predicate

package
Version: v0.8.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 14, 2021 License: Apache-2.0 Imports: 7 Imported by: 2

Documentation

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func NewPause added in v0.6.0

func NewPause(key string) (predicate.Predicate, error)

NewPause returns a predicate that filters out objects with a truthy "paused" annotation. When an annotation with key string key is present on an object and has a truthy value, ex. "true", the watch constructed with this predicate will not pass events for that object to the event handler. Key string key must be a valid annotation key.

A note on security: since users that can CRUD a particular API can apply or remove annotations with default cluster admission controllers, this same set of users can therefore start or stop reconciliation of objects via this pause mechanism. If this is a concern, configure an admission webhook to enforce a stricter annotation modification policy. See AdmissionReview configuration for user info available to a webhook: https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/#request

Example

This example applies the Pause predicate to all incoming Pod events on a Pod controller.

package main

import (
	"context"
	"os"

	"github.com/operator-framework/operator-lib/predicate"
	v1 "k8s.io/api/core/v1"
	"sigs.k8s.io/controller-runtime/pkg/builder"
	"sigs.k8s.io/controller-runtime/pkg/client/config"
	"sigs.k8s.io/controller-runtime/pkg/manager"
	"sigs.k8s.io/controller-runtime/pkg/manager/signals"
	"sigs.k8s.io/controller-runtime/pkg/reconcile"
)

func main() {
	cfg, err := config.GetConfig()
	if err != nil {
		os.Exit(1)
	}

	mgr, err := manager.New(cfg, manager.Options{})
	if err != nil {
		os.Exit(1)
	}

	var r reconcile.Func = func(ctx context.Context, req reconcile.Request) (reconcile.Result, error) {
		// Your reconcile logic would go here. No paused Pod events would trigger reconciliation.
		return reconcile.Result{}, nil
	}

	// Filter out Pods with the "my.app/paused: true" annotation.
	pause, err := predicate.NewPause("my.app/paused")
	if err != nil {
		os.Exit(1)
	}
	pred := builder.WithPredicates(pause)
	if err := builder.ControllerManagedBy(mgr).For(&v1.Pod{}, pred).Complete(r); err != nil {
		os.Exit(1)
	}

	if err := mgr.Start(signals.SetupSignalHandler()); err != nil {
		os.Exit(1)
	}
}
Output:

Types

type DependentPredicate

type DependentPredicate struct {
	predicate.Funcs
}

DependentPredicate is a predicate that filters events for resources created as dependents of a primary resource. It follows the following rules:

  • Create events are ignored because it is assumed that the controller reconciling the parent is the client creating the dependent resources.
  • Update events that change only the dependent resource status are ignored because it is not typical for the controller of a primary resource to write to the status of one its dependent resources.
  • Deletion events are always handled because a controller will typically want to recreate deleted dependent resources if the primary resource is not deleted.
  • Generic events are ignored.

DependentPredicate is most often used in conjunction with controller-runtime's handler.EnqueueRequestForOwner

func (DependentPredicate) Create

Create filters out all events. It assumes that the controller reconciling the parent is the only client creating the dependent resources.

func (DependentPredicate) Delete

Delete passes all events through. This allows the controller to recreate deleted dependent resources if the primary resource is not deleted.

func (DependentPredicate) Generic

Generic filters out all events.

func (DependentPredicate) Update

Update filters out events that change only the dependent resource status. It is not typical for the controller of a primary resource to write to the status of one its dependent resources.

type NoGenerationPredicate

type NoGenerationPredicate struct {
	predicate.Funcs
}

NoGenerationPredicate implements a update predicate function for objects with no Generation value, like a Pod.

This predicate will allow update events on objects that never have their metadata.generation field updated by the system, i.e. do not respect Generation semantics: https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#metadata This allows a controller to update objects that may have had their spec changed but, because the object does not use a generation, will inform on that change in some other manner.

This predicate can be useful by itself, but is intended to be used in conjunction with sigs.k8s.io/controller-runtime/pkg/predicate.GenerationChangedPredicate to allow update events on all potentially changed objects, those that respect Generation semantics or those that do not:

import (
	corev1 "k8s.io/api/core/v1"
	appsv1 "k8s.io/api/apps/v1"
	ctrl "sigs.k8s.io/controller-runtime"
	"sigs.k8s.io/controller-runtime/pkg/event"
	ctrlpredicate "sigs.k8s.io/controller-runtime/pkg/predicate"
	libpredicate "github.com/operator-framework/operator-lib/predicate"

	"github.com/example/my-operator/api/v1alpha1"
)

func (r *MyTypeReconciler) SetupWithManager(mgr ctrl.Manager) error {
	return ctrl.NewControllerManagedBy(mgr).
		For(&v1alpha1.MyType{}).
		Owns(&corev1.Pod{}).				// Does not respect Generation.
		Owns(&appsv1.Deployment{}).	// Respects Generation.
		WithEventFilter(ctrlpredicate.Or(ctrlpredicate.GenerationChangedPredicate{}, libpredicate.NoGenerationPredicate{})).
		Complete(r)
}

func (NoGenerationPredicate) Update

Update implements the default UpdateEvent filter for validating absence Generation.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL