Documentation ¶
Index ¶
Constants ¶
const ( // DefaultNamespace is the namespace where the aggregator and plugin workers will run (but not necessarily the pods created by the plugin workers). DefaultNamespace = "sonobuoy" // UpstreamKubeConformanceImageURL is the URL of the docker image to run for // the kube conformance tests which is maintained by upstream Kubernetes. UpstreamKubeConformanceImageURL = "registry.k8s.io/conformance" // DefaultAggregationServerBindPort is the default port for the aggregation server to bind to. DefaultAggregationServerBindPort = 8080 // DefaultAggregationServerBindAddress is the default address for the aggregation server to bind to. DefaultAggregationServerBindAddress = "0.0.0.0" // DefaultAggregationServerTimeoutSeconds is the default amount of time the aggregation server will wait for all plugins to complete. DefaultAggregationServerTimeoutSeconds = 21600 // 360 min // AggregatorPodName is the name of the main pod that runs plugins and collects results. AggregatorPodName = "sonobuoy" // AggregatorContainerName is the name of the main container in the aggregator pod. AggregatorContainerName = "kube-sonobuoy" // AggregatorResultsPath is the location in the main container of the aggregator pod where results will be archived. // It is different from the default results path for plugins (/tmp/sonobuoy/results). AggregatorResultsPath = "/tmp/sonobuoy" // DefaultSonobuoyPullPolicy is the default pull policy used in the Sonobuoy config. DefaultSonobuoyPullPolicy = "IfNotPresent" // DefaultQueryQPS is the number of queries per second Sonobuoy will make when gathering data. DefaultQueryQPS = 30 // DefaultQueryBurst is the peak number of queries per second Sonobuoy will make when gathering data. DefaultQueryBurst = 50 // DefaultProgressUpdatesPort is the port on which the Sonobuoy worker will listen for status updates from its plugin. DefaultProgressUpdatesPort = "8099" // DefaultDNSNamespace is the namespace where the DNS pods for the cluster are found. DefaultDNSNamespace = "kube-system" // DefaultSystemdLogsImage is the URL for the docker image used by the systemd-logs plugin DefaultSystemdLogsImage = "sonobuoy/systemd-logs:v0.4" // DefaultSystemdLogsImageNameAndTag is the name/tag for systemd-logs plugin without the registry. DefaultSystemdLogsImageNameAndTag = "systemd-logs:v0.4" // DefaultSecurityContextMode is a shorthand for common security context values. Default is nonroot which sets // runAsUser, runAsGroup, and fsGroup. 'none' skips setting those it entirely since Windows does not support them. DefaultSecurityContextMode = "nonroot" AggregatorPermissionsClusterAdmin = "clusterAdmin" AggregatorPermissionsClusterRead = "clusterRead" AggregatorPermissionsNamespaceAdmin = "namespaceAdmin" DefaultAggregatorPermissions = AggregatorPermissionsClusterAdmin // DefaultServiceAccountName is the default Service Account name that should be used if no customization is provided DefaultServiceAccountName = "sonobuoy-serviceaccount" // DefaultNamespacePSAEnforceLevel is the default Pod Security Admission level to label the Sonobouy namespace for enforcing mode DefaultNamespacePSAEnforceLevel = "privileged" )
Variables ¶
var ( // DefaultImage is the URL of the docker image to run for the aggregator and workers DefaultImage = "sonobuoy/sonobuoy:" + buildinfo.Version // DefaultResources is the default set of resources which are queried for after plugins run. The strings // are compared against the resource.Name given by the client-go discovery client. The non-standard values // that are included here are: podlogs, servergroups, serverversion. The value 'nodes', although a crawlable // API value, also is used to query against the healthz and configz endpoints on the node. // By providing the nil value we query them all (except secrets). DefaultResources = []string(nil) // DefaultDNSPodLabels are the label selectors that are used to locate the DNS pods in the cluster. DefaultDNSPodLabels = []string{ "k8s-app=kube-dns", "k8s-app=coredns", } )
Functions ¶
This section is empty.
Types ¶
type Config ¶
type Config struct { /////////////////////////////////////////////// // Meta-Data collection options /////////////////////////////////////////////// Description string `json:"Description" mapstructure:"Description"` UUID string `json:"UUID" mapstructure:"UUID"` Version string `json:"Version" mapstructure:"Version"` ResultsDir string `json:"ResultsDir" mapstructure:"ResultsDir"` QueryDir string `json:"QueryDir,omitempty" mapstructure:"QueryDir"` /////////////////////////////////////////////// // Query options /////////////////////////////////////////////// Resources []string `json:"Resources" mapstructure:"Resources"` Filters FilterOptions `json:"Filters" mapstructure:"Filters"` Limits LimitConfig `json:"Limits" mapstructure:"Limits"` QPS float32 `json:"QPS,omitempty" mapstructure:"QPS"` Burst int `json:"Burst,omitempty" mapstructure:"Burst"` /////////////////////////////////////////////// // Plugin configurations settings /////////////////////////////////////////////// Aggregation plugin.AggregationConfig `json:"Server" mapstructure:"Server"` PluginSelections []plugin.Selection `json:"Plugins" mapstructure:"Plugins"` PluginSearchPath []string `json:"PluginSearchPath" mapstructure:"PluginSearchPath"` Namespace string `json:"Namespace" mapstructure:"Namespace"` SkipPlugins bool `json:"SkipPlugins,omitempty"` LoadedPlugins []plugin.Interface `json:"-"` // this is assigned when plugins are loaded. /////////////////////////////////////////////// // Sonobuoy configuration /////////////////////////////////////////////// WorkerImage string `json:"WorkerImage" mapstructure:"WorkerImage"` ImagePullPolicy string `json:"ImagePullPolicy" mapstructure:"ImagePullPolicy"` ForceImagePullPolicy bool `json:"ForceImagePullPolicy,omitempty" mapstructure:"ForceImagePullPolicy"` ImagePullSecrets string `json:"ImagePullSecrets" mapstructure:"ImagePullSecrets"` CustomAnnotations map[string]string `json:"CustomAnnotations,omitempty" mapstructure:"CustomAnnotations"` AggregatorPermissions string `json:"AggregatorPermissions" mapstructure:"AggregatorPermissions"` AggregatorTolerations []map[string]string `json:"AggregatorTolerations,omitempty" mapstructure:"AggregatorTolerations"` ServiceAccountName string `json:"ServiceAccountName" mapstructure:"ServiceAccountName"` ExistingServiceAccount bool `json:"ExistingServiceAccount,omitempty" mapstructure:"ExistingServiceAccount,omitempty"` E2EDockerConfigFile string `json:"E2EDockerConfigFile,omitempty" mapstructure:"E2EDockerConfigFile,omitempty"` NamespacePSAEnforceLevel string `json:"NamespacePSAEnforceLevel,omitempty" mapstructure:"NamespacePSAEnforceLevel,omitempty"` // ProgressUpdatesPort is the port on which the Sonobuoy worker will listen for status updates from its plugin. ProgressUpdatesPort string `json:"ProgressUpdatesPort,omitempty" mapstructure:"ProgressUpdatesPort"` // SecurityCtx allows uers to specify the security context for the aggregator pod. This is particularly // important for two cases: local security prevents running without specifying non-root users and Windows // nodes do not currently support runAsUser/Group settings so if we default so something we need to allow // users to opt out easily. SecurityContextMode string `json:"SecurityContextMode" mapstructure:"SecurityContextMode"` }
Config is the input struct used to determine what data to collect.
func LoadConfig ¶
LoadConfig will load the current sonobuoy configuration using the filesystem and environment variables, and returns a config object
func New ¶ added in v0.11.0
func New() *Config
New returns a newly-constructed Config object with default values.
func (*Config) FilterResources ¶
FilterResources is a utility function used to parse Resources
func (*Config) OutputDir ¶
OutputDir returns the AggregatorResultsPath/:UUID. Hard-coded aggregator results path to avoid miscommunication between the local host and aggregator during retrieve.
func (*Config) QueryOutputDir ¶ added in v0.56.0
QueryOutputDir returns the QueryDir if set and falls back to the AggregatorResultsPath/:UUID to work on the aggregator by default.
type FilterOptions ¶
type FilterOptions struct { Namespaces string `json:"Namespaces"` LabelSelector string `json:"LabelSelector"` }
FilterOptions allow operators to select sets to include in a report
type LimitConfig ¶ added in v0.9.0
type LimitConfig struct {
PodLogs PodLogLimits `json:"PodLogs" mapstructure:"PodLogs"`
}
LimitConfig is a configuration on the limits of various responses, such as limits of sizes
type PodLogLimits ¶ added in v0.15.1
type PodLogLimits struct { // A regular expression for the targeted namespaces, follows the format of Golang Regexp Namespaces string `json:"Namespaces" mapstructure:"Namespaces"` // If set to true, take into account the pod logs from Sonobuoy's namespace, i.e. Config.Namespace // Use a pointer here to differentiate an empty input or an input of false. // Default value will be true, empty input could be overwritten by default value SonobuoyNamespace *bool `json:"SonobuoyNamespace" mapstructure:"SonobuoyNamespace"` // Filtering candidate pods by their fields // This is an array of FieldSelector, each of them follows the same format as: // k8s.io/apimachinery/pkg/apis/meta/v1/types/ListOptions/FieldSelector // // One field selector contains one or more chained operators, with AND logic // e.g. FieldSelectors = ["status.phase==Running,spec.restartPolicy=Always"] means // status.phase==Running AND spec.restartPolicy=Always // // Multiple field selectors can be provided, with OR logic: // e.g. FieldSelectors = ["status==Pending", "status.phase==Running,spec.restartPolicy=Always"] means // status==Pending OR ( status.phase==Running AND spec.restartPolicy=Always ) FieldSelectors []string `json:"FieldSelectors" mapstructure:"FieldSelectors"` // Filtering candidate pods by their labels // using the same format as k8s.io/apimachinery/pkg/apis/meta/v1/types/ListOptions/LabelSelector. // The input should follow this form: // // <selector-syntax> ::= <requirement> | <requirement> "," <selector-syntax> // <requirement> ::= [!] KEY [ <set-based-restriction> | <exact-match-restriction> ] // <set-based-restriction> ::= "" | <inclusion-exclusion> <value-set> // <inclusion-exclusion> ::= <inclusion> | <exclusion> // <exclusion> ::= "notin" // <inclusion> ::= "in" // <value-set> ::= "(" <values> ")" // <values> ::= VALUE | VALUE "," <values> // <exact-match-restriction> ::= ["="|"=="|"!="] VALUE // // KEY is a sequence of one or more characters following [ DNS_SUBDOMAIN "/" ] DNS_LABEL. Max length is 63 characters. // VALUE is a sequence of zero or more characters "([A-Za-z0-9_-\.])". Max length is 63 characters. // Delimiter is white space: (' ', '\t') // // Example of valid syntax: // "x in (foo,,baz),y,z notin ()" // LabelSelector string `json:"LabelSelector" mapstructure:"LabelSelector"` // Return previous terminated container logs. Defaults to false. // +optional Previous bool `json:"Previous" mapstructure:"Previous"` // A relative time in seconds before the current time from which to show logs. If this value // precedes the time a pod was started, only logs since the pod start will be returned. // If this value is in the future, no logs will be returned. // Only one of sinceSeconds or sinceTime may be specified. // +optional SinceSeconds *int64 `json:"SinceSeconds" mapstructure:"SinceSeconds"` // An RFC3339 timestamp from which to show logs, e.g. "2019-06-28T00:34:00Z" . If this value // precedes the time a pod was started, only logs since the pod start will be returned. // If this value is in the future, no logs will be returned. // Only one of LimitTime or sinceTime may be specified. // +optional SinceTime *metav1.Time `json:"SinceTime" mapstructure:"SinceTime"` // If true, add an RFC3339 or RFC3339Nano timestamp at the beginning of every line // of log output. Defaults to false. // +optional Timestamps bool `json:"Timestamps" mapstructure:"Timestamps"` // If set, the number of lines from the end of the logs to show. If not specified, // logs are shown from the creation of the container or sinceSeconds or sinceTime // +optional TailLines *int64 `json:"TailLines" mapstructure:"TailLines"` // If set, the number of bytes to read from the server before terminating the // log output. This may not display a complete final line of logging, and may return // slightly more or slightly less than the specified limit. // +optional LimitBytes *int64 `json:"LimitBytes" mapstructure:"LimitBytes"` }
PodLogLimits limits the scope of response when getting logs from pods. The scope of pods is defined by (Namespaces OR SonobuoyNamespace OR FieldSelectors) AND LabelSelector Then for each pod, the format and size of logs is defined by other fields, e.g. SinceSeconds