caasadmission

package
v0.0.0-...-4308112 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 28, 2024 License: AGPL-3.0 Imports: 28 Imported by: 0

Documentation

Overview

Package caasadmission defines the caasadmission worker. This worker is responsible for establishing a Kubernetes mutating admission webhook (https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/) so that Juju can process Kubernetes resource object changes. We currently use these mutating admission webhooks to watch for resources being created by charms in the Kubernetes cluster. Every time we detect such a resource, we annotate the new or updated Kubernetes object with a label indicating which Juju application was responsible for creating the resource. When the application is later removed, we use these labels to find associated resources that need to be removed.

Index

Constants

View Source 
const (
	ExpectedContentType = "application/json"
	HeaderContentType   = "Content-Type"
)
View Source 
const (
	// Component describes a sub zone to use on the juju tld for unique resource
	// ids. For example using this component "admission" with "juju.io" would
	// yield admission.juju.io
	Component = "admission"
)
View Source 
const (
	// DefaultModelOperatorPort
	DefaultModelOperatorPort = int32(17071)
)

Variables

View Source 
var (
	AdmissionGVK = schema.GroupVersionKind{
		Group:   admission.SchemeGroupVersion.Group,
		Version: admission.SchemeGroupVersion.Version,
		Kind:    "AdmissionReview",
	}
)

Functions

func AdmissionPathForModel 

func AdmissionPathForModel(modelUUID string) string

func Manifold 

func Manifold(config ManifoldConfig) dependency.Manifold

Manifold returns a Manifold that encapsulates a Kubernetes mutating admission controller. Manifold has no outputs.

Types

type AdmissionCreator 

type AdmissionCreator interface {
	EnsureMutatingWebhookConfiguration(context.Context) (func(), error)
}

AdmissionCreator represents a creator of mutating webhooks that is context aware of the current controller.

func NewAdmissionCreator 

func NewAdmissionCreator(
	authority pki.Authority,
	namespace, modelName string,
	legacyLabels bool,
	ensureConfig func(context.Context, *admission.MutatingWebhookConfiguration) (func(), error),
	service *admission.ServiceReference) (AdmissionCreator, error)

NewAdmissionCreator instantiates a new AdmissionCreator for the supplied context arguments.

type AdmissionCreatorFunc 

type AdmissionCreatorFunc func(context.Context) (func(), error)

AdmissionCreatorFunc is the func type of AdmissionCreator.

func (AdmissionCreatorFunc) EnsureMutatingWebhookConfiguration 

func (a AdmissionCreatorFunc) EnsureMutatingWebhookConfiguration(ctx context.Context) (func(), error)

EnsureMutatingWebhookConfiguration implements AdmissionCreator interface for func type.

type Controller 

type Controller struct {
	// contains filtered or unexported fields
}

Kubernetes controller responsible

func NewController 

func NewController(
	logger logger.Logger,
	mux Mux,
	path string,
	legacyLabels bool,
	admissionCreator AdmissionCreator,
	rbacMapper RBACMapper) (*Controller, error)

func (*Controller) Kill 

func (c *Controller) Kill()

func (*Controller) Wait 

func (c *Controller) Wait() error

type K8sBroker 

type K8sBroker interface {
	// CurrentModel returns the current model the broker is targeting
	CurrentModel() string

	// GetCurrentNamespace returns the current namespace being targeted on the
	// broker
	GetCurrentNamespace() string

	// EnsureMutatingWebhookConfiguration make the supplied webhook config exist
	// inside the k8s cluster if it currently does not. Return values is a
	// cleanup function that will destroy the webhook configuration from k8s
	// when called and a subsequent error if there was a problem. If error is
	// not nil then no other return values should be considered valid.
	EnsureMutatingWebhookConfiguration(context.Context, *admission.MutatingWebhookConfiguration) (func(), error)

	// IsLegacyLabels reports if the k8s broker requires legacy labels to be
	// used for the broker model/namespace
	IsLegacyLabels() bool
}

K8sBroker describes a Kubernetes broker interface this worker needs to function.

type ManifoldConfig 

type ManifoldConfig struct {
	AgentName        string
	AuthorityName    string
	Authority        pki.Authority
	BrokerName       string
	Logger           logger.Logger
	MuxName          string
	RBACMapperName   string
	ServerInfoName   string
	ServiceName      string
	ServiceNamespace string
}

ManifoldConfig describes the resources used by the admission worker

func (ManifoldConfig) Start 

func (c ManifoldConfig) Start(context context.Context, getter dependency.Getter) (worker.Worker, error)

Start is used to start the manifold an extract a worker from the supplied configuration.

func (ManifoldConfig) Validate 

func (c ManifoldConfig) Validate() error

Validate is used to to establish if the configuration is valid for use when creating new workers.

type Mux 

type Mux interface {
	AddHandler(string, string, http.Handler) error
	RemoveHandler(string, string)
}

type RBACMapper 

type RBACMapper interface {
	// AppNameForServiceAccount fetches the juju application name associated
	// with a given kubernetes service account UID. If no result is found
	// errors.NotFound is returned. All other errors should be considered
	// internal to the interface operation.
	AppNameForServiceAccount(types.UID) (string, error)
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.