Documentation ¶
Index ¶
- Constants
- Variables
- func AgentInstallNamespaceFromDeploymentConfigFunc(adcgetter AddOnDeploymentConfigGetter) func(*addonapiv1alpha1.ManagedClusterAddOn) (string, error)
- func ApplyClusterRole(ctx context.Context, client rbacclientv1.ClusterRolesGetter, ...) (*rbacv1.ClusterRole, bool, error)
- func ApplyClusterRoleBinding(ctx context.Context, client rbacclientv1.ClusterRoleBindingsGetter, ...) (*rbacv1.ClusterRoleBinding, bool, error)
- func ApplyConfigMap(ctx context.Context, client coreclientv1.ConfigMapsGetter, ...) (*corev1.ConfigMap, bool, error)
- func ApplyRole(ctx context.Context, client rbacclientv1.RolesGetter, required *rbacv1.Role) (*rbacv1.Role, bool, error)
- func ApplyRoleBinding(ctx context.Context, client rbacclientv1.RoleBindingsGetter, ...) (*rbacv1.RoleBinding, bool, error)
- func ApplySecret(ctx context.Context, client coreclientv1.SecretsGetter, ...) (*corev1.Secret, bool, error)
- func ClusterAnnotationChanged(old, new *clusterv1.ManagedCluster, annotation string) bool
- func ClusterAvailableConditionChanged(old, new *clusterv1.ManagedCluster) bool
- func ClusterConditionChanged(old, new *clusterv1.ManagedCluster, conditionType string) bool
- func ClusterImageRegistriesAnnotationChanged(old, new *clusterv1.ManagedCluster) bool
- func ContainGR(gvrs map[schema.GroupVersionResource]bool, group, resource string) bool
- func ConvertToDaemonSet(obj runtime.Object) (*appsv1.DaemonSet, error)
- func ConvertToDeployment(obj runtime.Object) (*appsv1.Deployment, error)
- func DaemonSetWellKnowManifestConfig(namespace, name string) workapiv1.ManifestConfigOption
- func DefaultCSRApprover(agentName string) agent.CSRApproveFunc
- func DefaultSignerWithExpiry(caKey, caData []byte, duration time.Duration) agent.CSRSignerFunc
- func DeploymentAvailabilityHealthCheck(identifier workapiv1.ResourceIdentifier, result workapiv1.StatusFeedbackResult) error
- func DeploymentWellKnowManifestConfig(namespace, name string) workapiv1.ManifestConfigOption
- func FilterByAddonName(agentAddons map[string]agent.AgentAddon) func(obj interface{}) bool
- func FilterDaemonSets(objects []runtime.Object) []*appsv1.DaemonSet
- func FilterDeployments(objects []runtime.Object) []*appsv1.Deployment
- func FilterOutTheBuiltInAddOnConfigGVRs(gvrs map[schema.GroupVersionResource]bool) map[schema.GroupVersionResource]bool
- func GetAddOnConfigRef(configReferences []addonapiv1alpha1.ConfigReference, group, resource string) (bool, addonapiv1alpha1.ConfigReference)
- func GetAddOnDeploymentConfigSpecHash(config *addonapiv1alpha1.AddOnDeploymentConfig) (string, error)
- func GetDesiredAddOnDeploymentConfig(addon *addonapiv1alpha1.ManagedClusterAddOn, ...) (*addonapiv1alpha1.AddOnDeploymentConfig, error)
- func GetSpecHash(obj *unstructured.Unstructured) (string, error)
- func IsCSRSupported(nativeClient kubernetes.Interface) (bool, bool, error)
- func IsOwnedByCMA(addon *addonapiv1alpha1.ManagedClusterAddOn) bool
- func ManagedByAddonManager(obj interface{}) bool
- func ManagedBySelf(agentAddons map[string]agent.AgentAddon) func(obj interface{}) bool
- func MapValueChanged(old, new map[string]string, key string) bool
- func MergeOwnerRefs(existing *[]metav1.OwnerReference, required metav1.OwnerReference, ...) bool
- func MergeRelatedObjects(modified *bool, objs *[]addonapiv1alpha1.ObjectReference, ...)
- func NewConfigChecker(name string, configfiles ...string) (*configChecker, error)
- func NewDeploymentProber(deployments ...types.NamespacedName) *agent.HealthProber
- func PatchAddonCondition(ctx context.Context, addonClient addonv1alpha1client.Interface, ...) error
- func UnionCSRApprover(approvers ...agent.CSRApproveFunc) agent.CSRApproveFunc
- func WellKnowManifestConfig(group, resources, namespace, name string) workapiv1.ManifestConfigOption
- func WorkloadAvailabilityHealthCheck(identifier workapiv1.ResourceIdentifier, result workapiv1.StatusFeedbackResult) error
- type AddOnDeploymentConfigGetter
- type AddonManagementFilterFunc
- type DeploymentProber
- type RBACPermissionBuilder
- type WorkloadMetadata
Constants ¶
const (
RoleRefKindUser = "User"
)
Variables ¶
var AddOnDeploymentConfigGVR = schema.GroupVersionResource{
Group: "addon.open-cluster-management.io",
Version: "v1alpha1",
Resource: "addondeploymentconfigs",
}
var AddOnTemplateGVR = schema.GroupVersionResource{
Group: "addon.open-cluster-management.io",
Version: "v1alpha1",
Resource: "addontemplates",
}
var BuiltInAddOnConfigGVRs = map[schema.GroupVersionResource]bool{ AddOnDeploymentConfigGVR: true, AddOnTemplateGVR: true, }
Functions ¶
func AgentInstallNamespaceFromDeploymentConfigFunc ¶ added in v0.8.0
func AgentInstallNamespaceFromDeploymentConfigFunc( adcgetter AddOnDeploymentConfigGetter, ) func(*addonapiv1alpha1.ManagedClusterAddOn) (string, error)
AgentInstallNamespaceFromDeploymentConfigFunc returns an agent install namespace helper function which will get the namespace from the addon deployment config. If the addon does not support addon deployment config or there is no matched addon deployment config, it will return an empty string.
func ApplyClusterRole ¶ added in v0.4.0
func ApplyClusterRole(ctx context.Context, client rbacclientv1.ClusterRolesGetter, required *rbacv1.ClusterRole) (*rbacv1.ClusterRole, bool, error)
ApplyClusterRole merges objectmeta, requires rules, aggregation rules are not allowed for now.
func ApplyClusterRoleBinding ¶ added in v0.4.0
func ApplyClusterRoleBinding(ctx context.Context, client rbacclientv1.ClusterRoleBindingsGetter, required *rbacv1.ClusterRoleBinding) (*rbacv1.ClusterRoleBinding, bool, error)
ApplyClusterRoleBinding merges objectmeta, requires subjects and role refs TODO on non-matching roleref, delete and recreate
func ApplyConfigMap ¶ added in v0.4.0
func ApplyConfigMap(ctx context.Context, client coreclientv1.ConfigMapsGetter, required *corev1.ConfigMap) (*corev1.ConfigMap, bool, error)
ApplyConfigMap merges objectmeta, requires data, ref from openshift/library-go
func ApplyRole ¶ added in v0.4.0
func ApplyRole(ctx context.Context, client rbacclientv1.RolesGetter, required *rbacv1.Role) (*rbacv1.Role, bool, error)
ApplyRole merges objectmeta, requires rules
func ApplyRoleBinding ¶ added in v0.4.0
func ApplyRoleBinding(ctx context.Context, client rbacclientv1.RoleBindingsGetter, required *rbacv1.RoleBinding) (*rbacv1.RoleBinding, bool, error)
ApplyRoleBinding merges objectmeta, requires subjects and role refs TODO on non-matching roleref, delete and recreate
func ApplySecret ¶ added in v0.4.0
func ApplySecret(ctx context.Context, client coreclientv1.SecretsGetter, requiredInput *corev1.Secret) (*corev1.Secret, bool, error)
ApplySecret merges objectmeta, requires data. ref from openshift/library-go
func ClusterAnnotationChanged ¶ added in v0.9.0
func ClusterAnnotationChanged(old, new *clusterv1.ManagedCluster, annotation string) bool
ClusterAnnotationChanged returns true if the value of the specified annotation in the new managed cluster annotation is different from the old managed cluster annotation
func ClusterAvailableConditionChanged ¶ added in v0.9.0
func ClusterAvailableConditionChanged(old, new *clusterv1.ManagedCluster) bool
ClusterAvailableConditionChanged returns true if the value of the Available condition in the new managed cluster is different from the old managed cluster
func ClusterConditionChanged ¶ added in v0.9.0
func ClusterConditionChanged(old, new *clusterv1.ManagedCluster, conditionType string) bool
ClusterAvailableConditionChanged returns true if the value of the specified conditionType in the new managed cluster is different from the old managed cluster
func ClusterImageRegistriesAnnotationChanged ¶ added in v0.8.0
func ClusterImageRegistriesAnnotationChanged(old, new *clusterv1.ManagedCluster) bool
ClusterImageRegistriesAnnotationChanged returns true if the value of the ClusterImageRegistriesAnnotationKey in the new managed cluster annotation is different from the old managed cluster annotation
func ContainGR ¶ added in v0.8.0
func ContainGR(gvrs map[schema.GroupVersionResource]bool, group, resource string) bool
ContainGR returns true if the given group resource is in the given map
func ConvertToDaemonSet ¶ added in v0.10.0
func ConvertToDeployment ¶ added in v0.8.0
func ConvertToDeployment(obj runtime.Object) (*appsv1.Deployment, error)
func DaemonSetWellKnowManifestConfig ¶ added in v0.10.0
func DaemonSetWellKnowManifestConfig(namespace, name string) workapiv1.ManifestConfigOption
func DefaultCSRApprover ¶ added in v0.2.0
func DefaultCSRApprover(agentName string) agent.CSRApproveFunc
DefaultCSRApprover approve the csr when addon agent uses default group and default user to sign csr.
func DefaultSignerWithExpiry ¶ added in v0.2.0
func DefaultSignerWithExpiry(caKey, caData []byte, duration time.Duration) agent.CSRSignerFunc
DefaultSignerWithExpiry generates a signer func for addon agent to sign the csr using caKey and caData with expiry date.
func DeploymentAvailabilityHealthCheck ¶ added in v0.8.0
func DeploymentAvailabilityHealthCheck(identifier workapiv1.ResourceIdentifier, result workapiv1.StatusFeedbackResult) error
func DeploymentWellKnowManifestConfig ¶ added in v0.8.0
func DeploymentWellKnowManifestConfig(namespace, name string) workapiv1.ManifestConfigOption
func FilterByAddonName ¶ added in v0.7.1
func FilterByAddonName(agentAddons map[string]agent.AgentAddon) func(obj interface{}) bool
func FilterDaemonSets ¶ added in v0.10.0
func FilterDeployments ¶ added in v0.8.0
func FilterDeployments(objects []runtime.Object) []*appsv1.Deployment
func FilterOutTheBuiltInAddOnConfigGVRs ¶ added in v0.8.0
func FilterOutTheBuiltInAddOnConfigGVRs( gvrs map[schema.GroupVersionResource]bool) map[schema.GroupVersionResource]bool
FilterOutTheBuiltInAddOnConfigGVRs returns a new slice of GroupVersionResource that does not contain the built-in addOn config GVRs
func GetAddOnConfigRef ¶ added in v0.8.0
func GetAddOnConfigRef( configReferences []addonapiv1alpha1.ConfigReference, group, resource string) (bool, addonapiv1alpha1.ConfigReference)
GetAddOnConfigRef returns the first addon config ref for the given config type. It is fine since the status will only have one config for each GK. (TODO) this needs to be reconcidered if we support multiple same GK in the config referencese.
func GetAddOnDeploymentConfigSpecHash ¶ added in v0.8.0
func GetAddOnDeploymentConfigSpecHash(config *addonapiv1alpha1.AddOnDeploymentConfig) (string, error)
GetAddOnDeploymentConfigSpecHash returns the sha256 hash of the spec field of the addon deployment config
func GetDesiredAddOnDeploymentConfig ¶ added in v0.8.0
func GetDesiredAddOnDeploymentConfig( addon *addonapiv1alpha1.ManagedClusterAddOn, adcgetter AddOnDeploymentConfigGetter, ) (*addonapiv1alpha1.AddOnDeploymentConfig, error)
GetDesiredAddOnDeployment returns the desired addonDeploymentConfig of the addon
func GetSpecHash ¶ added in v0.8.0
func GetSpecHash(obj *unstructured.Unstructured) (string, error)
GetSpecHash returns the sha256 hash of the spec field or other config fields of the given object
func IsCSRSupported ¶ added in v0.3.0
func IsCSRSupported(nativeClient kubernetes.Interface) (bool, bool, error)
IsCSRSupported checks whether the cluster supports v1 or v1beta1 csr api.
func IsOwnedByCMA ¶ added in v0.7.0
func IsOwnedByCMA(addon *addonapiv1alpha1.ManagedClusterAddOn) bool
func ManagedByAddonManager ¶ added in v0.7.0
func ManagedByAddonManager(obj interface{}) bool
func ManagedBySelf ¶ added in v0.7.0
func ManagedBySelf(agentAddons map[string]agent.AgentAddon) func(obj interface{}) bool
func MapValueChanged ¶ added in v0.8.0
MapValueChanged returns true if the value of the given key in the new map is different from the old map
func MergeOwnerRefs ¶ added in v0.4.0
func MergeOwnerRefs(existing *[]metav1.OwnerReference, required metav1.OwnerReference, removeOwner bool) bool
func MergeRelatedObjects ¶
func MergeRelatedObjects(modified *bool, objs *[]addonapiv1alpha1.ObjectReference, obj addonapiv1alpha1.ObjectReference)
func NewConfigChecker ¶
NewConfigChecker
Parameters: * name could be any string. * configfiles should be the same as your target container are using now.
There is two use cases: Case1: Embeding configchecker into the current server
In this case, we simply initialize a configchecker and add it to the current in used healthz.Checkers. You can check here for a reference:
https://github.com/open-cluster-management/multicloud-operators-foundation/blob/56270b1520ec5896981db689b3afe0cd893cad8e/cmd/agent/agent.go#L148
-----------------------------------------------------------------------------
Case2: Using configchecker as an independent process to watch another service
Example Code: config_checker_server.go
type configCheckerServer struct { checkers []heathz.HealthChecker } func NewConfigCheckerServer(checkers []healthz.HealthChecker) *configCheckerServer { return &configCheckerServer{checkers: checkers} } func (s *configCheckerServer) ServerHttp(rw http.ResponseWriter, r *http.Request) { for _, c := range s.chekers { if c.Name() == r.URL { if err := c.Check(); err != nil { rw.WriteHeader(500) } else { rw.WriteHeader(200) } } } }
main.go ... configchecker := utils.NewConfigChecker("checker", "/config/server-config.yaml") configchecker.SetReload(true) ccServer := NewConfigCheckerServer([]healthz.HealthChecker{configchecker}) ...
There are some watch-outs for this case: 1. One configchecker server for one target server, don't use one configchecker for multiple server. 2. Set `reload` to `true` by invoke `SetReload` function. 3. In deployment's livessProbe config, the `failureThreshold` must be `1`.
func NewDeploymentProber ¶ added in v0.3.0
func NewDeploymentProber(deployments ...types.NamespacedName) *agent.HealthProber
func PatchAddonCondition ¶ added in v0.4.0
func PatchAddonCondition(ctx context.Context, addonClient addonv1alpha1client.Interface, new, old *addonapiv1alpha1.ManagedClusterAddOn) error
func UnionCSRApprover ¶ added in v0.2.0
func UnionCSRApprover(approvers ...agent.CSRApproveFunc) agent.CSRApproveFunc
UnionCSRApprover is a union func for multiple approvers
func WellKnowManifestConfig ¶ added in v0.10.0
func WellKnowManifestConfig(group, resources, namespace, name string) workapiv1.ManifestConfigOption
func WorkloadAvailabilityHealthCheck ¶ added in v0.10.0
func WorkloadAvailabilityHealthCheck(identifier workapiv1.ResourceIdentifier, result workapiv1.StatusFeedbackResult) error
Types ¶
type AddOnDeploymentConfigGetter ¶ added in v0.8.0
type AddOnDeploymentConfigGetter interface {
Get(ctx context.Context, namespace, name string) (*addonapiv1alpha1.AddOnDeploymentConfig, error)
}
AddOnDeploymentConfigGetter has a method to return a AddOnDeploymentConfig object
func NewAddOnDeploymentConfigGetter ¶ added in v0.8.0
func NewAddOnDeploymentConfigGetter(addonClient addonv1alpha1client.Interface) AddOnDeploymentConfigGetter
NewAddOnDeploymentConfigGetter returns a AddOnDeploymentConfigGetter with addon client
type AddonManagementFilterFunc ¶ added in v0.7.0
type AddonManagementFilterFunc func(cma *addonapiv1alpha1.ClusterManagementAddOn) bool
AddonManagementFilterFunc is to check if the addon should be managed by addon manager or self-managed
type DeploymentProber ¶ added in v0.3.0
type DeploymentProber struct {
// contains filtered or unexported fields
}
DeploymentProber is to check the addon status based on status of the agent deployment status
func (*DeploymentProber) ProbeFields ¶ added in v0.3.0
func (d *DeploymentProber) ProbeFields() []agent.ProbeField
type RBACPermissionBuilder ¶ added in v0.3.0
type RBACPermissionBuilder interface { // BindClusterRoleToUser is a shortcut that ensures a cluster role and binds to a hub user. BindClusterRoleToUser(clusterRole *rbacv1.ClusterRole, username string) RBACPermissionBuilder // BindClusterRoleToGroup is a shortcut that ensures a cluster role and binds to a hub user group. BindClusterRoleToGroup(clusterRole *rbacv1.ClusterRole, userGroup string) RBACPermissionBuilder // BindRoleToUser is a shortcut that ensures a role and binds to a hub user. BindRoleToUser(clusterRole *rbacv1.Role, username string) RBACPermissionBuilder // BindRoleToGroup is a shortcut that ensures a role binding and binds to a hub user. BindRoleToGroup(clusterRole *rbacv1.Role, userGroup string) RBACPermissionBuilder // WithStaticClusterRole ensures a cluster role to the hub cluster. WithStaticClusterRole(clusterRole *rbacv1.ClusterRole) RBACPermissionBuilder // WithStaticClusterRoleBinding ensures a cluster role binding to the hub cluster. WithStaticClusterRoleBinding(clusterRole *rbacv1.ClusterRoleBinding) RBACPermissionBuilder // WithStaticRole ensures a role to the hub cluster. WithStaticRole(clusterRole *rbacv1.Role) RBACPermissionBuilder // WithStaticRole ensures a role binding to the hub cluster. WithStaticRoleBinding(clusterRole *rbacv1.RoleBinding) RBACPermissionBuilder // Build wraps up the builder chain, and return a agent.PermissionConfigFunc. Build() agent.PermissionConfigFunc }
RBACPermissionBuilder builds a agent.PermissionConfigFunc that applies Kubernetes RBAC policies.
func NewRBACPermissionConfigBuilder ¶ added in v0.3.0
func NewRBACPermissionConfigBuilder(kubeClient kubernetes.Interface) RBACPermissionBuilder
NewRBACPermissionConfigBuilder instantiates a default RBACPermissionBuilder.
type WorkloadMetadata ¶ added in v0.10.0
type WorkloadMetadata struct { schema.GroupResource types.NamespacedName }
func FilterWorkloads ¶ added in v0.10.0
func FilterWorkloads(objects []runtime.Object) []WorkloadMetadata