github.com/containers/podman/v4@v4.9.4/libpod/define/container_inspect.go (about) 1 package define 2 3 import ( 4 "time" 5 6 "github.com/containers/image/v5/manifest" 7 ) 8 9 type InspectIDMappings struct { 10 UIDMap []string `json:"UidMap"` 11 GIDMap []string `json:"GidMap"` 12 } 13 14 // InspectContainerConfig holds further data about how a container was initially 15 // configured. 16 type InspectContainerConfig struct { 17 // Container hostname 18 Hostname string `json:"Hostname"` 19 // Container domain name - unused at present 20 DomainName string `json:"Domainname"` 21 // User the container was launched with 22 User string `json:"User"` 23 // Unused, at present 24 AttachStdin bool `json:"AttachStdin"` 25 // Unused, at present 26 AttachStdout bool `json:"AttachStdout"` 27 // Unused, at present 28 AttachStderr bool `json:"AttachStderr"` 29 // Whether the container creates a TTY 30 Tty bool `json:"Tty"` 31 // Whether the container leaves STDIN open 32 OpenStdin bool `json:"OpenStdin"` 33 // Whether STDIN is only left open once. 34 // Presently not supported by Podman, unused. 35 StdinOnce bool `json:"StdinOnce"` 36 // Container environment variables 37 Env []string `json:"Env"` 38 // Container command 39 Cmd []string `json:"Cmd"` 40 // Container image 41 Image string `json:"Image"` 42 // Unused, at present. I've never seen this field populated. 43 Volumes map[string]struct{} `json:"Volumes"` 44 // Container working directory 45 WorkingDir string `json:"WorkingDir"` 46 // Container entrypoint 47 Entrypoint string `json:"Entrypoint"` 48 // On-build arguments - presently unused. More of Buildah's domain. 49 OnBuild *string `json:"OnBuild"` 50 // Container labels 51 Labels map[string]string `json:"Labels"` 52 // Container annotations 53 Annotations map[string]string `json:"Annotations"` 54 // Container stop signal 55 StopSignal uint `json:"StopSignal"` 56 // Configured healthcheck for the container 57 Healthcheck *manifest.Schema2HealthConfig `json:"Healthcheck,omitempty"` 58 // HealthcheckOnFailureAction defines an action to take once the container turns unhealthy. 59 HealthcheckOnFailureAction string `json:"HealthcheckOnFailureAction,omitempty"` 60 // CreateCommand is the full command plus arguments of the process the 61 // container has been created with. 62 CreateCommand []string `json:"CreateCommand,omitempty"` 63 // Timezone is the timezone inside the container. 64 // Local means it has the same timezone as the host machine 65 Timezone string `json:"Timezone,omitempty"` 66 // SystemdMode is whether the container is running in systemd mode. In 67 // systemd mode, the container configuration is customized to optimize 68 // running systemd in the container. 69 SystemdMode bool `json:"SystemdMode,omitempty"` 70 // Umask is the umask inside the container. 71 Umask string `json:"Umask,omitempty"` 72 // Secrets are the secrets mounted in the container 73 Secrets []*InspectSecret `json:"Secrets,omitempty"` 74 // Timeout is time before container is killed by conmon 75 Timeout uint `json:"Timeout"` 76 // StopTimeout is time before container is stopped when calling stop 77 StopTimeout uint `json:"StopTimeout"` 78 // Passwd determines whether or not podman can add entries to /etc/passwd and /etc/group 79 Passwd *bool `json:"Passwd,omitempty"` 80 // ChrootDirs is an additional set of directories that need to be 81 // treated as root directories. Standard bind mounts will be mounted 82 // into paths relative to these directories. 83 ChrootDirs []string `json:"ChrootDirs,omitempty"` 84 // SdNotifyMode is the sd-notify mode of the container. 85 SdNotifyMode string `json:"sdNotifyMode,omitempty"` 86 // SdNotifySocket is the NOTIFY_SOCKET in use by/configured for the container. 87 SdNotifySocket string `json:"sdNotifySocket,omitempty"` 88 } 89 90 // InspectRestartPolicy holds information about the container's restart policy. 91 type InspectRestartPolicy struct { 92 // Name contains the container's restart policy. 93 // Allowable values are "no" or "" (take no action), 94 // "on-failure" (restart on non-zero exit code, with an optional max 95 // retry count), and "always" (always restart on container stop, unless 96 // explicitly requested by API). 97 // Note that this is NOT actually a name of any sort - the poor naming 98 // is for Docker compatibility. 99 Name string `json:"Name"` 100 // MaximumRetryCount is the maximum number of retries allowed if the 101 // "on-failure" restart policy is in use. Not used if "on-failure" is 102 // not set. 103 MaximumRetryCount uint `json:"MaximumRetryCount"` 104 } 105 106 // InspectLogConfig holds information about a container's configured log driver 107 type InspectLogConfig struct { 108 Type string `json:"Type"` 109 Config map[string]string `json:"Config"` 110 // Path specifies a path to the log file 111 Path string `json:"Path"` 112 // Tag specifies a custom log tag for the container 113 Tag string `json:"Tag"` 114 // Size specifies a maximum size of the container log 115 Size string `json:"Size"` 116 } 117 118 // InspectBlkioWeightDevice holds information about the relative weight 119 // of an individual device node. Weights are used in the I/O scheduler to give 120 // relative priority to some accesses. 121 type InspectBlkioWeightDevice struct { 122 // Path is the path to the device this applies to. 123 Path string `json:"Path"` 124 // Weight is the relative weight the scheduler will use when scheduling 125 // I/O. 126 Weight uint16 `json:"Weight"` 127 } 128 129 // InspectBlkioThrottleDevice holds information about a speed cap for a device 130 // node. This cap applies to a specific operation (read, write, etc) on the given 131 // node. 132 type InspectBlkioThrottleDevice struct { 133 // Path is the path to the device this applies to. 134 Path string `json:"Path"` 135 // Rate is the maximum rate. It is in either bytes per second or iops 136 // per second, determined by where it is used - documentation will 137 // indicate which is appropriate. 138 Rate uint64 `json:"Rate"` 139 } 140 141 // InspectUlimit is a ulimit that will be applied to the container. 142 type InspectUlimit struct { 143 // Name is the name (type) of the ulimit. 144 Name string `json:"Name"` 145 // Soft is the soft limit that will be applied. 146 Soft int64 `json:"Soft"` 147 // Hard is the hard limit that will be applied. 148 Hard int64 `json:"Hard"` 149 } 150 151 // InspectDevice is a single device that will be mounted into the container. 152 type InspectDevice struct { 153 // PathOnHost is the path of the device on the host. 154 PathOnHost string `json:"PathOnHost"` 155 // PathInContainer is the path of the device within the container. 156 PathInContainer string `json:"PathInContainer"` 157 // CgroupPermissions is the permissions of the mounted device. 158 // Presently not populated. 159 // TODO. 160 CgroupPermissions string `json:"CgroupPermissions"` 161 } 162 163 // InspectHostPort provides information on a port on the host that a container's 164 // port is bound to. 165 type InspectHostPort struct { 166 // IP on the host we are bound to. "" if not specified (binding to all 167 // IPs). 168 HostIP string `json:"HostIp"` 169 // Port on the host we are bound to. No special formatting - just an 170 // integer stuffed into a string. 171 HostPort string `json:"HostPort"` 172 } 173 174 // InspectMount provides a record of a single mount in a container. It contains 175 // fields for both named and normal volumes. Only user-specified volumes will be 176 // included, and tmpfs volumes are not included even if the user specified them. 177 type InspectMount struct { 178 // Whether the mount is a volume or bind mount. Allowed values are 179 // "volume" and "bind". 180 Type string `json:"Type"` 181 // The name of the volume. Empty for bind mounts. 182 Name string `json:"Name,omitempty"` 183 // The source directory for the volume. 184 Source string `json:"Source"` 185 // The destination directory for the volume. Specified as a path within 186 // the container, as it would be passed into the OCI runtime. 187 Destination string `json:"Destination"` 188 // The driver used for the named volume. Empty for bind mounts. 189 Driver string `json:"Driver"` 190 // Contains SELinux :z/:Z mount options. Unclear what, if anything, else 191 // goes in here. 192 Mode string `json:"Mode"` 193 // All remaining mount options. Additional data, not present in the 194 // original output. 195 Options []string `json:"Options"` 196 // Whether the volume is read-write 197 RW bool `json:"RW"` 198 // Mount propagation for the mount. Can be empty if not specified, but 199 // is always printed - no omitempty. 200 Propagation string `json:"Propagation"` 201 } 202 203 // InspectContainerState provides a detailed record of a container's current 204 // state. It is returned as part of InspectContainerData. 205 // As with InspectContainerData, many portions of this struct are matched to 206 // Docker, but here we see more fields that are unused (nonsensical in the 207 // context of Libpod). 208 type InspectContainerState struct { 209 OciVersion string `json:"OciVersion"` 210 Status string `json:"Status"` 211 Running bool `json:"Running"` 212 Paused bool `json:"Paused"` 213 Restarting bool `json:"Restarting"` // TODO 214 OOMKilled bool `json:"OOMKilled"` 215 Dead bool `json:"Dead"` 216 Pid int `json:"Pid"` 217 ConmonPid int `json:"ConmonPid,omitempty"` 218 ExitCode int32 `json:"ExitCode"` 219 Error string `json:"Error"` // TODO 220 StartedAt time.Time `json:"StartedAt"` 221 FinishedAt time.Time `json:"FinishedAt"` 222 Health HealthCheckResults `json:"Health,omitempty"` 223 Checkpointed bool `json:"Checkpointed,omitempty"` 224 CgroupPath string `json:"CgroupPath,omitempty"` 225 CheckpointedAt time.Time `json:"CheckpointedAt,omitempty"` 226 RestoredAt time.Time `json:"RestoredAt,omitempty"` 227 CheckpointLog string `json:"CheckpointLog,omitempty"` 228 CheckpointPath string `json:"CheckpointPath,omitempty"` 229 RestoreLog string `json:"RestoreLog,omitempty"` 230 Restored bool `json:"Restored,omitempty"` 231 StoppedByUser bool `json:"StoppedByUser,omitempty"` 232 } 233 234 // Healthcheck returns the HealthCheckResults. This is used for old podman compat 235 // to make the "Healthcheck" key available in the go template. 236 func (s *InspectContainerState) Healthcheck() HealthCheckResults { 237 return s.Health 238 } 239 240 // HealthCheckResults describes the results/logs from a healthcheck 241 type HealthCheckResults struct { 242 // Status starting, healthy or unhealthy 243 Status string `json:"Status"` 244 // FailingStreak is the number of consecutive failed healthchecks 245 FailingStreak int `json:"FailingStreak"` 246 // Log describes healthcheck attempts and results 247 Log []HealthCheckLog `json:"Log"` 248 } 249 250 // HealthCheckLog describes the results of a single healthcheck 251 type HealthCheckLog struct { 252 // Start time as string 253 Start string `json:"Start"` 254 // End time as a string 255 End string `json:"End"` 256 // Exitcode is 0 or 1 257 ExitCode int `json:"ExitCode"` 258 // Output is the stdout/stderr from the healthcheck command 259 Output string `json:"Output"` 260 } 261 262 // InspectContainerHostConfig holds information used when the container was 263 // created. 264 // It's very much a Docker-specific struct, retained (mostly) as-is for 265 // compatibility. We fill individual fields as best as we can, inferring as much 266 // as possible from the spec and container config. 267 // Some things cannot be inferred. These will be populated by spec annotations 268 // (if available). 269 // 270 //nolint:revive,stylecheck // Field names are fixed for compatibility and cannot be changed. 271 type InspectContainerHostConfig struct { 272 // Binds contains an array of user-added mounts. 273 // Both volume mounts and named volumes are included. 274 // Tmpfs mounts are NOT included. 275 // In 'docker inspect' this is separated into 'Binds' and 'Mounts' based 276 // on how a mount was added. We do not make this distinction and do not 277 // include a Mounts field in inspect. 278 // Format: <src>:<destination>[:<comma-separated options>] 279 Binds []string `json:"Binds"` 280 // CgroupManager is the cgroup manager used by the container. 281 // At present, allowed values are either "cgroupfs" or "systemd". 282 CgroupManager string `json:"CgroupManager,omitempty"` 283 // CgroupMode is the configuration of the container's cgroup namespace. 284 // Populated as follows: 285 // private - a cgroup namespace has been created 286 // host - No cgroup namespace created 287 // container:<id> - Using another container's cgroup namespace 288 // ns:<path> - A path to a cgroup namespace has been specified 289 CgroupMode string `json:"CgroupMode"` 290 // ContainerIDFile is a file created during container creation to hold 291 // the ID of the created container. 292 // This is not handled within libpod and is stored in an annotation. 293 ContainerIDFile string `json:"ContainerIDFile"` 294 // LogConfig contains information on the container's logging backend 295 LogConfig *InspectLogConfig `json:"LogConfig"` 296 // NetworkMode is the configuration of the container's network 297 // namespace. 298 // Populated as follows: 299 // default - A network namespace is being created and configured via CNI 300 // none - A network namespace is being created, not configured via CNI 301 // host - No network namespace created 302 // container:<id> - Using another container's network namespace 303 // ns:<path> - A path to a network namespace has been specified 304 NetworkMode string `json:"NetworkMode"` 305 // PortBindings contains the container's port bindings. 306 // It is formatted as map[string][]InspectHostPort. 307 // The string key here is formatted as <integer port number>/<protocol> 308 // and represents the container port. A single container port may be 309 // bound to multiple host ports (on different IPs). 310 PortBindings map[string][]InspectHostPort `json:"PortBindings"` 311 // RestartPolicy contains the container's restart policy. 312 RestartPolicy *InspectRestartPolicy `json:"RestartPolicy"` 313 // AutoRemove is whether the container will be automatically removed on 314 // exiting. 315 // It is not handled directly within libpod and is stored in an 316 // annotation. 317 AutoRemove bool `json:"AutoRemove"` 318 // VolumeDriver is presently unused and is retained for Docker 319 // compatibility. 320 VolumeDriver string `json:"VolumeDriver"` 321 // VolumesFrom is a list of containers which this container uses volumes 322 // from. This is not handled directly within libpod and is stored in an 323 // annotation. 324 // It is formatted as an array of container names and IDs. 325 VolumesFrom []string `json:"VolumesFrom"` 326 // CapAdd is a list of capabilities added to the container. 327 // It is not directly stored by Libpod, and instead computed from the 328 // capabilities listed in the container's spec, compared against a set 329 // of default capabilities. 330 CapAdd []string `json:"CapAdd"` 331 // CapDrop is a list of capabilities removed from the container. 332 // It is not directly stored by libpod, and instead computed from the 333 // capabilities listed in the container's spec, compared against a set 334 // of default capabilities. 335 CapDrop []string `json:"CapDrop"` 336 // Dns is a list of DNS nameservers that will be added to the 337 // container's resolv.conf 338 Dns []string `json:"Dns"` 339 // DnsOptions is a list of DNS options that will be set in the 340 // container's resolv.conf 341 DnsOptions []string `json:"DnsOptions"` 342 // DnsSearch is a list of DNS search domains that will be set in the 343 // container's resolv.conf 344 DnsSearch []string `json:"DnsSearch"` 345 // ExtraHosts contains hosts that will be added to the container's 346 // /etc/hosts. 347 ExtraHosts []string `json:"ExtraHosts"` 348 // GroupAdd contains groups that the user inside the container will be 349 // added to. 350 GroupAdd []string `json:"GroupAdd"` 351 // IpcMode represents the configuration of the container's IPC 352 // namespace. 353 // Populated as follows: 354 // "" (empty string) - Default, an IPC namespace will be created 355 // host - No IPC namespace created 356 // container:<id> - Using another container's IPC namespace 357 // ns:<path> - A path to an IPC namespace has been specified 358 IpcMode string `json:"IpcMode"` 359 // Cgroup contains the container's cgroup. It is presently not 360 // populated. 361 // TODO. 362 Cgroup string `json:"Cgroup"` 363 // Cgroups contains the container's Cgroup mode. 364 // Allowed values are "default" (container is creating Cgroups) and 365 // "disabled" (container is not creating Cgroups). 366 // This is Libpod-specific and not included in `docker inspect`. 367 Cgroups string `json:"Cgroups"` 368 // Links is unused, and provided purely for Docker compatibility. 369 Links []string `json:"Links"` 370 // OOMScoreAdj is an adjustment that will be made to the container's OOM 371 // score. 372 OomScoreAdj int `json:"OomScoreAdj"` 373 // PidMode represents the configuration of the container's PID 374 // namespace. 375 // Populated as follows: 376 // "" (empty string) - Default, a PID namespace will be created 377 // host - No PID namespace created 378 // container:<id> - Using another container's PID namespace 379 // ns:<path> - A path to a PID namespace has been specified 380 PidMode string `json:"PidMode"` 381 // Privileged indicates whether the container is running with elevated 382 // privileges. 383 // This has a very specific meaning in the Docker sense, so it's very 384 // difficult to decode from the spec and config, and so is stored as an 385 // annotation. 386 Privileged bool `json:"Privileged"` 387 // PublishAllPorts indicates whether image ports are being published. 388 // This is not directly stored in libpod and is saved as an annotation. 389 PublishAllPorts bool `json:"PublishAllPorts"` 390 // ReadonlyRootfs is whether the container will be mounted read-only. 391 ReadonlyRootfs bool `json:"ReadonlyRootfs"` 392 // SecurityOpt is a list of security-related options that are set in the 393 // container. 394 SecurityOpt []string `json:"SecurityOpt"` 395 // Tmpfs is a list of tmpfs filesystems that will be mounted into the 396 // container. 397 // It is a map of destination path to options for the mount. 398 Tmpfs map[string]string `json:"Tmpfs"` 399 // UTSMode represents the configuration of the container's UID 400 // namespace. 401 // Populated as follows: 402 // "" (empty string) - Default, a UTS namespace will be created 403 // host - no UTS namespace created 404 // container:<id> - Using another container's UTS namespace 405 // ns:<path> - A path to a UTS namespace has been specified 406 UTSMode string `json:"UTSMode"` 407 // UsernsMode represents the configuration of the container's user 408 // namespace. 409 // When running rootless, a user namespace is created outside of libpod 410 // to allow some privileged operations. This will not be reflected here. 411 // Populated as follows: 412 // "" (empty string) - No user namespace will be created 413 // private - The container will be run in a user namespace 414 // container:<id> - Using another container's user namespace 415 // ns:<path> - A path to a user namespace has been specified 416 // TODO Rootless has an additional 'keep-id' option, presently not 417 // reflected here. 418 UsernsMode string `json:"UsernsMode"` 419 // IDMappings is the UIDMapping and GIDMapping used within the container 420 IDMappings *InspectIDMappings `json:"IDMappings,omitempty"` 421 // ShmSize is the size of the container's SHM device. 422 423 ShmSize int64 `json:"ShmSize"` 424 // Runtime is provided purely for Docker compatibility. 425 // It is set unconditionally to "oci" as Podman does not presently 426 // support non-OCI runtimes. 427 Runtime string `json:"Runtime"` 428 // ConsoleSize is an array of 2 integers showing the size of the 429 // container's console. 430 // It is only set if the container is creating a terminal. 431 // TODO. 432 ConsoleSize []uint `json:"ConsoleSize"` 433 // Isolation is presently unused and provided solely for Docker 434 // compatibility. 435 Isolation string `json:"Isolation"` 436 // CpuShares indicates the CPU resources allocated to the container. 437 // It is a relative weight in the scheduler for assigning CPU time 438 // versus other Cgroups. 439 CpuShares uint64 `json:"CpuShares"` 440 // Memory indicates the memory resources allocated to the container. 441 // This is the limit (in bytes) of RAM the container may use. 442 Memory int64 `json:"Memory"` 443 // NanoCpus indicates number of CPUs allocated to the container. 444 // It is an integer where one full CPU is indicated by 1000000000 (one 445 // billion). 446 // Thus, 2.5 CPUs (fractional portions of CPUs are allowed) would be 447 // 2500000000 (2.5 billion). 448 // In 'docker inspect' this is set exclusively of two further options in 449 // the output (CpuPeriod and CpuQuota) which are both used to implement 450 // this functionality. 451 // We can't distinguish here, so if CpuQuota is set to the default of 452 // 100000, we will set both CpuQuota, CpuPeriod, and NanoCpus. If 453 // CpuQuota is not the default, we will not set NanoCpus. 454 NanoCpus int64 `json:"NanoCpus"` 455 // CgroupParent is the Cgroup parent of the container. 456 // Only set if not default. 457 CgroupParent string `json:"CgroupParent"` 458 // BlkioWeight indicates the I/O resources allocated to the container. 459 // It is a relative weight in the scheduler for assigning I/O time 460 // versus other Cgroups. 461 BlkioWeight uint16 `json:"BlkioWeight"` 462 // BlkioWeightDevice is an array of I/O resource priorities for 463 // individual device nodes. 464 // Unfortunately, the spec only stores the device's Major/Minor numbers 465 // and not the path, which is used here. 466 // Fortunately, the kernel provides an interface for retrieving the path 467 // of a given node by major:minor at /sys/dev/. However, the exact path 468 // in use may not be what was used in the original CLI invocation - 469 // though it is guaranteed that the device node will be the same, and 470 // using the given path will be functionally identical. 471 BlkioWeightDevice []InspectBlkioWeightDevice `json:"BlkioWeightDevice"` 472 // BlkioDeviceReadBps is an array of I/O throttle parameters for 473 // individual device nodes. 474 // This specifically sets read rate cap in bytes per second for device 475 // nodes. 476 // As with BlkioWeightDevice, we pull the path from /sys/dev, and we 477 // don't guarantee the path will be identical to the original (though 478 // the node will be). 479 BlkioDeviceReadBps []InspectBlkioThrottleDevice `json:"BlkioDeviceReadBps"` 480 // BlkioDeviceWriteBps is an array of I/O throttle parameters for 481 // individual device nodes. 482 // this specifically sets write rate cap in bytes per second for device 483 // nodes. 484 // as with BlkioWeightDevice, we pull the path from /sys/dev, and we 485 // don't guarantee the path will be identical to the original (though 486 // the node will be). 487 BlkioDeviceWriteBps []InspectBlkioThrottleDevice `json:"BlkioDeviceWriteBps"` 488 // BlkioDeviceReadIOps is an array of I/O throttle parameters for 489 // individual device nodes. 490 // This specifically sets the read rate cap in iops per second for 491 // device nodes. 492 // As with BlkioWeightDevice, we pull the path from /sys/dev, and we 493 // don't guarantee the path will be identical to the original (though 494 // the node will be). 495 BlkioDeviceReadIOps []InspectBlkioThrottleDevice `json:"BlkioDeviceReadIOps"` 496 // BlkioDeviceWriteIOps is an array of I/O throttle parameters for 497 // individual device nodes. 498 // This specifically sets the write rate cap in iops per second for 499 // device nodes. 500 // As with BlkioWeightDevice, we pull the path from /sys/dev, and we 501 // don't guarantee the path will be identical to the original (though 502 // the node will be). 503 BlkioDeviceWriteIOps []InspectBlkioThrottleDevice `json:"BlkioDeviceWriteIOps"` 504 // CpuPeriod is the length of a CPU period in microseconds. 505 // It relates directly to CpuQuota. 506 CpuPeriod uint64 `json:"CpuPeriod"` 507 // CpuPeriod is the amount of time (in microseconds) that a container 508 // can use the CPU in every CpuPeriod. 509 CpuQuota int64 `json:"CpuQuota"` 510 // CpuRealtimePeriod is the length of time (in microseconds) of the CPU 511 // realtime period. If set to 0, no time will be allocated to realtime 512 // tasks. 513 CpuRealtimePeriod uint64 `json:"CpuRealtimePeriod"` 514 // CpuRealtimeRuntime is the length of time (in microseconds) allocated 515 // for realtime tasks within every CpuRealtimePeriod. 516 CpuRealtimeRuntime int64 `json:"CpuRealtimeRuntime"` 517 // CpusetCpus is the set of CPUs that the container will execute on. 518 // Formatted as `0-3` or `0,2`. Default (if unset) is all CPUs. 519 CpusetCpus string `json:"CpusetCpus"` 520 // CpusetMems is the set of memory nodes the container will use. 521 // Formatted as `0-3` or `0,2`. Default (if unset) is all memory nodes. 522 CpusetMems string `json:"CpusetMems"` 523 // Devices is a list of device nodes that will be added to the 524 // container. 525 // These are stored in the OCI spec only as type, major, minor while we 526 // display the host path. We convert this with /sys/dev, but we cannot 527 // guarantee that the host path will be identical - only that the actual 528 // device will be. 529 Devices []InspectDevice `json:"Devices"` 530 // DiskQuota is the maximum amount of disk space the container may use 531 // (in bytes). 532 // Presently not populated. 533 // TODO. 534 DiskQuota uint64 `json:"DiskQuota"` 535 // KernelMemory is the maximum amount of memory the kernel will devote 536 // to the container. 537 KernelMemory int64 `json:"KernelMemory"` 538 // MemoryReservation is the reservation (soft limit) of memory available 539 // to the container. Soft limits are warnings only and can be exceeded. 540 MemoryReservation int64 `json:"MemoryReservation"` 541 // MemorySwap is the total limit for all memory available to the 542 // container, including swap. 0 indicates that there is no limit to the 543 // amount of memory available. 544 MemorySwap int64 `json:"MemorySwap"` 545 // MemorySwappiness is the willingness of the kernel to page container 546 // memory to swap. It is an integer from 0 to 100, with low numbers 547 // being more likely to be put into swap. 548 // -1, the default, will not set swappiness and use the system defaults. 549 MemorySwappiness int64 `json:"MemorySwappiness"` 550 // OomKillDisable indicates whether the kernel OOM killer is disabled 551 // for the container. 552 OomKillDisable bool `json:"OomKillDisable"` 553 // Init indicates whether the container has an init mounted into it. 554 Init bool `json:"Init,omitempty"` 555 // PidsLimit is the maximum number of PIDs that may be created within 556 // the container. 0, the default, indicates no limit. 557 PidsLimit int64 `json:"PidsLimit"` 558 // Ulimits is a set of ulimits that will be set within the container. 559 Ulimits []InspectUlimit `json:"Ulimits"` 560 // CpuCount is Windows-only and not presently implemented. 561 CpuCount uint64 `json:"CpuCount"` 562 // CpuPercent is Windows-only and not presently implemented. 563 CpuPercent uint64 `json:"CpuPercent"` 564 // IOMaximumIOps is Windows-only and not presently implemented. 565 IOMaximumIOps uint64 `json:"IOMaximumIOps"` 566 // IOMaximumBandwidth is Windows-only and not presently implemented. 567 IOMaximumBandwidth uint64 `json:"IOMaximumBandwidth"` 568 // CgroupConf is the configuration for cgroup v2. 569 CgroupConf map[string]string `json:"CgroupConf"` 570 // IntelRdtClosID defines the Intel RDT CAT Class Of Service (COS) that 571 // all processes of the container should run in. 572 IntelRdtClosID string `json:"IntelRdtClosID,omitempty"` 573 } 574 575 // Address represents an IP address. 576 type Address struct { 577 Addr string 578 PrefixLength int 579 } 580 581 // InspectBasicNetworkConfig holds basic configuration information (e.g. IP 582 // addresses, MAC address, subnet masks, etc) that are common for all networks 583 // (both additional and main). 584 type InspectBasicNetworkConfig struct { 585 // EndpointID is unused, maintained exclusively for compatibility. 586 EndpointID string `json:"EndpointID"` 587 // Gateway is the IP address of the gateway this network will use. 588 Gateway string `json:"Gateway"` 589 // IPAddress is the IP address for this network. 590 IPAddress string `json:"IPAddress"` 591 // IPPrefixLen is the length of the subnet mask of this network. 592 IPPrefixLen int `json:"IPPrefixLen"` 593 // SecondaryIPAddresses is a list of extra IP Addresses that the 594 // container has been assigned in this network. 595 SecondaryIPAddresses []Address `json:"SecondaryIPAddresses,omitempty"` 596 // IPv6Gateway is the IPv6 gateway this network will use. 597 IPv6Gateway string `json:"IPv6Gateway"` 598 // GlobalIPv6Address is the global-scope IPv6 Address for this network. 599 GlobalIPv6Address string `json:"GlobalIPv6Address"` 600 // GlobalIPv6PrefixLen is the length of the subnet mask of this network. 601 GlobalIPv6PrefixLen int `json:"GlobalIPv6PrefixLen"` 602 // SecondaryIPv6Addresses is a list of extra IPv6 Addresses that the 603 // container has been assigned in this network. 604 SecondaryIPv6Addresses []Address `json:"SecondaryIPv6Addresses,omitempty"` 605 // MacAddress is the MAC address for the interface in this network. 606 MacAddress string `json:"MacAddress"` 607 // AdditionalMacAddresses is a set of additional MAC Addresses beyond 608 // the first. CNI may configure more than one interface for a single 609 // network, which can cause this. 610 AdditionalMacAddresses []string `json:"AdditionalMACAddresses,omitempty"` 611 } 612 613 // InspectAdditionalNetwork holds information about non-default networks the 614 // container has been connected to. 615 // As with InspectNetworkSettings, many fields are unused and maintained only 616 // for compatibility with Docker. 617 type InspectAdditionalNetwork struct { 618 InspectBasicNetworkConfig 619 620 // Name of the network we're connecting to. 621 NetworkID string `json:"NetworkID,omitempty"` 622 // DriverOpts is presently unused and maintained exclusively for 623 // compatibility. 624 DriverOpts map[string]string `json:"DriverOpts"` 625 // IPAMConfig is presently unused and maintained exclusively for 626 // compatibility. 627 IPAMConfig map[string]string `json:"IPAMConfig"` 628 // Links is presently unused and maintained exclusively for 629 // compatibility. 630 Links []string `json:"Links"` 631 // Aliases are any network aliases the container has in this network. 632 Aliases []string `json:"Aliases,omitempty"` 633 } 634 635 // InspectNetworkSettings holds information about the network settings of the 636 // container. 637 // Many fields are maintained only for compatibility with `docker inspect` and 638 // are unused within Libpod. 639 type InspectNetworkSettings struct { 640 InspectBasicNetworkConfig 641 642 Bridge string `json:"Bridge"` 643 SandboxID string `json:"SandboxID"` 644 HairpinMode bool `json:"HairpinMode"` 645 LinkLocalIPv6Address string `json:"LinkLocalIPv6Address"` 646 LinkLocalIPv6PrefixLen int `json:"LinkLocalIPv6PrefixLen"` 647 Ports map[string][]InspectHostPort `json:"Ports"` 648 SandboxKey string `json:"SandboxKey"` 649 // Networks contains information on non-default networks this 650 // container has joined. 651 // It is a map of network name to network information. 652 Networks map[string]*InspectAdditionalNetwork `json:"Networks,omitempty"` 653 } 654 655 // InspectContainerData provides a detailed record of a container's configuration 656 // and state as viewed by Libpod. 657 // Large portions of this structure are defined such that the output is 658 // compatible with `docker inspect` JSON, but additional fields have been added 659 // as required to share information not in the original output. 660 type InspectContainerData struct { 661 ID string `json:"Id"` 662 Created time.Time `json:"Created"` 663 Path string `json:"Path"` 664 Args []string `json:"Args"` 665 State *InspectContainerState `json:"State"` 666 Image string `json:"Image"` 667 ImageDigest string `json:"ImageDigest"` 668 ImageName string `json:"ImageName"` 669 Rootfs string `json:"Rootfs"` 670 Pod string `json:"Pod"` 671 ResolvConfPath string `json:"ResolvConfPath"` 672 HostnamePath string `json:"HostnamePath"` 673 HostsPath string `json:"HostsPath"` 674 StaticDir string `json:"StaticDir"` 675 OCIConfigPath string `json:"OCIConfigPath,omitempty"` 676 OCIRuntime string `json:"OCIRuntime,omitempty"` 677 ConmonPidFile string `json:"ConmonPidFile"` 678 PidFile string `json:"PidFile"` 679 Name string `json:"Name"` 680 RestartCount int32 `json:"RestartCount"` 681 Driver string `json:"Driver"` 682 MountLabel string `json:"MountLabel"` 683 ProcessLabel string `json:"ProcessLabel"` 684 AppArmorProfile string `json:"AppArmorProfile"` 685 EffectiveCaps []string `json:"EffectiveCaps"` 686 BoundingCaps []string `json:"BoundingCaps"` 687 ExecIDs []string `json:"ExecIDs"` 688 GraphDriver *DriverData `json:"GraphDriver"` 689 SizeRw *int64 `json:"SizeRw,omitempty"` 690 SizeRootFs int64 `json:"SizeRootFs,omitempty"` 691 Mounts []InspectMount `json:"Mounts"` 692 Dependencies []string `json:"Dependencies"` 693 NetworkSettings *InspectNetworkSettings `json:"NetworkSettings"` 694 Namespace string `json:"Namespace"` 695 IsInfra bool `json:"IsInfra"` 696 IsService bool `json:"IsService"` 697 KubeExitCodePropagation string `json:"KubeExitCodePropagation"` 698 LockNumber uint32 `json:"lockNumber"` 699 Config *InspectContainerConfig `json:"Config"` 700 HostConfig *InspectContainerHostConfig `json:"HostConfig"` 701 } 702 703 // InspectExecSession contains information about a given exec session. 704 type InspectExecSession struct { 705 // CanRemove is legacy and used purely for compatibility reasons. 706 // Will always be set to true, unless the exec session is running. 707 CanRemove bool `json:"CanRemove"` 708 // ContainerID is the ID of the container this exec session is attached 709 // to. 710 ContainerID string `json:"ContainerID"` 711 // DetachKeys are the detach keys used by the exec session. 712 // If set to "" the default keys are being used. 713 // Will show "<none>" if no detach keys are set. 714 DetachKeys string `json:"DetachKeys"` 715 // ExitCode is the exit code of the exec session. Will be set to 0 if 716 // the exec session has not yet exited. 717 ExitCode int `json:"ExitCode"` 718 // ID is the ID of the exec session. 719 ID string `json:"ID"` 720 // OpenStderr is whether the container's STDERR stream will be attached. 721 // Always set to true if the exec session created a TTY. 722 OpenStderr bool `json:"OpenStderr"` 723 // OpenStdin is whether the container's STDIN stream will be attached 724 // to. 725 OpenStdin bool `json:"OpenStdin"` 726 // OpenStdout is whether the container's STDOUT stream will be attached. 727 // Always set to true if the exec session created a TTY. 728 OpenStdout bool `json:"OpenStdout"` 729 // Running is whether the exec session is running. 730 Running bool `json:"Running"` 731 // Pid is the PID of the exec session's process. 732 // Will be set to 0 if the exec session is not running. 733 Pid int `json:"Pid"` 734 // ProcessConfig contains information about the exec session's process. 735 ProcessConfig *InspectExecProcess `json:"ProcessConfig"` 736 } 737 738 // InspectExecProcess contains information about the process in a given exec 739 // session. 740 type InspectExecProcess struct { 741 // Arguments are the arguments to the entrypoint command of the exec 742 // session. 743 Arguments []string `json:"arguments"` 744 // Entrypoint is the entrypoint for the exec session (the command that 745 // will be executed in the container). 746 Entrypoint string `json:"entrypoint"` 747 // Privileged is whether the exec session will be started with elevated 748 // privileges. 749 Privileged bool `json:"privileged"` 750 // Tty is whether the exec session created a terminal. 751 Tty bool `json:"tty"` 752 // User is the user the exec session was started as. 753 User string `json:"user"` 754 } 755 756 // DriverData handles the data for a storage driver 757 type DriverData struct { 758 Name string `json:"Name"` 759 Data map[string]string `json:"Data"` 760 } 761 762 // InspectSecret contains information on secrets mounted inside the container 763 type InspectSecret struct { 764 // Name is the name of the secret 765 Name string `json:"Name"` 766 // ID is the ID of the secret 767 ID string `json:"ID"` 768 // ID is the UID of the mounted secret file 769 UID uint32 `json:"UID"` 770 // ID is the GID of the mounted secret file 771 GID uint32 `json:"GID"` 772 // ID is the ID of the mode of the mounted secret file 773 Mode uint32 `json:"Mode"` 774 }