Documentation ¶
Overview ¶
Package kubernetes provides implementations of `Cluster` and `manifests` that interact with the Kubernetes API (using kubectl or the k8s API client).
Index ¶
- Constants
- func MakeCachedDiscovery(d discovery.DiscoveryInterface, c crd.Interface, shutdown <-chan struct{}) discovery.CachedDiscoveryInterface
- func NewManifests(ns namespacer, logger log.Logger) *manifests
- func NewNamespacer(d discovery.DiscoveryInterface) (*namespaceViaDiscovery, error)
- func NewSSHKeyRing(config SSHKeyRingConfig) (*sshKeyRing, error)
- func ObjectMissingError(obj string, err error) *fluxerr.Error
- func UpdateNotSupportedError(kind string) *fluxerr.Error
- type Applier
- type Cluster
- func (c *Cluster) AllWorkloads(ctx context.Context, namespace string) (res []cluster.Workload, err error)
- func (c *Cluster) Export(ctx context.Context) ([]byte, error)
- func (c *Cluster) ImagesToFetch() registry.ImageCreds
- func (c *Cluster) IsAllowedResource(id resource.ID) bool
- func (c *Cluster) Ping() error
- func (c *Cluster) PublicSSHKey(regenerate bool) (ssh.PublicKey, error)
- func (c *Cluster) SomeWorkloads(ctx context.Context, ids []resource.ID) (res []cluster.Workload, err error)
- func (c *Cluster) Sync(syncSet cluster.SyncSet) error
- type ConstNamespacer
- type ExtendedClient
- type KubeYAML
- type Kubectl
- type ResourceScopes
- type SSHKeyRingConfig
- Bugs
Constants ¶
const AntecedentAnnotation = "flux.https://github.com/nholuongut/antecedent"
AntecedentAnnotation is an annotation on a resource indicating that the cause of that resource (indirectly, via a Helm release) is a HelmRelease. We use this rather than the `OwnerReference` type built into Kubernetes so that there are no garbage-collection implications. The value is expected to be a serialised `resource.ID`.
Variables ¶
This section is empty.
Functions ¶
func MakeCachedDiscovery ¶
func MakeCachedDiscovery(d discovery.DiscoveryInterface, c crd.Interface, shutdown <-chan struct{}) discovery.CachedDiscoveryInterface
MakeCachedDiscovery constructs a CachedDicoveryInterface that will be invalidated whenever the set of CRDs change. The idea is that the only avenue of a change to the API resources in a running system is CRDs being added, updated or deleted.
func NewManifests ¶
func NewNamespacer ¶
func NewNamespacer(d discovery.DiscoveryInterface) (*namespaceViaDiscovery, error)
NewNamespacer creates an implementation of Namespacer
func NewSSHKeyRing ¶
func NewSSHKeyRing(config SSHKeyRingConfig) (*sshKeyRing, error)
NewSSHKeyRing constructs an sshKeyRing backed by a kubernetes secret resource. The keyring is initialised with the key that was previously stored in the secret (either by regenerate() or an administrator), or a freshly generated key if none was found.
func UpdateNotSupportedError ¶
Types ¶
type Applier ¶
type Applier interface {
// contains filtered or unexported methods
}
Applier is something that will apply a changeset to the cluster.
type Cluster ¶
type Cluster struct { // Do garbage collection when syncing resources GC bool // dry run garbage collection without syncing DryGC bool // contains filtered or unexported fields }
Cluster is a handle to a Kubernetes API server. (Typically, this code is deployed into the same cluster.)
func NewCluster ¶
func NewCluster(client ExtendedClient, applier Applier, sshKeyRing ssh.KeyRing, logger log.Logger, allowedNamespaces []string, imageExcludeList []string) *Cluster
NewCluster returns a usable cluster.
func (*Cluster) AllWorkloads ¶
func (c *Cluster) AllWorkloads(ctx context.Context, namespace string) (res []cluster.Workload, err error)
AllWorkloads returns all workloads in allowed namespaces matching the criteria; that is, in the namespace (or any namespace if that argument is empty)
func (*Cluster) ImagesToFetch ¶
func (c *Cluster) ImagesToFetch() registry.ImageCreds
ImagesToFetch is a k8s specific method to get a list of images to update along with their credentials
func (*Cluster) PublicSSHKey ¶
func (*Cluster) SomeWorkloads ¶
func (c *Cluster) SomeWorkloads(ctx context.Context, ids []resource.ID) (res []cluster.Workload, err error)
SomeWorkloads returns the workloads named, missing out any that don't exist in the cluster or aren't in an allowed namespace. They do not necessarily have to be returned in the order requested.
type ConstNamespacer ¶
type ConstNamespacer string
func (ConstNamespacer) EffectiveNamespace ¶
func (ns ConstNamespacer) EffectiveNamespace(manifest kresource.KubeManifest, _ ResourceScopes) (string, error)
type ExtendedClient ¶
type ExtendedClient struct {
// contains filtered or unexported fields
}
func MakeClusterClientset ¶
func MakeClusterClientset(core coreClient, dyn dynamicClient, fluxhelm fluxHelmClient, helmop helmOperatorClient, disco discoveryClient) ExtendedClient
type KubeYAML ¶
type KubeYAML struct { }
KubeYAML is a placeholder value for calling the helper executable `kubeyaml`.
func (KubeYAML) Annotate ¶
Annotate calls the kubeyaml subcommand `annotate` with the arguments as given.
type ResourceScopes ¶
type ResourceScopes map[schema.GroupVersionKind]v1beta1.ResourceScope
ResourceScopes maps resource definitions (GroupVersionKind) to whether they are namespaced or not
type SSHKeyRingConfig ¶
type SSHKeyRingConfig struct { SecretAPI v1.SecretInterface SecretName string SecretVolumeMountPath string // e.g. "/etc/fluxd/ssh" SecretDataKey string // e.g. "identity" KeyBits ssh.OptionalValue KeyType ssh.OptionalValue KeyGenDir string // a tmpfs mount; e.g., /var/fluxd/ssh }
SSHKeyRingConfig is used to configure the keyring with key generation options and the parameters of its backing kubernetes secret resource. SecretVolumeMountPath must be mounted RW for regenerate() to work, and to set the privateKeyFileMode on the identity secret file.
Notes ¶
Bugs ¶
Updating the kubernetes secret should be done via an ephemeral external executable invoked with coredumps disabled and using syscall.Mlockall(MCL_FUTURE) in conjunction with an appropriate ulimit to ensure the private key isn't unintentionally written to persistent storage.