burble/nomad-driver-containerd
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Ability to launch nomad job in read-only mode.

Browse Source
This commit is contained in:
Shishir Mahajan 2020-06-25 17:46:03 -07:00
parent 661658be9f
commit 69353377be
No known key found for this signature in database
GPG Key ID: D41782E7688DEC4A
2 changed files with 18 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
containerd/containerd.go
View File

@ -42,6 +42,10 @@ func (d *Driver) createContainer(image containerd.Image, containerName, containe
opts = append(opts, oci.WithPrivileged) opts = append(opts, oci.WithPrivileged)
} }
if config.ReadOnlyRootfs {
opts = append(opts, oci.WithRootFSReadonly())
}
if len(config.CapAdd) > 0 { if len(config.CapAdd) > 0 {
opts = append(opts, oci.WithAddedCapabilities(config.CapAdd)) opts = append(opts, oci.WithAddedCapabilities(config.CapAdd))
} }

26
containerd/driver.go
View File

@ -69,12 +69,13 @@ var (
// this is used to validate the configuration specified for the plugin // this is used to validate the configuration specified for the plugin
// when a job is submitted. // when a job is submitted.
taskConfigSpec = hclspec.NewObject(map[string]*hclspec.Spec{ taskConfigSpec = hclspec.NewObject(map[string]*hclspec.Spec{
"image": hclspec.NewAttr("image", "string", true), "image": hclspec.NewAttr("image", "string", true),
"command": hclspec.NewAttr("command", "string", false), "command": hclspec.NewAttr("command", "string", false),
"args": hclspec.NewAttr("args", "list(string)", false), "args": hclspec.NewAttr("args", "list(string)", false),
"cap_add": hclspec.NewAttr("cap_add", "list(string)", false), "cap_add": hclspec.NewAttr("cap_add", "list(string)", false),
"cap_drop": hclspec.NewAttr("cap_drop", "list(string)", false), "cap_drop": hclspec.NewAttr("cap_drop", "list(string)", false),
"privileged": hclspec.NewAttr("privileged", "bool", false), "privileged": hclspec.NewAttr("privileged", "bool", false),
"readonly_rootfs": hclspec.NewAttr("readonly_rootfs", "bool", false),
}) })
// capabilities indicates what optional features this driver supports // capabilities indicates what optional features this driver supports
@ -97,12 +98,13 @@ type Config struct {
// TaskConfig contains configuration information for a task that runs with // TaskConfig contains configuration information for a task that runs with
// this plugin // this plugin
type TaskConfig struct { type TaskConfig struct {
Image string `codec:"image"` Image string `codec:"image"`
Command string `codec:"command"` Command string `codec:"command"`
Args []string `codec:"args"` Args []string `codec:"args"`
CapAdd []string `codec:"cap_add"` CapAdd []string `codec:"cap_add"`
CapDrop []string `codec:"cap_drop"` CapDrop []string `codec:"cap_drop"`
Privileged bool `codec:"privileged"` Privileged bool `codec:"privileged"`
ReadOnlyRootfs bool `codec:"readonly_rootfs"`
} }
// TaskState is the runtime state which is encoded in the handle returned to // TaskState is the runtime state which is encoded in the handle returned to