github.com/Heebron/moby@v0.0.0-20221111184709-6eab4f55faf7/api/types/container/host_config.go (about) 1 package container // import "github.com/docker/docker/api/types/container" 2 3 import ( 4 "strings" 5 6 "github.com/docker/docker/api/types/blkiodev" 7 "github.com/docker/docker/api/types/mount" 8 "github.com/docker/docker/api/types/strslice" 9 "github.com/docker/go-connections/nat" 10 units "github.com/docker/go-units" 11 ) 12 13 // CgroupnsMode represents the cgroup namespace mode of the container 14 type CgroupnsMode string 15 16 // cgroup namespace modes for containers 17 const ( 18 CgroupnsModeEmpty CgroupnsMode = "" 19 CgroupnsModePrivate CgroupnsMode = "private" 20 CgroupnsModeHost CgroupnsMode = "host" 21 ) 22 23 // IsPrivate indicates whether the container uses its own private cgroup namespace 24 func (c CgroupnsMode) IsPrivate() bool { 25 return c == CgroupnsModePrivate 26 } 27 28 // IsHost indicates whether the container shares the host's cgroup namespace 29 func (c CgroupnsMode) IsHost() bool { 30 return c == CgroupnsModeHost 31 } 32 33 // IsEmpty indicates whether the container cgroup namespace mode is unset 34 func (c CgroupnsMode) IsEmpty() bool { 35 return c == CgroupnsModeEmpty 36 } 37 38 // Valid indicates whether the cgroup namespace mode is valid 39 func (c CgroupnsMode) Valid() bool { 40 return c.IsEmpty() || c.IsPrivate() || c.IsHost() 41 } 42 43 // Isolation represents the isolation technology of a container. The supported 44 // values are platform specific 45 type Isolation string 46 47 // Isolation modes for containers 48 const ( 49 IsolationEmpty Isolation = "" // IsolationEmpty is unspecified (same behavior as default) 50 IsolationDefault Isolation = "default" // IsolationDefault is the default isolation mode on current daemon 51 IsolationProcess Isolation = "process" // IsolationProcess is process isolation mode 52 IsolationHyperV Isolation = "hyperv" // IsolationHyperV is HyperV isolation mode 53 ) 54 55 // IsDefault indicates the default isolation technology of a container. On Linux this 56 // is the native driver. On Windows, this is a Windows Server Container. 57 func (i Isolation) IsDefault() bool { 58 // TODO consider making isolation-mode strict (case-sensitive) 59 v := Isolation(strings.ToLower(string(i))) 60 return v == IsolationDefault || v == IsolationEmpty 61 } 62 63 // IsHyperV indicates the use of a Hyper-V partition for isolation 64 func (i Isolation) IsHyperV() bool { 65 // TODO consider making isolation-mode strict (case-sensitive) 66 return Isolation(strings.ToLower(string(i))) == IsolationHyperV 67 } 68 69 // IsProcess indicates the use of process isolation 70 func (i Isolation) IsProcess() bool { 71 // TODO consider making isolation-mode strict (case-sensitive) 72 return Isolation(strings.ToLower(string(i))) == IsolationProcess 73 } 74 75 // IpcMode represents the container ipc stack. 76 type IpcMode string 77 78 // IpcMode constants 79 const ( 80 IPCModeNone IpcMode = "none" 81 IPCModeHost IpcMode = "host" 82 IPCModeContainer IpcMode = "container" 83 IPCModePrivate IpcMode = "private" 84 IPCModeShareable IpcMode = "shareable" 85 ) 86 87 // IsPrivate indicates whether the container uses its own private ipc namespace which can not be shared. 88 func (n IpcMode) IsPrivate() bool { 89 return n == IPCModePrivate 90 } 91 92 // IsHost indicates whether the container shares the host's ipc namespace. 93 func (n IpcMode) IsHost() bool { 94 return n == IPCModeHost 95 } 96 97 // IsShareable indicates whether the container's ipc namespace can be shared with another container. 98 func (n IpcMode) IsShareable() bool { 99 return n == IPCModeShareable 100 } 101 102 // IsContainer indicates whether the container uses another container's ipc namespace. 103 func (n IpcMode) IsContainer() bool { 104 return strings.HasPrefix(string(n), string(IPCModeContainer)+":") 105 } 106 107 // IsNone indicates whether container IpcMode is set to "none". 108 func (n IpcMode) IsNone() bool { 109 return n == IPCModeNone 110 } 111 112 // IsEmpty indicates whether container IpcMode is empty 113 func (n IpcMode) IsEmpty() bool { 114 return n == "" 115 } 116 117 // Valid indicates whether the ipc mode is valid. 118 func (n IpcMode) Valid() bool { 119 return n.IsEmpty() || n.IsNone() || n.IsPrivate() || n.IsHost() || n.IsShareable() || n.IsContainer() 120 } 121 122 // Container returns the name of the container ipc stack is going to be used. 123 func (n IpcMode) Container() string { 124 if n.IsContainer() { 125 return strings.TrimPrefix(string(n), string(IPCModeContainer)+":") 126 } 127 return "" 128 } 129 130 // NetworkMode represents the container network stack. 131 type NetworkMode string 132 133 // IsNone indicates whether container isn't using a network stack. 134 func (n NetworkMode) IsNone() bool { 135 return n == "none" 136 } 137 138 // IsDefault indicates whether container uses the default network stack. 139 func (n NetworkMode) IsDefault() bool { 140 return n == "default" 141 } 142 143 // IsPrivate indicates whether container uses its private network stack. 144 func (n NetworkMode) IsPrivate() bool { 145 return !(n.IsHost() || n.IsContainer()) 146 } 147 148 // IsContainer indicates whether container uses a container network stack. 149 func (n NetworkMode) IsContainer() bool { 150 parts := strings.SplitN(string(n), ":", 2) 151 return len(parts) > 1 && parts[0] == "container" 152 } 153 154 // ConnectedContainer is the id of the container which network this container is connected to. 155 func (n NetworkMode) ConnectedContainer() string { 156 parts := strings.SplitN(string(n), ":", 2) 157 if len(parts) > 1 { 158 return parts[1] 159 } 160 return "" 161 } 162 163 // UserDefined indicates user-created network 164 func (n NetworkMode) UserDefined() string { 165 if n.IsUserDefined() { 166 return string(n) 167 } 168 return "" 169 } 170 171 // UsernsMode represents userns mode in the container. 172 type UsernsMode string 173 174 // IsHost indicates whether the container uses the host's userns. 175 func (n UsernsMode) IsHost() bool { 176 return n == "host" 177 } 178 179 // IsPrivate indicates whether the container uses the a private userns. 180 func (n UsernsMode) IsPrivate() bool { 181 return !(n.IsHost()) 182 } 183 184 // Valid indicates whether the userns is valid. 185 func (n UsernsMode) Valid() bool { 186 parts := strings.Split(string(n), ":") 187 switch mode := parts[0]; mode { 188 case "", "host": 189 default: 190 return false 191 } 192 return true 193 } 194 195 // CgroupSpec represents the cgroup to use for the container. 196 type CgroupSpec string 197 198 // IsContainer indicates whether the container is using another container cgroup 199 func (c CgroupSpec) IsContainer() bool { 200 parts := strings.SplitN(string(c), ":", 2) 201 return len(parts) > 1 && parts[0] == "container" 202 } 203 204 // Valid indicates whether the cgroup spec is valid. 205 func (c CgroupSpec) Valid() bool { 206 return c.IsContainer() || c == "" 207 } 208 209 // Container returns the name of the container whose cgroup will be used. 210 func (c CgroupSpec) Container() string { 211 parts := strings.SplitN(string(c), ":", 2) 212 if len(parts) > 1 { 213 return parts[1] 214 } 215 return "" 216 } 217 218 // UTSMode represents the UTS namespace of the container. 219 type UTSMode string 220 221 // IsPrivate indicates whether the container uses its private UTS namespace. 222 func (n UTSMode) IsPrivate() bool { 223 return !(n.IsHost()) 224 } 225 226 // IsHost indicates whether the container uses the host's UTS namespace. 227 func (n UTSMode) IsHost() bool { 228 return n == "host" 229 } 230 231 // Valid indicates whether the UTS namespace is valid. 232 func (n UTSMode) Valid() bool { 233 parts := strings.Split(string(n), ":") 234 switch mode := parts[0]; mode { 235 case "", "host": 236 default: 237 return false 238 } 239 return true 240 } 241 242 // PidMode represents the pid namespace of the container. 243 type PidMode string 244 245 // IsPrivate indicates whether the container uses its own new pid namespace. 246 func (n PidMode) IsPrivate() bool { 247 return !(n.IsHost() || n.IsContainer()) 248 } 249 250 // IsHost indicates whether the container uses the host's pid namespace. 251 func (n PidMode) IsHost() bool { 252 return n == "host" 253 } 254 255 // IsContainer indicates whether the container uses a container's pid namespace. 256 func (n PidMode) IsContainer() bool { 257 parts := strings.SplitN(string(n), ":", 2) 258 return len(parts) > 1 && parts[0] == "container" 259 } 260 261 // Valid indicates whether the pid namespace is valid. 262 func (n PidMode) Valid() bool { 263 parts := strings.Split(string(n), ":") 264 switch mode := parts[0]; mode { 265 case "", "host": 266 case "container": 267 if len(parts) != 2 || parts[1] == "" { 268 return false 269 } 270 default: 271 return false 272 } 273 return true 274 } 275 276 // Container returns the name of the container whose pid namespace is going to be used. 277 func (n PidMode) Container() string { 278 parts := strings.SplitN(string(n), ":", 2) 279 if len(parts) > 1 { 280 return parts[1] 281 } 282 return "" 283 } 284 285 // DeviceRequest represents a request for devices from a device driver. 286 // Used by GPU device drivers. 287 type DeviceRequest struct { 288 Driver string // Name of device driver 289 Count int // Number of devices to request (-1 = All) 290 DeviceIDs []string // List of device IDs as recognizable by the device driver 291 Capabilities [][]string // An OR list of AND lists of device capabilities (e.g. "gpu") 292 Options map[string]string // Options to pass onto the device driver 293 } 294 295 // DeviceMapping represents the device mapping between the host and the container. 296 type DeviceMapping struct { 297 PathOnHost string 298 PathInContainer string 299 CgroupPermissions string 300 } 301 302 // RestartPolicy represents the restart policies of the container. 303 type RestartPolicy struct { 304 Name string 305 MaximumRetryCount int 306 } 307 308 // IsNone indicates whether the container has the "no" restart policy. 309 // This means the container will not automatically restart when exiting. 310 func (rp *RestartPolicy) IsNone() bool { 311 return rp.Name == "no" || rp.Name == "" 312 } 313 314 // IsAlways indicates whether the container has the "always" restart policy. 315 // This means the container will automatically restart regardless of the exit status. 316 func (rp *RestartPolicy) IsAlways() bool { 317 return rp.Name == "always" 318 } 319 320 // IsOnFailure indicates whether the container has the "on-failure" restart policy. 321 // This means the container will automatically restart of exiting with a non-zero exit status. 322 func (rp *RestartPolicy) IsOnFailure() bool { 323 return rp.Name == "on-failure" 324 } 325 326 // IsUnlessStopped indicates whether the container has the 327 // "unless-stopped" restart policy. This means the container will 328 // automatically restart unless user has put it to stopped state. 329 func (rp *RestartPolicy) IsUnlessStopped() bool { 330 return rp.Name == "unless-stopped" 331 } 332 333 // IsSame compares two RestartPolicy to see if they are the same 334 func (rp *RestartPolicy) IsSame(tp *RestartPolicy) bool { 335 return rp.Name == tp.Name && rp.MaximumRetryCount == tp.MaximumRetryCount 336 } 337 338 // LogMode is a type to define the available modes for logging 339 // These modes affect how logs are handled when log messages start piling up. 340 type LogMode string 341 342 // Available logging modes 343 const ( 344 LogModeUnset LogMode = "" 345 LogModeBlocking LogMode = "blocking" 346 LogModeNonBlock LogMode = "non-blocking" 347 ) 348 349 // LogConfig represents the logging configuration of the container. 350 type LogConfig struct { 351 Type string 352 Config map[string]string 353 } 354 355 // Resources contains container's resources (cgroups config, ulimits...) 356 type Resources struct { 357 // Applicable to all platforms 358 CPUShares int64 `json:"CpuShares"` // CPU shares (relative weight vs. other containers) 359 Memory int64 // Memory limit (in bytes) 360 NanoCPUs int64 `json:"NanoCpus"` // CPU quota in units of 10<sup>-9</sup> CPUs. 361 362 // Applicable to UNIX platforms 363 CgroupParent string // Parent cgroup. 364 BlkioWeight uint16 // Block IO weight (relative weight vs. other containers) 365 BlkioWeightDevice []*blkiodev.WeightDevice 366 BlkioDeviceReadBps []*blkiodev.ThrottleDevice 367 BlkioDeviceWriteBps []*blkiodev.ThrottleDevice 368 BlkioDeviceReadIOps []*blkiodev.ThrottleDevice 369 BlkioDeviceWriteIOps []*blkiodev.ThrottleDevice 370 CPUPeriod int64 `json:"CpuPeriod"` // CPU CFS (Completely Fair Scheduler) period 371 CPUQuota int64 `json:"CpuQuota"` // CPU CFS (Completely Fair Scheduler) quota 372 CPURealtimePeriod int64 `json:"CpuRealtimePeriod"` // CPU real-time period 373 CPURealtimeRuntime int64 `json:"CpuRealtimeRuntime"` // CPU real-time runtime 374 CpusetCpus string // CpusetCpus 0-2, 0,1 375 CpusetMems string // CpusetMems 0-2, 0,1 376 Devices []DeviceMapping // List of devices to map inside the container 377 DeviceCgroupRules []string // List of rule to be added to the device cgroup 378 DeviceRequests []DeviceRequest // List of device requests for device drivers 379 380 // KernelMemory specifies the kernel memory limit (in bytes) for the container. 381 // Deprecated: kernel 5.4 deprecated kmem.limit_in_bytes. 382 KernelMemory int64 `json:",omitempty"` 383 KernelMemoryTCP int64 `json:",omitempty"` // Hard limit for kernel TCP buffer memory (in bytes) 384 MemoryReservation int64 // Memory soft limit (in bytes) 385 MemorySwap int64 // Total memory usage (memory + swap); set `-1` to enable unlimited swap 386 MemorySwappiness *int64 // Tuning container memory swappiness behaviour 387 OomKillDisable *bool // Whether to disable OOM Killer or not 388 PidsLimit *int64 // Setting PIDs limit for a container; Set `0` or `-1` for unlimited, or `null` to not change. 389 Ulimits []*units.Ulimit // List of ulimits to be set in the container 390 391 // Applicable to Windows 392 CPUCount int64 `json:"CpuCount"` // CPU count 393 CPUPercent int64 `json:"CpuPercent"` // CPU percent 394 IOMaximumIOps uint64 // Maximum IOps for the container system drive 395 IOMaximumBandwidth uint64 // Maximum IO in bytes per second for the container system drive 396 } 397 398 // UpdateConfig holds the mutable attributes of a Container. 399 // Those attributes can be updated at runtime. 400 type UpdateConfig struct { 401 // Contains container's resources (cgroups, ulimits) 402 Resources 403 RestartPolicy RestartPolicy 404 } 405 406 // HostConfig the non-portable Config structure of a container. 407 // Here, "non-portable" means "dependent of the host we are running on". 408 // Portable information *should* appear in Config. 409 type HostConfig struct { 410 // Applicable to all platforms 411 Binds []string // List of volume bindings for this container 412 ContainerIDFile string // File (path) where the containerId is written 413 LogConfig LogConfig // Configuration of the logs for this container 414 NetworkMode NetworkMode // Network mode to use for the container 415 PortBindings nat.PortMap // Port mapping between the exposed port (container) and the host 416 RestartPolicy RestartPolicy // Restart policy to be used for the container 417 AutoRemove bool // Automatically remove container when it exits 418 VolumeDriver string // Name of the volume driver used to mount volumes 419 VolumesFrom []string // List of volumes to take from other container 420 ConsoleSize [2]uint // Initial console size (height,width) 421 422 // Applicable to UNIX platforms 423 CapAdd strslice.StrSlice // List of kernel capabilities to add to the container 424 CapDrop strslice.StrSlice // List of kernel capabilities to remove from the container 425 CgroupnsMode CgroupnsMode // Cgroup namespace mode to use for the container 426 DNS []string `json:"Dns"` // List of DNS server to lookup 427 DNSOptions []string `json:"DnsOptions"` // List of DNSOption to look for 428 DNSSearch []string `json:"DnsSearch"` // List of DNSSearch to look for 429 ExtraHosts []string // List of extra hosts 430 GroupAdd []string // List of additional groups that the container process will run as 431 IpcMode IpcMode // IPC namespace to use for the container 432 Cgroup CgroupSpec // Cgroup to use for the container 433 Links []string // List of links (in the name:alias form) 434 OomScoreAdj int // Container preference for OOM-killing 435 PidMode PidMode // PID namespace to use for the container 436 Privileged bool // Is the container in privileged mode 437 PublishAllPorts bool // Should docker publish all exposed port for the container 438 ReadonlyRootfs bool // Is the container root filesystem in read-only 439 SecurityOpt []string // List of string values to customize labels for MLS systems, such as SELinux. 440 StorageOpt map[string]string `json:",omitempty"` // Storage driver options per container. 441 Tmpfs map[string]string `json:",omitempty"` // List of tmpfs (mounts) used for the container 442 UTSMode UTSMode // UTS namespace to use for the container 443 UsernsMode UsernsMode // The user namespace to use for the container 444 ShmSize int64 // Total shm memory usage 445 Sysctls map[string]string `json:",omitempty"` // List of Namespaced sysctls used for the container 446 Runtime string `json:",omitempty"` // Runtime to use with this container 447 448 // Applicable to Windows 449 Isolation Isolation // Isolation technology of the container (e.g. default, hyperv) 450 451 // Contains container's resources (cgroups, ulimits) 452 Resources 453 454 // Mounts specs used by the container 455 Mounts []mount.Mount `json:",omitempty"` 456 457 // MaskedPaths is the list of paths to be masked inside the container (this overrides the default set of paths) 458 MaskedPaths []string 459 460 // ReadonlyPaths is the list of paths to be set as read-only inside the container (this overrides the default set of paths) 461 ReadonlyPaths []string 462 463 // Run a custom init inside the container, if null, use the daemon's configured settings 464 Init *bool `json:",omitempty"` 465 }