Documentation
¶
Overview ¶
Package kubernetes provides a backend that executes code in Kubernetes pods/jobs. Best for scheduling, quotas, and multi-tenant controls; isolation depends on runtime class.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ( // ErrKubernetesNotAvailable is returned when Kubernetes is not available. ErrKubernetesNotAvailable = errors.New("kubernetes not available") // ErrClientNotConfigured is returned when no PodRunner is configured. ErrClientNotConfigured = errors.New("kubernetes client not configured") ErrClusterUnavailable = errors.New("kubernetes cluster unavailable") // ErrPodCreationFailed is returned when pod creation fails. ErrPodCreationFailed = errors.New("pod creation failed") // ErrPodExecutionFailed is returned when pod execution fails. ErrPodExecutionFailed = errors.New("pod execution failed") // ErrSecurityViolation is returned when a security policy is violated. ErrSecurityViolation = errors.New("security policy violation") )
Errors for Kubernetes backend operations.
Functions ¶
This section is empty.
Types ¶
type Backend ¶
type Backend struct {
// contains filtered or unexported fields
}
Backend executes code in Kubernetes pods/jobs.
func (*Backend) Execute ¶
func (b *Backend) Execute(ctx context.Context, req runtime.ExecuteRequest) (runtime.ExecuteResult, error)
Execute runs code in a Kubernetes pod.
func (*Backend) Kind ¶
func (b *Backend) Kind() runtime.BackendKind
Kind returns the backend kind identifier.
type Config ¶
type Config struct {
// Namespace is the Kubernetes namespace for execution pods.
// Default: default
Namespace string
// Image is the container image to use for execution.
// Default: toolruntime-sandbox:latest
Image string
// RuntimeClassName is the optional runtime class for stronger isolation.
// Examples: gvisor, kata
RuntimeClassName string
// ServiceAccount is the service account for execution pods.
ServiceAccount string
// Client executes pod specs.
// Required. Provide a PodRunner from an integration package.
Client PodRunner
// ImageResolver optionally resolves images before execution.
ImageResolver ImageResolver
// HealthChecker optionally verifies cluster availability.
HealthChecker HealthChecker
// Logger is an optional logger for backend events.
Logger Logger
}
Config configures a Kubernetes backend.
type HealthChecker ¶ added in v0.2.0
HealthChecker can verify Kubernetes cluster availability.
type ImageResolver ¶ added in v0.2.0
ImageResolver optionally resolves/pulls images before execution. For Kubernetes this is typically a no-op but allows custom registries.
type Logger ¶
type Logger interface {
Info(msg string, args ...any)
Warn(msg string, args ...any)
Error(msg string, args ...any)
}
Logger is the interface for logging.
Contract: - Concurrency: implementations must be safe for concurrent use. - Errors: logging must be best-effort and must not panic.
type PodRunner ¶ added in v0.2.0
PodRunner executes a Kubernetes pod/job for a given spec.
Contract: - Concurrency: Implementations must be safe for concurrent use. - Context: Run must honor cancellation and deadlines. - Ownership: Implementations must not mutate the provided spec.
type PodSpec ¶ added in v0.2.0
type PodSpec struct {
Namespace string
Image string
Command []string
Args []string
WorkingDir string
Env []string
RuntimeClassName string
ServiceAccount string
Resources ResourceSpec
Security SecuritySpec
Timeout time.Duration
Labels map[string]string
}
PodSpec defines what to run inside a Kubernetes pod/job.
type ResourceSpec ¶ added in v0.2.0
ResourceSpec defines Kubernetes resource limits.
func (ResourceSpec) Validate ¶ added in v0.2.0
func (r ResourceSpec) Validate() error
Validate checks ResourceSpec for invalid values.
type SecuritySpec ¶ added in v0.2.0
SecuritySpec defines Kubernetes security settings.
func (SecuritySpec) Validate ¶ added in v0.2.0
func (s SecuritySpec) Validate() error
Validate checks SecuritySpec for policy violations.
Source Files