Documentation
¶
Index ¶
- Constants
- Variables
- func GetNativeSidecarContainerSpec(c *Config) corev1.Container
- func GetSidecarContainerSpec(c *Config) corev1.Container
- func GetSidecarContainerVolumeSpec(existingVolumes ...corev1.Volume) []corev1.Volume
- func LogPodMutation(pod *corev1.Pod, sidecarConfig *Config)
- func ValidatePodHasSidecarContainerInjected(pod *corev1.Pod, shouldInjectedByWebhook bool) (bool, bool)
- type Config
- type SidecarInjector
Constants ¶
View Source
const ( SidecarContainerName = "gke-gcsfuse-sidecar" SidecarContainerTmpVolumeName = "gke-gcsfuse-tmp" SidecarContainerTmpVolumeMountPath = "/gcsfuse-tmp" SidecarContainerBufferVolumeName = "gke-gcsfuse-buffer" SidecarContainerBufferVolumeMountPath = "/gcsfuse-buffer" SidecarContainerCacheVolumeName = "gke-gcsfuse-cache" SidecarContainerCacheVolumeMountPath = "/gcsfuse-cache" // See the nonroot user discussion: https://github.com/GoogleContainerTools/distroless/issues/443 NobodyUID = 65534 NobodyGID = 65534 )
View Source
const (
GcsFuseVolumeEnableAnnotation = "gke-gcsfuse/volumes"
)
View Source
const IstioSidecarName = "istio-proxy"
Variables ¶
View Source
var ( TmpVolumeMount = corev1.VolumeMount{ Name: SidecarContainerTmpVolumeName, MountPath: SidecarContainerTmpVolumeMountPath, } )
Functions ¶
func GetNativeSidecarContainerSpec ¶ added in v1.2.0
func GetSidecarContainerSpec ¶
func GetSidecarContainerVolumeSpec ¶
GetSidecarContainerVolumeSpec returns volumes required by the sidecar container, skipping the existing custom volumes.
func LogPodMutation ¶ added in v1.3.0
func ValidatePodHasSidecarContainerInjected ¶
func ValidatePodHasSidecarContainerInjected(pod *corev1.Pod, shouldInjectedByWebhook bool) (bool, bool)
ValidatePodHasSidecarContainerInjected validates the following:
- One of the container or init container name matches the sidecar container name.
- The container uses NobodyUID and NobodyGID.
- The container uses the temp volume.
- The temp volume have correct volume mount paths.
- The Pod has the temp volume and the volume is an emptyDir volumes.
Returns two booleans:
- True when either native or regular sidecar is present.
- True iff the sidecar present is a native sidecar container.
Types ¶
type Config ¶
type Config struct {
ContainerImage string `json:"-"`
ImagePullPolicy string `json:"-"`
//nolint:tagliatelle
CPURequest resource.Quantity `json:"gke-gcsfuse/cpu-request,omitempty"`
//nolint:tagliatelle
CPULimit resource.Quantity `json:"gke-gcsfuse/cpu-limit,omitempty"`
//nolint:tagliatelle
MemoryRequest resource.Quantity `json:"gke-gcsfuse/memory-request,omitempty"`
//nolint:tagliatelle
MemoryLimit resource.Quantity `json:"gke-gcsfuse/memory-limit,omitempty"`
//nolint:tagliatelle
EphemeralStorageRequest resource.Quantity `json:"gke-gcsfuse/ephemeral-storage-request,omitempty"`
//nolint:tagliatelle
EphemeralStorageLimit resource.Quantity `json:"gke-gcsfuse/ephemeral-storage-limit,omitempty"`
}
func FakeConfig ¶
func FakeConfig() *Config
func LoadConfig ¶
Source Files
Click to show internal directories.
Click to hide internal directories.