flux: github.com/weaveworks/flux/pkg/cluster/kubernetes Index | Files | Directories

package kubernetes

import "github.com/weaveworks/flux/pkg/cluster/kubernetes"

Package kubernetes provides implementations of `Cluster` and `manifests` that interact with the Kubernetes API (using kubectl or the k8s API client).


Package Files

cached_disco.go doc.go errors.go images.go kubernetes.go kubeyaml.go manifests.go mock.go namespacer.go patch.go policies.go resourcekinds.go sshkeyring.go sync.go update.go


const AntecedentAnnotation = "flux.weave.works/antecedent"

AntecedentAnnotation is an annotation on a resource indicating that the cause of that resource (indirectly, via a Helm release) is a HelmRelease. We use this rather than the `OwnerReference` type built into Kubernetes so that there are no garbage-collection implications. The value is expected to be a serialised `resource.ID`.

func MakeCachedDiscovery Uses

func MakeCachedDiscovery(d discovery.DiscoveryInterface, c crd.Interface, shutdown <-chan struct{}) discovery.CachedDiscoveryInterface

MakeCachedDiscovery constructs a CachedDicoveryInterface that will be invalidated whenever the set of CRDs change. The idea is that the only avenue of a change to the API resources in a running system is CRDs being added, updated or deleted.

func NewManifests Uses

func NewManifests(ns namespacer, logger log.Logger) *manifests

func NewNamespacer Uses

func NewNamespacer(d discovery.DiscoveryInterface, defaultNamespaceOverride string) (*namespaceViaDiscovery, error)

NewNamespacer creates an implementation of Namespacer If not empty `defaultNamespaceOverride` is used as the namespace when a resource doesn't have a namespace specified. If empty the namespace from the context in the KUBECONFIG is used, otherwise the "default" namespace is used mimicking kubectl behavior

func NewSSHKeyRing Uses

func NewSSHKeyRing(config SSHKeyRingConfig) (*sshKeyRing, error)

NewSSHKeyRing constructs an sshKeyRing backed by a kubernetes secret resource. The keyring is initialised with the key that was previously stored in the secret (either by regenerate() or an administrator), or a freshly generated key if none was found.

func NewSopsManifests Uses

func NewSopsManifests(ns namespacer, logger log.Logger) *manifests

func ObjectMissingError Uses

func ObjectMissingError(obj string, err error) *fluxerr.Error

func UpdateNotSupportedError Uses

func UpdateNotSupportedError(kind string) *fluxerr.Error

type Applier Uses

type Applier interface {
    // contains filtered or unexported methods

Applier is something that will apply a changeset to the cluster.

type Cluster Uses

type Cluster struct {
    // Do garbage collection when syncing resources
    GC  bool
    // dry run garbage collection without syncing
    DryGC bool
    // contains filtered or unexported fields

Cluster is a handle to a Kubernetes API server. (Typically, this code is deployed into the same cluster.)

func NewCluster Uses

func NewCluster(client ExtendedClient, applier Applier, sshKeyRing ssh.KeyRing, logger log.Logger, allowedNamespaces map[string]struct{}, imageIncluder cluster.Includer, resourceExcludeList []string) *Cluster

NewCluster returns a usable cluster.

func (*Cluster) AllWorkloads Uses

func (c *Cluster) AllWorkloads(ctx context.Context, restrictToNamespace string) (res []cluster.Workload, err error)

AllWorkloads returns all workloads in allowed namespaces matching the criteria; that is, in the namespace (or any namespace if that argument is empty)

func (*Cluster) Export Uses

func (c *Cluster) Export(ctx context.Context) ([]byte, error)

Export exports cluster resources

func (*Cluster) ImagesToFetch Uses

func (c *Cluster) ImagesToFetch() registry.ImageCreds

ImagesToFetch is a k8s specific method to get a list of images to update along with their credentials

func (*Cluster) IsAllowedResource Uses

func (c *Cluster) IsAllowedResource(id resource.ID) bool

func (*Cluster) Ping Uses

func (c *Cluster) Ping() error

func (*Cluster) PublicSSHKey Uses

func (c *Cluster) PublicSSHKey(regenerate bool) (ssh.PublicKey, error)

func (*Cluster) SomeWorkloads Uses

func (c *Cluster) SomeWorkloads(ctx context.Context, ids []resource.ID) (res []cluster.Workload, err error)

SomeWorkloads returns the workloads named, missing out any that don't exist in the cluster or aren't in an allowed namespace. They do not necessarily have to be returned in the order requested.

func (*Cluster) Sync Uses

func (c *Cluster) Sync(syncSet cluster.SyncSet) error

Sync takes a definition of what should be running in the cluster, and attempts to make the cluster conform. An error return does not necessarily indicate complete failure; some resources may succeed in being synced, and some may fail (for example, they may be malformed).

type ConstNamespacer Uses

type ConstNamespacer string

func (ConstNamespacer) EffectiveNamespace Uses

func (ns ConstNamespacer) EffectiveNamespace(manifest kresource.KubeManifest, _ ResourceScopes) (string, error)

type ExtendedClient Uses

type ExtendedClient struct {
    // contains filtered or unexported fields

func MakeClusterClientset Uses

func MakeClusterClientset(core coreClient, dyn dynamicClient,
    helmop helmOperatorClient, disco discoveryClient) ExtendedClient

type KubeYAML Uses

type KubeYAML struct {

KubeYAML is a placeholder value for calling the helper executable `kubeyaml`.

func (KubeYAML) Annotate Uses

func (k KubeYAML) Annotate(in []byte, ns, kind, name string, policies ...string) ([]byte, error)

Annotate calls the kubeyaml subcommand `annotate` with the arguments as given.

func (KubeYAML) Image Uses

func (k KubeYAML) Image(in []byte, ns, kind, name, container, image string) ([]byte, error)

Image calls the kubeyaml subcommand `image` with the arguments given.

func (KubeYAML) Set Uses

func (k KubeYAML) Set(in []byte, ns, kind, name string, values ...string) ([]byte, error)

Set calls the kubeyaml subcommand `set` with the arguments given.

type Kubectl Uses

type Kubectl struct {
    // contains filtered or unexported fields

func NewKubectl Uses

func NewKubectl(exe string, config *rest.Config) *Kubectl

type ResourceScopes Uses

type ResourceScopes map[schema.GroupVersionKind]v1beta1.ResourceScope

ResourceScopes maps resource definitions (GroupVersionKind) to whether they are namespaced or not

type SSHKeyRingConfig Uses

type SSHKeyRingConfig struct {
    SecretAPI             v1.SecretInterface
    SecretName            string
    SecretVolumeMountPath string // e.g. "/etc/fluxd/ssh"
    SecretDataKey         string // e.g. "identity"
    KeyBits               ssh.OptionalValue
    KeyType               ssh.OptionalValue
    KeyFormat             ssh.OptionalValue
    KeyGenDir             string // a tmpfs mount; e.g., /var/fluxd/ssh

SSHKeyRingConfig is used to configure the keyring with key generation options and the parameters of its backing kubernetes secret resource. SecretVolumeMountPath must be mounted RW for regenerate() to work, and to set the privateKeyFileMode on the identity secret file.


Updating the kubernetes secret should be done via an ephemeral external executable invoked with coredumps disabled and using syscall.Mlockall(MCL_FUTURE) in conjunction with an appropriate ulimit to ensure the private key isn't unintentionally written to persistent storage.



Package kubernetes imports 57 packages (graph). Updated 2020-08-27. Refresh now. Tools for package owners.