Documentation ¶
Index ¶
- Constants
- func BuildAzureKeyVaultSecretProviderClass(tenantId string, appName string, radixDeploymentName string, ...) (*secretsstorev1.SecretProviderClass, error)
- func BuildRadixConfigEnvVarsConfigMap(appName, componentName string) *corev1.ConfigMap
- func BuildRadixConfigEnvVarsMetadataConfigMap(appName, componentName string) *corev1.ConfigMap
- func CreateAppRole(appName, roleName string, customLabels map[string]string, ...) *rbacv1.Role
- func CreateManageSecretRole(appName, roleName string, secretNames []string, customLabels map[string]string) *rbacv1.Role
- func CreateReadSecretRole(appName, roleName string, secretNames []string, customLabels map[string]string) *rbacv1.Role
- func GetAzureKeyVaultSecretRefSecretName(componentName, radixDeploymentName, azKeyVaultName string, ...) string
- func GetComponentSecretProviderClassName(radixDeploymentName, radixDeployComponentName string, ...) string
- func GetEnvVarsConfigMapName(componentName string) string
- func GetEnvVarsMetadataConfigMapName(componentName string) string
- func GetEnvVarsMetadataFromConfigMap(envVarsMetadataConfigMap *corev1.ConfigMap) (map[string]EnvVarMetadata, error)
- func GetRoleBindingGroups(groups []string) []rbacv1.Subject
- func GetRolebindingToClusterRole(appName, roleName string, groups []string) *rbacv1.RoleBinding
- func GetRolebindingToClusterRoleForServiceAccountWithLabels(roleName, serviceAccountName, serviceAccountNamespace string, ...) *rbacv1.RoleBinding
- func GetRolebindingToClusterRoleForSubjects(appName, roleName string, subjects []rbacv1.Subject) *rbacv1.RoleBinding
- func GetRolebindingToClusterRoleForSubjectsWithLabels(roleName string, subjects []rbacv1.Subject, labels map[string]string) *rbacv1.RoleBinding
- func GetRolebindingToClusterRoleWithLabels(roleName string, groups []string, labels map[string]string) *rbacv1.RoleBinding
- func GetRolebindingToRole(appName, roleName string, groups []string) *rbacv1.RoleBinding
- func GetRolebindingToRoleForServiceAccountWithLabels(roleName, serviceAccountName, serviceAccountNamespace string, ...) *rbacv1.RoleBinding
- func GetRolebindingToRoleForSubjectsWithLabels(appName, roleName string, subjects []rbacv1.Subject, labels map[string]string) *rbacv1.RoleBinding
- func GetRolebindingToRoleWithLabels(roleName string, groups []string, labels map[string]string) *rbacv1.RoleBinding
- func GetRolebindingToRoleWithLabelsForSubjects(roleName string, subjects []rbacv1.Subject, labels map[string]string) *rbacv1.RoleBinding
- func GetSecretRefAzureKeyVaultItemDataKey(keyVaultItem *radixv1.RadixAzureKeyVaultItem) string
- func GetSecretTypeForRadixAzureKeyVault(k8sSecretType *radixv1.RadixAzureKeyVaultK8sSecretType) corev1.SecretType
- func IsEmptyPatch(patchBytes []byte) bool
- func MergePodDisruptionBudgets(existingPdb *v1.PodDisruptionBudget, generatedPdb *v1.PodDisruptionBudget) ([]byte, error)
- func SetEnvVarsMetadataMapToConfigMap(configMap *corev1.ConfigMap, envVarsMetadataMap map[string]EnvVarMetadata) error
- type EnvVarMetadata
- type Kube
- func (kubeutil *Kube) ApplyClusterRole(clusterrole *rbacv1.ClusterRole) error
- func (kubeutil *Kube) ApplyClusterRoleBinding(clusterrolebinding *rbacv1.ClusterRoleBinding) error
- func (kubeutil *Kube) ApplyClusterRoleBindingToServiceAccount(roleName string, serviceAccount *corev1.ServiceAccount, ...) error
- func (kubeutil *Kube) ApplyConfigMap(namespace string, currentConfigMap, desiredConfigMap *corev1.ConfigMap) error
- func (kubeutil *Kube) ApplyDeployment(namespace string, currentDeployment *appsv1.Deployment, ...) error
- func (kubeutil *Kube) ApplyEnvVarsMetadataConfigMap(namespace string, envVarsMetadataConfigMap *corev1.ConfigMap, ...) error
- func (kubeutil *Kube) ApplyIngress(namespace string, ingress *networkingv1.Ingress) error
- func (kubeutil *Kube) ApplyLimitRange(namespace string, limitRange *corev1.LimitRange) error
- func (kubeutil *Kube) ApplyNamespace(name string, labels map[string]string, ownerRefs []metav1.OwnerReference) error
- func (kubeutil *Kube) ApplyNetworkPolicy(networkPolicy *v1.NetworkPolicy, ns string) error
- func (kubeutil *Kube) ApplyRole(namespace string, role *rbacv1.Role) error
- func (kubeutil *Kube) ApplyRoleBinding(namespace string, role *rbacv1.RoleBinding) error
- func (kubeutil *Kube) ApplyRoleBindingToServiceAccount(roleKind, roleName, namespace string, serviceAccount *corev1.ServiceAccount, ...) error
- func (kubeutil *Kube) ApplySecret(namespace string, secret *corev1.Secret) (savedSecret *corev1.Secret, err error)
- func (kubeutil *Kube) ApplyService(namespace string, service *corev1.Service) error
- func (kubeutil *Kube) ApplyServiceAccount(serviceAccount *corev1.ServiceAccount) (*corev1.ServiceAccount, error)
- func (kubeutil *Kube) BuildLimitRange(namespace, name, appName string, ...) *corev1.LimitRange
- func (kubeutil *Kube) CreateConfigMap(namespace string, configMap *corev1.ConfigMap) (*corev1.ConfigMap, error)
- func (kubeutil *Kube) CreateDeployment(namespace string, deployment *appsv1.Deployment) (*appsv1.Deployment, error)
- func (kubeutil *Kube) CreateSecretProviderClass(namespace string, secretProviderClass *secretsstorev1.SecretProviderClass) (savedSecret *secretsstorev1.SecretProviderClass, err error)
- func (kubeutil *Kube) CreateServiceAccount(namespace, name string) (*corev1.ServiceAccount, error)
- func (kubeutil *Kube) DeleteClusterRoleBinding(name string) error
- func (kubeutil *Kube) DeleteConfigMap(namespace string, name string) error
- func (kubeutil *Kube) DeleteDeployment(namespace, name string) error
- func (kubeutil *Kube) DeleteRadixBatch(namespace, name string) error
- func (kubeutil *Kube) DeleteRole(namespace, name string) error
- func (kubeutil *Kube) DeleteRoleBinding(namespace, name string) error
- func (kubeutil *Kube) DeleteSecret(namespace, secretName string) error
- func (kubeutil *Kube) DeleteServiceAccount(namespace, name string) error
- func (kubeutil *Kube) GetActiveDeployment(namespace string) (*v1.RadixDeployment, error)
- func (kubeutil *Kube) GetClusterActiveEgressIps() (string, error)
- func (kubeutil *Kube) GetClusterName() (string, error)
- func (kubeutil *Kube) GetClusterRole(name string) (*rbacv1.ClusterRole, error)
- func (kubeutil *Kube) GetConfigMap(namespace, name string) (*corev1.ConfigMap, error)
- func (kubeutil *Kube) GetDeployment(namespace, name string) (*appsv1.Deployment, error)
- func (kubeutil *Kube) GetEnvVarsConfigMapAndMetadataMap(namespace string, componentName string) (*corev1.ConfigMap, *corev1.ConfigMap, map[string]EnvVarMetadata, error)
- func (kubeutil *Kube) GetEnvVarsMetadataConfigMapAndMap(namespace string, componentName string) (*corev1.ConfigMap, map[string]EnvVarMetadata, error)
- func (kubeutil *Kube) GetEnvironment(name string) (*v1.RadixEnvironment, error)
- func (kubeutil *Kube) GetOrCreateEnvVarsConfigMapAndMetadataMap(namespace, appName, componentName string) (*corev1.ConfigMap, *corev1.ConfigMap, error)
- func (kubeutil *Kube) GetRadixAlert(namespace, name string) (*v1.RadixAlert, error)
- func (kubeutil *Kube) GetRadixBatch(namespace, name string) (*v1.RadixBatch, error)
- func (kubeutil *Kube) GetRadixDeployment(namespace, name string) (*v1.RadixDeployment, error)
- func (kubeutil *Kube) GetRegistration(name string) (*v1.RadixRegistration, error)
- func (kubeutil *Kube) GetRole(namespace, name string) (*rbacv1.Role, error)
- func (kubeutil *Kube) GetRoleBinding(namespace, name string) (*rbacv1.RoleBinding, error)
- func (kubeutil *Kube) GetSecret(namespace, name string) (*corev1.Secret, error)
- func (kubeutil *Kube) GetSecretProviderClass(namespace string, className string) (*secretsstorev1.SecretProviderClass, error)
- func (kubeutil *Kube) GetServiceAccount(namespace, name string) (*corev1.ServiceAccount, error)
- func (kubeutil *Kube) GetSubscriptionId() (string, error)
- func (kubeutil *Kube) KubeClient() kubernetes.Interface
- func (kubeutil *Kube) ListClusterRoleBindings(namespace string) ([]*rbacv1.ClusterRoleBinding, error)
- func (kubeutil *Kube) ListClusterRoles(namespace string) ([]*rbacv1.ClusterRole, error)
- func (kubeutil *Kube) ListConfigMaps(namespace string) ([]*corev1.ConfigMap, error)
- func (kubeutil *Kube) ListConfigMapsWithSelector(namespace string, labelSelectorString string) ([]*corev1.ConfigMap, error)
- func (kubeutil *Kube) ListDeployments(namespace string) ([]*appsv1.Deployment, error)
- func (kubeutil *Kube) ListDeploymentsWithSelector(namespace, labelSelectorString string) ([]*appsv1.Deployment, error)
- func (kubeutil *Kube) ListEnvVarsConfigMaps(namespace string) ([]*corev1.ConfigMap, error)
- func (kubeutil *Kube) ListEnvVarsMetadataConfigMaps(namespace string) ([]*corev1.ConfigMap, error)
- func (kubeutil *Kube) ListEnvironments() ([]*v1.RadixEnvironment, error)
- func (kubeutil *Kube) ListIngresses(namespace string) ([]*networkingv1.Ingress, error)
- func (kubeutil *Kube) ListIngressesWithSelector(namespace string, labelSelectorString string) ([]*networkingv1.Ingress, error)
- func (kubeutil *Kube) ListJobs(namespace string) ([]*batchv1.Job, error)
- func (kubeutil *Kube) ListJobsWithSelector(namespace, labelSelectorString string) ([]*batchv1.Job, error)
- func (kubeutil *Kube) ListPodDisruptionBudgets(namespace string) ([]*v1.PodDisruptionBudget, error)
- func (kubeutil *Kube) ListRadixAlert(namespace string) ([]*v1.RadixAlert, error)
- func (kubeutil *Kube) ListRadixBatches(namespace string) ([]*v1.RadixBatch, error)
- func (kubeutil *Kube) ListRadixDeployments(namespace string) ([]*v1.RadixDeployment, error)
- func (kubeutil *Kube) ListRegistrations() ([]*v1.RadixRegistration, error)
- func (kubeutil *Kube) ListRoleBindings(namespace string) ([]*rbacv1.RoleBinding, error)
- func (kubeutil *Kube) ListRoleBindingsWithSelector(namespace string, labelSelectorString string) ([]*rbacv1.RoleBinding, error)
- func (kubeutil *Kube) ListRoles(namespace string) ([]*rbacv1.Role, error)
- func (kubeutil *Kube) ListRolesWithSelector(namespace string, labelSelectorString string) ([]*rbacv1.Role, error)
- func (kubeutil *Kube) ListSecretExistsForLabels(namespace string, labelSelector string) ([]corev1.Secret, error)
- func (kubeutil *Kube) ListSecrets(namespace string) ([]*corev1.Secret, error)
- func (kubeutil *Kube) ListSecretsWithSelector(namespace string, labelSelectorString string) ([]*corev1.Secret, error)
- func (kubeutil *Kube) ListServiceAccounts(namespace string) ([]*corev1.ServiceAccount, error)
- func (kubeutil *Kube) ListServiceAccountsWithSelector(namespace string, labelSelectorString string) ([]*corev1.ServiceAccount, error)
- func (kubeutil *Kube) ListServices(namespace string) ([]*corev1.Service, error)
- func (kubeutil *Kube) ListServicesWithSelector(namespace, labelSelectorString string) ([]*corev1.Service, error)
- func (kubeutil *Kube) ListUserDefinedNetworkPolicies(appName string, env string) (*v1.NetworkPolicyList, error)
- func (kubeutil *Kube) RadixClient() radixclient.Interface
- func (kubeutil *Kube) SecretExists(namespace, secretName string) bool
- func (kubeutil *Kube) UpdateConfigMap(namespace string, configMaps ...*corev1.ConfigMap) error
- func (kubeutil *Kube) UpdatePodDisruptionBudget(namespace string, pdb *v1.PodDisruptionBudget) error
- type NamespaceWatcher
- type NamespaceWatcherImpl
- type PodSecurityLevel
- type PodSecurityStandard
- type RadixBatchType
- type RadixConfigMapType
- type RadixSecretType
- type RuleBuilder
- type SecretProviderClassParameterObject
Constants ¶
const ( RadixBranchAnnotation = "radix-branch" RadixGitTagsAnnotation = "radix.equinor.com/radix-git-tags" RadixCommitAnnotation = "radix.equinor.com/radix-commit" RadixConfigHash = "radix.equinor.com/radix-config-hash" RadixBuildSecretHash = "radix.equinor.com/build-secret-hash" RadixComponentImagesAnnotation = "radix-component-images" RadixDeploymentNameAnnotation = "radix-deployment-name" RadixDeploymentPromotedFromDeploymentAnnotation = "radix.equinor.com/radix-deployment-promoted-from-deployment" RadixDeploymentPromotedFromEnvironmentAnnotation = "radix.equinor.com/radix-deployment-promoted-from-environment" // See https://github.com/equinor/radix-velero-plugin/blob/master/velero-plugins/deployment/restore.go RestoredStatusAnnotation = "equinor.com/velero-restored-status" )
Radix Annotations
const ( K8sAppLabel = "k8s-app" RadixAppLabel = "radix-app" RadixEnvLabel = "radix-env" RadixComponentLabel = "radix-component" RadixDeploymentLabel = "radix-deployment" RadixComponentTypeLabel = "radix-component-type" RadixJobNameLabel = "radix-job-name" RadixAuxiliaryComponentLabel = "radix-aux-component" RadixAuxiliaryComponentTypeLabel = "radix-aux-component-type" RadixBuildLabel = "radix-build" RadixCommitLabel = "radix-commit" RadixImageTagLabel = "radix-image-tag" RadixJobTypeLabel = "radix-job-type" RadixJobTypeJob = "job" // Outer job RadixJobTypeBuild = "build" RadixJobTypeCloneConfig = "clone-config" RadixJobTypePreparePipelines = "prepare-pipelines" RadixJobTypeRunPipelines = "run-pipelines" RadixJobTypeJobSchedule = "job-scheduler" RadixJobTypeBatchSchedule = "batch-scheduler" RadixAppAliasLabel = "radix-app-alias" RadixExternalAliasLabel = "radix-app-external-alias" RadixActiveClusterAliasLabel = "radix-app-active-cluster-alias" RadixMountTypeLabel = "mount-type" RadixVolumeMountNameLabel = "radix-volume-mount-name" RadixGpuLabel = "radix-node-gpu" RadixGpuCountLabel = "radix-node-gpu-count" RadixJobNodeLabel = "nodepooltasks" RadixNamespace = "radix-namespace" RadixConfigMapTypeLabel = "radix-config-map-type" RadixSecretTypeLabel = "radix-secret-type" RadixSecretRefTypeLabel = "radix-secret-ref-type" RadixSecretRefNameLabel = "radix-secret-ref-name" RadixUserDefinedNetworkPolicyLabel = "is-user-defined" RadixPodIsJobSchedulerLabel = "is-job-scheduler-pod" RadixPodIsJobAuxObjectLabel = "is-job-aux-object" IsServiceAccountForComponent = "is-service-account-for-component" RadixBatchNameLabel = "radix-batch-name" RadixBatchJobNameLabel = "radix-batch-job-name" RadixBatchTypeLabel = "radix-batch-type" RadixAccessValidationLabel = "radix-access-validation" RadixPipelineTypeLabels = "radix-pipeline" // NodeTaintGpuCountKey defines the taint key on GPU nodes. // Pods required to run on nodes with this taint must add a toleration with effect NoSchedule NodeTaintGpuCountKey = "radix-node-gpu-count" NodeTaintJobsKey = "nodepooltasks" // RadixBranchDeprecated Only for backward compatibility RadixBranchDeprecated = "radix-branch" )
Radix Labels
Variables ¶
This section is empty.
Functions ¶
func BuildAzureKeyVaultSecretProviderClass ¶ added in v1.22.1
func BuildAzureKeyVaultSecretProviderClass(tenantId string, appName string, radixDeploymentName string, radixDeployComponentName string, azureKeyVault radixv1.RadixAzureKeyVault, identity *radixv1.Identity) (*secretsstorev1.SecretProviderClass, error)
BuildAzureKeyVaultSecretProviderClass Build a SecretProviderClass for Azure Key vault secret-ref
func BuildRadixConfigEnvVarsConfigMap ¶ added in v1.15.0
BuildRadixConfigEnvVarsConfigMap Build environment-variables config-map
func BuildRadixConfigEnvVarsMetadataConfigMap ¶ added in v1.15.0
BuildRadixConfigEnvVarsMetadataConfigMap Build environment-variables metadata config-map
func CreateAppRole ¶ added in v1.20.3
func CreateManageSecretRole ¶ added in v1.3.0
func CreateManageSecretRole(appName, roleName string, secretNames []string, customLabels map[string]string) *rbacv1.Role
CreateManageSecretRole creates a role that can manage a secret with predefined set of verbs
func CreateReadSecretRole ¶ added in v1.39.3
func CreateReadSecretRole(appName, roleName string, secretNames []string, customLabels map[string]string) *rbacv1.Role
CreateReadSecretRole creates a role that can read a secret with predefined set of verbs
func GetAzureKeyVaultSecretRefSecretName ¶ added in v1.17.2
func GetAzureKeyVaultSecretRefSecretName(componentName, radixDeploymentName, azKeyVaultName string, secretType corev1.SecretType) string
GetAzureKeyVaultSecretRefSecretName Gets a secret name for Azure KeyVault RadixSecretRefs
func GetComponentSecretProviderClassName ¶ added in v1.17.2
func GetComponentSecretProviderClassName(radixDeploymentName, radixDeployComponentName string, radixSecretRefType radixv1.RadixSecretRefType, secretRefName string) string
GetComponentSecretProviderClassName Gets unique name of the component secret storage class
func GetEnvVarsConfigMapName ¶ added in v1.15.0
GetEnvVarsConfigMapName Get config-map name for environment variables
func GetEnvVarsMetadataConfigMapName ¶ added in v1.15.0
GetEnvVarsMetadataConfigMapName Get config-map name for environment variables metadata
func GetEnvVarsMetadataFromConfigMap ¶ added in v1.15.0
func GetEnvVarsMetadataFromConfigMap(envVarsMetadataConfigMap *corev1.ConfigMap) (map[string]EnvVarMetadata, error)
GetEnvVarsMetadataFromConfigMap Get environment-variables metadata from config-map
func GetRoleBindingGroups ¶
GetRoleBindingGroups Get subjects for list of ad groups
func GetRolebindingToClusterRole ¶ added in v1.3.0
func GetRolebindingToClusterRole(appName, roleName string, groups []string) *rbacv1.RoleBinding
GetRolebindingToClusterRole Get role binding object
func GetRolebindingToClusterRoleForServiceAccountWithLabels ¶ added in v1.3.0
func GetRolebindingToClusterRoleForServiceAccountWithLabels(roleName, serviceAccountName, serviceAccountNamespace string, labels map[string]string) *rbacv1.RoleBinding
GetRolebindingToClusterRoleForServiceAccountWithLabels Get role binding object
func GetRolebindingToClusterRoleForSubjects ¶ added in v1.5.0
func GetRolebindingToClusterRoleForSubjects(appName, roleName string, subjects []rbacv1.Subject) *rbacv1.RoleBinding
GetRolebindingToClusterRoleForSubjects Get role binding object for list of subjects
func GetRolebindingToClusterRoleForSubjectsWithLabels ¶ added in v1.5.0
func GetRolebindingToClusterRoleForSubjectsWithLabels(roleName string, subjects []rbacv1.Subject, labels map[string]string) *rbacv1.RoleBinding
GetRolebindingToClusterRoleForSubjectsWithLabels Get role binding object for list of subjects with labels set
func GetRolebindingToClusterRoleWithLabels ¶ added in v1.3.0
func GetRolebindingToClusterRoleWithLabels(roleName string, groups []string, labels map[string]string) *rbacv1.RoleBinding
GetRolebindingToClusterRoleWithLabels Get role binding object
func GetRolebindingToRole ¶ added in v1.3.0
func GetRolebindingToRole(appName, roleName string, groups []string) *rbacv1.RoleBinding
GetRolebindingToRole Get role binding object
func GetRolebindingToRoleForServiceAccountWithLabels ¶ added in v1.3.0
func GetRolebindingToRoleForServiceAccountWithLabels(roleName, serviceAccountName, serviceAccountNamespace string, labels map[string]string) *rbacv1.RoleBinding
GetRolebindingToRoleForServiceAccountWithLabels Get role binding object
func GetRolebindingToRoleForSubjectsWithLabels ¶ added in v1.5.0
func GetRolebindingToRoleForSubjectsWithLabels(appName, roleName string, subjects []rbacv1.Subject, labels map[string]string) *rbacv1.RoleBinding
GetRolebindingToRoleForSubjectsWithLabels Get role binding object for list of subjects with labels set
func GetRolebindingToRoleWithLabels ¶ added in v1.3.0
func GetRolebindingToRoleWithLabels(roleName string, groups []string, labels map[string]string) *rbacv1.RoleBinding
GetRolebindingToRoleWithLabels Get role binding object
func GetRolebindingToRoleWithLabelsForSubjects ¶ added in v1.5.0
func GetRolebindingToRoleWithLabelsForSubjects(roleName string, subjects []rbacv1.Subject, labels map[string]string) *rbacv1.RoleBinding
GetRolebindingToRoleWithLabelsForSubjects Get rolebinding object with subjects as input
func GetSecretRefAzureKeyVaultItemDataKey ¶ added in v1.22.1
func GetSecretRefAzureKeyVaultItemDataKey(keyVaultItem *radixv1.RadixAzureKeyVaultItem) string
GetSecretRefAzureKeyVaultItemDataKey Get item data key for the Azure Key vault secret-ref
func GetSecretTypeForRadixAzureKeyVault ¶ added in v1.17.2
func GetSecretTypeForRadixAzureKeyVault(k8sSecretType *radixv1.RadixAzureKeyVaultK8sSecretType) corev1.SecretType
GetSecretTypeForRadixAzureKeyVault Gets corev1.SecretType by RadixAzureKeyVaultK8sSecretType
func IsEmptyPatch ¶ added in v1.13.0
func MergePodDisruptionBudgets ¶ added in v1.21.9
func MergePodDisruptionBudgets(existingPdb *v1.PodDisruptionBudget, generatedPdb *v1.PodDisruptionBudget) ([]byte, error)
MergePodDisruptionBudgets returns patch bytes between two PDBs
func SetEnvVarsMetadataMapToConfigMap ¶ added in v1.15.0
func SetEnvVarsMetadataMapToConfigMap(configMap *corev1.ConfigMap, envVarsMetadataMap map[string]EnvVarMetadata) error
SetEnvVarsMetadataMapToConfigMap Set environment-variables metadata to config-map
Types ¶
type EnvVarMetadata ¶ added in v1.15.0
type EnvVarMetadata struct {
RadixConfigValue string
}
EnvVarMetadata Metadata for environment variables
type Kube ¶
type Kube struct { RrLister v1Lister.RadixRegistrationLister ReLister v1Lister.RadixEnvironmentLister RdLister v1Lister.RadixDeploymentLister RbLister v1Lister.RadixBatchLister RadixAlertLister v1Lister.RadixAlertLister NamespaceLister coreListers.NamespaceLister SecretLister coreListers.SecretLister DeploymentLister appsv1Listers.DeploymentLister IngressLister networkingListers.IngressLister ServiceLister coreListers.ServiceLister RoleBindingLister rbacListers.RoleBindingLister ClusterRoleBindingLister rbacListers.ClusterRoleBindingLister RoleLister rbacListers.RoleLister ClusterRoleLister rbacListers.ClusterRoleLister ServiceAccountLister coreListers.ServiceAccountLister LimitRangeLister coreListers.LimitRangeLister JobLister batchListers.JobLister // contains filtered or unexported fields }
Kube Struct for accessing lower level kubernetes functions
func New ¶
func New(client kubernetes.Interface, radixClient radixclient.Interface, secretProviderClient secretProviderClient.Interface) (*Kube, error)
New Constructor
func NewWithListers ¶
func NewWithListers(client kubernetes.Interface, radixclient radixclient.Interface, secretProviderClient secretProviderClient.Interface, kubeInformerFactory kubeinformers.SharedInformerFactory, radixInformerFactory informers.SharedInformerFactory) (*Kube, error)
NewWithListers Constructor
func (*Kube) ApplyClusterRole ¶
func (kubeutil *Kube) ApplyClusterRole(clusterrole *rbacv1.ClusterRole) error
ApplyClusterRole Creates or updates cluster-role
func (*Kube) ApplyClusterRoleBinding ¶
func (kubeutil *Kube) ApplyClusterRoleBinding(clusterrolebinding *rbacv1.ClusterRoleBinding) error
ApplyClusterRoleBinding Creates or updates cluster-role-binding
func (*Kube) ApplyClusterRoleBindingToServiceAccount ¶ added in v1.42.4
func (kubeutil *Kube) ApplyClusterRoleBindingToServiceAccount(roleName string, serviceAccount *corev1.ServiceAccount, ownerReference []metav1.OwnerReference) error
ApplyClusterRoleBindingToServiceAccount Creates cluster-role-binding as a link between cluster role and service account
func (*Kube) ApplyConfigMap ¶ added in v1.15.0
func (kubeutil *Kube) ApplyConfigMap(namespace string, currentConfigMap, desiredConfigMap *corev1.ConfigMap) error
ApplyConfigMap Patch changes of environment-variables to config-map if any
func (*Kube) ApplyDeployment ¶
func (kubeutil *Kube) ApplyDeployment(namespace string, currentDeployment *appsv1.Deployment, desiredDeployment *appsv1.Deployment) error
ApplyDeployment Create or update deployment in provided namespace
func (*Kube) ApplyEnvVarsMetadataConfigMap ¶ added in v1.15.0
func (kubeutil *Kube) ApplyEnvVarsMetadataConfigMap(namespace string, envVarsMetadataConfigMap *corev1.ConfigMap, envVarsMetadataMap map[string]EnvVarMetadata) error
ApplyEnvVarsMetadataConfigMap Save changes of environment-variables metadata to config-map
func (*Kube) ApplyIngress ¶
func (kubeutil *Kube) ApplyIngress(namespace string, ingress *networkingv1.Ingress) error
ApplyIngress Will create or update ingress in provided namespace
func (*Kube) ApplyLimitRange ¶
func (kubeutil *Kube) ApplyLimitRange(namespace string, limitRange *corev1.LimitRange) error
ApplyLimitRange Applies limit range to namespace
func (*Kube) ApplyNamespace ¶
func (kubeutil *Kube) ApplyNamespace(name string, labels map[string]string, ownerRefs []metav1.OwnerReference) error
ApplyNamespace Creates a new namespace, if not exists already
func (*Kube) ApplyNetworkPolicy ¶ added in v1.20.0
func (kubeutil *Kube) ApplyNetworkPolicy(networkPolicy *v1.NetworkPolicy, ns string) error
ApplyNetworkPolicy Applies a k8s network policy to specified namespace
func (*Kube) ApplyRoleBinding ¶
func (kubeutil *Kube) ApplyRoleBinding(namespace string, role *rbacv1.RoleBinding) error
ApplyRoleBinding Creates or updates role
func (*Kube) ApplyRoleBindingToServiceAccount ¶ added in v1.42.4
func (kubeutil *Kube) ApplyRoleBindingToServiceAccount(roleKind, roleName, namespace string, serviceAccount *corev1.ServiceAccount, ownerReference []metav1.OwnerReference) error
ApplyRoleBindingToServiceAccount Creates role-binding as a link between role and service account
func (*Kube) ApplySecret ¶
func (kubeutil *Kube) ApplySecret(namespace string, secret *corev1.Secret) (savedSecret *corev1.Secret, err error)
ApplySecret Creates or updates secret to namespace
func (*Kube) ApplyService ¶ added in v1.4.1
ApplyService Will create or update service in provided namespace
func (*Kube) ApplyServiceAccount ¶
func (kubeutil *Kube) ApplyServiceAccount(serviceAccount *corev1.ServiceAccount) (*corev1.ServiceAccount, error)
ApplyServiceAccount Creates or updates service account
func (*Kube) BuildLimitRange ¶
func (kubeutil *Kube) BuildLimitRange(namespace, name, appName string, defaultResourceMemory, defaultRequestCPU, defaultRequestMemory *resource.Quantity) *corev1.LimitRange
BuildLimitRange Builds a limit range spec
func (*Kube) CreateConfigMap ¶ added in v1.15.0
func (kubeutil *Kube) CreateConfigMap(namespace string, configMap *corev1.ConfigMap) (*corev1.ConfigMap, error)
CreateConfigMap Create config map
func (*Kube) CreateDeployment ¶ added in v1.38.0
func (kubeutil *Kube) CreateDeployment(namespace string, deployment *appsv1.Deployment) (*appsv1.Deployment, error)
CreateDeployment Created deployment
func (*Kube) CreateSecretProviderClass ¶ added in v1.17.2
func (kubeutil *Kube) CreateSecretProviderClass(namespace string, secretProviderClass *secretsstorev1.SecretProviderClass) (savedSecret *secretsstorev1.SecretProviderClass, err error)
CreateSecretProviderClass Creates secret provider class to namespace
func (*Kube) CreateServiceAccount ¶ added in v1.30.0
func (kubeutil *Kube) CreateServiceAccount(namespace, name string) (*corev1.ServiceAccount, error)
CreateServiceAccount create a service account
func (*Kube) DeleteClusterRoleBinding ¶ added in v1.5.0
DeleteClusterRoleBinding Deletes a clusterrolebinding
func (*Kube) DeleteConfigMap ¶ added in v1.21.11
DeleteConfigMap Deletes config-maps
func (*Kube) DeleteDeployment ¶ added in v1.38.0
DeleteDeployment Delete deployment
func (*Kube) DeleteRadixBatch ¶ added in v1.43.2
DeleteRadixBatch Deletes a batch
func (*Kube) DeleteRole ¶ added in v1.5.0
DeleteRole Deletes a role in a namespace
func (*Kube) DeleteRoleBinding ¶ added in v1.5.0
DeleteRoleBinding Deletes a rolebinding in a namespace
func (*Kube) DeleteSecret ¶ added in v1.5.2
DeleteSecret Deletes a secret in a namespace
func (*Kube) DeleteServiceAccount ¶ added in v1.5.0
DeleteServiceAccount Deletes service account
func (*Kube) GetActiveDeployment ¶ added in v1.15.0
func (kubeutil *Kube) GetActiveDeployment(namespace string) (*v1.RadixDeployment, error)
GetActiveDeployment Get active RadixDeployment for the namespace
func (*Kube) GetClusterActiveEgressIps ¶ added in v1.16.9
GetClusterActiveEgressIps Gets cluster active ips from config map in default namespace
func (*Kube) GetClusterName ¶
GetClusterName Gets the global name of the cluster from config map in default namespace
func (*Kube) GetClusterRole ¶ added in v1.4.2
func (kubeutil *Kube) GetClusterRole(name string) (*rbacv1.ClusterRole, error)
GetClusterRole Gets cluster role
func (*Kube) GetConfigMap ¶
GetConfigMap Gets config map by name
func (*Kube) GetDeployment ¶ added in v1.5.17
func (kubeutil *Kube) GetDeployment(namespace, name string) (*appsv1.Deployment, error)
func (*Kube) GetEnvVarsConfigMapAndMetadataMap ¶ added in v1.15.0
func (kubeutil *Kube) GetEnvVarsConfigMapAndMetadataMap(namespace string, componentName string) (*corev1.ConfigMap, *corev1.ConfigMap, map[string]EnvVarMetadata, error)
GetEnvVarsConfigMapAndMetadataMap Get environment-variables config-map, environment-variables metadata config-map and metadata map from it
func (*Kube) GetEnvVarsMetadataConfigMapAndMap ¶ added in v1.15.0
func (kubeutil *Kube) GetEnvVarsMetadataConfigMapAndMap(namespace string, componentName string) (*corev1.ConfigMap, map[string]EnvVarMetadata, error)
GetEnvVarsMetadataConfigMapAndMap Get environment-variables metadata config-map and map from it
func (*Kube) GetEnvironment ¶ added in v1.5.5
func (kubeutil *Kube) GetEnvironment(name string) (*v1.RadixEnvironment, error)
GetEnvironment Gets environment using lister from cache if present
func (*Kube) GetOrCreateEnvVarsConfigMapAndMetadataMap ¶ added in v1.15.0
func (kubeutil *Kube) GetOrCreateEnvVarsConfigMapAndMetadataMap(namespace, appName, componentName string) (*corev1.ConfigMap, *corev1.ConfigMap, error)
GetOrCreateEnvVarsConfigMapAndMetadataMap Get environment variables and its metadata config-maps
func (*Kube) GetRadixAlert ¶ added in v1.16.0
func (kubeutil *Kube) GetRadixAlert(namespace, name string) (*v1.RadixAlert, error)
GetRadixDeployment Gets radix alert using lister if present
func (*Kube) GetRadixBatch ¶ added in v1.43.2
func (kubeutil *Kube) GetRadixBatch(namespace, name string) (*v1.RadixBatch, error)
GetRadixBatch Gets batches using lister if present
func (*Kube) GetRadixDeployment ¶
func (kubeutil *Kube) GetRadixDeployment(namespace, name string) (*v1.RadixDeployment, error)
GetRadixDeployment Gets deployment using lister if present
func (*Kube) GetRegistration ¶
func (kubeutil *Kube) GetRegistration(name string) (*v1.RadixRegistration, error)
GetRegistration Gets registration using lister if present
func (*Kube) GetRoleBinding ¶ added in v1.5.2
func (kubeutil *Kube) GetRoleBinding(namespace, name string) (*rbacv1.RoleBinding, error)
GetRoleBinding Gets rolebinding
func (*Kube) GetSecretProviderClass ¶ added in v1.17.2
func (kubeutil *Kube) GetSecretProviderClass(namespace string, className string) (*secretsstorev1.SecretProviderClass, error)
GetSecretProviderClass Gets secret provider class
func (*Kube) GetServiceAccount ¶ added in v1.31.0
func (kubeutil *Kube) GetServiceAccount(namespace, name string) (*corev1.ServiceAccount, error)
func (*Kube) GetSubscriptionId ¶ added in v1.16.7
GetSubscriptionId Gets the subscription-id from config map in default namespace
func (*Kube) KubeClient ¶ added in v1.18.0
func (kubeutil *Kube) KubeClient() kubernetes.Interface
KubeClient Kubernetes client
func (*Kube) ListClusterRoleBindings ¶ added in v1.4.2
func (kubeutil *Kube) ListClusterRoleBindings(namespace string) ([]*rbacv1.ClusterRoleBinding, error)
ListClusterRoleBindings List cluster roles
func (*Kube) ListClusterRoles ¶ added in v1.4.2
func (kubeutil *Kube) ListClusterRoles(namespace string) ([]*rbacv1.ClusterRole, error)
ListClusterRoles List cluster roles
func (*Kube) ListConfigMaps ¶ added in v1.23.4
ListConfigMaps Lists config maps in namespace
func (*Kube) ListConfigMapsWithSelector ¶ added in v1.31.8
func (kubeutil *Kube) ListConfigMapsWithSelector(namespace string, labelSelectorString string) ([]*corev1.ConfigMap, error)
ListConfigMapsWithSelector Get a list of ConfigMaps by Label requirements
func (*Kube) ListDeployments ¶ added in v1.4.2
func (kubeutil *Kube) ListDeployments(namespace string) ([]*appsv1.Deployment, error)
ListDeployments List deployments
func (*Kube) ListDeploymentsWithSelector ¶ added in v1.18.0
func (kubeutil *Kube) ListDeploymentsWithSelector(namespace, labelSelectorString string) ([]*appsv1.Deployment, error)
ListDeploymentsWithSelector List deployments with selector
func (*Kube) ListEnvVarsConfigMaps ¶ added in v1.23.4
ListEnvVarsConfigMaps Lists config maps which contain env vars
func (*Kube) ListEnvVarsMetadataConfigMaps ¶ added in v1.23.4
ListEnvVarsMetadataConfigMaps Lists config maps which contain metadata of env vars
func (*Kube) ListEnvironments ¶ added in v1.5.5
func (kubeutil *Kube) ListEnvironments() ([]*v1.RadixEnvironment, error)
ListEnvironments lists environments from cache if lister is present
func (*Kube) ListIngresses ¶ added in v1.4.0
func (kubeutil *Kube) ListIngresses(namespace string) ([]*networkingv1.Ingress, error)
ListIngresses lists ingresses
func (*Kube) ListIngressesWithSelector ¶ added in v1.4.0
func (kubeutil *Kube) ListIngressesWithSelector(namespace string, labelSelectorString string) ([]*networkingv1.Ingress, error)
ListIngressesWithSelector lists ingresses
func (*Kube) ListJobsWithSelector ¶ added in v1.32.0
func (kubeutil *Kube) ListJobsWithSelector(namespace, labelSelectorString string) ([]*batchv1.Job, error)
ListJobsWithSelector List jobs with selector
func (*Kube) ListPodDisruptionBudgets ¶ added in v1.21.9
func (kubeutil *Kube) ListPodDisruptionBudgets(namespace string) ([]*v1.PodDisruptionBudget, error)
ListPodDisruptionBudgets lists PodDisruptionBudgets
func (*Kube) ListRadixAlert ¶ added in v1.16.0
func (kubeutil *Kube) ListRadixAlert(namespace string) ([]*v1.RadixAlert, error)
ListRadixAlert Gets radix alerts using lister if present
func (*Kube) ListRadixBatches ¶ added in v1.43.2
func (kubeutil *Kube) ListRadixBatches(namespace string) ([]*v1.RadixBatch, error)
ListRadixBatches Gets batches using lister if present
func (*Kube) ListRadixDeployments ¶
func (kubeutil *Kube) ListRadixDeployments(namespace string) ([]*v1.RadixDeployment, error)
ListRadixDeployments Gets deployments using lister if present
func (*Kube) ListRegistrations ¶
func (kubeutil *Kube) ListRegistrations() ([]*v1.RadixRegistration, error)
ListRegistrations lists registrations
func (*Kube) ListRoleBindings ¶ added in v1.4.1
func (kubeutil *Kube) ListRoleBindings(namespace string) ([]*rbacv1.RoleBinding, error)
ListRoleBindings Lists role bindings from cache or from cluster
func (*Kube) ListRoleBindingsWithSelector ¶ added in v1.4.1
func (kubeutil *Kube) ListRoleBindingsWithSelector(namespace string, labelSelectorString string) ([]*rbacv1.RoleBinding, error)
ListRoleBindingsWithSelector Lists role bindings from cache or from cluster using a selector
func (*Kube) ListRolesWithSelector ¶ added in v1.4.2
func (kubeutil *Kube) ListRolesWithSelector(namespace string, labelSelectorString string) ([]*rbacv1.Role, error)
ListRolesWithSelector List roles
func (*Kube) ListSecretExistsForLabels ¶ added in v1.17.2
func (kubeutil *Kube) ListSecretExistsForLabels(namespace string, labelSelector string) ([]corev1.Secret, error)
ListSecretExistsForLabels Gets list of secrets for specific labels
func (*Kube) ListSecrets ¶ added in v1.4.3
ListSecrets secrets in namespace
func (*Kube) ListSecretsWithSelector ¶ added in v1.4.3
func (kubeutil *Kube) ListSecretsWithSelector(namespace string, labelSelectorString string) ([]*corev1.Secret, error)
ListSecretsWithSelector secrets in namespace
func (*Kube) ListServiceAccounts ¶ added in v1.31.0
func (kubeutil *Kube) ListServiceAccounts(namespace string) ([]*corev1.ServiceAccount, error)
List service accounts in namespace
func (*Kube) ListServiceAccountsWithSelector ¶ added in v1.31.0
func (kubeutil *Kube) ListServiceAccountsWithSelector(namespace string, labelSelectorString string) ([]*corev1.ServiceAccount, error)
List service accounts with selector in namespace
func (*Kube) ListServices ¶ added in v1.4.1
ListServices Lists services from cache or from cluster
func (*Kube) ListServicesWithSelector ¶ added in v1.18.0
func (kubeutil *Kube) ListServicesWithSelector(namespace, labelSelectorString string) ([]*corev1.Service, error)
ListServices Lists services from cache or from cluster
func (*Kube) ListUserDefinedNetworkPolicies ¶ added in v1.19.0
func (kubeutil *Kube) ListUserDefinedNetworkPolicies(appName string, env string) (*v1.NetworkPolicyList, error)
ListUserDefinedNetworkPolicies Returns list of user defined network policies
func (*Kube) RadixClient ¶ added in v1.19.7
func (kubeutil *Kube) RadixClient() radixclient.Interface
RadixClient Radix Kubernetes CRD client
func (*Kube) SecretExists ¶
SecretExists Checks if secret already exists
func (*Kube) UpdateConfigMap ¶ added in v1.15.0
UpdateConfigMap Update config-maps
func (*Kube) UpdatePodDisruptionBudget ¶ added in v1.21.9
func (kubeutil *Kube) UpdatePodDisruptionBudget(namespace string, pdb *v1.PodDisruptionBudget) error
UpdatePodDisruptionBudget will update PodDisruptionBudgets in provided namespace
type NamespaceWatcher ¶
NamespaceWatcher Watcher to wait for namespace to be created
type NamespaceWatcherImpl ¶
type NamespaceWatcherImpl struct {
// contains filtered or unexported fields
}
NamespaceWatcherImpl Implementation of watcher
func NewNamespaceWatcherImpl ¶
func NewNamespaceWatcherImpl(client kubernetes.Interface) NamespaceWatcherImpl
NewNamespaceWatcherImpl Constructor
func (NamespaceWatcherImpl) WaitFor ¶
func (watcher NamespaceWatcherImpl) WaitFor(namespace string) error
WaitFor Waits for namespace to appear
type PodSecurityLevel ¶ added in v1.24.0
type PodSecurityLevel string
const ( PrivilegedLevel PodSecurityLevel = "privileged" BaselineLevel PodSecurityLevel = "baseline" RestrictedLevel PodSecurityLevel = "restricted" )
type PodSecurityStandard ¶ added in v1.24.0
type PodSecurityStandard struct {
// contains filtered or unexported fields
}
PodSecurityStandard defines methods to build pod security standard labels. See https://kubernetes.io/docs/concepts/security/pod-security-standards/
func NewAppNamespacePodSecurityStandardFromEnv ¶ added in v1.41.6
func NewAppNamespacePodSecurityStandardFromEnv() *PodSecurityStandard
NewAppNamespacePodSecurityStandardFromEnv builds pod security standard for app namespaces from environment variables
func NewEnvNamespacePodSecurityStandardFromEnv ¶ added in v1.41.6
func NewEnvNamespacePodSecurityStandardFromEnv() *PodSecurityStandard
NewEnvNamespacePodSecurityStandardFromEnv builds pod security standard for env namespaces from environment variables
func (*PodSecurityStandard) Audit ¶ added in v1.24.0
func (pss *PodSecurityStandard) Audit(level PodSecurityLevel, version string)
Audit pod policy violations. Policy violations will trigger the addition of an audit annotation to the event recorded in the audit log, but are otherwise allowed.
func (*PodSecurityStandard) Enforce ¶ added in v1.24.0
func (pss *PodSecurityStandard) Enforce(level PodSecurityLevel, version string)
Enforce policy Policy violations will cause the pod to be rejected.
func (*PodSecurityStandard) Labels ¶ added in v1.24.0
func (pss *PodSecurityStandard) Labels() map[string]string
Labels returns labels that will enforce pod security standard when applied on a namespace
func (*PodSecurityStandard) Warn ¶ added in v1.24.0
func (pss *PodSecurityStandard) Warn(level PodSecurityLevel, version string)
Warn triggers a user-facing warning (e.g. kubectl) when a pod violates the policy
type RadixBatchType ¶ added in v1.32.1
type RadixBatchType string
RadixBatchType defines value for use with label RadixBatchTypeLabel
const ( RadixBatchTypeJob RadixBatchType = "job" RadixBatchTypeBatch RadixBatchType = "batch" )
type RadixConfigMapType ¶ added in v1.15.0
type RadixConfigMapType string
RadixConfigMapType Purpose of ConfigMap
const ( // EnvVarsConfigMap ConfigMap contains environment variables EnvVarsConfigMap RadixConfigMapType = "env-vars" // EnvVarsMetadataConfigMap ConfigMap contains environment variables metadata EnvVarsMetadataConfigMap RadixConfigMapType = "env-vars-metadata" // RadixPipelineResultConfigMap Label of a ConfigMap, which keeps a Radix pipeline result RadixPipelineResultConfigMap RadixConfigMapType = "radix-pipeline-result" // RadixPipelineConfigConfigMap Label of a ConfigMap, which keeps a Radix pipeline configuration RadixPipelineConfigConfigMap RadixConfigMapType = "radix-pipeline-config" // RadixPipelineGitInformationConfigMap Label of a ConfigMap, which keeps a Radix pipeline Git information RadixPipelineGitInformationConfigMap RadixConfigMapType = "radix-pipeline-git-information" )
type RadixSecretType ¶ added in v1.39.6
type RadixSecretType string
RadixSecretType defines value for use with label RadixSecretTypeLabel
const (
RadixSecretJobPayload RadixSecretType = "scheduler-job-payload"
)
type RuleBuilder ¶ added in v1.20.3
type RuleBuilder func() rbacv1.PolicyRule
func ManageSecretsRule ¶ added in v1.20.3
func ManageSecretsRule(secretNames []string) RuleBuilder
func ReadSecretsRule ¶ added in v1.39.3
func ReadSecretsRule(secretNames []string) RuleBuilder
func UpdateDeploymentsRule ¶ added in v1.20.3
func UpdateDeploymentsRule(deployments []string) RuleBuilder
type SecretProviderClassParameterObject ¶ added in v1.17.2
type SecretProviderClassParameterObject struct { // Name. Name of the Azure Key Vault object Name string `yaml:"objectName"` // Type. Type of the Azure KeyVault object: secret, key, cert Type string `yaml:"objectType"` // Alias. Optional. Specify the filename of the object when written to disk. Defaults to objectName if not provided. Alias string `yaml:"objectAlias,omitempty"` // Version. Optional. object versions, default to the latest if empty Version string `yaml:"objectVersion,omitempty"` // Format. Optional. The format of the Azure Key Vault object, supported types are pem and pfx. objectFormat: pfx is only supported with objectType: secret and PKCS12 or ECC certificates. Default format for certificates is pem. Format string `yaml:"objectFormat,omitempty"` // Encoding. Optional. Setting object encoding to base64 and object format to pfx will fetch and write the base64 decoded pfx binary Encoding string `yaml:"objectEncoding,omitempty"` }
SecretProviderClassParameterObject Object for SecretProviderClass parameters
Source Files ¶
- config_maps.go
- deployment.go
- environment_variables.go
- ingress.go
- job.go
- kube.go
- limitrange.go
- namespaces.go
- networkpolicy.go
- pdb.go
- podsecuritystandard.go
- radix_alert.go
- radix_batch.go
- radix_config.go
- radix_deployment.go
- radix_environment.go
- radix_registration.go
- rolebinding.go
- roles.go
- secret_provider.go
- secrets.go
- service.go
- service_account.go