From 5458f05679fc1f31831599167affda4f3b1fd7ea Mon Sep 17 00:00:00 2001 From: deads2k Date: Tue, 19 May 2015 08:39:46 -0400 Subject: [PATCH] create LocalObjectReference --- pkg/api/types.go | 10 ++++++++-- pkg/api/v1/conversion_generated.go | 26 +++++++++++++++++++++---- pkg/api/v1/types.go | 8 +++++++- pkg/api/v1beta1/types.go | 10 ++++++++-- pkg/api/v1beta2/types.go | 10 ++++++++-- pkg/api/v1beta3/conversion_generated.go | 26 +++++++++++++++++++++---- pkg/api/v1beta3/types.go | 8 +++++++- pkg/api/validation/validation.go | 6 ++++-- pkg/api/validation/validation_test.go | 18 ----------------- pkg/kubelet/dockertools/manager.go | 6 +++--- pkg/registry/pod/rest.go | 7 ------- 11 files changed, 89 insertions(+), 46 deletions(-) diff --git a/pkg/api/types.go b/pkg/api/types.go index 002b1dd0f8a..ef19c0a4ac2 100644 --- a/pkg/api/types.go +++ b/pkg/api/types.go @@ -834,7 +834,7 @@ type PodSpec struct { // ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. // If specified, these secrets will be passed to individual puller implementations for them to use. For example, // in the case of docker, only DockerConfig type secrets are honored. - ImagePullSecrets []ObjectReference `json:"imagePullSecrets,omitempty" description:"list of references to secrets in the same namespace available for pulling the container images"` + ImagePullSecrets []LocalObjectReference `json:"imagePullSecrets,omitempty" description:"list of references to secrets in the same namespace available for pulling the container images"` } // PodStatus represents information about the status of a pod. Status may trail the actual @@ -1635,6 +1635,12 @@ type ObjectReference struct { FieldPath string `json:"fieldPath,omitempty"` } +// LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. +type LocalObjectReference struct { + //TODO: Add other useful fields. apiVersion, kind, uid? + Name string +} + type SerializedReference struct { TypeMeta `json:",inline"` Reference ObjectReference `json:"reference,omitempty" description:"the reference to an object in the system"` @@ -1712,7 +1718,7 @@ type ContainerManifest struct { // ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. // If specified, these secrets will be passed to individual puller implementations for them to use. For example, // in the case of docker, only DockerConfig type secrets are honored. - ImagePullSecrets []ObjectReference `json:"imagePullSecrets,omitempty" description:"list of references to secrets in the same namespace available for pulling the container images"` + ImagePullSecrets []LocalObjectReference `json:"imagePullSecrets,omitempty" description:"list of references to secrets in the same namespace available for pulling the container images"` } // ContainerManifestList is used to communicate container manifests to kubelet. diff --git a/pkg/api/v1/conversion_generated.go b/pkg/api/v1/conversion_generated.go index 07223883f59..ad99cea26be 100644 --- a/pkg/api/v1/conversion_generated.go +++ b/pkg/api/v1/conversion_generated.go @@ -1413,6 +1413,22 @@ func convert_api_ListOptions_To_v1_ListOptions(in *newer.ListOptions, out *ListO return nil } +func convert_v1_LocalObjectReference_To_api_LocalObjectReference(in *LocalObjectReference, out *newer.LocalObjectReference, s conversion.Scope) error { + if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found { + defaulting.(func(*LocalObjectReference))(in) + } + out.Name = in.Name + return nil +} + +func convert_api_LocalObjectReference_To_v1_LocalObjectReference(in *newer.LocalObjectReference, out *LocalObjectReference, s conversion.Scope) error { + if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found { + defaulting.(func(*newer.LocalObjectReference))(in) + } + out.Name = in.Name + return nil +} + func convert_v1_NFSVolumeSource_To_api_NFSVolumeSource(in *NFSVolumeSource, out *newer.NFSVolumeSource, s conversion.Scope) error { if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found { defaulting.(func(*NFSVolumeSource))(in) @@ -2671,9 +2687,9 @@ func convert_v1_PodSpec_To_api_PodSpec(in *PodSpec, out *newer.PodSpec, s conver out.Host = in.Host out.HostNetwork = in.HostNetwork if in.ImagePullSecrets != nil { - out.ImagePullSecrets = make([]newer.ObjectReference, len(in.ImagePullSecrets)) + out.ImagePullSecrets = make([]newer.LocalObjectReference, len(in.ImagePullSecrets)) for i := range in.ImagePullSecrets { - if err := convert_v1_ObjectReference_To_api_ObjectReference(&in.ImagePullSecrets[i], &out.ImagePullSecrets[i], s); err != nil { + if err := convert_v1_LocalObjectReference_To_api_LocalObjectReference(&in.ImagePullSecrets[i], &out.ImagePullSecrets[i], s); err != nil { return err } } @@ -2733,9 +2749,9 @@ func convert_api_PodSpec_To_v1_PodSpec(in *newer.PodSpec, out *PodSpec, s conver out.Host = in.Host out.HostNetwork = in.HostNetwork if in.ImagePullSecrets != nil { - out.ImagePullSecrets = make([]ObjectReference, len(in.ImagePullSecrets)) + out.ImagePullSecrets = make([]LocalObjectReference, len(in.ImagePullSecrets)) for i := range in.ImagePullSecrets { - if err := convert_api_ObjectReference_To_v1_ObjectReference(&in.ImagePullSecrets[i], &out.ImagePullSecrets[i], s); err != nil { + if err := convert_api_LocalObjectReference_To_v1_LocalObjectReference(&in.ImagePullSecrets[i], &out.ImagePullSecrets[i], s); err != nil { return err } } @@ -4353,6 +4369,7 @@ func init() { convert_api_ListMeta_To_v1_ListMeta, convert_api_ListOptions_To_v1_ListOptions, convert_api_List_To_v1_List, + convert_api_LocalObjectReference_To_v1_LocalObjectReference, convert_api_NFSVolumeSource_To_v1_NFSVolumeSource, convert_api_NamespaceList_To_v1_NamespaceList, convert_api_NamespaceSpec_To_v1_NamespaceSpec, @@ -4462,6 +4479,7 @@ func init() { convert_v1_ListMeta_To_api_ListMeta, convert_v1_ListOptions_To_api_ListOptions, convert_v1_List_To_api_List, + convert_v1_LocalObjectReference_To_api_LocalObjectReference, convert_v1_NFSVolumeSource_To_api_NFSVolumeSource, convert_v1_NamespaceList_To_api_NamespaceList, convert_v1_NamespaceSpec_To_api_NamespaceSpec, diff --git a/pkg/api/v1/types.go b/pkg/api/v1/types.go index b5877bde934..ddbe380363a 100644 --- a/pkg/api/v1/types.go +++ b/pkg/api/v1/types.go @@ -832,7 +832,7 @@ type PodSpec struct { // ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. // If specified, these secrets will be passed to individual puller implementations for them to use. For example, // in the case of docker, only DockerConfig type secrets are honored. - ImagePullSecrets []ObjectReference `json:"imagePullSecrets,omitempty" description:"list of references to secrets in the same namespace available for pulling the container images" patchStrategy:"merge" patchMergeKey:"name"` + ImagePullSecrets []LocalObjectReference `json:"imagePullSecrets,omitempty" description:"list of references to secrets in the same namespace available for pulling the container images" patchStrategy:"merge" patchMergeKey:"name"` } // PodStatus represents information about the status of a pod. Status may trail the actual @@ -1563,6 +1563,12 @@ type ObjectReference struct { FieldPath string `json:"fieldPath,omitempty" description:"if referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]"` } +// LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. +type LocalObjectReference struct { + //TODO: Add other useful fields. apiVersion, kind, uid? + Name string `json:"name,omitempty" description:"name of the referent"` +} + type SerializedReference struct { TypeMeta `json:",inline"` Reference ObjectReference `json:"reference,omitempty" description:"the reference to an object in the system"` diff --git a/pkg/api/v1beta1/types.go b/pkg/api/v1beta1/types.go index a3b95135724..62933e3850a 100644 --- a/pkg/api/v1beta1/types.go +++ b/pkg/api/v1beta1/types.go @@ -78,7 +78,7 @@ type ContainerManifest struct { // ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. // If specified, these secrets will be passed to individual puller implementations for them to use. For example, // in the case of docker, only DockerConfig type secrets are honored. - ImagePullSecrets []ObjectReference `json:"imagePullSecrets,omitempty" description:"list of references to secrets in the same namespace available for pulling the container images"` + ImagePullSecrets []LocalObjectReference `json:"imagePullSecrets,omitempty" description:"list of references to secrets in the same namespace available for pulling the container images"` } // ContainerManifestList is used to communicate container manifests to kubelet. @@ -1413,6 +1413,12 @@ type ObjectReference struct { FieldPath string `json:"fieldPath,omitempty" description:"if referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]"` } +// LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. +type LocalObjectReference struct { + //TODO: Add other useful fields. apiVersion, kind, uid? + Name string `json:"name,omitempty" description:"name of the referent"` +} + type SerializedReference struct { TypeMeta `json:",inline"` Reference ObjectReference `json:"reference,omitempty" description:"the reference to an object in the system"` @@ -1512,7 +1518,7 @@ type PodSpec struct { // ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. // If specified, these secrets will be passed to individual puller implementations for them to use. For example, // in the case of docker, only DockerConfig type secrets are honored. - ImagePullSecrets []ObjectReference `json:"imagePullSecrets,omitempty" description:"list of references to secrets in the same namespace available for pulling the container images"` + ImagePullSecrets []LocalObjectReference `json:"imagePullSecrets,omitempty" description:"list of references to secrets in the same namespace available for pulling the container images"` } // List holds a list of objects, which may not be known by the server. diff --git a/pkg/api/v1beta2/types.go b/pkg/api/v1beta2/types.go index 6285f1e4ce5..58b0af02ad3 100644 --- a/pkg/api/v1beta2/types.go +++ b/pkg/api/v1beta2/types.go @@ -1443,6 +1443,12 @@ type ObjectReference struct { FieldPath string `json:"fieldPath,omitempty" description:"if referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]"` } +// LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. +type LocalObjectReference struct { + //TODO: Add other useful fields. apiVersion, kind, uid? + Name string `json:"name,omitempty" description:"name of the referent"` +} + type SerializedReference struct { TypeMeta `json:",inline"` Reference ObjectReference `json:"reference,omitempty" description:"the reference to an object in the system"` @@ -1540,7 +1546,7 @@ type ContainerManifest struct { // ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. // If specified, these secrets will be passed to individual puller implementations for them to use. For example, // in the case of docker, only DockerConfig type secrets are honored. - ImagePullSecrets []ObjectReference `json:"imagePullSecrets,omitempty" description:"list of references to secrets in the same namespace available for pulling the container images"` + ImagePullSecrets []LocalObjectReference `json:"imagePullSecrets,omitempty" description:"list of references to secrets in the same namespace available for pulling the container images"` } // ContainerManifestList is used to communicate container manifests to kubelet. @@ -1588,7 +1594,7 @@ type PodSpec struct { // ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. // If specified, these secrets will be passed to individual puller implementations for them to use. For example, // in the case of docker, only DockerConfig type secrets are honored. - ImagePullSecrets []ObjectReference `json:"imagePullSecrets,omitempty" description:"list of references to secrets in the same namespace available for pulling the container images"` + ImagePullSecrets []LocalObjectReference `json:"imagePullSecrets,omitempty" description:"list of references to secrets in the same namespace available for pulling the container images"` } // List holds a list of objects, which may not be known by the server. diff --git a/pkg/api/v1beta3/conversion_generated.go b/pkg/api/v1beta3/conversion_generated.go index 681bb595af0..bfd7044235b 100644 --- a/pkg/api/v1beta3/conversion_generated.go +++ b/pkg/api/v1beta3/conversion_generated.go @@ -1413,6 +1413,22 @@ func convert_api_ListOptions_To_v1beta3_ListOptions(in *newer.ListOptions, out * return nil } +func convert_v1beta3_LocalObjectReference_To_api_LocalObjectReference(in *LocalObjectReference, out *newer.LocalObjectReference, s conversion.Scope) error { + if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found { + defaulting.(func(*LocalObjectReference))(in) + } + out.Name = in.Name + return nil +} + +func convert_api_LocalObjectReference_To_v1beta3_LocalObjectReference(in *newer.LocalObjectReference, out *LocalObjectReference, s conversion.Scope) error { + if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found { + defaulting.(func(*newer.LocalObjectReference))(in) + } + out.Name = in.Name + return nil +} + func convert_v1beta3_NFSVolumeSource_To_api_NFSVolumeSource(in *NFSVolumeSource, out *newer.NFSVolumeSource, s conversion.Scope) error { if defaulting, found := s.DefaultingInterface(reflect.TypeOf(*in)); found { defaulting.(func(*NFSVolumeSource))(in) @@ -2671,9 +2687,9 @@ func convert_v1beta3_PodSpec_To_api_PodSpec(in *PodSpec, out *newer.PodSpec, s c out.Host = in.Host out.HostNetwork = in.HostNetwork if in.ImagePullSecrets != nil { - out.ImagePullSecrets = make([]newer.ObjectReference, len(in.ImagePullSecrets)) + out.ImagePullSecrets = make([]newer.LocalObjectReference, len(in.ImagePullSecrets)) for i := range in.ImagePullSecrets { - if err := convert_v1beta3_ObjectReference_To_api_ObjectReference(&in.ImagePullSecrets[i], &out.ImagePullSecrets[i], s); err != nil { + if err := convert_v1beta3_LocalObjectReference_To_api_LocalObjectReference(&in.ImagePullSecrets[i], &out.ImagePullSecrets[i], s); err != nil { return err } } @@ -2733,9 +2749,9 @@ func convert_api_PodSpec_To_v1beta3_PodSpec(in *newer.PodSpec, out *PodSpec, s c out.Host = in.Host out.HostNetwork = in.HostNetwork if in.ImagePullSecrets != nil { - out.ImagePullSecrets = make([]ObjectReference, len(in.ImagePullSecrets)) + out.ImagePullSecrets = make([]LocalObjectReference, len(in.ImagePullSecrets)) for i := range in.ImagePullSecrets { - if err := convert_api_ObjectReference_To_v1beta3_ObjectReference(&in.ImagePullSecrets[i], &out.ImagePullSecrets[i], s); err != nil { + if err := convert_api_LocalObjectReference_To_v1beta3_LocalObjectReference(&in.ImagePullSecrets[i], &out.ImagePullSecrets[i], s); err != nil { return err } } @@ -4353,6 +4369,7 @@ func init() { convert_api_ListMeta_To_v1beta3_ListMeta, convert_api_ListOptions_To_v1beta3_ListOptions, convert_api_List_To_v1beta3_List, + convert_api_LocalObjectReference_To_v1beta3_LocalObjectReference, convert_api_NFSVolumeSource_To_v1beta3_NFSVolumeSource, convert_api_NamespaceList_To_v1beta3_NamespaceList, convert_api_NamespaceSpec_To_v1beta3_NamespaceSpec, @@ -4462,6 +4479,7 @@ func init() { convert_v1beta3_ListMeta_To_api_ListMeta, convert_v1beta3_ListOptions_To_api_ListOptions, convert_v1beta3_List_To_api_List, + convert_v1beta3_LocalObjectReference_To_api_LocalObjectReference, convert_v1beta3_NFSVolumeSource_To_api_NFSVolumeSource, convert_v1beta3_NamespaceList_To_api_NamespaceList, convert_v1beta3_NamespaceSpec_To_api_NamespaceSpec, diff --git a/pkg/api/v1beta3/types.go b/pkg/api/v1beta3/types.go index d190a854d3b..9aa3d3f09b7 100644 --- a/pkg/api/v1beta3/types.go +++ b/pkg/api/v1beta3/types.go @@ -832,7 +832,7 @@ type PodSpec struct { // ImagePullSecrets is an optional list of references to secrets in the same namespace to use for pulling any of the images used by this PodSpec. // If specified, these secrets will be passed to individual puller implementations for them to use. For example, // in the case of docker, only DockerConfig type secrets are honored. - ImagePullSecrets []ObjectReference `json:"imagePullSecrets,omitempty" description:"list of references to secrets in the same namespace available for pulling the container images" patchStrategy:"merge" patchMergeKey:"name"` + ImagePullSecrets []LocalObjectReference `json:"imagePullSecrets,omitempty" description:"list of references to secrets in the same namespace available for pulling the container images" patchStrategy:"merge" patchMergeKey:"name"` } // PodStatus represents information about the status of a pod. Status may trail the actual @@ -1563,6 +1563,12 @@ type ObjectReference struct { FieldPath string `json:"fieldPath,omitempty" description:"if referring to a piece of an object instead of an entire object, this string should contain a valid JSON/Go field access statement, such as desiredState.manifest.containers[2]"` } +// LocalObjectReference contains enough information to let you locate the referenced object inside the same namespace. +type LocalObjectReference struct { + //TODO: Add other useful fields. apiVersion, kind, uid? + Name string `json:"name,omitempty" description:"name of the referent"` +} + type SerializedReference struct { TypeMeta `json:",inline"` Reference ObjectReference `json:"reference,omitempty" description:"the reference to an object in the system"` diff --git a/pkg/api/validation/validation.go b/pkg/api/validation/validation.go index fb97ab75655..7f03a18171f 100644 --- a/pkg/api/validation/validation.go +++ b/pkg/api/validation/validation.go @@ -891,10 +891,12 @@ func validateHostNetwork(hostNetwork bool, containers []api.Container) errs.Vali return allErrors } -func validateImagePullSecrets(imagePullSecrets []api.ObjectReference) errs.ValidationErrorList { +// validateImagePullSecrets checks to make sure the pull secrets are well formed. Right now, we only expect name to be set (it's the only field). If this ever changes +// and someone decides to set those fields, we'd like to know. +func validateImagePullSecrets(imagePullSecrets []api.LocalObjectReference) errs.ValidationErrorList { allErrors := errs.ValidationErrorList{} for i, currPullSecret := range imagePullSecrets { - strippedRef := api.ObjectReference{Name: currPullSecret.Name} + strippedRef := api.LocalObjectReference{Name: currPullSecret.Name} if !reflect.DeepEqual(strippedRef, currPullSecret) { allErrors = append(allErrors, errs.NewFieldInvalid(fmt.Sprintf("[%d]", i), currPullSecret, "only name may be set")) diff --git a/pkg/api/validation/validation_test.go b/pkg/api/validation/validation_test.go index dab336add2a..bb780eee1a2 100644 --- a/pkg/api/validation/validation_test.go +++ b/pkg/api/validation/validation_test.go @@ -1054,24 +1054,6 @@ func TestValidatePodSpec(t *testing.T) { DNSPolicy: api.DNSClusterFirst, Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}}, }, - "namespace on imagePullSecret": { - // basic valid fields - Volumes: []api.Volume{{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}}}, - Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}}, - RestartPolicy: api.RestartPolicyAlways, - DNSPolicy: api.DNSClusterFirst, - - ImagePullSecrets: []api.ObjectReference{{Name: "foo", Namespace: "bar"}}, - }, - "kind on imagePullSecret": { - // basic valid fields - Volumes: []api.Volume{{Name: "vol", VolumeSource: api.VolumeSource{EmptyDir: &api.EmptyDirVolumeSource{}}}}, - Containers: []api.Container{{Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent"}}, - RestartPolicy: api.RestartPolicyAlways, - DNSPolicy: api.DNSClusterFirst, - - ImagePullSecrets: []api.ObjectReference{{Name: "foo", Kind: "bar"}}, - }, "with hostNetwork hostPort not equal to containerPort": { Containers: []api.Container{ {Name: "ctr", Image: "image", ImagePullPolicy: "IfNotPresent", Ports: []api.ContainerPort{ diff --git a/pkg/kubelet/dockertools/manager.go b/pkg/kubelet/dockertools/manager.go index f8a6cba61b3..2454f395000 100644 --- a/pkg/kubelet/dockertools/manager.go +++ b/pkg/kubelet/dockertools/manager.go @@ -1230,7 +1230,7 @@ func (dm *DockerManager) runContainerInPod(pod *api.Pod, container *api.Containe } // createPodInfraContainer starts the pod infra container for a pod. Returns the docker container ID of the newly created container. -func (dm *DockerManager) createPodInfraContainer(pod *api.Pod, pullSecrets []api.Secret) (kubeletTypes.DockerID, error) { +func (dm *DockerManager) createPodInfraContainer(pod *api.Pod) (kubeletTypes.DockerID, error) { // Use host networking if specified. netNamespace := "" var ports []api.ContainerPort @@ -1264,7 +1264,7 @@ func (dm *DockerManager) createPodInfraContainer(pod *api.Pod, pullSecrets []api return "", err } if !ok { - if err := dm.PullImage(spec, pullSecrets); err != nil { + if err := dm.PullImage(spec, nil /* no pod secrets for the infra container */); err != nil { if ref != nil { dm.recorder.Eventf(ref, "failed", "Failed to pull image %q: %v", container.Image, err) } @@ -1499,7 +1499,7 @@ func (dm *DockerManager) SyncPod(pod *api.Pod, runningPod kubecontainer.Pod, pod podInfraContainerID := containerChanges.InfraContainerId if containerChanges.StartInfraContainer && (len(containerChanges.ContainersToStart) > 0) { glog.V(4).Infof("Creating pod infra container for %q", podFullName) - podInfraContainerID, err = dm.createPodInfraContainer(pod, pullSecrets) + podInfraContainerID, err = dm.createPodInfraContainer(pod) // Call the networking plugin if err == nil { diff --git a/pkg/registry/pod/rest.go b/pkg/registry/pod/rest.go index b7bc416aefd..ff54ff0d0b4 100644 --- a/pkg/registry/pod/rest.go +++ b/pkg/registry/pod/rest.go @@ -55,9 +55,6 @@ func (podStrategy) PrepareForCreate(obj runtime.Object) { pod.Status = api.PodStatus{ Phase: api.PodPending, } - for i := range pod.Spec.ImagePullSecrets { - pod.Spec.ImagePullSecrets[i] = api.ObjectReference{Name: pod.Spec.ImagePullSecrets[i].Name} - } } // PrepareForUpdate clears fields that are not allowed to be set by end users on update. @@ -65,10 +62,6 @@ func (podStrategy) PrepareForUpdate(obj, old runtime.Object) { newPod := obj.(*api.Pod) oldPod := old.(*api.Pod) newPod.Status = oldPod.Status - - for i := range newPod.Spec.ImagePullSecrets { - newPod.Spec.ImagePullSecrets[i] = api.ObjectReference{Name: newPod.Spec.ImagePullSecrets[i].Name} - } } // Validate validates a new pod.