mutator

package

v0.9.2-alpha Latest Latest Go to latest Published: Dec 8, 2017 License: Apache-2.0 Imports: 28 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/koli/koli

Documentation ¶

Index ¶

Constants
Variables
func NewKongClient(client request.HTTPClient, apiURL string) (request.Interface, error)
type Config
- func (c *Config) GetImages() []string
- func (c *Config) GetServeAddress() (string, bool)
type Handler
- func NewHandler(clientset kubernetes.Interface, tprClient rest.Interface, ...) *Handler

Constants ¶

View Source

const (
	// NamespaceIsolationAnnotation deny traffic between pods
	// https://kubernetes.io/docs/concepts/services-networking/networkpolicies/#configuring-namespace-isolation
	NamespaceIsolationAnnotation = "net.beta.kubernetes.io/network-policy"
	// NamespaceHardLimit limits how many namespaces a user could create
	// In the future this will be associate to a Custom Resource Definition
	NamespaceHardLimit = 2
)

View Source

const (
	OSUserID = 2000
)

Variables ¶

View Source

var (
	DefaultClusterRole = rbac.ClusterRole{
		ObjectMeta: metav1.ObjectMeta{
			Name: platform.DefaultClusterRole,
		},
		Rules: []rbac.PolicyRule{
			{
				APIGroups: []string{"", "extensions", platform.GroupName},
				Resources: []string{
					"deployments",
					"domains",
					"events",
					"ingresses",
					"releases",
					"replicasets",
					"resourcequotas",
				},
				Verbs: []string{"get", "watch", "list"},
			},
			{
				APIGroups: []string{""},
				Resources: []string{
					"pods",
					"pods/attach",
					"pods/exec",
					"pods/log",
					"pods/portforward",
					"services",
				},
				Verbs: []string{
					"create",
					"delete",
					"deletecollection",
					"get",
					"list",
					"patch",
					"update",
					"watch",
				},
			},
			{
				APIGroups: []string{"extensions", platform.GroupName},
				Resources: []string{"deployments", "releases", "replicasets"},
				Verbs:     []string{"delete", "deletecollection"},
			},
		},
	}
)

Functions ¶

func NewKongClient ¶

func NewKongClient(client request.HTTPClient, apiURL string) (request.Interface, error)

Types ¶

type Config ¶

type Config struct {
	Host               string `envconfig:"KUBERNETES_SERVICE_HOST" required:"true"`
	TLSInsecure        bool
	TLSServerConfig    rest.TLSClientConfig
	TLSClientConfig    rest.TLSClientConfig
	Serve              string
	AllowedImages      string
	RegistryImages     string
	KongAPIHost        string
	PlatformPubKeyFile string `envconfig:"PLATFORM_JWT_PUB_KEY_FILE" required:"true"`
	PlatformPubKey     []byte
}

Config is the daemon base configuration

func (*Config) GetImages ¶

func (c *Config) GetImages() []string

GetImages returns of allowed images with the registry as prefix

func (*Config) GetServeAddress ¶

func (c *Config) GetServeAddress() (string, bool)

GetServeAddress return the address to bind the server

type Handler ¶

type Handler struct {
	// contains filtered or unexported fields
}

Handler is the base handler for all mutators

func NewHandler ¶

func NewHandler(clientset kubernetes.Interface, tprClient rest.Interface, kongClient request.Interface, cfg *Config) *Handler

NewHandler creates a new mutator Handler

func (*Handler) Authorize ¶

func (h *Handler) Authorize(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)

Authorize it's a middleware to process jwt token authorizations

func (*Handler) DeploymentsOnCreate ¶

func (h *Handler) DeploymentsOnCreate(w http.ResponseWriter, r *http.Request)

DeploymentsOnCreate mutate requests on POST

func (*Handler) DeploymentsOnMod ¶

func (h *Handler) DeploymentsOnMod(w http.ResponseWriter, r *http.Request)

DeploymentsOnMod mutates PUT and PATCH requests

func (*Handler) DomainsOnCreate ¶

func (h *Handler) DomainsOnCreate(w http.ResponseWriter, r *http.Request)

DomainsOnCreate validate and mutates POST requests

func (*Handler) DomainsOnHead ¶

func (h *Handler) DomainsOnHead(w http.ResponseWriter, r *http.Request)

DomainsOnHead performs a check and verify if a primary domain is already claimed in the cluster

func (*Handler) DomainsOnMod ¶

func (h *Handler) DomainsOnMod(w http.ResponseWriter, r *http.Request)

DomainsOnMod mutates and validates PUT and PATCH requests

func (*Handler) IngressOnCreate ¶

func (h *Handler) IngressOnCreate(w http.ResponseWriter, r *http.Request)

func (*Handler) IngressOnDelete ¶

func (h *Handler) IngressOnDelete(w http.ResponseWriter, r *http.Request)

func (*Handler) IngressOnPatch ¶

func (h *Handler) IngressOnPatch(w http.ResponseWriter, r *http.Request)

func (*Handler) NamespaceOnCreate ¶

func (h *Handler) NamespaceOnCreate(w http.ResponseWriter, r *http.Request)

NamespaceOnCreate mutates k8s request on creation

func (*Handler) NamespaceOnGet ¶

func (h *Handler) NamespaceOnGet(w http.ResponseWriter, r *http.Request)

func (*Handler) NamespaceOnList ¶

func (h *Handler) NamespaceOnList(w http.ResponseWriter, r *http.Request)

func (*Handler) NamespaceOnMod ¶

func (h *Handler) NamespaceOnMod(w http.ResponseWriter, r *http.Request)

NamespaceOnMod mutates k8s request on modify http methods (PUT, PATCH)

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
runtime

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL