Documentation ¶
Index ¶
- func ClientsetFromEnv(kubeConfigPath string) (*kubernetes.Clientset, error)
- func DefaultServerCiphers() []uint16
- func FilterPodsForNodeName(name string) node.PodEventFilterFunc
- func NodeLeaseV1Client(client kubernetes.Interface) coordclientset.LeaseInterface
- func PodFilters(filters ...node.PodEventFilterFunc) node.PodEventFilterFunc
- func PodInformerFilter(node string) kubeinformers.SharedInformerOption
- func WithAuth(auth Auth, h http.Handler) http.Handler
- func WithCACert(pem []byte) func(*tls.Config) error
- func WithCAFromPath(p string) func(*tls.Config) error
- func WithKeyPairFromPath(cert, key string) func(*tls.Config) error
- type Auth
- type NewProviderFunc
- type Node
- func (n *Node) Done() <-chan struct{}
- func (n *Node) Err() error
- func (n *Node) NodeController() *node.NodeController
- func (n *Node) PodController() *node.PodController
- func (n *Node) Ready() <-chan struct{}
- func (n *Node) Run(ctx context.Context) (retErr error)
- func (n *Node) WaitReady(ctx context.Context, timeout time.Duration) error
- type NodeConfig
- type NodeOpt
- type NodeRequestAttr
- type Provider
- type ProviderConfig
- type WebhookAuthConfig
- type WebhookAuthOption
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ClientsetFromEnv ¶
func ClientsetFromEnv(kubeConfigPath string) (*kubernetes.Clientset, error)
ClientsetFromEnv returns a kuberentes client set from: 1. the passed in kubeconfig path 2. If the kubeconfig path is empty or non-existent, then the in-cluster config is used.
func DefaultServerCiphers ¶ added in v1.6.0
func DefaultServerCiphers() []uint16
DefaultServerCiphers is the list of accepted TLS ciphers, with known weak ciphers elided Note this list should be a moving target.
func FilterPodsForNodeName ¶
func FilterPodsForNodeName(name string) node.PodEventFilterFunc
FilterPodsForNodeName creates an event filter function that filters pod events such that pod.Sepc.NodeName matches the provided name Use the return value of this as the PodEventFilterFunc in PodControllerConfig
func NodeLeaseV1Client ¶
func NodeLeaseV1Client(client kubernetes.Interface) coordclientset.LeaseInterface
NodeLeaseV1Client creates a V1 Lease client for use with node leases from the passed in client.
Use this with node.WithNodeEnableLeaseV1Beta1 when creating a node controller.
func PodFilters ¶
func PodFilters(filters ...node.PodEventFilterFunc) node.PodEventFilterFunc
PodFilters turns a list of pod filters into a single filter. When run, each item in the list is itterated in order until the first `true` result. If nothing returns true, the filter is false.
func PodInformerFilter ¶
func PodInformerFilter(node string) kubeinformers.SharedInformerOption
PodInformerFilter is a filter that you should use when creating a pod informer for use with the pod controller.
func WithAuth ¶ added in v1.6.0
WithAuth makes a new http handler which wraps the provided handler with authn/authz.
func WithCACert ¶ added in v1.6.0
WithCACert makes a TLS config opotion which appends the provided PEM encoded bytes the tls config's cert pool. If a cert pool is not defined on the tls config an empty one will be created.
func WithCAFromPath ¶ added in v1.6.0
WithCAFromPath makes a TLS config option to set up client auth using the path to a PEM encoded CA cert.
Types ¶
type Auth ¶ added in v1.6.0
type Auth interface { authenticator.Request authorizer.RequestAttributesGetter authorizer.Authorizer }
Auth is the interface used to implement authn/authz for http requests
func InstrumentAuth ¶ added in v1.6.0
InstrumentAuth wraps the provided Auth in a new instrumented Auth
Note: You would only need this if you rolled your own auth. The Auth implementations defined in this package are already instrumented.
func NoAuth ¶ added in v1.6.0
func NoAuth() Auth
NoAuth creates an Auth which allows anonymous access to all resouorces
func WebhookAuth ¶ added in v1.6.0
func WebhookAuth(client kubernetes.Interface, nodeName string, opts ...WebhookAuthOption) (Auth, error)
WebhookAuth creates an Auth suitable to use with kubelet webhook auth. You must provide a CA provider to the authentication config, otherwise mTLS is disabled.
type NewProviderFunc ¶ added in v1.6.0
type NewProviderFunc func(ProviderConfig) (Provider, node.NodeProvider, error)
NewProviderFunc is used from NewNodeFromClient to bootstrap a provider using the client/listers/etc created there. If a nil node provider is returned a default one will be used.
type Node ¶ added in v1.6.0
type Node struct {
// contains filtered or unexported fields
}
Node helps manage the startup/shutdown procedure for other controllers. It is intended as a convenience to reduce boiler plate code for starting up controllers.
Must be created with constructor `NewNode`.
func NewNode ¶ added in v1.6.0
func NewNode(name string, newProvider NewProviderFunc, opts ...NodeOpt) (*Node, error)
NewNode creates a new node using the provided client and name. This is intended for high-level/low boiler-plate usage. Use the constructors in the `node` package for lower level configuration.
Some basic values are set for node status, you'll almost certainly want to modify it.
If client is nil, this will construct a client using ClientsetFromEnv It is up to the caller to configure auth on the HTTP handler.
func (*Node) Done ¶ added in v1.6.0
func (n *Node) Done() <-chan struct{}
Done returns a channel that will be closed when the controller has exited.
func (*Node) Err ¶ added in v1.6.0
Err returns any error that occurred with the controller.
This always return nil before `<-Done()`.
func (*Node) NodeController ¶ added in v1.6.0
func (n *Node) NodeController() *node.NodeController
NodeController returns the configured node controller.
func (*Node) PodController ¶ added in v1.6.0
func (n *Node) PodController() *node.PodController
PodController returns the configured pod controller.
func (*Node) Ready ¶ added in v1.6.0
func (n *Node) Ready() <-chan struct{}
Ready returns a channel that will be closed after the controller is ready.
type NodeConfig ¶ added in v1.6.0
type NodeConfig struct { // Set the client to use, otherwise a client will be created from ClientsetFromEnv Client kubernetes.Interface // Set the node spec to register with Kubernetes NodeSpec v1.Node // Set the path to read a kubeconfig from for creating a client. // This is ignored when a client is provided to NewNodeFromClient KubeconfigPath string // Set the period for a full resync for generated client-go informers InformerResyncPeriod time.Duration // Set the address to listen on for the http API HTTPListenAddr string // Set a custom API handler to use. // You can use this to setup, for example, authentication middleware. // If one is not provided a default one will be created. // // Note: If you provide your own handler, you'll need to handle all auth, routes, etc. Handler http.Handler // Set the timeout for idle http streams StreamIdleTimeout time.Duration // Set the timeout for creating http streams StreamCreationTimeout time.Duration // Enable http debugging routes DebugHTTP bool // Set the tls config to use for the http server TLSConfig *tls.Config // Specify the event recorder to use // If this is not provided, a default one will be used. EventRecorder record.EventRecorder // Set the number of workers to reconcile pods // The default value is derived from the number of cores available. NumWorkers int // Set the error handler for node status update failures NodeStatusUpdateErrorHandler node.ErrorHandler // contains filtered or unexported fields }
NodeConfig is used to hold configuration items for a Node. It gets used in conjection with NodeOpt in NewNodeFromClient
type NodeOpt ¶ added in v1.6.0
type NodeOpt func(c *NodeConfig) error
NodeOpt is used as functional options when configuring a new node in NewNodeFromClient
func AttachProviderRoutes ¶ added in v1.6.0
AttachProviderRoutes returns a NodeOpt which uses api.PodHandler to attach the routes to the provider functions.
Note this only attaches routes, you'll need to ensure to set the handler in the node config.
func WithClient ¶ added in v1.6.0
func WithClient(c kubernetes.Interface) NodeOpt
WithClient return a NodeOpt that sets the client that will be used to create/manage the node.
func WithNodeConfig ¶ added in v1.6.0
func WithNodeConfig(c NodeConfig) NodeOpt
WithNodeConfig returns a NodeOpt which replaces the NodeConfig with the passed in value.
type NodeRequestAttr ¶ added in v1.6.0
type NodeRequestAttr struct {
NodeName string
}
NodeRequestAttr is a authorizor.RequeestAttributesGetter which can be used in the Auth interface.
func (NodeRequestAttr) GetRequestAttributes ¶ added in v1.6.0
func (a NodeRequestAttr) GetRequestAttributes(u user.Info, r *http.Request) authorizer.Attributes
GetRequestAttributes satisfies the authorizer.RequestAttributesGetter interface for use with an `Auth`.
type Provider ¶ added in v1.6.0
type Provider interface { node.PodLifecycleHandler // GetContainerLogs retrieves the logs of a container by name from the provider. GetContainerLogs(ctx context.Context, namespace, podName, containerName string, opts api.ContainerLogOpts) (io.ReadCloser, error) // RunInContainer executes a command in a container in the pod, copying data // between in/out/err and the container's stdin/stdout/stderr. RunInContainer(ctx context.Context, namespace, podName, containerName string, cmd []string, attach api.AttachIO) error // AttachToContainer attaches to the executing process of a container in the pod, copying data // between in/out/err and the container's stdin/stdout/stderr. AttachToContainer(ctx context.Context, namespace, podName, containerName string, attach api.AttachIO) error // GetStatsSummary gets the stats for the node, including running pods GetStatsSummary(context.Context) (*statsv1alpha1.Summary, error) // GetMetricsResource gets the metrics for the node, including running pods GetMetricsResource(context.Context) ([]*dto.MetricFamily, error) // PortForward forwards a local port to a port on the pod PortForward(ctx context.Context, namespace, pod string, port int32, stream io.ReadWriteCloser) error }
Provider contains the methods required to implement a virtual-kubelet provider.
Errors produced by these methods should implement an interface from github.com/virtual-kubelet/virtual-kubelet/errdefs package in order for the core logic to be able to understand the type of failure
type ProviderConfig ¶ added in v1.6.0
type ProviderConfig struct { Pods corev1listers.PodLister ConfigMaps corev1listers.ConfigMapLister Secrets corev1listers.SecretLister Services corev1listers.ServiceLister // Hack to allow the provider to set things on the node // Since the provider is bootstrapped after the node object is configured // Primarily this is due to carry-over from the pre-1.0 interfaces that expect the provider instead of the direct *caller* to configure the node. Node *v1.Node }
ProviderConfig holds objects created by NewNodeFromClient that a provider may need to bootstrap itself.
type WebhookAuthConfig ¶ added in v1.6.0
type WebhookAuthConfig struct { AuthnConfig authenticatorfactory.DelegatingAuthenticatorConfig AuthzConfig authorizerfactory.DelegatingAuthorizerConfig }
WebhookAuthConfig stores the configurations for authn/authz and is used by WebhookAuthOption to expose to callers.
type WebhookAuthOption ¶ added in v1.6.0
type WebhookAuthOption func(*WebhookAuthConfig) error
WebhookAuthOption is used as a functional argument to configure webhook auth.