github.com/containers/podman/v4@v4.9.4/libpod/define/annotations.go (about) 1 package define 2 3 const ( 4 // RunOCIMountContextType tells the OCI runtime which context mount 5 // type to use. context, rootcontext, fscontext, defcontext 6 RunOCIMountContextType = "run.oci.mount_context_type" 7 // RunOCIKeepOriginalGroups tells the OCI runtime to leak the users 8 // current groups into the container 9 RunOCIKeepOriginalGroups = "run.oci.keep_original_groups" 10 // InspectAnnotationCIDFile is used by Inspect to determine if a 11 // container ID file was created for the container. 12 // If an annotation with this key is found in the OCI spec, it will be 13 // used in the output of Inspect(). 14 InspectAnnotationCIDFile = "io.podman.annotations.cid-file" 15 // InspectAnnotationAutoremove is used by Inspect to determine if a 16 // container will be automatically removed on exit. 17 // If an annotation with this key is found in the OCI spec and is one of 18 // the two supported boolean values (InspectResponseTrue and 19 // InspectResponseFalse) it will be used in the output of Inspect(). 20 InspectAnnotationAutoremove = "io.podman.annotations.autoremove" 21 // InspectAnnotationVolumesFrom is used by Inspect to identify 22 // containers whose volumes are being used by this container. 23 // It is expected to be a comma-separated list of container names and/or 24 // IDs. 25 // If an annotation with this key is found in the OCI spec, it will be 26 // used in the output of Inspect(). 27 InspectAnnotationVolumesFrom = "io.podman.annotations.volumes-from" 28 // InspectAnnotationPrivileged is used by Inspect to identify containers 29 // which are privileged (IE, running with elevated privileges). 30 // It is expected to be a boolean, populated by one of 31 // InspectResponseTrue or InspectResponseFalse. 32 // If an annotation with this key is found in the OCI spec, it will be 33 // used in the output of Inspect(). 34 InspectAnnotationPrivileged = "io.podman.annotations.privileged" 35 // InspectAnnotationPublishAll is used by Inspect to identify containers 36 // which have all the ports from their image published. 37 // It is expected to be a boolean, populated by one of 38 // InspectResponseTrue or InspectResponseFalse. 39 // If an annotation with this key is found in the OCI spec, it will be 40 // used in the output of Inspect(). 41 InspectAnnotationPublishAll = "io.podman.annotations.publish-all" 42 // InspectAnnotationInit is used by Inspect to identify containers that 43 // mount an init binary in. 44 // It is expected to be a boolean, populated by one of 45 // InspectResponseTrue or InspectResponseFalse. 46 // If an annotation with this key is found in the OCI spec, it will be 47 // used in the output of Inspect(). 48 InspectAnnotationInit = "io.podman.annotations.init" 49 // InspectAnnotationLabel is used by Inspect to identify containers with 50 // special SELinux-related settings. It is used to populate the output 51 // of the SecurityOpt setting. 52 // If an annotation with this key is found in the OCI spec, it will be 53 // used in the output of Inspect(). 54 InspectAnnotationLabel = "io.podman.annotations.label" 55 // InspectAnnotationSeccomp is used by Inspect to identify containers 56 // with special Seccomp-related settings. It is used to populate the 57 // output of the SecurityOpt setting in Inspect. 58 // If an annotation with this key is found in the OCI spec, it will be 59 // used in the output of Inspect(). 60 InspectAnnotationSeccomp = "io.podman.annotations.seccomp" 61 // InspectAnnotationApparmor is used by Inspect to identify containers 62 // with special Apparmor-related settings. It is used to populate the 63 // output of the SecurityOpt setting. 64 // If an annotation with this key is found in the OCI spec, it will be 65 // used in the output of Inspect(). 66 InspectAnnotationApparmor = "io.podman.annotations.apparmor" 67 // InspectResponseTrue is a boolean True response for an inspect 68 // annotation. 69 InspectResponseTrue = "TRUE" 70 // InspectResponseFalse is a boolean False response for an inspect 71 // annotation. 72 InspectResponseFalse = "FALSE" 73 74 // CheckpointAnnotationName is used by Container Checkpoint when creating a 75 // checkpoint image to specify the original human-readable name for the 76 // container. 77 CheckpointAnnotationName = "io.podman.annotations.checkpoint.name" 78 79 // CheckpointAnnotationRawImageName is used by Container Checkpoint when 80 // creating a checkpoint image to specify the original unprocessed name of 81 // the image used to create the container (as specified by the user). 82 CheckpointAnnotationRawImageName = "io.podman.annotations.checkpoint.rawImageName" 83 84 // CheckpointAnnotationRootfsImageID is used by Container Checkpoint when 85 // creating a checkpoint image to specify the original ID of the image used 86 // to create the container. 87 CheckpointAnnotationRootfsImageID = "io.podman.annotations.checkpoint.rootfsImageID" 88 89 // CheckpointAnnotationRootfsImageName is used by Container Checkpoint when 90 // creating a checkpoint image to specify the original image name used to 91 // create the container. 92 CheckpointAnnotationRootfsImageName = "io.podman.annotations.checkpoint.rootfsImageName" 93 94 // CheckpointAnnotationPodmanVersion is used by Container Checkpoint when 95 // creating a checkpoint image to specify the version of Podman used on the 96 // host where the checkpoint was created. 97 CheckpointAnnotationPodmanVersion = "io.podman.annotations.checkpoint.podman.version" 98 99 // CheckpointAnnotationCriuVersion is used by Container Checkpoint when 100 // creating a checkpoint image to specify the version of CRIU used on the 101 // host where the checkpoint was created. 102 CheckpointAnnotationCriuVersion = "io.podman.annotations.checkpoint.criu.version" 103 104 // CheckpointAnnotationRuntimeName is used by Container Checkpoint when 105 // creating a checkpoint image to specify the runtime used on the host where 106 // the checkpoint was created. 107 CheckpointAnnotationRuntimeName = "io.podman.annotations.checkpoint.runtime.name" 108 109 // CheckpointAnnotationRuntimeVersion is used by Container Checkpoint when 110 // creating a checkpoint image to specify the version of runtime used on the 111 // host where the checkpoint was created. 112 CheckpointAnnotationRuntimeVersion = "io.podman.annotations.checkpoint.runtime.version" 113 114 // CheckpointAnnotationConmonVersion is used by Container Checkpoint when 115 // creating a checkpoint image to specify the version of conmon used on 116 // the host where the checkpoint was created. 117 CheckpointAnnotationConmonVersion = "io.podman.annotations.checkpoint.conmon.version" 118 119 // CheckpointAnnotationHostArch is used by Container Checkpoint when 120 // creating a checkpoint image to specify the CPU architecture of the host 121 // on which the checkpoint was created. 122 CheckpointAnnotationHostArch = "io.podman.annotations.checkpoint.host.arch" 123 124 // CheckpointAnnotationHostKernel is used by Container Checkpoint when 125 // creating a checkpoint image to specify the kernel version used by the 126 // host where the checkpoint was created. 127 CheckpointAnnotationHostKernel = "io.podman.annotations.checkpoint.host.kernel" 128 129 // CheckpointAnnotationCgroupVersion is used by Container Checkpoint when 130 // creating a checkpoint image to specify the cgroup version used by the 131 // host where the checkpoint was created. 132 CheckpointAnnotationCgroupVersion = "io.podman.annotations.checkpoint.cgroups.version" 133 134 // CheckpointAnnotationDistributionVersion is used by Container Checkpoint 135 // when creating a checkpoint image to specify the version of host 136 // distribution on which the checkpoint was created. 137 CheckpointAnnotationDistributionVersion = "io.podman.annotations.checkpoint.distribution.version" 138 139 // CheckpointAnnotationDistributionName is used by Container Checkpoint when 140 // creating a checkpoint image to specify the name of host distribution on 141 // which the checkpoint was created. 142 CheckpointAnnotationDistributionName = "io.podman.annotations.checkpoint.distribution.name" 143 144 // InitContainerType is used by play kube when playing a kube yaml to specify the type 145 // of the init container. 146 InitContainerType = "io.podman.annotations.init.container.type" 147 148 // InfraNameAnnotation is used by generate and play kube when the infra container is set by the user during 149 // pod creation 150 InfraNameAnnotation = "io.podman.annotations.infra.name" 151 152 // UlimitAnnotation is used by kube play when playing a kube yaml to specify the ulimits 153 // of the container 154 UlimitAnnotation = "io.podman.annotations.ulimit" 155 156 // KubeHealthCheckAnnotation is used by kube play to tell podman that any health checks should follow 157 // the k8s behavior of waiting for the intialDelaySeconds to be over before updating the status 158 KubeHealthCheckAnnotation = "io.podman.annotations.kube.health.check" 159 160 // MaxKubeAnnotation is the max length of annotations allowed by Kubernetes. 161 MaxKubeAnnotation = 63 162 ) 163 164 // IsReservedAnnotation returns true if the specified value corresponds to an 165 // already reserved annotation that Podman sets during container creation. 166 func IsReservedAnnotation(value string) bool { 167 switch value { 168 case InspectAnnotationCIDFile, InspectAnnotationAutoremove, InspectAnnotationVolumesFrom, InspectAnnotationPrivileged, InspectAnnotationPublishAll, InspectAnnotationInit, InspectAnnotationLabel, InspectAnnotationSeccomp, InspectAnnotationApparmor, InspectResponseTrue, InspectResponseFalse: 169 return true 170 171 default: 172 return false 173 } 174 }