Merge pull request #170 from wnxn/master

Add controller to create Ceph secret in master branch

Gopkg.lock

@@ -742,9 +742,12 @@
   version = "v7.0.0"
 
 [[projects]]
-  digest = "1:b31434f3171d920dc91e1a9204fb57f5fc89f3df2bfb3d42b60a113b0e4557e9"
+  digest = "1:1de91645e73441071e6df50478003c60881687cf9849ba0585a61035a6d2a2af"
   name = "k8s.io/kubernetes"
-  packages = ["pkg/util/slice"]
+  packages = [
+    "pkg/apis/core",
+    "pkg/util/slice",
+  ]
   pruneopts = "UT"
   revision = "5ca598b4ba5abb89bb773071ce452e33fb66339d"
   version = "v1.10.4"
@@ -799,6 +802,7 @@
     "k8s.io/client-go/tools/cache",
     "k8s.io/client-go/tools/clientcmd",
     "k8s.io/client-go/tools/remotecommand",
+    "k8s.io/kubernetes/pkg/apis/core",
     "k8s.io/kubernetes/pkg/util/slice",
   ]
   solver-name = "gps-cdcl"

pkg/models/controllers/namespaces.go

@@ -34,6 +34,11 @@ import (
 
 	"k8s.io/client-go/informers"
 
+	"k8s.io/kubernetes/pkg/apis/core"
+
+	"strconv"
+	"strings"
+
 	"kubesphere.io/kubesphere/pkg/client"
 	"kubesphere.io/kubesphere/pkg/constants"
 	"kubesphere.io/kubesphere/pkg/options"
@@ -226,6 +231,76 @@ func (ctl *NamespaceCtl) createRoleAndRuntime(item v1.Namespace) {
 	}
 }
 
+func (ctl *NamespaceCtl) createCephSecretAfterNewNs(item v1.Namespace) {
+	// Kubernetes version must <= 1.10
+	openInfo, err := ctl.K8sClient.OpenAPISchema()
+	if err != nil {
+		glog.Error("consult openAPI error: ", err)
+		return
+	}
+	if openInfo == nil {
+		glog.Error("cannot find openAPI info")
+		return
+	}
+	ver := strings.Split(openInfo.GetInfo().GetVersion(), ".")
+	midVer, _ := strconv.Atoi(ver[1])
+	if !(ver[0] == "v1" && midVer < 11) {
+		glog.Infof("disable Ceph secret controller due to Kubernetes version %s mismatch",
+			openInfo.GetInfo().GetVersion())
+		return
+	}
+
+	// Create Ceph secret in the new namespace
+	newNsName := item.Name
+	scList, _ := ctl.K8sClient.StorageV1().StorageClasses().List(metaV1.ListOptions{})
+	if scList == nil {
+		return
+	}
+	for _, sc := range scList.Items {
+		if sc.Provisioner == rbdPluginName {
+			glog.Infof("would create Ceph user secret in storage class %s at namespace %s", sc.GetName(), newNsName)
+			if secretName, ok := sc.Parameters[rbdUserSecretNameKey]; ok {
+				secret, err := ctl.K8sClient.CoreV1().Secrets(core.NamespaceSystem).Get(secretName, metaV1.GetOptions{})
+				if err != nil {
+					if errors.IsNotFound(err) {
+						glog.Errorf("cannot find secret in namespace %s, error: %s", core.NamespaceSystem, err.Error())
+						continue
+					}
+					glog.Errorf("failed to find secret in namespace %s, error: %s", core.NamespaceSystem, err.Error())
+					continue
+				}
+				glog.Infof("succeed to find secret %s in namespace %s", secret.GetName(), secret.GetNamespace())
+
+				newSecret := &v1.Secret{
+					TypeMeta: metaV1.TypeMeta{
+						Kind:       secret.Kind,
+						APIVersion: secret.APIVersion,
+					},
+					ObjectMeta: metaV1.ObjectMeta{
+						Name:                       secret.GetName(),
+						Namespace:                  newNsName,
+						Labels:                     secret.GetLabels(),
+						Annotations:                secret.GetAnnotations(),
+						DeletionGracePeriodSeconds: secret.GetDeletionGracePeriodSeconds(),
+						ClusterName:                secret.GetClusterName(),
+					},
+					Data:       secret.Data,
+					StringData: secret.StringData,
+					Type:       secret.Type,
+				}
+				glog.Infof("creating secret %s in namespace %s...", newSecret.GetName(), newSecret.GetNamespace())
+				_, err = ctl.K8sClient.CoreV1().Secrets(newSecret.GetNamespace()).Create(newSecret)
+				if err != nil {
+					glog.Errorf("failed to create secret in namespace %s, error: %v", newSecret.GetNamespace(), err)
+					continue
+				}
+			} else {
+				glog.Errorf("failed to find user secret name in storage class %s", sc.GetName())
+			}
+		}
+	}
+}
+
 func (ctl *NamespaceCtl) generateObject(item v1.Namespace) *Namespace {
 	var displayName string
 
@@ -305,6 +380,7 @@ func (ctl *NamespaceCtl) initListerAndInformer() {
 			mysqlObject := ctl.generateObject(*object)
 			db.Create(mysqlObject)
 			ctl.createRoleAndRuntime(*object)
+			ctl.createCephSecretAfterNewNs(*object)
 		},
 		UpdateFunc: func(old, new interface{}) {
 			object := new.(*v1.Namespace)

pkg/models/controllers/storageclasses.go

@@ -20,12 +20,23 @@ import (
 	"fmt"
 	"time"
 
-	"github.com/golang/glog"
+	"strconv"
-	"k8s.io/api/storage/v1"
+	"strings"
 
+	"github.com/golang/glog"
+	coreV1 "k8s.io/api/core/v1"
+	"k8s.io/api/storage/v1"
+	"k8s.io/apimachinery/pkg/api/errors"
+	metaV1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/labels"
 	"k8s.io/client-go/informers"
 	"k8s.io/client-go/tools/cache"
+	"k8s.io/kubernetes/pkg/apis/core"
+)
+
+const (
+	rbdPluginName        = "kubernetes.io/rbd"
+	rbdUserSecretNameKey = "userSecretName"
 )
 
 func (ctl *StorageClassCtl) generateObject(item v1.StorageClass) *StorageClass {
@@ -95,6 +106,102 @@ func (ctl *StorageClassCtl) total() int {
 	return len(list)
 }
 
+func (ctl *StorageClassCtl) createCephSecretAfterNewSc(item v1.StorageClass) {
+	// Kubernetes version must <= 1.10
+	openInfo, err := ctl.K8sClient.OpenAPISchema()
+	if err != nil {
+		glog.Error("consult openAPI error: ", err)
+		return
+	}
+	if openInfo == nil {
+		glog.Error("cannot find openAPI info")
+		return
+	}
+	ver := strings.Split(openInfo.GetInfo().GetVersion(), ".")
+	midVer, _ := strconv.Atoi(ver[1])
+	if !(ver[0] == "v1" && midVer < 11) {
+		glog.Infof("disable Ceph secret controller due to Kubernetes version %s mismatch",
+			openInfo.GetInfo().GetVersion())
+		return
+	}
+
+	// Find Ceph secret in the new storage class
+	if item.Provisioner != rbdPluginName {
+		return
+	}
+	var secret *coreV1.Secret
+	if secretName, ok := item.Parameters[rbdUserSecretNameKey]; ok {
+		secret, err = ctl.K8sClient.CoreV1().Secrets(core.NamespaceSystem).Get(secretName, metaV1.GetOptions{})
+		if err != nil {
+			if errors.IsNotFound(err) {
+				glog.Errorf("cannot find secret %s in namespace %s", secretName, core.NamespaceSystem)
+				return
+			}
+			glog.Error("failed to find secret, error: ", err)
+			return
+		}
+		glog.Infof("succeed to find secret %s in namespace %s", secret.GetName(), secret.GetNamespace())
+	} else {
+		glog.Errorf("failed to find user secret name in storage class %s", item.GetName())
+		return
+	}
+
+	// Create or update Ceph secret in each namespace
+	nsList, err := ctl.K8sClient.CoreV1().Namespaces().List(metaV1.ListOptions{})
+	if err != nil {
+		glog.Error("failed to list namespace, error: ", err)
+		return
+	}
+	for _, ns := range nsList.Items {
+		if ns.GetName() == core.NamespaceSystem {
+			glog.Infof("skip creating Ceph secret in namespace %s", core.NamespaceSystem)
+			continue
+		}
+		newSecret := &coreV1.Secret{
+			TypeMeta: metaV1.TypeMeta{
+				Kind:       secret.Kind,
+				APIVersion: secret.APIVersion,
+			},
+			ObjectMeta: metaV1.ObjectMeta{
+				Name:                       secret.GetName(),
+				Namespace:                  ns.GetName(),
+				Labels:                     secret.GetLabels(),
+				Annotations:                secret.GetAnnotations(),
+				DeletionGracePeriodSeconds: secret.GetDeletionGracePeriodSeconds(),
+				ClusterName:                secret.GetClusterName(),
+			},
+			Data:       secret.Data,
+			StringData: secret.StringData,
+			Type:       secret.Type,
+		}
+
+		_, err := ctl.K8sClient.CoreV1().Secrets(newSecret.GetNamespace()).Get(newSecret.GetName(), metaV1.GetOptions{})
+		if err != nil {
+			if errors.IsNotFound(err) {
+				// Create secret
+				_, err := ctl.K8sClient.CoreV1().Secrets(newSecret.GetNamespace()).Create(newSecret)
+				if err != nil {
+					glog.Errorf("failed to create secret in namespace %s, error: %v", newSecret.GetNamespace(), err)
+				} else {
+					glog.Infof("succeed to create secret %s in namespace %s", newSecret.GetName(),
+						newSecret.GetNamespace())
+				}
+			} else {
+				glog.Errorf("failed to find secret in namespace %s, error: %v", newSecret.GetNamespace(), err)
+			}
+		} else {
+			// Update secret
+			_, err = ctl.K8sClient.CoreV1().Secrets(newSecret.GetNamespace()).Update(newSecret)
+			if err != nil {
+				glog.Errorf("failed to update secret in namespace %s, error: %v", newSecret.GetNamespace(), err)
+				continue
+			} else {
+				glog.Infof("succeed to update secret %s in namespace %s", newSecret.GetName(), newSecret.GetNamespace())
+			}
+		}
+	}
+}
+
 func (ctl *StorageClassCtl) initListerAndInformer() {
 	db := ctl.DB
 
@@ -108,6 +215,7 @@ func (ctl *StorageClassCtl) initListerAndInformer() {
 			object := obj.(*v1.StorageClass)
 			mysqlObject := ctl.generateObject(*object)
 			db.Create(mysqlObject)
+			ctl.createCephSecretAfterNewSc(*object)
 		},
 		UpdateFunc: func(old, new interface{}) {
 			object := new.(*v1.StorageClass)

vendor/k8s.io/kubernetes/pkg/apis/core/BUILD

@@ -0,0 +1,62 @@
+load("@io_bazel_rules_go//go:def.bzl", "go_library", "go_test")
+
+go_library(
+    name = "go_default_library",
+    srcs = [
+        "annotation_key_constants.go",
+        "doc.go",
+        "field_constants.go",
+        "json.go",
+        "objectreference.go",
+        "register.go",
+        "resource.go",
+        "taint.go",
+        "toleration.go",
+        "types.go",
+        "zz_generated.deepcopy.go",
+    ],
+    importpath = "k8s.io/kubernetes/pkg/apis/core",
+    visibility = ["//visibility:public"],
+    deps = [
+        "//vendor/k8s.io/apimachinery/pkg/api/resource:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/apis/meta/internalversion:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/apis/meta/v1:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/fields:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/labels:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/runtime:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/runtime/schema:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/types:go_default_library",
+        "//vendor/k8s.io/apimachinery/pkg/util/intstr:go_default_library",
+    ],
+)
+
+go_test(
+    name = "go_default_test",
+    srcs = [
+        "taint_test.go",
+        "toleration_test.go",
+    ],
+    embed = [":go_default_library"],
+)
+
+filegroup(
+    name = "package-srcs",
+    srcs = glob(["**"]),
+    tags = ["automanaged"],
+    visibility = ["//visibility:private"],
+)
+
+filegroup(
+    name = "all-srcs",
+    srcs = [
+        ":package-srcs",
+        "//pkg/apis/core/fuzzer:all-srcs",
+        "//pkg/apis/core/helper:all-srcs",
+        "//pkg/apis/core/install:all-srcs",
+        "//pkg/apis/core/pods:all-srcs",
+        "//pkg/apis/core/v1:all-srcs",
+        "//pkg/apis/core/validation:all-srcs",
+    ],
+    tags = ["automanaged"],
+    visibility = ["//visibility:public"],
+)

vendor/k8s.io/kubernetes/pkg/apis/core/OWNERS

@@ -0,0 +1,43 @@
+approvers:
+- erictune
+- lavalamp
+- smarterclayton
+- thockin
+- liggitt
+# - bgrant0607 # manual escalations only
+reviewers:
+- thockin
+- lavalamp
+- smarterclayton
+- wojtek-t
+- deads2k
+- yujuhong
+- brendandburns
+- derekwaynecarr
+- caesarxuchao
+- vishh
+- mikedanese
+- liggitt
+- nikhiljindal
+- gmarek
+- erictune
+- davidopp
+- pmorie
+- sttts
+- dchen1107
+- saad-ali
+- zmerlynn
+- luxas
+- janetkuo
+- justinsb
+- pwittrock
+- roberthbailey
+- ncdc
+- tallclair
+- yifan-gu
+- eparis
+- mwielgus
+- soltysh
+- piosz
+- jsafrane
+- jbeda

vendor/k8s.io/kubernetes/pkg/apis/core/annotation_key_constants.go

@@ -0,0 +1,92 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// This file should be consistent with pkg/api/v1/annotation_key_constants.go.
+
+package core
+
+const (
+	// ImagePolicyFailedOpenKey is added to pods created by failing open when the image policy
+	// webhook backend fails.
+	ImagePolicyFailedOpenKey string = "alpha.image-policy.k8s.io/failed-open"
+
+	// PodPresetOptOutAnnotationKey represents the annotation key for a pod to exempt itself from pod preset manipulation
+	PodPresetOptOutAnnotationKey string = "podpreset.admission.kubernetes.io/exclude"
+
+	// MirrorAnnotationKey represents the annotation key set by kubelets when creating mirror pods
+	MirrorPodAnnotationKey string = "kubernetes.io/config.mirror"
+
+	// TolerationsAnnotationKey represents the key of tolerations data (json serialized)
+	// in the Annotations of a Pod.
+	TolerationsAnnotationKey string = "scheduler.alpha.kubernetes.io/tolerations"
+
+	// TaintsAnnotationKey represents the key of taints data (json serialized)
+	// in the Annotations of a Node.
+	TaintsAnnotationKey string = "scheduler.alpha.kubernetes.io/taints"
+
+	// SeccompPodAnnotationKey represents the key of a seccomp profile applied
+	// to all containers of a pod.
+	SeccompPodAnnotationKey string = "seccomp.security.alpha.kubernetes.io/pod"
+
+	// SeccompContainerAnnotationKeyPrefix represents the key of a seccomp profile applied
+	// to one container of a pod.
+	SeccompContainerAnnotationKeyPrefix string = "container.seccomp.security.alpha.kubernetes.io/"
+
+	// PreferAvoidPodsAnnotationKey represents the key of preferAvoidPods data (json serialized)
+	// in the Annotations of a Node.
+	PreferAvoidPodsAnnotationKey string = "scheduler.alpha.kubernetes.io/preferAvoidPods"
+
+	// SysctlsPodAnnotationKey represents the key of sysctls which are set for the infrastructure
+	// container of a pod. The annotation value is a comma separated list of sysctl_name=value
+	// key-value pairs. Only a limited set of whitelisted and isolated sysctls is supported by
+	// the kubelet. Pods with other sysctls will fail to launch.
+	SysctlsPodAnnotationKey string = "security.alpha.kubernetes.io/sysctls"
+
+	// UnsafeSysctlsPodAnnotationKey represents the key of sysctls which are set for the infrastructure
+	// container of a pod. The annotation value is a comma separated list of sysctl_name=value
+	// key-value pairs. Unsafe sysctls must be explicitly enabled for a kubelet. They are properly
+	// namespaced to a pod or a container, but their isolation is usually unclear or weak. Their use
+	// is at-your-own-risk. Pods that attempt to set an unsafe sysctl that is not enabled for a kubelet
+	// will fail to launch.
+	UnsafeSysctlsPodAnnotationKey string = "security.alpha.kubernetes.io/unsafe-sysctls"
+
+	// ObjectTTLAnnotations represents a suggestion for kubelet for how long it can cache
+	// an object (e.g. secret, config map) before fetching it again from apiserver.
+	// This annotation can be attached to node.
+	ObjectTTLAnnotationKey string = "node.alpha.kubernetes.io/ttl"
+
+	// BootstrapCheckpointAnnotationKey represents a Resource (Pod) that should be checkpointed by
+	// the kubelet prior to running
+	BootstrapCheckpointAnnotationKey string = "node.kubernetes.io/bootstrap-checkpoint"
+
+	// annotation key prefix used to identify non-convertible json paths.
+	NonConvertibleAnnotationPrefix = "non-convertible.kubernetes.io"
+
+	kubectlPrefix = "kubectl.kubernetes.io/"
+
+	// LastAppliedConfigAnnotation is the annotation used to store the previous
+	// configuration of a resource for use in a three way diff by UpdateApplyAnnotation.
+	LastAppliedConfigAnnotation = kubectlPrefix + "last-applied-configuration"
+
+	// AnnotationLoadBalancerSourceRangesKey is the key of the annotation on a service to set allowed ingress ranges on their LoadBalancers
+	//
+	// It should be a comma-separated list of CIDRs, e.g. `0.0.0.0/0` to
+	// allow full access (the default) or `18.0.0.0/8,56.0.0.0/8` to allow
+	// access only from the CIDRs currently allocated to MIT & the USPS.
+	//
+	// Not all cloud providers support this annotation, though AWS & GCE do.
+	AnnotationLoadBalancerSourceRangesKey = "service.beta.kubernetes.io/load-balancer-source-ranges"
+)

vendor/k8s.io/kubernetes/pkg/apis/core/doc.go

@@ -0,0 +1,24 @@
+/*
+Copyright 2014 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// +k8s:deepcopy-gen=package
+
+// Package api contains the latest (or "internal") version of the
+// Kubernetes API objects. This is the API objects as represented in memory.
+// The contract presented to clients is located in the versioned packages,
+// which are sub-directories. The first one is "v1". Those packages
+// describe how a particular version is serialized to storage/network.
+package core // import "k8s.io/kubernetes/pkg/apis/core"

vendor/k8s.io/kubernetes/pkg/apis/core/field_constants.go

@@ -0,0 +1,38 @@
+/*
+Copyright 2016 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package core
+
+// Field path constants that are specific to the internal API
+// representation.
+const (
+	NodeUnschedulableField = "spec.unschedulable"
+	ObjectNameField        = "metadata.name"
+	PodHostField           = "spec.nodeName"
+	PodStatusField         = "status.phase"
+	SecretTypeField        = "type"
+
+	EventReasonField                  = "action"
+	EventSourceField                  = "reportingComponent"
+	EventTypeField                    = "type"
+	EventInvolvedKindField            = "involvedObject.kind"
+	EventInvolvedNamespaceField       = "involvedObject.namespace"
+	EventInvolvedNameField            = "involvedObject.name"
+	EventInvolvedUIDField             = "involvedObject.uid"
+	EventInvolvedAPIVersionField      = "involvedObject.apiVersion"
+	EventInvolvedResourceVersionField = "involvedObject.resourceVersion"
+	EventInvolvedFieldPathField       = "involvedObject.fieldPath"
+)

vendor/k8s.io/kubernetes/pkg/apis/core/json.go

@@ -0,0 +1,28 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package core
+
+import "encoding/json"
+
+// This file implements json marshaling/unmarshaling interfaces on objects that are currently marshaled into annotations
+// to prevent anyone from marshaling these internal structs.
+
+var _ = json.Marshaler(&AvoidPods{})
+var _ = json.Unmarshaler(&AvoidPods{})
+
+func (AvoidPods) MarshalJSON() ([]byte, error) { panic("do not marshal internal struct") }
+func (*AvoidPods) UnmarshalJSON([]byte) error  { panic("do not unmarshal to internal struct") }

vendor/k8s.io/kubernetes/pkg/apis/core/objectreference.go

@@ -0,0 +1,34 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+//TODO: consider making these methods functions, because we don't want helper
+//functions in the k8s.io/api repo.
+
+package core
+
+import (
+	"k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+func (obj *ObjectReference) SetGroupVersionKind(gvk schema.GroupVersionKind) {
+	obj.APIVersion, obj.Kind = gvk.ToAPIVersionAndKind()
+}
+
+func (obj *ObjectReference) GroupVersionKind() schema.GroupVersionKind {
+	return schema.FromAPIVersionAndKind(obj.APIVersion, obj.Kind)
+}
+
+func (obj *ObjectReference) GetObjectKind() schema.ObjectKind { return obj }

vendor/k8s.io/kubernetes/pkg/apis/core/register.go

@@ -0,0 +1,99 @@
+/*
+Copyright 2014 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package core
+
+import (
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/apimachinery/pkg/runtime"
+	"k8s.io/apimachinery/pkg/runtime/schema"
+)
+
+// GroupName is the group name use in this package
+const GroupName = ""
+
+// SchemeGroupVersion is group version used to register these objects
+var SchemeGroupVersion = schema.GroupVersion{Group: GroupName, Version: runtime.APIVersionInternal}
+
+// Kind takes an unqualified kind and returns a Group qualified GroupKind
+func Kind(kind string) schema.GroupKind {
+	return SchemeGroupVersion.WithKind(kind).GroupKind()
+}
+
+// Resource takes an unqualified resource and returns a Group qualified GroupResource
+func Resource(resource string) schema.GroupResource {
+	return SchemeGroupVersion.WithResource(resource).GroupResource()
+}
+
+var (
+	SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes)
+	AddToScheme   = SchemeBuilder.AddToScheme
+)
+
+func addKnownTypes(scheme *runtime.Scheme) error {
+	if err := scheme.AddIgnoredConversionType(&metav1.TypeMeta{}, &metav1.TypeMeta{}); err != nil {
+		return err
+	}
+	scheme.AddKnownTypes(SchemeGroupVersion,
+		&Pod{},
+		&PodList{},
+		&PodStatusResult{},
+		&PodTemplate{},
+		&PodTemplateList{},
+		&ReplicationControllerList{},
+		&ReplicationController{},
+		&ServiceList{},
+		&Service{},
+		&ServiceProxyOptions{},
+		&NodeList{},
+		&Node{},
+		&NodeConfigSource{},
+		&NodeProxyOptions{},
+		&Endpoints{},
+		&EndpointsList{},
+		&Binding{},
+		&Event{},
+		&EventList{},
+		&List{},
+		&LimitRange{},
+		&LimitRangeList{},
+		&ResourceQuota{},
+		&ResourceQuotaList{},
+		&Namespace{},
+		&NamespaceList{},
+		&ServiceAccount{},
+		&ServiceAccountList{},
+		&Secret{},
+		&SecretList{},
+		&PersistentVolume{},
+		&PersistentVolumeList{},
+		&PersistentVolumeClaim{},
+		&PersistentVolumeClaimList{},
+		&PodAttachOptions{},
+		&PodLogOptions{},
+		&PodExecOptions{},
+		&PodPortForwardOptions{},
+		&PodProxyOptions{},
+		&ComponentStatus{},
+		&ComponentStatusList{},
+		&SerializedReference{},
+		&RangeAllocation{},
+		&ConfigMap{},
+		&ConfigMapList{},
+	)
+
+	return nil
+}

vendor/k8s.io/kubernetes/pkg/apis/core/resource.go

@@ -0,0 +1,62 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package core
+
+import (
+	"k8s.io/apimachinery/pkg/api/resource"
+)
+
+func (self ResourceName) String() string {
+	return string(self)
+}
+
+// Returns the CPU limit if specified.
+func (self *ResourceList) Cpu() *resource.Quantity {
+	if val, ok := (*self)[ResourceCPU]; ok {
+		return &val
+	}
+	return &resource.Quantity{Format: resource.DecimalSI}
+}
+
+// Returns the Memory limit if specified.
+func (self *ResourceList) Memory() *resource.Quantity {
+	if val, ok := (*self)[ResourceMemory]; ok {
+		return &val
+	}
+	return &resource.Quantity{Format: resource.BinarySI}
+}
+
+func (self *ResourceList) Pods() *resource.Quantity {
+	if val, ok := (*self)[ResourcePods]; ok {
+		return &val
+	}
+	return &resource.Quantity{}
+}
+
+func (self *ResourceList) NvidiaGPU() *resource.Quantity {
+	if val, ok := (*self)[ResourceNvidiaGPU]; ok {
+		return &val
+	}
+	return &resource.Quantity{}
+}
+
+func (self *ResourceList) StorageEphemeral() *resource.Quantity {
+	if val, ok := (*self)[ResourceEphemeralStorage]; ok {
+		return &val
+	}
+	return &resource.Quantity{}
+}

vendor/k8s.io/kubernetes/pkg/apis/core/taint.go

@@ -0,0 +1,36 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+//TODO: consider making these methods functions, because we don't want helper
+//functions in the k8s.io/api repo.
+
+package core
+
+import "fmt"
+
+// MatchTaint checks if the taint matches taintToMatch. Taints are unique by key:effect,
+// if the two taints have same key:effect, regard as they match.
+func (t *Taint) MatchTaint(taintToMatch Taint) bool {
+	return t.Key == taintToMatch.Key && t.Effect == taintToMatch.Effect
+}
+
+// taint.ToString() converts taint struct to string in format key=value:effect or key:effect.
+func (t *Taint) ToString() string {
+	if len(t.Value) == 0 {
+		return fmt.Sprintf("%v:%v", t.Key, t.Effect)
+	}
+	return fmt.Sprintf("%v=%v:%v", t.Key, t.Value, t.Effect)
+}

vendor/k8s.io/kubernetes/pkg/apis/core/toleration.go

@@ -0,0 +1,30 @@
+/*
+Copyright 2017 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+//TODO: consider making these methods functions, because we don't want helper
+//functions in the k8s.io/api repo.
+
+package core
+
+// MatchToleration checks if the toleration matches tolerationToMatch. Tolerations are unique by <key,effect,operator,value>,
+// if the two tolerations have same <key,effect,operator,value> combination, regard as they match.
+// TODO: uniqueness check for tolerations in api validations.
+func (t *Toleration) MatchToleration(tolerationToMatch *Toleration) bool {
+	return t.Key == tolerationToMatch.Key &&
+		t.Effect == tolerationToMatch.Effect &&
+		t.Operator == tolerationToMatch.Operator &&
+		t.Value == tolerationToMatch.Value
+}