container

package
v0.0.0-...-3d2dcd1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 13, 2023 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Overview

Package container is the reference implementation of Composition Functions.

Index

Constants

View Source 
const (
	UserNamespaceUIDs = 65536
	UserNamespaceGIDs = 65536
	MaxStdioBytes     = 100 << 20 // 100 MB
)

How many UIDs and GIDs to map from the parent to the child user namespace, if possible. Doing so requires CAP_SETUID and CAP_SETGID.

Variables

This section is empty.

Functions

func HasCapSetGID 

func HasCapSetGID() bool

HasCapSetGID returns true if this process has CAP_SETGID.

func HasCapSetUID 

func HasCapSetUID() bool

HasCapSetUID returns true if this process has CAP_SETUID.

Types

type Runner 

type Runner struct {
	v1alpha1.UnimplementedContainerizedFunctionRunnerServiceServer
	// contains filtered or unexported fields
}

A Runner runs a Composition Function packaged as an OCI image by extracting it and running it as a 'rootless' container.

func NewRunner 

func NewRunner(o ...RunnerOption) *Runner

NewRunner returns a new Runner that runs functions as rootless containers.

func (*Runner) ListenAndServe 

func (r *Runner) ListenAndServe(network, address string) error

ListenAndServe gRPC connections at the supplied address.

func (*Runner) RunFunction 

func (r *Runner) RunFunction(ctx context.Context, req *v1alpha1.RunFunctionRequest) (*v1alpha1.RunFunctionResponse, error)

RunFunction runs a function as a rootless OCI container. Functions that return non-zero, or that cannot be executed in the first place (e.g. because they cannot be fetched from the registry) will return an error.

type RunnerOption 

type RunnerOption func(*Runner)

A RunnerOption configures a new Runner.

func MapToRoot 

func MapToRoot(uid, gid int) RunnerOption

MapToRoot configures what UID and GID should map to root (UID/GID 0) in the user namespace in which the function will be run.

func SetUID 

func SetUID(s bool) RunnerOption

SetUID indicates that the container runner should attempt operations that require CAP_SETUID and CAP_SETGID, for example creating a user namespace that maps arbitrary UIDs and GIDs to the parent namespace.

func WithCacheDir 

func WithCacheDir(d string) RunnerOption

WithCacheDir specifies the directory used for caching function images and containers.

func WithLogger 

func WithLogger(l logging.Logger) RunnerOption

WithLogger configures which logger the container runner should use. Logging is disabled by default.

func WithRegistry 

func WithRegistry(dr string) RunnerOption

WithRegistry specifies the default registry used to retrieve function images and containers.

type Stdio 

type Stdio struct {
	Stdin  io.WriteCloser
	Stdout io.ReadCloser
	Stderr io.ReadCloser
}

Stdio can be used to read and write a command's standard I/O.

func StdioPipes 

func StdioPipes(cmd *exec.Cmd, uid, gid int) (*Stdio, error)

StdioPipes creates and returns pipes that will be connected to the supplied command's stdio when it starts. It calls fchown(2) to ensure all pipes are owned by the supplied user and group ID; this ensures that the command can read and write its stdio even when function-runtime-oci is running as root (in the parent namespace) and the command is not.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.