kubernetes

package
v1.90.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 6, 2024 License: Apache-2.0, BSD-2-Clause, MIT, + 1 more Imports: 50 Imported by: 187

Documentation

Index

Constants

This section is empty.

Variables

View Source
var APIGroupControllerMap = map[string]map[string]versionutils.VersionRange{
	"internal/v1alpha1": {
		"storage-version-gc": {},
	},
	"apps/v1": {
		"daemonset":   {},
		"deployment":  {},
		"replicaset":  {},
		"statefulset": {},
	},
	"apps/v1beta1": {
		"disruption": {},
	},
	"authentication/v1": {
		"attachdetach":              {},
		"persistentvolume-expander": {},
	},
	"authorization/v1": {
		"csrapproving": {},
	},
	"autoscaling/v1": {
		"horizontalpodautoscaling": {},
	},
	"autoscaling/v2": {
		"horizontalpodautoscaling": {},
	},
	"batch/v1": {
		"cronjob":            {},
		"job":                {},
		"ttl-after-finished": {},
	},
	"certificates/v1": {
		"csrapproving": {},
		"csrcleaner":   {},
		"csrsigning":   {},
	},
	"certificates/v1beta1": {
		"csrsigning": {},
	},
	"coordination/v1": {
		"nodelifecycle":      {},
		"storage-version-gc": {},
	},
	"discovery/v1": {
		"endpointslice":          {},
		"endpointslicemirroring": {},
	},
	"extensions/v1beta1": {
		"disruption": {},
	},
	"policy/v1": {
		"disruption": {},
	},
	"rbac/v1": {
		"clusterrole-aggregation": {},
	},
	"resource/v1alpha2": {
		"resource-claim-controller": {AddedInVersion: "1.27"},
	},
	"v1": {
		"attachdetach":                         {},
		"bootstrapsigner":                      {},
		"cloud-node-lifecycle":                 {},
		"cronjob":                              {},
		"csrapproving":                         {},
		"csrsigning":                           {},
		"daemonset":                            {},
		"deployment":                           {},
		"disruption":                           {},
		"endpoint":                             {},
		"endpointslice":                        {},
		"endpointslicemirroring":               {},
		"ephemeral-volume":                     {},
		"garbagecollector":                     {},
		"horizontalpodautoscaling":             {},
		"job":                                  {},
		"legacy-service-account-token-cleaner": {AddedInVersion: "1.28"},
		"namespace":                            {},
		"nodelifecycle":                        {},
		"persistentvolume-binder":              {},
		"persistentvolume-expander":            {},
		"podgc":                                {},
		"pv-protection":                        {},
		"pvc-protection":                       {},
		"replicaset":                           {},
		"replicationcontroller":                {},
		"resource-claim-controller":            {AddedInVersion: "1.27"},
		"resourcequota":                        {},
		"root-ca-cert-publisher":               {},
		"route":                                {},
		"service":                              {},
		"service-cidr":                         {AddedInVersion: "1.29"},
		"serviceaccount":                       {},
		"serviceaccount-token":                 {},
		"statefulset":                          {},
		"tokencleaner":                         {},
		"ttl":                                  {},
		"ttl-after-finished":                   {},
	},
}

APIGroupControllerMap is a map for the Kubernetes API groups and the corresponding controllers for them.

View Source
var TLSCipherSuites = []string{
	"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
	"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
	"TLS_AES_128_GCM_SHA256",
	"TLS_AES_256_GCM_SHA384",
	"TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
	"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
	"TLS_CHACHA20_POLY1305_SHA256",
	"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
	"TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
}

TLSCipherSuites is a list of the wanted and acceptable cipher suits.

Functions

func AddEnvVar added in v1.75.0

func AddEnvVar(container *corev1.Container, envVar corev1.EnvVar, overwrite bool)

AddEnvVar adds the given EnvVar to the given Container if not present. If a EnvVar with the given name is already present it optionally overwrites the EnvVar according to the overwrite parameter.

func AddVolume added in v1.75.0

func AddVolume(podSpec *corev1.PodSpec, volume corev1.Volume, overwrite bool)

AddVolume adds the given Volume to the given PodSpec if not present. If a Volume with the given name is already present it optionally overwrites the Volume according to the overwrite parameter.

func AddVolumeMount added in v1.75.0

func AddVolumeMount(container *corev1.Container, volumeMount corev1.VolumeMount, overwrite bool)

AddVolumeMount adds the given VolumeMount to the given Container if not present. If a VolumeMount with the given name is already present it optionally overwrites the VolumeMount according to the overwrite parameter.

func ClientCertificateFromRESTConfig added in v1.57.0

func ClientCertificateFromRESTConfig(restConfig *rest.Config) (*tls.Certificate, error)

ClientCertificateFromRESTConfig returns the client certificate used inside a REST config.

func CurrentReplicaCountForDeployment added in v1.21.0

func CurrentReplicaCountForDeployment(ctx context.Context, client client.Client, namespace, deploymentName string) (int32, error)

CurrentReplicaCountForDeployment returns the current replicaCount for the given deployment.

func DNSNamesForService added in v1.8.0

func DNSNamesForService(name, namespace string) []string

DNSNamesForService returns the possible DNS names for a service with the given name and namespace.

func DeleteObject added in v1.11.0

func DeleteObject(ctx context.Context, c client.Writer, object client.Object) error

DeleteObject deletes a Kubernetes object. It ignores 'not found' and 'no match' errors.

func DeleteObjects added in v1.11.0

func DeleteObjects(ctx context.Context, c client.Writer, objects ...client.Object) error

DeleteObjects deletes a list of Kubernetes objects.

func DeleteObjectsFromListConditionally added in v1.17.0

func DeleteObjectsFromListConditionally(ctx context.Context, c client.Client, listObj client.ObjectList, predicateFn func(runtime.Object) bool) error

DeleteObjectsFromListConditionally takes a Kubernetes List object. It iterates over its items and, if provided, executes the predicate function. If it evaluates to true then the object will be deleted.

func DeleteSecretByReference added in v1.17.0

func DeleteSecretByReference(ctx context.Context, c client.Client, ref *corev1.SecretReference) error

DeleteSecretByReference deletes the secret referenced by the given secret reference.

func FQDNForService added in v1.69.0

func FQDNForService(name, namespace string) string

FQDNForService returns the fully qualified domain name of a service with the given name and namespace.

func FeatureGatesToCommandLineParameter added in v1.10.0

func FeatureGatesToCommandLineParameter(fg map[string]bool) string

FeatureGatesToCommandLineParameter transforms feature gates given as string/bool map to a command line parameter that is understood by Kubernetes components.

func FetchEventMessages added in v1.17.0

func FetchEventMessages(ctx context.Context, scheme *runtime.Scheme, reader client.Reader, obj client.Object, eventType string, eventsLimit int) (string, error)

FetchEventMessages gets events for the given object of the given `eventType` and returns them as a formatted output. The function expects that the given `obj` is specified with a proper `metav1.TypeMeta`.

func GetAdmissionPluginsForVersion added in v1.25.0

func GetAdmissionPluginsForVersion(v string) []gardencorev1beta1.AdmissionPlugin

GetAdmissionPluginsForVersion returns the set of default admission plugins for the given Kubernetes version. If the given Kubernetes version does not explicitly define admission plugins the set of names for the next available version will be returned (e.g., for version X not defined the set of version X-1 will be returned).

func GetContainerResourcesInStatefulSet added in v1.21.0

func GetContainerResourcesInStatefulSet(ctx context.Context, k8sClient client.Client, key client.ObjectKey) (map[string]*corev1.ResourceRequirements, error)

GetContainerResourcesInStatefulSet returns the containers resources in StatefulSet.

func GetDeploymentForPod added in v1.80.0

func GetDeploymentForPod(ctx context.Context, reader client.Reader, namespace string, podOwnerReferences []metav1.OwnerReference) (*appsv1.Deployment, error)

GetDeploymentForPod returns the deployment the pod belongs to by traversing its metadata.

func GetLoadBalancerIngress

func GetLoadBalancerIngress(ctx context.Context, c client.Client, service *corev1.Service) (string, error)

GetLoadBalancerIngress takes a context, a client, a service object. It gets the `service` and queries for a load balancer's technical name (ip address or hostname). It returns the value of the technical name whereby it always prefers the hostname (if given) over the IP address. The passed `service` instance is updated with the information received from the API server.

func GetManagedSeedByName added in v1.34.0

func GetManagedSeedByName(ctx context.Context, client client.Client, name string) (*seedmanagementv1alpha1.ManagedSeed, error)

GetManagedSeedByName tries to read a ManagedSeed in the garden namespace. If it's not found then `nil` is returned.

func GetManagedSeedWithReader added in v1.31.0

func GetManagedSeedWithReader(ctx context.Context, r client.Reader, shootNamespace, shootName string) (*seedmanagementv1alpha1.ManagedSeed, error)

GetManagedSeedWithReader gets the ManagedSeed resource for the given shoot namespace and name, by searching for all ManagedSeeds in the shoot namespace that have spec.shoot.name set to the shoot name. If no such ManagedSeeds are found, nil is returned.

func GetNodeSelectorRequirementForZones added in v1.60.4

func GetNodeSelectorRequirementForZones(isZonePinningEnabled bool, zones []string) *corev1.NodeSelectorRequirement

GetNodeSelectorRequirementForZones returns a node selector requirement to ensure all pods are scheduled only on nodes in the provided zones. If no zones are provided then nothing is done. Note that the returned requirement should be added to all existing node selector terms in the spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms field of pods because the various node selector terms are evaluated with the OR operator.

func GetReplicaCount added in v1.60.0

func GetReplicaCount(failureToleranceType *gardencorev1beta1.FailureToleranceType, componentType string) *int32

GetReplicaCount returns the replica count based on the criteria, failure tolerance type, and component type.

func GetSecretByReference added in v1.17.0

func GetSecretByReference(ctx context.Context, c client.Reader, ref *corev1.SecretReference) (*corev1.Secret, error)

GetSecretByReference returns the secret referenced by the given secret reference.

func GetSecretMetadataByReference added in v1.78.0

func GetSecretMetadataByReference(ctx context.Context, c client.Reader, ref *corev1.SecretReference) (*metav1.PartialObjectMetadata, error)

GetSecretMetadataByReference returns the secret referenced by the given secret reference.

func GetTopologySpreadConstraints added in v1.56.0

func GetTopologySpreadConstraints(
	replicas int32,
	maxReplicas int32,
	labelSelector metav1.LabelSelector,
	numberOfZones int32,
	failureToleranceType *gardencorev1beta1.FailureToleranceType,
	enforceSpreadAcrossHosts bool,
) []corev1.TopologySpreadConstraint

GetTopologySpreadConstraints adds topology spread constraints based on the passed `failureToleranceType`. This is only done when the number of replicas is greater than 1 (otherwise, it doesn't make sense to add spread constraints).

func HasEnvVar added in v1.75.0

func HasEnvVar(container corev1.Container, name string) bool

HasEnvVar checks if the given container has an EnvVar with the given name.

func HasMetaDataAnnotation

func HasMetaDataAnnotation(meta metav1.Object, key, value string) bool

HasMetaDataAnnotation checks if the passed meta object has the given key, value set in the annotations section.

func IsNodeLabelAllowedForKubelet added in v1.64.0

func IsNodeLabelAllowedForKubelet(key string) bool

IsNodeLabelAllowedForKubelet determines whether kubelet is allowed by the NodeRestriction admission plugin to set a label on its own Node object with the given key. See https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#noderestriction.

func Key

func Key(namespaceOrName string, nameOpt ...string) client.ObjectKey

Key creates a new client.ObjectKey from the given parameters. There are only two ways to call this function:

  • If only namespaceOrName is set, then a client.ObjectKey with name set to namespaceOrName is returned.
  • If namespaceOrName and one nameOpt is given, then a client.ObjectKey with namespace set to namespaceOrName and name set to nameOpt[0] is returned.

For all other cases, this method panics.

func LookupObject added in v1.7.0

func LookupObject(ctx context.Context, c client.Client, apiReader client.Reader, key client.ObjectKey, obj client.Object) error

LookupObject retrieves an obj for the given object key dealing with potential stale cache that still does not contain the obj. It first tries to retrieve the obj using the given cached client. If the object key is not found, then it does live lookup from the API server using the given apiReader.

func MakeUnique added in v1.31.0

func MakeUnique(obj runtime.Object) error

MakeUnique takes either a *corev1.ConfigMap or a *corev1.Secret object and makes it immutable, i.e., it sets .immutable=true, computes a checksum based on .data, and appends the first 8 characters of the computed checksum to the name of the object. Additionally, it injects the `resources.gardener.cloud/garbage-collectable-reference=true` label.

func MapStringBoolToCommandLineParameter added in v1.33.0

func MapStringBoolToCommandLineParameter(m map[string]bool, param string) string

MapStringBoolToCommandLineParameter transforms a string/bool map to a command line parameter that is understood by Kubernetes components.

func MergeOwnerReferences added in v1.16.0

func MergeOwnerReferences(references []metav1.OwnerReference, newReferences ...metav1.OwnerReference) []metav1.OwnerReference

MergeOwnerReferences merges the newReferences with the list of existing references.

func MostRecentCompleteLogs added in v1.16.0

func MostRecentCompleteLogs(
	ctx context.Context,
	podInterface corev1client.PodInterface,
	pod *corev1.Pod,
	containerName string,
	tailLines,
	headBytes *int64,
) (
	string,
	error,
)

MostRecentCompleteLogs returns the logs of the pod/container in case it is not running. If the pod/container is running then the logs of the previous pod/container are being returned.

func NewKubeconfig added in v1.36.0

func NewKubeconfig(contextName string, cluster clientcmdv1.Cluster, authInfo clientcmdv1.AuthInfo) *clientcmdv1.Config

NewKubeconfig returns a new kubeconfig structure.

func NewestObject added in v1.16.0

func NewestObject(ctx context.Context, c client.Reader, listObj client.ObjectList, filterFn func(client.Object) bool, listOpts ...client.ListOption) (client.Object, error)

NewestObject returns the most recently created object based on the provided list object type. If a filter function is provided then it will be applied for each object right after listing all objects. If no object remains then nil is returned. The Items field in the list object will be populated with the result returned from the server after applying the filter function (if provided).

func NewestPodForDeployment added in v1.16.0

func NewestPodForDeployment(ctx context.Context, c client.Reader, deployment *appsv1.Deployment) (*corev1.Pod, error)

NewestPodForDeployment returns the most recently created Pod object for the given deployment.

func ObjectKeyForCreateWebhooks added in v1.40.3

func ObjectKeyForCreateWebhooks(obj client.Object, req admission.Request) client.ObjectKey

ObjectKeyForCreateWebhooks creates an object key for an object handled by webhooks registered for CREATE verbs.

func ObjectKeyFromSecretRef added in v1.51.0

func ObjectKeyFromSecretRef(ref corev1.SecretReference) client.ObjectKey

ObjectKeyFromSecretRef returns an ObjectKey for the given SecretReference.

func ObjectMeta

func ObjectMeta(namespaceOrName string, nameOpt ...string) metav1.ObjectMeta

ObjectMeta creates a new metav1.ObjectMeta from the given parameters. There are only two ways to call this function:

  • If only namespaceOrName is set, then a metav1.ObjectMeta with name set to namespaceOrName is returned.
  • If namespaceOrName and one nameOpt is given, then a metav1.ObjectMeta with namespace set to namespaceOrName and name set to nameOpt[0] is returned.

For all other cases, this method panics.

func ObjectMetaFromKey

func ObjectMetaFromKey(key client.ObjectKey) metav1.ObjectMeta

ObjectMetaFromKey returns an ObjectMeta with the namespace and name set to the values from the key.

func ObjectName added in v1.8.0

func ObjectName(obj client.Object) string

ObjectName returns the name of the given object in the format <namespace>/<name>

func OwnedBy added in v1.16.0

func OwnedBy(obj client.Object, apiVersion, kind, name string, uid types.UID) bool

OwnedBy checks if the given object's owner reference contains an entry with the provided attributes.

func ParseObjectName added in v1.36.0

func ParseObjectName(objectName string) (string, string)

ParseObjectName parses the given object name (in the format <namespace>/<name>) to its constituent namespace and name. If the given object name is not namespaced, an empty namespace is returned.

func PodManagedByDaemonSet added in v1.63.0

func PodManagedByDaemonSet(pod *corev1.Pod) bool

PodManagedByDaemonSet returns 'true' if the given pod is managed by a DaemonSet, determined by the existing owner references.

func ReadLeaderElectionRecord added in v1.15.0

func ReadLeaderElectionRecord(ctx context.Context, client client.Client, lock, namespace, name string) (*resourcelock.LeaderElectionRecord, error)

ReadLeaderElectionRecord returns the leader election record for a given lock type and a namespace/name combination.

func ReconcileServicePorts added in v1.10.0

func ReconcileServicePorts(existingPorts []corev1.ServicePort, desiredPorts []corev1.ServicePort, desiredServiceType corev1.ServiceType) []corev1.ServicePort

ReconcileServicePorts reconciles the existing service ports with the desired ports. This means that it takes the existing port (identified by name), and applies the settings from the desired port to it. This way it can keep fields that are defaulted by controllers, e.g. the node port. However, it does not keep ports that are not part of the desired list.

func ResourcesExist added in v1.61.0

func ResourcesExist(ctx context.Context, reader client.Reader, objList client.ObjectList, scheme *runtime.Scheme, listOpts ...client.ListOption) (bool, error)

ResourcesExist checks if there is at least one object of the given objList.

func SetAlwaysAllowEviction added in v1.87.0

func SetAlwaysAllowEviction(pdb *policyv1.PodDisruptionBudget, kubernetesVersion *semver.Version)

SetAlwaysAllowEviction sets the UnhealthyPodEvictionPolicy field to AlwaysAllow if the kubernetes version is >= 1.26.

func SetAnnotationAndUpdate added in v1.21.0

func SetAnnotationAndUpdate(ctx context.Context, c client.Client, obj client.Object, key, value string) error

SetAnnotationAndUpdate sets the annotation on the given object and updates it.

func SetMetaDataAnnotation

func SetMetaDataAnnotation(meta metav1.Object, key, value string)

SetMetaDataAnnotation sets the annotation on the given object. If the given Object did not yet have annotations, they are initialized.

func SetMetaDataLabel

func SetMetaDataLabel(meta metav1.Object, key, value string)

SetMetaDataLabel sets the key value pair in the labels section of the given Object. If the given Object did not yet have labels, they are initialized.

func TolerationForTaint added in v1.63.0

func TolerationForTaint(taint corev1.Taint) corev1.Toleration

TolerationForTaint returns the corresponding toleration for the given taint.

func TruncateLabelValue

func TruncateLabelValue(s string) string

TruncateLabelValue truncates a string at 63 characters so it's suitable for a label value.

func ValidDeploymentContainerImageVersion

func ValidDeploymentContainerImageVersion(deploymentToCheck *appsv1.Deployment, containerName, minimumVersion string) (bool, error)

ValidDeploymentContainerImageVersion validates compliance of a deployment container image to a minimum version

func VisitContainers added in v1.75.0

func VisitContainers(podSpec *corev1.PodSpec, visit func(*corev1.Container), containerNames ...string)

VisitContainers calls the given visitor for all (init) containers in the given PodSpec. If containerNames are given it only visits (init) containers with matching names. The visitor may mutate the Container.

func VisitPodSpec added in v1.75.0

func VisitPodSpec(obj runtime.Object, visit func(*corev1.PodSpec)) error

VisitPodSpec calls the given visitor for the PodSpec contained in the given object. The visitor may mutate the PodSpec.

func WaitUntilLoadBalancerIsReady added in v1.15.0

func WaitUntilLoadBalancerIsReady(
	ctx context.Context,
	log logr.Logger,
	c client.Client,
	namespace, name string,
	timeout time.Duration,
) (
	string,
	error,
)

WaitUntilLoadBalancerIsReady waits until the given external load balancer has been created (i.e., its ingress information has been updated in the service status).

func WaitUntilResourceDeleted

func WaitUntilResourceDeleted(ctx context.Context, c client.Client, obj client.Object, interval time.Duration) error

WaitUntilResourceDeleted waits until it has been deleted. It respects the given interval. Timeout must be provided via the context.

func WaitUntilResourceDeletedWithDefaults

func WaitUntilResourceDeletedWithDefaults(ctx context.Context, c client.Client, obj client.Object) error

WaitUntilResourceDeletedWithDefaults deletes the given resource and then waits until it has been deleted. It uses a default interval and timeout

func WaitUntilResourcesDeleted added in v1.1.0

func WaitUntilResourcesDeleted(ctx context.Context, c client.Client, list client.ObjectList, interval time.Duration, opts ...client.ListOption) error

WaitUntilResourcesDeleted waits until the given resources are gone. It respects the given interval and timeout.

Types

type ComparableTolerations added in v1.63.0

type ComparableTolerations struct {
	// contains filtered or unexported fields
}

ComparableTolerations contains information to transform an ordinary 'corev1.Toleration' object to a semantically comparable object that is fully compatible with the 'comparable' Golang interface, see https://github.com/golang/go/blob/de6abd78893e91f26337eb399644b7a6bc3ea583/src/builtin/builtin.go#L102.

func (*ComparableTolerations) Transform added in v1.63.0

func (c *ComparableTolerations) Transform(toleration corev1.Toleration) corev1.Toleration

Transform takes a toleration object and exchanges the 'TolerationSeconds' pointer if set. The int64 value will be the same but pointers will be **reused** for all passed tolerations that have the same underlying toleration seconds value.

type SortBy added in v1.15.2

type SortBy func(o1, o2 client.Object) bool

SortBy the type of a "less" function that defines the ordering of its object arguments.

func ByCreationTimestamp added in v1.15.2

func ByCreationTimestamp() SortBy

ByCreationTimestamp returns a comparison function for sorting by creation timestamp.

func ByName added in v1.15.2

func ByName() SortBy

ByName returns a comparison function for sorting by name.

func (SortBy) Sort added in v1.15.2

func (sortBy SortBy) Sort(objList runtime.Object)

Sort sorts the items in the provided list objects according to the sort-by function.

Directories

Path Synopsis
mock
Package mock is a generated GoMock package.
Package mock is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL