Skip to content

Commit d4e7326

Browse files
vbattsvbatts
committed
config: JSON examples
* "complete" JSON example * fix a couple of values * fix a missing comma Signed-off-by: Vincent Batts <[email protected]>
1 parent d118a8f commit d4e7326

File tree

2 files changed

+206
-22
lines changed

2 files changed

+206
-22
lines changed

config-linux.md

Lines changed: 15 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -241,7 +241,7 @@ For more information on how these two settings work together, see [the memory cg
241241
###### Example
242242

243243
```json
244-
"oomScoreAdj": 0
244+
"oomScoreAdj": 100
245245
```
246246

247247
#### Memory
@@ -251,9 +251,9 @@ For more information, see [the memory cgroup man page][cgroup-v1-memory].
251251

252252
The following parameters can be specified to setup the controller:
253253

254-
* **`limit`** *(uint64, optional)* - sets limit of memory usage
254+
* **`limit`** *(uint64, optional)* - sets limit of memory usage in bytes
255255

256-
* **`reservation`** *(uint64, optional)* - sets soft limit of memory usage
256+
* **`reservation`** *(uint64, optional)* - sets soft limit of memory usage in bytes
257257

258258
* **`swap`** *(uint64, optional)* - sets limit of memory+Swap usage
259259

@@ -267,9 +267,9 @@ The following parameters can be specified to setup the controller:
267267

268268
```json
269269
"memory": {
270-
"limit": 0,
271-
"reservation": 0,
272-
"swap": 0,
270+
"limit": 536870912,
271+
"reservation": 536870912,
272+
"swap": 536870912,
273273
"kernel": 0,
274274
"kernelTCP": 0,
275275
"swappiness": 0
@@ -301,13 +301,13 @@ The following parameters can be specified to setup the controller:
301301

302302
```json
303303
"cpu": {
304-
"shares": 0,
305-
"quota": 0,
306-
"period": 0,
307-
"realtimeRuntime": 0,
308-
"realtimePeriod": 0,
309-
"cpus": "",
310-
"mems": ""
304+
"shares": 1024,
305+
"quota": 1000000,
306+
"period": 500000,
307+
"realtimeRuntime": 950000,
308+
"realtimePeriod": 1000000,
309+
"cpus": "2-3",
310+
"mems": "0-7"
311311
}
312312
```
313313

@@ -337,8 +337,8 @@ The following parameters can be specified to setup the controller:
337337

338338
```json
339339
"blockIO": {
340-
"blkioWeight": 0,
341-
"blkioLeafWeight": 0,
340+
"blkioWeight": 10,
341+
"blkioLeafWeight": 10,
342342
"blkioWeightDevice": [
343343
{
344344
"major": 8,

config.md

Lines changed: 191 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -232,7 +232,7 @@ If a hook returns a non-zero exit code, then an error is logged and the remainin
232232
],
233233
"poststart": [
234234
{
235-
"path": "/usr/bin/notify-start"
235+
"path": "/usr/bin/notify-start",
236236
"timeout": 5
237237
}
238238
],
@@ -269,7 +269,7 @@ Here is a full example `config.json` for reference.
269269

270270
```json
271271
{
272-
"ociVersion": "0.3.0",
272+
"ociVersion": "0.5.0-dev",
273273
"platform": {
274274
"os": "linux",
275275
"arch": "amd64"
@@ -284,6 +284,20 @@ Here is a full example `config.json` for reference.
284284
6
285285
]
286286
},
287+
"uidMappings": [
288+
{
289+
"hostID": 1000,
290+
"containerID": 0,
291+
"size": 32000
292+
}
293+
],
294+
"gidMappings": [
295+
{
296+
"hostID": 1000,
297+
"containerID": 0,
298+
"size": 32000
299+
}
300+
],
287301
"args": [
288302
"sh"
289303
],
@@ -298,14 +312,20 @@ Here is a full example `config.json` for reference.
298312
"CAP_NET_BIND_SERVICE"
299313
],
300314
"rlimits": [
315+
{
316+
"type": "RLIMIT_CORE",
317+
"hard": 1024,
318+
"soft": 1024
319+
},
301320
{
302321
"type": "RLIMIT_NOFILE",
303322
"hard": 1024,
304323
"soft": 1024
305324
}
306325
],
307-
"apparmorProfile": "",
308-
"selinuxLabel": ""
326+
"apparmorProfile": "acme_secure_profile",
327+
"selinuxLabel": "system_u:system_r:svirt_lxc_net_t:s0:c124,c675",
328+
"noNewPrivileges": true
309329
},
310330
"root": {
311331
"path": "rootfs",
@@ -390,20 +410,166 @@ Here is a full example `config.json` for reference.
390410
"hooks": {
391411
"prestart": [
392412
{
393-
"path": "/usr/bin/uptime",
413+
"path": "/usr/bin/fix-mounts",
394414
"args": [
395-
"/usr/bin/uptime"
415+
"fix-mounts",
416+
"arg1",
417+
"arg2"
396418
],
397-
"env": []
419+
"env": [
420+
"key1=value1"
421+
]
422+
},
423+
{
424+
"path": "/usr/bin/setup-network"
425+
}
426+
],
427+
"poststart": [
428+
{
429+
"path": "/usr/bin/notify-start",
430+
"timeout": 5
431+
}
432+
],
433+
"poststop": [
434+
{
435+
"path": "/usr/sbin/cleanup.sh",
436+
"args": [
437+
"cleanup.sh",
438+
"-f"
439+
]
398440
}
399441
]
400442
},
401443
"linux": {
444+
"devices": [
445+
{
446+
"path": "/dev/fuse",
447+
"type": "c",
448+
"major": 10,
449+
"minor": 229,
450+
"fileMode": 438,
451+
"uid": 0,
452+
"gid": 0
453+
},
454+
{
455+
"path": "/dev/sda",
456+
"type": "b",
457+
"major": 8,
458+
"minor": 0,
459+
"fileMode": 432,
460+
"uid": 0,
461+
"gid": 0
462+
}
463+
],
464+
"sysctl": {
465+
"net.ipv4.ip_forward": "1",
466+
"net.core.somaxconn": "256"
467+
},
468+
"cgroupsPath": "/myRuntime/myContainer",
402469
"resources": {
470+
"network": {
471+
"classID": 1048577,
472+
"priorities": [
473+
{
474+
"name": "eth0",
475+
"priority": 500
476+
},
477+
{
478+
"name": "eth1",
479+
"priority": 1000
480+
}
481+
]
482+
},
483+
"pids": {
484+
"limit": 32771
485+
},
486+
"hugepageLimits": [
487+
{
488+
"pageSize": "2MB",
489+
"limit": 9223372036854772000
490+
}
491+
],
492+
"oomScoreAdj": 100,
493+
"memory": {
494+
"limit": 536870912,
495+
"reservation": 536870912,
496+
"swap": 536870912,
497+
"kernel": 0,
498+
"kernelTCP": 0,
499+
"swappiness": 0
500+
},
501+
"cpu": {
502+
"shares": 1024,
503+
"quota": 1000000,
504+
"period": 500000,
505+
"realtimeRuntime": 950000,
506+
"realtimePeriod": 1000000,
507+
"cpus": "2-3",
508+
"mems": "0-7"
509+
},
510+
"disableOOMKiller": false,
403511
"devices": [
404512
{
405513
"allow": false,
406514
"access": "rwm"
515+
},
516+
{
517+
"allow": true,
518+
"type": "c",
519+
"major": 10,
520+
"minor": 229,
521+
"access": "rw"
522+
},
523+
{
524+
"allow": true,
525+
"type": "b",
526+
"major": 8,
527+
"minor": 0,
528+
"access": "r"
529+
}
530+
],
531+
"blockIO": {
532+
"blkioWeight": 10,
533+
"blkioLeafWeight": 10,
534+
"blkioWeightDevice": [
535+
{
536+
"major": 8,
537+
"minor": 0,
538+
"weight": 500,
539+
"leafWeight": 300
540+
},
541+
{
542+
"major": 8,
543+
"minor": 16,
544+
"weight": 500
545+
}
546+
],
547+
"blkioThrottleReadBpsDevice": [
548+
{
549+
"major": 8,
550+
"minor": 0,
551+
"rate": 600
552+
}
553+
],
554+
"blkioThrottleWriteIOPSDevice": [
555+
{
556+
"major": 8,
557+
"minor": 16,
558+
"rate": 300
559+
}
560+
]
561+
}
562+
},
563+
"rootfsPropagation": "slave",
564+
"seccomp": {
565+
"defaultAction": "SCMP_ACT_ALLOW",
566+
"architectures": [
567+
"SCMP_ARCH_X86"
568+
],
569+
"syscalls": [
570+
{
571+
"name": "getcwd",
572+
"action": "SCMP_ACT_ERRNO"
407573
}
408574
]
409575
},
@@ -423,7 +589,25 @@ Here is a full example `config.json` for reference.
423589
{
424590
"type": "mount"
425591
}
592+
],
593+
"maskedPaths": [
594+
"/proc/kcore",
595+
"/proc/latency_stats",
596+
"/proc/timer_stats",
597+
"/proc/sched_debug"
598+
],
599+
"readonlyPaths": [
600+
"/proc/asound",
601+
"/proc/bus",
602+
"/proc/fs",
603+
"/proc/irq",
604+
"/proc/sys",
605+
"/proc/sysrq-trigger"
426606
]
607+
},
608+
"annotations": {
609+
"key1": "value1",
610+
"key2": "value2"
427611
}
428612
}
429613
```

0 commit comments

Comments
 (0)