nodeutil

package
v1.11.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jul 31, 2024 License: Apache-2.0 Imports: 39 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func ClientsetFromEnv 

func ClientsetFromEnv(kubeConfigPath string) (*kubernetes.Clientset, error)

ClientsetFromEnv returns a kuberentes client set from: 1. the passed in kubeconfig path 2. If the kubeconfig path is empty or non-existent, then the in-cluster config is used.

func DefaultServerCiphers 

func DefaultServerCiphers() []uint16

DefaultServerCiphers is the list of accepted TLS ciphers, with known weak ciphers elided Note this list should be a moving target.

func FilterPodsForNodeName 

func FilterPodsForNodeName(name string) node.PodEventFilterFunc

FilterPodsForNodeName creates an event filter function that filters pod events such that pod.Sepc.NodeName matches the provided name Use the return value of this as the PodEventFilterFunc in PodControllerConfig

func NodeLeaseV1Client 

func NodeLeaseV1Client(client kubernetes.Interface) coordclientset.LeaseInterface

NodeLeaseV1Client creates a V1 Lease client for use with node leases from the passed in client.

Use this with node.WithNodeEnableLeaseV1Beta1 when creating a node controller.

func PodFilters 

func PodFilters(filters ...node.PodEventFilterFunc) node.PodEventFilterFunc

PodFilters turns a list of pod filters into a single filter. When run, each item in the list is itterated in order until the first `true` result. If nothing returns true, the filter is false.

func PodInformerFilter 

func PodInformerFilter(node string) kubeinformers.SharedInformerOption

PodInformerFilter is a filter that you should use when creating a pod informer for use with the pod controller.

func WithAuth 

func WithAuth(auth Auth, h http.Handler) http.Handler

WithAuth makes a new http handler which wraps the provided handler with authn/authz.

func WithCACert 

func WithCACert(pem []byte) func(*tls.Config) error

WithCACert makes a TLS config opotion which appends the provided PEM encoded bytes the tls config's cert pool. If a cert pool is not defined on the tls config an empty one will be created.

func WithCAFromPath 

func WithCAFromPath(p string) func(*tls.Config) error

WithCAFromPath makes a TLS config option to set up client auth using the path to a PEM encoded CA cert.

func WithKeyPairFromPath 

func WithKeyPairFromPath(cert, key string) func(*tls.Config) error

WithKeyPairFromPath make sa TLS config option which loads the key pair paths from disk and appends them to the tls config.

Types

type Auth 

type Auth interface {
	authenticator.Request
	authorizer.RequestAttributesGetter
	authorizer.Authorizer
}

Auth is the interface used to implement authn/authz for http requests

func InstrumentAuth 

func InstrumentAuth(auth Auth) Auth

InstrumentAuth wraps the provided Auth in a new instrumented Auth

Note: You would only need this if you rolled your own auth. The Auth implementations defined in this package are already instrumented.

func NoAuth 

func NoAuth() Auth

NoAuth creates an Auth which allows anonymous access to all resouorces

func WebhookAuth 

func WebhookAuth(client kubernetes.Interface, nodeName string, opts ...WebhookAuthOption) (Auth, error)

WebhookAuth creates an Auth suitable to use with kubelet webhook auth. You must provide a CA provider to the authentication config, otherwise mTLS is disabled.

type NewProviderFunc 

type NewProviderFunc func(ProviderConfig) (Provider, node.NodeProvider, error)

NewProviderFunc is used from NewNodeFromClient to bootstrap a provider using the client/listers/etc created there. If a nil node provider is returned a default one will be used.

type Node 

type Node struct {
	// contains filtered or unexported fields
}

Node helps manage the startup/shutdown procedure for other controllers. It is intended as a convenience to reduce boiler plate code for starting up controllers.

Must be created with constructor `NewNode`.

func NewNode 

func NewNode(name string, newProvider NewProviderFunc, opts ...NodeOpt) (*Node, error)

NewNode creates a new node using the provided client and name. This is intended for high-level/low boiler-plate usage. Use the constructors in the `node` package for lower level configuration.

Some basic values are set for node status, you'll almost certainly want to modify it.

If client is nil, this will construct a client using ClientsetFromEnv It is up to the caller to configure auth on the HTTP handler.

func (*Node) Done 

func (n *Node) Done() <-chan struct{}

Done returns a channel that will be closed when the controller has exited.

func (*Node) Err 

func (n *Node) Err() error

Err returns any error that occurred with the controller.

This always return nil before `<-Done()`.

func (*Node) NodeController 

func (n *Node) NodeController() *node.NodeController

NodeController returns the configured node controller.

func (*Node) PodController 

func (n *Node) PodController() *node.PodController

PodController returns the configured pod controller.

func (*Node) Ready 

func (n *Node) Ready() <-chan struct{}

Ready returns a channel that will be closed after the controller is ready.

func (*Node) Run 

func (n *Node) Run(ctx context.Context) (retErr error)

Run starts all the underlying controllers

func (*Node) WaitReady 

func (n *Node) WaitReady(ctx context.Context, timeout time.Duration) error

WaitReady waits for the specified timeout for the controller to be ready.

The timeout is for convenience so the caller doesn't have to juggle an extra context.

type NodeConfig 

type NodeConfig struct {
	// Set the client to use, otherwise a client will be created from ClientsetFromEnv
	Client kubernetes.Interface

	// Set the node spec to register with Kubernetes
	NodeSpec v1.Node
	// Set the path to read a kubeconfig from for creating a client.
	// This is ignored when a client is provided to NewNodeFromClient
	KubeconfigPath string
	// Set the period for a full resync for generated client-go informers
	InformerResyncPeriod time.Duration

	// Set the address to listen on for the http API
	HTTPListenAddr string
	// Set a custom API handler to use.
	// You can use this to setup, for example, authentication middleware.
	// If one is not provided a default one will be created.
	//
	// Note: If you provide your own handler, you'll need to handle all auth, routes, etc.
	Handler http.Handler
	// Set the timeout for idle http streams
	StreamIdleTimeout time.Duration
	// Set the timeout for creating http streams
	StreamCreationTimeout time.Duration
	// Enable http debugging routes
	DebugHTTP bool
	// Set the tls config to use for the http server
	TLSConfig *tls.Config

	// Specify the event recorder to use
	// If this is not provided, a default one will be used.
	EventRecorder record.EventRecorder

	// Set the number of workers to reconcile pods
	// The default value is derived from the number of cores available.
	NumWorkers int

	// Set the error handler for node status update failures
	NodeStatusUpdateErrorHandler node.ErrorHandler
	// contains filtered or unexported fields
}

NodeConfig is used to hold configuration items for a Node. It gets used in conjection with NodeOpt in NewNodeFromClient

type NodeOpt 

type NodeOpt func(c *NodeConfig) error

NodeOpt is used as functional options when configuring a new node in NewNodeFromClient

func AttachProviderRoutes 

func AttachProviderRoutes(mux api.ServeMux) NodeOpt

AttachProviderRoutes returns a NodeOpt which uses api.PodHandler to attach the routes to the provider functions.

Note this only attaches routes, you'll need to ensure to set the handler in the node config.

func WithClient 

func WithClient(c kubernetes.Interface) NodeOpt

WithClient return a NodeOpt that sets the client that will be used to create/manage the node.

func WithNodeConfig 

func WithNodeConfig(c NodeConfig) NodeOpt

WithNodeConfig returns a NodeOpt which replaces the NodeConfig with the passed in value.

func WithTLSConfig 

func WithTLSConfig(opts ...func(*tls.Config) error) NodeOpt

WithTLSConfig returns a NodeOpt which creates a base TLSConfig with the default cipher suites and tls min verions. The tls config can be modified through functional options.

type NodeRequestAttr 

type NodeRequestAttr struct {
	NodeName string
}

NodeRequestAttr is a authorizor.RequeestAttributesGetter which can be used in the Auth interface.

func (NodeRequestAttr) GetRequestAttributes 

func (a NodeRequestAttr) GetRequestAttributes(u user.Info, r *http.Request) authorizer.Attributes

GetRequestAttributes satisfies the authorizer.RequestAttributesGetter interface for use with an `Auth`.

type Provider 

type Provider interface {
	node.PodLifecycleHandler

	// GetContainerLogs retrieves the logs of a container by name from the provider.
	GetContainerLogs(ctx context.Context, namespace, podName, containerName string, opts api.ContainerLogOpts) (io.ReadCloser, error)

	// RunInContainer executes a command in a container in the pod, copying data
	// between in/out/err and the container's stdin/stdout/stderr.
	RunInContainer(ctx context.Context, namespace, podName, containerName string, cmd []string, attach api.AttachIO) error

	// AttachToContainer attaches to the executing process of a container in the pod, copying data
	// between in/out/err and the container's stdin/stdout/stderr.
	AttachToContainer(ctx context.Context, namespace, podName, containerName string, attach api.AttachIO) error

	// GetStatsSummary gets the stats for the node, including running pods
	GetStatsSummary(context.Context) (*statsv1alpha1.Summary, error)

	// GetMetricsResource gets the metrics for the node, including running pods
	GetMetricsResource(context.Context) ([]*dto.MetricFamily, error)

	// PortForward forwards a local port to a port on the pod
	PortForward(ctx context.Context, namespace, pod string, port int32, stream io.ReadWriteCloser) error
}

Provider contains the methods required to implement a virtual-kubelet provider.

Errors produced by these methods should implement an interface from github.com/surax98/virtual-kubelet/errdefs package in order for the core logic to be able to understand the type of failure

type ProviderConfig 

type ProviderConfig struct {
	Pods       corev1listers.PodLister
	ConfigMaps corev1listers.ConfigMapLister
	Secrets    corev1listers.SecretLister
	Services   corev1listers.ServiceLister
	// Hack to allow the provider to set things on the node
	// Since the provider is bootstrapped after the node object is configured
	// Primarily this is due to carry-over from the pre-1.0 interfaces that expect the provider instead of the direct *caller* to configure the node.
	Node *v1.Node
}

ProviderConfig holds objects created by NewNodeFromClient that a provider may need to bootstrap itself.

type WebhookAuthConfig 

type WebhookAuthConfig struct {
	AuthnConfig authenticatorfactory.DelegatingAuthenticatorConfig
	AuthzConfig authorizerfactory.DelegatingAuthorizerConfig
}

WebhookAuthConfig stores the configurations for authn/authz and is used by WebhookAuthOption to expose to callers.

type WebhookAuthOption 

type WebhookAuthOption func(*WebhookAuthConfig) error

WebhookAuthOption is used as a functional argument to configure webhook auth.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.