caasadmission

package
v0.0.0-...-afba3a4 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 27, 2024 License: AGPL-3.0 Imports: 28 Imported by: 0

Documentation

Overview

Package caasadmission defines the caasadmission worker. This worker is responsible for establishing a Kubernetes mutating admission webhook (https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/) so that Juju can process Kubernetes resource object changes. We currently use these mutating admission webhooks to watch for resources being created by charms in the Kubernetes cluster. Every time we detect such a resource, we annotate the new or updated Kubernetes object with a label indicating which Juju application was responsible for creating the resource. When the application is later removed, we use these labels to find associated resources that need to be removed.

Index

Constants

View Source
const (
	ExpectedContentType = "application/json"
	HeaderContentType   = "Content-Type"
)
View Source
const (
	// Component describes a sub zone to use on the juju tld for unique resource
	// ids. For example using this component "admission" with "juju.io" would
	// yield admission.juju.io
	Component = "admission"
)
View Source
const (
	// DefaultModelOperatorPort
	DefaultModelOperatorPort = int32(17071)
)

Variables

View Source
var (
	AdmissionGVK = schema.GroupVersionKind{
		Group:   admission.SchemeGroupVersion.Group,
		Version: admission.SchemeGroupVersion.Version,
		Kind:    "AdmissionReview",
	}
)

Functions

func AdmissionPathForModel

func AdmissionPathForModel(modelUUID string) string

func Manifold

func Manifold(config ManifoldConfig) dependency.Manifold

Manifold returns a Manifold that encapsulates a Kubernetes mutating admission controller. Manifold has no outputs.

Types

type AdmissionCreator

type AdmissionCreator interface {
	EnsureMutatingWebhookConfiguration(context.Context) (func(), error)
}

AdmissionCreator represents a creator of mutating webhooks that is context aware of the current controller.

func NewAdmissionCreator

func NewAdmissionCreator(
	authority pki.Authority,
	namespace, modelName string,
	legacyLabels bool,
	ensureConfig func(context.Context, *admission.MutatingWebhookConfiguration) (func(), error),
	service *admission.ServiceReference) (AdmissionCreator, error)

NewAdmissionCreator instantiates a new AdmissionCreator for the supplied context arguments.

type AdmissionCreatorFunc

type AdmissionCreatorFunc func(context.Context) (func(), error)

AdmissionCreatorFunc is the func type of AdmissionCreator.

func (AdmissionCreatorFunc) EnsureMutatingWebhookConfiguration

func (a AdmissionCreatorFunc) EnsureMutatingWebhookConfiguration(ctx context.Context) (func(), error)

EnsureMutatingWebhookConfiguration implements AdmissionCreator interface for func type.

type Controller

type Controller struct {
	// contains filtered or unexported fields
}

Kubernetes controller responsible

func NewController

func NewController(
	logger logger.Logger,
	mux Mux,
	path string,
	legacyLabels bool,
	admissionCreator AdmissionCreator,
	rbacMapper RBACMapper) (*Controller, error)

func (*Controller) Kill

func (c *Controller) Kill()

func (*Controller) Wait

func (c *Controller) Wait() error

type K8sBroker

type K8sBroker interface {
	// CurrentModel returns the current model the broker is targeting
	CurrentModel() string

	// GetCurrentNamespace returns the current namespace being targeted on the
	// broker
	GetCurrentNamespace() string

	// EnsureMutatingWebhookConfiguration make the supplied webhook config exist
	// inside the k8s cluster if it currently does not. Return values is a
	// cleanup function that will destroy the webhook configuration from k8s
	// when called and a subsequent error if there was a problem. If error is
	// not nil then no other return values should be considered valid.
	EnsureMutatingWebhookConfiguration(context.Context, *admission.MutatingWebhookConfiguration) (func(), error)

	// IsLegacyLabels reports if the k8s broker requires legacy labels to be
	// used for the broker model/namespace
	IsLegacyLabels() bool
}

K8sBroker describes a Kubernetes broker interface this worker needs to function.

type ManifoldConfig

type ManifoldConfig struct {
	AgentName        string
	AuthorityName    string
	Authority        pki.Authority
	BrokerName       string
	Logger           logger.Logger
	MuxName          string
	RBACMapperName   string
	ServerInfoName   string
	ServiceName      string
	ServiceNamespace string
}

ManifoldConfig describes the resources used by the admission worker

func (ManifoldConfig) Start

func (c ManifoldConfig) Start(context context.Context, getter dependency.Getter) (worker.Worker, error)

Start is used to start the manifold an extract a worker from the supplied configuration.

func (ManifoldConfig) Validate

func (c ManifoldConfig) Validate() error

Validate is used to to establish if the configuration is valid for use when creating new workers.

type Mux

type Mux interface {
	AddHandler(string, string, http.Handler) error
	RemoveHandler(string, string)
}

type RBACMapper

type RBACMapper interface {
	// AppNameForServiceAccount fetches the juju application name associated
	// with a given kubernetes service account UID. If no result is found
	// errors.NotFound is returned. All other errors should be considered
	// internal to the interface operation.
	AppNameForServiceAccount(types.UID) (string, error)
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL