Documentation
¶
Index ¶
Constants ¶
View Source
const ( ConfigKeyEnable = "enable" ConfigKeyRules = "rules" // DefaultConfReconcileInterval is the default reconcile interval for config DefaultConfReconcileInterval = 5 * time.Minute )
View Source
const ( ClusterReservation = "ClusterReservation" ClusterColocationProfile = "ClusterColocationProfile" EvaluateQuota = "EvaluateQuota" DeviceResource = "DeviceResource" EnhancedValidation = "EnhancedValidation" )
Variables ¶
View Source
var ( // PodEnhancedValidatorConfigNamespace defines the namespace for the PodEnhancedValidator configuration. PodEnhancedValidatorConfigNamespace = "koordinator-system" // PodEnhancedValidatorConfigName defines the name for the PodEnhancedValidator configuration. PodEnhancedValidatorConfigName = "pod-enhanced-validator-config" // PodEnhancedValidatorReconcileInterval defines the reconcile interval for the PodEnhancedValidator configuration. PodEnhancedValidatorReconcileInterval = DefaultConfReconcileInterval DefaultPodEnhancedValidatorConf = &PodEnhancedValidatorConfig{ Enable: false, Rules: []ValidationRule{}, } )
View Source
var ( // HandlerMap contains admission webhook handlers HandlerBuilderMap = map[string]framework.HandlerBuilder{ "validate-pod": &podValidateBuilder{}, } )
Functions ¶
Types ¶
type PodEnhancedValidator ¶ added in v1.6.1
PodEnhancedValidator manages the pod-enhanced-validator configuration with hot reload support
func NewPodEnhancedValidator ¶ added in v1.6.1
func NewPodEnhancedValidator(client client.Client) *PodEnhancedValidator
func (*PodEnhancedValidator) GetConfig ¶ added in v1.6.1
func (m *PodEnhancedValidator) GetConfig() *PodEnhancedValidatorConfig
GetConfig returns the current configuration
func (*PodEnhancedValidator) ValidatePod ¶ added in v1.6.1
func (m *PodEnhancedValidator) ValidatePod(pod *corev1.Pod) (string, error)
ValidatePod validates a pod against all configured rules
type PodEnhancedValidatorConfig ¶ added in v1.6.1
type PodEnhancedValidatorConfig struct {
// Enable controls whether pod enhanced validation is enabled
Enable bool `json:"enable"`
// Rules contains the list of validation rules to apply
Rules []ValidationRule `json:"rules,omitempty"`
}
PodEnhancedValidatorConfig defines the configuration for pod enhanced validation
type PodValidatingHandler ¶
type PodValidatingHandler struct {
Client client.Client
// Decoder decodes objects
Decoder admission.Decoder
// QuotaEvaluator evaluate pod quota usage
QuotaEvaluator quotaevaluate.Evaluator
// PodEnhancedValidator manages pod enhanced validation configuration
PodEnhancedValidator *PodEnhancedValidator
}
PodValidatingHandler handles Pod
func (*PodValidatingHandler) Handle ¶
func (h *PodValidatingHandler) Handle(ctx context.Context, req admission.Request) admission.Response
Handle handles admission requests.
func (*PodValidatingHandler) InjectClient ¶
func (h *PodValidatingHandler) InjectClient(c client.Client) error
InjectClient injects the client into the PodValidatingHandler
func (*PodValidatingHandler) InjectDecoder ¶
func (h *PodValidatingHandler) InjectDecoder(d admission.Decoder) error
InjectDecoder injects the decoder into the PodValidatingHandler
type ValidationRule ¶ added in v1.6.1
type ValidationRule struct {
// Name is the unique identifier for this rule
Name string `json:"name"`
// RequiredLabels specifies label keys that must be present on pods
RequiredLabels []string `json:"requiredLabels,omitempty"`
// NamespaceWhitelist contains namespaces that are exempt from this validation rule
NamespaceWhitelist []string `json:"namespaceWhitelist,omitempty"`
// contains filtered or unexported fields
}
ValidationRule defines a single validation rule
Source Files
Click to show internal directories.
Click to hide internal directories.