From 733e60c8cf5a02f7e92bd4a7c646d8f5c1ba4e22 Mon Sep 17 00:00:00 2001 From: Rich Baird Date: Thu, 16 Jun 2022 11:52:41 -0500 Subject: [PATCH 1/6] extend the docker extension to permit options for advanced settings Signed-off-by: Rich Baird --- pkg/cnab/docker.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkg/cnab/docker.go b/pkg/cnab/docker.go index 68aba1f74..6785fa3b2 100644 --- a/pkg/cnab/docker.go +++ b/pkg/cnab/docker.go @@ -3,6 +3,7 @@ package cnab import ( "encoding/json" + "github.com/docker/docker/api/types/mount" "github.com/pkg/errors" ) @@ -29,6 +30,10 @@ var DockerExtension = RequiredExtension{ type Docker struct { // Privileged represents whether or not the Docker container should run as --privileged Privileged bool `json:"privileged,omitempty"` + Mounts []mount.Mount `json:"mounts,omitempty"` + Network string `json:"network,omitempty"` + CapAdd []string `json:"capadd,omitempty"` + CapDrop []string `json:"capdrop,omitempty"` } // DockerExtensionReader is a Reader for the DockerExtension, From c6cb0133319bca879fc8cffce6c9beb6cf95d2ff Mon Sep 17 00:00:00 2001 From: Rich Baird Date: Thu, 16 Jun 2022 11:47:40 -0500 Subject: [PATCH 2/6] Pass new configuration options to the underlying driver Signed-off-by: Rich Baird --- pkg/cnab/provider/driver.go | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/pkg/cnab/provider/driver.go b/pkg/cnab/provider/driver.go index 5d9a2f14e..df4bcc86c 100644 --- a/pkg/cnab/provider/driver.go +++ b/pkg/cnab/provider/driver.go @@ -78,6 +78,34 @@ func (r *Runtime) dockerDriverWithHostAccess(config cnab.Docker) (driver.Driver, }) } + if config.CapAdd != nil { + d.AddConfigurationOptions(func(cfg *container.Config, hostCfg *container.HostConfig) error { + hostCfg.CapAdd = config.CapAdd + return nil + }) + } + + if config.CapDrop != nil { + d.AddConfigurationOptions(func(cfg *container.Config, hostCfg *container.HostConfig) error { + hostCfg.CapDrop = config.CapDrop + return nil + }) + } + + if config.Mounts != nil { + d.AddConfigurationOptions(func(cfg *container.Config, hostCfg *container.HostConfig) error { + hostCfg.Mounts = config.Mounts + return nil + }) + } + + if config.Network != "" { + d.AddConfigurationOptions(func(cfg *container.Config, hostCfg *container.HostConfig) error { + hostCfg.NetworkMode = container.NetworkMode(config.Network) + return nil + }) + } + // Mount the docker socket d.AddConfigurationOptions(r.mountDockerSocket) From eaf1d1ca89ce597d87ebf50441f77c3155863f6f Mon Sep 17 00:00:00 2001 From: Rich Baird Date: Thu, 16 Jun 2022 13:13:13 -0500 Subject: [PATCH 3/6] Document Docker configuration additions Signed-off-by: Rich Baird --- pkg/cnab/docker.go | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/pkg/cnab/docker.go b/pkg/cnab/docker.go index 6785fa3b2..30ababa96 100644 --- a/pkg/cnab/docker.go +++ b/pkg/cnab/docker.go @@ -30,9 +30,13 @@ var DockerExtension = RequiredExtension{ type Docker struct { // Privileged represents whether or not the Docker container should run as --privileged Privileged bool `json:"privileged,omitempty"` + // Mounts represent mounts to be attached to the host machine with all configurable options. Mounts []mount.Mount `json:"mounts,omitempty"` + // Network represents the network type applied to the container "host,bridged,etc" Network string `json:"network,omitempty"` + // CapAdd represents the capabilities available to the container kernel CapAdd []string `json:"capadd,omitempty"` + // CapDrop represents capabilities to exclude from the container kernel CapDrop []string `json:"capdrop,omitempty"` } From c1206cd67b37be1a22d27eecbfff833a74803140 Mon Sep 17 00:00:00 2001 From: Rich Baird Date: Thu, 16 Jun 2022 13:40:36 -0500 Subject: [PATCH 4/6] add name to contributors list Signed-off-by: Rich Baird --- CONTRIBUTORS.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md index 850bd7081..8b6163c39 100644 --- a/CONTRIBUTORS.md +++ b/CONTRIBUTORS.md @@ -69,4 +69,5 @@ and we will add you. **All** contributors belong here. 💯 * [Tamir Kamara](https://github.com/tamirkamara) * [Chioma Onyekpere](https://github.com/Simpcyclassy) * [Hrittik Roy](https://github.com/hrittikhere) -* [Tanmay Chaudhry](https://github.com/tchaudhry91) \ No newline at end of file +* [Tanmay Chaudhry](https://github.com/tchaudhry91) +* [Rich Baird](https://github.com/richbai90) \ No newline at end of file From 2ed96ebeae0a356940e39f9a62f3b924ec4b7145 Mon Sep 17 00:00:00 2001 From: Rich Baird Date: Thu, 16 Jun 2022 15:35:18 -0500 Subject: [PATCH 5/6] Add additional portMapping and restartPolicy options to docker extension options Signed-off-by: Rich Baird --- pkg/cnab/docker.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/pkg/cnab/docker.go b/pkg/cnab/docker.go index 30ababa96..d02eed2df 100644 --- a/pkg/cnab/docker.go +++ b/pkg/cnab/docker.go @@ -3,7 +3,9 @@ package cnab import ( "encoding/json" + "github.com/docker/docker/api/types/container" "github.com/docker/docker/api/types/mount" + "github.com/docker/go-connections/nat" "github.com/pkg/errors" ) @@ -38,6 +40,11 @@ type Docker struct { CapAdd []string `json:"capadd,omitempty"` // CapDrop represents capabilities to exclude from the container kernel CapDrop []string `json:"capdrop,omitempty"` + // Ports to bind between the host and the container + PortBindings []nat.PortMap `json:"portBindings,omitempty"` + // Restart policy to be used for the container + // This may be useful in some rare cases + RestartPolicy container.RestartPolicy `json:"restartPolicy"` } // DockerExtensionReader is a Reader for the DockerExtension, From 9c1f3e1400dbca78736214ccac05ff8152414d34 Mon Sep 17 00:00:00 2001 From: Rich Baird Date: Thu, 16 Jun 2022 15:36:03 -0500 Subject: [PATCH 6/6] update the docker schema with the new values Signed-off-by: Rich Baird --- pkg/cnab/schema/io-cnab-docker.schema.json | 172 +++++++++++++++++++-- 1 file changed, 163 insertions(+), 9 deletions(-) diff --git a/pkg/cnab/schema/io-cnab-docker.schema.json b/pkg/cnab/schema/io-cnab-docker.schema.json index 662369203..e05909e31 100644 --- a/pkg/cnab/schema/io-cnab-docker.schema.json +++ b/pkg/cnab/schema/io-cnab-docker.schema.json @@ -1,11 +1,165 @@ { - "$schema": "http://json-schema.org/draft-07/schema#", - "type": "object", - "properties": { - "privileged": { - "description": "Option to set the --privileged flag when running the Docker container", - "type": "boolean" + "$schema": "http://json-schema.org/draft-07/schema#", + "type": "object", + "properties": { + "privileged": { + "description": "Option to set the --privileged flag when running the Docker container", + "type": "boolean" + }, + "mounts": { + "description": "Specify mount configurations as parseable by the --mount flag", + "type": "array", + "items": { + "type": "object", + "description": "Options general to all mount configurations", + "properties": { + "Type": { + "type": "string", + "description": "Sets the mount type (bind/volume/tmpfs/npipe)" + }, + "Source": { + "type": "string", + "description": "The source of the mount on the host machine, or empty when using tmpfs" + }, + "Target": { + "type": "string", + "description": "The target of the mount on the container" + }, + "ReadOnly": { + "type": "boolean", + "description": "Specify that the mount has readonly access" + }, + "Consistency": { + "type": "string", + "description": "Specify the concsistency type for the mount" + }, + "BindOptions": { + "type": "object", + "properties": { + "Propagation": { + "type": "string", + "description": "Specify the propagation behavior for the mount" + }, + "NonRecursive": { + "type": "boolean", + "description": "Specify whether or not the mount should be recursive" + } + } + }, + "VolumeOptions": { + "type": "object", + "description": "Options specific to the volume mount type", + "properties": { + "NoCopy": { + "type": "boolean", + "description": "Specify" + }, + "Labels": { + "type": "object", + "description": "A map of volume labels in the form of :", + "patternProperties": { + "[a-zA-Z_0-9-]+": { + "type": "string" + } + } + }, + "DriverConfig": { + "type": "object", + "description": "Driver configuration options", + "properties": { + "Name": { + "type": "string", + "description": "The name of the driver to use" + }, + "Options": { + "type": "object", + "description": "A map of driver configuration options to use in the form of {option: value}", + "patternProperties": { + "[a-zA-Z_0-9-]+": { + "type": "string" + } + } + } + } + } + } + }, + "TmpfsOptions": { + "type": "object", + "description": "Options specific to the tmpfs mount type", + "properties": { + "SizeBytes": { + "type": "integer", + "description": "Specify the size of the filesystem in bytes" + }, + "Mode": { + "type": "integer", + "description": "Specify the filemode for the fs" + } + } + } + } + } + }, + "network": { + "type": "string", + "description": "Specify the network type to use when launching the container" + }, + "capadd": { + "type": "array", + "description": "A list of capabilities to add", + "items": { + "type": "string" + } + }, + "capdrop": { + "type": "array", + "description": "A llist of capabilities to drop", + "items": { + "type": "string" + }, + "examples": [] + }, + "portBindings": { + "type": "array", + "description": "A list of ports to bind between the host and the container", + "items": { + "type": "object", + "properties": { + "patternProperties": { + "[0-9]+": { + "type": "array", + "description": "The port on the container to bind", + "items": { + "type": "object", + "properties": { + "HostIp": { + "type": "The ip to bind the port to on the host" + }, + "HostPort": { + "type": "string", + "description": "The port on the host to map the container port to" + } + } + } + } + } + } + } + }, + "restartPolicy": { + "type": "object", + "description": "The restart policy for the container", + "properties": { + "Name": { + "type": "string", + "description": "The name of the restart policy" + }, + "MaximumRetryCount": { + "type": "integer", + "description": "The maximum retry count" + } + } + } } - }, - "additionalProperties": false -} +} \ No newline at end of file