Documentation ¶
Index ¶
- Constants
- func AddToScheme(s *runtime.Scheme) error
- type Config
- type DefaultExtensionManager
- func (m *DefaultExtensionManager) AddExtension(e Extension)
- func (m *DefaultExtensionManager) AddWatcher(w Watcher)
- func (m *DefaultExtensionManager) GenWatcher(client corev1client.CoreV1Interface) (watch.Interface, error)
- func (m *DefaultExtensionManager) GenWebHookServer()
- func (m *DefaultExtensionManager) GetKubeClient() (corev1client.CoreV1Interface, error)
- func (m *DefaultExtensionManager) GetKubeConnection() (*rest.Config, error)
- func (m *DefaultExtensionManager) GetLogger() *zap.SugaredLogger
- func (m *DefaultExtensionManager) GetManagerOptions() ManagerOptions
- func (m *DefaultExtensionManager) HandleEvent(e watch.Event)
- func (m *DefaultExtensionManager) ListExtensions() []Extension
- func (m *DefaultExtensionManager) ListWatchers() []Watcher
- func (m *DefaultExtensionManager) LoadExtensions() error
- func (m *DefaultExtensionManager) OperatorSetup() error
- func (m *DefaultExtensionManager) PatchFromPod(req admission.Request, pod *corev1.Pod) admission.Response
- func (m *DefaultExtensionManager) ReadWatcherEvent(w watch.Interface)
- func (m *DefaultExtensionManager) RegisterExtensions() error
- func (m *DefaultExtensionManager) SetKubeClient(c corev1client.CoreV1Interface)
- func (m *DefaultExtensionManager) SetKubeConnection(c *rest.Config)
- func (m *DefaultExtensionManager) SetManagerOptions(o ManagerOptions)
- func (m *DefaultExtensionManager) Start() error
- func (m *DefaultExtensionManager) Stop()
- func (m *DefaultExtensionManager) Watch() error
- type DefaultMutatingWebhook
- func (w *DefaultMutatingWebhook) GetFailurePolicy() admissionregistrationv1beta1.FailurePolicyType
- func (w *DefaultMutatingWebhook) GetHandler() admission.Handler
- func (w *DefaultMutatingWebhook) GetName() string
- func (w *DefaultMutatingWebhook) GetNamespaceSelector() *metav1.LabelSelector
- func (w *DefaultMutatingWebhook) GetPath() string
- func (w *DefaultMutatingWebhook) GetPod(req admission.Request) (*corev1.Pod, error)
- func (w *DefaultMutatingWebhook) GetRules() []admissionregistrationv1beta1.RuleWithOperations
- func (w *DefaultMutatingWebhook) GetWebhook() *webhook.Admission
- func (w *DefaultMutatingWebhook) Handle(ctx context.Context, req admission.Request) admission.Response
- func (w *DefaultMutatingWebhook) InjectClient(c client.Client) error
- func (w *DefaultMutatingWebhook) InjectDecoder(d *admission.Decoder) error
- func (w *DefaultMutatingWebhook) RegisterAdmissionWebHook(server *webhook.Server, opts WebhookOptions) error
- type Extension
- type Manager
- type ManagerOptions
- type MutatingWebhook
- type Watcher
- type WatcherChannelClosedError
- type WebhookConfig
- type WebhookOptions
Constants ¶
const ( LabelGUID = "cloudfoundry.org/guid" LabelVersion = "cloudfoundry.org/version" LabelAppGUID = "cloudfoundry.org/app_guid" LabelProcessType = "cloudfoundry.org/process_type" LabelSourceType = "cloudfoundry.org/source_type" )
Variables ¶
This section is empty.
Functions ¶
func AddToScheme ¶
AddToScheme adds all Resources to the Scheme
Types ¶
type Config ¶ added in v0.3.0
type Config struct { CtxTimeOut time.Duration // Namespace that is being watched by controllers Namespace string WebhookServerHost string WebhookServerPort int32 Fs afero.Fs }
Config controls the behaviour of different controllers
type DefaultExtensionManager ¶
type DefaultExtensionManager struct { // Extensions is the list of the Extensions that will be registered by the Manager Extensions []Extension // Watchers is the list of Eirini watchers handlers Watchers []Watcher // KubeManager is the kubernetes manager object which is setted up by the Manager KubeManager manager.Manager // Logger is the logger used internally and accessible to the Extensions Logger *zap.SugaredLogger // Context is the context structure used by internal components Context context.Context // WebhookConfig is the webhook configuration used to generate certificates WebhookConfig *WebhookConfig // WebhookServer is the webhook server where the Manager registers the Extensions to. WebhookServer *webhook.Server // Credsgen is the credential generator implementation used for generating certificates Credsgen credsgen.Generator // Options are the manager options Options ManagerOptions // contains filtered or unexported fields }
DefaultExtensionManager represent an implementation of Manager
func (*DefaultExtensionManager) AddExtension ¶
func (m *DefaultExtensionManager) AddExtension(e Extension)
AddExtension adds an Erini extension to the manager
func (*DefaultExtensionManager) AddWatcher ¶
func (m *DefaultExtensionManager) AddWatcher(w Watcher)
AddWatcher adds an Erini watcher Extension to the manager
func (*DefaultExtensionManager) GenWatcher ¶
func (m *DefaultExtensionManager) GenWatcher(client corev1client.CoreV1Interface) (watch.Interface, error)
GenWatcher generates a watcher from a corev1client interface
func (*DefaultExtensionManager) GenWebHookServer ¶
func (m *DefaultExtensionManager) GenWebHookServer()
GenWebHookServer prepares the webhook server structures
func (*DefaultExtensionManager) GetKubeClient ¶
func (m *DefaultExtensionManager) GetKubeClient() (corev1client.CoreV1Interface, error)
GetKubeClient returns a kubernetes Corev1 client interface from the rest config used.
func (*DefaultExtensionManager) GetKubeConnection ¶
func (m *DefaultExtensionManager) GetKubeConnection() (*rest.Config, error)
GetKubeConnection sets up a connection to a Kubernetes cluster if not existing.
func (*DefaultExtensionManager) GetLogger ¶
func (m *DefaultExtensionManager) GetLogger() *zap.SugaredLogger
GetLogger returns the Manager injected logger
func (*DefaultExtensionManager) GetManagerOptions ¶ added in v0.3.0
func (m *DefaultExtensionManager) GetManagerOptions() ManagerOptions
GetManagerOptions returns the Manager options
func (*DefaultExtensionManager) HandleEvent ¶
func (m *DefaultExtensionManager) HandleEvent(e watch.Event)
HandleEvent handles a watcher event. It propagates the event to all the registered watchers.
func (*DefaultExtensionManager) ListExtensions ¶
func (m *DefaultExtensionManager) ListExtensions() []Extension
ListExtensions returns the list of the Extensions added to the Manager
func (*DefaultExtensionManager) ListWatchers ¶
func (m *DefaultExtensionManager) ListWatchers() []Watcher
ListWatchers returns the list of the Extensions added to the Manager
func (*DefaultExtensionManager) LoadExtensions ¶ added in v0.3.0
func (m *DefaultExtensionManager) LoadExtensions() error
LoadExtensions generates and register webhooks from the Extensions added to the Manager
func (*DefaultExtensionManager) OperatorSetup ¶
func (m *DefaultExtensionManager) OperatorSetup() error
OperatorSetup prepares the webhook server, generates certificates and configuration. It also setups the namespace label for the operator
func (*DefaultExtensionManager) PatchFromPod ¶
func (*DefaultExtensionManager) ReadWatcherEvent ¶
func (m *DefaultExtensionManager) ReadWatcherEvent(w watch.Interface)
ReadWatcherEvent tries to read events from the watcher channel. It should be run in a loop.
func (*DefaultExtensionManager) RegisterExtensions ¶
func (m *DefaultExtensionManager) RegisterExtensions() error
RegisterExtensions generates the manager and the operator setup, and loads the extensions to the webhook server
func (*DefaultExtensionManager) SetKubeClient ¶
func (m *DefaultExtensionManager) SetKubeClient(c corev1client.CoreV1Interface)
SetKubeClient sets a kube client corev1 from a given one
func (*DefaultExtensionManager) SetKubeConnection ¶
func (m *DefaultExtensionManager) SetKubeConnection(c *rest.Config)
SetKubeConnection sets a rest config from a given one
func (*DefaultExtensionManager) SetManagerOptions ¶ added in v0.3.0
func (m *DefaultExtensionManager) SetManagerOptions(o ManagerOptions)
SetManagerOptions sets the ManagerOptions with the provided one
func (*DefaultExtensionManager) Start ¶
func (m *DefaultExtensionManager) Start() error
Start starts the Manager infinite loop, and returns an error on failure
func (*DefaultExtensionManager) Stop ¶
func (m *DefaultExtensionManager) Stop()
func (*DefaultExtensionManager) Watch ¶
func (m *DefaultExtensionManager) Watch() error
Watch starts the Watchers Manager infinite loop, and returns an error on failure
type DefaultMutatingWebhook ¶
type DefaultMutatingWebhook struct { // EiriniExtension is the Eirini extension associated with the webhook EiriniExtension Extension // EiriniExtensionManager is the Manager which will be injected into the Handle. EiriniExtensionManager Manager // FilterEiriniApps indicates if the webhook will filter Eirini apps or not. FilterEiriniApps bool // Name is the name of the webhook Name string // Path is the path this webhook will serve. Path string // Rules maps to the Rules field in admissionregistrationv1beta1.Webhook Rules []admissionregistrationv1beta1.RuleWithOperations // FailurePolicy maps to the FailurePolicy field in admissionregistrationv1beta1.Webhook // This optional. If not set, will be defaulted to Ignore (fail-open) by the server. // More details: https://github.com/kubernetes/api/blob/f5c295feaba2cbc946f0bbb8b535fc5f6a0345ee/admissionregistration/v1beta1/types.go#L144-L147 FailurePolicy admissionregistrationv1beta1.FailurePolicyType // NamespaceSelector maps to the NamespaceSelector field in admissionregistrationv1beta1.Webhook // This optional. NamespaceSelector *metav1.LabelSelector // Handlers contains a list of handlers. Each handler may only contains the business logic for its own feature. // For example, feature foo and bar can be in the same webhook if all the other configurations are the same. // The handler will be invoked sequentially as the order in the list. // Note: if you are using mutating webhook with multiple handlers, it's your responsibility to // ensure the handlers are not generating conflicting JSON patches. Handler admission.Handler // Webhook contains the Admission webhook information that we register with the controller runtime. Webhook *webhook.Admission // contains filtered or unexported fields }
DefaultMutatingWebhook is the implementation of the Webhook generated out of the Eirini Extension
func (*DefaultMutatingWebhook) GetFailurePolicy ¶
func (w *DefaultMutatingWebhook) GetFailurePolicy() admissionregistrationv1beta1.FailurePolicyType
func (*DefaultMutatingWebhook) GetHandler ¶
func (w *DefaultMutatingWebhook) GetHandler() admission.Handler
func (*DefaultMutatingWebhook) GetName ¶
func (w *DefaultMutatingWebhook) GetName() string
func (*DefaultMutatingWebhook) GetNamespaceSelector ¶
func (w *DefaultMutatingWebhook) GetNamespaceSelector() *metav1.LabelSelector
func (*DefaultMutatingWebhook) GetPath ¶
func (w *DefaultMutatingWebhook) GetPath() string
func (*DefaultMutatingWebhook) GetRules ¶
func (w *DefaultMutatingWebhook) GetRules() []admissionregistrationv1beta1.RuleWithOperations
func (*DefaultMutatingWebhook) GetWebhook ¶
func (w *DefaultMutatingWebhook) GetWebhook() *webhook.Admission
func (*DefaultMutatingWebhook) Handle ¶
func (w *DefaultMutatingWebhook) Handle(ctx context.Context, req admission.Request) admission.Response
Handle delegates the Handle function to the Eirini Extension
func (*DefaultMutatingWebhook) InjectClient ¶
func (w *DefaultMutatingWebhook) InjectClient(c client.Client) error
InjectClient injects the client.
func (*DefaultMutatingWebhook) InjectDecoder ¶
func (w *DefaultMutatingWebhook) InjectDecoder(d *admission.Decoder) error
InjectDecoder injects the decoder.
func (*DefaultMutatingWebhook) RegisterAdmissionWebHook ¶
func (w *DefaultMutatingWebhook) RegisterAdmissionWebHook(server *webhook.Server, opts WebhookOptions) error
RegisterAdmissionWebHook registers the Mutating WebHook to the WebHook Server and returns the generated Admission Webhook
type Extension ¶
type Extension interface { // Handle handles a kubernetes request. // It is the main entry point of the Eirini extensions and the arguments are the // decoded payloads from the kubeapi server. // // The manager will attempt to decode a pod from the request if possible and passes it to the Manager. Handle(context.Context, Manager, *corev1.Pod, admission.Request) admission.Response }
Extension is the Eirini Extension interface
An Eirini Extension must implement it by providing only an Handle method which will be used as a response to the kube api server.
The Extension typically returns a set of patches defining the difference between the pod received in the request and the wanted state from the Extension.
type Manager ¶
type Manager interface { // AddExtension adds an Extension to the manager // // The manager later on, will register the Extension when Start() is being called. AddExtension(e Extension) // Start starts the manager infinite loop. // // Registers all the Extensions and generates // the respective mutating webhooks. // // Returns error in case of failure. Start() error // ListExtensions returns a list of the current loaded Extension ListExtensions() []Extension // GetKubeConnection sets up a kube connection if not already present // // Returns the rest config used to establish a connection to the kubernetes cluster. GetKubeConnection() (*rest.Config, error) // GetKubeClient sets up a kube client if not already present // // Returns the kubernetes interface. GetKubeClient() (corev1client.CoreV1Interface, error) // GetLogger returns the logger of the application. It can be passed an already existing one // by using NewManager() GetLogger() *zap.SugaredLogger // Watch starts the main loop for the registered watchers Watch() error // AddWatcher register a watcher to EiriniX AddWatcher(w Watcher) // Helper to compute the patch from a pod update PatchFromPod(req admission.Request, pod *corev1.Pod) admission.Response // Register Extensions to the kubernetes cluster. RegisterExtensions() error // Stop stops the manager execution Stop() // SetManagerOptions it is a setter for the ManagerOptions SetManagerOptions(ManagerOptions) // GetManagerOptions returns current ManagerOptions GetManagerOptions() ManagerOptions }
Manager is the interface of the manager for registering Eirini extensions
It will generate webhooks that will satisfy the MutatingWebhook interface from the defined Extensions.
func NewManager ¶
func NewManager(opts ManagerOptions) Manager
NewManager returns a manager for the kubernetes cluster. the kubeconfig file and the logger are optional
type ManagerOptions ¶
type ManagerOptions struct { // Namespace is the namespace where the Manager is operating Namespace string // Host is the listening host address for the Manager Host string // Port is the listening port Port int32 // KubeConfig is the kubeconfig path. Optional, omit for in-cluster connection KubeConfig string // Logger is the default logger. Optional, if omitted a new one will be created Logger *zap.SugaredLogger // FailurePolicy default failure policy for the webhook server. Optional, defaults to fail FailurePolicy *admissionregistrationv1beta1.FailurePolicyType // FilterEiriniApps enables or disables Eirini apps filters. Optional, defaults to true FilterEiriniApps *bool // OperatorFingerprint is a unique string identifiying the Manager. Optional, defaults to eirini-x OperatorFingerprint string // SetupCertificateName is the name of the generated certificates. Optional, defaults uses OperatorFingerprint to generate a new one SetupCertificateName string // RegisterWebHook enables or disables automatic registering of webhooks. Defaults to true RegisterWebHook *bool // SetupCertificate enables or disables automatic certificate generation. Defaults to true SetupCertificate *bool // ServiceName registers the Extension as a MutatingWebhook reachable by a service ServiceName string // WebhookNamespace, when ServiceName is supplied, a WebhookNamespace is required to indicate in which namespace the webhook service runs on WebhookNamespace string // WatcherStartRV is the starting ResourceVersion of the PodList which is being watched (see Kubernetes #74022). // If omitted, it will start watching from the current RV. WatcherStartRV string }
ManagerOptions represent the Runtime manager options
type MutatingWebhook ¶
type MutatingWebhook interface { Handle(context.Context, admission.Request) admission.Response InjectClient(c client.Client) error InjectDecoder(d *admission.Decoder) error RegisterAdmissionWebHook(*webhook.Server, WebhookOptions) error GetName() string GetPath() string GetRules() []admissionregistrationv1beta1.RuleWithOperations GetFailurePolicy() admissionregistrationv1beta1.FailurePolicyType GetNamespaceSelector() *metav1.LabelSelector GetHandler() admission.Handler GetWebhook() *webhook.Admission }
MutatingWebhook is the interface of the generated webhook from the Extension
It represent the minimal set of methods that the libraries used behind the scenes expect from a structure that implements a Mutating Webhook
func NewWebhook ¶
func NewWebhook(e Extension, m Manager) MutatingWebhook
NewWebhook returns a MutatingWebhook out of an Eirini Extension
type Watcher ¶
Watcher is the Eirini Watcher Extension interface.
An Eirini Watcher must implement a Handle method, which is called with the event that occurred in the namespace.
type WatcherChannelClosedError ¶ added in v0.3.0
type WatcherChannelClosedError struct {
// contains filtered or unexported fields
}
WatcherChannelClosedError can be used to filter for "watcher channel closed" in a block like this: if err, ok := err.(*extension.WatcherChannelClosedError); ok { // Do things }
func (*WatcherChannelClosedError) Error ¶ added in v0.3.0
func (e *WatcherChannelClosedError) Error() string
Error implements the error Interface for WatcherChannelClosedError
type WebhookConfig ¶
type WebhookConfig struct { ConfigName string CertDir string Certificate []byte Key []byte CaCertificate []byte CaKey []byte // contains filtered or unexported fields }
WebhookConfig generates certificates and the configuration for the webhook server
func NewWebhookConfig ¶
func NewWebhookConfig(c client.Client, config *Config, generator credsgen.Generator, configName string, setupCertificateName string, serviceName string, webhookNamespace string) *WebhookConfig
NewWebhookConfig returns a new WebhookConfig
func (*WebhookConfig) GenerateAdmissionWebhook ¶
func (f *WebhookConfig) GenerateAdmissionWebhook(webhooks []MutatingWebhook) []admissionregistrationv1beta1.MutatingWebhook
type WebhookOptions ¶
type WebhookOptions struct { ID string // Webhook path will be generated out of that MatchLabels map[string]string Manager manager.Manager ManagerOptions ManagerOptions }
WebhookOptions are the options required to register a WebHook to the WebHook server