ns

package
v4.4.2+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 23, 2020 License: Apache-2.0 Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source
const OPERATOR_SERVICE_ACCOUNT = "postgres-operator"
View Source
const PGO_BACKREST_ROLE = "pgo-backrest-role"
View Source
const PGO_BACKREST_ROLE_BINDING = "pgo-backrest-role-binding"
View Source
const PGO_BACKREST_SERVICE_ACCOUNT = "pgo-backrest"
View Source
const PGO_DEFAULT_SERVICE_ACCOUNT = "pgo-default"
View Source
const PGO_PG_ROLE = "pgo-pg-role"
View Source
const PGO_PG_ROLE_BINDING = "pgo-pg-role-binding"
View Source
const PGO_PG_SERVICE_ACCOUNT = "pgo-pg"
View Source
const PGO_TARGET_ROLE = "pgo-target-role"
View Source
const PGO_TARGET_ROLE_BINDING = "pgo-target-role-binding"
View Source
const PGO_TARGET_SERVICE_ACCOUNT = "pgo-target"

Variables

View Source
var (

	// ErrInvalidNamespaceName defines the error that is thrown when a namespace does not meet the
	// requirements for naming set by Kubernetes
	ErrInvalidNamespaceName = errors.New(validation.RegexError(dns1123ErrMsg, dns1123Fmt,
		"my-name", "123-abc"))
	// ErrNamespaceNotWatched defines the error that is thrown when a namespace does not meet the
	// requirements for naming set by Kubernetes
	ErrNamespaceNotWatched = errors.New("The namespaces are not watched by the " +
		"current PostgreSQL Operator installation")
)

Functions

func CheckAccessPrivs

func CheckAccessPrivs(clientset kubernetes.Interface,
	privs map[string][]string, apiGroup, namespace string) (bool, error)

CheckAccessPrivs checks to see if the ServiceAccount currently running the operator has the permissions defined for various resources as specified in the provided permissions map. If an empty namespace is provided then it is assumed the resource is cluster-scoped. If the ServiceAccount has all of the permissions defined in the permissions map, then "true" is returned. Otherwise, if the Service Account is missing any of the permissions specified, or if an error is encountered while attempting to deterine the permissions for the service account, then "false" is returned (along with the error in the event an error is encountered).

func ConfigureInstallNamespaces

func ConfigureInstallNamespaces(clientset kubernetes.Interface, installationName, pgoNamespace string,
	namespaceNames []string, namespaceOperatingMode NamespaceOperatingMode) error

ConfigureInstallNamespaces is responsible for properly configuring up any namespaces provided for the installation of the Operator. This includes creating or updating those namespaces so they can be utilized by the Operator to deploy PG clusters.

func CopySecret

func CopySecret(clientset kubernetes.Interface, secretName, operatorNamespace, targetNamespace string) error

CopySecret copies a secret from the Operator namespace to target namespace

func CreateFakeNamespaceClient

func CreateFakeNamespaceClient(installationName string) (kubernetes.Interface, error)

CreateFakeNamespaceClient creates a fake namespace client for use with the "disabled" namespace operating mode

func CreateNamespace

func CreateNamespace(clientset kubernetes.Interface, installationName, pgoNamespace,
	createdBy, newNs string) error

CreateNamespace creates a new namespace that is owned by the Operator.

func DeleteNamespace

func DeleteNamespace(clientset kubernetes.Interface, installationName, pgoNamespace, deletedBy, ns string) error

DeleteNamespace deletes the namespace specified.

func GetCurrentNamespaceList

func GetCurrentNamespaceList(clientset kubernetes.Interface,
	installationName string, namespaceOperatingMode NamespaceOperatingMode) ([]string, error)

GetCurrentNamespaceList returns the current list namespaces being managed by the current Operateor installation. When the current namespace mode is "dynamic" or "readOnly", this involves querying the Kube cluster for an namespaces with the "vendor" and "pgo-installation-name" labels corresponding to the current Operator install. When the namespace mode is "disabled", a list of namespaces specified using the NAMESPACE env var during installation is returned (with the list defaulting to the Operator's own namespace in the event that NAMESPACE is empty).

func GetInitialNamespaceList

func GetInitialNamespaceList(clientset kubernetes.Interface,
	namespaceOperatingMode NamespaceOperatingMode,
	installationName, pgoNamespace string) ([]string, error)

GetInitialNamespaceList returns an initial list of namespaces for the current Operator install. This includes first obtaining any namespaces from the NAMESPACE env var, and then if the namespace operating mode permits, also querying the Kube cluster in order to obtain any other namespaces that are part of the install, but not included in the env var. If no namespaces are identified via either of these methods, then the the PGO namespaces is returned as the default namespace.

func ReconcileRole

func ReconcileRole(clientset kubernetes.Interface, role, targetNamespace string,
	roleTemplate *template.Template) error

ReconcileRole reconciles a Role required by the operator in a target namespace

func ReconcileRoleBinding

func ReconcileRoleBinding(clientset kubernetes.Interface, pgoNamespace,
	roleBinding, targetNamespace string, roleBindingTemplate *template.Template) error

ReconcileRoleBinding reconciles a RoleBinding required by the operator in a target namespace

func ReconcileServiceAccount

func ReconcileServiceAccount(clientset kubernetes.Interface,
	serviceAccount, targetNamespace string, serviceAccountTemplate *template.Template,
	imagePullSecrets []v1.LocalObjectReference) (bool, error)

ReconcileServiceAccount reconciles a ServiceAccount required by the operator in a target namespace

func UpdateNamespace

func UpdateNamespace(clientset kubernetes.Interface, installationName, pgoNamespace,
	updatedBy, ns string) error

UpdateNamespace updates a new namespace to be owned by the Operator.

func ValidateNamespaceNames

func ValidateNamespaceNames(namespace ...string) error

ValidateNamespaceNames validates one or more namespace names to ensure they are valid per Kubernetes naming requirements.

func ValidateNamespacesWatched

func ValidateNamespacesWatched(clientset kubernetes.Interface,
	namespaceOperatingMode NamespaceOperatingMode,
	installationName string, namespaces ...string) error

ValidateNamespacesWatched validates whether or not the namespaces provided are being watched by the current Operator installation. When the current namespace mode is "dynamic" or "readOnly", this involves ensuring the namespace specified has the proper "vendor" and "pgo-installation-name" labels corresponding to the current Operator install. When the namespace mode is "disabled", this means ensuring the namespace is in the list of those specifiedusing the NAMESPACE env var during installation (with the list defaulting to the Operator's own namespace in the event that NAMESPACE is empty). If any namespaces are found to be invalid, an ErrNamespaceNotWatched error is returned containing an error message listing the invalid namespaces.

Types

type NamespaceOperatingMode

type NamespaceOperatingMode string

NamespaceOperatingMode defines the different namespace operating modes for the Operator

const (
	// NamespaceOperatingModeDynamic enables full dynamic namespace capabilities, in which the
	// Operator can create, delete and update any namespaces within the Kubernetes cluster.
	// Additionally, while in can listen for namespace events (e.g. namespace additions, updates
	// and deletions), and then create or remove controllers for various namespaces as those
	// namespaces are added or removed from the Kubernetes cluster.
	NamespaceOperatingModeDynamic NamespaceOperatingMode = "dynamic"
	// NamespaceOperatingModeReadOnly allows the Operator to listen for namespace events within the
	// Kubernetetes cluster, and then create and run and/or remove controllers as namespaces are
	// added and deleted.
	NamespaceOperatingModeReadOnly NamespaceOperatingMode = "readonly"
	// NamespaceOperatingModeDisabled causes namespace capabilities to be disabled altogether.  In
	// this mode the Operator will simply attempt to work with the target namespaces specified
	// during installation.  If no target namespaces are specified, then it will be configured to
	// work within the namespace in which the Operator is deployed.
	NamespaceOperatingModeDisabled NamespaceOperatingMode = "disabled"
)

func GetNamespaceOperatingMode

func GetNamespaceOperatingMode(clientset kubernetes.Interface) (NamespaceOperatingMode, error)

GetNamespaceOperatingMode is responsible for returning the proper namespace operating mode for the current Operator install. This is done by submitting a SubjectAccessReview in the local Kubernetes cluster to determine whether or not certain cluster-level privileges have been assigned to the Operator Service Account. Based on the privileges identified, one of the a the proper NamespaceOperatingMode will be returned as applicable for those privileges (please see the various NamespaceOperatingMode types for a detailed explanation of each operating mode).

type PgoRole

type PgoRole struct {
	TargetNamespace string
}

PgoRole is used to populate the following Role templates: pgo-target-role.json pgo-backrest-role.json pgo-pg-role.json

type PgoRoleBinding

type PgoRoleBinding struct {
	TargetNamespace   string
	OperatorNamespace string
}

PgoRoleBinding is used to populate the following RoleBinding templates: pgo-target-role-binding.json pgo-backrest-role-binding.json pgo-pg-role-binding.json

type PgoServiceAccount

type PgoServiceAccount struct {
	TargetNamespace string
}

PgoServiceAccount is used to populate the following ServiceAccount templates: pgo-default-sa.json pgo-target-sa.json pgo-backrest-sa.json pgo-pg-sa.json

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL