istio: istio.io/istio/pkg/kube Index | Files | Directories

package kube

import "istio.io/istio/pkg/kube"

Index

Package Files

adapter.go client.go client_config.go client_factory.go portforwarder.go rpc_creds.go spdy.go util.go

Constants

const (

    // Operation constants
    Create  string = "CREATE"
    Update  string = "UPDATE"
    Delete  string = "DELETE"
    Connect string = "CONNECT"
)

func AdmissionReviewAdapterToKube Uses

func AdmissionReviewAdapterToKube(ar *AdmissionReview, apiVersion string) runtime.Object

func BuildClientCmd Uses

func BuildClientCmd(kubeconfig, context string) clientcmd.ClientConfig

BuildClientCmd builds a client cmd config from a kubeconfig filepath and context. It overrides the current context with the one provided (empty to use default).

This is a modified version of k8s.io/client-go/tools/clientcmd/BuildConfigFromFlags with the difference that it loads default configs if not running in-cluster.

func BuildClientConfig Uses

func BuildClientConfig(kubeconfig, context string) (*rest.Config, error)

BuildClientConfig builds a client rest config from a kubeconfig filepath and context. It overrides the current context with the one provided (empty to use default).

This is a modified version of k8s.io/client-go/tools/clientcmd/BuildConfigFromFlags with the difference that it loads default configs if not running in-cluster.

func CheckPodReady Uses

func CheckPodReady(pod *kubeApiCore.Pod) error

CheckPodReady returns nil if the given pod and all of its containers are ready.

func CreateClientset Uses

func CreateClientset(kubeconfig, context string, fns ...func(*rest.Config)) (*kubernetes.Clientset, error)

CreateClientset is a helper function that builds a kubernetes Clienset from a kubeconfig filepath. See `BuildClientConfig` for kubeconfig loading rules.

func DefaultRestConfig Uses

func DefaultRestConfig(kubeconfig, configContext string, fns ...func(*rest.Config)) (*rest.Config, error)

DefaultRestConfig returns the rest.Config for the given kube config file and context.

func GetDeployMetaFromPod Uses

func GetDeployMetaFromPod(pod *kubeApiCore.Pod) (*metav1.ObjectMeta, *metav1.TypeMeta)

GetDeployMetaFromPod heuristically derives deployment metadata from the pod spec.

func NewClientConfigForRestConfig Uses

func NewClientConfigForRestConfig(restConfig *rest.Config) clientcmd.ClientConfig

NewClientConfigForRestConfig creates a new k8s clientcmd.ClientConfig from the given rest.Config.

func NewRPCCredentials Uses

func NewRPCCredentials(kubeClient Client, tokenNamespace, tokenSA string,
    tokenAudiences []string, expirationSeconds int64) (credentials.PerRPCCredentials, error)

NewRPCCredentials creates a PerRPCCredentials capable of getting tokens from Istio and tracking their expiration

func SetRestDefaults Uses

func SetRestDefaults(config *rest.Config) *rest.Config

SetRestDefaults is a helper function that sets default values for the given rest.Config.

func WaitForCacheSyncInterval Uses

func WaitForCacheSyncInterval(stopCh <-chan struct{}, interval time.Duration, cacheSyncs ...cache.InformerSynced) bool

WaitForCacheSyncInterval waits for caches to populate, with explicitly configured interval

type AdmissionRequest Uses

type AdmissionRequest struct {

    // UID is an identifier for the individual request/response. It allows us to distinguish instances of requests which are
    // otherwise identical (parallel requests, requests when earlier requests did not modify etc)
    // The UID is meant to track the round trip (request/response) between the KAS and the WebHook, not the user request.
    // It is suitable for correlating log entries between the webhook and apiserver, for either auditing or debugging.
    UID types.UID `json:"uid"`

    // Kind is the fully-qualified type of object being submitted (for example, v1.Pod or autoscaling.v1.Scale)
    Kind metav1.GroupVersionKind `json:"kind"`

    // Resource is the fully-qualified resource being requested (for example, v1.pods)
    Resource metav1.GroupVersionResource `json:"resource"`

    // SubResource is the subresource being requested, if any (for example, "status" or "scale")
    SubResource string `json:"subResource,omitempty"`
    // RequestKind is the fully-qualified type of the original API request (for example, v1.Pod or autoscaling.v1.Scale).
    // If this is specified and differs from the value in "kind", an equivalent match and conversion was performed.
    //
    // For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of
    // `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`,
    // an API request to apps/v1beta1 deployments would be converted and sent to the webhook
    // with `kind: {group:"apps", version:"v1", kind:"Deployment"}` (matching the rule the webhook registered for),
    // and `requestKind: {group:"apps", version:"v1beta1", kind:"Deployment"}` (indicating the kind of the original API request).
    //
    RequestKind *metav1.GroupVersionKind `json:"requestKind,omitempty"`

    // RequestResource is the fully-qualified resource of the original API request (for example, v1.pods).
    // If this is specified and differs from the value in "resource", an equivalent match and conversion was performed.
    //
    // For example, if deployments can be modified via apps/v1 and apps/v1beta1, and a webhook registered a rule of
    // `apiGroups:["apps"], apiVersions:["v1"], resources: ["deployments"]` and `matchPolicy: Equivalent`,
    // an API request to apps/v1beta1 deployments would be converted and sent to the webhook
    // with `resource: {group:"apps", version:"v1", resource:"deployments"}` (matching the resource the webhook registered for),
    // and `requestResource: {group:"apps", version:"v1beta1", resource:"deployments"}` (indicating the resource of the original API request).
    //
    RequestResource *metav1.GroupVersionResource `json:"requestResource,omitempty"`

    // RequestSubResource is the name of the subresource of the original API request, if any (for example, "status" or "scale")
    // If this is specified and differs from the value in "subResource", an equivalent match and conversion was performed.
    RequestSubResource string `json:"requestSubResource,omitempty"`

    // UserInfo is information about the requesting user
    UserInfo authenticationv1.UserInfo `json:"userInfo"`

    // Name is the name of the object as presented in the request.  On a CREATE operation, the client may omit name and
    // rely on the server to generate the name.  If that is the case, this field will contain an empty string.
    Name string `json:"name,omitempty"`

    // Namespace is the namespace associated with the request (if any).
    Namespace string `json:"namespace,omitempty"`

    // Operation is the operation being performed. This may be different than the operation
    // requested. e.g. a patch can result in either a CREATE or UPDATE Operation.
    Operation string `json:"operation"`

    // Object is the object from the incoming request.
    Object runtime.RawExtension `json:"object,omitempty"`

    // OldObject is the existing object. Only populated for DELETE and UPDATE requests.
    OldObject runtime.RawExtension `json:"oldObject,omitempty"`

    // DryRun indicates that modifications will definitely not be persisted for this request.
    // Defaults to false.
    DryRun *bool `json:"dryRun,omitempty"`

    // Options is the operation option structure of the operation being performed.
    // e.g. `meta.k8s.io/v1.DeleteOptions` or `meta.k8s.io/v1.CreateOptions`. This may be
    // different than the options the caller provided. e.g. for a patch request the performed
    // Operation might be a CREATE, in which case the Options will a
    // `meta.k8s.io/v1.CreateOptions` even though the caller provided `meta.k8s.io/v1.PatchOptions`.
    Options runtime.RawExtension `json:"options,omitempty"`
}

AdmissionRequest describes the admission.Attributes for the admission request.

type AdmissionResponse Uses

type AdmissionResponse struct {

    // UID is an identifier for the individual request/response.
    // This should be copied over from the corresponding AdmissionRequest.
    UID types.UID `json:"uid"`

    // Allowed indicates whether or not the admission request was permitted.
    Allowed bool `json:"allowed"`

    // Result contains extra details into why an admission request was denied.
    // This field IS NOT consulted in any way if "Allowed" is "true".
    Result *metav1.Status `json:"status,omitempty"`

    // The patch body. Currently we only support "JSONPatch" which implements RFC 6902.
    Patch []byte `json:"patch,omitempty"`

    // The type of Patch. Currently we only allow "JSONPatch".
    PatchType *string `json:"patchType,omitempty"`

    // AuditAnnotations is an unstructured key value map set by remote admission controller (e.g. error=image-blacklisted).
    // MutatingAdmissionWebhook and ValidatingAdmissionWebhook admission controller will prefix the keys with
    // admission webhook name (e.g. imagepolicy.example.com/error=image-blacklisted). AuditAnnotations will be provided by
    // the admission webhook to add additional context to the audit log for this request.
    AuditAnnotations map[string]string `json:"auditAnnotations,omitempty"`

    // warnings is a list of warning messages to return to the requesting API client.
    // Warning messages describe a problem the client making the API request should correct or be aware of.
    // Limit warnings to 120 characters if possible.
    // Warnings over 256 characters and large numbers of warnings may be truncated.
    Warnings []string `json:"warnings,omitempty"`
}

AdmissionResponse describes an admission response.

type AdmissionReview Uses

type AdmissionReview struct {
    // TypeMeta describes an individual object in an API response or request
    // with strings representing the type of the object and its API schema version.
    // Structures that are versioned or persisted should inline TypeMeta.
    metav1.TypeMeta `json:",inline"`

    // Request describes the attributes for the admission request.
    Request *AdmissionRequest `json:"request,omitempty"`

    // Response describes the attributes for the admission response.
    Response *AdmissionResponse `json:"response,omitempty"`
}

AdmissionReview describes an admission review request/response.

func AdmissionReviewKubeToAdapter Uses

func AdmissionReviewKubeToAdapter(object runtime.Object) (*AdmissionReview, error)

type Client Uses

type Client interface {
    // TODO - stop embedding this, it will conflict with future additions. Use Kube() instead is preferred
    // TODO - add istio/client-go and service-apis
    kubernetes.Interface
    // RESTConfig returns the Kubernetes rest.Config used to configure the clients.
    RESTConfig() *rest.Config

    // Ext returns the API extensions client.
    Ext() kubeExtClient.Interface

    // Kube returns the core kube client
    Kube() kubernetes.Interface

    // Dynamic client.
    Dynamic() dynamic.Interface

    // Metadata returns the Metadata kube client.
    Metadata() metadata.Interface

    // Istio returns the Istio kube client.
    Istio() istioclient.Interface

    // ServiceApis returns the service-apis kube client.
    ServiceApis() serviceapisclient.Interface

    // KubeInformer returns an informer for core kube client
    KubeInformer() informers.SharedInformerFactory

    // DynamicInformer returns an informer for dynamic client
    DynamicInformer() dynamicinformer.DynamicSharedInformerFactory

    // MetadataInformer returns an informer for metadata client
    MetadataInformer() metadatainformer.SharedInformerFactory

    // IstioInformer returns an informer for the istio client
    IstioInformer() istioinformer.SharedInformerFactory

    // ServiceApisInformer returns an informer for the service-apis client
    ServiceApisInformer() serviceapisinformer.SharedInformerFactory

    // RunAndWait starts all informers and waits for their caches to sync.
    // Warning: this must be called AFTER .Informer() is called, which will register the informer.
    RunAndWait(stop <-chan struct{})
}

Client is a helper for common Kubernetes client operations. This contains various different kubernetes clients using a shared config. It is expected that all of Istiod can share the same set of clients and informers. Sharing informers is especially important for load on the API server/Istiod itself.

func NewClient Uses

func NewClient(clientConfig clientcmd.ClientConfig) (Client, error)

NewClient creates a Kubernetes client from the given rest config.

type ExtendedClient Uses

type ExtendedClient interface {
    Client
    // Revision of the Istio control plane.
    Revision() string

    // GetKubernetesVersion returns the Kubernetes server version
    GetKubernetesVersion() (*kubeVersion.Info, error)

    // EnvoyDo makes an http request to the Envoy in the specified pod.
    EnvoyDo(ctx context.Context, podName, podNamespace, method, path string, body []byte) ([]byte, error)

    // AllDiscoveryDo makes an http request to each Istio discovery instance.
    AllDiscoveryDo(ctx context.Context, namespace, path string) (map[string][]byte, error)

    // GetIstioVersions gets the version for each Istio control plane component.
    GetIstioVersions(ctx context.Context, namespace string) (*version.MeshInfo, error)

    // PodsForSelector finds pods matching selector.
    PodsForSelector(ctx context.Context, namespace string, labelSelectors ...string) (*v1.PodList, error)

    // GetIstioPods retrieves the pod objects for Istio deployments
    GetIstioPods(ctx context.Context, namespace string, params map[string]string) ([]v1.Pod, error)

    // PodExec takes a command and the pod data to run the command in the specified pod.
    PodExec(podName, podNamespace, container string, command string) (stdout string, stderr string, err error)

    // PodLogs retrieves the logs for the given pod.
    PodLogs(ctx context.Context, podName string, podNamespace string, container string, previousLog bool) (string, error)

    // NewPortForwarder creates a new PortForwarder configured for the given pod. If localPort=0, a port will be
    // dynamically selected. If localAddress is empty, "localhost" is used.
    NewPortForwarder(podName string, ns string, localAddress string, localPort int, podPort int) (PortForwarder, error)

    // ApplyYAMLFiles applies the resources in the given YAML files.
    ApplyYAMLFiles(namespace string, yamlFiles ...string) error

    // ApplyYAMLFilesDryRun performs a dry run for applying the resource in the given YAML files
    ApplyYAMLFilesDryRun(namespace string, yamlFiles ...string) error

    // DeleteYAMLFiles deletes the resources in the given YAML files.
    DeleteYAMLFiles(namespace string, yamlFiles ...string) error

    // DeleteYAMLFilesDryRun performs a dry run for deleting the resources in the given YAML files.
    DeleteYAMLFilesDryRun(namespace string, yamlFiles ...string) error

    // CreatePerRPCCredentials creates a gRPC bearer token provider that can create (and renew!) Istio tokens
    CreatePerRPCCredentials(ctx context.Context, tokenNamespace, tokenServiceAccount string, audiences []string,
        expirationSeconds int64) (credentials.PerRPCCredentials, error)

    // UtilFactory returns a kubectl factory
    UtilFactory() util.Factory
}

ExtendedClient is an extended client with additional helpers/functionality for Istioctl and testing.

func NewExtendedClient Uses

func NewExtendedClient(clientConfig clientcmd.ClientConfig, revision string) (ExtendedClient, error)

NewExtendedClient creates a Kubernetes client from the given ClientConfig. The "revision" parameter controls the behavior of GetIstioPods, by selecting a specific revision of the control plane.

func NewFakeClient Uses

func NewFakeClient(objects ...runtime.Object) ExtendedClient

NewFakeClient creates a new, fake, client

type PortForwarder Uses

type PortForwarder interface {
    // Run this forwarder.
    Start() error

    // Address returns the local forwarded address. Only valid while the forwarder is running.
    Address() string

    // Close this forwarder and release an resources.
    Close()

    // Block until connection closed (e.g. control-C interrupt)
    WaitForStop()
}

PortForwarder manages the forwarding of a single port.

Directories

PathSynopsis
apimirrorapimirror contains copies of Kubernetes APIs.
configmapwatcher
injectPackage inject implements kube-inject or webhoook autoinject feature to inject sidecar.
secretcontroller

Package kube imports 74 packages (graph) and is imported by 48 packages. Updated 2020-11-26. Refresh now. Tools for package owners.