kubernetes

Documentation

Index

• Constants
• func NewSSHKeyRing(config SSHKeyRingConfig) (*sshKeyRing, error)
• func ObjectMissingError(obj string, err error) *fluxerr.Error
• func UpdateNotSupportedError(kind string) error
• type Applier
• type Cluster
  • func NewCluster(clientset k8sclient.Interface, applier Applier, sshKeyRing ssh.KeyRing, ...) *Cluster
  • func (c *Cluster) AllControllers(namespace string) (res []cluster.Controller, err error)
  • func (c *Cluster) Export() ([]byte, error)
  • func (c *Cluster) ImagesToFetch() registry.ImageCreds
  • func (c *Cluster) Ping() error
  • func (c *Cluster) PublicSSHKey(regenerate bool) (ssh.PublicKey, error)
  • func (c *Cluster) SomeControllers(ids []flux.ResourceID) (res []cluster.Controller, err error)
  • func (c *Cluster) Sync(spec cluster.SyncDef) error
• type Kubectl
  • func NewKubectl(exe string, config *rest.Config) *Kubectl
• type Manifests
  • func (c *Manifests) FindDefinedServices(path string) (map[flux.ResourceID][]string, error)
  • func (c *Manifests) LoadManifests(paths ...string) (map[string]resource.Resource, error)
  • func (c *Manifests) ParseManifests(allDefs []byte) (map[string]resource.Resource, error)
  • func (m *Manifests) ServicesWithPolicies(root string) (policy.ResourceMap, error)
  • func (c *Manifests) UpdateDefinition(def []byte, container string, image image.Ref) ([]byte, error)
  • func (m *Manifests) UpdatePolicies(in []byte, serviceID flux.ResourceID, update policy.Update) ([]byte, error)
• type SSHKeyRingConfig
• Bugs

Constants

const (
	StatusUnknown  = "unknown"
	StatusReady    = "ready"
	StatusUpdating = "updating"
)

Functions

func NewSSHKeyRing

func NewSSHKeyRing(config SSHKeyRingConfig) (*sshKeyRing, error)

NewSSHKeyRing constructs an sshKeyRing backed by a kubernetes secret resource. The keyring is initialised with the key that was previously stored in the secret (either by regenerate() or an administrator), or a freshly generated key if none was found.

func ObjectMissingError

func ObjectMissingError(obj string, err error) *fluxerr.Error

func UpdateNotSupportedError

func UpdateNotSupportedError(kind string) error

Types

type Applier

type Applier interface {
	// contains filtered or unexported methods
}

type Cluster

type Cluster struct {
	// contains filtered or unexported fields
}

Cluster is a handle to a Kubernetes API server. (Typically, this code is deployed into the same cluster.)

func NewCluster

func NewCluster(clientset k8sclient.Interface,
	applier Applier,
	sshKeyRing ssh.KeyRing,
	logger log.Logger) *Cluster

NewCluster returns a usable cluster.

func (*Cluster) AllControllers

func (c *Cluster) AllControllers(namespace string) (res []cluster.Controller, err error)

AllControllers returns all controllers matching the criteria; that is, in the namespace (or any namespace if that argument is empty)

func (*Cluster) Export

func (c *Cluster) Export() ([]byte, error)

Export exports cluster resources

func (*Cluster) ImagesToFetch

func (c *Cluster) ImagesToFetch() registry.ImageCreds

ImagesToFetch is a k8s specific method to get a list of images to update along with their credentials

func (*Cluster) Ping

func (c *Cluster) Ping() error

func (*Cluster) PublicSSHKey

func (c *Cluster) PublicSSHKey(regenerate bool) (ssh.PublicKey, error)

func (*Cluster) SomeControllers

func (c *Cluster) SomeControllers(ids []flux.ResourceID) (res []cluster.Controller, err error)

SomeControllers returns the controllers named, missing out any that don't exist in the cluster. They do not necessarily have to be returned in the order requested.

func (*Cluster) Sync

func (c *Cluster) Sync(spec cluster.SyncDef) error

Sync performs the given actions on resources. Operations are asynchronous, but serialised.

type Kubectl

type Kubectl struct {
	// contains filtered or unexported fields
}

func NewKubectl

func NewKubectl(exe string, config *rest.Config) *Kubectl

type Manifests

type Manifests struct {
}

func (*Manifests) FindDefinedServices

func (c *Manifests) FindDefinedServices(path string) (map[flux.ResourceID][]string, error)

FindDefinedServices finds all the services defined under the directory given, and returns a map of service IDs (from its specified namespace and name) to the paths of resource definition files.

func (*Manifests) LoadManifests

func (c *Manifests) LoadManifests(paths ...string) (map[string]resource.Resource, error)

func (*Manifests) ParseManifests

func (c *Manifests) ParseManifests(allDefs []byte) (map[string]resource.Resource, error)

func (*Manifests) ServicesWithPolicies

func (m *Manifests) ServicesWithPolicies(root string) (policy.ResourceMap, error)

func (*Manifests) UpdateDefinition

func (c *Manifests) UpdateDefinition(def []byte, container string, image image.Ref) ([]byte, error)

func (*Manifests) UpdatePolicies

func (m *Manifests) UpdatePolicies(in []byte, serviceID flux.ResourceID, update policy.Update) ([]byte, error)

type SSHKeyRingConfig

type SSHKeyRingConfig struct {
	SecretAPI             v1.SecretInterface
	SecretName            string
	SecretVolumeMountPath string // e.g. "/etc/fluxd/ssh"
	SecretDataKey         string // e.g. "identity"
	KeyBits               ssh.OptionalValue
	KeyType               ssh.OptionalValue
}

SSHKeyRingConfig is used to configure the keyring with key generation options and the parameters of its backing kubernetes secret resource. SecretVolumeMountPath must be mounted RW for regenerate() to work, and to set the privateKeyFileMode on the identity secret file.

Notes

Bugs

• Updating the kubernetes secret should be done via an ephemeral external executable invoked with coredumps disabled and using syscall.Mlockall(MCL_FUTURE) in conjunction with an appropriate ulimit to ensure the private key isn't unintentionally written to persistent storage.