kubernetes

package
v0.0.0-...-d1b097e Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 19, 2019 License: Apache-2.0 Imports: 39 Imported by: 0

Documentation

Index

Constants

View Source 
const AntecedentAnnotation = "flux.weave.works/antecedent"

AntecedentAnnotation is an annotation on a resource indicating that the cause of that resource (indirectly, via a Helm release) is a FluxHelmRelease. We use this rather than the `OwnerReference` type built into Kubernetes so that there are no garbage-collection implications. The value is expected to be a serialised `flux.ResourceID`.

Variables

This section is empty.

Functions

func NewSSHKeyRing 

func NewSSHKeyRing(config SSHKeyRingConfig) (*sshKeyRing, error)

NewSSHKeyRing constructs an sshKeyRing backed by a kubernetes secret resource. The keyring is initialised with the key that was previously stored in the secret (either by regenerate() or an administrator), or a freshly generated key if none was found.

func ObjectMissingError 

func ObjectMissingError(obj string, err error) *fluxerr.Error

func UpdateNotSupportedError 

func UpdateNotSupportedError(kind string) error

Types

type Applier 

type Applier interface {
	// contains filtered or unexported methods
}

Applier is something that will apply a changeset to the cluster.

type Cluster 

type Cluster struct {
	// contains filtered or unexported fields
}

Cluster is a handle to a Kubernetes API server. (Typically, this code is deployed into the same cluster.)

func NewCluster 

func NewCluster(clientset k8sclient.Interface,
	fluxHelmClientset fhrclient.Interface,
	applier Applier,
	sshKeyRing ssh.KeyRing,
	logger log.Logger,
	nsWhitelist []string,
	imageExcludeList []string) *Cluster

NewCluster returns a usable cluster.

func (*Cluster) AllControllers 

func (c *Cluster) AllControllers(namespace string) (res []cluster.Controller, err error)

AllControllers returns all controllers matching the criteria; that is, in the namespace (or any namespace if that argument is empty)

func (*Cluster) Export 

func (c *Cluster) Export() ([]byte, error)

Export exports cluster resources

func (*Cluster) ImagesToFetch 

func (c *Cluster) ImagesToFetch() registry.ImageCreds

ImagesToFetch is a k8s specific method to get a list of images to update along with their credentials

func (*Cluster) Ping 

func (c *Cluster) Ping() error

func (*Cluster) PublicSSHKey 

func (c *Cluster) PublicSSHKey(regenerate bool) (ssh.PublicKey, error)

func (*Cluster) SomeControllers 

func (c *Cluster) SomeControllers(ids []flux.ResourceID) (res []cluster.Controller, err error)

SomeControllers returns the controllers named, missing out any that don't exist in the cluster. They do not necessarily have to be returned in the order requested.

func (*Cluster) Sync 

func (c *Cluster) Sync(spec cluster.SyncDef) error

Sync performs the given actions on resources. Operations are asynchronous, but serialised.

type KubeYAML 

type KubeYAML struct {
}

KubeYAML is a placeholder value for calling the helper executable `kubeyaml`.

func (KubeYAML) Annotate 

func (k KubeYAML) Annotate(in []byte, ns, kind, name string, policies ...string) ([]byte, error)

Annotate calls the kubeyaml subcommand `annotate` with the arguments as given.

func (KubeYAML) Image 

func (k KubeYAML) Image(in []byte, ns, kind, name, container, image string) ([]byte, error)

Image calls the kubeyaml subcommand `image` with the arguments given.

type Kubectl 

type Kubectl struct {
	// contains filtered or unexported fields
}

func NewKubectl 

func NewKubectl(exe string, config *rest.Config) *Kubectl

type Manifests 

type Manifests struct {
}

func (*Manifests) LoadManifests 

func (c *Manifests) LoadManifests(base string, paths []string) (map[string]resource.Resource, error)

func (*Manifests) ParseManifests 

func (c *Manifests) ParseManifests(allDefs []byte) (map[string]resource.Resource, error)

func (*Manifests) UpdateImage 

func (c *Manifests) UpdateImage(def []byte, id flux.ResourceID, container string, image image.Ref) ([]byte, error)

func (*Manifests) UpdatePolicies 

func (m *Manifests) UpdatePolicies(def []byte, id flux.ResourceID, update policy.Update) ([]byte, error)

type SSHKeyRingConfig 

type SSHKeyRingConfig struct {
	SecretAPI             v1.SecretInterface
	SecretName            string
	SecretVolumeMountPath string // e.g. "/etc/fluxd/ssh"
	SecretDataKey         string // e.g. "identity"
	KeyBits               ssh.OptionalValue
	KeyType               ssh.OptionalValue
	KeyGenDir             string // a tmpfs mount; e.g., /var/fluxd/ssh
}

SSHKeyRingConfig is used to configure the keyring with key generation options and the parameters of its backing kubernetes secret resource. SecretVolumeMountPath must be mounted RW for regenerate() to work, and to set the privateKeyFileMode on the identity secret file.

Notes

Bugs

  • Updating the kubernetes secret should be done via an ephemeral external executable invoked with coredumps disabled and using syscall.Mlockall(MCL_FUTURE) in conjunction with an appropriate ulimit to ensure the private key isn't unintentionally written to persistent storage.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.