-
Notifications
You must be signed in to change notification settings - Fork 1.3k
/
Copy pathworkspace_daemon.proto
173 lines (140 loc) · 5.48 KB
/
workspace_daemon.proto
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
syntax = "proto3";
package iws;
option go_package = "github.com/gitpod-io/gitpod/ws-daemon/api";
service InWorkspaceService {
// PrepareForUserNS prepares a workspace container for wrapping it in a user namespace.
// A container that called this function MUST call Teardown.
//
// This call will make the workspace container's rootfs shared, and mount the workspace
// container's rootfs as a shiftfs mark under `/.workspace/mark` if the workspace has
// the daemon hostPath mount. Can only be used once per workspace.
rpc PrepareForUserNS(PrepareForUserNSRequest) returns (PrepareForUserNSResponse) {}
// WriteIDMapping writes a new user/group ID mapping to /proc/<pid>/uid_map (gid_map respectively). This is used
// for user namespaces and is available four times every 10 seconds.
rpc WriteIDMapping(WriteIDMappingRequest) returns (WriteIDMappingResponse) {}
// EvacuateCGroup empties the workspace pod cgroup and produces a new substructure.
// In combincation with introducing a new cgroup namespace, we can create a situation
// where the subcontroller are enabled and the ring2-visible cgroup is of type "domain".
rpc EvacuateCGroup(EvacuateCGroupRequest) returns (EvacuateCGroupResponse) {}
// MountProc mounts a masked proc in the container's rootfs.
// The PID must be in the PID namespace of the workspace container.
// The path is relative to the mount namespace of the PID.
rpc MountProc(MountProcRequest) returns (MountProcResponse) {}
// UmountProc unmounts a masked proc from the container's rootfs.
// The PID must be in the PID namespace of the workspace container.
// The path is relative to the mount namespace of the PID.
rpc UmountProc(UmountProcRequest) returns (UmountProcResponse) {}
// MountSysfs mounts a masked sysfs in the container's rootfs.
// The PID must be in the PID namespace of the workspace container.
// The path is relative to the mount namespace of the PID.
rpc MountSysfs(MountProcRequest) returns (MountProcResponse) {}
// UmountSysfs unmounts a masked sysfs from the container's rootfs.
// The PID must be in the PID namespace of the workspace container.
// The path is relative to the mount namespace of the PID.
rpc UmountSysfs(UmountProcRequest) returns (UmountProcResponse) {}
// MountNfs mounts a nfs share into the container's rootfs.
// The PID must be in the PID namespace of the workspace container.
// The path is relative to the mount namespace of the PID.
rpc MountNfs(MountNfsRequest) returns (MountNfsResponse){}
// UmountNfs unmounts a nfs share from the container's rootfs.
// The PID must be in the PID namespace of the workspace container.
// The path is relative to the mount namespace of the PID.
rpc UmountNfs(UmountNfsRequest) returns (UmountNfsResponse){}
// Teardown prepares workspace content backups and unmounts shiftfs mounts. The canary is supposed to be triggered
// when the workspace is about to shut down, e.g. using the PreStop hook of a Kubernetes container.
rpc Teardown(TeardownRequest) returns (TeardownResponse) {}
// WipingTeardown undoes everything PrepareForUserNS does, especially unmounts shiftfs mounts
rpc WipingTeardown(WipingTeardownRequest) returns (WipingTeardownResponse) {}
// Set up a pair of veths that interconnect the specified PID and the workspace container's network namespace.
rpc SetupPairVeths(SetupPairVethsRequest) returns (SetupPairVethsResponse) {}
// Get information about the workspace
rpc WorkspaceInfo(WorkspaceInfoRequest) returns (WorkspaceInfoResponse) {}
}
service WorkspaceInfoService {
// Get information about the workspace
rpc WorkspaceInfo(WorkspaceInfoRequest) returns (WorkspaceInfoResponse) {}
}
message PrepareForUserNSRequest {}
message PrepareForUserNSResponse {
FSShiftMethod fs_shift = 1;
// was used for full workspace backup
reserved 2;
bool persistent_volume_claim = 3;
}
// FSShiftMethod describes the means by which we establish the ID shift for
// user namespaced workspaces.
enum FSShiftMethod {
SHIFTFS = 0;
// was used for FUSE
reserved 1;
}
message WriteIDMappingResponse {
string message = 1;
uint32 error_code = 2;
}
message WriteIDMappingRequest {
message Mapping {
uint32 container_id = 1;
uint32 host_id = 2;
uint32 size = 3;
}
int64 pid = 1;
bool gid = 2;
repeated Mapping mapping = 3;
}
message EvacuateCGroupRequest {}
message EvacuateCGroupResponse {}
message MountProcRequest {
string target = 1;
int64 pid = 2;
}
message MountProcResponse {
}
message UmountProcRequest {
string target = 1;
int64 pid = 2;
}
message UmountProcResponse {}
message MountNfsRequest {
string source = 1;
string target =2;
string args = 3;
int64 pid = 4;
}
message MountNfsResponse {}
message UmountNfsRequest {
string target = 1;
int64 pid = 2;
}
message UmountNfsResponse {}
message TeardownRequest {
}
message TeardownResponse {
bool success = 2;
}
message WipingTeardownRequest {
bool do_wipe = 1;
}
message WipingTeardownResponse {
bool success = 1;
}
message SetupPairVethsRequest {
int64 pid = 1;
}
message SetupPairVethsResponse {}
message WorkspaceInfoRequest {}
message WorkspaceInfoResponse {
Resources resources = 1;
}
message Resources {
Cpu cpu = 1;
Memory memory = 2;
}
message Cpu {
int64 used = 1;
int64 limit = 2;
}
message Memory {
int64 used = 1;
int64 limit = 2;
}