kube

package
v5.2.0-rc1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 15, 2024 License: Apache-2.0 Imports: 39 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func InitializeVolumes

func InitializeVolumes(specVolumes []v1.Volume, configMaps []v1.ConfigMap, secretsManager *secrets.SecretsManager, mountLabel string) (map[string]*KubeVolume, error)

Create a map of volume name to KubeVolume

func ToPodOpt

func ToPodOpt(ctx context.Context, podName string, p entities.PodCreateOptions, publishAllPorts bool, podYAML *v1.PodTemplateSpec) (entities.PodCreateOptions, error)

func ToSpecGen

func ToSpecGen(ctx context.Context, opts *CtrSpecGenOptions) (*specgen.SpecGenerator, error)

Types

type CtrSpecGenOptions

type CtrSpecGenOptions struct {
	// Annotations from the Pod
	Annotations map[string]string
	// Container as read from the pod yaml
	Container v1.Container
	// Image available to use (pulled or found local)
	Image *libimage.Image
	// IPCNSIsHost tells the container to use the host ipcns
	IpcNSIsHost bool
	// Volumes for all containers
	Volumes map[string]*KubeVolume
	// VolumesFrom for all containers
	VolumesFrom []string
	// Image Volumes for this container
	ImageVolumes []*specgen.ImageVolume
	// PodID of the parent pod
	PodID string
	// PodName of the parent pod
	PodName string
	// PodInfraID as the infrastructure container id
	PodInfraID string
	// ConfigMaps the configuration maps for environment variables
	ConfigMaps []v1.ConfigMap
	// SeccompPaths for finding the seccomp profile path
	SeccompPaths *KubeSeccompPaths
	// ReadOnly make all containers root file system readonly
	ReadOnly itypes.OptionalBool
	// RestartPolicy defines the restart policy of the container
	RestartPolicy string
	// NetNSIsHost tells the container to use the host netns
	NetNSIsHost bool
	// UserNSIsHost tells the container to use the host userns
	UserNSIsHost bool
	// PidNSIsHost tells the container to use the host pidns
	PidNSIsHost bool
	// UtsNSIsHost tells the container to use the host utsns
	UtsNSIsHost bool
	// SecretManager to access the secrets
	SecretsManager *secrets.SecretsManager
	// LogDriver which should be used for the container
	LogDriver string
	// LogOptions log options which should be used for the container
	LogOptions []string
	// Labels define key-value pairs of metadata
	Labels map[string]string
	//
	IsInfra bool
	// InitContainerType sets what type the init container is
	// Note: When playing a kube yaml, the inti container type will be set to "always" only
	InitContainerType string
	// PodSecurityContext is the security context specified for the pod
	PodSecurityContext *v1.PodSecurityContext
	// TerminationGracePeriodSeconds is the grace period given to a container to stop before being forcefully killed
	TerminationGracePeriodSeconds *int64
}

type KubeSeccompPaths

type KubeSeccompPaths struct {
	// contains filtered or unexported fields
}

KubeSeccompPaths holds information about a pod YAML's seccomp configuration it holds both container and pod seccomp paths

func InitializeSeccompPaths

func InitializeSeccompPaths(annotations map[string]string, profileRoot string) (*KubeSeccompPaths, error)

InitializeSeccompPaths takes annotations from the pod object metadata and finds annotations pertaining to seccomp it parses both pod and container level if the annotation is of the form "localhost/%s", the seccomp profile will be set to profileRoot/%s

func (*KubeSeccompPaths) FindForContainer

func (k *KubeSeccompPaths) FindForContainer(ctrName string) string

FindForContainer checks whether a container has a seccomp path configured for it if not, it returns the podPath, which should always have a value

type KubeVolume

type KubeVolume struct {
	// Type of volume to create
	Type KubeVolumeType
	// Path for bind mount or volume name for named volume
	Source string
	// Items to add to a named volume created where the key is the file name and the value is the data
	// This is only used when there are volumes in the yaml that refer to a configmap
	// Example: if configmap has data "SPECIAL_LEVEL: very" then the file name is "SPECIAL_LEVEL" and the
	// data in that file is "very".
	Items map[string][]byte
	// If the volume is optional, we can move on if it is not found
	// Only used when there are volumes in a yaml that refer to a configmap
	Optional bool
	// DefaultMode sets the permissions on files created for the volume
	// This is optional and defaults to 0644
	DefaultMode int32
}

func VolumeFromConfigMap

func VolumeFromConfigMap(configMapVolumeSource *v1.ConfigMapVolumeSource, configMaps []v1.ConfigMap) (*KubeVolume, error)

func VolumeFromEmptyDir

func VolumeFromEmptyDir(emptyDirVolumeSource *v1.EmptyDirVolumeSource, name string) (*KubeVolume, error)

Create a kubeVolume for an emptyDir volume

func VolumeFromHostPath

func VolumeFromHostPath(hostPath *v1.HostPathVolumeSource, mountLabel string) (*KubeVolume, error)

Create a KubeVolume from an HostPathVolumeSource

func VolumeFromPersistentVolumeClaim

func VolumeFromPersistentVolumeClaim(claim *v1.PersistentVolumeClaimVolumeSource) (*KubeVolume, error)

Create a KubeVolume from a PersistentVolumeClaimVolumeSource

func VolumeFromSecret

func VolumeFromSecret(secretSource *v1.SecretVolumeSource, secretsManager *secrets.SecretsManager) (*KubeVolume, error)

VolumeFromSecret creates a new kube volume from a kube secret.

func VolumeFromSource

func VolumeFromSource(volumeSource v1.VolumeSource, configMaps []v1.ConfigMap, secretsManager *secrets.SecretsManager, volName, mountLabel string) (*KubeVolume, error)

Create a KubeVolume from one of the supported VolumeSource

type KubeVolumeType

type KubeVolumeType int
const (
	KubeVolumeTypeBindMount KubeVolumeType = iota
	KubeVolumeTypeNamed
	KubeVolumeTypeConfigMap
	KubeVolumeTypeBlockDevice
	KubeVolumeTypeCharDevice
	KubeVolumeTypeSecret
	KubeVolumeTypeEmptyDir
	KubeVolumeTypeEmptyDirTmpfs
)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL