kpod: Partially address comments by Dan
Signed-off-by: Matthew Heon <mheon@redhat.com>
This commit is contained in:
Matthew Heon
parent
f96f4c85f6
commit
ddeff0fcef
1 changed files with 22 additions and 23 deletions
|
|
@ -20,7 +20,6 @@ import (
|
||||||
// Terminal attach implementation (kpod attach command?)
|
// Terminal attach implementation (kpod attach command?)
|
||||||
// Logging (interaction with crio daemon?)
|
// Logging (interaction with crio daemon?)
|
||||||
// Properly place created containers in cgroups
|
// Properly place created containers in cgroups
|
||||||
// Sanely populate metadata for sandbox
|
|
||||||
// Missing parsing in CLI handling - DNS, port forwards, mounts, devices, resource limits etc
|
// Missing parsing in CLI handling - DNS, port forwards, mounts, devices, resource limits etc
|
||||||
// Labels and Annotations (pod & container)
|
// Labels and Annotations (pod & container)
|
||||||
// Security & confinement - SELinux, AppArmor, seccomp, capabilities
|
// Security & confinement - SELinux, AppArmor, seccomp, capabilities
|
||||||
|
|
@ -31,76 +30,76 @@ import (
|
||||||
|
|
||||||
var launchCommand = cli.Command{
|
var launchCommand = cli.Command{
|
||||||
Name: "launch",
|
Name: "launch",
|
||||||
Usage: "launch a pod",
|
Usage: "launch a pod or insert a container into an existing pod",
|
||||||
Flags: []cli.Flag{
|
Flags: []cli.Flag{
|
||||||
cli.StringFlag{
|
cli.StringFlag{
|
||||||
Name: "image",
|
Name: "image",
|
||||||
Value: "",
|
Value: "",
|
||||||
Usage: "image to launch",
|
Usage: "`image` to launch",
|
||||||
},
|
},
|
||||||
cli.BoolFlag{
|
cli.BoolFlag{
|
||||||
Name: "attach",
|
Name: "attach",
|
||||||
Usage: "attach to the container once it is created",
|
Usage: "`attach` to the primary container once it is created",
|
||||||
},
|
},
|
||||||
cli.StringSliceFlag{
|
cli.StringSliceFlag{
|
||||||
Name: "env",
|
Name: "env",
|
||||||
Usage: "specify environment variables to be set inside launched container, specified as KEY=VALUE",
|
Usage: "specify environment `variable`s to be set inside the primary container, specified as `VARIABLE=VALUE`",
|
||||||
},
|
},
|
||||||
cli.StringFlag{
|
cli.StringFlag{
|
||||||
Name: "labels, l",
|
Name: "labels, l",
|
||||||
Value: "",
|
Value: "",
|
||||||
Usage: "specify labels to be set on launched container",
|
Usage: "specify `label`s to be set on launched pod",
|
||||||
},
|
},
|
||||||
cli.StringFlag{
|
cli.StringFlag{
|
||||||
Name: "limits",
|
Name: "limits",
|
||||||
Value: "",
|
Value: "",
|
||||||
Usage: "specify resource limits for launched container",
|
Usage: "specify resource `limit`s for the primary container",
|
||||||
},
|
},
|
||||||
cli.StringFlag{
|
cli.StringFlag{
|
||||||
Name: "ports",
|
Name: "ports",
|
||||||
Value: "",
|
Value: "",
|
||||||
Usage: "specify ports to be forwarded to launched container",
|
Usage: "specify `port`s to be forwarded to the launched pod",
|
||||||
},
|
},
|
||||||
cli.BoolFlag{
|
cli.BoolFlag{
|
||||||
Name: "rm",
|
Name: "rm",
|
||||||
Usage: "remove launched container (and pod, if a new pod was created) after it exits",
|
Usage: "`remove` launched container (and pod, if a new pod was created) after it exits",
|
||||||
},
|
},
|
||||||
cli.BoolFlag{
|
cli.BoolFlag{
|
||||||
Name: "stdin, i",
|
Name: "stdin, i",
|
||||||
Usage: "keep stdin open on launched container",
|
Usage: "keep `stdin` open on primary container",
|
||||||
},
|
},
|
||||||
cli.BoolFlag{
|
cli.BoolFlag{
|
||||||
Name: "tty, t",
|
Name: "tty, t",
|
||||||
Usage: "allocate a TTY for launched container",
|
Usage: "allocate a `TTY` for primary container",
|
||||||
},
|
},
|
||||||
cli.StringSliceFlag{
|
cli.StringSliceFlag{
|
||||||
Name: "mount",
|
Name: "mount",
|
||||||
Usage: "attach mounts on the host to created container",
|
Usage: "attach `mount`s on the host to primary container",
|
||||||
},
|
},
|
||||||
cli.StringSliceFlag{
|
cli.StringSliceFlag{
|
||||||
Name: "device",
|
Name: "device",
|
||||||
Usage: "make host devices available inside the container",
|
Usage: "make host `device`s available inside the primary container",
|
||||||
},
|
},
|
||||||
cli.StringSliceFlag{
|
cli.StringSliceFlag{
|
||||||
Name: "dns",
|
Name: "dns",
|
||||||
Usage: "set DNS servers for container",
|
Usage: "set `DNS server`s for pod",
|
||||||
},
|
},
|
||||||
cli.StringSliceFlag{
|
cli.StringSliceFlag{
|
||||||
Name: "dns-search",
|
Name: "dns-search",
|
||||||
Usage: "set DNS search domains for container",
|
Usage: "set `DNS search domain`s for pod",
|
||||||
},
|
},
|
||||||
cli.StringFlag{
|
cli.StringFlag{
|
||||||
Name: "pod",
|
Name: "pod",
|
||||||
Value: "",
|
Value: "",
|
||||||
Usage: "launch container inside an existing pod",
|
Usage: "launch container inside an `existing pod`",
|
||||||
},
|
},
|
||||||
cli.BoolFlag{
|
cli.BoolFlag{
|
||||||
Name: "privileged",
|
Name: "privileged",
|
||||||
Usage: "launch a privileged container",
|
Usage: "launch a `privileged` pod",
|
||||||
},
|
},
|
||||||
cli.BoolFlag{
|
cli.BoolFlag{
|
||||||
Name: "read-only",
|
Name: "read-only",
|
||||||
Usage: "mount root of created container as read only",
|
Usage: "mount root of primary container as `read only`",
|
||||||
},
|
},
|
||||||
cli.BoolFlag{
|
cli.BoolFlag{
|
||||||
Name: "host-network",
|
Name: "host-network",
|
||||||
|
|
@ -117,12 +116,12 @@ var launchCommand = cli.Command{
|
||||||
cli.StringFlag{
|
cli.StringFlag{
|
||||||
Name: "group-add",
|
Name: "group-add",
|
||||||
Value: "",
|
Value: "",
|
||||||
Usage: "comma-separated list of additional groups to run as",
|
Usage: "comma-separated list of additional `group`s to run as",
|
||||||
},
|
},
|
||||||
cli.StringFlag{
|
cli.StringFlag{
|
||||||
Name: "user",
|
Name: "user",
|
||||||
Value: "",
|
Value: "",
|
||||||
Usage: "specify user to run container as",
|
Usage: "specify `user` to run primary container as",
|
||||||
},
|
},
|
||||||
},
|
},
|
||||||
Action: func(ctx *cli.Context) error {
|
Action: func(ctx *cli.Context) error {
|
||||||
|
|
@ -576,7 +575,7 @@ func generateLinuxSecurityConfigs(cliConfig *launchConfig) (*pb.LinuxSandboxSecu
|
||||||
func getRandomID() (string, error) {
|
func getRandomID() (string, error) {
|
||||||
urandom, err := os.Open("/dev/urandom")
|
urandom, err := os.Open("/dev/urandom")
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", fmt.Errorf("could not open urandom for reading: %v", err)
|
return "", fmt.Errorf("could not open /dev/urandom for reading: %v", err)
|
||||||
}
|
}
|
||||||
|
|
||||||
defer urandom.Close()
|
defer urandom.Close()
|
||||||
|
|
@ -584,9 +583,9 @@ func getRandomID() (string, error) {
|
||||||
data := make([]byte, 16)
|
data := make([]byte, 16)
|
||||||
count, err := urandom.Read(data)
|
count, err := urandom.Read(data)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return "", fmt.Errorf("error reading from urandom: %v", err)
|
return "", fmt.Errorf("error reading from /dev/urandom: %v", err)
|
||||||
} else if count != 16 {
|
} else if count != 16 {
|
||||||
return "", fmt.Errorf("read too few bytes from urandom")
|
return "", fmt.Errorf("read too few bytes from /dev/urandom")
|
||||||
}
|
}
|
||||||
|
|
||||||
return hex.EncodeToString(data), nil
|
return hex.EncodeToString(data), nil
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue