Version: v1.19.0 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Aug 20, 2020 License: Apache-2.0 Imports: 28 Imported by: 22




View Source
const DefaultSandboxCPUshares = 2

DefaultSandboxCPUshares is default cpu shares for sandbox container. TODO(windows): Revisit cpu shares for windows (https://github.com/containerd/cri/issues/1297)


This section is empty.


func GetIPCNamespace added in v1.19.0

func GetIPCNamespace(pid uint32) string

GetIPCNamespace returns the ipc namespace of a process.

func GetNetworkNamespace added in v1.19.0

func GetNetworkNamespace(pid uint32) string

GetNetworkNamespace returns the network namespace of a process.

func GetPIDNamespace added in v1.19.0

func GetPIDNamespace(pid uint32) string

GetPIDNamespace returns the pid namespace of a process.

func GetUTSNamespace added in v1.19.0

func GetUTSNamespace(pid uint32) string

GetUTSNamespace returns the uts namespace of a process.

func IsCgroup2UnifiedMode added in v1.19.0

func IsCgroup2UnifiedMode() bool

IsCgroup2UnifiedMode returns whether we are running in cgroup v2 unified mode.

func WithAdditionalGIDs added in v1.19.0

func WithAdditionalGIDs(userstr string) oci.SpecOpts

WithAdditionalGIDs adds any additional groups listed for a particular user in the /etc/groups file of the image's root filesystem to the OCI spec's additionalGids array.

func WithAnnotation added in v1.19.0

func WithAnnotation(k, v string) oci.SpecOpts

WithAnnotation sets the provided annotation

func WithCapabilities added in v1.19.0

func WithCapabilities(sc *runtime.LinuxContainerSecurityContext) oci.SpecOpts

WithCapabilities sets the provided capabilties from the security context

func WithContainerdShimCgroup

func WithContainerdShimCgroup(path string) containerd.NewTaskOpts

WithContainerdShimCgroup returns function that sets the containerd shim cgroup path

func WithDefaultSandboxShares added in v1.19.0

func WithDefaultSandboxShares(ctx context.Context, client oci.Client, c *containers.Container, s *runtimespec.Spec) error

WithDefaultSandboxShares sets the default sandbox CPU shares

func WithDevices added in v1.19.0

func WithDevices(osi osinterface.OS, config *runtime.ContainerConfig) oci.SpecOpts

WithDevices sets the provided devices onto the container spec

func WithDisabledCgroups added in v1.19.0

func WithDisabledCgroups(_ context.Context, _ oci.Client, c *containers.Container, s *runtimespec.Spec) error

WithDisabledCgroups clears the Cgroups Path from the spec

func WithMounts added in v1.19.0

func WithMounts(osi osinterface.OS, config *runtime.ContainerConfig, extra []*runtime.Mount, mountLabel string) oci.SpecOpts

WithMounts sorts and adds runtime and CRI mounts to the spec

func WithNewSnapshot

func WithNewSnapshot(id string, i containerd.Image) containerd.NewContainerOpts

WithNewSnapshot wraps `containerd.WithNewSnapshot` so that if creating the snapshot fails we make sure the image is actually unpacked and and retry.

func WithOOMScoreAdj added in v1.19.0

func WithOOMScoreAdj(config *runtime.ContainerConfig, restrict bool) oci.SpecOpts

WithOOMScoreAdj sets the oom score

func WithPodNamespaces added in v1.19.0

func WithPodNamespaces(config *runtime.LinuxContainerSecurityContext, pid uint32) oci.SpecOpts

WithPodNamespaces sets the pod namespaces for the container

func WithPodOOMScoreAdj added in v1.19.0

func WithPodOOMScoreAdj(adj int, restrict bool) oci.SpecOpts

WithPodOOMScoreAdj sets the oom score for the pod sandbox

func WithProcessArgs added in v1.19.0

func WithProcessArgs(config *runtime.ContainerConfig, image *imagespec.ImageConfig) oci.SpecOpts

WithProcessArgs sets the process args on the spec based on the image and runtime config

func WithRelativeRoot added in v1.19.0

func WithRelativeRoot(root string) oci.SpecOpts

WithRelativeRoot sets the root for the container

func WithResources added in v1.19.0

func WithResources(resources *runtime.LinuxContainerResources, tolerateMissingHugetlbController, disableHugetlbController bool) oci.SpecOpts

WithResources sets the provided resource restrictions

func WithSelinuxLabels added in v1.19.0

func WithSelinuxLabels(process, mount string) oci.SpecOpts

WithSelinuxLabels sets the mount and process labels

func WithSupplementalGroups added in v1.19.0

func WithSupplementalGroups(groups []int64) oci.SpecOpts

WithSupplementalGroups sets the supplemental groups for the process

func WithSysctls added in v1.19.0

func WithSysctls(sysctls map[string]string) oci.SpecOpts

WithSysctls sets the provided sysctls onto the spec

func WithVolumes

func WithVolumes(volumeMounts map[string]string) containerd.NewContainerOpts

WithVolumes copies ownership of volume in rootfs to its corresponding host path. It doesn't update runtime spec. The passed in map is a host path to container path map for all volumes.

func WithoutAmbientCaps added in v1.19.0

func WithoutAmbientCaps(_ context.Context, _ oci.Client, c *containers.Container, s *runtimespec.Spec) error

WithoutAmbientCaps removes the ambient caps from the spec

func WithoutDefaultSecuritySettings added in v1.19.0

func WithoutDefaultSecuritySettings(_ context.Context, _ oci.Client, c *containers.Container, s *runtimespec.Spec) error

WithoutDefaultSecuritySettings removes the default security settings generated on a spec

func WithoutNamespace added in v1.19.0

func WithoutNamespace(t runtimespec.LinuxNamespaceType) oci.SpecOpts

WithoutNamespace removes the provided namespace

func WithoutRoot added in v1.19.0

func WithoutRoot(ctx context.Context, client oci.Client, c *containers.Container, s *runtimespec.Spec) error

WithoutRoot sets the root to nil for the container.

func WithoutRunMount added in v1.19.0

func WithoutRunMount(_ context.Context, _ oci.Client, c *containers.Container, s *runtimespec.Spec) error

WithoutRunMount removes the `/run` inside the spec


This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL