# Tank v0.2.0 - Table of Contents

> A declarative container orchestrator for Linux, built on the public Linx API: declare pods of namespaced workloads as data, and a reconcile loop converges the machine onto them — host-reconciled macvlan networking, cgroup limits, and a Khepri-backed desired-state store.

## Pages

- [Tank](readme.md)
- [Changelog](changelog.md)
- [Tank by example](examples.md)
- [License](license.md)

## Modules

- [Tank](Tank.md): Tank — an opinionated, declarative container orchestrator built on Linx.
- [Tank.Container](Tank.Container.md): A container's desired state inside a pod.
- [Tank.Host](Tank.Host.md): The host-config seam: how Tank reads the *host's* network facts without owning
them — the uplink a macvlan attaches to, and the DNS servers a container
inherits.
- [Tank.Host.Static](Tank.Host.Static.md): The default `Tank.Host`: uplink + DNS read straight from application config.
Runs anywhere, with no host-network integration.
- [Tank.Image](Tank.Image.md): Pulls an OCI / Docker image and assembles it into a root filesystem a
container can run from.
- [Tank.Image.Registry](Tank.Image.Registry.md): OCI registry access for image pulls — a thin shim over `Stevedore.Registry`.
- [Tank.Image.Tar](Tank.Image.Tar.md): Extracts an OCI image layer -- a gzipped tar -- into a directory.
- [Tank.Image.User](Tank.Image.User.md): Resolves an image's `User` spec to a numeric `{uid, gid}`.
- [Tank.Mount](Tank.Mount.md): A `Tank.Volume` mounted into a container at an absolute in-rootfs `path`.
- [Tank.Nic](Tank.Nic.md): One network interface inside a pod's network namespace.
- [Tank.OCI](Tank.OCI.md): Interprets a pulled OCI image config against a `Tank.Container` spec to derive
the workload's run parameters, per the OCI rules
- [Tank.Pod](Tank.Pod.md): A pod's desired state: one or more containers sharing a single network
namespace, the pod-level network and volumes, and a restart policy. The pod
`name` is the unique key (the Khepri path leaf under `[:tank, :pods, name]`).
- [Tank.Pod.Network](Tank.Pod.Network.md): A pod's network namespace: a set of interfaces plus pod-level DNS (one
`/etc/resolv.conf` per netns). Loopback is always raised by the runtime.
- [Tank.Reconciler](Tank.Reconciler.md): The level-triggered control loop that converges running pods to the desired
state in `Tank.Store`. This is what closes the declarative loop: you
`Tank.apply/1` a pod and the reconciler starts it — you never start a
container imperatively.
- [Tank.Runtime](Tank.Runtime.md): Brings one pod to running reality and supervises it.
- [Tank.Runtime.Network](Tank.Runtime.Network.md): Configures a pod's network namespace at the `Linx.Process` `:ready`
checkpoint. A pod's `:network` is one of
- [Tank.Runtime.Rootfs](Tank.Runtime.Rootfs.md): Host-side container rootfs bring-up, run during the `Linx.Process` `:ready`
checkpoint. Builds the container's filesystem inside its mount namespace and
pivots into it, leaving the workload ready to `execve`.
- [Tank.Store](Tank.Store.md): The desired-state store seam: Tank's view of the `[:tank, :pods, …]` subtree
of a Khepri store.
- [Tank.Volume](Tank.Volume.md): A pod-level storage volume, mounted into containers via `Tank.Mount`.