Documentation

Index

Constants

View Source
const (
	YamlSeparator = "(?m)^---[ \t]*$"
	CertDir       = "/opt/ca"

	KfDefAnnotation   = "kfctl.kubeflow.io"
	ForceDelete       = "force-delete"
	SetAnnotation     = "set-kubeflow-annotation"
	KfDefInstance     = "kfdef-instance"
	InstallByOperator = "install-by-operator"
)

Variables

This section is empty.

Functions

func BuildClientCmdAPI

func BuildClientCmdAPI(config *rest.Config, token string) *clientcmdapi.Config

BuildClientCmdAPI takeks k8s config and access token, build and return clientcmdapi.Config entry

func BuildClusterConfig

func BuildClusterConfig(ctx context.Context, token string, project string, zone string,
	clusterID string) (*rest.Config, error)

func BuildConfigFromClusterInfo

func BuildConfigFromClusterInfo(ctx context.Context, cluster *containerpb.Cluster, ts oauth2.TokenSource) (*rest.Config, error)

BuildConfigFromClusterInfo returns k8s config using gcloud Application Default Credentials typically $HOME/.config/gcloud/application_default_credentials.json

func CheckAwsAccountId

func CheckAwsAccountId(sess *session.Session) (string, error)

CheckAwsAccountId runs GetCallIdentity to retrieve account information

func CheckAwsStsCallerIdentity

func CheckAwsStsCallerIdentity(sess *session.Session) error

CheckAwsStsCallerIdentity runs GetCallIdentity to make sure aws credentials is configured correctly

func CheckCommandExist

func CheckCommandExist(commandName string) error

CheckCommandExist check if a command can be found in PATH.

func ClearIamPolicy

func ClearIamPolicy(currentPolicy *cloudresourcemanager.Policy, deployName string, project string)

Modify currentPolicy: Remove existing bindings associated with service accounts of current deployment

func CreateK8sRoleBing

func CreateK8sRoleBing(config *rest.Config, roleBinding *v1.ClusterRoleBinding) error

func CreateKubeconfig

func CreateKubeconfig(ctx context.Context, project string, loc string, cluster string,
	namespace string, ts oauth2.TokenSource) (*clientcmdapi.Config, error)

Create a config that serves as kubeconfig.

func CreateResourceFromFile

func CreateResourceFromFile(config *rest.Config, filename string, elems ...configtypes.NameValue) error

func DeleteResource

func DeleteResource(resourceBytes []byte, kubeclient client.Client, timeout time.Duration, byOperator bool) error

DeleteResource removes resource. Prior to that it checks whether the resource is created through the kubeflow operator. always removes the resource if it is not created by the Kubeflow operator, otherwise checks the annotation to be sure the resource is part of the deployment and then remove.

func DeleteResourceFromFile

func DeleteResourceFromFile(config *rest.Config, filename string) error

func GetClusterInfo

func GetClusterInfo(ctx context.Context, project string, loc string, cluster string, ts oauth2.TokenSource) (*containerpb.Cluster, error)

Use default token source and retrieve cluster information with given project/location/cluster information.

func GetEksctlVersion

func GetEksctlVersion() (string, error)

GetEksctlVersion return eksctl version on user's environment

func GetIamPolicy

func GetIamPolicy(project string, gcpClient *http.Client) (*cloudresourcemanager.Policy, error)

Gets IAM plicy from GCP for the whole project.

func GetObjectKindFromUri

func GetObjectKindFromUri(configFile string) (string, error)

func GetServiceAccountIamPolicy

func GetServiceAccountIamPolicy(iamService *iam.Service, project string, gsa string) (*iam.Policy, error)

GetServingAccountIamPolicy gets IAM policy for a service account

func IsRemoteFile

func IsRemoteFile(configFile string) (bool, error)

Checks if the path configFile is remote (e.g. http://github...)

func NewDefaultBackoff

func NewDefaultBackoff() *backoff.ExponentialBackOff

func PrettyPrint

func PrettyPrint(value interface{}) string

PrettyPrint returns a pretty format output of any value.

func PrintDiff

func PrintDiff(actual string, expected string)

PrintDiff pretty prints file differences.

TODO(jlewi): We use this functionality across a lot of go packages; not just in kubeflow/kfctl but in other repos like kubeflow/testing. We should think about moving it into its own go module so it can be easily reused.

func ReadIamBindingsYAML

func ReadIamBindingsYAML(filename string) (*cloudresourcemanager.Policy, error)

Reads IAM bindings file in YAML format.

func RewriteIamPolicy

func RewriteIamPolicy(currentPolicy *cloudresourcemanager.Policy, adding *cloudresourcemanager.Policy)

Either patch or remove role bindings from `src` policy.

func SetIamPolicy

func SetIamPolicy(project string, policy *cloudresourcemanager.Policy, gcpClient *http.Client) error

"Override" project's IAM policy with given config.

func SetServiceAccountIamPolicy

func SetServiceAccountIamPolicy(iamService *iam.Service, policy *iam.Policy, project string, gsa string) error

SetServingAccountIamPolicy sets IAM policy for a service account

func SortByKind

func SortByKind(manifests []*resource.Resource, ordering SortOrder) []*resource.Resource

SortByKind does an in-place sort of resources by Kind. Results are sorted by 'ordering'

func SplitYAML

func SplitYAML(resources []byte) ([][]byte, error)

func UpdateWorkloadIdentityBindingsPolicy

func UpdateWorkloadIdentityBindingsPolicy(currentPolicy *iam.Policy, project string, namespace string, ksa string) error

UpdateWorkloadIdentityBindingsPolicy updates the (service account) IAM policy with workload identity binding.

Types

type Apply

type Apply struct {
	// contains filtered or unexported fields
}

func NewApply

func NewApply(namespace string, restConfig *rest.Config) (*Apply, error)

func (*Apply) Apply

func (a *Apply) Apply(data []byte) error

func (*Apply) IfNamespaceExist

func (a *Apply) IfNamespaceExist(name string) bool

type Bindings

type Bindings struct {
	Members Members
	Roles   Roles
}

type IamBindingsYAML

type IamBindingsYAML struct {
	Bindings []Bindings
}

type Members

type Members []string

TODO: Move type definitions to appropriate place.

type Roles

type Roles []string

type SortOrder

type SortOrder []string

SortOrder is an ordering of Kinds.

var InstallOrder SortOrder = []string{
	"Namespace",
	"ResourceQuota",
	"LimitRange",
	"PodSecurityPolicy",
	"Secret",
	"ConfigMap",
	"StorageClass",
	"PersistentVolume",
	"PersistentVolumeClaim",
	"ServiceAccount",
	"CustomResourceDefinition",
	"ClusterRole",
	"ClusterRoleBinding",
	"Role",
	"RoleBinding",
	"Service",
	"DaemonSet",
	"Pod",
	"ReplicationController",
	"ReplicaSet",
	"Deployment",
	"StatefulSet",
	"Job",
	"CronJob",
	"Ingress",
	"MutatingWebhookConfiguration",
	"ValidatingWebhookConfiguration",
	"APIService",
}

Those occurring earlier in the list get installed before those occurring later in the list.

var UninstallOrder SortOrder = []string{
	"APIService",
	"ValidatingWebhookConfiguration",
	"MutatingWebhookConfiguration",
	"CustomResourceDefinition",
	"Ingress",
	"Service",
	"CronJob",
	"Job",
	"StatefulSet",
	"Deployment",
	"ReplicaSet",
	"ReplicationController",
	"Pod",
	"DaemonSet",
	"RoleBinding",
	"Role",
	"ClusterRoleBinding",
	"ClusterRole",
	"ServiceAccount",
	"PersistentVolumeClaim",
	"PersistentVolume",
	"StorageClass",
	"ConfigMap",
	"Secret",
	"PodSecurityPolicy",
	"LimitRange",
	"ResourceQuota",
	"Namespace",
}

UninstallOrder is the order in which resources should be uninstalled (by Kind). Those occurring earlier in the list get uninstalled before those occurring later in the list. Reason to move CustomResourceDefinition earlier is we want to leverage finalizer to delete created resources like profile -> namespaces, etc