Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Update container create api [WIP - DO NOT MERGE] #115

Open
wants to merge 24 commits into
base: main
Choose a base branch
from
Open

feat: Update container create api [WIP - DO NOT MERGE] #115

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
6f682c1
feat: add support for network disabled flag
coderbirju Dec 4, 2024
edfd76d
chore: add support for OomKillDisable flag
coderbirju Dec 5, 2024
43cea9c
chore: add support for MACAddress option
coderbirju Dec 5, 2024
880dbaf
chore: add unit tests for OomKillDisable, MACAddress and NetworkDisabled
coderbirju Dec 6, 2024
c67fa65
chore: add support for BlkioWeight
coderbirju Dec 6, 2024
b4dc13f
chore: add cpushares option
coderbirju Dec 6, 2024
5afa8d8
chore: add CPUQuota option
coderbirju Dec 7, 2024
0812dbe
chore: add Memory options
coderbirju Dec 8, 2024
52f625e
chore: add ContainerIDFile options
coderbirju Dec 9, 2024
a36b88d
chore: add VolumesFrom option
coderbirju Dec 9, 2024
630ac1d
chore: add CapAdd option
coderbirju Dec 9, 2024
32c5a11
chore: add GroupAdd option
coderbirju Dec 9, 2024
630904e
chore: add IPC and OomScoreAdj option
coderbirju Dec 9, 2024
9feb788
chore: add PidMode and Priviledged option
coderbirju Dec 9, 2024
3b47b07
chore: add ReadonlyRootfs and SecurityOpt option
coderbirju Dec 10, 2024
da1bf3d
chore: add Tmpfs and UTSMode option
coderbirju Dec 11, 2024
7a13bff
chore: add ShmSize, Sysctl and Runtime option
coderbirju Dec 11, 2024
c7f395a
chore: add Ulimits option
coderbirju Dec 11, 2024
f268dca
chore: add Device option
coderbirju Dec 12, 2024
e80657a
chore: add PidLimit option
coderbirju Dec 12, 2024
bd295b0
chore: add CgroupnsMode option
coderbirju Dec 13, 2024
8a25c03
chore: add e2e tests
coderbirju Dec 17, 2024
5956e50
fix: unit test cases
coderbirju Jan 14, 2025
bc7a9bd
chore: add OomScoreAdjChanged
coderbirju Jan 27, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
133 changes: 117 additions & 16 deletions api/handlers/container/create.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,50 @@ func (h *handler) create(w http.ResponseWriter, r *http.Request) {
ulimits = append(ulimits, ulimit.String())
}
}
// Tmpfs:
// Tmpfs are passed in as a map of strings,
// but nerdctl expects an array of strings with format [TMPFS1:VALUE1, TMPFS2:VALUE2, ...].
tmpfs := []string{}
if req.HostConfig.Tmpfs != nil {
for key, val := range req.HostConfig.Tmpfs {
tmpfs = append(tmpfs, fmt.Sprintf("%s:%s", key, val))
}
}

// Sysctls:
// Sysctls are passed in as a map of strings,
// but nerdctl expects an array of strings with format [Sysctls1=VALUE1, Sysctls2=VALUE2, ...].
sysctls := []string{}
if req.HostConfig.Sysctls != nil {
for key, val := range req.HostConfig.Sysctls {
sysctls = append(sysctls, fmt.Sprintf("%s=%s", key, val))
}
}

// devices:
// devices are passed in as a map of DeviceMapping,
// but nerdctl expects an array of strings with format [PathOnHost1:PathInContainer1:CgroupPermissions1, PathOnHost2:PathInContainer2:CgroupPermissions2, ...].
devices := []string{}
if req.HostConfig.Devices != nil {
for _, deviceMap := range req.HostConfig.Devices {
deviceString := ""
if deviceMap.PathOnHost != "" {
deviceString += deviceMap.PathOnHost
}

if deviceMap.PathInContainer != "" {
deviceString += ":"
deviceString += deviceMap.PathInContainer
}

if deviceMap.CgroupPermissions != "" {
deviceString += ":"
deviceString += deviceMap.CgroupPermissions
}
devices = append(devices, deviceString)
}
}

// Environment vars:
env := []string{}
if req.Env != nil {
Expand Down Expand Up @@ -164,6 +208,40 @@ func (h *handler) create(w http.ResponseWriter, r *http.Request) {
if req.HostConfig.CPUQuota != 0 {
CpuQuota = req.HostConfig.CPUQuota
}
shmSize := ""
if req.HostConfig.ShmSize > 0 {
shmSize = fmt.Sprint(req.HostConfig.ShmSize)
}

runtime := defaults.Runtime
if req.HostConfig.Runtime != "" {
runtime = req.HostConfig.Runtime
}

volumesFrom := []string{}
if req.HostConfig.VolumesFrom != nil {
volumesFrom = req.HostConfig.VolumesFrom
}

groupAdd := []string{}
if req.HostConfig.GroupAdd != nil {
groupAdd = req.HostConfig.GroupAdd
}

securityOpt := []string{}
if req.HostConfig.SecurityOpt != nil {
securityOpt = req.HostConfig.SecurityOpt
}

cgroupnsMode := defaults.CgroupnsMode()
if req.HostConfig.CgroupnsMode.Valid() {
cgroupnsMode = string(req.HostConfig.CgroupnsMode)
}

var oomScoreAdjChanged bool
if req.HostConfig.OomScoreAdj != 0 || req.HostConfig.OomScoreAdjChanged {
oomScoreAdjChanged = req.HostConfig.OomScoreAdjChanged
}

globalOpt := ncTypes.GlobalCommandOptions(*h.Config)
createOpt := ncTypes.ContainerCreateOptions{
Expand All @@ -172,15 +250,19 @@ func (h *handler) create(w http.ResponseWriter, r *http.Request) {
GOptions: globalOpt,

// #region for basic flags
Interactive: false, // TODO: update this after attach supports STDIN
TTY: false, // TODO: update this after attach supports STDIN
Detach: true, // TODO: current implementation of create does not support AttachStdin, AttachStdout, and AttachStderr flags
Restart: restart, // Restart policy to apply when a container exits.
Rm: req.HostConfig.AutoRemove, // Automatically remove container upon exit.
Pull: "missing", // nerdctl default.
StopSignal: stopSignal,
StopTimeout: stopTimeout,
CidFile: req.HostConfig.ContainerIDFile, // CidFile write the container ID to the file
Interactive: false, // TODO: update this after attach supports STDIN
TTY: false, // TODO: update this after attach supports STDIN
Detach: true, // TODO: current implementation of create does not support AttachStdin, AttachStdout, and AttachStderr flags
Restart: restart, // Restart policy to apply when a container exits.
Rm: req.HostConfig.AutoRemove, // Automatically remove container upon exit.
Pull: "missing", // nerdctl default.
StopSignal: stopSignal,
StopTimeout: stopTimeout,
CidFile: req.HostConfig.ContainerIDFile, // CidFile write the container ID to the file
OomKillDisable: req.HostConfig.OomKillDisable,
OomScoreAdj: req.HostConfig.OomScoreAdj,
OomScoreAdjChanged: oomScoreAdjChanged,
Pid: req.HostConfig.PidMode, // Pid namespace to use
// #endregion

// #region for platform flags
Expand All @@ -197,29 +279,39 @@ func (h *handler) create(w http.ResponseWriter, r *http.Request) {
CPUQuota: CpuQuota, // CPUQuota limits the CPU CFS (Completely Fair Scheduler) quota
MemorySwappiness64: memorySwappiness, // Tuning container memory swappiness behaviour
PidsLimit: pidLimit, // PidsLimit specifies the tune container pids limit
Cgroupns: defaults.CgroupnsMode(), // nerdctl default.
Cgroupns: cgroupnsMode, // Cgroupns specifies the cgroup namespace to use
MemoryReservation: memoryReservation, // Memory soft limit (in bytes)
MemorySwap: memorySwap, // Total memory usage (memory + swap); set `-1` to enable unlimited swap
Ulimit: ulimits, // List of ulimits to be set in the container
CPUPeriod: uint64(req.HostConfig.CPUPeriod),
BlkioWeight: req.HostConfig.BlkioWeight, // block IO weight (relative)
CPUPeriod: uint64(req.HostConfig.CPUPeriod), // CPU CFS (Completely Fair Scheduler) period
CPUSetCPUs: req.HostConfig.CPUSetCPUs, // CpusetCpus 0-2, 0,1
CPUSetMems: req.HostConfig.CPUSetMems, // CpusetMems 0-2, 0,1
IPC: req.HostConfig.IpcMode, // IPC namespace to use
ShmSize: shmSize, // ShmSize set the size of /dev/shm
Device: devices, // Device specifies add a host device to the container
// #endregion

// #region for user flags
User: req.User,
User: req.User,
GroupAdd: groupAdd,
// #endregion

// #region for security flags
SecurityOpt: []string{}, // nerdctl default.
SecurityOpt: securityOpt, // nerdctl default.
CapAdd: capAdd,
CapDrop: capDrop,
Privileged: req.HostConfig.Privileged,
// #endregion
// #region for runtime flags
Runtime: defaults.Runtime, // nerdctl default.
Runtime: runtime, // Runtime to use for this container, e.g. "crun", or "io.containerd.runc.v2".
Sysctl: sysctls, // Sysctl set sysctl options, e.g "net.ipv4.ip_forward=1"
// #endregion

// #region for volume flags
Volume: volumes,
Volume: volumes,
VolumesFrom: volumesFrom,
Tmpfs: tmpfs,
// #endregion

// #region for env flags
Expand Down Expand Up @@ -248,6 +340,10 @@ func (h *handler) create(w http.ResponseWriter, r *http.Request) {
Stderr: nil,
},
// #endregion

// #region for rootfs flags
ReadOnly: req.HostConfig.ReadonlyRootfs, // Is the container root filesystem in read-only
// #endregion
}

portMappings, err := translatePortMappings(req.HostConfig.PortBindings)
Expand All @@ -260,18 +356,23 @@ func (h *handler) create(w http.ResponseWriter, r *http.Request) {
if networkMode == "" || networkMode == "default" {
networkMode = "bridge"
}
if req.NetworkDisabled {
networkMode = "none"
}
dnsOpt := []string{}
if req.HostConfig.DNSOptions != nil {
dnsOpt = req.HostConfig.DNSOptions
}
netOpt := ncTypes.NetworkOptions{
Hostname: req.Hostname,
NetworkSlice: []string{networkMode}, // TODO: Set to none if "NetworkDisabled" is true in request
NetworkSlice: []string{networkMode},
DNSServers: req.HostConfig.DNS, // Custom DNS lookup servers.
DNSResolvConfOptions: dnsOpt, // DNS options.
DNSSearchDomains: req.HostConfig.DNSSearch, // Custom DNS search domains.
PortMappings: portMappings,
AddHost: req.HostConfig.ExtraHosts, // Extra hosts.
MACAddress: req.MacAddress,
UTSNamespace: req.HostConfig.UTSMode,
}

ctx := namespaces.WithNamespace(r.Context(), h.Config.Namespace)
Expand Down
Loading
Loading