This repository was archived by the owner on May 12, 2021. It is now read-only.
howto: add sandbox config annotation howto#576
Merged
grahamwhaley merged 1 commit intokata-containers:masterfrom Apr 6, 2020
Merged
howto: add sandbox config annotation howto#576grahamwhaley merged 1 commit intokata-containers:masterfrom
grahamwhaley merged 1 commit intokata-containers:masterfrom
Conversation
Member
Author
|
/test |
Member
Author
|
Spell check doesn't understand some tech words, what shall I do to fix it? |
Contributor
grahamwhaley
left a comment
There was a problem hiding this comment.
Looking good! thanks!
I left some nitpicks. For the spelling, some words (like kata) need capitalisation I think (to Kata) - others, you might have to add to the dictionary, or they may be some 'magic quoting' that can effectively mark them as 'ignore'. See https://github.com/kata-containers/tests/tree/master/cmd/check-spelling#adding-a-new-word - and consult the spell master @jodh-intel ;-)
| |-------| ----- | ----- | | ||
| | `io.katacontainers.config_path` | string | kata config file location that overrides the default config paths | | ||
| | `io.katacontainers.pkg.oci.bundle_path` | string | oci bundle path | | ||
| | `io.katacontainers.pkg.oci.container_type`| string | oci container type. Only accpets `pod_container` and `pod_sandbox` | |
| ## Runtime Options | ||
| | Key | Value Type | Comments | | ||
| |-------| ----- | ----- | | ||
| | `io.katacontainers.config.runtime.disable_guest_seccomp`| boolean | determines if seccomp should be applied inside guest | |
| | Key | Value Type | Comments | | ||
| |-------| ----- | ----- | | ||
| | `io.katacontainers.config.runtime.disable_guest_seccomp`| boolean | determines if seccomp should be applied inside guest | | ||
| | `io.katacontainers.config.runtime.sandbox_cgroup_only`| boolean | determines if kata processes are managed only in sandbox cgroup | |
Contributor
There was a problem hiding this comment.
s/kata/Kata/ throughout?
| | `io.katacontainers.config.runtime.sandbox_cgroup_only`| boolean | determines if kata processes are managed only in sandbox cgroup | | ||
| | `io.katacontainers.config.runtime.experimental` | boolean | determines if experimental features enabled | | ||
| | `io.katacontainers.config.runtime.internetworking_model` | string| determines how the VM should be connected to the container network interface. Valid values are `macvtap`, `tcfilter` and `none` | | ||
| | `io.katacontainers.config.runtime.disable_new_netns` | boolean | determines if create a netns for hypervisor process | |
Contributor
There was a problem hiding this comment.
reword a little maybe:
determines if a new netns is created for the hypervisor process
| ## Hypervisor Options | ||
| | Key | Value Type | Comments | | ||
| |-------| ----- | ----- | | ||
| | `io.katacontainers.config.hypervisor.kernel` | string | the kernel needed to boot the container VM | |
| | `io.katacontainers.config.hypervisor.guest_hook_path` | string | the path within the VM that will be used for 'drop-in' hooks | | ||
| | `io.katacontainers.config.hypervisor.use_vsock` | boolean | specify use of vsock for agent communication | | ||
| | `io.katacontainers.config.hypervisor.hotplug_vfio_on_root_bus` | boolean | indicate if devices need to be hotplugged on the root bus instead of a bridge| | ||
| | `io.katacontainers.config.hypervisor.entropy_source` | string| the path to a host source of entropy (/dev/random, /dev/urandom or real hardware RNG device) | |
Contributor
There was a problem hiding this comment.
s?/dev/random?/dev/random?
|
Hi @bergwolf - tal at https://github.com/kata-containers/tests/tree/master/cmd/check-spelling/data/ - all acronymns / abbreviations need to use the "official" spelling (including capitalisation) and yes, s/kata/Kata/ please ;) You can "bypass" the spell-checker by putting a word in backticks, but that should only be used for things like filenames and command names (see https://github.com/kata-containers/documentation/blob/master/Documentation-Requirements.md#files-and-command-names). |
jodh-intel
reviewed
Dec 12, 2019
| # Per-Pod Kata Configurations | ||
|
|
||
| Kata Containers gives users freedom to customise at per-pod level, by setting | ||
| a wide range of kata specific annotations in the pod spec. |
| | Key | Value Type | Comments | | ||
| |-------| ----- | ----- | | ||
| | `io.katacontainers.config_path` | string | kata config file location that overrides the default config paths | | ||
| | `io.katacontainers.pkg.oci.bundle_path` | string | oci bundle path | |
| | Key | Value Type | Comments | | ||
| |-------| ----- | ----- | | ||
| | `io.katacontainers.config.hypervisor.kernel` | string | the kernel needed to boot the container VM | | ||
| | `io.katacontainers.config.hypervisor.image` | string | the guest image that will run in the container VM | |
There was a problem hiding this comment.
Can you sort the rows alphabetically by column 1 (the key)?
|
Just a reminder that this PR needs updating based on review feedback. |
Member
|
This is a great document @bergwolf. I know these edits can be painful, but will you get a chance to update the document? I'd love to be able to reference this! |
|
Ping @bergwolf - just a few |
9de435e to
752c67b
Compare
Member
Author
|
@grahamwhaley @jodh-intel Sorry for the delay. I've updated the PR to address all comments including sorting all options alphabetically. All spell checker warnings are fixed. PTAL. |
Member
Author
|
The spell checker is still failing but doesn't show any errors. @jodh-intel Any clue? I can't reproduce it locally. |
Contributor
|
@bergwolf - yep, working on it kata-containers/tests#2240 |
d163609 to
c855aaa
Compare
Member
Author
|
Thanks @grahamwhaley. |
Member
Author
|
/test |
GabyCT
approved these changes
Mar 2, 2020
Collaborator
|
@bergwolf could you please resolve the conflicts ? thanks |
This was referenced Mar 11, 2020
It explains the details of current supported annotations. Fixes: kata-containers#486 Fixes: kata-containers#294 Depends-on: github.com/kata-containers/tests#2240 Signed-off-by: Peng Tao <bergwolf@hyper.sh>
Contributor
|
/test-ubuntu |
grahamwhaley
approved these changes
Apr 6, 2020
Contributor
grahamwhaley
left a comment
There was a problem hiding this comment.
lgtm
I'm happy to merge this, even if we may need to tweak anything, as having this visible is so much better than having it sat in a PR.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
It explains the details of current supported annotations.
Fixes: #486
Fixes: #294
Signed-off-by: Peng Tao bergwolf@hyper.sh