config

package
v0.3.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 11, 2023 License: Apache-2.0 Imports: 9 Imported by: 9

Documentation

Index

Constants

View Source
const (
	KubernetesPodNameLabel       = "io.kubernetes.pod.name"
	KubernetesPodNamespaceLabel  = "io.kubernetes.pod.namespace"
	KubernetesPodUIDLabel        = "io.kubernetes.pod.uid"
	KubernetesContainerNameLabel = "io.kubernetes.container.name"
	// PodInfraContainerName is used in a few places outside of Kubelet, such as indexing
	// into the container info.
	PodInfraContainerName = "POD"
)

Labels

View Source
const (
	// MaxPodTerminationMessageLogLength is the maximum bytes any one pod may have written
	// as termination message output across all containers. Containers will be evenly truncated
	// until output is below this limit.
	MaxPodTerminationMessageLogLength = 1024 * 12
	// MaxContainerTerminationMessageLength is the upper bound any one container may write to
	// its termination message path. Contents above this length will be truncated.
	MaxContainerTerminationMessageLength = 1024 * 4
	// MaxContainerTerminationMessageLogLength is the maximum bytes any one container will
	// have written to its termination message when the message is read from the logs.
	MaxContainerTerminationMessageLogLength = 1024 * 2
	// MaxContainerTerminationMessageLogLines is the maximum number of previous lines of
	// log output that the termination message can contain.
	MaxContainerTerminationMessageLogLines = 80
)

Container logging constants

View Source
const (
	// ImagePolicyFailedOpenKey is added to pods created by failing open when the image policy
	// webhook backend fails.
	ImagePolicyFailedOpenKey string = "alpha.image-policy.k8s.io/failed-open"

	// PodPresetOptOutAnnotationKey represents the annotation key for a pod to exempt itself from pod preset manipulation
	PodPresetOptOutAnnotationKey string = "podpreset.admission.kubernetes.io/exclude"

	// MirrorAnnotationKey represents the annotation key set by kubelets when creating mirror pods
	MirrorPodAnnotationKey string = "kubernetes.io/config.mirror"

	// TolerationsAnnotationKey represents the key of tolerations data (json serialized)
	// in the Annotations of a Pod.
	TolerationsAnnotationKey string = "scheduler.alpha.kubernetes.io/tolerations"

	// TaintsAnnotationKey represents the key of taints data (json serialized)
	// in the Annotations of a Node.
	TaintsAnnotationKey string = "scheduler.alpha.kubernetes.io/taints"

	// SeccompPodAnnotationKey represents the key of a seccomp profile applied
	// to all containers of a pod.
	// Deprecated: set a pod security context `seccompProfile` field.
	SeccompPodAnnotationKey string = "seccomp.security.alpha.kubernetes.io/pod"

	// SeccompContainerAnnotationKeyPrefix represents the key of a seccomp profile applied
	// to one container of a pod.
	SeccompContainerAnnotationKeyPrefix string = "container.seccomp.security.alpha.kubernetes.io/"

	// SeccompProfileRuntimeDefault represents the default seccomp profile used by container runtime.
	SeccompProfileRuntimeDefault string = "runtime/default"

	// SeccompProfileNameUnconfined is the unconfined seccomp profile.
	SeccompProfileNameUnconfined string = "unconfined"

	// SeccompLocalhostProfileNamePrefix is the prefix for specifying profiles loaded from the node's disk.
	SeccompLocalhostProfileNamePrefix = "localhost/"

	// AppArmorBetaContainerAnnotationKeyPrefix is the prefix to an annotation key specifying a container's apparmor profile.
	AppArmorBetaContainerAnnotationKeyPrefix = "container.apparmor.security.beta.kubernetes.io/"
	// AppArmorBetaDefaultProfileAnnotatoinKey is the annotation key specifying the default AppArmor profile.
	AppArmorBetaDefaultProfileAnnotationKey = "apparmor.security.beta.kubernetes.io/defaultProfileName"
	// AppArmorBetaAllowedProfileAnnotationKey is the annotation key specifying the allowed AppArmor profiles.
	AppArmorBetaAllowedProfilesAnnotationKey = "apparmor.security.beta.kubernetes.io/allowedProfileNames"

	// AppArmorBetaProfileRuntimeDefault is the profile specifying the runtime default.
	AppArmorBetaProfileRuntimeDefault = "runtime/default"

	// AppArmorBetaProfileNamePrefix is the prefix for specifying profiles loaded on the node.
	AppArmorBetaProfileNamePrefix = "localhost/"

	// AppArmorBetaProfileNameUnconfined is the Unconfined AppArmor profile
	AppArmorBetaProfileNameUnconfined = "unconfined"

	// DeprecatedSeccompProfileDockerDefault represents the default seccomp profile used by docker.
	DeprecatedSeccompProfileDockerDefault string = "docker/default"

	// PreferAvoidPodsAnnotationKey represents the key of preferAvoidPods data (json serialized)
	// in the Annotations of a Node.
	PreferAvoidPodsAnnotationKey string = "scheduler.alpha.kubernetes.io/preferAvoidPods"

	// ObjectTTLAnnotations represents a suggestion for kubelet for how long it can cache
	// an object (e.g. secret, config map) before fetching it again from apiserver.
	// This annotation can be attached to node.
	ObjectTTLAnnotationKey string = "node.alpha.kubernetes.io/ttl"

	// annotation key prefix used to identify non-convertible json paths.
	NonConvertibleAnnotationPrefix = "non-convertible.kubernetes.io"

	// LastAppliedConfigAnnotation is the annotation used to store the previous
	// configuration of a resource for use in a three way diff by UpdateApplyAnnotation.
	LastAppliedConfigAnnotation = kubectlPrefix + "last-applied-configuration"

	// AnnotationLoadBalancerSourceRangesKey is the key of the annotation on a service to set allowed ingress ranges on their LoadBalancers
	//
	// It should be a comma-separated list of CIDRs, e.g. `0.0.0.0/0` to
	// allow full access (the default) or `18.0.0.0/8,56.0.0.0/8` to allow
	// access only from the CIDRs currently allocated to MIT & the USPS.
	//
	// Not all cloud providers support this annotation, though AWS & GCE do.
	AnnotationLoadBalancerSourceRangesKey = "service.beta.kubernetes.io/load-balancer-source-ranges"

	// EndpointsLastChangeTriggerTime is the annotation key, set for endpoints objects, that
	// represents the timestamp (stored as RFC 3339 date-time string, e.g. '2018-10-22T19:32:52.1Z')
	// of the last change, of some Pod or Service object, that triggered the endpoints object change.
	// In other words, if a Pod / Service changed at time T0, that change was observed by endpoints
	// controller at T1, and the Endpoints object was changed at T2, the
	// EndpointsLastChangeTriggerTime would be set to T0.
	//
	// The "endpoints change trigger" here means any Pod or Service change that resulted in the
	// Endpoints object change.
	//
	// Given the definition of the "endpoints change trigger", please note that this annotation will
	// be set ONLY for endpoints object changes triggered by either Pod or Service change. If the
	// Endpoints object changes due to other reasons, this annotation won't be set (or updated if it's
	// already set).
	//
	// This annotation will be used to compute the in-cluster network programming latency SLI, see
	// https://github.com/kubernetes/community/blob/master/sig-scalability/slos/network_programming_latency.md
	EndpointsLastChangeTriggerTime = "endpoints.kubernetes.io/last-change-trigger-time"

	// MigratedPluginsAnnotationKey is the annotation key, set for CSINode objects, that is a comma-separated
	// list of in-tree plugins that will be serviced by the CSI backend on the Node represented by CSINode.
	// This annotation is used by the Attach Detach Controller to determine whether to use the in-tree or
	// CSI Backend for a volume plugin on a specific node.
	MigratedPluginsAnnotationKey = "storage.alpha.kubernetes.io/migrated-plugins"

	// CRIVersion is the latest CRI version supported by the CRI plugin.
	CRIVersion = "v1"
	// CRIVersionAlpha is the alpha version of CRI supported by the CRI plugin.
	CRIVersionAlpha = "v1alpha2"
)

Security constants

Variables

View Source
var IPv6DualStackEnabled bool

enableIPv6DualStack allows dual-homed pods

Functions

func NewDockerClientFromConfig

func NewDockerClientFromConfig(config *ClientConfig) libdocker.DockerClientInterface

NewDockerClientFromConfig create a docker client from given configure return nil if nil configure is given.

Types

type ClientConfig

type ClientConfig struct {
	DockerEndpoint            string
	RuntimeRequestTimeout     time.Duration
	ImagePullProgressDeadline time.Duration

	// Configuration for fake docker client
	EnableSleep       bool
	WithTraceDisabled bool
}

ClientConfig is parameters used to initialize docker client

type ContainerID

type ContainerID struct {
	// The type of the container runtime.
	Type string
	// The identification of the container.
	ID string
}

ContainerID is a type that identifies a container.

func BuildContainerID

func BuildContainerID(typ, ID string) ContainerID

BuildContainerID returns the ContainerID given type and id.

func (*ContainerID) ParseString

func (c *ContainerID) ParseString(data string) error

ParseString converts given string into ContainerID

type ContainerRuntimeOptions

type ContainerRuntimeOptions struct {

	//// driver that the kubelet uses to manipulate cgroups on the host (cgroupfs or systemd)
	CgroupDriver string
	// RuntimeCgroups that container runtime is expected to be isolated in.
	RuntimeCgroups string

	// CriDockerdRootDirectory is the path to the cri-dockerd root directory. Defaults to
	// /var/lib/cri-dockerd if unset. Exposed for integration testing (e.g. in OpenShift).
	CriDockerdRootDirectory string
	// PodSandboxImage is the image whose network/ipc namespaces
	// containers in each pod will use.
	PodSandboxImage string
	// DockerEndpoint is the path to the docker endpoint to communicate with.
	DockerEndpoint string
	// If no pulling progress is made before the deadline imagePullProgressDeadline,
	// the image pulling will be cancelled. Defaults to 1m0s.
	// +optional
	ImagePullProgressDeadline v1.Duration
	// runtimeRequestTimeout is the timeout for all runtime requests except long-running
	// requests - pull, logs, exec and attach.
	RuntimeRequestTimeout v1.Duration
	// streamingConnectionIdleTimeout is the maximum time a streaming connection
	// can be idle before the connection is automatically closed.
	StreamingConnectionIdleTimeout v1.Duration

	// StreamingBindAddr is the address to bind the CRI streaming server to.
	// If not specified, it will bind to all addresses
	StreamingBindAddr string

	// The CIDR to use for pod IP addresses, only used in standalone mode.
	// In cluster mode, this is obtained from the master.
	PodCIDR string
	// enableIPv6DualStack allows dual-homed pods
	IPv6DualStackEnabled bool
	// networkPluginName is the name of the network plugin to be invoked for
	// various events in kubelet/pod lifecycle
	NetworkPluginName string
	// NetworkPluginMTU is the MTU to be passed to the network plugin,
	// and overrides the default MTU for cases where it cannot be automatically
	// computed (such as IPSEC).
	NetworkPluginMTU int32
	// CNIConfDir is the full path of the directory in which to search for
	// CNI config files
	CNIConfDir string
	// CNIBinDir is the full path of the directory in which to search for
	// CNI plugin binaries
	CNIBinDir string
	// CNICacheDir is the full path of the directory in which CNI should store
	// cache files
	CNICacheDir string
	// HairpinMode is the mode used to allow endpoints of a Service to load
	// balance back to themselves if they should try to access their own Service
	HairpinMode HairpinMode
}

ContainerRuntimeOptions contains runtime options

func (*ContainerRuntimeOptions) AddFlags

func (s *ContainerRuntimeOptions) AddFlags(fs *pflag.FlagSet)

AddFlags has the set of flags needed by cri-dockerd

type HairpinMode

type HairpinMode string

HairpinMode is the type of network hairpin modes

const (
	PromiscuousBridge HairpinMode = "promiscuous-bridge"
	HairpinVeth       HairpinMode = "hairpin-veth"
	HairpinNone       HairpinMode = "none"
)

type HairpinModeValue added in v0.2.2

type HairpinModeValue struct {
	// contains filtered or unexported fields
}

HairpinModeValue implements pflag's Value interface

var HairpinModeVar HairpinModeValue

HairpinModeVar contains the value of the hairpin-mode flag

func (*HairpinModeValue) Mode added in v0.2.2

func (h *HairpinModeValue) Mode() HairpinMode

func (*HairpinModeValue) Set added in v0.2.2

func (h *HairpinModeValue) Set(mode string) error

func (*HairpinModeValue) String added in v0.2.2

func (h *HairpinModeValue) String() string

func (*HairpinModeValue) Type added in v0.2.2

func (h *HairpinModeValue) Type() string

type NetworkPluginSettings

type NetworkPluginSettings struct {
	// HairpinMode is best described by comments surrounding the kubelet arg
	HairpinMode HairpinMode
	// NonMasqueradeCIDR is the range of ips which should *not* be included
	// in any MASQUERADE rules applied by the plugin
	NonMasqueradeCIDR string
	// PluginName is the name of the plugin, runtime shim probes for
	PluginName string
	// PluginBinDirString is a list of directories delimited by commas, in
	// which the binaries for the plugin with PluginName may be found.
	PluginBinDirString string
	// PluginBinDirs is an array of directories in which the binaries for
	// the plugin with PluginName may be found. The admin is responsible for
	// provisioning these binaries before-hand.
	PluginBinDirs []string
	// PluginConfDir is the directory in which the admin places a CNI conf.
	// Depending on the plugin, this may be an optional field, eg: kubenet
	// generates its own plugin conf.
	PluginConfDir string
	// PluginCacheDir is the directory in which CNI should store cache files.
	PluginCacheDir string
	// MTU is the desired MTU for network devices created by the plugin.
	MTU int
}

NetworkPluginSettings is the subset of kubelet runtime args we pass to the container runtime so it can probe for network plugins. In the future we will feed these directly to a standalone container runtime process.w

type OSInterface

type OSInterface interface {
	MkdirAll(path string, perm os.FileMode) error
	Symlink(oldname string, newname string) error
	Stat(path string) (os.FileInfo, error)
	Remove(path string) error
	RemoveAll(path string) error
	Create(path string) (*os.File, error)
	Chmod(path string, perm os.FileMode) error
	Hostname() (name string, err error)
	Chtimes(path string, atime time.Time, mtime time.Time) error
	Pipe() (r *os.File, w *os.File, err error)
	ReadDir(dirname string) ([]os.FileInfo, error)
	Glob(pattern string) ([]string, error)
	Open(name string) (*os.File, error)
	OpenFile(name string, flag int, perm os.FileMode) (*os.File, error)
	Rename(oldpath, newpath string) error
}

OSInterface collects system level operations that need to be mocked out during tests.

type PortMapping

type PortMapping struct {
	// Protocol of the port mapping.
	Protocol *Protocol `json:"protocol,omitempty"`
	// Port number within the container.
	ContainerPort *int32 `json:"container_port,omitempty"`
	// Port number on the host.
	HostPort *int32 `json:"host_port,omitempty"`
	// Host ip to expose.
	HostIP string `json:"host_ip,omitempty"`
}

PortMapping is the port mapping configurations of a sandbox.

type Protocol

type Protocol string

Protocol is the type of port mapping protocol

const (
	ProtocolTCP  Protocol = "TCP"
	ProtocolUDP  Protocol = "UDP"
	ProtocolSCTP Protocol = "SCTP"
)

Networking contstants

type RealOS

type RealOS struct{}

RealOS is used to dispatch the real system level operations.

func (RealOS) Chmod

func (RealOS) Chmod(path string, perm os.FileMode) error

Chmod will change the permissions on the specified path or return an error.

func (RealOS) Chtimes

func (RealOS) Chtimes(path string, atime time.Time, mtime time.Time) error

Chtimes will call os.Chtimes to change the atime and mtime of the path

func (RealOS) Create

func (RealOS) Create(path string) (*os.File, error)

Create will call os.Create to create and return a file at path.

func (RealOS) Glob

func (RealOS) Glob(pattern string) ([]string, error)

Glob will call filepath.Glob to return the names of all files matching pattern.

func (RealOS) Hostname

func (RealOS) Hostname() (name string, err error)

Hostname will call os.Hostname to return the hostname.

func (RealOS) MkdirAll

func (RealOS) MkdirAll(path string, perm os.FileMode) error

MkdirAll will call os.MkdirAll to create a directory.

func (RealOS) Open

func (RealOS) Open(name string) (*os.File, error)

Open will call os.Open to return the file.

func (RealOS) OpenFile

func (RealOS) OpenFile(name string, flag int, perm os.FileMode) (*os.File, error)

OpenFile will call os.OpenFile to return the file.

func (RealOS) Pipe

func (RealOS) Pipe() (r *os.File, w *os.File, err error)

Pipe will call os.Pipe to return a connected pair of pipe.

func (RealOS) ReadDir

func (RealOS) ReadDir(dirname string) ([]os.FileInfo, error)

ReadDir will call ioutil.ReadDir to return the files under the directory.

func (RealOS) Remove

func (RealOS) Remove(path string) error

Remove will call os.Remove to remove the path.

func (RealOS) RemoveAll

func (RealOS) RemoveAll(path string) error

RemoveAll will call os.RemoveAll to remove the path and its children.

func (RealOS) Rename

func (RealOS) Rename(oldpath, newpath string) error

Rename will call os.Rename to rename a file.

func (RealOS) Stat

func (RealOS) Stat(path string) (os.FileInfo, error)

Stat will call os.Stat to get the FileInfo for a given path

func (RealOS) Symlink(oldname string, newname string) error

Symlink will call os.Symlink to create a symbolic link.

type UID

type UID string

UID represents a UID

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL