Skip to content

garden job from garden-runc/1.45.0

Github source: 700eadf7 or master branch

Properties

bpm

enabled

Use bpm. NOTE: this requires a recreate when enabling for the first time, otherwise old containers may be left running. NOTE: When this property is enabled, containers won’t survive a restart of the garden job. This is why garden.destroy_containers_on_start should be set to avoid leaking container state.

Default
false

garden

additional_bpm_volumes

An array of shared writable volumes which will be mounted into the BPM container. Submounts from all mount namespaces in a volume are visible in all containers that have the volume mounted in. Note: Can only be used when deploying with BPM to mount in existing volumes.

Default
[]

additional_dns_servers

Additional DNS servers to be used in containers; extends those used on the host or those set by dns_servers property

Default
[]

additional_host_entries

Additional hosts file entries to be used in containers.

Default
[]

allow_host_access

A boolean stating whether or not containers started on this host should be able to reach this host. Changing the value on an existing deployment requires a recreate

Default
false

apparmor_profile

AppArmor profile to use for unprivileged container processes

Default
garden-default

cleanup_process_dirs_on_wait

A boolean stating whether or not to cleanup process state after waiting for it. If set a process can be waited for only once.

Default
false

containerd_mode

Use containerd for container lifecycle management. NOTE: cannot be used in combination with bpm or rootless

Default
false

cpu_quota_per_share_in_us

Maximum number of microseconds each cpu share assigned to a container allows per quota period. When set to zero cpu limit is disabled.

Default
0

cpu_throttling

Throttle cpu of badly behaving apps. Note this changes the cpu cgroup structure, and existing containers should be destroyed when changing this value (e.g. set destroy_containers_on_start to true).

cpu_throttling_check_interval

Number of seconds between each CPU throttling check. If set this will override the experimental value.

debug_listen_address

tcp address on which to serve debug info

default_container_blockio_weight

default blkio.weight value for containers. Valid values are 0 (use system default), or 10 - 1000.

Default
0

default_container_grace_time

duration after which to reap idle containers

Default
0

default_container_rootfs

path to the rootfs to use when a container specifies no rootfs

Default
/var/vcap/packages/busybox/busybox-1.36.1.tar

deny_networks

List of CIDR blocks to which containers will be denied access.

Default
[]

destroy_containers_on_start

If true, all existing containers will be destroyed any time the garden server starts up

Default
false

disable_swap_limit

If true, container is not going to be limited in swap space. Should only be used if swap is disabled on the VM.

Default
false

dns_servers

Override DNS servers to be used in containers; defaults to the same as the host

Default
[]

docker_registry_endpoint

An URL pointing to the Docker registry to use to fetch Docker images. If unset, this will default to the Docker default.

dropsonde

destination

A URL that points at the Metron agent to which metrics are forwarded. By default, it matches with the default of Metron.

origin

A string identifier that will be used when reporting metrics to Dropsonde.

enable_container_network_metrics

Enable container network metrics. This feature is only available on Linux.

Default
false

experimental_cpu_entitlement_per_share_in_percent

CPU percentage entitled to a container for a single CPU share. 0 means that the entitlement will be automatically calculated so that the CPU resources get optimally distributed.

Default
0

experimental_cpu_throttling

Deprecated. Will be removed in favor of the non-experimental property. Throttle cpu of badly behaving apps. Note this changes the cpu cgroup structure, and existing containers should be destroyed when changing this value (e.g. set destroy_containers_on_start to true). The non-experimental property will override this one if set.

Default
false

experimental_cpu_throttling_check_interval

Deprecated. Will be removed in favor of the non-experimental property. Number of seconds between each CPU throttling check. The non-experimental property will override this one if it is set.

Default
15

experimental_rootless_mode

A boolean stating whether or not to run garden-server as a non-root user

Default
false

experimental_tcp_mem_limit_in_bytes

No longer supported! Previously set a hard limit for the tcp buffer memory in bytes but now not supported in runc.

Default
0

experimental_use_containerd_mode_for_processes

(Under development) Use containerd for container process management. Must be used with containerd_mode also set to true. NOTE: cannot be used in combination with bpm or rootless

Default
false

graph_cleanup_threshold_in_mb

DEPRECATED in favour of grootfs.reserved_space_for_other_jobs_in_mb.

Default
-1

http_proxy

Http proxy that Garden process should use

https_proxy

Https proxy that Garden process should use

image_plugin

Path to an optional image plugin binary

image_plugin_extra_args

An array of additional arguments which will be passed to the image plugin binary

Default
[]

insecure_docker_registry_list

DEPRECATED in favour of grootfs property.

Default
[]

iptables_bin_dir

Path to directory that contains iptables binary

Default
/sbin

listen_address

Garden server listening address.

Default
/var/vcap/data/garden/garden.sock

listen_network

Garden server connection mode (tcp or unix).

Default
unix

log_level

log level for the Garden server - can be debug, info, error or fatal

Default
info

max_containers

Maximum container capacity to advertise. It is not recommended to set this larger than 250.

Default
250

network_mtu

Maximum network transmission unit length in bytes. Defaults to the mtu of the interface that the host uses for outbound connections. Max allowed value is 1500. Changed value applies only to newly created containers.

Default
0

network_plugin

Path to an optional network plugin binary

network_plugin_extra_args

An array of additional arguments which will be passed to the network plugin binary

Default
[]

network_pool

A CIDR subnet mask specifying the range of subnets available to be assigned to containers.

Default
10.254.0.0/22

no_image_plugin

If true, disables image plugin usage, thus ignoring other image plugin settings

Default
false

no_proxy

List of comma-separated hosts that should skip connecting to the proxy

port_pool

size

An integer used to denote how many ports are avaliable for Net In calls. Uses the Garden default if not set.

start

An integer port number used to denote where ports should start being allocated for Net In calls. Uses the Garden default if not set.

privileged_image_plugin

Path to an optional privileged image plugin binary

privileged_image_plugin_extra_args

An array of additional arguments which will be passed to the privileged image plugin binary when creating privileged containers - these will be passed instead of the contents of image_plugin_extra_args

Default
[]

runtime_plugin

Path to a runtime plugin binary

Default
/var/vcap/packages/runc/bin/runc

tcp_keepalive_intvl

Sets the net.ipv4.tcp_keepalive_intvl kernel parameter in containers. If not specified, the value from the linux init_net namespace is used.

tcp_keepalive_probes

Sets the net.ipv4.tcp_keepalive_probes kernel parameter in containers. If not specified, the value from the linux init_net namespace is used.

tcp_keepalive_time

Sets the net.ipv4.tcp_keepalive_time kernel parameter in containers. If not specified, the value from the linux init_net namespace is used.

tcp_retries1

Sets the net.ipv4.tcp_retries1 kernel parameter in containers. If not specified, the value from the linux init_net namespace is used.

tcp_retries2

Sets the net.ipv4.tcp_retries2 kernel parameter in containers. If not specified, the value from the linux init_net namespace is used.

grootfs

dropsonde_port

Local metron agent’s port.

Default
3457

experimental_direct_io

Enable the DIRECT_IO flag on the loop device associated with the GrootFS store. This should reduce memory and processing overheads by eliminating double caching of the store filesystem

Default
false

graph_cleanup_threshold_in_mb

DEPRECATED in favour of grootfs.reserved_space_for_other_jobs_in_mb.

Default
-1

insecure_docker_registry_list

A list of IP:PORT tuples that we allow pulling docker images from using self-signed certificates.

Default
[]

log_level

Log level for grootfs - can be debug, info, error or fatal.

Default
info

reserved_space_for_other_jobs_in_mb

Amount of space that will be kept free for other jobs. The GrootFS store will be able to grow up to a maximum size of its disk minus this reserved space. Where the reserved space does not allow sufficient size for GrootFS to store container images and root filesystems (currently 15GB), the limit will be a soft limit, and garbage collection will attempt to keep disk space available for other jobs. -1 disables GC and allows GrootFS to potentially use the whole disk.

Default
15360

skip_mount

Do not mount image root filesystem automatically, just return the mount information.

Default
false

tls

ca_cert

PEM-encoded tls client CA certificate for asset upload/download

cert

PEM-encoded tls certificate that can be used for client or server auth

key

PEM-encoded tls client key

logging

format

timestamp

Format for timestamp in component logs. Valid values are ‘unix-epoch’ and ‘rfc3339’.

Default
unix-epoch

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/garden/ directory (learn more).

  • bin/auplink (from bin/auplink)
  • bin/bpm-pre-start (from bin/bpm-pre-start.erb)
  • bin/containerd_utils (from bin/containerd_utils.erb)
  • bin/envs (from bin/envs.erb)
  • bin/garden_ctl (from bin/garden_ctl)
  • bin/garden_start (from bin/garden_start.erb)
  • bin/garden_stop (from bin/garden_stop.erb)
  • bin/grootfs-utils (from bin/grootfs-utils.erb)
  • bin/overlay-xfs-setup (from bin/overlay-xfs-setup)
  • bin/post-start (from bin/post-start)
  • bin/pre-start (from bin/pre-start)
  • config/bpm.yml (from config/bpm.yml.erb)
  • config/config.ini (from config/config.ini.erb)
  • config/containerd.toml (from config/containerd.toml.erb)
  • config/garden-default (from config/garden-default)
  • config/garden.service (from config/garden.service)
  • config/grootfs_config.yml (from config/grootfs_config.yml.erb)
  • config/privileged_grootfs_config.yml (from config/privileged_grootfs_config.yml.erb)
  • certs/remote-layer.cert (from certs/remote-layer.cert.erb)
  • certs/remote-layer.crt (from certs/remote-layer.crt.erb)
  • certs/remote-layer.key (from certs/remote-layer.key.erb)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.