Add generated file

This PR adds generated files under pkg/client and vendor folder.
2018-07-12 10:55:15 -07:00
parent 36b1de0341
commit e213d1890d
17729 changed files with 5090889 additions and 0 deletions
--- a/vendor/k8s.io/kubernetes/plugin/pkg/admission/antiaffinity/BUILD
+++ b/vendor/k8s.io/kubernetes/plugin/pkg/admission/antiaffinity/BUILD
@@ -0,0 +1,48 @@
+package(default_visibility = ["//visibility:public"])
+
+load(
+    "@io_bazel_rules_go//go:def.bzl",
+    "go_library",
+    "go_test",
+)
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "admission.go",
+        "doc.go",
+    ],
+    importpath = "k8s.io/kubernetes/plugin/pkg/admission/antiaffinity",
+    deps = [
+        "//pkg/apis/core:go_default_library",
+        "//pkg/kubelet/apis:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/api/errors:go_default_library",
+        "//vendor/k8s.io/apiserver/pkg/admission:go_default_library",
+    ],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = ["admission_test.go"],
+    embed = [":go_default_library"],
+    deps = [
+        "//pkg/apis/core:go_default_library",
+        "//pkg/kubelet/apis:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
+        "//vendor/k8s.io/apiserver/pkg/admission:go_default_library",
+    ],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [":package-srcs"],
+    tags = ["automanaged"],
+)
--- a/vendor/k8s.io/kubernetes/plugin/pkg/admission/antiaffinity/admission.go
+++ b/vendor/k8s.io/kubernetes/plugin/pkg/admission/antiaffinity/admission.go
@@ -0,0 +1,80 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package antiaffinity
+
+import (
+	"fmt"
+	"io"
+
+	apierrors "k8s.io/apimachinery/pkg/api/errors"
+	"k8s.io/apiserver/pkg/admission"
+	api "k8s.io/kubernetes/pkg/apis/core"
+	kubeletapis "k8s.io/kubernetes/pkg/kubelet/apis"
+)
+
+const PluginName = "LimitPodHardAntiAffinityTopology"
+
+// Register registers a plugin
+func Register(plugins *admission.Plugins) {
+	plugins.Register(PluginName, func(config io.Reader) (admission.Interface, error) {
+		return NewInterPodAntiAffinity(), nil
+	})
+}
+
+// Plugin contains the client used by the admission controller
+type Plugin struct {
+	*admission.Handler
+}
+
+var _ admission.ValidationInterface = &Plugin{}
+
+// NewInterPodAntiAffinity creates a new instance of the LimitPodHardAntiAffinityTopology admission controller
+func NewInterPodAntiAffinity() *Plugin {
+	return &Plugin{
+		Handler: admission.NewHandler(admission.Create, admission.Update),
+	}
+}
+
+// Validate will deny any pod that defines AntiAffinity topology key other than kubeletapis.LabelHostname i.e. "kubernetes.io/hostname"
+// in  requiredDuringSchedulingRequiredDuringExecution and requiredDuringSchedulingIgnoredDuringExecution.
+func (p *Plugin) Validate(attributes admission.Attributes) (err error) {
+	// Ignore all calls to subresources or resources other than pods.
+	if len(attributes.GetSubresource()) != 0 || attributes.GetResource().GroupResource() != api.Resource("pods") {
+		return nil
+	}
+	pod, ok := attributes.GetObject().(*api.Pod)
+	if !ok {
+		return apierrors.NewBadRequest("Resource was marked with kind Pod but was unable to be converted")
+	}
+	affinity := pod.Spec.Affinity
+	if affinity != nil && affinity.PodAntiAffinity != nil {
+		var podAntiAffinityTerms []api.PodAffinityTerm
+		if len(affinity.PodAntiAffinity.RequiredDuringSchedulingIgnoredDuringExecution) != 0 {
+			podAntiAffinityTerms = affinity.PodAntiAffinity.RequiredDuringSchedulingIgnoredDuringExecution
+		}
+		// TODO: Uncomment this block when implement RequiredDuringSchedulingRequiredDuringExecution.
+		//if len(affinity.PodAntiAffinity.RequiredDuringSchedulingRequiredDuringExecution) != 0 {
+		//        podAntiAffinityTerms = append(podAntiAffinityTerms, affinity.PodAntiAffinity.RequiredDuringSchedulingRequiredDuringExecution...)
+		//}
+		for _, v := range podAntiAffinityTerms {
+			if v.TopologyKey != kubeletapis.LabelHostname {
+				return apierrors.NewForbidden(attributes.GetResource().GroupResource(), pod.Name, fmt.Errorf("affinity.PodAntiAffinity.RequiredDuringScheduling has TopologyKey %v but only key %v is allowed", v.TopologyKey, kubeletapis.LabelHostname))
+			}
+		}
+	}
+	return nil
+}
--- a/vendor/k8s.io/kubernetes/plugin/pkg/admission/antiaffinity/admission_test.go
+++ b/vendor/k8s.io/kubernetes/plugin/pkg/admission/antiaffinity/admission_test.go
@@ -0,0 +1,284 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package antiaffinity
+
+import (
+	"testing"
+
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apiserver/pkg/admission"
+	api "k8s.io/kubernetes/pkg/apis/core"
+	kubeletapis "k8s.io/kubernetes/pkg/kubelet/apis"
+)
+
+// ensures the hard PodAntiAffinity is denied if it defines TopologyKey other than kubernetes.io/hostname.
+// TODO: Add test case "invalid topologyKey in requiredDuringSchedulingRequiredDuringExecution then admission fails"
+// after RequiredDuringSchedulingRequiredDuringExecution is implemented.
+func TestInterPodAffinityAdmission(t *testing.T) {
+	handler := NewInterPodAntiAffinity()
+	pod := api.Pod{
+		Spec: api.PodSpec{},
+	}
+	tests := []struct {
+		affinity      *api.Affinity
+		errorExpected bool
+	}{
+		// empty affinity its success.
+		{
+			affinity:      &api.Affinity{},
+			errorExpected: false,
+		},
+		// what ever topologyKey in preferredDuringSchedulingIgnoredDuringExecution, the admission should success.
+		{
+			affinity: &api.Affinity{
+				PodAntiAffinity: &api.PodAntiAffinity{
+					PreferredDuringSchedulingIgnoredDuringExecution: []api.WeightedPodAffinityTerm{
+						{
+							Weight: 5,
+							PodAffinityTerm: api.PodAffinityTerm{
+								LabelSelector: &metav1.LabelSelector{
+									MatchExpressions: []metav1.LabelSelectorRequirement{
+										{
+											Key:      "security",
+											Operator: metav1.LabelSelectorOpIn,
+											Values:   []string{"S2"},
+										},
+									},
+								},
+								TopologyKey: "az",
+							},
+						},
+					},
+				},
+			},
+			errorExpected: false,
+		},
+		// valid topologyKey in requiredDuringSchedulingIgnoredDuringExecution,
+		// plus any topologyKey in preferredDuringSchedulingIgnoredDuringExecution, then admission success.
+		{
+			affinity: &api.Affinity{
+				PodAntiAffinity: &api.PodAntiAffinity{
+					PreferredDuringSchedulingIgnoredDuringExecution: []api.WeightedPodAffinityTerm{
+						{
+							Weight: 5,
+							PodAffinityTerm: api.PodAffinityTerm{
+								LabelSelector: &metav1.LabelSelector{
+									MatchExpressions: []metav1.LabelSelectorRequirement{
+										{
+											Key:      "security",
+											Operator: metav1.LabelSelectorOpIn,
+											Values:   []string{"S2"},
+										},
+									},
+								},
+								TopologyKey: "az",
+							},
+						},
+					},
+					RequiredDuringSchedulingIgnoredDuringExecution: []api.PodAffinityTerm{
+						{
+							LabelSelector: &metav1.LabelSelector{
+								MatchExpressions: []metav1.LabelSelectorRequirement{
+									{
+										Key:      "security",
+										Operator: metav1.LabelSelectorOpIn,
+										Values:   []string{"S2"},
+									},
+								},
+							},
+							TopologyKey: kubeletapis.LabelHostname,
+						},
+					},
+				},
+			},
+			errorExpected: false,
+		},
+		// valid topologyKey in requiredDuringSchedulingIgnoredDuringExecution then admission success.
+		{
+			affinity: &api.Affinity{
+				PodAntiAffinity: &api.PodAntiAffinity{
+					RequiredDuringSchedulingIgnoredDuringExecution: []api.PodAffinityTerm{
+						{
+							LabelSelector: &metav1.LabelSelector{
+								MatchExpressions: []metav1.LabelSelectorRequirement{
+									{
+										Key:      "security",
+										Operator: metav1.LabelSelectorOpIn,
+										Values:   []string{"S2"},
+									},
+								},
+							},
+							TopologyKey: kubeletapis.LabelHostname,
+						},
+					},
+				},
+			},
+			errorExpected: false,
+		},
+		// invalid topologyKey in requiredDuringSchedulingIgnoredDuringExecution then admission fails.
+		{
+			affinity: &api.Affinity{
+				PodAntiAffinity: &api.PodAntiAffinity{
+					RequiredDuringSchedulingIgnoredDuringExecution: []api.PodAffinityTerm{
+						{
+							LabelSelector: &metav1.LabelSelector{
+								MatchExpressions: []metav1.LabelSelectorRequirement{
+									{
+										Key:      "security",
+										Operator: metav1.LabelSelectorOpIn,
+										Values:   []string{"S2"},
+									},
+								},
+							},
+							TopologyKey: " zone ",
+						},
+					},
+				},
+			},
+			errorExpected: true,
+		},
+		// list of requiredDuringSchedulingIgnoredDuringExecution middle element topologyKey is not valid.
+		{
+			affinity: &api.Affinity{
+				PodAntiAffinity: &api.PodAntiAffinity{
+					RequiredDuringSchedulingIgnoredDuringExecution: []api.PodAffinityTerm{
+						{
+							LabelSelector: &metav1.LabelSelector{
+								MatchExpressions: []metav1.LabelSelectorRequirement{
+									{
+										Key:      "security",
+										Operator: metav1.LabelSelectorOpIn,
+										Values:   []string{"S2"},
+									},
+								},
+							},
+							TopologyKey: kubeletapis.LabelHostname,
+						}, {
+							LabelSelector: &metav1.LabelSelector{
+								MatchExpressions: []metav1.LabelSelectorRequirement{
+									{
+										Key:      "security",
+										Operator: metav1.LabelSelectorOpIn,
+										Values:   []string{"S2"},
+									},
+								},
+							},
+							TopologyKey: " zone ",
+						}, {
+							LabelSelector: &metav1.LabelSelector{
+								MatchExpressions: []metav1.LabelSelectorRequirement{
+									{
+										Key:      "security",
+										Operator: metav1.LabelSelectorOpIn,
+										Values:   []string{"S2"},
+									},
+								},
+							},
+							TopologyKey: kubeletapis.LabelHostname,
+						},
+					},
+				},
+			},
+			errorExpected: true,
+		},
+	}
+	for _, test := range tests {
+		pod.Spec.Affinity = test.affinity
+		err := handler.Validate(admission.NewAttributesRecord(&pod, nil, api.Kind("Pod").WithVersion("version"), "foo", "name", api.Resource("pods").WithVersion("version"), "", "ignored", nil))
+
+		if test.errorExpected && err == nil {
+			t.Errorf("Expected error for Anti Affinity %+v but did not get an error", test.affinity)
+		}
+
+		if !test.errorExpected && err != nil {
+			t.Errorf("Unexpected error %v for AntiAffinity %+v", err, test.affinity)
+		}
+	}
+}
+func TestHandles(t *testing.T) {
+	handler := NewInterPodAntiAffinity()
+	tests := map[admission.Operation]bool{
+		admission.Update:  true,
+		admission.Create:  true,
+		admission.Delete:  false,
+		admission.Connect: false,
+	}
+	for op, expected := range tests {
+		result := handler.Handles(op)
+		if result != expected {
+			t.Errorf("Unexpected result for operation %s: %v\n", op, result)
+		}
+	}
+}
+
+// TestOtherResources ensures that this admission controller is a no-op for other resources,
+// subresources, and non-pods.
+func TestOtherResources(t *testing.T) {
+	namespace := "testnamespace"
+	name := "testname"
+	pod := &api.Pod{
+		ObjectMeta: metav1.ObjectMeta{Name: name, Namespace: namespace},
+	}
+	tests := []struct {
+		name        string
+		kind        string
+		resource    string
+		subresource string
+		object      runtime.Object
+		expectError bool
+	}{
+		{
+			name:     "non-pod resource",
+			kind:     "Foo",
+			resource: "foos",
+			object:   pod,
+		},
+		{
+			name:        "pod subresource",
+			kind:        "Pod",
+			resource:    "pods",
+			subresource: "eviction",
+			object:      pod,
+		},
+		{
+			name:        "non-pod object",
+			kind:        "Pod",
+			resource:    "pods",
+			object:      &api.Service{},
+			expectError: true,
+		},
+	}
+
+	for _, tc := range tests {
+		handler := &Plugin{}
+
+		err := handler.Validate(admission.NewAttributesRecord(tc.object, nil, api.Kind(tc.kind).WithVersion("version"), namespace, name, api.Resource(tc.resource).WithVersion("version"), tc.subresource, admission.Create, nil))
+
+		if tc.expectError {
+			if err == nil {
+				t.Errorf("%s: unexpected nil error", tc.name)
+			}
+			continue
+		}
+
+		if err != nil {
+			t.Errorf("%s: unexpected error: %v", tc.name, err)
+			continue
+		}
+	}
+}
--- a/vendor/k8s.io/kubernetes/plugin/pkg/admission/antiaffinity/doc.go
+++ b/vendor/k8s.io/kubernetes/plugin/pkg/admission/antiaffinity/doc.go
@@ -0,0 +1,28 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// LimitPodHardAntiAffinityTopology admission controller rejects any pod
+// that specifies "hard" (RequiredDuringScheduling) anti-affinity
+// with a TopologyKey other than kubeletapis.LabelHostname.
+// Because anti-affinity is symmetric, without this admission controller,
+// a user could maliciously or accidentally specify that their pod (once it has scheduled)
+// should block other pods from scheduling into the same zone or some other large topology,
+// essentially DoSing the cluster.
+// In the future we will address this problem more fully by using quota and priority,
+// but for now this admission controller provides a simple protection,
+// on the assumption that the only legitimate use of hard pod anti-affinity
+// is to exclude other pods from the same node.
+package antiaffinity // import "k8s.io/kubernetes/plugin/pkg/admission/antiaffinity"