mutator

package
v0.9.2-alpha Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 8, 2017 License: Apache-2.0 Imports: 28 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// NamespaceIsolationAnnotation deny traffic between pods
	// https://kubernetes.io/docs/concepts/services-networking/networkpolicies/#configuring-namespace-isolation
	NamespaceIsolationAnnotation = "net.beta.kubernetes.io/network-policy"
	// NamespaceHardLimit limits how many namespaces a user could create
	// In the future this will be associate to a Custom Resource Definition
	NamespaceHardLimit = 2
)
View Source 
const (
	OSUserID = 2000
)

Variables

View Source 
var (
	DefaultClusterRole = rbac.ClusterRole{
		ObjectMeta: metav1.ObjectMeta{
			Name: platform.DefaultClusterRole,
		},
		Rules: []rbac.PolicyRule{
			{
				APIGroups: []string{"", "extensions", platform.GroupName},
				Resources: []string{
					"deployments",
					"domains",
					"events",
					"ingresses",
					"releases",
					"replicasets",
					"resourcequotas",
				},
				Verbs: []string{"get", "watch", "list"},
			},
			{
				APIGroups: []string{""},
				Resources: []string{
					"pods",
					"pods/attach",
					"pods/exec",
					"pods/log",
					"pods/portforward",
					"services",
				},
				Verbs: []string{
					"create",
					"delete",
					"deletecollection",
					"get",
					"list",
					"patch",
					"update",
					"watch",
				},
			},
			{
				APIGroups: []string{"extensions", platform.GroupName},
				Resources: []string{"deployments", "releases", "replicasets"},
				Verbs:     []string{"delete", "deletecollection"},
			},
		},
	}
)

Functions

func NewKongClient 

func NewKongClient(client request.HTTPClient, apiURL string) (request.Interface, error)

Types

type Config 

type Config struct {
	Host               string `envconfig:"KUBERNETES_SERVICE_HOST" required:"true"`
	TLSInsecure        bool
	TLSServerConfig    rest.TLSClientConfig
	TLSClientConfig    rest.TLSClientConfig
	Serve              string
	AllowedImages      string
	RegistryImages     string
	KongAPIHost        string
	PlatformPubKeyFile string `envconfig:"PLATFORM_JWT_PUB_KEY_FILE" required:"true"`
	PlatformPubKey     []byte
}

Config is the daemon base configuration

func (*Config) GetImages 

func (c *Config) GetImages() []string

GetImages returns of allowed images with the registry as prefix

func (*Config) GetServeAddress 

func (c *Config) GetServeAddress() (string, bool)

GetServeAddress return the address to bind the server

type Handler 

type Handler struct {
	// contains filtered or unexported fields
}

Handler is the base handler for all mutators

func NewHandler 

func NewHandler(clientset kubernetes.Interface, tprClient rest.Interface, kongClient request.Interface, cfg *Config) *Handler

NewHandler creates a new mutator Handler

func (*Handler) Authorize 

func (h *Handler) Authorize(w http.ResponseWriter, r *http.Request, next http.HandlerFunc)

Authorize it's a middleware to process jwt token authorizations

func (*Handler) DeploymentsOnCreate 

func (h *Handler) DeploymentsOnCreate(w http.ResponseWriter, r *http.Request)

DeploymentsOnCreate mutate requests on POST

func (*Handler) DeploymentsOnMod 

func (h *Handler) DeploymentsOnMod(w http.ResponseWriter, r *http.Request)

DeploymentsOnMod mutates PUT and PATCH requests

func (*Handler) DomainsOnCreate 

func (h *Handler) DomainsOnCreate(w http.ResponseWriter, r *http.Request)

DomainsOnCreate validate and mutates POST requests

func (*Handler) DomainsOnHead 

func (h *Handler) DomainsOnHead(w http.ResponseWriter, r *http.Request)

DomainsOnHead performs a check and verify if a primary domain is already claimed in the cluster

func (*Handler) DomainsOnMod 

func (h *Handler) DomainsOnMod(w http.ResponseWriter, r *http.Request)

DomainsOnMod mutates and validates PUT and PATCH requests

func (*Handler) IngressOnCreate 

func (h *Handler) IngressOnCreate(w http.ResponseWriter, r *http.Request)

func (*Handler) IngressOnDelete 

func (h *Handler) IngressOnDelete(w http.ResponseWriter, r *http.Request)

func (*Handler) IngressOnPatch 

func (h *Handler) IngressOnPatch(w http.ResponseWriter, r *http.Request)

func (*Handler) NamespaceOnCreate 

func (h *Handler) NamespaceOnCreate(w http.ResponseWriter, r *http.Request)

NamespaceOnCreate mutates k8s request on creation

func (*Handler) NamespaceOnGet 

func (h *Handler) NamespaceOnGet(w http.ResponseWriter, r *http.Request)

func (*Handler) NamespaceOnList 

func (h *Handler) NamespaceOnList(w http.ResponseWriter, r *http.Request)

func (*Handler) NamespaceOnMod 

func (h *Handler) NamespaceOnMod(w http.ResponseWriter, r *http.Request)

NamespaceOnMod mutates k8s request on modify http methods (PUT, PATCH)

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.