webhook

package
v1.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 18, 2024 License: Apache-2.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	AnnotationGcsfuseVolumeEnableKey = "gke-gcsfuse/volumes"

	IstioSidecarName = "istio-proxy"
)
View Source 
const (
	SidecarContainerName                  = "gke-gcsfuse-sidecar"
	SidecarContainerTmpVolumeName         = "gke-gcsfuse-tmp"
	SidecarContainerTmpVolumeMountPath    = "/gcsfuse-tmp"
	SidecarContainerBufferVolumeName      = "gke-gcsfuse-buffer"
	SidecarContainerBufferVolumeMountPath = "/gcsfuse-buffer"
	SidecarContainerCacheVolumeName       = "gke-gcsfuse-cache"
	SidecarContainerCacheVolumeMountPath  = "/gcsfuse-cache"

	// See the nonroot user discussion: https://github.com/GoogleContainerTools/distroless/issues/443
	NobodyUID = 65534
	NobodyGID = 65534
)

Variables

This section is empty.

Functions

func GetNativeSidecarContainerSpec added in v1.2.0 

func GetNativeSidecarContainerSpec(c *Config) v1.Container

func GetSidecarContainerSpec 

func GetSidecarContainerSpec(c *Config) v1.Container

func GetSidecarContainerVolumeSpec 

func GetSidecarContainerVolumeSpec(existingVolumes []v1.Volume) []v1.Volume

func MustParseVersion added in v1.2.0 

func MustParseVersion(v string) *version.Version

func ValidatePodHasSidecarContainerInjected 

func ValidatePodHasSidecarContainerInjected(pod *v1.Pod, shouldInjectedByWebhook bool) (bool, bool)

ValidatePodHasSidecarContainerInjected validates the following:

  1. One of the container or init container name matches the sidecar container name.
  2. The container uses NobodyUID and NobodyGID.
  3. The container uses the temp volume.
  4. The temp volume have correct volume mount paths.
  5. The Pod has the temp volume and the volume is an emptyDir volumes.

Returns two booleans:

  1. True when either native or regular sidecar is present.
  2. True iff the sidecar present is a native sidecar container.

Types

type Config 

type Config struct {
	ContainerImage  string `json:"-"`
	ImagePullPolicy string `json:"-"`
	//nolint:tagliatelle
	CPURequest resource.Quantity `json:"gke-gcsfuse/cpu-request,omitempty"`
	//nolint:tagliatelle
	CPULimit resource.Quantity `json:"gke-gcsfuse/cpu-limit,omitempty"`
	//nolint:tagliatelle
	MemoryRequest resource.Quantity `json:"gke-gcsfuse/memory-request,omitempty"`
	//nolint:tagliatelle
	MemoryLimit resource.Quantity `json:"gke-gcsfuse/memory-limit,omitempty"`
	//nolint:tagliatelle
	EphemeralStorageRequest resource.Quantity `json:"gke-gcsfuse/ephemeral-storage-request,omitempty"`
	//nolint:tagliatelle
	EphemeralStorageLimit resource.Quantity `json:"gke-gcsfuse/ephemeral-storage-limit,omitempty"`
}

func FakeConfig 

func FakeConfig() *Config

func LoadConfig 

func LoadConfig(containerImage, imagePullPolicy, cpuRequest, cpuLimit, memoryRequest, memoryLimit, ephemeralStorageRequest, ephemeralStorageLimit string) *Config

type SidecarInjector 

type SidecarInjector struct {
	Client client.Client
	// default sidecar container config values, can be overwritten by the pod annotations
	Config        *Config
	Decoder       *admission.Decoder
	NodeLister    listersv1.NodeLister
	ServerVersion *version.Version
}

func (*SidecarInjector) Handle 

func (si *SidecarInjector) Handle(_ context.Context, req admission.Request) admission.Response

Handle injects a gcsfuse sidecar container and a emptyDir to incoming qualified pods.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.