burble/nomad-driver-containerd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #33 from Roblox/host_network

Browse Source 
Add support for host network.
This commit is contained in:
Shishir 2020-08-24 12:18:37 -07:00 committed by GitHub
commit 418cd4a855
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -86,6 +86,7 @@ More detailed instructions are in the [`example README.md`](https://github.com/R
| **args** | []string | no | Arguments to the command. | | **args** | []string | no | Arguments to the command. |
| **privileged** | bool | no | Run container in privileged mode. Your container will have all linux capabilities when running in privileged mode. | | **privileged** | bool | no | Run container in privileged mode. Your container will have all linux capabilities when running in privileged mode. |
| **readonly_rootfs** | bool | no | Container root filesystem will be read-only. | | **readonly_rootfs** | bool | no | Container root filesystem will be read-only. |
| **host_network** | bool | no | Enable host network. This is equivalent to `--net=host` in docker. |
| **cap_add** | []string | no | Add individual capabilities. | | **cap_add** | []string | no | Add individual capabilities. |
| **cap_drop** | []string | no | Drop invidual capabilities. | | **cap_drop** | []string | no | Drop invidual capabilities. |
| **devices** | []string | no | A list of devices to be exposed to the container. | | **devices** | []string | no | A list of devices to be exposed to the container. |

7
containerd/containerd.go
View File

@ -70,6 +70,13 @@ func (d *Driver) createContainer(image containerd.Image, containerName, containe
opts = append(opts, oci.WithRootFSReadonly()) opts = append(opts, oci.WithRootFSReadonly())
} }
// Enable host network.
// WithHostHostsFile bind-mounts the host's /etc/hosts into the container as readonly.
// WithHostResolvconf bind-mounts the host's /etc/resolv.conf into the container as readonly.
if config.HostNetwork {
opts = append(opts, oci.WithHostNamespace(specs.NetworkNamespace), oci.WithHostHostsFile, oci.WithHostResolvconf)
}
// Add capabilities. // Add capabilities.
if len(config.CapAdd) > 0 { if len(config.CapAdd) > 0 {
opts = append(opts, oci.WithAddedCapabilities(config.CapAdd)) opts = append(opts, oci.WithAddedCapabilities(config.CapAdd))

2
containerd/driver.go
View File

@ -94,6 +94,7 @@ var (
"devices": hclspec.NewAttr("devices", "list(string)", false), "devices": hclspec.NewAttr("devices", "list(string)", false),
"privileged": hclspec.NewAttr("privileged", "bool", false), "privileged": hclspec.NewAttr("privileged", "bool", false),
"readonly_rootfs": hclspec.NewAttr("readonly_rootfs", "bool", false), "readonly_rootfs": hclspec.NewAttr("readonly_rootfs", "bool", false),
"host_network": hclspec.NewAttr("host_network", "bool", false),
"mounts": hclspec.NewBlockList("mounts", hclspec.NewObject(map[string]*hclspec.Spec{ "mounts": hclspec.NewBlockList("mounts", hclspec.NewObject(map[string]*hclspec.Spec{
"type": hclspec.NewDefault( "type": hclspec.NewDefault(
hclspec.NewAttr("type", "string", false), hclspec.NewAttr("type", "string", false),
@ -142,6 +143,7 @@ type TaskConfig struct {
Devices []string `codec:"devices"` Devices []string `codec:"devices"`
Privileged bool `codec:"privileged"` Privileged bool `codec:"privileged"`
ReadOnlyRootfs bool `codec:"readonly_rootfs"` ReadOnlyRootfs bool `codec:"readonly_rootfs"`
HostNetwork bool `codec:"host_network"`
Mounts []Mount `codec:"mounts"` Mounts []Mount `codec:"mounts"`
} }