Documentation ¶
Index ¶
- Constants
- Variables
- func ByteCount(b uint64) string
- func EncodeCertPEM(cert *x509.Certificate) []byte
- func EncodePrivateKeyPEM(key *rsa.PrivateKey) []byte
- func GetAdmissionName() (string, error)
- func GetAdmissionReference(kubeClient kubernetes.Interface) (*metav1.OwnerReference, error)
- func GetDesiredReplicaPoolNames(cvc *cstor.CStorVolumeConfig) []string
- func GetHostNameFromLabelSelector(labels map[string]string, kubeClient kubernetes.Interface) (string, error)
- func GetNewBDFromRaidGroups(newRG, oldRG *cstor.RaidGroup) map[string]string
- func GetNumberOfDiskReplaced(newRG, oldRG *cstor.RaidGroup) int
- func GetSecret(namespace string, secretName string, kubeClient kubernetes.Interface) (*corev1.Secret, error)
- func GetValidatorWebhook(validator string, kubeClient kubernetes.Interface) (*admissionregistration.ValidatingWebhookConfiguration, error)
- func InitValidationServer(ownerReference metav1.OwnerReference, k kubernetes.Interface) error
- func IsBlockDeviceReplacementCase(newRaidGroup, oldRaidGroup *cstor.RaidGroup) bool
- func IsMoreThanOneDiskReplaced(newRG, oldRG *cstor.RaidGroup) bool
- func IsRaidGroupCommon(rgOld, rgNew cstor.RaidGroup) bool
- func IsUniqueList(list []string) bool
- func New(p Parameters, kubeClient kubernetes.Interface, ...) (*webhook, error)
- func NewSignedCert(cfg *certutil.Config, key crypto.Signer, caCert *x509.Certificate, ...) (*x509.Certificate, error)
- func StrPtr(s string) *string
- func ValidateSpecChanges(commonPoolSpecs *poolspecs, pOps *PoolOperations) (bool, string)
- type AdmissionResponse
- type Builder
- type KeyPair
- type Parameters
- type PoolOperations
- func (pOps *PoolOperations) AreNewBDsValid(newRG, oldRG *cstor.RaidGroup, oldcspc *cstor.CStorPoolCluster) bool
- func (pOps *PoolOperations) ArePoolSpecChangesValid(oldPoolSpec, newPoolSpec *cstor.PoolSpec) (bool, string)
- func (pOps *PoolOperations) ClaimBD(newBdObj *openebsapis.BlockDevice, oldBD string) error
- func (pOps *PoolOperations) GetBDCOfBD(bdName string) (*openebsapis.BlockDeviceClaim, error)
- func (pOps *PoolOperations) GetPredecessorBDIfAny(cspcOld *cstor.CStorPoolCluster) (map[string]bool, error)
- func (pOps *PoolOperations) IsBDReplacementValid(newRG, oldRG *cstor.RaidGroup, oldRgType string) (bool, string)
- func (pOps *PoolOperations) IsBDValid(bd string, bdc *openebsapis.BlockDeviceClaim, oldcspc *cstor.CStorPoolCluster) bool
- func (pOps *PoolOperations) IsExistingReplacmentInProgress(oldRG *cstor.RaidGroup) (bool, error)
- func (pOps *PoolOperations) IsNewBDPresentOnCurrentCSPC(newRG, oldRG *cstor.RaidGroup) bool
- func (pOps *PoolOperations) WithNewCSPC(newCSPC *cstor.CStorPoolCluster) *PoolOperations
- func (pOps *PoolOperations) WithOldCSPC(oldCSPC *cstor.CStorPoolCluster) *PoolOperations
- type PoolValidator
Constants ¶
const ( // PrivateKeyBlockType is a possible value for pem.Block.Type. PrivateKeyBlockType = "PRIVATE KEY" // PublicKeyBlockType is a possible value for pem.Block.Type. PublicKeyBlockType = "PUBLIC KEY" // CertificateBlockType is a possible value for pem.Block.Type. CertificateBlockType = "CERTIFICATE" // RSAPrivateKeyBlockType is a possible value for pem.Block.Type. RSAPrivateKeyBlockType = "RSA PRIVATE KEY" )
const ( // AdmissionNameEnvVar is the constant for env variable ADMISSION_WEBHOOK_NAME // which is the name of the current admission webhook AdmissionNameEnvVar = "ADMISSION_WEBHOOK_NAME" )
Variables ¶
var ( // Ignore means that an error calling the webhook is ignored. Ignore = admissionregistration.Ignore // Fail means that an error calling the webhook causes the admission to fail. Fail = admissionregistration.Fail )
var ( // SupportedPRaidType is a map holding the supported raid configurations // Value of the keys -- // 1. In case of striped this is the minimum number of disk required. // 2. In all other cases this is the exact number of disks required. SupportedPRaidType = map[cstor.PoolType]validateRaidBDCount{ cstor.PoolStriped: isStripedBDCountValid, cstor.PoolMirrored: isMirroredBDCountValid, cstor.PoolRaidz: isRaidzBDCountValid, cstor.PoolRaidz2: isRaidz2BDCountValid, } // SupportedCompression is a map holding the supported compressions // TODO: confirm all the compression types supported by control plane // and update the map accordingly SupportedCompression = map[string]bool{ "": true, "off": true, "lz": true, } )
var DefaultEllipticCurve = elliptic.P256()
DefaultEllipticCurve specifies the default elliptic curve to be used for key generation
Functions ¶
func EncodeCertPEM ¶
func EncodeCertPEM(cert *x509.Certificate) []byte
EncodeCertPEM returns PEM-endcoded certificate data
func EncodePrivateKeyPEM ¶
func EncodePrivateKeyPEM(key *rsa.PrivateKey) []byte
EncodePrivateKeyPEM returns PEM-encoded private key data
func GetAdmissionName ¶
GetAdmissionName return the admission server name
func GetAdmissionReference ¶
func GetAdmissionReference(kubeClient kubernetes.Interface) (*metav1.OwnerReference, error)
GetAdmissionReference is a utility function to fetch a reference to the admission webhook deployment object
func GetDesiredReplicaPoolNames ¶
func GetDesiredReplicaPoolNames(cvc *cstor.CStorVolumeConfig) []string
GetDesiredReplicaPoolNames returns list of desired pool names
func GetHostNameFromLabelSelector ¶
func GetHostNameFromLabelSelector(labels map[string]string, kubeClient kubernetes.Interface) (string, error)
GetHostNameFromLabelSelector returns the node name selected by provided labels
func GetNewBDFromRaidGroups ¶
GetNewBDFromRaidGroups returns a map of new successor bd to old bd for replacement in a raid group
func GetNumberOfDiskReplaced ¶
GetNumberOfDiskReplaced returns the nuber of disk replaced in raid group.
func GetSecret ¶
func GetSecret( namespace string, secretName string, kubeClient kubernetes.Interface, ) (*corev1.Secret, error)
GetSecret fetches the secret resource in the given namespace.
func GetValidatorWebhook ¶
func GetValidatorWebhook( validator string, kubeClient kubernetes.Interface, ) (*admissionregistration.ValidatingWebhookConfiguration, error)
GetValidatorWebhook fetches the webhook validator resource in Openebs namespace.
func InitValidationServer ¶
func InitValidationServer( ownerReference metav1.OwnerReference, k kubernetes.Interface, ) error
InitValidationServer creates secret, service and admission validation k8s resources. All these resources are created in the same namespace where openebs components is running.
func IsBlockDeviceReplacementCase ¶
IsBlockDeviceReplacementCase returns true if the edit/update of CSPC can trigger a blockdevice replacement.
func IsMoreThanOneDiskReplaced ¶
IsMoreThanOneDiskReplaced returns true if more than one disk is replaced in the same raid group.
func IsRaidGroupCommon ¶
IsRaidGroupCommon returns true if the provided raid groups are the same raid groups.
func IsUniqueList ¶
IsUniqueList returns true if values in list are not repeated else return false
func New ¶
func New(p Parameters, kubeClient kubernetes.Interface, openebsClient clientset.Interface) ( *webhook, error)
New creates a new instance of a webhook. Prior to invoking this function, InitValidationServer function must be called to set up secret (for TLS certs) k8s resource. This function runs forever.
func NewSignedCert ¶
func NewSignedCert(cfg *certutil.Config, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, error)
NewSignedCert creates a signed certificate using the given CA certificate and key
func ValidateSpecChanges ¶
func ValidateSpecChanges(commonPoolSpecs *poolspecs, pOps *PoolOperations) (bool, string)
ValidateSpecChanges validates the changes in CSPC for changes in a raid group only if the update/edit of CSPC can trigger a block device replacement/pool expansion scenarios.
Types ¶
type AdmissionResponse ¶
type AdmissionResponse struct {
AR *v1beta1.AdmissionResponse
}
AdmissionResponse embeds K8S admission response API.
func BuildForAPIObject ¶
func BuildForAPIObject(ar *v1beta1.AdmissionResponse) *AdmissionResponse
BuildForAPIObject builds for api admission response object.
func NewAdmissionResponse ¶
func NewAdmissionResponse() *AdmissionResponse
NewAdmissionResponse returns an empty instance of AdmissionResponse.
func (*AdmissionResponse) SetAllowed ¶
func (ar *AdmissionResponse) SetAllowed() *AdmissionResponse
SetAllowed sets allowed to true.
func (*AdmissionResponse) UnSetAllowed ¶
func (ar *AdmissionResponse) UnSetAllowed() *AdmissionResponse
UnSetAllowed sets allowed to false.
func (*AdmissionResponse) WithResultAsFailure ¶
func (ar *AdmissionResponse) WithResultAsFailure(err error, code int32) *AdmissionResponse
WithResultAsFailure sets failure result.
func (*AdmissionResponse) WithResultAsSuccess ¶
func (ar *AdmissionResponse) WithResultAsSuccess(code int32) *AdmissionResponse
WithResultAsSuccess sets success result.
type Builder ¶
type Builder struct {
// contains filtered or unexported fields
}
Builder is the builder object for Builder
type KeyPair ¶
type KeyPair struct { Key *rsa.PrivateKey Cert *x509.Certificate }
KeyPair ...
func NewClientKeyPair ¶
NewClientKeyPair ...
type Parameters ¶
type Parameters struct { // Port is webhook server port Port int //CertFile is path to the x509 certificate for https CertFile string //KeyFile is path to the x509 private key matching `CertFile` KeyFile string }
Parameters are server configures parameters
type PoolOperations ¶
type PoolOperations struct { // OldCSPC is the persisted CSPC in etcd. OldCSPC *cstor.CStorPoolCluster // NewCSPC is the CSPC after it has been modified but yet not persisted to etcd. NewCSPC *cstor.CStorPoolCluster // contains filtered or unexported fields }
PoolOperations contains old and new CSPC to validate for pool operations
func NewPoolOperations ¶
func NewPoolOperations(k kubernetes.Interface, c clientset.Interface) *PoolOperations
NewPoolOperations returns an empty PoolOperations object.
func (*PoolOperations) AreNewBDsValid ¶
func (pOps *PoolOperations) AreNewBDsValid(newRG, oldRG *cstor.RaidGroup, oldcspc *cstor.CStorPoolCluster) bool
AreNewBDsValid returns true if the new BDs are valid BDs for replacement.
func (*PoolOperations) ArePoolSpecChangesValid ¶
func (pOps *PoolOperations) ArePoolSpecChangesValid(oldPoolSpec, newPoolSpec *cstor.PoolSpec) (bool, string)
ArePoolSpecChangesValid validates the pool specs on CSPC for raid groups changes(day-2-operations). Steps performed in this function
- Get common raidgroups with index matching from old and new spec.
- Iterate over common old and new raid groups and perform following steps: 2.1 Validate raid group changes. 2.1.1: Verify and return error when new block device added or removed from existing raid groups for other than stripe pool type. 2.2 Validate changes for blockdevice replacement scenarios(openebs/openebs#2846).
- Validate vertical pool expansions if there are any new raidgroups or blockdevices added.
func (*PoolOperations) ClaimBD ¶
func (pOps *PoolOperations) ClaimBD(newBdObj *openebsapis.BlockDevice, oldBD string) error
ClaimBD claims a given BlockDevice
func (*PoolOperations) GetBDCOfBD ¶
func (pOps *PoolOperations) GetBDCOfBD(bdName string) (*openebsapis.BlockDeviceClaim, error)
GetBDCOfBD returns the BDC object for corresponding BD.
func (*PoolOperations) GetPredecessorBDIfAny ¶
func (pOps *PoolOperations) GetPredecessorBDIfAny(cspcOld *cstor.CStorPoolCluster) (map[string]bool, error)
GetPredecessorBDIfAny returns a map of predecessor BDs if any in the current CSPC Note: Predecessor BDs in a CSPC are those BD for which a new BD has appeared in the CSPC and
replacement is still in progress
For example, (b1,b2) is a group in cspc which has been changed to ( b3,b2 ) [Notice that b1 got replaced by b3], now b1 is not present in CSPC but the replacement is still in progress in background. In this case b1 is a predecessor BD.
func (*PoolOperations) IsBDReplacementValid ¶
func (pOps *PoolOperations) IsBDReplacementValid(newRG, oldRG *cstor.RaidGroup, oldRgType string) (bool, string)
IsBDReplacementValid validates for BD replacement.
func (*PoolOperations) IsBDValid ¶
func (pOps *PoolOperations) IsBDValid(bd string, bdc *openebsapis.BlockDeviceClaim, oldcspc *cstor.CStorPoolCluster) bool
IsBDValid returns true if the new BD is a valid BD for replacement.
func (*PoolOperations) IsExistingReplacmentInProgress ¶
func (pOps *PoolOperations) IsExistingReplacmentInProgress(oldRG *cstor.RaidGroup) (bool, error)
IsExistingReplacmentInProgress returns true if a block device in raid group is under active replacement.
func (*PoolOperations) IsNewBDPresentOnCurrentCSPC ¶
func (pOps *PoolOperations) IsNewBDPresentOnCurrentCSPC(newRG, oldRG *cstor.RaidGroup) bool
IsNewBDPresentOnCurrentCSPC returns true if the new/incoming BD that will be used for replacement is already present in CSPC.
func (*PoolOperations) WithNewCSPC ¶
func (pOps *PoolOperations) WithNewCSPC(newCSPC *cstor.CStorPoolCluster) *PoolOperations
WithNewCSPC sets the new CSPC as a result of CSPC modification which is not yet persisted, into the PoolOperations object
func (*PoolOperations) WithOldCSPC ¶
func (pOps *PoolOperations) WithOldCSPC(oldCSPC *cstor.CStorPoolCluster) *PoolOperations
WithOldCSPC sets the old persisted CSPC into the PoolOperations object.
type PoolValidator ¶
type PoolValidator struct {
// contains filtered or unexported fields
}
PoolValidator is build to validate pool spec, raid groups and blockdevices
func NewPoolSpecValidator ¶
func NewPoolSpecValidator() *PoolValidator
NewPoolSpecValidator returns new instance of poolValidator