pod

package
v0.36.5 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 19, 2022 License: Apache-2.0 Imports: 11 Imported by: 3

Documentation

Index

Constants

View Source
const (
	AnnotationKeyInstanceType = "node.titus.netflix.com/itype"
	AnnotationKeyRegion       = "node.titus.netflix.com/region"
	AnnotationKeyStack        = "node.titus.netflix.com/stack"
	AnnotationKeyAZ           = "failure-domain.beta.kubernetes.io/zone"

	// Pod Networking
	AnnotationKeyEgressBandwidth  = "kubernetes.io/egress-bandwidth"
	AnnotationKeyIngressBandwidth = "kubernetes.io/ingress-bandwidth"

	// Pod ENI
	// AnnotationKeyIPAddress represents a generic "primary", could be ipv4 or v6
	AnnotationKeyIPAddress        = "network.netflix.com/address-ip"
	AnnotationKeyIPv4Address      = "network.netflix.com/address-ipv4"
	AnnotationKeyIPv4PrefixLength = "network.netflix.com/prefixlen-ipv4"
	AnnotationKeyIPv6Address      = "network.netflix.com/address-ipv6"
	AnnotationKeyIPv6PrefixLength = "network.netflix.com/prefixlen-ipv6"
	// AnnotationKeyIPv4TransitionAddress represents the "NAT" ip for certain IPv6-only modes
	AnnotationKeyIPv4TransitionAddress = "network.netflix.com/address-transition-ipv4"
	AnnotationKeyElasticIPv4Address    = "network.netflix.com/address-elastic-ipv4"
	AnnotationKeyElasticIPv6Address    = "network.netflix.com/address-elastic-ipv6"

	AnnotationKeyBranchEniID     = "network.netflix.com/branch-eni-id"
	AnnotationKeyBranchEniMac    = "network.netflix.com/branch-eni-mac"
	AnnotationKeyBranchEniVpcID  = "network.netflix.com/branch-eni-vpc"
	AnnotationKeyBranchEniSubnet = "network.netflix.com/branch-eni-subnet"

	AnnotationKeyTrunkEniID    = "network.netflix.com/trunk-eni-id"
	AnnotationKeyTrunkEniMac   = "network.netflix.com/trunk-eni-mac"
	AnnotationKeyTrunkEniVpcID = "network.netflix.com/trunk-eni-vpc"

	AnnotationKeyVlanID        = "network.netflix.com/vlan-id"
	AnnotationKeyAllocationIdx = "network.netflix.com/allocation-idx"

	// matches kube2iam
	AnnotationKeyIAMRole              = "iam.amazonaws.com/role"
	AnnotationKeySecurityGroupsLegacy = "network.titus.netflix.com/securityGroups"
	// https://kubernetes.io/docs/tutorials/clusters/apparmor/#securing-a-pod
	AnnotationKeyPrefixAppArmor = "container.apparmor.security.beta.kubernetes.io"

	// AnnotationKeyPodSchemaVersion is an integer specifying what schema version a pod was created with
	AnnotationKeyPodSchemaVersion = "pod.netflix.com/pod-schema-version"

	AnnotationKeyWorkloadDetail     = "workload.netflix.com/detail"
	AnnotationKeyWorkloadName       = "workload.netflix.com/name"
	AnnotationKeyWorkloadOwnerEmail = "workload.netflix.com/owner-email"
	AnnotationKeyWorkloadSequence   = "workload.netflix.com/sequence"
	AnnotationKeyWorkloadStack      = "workload.netflix.com/stack"

	AnnotationKeyJobAcceptedTimestampMs = "v3.job.titus.netflix.com/accepted-timestamp-ms"
	AnnotationKeyJobID                  = "v3.job.titus.netflix.com/id"
	AnnotationKeyJobType                = "v3.job.titus.netflix.com/type"
	AnnotationKeyJobDescriptor          = "v3.job.titus.netflix.com/descriptor"
	AnnotationKeyJobApplicationName     = "v3.job.titus.netflix.com/application"
	// AnnotationKeyPodTitusContainerInfo - to be removed once VK supports the full pod spec
	AnnotationKeyPodTitusContainerInfo = "pod.titus.netflix.com/container-info"
	// AnnotationKeyPodTitusEntrypointShellSplitting tells the executor to preserve the legacy shell splitting behaviour
	AnnotationKeyPodTitusEntrypointShellSplitting = "pod.titus.netflix.com/entrypoint-shell-splitting-enabled"
	// AnnotationKeyPodTitusSystemEnvVarNames tells the executor the names of the system-specified environment variables
	AnnotationKeyPodTitusSystemEnvVarNames = "pod.titus.netflix.com/system-env-var-names"
	// AnnotationKeyPodInjectedEnvVarNames tells the executor the names of the externally-injected environment variables,
	// which neither come from the user nor titus itself, and should be ignored for identify verification purposes
	AnnotationKeyPodInjectedEnvVarNames     = "pod.titus.netflix.com/injected-env-var-names"
	AnnotationKeyPodPriorityClassIntent     = "pod.titus.netflix.com/priority-class-intent"
	AnnotationKeyPodScheduledInTrough       = "pod.titus.netflix.com/scheduled-in-trough"
	AnnotationKeyPodPreemptionResubmitCount = "resubmit-number.pod.netflix.com/preemption"

	// networking - used by the Titus CNI
	AnnotationKeySubnetsLegacy             = "network.titus.netflix.com/subnets"
	AnnotationKeyAccountIDLegacy           = "network.titus.netflix.com/accountId"
	AnnotationKeyNetworkAccountID          = "network.netflix.com/account-id"
	AnnotationKeyNetworkBurstingEnabled    = "network.netflix.com/network-bursting-enabled"
	AnnotationKeyNetworkAssignIPv6Address  = "network.netflix.com/assign-ipv6-address"
	AnnotationKeyNetworkElasticIPPool      = "network.netflix.com/elastic-ip-pool"
	AnnotationKeyNetworkElasticIPs         = "network.netflix.com/elastic-ips"
	AnnotationKeyNetworkIMDSRequireToken   = "network.netflix.com/imds-require-token"
	AnnotationKeyNetworkJumboFramesEnabled = "network.netflix.com/jumbo-frames-enabled"
	AnnotationKeyNetworkMode               = "network.netflix.com/network-mode"
	// AnnotationKeyEffectiveNetworkMode represents the network mode computed by the titus-executor
	// This may not be the same as the original (potentially unset) requested network mode
	AnnotationKeyEffectiveNetworkMode  = "network.netflix.com/effective-network-mode"
	AnnotationKeyNetworkSecurityGroups = "network.netflix.com/security-groups"
	AnnotationKeyNetworkSubnetIDs      = "network.netflix.com/subnet-ids"
	// TODO: deprecate this in favor of using the UUID annotation below
	AnnotationKeyNetworkStaticIPAllocationUUID = "network.netflix.com/static-ip-allocation-uuid"

	// storage
	AnnotationKeyStorageEBSVolumeID  = "ebs.volume.netflix.com/volume-id"
	AnnotationKeyStorageEBSMountPath = "ebs.volume.netflix.com/mount-path"
	AnnotationKeyStorageEBSMountPerm = "ebs.volume.netflix.com/mount-perm"
	AnnotationKeyStorageEBSFSType    = "ebs.volume.netflix.com/fs-type"

	AnnotationKeySecurityWorkloadMetadata    = "security.netflix.com/workload-metadata"
	AnnotationKeySecurityWorkloadMetadataSig = "security.netflix.com/workload-metadata-sig"

	// AnnotationKeyOpportunisticCPU - assigned opportunistic CPUs
	AnnotationKeyOpportunisticCPU = "opportunistic.scheduler.titus.netflix.com/cpu"
	// AnnotationKeyOpportunisticResourceID - name of the opportunistic resource CRD used during scheduling
	AnnotationKeyOpportunisticResourceID = "opportunistic.scheduler.titus.netflix.com/id"

	// AnnotationKeyPredictionRuntime - predicted runtime (Go’s time.Duration format)
	AnnotationKeyPredictionRuntime = "predictions.scheduler.titus.netflix.com/runtime"
	// AnnotationKeyPredictionConfidence - confidence (percentile) of the prediction picked above
	AnnotationKeyPredictionConfidence = "predictions.scheduler.titus.netflix.com/confidence"
	// AnnotationKeyPredictionModelID - model uuid used for the runtime prediction picked above
	AnnotationKeyPredictionModelID = "predictions.scheduler.titus.netflix.com/model-id"
	// AnnotationKeyPredictionModelVersion - version of the model used for the prediction above
	AnnotationKeyPredictionModelVersion = "predictions.scheduler.titus.netflix.com/version"

	// AnnotationKeyPredictionABTestCell - cell allocation for prediction AB tests
	AnnotationKeyPredictionABTestCell = "predictions.scheduler.titus.netflix.com/ab-test"
	// AnnotationKeyPredictionPredictionAvailable - array of predictions available during job admission
	AnnotationKeyPredictionPredictionAvailable = "predictions.scheduler.titus.netflix.com/available"
	// AnnotationKeyPredictionSelectorInfo - metadata from the prediction selection algorithm
	AnnotationKeyPredictionSelectorInfo = "predictions.scheduler.titus.netflix.com/selector-info"

	AnnotationKeyPodPreemptedBy   = "preemption.netflix.com/preempted-by"
	AnnotationKeyPodPreemptedPods = "preemption.netflix.com/preempted-pods"

	AnnotationKeyPodCPUBurstingEnabled      = "pod.netflix.com/cpu-bursting-enabled"
	AnnotationKeyPodKvmEnabled              = "pod.netflix.com/kvm-enabled"
	AnnotationKeyPodFuseEnabled             = "pod.netflix.com/fuse-enabled"
	AnnotationKeyPodHostnameStyle           = "pod.netflix.com/hostname-style"
	AnnotationKeyPodOomScoreAdj             = "pod.netflix.com/oom-score-adj"
	AnnotationKeyPodSchedPolicy             = "pod.netflix.com/sched-policy"
	AnnotationKeyPodSeccompAgentNetEnabled  = "pod.netflix.com/seccomp-agent-net-enabled"
	AnnotationKeyPodSeccompAgentPerfEnabled = "pod.netflix.com/seccomp-agent-perf-enabled"
	AnnotationKeyPodTrafficSteeringEnabled  = "pod.netflix.com/traffic-steering-enabled"

	// container annotations (specified on a pod about a container)
	// Specific containers indicate they want to set something by appending
	// a prefix key with their container name ($name.containers.netflix.com).
	// Use the pod.ContainerAnnotation() function to help construct the annotation key
	AnnotationKeySuffixContainers        = "containers.netflix.com"
	AnnotationKeySuffixContainersSidecar = "platform-sidecar"
	// AnnotationKeySuffixContainersCapabilities is a per-container annotation that sets
	// the Titus ContainerCapabilities setting for that container.
	// Values of this annotation should be a CSV of the string value in the protobuf enum,
	// but without the `ContainerCapabilities` string.
	// A full example would be "capabilities.containers.netflix.com/mycoolsidecar: FUSE,Default"
	// Note that arbitrary combinations of capabilities are not necissarily valid.
	AnnotationKeySuffixContainersCapabilities = "capabilities"
	// AnnotationsKeySuffixContainersStartBefore provides a comma-separated
	// list of other containers in the pod that should only be started
	// *after* the specified container starts up and its health check
	// succeeds. If startup order isn't specified, sidecars may be started
	// in any order. Conflicting startup order requests are treated as an
	// error.
	AnnotationKeySuffixContainersStartBefore = "start-before"
	// AnnotationsKeySuffixContainersStartBefore provides a comma-separated
	// list of other containers in the pod that must be started and have
	// their health checks succeed *before* the specified container starts
	// up. If startup order isn't specified, sidecars may be started in any
	// order. Conflicting startup order requests are treated as an error.
	AnnotationKeySuffixContainersStartAfter = "start-after"

	// AnnotationKeySuffixContainerImageTag stores the original tag for the an image.
	// This is because on the v1 pod image field, there is only room for the digest and no room for the tag it came from
	AnnotationKeySuffixContainerImageTag = "image-tag"

	AnnotationKeyLogKeepLocalFile       = "log.netflix.com/keep-local-file-after-upload"
	AnnotationKeyLogS3BucketName        = "log.netflix.com/s3-bucket-name"
	AnnotationKeyLogS3PathPrefix        = "log.netflix.com/s3-path-prefix"
	AnnotationKeyLogS3WriterIAMRole     = "log.netflix.com/s3-writer-iam-role"
	AnnotationKeyLogStdioCheckInterval  = "log.netflix.com/stdio-check-interval"
	AnnotationKeyLogUploadThresholdTime = "log.netflix.com/upload-threshold-time"
	AnnotationKeyLogUploadCheckInterval = "log.netflix.com/upload-check-interval"
	AnnotationKeyLogUploadRegexp        = "log.netflix.com/upload-regexp"

	AnnotationKeyServicePrefix = "service.netflix.com"

	AnnotationKeySuffixSidecars                      = "platform-sidecars.netflix.com"
	AnnotationKeySuffixSidecarsChannelOverride       = "channel-override"
	AnnotationKeySuffixSidecarsChannelOverrideReason = "channel-override-reason"
	// release = $channel/$version
	AnnotationKeySuffixSidecarsRelease = "release"

	// scheduling soft SLAs
	// priority handling in scheduling queue
	AnnotationKeySchedLatencyReq   = "scheduler.titus.netflix.com/sched-latency-req"
	AnnotationValSchedLatencyDelay = "delay"
	AnnotationValSchedLatencyFast  = "fast"
	// dynamic spreading behavior
	AnnotationKeySchedSpreadingReq    = "scheduler.titus.netflix.com/spreading-req"
	AnnotationValSchedSpreadingPack   = "pack"
	AnnotationValSchedSpreadingSpread = "spread"

	// duration prediction v3
	AnnotationKeyPredRuntimeQuantiles    = "runtime.predictions.titus.netflix.com/quantiles"
	AnnotationKeyPredRuntimeModelVersion = "runtime.predictions.titus.netflix.com/model-version"
	AnnotationKeyPredRuntimeModelID      = "runtime.predictions.titus.netflix.com/model-id"

	// mockPod
	AnnotationKeyPodParameterMockPodPrepareTime = "mockPod.netflix.com/prepareTime"
	AnnotationKeyPodParameterMockPodRunTime     = "mockPod.netflix.com/runTime"
	AnnotationKeyPodParameterMockPodKillTime    = "mockPod.netflix.com/killTime"

	// version recording; this is output from titus-executor mostly used
	// for debugging. if we decide to add more versions here, let's make it
	// one annotation with csv or similar.
	AnnotationKeyRuntimeVersionTitusExecutor = "runtime.version.titus.netflix.com/titus-executor"
	AnnotationKeyRuntimeVersionLinuxKernel   = "runtime.version.titus.netflix.com/linux-kernel"
)
View Source
const (
	// High-level "domains" used for labels and annotations
	DomainNetflix = "netflix.com"
	DomainTitus   = "titus.netflix.com"
	DomainPod     = "pod.netflix.com"

	// Job details
	LabelKeyAppLegacy      = "netflix.com/applicationName"
	LabelKeyDetailLegacy   = "netflix.com/detail"
	LabelKeySequenceLegacy = "netflix.com/sequence"
	LabelKeyStackLegacy    = "netflix.com/stack"

	LabelKeyByteUnitsEnabled    = "pod.titus.netflix.com/byteUnits"
	LabelKeyCapacityGroupLegacy = "titus.netflix.com/capacityGroup"

	// v1 pod labels
	LabelKeyJobId            = "v3.job.titus.netflix.com/job-id"
	LabelKeyTaskId           = "v3.job.titus.netflix.com/task-id"
	LabelKeyCapacityGroup    = "titus.netflix.com/capacity-group"
	LabelKeyWorkloadName     = "workload.netflix.com/name"
	LabelKeyWorkloadStack    = "workload.netflix.com/stack"
	LabelKeyWorkloadDetail   = "workload.netflix.com/detail"
	LabelKeyWorkloadSequence = "workload.netflix.com/sequence"
)
View Source
const (
	BestEffortEvictablePriority = "best-effort-evictable"
	NormalPriority              = "normal"
	SchedPriorityFast           = "sched-latency-fast"
	SchedPriorityMedium         = "sched-latency-medium"
	SchedPriorityDelay          = "sched-latency-delay"

	SchedNameDefault           = "default-scheduler"
	SchedNameMixed             = "titus-kube-scheduler-mixed"
	SchedNameReserved          = "titus-kube-scheduler-reserved"
	SchedNameRservedBinpacking = "titus-kube-scheduler-reserved-binpacking"
)

Variables

This section is empty.

Functions

func ContainerAnnotation added in v0.21.0

func ContainerAnnotation(containerName, suffix string) string

ContainerAnnotation forms an annotation key referencing a particular container.

func GetContainerByName added in v0.11.0

func GetContainerByName(pod *corev1.Pod, name string) *corev1.Container

func GetImageTagForContainer added in v0.21.1

func GetImageTagForContainer(cName string, pod *corev1.Pod) (string, bool)

GetImageTagForContainer looks up the original tag that was used to create the image string in the Container Spec. It may return an empty string if there was no tag, or if it was missing

func GetMainUserContainer added in v0.28.0

func GetMainUserContainer(pod *corev1.Pod) *corev1.Container

func IsMockPod added in v0.33.1

func IsMockPod(pod *corev1.Pod) bool

func IsPlatformSidecarContainer added in v0.16.0

func IsPlatformSidecarContainer(name string, pod *corev1.Pod) bool

IsPlatformSidecarContainer takes a container name and pod object, and can tell you if a particular container is a Platform Sidecar.

func IsScheduledInTrough added in v0.36.4

func IsScheduledInTrough(pod *corev1.Pod) bool

func PodSchemaVersion added in v0.9.0

func PodSchemaVersion(pod *corev1.Pod) (uint32, error)

PodSchemaVersion returns the pod schema version used to create a pod. If unset, returns 0

func SidecarAnnotation added in v0.21.0

func SidecarAnnotation(sidecarName, suffix string) string

SidecarAnnotation forms an annotation key referencing a particular sidecar.

Types

type Config added in v0.9.0

type Config struct {
	AssignIPv6Address        *bool
	AccountID                *string
	AppArmorProfile          *string
	CapacityGroup            *string
	CPUBurstingEnabled       *bool
	ContainerInfo            *string
	EgressBandwidth          *resource.Quantity
	ElasticIPPool            *string
	ElasticIPs               *string
	EntrypointShellSplitting *bool
	FuseEnabled              *bool
	HostnameStyle            *string
	IAMRole                  *string
	InjectedEnvVarNames      []string
	IngressBandwidth         *resource.Quantity
	IMDSRequireToken         *string
	JobAcceptedTimestampMs   *uint64
	JobDescriptor            *string
	JobID                    *string
	JobType                  *string
	JumboFramesEnabled       *bool
	KvmEnabled               *bool
	LogKeepLocalFile         *bool
	LogUploadCheckInterval   *time.Duration
	LogUploadThresholdTime   *time.Duration
	LogUploadRegExp          *regexp.Regexp
	LogStdioCheckInterval    *time.Duration
	LogS3WriterIAMRole       *string
	LogS3BucketName          *string
	LogS3PathPrefix          *string
	NetworkMode              *string
	NetworkBurstingEnabled   *bool
	OomScoreAdj              *int32
	PodSchemaVersion         *uint32
	ResourceCPU              *resource.Quantity
	ResourceDisk             *resource.Quantity
	ResourceGPU              *resource.Quantity
	ResourceMemory           *resource.Quantity
	ResourceNetwork          *resource.Quantity
	SchedPolicy              *string
	SeccompAgentNetEnabled   *bool
	SeccompAgentPerfEnabled  *bool
	TrafficSteeringEnabled   *bool
	SecurityGroupIDs         *[]string
	Sidecars                 []Sidecar
	StaticIPAllocationUUID   *string
	SystemEnvVarNames        []string
	SubnetIDs                *[]string
	TaskID                   *string
	TTYEnabled               *bool
	WorkloadDetail           *string
	WorkloadName             *string
	WorkloadMetadata         *string
	WorkloadMetadataSig      *string
	WorkloadOwnerEmail       *string
	WorkloadSequence         *string
	WorkloadStack            *string
}

Config contains configuration parameters parsed out from various places in the pod (such as annotations). All fields are pointers, to differentiate between a field being unset and the empty value.

func PodToConfig added in v0.9.0

func PodToConfig(pod *corev1.Pod) (*Config, error)

PodToConfig pulls out values from a pod and turns them into a Config

type PlatformSidecar added in v0.21.0

type PlatformSidecar struct {
	Name     string
	Channel  string
	ArgsJSON []byte
}

func PlatformSidecars added in v0.21.0

func PlatformSidecars(annotations map[string]string) ([]PlatformSidecar, error)

PlatformSidecars parses sidecar-related annotations and returns a structured slice of platform sidecars.

type Sidecar added in v0.11.0

type Sidecar struct {
	Enabled bool
	Image   string
	Name    string
	Version int
}

Sidecar represents a sidecar that's configured to run as part of the container

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL