Shishir
GitHub
commit
2c023d1ac4
@ -6,6 +6,7 @@ import (
|
||||
"github.com/containerd/containerd"
|
||||
"github.com/containerd/containerd/cio"
|
||||
"github.com/containerd/containerd/oci"
|
||||
specs "github.com/opencontainers/runtime-spec/specs-go"
|
||||
)
|
||||
|
||||
func (d *Driver) isContainerdRunning() (bool, error) {
|
||||
@ -25,11 +26,13 @@ func (d *Driver) createContainer(image containerd.Image, containerName, containe
|
||||
return nil, fmt.Errorf("Command is empty. Cannot set --args without --command.")
|
||||
}
|
||||
|
||||
// Command set by the user, to override entrypoint or cmd defined in the image.
|
||||
var args []string
|
||||
if config.Command != "" {
|
||||
args = append(args, config.Command)
|
||||
}
|
||||
|
||||
// Arguments to the command set by the user.
|
||||
if len(config.Args) > 0 {
|
||||
args = append(args, config.Args...)
|
||||
}
|
||||
@ -38,22 +41,27 @@ func (d *Driver) createContainer(image containerd.Image, containerName, containe
|
||||
|
||||
opts = append(opts, oci.WithImageConfigArgs(image, args))
|
||||
|
||||
// Enable privileged mode.
|
||||
if config.Privileged {
|
||||
opts = append(opts, oci.WithPrivileged)
|
||||
}
|
||||
|
||||
// Launch container in read-only mode.
|
||||
if config.ReadOnlyRootfs {
|
||||
opts = append(opts, oci.WithRootFSReadonly())
|
||||
}
|
||||
|
||||
// Add capabilities.
|
||||
if len(config.CapAdd) > 0 {
|
||||
opts = append(opts, oci.WithAddedCapabilities(config.CapAdd))
|
||||
}
|
||||
|
||||
// Drop capabilities.
|
||||
if len(config.CapDrop) > 0 {
|
||||
opts = append(opts, oci.WithDroppedCapabilities(config.CapDrop))
|
||||
}
|
||||
|
||||
// Set environment variables.
|
||||
opts = append(opts, oci.WithEnv(env))
|
||||
|
||||
// Add linux devices into the container.
|
||||
@ -61,6 +69,27 @@ func (d *Driver) createContainer(image containerd.Image, containerName, containe
|
||||
opts = append(opts, oci.WithLinuxDevice(device, "rwm"))
|
||||
}
|
||||
|
||||
// Set mounts. fstab style mount options are supported.
|
||||
// List of all supported mount options.
|
||||
// https://github.com/containerd/containerd/blob/master/mount/mount_linux.go#L187-L211
|
||||
mounts := make([]specs.Mount, 0)
|
||||
for _, mount := range config.Mounts {
|
||||
if (mount.Type == "bind" || mount.Type == "volume") && len(mount.Options) <= 0 {
|
||||
return nil, fmt.Errorf("Options cannot be empty for mount type: %s. You need to atleast pass rbind and ro.", mount.Type)
|
||||
}
|
||||
|
||||
m := specs.Mount{}
|
||||
m.Type = mount.Type
|
||||
m.Destination = mount.Target
|
||||
m.Source = mount.Source
|
||||
m.Options = mount.Options
|
||||
mounts = append(mounts, m)
|
||||
}
|
||||
|
||||
if len(mounts) > 0 {
|
||||
opts = append(opts, oci.WithMounts(mounts))
|
||||
}
|
||||
|
||||
return d.client.NewContainer(
|
||||
d.ctxContainerd,
|
||||
containerName,
|
||||
|
||||
@ -77,6 +77,15 @@ var (
|
||||
"devices": hclspec.NewAttr("devices", "list(string)", false),
|
||||
"privileged": hclspec.NewAttr("privileged", "bool", false),
|
||||
"readonly_rootfs": hclspec.NewAttr("readonly_rootfs", "bool", false),
|
||||
"mounts": hclspec.NewBlockList("mounts", hclspec.NewObject(map[string]*hclspec.Spec{
|
||||
"type": hclspec.NewDefault(
|
||||
hclspec.NewAttr("type", "string", false),
|
||||
hclspec.NewLiteral("\"volume\""),
|
||||
),
|
||||
"target": hclspec.NewAttr("target", "string", true),
|
||||
"source": hclspec.NewAttr("source", "string", false),
|
||||
"options": hclspec.NewAttr("options", "list(string)", false),
|
||||
})),
|
||||
})
|
||||
|
||||
// capabilities indicates what optional features this driver supports
|
||||
@ -96,6 +105,15 @@ type Config struct {
|
||||
StatsInterval string `codec:"stats_interval"`
|
||||
}
|
||||
|
||||
// Volume, bind, and tmpfs type mounts are supported.
|
||||
// Mount contains configuration information about a mountpoint.
|
||||
type Mount struct {
|
||||
Type string `codec:"type"`
|
||||
Target string `codec:"target"`
|
||||
Source string `codec:"source"`
|
||||
Options []string `codec:"options"`
|
||||
}
|
||||
|
||||
// TaskConfig contains configuration information for a task that runs with
|
||||
// this plugin
|
||||
type TaskConfig struct {
|
||||
@ -107,6 +125,7 @@ type TaskConfig struct {
|
||||
Devices []string `codec:"devices"`
|
||||
Privileged bool `codec:"privileged"`
|
||||
ReadOnlyRootfs bool `codec:"readonly_rootfs"`
|
||||
Mounts []Mount `codec:"mounts"`
|
||||
}
|
||||
|
||||
// TaskState is the runtime state which is encoded in the handle returned to
|
||||
|
||||
1
go.mod
1
go.mod
@ -40,6 +40,7 @@ require (
|
||||
github.com/moby/moby v1.13.1
|
||||
github.com/mrunalp/fileutils v0.0.0-20171103030105-7d4729fb3618 // indirect
|
||||
github.com/opencontainers/runc v1.0.0-rc8.0.20190611121236-6cc515888830 // indirect
|
||||
github.com/opencontainers/runtime-spec v1.0.2
|
||||
github.com/opencontainers/selinux v1.3.1 // indirect
|
||||
github.com/seccomp/libseccomp-golang v0.9.1 // indirect
|
||||
github.com/shirou/gopsutil v2.19.11+incompatible // indirect
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user