eirinix: github.com/SUSE/eirinix Index | Files | Directories

package extension

import "github.com/SUSE/eirinix"

Index

Package Files

interface.go manager.go webhook.go webhook_configuration.go

Constants

const (
    LabelGUID       = "cloudfoundry.org/guid"
    LabelSourceType = "cloudfoundry.org/source_type"
)

func AddToScheme Uses

func AddToScheme(s *runtime.Scheme) error

AddToScheme adds all Resources to the Scheme

type DefaultExtensionManager Uses

type DefaultExtensionManager struct {
    // Extensions is the list of the Extensions that will be registered by the Manager
    Extensions []Extension

    // Watchers is the list of Eirini watchers handlers
    Watchers []Watcher

    // KubeManager is the kubernetes manager object which is setted up by the Manager
    KubeManager manager.Manager

    // Logger is the logger used internally and accessible to the Extensions
    Logger *zap.SugaredLogger

    // Context is the context structure used by internal components
    Context context.Context

    // WebhookConfig is the webhook configuration used to generate certificates
    WebhookConfig *WebhookConfig

    // WebhookServer is the webhook server where the Manager registers the Extensions to.
    WebhookServer *webhook.Server

    // Credsgen is the credential generator implementation used for generating certificates
    Credsgen credsgen.Generator

    // Options are the manager options
    Options ManagerOptions
    // contains filtered or unexported fields
}

DefaultExtensionManager represent an implementation of Manager

func (*DefaultExtensionManager) AddExtension Uses

func (m *DefaultExtensionManager) AddExtension(e Extension)

AddExtension adds an Erini extension to the manager

func (*DefaultExtensionManager) AddWatcher Uses

func (m *DefaultExtensionManager) AddWatcher(w Watcher)

AddWatcher adds an Erini watcher Extension to the manager

func (*DefaultExtensionManager) GenWatcher Uses

func (m *DefaultExtensionManager) GenWatcher(client corev1client.CoreV1Interface) (watch.Interface, error)

GenWatcher generates a watcher from a corev1client interface

func (*DefaultExtensionManager) GenWebHookServer Uses

func (m *DefaultExtensionManager) GenWebHookServer()

GenWebHookServer prepares the webhook server structures

func (*DefaultExtensionManager) GetKubeClient Uses

func (m *DefaultExtensionManager) GetKubeClient() (corev1client.CoreV1Interface, error)

GetKubeClient returns a kubernetes Corev1 client interface from the rest config used.

func (*DefaultExtensionManager) GetKubeConnection Uses

func (m *DefaultExtensionManager) GetKubeConnection() (*rest.Config, error)

GetKubeConnection sets up a connection to a Kubernetes cluster if not existing.

func (*DefaultExtensionManager) GetLogger Uses

func (m *DefaultExtensionManager) GetLogger() *zap.SugaredLogger

GetLogger returns the Manager injected logger

func (*DefaultExtensionManager) HandleEvent Uses

func (m *DefaultExtensionManager) HandleEvent(e watch.Event)

HandleEvent handles a watcher event. It propagates the event to all the registered watchers.

func (*DefaultExtensionManager) ListExtensions Uses

func (m *DefaultExtensionManager) ListExtensions() []Extension

ListExtensions returns the list of the Extensions added to the Manager

func (*DefaultExtensionManager) ListWatchers Uses

func (m *DefaultExtensionManager) ListWatchers() []Watcher

ListWatchers returns the list of the Extensions added to the Manager

func (*DefaultExtensionManager) OperatorSetup Uses

func (m *DefaultExtensionManager) OperatorSetup() error

OperatorSetup prepares the webhook server, generates certificates and configuration. It also setups the namespace label for the operator

func (*DefaultExtensionManager) PatchFromPod Uses

func (m *DefaultExtensionManager) PatchFromPod(req admission.Request, pod *corev1.Pod) admission.Response

func (*DefaultExtensionManager) ReadWatcherEvent Uses

func (m *DefaultExtensionManager) ReadWatcherEvent(w watch.Interface)

ReadWatcherEvent tries to read events from the watcher channel and return error if the channel is closed. It should be run in a loop.

func (*DefaultExtensionManager) RegisterExtensions Uses

func (m *DefaultExtensionManager) RegisterExtensions() error

RegisterExtensions it generates and register webhooks from the Extensions loaded in the Manager

func (*DefaultExtensionManager) SetKubeClient Uses

func (m *DefaultExtensionManager) SetKubeClient(c corev1client.CoreV1Interface)

SetKubeClient sets a kube client corev1 from a given one

func (*DefaultExtensionManager) SetKubeConnection Uses

func (m *DefaultExtensionManager) SetKubeConnection(c *rest.Config)

SetKubeConnection sets a rest config from a given one

func (*DefaultExtensionManager) Start Uses

func (m *DefaultExtensionManager) Start() error

Start starts the Manager infinite loop, and returns an error on failure

func (*DefaultExtensionManager) Stop Uses

func (m *DefaultExtensionManager) Stop()

func (*DefaultExtensionManager) Watch Uses

func (m *DefaultExtensionManager) Watch() error

Watch starts the Watchers Manager infinite loop, and returns an error on failure

type DefaultMutatingWebhook Uses

type DefaultMutatingWebhook struct {

    // EiriniExtension is the Eirini extension associated with the webhook
    EiriniExtension Extension

    // EiriniExtensionManager is the Manager which will be injected into the Handle.
    EiriniExtensionManager Manager

    // FilterEiriniApps indicates if the webhook will filter Eirini apps or not.
    FilterEiriniApps bool

    // Name is the name of the webhook
    Name string
    // Path is the path this webhook will serve.
    Path string
    // Rules maps to the Rules field in admissionregistrationv1beta1.Webhook
    Rules []admissionregistrationv1beta1.RuleWithOperations
    // FailurePolicy maps to the FailurePolicy field in admissionregistrationv1beta1.Webhook
    // This optional. If not set, will be defaulted to Ignore (fail-open) by the server.
    // More details: https://github.com/kubernetes/api/blob/f5c295feaba2cbc946f0bbb8b535fc5f6a0345ee/admissionregistration/v1beta1/types.go#L144-L147
    FailurePolicy admissionregistrationv1beta1.FailurePolicyType
    // NamespaceSelector maps to the NamespaceSelector field in admissionregistrationv1beta1.Webhook
    // This optional.
    NamespaceSelector *metav1.LabelSelector
    // Handlers contains a list of handlers. Each handler may only contains the business logic for its own feature.
    // For example, feature foo and bar can be in the same webhook if all the other configurations are the same.
    // The handler will be invoked sequentially as the order in the list.
    // Note: if you are using mutating webhook with multiple handlers, it's your responsibility to
    // ensure the handlers are not generating conflicting JSON patches.
    Handler admission.Handler
    // Webhook contains the Admission webhook information that we register with the controller runtime.
    Webhook *webhook.Admission
    // contains filtered or unexported fields
}

DefaultMutatingWebhook is the implementation of the Webhook generated out of the Eirini Extension

func (*DefaultMutatingWebhook) GetFailurePolicy Uses

func (w *DefaultMutatingWebhook) GetFailurePolicy() admissionregistrationv1beta1.FailurePolicyType

func (*DefaultMutatingWebhook) GetHandler Uses

func (w *DefaultMutatingWebhook) GetHandler() admission.Handler

func (*DefaultMutatingWebhook) GetName Uses

func (w *DefaultMutatingWebhook) GetName() string

func (*DefaultMutatingWebhook) GetNamespaceSelector Uses

func (w *DefaultMutatingWebhook) GetNamespaceSelector() *metav1.LabelSelector

func (*DefaultMutatingWebhook) GetPath Uses

func (w *DefaultMutatingWebhook) GetPath() string

func (*DefaultMutatingWebhook) GetPod Uses

func (w *DefaultMutatingWebhook) GetPod(req admission.Request) (*corev1.Pod, error)

GetPod retrieves a pod from a types.Request

func (*DefaultMutatingWebhook) GetRules Uses

func (w *DefaultMutatingWebhook) GetRules() []admissionregistrationv1beta1.RuleWithOperations

func (*DefaultMutatingWebhook) GetWebhook Uses

func (w *DefaultMutatingWebhook) GetWebhook() *webhook.Admission

func (*DefaultMutatingWebhook) Handle Uses

func (w *DefaultMutatingWebhook) Handle(ctx context.Context, req admission.Request) admission.Response

Handle delegates the Handle function to the Eirini Extension

func (*DefaultMutatingWebhook) InjectClient Uses

func (w *DefaultMutatingWebhook) InjectClient(c client.Client) error

InjectClient injects the client.

func (*DefaultMutatingWebhook) InjectDecoder Uses

func (w *DefaultMutatingWebhook) InjectDecoder(d *admission.Decoder) error

InjectDecoder injects the decoder.

func (*DefaultMutatingWebhook) RegisterAdmissionWebHook Uses

func (w *DefaultMutatingWebhook) RegisterAdmissionWebHook(server *webhook.Server, opts WebhookOptions) error

RegisterAdmissionWebHook registers the Mutating WebHook to the WebHook Server and returns the generated Admission Webhook

type Extension Uses

type Extension interface {
    // Handle handles a kubernetes request.
    // It is the main entry point of the Eirini extensions and the arguments are the
    // decoded payloads from the kubeapi server.
    //
    // The manager will attempt to decode a pod from the request if possible and passes it to the Manager.
    Handle(context.Context, Manager, *corev1.Pod, admission.Request) admission.Response
}

Extension is the Eirini Extension interface

An Eirini Extension must implement it by providing only an Handle method which will be used as a response to the kube api server.

The Extension typically returns a set of patches defining the difference between the pod received in the request and the wanted state from the Extension.

type Manager Uses

type Manager interface {

    // AddExtension adds an Extension to the manager
    //
    // The manager later on, will register the Extension when Start() is being called.
    AddExtension(e Extension)

    // Start starts the manager infinite loop.
    //
    // Registers all the Extensions and generates
    // the respective mutating webhooks.
    //
    // Returns error in case of failure.
    Start() error

    // ListExtensions returns a list of the current loaded Extension
    ListExtensions() []Extension

    // GetKubeConnection sets up a kube connection if not already present
    //
    // Returns the rest config used to establish a connection to the kubernetes cluster.
    GetKubeConnection() (*rest.Config, error)

    // GetKubeClient sets up a kube client if not already present
    //
    // Returns the kubernetes interface.
    GetKubeClient() (corev1client.CoreV1Interface, error)

    // GetLogger returns the logger of the application. It can be passed an already existing one
    // by using NewManager()
    GetLogger() *zap.SugaredLogger

    // Watch starts the main loop for the registered watchers
    Watch() error

    // AddWatcher register a watcher to EiriniX
    AddWatcher(w Watcher)

    // Helper to compute the patch from a pod update
    PatchFromPod(req admission.Request, pod *corev1.Pod) admission.Response

    // Register Extensions to the kubernetes cluster.
    RegisterExtensions() error
}

Manager is the interface of the manager for registering Eirini extensions

It will generate webhooks that will satisfy the MutatingWebhook interface from the defined Extensions.

func NewManager Uses

func NewManager(opts ManagerOptions) Manager

NewManager returns a manager for the kubernetes cluster. the kubeconfig file and the logger are optional

type ManagerOptions Uses

type ManagerOptions struct {

    // Namespace is the namespace where the Manager is operating
    Namespace string

    // Host is the listening host address for the Manager
    Host string

    // Port is the listening port
    Port int32

    // KubeConfig is the kubeconfig path. Optional, omit for in-cluster connection
    KubeConfig string

    // Logger is the default logger. Optional, if omitted a new one will be created
    Logger *zap.SugaredLogger

    // FailurePolicy default failure policy for the webhook server.  Optional, defaults to fail
    FailurePolicy *admissionregistrationv1beta1.FailurePolicyType

    // FilterEiriniApps enables or disables Eirini apps filters.  Optional, defaults to true
    FilterEiriniApps *bool

    // OperatorFingerprint is a unique string identifiying the Manager.  Optional, defaults to eirini-x
    OperatorFingerprint string

    // SetupCertificateName is the name of the generated certificates.  Optional, defaults uses OperatorFingerprint to generate a new one
    SetupCertificateName string

    // RegisterWebHook enables or disables automatic registering of webhooks. Defaults to true
    RegisterWebHook *bool

    // SetupCertificate enables or disables automatic certificate generation. Defaults to true
    SetupCertificate *bool

    // ServiceName registers the Extension as a MutatingWebhook reachable by a service
    ServiceName string

    // WebhookNamespace, when ServiceName is supplied, a WebhookNamespace is required to indicate in which namespace the webhook service runs on
    WebhookNamespace string
}

ManagerOptions represent the Runtime manager options

type MutatingWebhook Uses

type MutatingWebhook interface {
    Handle(context.Context, admission.Request) admission.Response
    InjectClient(c client.Client) error
    InjectDecoder(d *admission.Decoder) error
    RegisterAdmissionWebHook(*webhook.Server, WebhookOptions) error

    GetName() string
    GetPath() string
    GetRules() []admissionregistrationv1beta1.RuleWithOperations
    GetFailurePolicy() admissionregistrationv1beta1.FailurePolicyType
    GetNamespaceSelector() *metav1.LabelSelector
    GetHandler() admission.Handler
    GetWebhook() *webhook.Admission
}

MutatingWebhook is the interface of the generated webhook from the Extension

It represent the minimal set of methods that the libraries used behind the scenes expect from a structure that implements a Mutating Webhook

func NewWebhook Uses

func NewWebhook(e Extension, m Manager) MutatingWebhook

NewWebhook returns a MutatingWebhook out of an Eirini Extension

type Watcher Uses

type Watcher interface {
    Handle(Manager, watch.Event)
}

Watcher is the Eirini Watcher Extension interface.

An Eirini Watcher must implement a Handle method, which is called with the event that occurred in the namespace.

type WebhookConfig Uses

type WebhookConfig struct {
    ConfigName    string
    CertDir       string
    Certificate   []byte
    Key           []byte
    CaCertificate []byte
    CaKey         []byte
    // contains filtered or unexported fields
}

WebhookConfig generates certificates and the configuration for the webhook server

func NewWebhookConfig Uses

func NewWebhookConfig(c client.Client, config *config.Config, generator credsgen.Generator, configName string, setupCertificateName string, serviceName string, webhookNamespace string) *WebhookConfig

NewWebhookConfig returns a new WebhookConfig

func (*WebhookConfig) GenerateAdmissionWebhook Uses

func (f *WebhookConfig) GenerateAdmissionWebhook(webhooks []MutatingWebhook) []admissionregistrationv1beta1.Webhook

type WebhookOptions Uses

type WebhookOptions struct {
    ID             string // Webhook path will be generated out of that
    MatchLabels    map[string]string
    Manager        manager.Manager
    ManagerOptions ManagerOptions
}

WebhookOptions are the options required to register a WebHook to the WebHook server

Directories

PathSynopsis
testingPackage testing contains methods to create test data.
testing/fakesCode generated by counterfeiter.
util/ctxlog

Package extension imports 34 packages (graph) and is imported by 4 packages. Updated 2019-11-12. Refresh now. Tools for package owners.