rkt

package
v1.2.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 22, 2016 License: Apache-2.0 Imports: 39 Imported by: 0

Documentation

Overview

Package rkt contains the Containerruntime interface implementation for rkt.

This file contains all image related functions for rkt runtime.

Index

Constants

View Source
const (
	CAP_CHOWN = iota
	CAP_DAC_OVERRIDE
	CAP_DAC_READ_SEARCH
	CAP_FOWNER
	CAP_FSETID
	CAP_KILL
	CAP_SETGID
	CAP_SETUID
	CAP_SETPCAP
	CAP_LINUX_IMMUTABLE
	CAP_NET_BIND_SERVICE
	CAP_NET_BROADCAST
	CAP_NET_ADMIN
	CAP_NET_RAW
	CAP_IPC_LOCK
	CAP_IPC_OWNER
	CAP_SYS_MODULE
	CAP_SYS_RAWIO
	CAP_SYS_CHROOT
	CAP_SYS_PTRACE
	CAP_SYS_PACCT
	CAP_SYS_ADMIN
	CAP_SYS_BOOT
	CAP_SYS_NICE
	CAP_SYS_RESOURCE
	CAP_SYS_TIME
	CAP_SYS_TTY_CONFIG
	CAP_MKNOD
	CAP_LEASE
	CAP_AUDIT_WRITE
	CAP_AUDIT_CONTROL
	CAP_SETFCAP
	CAP_MAC_OVERRIDE
	CAP_MAC_ADMIN
	CAP_SYSLOG
	CAP_WAKE_ALARM
	CAP_BLOCK_SUSPEND
	CAP_AUDIT_READ
)

TODO(yifan): Export this to higher level package.

View Source
const (
	RktType = "rkt"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Config

type Config struct {
	// The absolute path to the binary, or leave empty to find it in $PATH.
	Path string
	// The image to use as stage1.
	Stage1Image string
	// The debug flag for rkt.
	Debug bool
	// The rkt data directory.
	Dir string
	// Comma-separated list of security features to disable.
	// Allowed values: "none", "image", "tls", "ondisk", "http", "all".
	InsecureOptions string
	// The local config directory.
	LocalConfigDir string
}

Config stores the global configuration for the rkt runtime. Detailed documents can be found at: https://github.com/coreos/rkt/blob/master/Documentation/commands.md#global-options

type Runtime added in v1.2.0

type Runtime struct {
	// contains filtered or unexported fields
}

Runtime implements the Containerruntime for rkt. The implementation uses systemd, so in order to run this runtime, systemd must be installed on the machine.

func New

func New(config *Config,
	runtimeHelper kubecontainer.RuntimeHelper,
	recorder record.EventRecorder,
	containerRefManager *kubecontainer.RefManager,
	livenessManager proberesults.Manager,
	volumeGetter volumeGetter,
	imageBackOff *util.Backoff,
	serializeImagePulls bool,
) (*Runtime, error)

New creates the rkt container runtime which implements the container runtime interface. It will test if the rkt binary is in the $PATH, and whether we can get the version of it. If so, creates the rkt container runtime, otherwise returns an error.

func (*Runtime) APIVersion added in v1.2.0

func (r *Runtime) APIVersion() (kubecontainer.Version, error)

func (*Runtime) AttachContainer added in v1.2.0

func (r *Runtime) AttachContainer(containerID kubecontainer.ContainerID, stdin io.Reader, stdout, stderr io.WriteCloser, tty bool) error

func (*Runtime) ExecInContainer added in v1.2.0

func (r *Runtime) ExecInContainer(containerID kubecontainer.ContainerID, cmd []string, stdin io.Reader, stdout, stderr io.WriteCloser, tty bool) error

Note: In rkt, the container ID is in the form of "UUID:appName", where UUID is the rkt UUID, and appName is the container name. TODO(yifan): If the rkt is using lkvm as the stage1 image, then this function will fail.

func (*Runtime) GarbageCollect added in v1.2.0

func (r *Runtime) GarbageCollect(gcPolicy kubecontainer.ContainerGCPolicy) error

GarbageCollect collects the pods/containers. TODO(yifan): Enforce the gc policy, also, it would be better if we can just GC kubernetes pods.

func (*Runtime) GetContainerLogs added in v1.2.0

func (r *Runtime) GetContainerLogs(pod *api.Pod, containerID kubecontainer.ContainerID, logOptions *api.PodLogOptions, stdout, stderr io.Writer) error

GetContainerLogs uses journalctl to get the logs of the container. By default, it returns a snapshot of the container log. Set |follow| to true to stream the log. Set |follow| to false and specify the number of lines (e.g. "100" or "all") to tail the log.

In rkt runtime's implementation, per container log is get via 'journalctl -m _HOSTNAME=[rkt-$UUID] -u [APP_NAME]'. See https://github.com/coreos/rkt/blob/master/Documentation/commands.md#logging for more details.

TODO(yifan): If the rkt is using lkvm as the stage1 image, then this function will fail.

func (*Runtime) GetPodStatus added in v1.2.0

func (r *Runtime) GetPodStatus(uid types.UID, name, namespace string) (*kubecontainer.PodStatus, error)

func (*Runtime) GetPods added in v1.2.0

func (r *Runtime) GetPods(all bool) ([]*kubecontainer.Pod, error)

GetPods runs 'systemctl list-unit' and 'rkt list' to get the list of rkt pods. Then it will use the result to construct a list of container runtime pods. If all is false, then only running pods will be returned, otherwise all pods will be returned.

func (*Runtime) IsImagePresent added in v1.2.0

func (r *Runtime) IsImagePresent(image kubecontainer.ImageSpec) (bool, error)

func (*Runtime) KillPod added in v1.2.0

func (r *Runtime) KillPod(pod *api.Pod, runningPod kubecontainer.Pod) error

KillPod invokes 'systemctl kill' to kill the unit that runs the pod. TODO(yifan): Handle network plugin.

func (*Runtime) ListImages added in v1.2.0

func (r *Runtime) ListImages() ([]kubecontainer.Image, error)

ListImages lists all the available appc images on the machine by invoking 'rkt image list'.

func (*Runtime) PortForward added in v1.2.0

func (r *Runtime) PortForward(pod *kubecontainer.Pod, port uint16, stream io.ReadWriteCloser) error

PortForward executes socat in the pod's network namespace and copies data between stream (representing the user's local connection on their computer) and the specified port in the container.

TODO:

  • match cgroups of container
  • should we support nsenter + socat on the host? (current impl)
  • should we support nsenter + socat in a container, running with elevated privs and --pid=host?

TODO(yifan): Merge with the same function in dockertools. TODO(yifan): If the rkt is using lkvm as the stage1 image, then this function will fail.

func (*Runtime) PullImage added in v1.2.0

func (r *Runtime) PullImage(image kubecontainer.ImageSpec, pullSecrets []api.Secret) error

PullImage invokes 'rkt fetch' to download an aci. TODO(yifan): Now we only support docker images, this should be changed once the format of image is landed, see:

http://issue.k8s.io/7203

func (*Runtime) RemoveImage added in v1.2.0

func (r *Runtime) RemoveImage(image kubecontainer.ImageSpec) error

RemoveImage removes an on-disk image using 'rkt image rm'.

func (*Runtime) RunInContainer added in v1.2.0

func (r *Runtime) RunInContainer(containerID kubecontainer.ContainerID, cmd []string) ([]byte, error)

Note: In rkt, the container ID is in the form of "UUID:appName", where appName is the container name. TODO(yifan): If the rkt is using lkvm as the stage1 image, then this function will fail.

func (*Runtime) RunPod added in v1.2.0

func (r *Runtime) RunPod(pod *api.Pod, pullSecrets []api.Secret) error

RunPod first creates the unit file for a pod, and then starts the unit over d-bus.

func (*Runtime) Status added in v1.2.0

func (r *Runtime) Status() error

Status returns error if rkt is unhealthy, nil otherwise.

func (*Runtime) SyncPod added in v1.2.0

func (r *Runtime) SyncPod(pod *api.Pod, podStatus api.PodStatus, internalPodStatus *kubecontainer.PodStatus, pullSecrets []api.Secret, backOff *util.Backoff) (result kubecontainer.PodSyncResult)

SyncPod syncs the running pod to match the specified desired pod.

func (*Runtime) Type added in v1.2.0

func (r *Runtime) Type() string

func (*Runtime) Version added in v1.2.0

func (r *Runtime) Version() (kubecontainer.Version, error)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL