inject

package
v0.5.1-0...-faa3f61 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 12, 2025 License: Apache-2.0 Imports: 33 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (

	// ProxyAnnotations is the list of possible annotations that can be applied on a pod or namespace.
	// All these annotations should be prefixed with "config.linkerd.io"
	ProxyAnnotations = []string{
		k8s.ProxyAdminPortAnnotation,
		k8s.ProxyControlPortAnnotation,
		k8s.ProxyEnableDebugAnnotation,
		k8s.ProxyEnableExternalProfilesAnnotation,
		k8s.ProxyImagePullPolicyAnnotation,
		k8s.ProxyInboundPortAnnotation,
		k8s.ProxyInitImageAnnotation,
		k8s.ProxyInitImageVersionAnnotation,
		k8s.ProxyOutboundPortAnnotation,
		k8s.ProxyPodInboundPortsAnnotation,
		k8s.ProxyCPULimitAnnotation,
		k8s.ProxyCPURequestAnnotation,
		k8s.ProxyImageAnnotation,
		k8s.ProxyAdminShutdownAnnotation,
		k8s.ProxyLogFormatAnnotation,
		k8s.ProxyLogLevelAnnotation,
		k8s.ProxyLogHTTPHeaders,
		k8s.ProxyMemoryLimitAnnotation,
		k8s.ProxyMemoryRequestAnnotation,
		k8s.ProxyEphemeralStorageLimitAnnotation,
		k8s.ProxyEphemeralStorageRequestAnnotation,
		k8s.ProxyUIDAnnotation,
		k8s.ProxyGIDAnnotation,
		k8s.ProxyVersionOverrideAnnotation,
		k8s.ProxyRequireIdentityOnInboundPortsAnnotation,
		k8s.ProxyIgnoreInboundPortsAnnotation,
		k8s.ProxyOpaquePortsAnnotation,
		k8s.ProxyIgnoreOutboundPortsAnnotation,
		k8s.ProxyOutboundConnectTimeout,
		k8s.ProxyInboundConnectTimeout,
		k8s.ProxyAwait,
		k8s.ProxyDefaultInboundPolicyAnnotation,
		k8s.ProxySkipSubnetsAnnotation,
		k8s.ProxyAccessLogAnnotation,
		k8s.ProxyShutdownGracePeriodAnnotation,
		k8s.ProxyOutboundDiscoveryCacheUnusedTimeout,
		k8s.ProxyInboundDiscoveryCacheUnusedTimeout,
		k8s.ProxyDisableOutboundProtocolDetectTimeout,
		k8s.ProxyDisableInboundProtocolDetectTimeout,
	}
	// ProxyAlphaConfigAnnotations is the list of all alpha configuration
	// (config.alpha prefix) that can be applied to a pod or namespace.
	ProxyAlphaConfigAnnotations = []string{
		k8s.ProxyWaitBeforeExitSecondsAnnotation,
		k8s.ProxyEnableNativeSidecarAnnotation,
	}
)
View Source 
var (
	// Reasons is a map of inject skip reasons with human readable sentences
	Reasons = map[string]string{
		// contains filtered or unexported fields
	}
)

Functions

func AppendNamespaceAnnotations 

func AppendNamespaceAnnotations(base map[string]string, nsAnn map[string]string, workloadAnn map[string]string)

AppendNamespaceAnnotations allows pods to inherit config specific annotations from the namespace they belong to. If the namespace has a valid config key that the pod does not, then it is appended to the pod's template

func FuzzInject 

func FuzzInject(data []byte) int

FuzzInject fuzzes Pod injection.

func GetConfigOverride 

func GetConfigOverride(annotationKey string, workloadAnn map[string]string, nsAnn map[string]string) (string, bool)

GetConfigAnnotation returns two values. The first value is the annotation value for a given key. The second is used to decide whether or not the caller should add the annotation. The caller should not add the annotation if the resource already has its own.

func GetOverriddenValues 

func GetOverriddenValues(values *l5dcharts.Values, overrides map[string]string, namedPorts map[string]int32) (*l5dcharts.Values, error)

GetOverriddenValues returns the final Values struct which is created by overriding annotated configuration on top of default Values

func ToWholeCPUCores 

func ToWholeCPUCores(q k8sResource.Quantity) (int64, error)

ToWholeCPUCores coerces a k8s resource value to a whole integer value, rounding up.

Types

type Origin 

type Origin int

Origin defines where the input YAML comes from. Refer the ResourceConfig's 'origin' field 

const (
	// OriginCLI is the value of the ResourceConfig's 'origin' field if the input
	// YAML comes from the CLI
	OriginCLI Origin = iota

	// OriginWebhook is the value of the ResourceConfig's 'origin' field if the input
	// YAML comes from the CLI
	OriginWebhook

	// OriginUnknown is the value of the ResourceConfig's 'origin' field if the
	// input YAML comes from an unknown source
	OriginUnknown
)

type OwnerRetrieverFunc 

type OwnerRetrieverFunc func(*corev1.Pod) (string, string, error)

OwnerRetrieverFunc is a function that returns a pod's owner reference kind and name

type Report 

type Report struct {
	Kind                         string
	Name                         string
	HostNetwork                  bool
	Sidecar                      bool
	UDP                          bool // true if any port in any container has `protocol: UDP`
	UnsupportedResource          bool // unsupported to inject
	InjectDisabled               bool
	InjectDisabledReason         string
	InjectAnnotationAt           string
	Annotatable                  bool
	Annotated                    bool
	AutomountServiceAccountToken bool

	// Uninjected consists of two boolean flags to indicate if a proxy and
	// proxy-init containers have been uninjected in this report
	Uninjected struct {
		// Proxy is true if a proxy container has been uninjected
		Proxy bool

		// ProxyInit is true if a proxy-init container has been uninjected
		ProxyInit bool
	}
}

Report contains the Kind and Name for a given workload along with booleans describing the result of the injection transformation

func (*Report) Injectable 

func (r *Report) Injectable() (bool, []string)

Injectable returns false if the report flags indicate that the workload is on a host network or there is already a sidecar or the resource is not supported or inject is explicitly disabled. If false, the second returned value describes the reason.

func (*Report) IsAnnotatable 

func (r *Report) IsAnnotatable() bool

IsAnnotatable returns true if the resource for a report can be annotated.

func (*Report) ResName 

func (r *Report) ResName() string

ResName returns a string "Kind/Name" for the workload referred in the report r

func (*Report) ThrowInjectError 

func (r *Report) ThrowInjectError() []error

ThrowInjectError errors out `inject` when the report contains errors related to automountServiceAccountToken, hostNetwork, existing sidecar, or udp ports See - https://github.com/linkerd/linkerd2/issues/4214

type ResourceConfig 

type ResourceConfig struct {
	// contains filtered or unexported fields
}

ResourceConfig contains the parsed information for a given workload

func NewResourceConfig 

func NewResourceConfig(values *l5dcharts.Values, origin Origin, ns string) *ResourceConfig

NewResourceConfig creates and initializes a ResourceConfig

func (*ResourceConfig) AnnotateNamespace 

func (conf *ResourceConfig) AnnotateNamespace(annotations map[string]string) ([]byte, error)

AnnotateNamespace annotates a namespace resource config with `annotations`.

func (*ResourceConfig) AnnotateService 

func (conf *ResourceConfig) AnnotateService(annotations map[string]string) ([]byte, error)

AnnotateService annotates a service resource config with `annotations`.

func (*ResourceConfig) AppendPodAnnotation 

func (conf *ResourceConfig) AppendPodAnnotation(k, v string)

AppendPodAnnotation appends the given single annotation to the pod spec in conf

func (*ResourceConfig) AppendPodAnnotations 

func (conf *ResourceConfig) AppendPodAnnotations(annotations map[string]string)

AppendPodAnnotations appends the given annotations to the pod spec in conf

func (*ResourceConfig) CreateAnnotationPatch 

func (conf *ResourceConfig) CreateAnnotationPatch(opaquePorts string) ([]byte, error)

CreateAnnotationPatch returns a json patch which adds the opaque ports annotation with the `opaquePorts` value.

func (*ResourceConfig) CreateOpaquePortsPatch 

func (conf *ResourceConfig) CreateOpaquePortsPatch() ([]byte, error)

CreateOpaquePortsPatch creates a patch that will add the default list of opaque ports.

func (*ResourceConfig) FilterPodOpaquePorts 

func (conf *ResourceConfig) FilterPodOpaquePorts(defaultPorts []string) []string

FilterPodOpaquePorts returns a list of opaque ports that a pod exposes that are also in the given default opaque ports list.

func (*ResourceConfig) FromObject 

func (conf *ResourceConfig) FromObject(v runtime.Object) (*Report, error)

FromObject extracts the workload metadata and pod specs from the given runtime.Object instance. The results are stored in the conf's fields.

func (*ResourceConfig) GetNsAnnotations 

func (conf *ResourceConfig) GetNsAnnotations() map[string]string

func (*ResourceConfig) GetOverriddenConfiguration 

func (conf *ResourceConfig) GetOverriddenConfiguration() map[string]string

GetOverriddenConfiguration returns a map of the overridden proxy annotations

func (*ResourceConfig) GetOverrideAnnotations 

func (conf *ResourceConfig) GetOverrideAnnotations() map[string]string

func (*ResourceConfig) GetOwnerRef 

func (conf *ResourceConfig) GetOwnerRef() *metav1.OwnerReference

GetOwnerRef returns a reference to the resource's owner resource, if any

func (*ResourceConfig) GetPodPatch 

func (conf *ResourceConfig) GetPodPatch(injectProxy bool) ([]byte, error)

GetPodPatch returns the JSON patch containing the proxy and init containers specs, if any. If injectProxy is false, only the config.linkerd.io annotations are set.

func (*ResourceConfig) GetValues 

func (conf *ResourceConfig) GetValues() *l5dcharts.Values

GetValues returns the values used for rendering patches.

func (*ResourceConfig) GetWorkloadAnnotations 

func (conf *ResourceConfig) GetWorkloadAnnotations() map[string]string

func (*ResourceConfig) HasPodTemplate 

func (conf *ResourceConfig) HasPodTemplate() bool

HasPodTemplate checks if a given config has a pod template spec.

func (*ResourceConfig) HasWorkloadAnnotation 

func (conf *ResourceConfig) HasWorkloadAnnotation(annotation string) bool

HasWorkloadAnnotation returns true if the workload has the annotation set by the resource config or its metadata.

func (*ResourceConfig) IsControlPlaneComponent 

func (conf *ResourceConfig) IsControlPlaneComponent() bool

IsControlPlaneComponent returns true if the component is part of linkerd control plane

func (*ResourceConfig) IsNamespace 

func (conf *ResourceConfig) IsNamespace() bool

IsNamespace checks if a given config is a workload of Kind namespace

func (*ResourceConfig) IsPod 

func (conf *ResourceConfig) IsPod() bool

IsPod checks if a given config is a workload of Kind pod.

func (*ResourceConfig) IsService 

func (conf *ResourceConfig) IsService() bool

IsService checks if a given config is a workload of Kind service

func (*ResourceConfig) JSONToYAML 

func (conf *ResourceConfig) JSONToYAML(bytes []byte) ([]byte, error)

JSONToYAML is a replacement for the same function in sigs.k8s.io/yaml that does conserve the field order as portrayed in k8s' api structs

func (*ResourceConfig) ParseMetaAndYAML 

func (conf *ResourceConfig) ParseMetaAndYAML(bytes []byte) (*Report, error)

ParseMetaAndYAML extracts the workload metadata and pod specs from the given input bytes. The results are stored in the conf's fields.

func (*ResourceConfig) Uninject 

func (conf *ResourceConfig) Uninject(report *Report) ([]byte, error)

Uninject removes from the workload in conf the init and proxy containers, the TLS volumes and the extra annotations/labels that were added

func (*ResourceConfig) WithKind 

func (conf *ResourceConfig) WithKind(kind string) *ResourceConfig

WithKind enriches ResourceConfig with the workload kind

func (*ResourceConfig) WithNsAnnotations 

func (conf *ResourceConfig) WithNsAnnotations(m map[string]string) *ResourceConfig

WithNsAnnotations enriches ResourceConfig with the namespace annotations, that can be used in shouldInject()

func (*ResourceConfig) WithOwnerRetriever 

func (conf *ResourceConfig) WithOwnerRetriever(f OwnerRetrieverFunc) *ResourceConfig

WithOwnerRetriever enriches ResourceConfig with a function that allows to retrieve the kind and name of the workload's owner reference

func (*ResourceConfig) YamlMarshalObj 

func (conf *ResourceConfig) YamlMarshalObj() ([]byte, error)

YamlMarshalObj returns the yaml for the workload in conf

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.