pod

package
v0.65.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 25, 2024 License: Apache-2.0 Imports: 50 Imported by: 14

Documentation

Overview

Package pod provides methods for converting between a TaskRun and a Pod.

Index

Constants

View Source
const (
	// TektonHermeticEnvVar is the env var we set in containers to indicate they should be run hermetically
	TektonHermeticEnvVar = "TEKTON_HERMETIC"

	// ExecutionModeAnnotation is an experimental optional annotation to set the execution mode on a TaskRun
	ExecutionModeAnnotation = "experimental.tekton.dev/execution-mode"

	// ExecutionModeHermetic indicates hermetic execution mode
	ExecutionModeHermetic = "hermetic"

	// SpiffeCsiDriver is the CSI storage plugin needed for injection of SPIFFE workload api.
	SpiffeCsiDriver = "csi.spiffe.io"

	// OsSelectorLabel is the label Kubernetes uses for OS-specific workloads (https://kubernetes.io/docs/reference/labels-annotations-taints/#kubernetes-io-os)
	OsSelectorLabel = "kubernetes.io/os"

	// TerminationReasonTimeoutExceeded indicates a step execution timed out.
	TerminationReasonTimeoutExceeded = "TimeoutExceeded"

	// TerminationReasonSkipped indicates a step execution was skipped due to previous step failed.
	TerminationReasonSkipped = "Skipped"

	// TerminationReasonContinued indicates a step errored but was ignored since onError was set to continue.
	TerminationReasonContinued = "Continued"

	// TerminationReasonCancelled indicates a step was cancelled.
	TerminationReasonCancelled = "Cancelled"

	StepArtifactPathPattern = "step.artifacts.path"

	// K8s version to determine if to use native k8s sidecar or Tekton sidecar
	SidecarK8sMinorVersionCheck = 29
)
View Source
const (
	// ReasonExceededResourceQuota indicates that the TaskRun failed to create a pod due to
	// a ResourceQuota in the namespace
	ReasonExceededResourceQuota = "ExceededResourceQuota"

	// ReasonExceededNodeResources indicates that the TaskRun's pod has failed to start due
	// to resource constraints on the node
	ReasonExceededNodeResources = "ExceededNodeResources"

	// ReasonPullImageFailed indicates that the TaskRun's pod failed to pull image
	ReasonPullImageFailed = "PullImageFailed"

	// ReasonCreateContainerConfigError indicates that the TaskRun failed to create a pod due to
	// config error of container
	ReasonCreateContainerConfigError = "CreateContainerConfigError"

	// ReasonPodCreationFailed indicates that the reason for the current condition
	// is that the creation of the pod backing the TaskRun failed
	ReasonPodCreationFailed = "PodCreationFailed"

	// ReasonPodAdmissionFailed indicates that the TaskRun's pod failed to pass admission validation
	ReasonPodAdmissionFailed = "PodAdmissionFailed"

	// ReasonPending indicates that the pod is in corev1.Pending, and the reason is not
	// ReasonExceededNodeResources or isPodHitConfigError
	ReasonPodPending = "Pending"
)
View Source
const (

	// RunDir is the directory that contains runtime variable data for TaskRuns.
	// This includes files for handling container ordering, exit status codes, and more.
	// See [https://github.com/tektoncd/pipeline/blob/main/docs/developers/taskruns.md#tekton]
	// for more details.
	RunDir = "/tekton/run"
)

Variables

View Source
var (
	ReleaseAnnotation = "pipeline.tekton.dev/release"

	// MaxActiveDeadlineSeconds is a maximum permitted value to be used for a task with no timeout
	MaxActiveDeadlineSeconds = int64(math.MaxInt32)

	// LinuxSecurityContext allow init containers to run in namespaces
	// with "restricted" pod security admission
	// See https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
	LinuxSecurityContext = &corev1.SecurityContext{
		AllowPrivilegeEscalation: &allowPrivilegeEscalation,
		Capabilities: &corev1.Capabilities{
			Drop: []corev1.Capability{"ALL"},
		},
		RunAsNonRoot: &runAsNonRoot,
		SeccompProfile: &corev1.SeccompProfile{
			Type: corev1.SeccompProfileTypeRuntimeDefault,
		},
	}
	WindowsSecurityContext = &corev1.SecurityContext{
		RunAsNonRoot: &runAsNonRoot,
	}
)

These are effectively const, but Go doesn't have such an annotation.

View Source
var (
	// ReasonFailedResolution indicated that the reason for failure status is
	// that references within the TaskRun could not be resolved
	ReasonFailedResolution = v1.TaskRunReasonFailedResolution.String()
	// ReasonFailedValidation indicated that the reason for failure status is
	// that taskrun failed runtime validation
	ReasonFailedValidation = v1.TaskRunReasonFailedValidation.String()
	// ReasonTaskFailedValidation indicated that the reason for failure status is
	// that task failed runtime validation
	ReasonTaskFailedValidation = v1.TaskRunReasonTaskFailedValidation.String()
	// ReasonResourceVerificationFailed indicates that the task fails the trusted resource verification,
	// it could be the content has changed, signature is invalid or public key is invalid
	ReasonResourceVerificationFailed = v1.TaskRunReasonResourceVerificationFailed.String()
)

Aliased for backwards compatibility; do not add additional TaskRun reasons here

View Source
var (

	// DownwardMountCancelFile is cancellation file mount to step, entrypoint will check this file to cancel the step.
	DownwardMountCancelFile = filepath.Join(downwardMountPoint, downwardMountCancelFile)
)

Functions

func CancelPod added in v0.53.0

func CancelPod(ctx context.Context, kubeClient kubernetes.Interface, namespace, podName string) error

CancelPod cancels the pod

func DidTaskRunFail added in v0.11.0

func DidTaskRunFail(pod *corev1.Pod) bool

DidTaskRunFail check the status of pod to decide if related taskrun is failed

func GetContainerName added in v0.56.0

func GetContainerName(name string) string

GetContainerName prefixes the input name with "step-"

func IsContainerSidecar added in v0.56.1

func IsContainerSidecar(name string) bool

IsContainerSidecar returns true if the container name indicates that it represents a sidecar.

func IsContainerStep added in v0.11.0

func IsContainerStep(name string) bool

IsContainerStep returns true if the container name indicates that it represents a step.

func IsPodArchived added in v0.43.0

func IsPodArchived(pod *corev1.Pod, trs *v1.TaskRunStatus) bool

IsPodArchived indicates if a pod is archived in the retriesStatus.

func IsPodExceedingNodeResources

func IsPodExceedingNodeResources(pod *corev1.Pod) bool

IsPodExceedingNodeResources returns true if the Pod's status indicates there are insufficient resources to schedule the Pod.

func IsSidecarStatusRunning added in v0.11.0

func IsSidecarStatusRunning(tr *v1.TaskRun) bool

IsSidecarStatusRunning determines if any SidecarStatus on a TaskRun is still running.

func MakeTaskRunStatus

func MakeTaskRunStatus(ctx context.Context, logger *zap.SugaredLogger, tr v1.TaskRun, pod *corev1.Pod, kubeclient kubernetes.Interface, ts *v1.TaskSpec) (v1.TaskRunStatus, error)

MakeTaskRunStatus returns a TaskRunStatus based on the Pod's status.

func SidecarsReady

func SidecarsReady(podStatus corev1.PodStatus) bool

SidecarsReady returns true if all of the Pod's sidecars are Ready or Terminated.

func StepName added in v0.27.0

func StepName(name string, i int) string

StepName returns the step name after adding "step-" prefix to the actual step name or returns "step-unnamed-<step-index>" if not specified

func StopSidecars

func StopSidecars(ctx context.Context, nopImage string, kubeclient kubernetes.Interface, namespace, name string) (*corev1.Pod, error)

StopSidecars updates sidecar containers in the Pod to a nop image, which exits successfully immediately.

func TrimSidecarPrefix added in v0.11.0

func TrimSidecarPrefix(name string) string

TrimSidecarPrefix returns the container name, stripped of its sidecar prefix.

func TrimStepPrefix added in v0.62.0

func TrimStepPrefix(name string) string

TrimStepPrefix returns the container name, stripped of its step prefix.

func UpdateReady

func UpdateReady(ctx context.Context, kubeclient kubernetes.Interface, pod corev1.Pod) error

UpdateReady updates the Pod's annotations to signal the first step to start by projecting the ready annotation via the Downward API.

Types

type Builder added in v0.15.0

type Builder struct {
	Images          pipeline.Images
	KubeClient      kubernetes.Interface
	EntrypointCache EntrypointCache
}

Builder exposes options to configure Pod construction from TaskSpecs/Runs.

func (*Builder) Build added in v0.15.0

func (b *Builder) Build(ctx context.Context, taskRun *v1.TaskRun, taskSpec v1.TaskSpec, transformers ...Transformer) (*corev1.Pod, error)

Build creates a Pod using the configuration options set on b and the TaskRun and TaskSpec provided in its arguments. An error is returned if there are any problems during the conversion.

type EntrypointCache

type EntrypointCache interface {
	// contains filtered or unexported methods
}

EntrypointCache looks up an image's entrypoint (command) in a container image registry, possibly using the given service account's credentials.

func NewEntrypointCache

func NewEntrypointCache(kubeclient kubernetes.Interface) (EntrypointCache, error)

NewEntrypointCache returns a new entrypoint cache implementation that uses K8s credentials to pull image metadata from a container image registry.

type Transformer added in v0.28.0

type Transformer func(*corev1.Pod) (*corev1.Pod, error)

Transformer is a function that will transform a Pod. This can be used to mutate a Pod generated by Tekton after it got generated.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL