resourcequota

package
v0.22.15 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 21, 2022 License: Apache-2.0 Imports: 34 Imported by: 14

Documentation

Overview

Package resourcequota enforces all incoming requests against any applied quota in the namespace context of the request

Index

Constants

View Source
const PluginName = "ResourceQuota"

PluginName is a string with the name of the plugin

Variables

This section is empty.

Functions

func CheckRequest

CheckRequest is a static version of quotaEvaluator.checkRequest, possible to be called from outside.

func IsDefaultDeny

func IsDefaultDeny(err error) bool

IsDefaultDeny returns true if the error is defaultDeny

func LoadConfiguration

func LoadConfiguration(config io.Reader) (*resourcequotaapi.Configuration, error)

LoadConfiguration loads the provided configuration.

func Register

func Register(plugins *admission.Plugins)

Register registers a plugin

Types

type Evaluator

type Evaluator interface {
	// Evaluate takes an operation and checks to see if quota constraints are satisfied.  It returns an error if they are not.
	// The default implementation processes related operations in chunks when possible.
	Evaluate(a admission.Attributes) error
}

Evaluator is used to see if quota constraints are satisfied.

func NewQuotaEvaluator

func NewQuotaEvaluator(quotaAccessor QuotaAccessor, ignoredResources map[schema.GroupResource]struct{}, quotaRegistry quota.Registry, lockAcquisitionFunc func([]corev1.ResourceQuota) func(), config *resourcequotaapi.Configuration, workers int, stopCh <-chan struct{}) Evaluator

NewQuotaEvaluator configures an admission controller that can enforce quota constraints using the provided registry. The registry must have the capability to handle group/kinds that are persisted by the server this admission controller is intercepting

type QuotaAccessor

type QuotaAccessor interface {
	// UpdateQuotaStatus is called to persist final status.  This method should write to persistent storage.
	// An error indicates that write didn't complete successfully.
	UpdateQuotaStatus(newQuota *corev1.ResourceQuota) error

	// GetQuotas gets all possible quotas for a given namespace
	GetQuotas(namespace string) ([]corev1.ResourceQuota, error)
}

QuotaAccessor abstracts the get/set logic from the rest of the Evaluator. This could be a test stub, a straight passthrough, or most commonly a series of deconflicting caches.

type QuotaAdmission

type QuotaAdmission struct {
	*admission.Handler
	// contains filtered or unexported fields
}

QuotaAdmission implements an admission controller that can enforce quota constraints

func NewResourceQuota

func NewResourceQuota(config *resourcequotaapi.Configuration, numEvaluators int, stopCh <-chan struct{}) (*QuotaAdmission, error)

NewResourceQuota configures an admission controller that can enforce quota constraints using the provided registry. The registry must have the capability to handle group/kinds that are persisted by the server this admission controller is intercepting

func (*QuotaAdmission) SetExternalKubeClientSet

func (a *QuotaAdmission) SetExternalKubeClientSet(client kubernetes.Interface)

SetExternalKubeClientSet registers the client into QuotaAdmission

func (*QuotaAdmission) SetExternalKubeInformerFactory

func (a *QuotaAdmission) SetExternalKubeInformerFactory(f informers.SharedInformerFactory)

SetExternalKubeInformerFactory registers an informer factory into QuotaAdmission

func (*QuotaAdmission) SetQuotaConfiguration

func (a *QuotaAdmission) SetQuotaConfiguration(c quota.Configuration)

SetQuotaConfiguration assigns and initializes configuration and evaluator for QuotaAdmission

func (*QuotaAdmission) Validate

Validate makes admission decisions while enforcing quota

func (*QuotaAdmission) ValidateInitialization

func (a *QuotaAdmission) ValidateInitialization() error

ValidateInitialization ensures an authorizer is set.

Directories

Path Synopsis
apis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL