scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-11-02 19:28:16 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
dfba334a33de8da0e36dd31c1995cfd614f38d25
kubernetes/pkg/controller/volume/selinuxwarning/cache/conflict.go
Jan Safranek 8791efc732 Update property name in metrics 
selinux_volume_conflict should not have space in its label value - it's
harder to query for that value. Use SELinuxLabel as both human friendly (in
an event) and label value.
2024-11-06 11:16:06 +01:00

53 lines
2.1 KiB
Go
Raw Blame History

/*
Copyright 2024 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package cache
import (
"fmt"
"k8s.io/client-go/tools/cache"
)
// A single conflict between two Pods using the same volume with different SELinux labels or policies.
// Event should be sent to both of them.
type Conflict struct {
// Human-readable name of the conflicting property + value of "property" label of selinux_volume_conflict metric.
PropertyName string
// Reason for the event, to be set as the Event.Reason field.
EventReason string
// Pod to generate the event on
Pod cache.ObjectName
PropertyValue string
// only for logging / messaging
OtherPod cache.ObjectName
OtherPropertyValue string
}
// Generate a message about this conflict.
func (c *Conflict) EventMessage() string {
// Quote the values for better readability.
value := "\"" + c.PropertyValue + "\""
otherValue := "\"" + c.OtherPropertyValue + "\""
if c.Pod.Namespace == c.OtherPod.Namespace {
// In the same namespace, be very specific about the pod names.
return fmt.Sprint(c.PropertyName, " ", value, " conflicts with pod ", c.OtherPod.Name, " that uses the same volume as this pod with ", c.PropertyName, " ", otherValue, ". If both pods land on the same node, only one of them may access the volume.")
}
// Pods are in different namespaces, do not reveal the other namespace or pod name.
return fmt.Sprint(c.PropertyName, value, " conflicts with another pod that uses the same volume as this pod with a different ", c.PropertyName, ". If both pods land on the same node, only one of them may access the volume.")
}
Reference in New Issue View Git Blame Copy Permalink