Documentation ¶
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewPause ¶ added in v0.6.0
NewPause returns a predicate that filters out objects with a truthy "paused" annotation. When an annotation with key string key is present on an object and has a truthy value, ex. "true", the watch constructed with this predicate will not pass events for that object to the event handler. Key string key must be a valid annotation key.
A note on security: since users that can CRUD a particular API can apply or remove annotations with default cluster admission controllers, this same set of users can therefore start or stop reconciliation of objects via this pause mechanism. If this is a concern, configure an admission webhook to enforce a stricter annotation modification policy. See AdmissionReview configuration for user info available to a webhook: https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#request
Example ¶
This example applies the Pause predicate to all incoming Pod events on a Pod controller.
package main import ( "context" "os" corev1 "k8s.io/api/core/v1" "sigs.k8s.io/controller-runtime/pkg/builder" "sigs.k8s.io/controller-runtime/pkg/client/config" "sigs.k8s.io/controller-runtime/pkg/manager" "sigs.k8s.io/controller-runtime/pkg/manager/signals" "sigs.k8s.io/controller-runtime/pkg/reconcile" "github.com/operator-framework/operator-lib/predicate" ) func main() { cfg, err := config.GetConfig() if err != nil { os.Exit(1) } mgr, err := manager.New(cfg, manager.Options{}) if err != nil { os.Exit(1) } var r reconcile.Func = func(_ context.Context, _ reconcile.Request) (reconcile.Result, error) { // Your reconcile logic would go here. No paused Pod events would trigger reconciliation. return reconcile.Result{}, nil } // Filter out Pods with the "my.app/paused: true" annotation. pause, err := predicate.NewPause("my.app/paused") if err != nil { os.Exit(1) } pred := builder.WithPredicates(pause) if err := builder.ControllerManagedBy(mgr).For(&corev1.Pod{}, pred).Complete(r); err != nil { os.Exit(1) } if err := mgr.Start(signals.SetupSignalHandler()); err != nil { os.Exit(1) } }
Output:
Types ¶
type DependentPredicate ¶
DependentPredicate is a predicate that filters events for resources created as dependents of a primary resource. It follows the following rules:
- Create events are ignored because it is assumed that the controller reconciling the parent is the client creating the dependent resources.
- Update events that change only the dependent resource status are ignored because it is not typical for the controller of a primary resource to write to the status of one its dependent resources.
- Deletion events are always handled because a controller will typically want to recreate deleted dependent resources if the primary resource is not deleted.
- Generic events are ignored.
DependentPredicate is most often used in conjunction with controller-runtime's handler.EnqueueRequestForOwner
func (DependentPredicate) Create ¶
func (DependentPredicate) Create(e event.CreateEvent) bool
Create filters out all events. It assumes that the controller reconciling the parent is the only client creating the dependent resources.
func (DependentPredicate) Delete ¶
func (DependentPredicate) Delete(e event.DeleteEvent) bool
Delete passes all events through. This allows the controller to recreate deleted dependent resources if the primary resource is not deleted.
func (DependentPredicate) Generic ¶
func (DependentPredicate) Generic(e event.GenericEvent) bool
Generic filters out all events.
func (DependentPredicate) Update ¶
func (DependentPredicate) Update(e event.UpdateEvent) bool
Update filters out events that change only the dependent resource status. It is not typical for the controller of a primary resource to write to the status of one its dependent resources.
type NoGenerationPredicate ¶
NoGenerationPredicate implements a update predicate function for objects with no Generation value, like a Pod.
This predicate will allow update events on objects that never have their metadata.generation field updated by the system, i.e. do not respect Generation semantics: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata This allows a controller to update objects that may have had their spec changed but, because the object does not use a generation, will inform on that change in some other manner.
This predicate can be useful by itself, but is intended to be used in conjunction with sigs.k8s.io/controller-runtime/pkg/predicate.GenerationChangedPredicate to allow update events on all potentially changed objects, those that respect Generation semantics or those that do not:
import ( corev1 "k8s.io/api/core/v1" appsv1 "k8s.io/api/apps/v1" ctrl "sigs.k8s.io/controller-runtime" "sigs.k8s.io/controller-runtime/pkg/event" ctrlpredicate "sigs.k8s.io/controller-runtime/pkg/predicate" libpredicate "github.com/operator-framework/operator-lib/predicate" "github.com/example/my-operator/api/v1alpha1" ) func (r *MyTypeReconciler) SetupWithManager(mgr ctrl.Manager) error { return ctrl.NewControllerManagedBy(mgr). For(&v1alpha1.MyType{}). Owns(&corev1.Pod{}). // Does not respect Generation. Owns(&appsv1.Deployment{}). // Respects Generation. WithEventFilter(ctrlpredicate.Or(ctrlpredicate.GenerationChangedPredicate{}, libpredicate.NoGenerationPredicate{})). Complete(r) }
func (NoGenerationPredicate) Update ¶
func (NoGenerationPredicate) Update(e event.UpdateEvent) bool
Update implements the default UpdateEvent filter for validating absence Generation.