Documentation ¶
Overview ¶
Package v1alpha1 contains API Schema definitions for the templates v1alpha1 API group +groupName=crds.wizardofoz.co
Package v1alpha1 contains API Schema definitions for the templates v1alpha1 API group +kubebuilder:object:generate=true +groupName=crds.wizardofoz.co
Index ¶
- Constants
- Variables
- func ObjectToJSON(obj any) string
- type AccessConfig
- type ControllerKind
- type CoreStatus
- func (in *CoreStatus) DeepCopy() *CoreStatus
- func (in *CoreStatus) DeepCopyInto(out *CoreStatus)
- func (in *CoreStatus) GetAccessMessage() string
- func (in *CoreStatus) GetConditions() *[]metav1.Condition
- func (in *CoreStatus) IsReady() bool
- func (in *CoreStatus) SetAccessMessage(msg string)
- func (in *CoreStatus) SetReady(ready bool)
- type CrossVersionObjectReference
- func (in *CrossVersionObjectReference) DeepCopy() *CrossVersionObjectReference
- func (in *CrossVersionObjectReference) DeepCopyInto(out *CrossVersionObjectReference)
- func (r *CrossVersionObjectReference) GetGroup() string
- func (r *CrossVersionObjectReference) GetGroupVersionKind() schema.GroupVersionKind
- func (r *CrossVersionObjectReference) GetKind() string
- func (r *CrossVersionObjectReference) GetName() string
- func (r *CrossVersionObjectReference) GetObject() client.Object
- func (r *CrossVersionObjectReference) GetTypedObject(obj client.Object) client.Object
- func (r *CrossVersionObjectReference) GetVersion() string
- func (r *CrossVersionObjectReference) String() string
- type ExecAccessRequest
- func (in *ExecAccessRequest) DeepCopy() *ExecAccessRequest
- func (in *ExecAccessRequest) DeepCopyInto(out *ExecAccessRequest)
- func (in *ExecAccessRequest) DeepCopyObject() runtime.Object
- func (r *ExecAccessRequest) Default(_ admission.Request) error
- func (r *ExecAccessRequest) GetDuration() (time.Duration, error)
- func (r *ExecAccessRequest) GetPodName() string
- func (r *ExecAccessRequest) GetStatus() ICoreStatus
- func (r *ExecAccessRequest) GetTemplate(ctx context.Context, cl client.Client) (ITemplateResource, error)
- func (r *ExecAccessRequest) GetTemplateName() string
- func (r *ExecAccessRequest) GetUptime() time.Duration
- func (r *ExecAccessRequest) SetPodName(name string) error
- func (r *ExecAccessRequest) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *ExecAccessRequest) ValidateCreate(req admission.Request) (admission.Warnings, error)
- func (r *ExecAccessRequest) ValidateDelete(req admission.Request) (admission.Warnings, error)
- func (r *ExecAccessRequest) ValidateUpdate(_ admission.Request, old runtime.Object) (admission.Warnings, error)
- type ExecAccessRequestList
- type ExecAccessRequestSpec
- type ExecAccessRequestStatus
- type ExecAccessTemplate
- func (in *ExecAccessTemplate) DeepCopy() *ExecAccessTemplate
- func (in *ExecAccessTemplate) DeepCopyInto(out *ExecAccessTemplate)
- func (in *ExecAccessTemplate) DeepCopyObject() runtime.Object
- func (t *ExecAccessTemplate) GetAccessConfig() *AccessConfig
- func (t *ExecAccessTemplate) GetStatus() ICoreStatus
- func (t *ExecAccessTemplate) GetTargetRef() *CrossVersionObjectReference
- type ExecAccessTemplateList
- type ExecAccessTemplateSpec
- type ExecAccessTemplateStatus
- type IConditionType
- type ICoreResource
- type ICoreStatus
- type IPodRequestResource
- type IRequestResource
- type IRequestStatus
- type ITemplateResource
- type ITemplateStatus
- type JSONPatchOperation
- type JSONPatchOperationType
- type PodAccessRequest
- func (in *PodAccessRequest) DeepCopy() *PodAccessRequest
- func (in *PodAccessRequest) DeepCopyInto(out *PodAccessRequest)
- func (in *PodAccessRequest) DeepCopyObject() runtime.Object
- func (r *PodAccessRequest) Default(_ admission.Request) error
- func (r *PodAccessRequest) GetDuration() (time.Duration, error)
- func (r *PodAccessRequest) GetPodName() string
- func (r *PodAccessRequest) GetStatus() ICoreStatus
- func (r *PodAccessRequest) GetTemplate(ctx context.Context, cl client.Client) (ITemplateResource, error)
- func (r *PodAccessRequest) GetTemplateName() string
- func (r *PodAccessRequest) GetUptime() time.Duration
- func (r *PodAccessRequest) SetPodName(name string) error
- func (r *PodAccessRequest) SetupWebhookWithManager(mgr ctrl.Manager) error
- func (r *PodAccessRequest) ValidateCreate(req admission.Request) (admission.Warnings, error)
- func (r *PodAccessRequest) ValidateDelete(req admission.Request) (admission.Warnings, error)
- func (r *PodAccessRequest) ValidateUpdate(req admission.Request, _ runtime.Object) (admission.Warnings, error)
- type PodAccessRequestList
- type PodAccessRequestSpec
- type PodAccessRequestStatus
- type PodAccessTemplate
- func (in *PodAccessTemplate) DeepCopy() *PodAccessTemplate
- func (in *PodAccessTemplate) DeepCopyInto(out *PodAccessTemplate)
- func (in *PodAccessTemplate) DeepCopyObject() runtime.Object
- func (t *PodAccessTemplate) GetAccessConfig() *AccessConfig
- func (t *PodAccessTemplate) GetStatus() ICoreStatus
- func (t *PodAccessTemplate) GetTargetRef() *CrossVersionObjectReference
- func (t *PodAccessTemplate) Validate() error
- type PodAccessTemplateList
- type PodAccessTemplateSpec
- type PodAccessTemplateStatus
- type PodTemplateSpecMutationConfig
- func (in *PodTemplateSpecMutationConfig) DeepCopy() *PodTemplateSpecMutationConfig
- func (in *PodTemplateSpecMutationConfig) DeepCopyInto(out *PodTemplateSpecMutationConfig)
- func (c *PodTemplateSpecMutationConfig) PatchPodTemplateSpec(ctx context.Context, orig corev1.PodTemplateSpec) (corev1.PodTemplateSpec, error)
- type RequestConditionTypes
- type TemplateConditionTypes
Constants ¶
const ( // FieldSelectorMetadataName refers to the metadata.name field on an // object, and is used during the creation of the K8S API Client as one of // the fields we want to index. FieldSelectorMetadataName string = "metadata.name" // FieldSelectorStatusPhase refers to the status.phase field on an // object, and is used during the creation of the K8S API Client as one of // the fields we want to index. FieldSelectorStatusPhase string = "status.phase" )
const ( // DefaultContainerAnnotationKey is the name of the Key in the Pod // Annotations that notates which container in the PodSpec is considered // the "default" container for kubectl. This annotation is also used to // determine which container is mutated by the // PodTemplateSpecMutationConfig struct. DefaultContainerAnnotationKey = "kubectl.kubernetes.io/default-container" )
Variables ¶
var ( // GroupVersion is group version used to register these objects GroupVersion = schema.GroupVersion{Group: "crds.wizardofoz.co", Version: "v1alpha1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion} // AddToScheme adds the types in this group-version to the given scheme. AddToScheme = SchemeBuilder.AddToScheme )
Functions ¶
func ObjectToJSON ¶
ObjectToJSON is a quick helper function for pretty-printing an entire K8S object in JSON form. Used in certain debug log statements primarily.
Types ¶
type AccessConfig ¶
type AccessConfig struct { // AllowedGroups lists out the groups (in string name form) that will be allowed to Exec into // the target pod. // // +kubebuilder:validation:Required AllowedGroups []string `json:"allowedGroups"` // DefaultDuration sets the default time that an access request resource will live. Must // be set below MaxDuration. // // Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". // // +kubebuilder:default:="1h" DefaultDuration string `json:"defaultDuration"` // MaxDuration sets the maximum duration that an access request resource can request to // stick around. // // Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". // // +kubebuilder:default:="24h" MaxDuration string `json:"maxDuration"` // AccessCommand is used to describe to the user how they can make use of their temporary access. // The AccessCommand can reference data from a Pod ObjectMeta. // // +kubebuilder:validation:Optional // +kubebuilder:default:="kubectl exec -ti -n {{ .Metadata.Namespace }} {{ .Metadata.Name }} -- /bin/sh" AccessCommand string `json:"accessCommand"` }
AccessConfig provides a common interface for our Template structs (which implement ITemplateResource) for defining which entities are being granted access to a resource, and for how long they are granted that access.
func (*AccessConfig) DeepCopy ¶
func (in *AccessConfig) DeepCopy() *AccessConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AccessConfig.
func (*AccessConfig) DeepCopyInto ¶
func (in *AccessConfig) DeepCopyInto(out *AccessConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*AccessConfig) GetAllowedGroups ¶
func (a *AccessConfig) GetAllowedGroups() []string
GetAllowedGroups returns the Spec.AllowedGroups for this particular template
func (*AccessConfig) GetDefaultDuration ¶
func (a *AccessConfig) GetDefaultDuration() (time.Duration, error)
GetDefaultDuration parses the Spec.defaultDuration field into a time.Duration struct.
Returns:
time.Duration: Populated struct (or nil, if error) error: If any error occurs in the parsing, the error is returned
func (*AccessConfig) GetMaxDuration ¶
func (a *AccessConfig) GetMaxDuration() (time.Duration, error)
GetMaxDuration parses the Spec.maxDuration field into a time.Duration struct.
Returns:
time.Duration: Populated struct (or nil, if error) error: If any error occurs in the parsing, the error is returned
type ControllerKind ¶
type ControllerKind string
ControllerKind is a string that represents an Apps/V1 known controller kind that this codebase supports. This is used to limit the inputs on the AccessTemplate and ExecAccessTemplate CRDs.
const ( // DeploymentController maps to APIVersion: apps/v1, Kind: Deployment DeploymentController ControllerKind = "Deployment" // DaemonSetController maps to APIVersion: apps/v1, Kind: DaemonSet DaemonSetController ControllerKind = "DaemonSet" // StatefulSetController maps to APIVersion: apps/v1, Kind: StatfulSet StatefulSetController ControllerKind = "StatefulSet" )
type CoreStatus ¶
type CoreStatus struct { // Current status of the Access Template Conditions []metav1.Condition `json:"conditions,omitempty" patchStrategy:"merge" patchMergeKey:"type" protobuf:"bytes,1,rep,name=conditions"` // Simple boolean to let us know if the resource is ready for use or not Ready bool `json:"ready,omitempty"` // AccessMessage is used to describe to the user how they can make use of their temporary access // request. Eg, for a PodAccessTemplate the value set here would be something like: // // "Access Granted, connect to your pod with: kubectl exec -ti -n namespace pod-xyz -- /bin/bash" // AccessMessage string `json:"accessMessage,omitempty"` }
CoreStatus provides a common set of .Status fields and functions. The goal is to conform to the interfaces.OzResource interface commonly across all of our core CRDs.
func (*CoreStatus) DeepCopy ¶
func (in *CoreStatus) DeepCopy() *CoreStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CoreStatus.
func (*CoreStatus) DeepCopyInto ¶
func (in *CoreStatus) DeepCopyInto(out *CoreStatus)
DeepCopyInto is typically auto-generated by controller-gen. However, it seems that controller-gen fails when we include the ozResourceCoreStatus.Conditions field. Implementing our own DeepCopyInto function resolves this, but does put the responsibility on us to keep this updated.
func (*CoreStatus) GetAccessMessage ¶
func (in *CoreStatus) GetAccessMessage() string
GetAccessMessage returns the Status.AccessMessage field.
func (*CoreStatus) GetConditions ¶
func (in *CoreStatus) GetConditions() *[]metav1.Condition
GetConditions returns a pointer to the list of Conditions in the Status.
func (*CoreStatus) IsReady ¶
func (in *CoreStatus) IsReady() bool
IsReady conforms to the interfaces.OzResource interface
func (*CoreStatus) SetAccessMessage ¶
func (in *CoreStatus) SetAccessMessage(msg string)
SetAccessMessage sets (or updates) the Status.AccessMessage field.
func (*CoreStatus) SetReady ¶
func (in *CoreStatus) SetReady(ready bool)
SetReady conforms to the interfaces.OzResource interface
type CrossVersionObjectReference ¶
type CrossVersionObjectReference struct { // Defines the "APIVersion" of the resource being referred to. Eg, "apps/v1". // // TODO: Figure out how to regex validate that it has a "/" in it // // +kubebuilder:validation:Required // +kubebuilder:validation:Enum=apps/v1;argoproj.io/v1alpha1 APIVersion string `json:"apiVersion"` // Defines the "Kind" of resource being referred to. // +kubebuilder:validation:Required // +kubebuilder:validation:Enum=Deployment;DaemonSet;StatefulSet;Rollout Kind ControllerKind `json:"kind"` // Defines the "metadata.Name" of the target resource. // +kubebuilder:validation:Required Name string `json:"name"` }
CrossVersionObjectReference provides us a generic way to define a reference to an APIGroup, Kind and Name of a particular resource. Primarily used for the AccessTemplate and ExecAccessTemplate, but generic enough to be used in other resources down the road.
func (*CrossVersionObjectReference) DeepCopy ¶
func (in *CrossVersionObjectReference) DeepCopy() *CrossVersionObjectReference
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new CrossVersionObjectReference.
func (*CrossVersionObjectReference) DeepCopyInto ¶
func (in *CrossVersionObjectReference) DeepCopyInto(out *CrossVersionObjectReference)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*CrossVersionObjectReference) GetGroup ¶
func (r *CrossVersionObjectReference) GetGroup() string
GetGroup returns the APIGroup name only (eg "apps")
func (*CrossVersionObjectReference) GetGroupVersionKind ¶
func (r *CrossVersionObjectReference) GetGroupVersionKind() schema.GroupVersionKind
GetGroupVersionKind returns a populated schema object thta can be used by the unstructured Kubernetes API client to get the final target object from the API.
func (*CrossVersionObjectReference) GetKind ¶
func (r *CrossVersionObjectReference) GetKind() string
GetKind returns the resource Kind (eg "Deployment")
func (*CrossVersionObjectReference) GetName ¶
func (r *CrossVersionObjectReference) GetName() string
GetName returns the Name of the resource (eg "MyDeploymentThing")
func (*CrossVersionObjectReference) GetObject ¶
func (r *CrossVersionObjectReference) GetObject() client.Object
GetObject returns a generic unstructured resource that points to the desired API object. Because this is unstructured (for now), you can really only use this to get metadata back from the API about the resource.
TODO: Figure out if we can cast this into a desired object type in some way that would provide us access to the Spec.
func (*CrossVersionObjectReference) GetTypedObject ¶
func (r *CrossVersionObjectReference) GetTypedObject(obj client.Object) client.Object
GetTypedObject attempts to do a thing..
func (*CrossVersionObjectReference) GetVersion ¶
func (r *CrossVersionObjectReference) GetVersion() string
GetVersion returns the API "Version" only (eg "v1")
func (*CrossVersionObjectReference) String ¶
func (r *CrossVersionObjectReference) String() string
String implements the Stringer interface
type ExecAccessRequest ¶
type ExecAccessRequest struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec ExecAccessRequestSpec `json:"spec,omitempty"` Status ExecAccessRequestStatus `json:"status,omitempty"` }
ExecAccessRequest is the Schema for the execaccessrequests API
+kubebuilder:printcolumn:name="Template",type="string",JSONPath=".spec.templateName",description="Access Template" +kubebuilder:printcolumn:name="Pod",type="string",JSONPath=".status.podName",description="Target Pod Name" +kubebuilder:printcolumn:name="Ready",type="boolean",JSONPath=".status.ready",description="Is request ready?"
func GetExecAccessRequest ¶
func GetExecAccessRequest( ctx context.Context, cl client.Client, name string, namespace string, ) (*ExecAccessRequest, error)
GetExecAccessRequest returns back an ExecAccessRequest resource matching the request supplied to the reconciler loop, or returns back an error.
func (*ExecAccessRequest) DeepCopy ¶
func (in *ExecAccessRequest) DeepCopy() *ExecAccessRequest
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecAccessRequest.
func (*ExecAccessRequest) DeepCopyInto ¶
func (in *ExecAccessRequest) DeepCopyInto(out *ExecAccessRequest)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ExecAccessRequest) DeepCopyObject ¶
func (in *ExecAccessRequest) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*ExecAccessRequest) Default ¶
func (r *ExecAccessRequest) Default(_ admission.Request) error
Default implements webhook.Defaulter so a webhook will be registered for the type
func (*ExecAccessRequest) GetDuration ¶
func (r *ExecAccessRequest) GetDuration() (time.Duration, error)
GetDuration conforms to the interfaces.OzRequestResource interface
func (*ExecAccessRequest) GetPodName ¶
func (r *ExecAccessRequest) GetPodName() string
GetPodName conforms to the interfaces.OzRequestResource interface
func (*ExecAccessRequest) GetStatus ¶
func (r *ExecAccessRequest) GetStatus() ICoreStatus
GetStatus implements the ICoreResource interface
func (*ExecAccessRequest) GetTemplate ¶
func (r *ExecAccessRequest) GetTemplate( ctx context.Context, cl client.Client, ) (ITemplateResource, error)
GetTemplate returns a populated ExecAccessTemplate that this ExecAccessRequest is referencing.
func (*ExecAccessRequest) GetTemplateName ¶
func (r *ExecAccessRequest) GetTemplateName() string
GetTemplateName returns the user supplied Spec.templateName field
func (*ExecAccessRequest) GetUptime ¶
func (r *ExecAccessRequest) GetUptime() time.Duration
GetUptime conforms to the interfaces.OzRequestResource interface
func (*ExecAccessRequest) SetPodName ¶
func (r *ExecAccessRequest) SetPodName(name string) error
SetPodName conforms to the interfaces.OzRequestResource interface
func (*ExecAccessRequest) SetupWebhookWithManager ¶
func (r *ExecAccessRequest) SetupWebhookWithManager(mgr ctrl.Manager) error
SetupWebhookWithManager configures the webhook service in the Manager to accept MutatingWebhookConfiguration and ValidatingWebhookConfiguration calls from the Kubernetes API server.
func (*ExecAccessRequest) ValidateCreate ¶
ValidateCreate implements webhook.Validator so a webhook will be registered for the type
func (*ExecAccessRequest) ValidateDelete ¶
ValidateDelete implements webhook.IContextuallyValidatableObject so a webhook will be registered for the type
func (*ExecAccessRequest) ValidateUpdate ¶
func (r *ExecAccessRequest) ValidateUpdate(_ admission.Request, old runtime.Object) (admission.Warnings, error)
ValidateUpdate prevents immutable updates to the ExecAccessRequest.
type ExecAccessRequestList ¶
type ExecAccessRequestList struct { metav1.TypeMeta ` json:",inline"` metav1.ListMeta ` json:"metadata,omitempty"` Items []ExecAccessRequest `json:"items"` }
ExecAccessRequestList contains a list of ExecAccessRequest
func (*ExecAccessRequestList) DeepCopy ¶
func (in *ExecAccessRequestList) DeepCopy() *ExecAccessRequestList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecAccessRequestList.
func (*ExecAccessRequestList) DeepCopyInto ¶
func (in *ExecAccessRequestList) DeepCopyInto(out *ExecAccessRequestList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ExecAccessRequestList) DeepCopyObject ¶
func (in *ExecAccessRequestList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ExecAccessRequestSpec ¶
type ExecAccessRequestSpec struct { // Defines the name of the `ExecAcessTemplate` that should be used to grant access to the target // resource. // // +kubebuilder:validation:Required TemplateName string `json:"templateName"` // TargetPod is used to explicitly define the target pod that the Exec privilges should be // granted to. If not supplied, then a random pod is chosen. TargetPod string `json:"targetPod,omitempty"` // Duration sets the length of time from the `spec.creationTimestamp` that this object will live. After the // time has expired, the resouce will be automatically deleted on the next reconcilliation loop. // // If omitted, the spec.defautlDuration from the ExecAccessTemplate is used. // // Valid time units are "ns", "us" (or "µs"), "ms", "s", "m", "h". Duration string `json:"duration,omitempty"` }
ExecAccessRequestSpec defines the desired state of ExecAccessRequest
func (*ExecAccessRequestSpec) DeepCopy ¶
func (in *ExecAccessRequestSpec) DeepCopy() *ExecAccessRequestSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecAccessRequestSpec.
func (*ExecAccessRequestSpec) DeepCopyInto ¶
func (in *ExecAccessRequestSpec) DeepCopyInto(out *ExecAccessRequestSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExecAccessRequestStatus ¶
type ExecAccessRequestStatus struct { CoreStatus `json:",inline"` // The Target Pod Name where access has been granted PodName string `json:"podName,omitempty"` }
ExecAccessRequestStatus defines the observed state of ExecAccessRequest
func (*ExecAccessRequestStatus) DeepCopy ¶
func (in *ExecAccessRequestStatus) DeepCopy() *ExecAccessRequestStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecAccessRequestStatus.
func (*ExecAccessRequestStatus) DeepCopyInto ¶
func (in *ExecAccessRequestStatus) DeepCopyInto(out *ExecAccessRequestStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExecAccessTemplate ¶
type ExecAccessTemplate struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec ExecAccessTemplateSpec `json:"spec,omitempty"` Status ExecAccessTemplateStatus `json:"status,omitempty"` }
ExecAccessTemplate is the Schema for the execaccesstemplates API
+kubebuilder:printcolumn:name="Ready",type="boolean",JSONPath=".status.ready",description="Is template ready?"
func GetExecAccessTemplate ¶
func GetExecAccessTemplate( ctx context.Context, cl client.Reader, name string, namespace string, ) (*ExecAccessTemplate, error)
GetExecAccessTemplate returns back an ExecAccessTemplate resource matching the request supplied to the reconciler loop, or returns back an error.
func (*ExecAccessTemplate) DeepCopy ¶
func (in *ExecAccessTemplate) DeepCopy() *ExecAccessTemplate
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecAccessTemplate.
func (*ExecAccessTemplate) DeepCopyInto ¶
func (in *ExecAccessTemplate) DeepCopyInto(out *ExecAccessTemplate)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ExecAccessTemplate) DeepCopyObject ¶
func (in *ExecAccessTemplate) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*ExecAccessTemplate) GetAccessConfig ¶
func (t *ExecAccessTemplate) GetAccessConfig() *AccessConfig
GetAccessConfig returns the Spec.accessConfig field for this resource in an AccessConfig object form.
func (*ExecAccessTemplate) GetStatus ¶
func (t *ExecAccessTemplate) GetStatus() ICoreStatus
GetStatus returns the core Status field for this resource.
Returns:
AccessRequestStatus
func (*ExecAccessTemplate) GetTargetRef ¶
func (t *ExecAccessTemplate) GetTargetRef() *CrossVersionObjectReference
GetTargetRef conforms to the controllers.OzTemplateResource interface.
type ExecAccessTemplateList ¶
type ExecAccessTemplateList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []ExecAccessTemplate `json:"items"` }
ExecAccessTemplateList contains a list of ExecAccessTemplate
func (*ExecAccessTemplateList) DeepCopy ¶
func (in *ExecAccessTemplateList) DeepCopy() *ExecAccessTemplateList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecAccessTemplateList.
func (*ExecAccessTemplateList) DeepCopyInto ¶
func (in *ExecAccessTemplateList) DeepCopyInto(out *ExecAccessTemplateList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ExecAccessTemplateList) DeepCopyObject ¶
func (in *ExecAccessTemplateList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ExecAccessTemplateSpec ¶
type ExecAccessTemplateSpec struct { // AccessConfig provides a common struct for defining who has access to the resources this // template controls, how long they have access, etc. AccessConfig AccessConfig `json:"accessConfig"` // ControllerTargetRef provides a pattern for referencing objects from another API in a generic way. // // +kubebuilder:validation:Required ControllerTargetRef *CrossVersionObjectReference `json:"controllerTargetRef"` }
ExecAccessTemplateSpec defines the desired state of ExecAccessTemplate
func (*ExecAccessTemplateSpec) DeepCopy ¶
func (in *ExecAccessTemplateSpec) DeepCopy() *ExecAccessTemplateSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecAccessTemplateSpec.
func (*ExecAccessTemplateSpec) DeepCopyInto ¶
func (in *ExecAccessTemplateSpec) DeepCopyInto(out *ExecAccessTemplateSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ExecAccessTemplateStatus ¶
type ExecAccessTemplateStatus struct {
CoreStatus `json:",inline"`
}
ExecAccessTemplateStatus is the core set of status fields that we expect to be in each and every one of our template (AccessTemplate, ExecAccessTemplate, etc) resources.
func (*ExecAccessTemplateStatus) DeepCopy ¶
func (in *ExecAccessTemplateStatus) DeepCopy() *ExecAccessTemplateStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ExecAccessTemplateStatus.
func (*ExecAccessTemplateStatus) DeepCopyInto ¶
func (in *ExecAccessTemplateStatus) DeepCopyInto(out *ExecAccessTemplateStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type IConditionType ¶
type IConditionType interface {
String() string
}
IConditionType provides an interface for accepting any condition string that has a String() function. This simplifies the controllers/internal/status/update_status.go code to have a single UpdateStatus() function.
+kubebuilder:object:generate=false
type ICoreResource ¶
type ICoreResource interface { // Common client.Object stuff metav1.Object runtime.Object // Returns a Status object that matches our ICoreStatus interface. GetStatus() ICoreStatus }
The ICoreResource interface wraps a standard client.Object resource (metav1.Object + runtime.Object) with a few additional requirements for common methods that we use throughout our reconciliation process.
+kubebuilder:object:generate=false
type ICoreStatus ¶
ICoreStatus is used to define the core common status functions that all Status structs in this API must adhere to. These common functions simplify the reconciler() functions so that they can easily get/set status on the resources in a common way.
+kubebuilder:object:generate=false
type IPodRequestResource ¶
type IPodRequestResource interface { IRequestResource // Sets the Status.PodName field if it is empty. If it is set, returns an error. SetPodName(string) error // Gets the Status.PodName field, or returns an empty string. GetPodName() string }
IPodRequestResource is a Pod-access specific request interface that exposes a few more functions for storing references to specific Pods that the requestor is being granted access to.
+kubebuilder:object:generate=false
type IRequestResource ¶
type IRequestResource interface { ICoreResource // Returns a populated ITemplateResource that this IRequestResource points to GetTemplate(context.Context, client.Client) (ITemplateResource, error) // Returns the user-supplied Spec.templateName field GetTemplateName() string // Returns the Spec.duration in time.Duration() format, or nil. GetDuration() (time.Duration, error) // Returns the uptime in time.Duration() format GetUptime() time.Duration }
IRequestResource represents a common "AccesRequest" resource for the Oz Controller. These requests have a common set of required methods that are used by the OzRequestReconciler.
+kubebuilder:object:generate=false
type IRequestStatus ¶
type IRequestStatus interface { ICoreStatus SetAccessMessage(string) GetAccessMessage() string }
IRequestStatus is a more specific Status interface that enables getting and setting access instruction methods.
+kubebuilder:object:generate=false
type ITemplateResource ¶
type ITemplateResource interface { ICoreResource // Returns a CrossVersionObjectReference to the controller target for the template. Eg Deployment, StatefulSet, etc. GetTargetRef() *CrossVersionObjectReference // Returns the Spec.accessConfig GetAccessConfig() *AccessConfig }
ITemplateResource represents a common "AccessTemplate" resource for the Oz Controller. These templates provide different types of access into resources (eg, "Exec" vs "Debug" vs "launch me a dedicated pod"). A set of common methods are required though that are used by the OzTemplateReconciler.
+kubebuilder:object:generate=false
type ITemplateStatus ¶
type ITemplateStatus interface { ICoreStatus }
ITemplateStatus provides a more specific Status interface for Access Templates. Functionality to come in the future.
+kubebuilder:object:generate=false
type JSONPatchOperation ¶
type JSONPatchOperation struct { // +kubebuilder:validation:Enum=add;remove;replace;move;copy;test Operation JSONPatchOperationType `json:"op"` // +kubebuilder:validation:Required Path string `json:"path"` // +kubebuilder:validation:Optional Value intstr.IntOrString `json:"value,omitempty"` }
JSONPatchOperation represents a JSON Patch operation defined in https://www.rfc-editor.org/rfc/rfc6902.html
func (*JSONPatchOperation) DeepCopy ¶
func (in *JSONPatchOperation) DeepCopy() *JSONPatchOperation
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new JSONPatchOperation.
func (*JSONPatchOperation) DeepCopyInto ¶
func (in *JSONPatchOperation) DeepCopyInto(out *JSONPatchOperation)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type JSONPatchOperationType ¶
type JSONPatchOperationType string
JSONPatchOperationType represents a JSON Patch operation defined in https://www.rfc-editor.org/rfc/rfc6902.html. Eg, "add", "remove", etc.
const ( JSONPatchOperationTypeAdd JSONPatchOperationType = "add" JSONPatchOperationTypeRemove JSONPatchOperationType = "remove" JSONPatchOperationTypeReplace JSONPatchOperationType = "replace" JSONPatchOperationTypeMove JSONPatchOperationType = "move" JSONPatchOperationTypeCopy JSONPatchOperationType = "copy" JSONPatchOperationTypeTest JSONPatchOperationType = "test" )
Valid Operation Types
type PodAccessRequest ¶
type PodAccessRequest struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec PodAccessRequestSpec `json:"spec,omitempty"` Status PodAccessRequestStatus `json:"status,omitempty"` }
PodAccessRequest is the Schema for the accessrequests API
+kubebuilder:printcolumn:name="Template",type="string",JSONPath=".spec.templateName",description="Access Template" +kubebuilder:printcolumn:name="Pod",type="string",JSONPath=".status.podName",description="Target Pod Name" +kubebuilder:printcolumn:name="Ready",type="boolean",JSONPath=".status.ready",description="Is request ready?"
func GetPodAccessRequest ¶
func GetPodAccessRequest( ctx context.Context, cl client.Client, name string, namespace string, ) (*PodAccessRequest, error)
GetPodAccessRequest returns back an ExecAccessRequest resource matching the request supplied to the reconciler loop, or returns back an error.
func (*PodAccessRequest) DeepCopy ¶
func (in *PodAccessRequest) DeepCopy() *PodAccessRequest
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodAccessRequest.
func (*PodAccessRequest) DeepCopyInto ¶
func (in *PodAccessRequest) DeepCopyInto(out *PodAccessRequest)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PodAccessRequest) DeepCopyObject ¶
func (in *PodAccessRequest) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*PodAccessRequest) Default ¶
func (r *PodAccessRequest) Default(_ admission.Request) error
Default implements webhook.Defaulter so a webhook will be registered for the type
func (*PodAccessRequest) GetDuration ¶
func (r *PodAccessRequest) GetDuration() (time.Duration, error)
GetDuration conform to the interfaces.OzRequestResource interface
func (*PodAccessRequest) GetPodName ¶
func (r *PodAccessRequest) GetPodName() string
GetPodName returns the PodName that has been assigned to the Status field within this AccessRequest.
func (*PodAccessRequest) GetStatus ¶
func (r *PodAccessRequest) GetStatus() ICoreStatus
GetStatus returns the core Status field for this resource.
Returns:
AccessRequestStatus
func (*PodAccessRequest) GetTemplate ¶
func (r *PodAccessRequest) GetTemplate( ctx context.Context, cl client.Client, ) (ITemplateResource, error)
GetTemplate returns a populated PodAccessTemplate that this PodAccessRequest is referencing.
func (*PodAccessRequest) GetTemplateName ¶
func (r *PodAccessRequest) GetTemplateName() string
GetTemplateName returns the user supplied Spec.templateName field
func (*PodAccessRequest) GetUptime ¶
func (r *PodAccessRequest) GetUptime() time.Duration
GetUptime conform to the interfaces.OzRequestResource interface
func (*PodAccessRequest) SetPodName ¶
func (r *PodAccessRequest) SetPodName(name string) error
SetPodName conforms to the interfaces.OzRequestResource interface
func (*PodAccessRequest) SetupWebhookWithManager ¶
func (r *PodAccessRequest) SetupWebhookWithManager(mgr ctrl.Manager) error
SetupWebhookWithManager configures the webhook service in the Manager to accept MutatingWebhookConfiguration and ValidatingWebhookConfiguration calls from the Kubernetes API server.
func (*PodAccessRequest) ValidateCreate ¶
ValidateCreate implements webhook.IContextuallyValidatableObject so a webhook will be registered for the type
func (*PodAccessRequest) ValidateDelete ¶
ValidateDelete implements webhook.IContextuallyValidatableObject so a webhook will be registered for the type
func (*PodAccessRequest) ValidateUpdate ¶
func (r *PodAccessRequest) ValidateUpdate(req admission.Request, _ runtime.Object) (admission.Warnings, error)
ValidateUpdate implements webhook.IContextuallyValidatableObject so a webhook will be registered for the type
type PodAccessRequestList ¶
type PodAccessRequestList struct { metav1.TypeMeta ` json:",inline"` metav1.ListMeta ` json:"metadata,omitempty"` Items []PodAccessRequest `json:"items"` }
PodAccessRequestList contains a list of AccessRequest
func (*PodAccessRequestList) DeepCopy ¶
func (in *PodAccessRequestList) DeepCopy() *PodAccessRequestList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodAccessRequestList.
func (*PodAccessRequestList) DeepCopyInto ¶
func (in *PodAccessRequestList) DeepCopyInto(out *PodAccessRequestList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PodAccessRequestList) DeepCopyObject ¶
func (in *PodAccessRequestList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type PodAccessRequestSpec ¶
type PodAccessRequestSpec struct { // Defines the name of the `ExecAcessTemplate` that should be used to grant access to the target // resource. // // +kubebuilder:validation:Required TemplateName string `json:"templateName"` // Duration sets the length of time from the `spec.creationTimestamp` that this object will live. After the // time has expired, the resouce will be automatically deleted on the next reconcilliation loop. // // If omitted, the spec.defautlDuration from the ExecAccessTemplate is used. // // Valid time units are "s", "m", "h". // // +kubebuilder:validation:Optional // +kubebuilder:validation:Pattern="^[0-9]+(s|m|h)$" Duration string `json:"duration,omitempty"` }
PodAccessRequestSpec defines the desired state of AccessRequest
func (*PodAccessRequestSpec) DeepCopy ¶
func (in *PodAccessRequestSpec) DeepCopy() *PodAccessRequestSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodAccessRequestSpec.
func (*PodAccessRequestSpec) DeepCopyInto ¶
func (in *PodAccessRequestSpec) DeepCopyInto(out *PodAccessRequestSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PodAccessRequestStatus ¶
type PodAccessRequestStatus struct { CoreStatus `json:",inline"` // The Target Pod Name where access has been granted PodName string `json:"podName,omitempty"` }
PodAccessRequestStatus defines the observed state of AccessRequest
func (*PodAccessRequestStatus) DeepCopy ¶
func (in *PodAccessRequestStatus) DeepCopy() *PodAccessRequestStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodAccessRequestStatus.
func (*PodAccessRequestStatus) DeepCopyInto ¶
func (in *PodAccessRequestStatus) DeepCopyInto(out *PodAccessRequestStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PodAccessTemplate ¶
type PodAccessTemplate struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec PodAccessTemplateSpec `json:"spec,omitempty"` Status PodAccessTemplateStatus `json:"status,omitempty"` }
PodAccessTemplate is the Schema for the accesstemplates API
+kubebuilder:object:root=true +kubebuilder:printcolumn:name="Ready",type="boolean",JSONPath=".status.ready",description="Is template ready?"
func GetPodAccessTemplate ¶
func GetPodAccessTemplate( ctx context.Context, cl client.Client, name string, namespace string, ) (*PodAccessTemplate, error)
GetPodAccessTemplate returns back an AccessTemplate resource matching the request supplied to the reconciler loop, or returns back an error.
func (*PodAccessTemplate) DeepCopy ¶
func (in *PodAccessTemplate) DeepCopy() *PodAccessTemplate
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodAccessTemplate.
func (*PodAccessTemplate) DeepCopyInto ¶
func (in *PodAccessTemplate) DeepCopyInto(out *PodAccessTemplate)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PodAccessTemplate) DeepCopyObject ¶
func (in *PodAccessTemplate) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
func (*PodAccessTemplate) GetAccessConfig ¶
func (t *PodAccessTemplate) GetAccessConfig() *AccessConfig
GetAccessConfig returns the Spec.accessConfig field for this resource in an AccessConfig object form.
func (*PodAccessTemplate) GetStatus ¶
func (t *PodAccessTemplate) GetStatus() ICoreStatus
GetStatus returns the core Status field for this resource.
Returns:
PodAccessRequestStatus
func (*PodAccessTemplate) GetTargetRef ¶
func (t *PodAccessTemplate) GetTargetRef() *CrossVersionObjectReference
GetTargetRef conforms to the controllers.OzTemplateResource interface.
func (*PodAccessTemplate) Validate ¶
func (t *PodAccessTemplate) Validate() error
Validate the inputs
type PodAccessTemplateList ¶
type PodAccessTemplateList struct { metav1.TypeMeta ` json:",inline"` metav1.ListMeta ` json:"metadata,omitempty"` Items []PodAccessTemplate `json:"items"` }
PodAccessTemplateList contains a list of AccessTemplate
func (*PodAccessTemplateList) DeepCopy ¶
func (in *PodAccessTemplateList) DeepCopy() *PodAccessTemplateList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodAccessTemplateList.
func (*PodAccessTemplateList) DeepCopyInto ¶
func (in *PodAccessTemplateList) DeepCopyInto(out *PodAccessTemplateList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PodAccessTemplateList) DeepCopyObject ¶
func (in *PodAccessTemplateList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type PodAccessTemplateSpec ¶
type PodAccessTemplateSpec struct { // AccessConfig provides a common struct for defining who has access to the resources this // template controls, how long they have access, etc. AccessConfig AccessConfig `json:"accessConfig"` // ControllerTargetRef provides a pattern for referencing objects from another API in a generic way. // // +kubebuilder:validation:Optional ControllerTargetRef *CrossVersionObjectReference `json:"controllerTargetRef"` // ControllerTargetMutationConfig contains parameters that allow for customizing the copy of a // controller-sourced PodSpec. This setting is only valid if controllerTargetRef is set. // // +kubebuilder:validation:Optional ControllerTargetMutationConfig *PodTemplateSpecMutationConfig `json:"controllerTargetMutationConfig,omitempty"` // PodSpec ... // // +kubebuilder:validation:Optional PodSpec *corev1.PodSpec `json:"podSpec,omitempty"` // Upper bound of the ephemeral storage that an AccessRequest can make against this template for // the primary container. // // +kubebuilder:validation:Optional MaxStorage resource.Quantity `json:"maxStorage,omitempty"` // Upper bound of the CPU that an AccessRequest can make against this tmemplate for the primary container. // // +kubebuilder:validation:Optional MaxCPU resource.Quantity `json:"maxCpu,omitempty"` // Upper bound of the memory that an AccessRequest can make against this template for the primary container. // // +kubebuilder:validation:Optional MaxMemory resource.Quantity `json:"maxMemory,omitempty"` }
PodAccessTemplateSpec defines the desired state of AccessTemplate
func (*PodAccessTemplateSpec) DeepCopy ¶
func (in *PodAccessTemplateSpec) DeepCopy() *PodAccessTemplateSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodAccessTemplateSpec.
func (*PodAccessTemplateSpec) DeepCopyInto ¶
func (in *PodAccessTemplateSpec) DeepCopyInto(out *PodAccessTemplateSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PodAccessTemplateStatus ¶
type PodAccessTemplateStatus struct {
CoreStatus `json:",inline"`
}
PodAccessTemplateStatus defines the observed state of PodAccessTemplate
func (*PodAccessTemplateStatus) DeepCopy ¶
func (in *PodAccessTemplateStatus) DeepCopy() *PodAccessTemplateStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodAccessTemplateStatus.
func (*PodAccessTemplateStatus) DeepCopyInto ¶
func (in *PodAccessTemplateStatus) DeepCopyInto(out *PodAccessTemplateStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PodTemplateSpecMutationConfig ¶
type PodTemplateSpecMutationConfig struct { // DefaultContainerName allows the operator to define which container is considered the default // container, and that is the container that this mutation configuration applies to. If not set, // then the first container defined in the spec.containers[] list is patched. DefaultContainerName string `json:"defaultContainerName,omitempty"` // Command is used to override the .Spec.containers[0].command field for the target Pod and // Container. This can be handy in ensuring that the default application does not start up and // do any work. If set, this overrides the Spec.conatiners[0].args property as well. Command *[]string `json:"command,omitempty"` // Args will override the Spec.containers[0].args property. Args *[]string `json:"args,omitempty"` // Env allows overriding specific environment variables (or adding new ones). Note, we do not // purge the original environmnt variables. Env []corev1.EnvVar `json:"env,omitempty"` // If supplied these resource requirements will override the default .Spec.containers[0].resource requested for the // the pod. Note though that we do not override all of the resource requests in the Pod because there may be many // containers. Resources corev1.ResourceRequirements `json:"resources,omitempty"` // If supplied, these // [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) // are applied to the target // [`PodTemplateSpec`](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#podtemplatespec-v1-core). // These are merged into the final Annotations. If you want to _replace_ // the annotations, make sure to set the `purgeAnnotations` flag to `true`. PodAnnotations *map[string]string `json:"podAnnotations,omitempty"` // If supplied, Oz will insert these // [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) // into the target // [`PodTemplateSpec`](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podtemplatespec-v1-core). // By default Oz purges all Labels from pods (to prevent the new Pod from // having traffic routed to it), so this is effectively a new set of labels // applied to the Pod. PodLabels *map[string]string `json:"podLabels,omitempty"` // By default, Oz keeps the original // [`PodTemplateSpec`](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#podtemplatespec-v1-core) // `metadata.annotations` field. If you want to purge this, set this flag // to `true.` // // +kubebuilder:default:=false PurgeAnnotations bool `json:"purgeAnnotations,omitempty"` // PatchSpecOperations contains a list of JSON patch operations to apply to the PodSpec. // [`JSONPatch`](https://www.rfc-editor.org/rfc/rfc6902.html) PatchSpecOperations []JSONPatchOperation `json:"patchSpecOperations,omitempty"` // By default, Oz wipes out the PodSpec // [`terminationGracePeriodSeconds`](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podspec-v1-core) // setting on Pods to ensure that they can be killed as soon as the // AccessRequest expires. This flag overrides that behavior. // // +kubebuilder:default:=false KeepTerminationGracePeriod bool `json:"keepTerminationGracePeriod,omitempty"` // By default, Oz wipes out the PodSpec // [`livenessProbe`](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podspec-v1-core) // configuration for the default container so that the container does not // get terminated if the main application is not running or passing checks. // This setting overrides that behavior. // // +kubebuilder:default:=false KeepLivenessProbe bool `json:"keepLivenessProbe,omitempty"` // By default, Oz wipes out the PodSpec // [`readinessProbe`](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podspec-v1-core) // configuration for the default container so that the container does not // get terminated if the main application is not running or passing checks. // This setting overrides that behavior. // // +kubebuilder:default:=false KeepReadinessProbe bool `json:"keepReadinessProbe,omitempty"` // By default, Oz wipes out the PodSpec // [`startupProbe`](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podspec-v1-core) // configuration for the default container so that the container does not // get terminated if the main application is not running or passing checks. // This setting overrides that behavior. // // +kubebuilder:default:=false KeepStartupProbe bool `json:"keepStartupProbe,omitempty"` // By default, Oz wipes out the PodSpec // [`topologySpreadConstraints`](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) // configuration for the Pod because these access pods are not part of the // same group of pods that are passing traffic. This setting overrides that behavior. KeepTopologySpreadConstraints bool `json:"keepTopologySpreadConstraints,omitempty"` // If supplied, Oz will insert these // [nodeSelector](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#scheduling) // into the target // [`PodTemplateSpec`](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.19/#podtemplatespec-v1-core). NodeSelector *map[string]string `json:"nodeSelector,omitempty"` }
PodTemplateSpecMutationConfig provides a common pattern for describing mutations to an existing PodSpec that should be applied. The primary use case is in the PodAccessTemplate, where an existing controller (Deployment, DaemonSet, StatefulSet) can be used as the reference for the PodSpec that is launched for the user. However, the operator may want to make modifications to the PodSpec at launch time (eg, change the entrypoint command or arguments).
TODO: Add affinity
func (*PodTemplateSpecMutationConfig) DeepCopy ¶
func (in *PodTemplateSpecMutationConfig) DeepCopy() *PodTemplateSpecMutationConfig
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PodTemplateSpecMutationConfig.
func (*PodTemplateSpecMutationConfig) DeepCopyInto ¶
func (in *PodTemplateSpecMutationConfig) DeepCopyInto(out *PodTemplateSpecMutationConfig)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*PodTemplateSpecMutationConfig) PatchPodTemplateSpec ¶
func (c *PodTemplateSpecMutationConfig) PatchPodTemplateSpec( ctx context.Context, orig corev1.PodTemplateSpec, ) (corev1.PodTemplateSpec, error)
PatchPodTemplateSpec returns a mutated new PodSpec object based on the supplied spec, and the parameters in the PodSpecMutationConfig struct.
Returns:
corev1.PodSpec: A new PodSpec object with the mutated configuration.
revive:disable:cyclomatic High complexity score but easy to understand
type RequestConditionTypes ¶
type RequestConditionTypes string
RequestConditionTypes defines a set of known Status.Condition[].ConditionType fields that are used throughout the AccessRequest and AccessTemplate reconcilers.
const ( // ConditionRequestDurationsValid is used by both AccessTemplate and // AccessRequest resources. It indicates whether or not the various // duration fields are valid. ConditionRequestDurationsValid RequestConditionTypes = "AccessDurationsValid" // ConditionTargetTemplateExists indicates that the Access Request is // pointing to a valid Access Template. ConditionTargetTemplateExists RequestConditionTypes = "TargetTemplateExists" // ConditionAccessStillValid is continaully updated based on whether or not // the Access Request has timed out. ConditionAccessStillValid RequestConditionTypes = "AccessStillValid" // ConditionAccessResourcesCreated indicates whether or not the target // access request resources have been properly created. ConditionAccessResourcesCreated RequestConditionTypes = "AccessResourcesCreated" // ConditionAccessResourcesReady indicates that all of the "access // resources" (eg, a Pod) are up and in the ready state. ConditionAccessResourcesReady RequestConditionTypes = "AccessResourcesReady" // ConditionAccessMessage is used to record ConditionAccessMessage RequestConditionTypes = "AccessMessage" )
func (RequestConditionTypes) String ¶
func (x RequestConditionTypes) String() string
String implements the fmt.Stringer interface.
type TemplateConditionTypes ¶
type TemplateConditionTypes string
TemplateConditionTypes defines a set of known Status.Condition[].ConditionType fields that are used throughout the AccessTemplate reconcilers and written to the ITemplateResource resources.
const ( // ConditionTemplateDurationsValid is used by both AccessTemplate and // AccessRequest resources. It indicates whether or not the various // duration fields are valid. ConditionTemplateDurationsValid TemplateConditionTypes = "TemplateDurationsValid" // ConditionTargetRefExists indicates whether or not an AccessTemplate is // pointing to a valid Controller. ConditionTargetRefExists TemplateConditionTypes = "TargetRefExists" )
func (TemplateConditionTypes) String ¶
func (x TemplateConditionTypes) String() string
String implements the fmt.Stringer interface.
Source Files ¶
- access_config.go
- condition_types.go
- const.go
- core_status.go
- cross_version_object_reference.go
- doc.go
- exec_access_request_types.go
- exec_access_request_webhook.go
- exec_access_template_types.go
- groupversion_info.go
- interfaces.go
- pod_access_request_types.go
- pod_access_request_webhook.go
- pod_access_template_types.go
- pod_spec_mutation_config.go
- utils.go
- zz_generated.deepcopy.go