server

package

v0.0.0 Latest Latest Go to latest Published: Jan 2, 2017 License: Apache-2.0 Imports: 34 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/dongsupark/cri-o

Links

Open Source Insights

Documentation ¶

Index ¶

Constants
func SysctlsFromPodAnnotations(a map[string]string) ([]Sysctl, []Sysctl, error)
type APIConfig
type Config
- func (c *Config) FromFile(path string) error
- func (c *Config) ToFile(path string) error
type ImageConfig
type NetworkConfig
type RootConfig
type RuntimeConfig
type Server
- func New(config *Config) (*Server, error)
type Sysctl
- func SysctlsFromPodAnnotation(annotation string) ([]Sysctl, error)

Constants ¶

View Source

const (
	// SysctlsPodAnnotationKey represents the key of sysctls which are set for the infrastructure
	// container of a pod. The annotation value is a comma separated list of sysctl_name=value
	// key-value pairs. Only a limited set of whitelisted and isolated sysctls is supported by
	// the kubelet. Pods with other sysctls will fail to launch.
	SysctlsPodAnnotationKey string = "security.alpha.kubernetes.io/sysctls"

	// UnsafeSysctlsPodAnnotationKey represents the key of sysctls which are set for the infrastructure
	// container of a pod. The annotation value is a comma separated list of sysctl_name=value
	// key-value pairs. Unsafe sysctls must be explicitly enabled for a kubelet. They are properly
	// namespaced to a pod or a container, but their isolation is usually unclear or weak. Their use
	// is at-your-own-risk. Pods that attempt to set an unsafe sysctl that is not enabled for a kubelet
	// will fail to launch.
	UnsafeSysctlsPodAnnotationKey string = "security.alpha.kubernetes.io/unsafe-sysctls"
)

View Source

const (
	// SeccompModeFilter refers to the syscall argument SECCOMP_MODE_FILTER.
	SeccompModeFilter = uintptr(2)
)

Variables ¶

This section is empty.

Functions ¶

func SysctlsFromPodAnnotations ¶

func SysctlsFromPodAnnotations(a map[string]string) ([]Sysctl, []Sysctl, error)

SysctlsFromPodAnnotations parses the sysctl annotations into a slice of safe Sysctls and a slice of unsafe Sysctls. This is only a convenience wrapper around SysctlsFromPodAnnotation.

Types ¶

type APIConfig ¶

type APIConfig struct {
	// Listen is the path to the AF_LOCAL socket on which cri-o will listen.
	// This may support proto://addr formats later, but currently this is just
	// a path.
	Listen string `toml:"listen"`
}

APIConfig represents the "ocid.api" TOML config table.

type Config ¶

type Config struct {
	RootConfig
	APIConfig
	RuntimeConfig
	ImageConfig
	NetworkConfig
}

Config represents the entire set of configuration values that can be set for the server. This is intended to be loaded from a toml-encoded config file.

func (*Config) FromFile ¶

func (c *Config) FromFile(path string) error

FromFile populates the Config from the TOML-encoded file at the given path. Returns errors encountered when reading or parsing the files, or nil otherwise.

func (*Config) ToFile ¶

func (c *Config) ToFile(path string) error

ToFile outputs the given Config as a TOML-encoded file at the given path. Returns errors encountered when generating or writing the file, or nil otherwise.

type ImageConfig ¶

type ImageConfig struct {
	// Pause is the path to the statically linked pause container binary, used
	// as the entrypoint for infra containers.
	//
	// TODO(cyphar): This should be replaced with a path to an OCI image
	// bundle, once the OCI image/storage code has been implemented.
	Pause string `toml:"pause"`

	// ImageStore is the directory where the ocid image store will be stored.
	// TODO: This is currently not really used because we don't have
	//       containers/storage integrated.
	ImageDir string `toml:"image_dir"`
}

ImageConfig represents the "ocid.image" TOML config table.

type NetworkConfig ¶

type NetworkConfig struct {
	// NetworkDir is where CNI network configuration files are stored.
	NetworkDir string `toml:"network_dir"`

	// PluginDir is where CNI plugin binaries are stored.
	PluginDir string `toml:"plugin_dir"`
}

NetworkConfig represents the "ocid.network" TOML config table

type RootConfig ¶

type RootConfig struct {
	// Root is a path to the "root directory" where all information not
	// explicitly handled by other options will be stored.
	Root string `toml:"root"`

	// SandboxDir is the directory where ocid will store all of its sandbox
	// state and other information.
	SandboxDir string `toml:"sandbox_dir"`

	// ContainerDir is the directory where ocid will store all of its container
	// state and other information.
	ContainerDir string `toml:"container_dir"`

	// LogDir is the default log directory were all logs will go unless kubelet
	// tells us to put them somewhere else.
	//
	// TODO: This is currently unused until the conmon logging rewrite is done.
	LogDir string `toml:"log_dir"`
}

RootConfig represents the root of the "ocid" TOML config table.

type RuntimeConfig ¶

type RuntimeConfig struct {
	// Runtime is a path to the OCI runtime which ocid will be using. Currently
	// the only known working choice is runC, simply because the OCI has not
	// yet merged a CLI API (so we assume runC's API here).
	Runtime string `toml:"runtime"`

	// Conmon is the path to conmon binary, used for managing the runtime.
	Conmon string `toml:"conmon"`

	// ConmonEnv is the environment variable list for conmon process.
	ConmonEnv []string `toml:"conmon_env"`

	// SELinux determines whether or not SELinux is used for pod separation.
	SELinux bool `toml:"selinux"`

	// SeccompProfile is the seccomp json profile path which is used as the
	// default for the runtime.
	SeccompProfile string `toml:"seccomp_profile"`

	// ApparmorProfile is the apparmor profile name which is used as the
	// default for the runtime.
	ApparmorProfile string `toml:"apparmor_profile"`

	// CgroupManager is the manager implementation name which is used to
	// handle cgroups for containers.
	CgroupManager string `toml:"cgroup_manager"`
}

RuntimeConfig represents the "ocid.runtime" TOML config table.

type Server ¶

type Server struct {
	// contains filtered or unexported fields
}

Server implements the RuntimeService and ImageService

func New ¶

func New(config *Config) (*Server, error)

New creates a new Server with options provided

func (*Server) Attach ¶

func (s *Server) Attach(ctx context.Context, req *pb.AttachRequest) (*pb.AttachResponse, error)

Attach prepares a streaming endpoint to attach to a running container.

func (*Server) ContainerStatus ¶

func (s *Server) ContainerStatus(ctx context.Context, req *pb.ContainerStatusRequest) (*pb.ContainerStatusResponse, error)

ContainerStatus returns status of the container.

func (*Server) CreateContainer ¶

func (s *Server) CreateContainer(ctx context.Context, req *pb.CreateContainerRequest) (res *pb.CreateContainerResponse, err error)

CreateContainer creates a new container in specified PodSandbox

func (*Server) Exec ¶

func (s *Server) Exec(ctx context.Context, req *pb.ExecRequest) (*pb.ExecResponse, error)

Exec prepares a streaming endpoint to execute a command in the container.

func (*Server) ExecSync ¶

func (s *Server) ExecSync(ctx context.Context, req *pb.ExecSyncRequest) (*pb.ExecSyncResponse, error)

ExecSync runs a command in a container synchronously.

func (*Server) ImageStatus ¶

func (s *Server) ImageStatus(ctx context.Context, req *pb.ImageStatusRequest) (*pb.ImageStatusResponse, error)

ImageStatus returns the status of the image.

func (*Server) ListContainers ¶

func (s *Server) ListContainers(ctx context.Context, req *pb.ListContainersRequest) (*pb.ListContainersResponse, error)

ListContainers lists all containers by filters.

func (*Server) ListImages ¶

func (s *Server) ListImages(ctx context.Context, req *pb.ListImagesRequest) (*pb.ListImagesResponse, error)

ListImages lists existing images.

func (*Server) ListPodSandbox ¶

func (s *Server) ListPodSandbox(ctx context.Context, req *pb.ListPodSandboxRequest) (*pb.ListPodSandboxResponse, error)

ListPodSandbox returns a list of SandBoxes.

func (*Server) PodSandboxStatus ¶

func (s *Server) PodSandboxStatus(ctx context.Context, req *pb.PodSandboxStatusRequest) (*pb.PodSandboxStatusResponse, error)

PodSandboxStatus returns the Status of the PodSandbox.

func (*Server) PortForward ¶

func (s *Server) PortForward(ctx context.Context, req *pb.PortForwardRequest) (*pb.PortForwardResponse, error)

PortForward prepares a streaming endpoint to forward ports from a PodSandbox.

func (*Server) PullImage ¶

func (s *Server) PullImage(ctx context.Context, req *pb.PullImageRequest) (*pb.PullImageResponse, error)

PullImage pulls a image with authentication config.

func (*Server) RemoveContainer ¶

func (s *Server) RemoveContainer(ctx context.Context, req *pb.RemoveContainerRequest) (*pb.RemoveContainerResponse, error)

RemoveContainer removes the container. If the container is running, the container should be force removed.

func (*Server) RemoveImage ¶

func (s *Server) RemoveImage(ctx context.Context, req *pb.RemoveImageRequest) (*pb.RemoveImageResponse, error)

RemoveImage removes the image.

func (*Server) RemovePodSandbox ¶

func (s *Server) RemovePodSandbox(ctx context.Context, req *pb.RemovePodSandboxRequest) (*pb.RemovePodSandboxResponse, error)

RemovePodSandbox deletes the sandbox. If there are any running containers in the sandbox, they should be force deleted.

func (*Server) RunPodSandbox ¶

func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest) (resp *pb.RunPodSandboxResponse, err error)

RunPodSandbox creates and runs a pod-level sandbox.

func (*Server) StartContainer ¶

func (s *Server) StartContainer(ctx context.Context, req *pb.StartContainerRequest) (*pb.StartContainerResponse, error)

StartContainer starts the container.

func (*Server) Status ¶

func (s *Server) Status(ctx context.Context, req *pb.StatusRequest) (*pb.StatusResponse, error)

Status returns the status of the runtime

func (*Server) StopContainer ¶

func (s *Server) StopContainer(ctx context.Context, req *pb.StopContainerRequest) (*pb.StopContainerResponse, error)

StopContainer stops a running container with a grace period (i.e., timeout).

func (*Server) StopPodSandbox ¶

func (s *Server) StopPodSandbox(ctx context.Context, req *pb.StopPodSandboxRequest) (*pb.StopPodSandboxResponse, error)

StopPodSandbox stops the sandbox. If there are any running containers in the sandbox, they should be force terminated.

func (*Server) UpdateRuntimeConfig ¶

func (s *Server) UpdateRuntimeConfig(ctx context.Context, req *pb.UpdateRuntimeConfigRequest) (*pb.UpdateRuntimeConfigResponse, error)

UpdateRuntimeConfig updates the configuration of a running container.

func (*Server) Version ¶

func (s *Server) Version(ctx context.Context, req *pb.VersionRequest) (*pb.VersionResponse, error)

Version returns the runtime name, runtime version and runtime API version

type Sysctl ¶

type Sysctl struct {
	// Name of a property to set
	Name string `json:"name"`
	// Value of a property to set
	Value string `json:"value"`
}

Sysctl defines a kernel parameter to be set

func SysctlsFromPodAnnotation ¶

func SysctlsFromPodAnnotation(annotation string) ([]Sysctl, error)

SysctlsFromPodAnnotation parses an annotation value into a slice of Sysctls.

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
apparmor
seccomp

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL