12
"github.com/containers/common/pkg/config"
13
"github.com/containers/podman/v5/libpod/define"
14
"github.com/containers/podman/v5/libpod/lock"
15
"github.com/opencontainers/runtime-spec/specs-go"
18
// Pod represents a group of containers that are managed together.
19
// Any operations on a Pod that access state must begin with a call to
21
// There is no guarantee that state exists in a readable state before this call,
22
// and even if it does its contents will be out of date and must be refreshed
24
// Generally, this requirement applies only to top-level functions; helpers can
25
// assume their callers handled this requirement. Generally speaking, if a
26
// function takes the pod lock and accesses any part of state, it should
27
// updatePod() immediately after locking.
28
// Pod represents a group of containers that may share namespaces
38
// PodConfig represents a pod's static configuration
39
type PodConfig struct {41
Name string `json:"name"`
42
// Namespace the pod is in
43
Namespace string `json:"namespace,omitempty"`
45
Hostname string `json:"hostname,omitempty"`
47
// Labels contains labels applied to the pod
48
Labels map[string]string `json:"labels"`
49
// CgroupParent contains the pod's Cgroup parent
50
CgroupParent string `json:"cgroupParent"`
51
// UsePodCgroup indicates whether the pod will create its own Cgroup and
52
// join containers to it.
53
// If true, all containers joined to the pod will use the pod cgroup as
54
// their cgroup parent, and cannot set a different cgroup parent
55
UsePodCgroup bool `json:"sharesCgroup,omitempty"`
57
// The following UsePod{kernelNamespace} indicate whether the containers58
// in the pod will inherit the namespace from the first container in the pod.
59
UsePodPID bool `json:"sharesPid,omitempty"`
60
UsePodIPC bool `json:"sharesIpc,omitempty"`
61
UsePodNet bool `json:"sharesNet,omitempty"`
62
UsePodMount bool `json:"sharesMnt,omitempty"`
63
UsePodUser bool `json:"sharesUser,omitempty"`
64
UsePodUTS bool `json:"sharesUts,omitempty"`
65
UsePodCgroupNS bool `json:"sharesCgroupNS,omitempty"`
67
HasInfra bool `json:"hasInfra,omitempty"`
69
// ServiceContainerID is the main container of a service. A service
70
// consists of one or more pods. The service container is started
71
// before all pods and is stopped when the last pod stops.
72
// The service container allows for tracking and managing the entire
73
// life cycle of service which may be started via `podman-play-kube`.
74
ServiceContainerID string `json:"serviceContainerID,omitempty"`
76
// Time pod was created
77
CreatedTime time.Time `json:"created"`
79
// CreateCommand is the full command plus arguments of the process the
80
// container has been created with.
81
CreateCommand []string `json:"CreateCommand,omitempty"`
83
// The pod's exit policy.
84
ExitPolicy config.PodExitPolicy `json:"ExitPolicy,omitempty"`
86
// The pod's restart policy
87
RestartPolicy string `json:"RestartPolicy,omitempty"`
89
// The max number of retries for a pod based on restart policy
90
RestartRetries *uint `json:"RestartRetries,omitempty"`
92
// ID of the pod's lock
93
LockID uint32 `json:"lockID"`
95
// ResourceLimits hold the pod level resource limits
96
ResourceLimits specs.LinuxResources
99
// podState represents a pod's state
100
type podState struct {101
// CgroupPath is the path to the pod's Cgroup
102
CgroupPath string `json:"cgroupPath"`
103
// InfraContainerID is the container that holds pod namespace information
104
// Most often an infra container
105
InfraContainerID string
108
// ID retrieves the pod's ID
109
func (p *Pod) ID() string {113
// Name retrieves the pod's name
114
func (p *Pod) Name() string {118
// MountLabel returns the SELinux label associated with the pod
119
func (p *Pod) MountLabel() (string, error) {120
if !p.HasInfraContainer() {123
ctr, err := p.infraContainer()
127
return ctr.MountLabel(), nil
130
// Namespace returns the pod's libpod namespace.
131
// Namespaces are used to logically separate containers and pods in the state.
132
func (p *Pod) Namespace() string {133
return p.config.Namespace
136
// ResourceLim returns the cpuset resource limits for the pod
137
func (p *Pod) ResourceLim() *specs.LinuxResources {138
resCopy := &specs.LinuxResources{}139
empty := &specs.LinuxResources{140
CPU: &specs.LinuxCPU{},142
if err := JSONDeepCopy(p.config.ResourceLimits, resCopy); err != nil {145
if resCopy.CPU != nil {152
// CPUPeriod returns the pod CPU period
153
func (p *Pod) CPUPeriod() uint64 {154
resLim := p.ResourceLim()
155
if resLim.CPU == nil || resLim.CPU.Period == nil {158
return *resLim.CPU.Period
161
// CPUQuota returns the pod CPU quota
162
func (p *Pod) CPUQuota() int64 {163
resLim := p.ResourceLim()
164
if resLim.CPU == nil || resLim.CPU.Quota == nil {167
return *resLim.CPU.Quota
170
// MemoryLimit returns the pod Memory Limit
171
func (p *Pod) MemoryLimit() uint64 {172
resLim := p.ResourceLim()
173
if resLim.Memory == nil || resLim.Memory.Limit == nil {176
return uint64(*resLim.Memory.Limit)
179
// MemorySwap returns the pod Memory swap limit
180
func (p *Pod) MemorySwap() uint64 {181
resLim := p.ResourceLim()
182
if resLim.Memory == nil || resLim.Memory.Swap == nil {185
return uint64(*resLim.Memory.Swap)
188
// BlkioWeight returns the pod blkio weight
189
func (p *Pod) BlkioWeight() uint64 {190
resLim := p.ResourceLim()
191
if resLim.BlockIO == nil || resLim.BlockIO.Weight == nil {194
return uint64(*resLim.BlockIO.Weight)
197
// CPUSetMems returns the pod CPUSet memory nodes
198
func (p *Pod) CPUSetMems() string {199
resLim := p.ResourceLim()
200
if resLim.CPU == nil {203
return resLim.CPU.Mems
206
// CPUShares returns the pod cpu shares
207
func (p *Pod) CPUShares() uint64 {208
resLim := p.ResourceLim()
209
if resLim.CPU == nil || resLim.CPU.Shares == nil {212
return *resLim.CPU.Shares
215
// BlkiThrottleReadBps returns the pod throttle devices
216
func (p *Pod) BlkiThrottleReadBps() []define.InspectBlkioThrottleDevice {217
resLim := p.ResourceLim()
218
if resLim.BlockIO == nil || resLim.BlockIO.ThrottleReadBpsDevice == nil {219
return []define.InspectBlkioThrottleDevice{}221
devs, err := blkioDeviceThrottle(nil, resLim.BlockIO.ThrottleReadBpsDevice)
223
return []define.InspectBlkioThrottleDevice{}228
// BlkiThrottleWriteBps returns the pod throttle devices
229
func (p *Pod) BlkiThrottleWriteBps() []define.InspectBlkioThrottleDevice {230
resLim := p.ResourceLim()
231
if resLim.BlockIO == nil || resLim.BlockIO.ThrottleWriteBpsDevice == nil {232
return []define.InspectBlkioThrottleDevice{}234
devs, err := blkioDeviceThrottle(nil, resLim.BlockIO.ThrottleWriteBpsDevice)
236
return []define.InspectBlkioThrottleDevice{}241
// NetworkMode returns the Network mode given by the user ex: pod, private...
242
func (p *Pod) NetworkMode() string {243
infra, err := p.runtime.GetContainer(p.state.InfraContainerID)
247
return infra.NetworkMode()
250
// Namespace Mode returns the given NS mode provided by the user ex: host, private...
251
func (p *Pod) NamespaceMode(kind specs.LinuxNamespaceType) string {252
infra, err := p.runtime.GetContainer(p.state.InfraContainerID)
256
ctrSpec := infra.config.Spec
257
if ctrSpec != nil && ctrSpec.Linux != nil {258
for _, ns := range ctrSpec.Linux.Namespaces {261
return fmt.Sprintf("ns:%s", ns.Path)271
// CPUQuota returns the pod CPU quota
272
func (p *Pod) VolumesFrom() []string {273
if p.state.InfraContainerID == "" {276
infra, err := p.runtime.GetContainer(p.state.InfraContainerID)
280
if ctrs, ok := infra.config.Spec.Annotations[define.VolumesFromAnnotation]; ok {281
return strings.Split(ctrs, ";")
286
// Labels returns the pod's labels
287
func (p *Pod) Labels() map[string]string {288
labels := make(map[string]string)
289
for key, value := range p.config.Labels {296
// CreatedTime gets the time when the pod was created
297
func (p *Pod) CreatedTime() time.Time {298
return p.config.CreatedTime
301
// CreateCommand returns the os.Args of the process with which the pod has been
303
func (p *Pod) CreateCommand() []string {304
return p.config.CreateCommand
307
// CgroupParent returns the pod's Cgroup parent
308
func (p *Pod) CgroupParent() string {309
return p.config.CgroupParent
312
// SharesPID returns whether containers in pod
313
// default to use PID namespace of first container in pod
314
func (p *Pod) SharesPID() bool {315
return p.config.UsePodPID
318
// SharesIPC returns whether containers in pod
319
// default to use IPC namespace of first container in pod
320
func (p *Pod) SharesIPC() bool {321
return p.config.UsePodIPC
324
// SharesNet returns whether containers in pod
325
// default to use network namespace of first container in pod
326
func (p *Pod) SharesNet() bool {327
return p.config.UsePodNet
330
// SharesMount returns whether containers in pod
331
// default to use PID namespace of first container in pod
332
func (p *Pod) SharesMount() bool {333
return p.config.UsePodMount
336
// SharesUser returns whether containers in pod
337
// default to use user namespace of first container in pod
338
func (p *Pod) SharesUser() bool {339
return p.config.UsePodUser
342
// SharesUTS returns whether containers in pod
343
// default to use UTS namespace of first container in pod
344
func (p *Pod) SharesUTS() bool {345
return p.config.UsePodUTS
348
// SharesCgroup returns whether containers in the pod will default to this pod's
349
// cgroup instead of the default libpod parent
350
func (p *Pod) SharesCgroup() bool {351
return p.config.UsePodCgroupNS
354
// Hostname returns the hostname of the pod.
355
func (p *Pod) Hostname() string {356
return p.config.Hostname
359
// CgroupPath returns the path to the pod's Cgroup
360
func (p *Pod) CgroupPath() (string, error) {362
defer p.lock.Unlock()
363
if err := p.updatePod(); err != nil {366
return p.state.CgroupPath, nil
369
// HasContainer checks if a container is present in the pod
370
func (p *Pod) HasContainer(id string) (bool, error) {372
return false, define.ErrPodRemoved
375
return p.runtime.state.PodHasContainer(p, id)
378
// AllContainersByID returns the container IDs of all the containers in the pod
379
func (p *Pod) AllContainersByID() ([]string, error) {381
defer p.lock.Unlock()
384
return nil, define.ErrPodRemoved
387
return p.runtime.state.PodContainersByID(p)
390
// AllContainers retrieves the containers in the pod
391
func (p *Pod) AllContainers() ([]*Container, error) {393
return nil, define.ErrPodRemoved
396
defer p.lock.Unlock()
397
return p.allContainers()
400
func (p *Pod) allContainers() ([]*Container, error) {401
return p.runtime.state.PodContainers(p)
404
// HasInfraContainer returns whether the pod will create an infra container
405
func (p *Pod) HasInfraContainer() bool {406
return p.config.HasInfra
409
// SharesNamespaces checks if the pod has any kernel namespaces set as shared. An infra container will not be
410
// created if no kernel namespaces are shared.
411
func (p *Pod) SharesNamespaces() bool {412
return p.SharesPID() || p.SharesIPC() || p.SharesNet() || p.SharesMount() || p.SharesUser() || p.SharesUTS()
415
// infraContainerID returns the infra ID without a lock
416
func (p *Pod) infraContainerID() (string, error) {417
if err := p.updatePod(); err != nil {420
return p.state.InfraContainerID, nil
423
// InfraContainerID returns the infra container ID for a pod.
424
// If the container returned is "", the pod has no infra container.
425
func (p *Pod) InfraContainerID() (string, error) {427
defer p.lock.Unlock()
428
return p.infraContainerID()
431
// infraContainer is the unlocked version of InfraContainer which returns the infra container
432
func (p *Pod) infraContainer() (*Container, error) {433
id, err := p.infraContainerID()
438
return nil, fmt.Errorf("pod has no infra container: %w", define.ErrNoSuchCtr)441
return p.runtime.state.Container(id)
444
// InfraContainer returns the infra container.
445
func (p *Pod) InfraContainer() (*Container, error) {447
defer p.lock.Unlock()
448
return p.infraContainer()
451
// TODO add pod batching
452
// Lock pod to avoid lock contention
453
// Store and lock all containers (no RemoveContainer in batch guarantees cache will not become stale)
455
// PodContainerStats is an organization struct for pods and their containers
456
type PodContainerStats struct {458
ContainerStats map[string]*define.ContainerStats
461
// GetPodStats returns the stats for each of its containers
462
func (p *Pod) GetPodStats(previousContainerStats map[string]*define.ContainerStats) (map[string]*define.ContainerStats, error) {464
defer p.lock.Unlock()
466
if err := p.updatePod(); err != nil {469
containers, err := p.runtime.state.PodContainers(p)
473
newContainerStats := make(map[string]*define.ContainerStats)
474
for _, c := range containers {475
newStats, err := c.GetContainerStats(previousContainerStats[c.ID()])
476
// If the container wasn't running, don't include it
477
// but also suppress the error
478
if err != nil && !errors.Is(err, define.ErrCtrStateInvalid) {482
newContainerStats[c.ID()] = newStats
485
return newContainerStats, nil
488
// ProcessLabel returns the SELinux label associated with the pod
489
func (p *Pod) ProcessLabel() (string, error) {490
if !p.HasInfraContainer() {493
ctr, err := p.infraContainer()
497
return ctr.ProcessLabel(), nil
500
// initContainers returns the list of initcontainers
501
// in a pod sorted by create time
502
func (p *Pod) initContainers() ([]*Container, error) {503
initCons := make([]*Container, 0)
504
// the pod is already locked when this is called
505
cons, err := p.allContainers()
509
// Sort the pod containers by created time
510
sort.Slice(cons, func(i, j int) bool { return cons[i].CreatedTime().Before(cons[j].CreatedTime()) })511
// Iterate sorted containers and add ids for any init containers
512
for _, c := range cons {513
if len(c.config.InitContainerType) > 0 {514
initCons = append(initCons, c)
520
func (p *Pod) Config() (*PodConfig, error) {522
defer p.lock.Unlock()
526
err := JSONDeepCopy(p.config, conf)
531
// ConfigNoCopy returns the configuration used by the pod.
532
// Note that the returned value is not a copy and must hence
533
// only be used in a reading fashion.
534
func (p *Pod) ConfigNoCopy() *PodConfig {