Documentation ¶
Index ¶
- Constants
- Variables
- func GetMinMax(limitRanges []*corev1.LimitRange, resourceName corev1.ResourceName) (minimum *resource.Quantity, maximum *resource.Quantity)
- func IsNamespaceExempt(name string) bool
- func NewMutator(config *Config, minimum *CPUMemory, maximum *CPUMemory, ...) (mutator *podMutator, err error)
- func Patch(original runtime.RawExtension, mutated *corev1.Pod) (patches []byte, err error)
- type Admission
- type CPUMemory
- type ClusterResourceOverride
- type ClusterResourceOverrideSpec
- type Config
- type ConfigLoaderFunc
Constants ¶
const ( Resource = "clusterresourceoverrides" Singular = "clusterresourceoverride" Name = "clusterresourceoverride" )
const ( SpcType = "spc_t" SelinuxRelabelResource = "forceselinuxrelabel" SelinuxRelabelGroup = "admission.node.openshift.io" )
Variables ¶
var (
BadRequestErr = errors.New("unexpected object")
)
var ( // SelinuxFixEnabledLabelName is the name of the label applied to the pod SelinuxFixEnabledLabelName = fmt.Sprintf("%s.%s/enabled", SelinuxRelabelResource, SelinuxRelabelGroup) )
Functions ¶
func GetMinMax ¶
func GetMinMax(limitRanges []*corev1.LimitRange, resourceName corev1.ResourceName) (minimum *resource.Quantity, maximum *resource.Quantity)
GetMinMax finds the Minimum and Maximum limit for respectively for the specified resource. Nil is returned if limitRanges is empty or limits contains no resourceName limits.
func IsNamespaceExempt ¶
func NewMutator ¶
func Patch ¶
Patch takes 2 byte arrays and returns a new response with json patch. The original object should be passed in as raw bytes to avoid the roundtripping problem described in https://github.com/kubernetes-sigs/kubebuilder/issues/510.
Types ¶
type Admission ¶
type Admission interface { // GetConfiguration returns the configuration in use by the admission logic. GetConfiguration() *Config // IsApplicable returns true if the given resource inside the request is // applicable to this admission controller. Otherwise it returns false. IsApplicable(request *admissionv1.AdmissionRequest) bool // IsExempt returns true if the given resource is exempt from being admitted. // Otherwise it returns false. On any error, response is set with appropriate // status and error message. // If response is not nil, the caller should not proceed with the admission. IsExempt(request *admissionv1.AdmissionRequest) (exempt bool, selinuxExempt bool, response *admissionv1.AdmissionResponse) // Admit makes an attempt to admit the specified resource in the request. // It returns an AdmissionResponse that is set appropriately. On success, // the response should contain the patch for update. Admit(admissionSpec *admissionv1.AdmissionRequest) *admissionv1.AdmissionResponse }
Admission interface encapsulates the admission logic for ClusterResourceOverride plugin.
func NewAdmission ¶
func NewAdmission(kubeClientConfig *restclient.Config, stopCh <-chan struct{}, configLoaderFunc ConfigLoaderFunc) (admission Admission, err error)
NewInClusterAdmission returns a new instance of Admission that is appropriate to be consumed in cluster.
func NewInClusterAdmission ¶
func NewInClusterAdmission(kubeClientConfig *restclient.Config, stopCh <-chan struct{}) (admission Admission, err error)
NewInClusterAdmission returns a new instance of Admission that is appropriate to be consumed in cluster.
type ClusterResourceOverride ¶
type ClusterResourceOverride struct { metav1.TypeMeta `json:",inline"` Spec ClusterResourceOverrideSpec `json:"spec,omitempty"` }
ClusterResourceOverride is the configuration for the ClusterResourceOverride admission controller which overrides user-provided container request/limit values.
func Decode ¶
func Decode(reader io.Reader) (object *ClusterResourceOverride, err error)
DecodeUnstructured decodes a raw stream into a an unstructured.Unstructured instance.
func DecodeWithFile ¶
func DecodeWithFile(path string) (object *ClusterResourceOverride, err error)
type ClusterResourceOverrideSpec ¶
type ClusterResourceOverrideSpec struct { // ForceSelinuxRelabel (if true) label pods with spc_t if they have a PVC ForceSelinuxRelabel bool `json:"forceSelinuxRelabel"` // LimitCPUToMemoryPercent (if > 0) overrides the CPU limit to a ratio of the memory limit; // 100% overrides CPU to 1 core per 1GiB of RAM. This is done before overriding the CPU request. LimitCPUToMemoryPercent int64 `json:"limitCPUToMemoryPercent"` // CPURequestToLimitPercent (if > 0) overrides CPU request to a percentage of CPU limit CPURequestToLimitPercent int64 `json:"cpuRequestToLimitPercent"` // MemoryRequestToLimitPercent (if > 0) overrides memory request to a percentage of memory limit MemoryRequestToLimitPercent int64 `json:"memoryRequestToLimitPercent"` }
type Config ¶
type Config struct { ForceSelinuxRelabel bool LimitCPUToMemoryRatio float64 CpuRequestToLimitRatio float64 MemoryRequestToLimitRatio float64 }
func ConvertExternalConfig ¶
func ConvertExternalConfig(object *ClusterResourceOverride) *Config
type ConfigLoaderFunc ¶
ConfigLoaderFunc loads a Config object from appropriate source and returns it.