From 99ad0911a5343716c1bda72e5fb8dbe90e2a67e9 Mon Sep 17 00:00:00 2001 From: Rahul Kulkarni Date: Sat, 19 Sep 2020 02:00:25 +0100 Subject: [PATCH] Config to specify isolation technology for container Signed-off-by: Rahul Kulkarni --- src/main/asciidoc/inc/_docker-start.adoc | 5 ++++ .../asciidoc/inc/start/_configuration.adoc | 3 ++ src/main/asciidoc/inc/start/_isolation.adoc | 30 +++++++++++++++++++ .../docker/access/ContainerHostConfig.java | 2 ++ .../docker/config/RunImageConfiguration.java | 10 +++++++ .../compose/DockerComposeConfigHandler.java | 1 + .../compose/DockerComposeServiceWrapper.java | 2 ++ .../config/handler/property/ConfigKey.java | 1 + .../property/PropertyConfigHandler.java | 1 + .../maven/docker/service/RunService.java | 1 + .../handler/AbstractConfigHandlerTest.java | 1 + .../DockerComposeConfigHandlerTest.java | 1 + .../property/PropertyConfigHandlerTest.java | 2 ++ .../maven/docker/service/RunServiceTest.java | 1 + src/test/resources/compose/docker-compose.yml | 1 + .../docker/containerCreateConfigAll.json | 1 + .../docker/containerHostConfigAll.json | 1 + 17 files changed, 64 insertions(+) create mode 100644 src/main/asciidoc/inc/start/_isolation.adoc diff --git a/src/main/asciidoc/inc/_docker-start.adoc b/src/main/asciidoc/inc/_docker-start.adoc index 462288f18..620824023 100644 --- a/src/main/asciidoc/inc/_docker-start.adoc +++ b/src/main/asciidoc/inc/_docker-start.adoc @@ -53,3 +53,8 @@ include::start/_wait.adoc[] === Logging include::start/_logging.adoc[] + +[[start-isolation]] +=== Isolation + +include::start/_isolation.adoc[] \ No newline at end of file diff --git a/src/main/asciidoc/inc/start/_configuration.adoc b/src/main/asciidoc/inc/start/_configuration.adoc index 86abb3603..0f2366fec 100644 --- a/src/main/asciidoc/inc/start/_configuration.adoc +++ b/src/main/asciidoc/inc/start/_configuration.adoc @@ -80,6 +80,9 @@ The `` configuration element knows the following sub elements: | <> | Log configuration for whether and how log messages from the running containers should be printed. This also can configure the https://docs.docker.com/engine/admin/logging/overview[log driver] to use. See <> for a detailed description. +| <> +| This option sets container's isolation technology. See <> for a detailed description. + | *memory* | Memory limit in bytes diff --git a/src/main/asciidoc/inc/start/_isolation.adoc b/src/main/asciidoc/inc/start/_isolation.adoc new file mode 100644 index 000000000..8fa767e77 --- /dev/null +++ b/src/main/asciidoc/inc/start/_isolation.adoc @@ -0,0 +1,30 @@ +==== Specify isolation technology for container + +The following configuration option under session is equivalent of `--isolation ` when running a docker container + +.Example +[source,xml] + + hyperv + + +This option is useful in situations where you are running Docker containers on Windows. The --isolation option sets a container's isolation technology. On Linux, the only supported is the default option which uses Linux namespaces. + +.On Windows, isolation can take one of these values: +[cols="1,5"] +|=== +|Value |Description + +|default +|Use the value specified by the Docker daemon's --exec-opt or system default (see below). + +|process +|Shared-kernel namespace isolation (not supported on Windows client operating systems older than Windows 10 1809). + +|hyperv +|Hyper-V hypervisor partition-based isolation. +|=== + +The default isolation on Windows server operating systems is process. The default isolation on Windows client operating systems is hyperv. An attempt to start a container on a client operating system older than Windows 10 1809 with --isolation process will fail. + +See https://docs.docker.com/engine/reference/commandline/run/#specify-isolation-technology-for-container---isolation[isolation technology for container] for a detailed description. diff --git a/src/main/java/io/fabric8/maven/docker/access/ContainerHostConfig.java b/src/main/java/io/fabric8/maven/docker/access/ContainerHostConfig.java index 94e7d0b97..52b213a3e 100644 --- a/src/main/java/io/fabric8/maven/docker/access/ContainerHostConfig.java +++ b/src/main/java/io/fabric8/maven/docker/access/ContainerHostConfig.java @@ -68,6 +68,8 @@ public ContainerHostConfig dnsSearch(List dnsSearch) { return addAsArray("DnsSearch", dnsSearch); } + public ContainerHostConfig isolation(String isolation) { return add("Isolation",isolation); } + public ContainerHostConfig cpuShares(Long cpuShares) { return add("CpuShares", cpuShares); } diff --git a/src/main/java/io/fabric8/maven/docker/config/RunImageConfiguration.java b/src/main/java/io/fabric8/maven/docker/config/RunImageConfiguration.java index df051f54a..b84b665a2 100644 --- a/src/main/java/io/fabric8/maven/docker/config/RunImageConfiguration.java +++ b/src/main/java/io/fabric8/maven/docker/config/RunImageConfiguration.java @@ -107,6 +107,9 @@ public boolean isDefault() { @Parameter private List extraHosts; + @Parameter + private String isolation; + @Parameter private Long cpuShares; @@ -256,6 +259,8 @@ public Long getMemorySwap() { return memorySwap; } + public String getIsolation() { return isolation; } + public Long getCpuShares() { return cpuShares; } @@ -591,6 +596,11 @@ public Builder log(LogConfiguration log) { return this; } + public Builder isolation (String isolation) { + config.isolation = isolation; + return this; + } + public Builder cpuShares(Long cpuShares){ config.cpuShares = cpuShares; return this; diff --git a/src/main/java/io/fabric8/maven/docker/config/handler/compose/DockerComposeConfigHandler.java b/src/main/java/io/fabric8/maven/docker/config/handler/compose/DockerComposeConfigHandler.java index 5422d0daf..7d508573d 100644 --- a/src/main/java/io/fabric8/maven/docker/config/handler/compose/DockerComposeConfigHandler.java +++ b/src/main/java/io/fabric8/maven/docker/config/handler/compose/DockerComposeConfigHandler.java @@ -193,6 +193,7 @@ private RunImageConfiguration createRunConfiguration(DockerComposeServiceWrapper // stop_signal not supported .ulimits(wrapper.getUlimits()) .volumes(wrapper.getVolumeConfig()) + .isolation(wrapper.getIsolation()) .cpuShares(wrapper.getCpuShares()) .cpus(wrapper.getCpusCount()) .cpuSet(wrapper.getCpuSet()) diff --git a/src/main/java/io/fabric8/maven/docker/config/handler/compose/DockerComposeServiceWrapper.java b/src/main/java/io/fabric8/maven/docker/config/handler/compose/DockerComposeServiceWrapper.java index 0c356030b..d65ed57ed 100644 --- a/src/main/java/io/fabric8/maven/docker/config/handler/compose/DockerComposeServiceWrapper.java +++ b/src/main/java/io/fabric8/maven/docker/config/handler/compose/DockerComposeServiceWrapper.java @@ -350,6 +350,8 @@ public String getCpuSet() { return asString("cpuset"); } + public String getIsolation() {return asString("isolation"); } + public Long getCpuShares() { return asLong("cpu_shares"); } diff --git a/src/main/java/io/fabric8/maven/docker/config/handler/property/ConfigKey.java b/src/main/java/io/fabric8/maven/docker/config/handler/property/ConfigKey.java index 1591b6bbd..4313b60f1 100644 --- a/src/main/java/io/fabric8/maven/docker/config/handler/property/ConfigKey.java +++ b/src/main/java/io/fabric8/maven/docker/config/handler/property/ConfigKey.java @@ -43,6 +43,7 @@ public enum ConfigKey { CLEANUP, CPUS, CPUSET, + ISOLATION, CPUSHARES, CACHE_FROM, CMD, diff --git a/src/main/java/io/fabric8/maven/docker/config/handler/property/PropertyConfigHandler.java b/src/main/java/io/fabric8/maven/docker/config/handler/property/PropertyConfigHandler.java index db50a965b..3d9d0b4f6 100644 --- a/src/main/java/io/fabric8/maven/docker/config/handler/property/PropertyConfigHandler.java +++ b/src/main/java/io/fabric8/maven/docker/config/handler/property/PropertyConfigHandler.java @@ -218,6 +218,7 @@ private RunImageConfiguration extractRunConfiguration(ImageConfiguration fromCon .imagePullPolicy(valueProvider.getString(IMAGE_PULL_POLICY_RUN, config == null ? null : config.getImagePullPolicy())) .ulimits(extractUlimits(config == null ? null : config.getUlimits(), valueProvider)) .tmpfs(valueProvider.getList(TMPFS, config == null ? null : config.getTmpfs())) + .isolation(valueProvider.getString(ISOLATION, config == null ? null : config.getIsolation())) .cpuShares(valueProvider.getLong(CPUSHARES, config == null ? null : config.getCpuShares())) .cpus(valueProvider.getLong(CPUS, config == null ? null : config.getCpus())) .cpuSet(valueProvider.getString(CPUSET, config == null ? null : config.getCpuSet())) diff --git a/src/main/java/io/fabric8/maven/docker/service/RunService.java b/src/main/java/io/fabric8/maven/docker/service/RunService.java index afee04ed5..7b4b97a28 100644 --- a/src/main/java/io/fabric8/maven/docker/service/RunService.java +++ b/src/main/java/io/fabric8/maven/docker/service/RunService.java @@ -371,6 +371,7 @@ ContainerHostConfig createContainerHostConfig(RunImageConfiguration runConfig, P .logConfig(runConfig.getLogConfiguration()) .tmpfs(runConfig.getTmpfs()) .ulimits(runConfig.getUlimits()) + .isolation(runConfig.getIsolation()) .cpuShares(runConfig.getCpuShares()) .cpus(runConfig.getCpus()) .cpuSet(runConfig.getCpuSet()) diff --git a/src/test/java/io/fabric8/maven/docker/config/handler/AbstractConfigHandlerTest.java b/src/test/java/io/fabric8/maven/docker/config/handler/AbstractConfigHandlerTest.java index 37ffa30d9..fb17deb75 100644 --- a/src/test/java/io/fabric8/maven/docker/config/handler/AbstractConfigHandlerTest.java +++ b/src/test/java/io/fabric8/maven/docker/config/handler/AbstractConfigHandlerTest.java @@ -36,6 +36,7 @@ protected void validateRunConfiguration(RunImageConfiguration runConfig) { assertEquals((Long) 1L, runConfig.getMemory()); assertEquals((Long) 1L, runConfig.getMemorySwap()); assertEquals((Long) 1000000000L, runConfig.getCpus()); + assertEquals("default", runConfig.getIsolation()); assertEquals((Long) 1L, runConfig.getCpuShares()); assertEquals("0,1", runConfig.getCpuSet()); assertEquals(getEnvPropertyFile(),runConfig.getEnvPropertyFile()); diff --git a/src/test/java/io/fabric8/maven/docker/config/handler/compose/DockerComposeConfigHandlerTest.java b/src/test/java/io/fabric8/maven/docker/config/handler/compose/DockerComposeConfigHandlerTest.java index 213b909b9..598ada9f9 100644 --- a/src/test/java/io/fabric8/maven/docker/config/handler/compose/DockerComposeConfigHandlerTest.java +++ b/src/test/java/io/fabric8/maven/docker/config/handler/compose/DockerComposeConfigHandlerTest.java @@ -164,6 +164,7 @@ void validateRunConfiguration(RunImageConfiguration runConfig) { assertEquals((Long) 1L, runConfig.getMemorySwap()); assertEquals("0,1", runConfig.getCpuSet()); assertEquals((Long)1000000000L, runConfig.getCpus()); + assertEquals("default", runConfig.getIsolation()); assertEquals((Long) 1L, runConfig.getCpuShares()); assertEquals(null,runConfig.getEnvPropertyFile()); diff --git a/src/test/java/io/fabric8/maven/docker/config/handler/property/PropertyConfigHandlerTest.java b/src/test/java/io/fabric8/maven/docker/config/handler/property/PropertyConfigHandlerTest.java index a713b1d41..8ff04f84e 100644 --- a/src/test/java/io/fabric8/maven/docker/config/handler/property/PropertyConfigHandlerTest.java +++ b/src/test/java/io/fabric8/maven/docker/config/handler/property/PropertyConfigHandlerTest.java @@ -1000,6 +1000,7 @@ protected void validateRunConfiguration(RunImageConfiguration runConfig) { assertEquals((Long) 1L, runConfig.getMemory()); assertEquals((Long) 1L, runConfig.getMemorySwap()); assertEquals((Long) 1000000000L, runConfig.getCpus()); + assertEquals("default",runConfig.getIsolation()); assertEquals((Long) 1L, runConfig.getCpuShares()); assertEquals("0,1", runConfig.getCpuSet()); assertEquals("/tmp/envProps.txt",runConfig.getEnvPropertyFile()); @@ -1084,6 +1085,7 @@ private String[] getTestData() { k(ConfigKey.SECURITY_OPTS) + ".1", "seccomp=unconfined", k(ConfigKey.CPUS), "1000000000", k(ConfigKey.CPUSET), "0,1", + k(ConfigKey.ISOLATION),"default", k(ConfigKey.CPUSHARES), "1", k(ConfigKey.CMD), "command.sh", k(ConfigKey.DNS) + ".1", "8.8.8.8", diff --git a/src/test/java/io/fabric8/maven/docker/service/RunServiceTest.java b/src/test/java/io/fabric8/maven/docker/service/RunServiceTest.java index 0f621717d..ad50d22fc 100644 --- a/src/test/java/io/fabric8/maven/docker/service/RunServiceTest.java +++ b/src/test/java/io/fabric8/maven/docker/service/RunServiceTest.java @@ -367,6 +367,7 @@ private void givenARunConfiguration() { .memorySwap(1L) .cpus(1000000000L) .cpuSet("0,1") + .isolation("default") .cpuShares(1L) .env(env()) .cmd("date") diff --git a/src/test/resources/compose/docker-compose.yml b/src/test/resources/compose/docker-compose.yml index f5a9ce9cc..19ef8607d 100644 --- a/src/test/resources/compose/docker-compose.yml +++ b/src/test/resources/compose/docker-compose.yml @@ -16,6 +16,7 @@ services: - CAP command: command.sh cgroup_parent: cgroup_parent + isolation: default cpu_shares: 1 cpuset: 0,1 cpus: 1 diff --git a/src/test/resources/docker/containerCreateConfigAll.json b/src/test/resources/docker/containerCreateConfigAll.json index 88c5329d8..7d06cb090 100644 --- a/src/test/resources/docker/containerCreateConfigAll.json +++ b/src/test/resources/docker/containerCreateConfigAll.json @@ -64,6 +64,7 @@ "Soft":2048 } ], + "Isolation": "default", "CpuShares":1, "NanoCpus": 1000000000, "CpusetCpus":"0,1", diff --git a/src/test/resources/docker/containerHostConfigAll.json b/src/test/resources/docker/containerHostConfigAll.json index 60a7b57aa..8822ae58a 100644 --- a/src/test/resources/docker/containerHostConfigAll.json +++ b/src/test/resources/docker/containerHostConfigAll.json @@ -44,6 +44,7 @@ "Soft":2048 } ], + "Isolation": "default", "CpuShares":1, "NanoCpus":1000000000, "CpusetCpus":"0,1",