Documentation
¶
Index ¶
Constants ¶
const ( PkgControllerRuntimeClient = "sigs.k8s.io/controller-runtime/pkg/client" PkgControllerRuntimeReconcile = "sigs.k8s.io/controller-runtime/pkg/reconcile" PkgClientGoDynamic = "k8s.io/client-go/dynamic" PkgClientGoKubernetes = "k8s.io/client-go/kubernetes" PkgClientGoRest = "k8s.io/client-go/rest" PkgMetaV1 = "k8s.io/apimachinery/pkg/apis/meta/v1" PkgClientGoDiscovery = "k8s.io/client-go/discovery" PkgClientGoRestMapper = "k8s.io/client-go/restmapper" )
Common Kubernetes package paths
Variables ¶
var AnalyzerClientReuse = &analysis.Analyzer{ Name: "clientreuse", Doc: "flags client construction inside loops or hot paths; clients should be reused", Run: runClientReuse, Requires: []*analysis.Analyzer{insppass.Analyzer}, }
AnalyzerClientReuse flags creating Kubernetes clients in hot paths or inside loops.
var AnalyzerDiscoveryFlood = &analysis.Analyzer{ Name: "discoveryflood", Doc: "flags repeated discovery or RESTMapper rebuilds", Run: runDiscoveryFlood, Requires: []*analysis.Analyzer{insppass.Analyzer}, }
AnalyzerDiscoveryFlood flags repeated discovery client creations or RESTMapper resets in loops, which can flood the API server.
var AnalyzerDynamicOveruse = &analysis.Analyzer{ Name: "dynamicoveruse", Doc: "flags overuse of dynamic/unstructured when typed clients exist", Run: runDynamicOveruse, Requires: []*analysis.Analyzer{insppass.Analyzer}, }
AnalyzerDynamicOveruse flags creation of dynamic/unstructured clients when typed clients appear to be available in the same package (heuristic).
var AnalyzerExcessiveClusterScope = &analysis.Analyzer{ Name: "excessiveclusterscope", Doc: "flags cluster-scoped RBAC where namespace scope may suffice", Run: runExcessiveClusterScope, Requires: []*analysis.Analyzer{insppass.Analyzer}, }
AnalyzerExcessiveClusterScope flags ClusterRole/ClusterRoleBinding composite literals when Role/RoleBinding would suffice (heuristic).
var AnalyzerExcessiveConfig = &analysis.Analyzer{ Name: "excessiveconfig", Doc: "flags repeated rest.Config or client creation in loops or hot paths", Run: runExcessiveConfig, Requires: []*analysis.Analyzer{insppass.Analyzer}, }
AnalyzerExcessiveConfig flags repeated creation of rest.Config/clients in hot paths.
var AnalyzerIgnoring429 = &analysis.Analyzer{ Name: "ignoring429", Doc: "flags handling of 429 without backoff", Run: runIgnoring429, Requires: []*analysis.Analyzer{insppass.Analyzer}, }
AnalyzerIgnoring429 flags code that checks for HTTP 429 or throttling but does not back off (e.g., immediately retries with no sleep/backoff).
var AnalyzerLargePageSizes = &analysis.Analyzer{ Name: "largepages", Doc: "flags excessively large page sizes in list calls", Run: runLargePages, Requires: []*analysis.Analyzer{insppass.Analyzer}, }
AnalyzerLargePageSizes flags ListOptions with very large Limit values.
var AnalyzerLeakyWatch = &analysis.Analyzer{ Name: "leakywatch", Doc: "flags potential leaky watch channels without stop", Run: runLeakyWatch, Requires: []*analysis.Analyzer{insppass.Analyzer}, }
AnalyzerLeakyWatch flags Watch calls whose ResultChan is obtained but not stopped/drained. Heuristic: if a call to Stop/Cancel is not found.
var AnalyzerListInLoop = &analysis.Analyzer{ Name: "listinloop", Doc: "flags List/Watch calls inside loops (prefer informers/cache)", Run: runListInLoop, Requires: []*analysis.Analyzer{insppass.Analyzer}, }
AnalyzerListInLoop flags List/Watch calls inside loops.
var AnalyzerManualPolling = &analysis.Analyzer{ Name: "manualpolling", Doc: "flags manual polling loops using List with sleep/ticker", Run: runManualPolling, Requires: []*analysis.Analyzer{insppass.Analyzer}, }
AnalyzerManualPolling flags loops that poll with List + sleep/ticker instead of using watches/informers.
var AnalyzerMissingContext = &analysis.Analyzer{ Name: "missingcontext", Doc: "flags client calls using context.Background/TODO instead of propagated context", Run: runMissingContext, Requires: []*analysis.Analyzer{insppass.Analyzer}, }
AnalyzerMissingContext flags client calls that pass context.Background/TODO instead of a propagated context.
var AnalyzerMissingInformer = &analysis.Analyzer{ Name: "missinginformer", Doc: "flags direct Watch calls when no SharedInformer is used", Run: runMissingInformer, Requires: []*analysis.Analyzer{insppass.Analyzer}, }
AnalyzerMissingInformer flags direct client-go Watch calls in packages that do not appear to use shared informers/caches. Prefer shared informers to reduce API server load and improve efficiency.
var AnalyzerNoResync = &analysis.Analyzer{ Name: "noresync", Doc: "flags informer creation with zero resync period", Run: runNoResync, Requires: []*analysis.Analyzer{insppass.Analyzer}, }
AnalyzerNoResync flags informer creations with resync period set to 0 where a positive resync might be desirable. Heuristic only.
var AnalyzerNoRetryTransient = &analysis.Analyzer{ Name: "noretrytransient", Doc: "flags transient errors handled without retry", Run: runNoRetryTransient, Requires: []*analysis.Analyzer{insppass.Analyzer}, }
AnalyzerNoRetryTransient flags error handling that detects transient network issues but returns immediately without any retry/backoff.
var AnalyzerNoSelectors = &analysis.Analyzer{
Name: "noselectors",
Doc: "flags List calls without label/field selectors",
Run: runNoSelectors,
}
AnalyzerNoSelectors flags List calls without label/field selectors or options.
var AnalyzerQPSBurst = &analysis.Analyzer{ Name: "qpsburst", Doc: "flags rest.Config QPS/Burst zero or extreme values", Run: runQPSBurst, Requires: []*analysis.Analyzer{insppass.Analyzer}, }
AnalyzerQPSBurst flags rest.Config.QPS/Burst that are zero/unlimited or extreme.
var AnalyzerRESTMapperNotCached = &analysis.Analyzer{ Name: "restmapper_not_cached", Doc: "flags RESTMapper without caching", Run: runRESTMapperNotCached, Requires: []*analysis.Analyzer{insppass.Analyzer}, }
AnalyzerRESTMapperNotCached flags use of discovery-based RESTMapper without caching wrapper. Heuristic: direct NewDiscoveryRESTMapper or NewDeferredDiscoveryRESTMapper without surrounding NewShortcutExpander or cached wrapper elsewhere in package.
var AnalyzerRequeueBackoff = &analysis.Analyzer{ Name: "requeuebackoff", Doc: "flags requeue without backoff in Reconcile", Run: runRequeueBackoff, Requires: []*analysis.Analyzer{insppass.Analyzer}, }
AnalyzerRequeueBackoff flags controller-runtime Reconcile paths that requeue immediately without a backoff (e.g., returning requeue=true without RequeueAfter).
var AnalyzerRestConfigDefaults = &analysis.Analyzer{ Name: "restconfigdefaults", Doc: "flags rest.Config initialization without timeouts or UserAgent", Run: runRestConfigDefaults, Requires: []*analysis.Analyzer{inspect.Analyzer}, }
AnalyzerRestConfigDefaults flags rest.Config creations missing timeouts or user-agent.
var AnalyzerTightErrorLoops = &analysis.Analyzer{ Name: "tighterrorloops", Doc: "flags tight loops retrying on errors around Kubernetes API calls without backoff", Run: runTightErrorLoops, Requires: []*analysis.Analyzer{insppass.Analyzer}, }
AnalyzerTightErrorLoops flags tight retry loops on errors that call the Kubernetes API without any backoff/sleep.
var AnalyzerUnboundedQueue = &analysis.Analyzer{ Name: "unboundedqueue", Doc: "flags unbounded workqueue usage without rate limiting", Run: runUnboundedQueue, Requires: []*analysis.Analyzer{insppass.Analyzer}, }
AnalyzerUnboundedQueue flags usage of workqueue without rate limiting or without max-depth guards.
var AnalyzerUnstructuredEverywhere = &analysis.Analyzer{ Name: "unstructuredeverywhere", Doc: "flags pervasive use of unstructured objects instead of typed", Run: runUnstructuredEverywhere, Requires: []*analysis.Analyzer{insppass.Analyzer}, }
AnalyzerUnstructuredEverywhere flags heavy use of unstructured.Unstructured in functions that could use typed objects. Heuristic: many composite literals or declarations of Unstructured within a file.
var AnalyzerWideNamespace = &analysis.Analyzer{ Name: "widenamespace", Doc: "flags cluster-wide scans when namespace-scoped suffices", Run: runWideNamespace, Requires: []*analysis.Analyzer{insppass.Analyzer}, }
AnalyzerWideNamespace flags all-namespaces listing heuristics like InNamespace("") or typed Pods("").List.
var AnalyzerWildcardVerbs = &analysis.Analyzer{ Name: "wildcardverbs", Doc: "flags wildcard verbs in RBAC rules", Run: runWildcardVerbs, Requires: []*analysis.Analyzer{insppass.Analyzer}, }
AnalyzerWildcardVerbs flags RBAC policy rules with verbs ["*"]
Functions ¶
This section is empty.
Types ¶
This section is empty.
Source Files
¶
- clientreuse.go
- discovery_flood.go
- dynamic_overuse.go
- excessiveconfig.go
- helpers.go
- ignoring429.go
- largepages.go
- leakywatch.go
- listinloop.go
- manualpolling.go
- missingcontext.go
- missinginformer.go
- no_selectors.go
- noresync.go
- noretry_transient.go
- qpsburst.go
- rbac_scope.go
- requeuebackoff.go
- restconfig_defaults.go
- restmapper_cached.go
- tighterrorloops.go
- unboundedqueue.go
- unstructured_everywhere.go
- widenamespace.go
Directories