forge

package
v0.9.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 4, 2023 License: Apache-2.0 Imports: 30 Imported by: 0

Documentation

Overview

Package forge groups the methods used to forge the Kubernetes object definitions for the reflection logic.

Index

Constants

View Source
const (
	// EventSuccessfulReflection -> the reason for the event when the reflection completes successfully.
	EventSuccessfulReflection = "SuccessfulReflection"

	// EventFailedReflection -> the reason for the event when the reflection fails.
	EventFailedReflection = "FailedReflection"

	// EventFailedDeletion -> the reason for the event when the deletion of an object fails.
	EventFailedDeletion = "FailedDeletion"

	// EventReflectionDisabled -> the reason for the event when reflection is disabled for the given namespace/object.
	EventReflectionDisabled = "ReflectionDisabled"

	// EventSuccessfulSATokensReflection -> the reason for the event when the reflection of service account tokens completes successfully.
	EventSuccessfulSATokensReflection = "SuccessfulSATokensReflection"

	// EventFailedSATokensReflection -> the reason for the event when the reflection of service account tokens fails.
	EventFailedSATokensReflection = "FailedSATokensReflection"
)
View Source
const (
	// LiqoOriginClusterIDKey is the key of a label identifying the origin cluster of a reflected resource.
	LiqoOriginClusterIDKey = "virtualkubelet.liqo.io/origin"
	// LiqoDestinationClusterIDKey is the key of a label identifying the destination cluster of a reflected resource.
	LiqoDestinationClusterIDKey = "virtualkubelet.liqo.io/destination"
	// LiqoOriginClusterNodeName is the name of the node on the origin cluster referenced by the virtual-kubelet.
	LiqoOriginClusterNodeName = "virtualkubelet.liqo.io/nodename"
)
View Source
const (
	// PodOffloadingBackOffReason -> the reason assigned to pods rejected by the virtual kubelet before offloading has started.
	PodOffloadingBackOffReason = "OffloadingBackOff"
	// PodOffloadingAbortedReason -> the reason assigned to pods rejected by the virtual kubelet after offloading has started.
	PodOffloadingAbortedReason = "OffloadingAborted"

	// ServiceAccountVolumeName is the prefix name that will be added to volumes that mount ServiceAccount secrets.
	// This constant is taken from kubernetes/kubernetes (plugin/pkg/admission/serviceaccount/admission.go).
	ServiceAccountVolumeName = "kube-api-access-"
)
View Source
const (
	// LiqoSASecretForPodNameKey is the key of a label identifying the name of the pod associated with the given service account tokens.
	LiqoSASecretForPodNameKey = "virtualkubelet.liqo.io/service-account-for-pod-name"
	// LiqoSASecretForServiceAccountKey is the key of a label identifying the name of the service account originating the given tokens.
	LiqoSASecretForServiceAccountKey = "virtualkubelet.liqo.io/service-account-name"
	// LiqoSASecretForPodUIDKey is the key of an annotation identifying the uid of the pod associated with the given service account tokens.
	LiqoSASecretForPodUIDKey = "virtualkubelet.liqo.io/service-account-for-pod-uid"
	// LiqoSASecretExpirationKey is the key of an annotation storing the expiration timestamp of the given service account tokens.
	LiqoSASecretExpirationKey = "virtualkubelet.liqo.io/service-account-expiration"

	// TokenRefreshAtLifespanPercentage is the percentage of the token lifespan when it should be refreshed.
	TokenRefreshAtLifespanPercentage = 80.0
)
View Source
const EndpointSliceManagedBy = "endpointslice.reflection.liqo.io"

EndpointSliceManagedBy -> The manager associated with the reflected EndpointSlices.

View Source
const ReflectionFieldManager = "reflection.liqo.io"

ReflectionFieldManager -> The name associated with the fields modified by virtual kubelet reflection.

View Source
const RootCAConfigMapName = "kube-root-ca.crt"

RootCAConfigMapName is the name of the configmap containing the root CA.

Variables

View Source
var (
	// LocalCluster -> the cluster identity associated with the local cluster.
	LocalCluster discoveryv1alpha1.ClusterIdentity
	// RemoteCluster -> the cluster identity associated with the remote cluster.
	RemoteCluster discoveryv1alpha1.ClusterIdentity

	// LiqoNodeName -> the name of the node associated with the current virtual-kubelet.
	LiqoNodeName string
	// LiqoNodeIP -> the local IP of the node associated with the current virtual-kubelet.
	LiqoNodeIP string
	// StartTime -> the instant in time the forging logic has been started.
	StartTime time.Time

	// KubernetesServicePort -> the port of the kubernetes.default service.
	KubernetesServicePort string
)

Functions

func ApplyOptions added in v0.3.1

func ApplyOptions() metav1.ApplyOptions

ApplyOptions returns the apply options configured for object reflection.

func EndpointSliceLabels added in v0.3.1

func EndpointSliceLabels() labels.Set

EndpointSliceLabels returns the labels assigned to the reflected EndpointSlices.

func EndpointToBeReflected added in v0.3.1

func EndpointToBeReflected(endpoint *discoveryv1.Endpoint, localNodeClient corev1listers.NodeLister) bool

EndpointToBeReflected filters out the endpoints targeting pods already running on the remote cluster.

func EventFailedDeletionMsg added in v0.5.0

func EventFailedDeletionMsg(err error) string

EventFailedDeletionMsg returns the message for the event when the deletion of a local object fails.

func EventFailedLabelsUpdateMsg added in v0.5.0

func EventFailedLabelsUpdateMsg(err error) string

EventFailedLabelsUpdateMsg returns the message for the event when it is impossible to update the labels of a local object.

func EventFailedReflectionAlreadyExistsMsg added in v0.5.0

func EventFailedReflectionAlreadyExistsMsg() string

EventFailedReflectionAlreadyExistsMsg returns the message for the event when the reflection has been aborted because the remote object already exists.

func EventFailedReflectionMsg added in v0.5.0

func EventFailedReflectionMsg(err error) string

EventFailedReflectionMsg returns the message for the event when the outgoing reflection fails due to an error.

func EventFailedStatusReflectionMsg added in v0.5.0

func EventFailedStatusReflectionMsg(err error) string

EventFailedStatusReflectionMsg returns the message for the event when the incoming reflection fails due to an error.

func EventObjectReflectionDisabledMsg added in v0.6.0

func EventObjectReflectionDisabledMsg() string

EventObjectReflectionDisabledMsg returns the message for the event when reflection is disabled for a given resource.

func EventReflectionDisabledErrorMsg added in v0.5.0

func EventReflectionDisabledErrorMsg(namespace string, err error) string

EventReflectionDisabledErrorMsg returns the message for the event when reflection is disabled for the given namespace, and an error occurs.

func EventReflectionDisabledMsg added in v0.5.0

func EventReflectionDisabledMsg(namespace string) string

EventReflectionDisabledMsg returns the message for the event when reflection is disabled for the given namespace.

func EventSAReflectionDisabledMsg added in v0.5.0

func EventSAReflectionDisabledMsg() string

EventSAReflectionDisabledMsg returns the message for the event when service account reflection is disabled.

func EventSuccessfulReflectionMsg added in v0.5.0

func EventSuccessfulReflectionMsg() string

EventSuccessfulReflectionMsg returns the message for the event when the outgoing reflection completes successfully.

func EventSuccessfulStatusReflectionMsg added in v0.5.0

func EventSuccessfulStatusReflectionMsg() string

EventSuccessfulStatusReflectionMsg returns the message for the event when the incoming reflection completes successfully.

func FilterAntiAffinityLabels added in v0.6.0

func FilterAntiAffinityLabels(labels map[string]string, whitelist string) map[string]string

FilterAntiAffinityLabels filters the label keys which are used to implement the anti-affinity constraints, based on the specified whitelist.

func FilterIngressAnnotations added in v0.5.0

func FilterIngressAnnotations(local map[string]string) map[string]string

FilterIngressAnnotations filters the ingress annotations to be reflected, removing the ingress class annotation.

func FilterNotReflected added in v0.9.0

func FilterNotReflected(m map[string]string, blackListedKeys []string) map[string]string

FilterNotReflected returns a map filtering out entries that match the given keys.

func Init added in v0.3.2

func Init(localCluster, remoteCluster discoveryv1alpha1.ClusterIdentity, nodeName, nodeIP string)

Init initializes the forging logic.

func IsEndpointSliceManagedByReflection added in v0.3.1

func IsEndpointSliceManagedByReflection(obj metav1.Object) bool

IsEndpointSliceManagedByReflection returns whether the EndpointSlice is managed by the reflection logic.

func IsReflected added in v0.3.1

func IsReflected(obj metav1.Object) bool

IsReflected returns whether the current object has been reflected from the local to the remote cluster.

func IsServiceAccountSecret added in v0.7.0

func IsServiceAccountSecret(obj metav1.Object) bool

IsServiceAccountSecret returns whether the current object contains remotely reflected service account tokens.

func LocalConfigMapName added in v0.5.0

func LocalConfigMapName(remote string) string

LocalConfigMapName returns the local configmap name corresponding to a remote one, accounting for the root CA.

func LocalContainerStats added in v0.3.2

func LocalContainerStats(metrics *metricsv1beta1.ContainerMetrics, start, now metav1.Time) statsv1alpha1.ContainerStats

LocalContainerStats forges the metric stats for a container of a local pod.

func LocalContainersStats added in v0.3.2

func LocalContainersStats(metrics []metricsv1beta1.ContainerMetrics, start, now metav1.Time) []statsv1alpha1.ContainerStats

LocalContainersStats forges the metric stats for the containers of a local pod.

func LocalNodeStats added in v0.3.2

func LocalNodeStats(pods []statsv1alpha1.PodStats) *statsv1alpha1.Summary

LocalNodeStats forges the summary stats for the node managed by the virtual kubelet.

func LocalPod added in v0.3.2

func LocalPod(local, remote *corev1.Pod, translator PodIPTranslator, restarts int32, mutators ...RemotePodStatusMutator) *corev1.Pod

LocalPod forges the object meta and status of the local pod, given the remote one.

func LocalPodOffloadedLabel added in v0.4.0

func LocalPodOffloadedLabel(local *corev1.Pod) (*corev1apply.PodApplyConfiguration, bool)

LocalPodOffloadedLabel forges the apply patch to add the appropriate label to the offloaded pod.

func LocalPodStats added in v0.3.2

func LocalPodStats(pod *corev1.Pod, metrics *metricsv1beta1.PodMetrics) statsv1alpha1.PodStats

LocalPodStats forges the metric stats for a local pod managed by the virtual kubelet.

func LocalPodStatus added in v0.3.2

func LocalPodStatus(remote *corev1.PodStatus, translator PodIPTranslator, restarts int32, mutators ...RemotePodStatusMutator) corev1.PodStatus

LocalPodStatus forges the status of the local pod, given the remote one.

func LocalRejectedPod added in v0.3.2

func LocalRejectedPod(local *corev1.Pod, phase corev1.PodPhase, reason string) *corev1.Pod

LocalRejectedPod forges the status of a local rejected pod.

func LocalRejectedPodStatus added in v0.3.2

func LocalRejectedPodStatus(local *corev1.PodStatus, phase corev1.PodPhase, reason string) corev1.PodStatus

LocalRejectedPodStatus forges the status of the local rejected pod.

func ReflectedLabelSelector added in v0.3.1

func ReflectedLabelSelector() labels.Selector

ReflectedLabelSelector returns a label selector matching the objects reflected from the local to the remote cluster.

func ReflectionLabels added in v0.3.1

func ReflectionLabels() labels.Set

ReflectionLabels returns the labels assigned to the objects reflected from the local to the remote cluster.

func ReflectionLabelsWithNodeName added in v0.9.0

func ReflectionLabelsWithNodeName(nodeName string) labels.Set

ReflectionLabelsWithNodeName returns the labels assigned to the objects reflected from the local to the remote cluster with the given node name.

func RemoteConfigMap added in v0.3.2

func RemoteConfigMap(local *corev1.ConfigMap, targetNamespace string, forgingOpts *ForgingOpts) *corev1apply.ConfigMapApplyConfiguration

RemoteConfigMap forges the apply patch for the reflected configmap, given the local one.

func RemoteConfigMapName added in v0.5.0

func RemoteConfigMapName(local string) string

RemoteConfigMapName forges the name for the reflected configmap, remapping the one of the root CA to prevent collisions.

func RemoteContainerEnvVariablesAPIServerSupport added in v0.6.0

func RemoteContainerEnvVariablesAPIServerSupport(envs []corev1.EnvVar, saName, homeAPIServerHost, homeAPIServerPort string) []corev1.EnvVar

RemoteContainerEnvVariablesAPIServerSupport forges the environment variables to enable offloaded containers to contact back the local API server, instead of the remote one. In addition, it also hardcodes the service account name in case it was retrieved from the pod spec, as it is not reflected remotely.

func RemoteContainersAPIServerSupport added in v0.6.0

func RemoteContainersAPIServerSupport(containers []corev1.Container, saName, homeAPIServerHost, homeAPIServerPort string) []corev1.Container

RemoteContainersAPIServerSupport forges the containers for a reflected pod, appropriately adding the environment variables to enable the offloaded containers to contact back the local API server, instead of the remote one.

func RemoteEndpointSliceEndpoints added in v0.3.1

func RemoteEndpointSliceEndpoints(locals []discoveryv1.Endpoint, localNodeClient corev1listers.NodeLister,
	translator EndpointTranslator) []discoveryv1.Endpoint

RemoteEndpointSliceEndpoints forges the endpoints of the reflected endpointslice, given the local ones.

func RemoteEndpointSliceObjectMeta added in v0.8.0

func RemoteEndpointSliceObjectMeta(local, remote *metav1.ObjectMeta, forgingOpts *ForgingOpts) metav1.ObjectMeta

RemoteEndpointSliceObjectMeta forges the objectMeta of the reflected endpointslice, given the local one.

func RemoteEndpointSlicePorts added in v0.3.1

func RemoteEndpointSlicePorts(locals []discoveryv1.EndpointPort) []discoveryv1.EndpointPort

RemoteEndpointSlicePorts forges the ports of the reflected endpointslice, given the local ones.

func RemoteEndpointTargetRef added in v0.8.0

func RemoteEndpointTargetRef(ref *corev1.ObjectReference) *corev1.ObjectReference

RemoteEndpointTargetRef forges the ObjectReference of the reflected endpoint, given the local one.

func RemoteHostAliasesAPIServerSupport added in v0.6.0

func RemoteHostAliasesAPIServerSupport(aliases []corev1.HostAlias, retriever KubernetesServiceIPGetter) []corev1.HostAlias

RemoteHostAliasesAPIServerSupport forges the host aliases to override the IP address associated with the kubernetes.default service to enable offloaded containers to contact back the local API server, instead of the remote one.

func RemoteIngress added in v0.5.0

func RemoteIngress(local *netv1.Ingress, targetNamespace string, forgingOpts *ForgingOpts) *netv1apply.IngressApplyConfiguration

RemoteIngress forges the apply patch for the reflected ingress, given the local one.

func RemoteIngressBackend added in v0.5.0

RemoteIngressBackend forges the apply patch for the backend of the reflected ingress, given the local one.

func RemoteIngressHTTP added in v0.5.0

RemoteIngressHTTP forges the apply patch for the HTTPIngressRuleValue of the reflected ingress, given the local one.

func RemoteIngressPaths added in v0.5.0

RemoteIngressPaths forges the apply patch for the paths of the reflected ingress, given the local ones.

func RemoteIngressRules added in v0.5.0

func RemoteIngressRules(local []netv1.IngressRule) []*netv1apply.IngressRuleApplyConfiguration

RemoteIngressRules forges the apply patch for the rules of the reflected ingress, given the local ones.

func RemoteIngressService added in v0.5.0

RemoteIngressService forges the apply patch for the service of the reflected ingress, given the local one.

func RemoteIngressSpec added in v0.5.0

func RemoteIngressSpec(local *netv1.IngressSpec) *netv1apply.IngressSpecApplyConfiguration

RemoteIngressSpec forges the apply patch for the specs of the reflected ingress, given the local one. It expects the local object to be a deepcopy, as it is mutated.

func RemoteIngressTLS added in v0.5.0

func RemoteIngressTLS(local []netv1.IngressTLS) []*netv1apply.IngressTLSApplyConfiguration

RemoteIngressTLS forges the apply patch for the TLS configs of the reflected ingress, given the local ones.

func RemoteKind added in v0.3.1

func RemoteKind(kind string) string

RemoteKind prepends "Remote" to a kind name, to identify remote objects.

func RemoteObjectMeta added in v0.3.2

func RemoteObjectMeta(local, remote *metav1.ObjectMeta) metav1.ObjectMeta

RemoteObjectMeta forges the local ObjectMeta for a reflected object.

func RemoteObjectReference added in v0.3.1

RemoteObjectReference forges the apply patch for a reflected RemoteObjectReference.

func RemotePodSpec added in v0.3.2

func RemotePodSpec(creation bool, local, remote *corev1.PodSpec, mutators ...RemotePodSpecMutator) corev1.PodSpec

RemotePodSpec forges the specs of the reflected pod specs, given the local ones. It expects the local and remote objects to be deepcopies, as they are mutated.

func RemoteSecret added in v0.3.2

func RemoteSecret(local *corev1.Secret, targetNamespace string, forgingOpts *ForgingOpts) *corev1apply.SecretApplyConfiguration

RemoteSecret forges the apply patch for the reflected secret, given the local one.

func RemoteService added in v0.3.1

func RemoteService(local *corev1.Service, targetNamespace string, forgingOpts *ForgingOpts) *corev1apply.ServiceApplyConfiguration

RemoteService forges the apply patch for the reflected service, given the local one.

func RemoteServiceAccountSecret added in v0.7.0

func RemoteServiceAccountSecret(tokens *ServiceAccountPodTokens, targetName, targetNamespace, nodename string) *corev1apply.SecretApplyConfiguration

RemoteServiceAccountSecret forges the apply patch for the secret containing the service account token, given the token request.

func RemoteServiceAccountSecretAnnotations added in v0.7.0

func RemoteServiceAccountSecretAnnotations(tokens *ServiceAccountPodTokens) labels.Set

RemoteServiceAccountSecretAnnotations returns the annotations assigned to the secret holding service account tokens.

func RemoteServiceAccountSecretLabels added in v0.7.0

func RemoteServiceAccountSecretLabels(tokens *ServiceAccountPodTokens) labels.Set

RemoteServiceAccountSecretLabels returns the labels assigned to the secret holding service account tokens.

func RemoteServicePorts added in v0.3.1

func RemoteServicePorts(locals []corev1.ServicePort, forceRemoteNodePort bool) []*corev1apply.ServicePortApplyConfiguration

RemoteServicePorts forges the apply patch for the ports of the reflected service, given the local ones.

func RemoteServiceSpec added in v0.3.1

func RemoteServiceSpec(local *corev1.ServiceSpec, forceRemoteNodePort bool) *corev1apply.ServiceSpecApplyConfiguration

RemoteServiceSpec forges the apply patch for the specs of the reflected service, given the local ones. It expects the local object to be a deepcopy, as it is mutated.

func RemoteShadowEndpointSlice added in v0.8.0

func RemoteShadowEndpointSlice(local *discoveryv1.EndpointSlice, remote *vkv1alpha1.ShadowEndpointSlice,
	localNodeClient corev1listers.NodeLister, targetNamespace string, translator EndpointTranslator,
	forgingOpts *ForgingOpts) *vkv1alpha1.ShadowEndpointSlice

RemoteShadowEndpointSlice forges the remote shadowendpointslice, given the local endpointslice.

func RemoteShadowPod added in v0.3.2

func RemoteShadowPod(local *corev1.Pod, remote *vkv1alpha1.ShadowPod,
	targetNamespace string, forgingOpts *ForgingOpts, mutators ...RemotePodSpecMutator) *vkv1alpha1.ShadowPod

RemoteShadowPod forges the reflected shadowpod, given the local one.

func RemoteTolerations added in v0.3.2

func RemoteTolerations(inputTolerations []corev1.Toleration) []corev1.Toleration

RemoteTolerations forges the tolerations for a reflected pod.

func RemoteTypedLocalObjectReference added in v0.5.0

RemoteTypedLocalObjectReference forges the apply patch for a reflected TypedLocalObjectReference.

func RemoteVolumes added in v0.4.0

func RemoteVolumes(volumes []corev1.Volume, apiServerSupport APIServerSupportType, saSecretRetriever func() string) []corev1.Volume

RemoteVolumes forges the volumes for a reflected pod, appropriately modifying the one related to the service account.

func ServiceAccountPodUIDFromSecret added in v0.7.0

func ServiceAccountPodUIDFromSecret(secret *corev1.Secret, podUID types.UID) types.UID

ServiceAccountPodUIDFromSecret retrieves the UID of the corresponding pod from a secret, or podUID if nil.

func ServiceAccountSecretName added in v0.7.0

func ServiceAccountSecretName(podName string) string

ServiceAccountSecretName returns the name of the ServiceAccount secret associated to a given pod and volume.

func ServiceAccountTokenExpirationFromSecret added in v0.7.0

func ServiceAccountTokenExpirationFromSecret(secret *corev1.Secret) time.Time

ServiceAccountTokenExpirationFromSecret retrieves the earliest token expiration from a secret.

func ServiceAccountTokenFromSecret added in v0.7.0

func ServiceAccountTokenFromSecret(secret *corev1.Secret, key string) string

ServiceAccountTokenFromSecret retrieves the token corresponding to the given key from a secret.

func ServiceAccountTokenKey added in v0.7.0

func ServiceAccountTokenKey(volumeName, path string) string

ServiceAccountTokenKey returns the key to identify a given token.

func SumContainerStats added in v0.3.2

func SumContainerStats(stats []statsv1alpha1.ContainerStats, retriever func(statsv1alpha1.ContainerStats) uint64) *uint64

SumContainerStats returns the sum of the container stats, given a metric retriever.

func SumPodStats added in v0.3.2

func SumPodStats(stats []statsv1alpha1.PodStats, retriever func(statsv1alpha1.PodStats) uint64) *uint64

SumPodStats returns the sum of the pod stats, given a metric retriever.

Types

type APIServerSupportType added in v0.7.0

type APIServerSupportType string

APIServerSupportType is the enum type representing which type of API Server support is enabled, i.e., to allow offloaded pods to contact the local API server.

const (
	// APIServerSupportDisabled -> API Server support is disabled.
	APIServerSupportDisabled APIServerSupportType = "Disabled"
	// APIServerSupportLegacy -> API Server support is enabled, using the legacy secrets associated with service accounts.
	APIServerSupportLegacy APIServerSupportType = "Legacy"
	// APIServerSupportTokenAPI -> API Server support is enabled, leveraging the newer TokenRequest API to retrieve the tokens.
	APIServerSupportTokenAPI APIServerSupportType = "TokenAPI"
	// APIServerSupportRemote -> the remote pods are allowed to contact the local API server directly.
	APIServerSupportRemote APIServerSupportType = "Remote"
)

type EndpointTranslator added in v0.3.1

type EndpointTranslator func([]string) []string

EndpointTranslator defines the function to translate between local and remote endpoint addresses.

type ForgingOpts added in v0.9.0

type ForgingOpts struct {
	LabelsNotReflected      []string
	AnnotationsNotReflected []string
}

ForgingOpts contains options to forge the reflected resources.

func NewForgingOpts added in v0.9.0

func NewForgingOpts(labelsNotReflected, annotationsNotReflected []string) ForgingOpts

NewForgingOpts returns a new ForgingOpts instance.

type KubernetesServiceIPGetter added in v0.5.0

type KubernetesServiceIPGetter func() string

KubernetesServiceIPGetter defines the function to get the remapped IP associated with the local kubernetes.default service.

type PodIPTranslator added in v0.3.2

type PodIPTranslator func(string) string

PodIPTranslator defines the function to translate between remote and local IP addresses.

type RemotePodSpecMutator added in v0.6.0

type RemotePodSpecMutator func(remote *corev1.PodSpec)

RemotePodSpecMutator defines the function type to mutate the remote pod specifications and implement additional capabilities.

func APIServerSupportMutator added in v0.6.0

func APIServerSupportMutator(apiServerSupport APIServerSupportType, localAnnotations map[string]string,
	saName string, saSecretRetriever SASecretRetriever, kubernetesServiceIPRetriever KubernetesServiceIPGetter,
	homeAPIServerHost, homeAPIServerPort string) RemotePodSpecMutator

APIServerSupportMutator is a mutator which implements the support to enable offloaded pods to interact back with the local Kubernetes API server.

func AntiAffinityHardMutator added in v0.6.0

func AntiAffinityHardMutator(labels map[string]string) RemotePodSpecMutator

AntiAffinityHardMutator is a mutator which implements the support to enable hard anti-affinity between pods sharing the same labels.

func AntiAffinityPropagateMutator added in v0.6.0

func AntiAffinityPropagateMutator(affinity *corev1.Affinity) RemotePodSpecMutator

AntiAffinityPropagateMutator is a mutator which implements the support to propagate a given anti-affinity constraint.

func AntiAffinitySoftMutator added in v0.6.0

func AntiAffinitySoftMutator(labels map[string]string) RemotePodSpecMutator

AntiAffinitySoftMutator is a mutator which implements the support to enable soft anti-affinity between pods sharing the same labels.

func ServiceAccountMutator added in v0.9.0

func ServiceAccountMutator(apiServerSupport APIServerSupportType, localAnnotations map[string]string) RemotePodSpecMutator

ServiceAccountMutator is a mutator which implements the support to propagate the service account name to the remote cluster.

type RemotePodStatusMutator added in v0.8.0

type RemotePodStatusMutator func(remote *corev1.PodStatus)

RemotePodStatusMutator defines the function type to mutate the remote pod status and implement additional capabilities.

func OpaqueIPTranslationMutator added in v0.8.0

func OpaqueIPTranslationMutator() RemotePodStatusMutator

OpaqueIPTranslationMutator is a mutator which implements the support to hide the IP address of the offloaded pods.

type SASecretRetriever added in v0.5.0

type SASecretRetriever func(string) string

SASecretRetriever defines the function to retrieve the secret associated with a given service account.

type ServiceAccountPodToken added in v0.7.0

type ServiceAccountPodToken struct {
	Key string

	Audiences         []string
	ExpirationSeconds int64

	Token            string
	ActualExpiration time.Time
}

ServiceAccountPodToken contains the information corresponding to a service account token associated with a pod.

func (*ServiceAccountPodToken) RefreshDue added in v0.7.0

func (token *ServiceAccountPodToken) RefreshDue() time.Time

RefreshDue returns the timestamp at which the token should be refreshed.

func (*ServiceAccountPodToken) TokenRequest added in v0.7.0

func (token *ServiceAccountPodToken) TokenRequest(ref *corev1.Pod) *authenticationv1.TokenRequest

TokenRequest returns a new TokenRequest based on the given TokenInfo.

func (*ServiceAccountPodToken) Update added in v0.7.0

func (token *ServiceAccountPodToken) Update(tkn string, expiration time.Time)

Update updates the TokenInfo based on the TokenRequest response.

type ServiceAccountPodTokens added in v0.7.0

type ServiceAccountPodTokens struct {
	PodName            string
	PodUID             types.UID
	ServiceAccountName string

	Tokens []*ServiceAccountPodToken
}

ServiceAccountPodTokens constains the information for the service account tokens associated with a pod.

func (*ServiceAccountPodTokens) AddToken added in v0.7.0

func (tokens *ServiceAccountPodTokens) AddToken(key, audience string, expiration int64) *ServiceAccountPodToken

AddToken appends the information corresponding to a given service account token.

func (*ServiceAccountPodTokens) EarliestExpiration added in v0.7.0

func (tokens *ServiceAccountPodTokens) EarliestExpiration() time.Time

EarliestExpiration returns the earliest expiration of all considered tokens.

func (*ServiceAccountPodTokens) EarliestRefresh added in v0.7.0

func (tokens *ServiceAccountPodTokens) EarliestRefresh() time.Time

EarliestRefresh returns the timestamp at which the first token should be refreshed.

func (*ServiceAccountPodTokens) TokensForSecret added in v0.7.0

func (tokens *ServiceAccountPodTokens) TokensForSecret() map[string]string

TokensForSecret returns a map with keys the volume name, and value the corresponding service account token.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL