.Client, c *containers.Container, s *runtimespec.Spec) error

WithoutDefaultSecuritySettings removes the default security settings generated on a spec

func WithoutNamespace

func WithoutNamespace(t runtimespec.LinuxNamespaceType) oci.SpecOpts

WithoutNamespace removes the provided namespace

func WithoutRoot

func WithoutRoot(ctx context.Context, client oci.Client, c *containers.Container, s *runtimespec.Spec) error

WithoutRoot sets the root to nil for the container.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL