diff options
Diffstat (limited to 'pkg/specgen')
| -rw-r--r-- | pkg/specgen/specgen.go | 168 |
1 files changed, 102 insertions, 66 deletions
diff --git a/pkg/specgen/specgen.go b/pkg/specgen/specgen.go index d59e8025b..e22ee598f 100644 --- a/pkg/specgen/specgen.go +++ b/pkg/specgen/specgen.go @@ -3,12 +3,23 @@ package specgen import ( "net" + "github.com/containers/image/v5/manifest" "github.com/containers/libpod/libpod" + "github.com/containers/libpod/libpod/define" + "github.com/containers/storage" + "github.com/cri-o/ocicni/pkg/ocicni" spec "github.com/opencontainers/runtime-spec/specs-go" ) // TODO +// mheon provided this an off the cuff suggestion. Adding it here to retain +// for history as we implement it. When this struct is implemented, we need +// to remove the nolints. type Namespace struct { + isHost bool //nolint + isPath string //nolint + isContainer string //nolint + isPod bool //nolint } // ContainerBasicConfig contains the basic parts of a container. @@ -16,76 +27,76 @@ type ContainerBasicConfig struct { // Name is the name the container will be given. // If no name is provided, one will be randomly generated. // Optional. - Name string + Name string `json:"name,omitempty"` // Pod is the ID of the pod the container will join. // Optional. - Pod string + Pod string `json:"pod,omitempty"` // Entrypoint is the container's entrypoint. // If not given and Image is specified, this will be populated by the // image's configuration. // Optional. - Entrypoint []string + Entrypoint []string `json:"entrypoint,omitempty"` // Command is the container's command. // If not given and Image is specified, this will be populated by the // image's configuration. // Optional. - Command []string + Command []string `json:"command,omitempty"` // Env is a set of environment variables that will be set in the // container. // Optional. - Env map[string]string + Env map[string]string `json:"env,omitempty"` // Terminal is whether the container will create a PTY. - Terminal bool + Terminal bool `json:"terminal,omitempty"` // Stdin is whether the container will keep its STDIN open. - Stdin bool + Stdin bool `json:"stdin,omitempty"` // Labels are key-valid labels that are used to add metadata to // containers. // Optional. - Labels map[string]string + Labels map[string]string `json:"labels,omitempty"` // Annotations are key-value options passed into the container runtime // that can be used to trigger special behavior. // Optional. - Annotations map[string]string + Annotations map[string]string `json:"annotations,omitempty"` // StopSignal is the signal that will be used to stop the container. // Must be a non-zero integer below SIGRTMAX. // If not provided, the default, SIGTERM, will be used. // Will conflict with Systemd if Systemd is set to "true" or "always". // Optional. - StopSignal *uint + StopSignal *uint `json:"stop_signal,omitempty"` // StopTimeout is a timeout between the container's stop signal being // sent and SIGKILL being sent. // If not provided, the default will be used. // If 0 is used, stop signal will not be sent, and SIGKILL will be sent // instead. // Optional. - StopTimeout *uint + StopTimeout *uint `json:"stop_timeout,omitempty"` // LogDriver is the container's log driver. // Optional. - LogDriver string + LogDriver string `json:"log_driver,omitempty"` // LogPath is the path the container's logs will be stored at. // Only available if LogDriver is set to "json-file" or "k8s-file". // Optional. - LogPath string + LogPath string `json:"log_path,omitempty"` // ConmonPidFile is a path at which a PID file for Conmon will be // placed. // If not given, a default location will be used. // Optional. - ConmonPidFile string + ConmonPidFile string `json:"conmon_pid_file,omitempty"` // RestartPolicy is the container's restart policy - an action which // will be taken when the container exits. // If not given, the default policy, which does nothing, will be used. // Optional. - RestartPolicy string + RestartPolicy string `json:"restart_policy,omitempty"` // RestartRetries is the number of attempts that will be made to restart // the container. // Only available when RestartPolicy is set to "on-failure". // Optional. - RestartRetries *uint + RestartRetries *uint `json:"restart_tries,omitempty"` // OCIRuntime is the name of the OCI runtime that will be used to create // the container. // If not specified, the default will be used. // Optional. - OCIRuntime string + OCIRuntime string `json:"oci_runtime,omitempty"` // Systemd is whether the container will be started in systemd mode. // Valid options are "true", "false", and "always". // "true" enables this mode only if the binary run in the container is @@ -96,27 +107,27 @@ type ContainerBasicConfig struct { // conflicts with StopSignal. // If not specified, "false" will be assumed. // Optional. - Systemd string + Systemd string `json:"systemd,omitempty"` // Namespace is the libpod namespace the container will be placed in. // Optional. - Namespace string + Namespace string `json:"namespace,omitempty"` // PidNS is the container's PID namespace. // It defaults to private. // Mandatory. - PidNS Namespace + PidNS Namespace `json:"pidns,omitempty"` // UtsNS is the container's UTS namespace. // It defaults to private. // Must be set to Private to set Hostname. // Mandatory. - UtsNS Namespace + UtsNS Namespace `json:"utsns,omitempty"` // Hostname is the container's hostname. If not set, the hostname will // not be modified (if UtsNS is not private) or will be set to the // container ID (if UtsNS is private). // Conflicts with UtsNS if UtsNS is not set to private. // Optional. - Hostname string + Hostname string `json:"hostname,omitempty"` } // ContainerStorageConfig contains information on the storage configuration of a @@ -127,54 +138,54 @@ type ContainerStorageConfig struct { // volumes, and other configuration will be applied to the container. // Conflicts with Rootfs. // At least one of Image or Rootfs must be specified. - Image string + Image string `json:"image"` // Rootfs is the path to a directory that will be used as the // container's root filesystem. No modification will be made to the // directory, it will be directly mounted into the container as root. // Conflicts with Image. // At least one of Image or Rootfs must be specified. - Rootfs string + Rootfs string `json:"rootfs,omitempty"` // ImageVolumeMode indicates how image volumes will be created. // Supported modes are "ignore" (do not create), "tmpfs" (create as // tmpfs), and "anonymous" (create as anonymous volumes). // The default is anonymous. // Optional. - ImageVolumeMode string + ImageVolumeMode string `json:"image_volume_mode,omitempty"` // VolumesFrom is a list of containers whose volumes will be added to // this container. Supported mount options may be added after the // container name with a : and include "ro" and "rw". // Optional. - VolumesFrom []string + VolumesFrom []string `json:"volumes_from,omitempty"` // Mounts are mounts that will be added to the container. // These will supersede Image Volumes and VolumesFrom volumes where // there are conflicts. // Optional. - Mounts []spec.Mount + Mounts []spec.Mount `json:"mounts,omitempty"` // Volumes are named volumes that will be added to the container. // These will supersede Image Volumes and VolumesFrom volumes where // there are conflicts. // Optional. - Volumes []*libpod.ContainerNamedVolume + Volumes []*libpod.ContainerNamedVolume `json:"volumes,omitempty"` // Devices are devices that will be added to the container. // Optional. - Devices []spec.LinuxDevice + Devices []spec.LinuxDevice `json:"devices,omitempty"` // IpcNS is the container's IPC namespace. // Default is private. // Conflicts with ShmSize if not set to private. // Mandatory. - IpcNS Namespace + IpcNS Namespace `json:"ipcns,omitempty"` // ShmSize is the size of the tmpfs to mount in at /dev/shm, in bytes. // Conflicts with ShmSize if ShmSize is not private. // Optional. - ShmSize *int64 + ShmSize *int64 `json:"shm_size,omitempty"` // WorkDir is the container's working directory. // If unset, the default, /, will be used. // Optional. - WorkDir string + WorkDir string `json:"work_dir,omitempty"` // RootfsPropagation is the rootfs propagation mode for the container. // If not set, the default of rslave will be used. // Optional. - RootfsPropagation string + RootfsPropagation string `json:"rootfs_propagation,omitempty"` } // ContainerSecurityConfig is a container's security features, including @@ -187,61 +198,61 @@ type ContainerSecurityConfig struct { // - Disables Seccomp, SELinux, and Apparmor confinement. // TODO: this conflicts with things. // TODO: this does more. - Privileged bool + Privileged bool `json:"privileged,omitempty"` // User is the user the container will be run as. // Can be given as a UID or a username; if a username, it will be // resolved within the container, using the container's /etc/passwd. // If unset, the container will be run as root. // Optional. - User string + User string `json:"user,omitempty"` // Groups are a list of supplemental groups the container's user will // be granted access to. // Optional. - Groups []string + Groups []string `json:"groups,omitempty"` // CapAdd are capabilities which will be added to the container. // Conflicts with Privileged. // Optional. - CapAdd []string + CapAdd []string `json:"cap_add,omitempty"` // CapDrop are capabilities which will be removed from the container. // Conflicts with Privileged. // Optional. - CapDrop []string + CapDrop []string `json:"cap_drop,omitempty"` // SelinuxProcessLabel is the process label the container will use. // If SELinux is enabled and this is not specified, a label will be // automatically generated if not specified. // Optional. - SelinuxProcessLabel string + SelinuxProcessLabel string `json:"selinux_process_label,omitempty"` // SelinuxMountLabel is the mount label the container will use. // If SELinux is enabled and this is not specified, a label will be // automatically generated if not specified. // Optional. - SelinuxMountLabel string + SelinuxMountLabel string `json:"selinux_mount_label,omitempty"` // SelinuxOpts are options for configuring SELinux. // Optional. - SelinuxOpts []string + SelinuxOpts []string `json:"selinux_opts,omitempty"` // ApparmorProfile is the name of the Apparmor profile the container // will use. // Optional. - ApparmorProfile string + ApparmorProfile string `json:"apparmor_profile,omitempty"` // SeccompProfilePath is the path to a JSON file containing the // container's Seccomp profile. // If not specified, no Seccomp profile will be used. // Optional. - SeccompProfilePath string + SeccompProfilePath string `json:"seccomp_profile_path,omitempty"` // NoNewPrivileges is whether the container will set the no new // privileges flag on create, which disables gaining additional // privileges (e.g. via setuid) in the container. - NoNewPrivileges bool + NoNewPrivileges bool `json:"no_new_privileges,omitempty"` // UserNS is the container's user namespace. // It defaults to host, indicating that no user namespace will be // created. // If set to private, IDMappings must be set. // Mandatory. - UserNS Namespace + UserNS Namespace `json:"userns,omitempty"` // IDMappings are UID and GID mappings that will be used by user // namespaces. // Required if UserNS is private. - IDMappings storage.IDMappingOptions + IDMappings storage.IDMappingOptions `json:"idmappings,omitempty"` } // ContainerCgroupConfig contains configuration information about a container's @@ -251,16 +262,16 @@ type ContainerCgroupConfig struct { // It defaults to private. // Conflicts with NoCgroups if not set to host. // Mandatory. - CgroupNS Namespace + CgroupNS Namespace `json:"cgroupns,omitempty"` // NoCgroups indicates that the container should not create CGroups. // Conflicts with CgroupParent and CgroupNS if CgroupNS is not set to // host. - NoCgroups bool + NoCgroups bool `json:"no_cgroups,omitempty"` // CgroupParent is the container's CGroup parent. // If not set, the default for the current cgroup driver will be used. // Conflicts with NoCgroups. // Optional. - CgroupParent string + CgroupParent string `json:"cgroup_parent,omitempty"` } // ContainerNetworkConfig contains information on a container's network @@ -269,70 +280,70 @@ type ContainerNetworkConfig struct { // NetNS is the configuration to use for the container's network // namespace. // Mandatory. - NetNS Namespace + NetNS Namespace `json:"netns,omitempty"` // ConfigureNetNS is whether Libpod will configure the container's // network namespace to send and receive traffic. // Only available is NetNS is private - conflicts with other NetNS // modes. - ConfigureNetNS bool + ConfigureNetNS bool `json:"configure_netns,omitempty"` // StaticIP is the a IPv4 address of the container. // Only available if ConfigureNetNS is true. // Optional. - StaticIP *net.IP + StaticIP *net.IP `json:"static_ip,omitempty"` // StaticIPv6 is a static IPv6 address to set in the container. // Only available if ConfigureNetNS is true. // Optional. - StaticIPv6 *net.IP + StaticIPv6 *net.IP `json:"static_ipv6,omitempty"` // StaticMAC is a static MAC address to set in the container. // Only available if ConfigureNetNS is true. // Optional. - StaticMAC *net.HardwareAddr + StaticMAC *net.HardwareAddr `json:"static_mac,omitempty"` // PortBindings is a set of ports to map into the container. // Only available if ConfigureNetNS is true. // Optional. - PortMappings []ocicni.PortMapping + PortMappings []ocicni.PortMapping `json:"portmappings,omitempty"` // PublishImagePorts will publish ports specified in the image to random // ports outside. // Requires Image to be set. - PublishImagePorts bool + PublishImagePorts bool `json:"publish_image_ports,omitempty"` // CNINetworks is a list of CNI networks to join the container to. // If this list is empty, the default CNI network will be joined // instead. If at least one entry is present, we will not join the // default network (unless it is part of this list). // Only available if ConfigureNetNS is true. // Optional. - CNINetworks []string + CNINetworks []string `json:"cni_networks,omitempty"` // UseImageResolvConf indicates that resolv.conf should not be managed // by Podman, but instead sourced from the image. // Conflicts with DNSServer, DNSSearch, DNSOption. - UseImageResolvConf bool + UseImageResolvConf bool `json:"use_image_resolve_conf,omitempty"` // DNSServer is a set of DNS servers that will be used in the // container's resolv.conf, replacing the host's DNS Servers which are // used by default. // Conflicts with UseImageResolvConf. // Optional. - DNSServer []net.IP + DNSServer []net.IP `json:"dns_server,omitempty"` // DNSSearch is a set of DNS search domains that will be used in the // container's resolv.conf, replacing the host's DNS search domains // which are used by default. // Conflicts with UseImageResolvConf. // Optional. - DNSSearch []string + DNSSearch []string `json:"dns_search,omitempty"` // DNSOption is a set of DNS options that will be used in the // container's resolv.conf, replacing the host's DNS options which are // used by default. // Conflicts with UseImageResolvConf. // Optional. - DNSOption []string + DNSOption []string `json:"dns_option,omitempty"` // UseImageHosts indicates that /etc/hosts should not be managed by // Podman, and instead sourced from the image. // Conflicts with HostAdd. - UseImageHosts bool + UseImageHosts bool `json:"use_image_hosts,omitempty"` // HostAdd is a set of hosts which will be added to the container's // /etc/hosts file. // Conflicts with UseImageHosts. // Optional. - HostAdd []string + HostAdd []string `json:"hostadd,omitempty"` } // ContainerResourceConfig contains information on container resource limits. @@ -341,14 +352,20 @@ type ContainerResourceConfig struct { // Can only be set as root on cgroups v1 systems, but can be set as // rootless as well for cgroups v2. // Optional. - ResourceLimits *spec.LinuxResources + ResourceLimits *spec.LinuxResources `json:"resource_limits,omitempty"` // Rlimits are POSIX rlimits to apply to the container. // Optional. - Rlimits []spec.POSIXRlimit + Rlimits []spec.POSIXRlimit `json:"r_limits,omitempty"` // OOMScoreAdj adjusts the score used by the OOM killer to determine // processes to kill for the container's process. // Optional. - OOMScoreAdj *int + OOMScoreAdj *int `json:"oom_score_adj,omitempty"` +} + +// ContainerHealthCheckConfig describes a container healthcheck with attributes +// like command, retries, interval, start period, and timeout. +type ContainerHealthCheckConfig struct { + HealthConfig manifest.Schema2HealthConfig `json:"healthconfig,omitempty"` } // SpecGenerator creates an OCI spec and Libpod configuration options to create @@ -360,4 +377,23 @@ type SpecGenerator struct { ContainerCgroupConfig ContainerNetworkConfig ContainerResourceConfig + ContainerHealthCheckConfig +} + +// NewSpecGenerator returns a SpecGenerator struct given one of two mandatory inputs +func NewSpecGenerator(image, rootfs *string) (*SpecGenerator, error) { + _ = image + _ = rootfs + return &SpecGenerator{}, define.ErrNotImplemented +} + +// Validate verifies that the given SpecGenerator is valid and satisfies required +// input for creating a container. +func (s *SpecGenerator) Validate() error { + return define.ErrNotImplemented +} + +// MakeContainer creates a container based on the SpecGenerator +func (s *SpecGenerator) MakeContainer() (*libpod.Container, error) { + return nil, define.ErrNotImplemented } |