Skip to content

Commit

Permalink
Add TempDir and PSP settings for Function (#720)
Browse files Browse the repository at this point in the history
Signed-off-by: Tamal Saha <[email protected]>
  • Loading branch information
tamalsaha authored Apr 3, 2019
1 parent dfc3fbd commit f2669f1
Show file tree
Hide file tree
Showing 49 changed files with 3,380 additions and 1,017 deletions.
1 change: 1 addition & 0 deletions api/api-rules/violation_exceptions.list
Original file line number Diff line number Diff line change
Expand Up @@ -46,3 +46,4 @@ API rule violation: names_match,k8s.io/apimachinery/pkg/runtime,Unknown,Raw
API rule violation: names_match,k8s.io/apimachinery/pkg/util/intstr,IntOrString,IntVal
API rule violation: names_match,k8s.io/apimachinery/pkg/util/intstr,IntOrString,StrVal
API rule violation: names_match,k8s.io/apimachinery/pkg/util/intstr,IntOrString,Type
API rule violation: names_match,kmodules.xyz/offshoot-api/api/v1,ContainerRuntimeSettings,IONice
15 changes: 15 additions & 0 deletions api/crds/v1beta1/backupconfiguration.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -342,6 +342,15 @@ spec:
properties:
container:
properties:
ionice:
description: https://linux.die.net/man/1/ionice
properties:
class:
format: int32
type: integer
classData:
format: int32
type: integer
lifecycle:
description: Lifecycle describes actions that the management
system should take in response to container lifecycle events.
Expand Down Expand Up @@ -600,6 +609,12 @@ spec:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
nice:
description: https://linux.die.net/man/1/nice
properties:
adjustment:
format: int32
type: integer
readinessProbe:
description: Probe describes a health check to be performed
against a container to determine whether it is alive or ready
Expand Down
15 changes: 15 additions & 0 deletions api/crds/v1beta1/backupconfigurationtemplate.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -1534,6 +1534,15 @@ spec:
properties:
container:
properties:
ionice:
description: https://linux.die.net/man/1/ionice
properties:
class:
format: int32
type: integer
classData:
format: int32
type: integer
lifecycle:
description: Lifecycle describes actions that the management
system should take in response to container lifecycle events.
Expand Down Expand Up @@ -1792,6 +1801,12 @@ spec:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
nice:
description: https://linux.die.net/man/1/nice
properties:
adjustment:
format: int32
type: integer
readinessProbe:
description: Probe describes a health check to be performed
against a container to determine whether it is alive or ready
Expand Down
56 changes: 56 additions & 0 deletions api/crds/v1beta1/function.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -503,6 +503,9 @@ spec:
default or override container images in workload controllers like
Deployments and StatefulSets.'
type: string
podSecurityPolicyName:
description: Name of PodSecurityPolicy(PSP) required by this function
type: string
ports:
description: List of ports to expose from the container. Exposing a
port here gives the system additional information about the network
Expand Down Expand Up @@ -542,6 +545,15 @@ spec:
type: array
runtimeSettings:
properties:
ionice:
description: https://linux.die.net/man/1/ionice
properties:
class:
format: int32
type: integer
classData:
format: int32
type: integer
lifecycle:
description: Lifecycle describes actions that the management system
should take in response to container lifecycle events. For the
Expand Down Expand Up @@ -792,6 +804,12 @@ spec:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
nice:
description: https://linux.die.net/man/1/nice
properties:
adjustment:
format: int32
type: integer
readinessProbe:
description: Probe describes a health check to be performed against
a container to determine whether it is alive or ready to receive
Expand Down Expand Up @@ -992,6 +1010,44 @@ spec:
description: User is a SELinux user label that applies to
the container.
type: string
tempDir:
properties:
medium:
type: string
sizeLimit:
description: |-
Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and Int64() accessors.
The serialization format is:
<quantity> ::= <signedNumber><suffix>
(Note that <suffix> may be empty, from the "" case in <decimalSI>.)
<digit> ::= 0 | 1 | ... | 9 <digits> ::= <digit> | <digit><digits> <number> ::= <digits> | <digits>.<digits> | <digits>. | .<digits> <sign> ::= "+" | "-" <signedNumber> ::= <number> | <sign><number> <suffix> ::= <binarySI> | <decimalExponent> | <decimalSI> <binarySI> ::= Ki | Mi | Gi | Ti | Pi | Ei
(International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)
<decimalSI> ::= m | "" | k | M | G | T | P | E
(Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)
<decimalExponent> ::= "e" <signedNumber> | "E" <signedNumber>
No matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.
When a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.
Before serializing, Quantity will be put in "canonical form". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:
a. No precision is lost
b. No fractional digits will be emitted
c. The exponent (or suffix) is as large as possible.
The sign will be omitted unless the number is negative.
Examples:
1.5 will be serialized as "1500m"
1.5Gi will be serialized as "1536Mi"
Note that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.
Non-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)
This format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation.
type: string
volumeDevices:
description: volumeDevices is the list of block devices to be used by
the container. This is an alpha feature and may change in the future.
Expand Down
15 changes: 15 additions & 0 deletions api/crds/v1beta1/restoresession.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -367,6 +367,15 @@ spec:
properties:
container:
properties:
ionice:
description: https://linux.die.net/man/1/ionice
properties:
class:
format: int32
type: integer
classData:
format: int32
type: integer
lifecycle:
description: Lifecycle describes actions that the management
system should take in response to container lifecycle events.
Expand Down Expand Up @@ -625,6 +634,12 @@ spec:
https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes'
format: int32
type: integer
nice:
description: https://linux.die.net/man/1/nice
properties:
adjustment:
format: int32
type: integer
readinessProbe:
description: Probe describes a health check to be performed
against a container to determine whether it is alive or ready
Expand Down
60 changes: 59 additions & 1 deletion apis/repositories/v1alpha1/openapi_generated.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

60 changes: 59 additions & 1 deletion apis/stash/v1alpha1/openapi_generated.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

12 changes: 12 additions & 0 deletions apis/stash/v1beta1/function_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ package v1beta1

import (
core "k8s.io/api/core/v1"
resource "k8s.io/apimachinery/pkg/api/resource"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
ofst "kmodules.xyz/offshoot-api/api/v1"
)
Expand Down Expand Up @@ -96,6 +97,17 @@ type FunctionSpec struct {
// RuntimeSettings allow to specify Resources, LivenessProbe, ReadinessProbe, Lifecycle, SecurityContext etc.
//+optional
RuntimeSettings *ofst.ContainerRuntimeSettings `json:"runtimeSettings,omitempty"`
// Name of PodSecurityPolicy(PSP) required by this function
//+optional
PodSecurityPolicyName string `json:"podSecurityPolicyName,omitempty"`
// Temp directory configuration for this function. If set, an `EmptyDir` will be mounted at /tmp with this settings.
//+optional
TempDir *EmptyDirSettings `json:"tempDir,omitempty"`
}

type EmptyDirSettings struct {
Medium core.StorageMedium `json:"medium,omitempty"`
SizeLimit *resource.Quantity `json:"sizeLimit,omitempty"`
}

// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
Expand Down
Loading

0 comments on commit f2669f1

Please sign in to comment.