Documentation ¶
Index ¶
- Constants
- func CheckAndMountCACertBundle(ctx context.Context, cli client.Client, notebook *nbv1.Notebook, ...) error
- func CompareNotebookNetworkPolicies(np1 netv1.NetworkPolicy, np2 netv1.NetworkPolicy) bool
- func CompareNotebookRoutes(r1 routev1.Route, r2 routev1.Route) bool
- func CompareNotebookServiceAccounts(sa1 corev1.ServiceAccount, sa2 corev1.ServiceAccount) bool
- func CompareNotebookServices(s1 corev1.Service, s2 corev1.Service) bool
- func CompareNotebooks(nb1 nbv1.Notebook, nb2 nbv1.Notebook) bool
- func InjectCertConfig(notebook *nbv1.Notebook, configMapName string) error
- func InjectOAuthProxy(notebook *nbv1.Notebook, oauth OAuthConfig) error
- func InjectReconciliationLock(meta *metav1.ObjectMeta) error
- func NewNotebookNetworkPolicy(notebook *nbv1.Notebook) *netv1.NetworkPolicy
- func NewNotebookOAuthRoute(notebook *nbv1.Notebook) *routev1.Route
- func NewNotebookOAuthSecret(notebook *nbv1.Notebook) *corev1.Secret
- func NewNotebookOAuthService(notebook *nbv1.Notebook) *corev1.Service
- func NewNotebookRoute(notebook *nbv1.Notebook) *routev1.Route
- func NewNotebookServiceAccount(notebook *nbv1.Notebook) *corev1.ServiceAccount
- func NewOAuthNetworkPolicy(notebook *nbv1.Notebook) *netv1.NetworkPolicy
- func OAuthInjectionIsEnabled(meta metav1.ObjectMeta) bool
- func ReconciliationLockIsEnabled(meta metav1.ObjectMeta) bool
- func ServiceMeshIsEnabled(meta metav1.ObjectMeta) bool
- func SetContainerImageFromRegistry(ctx context.Context, config *rest.Config, notebook *nbv1.Notebook, ...) error
- type NotebookWebhook
- type OAuthConfig
- type OpenshiftNotebookReconciler
- func (r *OpenshiftNotebookReconciler) CreateNotebookCertConfigMap(notebook *nbv1.Notebook, ctx context.Context) error
- func (r *OpenshiftNotebookReconciler) IsConfigMapDeleted(notebook *nbv1.Notebook, ctx context.Context) bool
- func (r *OpenshiftNotebookReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)
- func (r *OpenshiftNotebookReconciler) ReconcileAllNetworkPolicies(notebook *nbv1.Notebook, ctx context.Context) error
- func (r *OpenshiftNotebookReconciler) ReconcileOAuthRoute(notebook *nbv1.Notebook, ctx context.Context) error
- func (r *OpenshiftNotebookReconciler) ReconcileOAuthSecret(notebook *nbv1.Notebook, ctx context.Context) error
- func (r *OpenshiftNotebookReconciler) ReconcileOAuthService(notebook *nbv1.Notebook, ctx context.Context) error
- func (r *OpenshiftNotebookReconciler) ReconcileOAuthServiceAccount(notebook *nbv1.Notebook, ctx context.Context) error
- func (r *OpenshiftNotebookReconciler) ReconcileRoute(notebook *nbv1.Notebook, ctx context.Context) error
- func (r *OpenshiftNotebookReconciler) RemoveReconciliationLock(notebook *nbv1.Notebook, ctx context.Context) error
- func (r *OpenshiftNotebookReconciler) SetupWithManager(mgr ctrl.Manager) error
- func (r *OpenshiftNotebookReconciler) UnsetNotebookCertConfig(notebook *nbv1.Notebook, ctx context.Context) error
Constants ¶
const ( AnnotationInjectOAuth = "notebooks.opendatahub.io/inject-oauth" AnnotationServiceMesh = "opendatahub.io/service-mesh" AnnotationValueReconciliationLock = "odh-notebook-controller-lock" AnnotationLogoutUrl = "notebooks.opendatahub.io/oauth-logout-url" )
const ( NotebookOAuthPort = 8443 NotebookPort = 8888 )
const ( OAuthServicePort = 443 OAuthServicePortName = "oauth-proxy" OAuthProxyImage = "registry.redhat.io/openshift4/ose-oauth-proxy:latest" )
Variables ¶
This section is empty.
Functions ¶
func CheckAndMountCACertBundle ¶
func CheckAndMountCACertBundle(ctx context.Context, cli client.Client, notebook *nbv1.Notebook, log logr.Logger) error
CheckAndMountCACertBundle checks if the odh-trusted-ca-bundle ConfigMap is present
func CompareNotebookNetworkPolicies ¶
func CompareNotebookNetworkPolicies(np1 netv1.NetworkPolicy, np2 netv1.NetworkPolicy) bool
CompareNotebookNetworkPolicies checks if two services are equal, if not return false
func CompareNotebookRoutes ¶
CompareNotebookRoutes checks if two routes are equal, if not return false
func CompareNotebookServiceAccounts ¶
func CompareNotebookServiceAccounts(sa1 corev1.ServiceAccount, sa2 corev1.ServiceAccount) bool
CompareNotebookServiceAccounts checks if two service accounts are equal, if not return false
func CompareNotebookServices ¶
CompareNotebookServices checks if two services are equal, if not return false
func CompareNotebooks ¶
CompareNotebooks checks if two notebooks are equal, if not return false.
func InjectOAuthProxy ¶
func InjectOAuthProxy(notebook *nbv1.Notebook, oauth OAuthConfig) error
InjectOAuthProxy injects the OAuth proxy sidecar container in the Notebook spec
func InjectReconciliationLock ¶
func InjectReconciliationLock(meta *metav1.ObjectMeta) error
InjectReconciliationLock injects the kubeflow notebook controller culling stop annotation to explicitly start the notebook pod when the ODH notebook controller finishes the reconciliation. Otherwise, a race condition may happen while mounting the notebook service account pull secret into the pod.
The ODH notebook controller will remove this annotation when the first reconciliation is completed (see RemoveReconciliationLock).
func NewNotebookNetworkPolicy ¶
func NewNotebookNetworkPolicy(notebook *nbv1.Notebook) *netv1.NetworkPolicy
NewNotebookNetworkPolicy defines the desired network policy for Notebook port
func NewNotebookOAuthRoute ¶
NewNotebookOAuthRoute defines the desired OAuth route object
func NewNotebookOAuthSecret ¶
NewNotebookOAuthSecret defines the desired OAuth secret object
func NewNotebookOAuthService ¶
NewNotebookOAuthService defines the desired OAuth service object
func NewNotebookRoute ¶
NewNotebookRoute defines the desired route object
func NewNotebookServiceAccount ¶
func NewNotebookServiceAccount(notebook *nbv1.Notebook) *corev1.ServiceAccount
NewNotebookServiceAccount defines the desired service account object
func NewOAuthNetworkPolicy ¶
func NewOAuthNetworkPolicy(notebook *nbv1.Notebook) *netv1.NetworkPolicy
NewOAuthNetworkPolicy defines the desired OAuth Network Policy
func OAuthInjectionIsEnabled ¶
func OAuthInjectionIsEnabled(meta metav1.ObjectMeta) bool
OAuthInjectionIsEnabled returns true if the oauth sidecar injection annotation is present in the notebook.
func ReconciliationLockIsEnabled ¶
func ReconciliationLockIsEnabled(meta metav1.ObjectMeta) bool
ReconciliationLockIsEnabled returns true if the reconciliation lock annotation is present in the notebook.
func ServiceMeshIsEnabled ¶
func ServiceMeshIsEnabled(meta metav1.ObjectMeta) bool
ServiceMeshIsEnabled returns true if the notebook should be part of the service mesh.
func SetContainerImageFromRegistry ¶
func SetContainerImageFromRegistry(ctx context.Context, config *rest.Config, notebook *nbv1.Notebook, log logr.Logger) error
SetContainerImageFromRegistry checks if there is an internal registry and takes the corresponding actions to set the container.image value. If an internal registry is detected, it uses the default values specified in the Notebook Custom Resource (CR). Otherwise, it checks the last-image-selection annotation to find the image stream and fetches the image from status.dockerImageReference, assigning it to the container.image value.
Types ¶
type NotebookWebhook ¶
type NotebookWebhook struct { Log logr.Logger Client client.Client Config *rest.Config Decoder *admission.Decoder OAuthConfig OAuthConfig }
NotebookWebhook holds the webhook configuration.
func (*NotebookWebhook) InjectDecoder ¶
func (w *NotebookWebhook) InjectDecoder(d *admission.Decoder) error
InjectDecoder injects the decoder.
type OAuthConfig ¶
type OAuthConfig struct {
ProxyImage string
}
type OpenshiftNotebookReconciler ¶
OpenshiftNotebookReconciler holds the controller configuration.
func (*OpenshiftNotebookReconciler) CreateNotebookCertConfigMap ¶
func (r *OpenshiftNotebookReconciler) CreateNotebookCertConfigMap(notebook *nbv1.Notebook, ctx context.Context) error
createNotebookCertConfigMap creates a ConfigMap workbench-trusted-ca-bundle that contains the root certificates from the ConfigMap odh-trusted-ca-bundle and the self-signed certificates from the ConfigMap kube-root-ca.crt The ConfigMap workbench-trusted-ca-bundle is used by the notebook to trust the root and self-signed certificates.
func (*OpenshiftNotebookReconciler) IsConfigMapDeleted ¶
func (r *OpenshiftNotebookReconciler) IsConfigMapDeleted(notebook *nbv1.Notebook, ctx context.Context) bool
IsConfigMapDeleted check if configmap is deleted and the notebook is using the configmap as a volume
func (*OpenshiftNotebookReconciler) Reconcile ¶
func (r *OpenshiftNotebookReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)
Reconcile performs the reconciling of the Openshift objects for a Kubeflow Notebook.
func (*OpenshiftNotebookReconciler) ReconcileAllNetworkPolicies ¶
func (r *OpenshiftNotebookReconciler) ReconcileAllNetworkPolicies(notebook *nbv1.Notebook, ctx context.Context) error
ReconcileAllNetworkPolicies will manage the network policies reconciliation required by the notebook.
func (*OpenshiftNotebookReconciler) ReconcileOAuthRoute ¶
func (r *OpenshiftNotebookReconciler) ReconcileOAuthRoute( notebook *nbv1.Notebook, ctx context.Context) error
ReconcileOAuthRoute will manage the creation, update and deletion of the OAuth route when the notebook is reconciled.
func (*OpenshiftNotebookReconciler) ReconcileOAuthSecret ¶
func (r *OpenshiftNotebookReconciler) ReconcileOAuthSecret(notebook *nbv1.Notebook, ctx context.Context) error
ReconcileOAuthSecret will manage the OAuth secret reconciliation required by the notebook OAuth proxy
func (*OpenshiftNotebookReconciler) ReconcileOAuthService ¶
func (r *OpenshiftNotebookReconciler) ReconcileOAuthService(notebook *nbv1.Notebook, ctx context.Context) error
ReconcileOAuthService will manage the OAuth service reconciliation required by the notebook OAuth proxy
func (*OpenshiftNotebookReconciler) ReconcileOAuthServiceAccount ¶
func (r *OpenshiftNotebookReconciler) ReconcileOAuthServiceAccount(notebook *nbv1.Notebook, ctx context.Context) error
ReconcileOAuthServiceAccount will manage the service account reconciliation required by the notebook OAuth proxy
func (*OpenshiftNotebookReconciler) ReconcileRoute ¶
func (r *OpenshiftNotebookReconciler) ReconcileRoute( notebook *nbv1.Notebook, ctx context.Context) error
ReconcileRoute will manage the creation, update and deletion of the TLS route when the notebook is reconciled
func (*OpenshiftNotebookReconciler) RemoveReconciliationLock ¶
func (r *OpenshiftNotebookReconciler) RemoveReconciliationLock(notebook *nbv1.Notebook, ctx context.Context) error
RemoveReconciliationLock waits until the image pull secret is mounted in the notebook service account to remove the reconciliation lock annotation.
func (*OpenshiftNotebookReconciler) SetupWithManager ¶
func (r *OpenshiftNotebookReconciler) SetupWithManager(mgr ctrl.Manager) error
SetupWithManager sets up the controller with the Manager.
func (*OpenshiftNotebookReconciler) UnsetNotebookCertConfig ¶
func (r *OpenshiftNotebookReconciler) UnsetNotebookCertConfig(notebook *nbv1.Notebook, ctx context.Context) error
UnsetEnvVars removes the environment variables from the notebook container