Documentation ¶
Index ¶
- Constants
- func GetNativeSidecarContainerSpec(c *Config) v1.Container
- func GetSidecarContainerSpec(c *Config) v1.Container
- func GetSidecarContainerVolumeSpec(existingVolumes []v1.Volume) []v1.Volume
- func MustParseVersion(v string) *version.Version
- func ValidatePodHasSidecarContainerInjected(pod *v1.Pod, shouldInjectedByWebhook bool) (bool, bool)
- type Config
- type SidecarInjector
Constants ¶
View Source
const ( AnnotationGcsfuseVolumeEnableKey = "gke-gcsfuse/volumes" IstioSidecarName = "istio-proxy" )
View Source
const ( SidecarContainerName = "gke-gcsfuse-sidecar" SidecarContainerTmpVolumeName = "gke-gcsfuse-tmp" SidecarContainerTmpVolumeMountPath = "/gcsfuse-tmp" SidecarContainerBufferVolumeName = "gke-gcsfuse-buffer" SidecarContainerBufferVolumeMountPath = "/gcsfuse-buffer" SidecarContainerCacheVolumeName = "gke-gcsfuse-cache" SidecarContainerCacheVolumeMountPath = "/gcsfuse-cache" // See the nonroot user discussion: https://github.com/GoogleContainerTools/distroless/issues/443 NobodyUID = 65534 NobodyGID = 65534 )
Variables ¶
This section is empty.
Functions ¶
func GetNativeSidecarContainerSpec ¶ added in v1.2.0
func GetSidecarContainerSpec ¶
func MustParseVersion ¶ added in v1.2.0
func ValidatePodHasSidecarContainerInjected ¶
ValidatePodHasSidecarContainerInjected validates the following:
- One of the container or init container name matches the sidecar container name.
- The container uses NobodyUID and NobodyGID.
- The container uses the temp volume.
- The temp volume have correct volume mount paths.
- The Pod has the temp volume and the volume is an emptyDir volumes.
Returns two booleans:
- True when either native or regular sidecar is present.
- True iff the sidecar present is a native sidecar container.
Types ¶
type Config ¶
type Config struct { ContainerImage string `json:"-"` ImagePullPolicy string `json:"-"` //nolint:tagliatelle CPURequest resource.Quantity `json:"gke-gcsfuse/cpu-request,omitempty"` //nolint:tagliatelle CPULimit resource.Quantity `json:"gke-gcsfuse/cpu-limit,omitempty"` //nolint:tagliatelle MemoryRequest resource.Quantity `json:"gke-gcsfuse/memory-request,omitempty"` //nolint:tagliatelle MemoryLimit resource.Quantity `json:"gke-gcsfuse/memory-limit,omitempty"` //nolint:tagliatelle EphemeralStorageRequest resource.Quantity `json:"gke-gcsfuse/ephemeral-storage-request,omitempty"` //nolint:tagliatelle EphemeralStorageLimit resource.Quantity `json:"gke-gcsfuse/ephemeral-storage-limit,omitempty"` }
func FakeConfig ¶
func FakeConfig() *Config
func LoadConfig ¶
Click to show internal directories.
Click to hide internal directories.