github/containerd
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 2 Wiki Activity

Update Kubernetes to 493ee8b28560c118cebd2165ba9ef0959cfa2bc3

Browse Source 
Signed-off-by: Lantao Liu <lantaol@google.com>
This commit is contained in:
Lantao Liu
2017-08-21 22:29:19 +00:00
parent 50b01812ce
commit 39f4ca648b
112 changed files with 17245 additions and 27979 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
vendor/k8s.io/kubernetes/pkg/api/annotation_key_constants.go generated vendored
View File

@@ -72,11 +72,6 @@ const (
// This annotation can be attached to node.
ObjectTTLAnnotationKey string = "node.alpha.kubernetes.io/ttl"
// AffinityAnnotationKey represents the key of affinity data (json serialized)
// in the Annotations of a Pod.
// TODO: remove when alpha support for affinity is removed
AffinityAnnotationKey string = "scheduler.alpha.kubernetes.io/affinity"
// annotation key prefix used to identify non-convertible json paths.
NonConvertibleAnnotationPrefix = "non-convertible.kubernetes.io"
@@ -94,20 +89,4 @@ const (
//
// Not all cloud providers support this annotation, though AWS & GCE do.
AnnotationLoadBalancerSourceRangesKey = "service.beta.kubernetes.io/load-balancer-source-ranges"
// AnnotationValueExternalTrafficLocal Value of annotation to specify local endpoints behavior.
AnnotationValueExternalTrafficLocal = "OnlyLocal"
// AnnotationValueExternalTrafficGlobal Value of annotation to specify global (legacy) behavior.
AnnotationValueExternalTrafficGlobal = "Global"
// TODO: The beta annotations have been deprecated, remove them when we release k8s 1.8.
// BetaAnnotationHealthCheckNodePort Annotation specifying the healthcheck nodePort for the service.
// If not specified, annotation is created by the service api backend with the allocated nodePort.
// Will use user-specified nodePort value if specified by the client.
BetaAnnotationHealthCheckNodePort = "service.beta.kubernetes.io/healthcheck-nodeport"
// BetaAnnotationExternalTraffic An annotation that denotes if this Service desires to route
// external traffic to local endpoints only. This preserves Source IP and avoids a second hop.
BetaAnnotationExternalTraffic = "service.beta.kubernetes.io/external-traffic"
)

1
vendor/k8s.io/kubernetes/pkg/api/register.go generated vendored
View File

@@ -85,6 +85,7 @@ func addKnownTypes(scheme *runtime.Scheme) error {
&ServiceProxyOptions{},
&NodeList{},
&Node{},
&NodeConfigSource{},
&NodeProxyOptions{},
&Endpoints{},
&EndpointsList{},

205
vendor/k8s.io/kubernetes/pkg/api/types.go generated vendored
View File

@@ -415,8 +415,9 @@ const (
AlphaStorageNodeAffinityAnnotation = "volume.alpha.kubernetes.io/node-affinity"
)
// +genclient=true
// +nonNamespaced=true
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type PersistentVolume struct {
metav1.TypeMeta
@@ -483,6 +484,8 @@ type PersistentVolumeStatus struct {
Reason string
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type PersistentVolumeList struct {
metav1.TypeMeta
// +optional
@@ -490,7 +493,8 @@ type PersistentVolumeList struct {
Items []PersistentVolume
}
// +genclient=true
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// PersistentVolumeClaim is a user's request for and claim to a persistent volume
type PersistentVolumeClaim struct {
@@ -507,6 +511,8 @@ type PersistentVolumeClaim struct {
Status PersistentVolumeClaimStatus
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type PersistentVolumeClaimList struct {
metav1.TypeMeta
// +optional
@@ -709,9 +715,11 @@ type ISCSIVolumeSource struct {
// Fibre Channel volumes can only be mounted as read/write once.
// Fibre Channel volumes support ownership management and SELinux relabeling.
type FCVolumeSource struct {
// Required: FC target worldwide names (WWNs)
// Optional: FC target worldwide names (WWNs)
// +optional
TargetWWNs []string
// Required: FC target lun number
// Optional: FC target lun number
// +optional
Lun *int32
// Filesystem type to mount.
// Must be a filesystem type supported by the host operating system.
@@ -723,6 +731,10 @@ type FCVolumeSource struct {
// the ReadOnly setting in VolumeMounts.
// +optional
ReadOnly bool
// Optional: FC volume World Wide Identifiers (WWIDs)
// Either WWIDs or TargetWWNs and Lun must be set, but not both simultaneously.
// +optional
WWIDs []string
}
// FlexVolume represents a generic volume resource that is
@@ -1008,7 +1020,7 @@ type DownwardAPIVolumeSource struct {
type DownwardAPIVolumeFile struct {
// Required: Path is the relative path name of the file to be created. Must not be absolute or contain the '..' path. Must be utf-8 encoded. The first item of the relative path must not start with '..'
Path string
// Required: Selects a field of the pod: only annotations, labels, name and namespace are supported.
// Required: Selects a field of the pod: only annotations, labels, name, namespace and uid are supported.
// +optional
FieldRef *ObjectFieldSelector
// Selects a resource of the container: only resources limits and requests
@@ -1103,7 +1115,7 @@ const (
type AzureDiskVolumeSource struct {
// The Name of the data disk in the blob storage
DiskName string
// The URI the the data disk in the blob storage
// The URI of the data disk in the blob storage
DataDiskURI string
// Host Caching mode: None, Read Only, Read Write.
// +optional
@@ -1373,7 +1385,7 @@ type EnvVar struct {
// Only one of its fields may be set.
type EnvVarSource struct {
// Selects a field of the pod: supports metadata.name, metadata.namespace, metadata.labels, metadata.annotations,
// spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP.
// metadata.uid, spec.nodeName, spec.serviceAccountName, status.hostIP, status.podIP.
// +optional
FieldRef *ObjectFieldSelector
// Selects a resource of the container: only resources limits and requests
@@ -1434,7 +1446,7 @@ type SecretKeySelector struct {
// EnvFromSource represents the source of a set of ConfigMaps
type EnvFromSource struct {
// An optional identifier to prepend to each key in the ConfigMap. Must be a C_IDENTIFIER.
// An optional identifier to prepend to each key in the ConfigMap.
// +optional
Prefix string
// The ConfigMap to select from.
@@ -1839,6 +1851,8 @@ const (
RestartPolicyNever RestartPolicy = "Never"
)
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// PodList is a list of Pods.
type PodList struct {
metav1.TypeMeta
@@ -1936,6 +1950,7 @@ type PodAffinity struct {
// podAffinityTerm are intersected, i.e. all terms must be satisfied.
// +optional
// RequiredDuringSchedulingRequiredDuringExecution []PodAffinityTerm
// If the affinity requirements specified by this field are not met at
// scheduling time, the pod will not be scheduled onto the node.
// If the affinity requirements specified by this field cease to be met
@@ -1970,6 +1985,7 @@ type PodAntiAffinity struct {
// podAffinityTerm are intersected, i.e. all terms must be satisfied.
// +optional
// RequiredDuringSchedulingRequiredDuringExecution []PodAffinityTerm
// If the anti-affinity requirements specified by this field are not met at
// scheduling time, the pod will not be scheduled onto the node.
// If the anti-affinity requirements specified by this field cease to be met
@@ -2065,8 +2081,8 @@ type PreferredSchedulingTerm struct {
Preference NodeSelectorTerm
}
// The node this Taint is attached to has the effect "effect" on
// any pod that that does not tolerate the Taint.
// The node this Taint is attached to has the "effect" on
// any pod that does not tolerate the Taint.
type Taint struct {
// Required. The taint key to be applied to a node.
Key string
@@ -2213,6 +2229,20 @@ type PodSpec struct {
// file if specified. This is only valid for non-hostNetwork pods.
// +optional
HostAliases []HostAlias
// If specified, indicates the pod's priority. "SYSTEM" is a special keyword
// which indicates the highest priority. Any other name must be defined by
// creating a PriorityClass object with that name.
// If not specified, the pod priority will be default or zero if there is no
// default.
// +optional
PriorityClassName string
// The priority value. Various system components use this field to find the
// priority of the pod. When Priority Admission Controller is enabled, it
// prevents users from setting this field. The admission controller populates
// this field from PriorityClassName.
// The higher the value, the higher the priority.
// +optional
Priority *int32
}
// HostAlias holds the mapping between IP and hostnames that will be injected as an entry in the
@@ -2263,7 +2293,7 @@ type PodSecurityContext struct {
// PodSecurityContext, the value specified in SecurityContext takes precedence
// for that container.
// +optional
RunAsUser *types.UnixUserID
RunAsUser *int64
// Indicates that the container must run as a non-root user.
// If true, the Kubelet will validate the image at runtime to ensure that it
// does not run as UID 0 (root) and fail to start the container if it does.
@@ -2276,7 +2306,7 @@ type PodSecurityContext struct {
// to the container's primary GID. If unspecified, no groups will be added to
// any container.
// +optional
SupplementalGroups []types.UnixGroupID
SupplementalGroups []int64
// A special supplemental group that applies to all containers in a pod.
// Some volume types allow the Kubelet to change the ownership of that volume
// to be owned by the pod:
@@ -2287,7 +2317,7 @@ type PodSecurityContext struct {
//
// If unset, the Kubelet will not modify the ownership and permissions of any volume.
// +optional
FSGroup *types.UnixGroupID
FSGroup *int64
}
// PodQOSClass defines the supported qos classes of Pods.
@@ -2312,7 +2342,7 @@ type PodStatus struct {
// A human readable message indicating details about why the pod is in this state.
// +optional
Message string
// A brief CamelCase message indicating details about why the pod is in this state. e.g. 'OutOfDisk'
// A brief CamelCase message indicating details about why the pod is in this state. e.g. 'Evicted'
// +optional
Reason string
@@ -2342,6 +2372,8 @@ type PodStatus struct {
ContainerStatuses []ContainerStatus
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// PodStatusResult is a wrapper for PodStatus returned by kubelet that can be encode/decoded
type PodStatusResult struct {
metav1.TypeMeta
@@ -2353,7 +2385,8 @@ type PodStatusResult struct {
Status PodStatus
}
// +genclient=true
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Pod is a collection of containers, used as either input (create, update) or as output (list, get).
type Pod struct {
@@ -2382,7 +2415,8 @@ type PodTemplateSpec struct {
Spec PodSpec
}
// +genclient=true
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// PodTemplate describes a template for creating copies of a predefined pod.
type PodTemplate struct {
@@ -2395,6 +2429,8 @@ type PodTemplate struct {
Template PodTemplateSpec
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// PodTemplateList is a list of PodTemplates.
type PodTemplateList struct {
metav1.TypeMeta
@@ -2487,7 +2523,8 @@ type ReplicationControllerCondition struct {
Message string
}
// +genclient=true
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ReplicationController represents the configuration of a replication controller.
type ReplicationController struct {
@@ -2505,6 +2542,8 @@ type ReplicationController struct {
Status ReplicationControllerStatus
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ReplicationControllerList is a collection of replication controllers.
type ReplicationControllerList struct {
metav1.TypeMeta
@@ -2520,6 +2559,8 @@ const (
ClusterIPNone = "None"
)
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ServiceList holds a list of services.
type ServiceList struct {
metav1.TypeMeta
@@ -2689,6 +2730,18 @@ type ServiceSpec struct {
// and ExternalTrafficPolicy is set to Local.
// +optional
HealthCheckNodePort int32
// publishNotReadyAddresses, when set to true, indicates that DNS implementations
// must publish the notReadyAddresses of subsets for the Endpoints associated with
// the Service. The default value is false.
// The primary use case for setting this field is to use a StatefulSet's Headless Service
// to propagate SRV records for its Pods without respect to their readiness for purpose
// of peer discovery.
// This field will replace the service.alpha.kubernetes.io/tolerate-unready-endpoints
// when that annotation is deprecated and all clients have been converted to use this
// field.
// +optional
PublishNotReadyAddresses bool
}
type ServicePort struct {
@@ -2717,7 +2770,8 @@ type ServicePort struct {
NodePort int32
}
// +genclient=true
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Service is a named abstraction of software service (for example, mysql) consisting of local port
// (for example 3306) that the proxy listens on, and the selector that determines which pods
@@ -2736,7 +2790,8 @@ type Service struct {
Status ServiceStatus
}
// +genclient=true
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ServiceAccount binds together:
// * a name, understood by users, and perhaps by peripheral systems, for an identity
@@ -2762,6 +2817,8 @@ type ServiceAccount struct {
AutomountServiceAccountToken *bool
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ServiceAccountList is a list of ServiceAccount objects
type ServiceAccountList struct {
metav1.TypeMeta
@@ -2771,7 +2828,8 @@ type ServiceAccountList struct {
Items []ServiceAccount
}
// +genclient=true
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Endpoints is a collection of endpoints that implement the actual service. Example:
// Name: "mysvc",
@@ -2841,6 +2899,8 @@ type EndpointPort struct {
Protocol Protocol
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// EndpointsList is a list of endpoints.
type EndpointsList struct {
metav1.TypeMeta
@@ -2873,6 +2933,19 @@ type NodeSpec struct {
// If specified, the node's taints.
// +optional
Taints []Taint
// If specified, the source to get node configuration from
// The DynamicKubeletConfig feature gate must be enabled for the Kubelet to use this field
// +optional
ConfigSource *NodeConfigSource
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// NodeConfigSource specifies a source of node configuration. Exactly one subfield must be non-nil.
type NodeConfigSource struct {
metav1.TypeMeta
ConfigMapRef *ObjectReference
}
// DaemonEndpoint contains information about a single Daemon endpoint.
@@ -2897,11 +2970,11 @@ type NodeDaemonEndpoints struct {
// NodeSystemInfo is a set of ids/uuids to uniquely identify the node.
type NodeSystemInfo struct {
// MachineID reported by the node. For unique machine identification
// in the cluster this field is prefered. Learn more from man(5)
// in the cluster this field is preferred. Learn more from man(5)
// machine-id: http://man7.org/linux/man-pages/man5/machine-id.5.html
MachineID string
// SystemUUID reported by the node. For unique machine identification
// MachineID is prefered. This field is specific to Red Hat hosts
// MachineID is preferred. This field is specific to Red Hat hosts
// https://access.redhat.com/documentation/en-US/Red_Hat_Subscription_Management/1/html/RHSM/getting-system-uuid.html
SystemUUID string
// Boot ID reported by the node.
@@ -3110,8 +3183,9 @@ const (
// ResourceList is a set of (resource name, quantity) pairs.
type ResourceList map[ResourceName]resource.Quantity
// +genclient=true
// +nonNamespaced=true
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Node is a worker node in Kubernetes
// The name of the node according to etcd is in ObjectMeta.Name.
@@ -3129,6 +3203,8 @@ type Node struct {
Status NodeStatus
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// NodeList is a list of nodes.
type NodeList struct {
metav1.TypeMeta
@@ -3170,8 +3246,9 @@ const (
NamespaceTerminating NamespacePhase = "Terminating"
)
// +genclient=true
// +nonNamespaced=true
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// A namespace provides a scope for Names.
// Use of multiple namespaces is optional
@@ -3189,6 +3266,8 @@ type Namespace struct {
Status NamespaceStatus
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// NamespaceList is a list of Namespaces.
type NamespaceList struct {
metav1.TypeMeta
@@ -3198,6 +3277,8 @@ type NamespaceList struct {
Items []Namespace
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Binding ties one object to another; for example, a pod is bound to a node by a scheduler.
// Deprecated in 1.7, please use the bindings subresource of pods instead.
type Binding struct {
@@ -3231,6 +3312,8 @@ const (
DeletePropagationForeground DeletionPropagation = "Foreground"
)
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// DeleteOptions may be provided when deleting an API object
// DEPRECATED: This type has been moved to meta/v1 and will be removed soon.
type DeleteOptions struct {
@@ -3262,6 +3345,8 @@ type DeleteOptions struct {
PropagationPolicy *DeletionPropagation
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ListOptions is the query options to a standard REST list call, and has future support for
// watch calls.
// DEPRECATED: This type has been moved to meta/v1 and will be removed soon.
@@ -3289,6 +3374,8 @@ type ListOptions struct {
TimeoutSeconds *int64
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// PodLogOptions is the query options for a Pod's logs REST call
type PodLogOptions struct {
metav1.TypeMeta
@@ -3321,6 +3408,8 @@ type PodLogOptions struct {
LimitBytes *int64
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// PodAttachOptions is the query options to a Pod's remote attach call
// TODO: merge w/ PodExecOptions below for stdin, stdout, etc
type PodAttachOptions struct {
@@ -3347,6 +3436,8 @@ type PodAttachOptions struct {
Container string
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// PodExecOptions is the query options to a Pod's remote exec call
type PodExecOptions struct {
metav1.TypeMeta
@@ -3370,6 +3461,8 @@ type PodExecOptions struct {
Command []string
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// PodPortForwardOptions is the query options to a Pod's port forward call
type PodPortForwardOptions struct {
metav1.TypeMeta
@@ -3379,6 +3472,8 @@ type PodPortForwardOptions struct {
Ports []int32
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// PodProxyOptions is the query options to a Pod's proxy call
type PodProxyOptions struct {
metav1.TypeMeta
@@ -3387,6 +3482,8 @@ type PodProxyOptions struct {
Path string
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// NodeProxyOptions is the query options to a Node's proxy call
type NodeProxyOptions struct {
metav1.TypeMeta
@@ -3395,6 +3492,8 @@ type NodeProxyOptions struct {
Path string
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ServiceProxyOptions is the query options to a Service's proxy call.
type ServiceProxyOptions struct {
metav1.TypeMeta
@@ -3408,6 +3507,7 @@ type ServiceProxyOptions struct {
}
// ObjectReference contains enough information to let you inspect or modify the referred object.
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type ObjectReference struct {
// +optional
Kind string
@@ -3440,6 +3540,8 @@ type LocalObjectReference struct {
Name string
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type SerializedReference struct {
metav1.TypeMeta
// +optional
@@ -3463,7 +3565,8 @@ const (
EventTypeWarning string = "Warning"
)
// +genclient=true
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Event is a report of an event somewhere in the cluster.
// TODO: Decide whether to store these separately or with the object they apply to.
@@ -3509,6 +3612,8 @@ type Event struct {
Type string
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// EventList is a list of events.
type EventList struct {
metav1.TypeMeta
@@ -3518,6 +3623,8 @@ type EventList struct {
Items []Event
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// List holds a list of objects, which may not be known by the server.
type List struct {
metav1.TypeMeta
@@ -3567,7 +3674,8 @@ type LimitRangeSpec struct {
Limits []LimitRangeItem
}
// +genclient=true
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// LimitRange sets resource usage limits for each kind of resource in a Namespace
type LimitRange struct {
@@ -3580,6 +3688,8 @@ type LimitRange struct {
Spec LimitRangeSpec
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// LimitRangeList is a list of LimitRange items.
type LimitRangeList struct {
metav1.TypeMeta
@@ -3657,7 +3767,8 @@ type ResourceQuotaStatus struct {
Used ResourceList
}
// +genclient=true
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ResourceQuota sets aggregate quota restrictions enforced per namespace
type ResourceQuota struct {
@@ -3674,6 +3785,8 @@ type ResourceQuota struct {
Status ResourceQuotaStatus
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ResourceQuotaList is a list of ResourceQuota items
type ResourceQuotaList struct {
metav1.TypeMeta
@@ -3684,7 +3797,8 @@ type ResourceQuotaList struct {
Items []ResourceQuota
}
// +genclient=true
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// Secret holds secret data of a certain type. The total bytes of the values in
// the Data field must be less than MaxSecretSize bytes.
@@ -3787,8 +3901,14 @@ const (
TLSCertKey = "tls.crt"
// TLSPrivateKeyKey is the key for the private key field in a TLS secret.
TLSPrivateKeyKey = "tls.key"
// SecretTypeBootstrapToken is used during the automated bootstrap process (first
// implemented by kubeadm). It stores tokens that are used to sign well known
// ConfigMaps. They are used for authn.
SecretTypeBootstrapToken SecretType = "bootstrap.kubernetes.io/token"
)
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type SecretList struct {
metav1.TypeMeta
// +optional
@@ -3797,7 +3917,8 @@ type SecretList struct {
Items []Secret
}
// +genclient=true
// +genclient
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ConfigMap holds configuration data for components or applications to consume.
type ConfigMap struct {
@@ -3811,6 +3932,8 @@ type ConfigMap struct {
Data map[string]string
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ConfigMapList is a resource containing a list of ConfigMap objects.
type ConfigMapList struct {
metav1.TypeMeta
@@ -3838,7 +3961,7 @@ const (
// Enable TTY for remote command execution
ExecTTYParam = "tty"
// Command to run for remote command execution
ExecCommandParamm = "command"
ExecCommandParam = "command"
// Name of header that specifies stream type
StreamType = "streamType"
@@ -3879,8 +4002,9 @@ type ComponentCondition struct {
Error string
}
// +genclient=true
// +nonNamespaced=true
// +genclient
// +genclient:nonNamespaced
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ComponentStatus (and ComponentStatusList) holds the cluster validation info.
type ComponentStatus struct {
@@ -3892,6 +4016,8 @@ type ComponentStatus struct {
Conditions []ComponentCondition
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
type ComponentStatusList struct {
metav1.TypeMeta
// +optional
@@ -3924,7 +4050,7 @@ type SecurityContext struct {
// May also be set in PodSecurityContext. If set in both SecurityContext and
// PodSecurityContext, the value specified in SecurityContext takes precedence.
// +optional
RunAsUser *types.UnixUserID
RunAsUser *int64
// Indicates that the container must run as a non-root user.
// If true, the Kubelet will validate the image at runtime to ensure that it
// does not run as UID 0 (root) and fail to start the container if it does.
@@ -3937,6 +4063,11 @@ type SecurityContext struct {
// files to, ensuring the persistent data can only be written to mounts.
// +optional
ReadOnlyRootFilesystem *bool
// AllowPrivilegeEscalation controls whether a process can gain more
// privileges than it's parent process. This bool directly controls if
// the no_new_privs flag will be set on the container process.
// +optional
AllowPrivilegeEscalation *bool
}
// SELinuxOptions are the labels to be applied to the container.
@@ -3955,6 +4086,8 @@ type SELinuxOptions struct {
Level string
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// RangeAllocation is an opaque API object (not exposed to end users) that can be persisted to record
// the global allocation state of the cluster. The schema of Range and Data generic, in that Range
// should be a string representation of the inputs to a range (for instance, for IP allocation it

8242
vendor/k8s.io/kubernetes/pkg/api/zz_generated.deepcopy.go generated vendored
View File

File diff suppressed because it is too large Load Diff

1371
vendor/k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime/api.pb.go generated vendored
View File

File diff suppressed because it is too large Load Diff

56
vendor/k8s.io/kubernetes/pkg/kubelet/apis/cri/v1alpha1/runtime/api.proto generated vendored
View File

@@ -61,6 +61,8 @@ service RuntimeService {
// ContainerStatus returns status of the container. If the container is not
// present, returns an error.
rpc ContainerStatus(ContainerStatusRequest) returns (ContainerStatusResponse) {}
// UpdateContainerResources updates ContainerConfig of the container.
rpc UpdateContainerResources(UpdateContainerResourcesRequest) returns (UpdateContainerResourcesResponse) {}
// ExecSync runs a command in a container synchronously.
rpc ExecSync(ExecSyncRequest) returns (ExecSyncResponse) {}
@@ -200,6 +202,13 @@ message LinuxSandboxSecurityContext {
// This allows a sandbox to take additional security precautions if no
// privileged containers are expected to be run.
bool privileged = 6;
// Seccomp profile for the sandbox, candidate values are:
// * docker/default: the default profile for the docker container runtime
// * unconfined: unconfined profile, ie, no seccomp sandboxing
// * localhost/<full-path-to-profile>: the profile installed on the node.
// <full-path-to-profile> is the full path of the profile.
// Default: "", which is identical with unconfined.
string seccomp_profile_path = 7;
}
// LinuxPodSandboxConfig holds platform-specific configurations for Linux
@@ -272,32 +281,12 @@ message PodSandboxConfig {
//
// In general, in order to preserve a well-defined interface between the
// kubelet and the container runtime, annotations SHOULD NOT influence
// runtime behaviour. For legacy reasons, there are some annotations which
// currently explicitly break this rule, listed below; in future versions
// of the interface these will be promoted to typed features.
// runtime behaviour.
//
// Annotations can also be useful for runtime authors to experiment with
// new features that are opaque to the Kubernetes APIs (both user-facing
// and the CRI). Whenever possible, however, runtime authors SHOULD
// consider proposing new typed fields for any new features instead.
//
// 1. Seccomp
//
// key: security.alpha.kubernetes.io/seccomp/pod
// description: the seccomp profile for the containers of an entire pod.
// value: see below.
//
// key: security.alpha.kubernetes.io/seccomp/container/<container name>
// description: the seccomp profile for the container (overrides pod).
// value: see below
//
// The value of seccomp is runtime agnostic:
// * runtime/default: the default profile for the container runtime
// * unconfined: unconfined profile, ie, no seccomp sandboxing
// * localhost/<profile-name>: the profile installed to the node's
// local seccomp profile root. Note that profile root is set in
// kubelet, and it is not passed in CRI yet, see https://issues.k8s.io/36997.
//
map<string, string> annotations = 7;
// Optional configurations specific to Linux hosts.
LinuxPodSandboxConfig linux = 8;
@@ -459,6 +448,10 @@ message LinuxContainerResources {
int64 memory_limit_in_bytes = 4;
// OOMScoreAdj adjusts the oom-killer score. Default: 0 (not specified).
int64 oom_score_adj = 5;
// CpusetCpus constrains the allowed set of logical CPUs. Default: "" (not specified).
string cpuset_cpus = 6;
// CpusetMems constrains the allowed set of memory nodes. Default: "" (not specified).
string cpuset_mems = 7;
}
// SELinuxOption are the labels to be applied to the container.
@@ -522,6 +515,16 @@ message LinuxContainerSecurityContext {
// (localhost) by name. The possible profile names are detailed at
// http://wiki.apparmor.net/index.php/AppArmor_Core_Policy_Reference
string apparmor_profile = 9;
// Seccomp profile for the container, candidate values are:
// * docker/default: the default profile for the docker container runtime
// * unconfined: unconfined profile, ie, no seccomp sandboxing
// * localhost/<full-path-to-profile>: the profile installed on the node.
// <full-path-to-profile> is the full path of the profile.
// Default: "", which is identical with unconfined.
string seccomp_profile_path = 10;
// no_new_privs defines if the flag for no_new_privs should be set on the
// container.
bool no_new_privs = 11;
}
// LinuxContainerConfig contains platform-specific configuration for
@@ -777,6 +780,15 @@ message ContainerStatusResponse {
ContainerStatus status = 1;
}
message UpdateContainerResourcesRequest {
// ID of the container to update.
string container_id = 1;
// Resource configuration specific to Linux containers.
LinuxContainerResources linux = 2;
}
message UpdateContainerResourcesResponse {}
message ExecSyncRequest {
// ID of the container.
string container_id = 1;
@@ -990,7 +1002,7 @@ message FilesystemUsage {
// The underlying storage of the filesystem.
StorageIdentifier storage_id = 2;
// UsedBytes represents the bytes used for images on the filesystem.
// This may differ from the total bytes used on the filesystem and may not
// This may differ from the total bytes used on the filesystem and may not
// equal CapacityBytes - AvailableBytes.
UInt64Value used_bytes = 3;
// InodesUsed represents the inodes used by the images.

1
vendor/k8s.io/kubernetes/pkg/kubelet/server/portforward/websocket.go generated vendored
View File

@@ -158,7 +158,6 @@ type websocketStreamPair struct {
// request over a websocket connection
type websocketStreamHandler struct {
conn *wsstream.Conn
ports []int32
streamPairs []*websocketStreamPair
pod string
uid types.UID

2
vendor/k8s.io/kubernetes/pkg/kubelet/server/remotecommand/exec.go generated vendored
View File

@@ -28,7 +28,7 @@ import (
remotecommandconsts "k8s.io/apimachinery/pkg/util/remotecommand"
"k8s.io/apimachinery/pkg/util/runtime"
"k8s.io/client-go/tools/remotecommand"
utilexec "k8s.io/kubernetes/pkg/util/exec"
utilexec "k8s.io/utils/exec"
)
// Executor knows how to execute a command in a container in a pod.

4
vendor/k8s.io/kubernetes/pkg/kubelet/server/remotecommand/httpstream.go generated vendored
View File

@@ -423,7 +423,7 @@ func handleResizeEvents(stream io.Reader, channel chan<- remotecommand.TerminalS
}
}
func v1WriteStatusFunc(stream io.WriteCloser) func(status *apierrors.StatusError) error {
func v1WriteStatusFunc(stream io.Writer) func(status *apierrors.StatusError) error {
return func(status *apierrors.StatusError) error {
if status.Status().Status == metav1.StatusSuccess {
return nil // send error messages
@@ -435,7 +435,7 @@ func v1WriteStatusFunc(stream io.WriteCloser) func(status *apierrors.StatusError
// v4WriteStatusFunc returns a WriteStatusFunc that marshals a given api Status
// as json in the error channel.
func v4WriteStatusFunc(stream io.WriteCloser) func(status *apierrors.StatusError) error {
func v4WriteStatusFunc(stream io.Writer) func(status *apierrors.StatusError) error {
return func(status *apierrors.StatusError) error {
bs, err := json.Marshal(status.Status())
if err != nil {

6
vendor/k8s.io/kubernetes/pkg/kubelet/server/streaming/server.go generated vendored
View File

@@ -101,7 +101,7 @@ var DefaultConfig = Config{
SupportedPortForwardProtocols: portforward.SupportedProtocols,
}
// TODO(timstclair): Add auth(n/z) interface & handling.
// TODO(tallclair): Add auth(n/z) interface & handling.
func NewServer(config Config, runtime Runtime) (Server, error) {
s := &server{
config: config,
@@ -193,7 +193,7 @@ func (s *server) GetPortForward(req *runtimeapi.PortForwardRequest) (*runtimeapi
func (s *server) Start(stayUp bool) error {
if !stayUp {
// TODO(timstclair): Implement this.
// TODO(tallclair): Implement this.
return errors.New("stayUp=false is not yet implemented")
}
@@ -210,7 +210,7 @@ func (s *server) Start(stayUp bool) error {
}
func (s *server) Stop() error {
// TODO(timstclair): Implement this.
// TODO(tallclair): Implement this.
return errors.New("not yet implemented")
}

18
vendor/k8s.io/kubernetes/pkg/util/exec/doc.go generated vendored
View File

@@ -1,18 +0,0 @@
/*
Copyright 2014 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// Package exec provides an injectable interface and implementations for running commands.
package exec // import "k8s.io/kubernetes/pkg/util/exec"

200
vendor/k8s.io/kubernetes/pkg/util/exec/exec.go generated vendored
View File

@@ -1,200 +0,0 @@
/*
Copyright 2014 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package exec
import (
"io"
osexec "os/exec"
"syscall"
"time"
)
// ErrExecutableNotFound is returned if the executable is not found.
var ErrExecutableNotFound = osexec.ErrNotFound
// Interface is an interface that presents a subset of the os/exec API. Use this
// when you want to inject fakeable/mockable exec behavior.
type Interface interface {
// Command returns a Cmd instance which can be used to run a single command.
// This follows the pattern of package os/exec.
Command(cmd string, args ...string) Cmd
// LookPath wraps os/exec.LookPath
LookPath(file string) (string, error)
}
// Cmd is an interface that presents an API that is very similar to Cmd from os/exec.
// As more functionality is needed, this can grow. Since Cmd is a struct, we will have
// to replace fields with get/set method pairs.
type Cmd interface {
// Run runs the command to the completion.
Run() error
// CombinedOutput runs the command and returns its combined standard output
// and standard error. This follows the pattern of package os/exec.
CombinedOutput() ([]byte, error)
// Output runs the command and returns standard output, but not standard err
Output() ([]byte, error)
SetDir(dir string)
SetStdin(in io.Reader)
SetStdout(out io.Writer)
SetStderr(out io.Writer)
// Stops the command by sending SIGTERM. It is not guaranteed the
// process will stop before this function returns. If the process is not
// responding, an internal timer function will send a SIGKILL to force
// terminate after 10 seconds.
Stop()
}
// ExitError is an interface that presents an API similar to os.ProcessState, which is
// what ExitError from os/exec is. This is designed to make testing a bit easier and
// probably loses some of the cross-platform properties of the underlying library.
type ExitError interface {
String() string
Error() string
Exited() bool
ExitStatus() int
}
// Implements Interface in terms of really exec()ing.
type executor struct{}
// New returns a new Interface which will os/exec to run commands.
func New() Interface {
return &executor{}
}
// Command is part of the Interface interface.
func (executor *executor) Command(cmd string, args ...string) Cmd {
return (*cmdWrapper)(osexec.Command(cmd, args...))
}
// LookPath is part of the Interface interface
func (executor *executor) LookPath(file string) (string, error) {
return osexec.LookPath(file)
}
// Wraps exec.Cmd so we can capture errors.
type cmdWrapper osexec.Cmd
func (cmd *cmdWrapper) SetDir(dir string) {
cmd.Dir = dir
}
func (cmd *cmdWrapper) SetStdin(in io.Reader) {
cmd.Stdin = in
}
func (cmd *cmdWrapper) SetStdout(out io.Writer) {
cmd.Stdout = out
}
func (cmd *cmdWrapper) SetStderr(out io.Writer) {
cmd.Stderr = out
}
// Run is part of the Cmd interface.
func (cmd *cmdWrapper) Run() error {
return (*osexec.Cmd)(cmd).Run()
}
// CombinedOutput is part of the Cmd interface.
func (cmd *cmdWrapper) CombinedOutput() ([]byte, error) {
out, err := (*osexec.Cmd)(cmd).CombinedOutput()
if err != nil {
return out, handleError(err)
}
return out, nil
}
func (cmd *cmdWrapper) Output() ([]byte, error) {
out, err := (*osexec.Cmd)(cmd).Output()
if err != nil {
return out, handleError(err)
}
return out, nil
}
// Stop is part of the Cmd interface.
func (cmd *cmdWrapper) Stop() {
c := (*osexec.Cmd)(cmd)
if c.ProcessState.Exited() {
return
}
c.Process.Signal(syscall.SIGTERM)
time.AfterFunc(10*time.Second, func() {
if c.ProcessState.Exited() {
return
}
c.Process.Signal(syscall.SIGKILL)
})
}
func handleError(err error) error {
if ee, ok := err.(*osexec.ExitError); ok {
// Force a compile fail if exitErrorWrapper can't convert to ExitError.
var x ExitError = &ExitErrorWrapper{ee}
return x
}
if ee, ok := err.(*osexec.Error); ok {
if ee.Err == osexec.ErrNotFound {
return ErrExecutableNotFound
}
}
return err
}
// ExitErrorWrapper is an implementation of ExitError in terms of os/exec ExitError.
// Note: standard exec.ExitError is type *os.ProcessState, which already implements Exited().
type ExitErrorWrapper struct {
*osexec.ExitError
}
var _ ExitError = ExitErrorWrapper{}
// ExitStatus is part of the ExitError interface.
func (eew ExitErrorWrapper) ExitStatus() int {
ws, ok := eew.Sys().(syscall.WaitStatus)
if !ok {
panic("can't call ExitStatus() on a non-WaitStatus exitErrorWrapper")
}
return ws.ExitStatus()
}
// CodeExitError is an implementation of ExitError consisting of an error object
// and an exit code (the upper bits of os.exec.ExitStatus).
type CodeExitError struct {
Err error
Code int
}
var _ ExitError = CodeExitError{}
func (e CodeExitError) Error() string {
return e.Err.Error()
}
func (e CodeExitError) String() string {
return e.Err.Error()
}
func (e CodeExitError) Exited() bool {
return true
}
func (e CodeExitError) ExitStatus() int {
return e.Code
}

145
vendor/k8s.io/kubernetes/pkg/util/exec/fake_exec.go generated vendored
View File

@@ -1,145 +0,0 @@
/*
Copyright 2014 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package exec
import (
"fmt"
"io"
)
// A simple scripted Interface type.
type FakeExec struct {
CommandScript []FakeCommandAction
CommandCalls int
LookPathFunc func(string) (string, error)
}
type FakeCommandAction func(cmd string, args ...string) Cmd
func (fake *FakeExec) Command(cmd string, args ...string) Cmd {
if fake.CommandCalls > len(fake.CommandScript)-1 {
panic(fmt.Sprintf("ran out of Command() actions. Could not handle command [%d]: %s args: %v", fake.CommandCalls, cmd, args))
}
i := fake.CommandCalls
fake.CommandCalls++
return fake.CommandScript[i](cmd, args...)
}
func (fake *FakeExec) LookPath(file string) (string, error) {
return fake.LookPathFunc(file)
}
// A simple scripted Cmd type.
type FakeCmd struct {
Argv []string
CombinedOutputScript []FakeCombinedOutputAction
CombinedOutputCalls int
CombinedOutputLog [][]string
RunScript []FakeRunAction
RunCalls int
RunLog [][]string
Dirs []string
Stdin io.Reader
Stdout io.Writer
Stderr io.Writer
}
func InitFakeCmd(fake *FakeCmd, cmd string, args ...string) Cmd {
fake.Argv = append([]string{cmd}, args...)
return fake
}
type FakeCombinedOutputAction func() ([]byte, error)
type FakeRunAction func() ([]byte, []byte, error)
func (fake *FakeCmd) SetDir(dir string) {
fake.Dirs = append(fake.Dirs, dir)
}
func (fake *FakeCmd) SetStdin(in io.Reader) {
fake.Stdin = in
}
func (fake *FakeCmd) SetStdout(out io.Writer) {
fake.Stdout = out
}
func (fake *FakeCmd) SetStderr(out io.Writer) {
fake.Stderr = out
}
func (fake *FakeCmd) Run() error {
if fake.RunCalls > len(fake.RunScript)-1 {
panic("ran out of Run() actions")
}
if fake.RunLog == nil {
fake.RunLog = [][]string{}
}
i := fake.RunCalls
fake.RunLog = append(fake.RunLog, append([]string{}, fake.Argv...))
fake.RunCalls++
stdout, stderr, err := fake.RunScript[i]()
if stdout != nil {
fake.Stdout.Write(stdout)
}
if stderr != nil {
fake.Stderr.Write(stderr)
}
return err
}
func (fake *FakeCmd) CombinedOutput() ([]byte, error) {
if fake.CombinedOutputCalls > len(fake.CombinedOutputScript)-1 {
panic("ran out of CombinedOutput() actions")
}
if fake.CombinedOutputLog == nil {
fake.CombinedOutputLog = [][]string{}
}
i := fake.CombinedOutputCalls
fake.CombinedOutputLog = append(fake.CombinedOutputLog, append([]string{}, fake.Argv...))
fake.CombinedOutputCalls++
return fake.CombinedOutputScript[i]()
}
func (fake *FakeCmd) Output() ([]byte, error) {
return nil, fmt.Errorf("unimplemented")
}
func (fake *FakeCmd) Stop() {
// no-op
}
// A simple fake ExitError type.
type FakeExitError struct {
Status int
}
func (fake *FakeExitError) String() string {
return fmt.Sprintf("exit %d", fake.Status)
}
func (fake *FakeExitError) Error() string {
return fake.String()
}
func (fake *FakeExitError) Exited() bool {
return true
}
func (fake *FakeExitError) ExitStatus() int {
return fake.Status
}