kubernetes

package
v1.21.1-0...-8239ed6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 25, 2020 License: Apache-2.0 Imports: 57 Imported by: 0

Documentation

Overview

Package kubernetes provides implementations of `Cluster` and `manifests` that interact with the Kubernetes API (using kubectl or the k8s API client).

Index

Constants

View Source
const AntecedentAnnotation = "flux.weave.works/antecedent"

AntecedentAnnotation is an annotation on a resource indicating that the cause of that resource (indirectly, via a Helm release) is a HelmRelease. We use this rather than the `OwnerReference` type built into Kubernetes so that there are no garbage-collection implications. The value is expected to be a serialised `resource.ID`.

Variables

This section is empty.

Functions

func MakeCachedDiscovery

func MakeCachedDiscovery(d discovery.DiscoveryInterface, c crd.Interface, shutdown <-chan struct{}) discovery.CachedDiscoveryInterface

MakeCachedDiscovery constructs a CachedDicoveryInterface that will be invalidated whenever the set of CRDs change. The idea is that the only avenue of a change to the API resources in a running system is CRDs being added, updated or deleted.

func NewManifests

func NewManifests(ns namespacer, logger log.Logger) *manifests

func NewNamespacer

func NewNamespacer(d discovery.DiscoveryInterface, defaultNamespaceOverride string) (*namespaceViaDiscovery, error)

NewNamespacer creates an implementation of Namespacer If not empty `defaultNamespaceOverride` is used as the namespace when a resource doesn't have a namespace specified. If empty the namespace from the context in the KUBECONFIG is used, otherwise the "default" namespace is used mimicking kubectl behavior

func NewSSHKeyRing

func NewSSHKeyRing(config SSHKeyRingConfig) (*sshKeyRing, error)

NewSSHKeyRing constructs an sshKeyRing backed by a kubernetes secret resource. The keyring is initialised with the key that was previously stored in the secret (either by regenerate() or an administrator), or a freshly generated key if none was found.

func NewSopsManifests

func NewSopsManifests(ns namespacer, logger log.Logger) *manifests

func ObjectMissingError

func ObjectMissingError(obj string, err error) *fluxerr.Error

func UpdateNotSupportedError

func UpdateNotSupportedError(kind string) *fluxerr.Error

Types

type Applier

type Applier interface {
	// contains filtered or unexported methods
}

Applier is something that will apply a changeset to the cluster.

type Cluster

type Cluster struct {
	// Do garbage collection when syncing resources
	GC bool
	// dry run garbage collection without syncing
	DryGC bool
	// contains filtered or unexported fields
}

Cluster is a handle to a Kubernetes API server. (Typically, this code is deployed into the same cluster.)

func NewCluster

func NewCluster(client ExtendedClient, applier Applier, sshKeyRing ssh.KeyRing, logger log.Logger, allowedNamespaces map[string]struct{}, imageIncluder cluster.Includer, resourceExcludeList []string) *Cluster

NewCluster returns a usable cluster.

func (*Cluster) AllWorkloads

func (c *Cluster) AllWorkloads(ctx context.Context, restrictToNamespace string) (res []cluster.Workload, err error)

AllWorkloads returns all workloads in allowed namespaces matching the criteria; that is, in the namespace (or any namespace if that argument is empty)

func (*Cluster) Export

func (c *Cluster) Export(ctx context.Context) ([]byte, error)

Export exports cluster resources

func (*Cluster) ImagesToFetch

func (c *Cluster) ImagesToFetch() registry.ImageCreds

ImagesToFetch is a k8s specific method to get a list of images to update along with their credentials

func (*Cluster) IsAllowedResource

func (c *Cluster) IsAllowedResource(id resource.ID) bool

func (*Cluster) Ping

func (c *Cluster) Ping() error

func (*Cluster) PublicSSHKey

func (c *Cluster) PublicSSHKey(regenerate bool) (ssh.PublicKey, error)

func (*Cluster) SomeWorkloads

func (c *Cluster) SomeWorkloads(ctx context.Context, ids []resource.ID) (res []cluster.Workload, err error)

SomeWorkloads returns the workloads named, missing out any that don't exist in the cluster or aren't in an allowed namespace. They do not necessarily have to be returned in the order requested.

func (*Cluster) Sync

func (c *Cluster) Sync(syncSet cluster.SyncSet) error

Sync takes a definition of what should be running in the cluster, and attempts to make the cluster conform. An error return does not necessarily indicate complete failure; some resources may succeed in being synced, and some may fail (for example, they may be malformed).

type ConstNamespacer

type ConstNamespacer string

func (ConstNamespacer) EffectiveNamespace

func (ns ConstNamespacer) EffectiveNamespace(manifest kresource.KubeManifest, _ ResourceScopes) (string, error)

type ExtendedClient

type ExtendedClient struct {
	// contains filtered or unexported fields
}

func MakeClusterClientset

func MakeClusterClientset(core coreClient, dyn dynamicClient,
	helmop helmOperatorClient, disco discoveryClient) ExtendedClient

type KubeYAML

type KubeYAML struct {
}

KubeYAML is a placeholder value for calling the helper executable `kubeyaml`.

func (KubeYAML) Annotate

func (k KubeYAML) Annotate(in []byte, ns, kind, name string, policies ...string) ([]byte, error)

Annotate calls the kubeyaml subcommand `annotate` with the arguments as given.

func (KubeYAML) Image

func (k KubeYAML) Image(in []byte, ns, kind, name, container, image string) ([]byte, error)

Image calls the kubeyaml subcommand `image` with the arguments given.

func (KubeYAML) Set

func (k KubeYAML) Set(in []byte, ns, kind, name string, values ...string) ([]byte, error)

Set calls the kubeyaml subcommand `set` with the arguments given.

type Kubectl

type Kubectl struct {
	// contains filtered or unexported fields
}

func NewKubectl

func NewKubectl(exe string, config *rest.Config) *Kubectl

type ResourceScopes

type ResourceScopes map[schema.GroupVersionKind]v1beta1.ResourceScope

ResourceScopes maps resource definitions (GroupVersionKind) to whether they are namespaced or not

type SSHKeyRingConfig

type SSHKeyRingConfig struct {
	SecretAPI             v1.SecretInterface
	SecretName            string
	SecretVolumeMountPath string // e.g. "/etc/fluxd/ssh"
	SecretDataKey         string // e.g. "identity"
	KeyBits               ssh.OptionalValue
	KeyType               ssh.OptionalValue
	KeyFormat             ssh.OptionalValue
	KeyGenDir             string // a tmpfs mount; e.g., /var/fluxd/ssh
}

SSHKeyRingConfig is used to configure the keyring with key generation options and the parameters of its backing kubernetes secret resource. SecretVolumeMountPath must be mounted RW for regenerate() to work, and to set the privateKeyFileMode on the identity secret file.

Notes

Bugs

  • Updating the kubernetes secret should be done via an ephemeral external executable invoked with coredumps disabled and using syscall.Mlockall(MCL_FUTURE) in conjunction with an appropriate ulimit to ensure the private key isn't unintentionally written to persistent storage.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL