container

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 11, 2026 License: MIT Imports: 33 Imported by: 0

Documentation

Overview

Package container provides an abstraction over container runtimes. It supports Docker and Apple's container tool, with automatic detection.

Index

Constants

This section is empty.

Variables

View Source 
var ErrGVisorNotAvailable = errors.New(`gVisor (runsc) is required but not available

To install on Linux (Debian/Ubuntu), copy and run:

  curl -fsSL https://gvisor.dev/archive.key | sudo gpg --dearmor -o /usr/share/keyrings/gvisor.gpg && \
    echo "deb [signed-by=/usr/share/keyrings/gvisor.gpg] https://storage.googleapis.com/gvisor/releases release main" | \
    sudo tee /etc/apt/sources.list.d/gvisor.list && \
    sudo apt update && sudo apt install -y runsc && \
    sudo runsc install && \
    sudo systemctl reload docker

For Docker Desktop (macOS/Windows):
  See https://gvisor.dev/docs/user_guide/install/

To bypass (reduced isolation):
  moat run --no-sandbox`)

ErrGVisorNotAvailable is returned when gVisor is required but not installed.

Functions

func BuildCreateArgs 

func BuildCreateArgs(cfg Config) ([]string, error)

BuildCreateArgs is exported for testing.

func DefaultDNS 

func DefaultDNS(dns []string) []string

DefaultDNS returns the default DNS servers if the provided list is empty. Uses Google DNS (8.8.8.8, 8.8.4.4) as a reliable fallback since container runtime defaults often don't work (e.g., Apple container gateway DNS).

func GVisorAvailable deprecated 

func GVisorAvailable(ctx context.Context) bool

GVisorAvailable checks if runsc is configured as a Docker runtime. Returns true if Docker reports "runsc" in its available runtimes.

Deprecated: This function creates a new Docker client on each call, which is inefficient. Use DockerRuntime.gvisorAvailable() instead, which caches the result after the first check. This function is kept for backward compatibility with existing tests.

func IsAppleSilicon 

func IsAppleSilicon() bool

IsAppleSilicon returns true if running on Apple Silicon.

Types

type AppleRuntime 

type AppleRuntime struct {
	// contains filtered or unexported fields
}

AppleRuntime implements Runtime using Apple's container CLI tool.

func NewAppleRuntime 

func NewAppleRuntime() (*AppleRuntime, error)

NewAppleRuntime creates a new Apple container runtime.

func (*AppleRuntime) Attach 

func (r *AppleRuntime) Attach(ctx context.Context, containerID string, opts AttachOptions) error

Attach connects stdin/stdout/stderr to a running container.

func (*AppleRuntime) BuildManager 

func (r *AppleRuntime) BuildManager() BuildManager

BuildManager returns the Apple build manager.

func (*AppleRuntime) Close 

func (r *AppleRuntime) Close() error

Close is a no-op for Apple container (no persistent connection).

func (*AppleRuntime) ContainerLogs 

func (r *AppleRuntime) ContainerLogs(ctx context.Context, containerID string) (io.ReadCloser, error)

ContainerLogs returns a reader for the container's logs (follows output).

func (*AppleRuntime) ContainerLogsAll 

func (r *AppleRuntime) ContainerLogsAll(ctx context.Context, containerID string) ([]byte, error)

ContainerLogsAll returns all logs from a container (does not follow).

func (*AppleRuntime) ContainerState 

func (r *AppleRuntime) ContainerState(ctx context.Context, containerID string) (string, error)

ContainerState returns the state of a container ("running", "exited", "created", etc). Returns an error if the container doesn't exist.

func (*AppleRuntime) CreateContainer 

func (r *AppleRuntime) CreateContainer(ctx context.Context, cfg Config) (string, error)

CreateContainer creates a new Apple container without starting it. The container can later be started with StartContainer (non-interactive) or StartAttached (interactive with TTY).

func (*AppleRuntime) GetHostAddress 

func (r *AppleRuntime) GetHostAddress() string

GetHostAddress returns the gateway IP for containers to reach the host.

func (*AppleRuntime) GetPortBindings 

func (r *AppleRuntime) GetPortBindings(ctx context.Context, containerID string) (map[int]int, error)

GetPortBindings returns the actual host ports assigned to container ports.

func (*AppleRuntime) ListContainers 

func (r *AppleRuntime) ListContainers(ctx context.Context) ([]Info, error)

ListContainers returns all moat containers.

func (*AppleRuntime) ListImages 

func (r *AppleRuntime) ListImages(ctx context.Context) ([]ImageInfo, error)

ListImages returns all moat-managed images.

func (*AppleRuntime) NetworkManager 

func (r *AppleRuntime) NetworkManager() NetworkManager

NetworkManager returns the Apple network manager.

func (*AppleRuntime) Ping 

func (r *AppleRuntime) Ping(ctx context.Context) error

Ping verifies the Apple container system is running.

func (*AppleRuntime) RemoveContainer 

func (r *AppleRuntime) RemoveContainer(ctx context.Context, containerID string) error

RemoveContainer removes a container.

func (*AppleRuntime) RemoveImage 

func (r *AppleRuntime) RemoveImage(ctx context.Context, id string) error

RemoveImage removes an image by ID or tag.

func (*AppleRuntime) ResizeTTY 

func (r *AppleRuntime) ResizeTTY(ctx context.Context, containerID string, height, width uint) error

ResizeTTY resizes the container's TTY to the given dimensions. Note: Apple container CLI may not support dynamic resize.

func (*AppleRuntime) ServiceManager 

func (r *AppleRuntime) ServiceManager() ServiceManager

ServiceManager returns the Apple service manager.

func (*AppleRuntime) SetupFirewall 

func (r *AppleRuntime) SetupFirewall(ctx context.Context, containerID string, proxyHost string, proxyPort int) error

SetupFirewall configures iptables to block all outbound traffic except to the proxy. The proxyHost parameter is accepted for interface consistency but not used in the iptables rules. This is intentional: the gateway IP can vary between container networks. The security model relies on per-run proxy authentication (cryptographic token in HTTP_PROXY URL) rather than IP filtering. This is more robust than IP-based filtering and prevents unauthorized access even if another service runs on the same port.

func (*AppleRuntime) SidecarManager 

func (r *AppleRuntime) SidecarManager() SidecarManager

SidecarManager returns nil - Apple containers don't support sidecars.

func (*AppleRuntime) StartAttached 

func (r *AppleRuntime) StartAttached(ctx context.Context, containerID string, opts AttachOptions) error

StartAttached starts a container with stdin/stdout/stderr already attached. This is required for TUI applications that need the terminal connected before the process starts.

Uses `container start --attach` which starts the container and attaches to its primary process. The ENTRYPOINT handles any initialization (SSH agent bridge setup, config file copying, privilege dropping via gosu).

The Apple container CLI requires real PTY file descriptors for stdout/stderr. To allow callers to intercept output (e.g., for a status bar), we create a PTY pair and copy data from the PTY master to the provided writers.

func (*AppleRuntime) StartContainer 

func (r *AppleRuntime) StartContainer(ctx context.Context, containerID string) error

StartContainer starts a created or stopped container.

func (*AppleRuntime) StopContainer 

func (r *AppleRuntime) StopContainer(ctx context.Context, containerID string) error

StopContainer stops a running container.

func (*AppleRuntime) SupportsHostNetwork 

func (r *AppleRuntime) SupportsHostNetwork() bool

SupportsHostNetwork returns false - Apple containers don't support host network mode.

func (*AppleRuntime) Type 

func (r *AppleRuntime) Type() RuntimeType

Type returns RuntimeApple.

func (*AppleRuntime) WaitContainer 

func (r *AppleRuntime) WaitContainer(ctx context.Context, containerID string) (int64, error)

WaitContainer blocks until the container exits and returns the exit code.

type AttachOptions 

type AttachOptions struct {
	Stdin  io.Reader // If non-nil, forward input to container
	Stdout io.Writer // If non-nil, receive stdout from container
	Stderr io.Writer // If non-nil, receive stderr from container (may be same as Stdout)
	TTY    bool      // If true, use TTY mode (raw terminal)

	// InitialWidth and InitialHeight set the initial terminal size for TTY mode.
	// If both are > 0, the TTY is resized immediately after the container starts,
	// before the process has a chance to query terminal dimensions.
	InitialWidth  uint
	InitialHeight uint
}

AttachOptions configures container attachment.

type BuildManager 

type BuildManager interface {
	// BuildImage builds an image from a Dockerfile content.
	// Returns an error if the build fails.
	BuildImage(ctx context.Context, dockerfile string, tag string, opts BuildOptions) error

	// ImageExists checks if an image with the given tag exists locally.
	ImageExists(ctx context.Context, tag string) (bool, error)

	// GetImageHomeDir returns the home directory configured in an image.
	// Returns "/root" if detection fails or no home is configured.
	GetImageHomeDir(ctx context.Context, imageName string) string
}

BuildManager handles image building operations. Returned by Runtime.BuildManager() - nil if not supported.

type BuildOptions 

type BuildOptions struct {
	// DNS servers to use during build (Apple containers only).
	// If empty, defaults to Google public DNS (8.8.8.8, 8.8.4.4).
	DNS []string

	// ContextFiles are additional files to write into the build context directory.
	// Keys are relative paths, values are file contents.
	ContextFiles map[string][]byte

	// NoCache disables build cache, forcing a fresh build of all layers.
	NoCache bool
}

BuildOptions configures image building.

type Config 

type Config struct {
	Name         string
	Image        string
	Cmd          []string
	WorkingDir   string
	Env          []string
	User         string // User to run as (e.g., "1000:1000" or "moatuser")
	Mounts       []MountConfig
	ExtraHosts   []string       // host:ip mappings (Docker-specific)
	NetworkMode  string         // "bridge", "host", "none", or a network name/ID
	PortBindings map[int]string // container port -> host bind address (e.g., 3000 -> "127.0.0.1")
	CapAdd       []string       // Linux capabilities to add (e.g., "NET_ADMIN")
	GroupAdd     []string       // Supplementary group IDs for the container process (e.g., "999" for docker group)
	Privileged   bool           // If true, run container in privileged mode (required for Docker-in-Docker)
	Interactive  bool           // If true, container will be attached interactively (Apple runtime: uses exec workaround; Docker: handled natively)
	HasMoatUser  bool           // If true, image has moatuser (moat-built images); used for exec --user in Apple containers
	MemoryMB     int            // Memory limit in megabytes (both Docker and Apple)
	CPUs         int            // Number of CPUs (both Docker and Apple)
	DNS          []string       // DNS servers (both Docker and Apple)
}

Config holds configuration for creating a container.

type DockerRuntime 

type DockerRuntime struct {
	// contains filtered or unexported fields
}

DockerRuntime implements Runtime using Docker.

func NewDockerRuntime 

func NewDockerRuntime(sandbox bool) (*DockerRuntime, error)

NewDockerRuntime creates a new Docker runtime. If sandbox is true, requires gVisor (runsc) and fails if unavailable. If sandbox is false, uses standard runc runtime with a warning.

func (*DockerRuntime) Attach 

func (r *DockerRuntime) Attach(ctx context.Context, containerID string, opts AttachOptions) error

Attach connects stdin/stdout/stderr to a running container.

func (*DockerRuntime) BuildManager 

func (r *DockerRuntime) BuildManager() BuildManager

BuildManager returns the Docker build manager.

func (*DockerRuntime) Close 

func (r *DockerRuntime) Close() error

Close releases Docker client resources.

func (*DockerRuntime) ContainerLogs 

func (r *DockerRuntime) ContainerLogs(ctx context.Context, containerID string) (io.ReadCloser, error)

ContainerLogs returns the logs from a container (follows output).

func (*DockerRuntime) ContainerLogsAll 

func (r *DockerRuntime) ContainerLogsAll(ctx context.Context, containerID string) ([]byte, error)

ContainerLogsAll returns all logs from a container (does not follow). The logs are demultiplexed from Docker's format (removes 8-byte headers).

func (*DockerRuntime) ContainerState 

func (r *DockerRuntime) ContainerState(ctx context.Context, containerID string) (string, error)

ContainerState returns the state of a container ("running", "exited", "created", etc). Returns an error if the container doesn't exist.

func (*DockerRuntime) CreateContainer 

func (r *DockerRuntime) CreateContainer(ctx context.Context, cfg Config) (string, error)

CreateContainer creates a new Docker container.

func (*DockerRuntime) GetHostAddress 

func (r *DockerRuntime) GetHostAddress() string

GetHostAddress returns the address for containers to reach the host.

func (*DockerRuntime) GetPortBindings 

func (r *DockerRuntime) GetPortBindings(ctx context.Context, containerID string) (map[int]int, error)

GetPortBindings returns the actual host ports assigned to container ports.

func (*DockerRuntime) ListContainers 

func (r *DockerRuntime) ListContainers(ctx context.Context) ([]Info, error)

ListContainers returns all moat containers. Filters to containers whose name matches an 8-char hex run ID pattern.

func (*DockerRuntime) ListImages 

func (r *DockerRuntime) ListImages(ctx context.Context) ([]ImageInfo, error)

ListImages returns all moat-managed images. Filters to images with "moat/" prefix in any tag.

func (*DockerRuntime) NetworkManager 

func (r *DockerRuntime) NetworkManager() NetworkManager

NetworkManager returns the Docker network manager.

func (*DockerRuntime) Ping 

func (r *DockerRuntime) Ping(ctx context.Context) error

Ping verifies the Docker daemon is accessible.

func (*DockerRuntime) RemoveContainer 

func (r *DockerRuntime) RemoveContainer(ctx context.Context, containerID string) error

RemoveContainer removes a container.

func (*DockerRuntime) RemoveImage 

func (r *DockerRuntime) RemoveImage(ctx context.Context, id string) error

RemoveImage removes an image by ID or tag.

func (*DockerRuntime) ResizeTTY 

func (r *DockerRuntime) ResizeTTY(ctx context.Context, containerID string, height, width uint) error

ResizeTTY resizes the container's TTY to the given dimensions.

func (*DockerRuntime) ServiceManager 

func (r *DockerRuntime) ServiceManager() ServiceManager

ServiceManager returns the Docker service manager for database/cache sidecars.

func (*DockerRuntime) SetupFirewall 

func (r *DockerRuntime) SetupFirewall(ctx context.Context, containerID string, proxyHost string, proxyPort int) error

SetupFirewall configures iptables to block all outbound traffic except to the proxy. The proxyHost parameter is accepted for interface consistency but not used in the iptables rules. This is intentional: host.docker.internal resolves to a dynamic IP that varies per Docker installation, and resolving it inside the container would add complexity. The security model relies on the proxy port being unique (randomly assigned per-run) rather than IP filtering. Combined with the proxy's authentication for Apple containers, this provides sufficient protection.

func (*DockerRuntime) SidecarManager 

func (r *DockerRuntime) SidecarManager() SidecarManager

SidecarManager returns the Docker sidecar manager.

func (*DockerRuntime) StartAttached 

func (r *DockerRuntime) StartAttached(ctx context.Context, containerID string, opts AttachOptions) error

StartAttached starts a container with stdin/stdout/stderr already attached. This is required for TUI applications that need the terminal connected before the process starts. The attach happens first, then start, ensuring the I/O streams are ready when the container's process begins.

func (*DockerRuntime) StartContainer 

func (r *DockerRuntime) StartContainer(ctx context.Context, containerID string) error

StartContainer starts an existing container.

func (*DockerRuntime) StopContainer 

func (r *DockerRuntime) StopContainer(ctx context.Context, containerID string) error

StopContainer stops a running container.

func (*DockerRuntime) SupportsHostNetwork 

func (r *DockerRuntime) SupportsHostNetwork() bool

SupportsHostNetwork returns true on Linux where host network mode is available.

func (*DockerRuntime) Type 

func (r *DockerRuntime) Type() RuntimeType

Type returns RuntimeDocker.

func (*DockerRuntime) WaitContainer 

func (r *DockerRuntime) WaitContainer(ctx context.Context, containerID string) (int64, error)

WaitContainer blocks until the container exits.

type ImageInfo 

type ImageInfo struct {
	ID      string
	Tag     string
	Size    int64
	Created time.Time
}

ImageInfo contains information about a container image.

type Info 

type Info struct {
	ID      string
	Name    string
	Image   string
	Status  string // "running", "exited", "created"
	Created time.Time
}

Info contains information about a container.

type InspectResponse 

type InspectResponse struct {
	State *State
}

InspectResponse holds detailed container state.

type MountConfig 

type MountConfig struct {
	Source   string
	Target   string
	ReadOnly bool
}

MountConfig describes a volume mount.

type NetworkInfo added in v0.2.0 

type NetworkInfo struct {
	ID   string
	Name string
}

NetworkInfo contains information about a network.

type NetworkManager 

type NetworkManager interface {
	// CreateNetwork creates a network for inter-container communication.
	// Returns the network ID.
	CreateNetwork(ctx context.Context, name string) (string, error)

	// RemoveNetwork removes a network by ID.
	// Returns an error if the network has active endpoints.
	// Does not fail if network doesn't exist.
	RemoveNetwork(ctx context.Context, networkID string) error

	// ForceRemoveNetwork forcibly disconnects all containers from a network
	// and then removes it. Use as a fallback when RemoveNetwork fails due
	// to active endpoints.
	ForceRemoveNetwork(ctx context.Context, networkID string) error

	// ListNetworks returns all moat-managed networks.
	ListNetworks(ctx context.Context) ([]NetworkInfo, error)
}

NetworkManager handles Docker network operations. Returned by Runtime.NetworkManager() - nil if not supported.

type Runtime 

type Runtime interface {
	// Type returns the runtime type (Docker or Apple).
	Type() RuntimeType

	// Ping verifies the runtime is accessible.
	Ping(ctx context.Context) error

	// CreateContainer creates a new container without starting it.
	// Returns the container ID.
	CreateContainer(ctx context.Context, cfg Config) (string, error)

	// StartContainer starts an existing container.
	StartContainer(ctx context.Context, id string) error

	// StopContainer stops a running container.
	StopContainer(ctx context.Context, id string) error

	// WaitContainer blocks until the container exits and returns the exit code.
	WaitContainer(ctx context.Context, id string) (int64, error)

	// RemoveContainer removes a container.
	RemoveContainer(ctx context.Context, id string) error

	// ContainerLogs returns a reader for the container's logs (follows output).
	ContainerLogs(ctx context.Context, id string) (io.ReadCloser, error)

	// ContainerLogsAll returns all logs from a container (does not follow).
	// Use this after the container has exited to ensure all logs are captured.
	ContainerLogsAll(ctx context.Context, id string) ([]byte, error)

	// GetPortBindings returns the actual host ports mapped to container ports.
	// Call after container is started. Returns map[containerPort]hostPort.
	GetPortBindings(ctx context.Context, id string) (map[int]int, error)

	// GetHostAddress returns the address containers use to reach the host.
	// For Docker on Linux, this is "127.0.0.1" (with host network mode).
	// For Docker on macOS/Windows, this is "host.docker.internal".
	// For Apple container, this is the gateway IP (e.g., "192.168.64.1").
	GetHostAddress() string

	// SupportsHostNetwork returns true if the runtime supports host network mode.
	// Docker on Linux supports this; Apple container does not.
	SupportsHostNetwork() bool

	// NetworkManager returns the network manager if supported, nil otherwise.
	// Docker provides this, Apple containers return nil.
	NetworkManager() NetworkManager

	// SidecarManager returns the sidecar manager if supported, nil otherwise.
	// Docker provides this, Apple containers return nil.
	SidecarManager() SidecarManager

	// BuildManager returns the build manager if supported, nil otherwise.
	// Both Docker and Apple provide this.
	BuildManager() BuildManager

	// ServiceManager returns the service manager if supported, nil otherwise.
	// Docker provides this, Apple containers return nil.
	ServiceManager() ServiceManager

	// Close releases runtime resources.
	Close() error

	// SetupFirewall configures iptables to only allow traffic to the proxy.
	// proxyHost is the address the container uses to reach the proxy (e.g., "host.docker.internal").
	// proxyPort is the proxy's port number.
	// This blocks all other outbound traffic, forcing everything through the proxy.
	SetupFirewall(ctx context.Context, id string, proxyHost string, proxyPort int) error

	// ListImages returns all moat-managed images.
	ListImages(ctx context.Context) ([]ImageInfo, error)

	// ListContainers returns all moat containers (running + stopped).
	ListContainers(ctx context.Context) ([]Info, error)

	// ContainerState returns the state of a container ("running", "exited", "created", etc).
	// Returns an error if the container doesn't exist.
	ContainerState(ctx context.Context, id string) (string, error)

	// RemoveImage removes an image by ID or tag.
	RemoveImage(ctx context.Context, id string) error

	// Attach connects stdin/stdout/stderr to a running container.
	// Returns when the attachment ends (container exits or context canceled).
	Attach(ctx context.Context, id string, opts AttachOptions) error

	// StartAttached starts a container with stdin/stdout/stderr already attached.
	// This is required for TUI applications that need the terminal connected
	// before the process starts (e.g., to read cursor position).
	// The attachment runs until the container exits or context is canceled.
	StartAttached(ctx context.Context, id string, opts AttachOptions) error

	// ResizeTTY resizes the container's TTY to the given dimensions.
	ResizeTTY(ctx context.Context, id string, height, width uint) error
}

Runtime is the interface for container runtime operations.

func NewRuntime 

func NewRuntime() (Runtime, error)

NewRuntime creates a new container runtime, auto-detecting the best available option. On macOS with Apple Silicon, it prefers Apple's container tool if available, falling back to Docker otherwise. Docker containers use gVisor by default.

The MOAT_RUNTIME environment variable can override auto-detection:

  • MOAT_RUNTIME=docker: force Docker runtime
  • MOAT_RUNTIME=apple: force Apple container runtime

func NewRuntimeWithOptions 

func NewRuntimeWithOptions(opts RuntimeOptions) (Runtime, error)

NewRuntimeWithOptions creates a new container runtime with the given options.

type RuntimeOptions 

type RuntimeOptions struct {
	// Sandbox enables gVisor sandboxing for Docker containers.
	// When true (default), requires gVisor and fails if unavailable.
	// When false, uses runc with reduced isolation.
	Sandbox bool
}

RuntimeOptions configures runtime creation.

func DefaultRuntimeOptions 

func DefaultRuntimeOptions() RuntimeOptions

DefaultRuntimeOptions returns the default runtime options. On Linux, defaults to sandbox=true (requires gVisor). On macOS and Windows, defaults to sandbox=false (gVisor unavailable in Docker Desktop).

type RuntimeType 

type RuntimeType string

RuntimeType identifies the container runtime being used. 

const (
	RuntimeDocker RuntimeType = "docker"
	RuntimeApple  RuntimeType = "apple"
)

type ServiceConfig 

type ServiceConfig struct {
	Name    string
	Version string
	Env     map[string]string
	RunID   string

	// Fields from the service definition (populated by caller from deps registry)
	Image        string         // Base image name (e.g., "postgres")
	Ports        map[string]int // Named ports (e.g., "default" -> 5432)
	PasswordEnv  string         // Env var containing the password (e.g., "POSTGRES_PASSWORD")
	ExtraCmd     []string       // Extra command args with {placeholder} substitution
	ReadinessCmd string         // Command to check if service is ready
}

ServiceConfig defines what service to provision.

type ServiceInfo 

type ServiceInfo struct {
	ID           string
	Name         string
	Host         string
	Ports        map[string]int
	Env          map[string]string
	ReadinessCmd string // Command to check if service is ready
	PasswordEnv  string // Env var name containing the password
}

ServiceInfo contains connection details for a started service.

type ServiceManager 

type ServiceManager interface {
	StartService(ctx context.Context, cfg ServiceConfig) (ServiceInfo, error)
	CheckReady(ctx context.Context, info ServiceInfo) error
	StopService(ctx context.Context, info ServiceInfo) error
	SetNetworkID(id string)
}

ServiceManager provisions services (databases, caches, etc). Returned by Runtime.ServiceManager() - nil if not supported.

type SidecarConfig 

type SidecarConfig struct {
	// Image is the container image to use (e.g., "moby/buildkit:latest")
	Image string

	// Name is the container name
	Name string

	// Hostname is the network hostname for the container
	Hostname string

	// NetworkID is the Docker network to attach to
	NetworkID string

	// Cmd is the command to run
	Cmd []string

	// Privileged indicates if the sidecar needs privileged mode
	Privileged bool

	// Mounts are volume mounts for the sidecar
	Mounts []MountConfig

	// RunID is the moat run ID this sidecar belongs to
	// Used for orphan cleanup if moat crashes
	RunID string

	// Env is environment variables for the container
	Env []string

	// Labels are container labels (merged with defaults)
	Labels map[string]string
}

SidecarConfig holds configuration for starting a sidecar container.

type SidecarManager 

type SidecarManager interface {
	// StartSidecar starts a sidecar container (pull, create, start).
	// The container is attached to the specified network and assigned a hostname.
	// Returns the container ID.
	StartSidecar(ctx context.Context, cfg SidecarConfig) (string, error)

	// InspectContainer returns detailed container information.
	// Useful for checking sidecar state (running, health, etc).
	InspectContainer(ctx context.Context, containerID string) (InspectResponse, error)
}

SidecarManager handles sidecar container operations. Returned by Runtime.SidecarManager() - nil if not supported.

type State 

type State struct {
	Running bool
}

State holds container execution state.

Source Files

View all Source files

Directories

Path Synopsis
Package output provides consistent user-facing messages for container operations.
 Package output provides consistent user-facing messages for container operations.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.