Clients may define environment variables at the container level, which all processes running in the container will receive. For example:
EnvironmentVariables: []*models.EnvironmentVariable{
{
Name: "FOO",
Value: "BAR",
},
{
Name: "LANG",
Value: "en_US.UTF-8",
},
}For more details on the environment variables provided to processes in the container, see the section on the Container Runtime Environment
List of dependencies to cache on the Diego Cell and then to bind-mount into the container at the specified location. For example:
CachedDependencies: []*models.CachedDependency{
{
Name: "app bits",
From: "https://blobstore.com/bits/app-bits",
To: "/usr/local/app",
CacheKey: "cache-key",
LogSource: "log-source",
ChecksumAlgorithm: "md5",
ChecksumValue: "the-checksum",
},
},The ChecksumAlgorithm and ChecksumValue are optional and used to validate the downloaded binary. They must be used together.
Volume Mounts are used to specify persistent storage to be attached to a container in either a Task or LRP.
You can define the specific storage subsystem driver, volumeId, path in the container, bind mount mode as well as some driver specific configuration information.
See the model documentation for VolumeMount here
VolumeMounts: []*models.VolumeMount{
{
Driver: "my-driver",
VolumeId: "my-volume",
ContainerPath: "/mnt/mypath",
Mode: models.BindMountMode_RO,
},
}List of firewall rules applied to the Task container. If traffic originating inside the container has a destination matching one of the rules, it is allowed egress. For example,
EgressRules: []*models.SecurityGroupRule{
{
Protocol: "tcp",
Destinations: []string{"0.0.0.0/0"},
PortRange: &models.PortRange{
Start: 1,
End: 1024,
},
Log: true,
},
{
Protocol: "udp",
Destinations: []string{"8.8.0.0/16"},
Ports: []uint32{53},
},
}This list of rules allows all outgoing TCP traffic bound for ports 1 though 1024 and UDP traffic to subnet 8.8.0.0/16 on port 53. Syslog messages are emitted for new connections matching the TCP rule.
The protocol type of the rule can be one of the following values: tcp, udp,icmp, or all.
List of string representing a single IPv4 address (1.2.3.4), a range of IPv4 addresses (1.2.3.4-2.3.4.5), or an IPv4 subnet in CIDR notation (1.2.3.4/24).
The Ports field is a list of integers between 1 and 65535 that correspond to destination ports.
The PortRange field is a struct with a Start field and an End field, both integers between 1 and 65535. These values are required and signify the start and end of the port range, inclusive.
- Either
PortsorPortRangemust be provided for protocoltcpandudp. - It is an error to provide both.
The IcmpInfo field stores two fields with parameters that pertain to ICMP traffic:
Type[required]: integer between 0 and 255Code[required]: integer
rule := &SecurityGroupRule{
Protocol: "icmp",
IcmpInfo: &ICMPInfo{Type: 8, Code: 0}
}IcmpInfois required for protocolicmp.- It is an error to provide for other protocols.
If true, the system will log new outgoing connections that match the rule.
Logis optional fortcpandall.- It is an error to set
Logto true when the protocol isudporicmp. - To ensure that they apply first, put all rules with
Logset to true at the end of the rule list.
Protocol all:
all := &SecurityGroupRule{
Protocol: "all",
Destinations: []string{"1.2.3.4"},
Log: true,
}Protocol tcp:
tcp := &SecurityGroupRule{
Protocol: "tcp",
Destinations: []string{"1.2.3.4-2.3.4.5"},
Ports: []int[80, 443],
Log: true,
}Protocol udp:
udp := &SecurityGroupRule{
Protocol: "udp",
Destinations: []string{"1.2.3.4/8"},
PortRange: {
Start: 8000,
End: 8085,
},
}Protocol icmp:
icmp := &SecurityGroupRule{
Protocol: "icmp",
Destinations: []string{"1.2.3.4", "2.3.4.5/6"},
IcmpInfo: {
Type: 1,
Code: 40,
},
}