const userNsLength … const mapReInitializeThreshold … type userNsPodsManager … type UsernsManager … type userNamespace … type idMapping … const mappingsFile … // writeMappingsToFile writes the specified user namespace configuration to the pod // directory. func (m *UsernsManager) writeMappingsToFile(pod types.UID, userNs userNamespace) error { … } // readMappingsFromFile reads the user namespace configuration from the pod directory. func (m *UsernsManager) readMappingsFromFile(pod types.UID) ([]byte, error) { … } func MakeUserNsManager(kl userNsPodsManager) (*UsernsManager, error) { … } // recordPodMappings registers the range used for the user namespace if the // usernsConfFile exists in the pod directory. func (m *UsernsManager) recordPodMappings(pod types.UID) error { … } // isSet checks if the specified index is already set. func (m *UsernsManager) isSet(v uint32) bool { … } // allocateOne finds a free user namespace and allocate it to the specified pod. // The first return value is the first ID in the user namespace, the second returns // the length for the user namespace range. func (m *UsernsManager) allocateOne(pod types.UID) (firstID uint32, length uint32, err error) { … } // record stores the user namespace [from; from+length] to the specified pod. func (m *UsernsManager) record(pod types.UID, from, length uint32) (err error) { … } // Release releases the user namespace allocated to the specified pod. func (m *UsernsManager) Release(podUID types.UID) { … } // podAllocated returns true if the pod is allocated, false otherwise. func (m *UsernsManager) podAllocated(podUID types.UID) bool { … } func (m *UsernsManager) releaseWithLock(pod types.UID) { … } func (m *UsernsManager) parseUserNsFileAndRecord(pod types.UID, content []byte) (userNs userNamespace, err error) { … } func (m *UsernsManager) createUserNs(pod *v1.Pod) (userNs userNamespace, err error) { … } // GetOrCreateUserNamespaceMappings returns the configuration for the sandbox user namespace func (m *UsernsManager) GetOrCreateUserNamespaceMappings(pod *v1.Pod, runtimeHandler string) (*runtimeapi.UserNamespace, error) { … } // CleanupOrphanedPodUsernsAllocations reconciliates the state of user namespace // allocations with the pods actually running. It frees any user namespace // allocation for orphaned pods. func (m *UsernsManager) CleanupOrphanedPodUsernsAllocations(pods []*v1.Pod, runningPods []*kubecontainer.Pod) error { … } func EnabledUserNamespacesSupport() bool { … }
Codebase Browser
kubernetes