ihcsim

// Plugin is an implementation of admission.Interface.
type Policy = v1.ValidatingAdmissionPolicy
type PolicyBinding = v1.ValidatingAdmissionPolicyBinding
type PolicyEvaluator = Validator
type PolicyHook = generic.PolicyHook[*Policy, *PolicyBinding, PolicyEvaluator]

ihcsim

// Validate makes an admission decision based on the request attributes.
func (a *Plugin) Validate(ctx context.Context, attr admission.Attributes, o admission.ObjectInterfaces) error {
    return a.Plugin.Dispatch(ctx, attr, o)
}

ihcsim

func Register(plugins *admission.Plugins) {
    plugins.Register(PluginName, func(configFile io.Reader) (admission.Interface, error) {
        return NewPlugin(configFile), nil
    })
}

ihcsim

// Check preforms the type check against the given policy, and format the result
// as []ExpressionWarning that is ready to be set in policy.Status
// The result is nil if type checking returns no warning.
// The policy object is NOT mutated. The caller should update Status accordingly
func (c *TypeChecker) Check(policy *v1.ValidatingAdmissionPolicy) []v1.ExpressionWarning {
    // ...
    for i, v := range policy.Spec.Validations {
        results := c.CheckExpression(ctx, v.Expression)
        if len(results) != 0 {
            warnings = append(warnings, v1.ExpressionWarning{

ihcsim

func (c *Controller) reconcile(ctx context.Context, policy *v1.ValidatingAdmissionPolicy) error {
    if policy == nil {
        return nil
    }
    if policy.Generation <= policy.Status.ObservedGeneration {
        return nil
    }
    warnings := c.typeChecker.Check(policy)
    // ...
}

ihcsim

func startValidatingAdmissionPolicyStatusController(ctx context.Context, controllerContext ControllerContext, controllerName string) (controller.Interface, bool, error) {
    // ...
    c, err := validatingadmissionpolicystatus.NewController(
        controllerContext.InformerFactory.Admissionregistration().V1().ValidatingAdmissionPolicies(),
        controllerContext.ClientBuilder.ClientOrDie(names.ValidatingAdmissionPolicyStatusController).AdmissionregistrationV1().ValidatingAdmissionPolicies(),
        typeChecker,
    )

    go c.Run(ctx, int(controllerContext.ComponentConfig.ValidatingAdmissionPolicyStatusController.ConcurrentPolicySyncs))
    return nil, true, err

ihcsim

// Run runs the KubeControllerManagerOptions.
func Run(ctx context.Context, c *config.CompletedConfig) error {
    // ...
    run := func(ctx context.Context, controllerDescriptors map[string]*ControllerDescriptor) {
        // ...
        if err := StartControllers(ctx, controllerContext, controllerDescriptors, unsecuredMux, healthzHandler); err != nil {
            logger.Error(err, "Error starting controllers")
            klog.FlushAndExit(klog.ExitFlushTimeout, 1)
        }
        // ...

ihcsim

// NewControllerDescriptors is a public map of named controller groups (you can start more than one in an init func)
// paired to their ControllerDescriptor wrapper object that includes InitFunc.
// This allows for structured downstream composition and subdivision.
func NewControllerDescriptors() map[string]*ControllerDescriptor {
    // ...
    register(newValidatingAdmissionPolicyStatusControllerDescriptor())
}

ihcsim

Update libvirt's built-in dnsmasqd with static DHCP MAC/IP address binding

List the available network:

virsh net-list
 Name      State    Autostart   Persistent
--------------------------------------------
 default   active   yes         yes

ihcsim

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: nginx-data
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 5Gi