burble/nomad-driver-containerd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #33 from Roblox/host_network

Browse Source 
Add support for host network.
This commit is contained in:
Shishir 2020-08-24 12:18:37 -07:00 committed by GitHub
commit 418cd4a855
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@ -86,6 +86,7 @@ More detailed instructions are in the [`example README.md`](https://github.com/R
| **args** | []string | no | Arguments to the command. |
| **privileged** | bool | no | Run container in privileged mode. Your container will have all linux capabilities when running in privileged mode. |
| **readonly_rootfs** | bool | no | Container root filesystem will be read-only. |
| **host_network** | bool | no | Enable host network. This is equivalent to `--net=host` in docker. |
| **cap_add** | []string | no | Add individual capabilities. |
| **cap_drop** | []string | no | Drop invidual capabilities. |
| **devices** | []string | no | A list of devices to be exposed to the container. |

7
containerd/containerd.go
View File

@ -70,6 +70,13 @@ func (d *Driver) createContainer(image containerd.Image, containerName, containe
opts = append(opts, oci.WithRootFSReadonly())
}
// Enable host network.
// WithHostHostsFile bind-mounts the host's /etc/hosts into the container as readonly.
// WithHostResolvconf bind-mounts the host's /etc/resolv.conf into the container as readonly.
if config.HostNetwork {
opts = append(opts, oci.WithHostNamespace(specs.NetworkNamespace), oci.WithHostHostsFile, oci.WithHostResolvconf)
}
// Add capabilities.
if len(config.CapAdd) > 0 {
opts = append(opts, oci.WithAddedCapabilities(config.CapAdd))

2
containerd/driver.go
View File

@ -94,6 +94,7 @@ var (
"devices": hclspec.NewAttr("devices", "list(string)", false),
"privileged": hclspec.NewAttr("privileged", "bool", false),
"readonly_rootfs": hclspec.NewAttr("readonly_rootfs", "bool", false),
"host_network": hclspec.NewAttr("host_network", "bool", false),
"mounts": hclspec.NewBlockList("mounts", hclspec.NewObject(map[string]*hclspec.Spec{
"type": hclspec.NewDefault(
hclspec.NewAttr("type", "string", false),
@ -142,6 +143,7 @@ type TaskConfig struct {
Devices []string `codec:"devices"`
Privileged bool `codec:"privileged"`
ReadOnlyRootfs bool `codec:"readonly_rootfs"`
HostNetwork bool `codec:"host_network"`
Mounts []Mount `codec:"mounts"`
}