Update to the latest upstream API

Signed-off-by: Mrunal Patel <mpatel@redhat.com>
This commit is contained in:
Mrunal Patel 2016-11-16 17:20:37 -08:00
parent 9540eb9d2b
commit b62a150151
21 changed files with 2723 additions and 1306 deletions

View file

@ -405,16 +405,16 @@ func ListContainers(client pb.RuntimeServiceClient, opts listOptions) error {
filter.PodSandboxId = &opts.podID filter.PodSandboxId = &opts.podID
} }
if opts.state != "" { if opts.state != "" {
st := pb.ContainerState_UNKNOWN st := pb.ContainerState_CONTAINER_UNKNOWN
switch opts.state { switch opts.state {
case "created": case "created":
st = pb.ContainerState_CREATED st = pb.ContainerState_CONTAINER_CREATED
filter.State = &st filter.State = &st
case "running": case "running":
st = pb.ContainerState_RUNNING st = pb.ContainerState_CONTAINER_RUNNING
filter.State = &st filter.State = &st
case "stopped": case "stopped":
st = pb.ContainerState_EXITED st = pb.ContainerState_CONTAINER_EXITED
filter.State = &st filter.State = &st
default: default:
log.Fatalf("--state should be one of created, running or stopped") log.Fatalf("--state should be one of created, running or stopped")

View file

@ -324,13 +324,13 @@ func ListPodSandboxes(client pb.RuntimeServiceClient, opts listOptions) error {
filter.Id = &opts.id filter.Id = &opts.id
} }
if opts.state != "" { if opts.state != "" {
st := pb.PodSandBoxState_NOTREADY st := pb.PodSandboxState_SANDBOX_NOTREADY
switch opts.state { switch opts.state {
case "ready": case "ready":
st = pb.PodSandBoxState_READY st = pb.PodSandboxState_SANDBOX_READY
filter.State = &st filter.State = &st
case "notready": case "notready":
st = pb.PodSandBoxState_NOTREADY st = pb.PodSandboxState_SANDBOX_NOTREADY
filter.State = &st filter.State = &st
default: default:
log.Fatalf("--state should be ready or notready") log.Fatalf("--state should be ready or notready")

View file

@ -58,7 +58,7 @@ clone git github.com/opencontainers/runtime-tools master
clone git github.com/tchap/go-patricia v2.2.6 clone git github.com/tchap/go-patricia v2.2.6
clone git github.com/rajatchopra/ocicni master clone git github.com/rajatchopra/ocicni master
clone git github.com/containernetworking/cni master clone git github.com/containernetworking/cni master
clone git k8s.io/kubernetes 0dbd9549ca51e89ff6d5eeb6867a855f2fb14d85 https://github.com/kubernetes/kubernetes clone git k8s.io/kubernetes 43110dd64d058786e975ce30d4c12a4853d1778c https://github.com/kubernetes/kubernetes
clone git google.golang.org/grpc v1.0.1-GA https://github.com/grpc/grpc-go.git clone git google.golang.org/grpc v1.0.1-GA https://github.com/grpc/grpc-go.git
clone git github.com/opencontainers/runtime-spec bb6925ea99f0e366a3f7d1c975f6577475ca25f0 clone git github.com/opencontainers/runtime-spec bb6925ea99f0e366a3f7d1c975f6577475ca25f0
clone git github.com/docker/distribution 77b9d2997abcded79a5314970fe69a44c93c25fb clone git github.com/docker/distribution 77b9d2997abcded79a5314970fe69a44c93c25fb

View file

@ -213,11 +213,11 @@ func (s *Server) createSandboxContainer(containerID string, containerName string
specgen.AddAnnotation(k, v) specgen.AddAnnotation(k, v)
} }
} }
if containerConfig.GetPrivileged() { if containerConfig.GetLinux().GetSecurityContext().GetPrivileged() {
specgen.SetupPrivileged(true) specgen.SetupPrivileged(true)
} }
if containerConfig.GetReadonlyRootfs() { if containerConfig.GetLinux().GetSecurityContext().GetReadonlyRootfs() {
specgen.SetRootReadonly(true) specgen.SetRootReadonly(true)
} }
@ -255,7 +255,7 @@ func (s *Server) createSandboxContainer(containerID string, containerName string
specgen.SetLinuxResourcesOOMScoreAdj(int(oomScoreAdj)) specgen.SetLinuxResourcesOOMScoreAdj(int(oomScoreAdj))
} }
capabilities := linux.GetCapabilities() capabilities := linux.GetSecurityContext().GetCapabilities()
if capabilities != nil { if capabilities != nil {
addCaps := capabilities.GetAddCapabilities() addCaps := capabilities.GetAddCapabilities()
if addCaps != nil { if addCaps != nil {
@ -279,20 +279,14 @@ func (s *Server) createSandboxContainer(containerID string, containerName string
specgen.SetProcessSelinuxLabel(sb.processLabel) specgen.SetProcessSelinuxLabel(sb.processLabel)
specgen.SetLinuxMountLabel(sb.mountLabel) specgen.SetLinuxMountLabel(sb.mountLabel)
user := linux.GetUser() user := linux.GetSecurityContext().GetRunAsUser()
if user != nil { specgen.SetProcessUID(uint32(user))
uid := user.GetUid()
specgen.SetProcessUID(uint32(uid))
gid := user.GetGid() specgen.SetProcessGID(uint32(user))
specgen.SetProcessGID(uint32(gid))
groups := user.GetAdditionalGids() groups := linux.GetSecurityContext().GetSupplementalGroups()
if groups != nil { for _, group := range groups {
for _, group := range groups { specgen.AddProcessAdditionalGid(uint32(group))
specgen.AddProcessAdditionalGid(uint32(group))
}
}
} }
} }
// Join the namespace paths for the pod sandbox container. // Join the namespace paths for the pod sandbox container.
@ -491,7 +485,7 @@ func (s *Server) ListContainers(ctx context.Context, req *pb.ListContainersReque
podSandboxID := ctr.Sandbox() podSandboxID := ctr.Sandbox()
cState := s.runtime.ContainerStatus(ctr) cState := s.runtime.ContainerStatus(ctr)
created := cState.Created.UnixNano() created := cState.Created.UnixNano()
rState := pb.ContainerState_UNKNOWN rState := pb.ContainerState_CONTAINER_UNKNOWN
cID := ctr.ID() cID := ctr.ID()
c := &pb.Container{ c := &pb.Container{
@ -504,11 +498,11 @@ func (s *Server) ListContainers(ctx context.Context, req *pb.ListContainersReque
switch cState.Status { switch cState.Status {
case oci.ContainerStateCreated: case oci.ContainerStateCreated:
rState = pb.ContainerState_CREATED rState = pb.ContainerState_CONTAINER_CREATED
case oci.ContainerStateRunning: case oci.ContainerStateRunning:
rState = pb.ContainerState_RUNNING rState = pb.ContainerState_CONTAINER_RUNNING
case oci.ContainerStateStopped: case oci.ContainerStateStopped:
rState = pb.ContainerState_EXITED rState = pb.ContainerState_CONTAINER_EXITED
} }
c.State = &rState c.State = &rState
@ -546,21 +540,21 @@ func (s *Server) ContainerStatus(ctx context.Context, req *pb.ContainerStatusReq
} }
cState := s.runtime.ContainerStatus(c) cState := s.runtime.ContainerStatus(c)
rStatus := pb.ContainerState_UNKNOWN rStatus := pb.ContainerState_CONTAINER_UNKNOWN
switch cState.Status { switch cState.Status {
case oci.ContainerStateCreated: case oci.ContainerStateCreated:
rStatus = pb.ContainerState_CREATED rStatus = pb.ContainerState_CONTAINER_CREATED
created := cState.Created.UnixNano() created := cState.Created.UnixNano()
resp.Status.CreatedAt = int64Ptr(created) resp.Status.CreatedAt = int64Ptr(created)
case oci.ContainerStateRunning: case oci.ContainerStateRunning:
rStatus = pb.ContainerState_RUNNING rStatus = pb.ContainerState_CONTAINER_RUNNING
created := cState.Created.UnixNano() created := cState.Created.UnixNano()
resp.Status.CreatedAt = int64Ptr(created) resp.Status.CreatedAt = int64Ptr(created)
started := cState.Started.UnixNano() started := cState.Started.UnixNano()
resp.Status.StartedAt = int64Ptr(started) resp.Status.StartedAt = int64Ptr(started)
case oci.ContainerStateStopped: case oci.ContainerStateStopped:
rStatus = pb.ContainerState_EXITED rStatus = pb.ContainerState_CONTAINER_EXITED
created := cState.Created.UnixNano() created := cState.Created.UnixNano()
resp.Status.CreatedAt = int64Ptr(created) resp.Status.CreatedAt = int64Ptr(created)
started := cState.Started.UnixNano() started := cState.Started.UnixNano()
@ -600,3 +594,8 @@ func (s *Server) Attach(ctx context.Context, req *pb.AttachRequest) (*pb.AttachR
func (s *Server) PortForward(ctx context.Context, req *pb.PortForwardRequest) (*pb.PortForwardResponse, error) { func (s *Server) PortForward(ctx context.Context, req *pb.PortForwardRequest) (*pb.PortForwardResponse, error) {
return nil, nil return nil, nil
} }
// Status returns the status of the runtime
func (s *Server) Status(ctx context.Context, req *pb.StatusRequest) (*pb.StatusResponse, error) {
return nil, nil
}

View file

@ -199,7 +199,7 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
} }
// Don't use SELinux separation with Host Pid or IPC Namespace, // Don't use SELinux separation with Host Pid or IPC Namespace,
if !req.GetConfig().GetLinux().GetNamespaceOptions().GetHostPid() && !req.GetConfig().GetLinux().GetNamespaceOptions().GetHostIpc() { if !req.GetConfig().GetLinux().GetSecurityContext().GetNamespaceOptions().GetHostPid() && !req.GetConfig().GetLinux().GetSecurityContext().GetNamespaceOptions().GetHostIpc() {
processLabel, mountLabel, err = getSELinuxLabels(nil) processLabel, mountLabel, err = getSELinuxLabels(nil)
if err != nil { if err != nil {
return nil, err return nil, err
@ -263,21 +263,21 @@ func (s *Server) RunPodSandbox(ctx context.Context, req *pb.RunPodSandboxRequest
} }
// set up namespaces // set up namespaces
if req.GetConfig().GetLinux().GetNamespaceOptions().GetHostNetwork() { if req.GetConfig().GetLinux().GetSecurityContext().GetNamespaceOptions().GetHostNetwork() {
err = g.RemoveLinuxNamespace("network") err = g.RemoveLinuxNamespace("network")
if err != nil { if err != nil {
return nil, err return nil, err
} }
} }
if req.GetConfig().GetLinux().GetNamespaceOptions().GetHostPid() { if req.GetConfig().GetLinux().GetSecurityContext().GetNamespaceOptions().GetHostPid() {
err = g.RemoveLinuxNamespace("pid") err = g.RemoveLinuxNamespace("pid")
if err != nil { if err != nil {
return nil, err return nil, err
} }
} }
if req.GetConfig().GetLinux().GetNamespaceOptions().GetHostIpc() { if req.GetConfig().GetLinux().GetSecurityContext().GetNamespaceOptions().GetHostIpc() {
err = g.RemoveLinuxNamespace("ipc") err = g.RemoveLinuxNamespace("ipc")
if err != nil { if err != nil {
return nil, err return nil, err
@ -467,9 +467,9 @@ func (s *Server) PodSandboxStatus(ctx context.Context, req *pb.PodSandboxStatusR
ip = "" ip = ""
} }
rStatus := pb.PodSandBoxState_NOTREADY rStatus := pb.PodSandboxState_SANDBOX_NOTREADY
if cState.Status == oci.ContainerStateRunning { if cState.Status == oci.ContainerStateRunning {
rStatus = pb.PodSandBoxState_READY rStatus = pb.PodSandboxState_SANDBOX_READY
} }
sandboxID := sb.id sandboxID := sb.id
@ -546,9 +546,9 @@ func (s *Server) ListPodSandbox(ctx context.Context, req *pb.ListPodSandboxReque
} }
cState := s.runtime.ContainerStatus(podInfraContainer) cState := s.runtime.ContainerStatus(podInfraContainer)
created := cState.Created.UnixNano() created := cState.Created.UnixNano()
rStatus := pb.PodSandBoxState_NOTREADY rStatus := pb.PodSandboxState_SANDBOX_NOTREADY
if cState.Status == oci.ContainerStateRunning { if cState.Status == oci.ContainerStateRunning {
rStatus = pb.PodSandBoxState_READY rStatus = pb.PodSandboxState_SANDBOX_READY
} }
pod := &pb.PodSandbox{ pod := &pb.PodSandbox{

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,34 @@
package(default_visibility = ["//visibility:public"])
licenses(["notice"])
load(
"@io_bazel_rules_go//go:def.bzl",
"go_binary",
"go_library",
"go_test",
"cgo_library",
)
go_library(
name = "go_default_library",
srcs = [
"doc.go",
"fields.go",
"requirements.go",
"selector.go",
],
tags = ["automanaged"],
deps = ["//pkg/selection:go_default_library"],
)
go_test(
name = "go_default_test",
srcs = [
"fields_test.go",
"selector_test.go",
],
library = "go_default_library",
tags = ["automanaged"],
deps = [],
)

View file

@ -0,0 +1,25 @@
package(default_visibility = ["//visibility:public"])
licenses(["notice"])
load(
"@io_bazel_rules_go//go:def.bzl",
"go_binary",
"go_library",
"go_test",
"cgo_library",
)
go_library(
name = "go_default_library",
srcs = [
"api.pb.go",
"constants.go",
],
tags = ["automanaged"],
deps = [
"//vendor:github.com/gogo/protobuf/proto",
"//vendor:golang.org/x/net/context",
"//vendor:google.golang.org/grpc",
],
)

File diff suppressed because it is too large Load diff

View file

@ -5,22 +5,30 @@ package runtime;
// Runtime service defines the public APIs for remote container runtimes // Runtime service defines the public APIs for remote container runtimes
service RuntimeService { service RuntimeService {
// Version returns the runtime name, runtime version and runtime API version // Version returns the runtime name, runtime version, and runtime API version.
rpc Version(VersionRequest) returns (VersionResponse) {} rpc Version(VersionRequest) returns (VersionResponse) {}
// RunPodSandbox creates and starts a pod-level sandbox. Runtimes should ensure // RunPodSandbox creates and starts a pod-level sandbox. Runtimes must ensure
// the sandbox is in ready state. // the sandbox is in the ready state on success.
rpc RunPodSandbox(RunPodSandboxRequest) returns (RunPodSandboxResponse) {} rpc RunPodSandbox(RunPodSandboxRequest) returns (RunPodSandboxResponse) {}
// StopPodSandbox stops the running sandbox. If there are any running // StopPodSandbox stops any running process that is part of the sandbox and
// containers in the sandbox, they should be forcibly terminated. // reclaims network resources (e.g., IP addresses) allocated to the sandbox.
// If there are any running containers in the sandbox, they must be forcibly
// terminated.
// This call is idempotent, and must not return an error if all relevant
// resources have already been reclaimed. kubelet will call StopPodSandbox
// at least once before calling RemovePodSandbox. It will also attempt to
// reclaim resources eagerly, as soon as a sandbox is not needed. Hence,
// multiple StopPodSandbox calls are expected.
rpc StopPodSandbox(StopPodSandboxRequest) returns (StopPodSandboxResponse) {} rpc StopPodSandbox(StopPodSandboxRequest) returns (StopPodSandboxResponse) {}
// RemovePodSandbox removes the sandbox. If there are any running containers in the // RemovePodSandbox removes the sandbox. If there are any running containers
// sandbox, they should be forcibly removed. // in the sandbox, they must be forcibly terminated and removed.
// It should return success if the sandbox has already been removed. // This call is idempotent, and must not return an error if the sandbox has
// already been removed.
rpc RemovePodSandbox(RemovePodSandboxRequest) returns (RemovePodSandboxResponse) {} rpc RemovePodSandbox(RemovePodSandboxRequest) returns (RemovePodSandboxResponse) {}
// PodSandboxStatus returns the status of the PodSandbox. // PodSandboxStatus returns the status of the PodSandbox.
rpc PodSandboxStatus(PodSandboxStatusRequest) returns (PodSandboxStatusResponse) {} rpc PodSandboxStatus(PodSandboxStatusRequest) returns (PodSandboxStatusResponse) {}
// ListPodSandbox returns a list of SandBox. // ListPodSandbox returns a list of PodSandboxes.
rpc ListPodSandbox(ListPodSandboxRequest) returns (ListPodSandboxResponse) {} rpc ListPodSandbox(ListPodSandboxRequest) returns (ListPodSandboxResponse) {}
// CreateContainer creates a new container in specified PodSandbox // CreateContainer creates a new container in specified PodSandbox
@ -28,10 +36,14 @@ service RuntimeService {
// StartContainer starts the container. // StartContainer starts the container.
rpc StartContainer(StartContainerRequest) returns (StartContainerResponse) {} rpc StartContainer(StartContainerRequest) returns (StartContainerResponse) {}
// StopContainer stops a running container with a grace period (i.e., timeout). // StopContainer stops a running container with a grace period (i.e., timeout).
// This call is idempotent, and must not return an error if the container has
// already been stopped.
// TODO: what must the runtime do after the grace period is reached?
rpc StopContainer(StopContainerRequest) returns (StopContainerResponse) {} rpc StopContainer(StopContainerRequest) returns (StopContainerResponse) {}
// RemoveContainer removes the container. If the container is running, the // RemoveContainer removes the container. If the container is running, the
// container should be forcibly removed. // container must be forcibly removed.
// It should return success if the container has already been removed. // This call is idempotent, and must not return an error if the container has
// already been removed.
rpc RemoveContainer(RemoveContainerRequest) returns (RemoveContainerResponse) {} rpc RemoveContainer(RemoveContainerRequest) returns (RemoveContainerResponse) {}
// ListContainers lists all containers by filters. // ListContainers lists all containers by filters.
rpc ListContainers(ListContainersRequest) returns (ListContainersResponse) {} rpc ListContainers(ListContainersRequest) returns (ListContainersResponse) {}
@ -47,11 +59,14 @@ service RuntimeService {
// PortForward prepares a streaming endpoint to forward ports from a PodSandbox. // PortForward prepares a streaming endpoint to forward ports from a PodSandbox.
rpc PortForward(PortForwardRequest) returns (PortForwardResponse) {} rpc PortForward(PortForwardRequest) returns (PortForwardResponse) {}
// UpdateRuntimeConfig updates the runtime configuration based on request // UpdateRuntimeConfig updates the runtime configuration based on the given request.
rpc UpdateRuntimeConfig(UpdateRuntimeConfigRequest) returns (UpdateRuntimeConfigResponse) {} rpc UpdateRuntimeConfig(UpdateRuntimeConfigRequest) returns (UpdateRuntimeConfigResponse) {}
// Status returns the status of the runtime.
rpc Status(StatusRequest) returns (StatusResponse) {}
} }
// Image service defines the public APIs for managing images // ImageService defines the public APIs for managing images.
service ImageService { service ImageService {
// ListImages lists existing images. // ListImages lists existing images.
rpc ListImages(ListImagesRequest) returns (ListImagesResponse) {} rpc ListImages(ListImagesRequest) returns (ListImagesResponse) {}
@ -61,24 +76,25 @@ service ImageService {
// PullImage pulls an image with authentication config. // PullImage pulls an image with authentication config.
rpc PullImage(PullImageRequest) returns (PullImageResponse) {} rpc PullImage(PullImageRequest) returns (PullImageResponse) {}
// RemoveImage removes the image. // RemoveImage removes the image.
// It should return success if the image has already been removed. // This call is idempotent, and must not return an error if the image has
// already been removed.
rpc RemoveImage(RemoveImageRequest) returns (RemoveImageResponse) {} rpc RemoveImage(RemoveImageRequest) returns (RemoveImageResponse) {}
} }
message VersionRequest { message VersionRequest {
// The version of kubelet runtime API. // Version of the kubelet runtime API.
optional string version = 1; optional string version = 1;
} }
message VersionResponse { message VersionResponse {
// The version of the kubelet runtime API. // Version of the kubelet runtime API.
optional string version = 1; optional string version = 1;
// The name of the container runtime. // Name of the container runtime.
optional string runtime_name = 2; optional string runtime_name = 2;
// The version of the container runtime. The string should be // Version of the container runtime. The string must be
// semver-compatible. // semver-compatible.
optional string runtime_version = 3; optional string runtime_version = 3;
// The API version of the container runtime. The string should be // API version of the container runtime. The string must be
// semver-compatible. // semver-compatible.
optional string runtime_api_version = 4; optional string runtime_api_version = 4;
} }
@ -101,25 +117,25 @@ enum Protocol {
// PortMapping specifies the port mapping configurations of a sandbox. // PortMapping specifies the port mapping configurations of a sandbox.
message PortMapping { message PortMapping {
// The protocol of the port mapping. // Protocol of the port mapping.
optional Protocol protocol = 1; optional Protocol protocol = 1;
// The port number within the container. // Port number within the container.
optional int32 container_port = 2; optional int32 container_port = 2;
// The port number on the host. // Port number on the host.
optional int32 host_port = 3; optional int32 host_port = 3;
// The host IP. // Host IP.
optional string host_ip = 4; optional string host_ip = 4;
} }
// Mount specifies a host volume to mount into a container. // Mount specifies a host volume to mount into a container.
message Mount { message Mount {
// The path of the mount within the container. // Path of the mount within the container.
optional string container_path = 1; optional string container_path = 1;
// The path of the mount on the host. // Path of the mount on the host.
optional string host_path = 2; optional string host_path = 2;
// If set, the mount is read-only. // If set, the mount is read-only.
optional bool readonly = 3; optional bool readonly = 3;
// If set, the mount needs SELinux relabeling // If set, the mount needs SELinux relabeling.
optional bool selinux_relabel = 4; optional bool selinux_relabel = 4;
} }
@ -133,16 +149,35 @@ message NamespaceOption {
optional bool host_ipc = 3; optional bool host_ipc = 3;
} }
// LinuxSandboxSecurityContext holds linux security configuration that will be
// applied to a sandbox. Note that:
// 1) It does not apply to containers in the pods.
// 2) It may not be applicable to a PodSandbox which does not contain any running
// process.
message LinuxSandboxSecurityContext {
// Configurations for the sandbox's namespaces.
// This will be used only if the PodSandbox uses namespace for isolation.
optional NamespaceOption namespace_options = 1;
// Optional SELinux context to be applied.
optional SELinuxOption selinux_options = 2;
// UID to run sandbox processes as, when applicable.
optional int64 run_as_user = 3;
// If set, the root filesystem of the sandbox is read-only.
optional bool readonly_rootfs = 4;
// List of groups applied to the first process run in the sandbox, in
// addition to the sandbox's primary GID.
repeated int64 supplemental_groups = 5;
}
// LinuxPodSandboxConfig holds platform-specific configurations for Linux // LinuxPodSandboxConfig holds platform-specific configurations for Linux
// host platforms and Linux-based containers. // host platforms and Linux-based containers.
message LinuxPodSandboxConfig { message LinuxPodSandboxConfig {
// The parent cgroup of the pod sandbox. // Parent cgroup of the PodSandbox.
// The cgroupfs style syntax will be used, but the container runtime can // The cgroupfs style syntax will be used, but the container runtime can
// convert it to systemd semantics if needed. // convert it to systemd semantics if needed.
optional string cgroup_parent = 1; optional string cgroup_parent = 1;
// The configurations for the sandbox's namespaces. // LinuxSandboxSecurityContext holds sandbox security attributes.
// This will be used only if the PodSandbox uses namespace for isolation. optional LinuxSandboxSecurityContext security_context = 2;
optional NamespaceOption namespace_options = 2;
} }
// PodSandboxMetadata holds all necessary information for building the sandbox name. // PodSandboxMetadata holds all necessary information for building the sandbox name.
@ -150,25 +185,25 @@ message LinuxPodSandboxConfig {
// PodSandbox in its user interface for better user experience. For example, // PodSandbox in its user interface for better user experience. For example,
// the runtime can construct a unique PodSandboxName based on the metadata. // the runtime can construct a unique PodSandboxName based on the metadata.
message PodSandboxMetadata { message PodSandboxMetadata {
// The pod name of the sandbox. Same as the pod name in the PodSpec. // Pod name of the sandbox. Same as the pod name in the PodSpec.
optional string name = 1; optional string name = 1;
// The pod UID of the sandbox. Same as the pod UID in the PodSpec. // Pod UID of the sandbox. Same as the pod UID in the PodSpec.
optional string uid = 2; optional string uid = 2;
// The pod namespace of the sandbox. Same as the pod namespace in the PodSpec. // Pod namespace of the sandbox. Same as the pod namespace in the PodSpec.
optional string namespace = 3; optional string namespace = 3;
// The attempt number of creating the sandbox. // Attempt number of creating the sandbox.
optional uint32 attempt = 4; optional uint32 attempt = 4;
} }
// PodSandboxConfig holds all the required and optional fields for creating a // PodSandboxConfig holds all the required and optional fields for creating a
// sandbox. // sandbox.
message PodSandboxConfig { message PodSandboxConfig {
// The metadata of the sandbox. This information will uniquely identify // Metadata of the sandbox. This information will uniquely identify the
// the sandbox, and the runtime should leverage this to ensure correct // sandbox, and the runtime should leverage this to ensure correct
// operation. The runtime may also use this information to improve UX, such // operation. The runtime may also use this information to improve UX, such
// as by constructing a readable name. // as by constructing a readable name.
optional PodSandboxMetadata metadata = 1; optional PodSandboxMetadata metadata = 1;
// The hostname of the sandbox. // Hostname of the sandbox.
optional string hostname = 2; optional string hostname = 2;
// Path to the directory on the host in which container log files are // Path to the directory on the host in which container log files are
// stored. // stored.
@ -186,11 +221,11 @@ message PodSandboxConfig {
// https://issues.k8s.io/24677. There *may* be future change of direction // https://issues.k8s.io/24677. There *may* be future change of direction
// for logging as the discussion carries on. // for logging as the discussion carries on.
optional string log_directory = 3; optional string log_directory = 3;
// The DNS config for the sandbox. // DNS config for the sandbox.
optional DNSConfig dns_config = 4; optional DNSConfig dns_config = 4;
// The port mappings for the sandbox. // Port mappings for the sandbox.
repeated PortMapping port_mappings = 5; repeated PortMapping port_mappings = 5;
// Labels are key value pairs that may be used to scope and select individual resources. // Key-value pairs that may be used to scope and select individual resources.
map<string, string> labels = 6; map<string, string> labels = 6;
// Annotations is an unstructured key value map that may be set by external // Annotations is an unstructured key value map that may be set by external
// tools to store and retrieve arbitrary metadata. There are a few features are // tools to store and retrieve arbitrary metadata. There are a few features are
@ -222,63 +257,73 @@ message PodSandboxConfig {
// * localhost/<profile-name>: the profile installed to the node's // * localhost/<profile-name>: the profile installed to the node's
// local seccomp profile root // local seccomp profile root
// //
// 3. Sysctls
//
// key: security.alpha.kubernetes.io/sysctls
// description: list of safe sysctls which are set for the sandbox.
// value: comma separated list of sysctl_name=value key-value pairs.
//
// key: security.alpha.kubernetes.io/unsafe-sysctls
// description: list of unsafe sysctls which are set for the sandbox.
// value: comma separated list of sysctl_name=value key-value pairs.
//
map<string, string> annotations = 7; map<string, string> annotations = 7;
// Optional configurations specific to Linux hosts. // Optional configurations specific to Linux hosts.
optional LinuxPodSandboxConfig linux = 8; optional LinuxPodSandboxConfig linux = 8;
} }
message RunPodSandboxRequest { message RunPodSandboxRequest {
// The configuration for creating a PodSandbox. // Configuration for creating a PodSandbox.
optional PodSandboxConfig config = 1; optional PodSandboxConfig config = 1;
} }
message RunPodSandboxResponse { message RunPodSandboxResponse {
// The id of the PodSandbox // ID of the PodSandbox to run.
optional string pod_sandbox_id = 1; optional string pod_sandbox_id = 1;
} }
message StopPodSandboxRequest { message StopPodSandboxRequest {
// The id of the PodSandbox // ID of the PodSandbox to stop.
optional string pod_sandbox_id = 1; optional string pod_sandbox_id = 1;
} }
message StopPodSandboxResponse {} message StopPodSandboxResponse {}
message RemovePodSandboxRequest { message RemovePodSandboxRequest {
// The id of the PodSandbox // ID of the PodSandbox to remove.
optional string pod_sandbox_id = 1; optional string pod_sandbox_id = 1;
} }
message RemovePodSandboxResponse {} message RemovePodSandboxResponse {}
message PodSandboxStatusRequest { message PodSandboxStatusRequest {
// The id of the PodSandbox // ID of the PodSandbox for which to retrieve status.
optional string pod_sandbox_id = 1; optional string pod_sandbox_id = 1;
} }
// PodSandboxNetworkStatus is the status of the network for a PodSandbox. // PodSandboxNetworkStatus is the status of the network for a PodSandbox.
message PodSandboxNetworkStatus { message PodSandboxNetworkStatus {
// The IP address of the PodSandbox // IP address of the PodSandbox.
optional string ip = 1; optional string ip = 1;
} }
// Namespace contains paths to the namespaces. // Namespace contains paths to the namespaces.
message Namespace { message Namespace {
// Network is the path to the network namespace. // Path to the network namespace.
optional string network = 1; optional string network = 1;
// Options is the namespace options for linux namespaces // Namespace options for Linux namespaces.
optional NamespaceOption options = 2; optional NamespaceOption options = 2;
} }
// LinuxSandBoxStatus contains status specific to Linux sandboxes. // LinuxSandboxStatus contains status specific to Linux sandboxes.
message LinuxPodSandboxStatus { message LinuxPodSandboxStatus {
// Namespaces contains paths to the sandbox's namespaces. // Paths to the sandbox's namespaces.
optional Namespace namespaces = 1; optional Namespace namespaces = 1;
} }
enum PodSandBoxState { enum PodSandboxState {
READY = 0; SANDBOX_READY = 0;
NOTREADY = 1; SANDBOX_NOTREADY = 1;
} }
// PodSandboxStatus contains the status of the PodSandbox. // PodSandboxStatus contains the status of the PodSandbox.
@ -288,12 +333,12 @@ message PodSandboxStatus {
// Metadata of the sandbox. // Metadata of the sandbox.
optional PodSandboxMetadata metadata = 2; optional PodSandboxMetadata metadata = 2;
// State of the sandbox. // State of the sandbox.
optional PodSandBoxState state = 3; optional PodSandboxState state = 3;
// Creation timestamp of the sandbox in nanoseconds. // Creation timestamp of the sandbox in nanoseconds.
optional int64 created_at = 4; optional int64 created_at = 4;
// Network contains network status if network is handled by the runtime. // Network contains network status if network is handled by the runtime.
optional PodSandboxNetworkStatus network = 5; optional PodSandboxNetworkStatus network = 5;
// Linux specific status to a pod sandbox. // Linux-specific status to a pod sandbox.
optional LinuxPodSandboxStatus linux = 6; optional LinuxPodSandboxStatus linux = 6;
// Labels are key value pairs that may be used to scope and select individual resources. // Labels are key value pairs that may be used to scope and select individual resources.
map<string, string> labels = 7; map<string, string> labels = 7;
@ -303,7 +348,7 @@ message PodSandboxStatus {
} }
message PodSandboxStatusResponse { message PodSandboxStatusResponse {
// The status of the PodSandbox // Status of the PodSandbox.
optional PodSandboxStatus status = 1; optional PodSandboxStatus status = 1;
} }
@ -313,7 +358,7 @@ message PodSandboxFilter {
// ID of the sandbox. // ID of the sandbox.
optional string id = 1; optional string id = 1;
// State of the sandbox. // State of the sandbox.
optional PodSandBoxState state = 2; optional PodSandboxState state = 2;
// LabelSelector to select matches. // LabelSelector to select matches.
// Only api.MatchLabels is supported for now and the requirements // Only api.MatchLabels is supported for now and the requirements
// are ANDed. MatchExpressions is not supported yet. // are ANDed. MatchExpressions is not supported yet.
@ -328,15 +373,15 @@ message ListPodSandboxRequest {
// PodSandbox contains minimal information about a sandbox. // PodSandbox contains minimal information about a sandbox.
message PodSandbox { message PodSandbox {
// The id of the PodSandbox // ID of the PodSandbox.
optional string id = 1; optional string id = 1;
// Metadata of the sandbox // Metadata of the PodSandbox.
optional PodSandboxMetadata metadata = 2; optional PodSandboxMetadata metadata = 2;
// The state of the PodSandbox // State of the PodSandbox.
optional PodSandBoxState state = 3; optional PodSandboxState state = 3;
// Creation timestamps of the sandbox in nanoseconds // Creation timestamps of the PodSandbox in nanoseconds.
optional int64 created_at = 4; optional int64 created_at = 4;
// The labels of the PodSandbox // Labels of the PodSandbox.
map<string, string> labels = 5; map<string, string> labels = 5;
// Annotations is an unstructured key value map that may be set by external // Annotations is an unstructured key value map that may be set by external
// tools to store and retrieve arbitrary metadata. // tools to store and retrieve arbitrary metadata.
@ -344,7 +389,7 @@ message PodSandbox {
} }
message ListPodSandboxResponse { message ListPodSandboxResponse {
// List of PodSandbox // List of PodSandboxes.
repeated PodSandbox items = 1; repeated PodSandbox items = 1;
} }
@ -366,13 +411,13 @@ message KeyValue {
// TODO: Consider using Resources from opencontainers/runtime-spec/specs-go // TODO: Consider using Resources from opencontainers/runtime-spec/specs-go
// directly. // directly.
message LinuxContainerResources { message LinuxContainerResources {
// CPU CFS (Completely Fair Scheduler) period // CPU CFS (Completely Fair Scheduler) period.
optional int64 cpu_period = 1; optional int64 cpu_period = 1;
// CPU CFS (Completely Fair Scheduler) quota // CPU CFS (Completely Fair Scheduler) quota.
optional int64 cpu_quota = 2; optional int64 cpu_quota = 2;
// CPU shares (relative weight vs. other containers) // CPU shares (relative weight vs. other containers).
optional int64 cpu_shares = 3; optional int64 cpu_shares = 3;
// Memory limit in bytes // Memory limit in bytes.
optional int64 memory_limit_in_bytes = 4; optional int64 memory_limit_in_bytes = 4;
// OOMScoreAdj adjusts the oom-killer score. // OOMScoreAdj adjusts the oom-killer score.
optional int64 oom_score_adj = 5; optional int64 oom_score_adj = 5;
@ -394,26 +439,38 @@ message Capability {
repeated string drop_capabilities = 2; repeated string drop_capabilities = 2;
} }
// LinuxContainerSecurityContext holds linux security configuration that will be applied to a container.
message LinuxContainerSecurityContext {
// Capabilities to add or drop.
optional Capability capabilities = 1;
// If set, run container in privileged mode.
optional bool privileged = 2;
// Configurations for the container's namespaces.
// Only used if the container uses namespace for isolation.
optional NamespaceOption namespace_options = 3;
// SELinux context to be optionally applied.
optional SELinuxOption selinux_options = 4;
// UID to run the container process as. Only one of run_as_user and
// run_as_username can be specified at a time.
optional int64 run_as_user = 5;
// User name to run the container process as. If specified, the user MUST
// exist in the container image (i.e. in the /etc/passwd inside the image),
// and be resolved there by the runtime; otherwise, the runtime MUST error.
optional string run_as_username = 6;
// If set, the root filesystem of the container is read-only.
optional bool readonly_rootfs = 7;
// List of groups applied to the first process run in the container, in
// addition to the container's primary GID.
repeated int64 supplemental_groups = 8;
}
// LinuxContainerConfig contains platform-specific configuration for // LinuxContainerConfig contains platform-specific configuration for
// Linux-based containers. // Linux-based containers.
message LinuxContainerConfig { message LinuxContainerConfig {
// Resources specification for the container. // Resources specification for the container.
optional LinuxContainerResources resources = 1; optional LinuxContainerResources resources = 1;
// Capabilities to add or drop. // LinuxContainerSecurityContext configuration for the container.
optional Capability capabilities = 2; optional LinuxContainerSecurityContext security_context = 2;
// Optional SELinux context to be applied.
optional SELinuxOption selinux_options = 3;
// User contains the user for the container process.
optional LinuxUser user = 4;
}
message LinuxUser {
// uid specifies the user ID the container process has.
optional int64 uid = 1;
// gid specifies the group ID the container process has.
optional int64 gid = 2;
// additional_gids specifies additional GIDs the container process has.
repeated int64 additional_gids = 3;
} }
// ContainerMetadata holds all necessary information for building the container // ContainerMetadata holds all necessary information for building the container
@ -422,17 +479,30 @@ message LinuxUser {
// container name based on the metadata. Note that (name, attempt) is unique // container name based on the metadata. Note that (name, attempt) is unique
// within a sandbox for the entire lifetime of the sandbox. // within a sandbox for the entire lifetime of the sandbox.
message ContainerMetadata { message ContainerMetadata {
// The name of the container. Same as the container name in the PodSpec. // Name of the container. Same as the container name in the PodSpec.
optional string name = 1; optional string name = 1;
// The attempt number of creating the container. // Attempt number of creating the container.
optional uint32 attempt = 2; optional uint32 attempt = 2;
} }
// Device specifies a host device to mount into a container.
message Device {
// Path of the device within the container.
optional string container_path = 1;
// Path of the device on the host.
optional string host_path = 2;
// Cgroups permissions of the device, candidates are one or more of
// * r - allows container to read from the specified device.
// * w - allows container to write to the specified device.
// * m - allows container to create device files that do not yet exist.
optional string permissions = 3;
}
// ContainerConfig holds all the required and optional fields for creating a // ContainerConfig holds all the required and optional fields for creating a
// container. // container.
message ContainerConfig { message ContainerConfig {
// The metadata of the container. This information will uniquely identify // Metadata of the container. This information will uniquely identify the
// the container, and the runtime should leverage this to ensure correct // container, and the runtime should leverage this to ensure correct
// operation. The runtime may also use this information to improve UX, such // operation. The runtime may also use this information to improve UX, such
// as by constructing a readable name. // as by constructing a readable name.
optional ContainerMetadata metadata = 1 ; optional ContainerMetadata metadata = 1 ;
@ -444,25 +514,22 @@ message ContainerConfig {
repeated string args = 4; repeated string args = 4;
// Current working directory of the command. // Current working directory of the command.
optional string working_dir = 5; optional string working_dir = 5;
// List of environment variable to set in the container // List of environment variable to set in the container.
repeated KeyValue envs = 6; repeated KeyValue envs = 6;
// Mounts specifies mounts for the container // Mounts for the container.
repeated Mount mounts = 7; repeated Mount mounts = 7;
// Labels are key value pairs that may be used to scope and select individual resources. // Devices for the container.
repeated Device devices = 8;
// Key-value pairs that may be used to scope and select individual resources.
// Label keys are of the form: // Label keys are of the form:
// label-key ::= prefixed-name | name // label-key ::= prefixed-name | name
// prefixed-name ::= prefix '/' name // prefixed-name ::= prefix '/' name
// prefix ::= DNS_SUBDOMAIN // prefix ::= DNS_SUBDOMAIN
// name ::= DNS_LABEL // name ::= DNS_LABEL
map<string, string> labels = 8; map<string, string> labels = 9;
// Annotations is an unstructured key value map that may be set by external // Annotations is an unstructured key value map that may be set by external
// tools to store and retrieve arbitrary metadata. // tools to store and retrieve arbitrary metadata.
map<string, string> annotations = 9; map<string, string> annotations = 10;
// If set, run container in privileged mode.
// Processes in privileged containers are essentially equivalent to root on the host.
optional bool privileged = 10;
// If set, the root filesystem of the container is read-only.
optional bool readonly_rootfs = 11;
// Path relative to PodSandboxConfig.LogDirectory for container to store // Path relative to PodSandboxConfig.LogDirectory for container to store
// the log (STDOUT and STDERR) on the host. // the log (STDOUT and STDERR) on the host.
// E.g., // E.g.,
@ -473,27 +540,26 @@ message ContainerConfig {
// container logs are under active discussion in // container logs are under active discussion in
// https://issues.k8s.io/24677. There *may* be future change of direction // https://issues.k8s.io/24677. There *may* be future change of direction
// for logging as the discussion carries on. // for logging as the discussion carries on.
optional string log_path = 12; optional string log_path = 11;
// The hash of container config
// Variables for interactive containers, these have very specialized // Variables for interactive containers, these have very specialized
// use-cases (e.g. debugging). // use-cases (e.g. debugging).
// TODO: Determine if we need to continue supporting these fields that are // TODO: Determine if we need to continue supporting these fields that are
// part of Kubernetes's Container Spec. // part of Kubernetes's Container Spec.
optional bool stdin = 13; optional bool stdin = 12;
optional bool stdin_once = 14; optional bool stdin_once = 13;
optional bool tty = 15; optional bool tty = 14;
// Linux contains configuration specific to Linux containers. // Configuration specific to Linux containers.
optional LinuxContainerConfig linux = 16; optional LinuxContainerConfig linux = 15;
} }
message CreateContainerRequest { message CreateContainerRequest {
// The id of the PodSandbox // ID of the PodSandbox in which the container should be created.
optional string pod_sandbox_id = 1; optional string pod_sandbox_id = 1;
// The config of the container // Config of the container.
optional ContainerConfig config = 2; optional ContainerConfig config = 2;
// The config of the PodSandbox. This is the same config that was passed // Config of the PodSandbox. This is the same config that was passed
// to RunPodSandboxRequest to create the PodSandbox. It is passed again // to RunPodSandboxRequest to create the PodSandbox. It is passed again
// here just for easy reference. The PodSandboxConfig is immutable and // here just for easy reference. The PodSandboxConfig is immutable and
// remains the same throughout the lifetime of the pod. // remains the same throughout the lifetime of the pod.
@ -501,38 +567,38 @@ message CreateContainerRequest {
} }
message CreateContainerResponse { message CreateContainerResponse {
// The id of the created container // ID of the created container.
optional string container_id = 1; optional string container_id = 1;
} }
message StartContainerRequest { message StartContainerRequest {
// The id of the container // ID of the container to start.
optional string container_id = 1; optional string container_id = 1;
} }
message StartContainerResponse {} message StartContainerResponse {}
message StopContainerRequest { message StopContainerRequest {
// The id of the container // ID of the container to stop.
optional string container_id = 1; optional string container_id = 1;
// Timeout in seconds to stop the container // Timeout, in seconds, to stop the container.
optional int64 timeout = 2; optional int64 timeout = 2;
} }
message StopContainerResponse {} message StopContainerResponse {}
message RemoveContainerRequest { message RemoveContainerRequest {
// The id of the container // ID of the container to remove.
optional string container_id = 1; optional string container_id = 1;
} }
message RemoveContainerResponse {} message RemoveContainerResponse {}
enum ContainerState { enum ContainerState {
CREATED = 0; CONTAINER_CREATED = 0;
RUNNING = 1; CONTAINER_RUNNING = 1;
EXITED = 2; CONTAINER_EXITED = 2;
UNKNOWN = 3; CONTAINER_UNKNOWN = 3;
} }
// ContainerFilter is used to filter containers. // ContainerFilter is used to filter containers.
@ -542,7 +608,7 @@ message ContainerFilter {
optional string id = 1; optional string id = 1;
// State of the container. // State of the container.
optional ContainerState state = 2; optional ContainerState state = 2;
// The id of the pod sandbox // ID of the PodSandbox.
optional string pod_sandbox_id = 3; optional string pod_sandbox_id = 3;
// LabelSelector to select matches. // LabelSelector to select matches.
// Only api.MatchLabels is supported for now and the requirements // Only api.MatchLabels is supported for now and the requirements
@ -557,23 +623,23 @@ message ListContainersRequest {
// Container provides the runtime information for a container, such as ID, hash, // Container provides the runtime information for a container, such as ID, hash,
// state of the container. // state of the container.
message Container { message Container {
// The ID of the container, used by the container runtime to identify // ID of the container, used by the container runtime to identify
// a container. // a container.
optional string id = 1; optional string id = 1;
// The id of the sandbox which this container belongs to. // ID of the sandbox to which this container belongs.
optional string pod_sandbox_id = 2; optional string pod_sandbox_id = 2;
// The metadata of the container. // Metadata of the container.
optional ContainerMetadata metadata = 3; optional ContainerMetadata metadata = 3;
// The spec of the image // Spec of the image.
optional ImageSpec image = 4; optional ImageSpec image = 4;
// Reference to the image in use. For most runtimes, this should be an // Reference to the image in use. For most runtimes, this should be an
// image ID. // image ID.
optional string image_ref = 5; optional string image_ref = 5;
// State is the state of the container. // State of the container.
optional ContainerState state = 6; optional ContainerState state = 6;
// Creation time of the container in nanoseconds. // Creation time of the container in nanoseconds.
optional int64 created_at = 7; optional int64 created_at = 7;
// Labels are key value pairs that may be used to scope and select individual resources. // Key-value pairs that may be used to scope and select individual resources.
map<string, string> labels = 8; map<string, string> labels = 8;
// Annotations is an unstructured key value map that may be set by external // Annotations is an unstructured key value map that may be set by external
// tools to store and retrieve arbitrary metadata. // tools to store and retrieve arbitrary metadata.
@ -581,12 +647,12 @@ message Container {
} }
message ListContainersResponse { message ListContainersResponse {
// List of containers // List of containers.
repeated Container containers = 1; repeated Container containers = 1;
} }
message ContainerStatusRequest { message ContainerStatusRequest {
// The id of the container // ID of the container for which to retrieve status.
optional string container_id = 1; optional string container_id = 1;
} }
@ -606,94 +672,94 @@ message ContainerStatus {
optional int64 finished_at = 6; optional int64 finished_at = 6;
// Exit code of the container. // Exit code of the container.
optional int32 exit_code = 7; optional int32 exit_code = 7;
// The spec of the image // Spec of the image.
optional ImageSpec image = 8; optional ImageSpec image = 8;
// Reference to the image in use. For most runtimes, this should be an // Reference to the image in use. For most runtimes, this should be an
// image ID // image ID
optional string image_ref = 9; optional string image_ref = 9;
// A brief CamelCase string explains why container is in such a status. // Brief CamelCase string explaining why container is in its current state.
optional string reason = 10; optional string reason = 10;
// A human-readable message indication details about why container is in // Human-readable message indicating details about why container is in its
// this state. // current state.
optional string message = 11; optional string message = 11;
// Labels are key value pairs that may be used to scope and select individual resources. // Key-value pairs that may be used to scope and select individual resources.
map<string,string> labels = 12; map<string,string> labels = 12;
// Annotations is an unstructured key value map. // Annotations is an unstructured key value map.
map<string,string> annotations = 13; map<string,string> annotations = 13;
// Mounts specifies mounts for the container // Mounts for the container.
repeated Mount mounts = 14; repeated Mount mounts = 14;
} }
message ContainerStatusResponse { message ContainerStatusResponse {
// The status of the container // Status of the container.
optional ContainerStatus status = 1; optional ContainerStatus status = 1;
} }
message ExecSyncRequest { message ExecSyncRequest {
// The id of the container // ID of the container.
optional string container_id = 1; optional string container_id = 1;
// The cmd to execute // Command to execute.
repeated string cmd = 2; repeated string cmd = 2;
// Timeout in seconds to stop the command. Default: run forever. // Timeout in seconds to stop the command. Default: run forever.
optional int64 timeout = 3; optional int64 timeout = 3;
} }
message ExecSyncResponse { message ExecSyncResponse {
// The captured command stdout output. // Captured command stdout output.
optional bytes stdout = 1; optional bytes stdout = 1;
// The captured command stderr output. // Captured command stderr output.
optional bytes stderr = 2; optional bytes stderr = 2;
// The exit code the command finished with. // Exit code the command finished with.
optional int32 exit_code = 3; optional int32 exit_code = 3;
} }
message ExecRequest { message ExecRequest {
// The id of the container // ID of the container in which to execute the command.
optional string container_id = 1; optional string container_id = 1;
// The cmd to execute // Command to execute.
repeated string cmd = 2; repeated string cmd = 2;
// Whether use tty // Whether use tty.
optional bool tty = 3; optional bool tty = 3;
// Whether to stream stdin // Whether to stream stdin.
optional bool stdin = 4; optional bool stdin = 4;
} }
message ExecResponse { message ExecResponse {
// The fully qualified URL of the exec streaming server // Fully qualified URL of the exec streaming server.
optional string url = 1; optional string url = 1;
} }
message AttachRequest { message AttachRequest {
// The id of the container // ID of the container to which to attach.
optional string container_id = 1; optional string container_id = 1;
// Whether to stream stdin // Whether to stream stdin.
optional bool stdin = 2; optional bool stdin = 2;
} }
message AttachResponse { message AttachResponse {
// The fully qualified URL of the attach streaming server // Fully qualified URL of the attach streaming server.
optional string url = 1; optional string url = 1;
} }
message PortForwardRequest { message PortForwardRequest {
// The id of the container // ID of the container to which to forward the port.
optional string pod_sandbox_id = 1; optional string pod_sandbox_id = 1;
// The port to forward // Port to forward.
repeated int32 port = 2; repeated int32 port = 2;
} }
message PortForwardResponse { message PortForwardResponse {
// The fully qualified URL of the port-forward streaming server // Fully qualified URL of the port-forward streaming server.
optional string url = 1; optional string url = 1;
} }
message ImageFilter { message ImageFilter {
// The spec of the image // Spec of the image.
optional ImageSpec image = 1; optional ImageSpec image = 1;
} }
message ListImagesRequest { message ListImagesRequest {
// The filter to list images // Filter to list images.
optional ImageFilter filter = 1; optional ImageFilter filter = 1;
} }
@ -705,22 +771,29 @@ message Image {
repeated string repo_tags = 2; repeated string repo_tags = 2;
// Digests by which this image is known. // Digests by which this image is known.
repeated string repo_digests = 3; repeated string repo_digests = 3;
// The size of the image in bytes. // Size of the image in bytes.
optional uint64 size = 4; optional uint64 size = 4;
// UID that will run the command(s). This is used as a default if no user is
// specified when creating the container. UID and the following user name
// are mutually exclusive.
optional int64 uid = 5;
// User name that will run the command(s). This is used if UID is not set
// and no user is specified when creating container.
optional string username = 6;
} }
message ListImagesResponse { message ListImagesResponse {
// List of images // List of images.
repeated Image images = 1; repeated Image images = 1;
} }
message ImageStatusRequest { message ImageStatusRequest {
// The spec of the image // Spec of the image.
optional ImageSpec image = 1; optional ImageSpec image = 1;
} }
message ImageStatusResponse { message ImageStatusResponse {
// The status of the image // Status of the image.
optional Image image = 1; optional Image image = 1;
} }
@ -738,25 +811,25 @@ message AuthConfig {
} }
message PullImageRequest { message PullImageRequest {
// The spec of the image // Spec of the image.
optional ImageSpec image = 1; optional ImageSpec image = 1;
// The auth config for pulling image // Authentication configuration for pulling the image.
optional AuthConfig auth = 2; optional AuthConfig auth = 2;
// The config of the PodSandbox, which is used to pull image in PodSandbox context // Config of the PodSandbox, which is used to pull image in PodSandbox context.
optional PodSandboxConfig sandbox_config = 3; optional PodSandboxConfig sandbox_config = 3;
} }
message PullImageResponse {} message PullImageResponse {}
message RemoveImageRequest { message RemoveImageRequest {
// The spec of the image // Spec of the image to remove.
optional ImageSpec image = 1; optional ImageSpec image = 1;
} }
message RemoveImageResponse {} message RemoveImageResponse {}
message NetworkConfig { message NetworkConfig {
// The CIDR to use for pod IP addresses // CIDR to use for pod IP addresses.
optional string pod_cidr = 1; optional string pod_cidr = 1;
} }
@ -769,3 +842,40 @@ message UpdateRuntimeConfigRequest {
} }
message UpdateRuntimeConfigResponse {} message UpdateRuntimeConfigResponse {}
// RuntimeCondition contains condition information for the runtime.
// There are 2 kinds of runtime conditions:
// 1. Required condtitions: Conditions are required for kubelet to work
// properly. If any required condition is unmet, the node will be not ready.
// The required conditions include:
// * RuntimeReady: RuntimeReady means the runtime is up and ready to accept
// basic containers e.g. container only needs host network.
// * NetworkReady: NetworkReady means the runtime network is up and ready to
// accept containers which require container network.
// 2. Optional conditions: Conditions are informative to the user, but kubelet
// will not rely on. Since condition type is an arbitrary string, all conditions
// not required are optional. These conditions will be exposed to users to help
// them understand the status of the system.
message RuntimeCondition {
// Type of runtime condition.
optional string type = 1;
// Status of the condition, one of true/false.
optional bool status = 2;
// Brief CamelCase string containing reason for the condition's last transition.
optional string reason = 3;
// Human-readable message indicating details about last transition.
optional string message = 4;
}
// RuntimeStatus is information about the current status of the runtime.
message RuntimeStatus {
// List of current observed runtime conditions.
repeated RuntimeCondition conditions = 1;
}
message StatusRequest {}
message StatusResponse {
// Status of the Runtime.
optional RuntimeStatus status = 1;
}

View file

@ -0,0 +1,27 @@
/*
Copyright 2016 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package runtime
// This file contains all constants defined in CRI.
// Required runtime condition type.
const (
// RuntimeReady means the runtime is up and ready to accept basic containers.
RuntimeReady = "RuntimeReady"
// NetworkReady means the runtime network is up and ready to accept containers which require network.
NetworkReady = "NetworkReady"
)

View file

@ -0,0 +1,17 @@
package(default_visibility = ["//visibility:public"])
licenses(["notice"])
load(
"@io_bazel_rules_go//go:def.bzl",
"go_binary",
"go_library",
"go_test",
"cgo_library",
)
go_library(
name = "go_default_library",
srcs = ["operator.go"],
tags = ["automanaged"],
)

View file

@ -0,0 +1,28 @@
package(default_visibility = ["//visibility:public"])
licenses(["notice"])
load(
"@io_bazel_rules_go//go:def.bzl",
"go_binary",
"go_library",
"go_test",
"cgo_library",
)
go_library(
name = "go_default_library",
srcs = [
"doc.go",
"errors.go",
],
tags = ["automanaged"],
)
go_test(
name = "go_default_test",
srcs = ["errors_test.go"],
library = "go_default_library",
tags = ["automanaged"],
deps = [],
)

View file

@ -0,0 +1,17 @@
package(default_visibility = ["//visibility:public"])
licenses(["notice"])
load(
"@io_bazel_rules_go//go:def.bzl",
"go_binary",
"go_library",
"go_test",
"cgo_library",
)
go_library(
name = "go_default_library",
srcs = ["homedir.go"],
tags = ["automanaged"],
)

View file

@ -0,0 +1,45 @@
package(default_visibility = ["//visibility:public"])
licenses(["notice"])
load(
"@io_bazel_rules_go//go:def.bzl",
"go_binary",
"go_library",
"go_test",
"cgo_library",
)
go_library(
name = "go_default_library",
srcs = [
"http.go",
"interface.go",
"port_range.go",
"port_split.go",
"util.go",
],
tags = ["automanaged"],
deps = [
"//pkg/util/sets:go_default_library",
"//vendor:github.com/golang/glog",
"//vendor:golang.org/x/net/http2",
],
)
go_test(
name = "go_default_test",
srcs = [
"http_test.go",
"interface_test.go",
"port_range_test.go",
"port_split_test.go",
"util_test.go",
],
library = "go_default_library",
tags = ["automanaged"],
deps = [
"//pkg/util/sets:go_default_library",
"//vendor:github.com/spf13/pflag",
],
)

View file

@ -0,0 +1,52 @@
package(default_visibility = ["//visibility:public"])
licenses(["notice"])
load(
"@io_bazel_rules_go//go:def.bzl",
"go_binary",
"go_library",
"go_test",
"cgo_library",
)
go_library(
name = "go_default_library",
srcs = [
":set-gen",
],
)
go_test(
name = "go_default_test",
srcs = ["set_test.go"],
library = "go_default_library",
tags = ["automanaged"],
deps = [],
)
genrule(
name = "set-gen",
srcs = [
"//pkg/util/sets/types:types.go",
"//hack/boilerplate:boilerplate.go.txt",
],
outs = [
"byte.go",
"doc.go",
"empty.go",
"int.go",
"int64.go",
"string.go",
],
cmd = """
$(location //cmd/libs/go2idl/set-gen) \
--input-dirs ./pkg/util/sets/types \
--output-base $(GENDIR)/pkg/util \
--go-header-file $(location //hack/boilerplate:boilerplate.go.txt) \
--output-package sets
""",
tools = [
"//cmd/libs/go2idl/set-gen",
],
)

View file

@ -0,0 +1,191 @@
Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
Copyright 2014-2015 Docker, Inc.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

View file

@ -0,0 +1,425 @@
Attribution-ShareAlike 4.0 International
=======================================================================
Creative Commons Corporation ("Creative Commons") is not a law firm and
does not provide legal services or legal advice. Distribution of
Creative Commons public licenses does not create a lawyer-client or
other relationship. Creative Commons makes its licenses and related
information available on an "as-is" basis. Creative Commons gives no
warranties regarding its licenses, any material licensed under their
terms and conditions, or any related information. Creative Commons
disclaims all liability for damages resulting from their use to the
fullest extent possible.
Using Creative Commons Public Licenses
Creative Commons public licenses provide a standard set of terms and
conditions that creators and other rights holders may use to share
original works of authorship and other material subject to copyright
and certain other rights specified in the public license below. The
following considerations are for informational purposes only, are not
exhaustive, and do not form part of our licenses.
Considerations for licensors: Our public licenses are
intended for use by those authorized to give the public
permission to use material in ways otherwise restricted by
copyright and certain other rights. Our licenses are
irrevocable. Licensors should read and understand the terms
and conditions of the license they choose before applying it.
Licensors should also secure all rights necessary before
applying our licenses so that the public can reuse the
material as expected. Licensors should clearly mark any
material not subject to the license. This includes other CC-
licensed material, or material used under an exception or
limitation to copyright. More considerations for licensors:
wiki.creativecommons.org/Considerations_for_licensors
Considerations for the public: By using one of our public
licenses, a licensor grants the public permission to use the
licensed material under specified terms and conditions. If
the licensor's permission is not necessary for any reason--for
example, because of any applicable exception or limitation to
copyright--then that use is not regulated by the license. Our
licenses grant only permissions under copyright and certain
other rights that a licensor has authority to grant. Use of
the licensed material may still be restricted for other
reasons, including because others have copyright or other
rights in the material. A licensor may make special requests,
such as asking that all changes be marked or described.
Although not required by our licenses, you are encouraged to
respect those requests where reasonable. More_considerations
for the public:
wiki.creativecommons.org/Considerations_for_licensees
=======================================================================
Creative Commons Attribution-ShareAlike 4.0 International Public
License
By exercising the Licensed Rights (defined below), You accept and agree
to be bound by the terms and conditions of this Creative Commons
Attribution-ShareAlike 4.0 International Public License ("Public
License"). To the extent this Public License may be interpreted as a
contract, You are granted the Licensed Rights in consideration of Your
acceptance of these terms and conditions, and the Licensor grants You
such rights in consideration of benefits the Licensor receives from
making the Licensed Material available under these terms and
conditions.
Section 1 -- Definitions.
a. Adapted Material means material subject to Copyright and Similar
Rights that is derived from or based upon the Licensed Material
and in which the Licensed Material is translated, altered,
arranged, transformed, or otherwise modified in a manner requiring
permission under the Copyright and Similar Rights held by the
Licensor. For purposes of this Public License, where the Licensed
Material is a musical work, performance, or sound recording,
Adapted Material is always produced where the Licensed Material is
synched in timed relation with a moving image.
b. Adapter's License means the license You apply to Your Copyright
and Similar Rights in Your contributions to Adapted Material in
accordance with the terms and conditions of this Public License.
c. BY-SA Compatible License means a license listed at
creativecommons.org/compatiblelicenses, approved by Creative
Commons as essentially the equivalent of this Public License.
d. Copyright and Similar Rights means copyright and/or similar rights
closely related to copyright including, without limitation,
performance, broadcast, sound recording, and Sui Generis Database
Rights, without regard to how the rights are labeled or
categorized. For purposes of this Public License, the rights
specified in Section 2(b)(1)-(2) are not Copyright and Similar
Rights.
e. Effective Technological Measures means those measures that, in the
absence of proper authority, may not be circumvented under laws
fulfilling obligations under Article 11 of the WIPO Copyright
Treaty adopted on December 20, 1996, and/or similar international
agreements.
f. Exceptions and Limitations means fair use, fair dealing, and/or
any other exception or limitation to Copyright and Similar Rights
that applies to Your use of the Licensed Material.
g. License Elements means the license attributes listed in the name
of a Creative Commons Public License. The License Elements of this
Public License are Attribution and ShareAlike.
h. Licensed Material means the artistic or literary work, database,
or other material to which the Licensor applied this Public
License.
i. Licensed Rights means the rights granted to You subject to the
terms and conditions of this Public License, which are limited to
all Copyright and Similar Rights that apply to Your use of the
Licensed Material and that the Licensor has authority to license.
j. Licensor means the individual(s) or entity(ies) granting rights
under this Public License.
k. Share means to provide material to the public by any means or
process that requires permission under the Licensed Rights, such
as reproduction, public display, public performance, distribution,
dissemination, communication, or importation, and to make material
available to the public including in ways that members of the
public may access the material from a place and at a time
individually chosen by them.
l. Sui Generis Database Rights means rights other than copyright
resulting from Directive 96/9/EC of the European Parliament and of
the Council of 11 March 1996 on the legal protection of databases,
as amended and/or succeeded, as well as other essentially
equivalent rights anywhere in the world.
m. You means the individual or entity exercising the Licensed Rights
under this Public License. Your has a corresponding meaning.
Section 2 -- Scope.
a. License grant.
1. Subject to the terms and conditions of this Public License,
the Licensor hereby grants You a worldwide, royalty-free,
non-sublicensable, non-exclusive, irrevocable license to
exercise the Licensed Rights in the Licensed Material to:
a. reproduce and Share the Licensed Material, in whole or
in part; and
b. produce, reproduce, and Share Adapted Material.
2. Exceptions and Limitations. For the avoidance of doubt, where
Exceptions and Limitations apply to Your use, this Public
License does not apply, and You do not need to comply with
its terms and conditions.
3. Term. The term of this Public License is specified in Section
6(a).
4. Media and formats; technical modifications allowed. The
Licensor authorizes You to exercise the Licensed Rights in
all media and formats whether now known or hereafter created,
and to make technical modifications necessary to do so. The
Licensor waives and/or agrees not to assert any right or
authority to forbid You from making technical modifications
necessary to exercise the Licensed Rights, including
technical modifications necessary to circumvent Effective
Technological Measures. For purposes of this Public License,
simply making modifications authorized by this Section 2(a)
(4) never produces Adapted Material.
5. Downstream recipients.
a. Offer from the Licensor -- Licensed Material. Every
recipient of the Licensed Material automatically
receives an offer from the Licensor to exercise the
Licensed Rights under the terms and conditions of this
Public License.
b. Additional offer from the Licensor -- Adapted Material.
Every recipient of Adapted Material from You
automatically receives an offer from the Licensor to
exercise the Licensed Rights in the Adapted Material
under the conditions of the Adapter's License You apply.
c. No downstream restrictions. You may not offer or impose
any additional or different terms or conditions on, or
apply any Effective Technological Measures to, the
Licensed Material if doing so restricts exercise of the
Licensed Rights by any recipient of the Licensed
Material.
6. No endorsement. Nothing in this Public License constitutes or
may be construed as permission to assert or imply that You
are, or that Your use of the Licensed Material is, connected
with, or sponsored, endorsed, or granted official status by,
the Licensor or others designated to receive attribution as
provided in Section 3(a)(1)(A)(i).
b. Other rights.
1. Moral rights, such as the right of integrity, are not
licensed under this Public License, nor are publicity,
privacy, and/or other similar personality rights; however, to
the extent possible, the Licensor waives and/or agrees not to
assert any such rights held by the Licensor to the limited
extent necessary to allow You to exercise the Licensed
Rights, but not otherwise.
2. Patent and trademark rights are not licensed under this
Public License.
3. To the extent possible, the Licensor waives any right to
collect royalties from You for the exercise of the Licensed
Rights, whether directly or through a collecting society
under any voluntary or waivable statutory or compulsory
licensing scheme. In all other cases the Licensor expressly
reserves any right to collect such royalties.
Section 3 -- License Conditions.
Your exercise of the Licensed Rights is expressly made subject to the
following conditions.
a. Attribution.
1. If You Share the Licensed Material (including in modified
form), You must:
a. retain the following if it is supplied by the Licensor
with the Licensed Material:
i. identification of the creator(s) of the Licensed
Material and any others designated to receive
attribution, in any reasonable manner requested by
the Licensor (including by pseudonym if
designated);
ii. a copyright notice;
iii. a notice that refers to this Public License;
iv. a notice that refers to the disclaimer of
warranties;
v. a URI or hyperlink to the Licensed Material to the
extent reasonably practicable;
b. indicate if You modified the Licensed Material and
retain an indication of any previous modifications; and
c. indicate the Licensed Material is licensed under this
Public License, and include the text of, or the URI or
hyperlink to, this Public License.
2. You may satisfy the conditions in Section 3(a)(1) in any
reasonable manner based on the medium, means, and context in
which You Share the Licensed Material. For example, it may be
reasonable to satisfy the conditions by providing a URI or
hyperlink to a resource that includes the required
information.
3. If requested by the Licensor, You must remove any of the
information required by Section 3(a)(1)(A) to the extent
reasonably practicable.
b. ShareAlike.
In addition to the conditions in Section 3(a), if You Share
Adapted Material You produce, the following conditions also apply.
1. The Adapter's License You apply must be a Creative Commons
license with the same License Elements, this version or
later, or a BY-SA Compatible License.
2. You must include the text of, or the URI or hyperlink to, the
Adapter's License You apply. You may satisfy this condition
in any reasonable manner based on the medium, means, and
context in which You Share Adapted Material.
3. You may not offer or impose any additional or different terms
or conditions on, or apply any Effective Technological
Measures to, Adapted Material that restrict exercise of the
rights granted under the Adapter's License You apply.
Section 4 -- Sui Generis Database Rights.
Where the Licensed Rights include Sui Generis Database Rights that
apply to Your use of the Licensed Material:
a. for the avoidance of doubt, Section 2(a)(1) grants You the right
to extract, reuse, reproduce, and Share all or a substantial
portion of the contents of the database;
b. if You include all or a substantial portion of the database
contents in a database in which You have Sui Generis Database
Rights, then the database in which You have Sui Generis Database
Rights (but not its individual contents) is Adapted Material,
including for purposes of Section 3(b); and
c. You must comply with the conditions in Section 3(a) if You Share
all or a substantial portion of the contents of the database.
For the avoidance of doubt, this Section 4 supplements and does not
replace Your obligations under this Public License where the Licensed
Rights include other Copyright and Similar Rights.
Section 5 -- Disclaimer of Warranties and Limitation of Liability.
a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE
EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS
AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF
ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS,
IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION,
WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS,
ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT
KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT
ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU.
b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE
TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION,
NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES,
COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR
USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR
DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR
IN PART, THIS LIMITATION MAY NOT APPLY TO YOU.
c. The disclaimer of warranties and limitation of liability provided
above shall be interpreted in a manner that, to the extent
possible, most closely approximates an absolute disclaimer and
waiver of all liability.
Section 6 -- Term and Termination.
a. This Public License applies for the term of the Copyright and
Similar Rights licensed here. However, if You fail to comply with
this Public License, then Your rights under this Public License
terminate automatically.
b. Where Your right to use the Licensed Material has terminated under
Section 6(a), it reinstates:
1. automatically as of the date the violation is cured, provided
it is cured within 30 days of Your discovery of the
violation; or
2. upon express reinstatement by the Licensor.
For the avoidance of doubt, this Section 6(b) does not affect any
right the Licensor may have to seek remedies for Your violations
of this Public License.
c. For the avoidance of doubt, the Licensor may also offer the
Licensed Material under separate terms or conditions or stop
distributing the Licensed Material at any time; however, doing so
will not terminate this Public License.
d. Sections 1, 5, 6, 7, and 8 survive termination of this Public
License.
Section 7 -- Other Terms and Conditions.
a. The Licensor shall not be bound by any additional or different
terms or conditions communicated by You unless expressly agreed.
b. Any arrangements, understandings, or agreements regarding the
Licensed Material not stated herein are separate from and
independent of the terms and conditions of this Public License.
Section 8 -- Interpretation.
a. For the avoidance of doubt, this Public License does not, and
shall not be interpreted to, reduce, limit, restrict, or impose
conditions on any use of the Licensed Material that could lawfully
be made without permission under this Public License.
b. To the extent possible, if any provision of this Public License is
deemed unenforceable, it shall be automatically reformed to the
minimum extent necessary to make it enforceable. If the provision
cannot be reformed, it shall be severed from this Public License
without affecting the enforceability of the remaining terms and
conditions.
c. No term or condition of this Public License will be waived and no
failure to comply consented to unless expressly agreed to by the
Licensor.
d. Nothing in this Public License constitutes or may be interpreted
as a limitation upon, or waiver of, any privileges and immunities
that apply to the Licensor or You, including from the legal
processes of any jurisdiction or authority.
=======================================================================
Creative Commons is not a party to its public licenses.
Notwithstanding, Creative Commons may elect to apply one of its public
licenses to material it publishes and in those instances will be
considered the "Licensor." Except for the limited purpose of indicating
that material is shared under a Creative Commons public license or as
otherwise permitted by the Creative Commons policies published at
creativecommons.org/policies, Creative Commons does not authorize the
use of the trademark "Creative Commons" or any other trademark or logo
of Creative Commons without its prior written consent including,
without limitation, in connection with any unauthorized modifications
to any of its public licenses or any other arrangements,
understandings, or agreements concerning use of licensed material. For
the avoidance of doubt, this paragraph does not form part of the public
licenses.
Creative Commons may be contacted at creativecommons.org.

View file

@ -1,191 +0,0 @@
All files in this repository are licensed as follows. If you contribute
to this repository, it is assumed that you license your contribution
under the same license unless you state otherwise.
All files Copyright (C) 2015 Canonical Ltd. unless otherwise specified in the file.
This software is licensed under the LGPLv3, included below.
As a special exception to the GNU Lesser General Public License version 3
("LGPL3"), the copyright holders of this Library give you permission to
convey to a third party a Combined Work that links statically or dynamically
to this Library without providing any Minimal Corresponding Source or
Minimal Application Code as set out in 4d or providing the installation
information set out in section 4e, provided that you comply with the other
provisions of LGPL3 and provided that you meet, for the Application the
terms and conditions of the license(s) which apply to the Application.
Except as stated in this special exception, the provisions of LGPL3 will
continue to comply in full to this Library. If you modify this Library, you
may apply this exception to your version of this Library, but you are not
obliged to do so. If you do not wish to do so, delete this exception
statement from your version. This exception does not (and cannot) modify any
license terms which apply to the Application, with which you must still
comply.
GNU LESSER GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
This version of the GNU Lesser General Public License incorporates
the terms and conditions of version 3 of the GNU General Public
License, supplemented by the additional permissions listed below.
0. Additional Definitions.
As used herein, "this License" refers to version 3 of the GNU Lesser
General Public License, and the "GNU GPL" refers to version 3 of the GNU
General Public License.
"The Library" refers to a covered work governed by this License,
other than an Application or a Combined Work as defined below.
An "Application" is any work that makes use of an interface provided
by the Library, but which is not otherwise based on the Library.
Defining a subclass of a class defined by the Library is deemed a mode
of using an interface provided by the Library.
A "Combined Work" is a work produced by combining or linking an
Application with the Library. The particular version of the Library
with which the Combined Work was made is also called the "Linked
Version".
The "Minimal Corresponding Source" for a Combined Work means the
Corresponding Source for the Combined Work, excluding any source code
for portions of the Combined Work that, considered in isolation, are
based on the Application, and not on the Linked Version.
The "Corresponding Application Code" for a Combined Work means the
object code and/or source code for the Application, including any data
and utility programs needed for reproducing the Combined Work from the
Application, but excluding the System Libraries of the Combined Work.
1. Exception to Section 3 of the GNU GPL.
You may convey a covered work under sections 3 and 4 of this License
without being bound by section 3 of the GNU GPL.
2. Conveying Modified Versions.
If you modify a copy of the Library, and, in your modifications, a
facility refers to a function or data to be supplied by an Application
that uses the facility (other than as an argument passed when the
facility is invoked), then you may convey a copy of the modified
version:
a) under this License, provided that you make a good faith effort to
ensure that, in the event an Application does not supply the
function or data, the facility still operates, and performs
whatever part of its purpose remains meaningful, or
b) under the GNU GPL, with none of the additional permissions of
this License applicable to that copy.
3. Object Code Incorporating Material from Library Header Files.
The object code form of an Application may incorporate material from
a header file that is part of the Library. You may convey such object
code under terms of your choice, provided that, if the incorporated
material is not limited to numerical parameters, data structure
layouts and accessors, or small macros, inline functions and templates
(ten or fewer lines in length), you do both of the following:
a) Give prominent notice with each copy of the object code that the
Library is used in it and that the Library and its use are
covered by this License.
b) Accompany the object code with a copy of the GNU GPL and this license
document.
4. Combined Works.
You may convey a Combined Work under terms of your choice that,
taken together, effectively do not restrict modification of the
portions of the Library contained in the Combined Work and reverse
engineering for debugging such modifications, if you also do each of
the following:
a) Give prominent notice with each copy of the Combined Work that
the Library is used in it and that the Library and its use are
covered by this License.
b) Accompany the Combined Work with a copy of the GNU GPL and this license
document.
c) For a Combined Work that displays copyright notices during
execution, include the copyright notice for the Library among
these notices, as well as a reference directing the user to the
copies of the GNU GPL and this license document.
d) Do one of the following:
0) Convey the Minimal Corresponding Source under the terms of this
License, and the Corresponding Application Code in a form
suitable for, and under terms that permit, the user to
recombine or relink the Application with a modified version of
the Linked Version to produce a modified Combined Work, in the
manner specified by section 6 of the GNU GPL for conveying
Corresponding Source.
1) Use a suitable shared library mechanism for linking with the
Library. A suitable mechanism is one that (a) uses at run time
a copy of the Library already present on the user's computer
system, and (b) will operate properly with a modified version
of the Library that is interface-compatible with the Linked
Version.
e) Provide Installation Information, but only if you would otherwise
be required to provide such information under section 6 of the
GNU GPL, and only to the extent that such information is
necessary to install and execute a modified version of the
Combined Work produced by recombining or relinking the
Application with a modified version of the Linked Version. (If
you use option 4d0, the Installation Information must accompany
the Minimal Corresponding Source and Corresponding Application
Code. If you use option 4d1, you must provide the Installation
Information in the manner specified by section 6 of the GNU GPL
for conveying Corresponding Source.)
5. Combined Libraries.
You may place library facilities that are a work based on the
Library side by side in a single library together with other library
facilities that are not Applications and are not covered by this
License, and convey such a combined library under terms of your
choice, if you do both of the following:
a) Accompany the combined library with a copy of the same work based
on the Library, uncombined with any other library facilities,
conveyed under the terms of this License.
b) Give prominent notice with the combined library that part of it
is a work based on the Library, and explaining where to find the
accompanying uncombined form of the same work.
6. Revised Versions of the GNU Lesser General Public License.
The Free Software Foundation may publish revised and/or new versions
of the GNU Lesser General Public License from time to time. Such new
versions will be similar in spirit to the present version, but may
differ in detail to address new problems or concerns.
Each version is given a distinguishing version number. If the
Library as you received it specifies that a certain numbered version
of the GNU Lesser General Public License "or any later version"
applies to it, you have the option of following the terms and
conditions either of that published version or of any later version
published by the Free Software Foundation. If the Library as you
received it does not specify a version number of the GNU Lesser
General Public License, you may choose any version of the GNU Lesser
General Public License ever published by the Free Software Foundation.
If the Library as you received it specifies that a proxy can decide
whether future versions of the GNU Lesser General Public License shall
apply, that proxy's public statement of acceptance of any version is
permanent authorization for you to choose that version for the
Library.

View file

@ -0,0 +1,27 @@
Copyright (c) 2013, Patrick Mezard
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
The names of its contributors may not be used to endorse or promote
products derived from this software without specific prior written
permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS
IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

View file

@ -0,0 +1,22 @@
Copyright (c) 2012 - 2013 Mat Ryer and Tyler Bunnell
Please consider promoting this project if you find it useful.
Permission is hereby granted, free of charge, to any person
obtaining a copy of this software and associated documentation
files (the "Software"), to deal in the Software without restriction,
including without limitation the rights to use, copy, modify, merge,
publish, distribute, sublicense, and/or sell copies of the Software,
and to permit persons to whom the Software is furnished to do so,
subject to the following conditions:
The above copyright notice and this permission notice shall be included
in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES
OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT
OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE
OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.