garden job from garden-runc/1.45.0
Github source:
700eadf7
or
master branch
Properties¶
bpm
¶
enabled
¶Use bpm. NOTE: this requires a recreate when enabling for the first time, otherwise old containers may be left running. NOTE: When this property is enabled, containers won’t survive a restart of the garden job. This is why garden.destroy_containers_on_start should be set to avoid leaking container state.
- Default
false
garden
¶
additional_bpm_volumes
¶An array of shared writable volumes which will be mounted into the BPM container. Submounts from all mount namespaces in a volume are visible in all containers that have the volume mounted in. Note: Can only be used when deploying with BPM to mount in existing volumes.
- Default
[]
additional_dns_servers
¶Additional DNS servers to be used in containers; extends those used on the host or those set by dns_servers property
- Default
[]
additional_host_entries
¶Additional hosts file entries to be used in containers.
- Default
[]
allow_host_access
¶A boolean stating whether or not containers started on this host should be able to reach this host. Changing the value on an existing deployment requires a recreate
- Default
false
apparmor_profile
¶AppArmor profile to use for unprivileged container processes
- Default
garden-default
cleanup_process_dirs_on_wait
¶A boolean stating whether or not to cleanup process state after waiting for it. If set a process can be waited for only once.
- Default
false
containerd_mode
¶Use containerd for container lifecycle management. NOTE: cannot be used in combination with bpm or rootless
- Default
false
cpu_quota_per_share_in_us
¶Maximum number of microseconds each cpu share assigned to a container allows per quota period. When set to zero cpu limit is disabled.
- Default
0
cpu_throttling
¶Throttle cpu of badly behaving apps. Note this changes the cpu cgroup structure, and existing containers should be destroyed when changing this value (e.g. set destroy_containers_on_start to true).
cpu_throttling_check_interval
¶Number of seconds between each CPU throttling check. If set this will override the experimental value.
debug_listen_address
¶tcp address on which to serve debug info
default_container_blockio_weight
¶default blkio.weight value for containers. Valid values are 0 (use system default), or 10 - 1000.
- Default
0
default_container_grace_time
¶duration after which to reap idle containers
- Default
0
default_container_rootfs
¶path to the rootfs to use when a container specifies no rootfs
- Default
/var/vcap/packages/busybox/busybox-1.36.1.tar
deny_networks
¶List of CIDR blocks to which containers will be denied access.
- Default
[]
destroy_containers_on_start
¶If true, all existing containers will be destroyed any time the garden server starts up
- Default
false
disable_swap_limit
¶If true, container is not going to be limited in swap space. Should only be used if swap is disabled on the VM.
- Default
false
dns_servers
¶Override DNS servers to be used in containers; defaults to the same as the host
- Default
[]
docker_registry_endpoint
¶An URL pointing to the Docker registry to use to fetch Docker images. If unset, this will default to the Docker default.
dropsonde
¶
destination
¶A URL that points at the Metron agent to which metrics are forwarded. By default, it matches with the default of Metron.
origin
¶A string identifier that will be used when reporting metrics to Dropsonde.
enable_container_network_metrics
¶Enable container network metrics. This feature is only available on Linux.
- Default
false
experimental_cpu_entitlement_per_share_in_percent
¶CPU percentage entitled to a container for a single CPU share. 0 means that the entitlement will be automatically calculated so that the CPU resources get optimally distributed.
- Default
0
experimental_cpu_throttling
¶Deprecated. Will be removed in favor of the non-experimental property. Throttle cpu of badly behaving apps. Note this changes the cpu cgroup structure, and existing containers should be destroyed when changing this value (e.g. set destroy_containers_on_start to true). The non-experimental property will override this one if set.
- Default
false
experimental_cpu_throttling_check_interval
¶Deprecated. Will be removed in favor of the non-experimental property. Number of seconds between each CPU throttling check. The non-experimental property will override this one if it is set.
- Default
15
experimental_rootless_mode
¶A boolean stating whether or not to run garden-server as a non-root user
- Default
false
experimental_tcp_mem_limit_in_bytes
¶No longer supported! Previously set a hard limit for the tcp buffer memory in bytes but now not supported in runc.
- Default
0
experimental_use_containerd_mode_for_processes
¶(Under development) Use containerd for container process management. Must be used with containerd_mode also set to true. NOTE: cannot be used in combination with bpm or rootless
- Default
false
graph_cleanup_threshold_in_mb
¶DEPRECATED in favour of grootfs.reserved_space_for_other_jobs_in_mb.
- Default
-1
http_proxy
¶Http proxy that Garden process should use
https_proxy
¶Https proxy that Garden process should use
image_plugin
¶Path to an optional image plugin binary
image_plugin_extra_args
¶An array of additional arguments which will be passed to the image plugin binary
- Default
[]
insecure_docker_registry_list
¶DEPRECATED in favour of grootfs property.
- Default
[]
iptables_bin_dir
¶Path to directory that contains iptables binary
- Default
/sbin
listen_address
¶Garden server listening address.
- Default
/var/vcap/data/garden/garden.sock
listen_network
¶Garden server connection mode (tcp or unix).
- Default
unix
log_level
¶log level for the Garden server - can be debug, info, error or fatal
- Default
info
max_containers
¶Maximum container capacity to advertise. It is not recommended to set this larger than 250.
- Default
250
network_mtu
¶Maximum network transmission unit length in bytes. Defaults to the mtu of the interface that the host uses for outbound connections. Max allowed value is 1500. Changed value applies only to newly created containers.
- Default
0
network_plugin
¶Path to an optional network plugin binary
network_plugin_extra_args
¶An array of additional arguments which will be passed to the network plugin binary
- Default
[]
network_pool
¶A CIDR subnet mask specifying the range of subnets available to be assigned to containers.
- Default
10.254.0.0/22
no_image_plugin
¶If true, disables image plugin usage, thus ignoring other image plugin settings
- Default
false
no_proxy
¶List of comma-separated hosts that should skip connecting to the proxy
port_pool
¶
size
¶An integer used to denote how many ports are avaliable for Net In calls. Uses the Garden default if not set.
start
¶An integer port number used to denote where ports should start being allocated for Net In calls. Uses the Garden default if not set.
privileged_image_plugin
¶Path to an optional privileged image plugin binary
privileged_image_plugin_extra_args
¶An array of additional arguments which will be passed to the privileged image plugin binary when creating privileged containers - these will be passed instead of the contents of image_plugin_extra_args
- Default
[]
runtime_plugin
¶Path to a runtime plugin binary
- Default
/var/vcap/packages/runc/bin/runc
tcp_keepalive_intvl
¶Sets the
net.ipv4.tcp_keepalive_intvl
kernel parameter in containers. If not specified, the value from the linux init_net namespace is used.
tcp_keepalive_probes
¶Sets the
net.ipv4.tcp_keepalive_probes
kernel parameter in containers. If not specified, the value from the linux init_net namespace is used.
tcp_keepalive_time
¶Sets the
net.ipv4.tcp_keepalive_time
kernel parameter in containers. If not specified, the value from the linux init_net namespace is used.
tcp_retries1
¶Sets the
net.ipv4.tcp_retries1
kernel parameter in containers. If not specified, the value from the linux init_net namespace is used.
tcp_retries2
¶Sets the
net.ipv4.tcp_retries2
kernel parameter in containers. If not specified, the value from the linux init_net namespace is used.
grootfs
¶
dropsonde_port
¶Local metron agent’s port.
- Default
3457
experimental_direct_io
¶Enable the DIRECT_IO flag on the loop device associated with the GrootFS store. This should reduce memory and processing overheads by eliminating double caching of the store filesystem
- Default
false
graph_cleanup_threshold_in_mb
¶DEPRECATED in favour of grootfs.reserved_space_for_other_jobs_in_mb.
- Default
-1
insecure_docker_registry_list
¶A list of IP:PORT tuples that we allow pulling docker images from using self-signed certificates.
- Default
[]
log_level
¶Log level for grootfs - can be debug, info, error or fatal.
- Default
info
reserved_space_for_other_jobs_in_mb
¶Amount of space that will be kept free for other jobs. The GrootFS store will be able to grow up to a maximum size of its disk minus this reserved space. Where the reserved space does not allow sufficient size for GrootFS to store container images and root filesystems (currently 15GB), the limit will be a soft limit, and garbage collection will attempt to keep disk space available for other jobs. -1 disables GC and allows GrootFS to potentially use the whole disk.
- Default
15360
skip_mount
¶Do not mount image root filesystem automatically, just return the mount information.
- Default
false
tls
¶
ca_cert
¶PEM-encoded tls client CA certificate for asset upload/download
cert
¶PEM-encoded tls certificate that can be used for client or server auth
key
¶PEM-encoded tls client key
logging
¶
format
¶
timestamp
¶Format for timestamp in component logs. Valid values are ‘unix-epoch’ and ‘rfc3339’.
- Default
unix-epoch
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/garden/
directory
(learn more).
bin/auplink
(frombin/auplink
)bin/bpm-pre-start
(frombin/bpm-pre-start.erb
)bin/containerd_utils
(frombin/containerd_utils.erb
)bin/envs
(frombin/envs.erb
)bin/garden_ctl
(frombin/garden_ctl
)bin/garden_start
(frombin/garden_start.erb
)bin/garden_stop
(frombin/garden_stop.erb
)bin/grootfs-utils
(frombin/grootfs-utils.erb
)bin/overlay-xfs-setup
(frombin/overlay-xfs-setup
)bin/post-start
(frombin/post-start
)bin/pre-start
(frombin/pre-start
)config/bpm.yml
(fromconfig/bpm.yml.erb
)config/config.ini
(fromconfig/config.ini.erb
)config/containerd.toml
(fromconfig/containerd.toml.erb
)config/garden-default
(fromconfig/garden-default
)config/garden.service
(fromconfig/garden.service
)config/grootfs_config.yml
(fromconfig/grootfs_config.yml.erb
)config/privileged_grootfs_config.yml
(fromconfig/privileged_grootfs_config.yml.erb
)certs/remote-layer.cert
(fromcerts/remote-layer.cert.erb
)certs/remote-layer.crt
(fromcerts/remote-layer.crt.erb
)certs/remote-layer.key
(fromcerts/remote-layer.key.erb
)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/
directory.