Blame config.json.template
|
 |
b01c536 |
{
|
|
|
b73797c |
"ociVersion": "1.0.0",
|
|
|
b01c536 |
"platform": {
|
|
|
b01c536 |
"os": "linux",
|
|
|
b01c536 |
"arch": "amd64"
|
|
|
b01c536 |
},
|
|
|
b01c536 |
"process": {
|
|
|
b01c536 |
"terminal": false,
|
|
|
b73797c |
"user": {
|
|
|
b73797c |
"uid": 0,
|
|
|
b73797c |
"gid": 0
|
|
|
b73797c |
},
|
|
|
b01c536 |
"args": [
|
|
|
b01c536 |
"/usr/bin/flanneld-run.sh"
|
|
|
b01c536 |
],
|
|
|
b01c536 |
"env": [
|
|
|
b01c536 |
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
|
|
|
b01c536 |
"FLANNELD_ETCD_PREFIX=$FLANNELD_ETCD_PREFIX",
|
|
|
b01c536 |
"FLANNELD_ETCD_ENDPOINTS=$FLANNELD_ETCD_ENDPOINTS",
|
|
|
b01c536 |
"TERM=xterm",
|
|
|
b01c536 |
"NAME=$NAME"
|
|
|
b01c536 |
],
|
|
|
b01c536 |
"cwd": "/",
|
|
|
b73797c |
"capabilities": {
|
|
|
b73797c |
"bounding": [
|
|
|
b73797c |
"CAP_DAC_READ_SEARCH",
|
|
|
b73797c |
"CAP_AUDIT_WRITE",
|
|
|
b73797c |
"CAP_KILL",
|
|
|
b73797c |
"CAP_NET_BIND_SERVICE",
|
|
|
b73797c |
"CAP_NET_ADMIN"
|
|
|
b73797c |
],
|
|
|
b73797c |
"permitted": [
|
|
|
b73797c |
"CAP_DAC_READ_SEARCH",
|
|
|
b73797c |
"CAP_AUDIT_WRITE",
|
|
|
b73797c |
"CAP_KILL",
|
|
|
b73797c |
"CAP_NET_BIND_SERVICE",
|
|
|
b73797c |
"CAP_NET_ADMIN"
|
|
|
b73797c |
],
|
|
|
b73797c |
"inheritable": [
|
|
|
b73797c |
"CAP_DAC_READ_SEARCH",
|
|
|
b73797c |
"CAP_AUDIT_WRITE",
|
|
|
b73797c |
"CAP_KILL",
|
|
|
b73797c |
"CAP_NET_BIND_SERVICE",
|
|
|
b73797c |
"CAP_NET_ADMIN"
|
|
|
b73797c |
],
|
|
|
b73797c |
"effective": [
|
|
|
b73797c |
"CAP_DAC_READ_SEARCH",
|
|
|
b73797c |
"CAP_AUDIT_WRITE",
|
|
|
b73797c |
"CAP_KILL",
|
|
|
b73797c |
"CAP_NET_BIND_SERVICE",
|
|
|
b73797c |
"CAP_NET_ADMIN"
|
|
|
b73797c |
],
|
|
|
b73797c |
"ambient": [
|
|
|
b73797c |
"CAP_DAC_READ_SEARCH",
|
|
|
b73797c |
"CAP_AUDIT_WRITE",
|
|
|
b73797c |
"CAP_KILL",
|
|
|
b73797c |
"CAP_NET_BIND_SERVICE",
|
|
|
b73797c |
"CAP_NET_ADMIN"
|
|
|
b73797c |
]
|
|
|
b73797c |
},
|
|
|
b01c536 |
"rlimits": [
|
|
|
b01c536 |
{
|
|
|
b01c536 |
"type": "RLIMIT_NOFILE",
|
|
|
b01c536 |
"hard": 1024,
|
|
|
b01c536 |
"soft": 1024
|
|
|
b01c536 |
}
|
|
|
b01c536 |
],
|
|
|
b01c536 |
"noNewPrivileges": false
|
|
|
b01c536 |
},
|
|
|
b01c536 |
"root": {
|
|
|
b01c536 |
"path": "rootfs",
|
|
|
b01c536 |
"readonly": true
|
|
|
b01c536 |
},
|
|
|
b01c536 |
"hostname": "flannel",
|
|
|
b01c536 |
"mounts": [
|
|
|
b01c536 |
{
|
|
|
b01c536 |
"destination": "/proc",
|
|
|
b01c536 |
"type": "proc",
|
|
|
b01c536 |
"source": "proc"
|
|
|
b01c536 |
},
|
|
|
b01c536 |
{
|
|
|
b01c536 |
"type": "bind",
|
|
|
b01c536 |
"source": "/dev",
|
|
|
b01c536 |
"destination": "/dev",
|
|
|
b01c536 |
"options": [
|
|
|
b01c536 |
"rbind",
|
|
|
b01c536 |
"rw",
|
|
|
b01c536 |
"mode=755"
|
|
|
b01c536 |
]
|
|
|
b01c536 |
},
|
|
|
b01c536 |
{
|
|
|
b01c536 |
"destination": "/dev/pts",
|
|
|
b01c536 |
"type": "devpts",
|
|
|
b01c536 |
"source": "devpts",
|
|
|
b01c536 |
"options": [
|
|
|
b01c536 |
"nosuid",
|
|
|
b01c536 |
"noexec",
|
|
|
b01c536 |
"newinstance",
|
|
|
b01c536 |
"ptmxmode=0666",
|
|
|
b01c536 |
"mode=0620",
|
|
|
b01c536 |
"gid=5"
|
|
|
b01c536 |
]
|
|
|
b01c536 |
},
|
|
|
b01c536 |
{
|
|
|
b01c536 |
"destination": "/dev/shm",
|
|
|
b01c536 |
"type": "tmpfs",
|
|
|
b01c536 |
"source": "shm",
|
|
|
b01c536 |
"options": [
|
|
|
b01c536 |
"nosuid",
|
|
|
b01c536 |
"noexec",
|
|
|
b01c536 |
"nodev",
|
|
|
b01c536 |
"mode=1777",
|
|
|
b01c536 |
"size=65536k"
|
|
|
b01c536 |
]
|
|
|
b01c536 |
},
|
|
|
b01c536 |
{
|
|
|
b01c536 |
"destination": "/dev/mqueue",
|
|
|
b01c536 |
"type": "mqueue",
|
|
|
b01c536 |
"source": "mqueue",
|
|
|
b01c536 |
"options": [
|
|
|
b01c536 |
"nosuid",
|
|
|
b01c536 |
"noexec",
|
|
|
b01c536 |
"nodev"
|
|
|
b01c536 |
]
|
|
|
b01c536 |
},
|
|
|
b01c536 |
{
|
|
|
b01c536 |
"destination": "/sys",
|
|
|
b01c536 |
"type": "sysfs",
|
|
|
b01c536 |
"source": "sysfs",
|
|
|
b01c536 |
"options": [
|
|
|
b01c536 |
"nosuid",
|
|
|
b01c536 |
"noexec",
|
|
|
b01c536 |
"nodev",
|
|
|
b01c536 |
"ro"
|
|
|
b01c536 |
]
|
|
|
b01c536 |
},
|
|
|
b01c536 |
{
|
|
|
b01c536 |
"destination": "/sys/fs/cgroup",
|
|
|
b01c536 |
"type": "cgroup",
|
|
|
b01c536 |
"source": "cgroup",
|
|
|
b01c536 |
"options": [
|
|
|
b01c536 |
"nosuid",
|
|
|
b01c536 |
"noexec",
|
|
|
b01c536 |
"nodev",
|
|
|
b01c536 |
"relatime",
|
|
|
b01c536 |
"ro"
|
|
|
b01c536 |
]
|
|
|
b01c536 |
},
|
|
|
b01c536 |
{
|
|
|
b01c536 |
"type": "bind",
|
|
|
b01c536 |
"source": "/etc/systemd/system/docker.service.d",
|
|
|
b01c536 |
"destination": "/etc/systemd/system/docker.service.d",
|
|
|
b01c536 |
"options": [
|
|
|
b01c536 |
"rbind",
|
|
|
b01c536 |
"rw",
|
|
|
b01c536 |
"mode=755"
|
|
|
b01c536 |
]
|
|
|
b01c536 |
},
|
|
|
b01c536 |
{
|
|
|
b01c536 |
"source": "${RUN_DIRECTORY}/${NAME}",
|
|
|
b01c536 |
"destination": "/run/flannel",
|
|
|
b01c536 |
"type": "bind",
|
|
|
b01c536 |
"options": [
|
|
|
b01c536 |
"rw",
|
|
|
b01c536 |
"rbind",
|
|
|
b01c536 |
"rprivate"
|
|
|
b01c536 |
]
|
|
|
b01c536 |
},
|
|
|
b01c536 |
{
|
|
|
b01c536 |
"destination": "/etc/resolv.conf",
|
|
|
b01c536 |
"type": "bind",
|
|
|
b01c536 |
"source": "/etc/resolv.conf",
|
|
|
b01c536 |
"options": [
|
|
|
b01c536 |
"ro",
|
|
|
b01c536 |
"rbind",
|
|
|
b01c536 |
"rprivate"
|
|
|
b01c536 |
]
|
|
|
b73797c |
},
|
|
|
b73797c |
{
|
|
|
b73797c |
"source": "/etc/sysconfig/flanneld",
|
|
|
b73797c |
"destination": "/etc/sysconfig/flanneld",
|
|
|
b73797c |
"type": "bind",
|
|
|
b73797c |
"options": [
|
|
|
b73797c |
"rw",
|
|
|
b73797c |
"rbind",
|
|
|
b73797c |
"rprivate"
|
|
|
b73797c |
]
|
|
|
b73797c |
},
|
|
|
b73797c |
{
|
|
|
b73797c |
"source": "/etc/flanneld",
|
|
|
b73797c |
"destination": "/etc/flanneld",
|
|
|
b73797c |
"type": "bind",
|
|
|
b73797c |
"options": [
|
|
|
b73797c |
"rw",
|
|
|
b73797c |
"rbind",
|
|
|
b73797c |
"rprivate"
|
|
|
b73797c |
]
|
|
|
b73797c |
}
|
|
|
b01c536 |
],
|
|
|
b01c536 |
"hooks": {},
|
|
|
b01c536 |
"linux": {
|
|
|
b01c536 |
"resources": {
|
|
|
b01c536 |
"devices": [
|
|
|
b01c536 |
{
|
|
|
b01c536 |
"allow": false,
|
|
|
b01c536 |
"access": "rwm"
|
|
|
b01c536 |
}
|
|
|
b01c536 |
]
|
|
|
b01c536 |
},
|
|
|
b01c536 |
"namespaces": [
|
|
|
b01c536 |
{
|
|
|
b01c536 |
"type": "ipc"
|
|
|
b01c536 |
},
|
|
|
b01c536 |
{
|
|
|
b01c536 |
"type": "uts"
|
|
|
b01c536 |
},
|
|
|
b01c536 |
{
|
|
|
b01c536 |
"type": "mount"
|
|
|
b01c536 |
}
|
|
|
b01c536 |
],
|
|
|
b01c536 |
"maskedPaths": [
|
|
|
b01c536 |
"/proc/kcore",
|
|
|
b01c536 |
"/proc/latency_stats",
|
|
|
b01c536 |
"/proc/timer_stats",
|
|
|
b01c536 |
"/proc/sched_debug"
|
|
|
b01c536 |
],
|
|
|
b01c536 |
"readonlyPaths": [
|
|
|
b01c536 |
"/proc/asound",
|
|
|
b01c536 |
"/proc/bus",
|
|
|
b01c536 |
"/proc/irq",
|
|
|
b01c536 |
"/proc/sysrq-trigger"
|
|
|
b01c536 |
]
|
|
|
b01c536 |
}
|
|
|
b01c536 |
}
|