github.com/moby/docker@v26.1.3+incompatible/api/types/swarm/container.go

github.com/moby/docker@v26.1.3+incompatible/api/types/swarm/container.go (about)

     1  package swarm // import "github.com/docker/docker/api/types/swarm"
     2  
     3  import (
     4  	"time"
     5  
     6  	"github.com/docker/docker/api/types/container"
     7  	"github.com/docker/docker/api/types/mount"
     8  	"github.com/docker/go-units"
     9  )
    10  
    11  // DNSConfig specifies DNS related configurations in resolver configuration file (resolv.conf)
    12  // Detailed documentation is available in:
    13  // http://man7.org/linux/man-pages/man5/resolv.conf.5.html
    14  // `nameserver`, `search`, `options` have been supported.
    15  // TODO: `domain` is not supported yet.
    16  type DNSConfig struct {
    17  	// Nameservers specifies the IP addresses of the name servers
    18  	Nameservers []string `json:",omitempty"`
    19  	// Search specifies the search list for host-name lookup
    20  	Search []string `json:",omitempty"`
    21  	// Options allows certain internal resolver variables to be modified
    22  	Options []string `json:",omitempty"`
    23  }
    24  
    25  // SELinuxContext contains the SELinux labels of the container.
    26  type SELinuxContext struct {
    27  	Disable bool
    28  
    29  	User  string
    30  	Role  string
    31  	Type  string
    32  	Level string
    33  }
    34  
    35  // SeccompMode is the type used for the enumeration of possible seccomp modes
    36  // in SeccompOpts
    37  type SeccompMode string
    38  
    39  const (
    40  	SeccompModeDefault    SeccompMode = "default"
    41  	SeccompModeUnconfined SeccompMode = "unconfined"
    42  	SeccompModeCustom     SeccompMode = "custom"
    43  )
    44  
    45  // SeccompOpts defines the options for configuring seccomp on a swarm-managed
    46  // container.
    47  type SeccompOpts struct {
    48  	// Mode is the SeccompMode used for the container.
    49  	Mode SeccompMode `json:",omitempty"`
    50  	// Profile is the custom seccomp profile as a json object to be used with
    51  	// the container. Mode should be set to SeccompModeCustom when using a
    52  	// custom profile in this manner.
    53  	Profile []byte `json:",omitempty"`
    54  }
    55  
    56  // AppArmorMode is type used for the enumeration of possible AppArmor modes in
    57  // AppArmorOpts
    58  type AppArmorMode string
    59  
    60  const (
    61  	AppArmorModeDefault  AppArmorMode = "default"
    62  	AppArmorModeDisabled AppArmorMode = "disabled"
    63  )
    64  
    65  // AppArmorOpts defines the options for configuring AppArmor on a swarm-managed
    66  // container.  Currently, custom AppArmor profiles are not supported.
    67  type AppArmorOpts struct {
    68  	Mode AppArmorMode `json:",omitempty"`
    69  }
    70  
    71  // CredentialSpec for managed service account (Windows only)
    72  type CredentialSpec struct {
    73  	Config   string
    74  	File     string
    75  	Registry string
    76  }
    77  
    78  // Privileges defines the security options for the container.
    79  type Privileges struct {
    80  	CredentialSpec  *CredentialSpec
    81  	SELinuxContext  *SELinuxContext
    82  	Seccomp         *SeccompOpts  `json:",omitempty"`
    83  	AppArmor        *AppArmorOpts `json:",omitempty"`
    84  	NoNewPrivileges bool
    85  }
    86  
    87  // ContainerSpec represents the spec of a container.
    88  type ContainerSpec struct {
    89  	Image           string                  `json:",omitempty"`
    90  	Labels          map[string]string       `json:",omitempty"`
    91  	Command         []string                `json:",omitempty"`
    92  	Args            []string                `json:",omitempty"`
    93  	Hostname        string                  `json:",omitempty"`
    94  	Env             []string                `json:",omitempty"`
    95  	Dir             string                  `json:",omitempty"`
    96  	User            string                  `json:",omitempty"`
    97  	Groups          []string                `json:",omitempty"`
    98  	Privileges      *Privileges             `json:",omitempty"`
    99  	Init            *bool                   `json:",omitempty"`
   100  	StopSignal      string                  `json:",omitempty"`
   101  	TTY             bool                    `json:",omitempty"`
   102  	OpenStdin       bool                    `json:",omitempty"`
   103  	ReadOnly        bool                    `json:",omitempty"`
   104  	Mounts          []mount.Mount           `json:",omitempty"`
   105  	StopGracePeriod *time.Duration          `json:",omitempty"`
   106  	Healthcheck     *container.HealthConfig `json:",omitempty"`
   107  	// The format of extra hosts on swarmkit is specified in:
   108  	// http://man7.org/linux/man-pages/man5/hosts.5.html
   109  	//    IP_address canonical_hostname [aliases...]
   110  	Hosts          []string            `json:",omitempty"`
   111  	DNSConfig      *DNSConfig          `json:",omitempty"`
   112  	Secrets        []*SecretReference  `json:",omitempty"`
   113  	Configs        []*ConfigReference  `json:",omitempty"`
   114  	Isolation      container.Isolation `json:",omitempty"`
   115  	Sysctls        map[string]string   `json:",omitempty"`
   116  	CapabilityAdd  []string            `json:",omitempty"`
   117  	CapabilityDrop []string            `json:",omitempty"`
   118  	Ulimits        []*units.Ulimit     `json:",omitempty"`
   119  }