Documentation ¶
Index ¶
- Constants
- Variables
- func AllowSyscall(syscall string, args ...specs.LinuxSeccompArg) specs.LinuxSyscall
- func MinPtraceKernelVersion() (uint16, uint16, uint16)
- type CIDRFlag
- type CleanupCommand
- type CommonCommand
- type FileFlag
- type GardenFactory
- type GdnCommand
- type IPFlag
- type KernelMinVersionChecker
- type LagerFlag
- type LinuxFactory
- func (f *LinuxFactory) CommandRunner() commandrunner.CommandRunner
- func (f *LinuxFactory) WireCPUCgrouper() (rundmc.CPUCgrouper, error)
- func (f *LinuxFactory) WireCgroupsStarter(logger lager.Logger) gardener.Starter
- func (f *LinuxFactory) WireContainerNetworkMetricsProvider(containerizer gardener.Containerizer, propertyManager gardener.PropertyManager) gardener.ContainerNetworkMetricsProvider
- func (f *LinuxFactory) WireContainerd(processBuilder *processes.ProcBuilder, userLookupper users.UserLookupper, ...) (*runcontainerd.RunContainerd, *runcontainerd.RunContainerPea, ...)
- func (f *LinuxFactory) WireExecRunner(runcRoot string, containerRootHostUID, containerRootHostGID uint32, ...) runrunc.ExecRunner
- func (f *LinuxFactory) WireMkdirer() runrunc.Mkdirer
- func (f *LinuxFactory) WireResolvConfigurer() kawasaki.DnsResolvConfigurer
- func (f *LinuxFactory) WireVolumizer(logger lager.Logger) gardener.Volumizer
- type NoopMkdirer
- type PidGetter
- type ServerCommand
- type Service
- type SetupCommand
- type SysctlGetter
Constants ¶
View Source
const ( LogLevelDebug = "debug" LogLevelInfo = "info" LogLevelError = "error" LogLevelFatal = "fatal" FormatUnixEpoch = "unix-epoch" FormatRFC3339 = "rfc3339" )
Variables ¶
View Source
var PrivilegedContainerNamespaces = []specs.LinuxNamespace{ goci.NetworkNamespace, goci.PIDNamespace, goci.UTSNamespace, goci.IPCNamespace, goci.MountNamespace, }
Functions ¶
func AllowSyscall ¶
func AllowSyscall(syscall string, args ...specs.LinuxSeccompArg) specs.LinuxSyscall
func MinPtraceKernelVersion ¶
Types ¶
type CIDRFlag ¶
type CIDRFlag struct {
// contains filtered or unexported fields
}
func (*CIDRFlag) UnmarshalFlag ¶
type CleanupCommand ¶
type CleanupCommand struct {
*CommonCommand
}
func (*CleanupCommand) Execute ¶
func (cmd *CleanupCommand) Execute(args []string) error
type CommonCommand ¶
type CommonCommand struct { Logger LagerFlag Server struct { BindIP IPFlag `long:"bind-ip" description:"Bind with TCP on the given IP."` BindPort uint16 `long:"bind-port" description:"Bind with TCP on the given port."` BindSocket string `long:"bind-socket" default:"/tmp/garden.sock" description:"Bind with Unix on the given socket path."` DebugBindIP IPFlag `long:"debug-bind-ip" description:"Bind the debug server on the given IP."` DebugBindPort uint16 `long:"debug-bind-port" default:"17013" description:"Bind the debug server to the given port."` Tag string `hidden:"true" long:"tag" description:"Optional 2-character identifier used for namespacing global configuration."` SkipSetup bool `long:"skip-setup" description:"Skip the preparation part of the host that requires root privileges"` } `group:"Server Configuration"` Containers struct { Dir string `long:"depot" default:"/var/run/gdn/depot" description:"Directory in which to store container data."` PropertiesPath string `long:"properties-path" description:"Path in which to store properties."` ConsoleSocketsPath string `long:"console-sockets-path" description:"Path in which to store temporary sockets"` CleanupProcessDirsOnWait bool `long:"cleanup-process-dirs-on-wait" description:"Clean up proccess dirs on first invocation of wait"` DisablePrivilgedContainers bool `long:"disable-privileged-containers" description:"Disable creation of privileged containers"` UIDMapStart uint32 `long:"uid-map-start" default:"1" description:"The lowest numerical subordinate user ID the user is allowed to map"` UIDMapLength uint32 `long:"uid-map-length" description:"The number of numerical subordinate user IDs the user is allowed to map"` GIDMapStart uint32 `long:"gid-map-start" default:"1" description:"The lowest numerical subordinate group ID the user is allowed to map"` GIDMapLength uint32 `long:"gid-map-length" description:"The number of numerical subordinate group IDs the user is allowed to map"` DefaultRootFS string `long:"default-rootfs" description:"Default rootfs to use when not specified on container creation."` DefaultGraceTime time.Duration `long:"default-grace-time" description:"Default time after which idle containers should expire."` DestroyContainersOnStartup bool `long:"destroy-containers-on-startup" description:"Clean up all the existing containers on startup."` ApparmorProfile string `long:"apparmor" description:"Apparmor profile to use for unprivileged container processes"` } `group:"Container Lifecycle"` Bin struct { AssetsDir string `long:"assets-dir" default:"/var/gdn/assets" description:"Directory in which to extract packaged assets"` Dadoo FileFlag `long:"dadoo-bin" description:"Path to the 'dadoo' binary."` NSTar FileFlag `long:"nstar-bin" description:"Path to the 'nstar' binary."` Tar FileFlag `long:"tar-bin" description:"Path to the 'tar' binary."` IPTables FileFlag `long:"iptables-bin" default:"/sbin/iptables" description:"path to the iptables binary"` IPTablesRestore FileFlag `long:"iptables-restore-bin" default:"/sbin/iptables-restore" description:"path to the iptables-restore binary"` Init FileFlag `long:"init-bin" description:"Path execute as pid 1 inside each container."` } `group:"Binary Tools"` Runtime struct { Plugin string `long:"runtime-plugin" default:"runc" description:"Path to the runtime plugin binary."` PluginExtraArgs []string `long:"runtime-plugin-extra-arg" description:"Extra argument to pass to the runtime plugin. Can be specified multiple times."` } `group:"Runtime"` Image struct { NoPlugin bool `long:"no-image-plugin" description:"Do not use the embedded 'grootfs' image plugin."` Plugin FileFlag `long:"image-plugin" description:"Path to image plugin binary."` PluginExtraArgs []string `` /* 150-byte string literal not displayed */ PrivilegedPlugin FileFlag `long:"privileged-image-plugin" description:"Path to privileged image plugin binary."` PrivilegedPluginExtraArgs []string `` /* 159-byte string literal not displayed */ } `group:"Image"` Docker struct { Registry string `long:"docker-registry" default:"registry-1.docker.io" description:"Docker registry API endpoint."` InsecureRegistries []string `` /* 137-byte string literal not displayed */ } `group:"Docker Image Fetching"` Network struct { Pool CIDRFlag `long:"network-pool" default:"10.254.0.0/22" description:"Network range to use for dynamically allocated container subnets."` AllowHostAccess bool `long:"allow-host-access" description:"Allow network access to the host machine."` DenyNetworks []CIDRFlag `` /* 135-byte string literal not displayed */ DNSServers []IPFlag `` /* 138-byte string literal not displayed */ AdditionalDNSServers []IPFlag `` /* 148-byte string literal not displayed */ AdditionalHostEntries []string `` /* 151-byte string literal not displayed */ ExternalIP IPFlag `` /* 136-byte string literal not displayed */ PortPoolStart uint32 `long:"port-pool-start" default:"61001" description:"Start of the ephemeral port range used for mapped container ports."` PortPoolSize uint32 `long:"port-pool-size" default:"4534" description:"Size of the port pool used for mapped container ports."` PortPoolPropertiesPath string `long:"port-pool-properties-path" description:"Path in which to store port pool properties."` Mtu int `` /* 169-byte string literal not displayed */ Plugin FileFlag `long:"network-plugin" description:"Path to network plugin binary."` PluginExtraArgs []string `long:"network-plugin-extra-arg" description:"Extra argument to pass to the network plugin. Can be specified multiple times."` EnableMetrics bool `` /* 128-byte string literal not displayed */ } `group:"Container Networking"` Limits struct { CPUQuotaPerShare uint64 `` /* 146-byte string literal not displayed */ DefaultBlockIOWeight uint16 `long:"default-container-blockio-weight" default:"0" description:"Default block IO weight assigned to a container"` MaxContainers uint64 `long:"max-containers" default:"0" description:"Maximum number of containers that can be created."` DisableSwapLimit bool `long:"disable-swap-limit" description:"Disable swap memory limit"` } `group:"Limits"` Metrics struct { EmissionInterval time.Duration `long:"metrics-emission-interval" default:"1m" description:"Interval on which to emit metrics."` DropsondeOrigin string `long:"dropsonde-origin" default:"garden-linux" description:"Origin identifier for Dropsonde-emitted metrics."` DropsondeDestination string `long:"dropsonde-destination" default:"127.0.0.1:3457" description:"Destination for Dropsonde-emitted metrics."` CPUEntitlementPerShare float64 `long:"cpu-entitlement-per-share" description:"CPU percentage entitled to a container for a single CPU share"` } `group:"Metrics"` Containerd struct { Socket string `long:"containerd-socket" description:"Path to a containerd socket."` UseContainerdForProcesses bool `long:"use-containerd-for-processes" description:"Use containerd to run processes in containers."` } `group:"Containerd"` CPUThrottling struct { Enabled bool `long:"enable-cpu-throttling" description:"Enable CPU throttling."` CheckInterval uint32 `` /* 127-byte string literal not displayed */ } `group:"CPU Throttling"` Sysctl struct { TCPKeepaliveTime uint32 `long:"tcp-keepalive-time" description:"The net.ipv4.tcp_keepalive_time sysctl parameter that will be used inside containers"` TCPKeepaliveInterval uint32 `` /* 129-byte string literal not displayed */ TCPKeepaliveProbes uint32 `` /* 128-byte string literal not displayed */ TCPRetries1 uint32 `long:"tcp-retries1" description:"The net.ipv4.tcp_retries1 sysctl parameter that will be used inside containers"` TCPRetries2 uint32 `long:"tcp-retries2" description:"The net.ipv4.tcp_retries2 sysctl parameter that will be used inside containers"` } `group:"Sysctl"` }
func (*CommonCommand) NewGardenFactory ¶
func (cmd *CommonCommand) NewGardenFactory() GardenFactory
type GardenFactory ¶
type GardenFactory interface { WireResolvConfigurer() kawasaki.DnsResolvConfigurer WireMkdirer() runrunc.Mkdirer CommandRunner() commandrunner.CommandRunner WireVolumizer(logger lager.Logger) gardener.Volumizer WireCgroupsStarter(logger lager.Logger) gardener.Starter WireExecRunner(runcRoot string, containerRootUID, containerRootGID uint32, bundleSaver depot.BundleSaver, bundleLookupper depot.BundleLookupper, processDepot execrunner.ProcessDepot) runrunc.ExecRunner WireContainerd(*processes.ProcBuilder, users.UserLookupper, func(runrunc.PidGetter) *runrunc.Execer, runcontainerd.Statser, lager.Logger, peas.Volumizer, runcontainerd.PeaHandlesGetter, *metrics.MetricsProvider) (*runcontainerd.RunContainerd, *runcontainerd.RunContainerPea, *runcontainerd.PidGetter, *containerdprivchecker.PrivilegeChecker, peas.BundleLoader, error) WireCPUCgrouper() (rundmc.CPUCgrouper, error) WireContainerNetworkMetricsProvider(containerizer gardener.Containerizer, propertyManager gardener.PropertyManager) gardener.ContainerNetworkMetricsProvider }
type GdnCommand ¶
type GdnCommand struct { SetupCommand *SetupCommand `command:"setup"` ServerCommand *ServerCommand `command:"server"` CleanupCommand *CleanupCommand `command:"cleanup"` // This must be present to stop go-flags complaining, but it's not actually // used. We parse this flag outside of the go-flags framework. ConfigFilePath string `long:"config" description:"Config file path."` }
type IPFlag ¶
func (*IPFlag) UnmarshalFlag ¶
type KernelMinVersionChecker ¶
type KernelMinVersionChecker struct {
// contains filtered or unexported fields
}
func NewKernelMinVersionChecker ¶
func NewKernelMinVersionChecker(sysctlGetter SysctlGetter) KernelMinVersionChecker
func (KernelMinVersionChecker) CheckVersionIsAtLeast ¶
func (c KernelMinVersionChecker) CheckVersionIsAtLeast(maj, min, patch uint16) (bool, error)
type LagerFlag ¶
type LagerFlag struct { //lint:ignore SA5008 github.com/jesse-vdk/go-flag requires duplicate struct tags for 'choice' LogLevel string `` /* 134-byte string literal not displayed */ //lint:ignore SA5008 github.com/jesse-vdk/go-flag requires duplicate struct tags for 'choice' TimeFormat string `long:"time-format" default:"unix-epoch" choice:"unix-epoch" choice:"rfc3339" description:"format of log timestamps."` }
type LinuxFactory ¶
type LinuxFactory struct {
// contains filtered or unexported fields
}
func (*LinuxFactory) CommandRunner ¶
func (f *LinuxFactory) CommandRunner() commandrunner.CommandRunner
func (*LinuxFactory) WireCPUCgrouper ¶
func (f *LinuxFactory) WireCPUCgrouper() (rundmc.CPUCgrouper, error)
func (*LinuxFactory) WireCgroupsStarter ¶
func (f *LinuxFactory) WireCgroupsStarter(logger lager.Logger) gardener.Starter
func (*LinuxFactory) WireContainerNetworkMetricsProvider ¶
func (f *LinuxFactory) WireContainerNetworkMetricsProvider(containerizer gardener.Containerizer, propertyManager gardener.PropertyManager) gardener.ContainerNetworkMetricsProvider
func (*LinuxFactory) WireContainerd ¶
func (f *LinuxFactory) WireContainerd(processBuilder *processes.ProcBuilder, userLookupper users.UserLookupper, wireExecer func(pidGetter runrunc.PidGetter) *runrunc.Execer, statser runcontainerd.Statser, log lager.Logger, volumizer peas.Volumizer, peaHandlesGetter runcontainerd.PeaHandlesGetter, metricsProvider *metrics.MetricsProvider) (*runcontainerd.RunContainerd, *runcontainerd.RunContainerPea, *runcontainerd.PidGetter, *privchecker.PrivilegeChecker, peas.BundleLoader, error)
func (*LinuxFactory) WireExecRunner ¶
func (f *LinuxFactory) WireExecRunner(runcRoot string, containerRootHostUID, containerRootHostGID uint32, bundleSaver depot.BundleSaver, bundleLookupper depot.BundleLookupper, processDepot execrunner.ProcessDepot) runrunc.ExecRunner
func (*LinuxFactory) WireMkdirer ¶
func (f *LinuxFactory) WireMkdirer() runrunc.Mkdirer
func (*LinuxFactory) WireResolvConfigurer ¶
func (f *LinuxFactory) WireResolvConfigurer() kawasaki.DnsResolvConfigurer
func (*LinuxFactory) WireVolumizer ¶
func (f *LinuxFactory) WireVolumizer(logger lager.Logger) gardener.Volumizer
type NoopMkdirer ¶
type NoopMkdirer struct{}
type ServerCommand ¶
type ServerCommand struct {
*CommonCommand
}
func (*ServerCommand) Execute ¶
func (cmd *ServerCommand) Execute([]string) error
type SetupCommand ¶
type SetupCommand struct { LogLevel LagerFlag Logger lager.Logger Tag string `hidden:"true" long:"tag" description:"Optional 2-character identifier used for namespacing global configuration."` EnableCPUThrottling bool `hidden:"true" long:"enable-cpu-throttling" description:"Throttle CPU of containers using more than their CPU entitlement"` }
func (*SetupCommand) Execute ¶
func (cmd *SetupCommand) Execute(args []string) error
func (*SetupCommand) WireCgroupsStarter ¶
func (cmd *SetupCommand) WireCgroupsStarter(logger lager.Logger) gardener.Starter
type SysctlGetter ¶
Source Files ¶
Click to show internal directories.
Click to hide internal directories.