Documentation
¶
Index ¶
- Constants
- func CleanupRBAC(ctx context.Context, clientset kubernetes.Interface, namespace string) error
- func EnsureRBAC(ctx context.Context, clientset kubernetes.Interface, namespace string) error
- type Deployer
- func (d *Deployer) CleanupJob(ctx context.Context) error
- func (d *Deployer) DeployJob(ctx context.Context) error
- func (d *Deployer) ExtractResult(ctx context.Context) *ctrf.ValidatorResult
- func (d *Deployer) HandleTimeout(ctx context.Context) *ctrf.ValidatorResult
- func (d *Deployer) JobName() string
- func (d *Deployer) WaitForCompletion(ctx context.Context, timeout time.Duration) error
- func (d *Deployer) WaitForPodTermination(ctx context.Context)
Constants ¶
const ( // ServiceAccountName is the name of the ServiceAccount used by all validator Jobs. ServiceAccountName = "aicr-validator" // ClusterRoleBindingName is the name of the ClusterRoleBinding that grants // cluster-admin to the validator ServiceAccount. ClusterRoleBindingName = "aicr-validator" )
Variables ¶
This section is empty.
Functions ¶
func CleanupRBAC ¶
CleanupRBAC removes the ServiceAccount and ClusterRoleBinding. Ignores NotFound errors (idempotent). Call once at end of validation run.
func EnsureRBAC ¶
EnsureRBAC applies the ServiceAccount and ClusterRoleBinding for validator Jobs using server-side apply. Call once per validation run before deploying any Jobs.
Types ¶
type Deployer ¶
type Deployer struct {
// contains filtered or unexported fields
}
Deployer manages the lifecycle of a single validator Job.
func NewDeployer ¶
func NewDeployer( clientset kubernetes.Interface, factory informers.SharedInformerFactory, namespace, runID string, entry catalog.ValidatorEntry, imagePullSecrets []string, tolerations []corev1.Toleration, ) *Deployer
NewDeployer creates a Deployer for a single validator catalog entry. The factory must be a namespace-scoped SharedInformerFactory started by the caller.
func (*Deployer) CleanupJob ¶
CleanupJob deletes the validator Job with foreground propagation (waits for pod deletion).
func (*Deployer) DeployJob ¶
DeployJob applies the validator Job using server-side apply. A unique name is generated client-side and stored in d.jobName.
func (*Deployer) ExtractResult ¶
func (d *Deployer) ExtractResult(ctx context.Context) *ctrf.ValidatorResult
ExtractResult reads the exit code, termination message, and stdout from a completed validator pod. Returns a ValidatorResult regardless of how the container terminated — the caller maps the result to a CTRF status.
This method must be called after WaitForCompletion returns, when the Job is in a terminal state (Complete or Failed).
func (*Deployer) HandleTimeout ¶
func (d *Deployer) HandleTimeout(ctx context.Context) *ctrf.ValidatorResult
HandleTimeout extracts whatever result is available when the orchestrator's wait has timed out. Uses a fresh context since the parent may be canceled.
func (*Deployer) JobName ¶
JobName returns the Kubernetes Job name assigned by the API server. Empty until DeployJob is called.
func (*Deployer) WaitForCompletion ¶
WaitForCompletion watches the Job until it reaches a terminal state (Complete or Failed). Returns nil for both — the caller uses ExtractResult to determine pass/fail/skip from the exit code.
Returns error only for infrastructure failures (watch error, timeout). Job failure (exit != 0) is NOT an error return.
func (*Deployer) WaitForPodTermination ¶
WaitForPodTermination watches the Job's pod until it reaches a terminal state. Prevents RBAC cleanup from racing with in-progress pod operations.
Source Files