k8s

package
v0.0.0-...-318d958 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 4, 2022 License: MIT Imports: 26 Imported by: 0

Documentation

Index

Constants

View Source
const (
	ProbePath         = "com.openfaas.health.http.path"
	ProbePathValue    = "/_/health"
	ProbeInitialDelay = "com.openfaas.health.http.initialDelay"
)
View Source
const EnvProcessName = "fprocess"

EnvProcessName is the name of the env variable containing the function process

View Source
const (

	// LogBufferSize number of log messages that may be buffered
	LogBufferSize = 500 * 2
)
View Source
const SecurityContextUserID = int64(12000)

nonRootFunctionuserID is the user id that is set when DeployHandlerConfig.SetNonRootUser is true. value >10000 per the suggestion from https://kubesec.io/basics/containers-securitycontext-runasuser/

Variables

This section is empty.

Functions

func AsFunctionStatus

func AsFunctionStatus(item appsv1.Deployment) *types.FunctionStatus

AsFunctionStatus reads a Deployment object into an OpenFaaS FunctionStatus, parsing the Deployment and Container spec into a simplified summary of the Function

func GetLogs

func GetLogs(ctx context.Context, client kubernetes.Interface, functionName, namespace string, tail int64, since *time.Time, follow bool) (<-chan Log, error)

GetLogs returns a channel of logs for the given function

func IsNotFound

func IsNotFound(err error) bool

isNotFound tests if the error is a kubernetes API error that indicates that the object was not found or does not exist

Types

type DeploymentConfig

type DeploymentConfig struct {
	RuntimeHTTPPort int32
	HTTPProbe       bool
	ReadinessProbe  *ProbeConfig
	LivenessProbe   *ProbeConfig
	ImagePullPolicy string
	// SetNonRootUser will override the function image user to ensure that it is not root. When
	// true, the user will set to 12000 for all functions.
	SetNonRootUser bool
}

DeploymentConfig holds the global deployment options

type FunctionFactory

type FunctionFactory struct {
	Client kubernetes.Interface
	Config DeploymentConfig
}

FunctionFactory is handling Kubernetes operations to materialise functions into deployments and services

func NewFunctionFactory

func NewFunctionFactory(clientset kubernetes.Interface, config DeploymentConfig) FunctionFactory

func (*FunctionFactory) ConfigureContainerUserID

func (f *FunctionFactory) ConfigureContainerUserID(deployment *appsv1.Deployment)

ConfigureContainerUserID sets the UID to 12000 for the function Container. Defaults to user specified in image metadata if `SetNonRootUser` is `false`. Root == 0.

func (*FunctionFactory) ConfigureReadOnlyRootFilesystem

func (f *FunctionFactory) ConfigureReadOnlyRootFilesystem(request types.FunctionDeployment, deployment *appsv1.Deployment)

ConfigureReadOnlyRootFilesystem will create or update the required settings and mounts to ensure that the ReadOnlyRootFilesystem setting works as expected, meaning:

  1. when ReadOnlyRootFilesystem is true, the security context of the container will have ReadOnlyRootFilesystem also marked as true and a new `/tmp` folder mount will be added to the deployment spec
  2. when ReadOnlyRootFilesystem is false, the security context of the container will also have ReadOnlyRootFilesystem set to false and there will be no mount for the `/tmp` folder

This method is safe for both create and update operations.

func (*FunctionFactory) ConfigureSecrets

func (f *FunctionFactory) ConfigureSecrets(request types.FunctionDeployment, deployment *appsv1.Deployment, existingSecrets map[string]*apiv1.Secret) error

ConfigureSecrets will update the Deployment spec to include secrets that have been deployed in the kubernetes cluster. For each requested secret, we inspect the type and add it to the deployment spec as appropriate: secrets with type `SecretTypeDockercfg/SecretTypeDockerjson` are added as ImagePullSecrets all other secrets are mounted as files in the deployments containers.

func (*FunctionFactory) MakeProbes

MakeProbes returns the liveness and readiness probes by default the health check runs `cat /tmp/.lock` every ten seconds

type FunctionLookup

type FunctionLookup struct {
	DefaultNamespace string
	EndpointLister   corelister.EndpointsLister
	Listers          map[string]corelister.EndpointsNamespaceLister
	// contains filtered or unexported fields
}

func NewFunctionLookup

func NewFunctionLookup(ns string, lister corelister.EndpointsLister) *FunctionLookup

func (*FunctionLookup) GetLister

func (*FunctionLookup) Resolve

func (l *FunctionLookup) Resolve(name string) (url.URL, error)

func (*FunctionLookup) SetLister

func (f *FunctionLookup) SetLister(ns string, lister corelister.EndpointsNamespaceLister)

type FunctionProbes

type FunctionProbes struct {
	Liveness  *corev1.Probe
	Readiness *corev1.Probe
}

type Log

type Log struct {
	// Text is the log message itself
	Text string `json:"text"`

	// Namespace of the pod
	Namespace string `json:"namespace"`

	// PodName of the instance
	PodName string `json:"podName"`

	// FunctionName of the pod
	FunctionName string `json:"FunctionName"`

	// Timestamp of the message
	Timestamp time.Time `json:"timestamp"`
}

Log is the object which will be used together with the template to generate the output.

type LogRequestor

type LogRequestor struct {
	// contains filtered or unexported fields
}

LogRequestor implements the Requestor interface for k8s

func NewLogRequestor

func NewLogRequestor(client kubernetes.Interface, functionNamespace string) *LogRequestor

NewLogRequestor returns a new logs.Requestor that uses kail to select and follow pod logs

func (LogRequestor) Query

func (l LogRequestor) Query(ctx context.Context, r logs.Request) (<-chan logs.Message, error)

Query implements the actual Swarm logs request logic for the Requestor interface This implementation ignores the r.Limit value because the OF-Provider already handles server side line limits.

type ProbeConfig

type ProbeConfig struct {
	InitialDelaySeconds int32
	TimeoutSeconds      int32
	PeriodSeconds       int32
}

ProbeConfig holds the deployment liveness and readiness options

type SecretInterfacer

type SecretInterfacer interface {
	// Secrets returns a SecretInterface scoped to the specified namespace
	Secrets(namespace string) typedV1.SecretInterface
}

SecretsInterfacer exposes the SecretInterface getter for the k8s client. This is implemented by the CoreV1Interface() interface in the Kubernetes client. The SecretsClient only needs this one interface, but needs to be able to set the namespaces when the interface is instantiated, meaning, we need the Getter and not the SecretInterface itself.

type SecretsClient

type SecretsClient interface {
	// List returns a list of available function secrets.  Only the names are returned
	// to ensure we do not accidentally read or print the sensitive values during
	// read operations.
	List(namespace string) (names []string, err error)
	// Create adds a new secret, with the appropriate labels and structure to be
	// used as a function secret.
	Create(secret types.Secret) error
	// Replace updates the value of a function secret
	Replace(secret types.Secret) error
	// Delete removes a function secret
	Delete(name string, namespace string) error
	// GetSecrets queries Kubernetes for a list of secrets by name in the given k8s namespace.
	// This should only be used if you need access to the actual secret structure/value. Specifically,
	// inside the FunctionFactory.
	GetSecrets(namespace string, secretNames []string) (map[string]*apiv1.Secret, error)
}

SecretsClient exposes the standardized CRUD behaviors for Kubernetes secrets. These methods will ensure that the secrets are structured and labelled correctly for use by the OpenFaaS system.

func NewSecretsClient

func NewSecretsClient(kube kubernetes.Interface) SecretsClient

NewSecretsClient constructs a new SecretsClient using the provided Kubernetes client.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL