Documentation
¶
Index ¶
- Constants
- Variables
- type AnnotationValidator
- type NodeUpdateWebhook
- type PodMutationWebHook
- func (i *PodMutationWebHook) GetPatchResponse(req admission.Request, pod *corev1.Pod, log logr.Logger) admission.Response
- func (i *PodMutationWebHook) Handle(_ context.Context, req admission.Request) admission.Response
- func (i *PodMutationWebHook) HandleFargatePod(req admission.Request, pod *corev1.Pod, log logr.Logger) (response admission.Response)
- func (i *PodMutationWebHook) HandleLinuxPod(req admission.Request, pod *corev1.Pod, log logr.Logger) (response admission.Response)
- func (i *PodMutationWebHook) HandleWindowsPod(req admission.Request, pod *corev1.Pod, log logr.Logger) (response admission.Response)
- func (i *PodMutationWebHook) InitializeEmptyFields(req admission.Request, pod *corev1.Pod)
- func (i *PodMutationWebHook) InjectDecoder(d *admission.Decoder) error
- type PodType
Constants ¶
const ( DefaultResourceLimit = "1" FargatePodSGAnnotationKey = "fargate.amazonaws.com/pod-sg" FargatePodIdentifierLabelKey = "eks.amazonaws.com/fargate-profile" )
Variables ¶
var ( Fargate = PodType("Fargate") Windows = PodType("Windows") Linux = PodType("Linux") HostNetworking = PodType("HostNetworking") )
Functions ¶
This section is empty.
Types ¶
type AnnotationValidator ¶
type AnnotationValidator struct {
Condition condition.Conditions
Log logr.Logger
// contains filtered or unexported fields
}
AnnotationValidator validates the resource allocated to the Pod via annotations. The WebHook prevents unauthorized user from modifying/removing these Annotations.
func (*AnnotationValidator) InjectDecoder ¶
func (a *AnnotationValidator) InjectDecoder(d *admission.Decoder) error
InjectDecoder injects the decoder.
type NodeUpdateWebhook ¶ added in v1.1.3
type NodeUpdateWebhook struct {
Condition condition.Conditions
Log logr.Logger
// contains filtered or unexported fields
}
func (*NodeUpdateWebhook) Handle ¶ added in v1.1.3
Handle allows update request on Node on the expected fields when the request is coming from the aws-node Service Account. It also ensures the updates are allowed only when the Security Group for Pod feature is enabled.
func (*NodeUpdateWebhook) InjectDecoder ¶ added in v1.1.3
func (a *NodeUpdateWebhook) InjectDecoder(d *admission.Decoder) error
InjectDecoder injects the decoder.
type PodMutationWebHook ¶ added in v1.1.0
type PodMutationWebHook struct {
SGPAPI utils.SecurityGroupForPodsAPI
Log logr.Logger
Condition condition.Conditions
// contains filtered or unexported fields
}
PodResourceInjector injects resources into Pods
func (*PodMutationWebHook) GetPatchResponse ¶ added in v1.1.0
func (i *PodMutationWebHook) GetPatchResponse(req admission.Request, pod *corev1.Pod, log logr.Logger) admission.Response
Returns the Response by patching the updated object with raw object from request
func (*PodMutationWebHook) HandleFargatePod ¶ added in v1.1.0
func (i *PodMutationWebHook) HandleFargatePod(req admission.Request, pod *corev1.Pod, log logr.Logger) (response admission.Response)
HandleFargatePod mutates the Fargate Pod if the Pod Matches a SGP. This also acts like a validation WebHook by removing any existing Annotation on the Pod on Create Event.
func (*PodMutationWebHook) HandleLinuxPod ¶ added in v1.1.0
func (i *PodMutationWebHook) HandleLinuxPod(req admission.Request, pod *corev1.Pod, log logr.Logger) (response admission.Response)
HandleLinuxPod mutates the Linux Pod by injecting pod-eni limit if the Linux Pod matches any SGP
func (*PodMutationWebHook) HandleWindowsPod ¶ added in v1.1.0
func (i *PodMutationWebHook) HandleWindowsPod(req admission.Request, pod *corev1.Pod, log logr.Logger) (response admission.Response)
HandleWindowsPod mutates the Windows Pod by injecting a secondary IPv4 Address Limit to the Pod when the Windows IPAM feature is enabled via ConfigMap
func (*PodMutationWebHook) InitializeEmptyFields ¶ added in v1.1.0
func (i *PodMutationWebHook) InitializeEmptyFields(req admission.Request, pod *corev1.Pod)
InitializeEmptyFields inits the empty fields in the request
func (*PodMutationWebHook) InjectDecoder ¶ added in v1.1.0
func (i *PodMutationWebHook) InjectDecoder(d *admission.Decoder) error
InjectDecoder injects the decoder.
Source Files