poolrender

func ImagePullSecretExists ¶

func ImagePullSecretExists(ctx context.Context, c client.Client, namespace, secretName string) (bool, error)

ImagePullSecretExists is a small helper for callers that need to compute the ImagePullSecretExists bit before calling RenderSandboxPool. Treats transient lookup errors as "missing" so a flaky API server doesn't make the renderer stamp a stale reference; callers can ignore the error or log it.

func MaterializeFromMember ¶

func MaterializeFromMember(env *agentsv1alpha1.SandboxEnv, member agentsv1alpha1.EnvClusterMember, ipsExists bool) *agentsv1alpha1.SandboxPool

MaterializeFromMember projects a frozen EnvClusterMember snapshot onto a fresh SandboxPool object. The Member's Metadata (sanitised at API time) and Spec are copied verbatim; the Pool's OwnerReference is stamped from the supplied Env; the dynamic ImagePullSecret reference is recomputed from the supplied existence flag so a Secret created or deleted after AddMember still propagates onto the Pool.

LabelEnv is stamped unconditionally and overwrites any caller-supplied value — the Env reconciler is the authoritative source for that indexing label, and downstream consumers (e.g. the Pool autoscaler's listSiblings) rely on the label being present on every Env-owned Pool. Pools created before this stamping was introduced get the label added the next time updateMemberPoolIfDrifted runs against them.

Unlike RenderSandboxPool this function does NOT consult the Template or run plugin admission — plugin side-effects already live inside Member.Metadata + Member.Spec by construction (AddMember captures them post-PreCreatePool). The Env Reconciler is the only intended caller.

func MergeOwnedMapKeys ¶

func MergeOwnedMapKeys(dst *map[string]string, desired map[string]string)

MergeOwnedMapKeys upserts every entry in desired into *dst. Foreign keys already present in *dst are preserved — the Env Reconciler only manages keys it has been asked to set; kubectl edits to unrelated keys survive. Exported for use from the Reconciler drift-merge path.

func OwnerReferenceForEnv ¶

func OwnerReferenceForEnv(env *agentsv1alpha1.SandboxEnv) metav1.OwnerReference

OwnerReferenceForEnv is the canonical controlling OwnerReference stamped onto every member SandboxPool. Exported so the poolmigration adopter and any direct test set-up can produce identical references.

func RenderSandboxPool ¶

func RenderSandboxPool(in Inputs) (*agentsv1alpha1.SandboxPool, error)

RenderSandboxPool produces the complete SandboxPool CR a member should look like.

The output carries:

• ObjectMeta: Name (=member.Name), Namespace (=env.Namespace), OwnerRef (controlling, blockOwnerDeletion), team/user identity labels, the subset of Template labels/annotations that survive the sync filter, member-supplied labels/annotations, plus template-name and template-version provenance annotations.
• Spec: Replicas (=member.Replicas), TemplateName, PodCreationImagePolicy and the default startup/idle timeouts (all from env.Spec.Overrides), and a fully rendered EmbeddedSandboxTemplate.

Rendering follows v0.0.3 SandboxPoolService.Create semantics: copy EmbeddedSandboxTemplate → apply overrides (image, inline resources) → stamp the imagePullSecret reference → sync labels/annotations → write provenance.

Errors are deterministic input-validation failures; callers wrap them into domain.AppError at the HTTP boundary.

func Validate ¶

func Validate(spec *agentsv1alpha1.SandboxPoolSpec) error

Validate runs cross-field checks the rendered SandboxPool spec must satisfy. Idle image must differ from the runtime container image so the idle / running state machine can distinguish the two. Other CRD-level constraints (replica bounds, etc.) are enforced by OpenAPI / the Pool Reconciler.