core

package
v1.2.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 19, 2023 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source
const (
	DefaultResourceLimit         = "1"
	FargatePodSGAnnotationKey    = "fargate.amazonaws.com/pod-sg"
	FargatePodIdentifierLabelKey = "eks.amazonaws.com/fargate-profile"
)

Variables

View Source
var (
	Fargate        = PodType("Fargate")
	Windows        = PodType("Windows")
	Linux          = PodType("Linux")
	HostNetworking = PodType("HostNetworking")
)

Functions

This section is empty.

Types

type AnnotationValidator

type AnnotationValidator struct {
	Condition condition.Conditions
	Log       logr.Logger
	Checker   healthz.Checker
	// contains filtered or unexported fields
}

AnnotationValidator validates the resource allocated to the Pod via annotations. The WebHook prevents unauthorized user from modifying/removing these Annotations.

func NewAnnotationValidator added in v1.1.6

func NewAnnotationValidator(condition condition.Conditions, log logr.Logger, healthzHandler *rcHealthz.HealthzHandler) *AnnotationValidator

func (*AnnotationValidator) Handle

func (*AnnotationValidator) InjectDecoder

func (a *AnnotationValidator) InjectDecoder(d *admission.Decoder) error

InjectDecoder injects the decoder.

type NodeUpdateWebhook added in v1.1.3

type NodeUpdateWebhook struct {
	Condition condition.Conditions
	Log       logr.Logger
	Checker   healthz.Checker
	// contains filtered or unexported fields
}

func NewNodeUpdateWebhook added in v1.1.6

func NewNodeUpdateWebhook(condition condition.Conditions, log logr.Logger, healthzHandler *rcHealthz.HealthzHandler) *NodeUpdateWebhook

func (*NodeUpdateWebhook) Handle added in v1.1.3

Handle allows update request on Node on the expected fields when the request is coming from the aws-node Service Account. It also ensures the updates are allowed only when the Security Group for Pod feature is enabled.

func (*NodeUpdateWebhook) InjectDecoder added in v1.1.3

func (a *NodeUpdateWebhook) InjectDecoder(d *admission.Decoder) error

InjectDecoder injects the decoder.

type PodMutationWebHook added in v1.1.0

type PodMutationWebHook struct {
	SGPAPI    utils.SecurityGroupForPodsAPI
	Log       logr.Logger
	Condition condition.Conditions
	// contains filtered or unexported fields
}

PodResourceInjector injects resources into Pods

func NewPodMutationWebHook added in v1.1.6

func NewPodMutationWebHook(
	sgpAPI utils.SecurityGroupForPodsAPI,
	log logr.Logger,
	condition condition.Conditions,
	healthzHandler *rcHealthz.HealthzHandler,
) *PodMutationWebHook

func (*PodMutationWebHook) GetPatchResponse added in v1.1.0

func (i *PodMutationWebHook) GetPatchResponse(req admission.Request, pod *corev1.Pod, log logr.Logger) admission.Response

Returns the Response by patching the updated object with raw object from request

func (*PodMutationWebHook) Handle added in v1.1.0

func (*PodMutationWebHook) HandleFargatePod added in v1.1.0

func (i *PodMutationWebHook) HandleFargatePod(req admission.Request, pod *corev1.Pod,
	log logr.Logger) (response admission.Response)

HandleFargatePod mutates the Fargate Pod if the Pod Matches a SGP. This also acts like a validation WebHook by removing any existing Annotation on the Pod on Create Event.

func (*PodMutationWebHook) HandleLinuxPod added in v1.1.0

func (i *PodMutationWebHook) HandleLinuxPod(req admission.Request, pod *corev1.Pod,
	log logr.Logger) (response admission.Response)

HandleLinuxPod mutates the Linux Pod by injecting pod-eni limit if the Linux Pod matches any SGP

func (*PodMutationWebHook) HandleWindowsPod added in v1.1.0

func (i *PodMutationWebHook) HandleWindowsPod(req admission.Request, pod *corev1.Pod,
	log logr.Logger) (response admission.Response)

HandleWindowsPod mutates the Windows Pod by injecting a secondary IPv4 Address Limit to the Pod when the Windows IPAM feature is enabled via ConfigMap

func (*PodMutationWebHook) InitializeEmptyFields added in v1.1.0

func (i *PodMutationWebHook) InitializeEmptyFields(req admission.Request, pod *corev1.Pod)

InitializeEmptyFields inits the empty fields in the request

func (*PodMutationWebHook) InjectDecoder added in v1.1.0

func (i *PodMutationWebHook) InjectDecoder(d *admission.Decoder) error

InjectDecoder injects the decoder.

type PodType added in v1.1.0

type PodType string

func WhichPod added in v1.1.0

func WhichPod(pod *corev1.Pod) PodType

WhichPod returns the PodType, each PodType will be handled differently

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL