github.com/zhuohuang-hust/src-cbuild@v0.0.0-20230105071821-c7aab3e7c840/api/types/container/host_config.go (about) 1 package container 2 3 import ( 4 "strings" 5 6 "github.com/docker/docker/api/types/blkiodev" 7 "github.com/docker/docker/api/types/mount" 8 "github.com/docker/docker/api/types/strslice" 9 "github.com/docker/go-connections/nat" 10 "github.com/docker/go-units" 11 ) 12 13 // NetworkMode represents the container network stack. 14 type NetworkMode string 15 16 // Isolation represents the isolation technology of a container. The supported 17 // values are platform specific 18 type Isolation string 19 20 // IsDefault indicates the default isolation technology of a container. On Linux this 21 // is the native driver. On Windows, this is a Windows Server Container. 22 func (i Isolation) IsDefault() bool { 23 return strings.ToLower(string(i)) == "default" || string(i) == "" 24 } 25 26 // IpcMode represents the container ipc stack. 27 type IpcMode string 28 29 // IsPrivate indicates whether the container uses its private ipc stack. 30 func (n IpcMode) IsPrivate() bool { 31 return !(n.IsHost() || n.IsContainer()) 32 } 33 34 // IsHost indicates whether the container uses the host's ipc stack. 35 func (n IpcMode) IsHost() bool { 36 return n == "host" 37 } 38 39 // IsContainer indicates whether the container uses a container's ipc stack. 40 func (n IpcMode) IsContainer() bool { 41 parts := strings.SplitN(string(n), ":", 2) 42 return len(parts) > 1 && parts[0] == "container" 43 } 44 45 // Valid indicates whether the ipc stack is valid. 46 func (n IpcMode) Valid() bool { 47 parts := strings.Split(string(n), ":") 48 switch mode := parts[0]; mode { 49 case "", "host": 50 case "container": 51 if len(parts) != 2 || parts[1] == "" { 52 return false 53 } 54 default: 55 return false 56 } 57 return true 58 } 59 60 // Container returns the name of the container ipc stack is going to be used. 61 func (n IpcMode) Container() string { 62 parts := strings.SplitN(string(n), ":", 2) 63 if len(parts) > 1 { 64 return parts[1] 65 } 66 return "" 67 } 68 69 // UsernsMode represents userns mode in the container. 70 type UsernsMode string 71 72 // IsHost indicates whether the container uses the host's userns. 73 func (n UsernsMode) IsHost() bool { 74 return n == "host" 75 } 76 77 // IsPrivate indicates whether the container uses the a private userns. 78 func (n UsernsMode) IsPrivate() bool { 79 return !(n.IsHost()) 80 } 81 82 // Valid indicates whether the userns is valid. 83 func (n UsernsMode) Valid() bool { 84 parts := strings.Split(string(n), ":") 85 switch mode := parts[0]; mode { 86 case "", "host": 87 default: 88 return false 89 } 90 return true 91 } 92 93 // CgroupSpec represents the cgroup to use for the container. 94 type CgroupSpec string 95 96 // IsContainer indicates whether the container is using another container cgroup 97 func (c CgroupSpec) IsContainer() bool { 98 parts := strings.SplitN(string(c), ":", 2) 99 return len(parts) > 1 && parts[0] == "container" 100 } 101 102 // Valid indicates whether the cgroup spec is valid. 103 func (c CgroupSpec) Valid() bool { 104 return c.IsContainer() || c == "" 105 } 106 107 // Container returns the name of the container whose cgroup will be used. 108 func (c CgroupSpec) Container() string { 109 parts := strings.SplitN(string(c), ":", 2) 110 if len(parts) > 1 { 111 return parts[1] 112 } 113 return "" 114 } 115 116 // UTSMode represents the UTS namespace of the container. 117 type UTSMode string 118 119 // IsPrivate indicates whether the container uses its private UTS namespace. 120 func (n UTSMode) IsPrivate() bool { 121 return !(n.IsHost()) 122 } 123 124 // IsHost indicates whether the container uses the host's UTS namespace. 125 func (n UTSMode) IsHost() bool { 126 return n == "host" 127 } 128 129 // Valid indicates whether the UTS namespace is valid. 130 func (n UTSMode) Valid() bool { 131 parts := strings.Split(string(n), ":") 132 switch mode := parts[0]; mode { 133 case "", "host": 134 default: 135 return false 136 } 137 return true 138 } 139 140 // PidMode represents the pid namespace of the container. 141 type PidMode string 142 143 // IsPrivate indicates whether the container uses its own new pid namespace. 144 func (n PidMode) IsPrivate() bool { 145 return !(n.IsHost() || n.IsContainer()) 146 } 147 148 // IsHost indicates whether the container uses the host's pid namespace. 149 func (n PidMode) IsHost() bool { 150 return n == "host" 151 } 152 153 // IsContainer indicates whether the container uses a container's pid namespace. 154 func (n PidMode) IsContainer() bool { 155 parts := strings.SplitN(string(n), ":", 2) 156 return len(parts) > 1 && parts[0] == "container" 157 } 158 159 // Valid indicates whether the pid namespace is valid. 160 func (n PidMode) Valid() bool { 161 parts := strings.Split(string(n), ":") 162 switch mode := parts[0]; mode { 163 case "", "host": 164 case "container": 165 if len(parts) != 2 || parts[1] == "" { 166 return false 167 } 168 default: 169 return false 170 } 171 return true 172 } 173 174 // Container returns the name of the container whose pid namespace is going to be used. 175 func (n PidMode) Container() string { 176 parts := strings.SplitN(string(n), ":", 2) 177 if len(parts) > 1 { 178 return parts[1] 179 } 180 return "" 181 } 182 183 // DeviceMapping represents the device mapping between the host and the container. 184 type DeviceMapping struct { 185 PathOnHost string 186 PathInContainer string 187 CgroupPermissions string 188 } 189 190 // RestartPolicy represents the restart policies of the container. 191 type RestartPolicy struct { 192 Name string 193 MaximumRetryCount int 194 } 195 196 // IsNone indicates whether the container has the "no" restart policy. 197 // This means the container will not automatically restart when exiting. 198 func (rp *RestartPolicy) IsNone() bool { 199 return rp.Name == "no" || rp.Name == "" 200 } 201 202 // IsAlways indicates whether the container has the "always" restart policy. 203 // This means the container will automatically restart regardless of the exit status. 204 func (rp *RestartPolicy) IsAlways() bool { 205 return rp.Name == "always" 206 } 207 208 // IsOnFailure indicates whether the container has the "on-failure" restart policy. 209 // This means the container will automatically restart of exiting with a non-zero exit status. 210 func (rp *RestartPolicy) IsOnFailure() bool { 211 return rp.Name == "on-failure" 212 } 213 214 // IsUnlessStopped indicates whether the container has the 215 // "unless-stopped" restart policy. This means the container will 216 // automatically restart unless user has put it to stopped state. 217 func (rp *RestartPolicy) IsUnlessStopped() bool { 218 return rp.Name == "unless-stopped" 219 } 220 221 // IsSame compares two RestartPolicy to see if they are the same 222 func (rp *RestartPolicy) IsSame(tp *RestartPolicy) bool { 223 return rp.Name == tp.Name && rp.MaximumRetryCount == tp.MaximumRetryCount 224 } 225 226 // LogConfig represents the logging configuration of the container. 227 type LogConfig struct { 228 Type string 229 Config map[string]string 230 } 231 232 // Resources contains container's resources (cgroups config, ulimits...) 233 type Resources struct { 234 // Applicable to all platforms 235 CPUShares int64 `json:"CpuShares"` // CPU shares (relative weight vs. other containers) 236 Memory int64 // Memory limit (in bytes) 237 NanoCPUs int64 `json:"NanoCpus"` // CPU quota in units of 10<sup>-9</sup> CPUs. 238 239 // Applicable to UNIX platforms 240 CgroupParent string // Parent cgroup. 241 BlkioWeight uint16 // Block IO weight (relative weight vs. other containers) 242 BlkioWeightDevice []*blkiodev.WeightDevice 243 BlkioDeviceReadBps []*blkiodev.ThrottleDevice 244 BlkioDeviceWriteBps []*blkiodev.ThrottleDevice 245 BlkioDeviceReadIOps []*blkiodev.ThrottleDevice 246 BlkioDeviceWriteIOps []*blkiodev.ThrottleDevice 247 CPUPeriod int64 `json:"CpuPeriod"` // CPU CFS (Completely Fair Scheduler) period 248 CPUQuota int64 `json:"CpuQuota"` // CPU CFS (Completely Fair Scheduler) quota 249 CPURealtimePeriod int64 `json:"CpuRealtimePeriod"` // CPU real-time period 250 CPURealtimeRuntime int64 `json:"CpuRealtimeRuntime"` // CPU real-time runtime 251 CpusetCpus string // CpusetCpus 0-2, 0,1 252 CpusetMems string // CpusetMems 0-2, 0,1 253 Devices []DeviceMapping // List of devices to map inside the container 254 DiskQuota int64 // Disk limit (in bytes) 255 KernelMemory int64 // Kernel memory limit (in bytes) 256 MemoryReservation int64 // Memory soft limit (in bytes) 257 MemorySwap int64 // Total memory usage (memory + swap); set `-1` to enable unlimited swap 258 MemorySwappiness *int64 // Tuning container memory swappiness behaviour 259 OomKillDisable *bool // Whether to disable OOM Killer or not 260 PidsLimit int64 // Setting pids limit for a container 261 Ulimits []*units.Ulimit // List of ulimits to be set in the container 262 263 // Applicable to Windows 264 CPUCount int64 `json:"CpuCount"` // CPU count 265 CPUPercent int64 `json:"CpuPercent"` // CPU percent 266 IOMaximumIOps uint64 // Maximum IOps for the container system drive 267 IOMaximumBandwidth uint64 // Maximum IO in bytes per second for the container system drive 268 } 269 270 // UpdateConfig holds the mutable attributes of a Container. 271 // Those attributes can be updated at runtime. 272 type UpdateConfig struct { 273 // Contains container's resources (cgroups, ulimits) 274 Resources 275 RestartPolicy RestartPolicy 276 } 277 278 // HostConfig the non-portable Config structure of a container. 279 // Here, "non-portable" means "dependent of the host we are running on". 280 // Portable information *should* appear in Config. 281 type HostConfig struct { 282 // Applicable to all platforms 283 Binds []string // List of volume bindings for this container 284 ContainerIDFile string // File (path) where the containerId is written 285 LogConfig LogConfig // Configuration of the logs for this container 286 NetworkMode NetworkMode // Network mode to use for the container 287 PortBindings nat.PortMap // Port mapping between the exposed port (container) and the host 288 RestartPolicy RestartPolicy // Restart policy to be used for the container 289 AutoRemove bool // Automatically remove container when it exits 290 VolumeDriver string // Name of the volume driver used to mount volumes 291 VolumesFrom []string // List of volumes to take from other container 292 293 // Applicable to UNIX platforms 294 CapAdd strslice.StrSlice // List of kernel capabilities to add to the container 295 CapDrop strslice.StrSlice // List of kernel capabilities to remove from the container 296 DNS []string `json:"Dns"` // List of DNS server to lookup 297 DNSOptions []string `json:"DnsOptions"` // List of DNSOption to look for 298 DNSSearch []string `json:"DnsSearch"` // List of DNSSearch to look for 299 ExtraHosts []string // List of extra hosts 300 GroupAdd []string // List of additional groups that the container process will run as 301 IpcMode IpcMode // IPC namespace to use for the container 302 Cgroup CgroupSpec // Cgroup to use for the container 303 Links []string // List of links (in the name:alias form) 304 OomScoreAdj int // Container preference for OOM-killing 305 PidMode PidMode // PID namespace to use for the container 306 Privileged bool // Is the container in privileged mode 307 PublishAllPorts bool // Should docker publish all exposed port for the container 308 ReadonlyRootfs bool // Is the container root filesystem in read-only 309 SecurityOpt []string // List of string values to customize labels for MLS systems, such as SELinux. 310 StorageOpt map[string]string `json:",omitempty"` // Storage driver options per container. 311 Tmpfs map[string]string `json:",omitempty"` // List of tmpfs (mounts) used for the container 312 UTSMode UTSMode // UTS namespace to use for the container 313 UsernsMode UsernsMode // The user namespace to use for the container 314 ShmSize int64 // Total shm memory usage 315 Sysctls map[string]string `json:",omitempty"` // List of Namespaced sysctls used for the container 316 Runtime string `json:",omitempty"` // Runtime to use with this container 317 318 // Applicable to Windows 319 ConsoleSize [2]uint // Initial console size (height,width) 320 Isolation Isolation // Isolation technology of the container (eg default, hyperv) 321 322 // Contains container's resources (cgroups, ulimits) 323 Resources 324 325 // Mounts specs used by the container 326 Mounts []mount.Mount `json:",omitempty"` 327 328 // Run a custom init inside the container, if null, use the daemon's configured settings 329 Init *bool `json:",omitempty"` 330 331 // Custom init path 332 InitPath string `json:",omitempty"` 333 }