clusterresourceoverride

package
v0.0.0-...-9c7426b Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 22, 2024 License: Apache-2.0 Imports: 23 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	Resource = "clusterresourceoverrides"
	Singular = "clusterresourceoverride"
	Name     = "clusterresourceoverride"
)
View Source 
const (
	SpcType                = "spc_t"
	SelinuxRelabelResource = "forceselinuxrelabel"
	SelinuxRelabelGroup    = "admission.node.openshift.io"
)

Variables

View Source 
var (
	BadRequestErr = errors.New("unexpected object")
)
View Source 
var (
	EnabledLabelName = fmt.Sprintf("%s.%s/enabled", Resource, api.Group)
)
View Source 
var (
	// SelinuxFixEnabledLabelName is the name of the label applied to the pod
	SelinuxFixEnabledLabelName = fmt.Sprintf("%s.%s/enabled", SelinuxRelabelResource, SelinuxRelabelGroup)
)

Functions

func GetMinMax 

func GetMinMax(limitRanges []*corev1.LimitRange, resourceName corev1.ResourceName) (minimum *resource.Quantity, maximum *resource.Quantity)

GetMinMax finds the Minimum and Maximum limit for respectively for the specified resource. Nil is returned if limitRanges is empty or limits contains no resourceName limits.

func IsNamespaceExempt 

func IsNamespaceExempt(name string) bool

func NewMutator 

func NewMutator(config *Config, minimum *CPUMemory, maximum *CPUMemory, cpuBaseScaleFactor float64) (mutator *podMutator, err error)

func Patch 

func Patch(original runtime.RawExtension, mutated *corev1.Pod) (patches []byte, err error)

Patch takes 2 byte arrays and returns a new response with json patch. The original object should be passed in as raw bytes to avoid the roundtripping problem described in https://github.com/kubernetes-sigs/kubebuilder/issues/510.

Types

type Admission 

type Admission interface {
	// GetConfiguration returns the configuration in use by the admission logic.
	GetConfiguration() *Config

	// IsApplicable returns true if the given resource inside the request is
	// applicable to this admission controller. Otherwise it returns false.
	IsApplicable(request *admissionv1.AdmissionRequest) bool

	// IsExempt returns true if the given resource is exempt from being admitted.
	// Otherwise it returns false. On any error, response is set with appropriate
	// status and error message.
	// If response is not nil, the caller should not proceed with the admission.
	IsExempt(request *admissionv1.AdmissionRequest) (exempt bool, selinuxExempt bool, response *admissionv1.AdmissionResponse)

	// Admit makes an attempt to admit the specified resource in the request.
	// It returns an AdmissionResponse that is set appropriately. On success,
	// the response should contain the patch for update.
	Admit(admissionSpec *admissionv1.AdmissionRequest) *admissionv1.AdmissionResponse
}

Admission interface encapsulates the admission logic for ClusterResourceOverride plugin.

func NewAdmission 

func NewAdmission(kubeClientConfig *restclient.Config, stopCh <-chan struct{}, configLoaderFunc ConfigLoaderFunc) (admission Admission, err error)

NewInClusterAdmission returns a new instance of Admission that is appropriate to be consumed in cluster.

func NewInClusterAdmission 

func NewInClusterAdmission(kubeClientConfig *restclient.Config, stopCh <-chan struct{}) (admission Admission, err error)

NewInClusterAdmission returns a new instance of Admission that is appropriate to be consumed in cluster.

type CPUMemory 

type CPUMemory struct {
	CPU    *resource.Quantity
	Memory *resource.Quantity
}

type ClusterResourceOverride 

type ClusterResourceOverride struct {
	metav1.TypeMeta `json:",inline"`
	Spec            ClusterResourceOverrideSpec `json:"spec,omitempty"`
}

ClusterResourceOverride is the configuration for the ClusterResourceOverride admission controller which overrides user-provided container request/limit values.

func Decode 

func Decode(reader io.Reader) (object *ClusterResourceOverride, err error)

DecodeUnstructured decodes a raw stream into a an unstructured.Unstructured instance.

func DecodeWithFile 

func DecodeWithFile(path string) (object *ClusterResourceOverride, err error)

type ClusterResourceOverrideSpec 

type ClusterResourceOverrideSpec struct {

	// ForceSelinuxRelabel (if true) label pods with spc_t if they have a PVC
	ForceSelinuxRelabel bool `json:"forceSelinuxRelabel"`

	// LimitCPUToMemoryPercent (if > 0) overrides the CPU limit to a ratio of the memory limit;
	// 100% overrides CPU to 1 core per 1GiB of RAM. This is done before overriding the CPU request.
	LimitCPUToMemoryPercent int64 `json:"limitCPUToMemoryPercent"`

	// CPURequestToLimitPercent (if > 0) overrides CPU request to a percentage of CPU limit
	CPURequestToLimitPercent int64 `json:"cpuRequestToLimitPercent"`

	// MemoryRequestToLimitPercent (if > 0) overrides memory request to a percentage of memory limit
	MemoryRequestToLimitPercent int64 `json:"memoryRequestToLimitPercent"`
}

type Config 

type Config struct {
	ForceSelinuxRelabel       bool
	LimitCPUToMemoryRatio     float64
	CpuRequestToLimitRatio    float64
	MemoryRequestToLimitRatio float64
}

func ConvertExternalConfig 

func ConvertExternalConfig(object *ClusterResourceOverride) *Config

func (*Config) String 

func (c *Config) String() string

type ConfigLoaderFunc 

type ConfigLoaderFunc func() (config *Config, err error)

ConfigLoaderFunc loads a Config object from appropriate source and returns it.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.