scheduler

package

v0.1.2-alpha Latest Latest Go to latest Published: May 24, 2026 License: AGPL-3.0 Imports: 20 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/aarani/hpcc

Links

Open Source Insights

Documentation ¶

Index ¶

func DefaultConfigPath() (string, error)
type Auth
type Config
- func DefaultConfig() Config
- func LoadConfig(path string) (Config, error)
- func (c *Config) ResolveSecrets(ctx context.Context) error
- func (c Config) Validate() error
type Routing
type Scheduler
- func NewDefaultScheduler() (*Scheduler, error)
- func NewScheduler(config Config) (*Scheduler, error)
type TLSConfig
type Tenant
type VMInfo
type WorkerState

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func DefaultConfigPath ¶

func DefaultConfigPath() (string, error)

DefaultConfigPath returns ~/.config/hpcc/config.toml on Unix and the platform equivalent elsewhere.

Types ¶

type Auth ¶

type Auth struct {
	WorkerToken string `toml:"worker_token"` // static token workers use to authenticate
}

type Config ¶

type Config struct {
	Listen        string    `toml:"listen"`
	MetricsListen string    `toml:"metrics_listen"` // optional: HTTP /metrics scrape addr (e.g. ":9191"). Empty disables.
	TLS           TLSConfig `toml:"tls"`
	Auth          Auth      `toml:"auth"`
	Tenants       []Tenant  `toml:"tenant"`
	Routing       Routing   `toml:"routing"`
	Paranoid      bool      `toml:"paranoid"`
}

func DefaultConfig ¶

func DefaultConfig() Config

func LoadConfig ¶

func LoadConfig(path string) (Config, error)

func (*Config) ResolveSecrets ¶

func (c *Config) ResolveSecrets(ctx context.Context) error

ResolveSecrets dereferences any URI-prefixed values in the config against the default secret.Resolver. Run after LoadConfig and before Validate so length checks see the resolved bytes, not the URI.

func (Config) Validate ¶

func (c Config) Validate() error

type Routing ¶

type Routing struct {
	StickyTenants bool `toml:"sticky_tenants"`
}

type Scheduler ¶

type Scheduler struct {
	gen.UnimplementedSchedulerServiceServer
	// contains filtered or unexported fields
}

func NewDefaultScheduler ¶

func NewDefaultScheduler() (*Scheduler, error)

func NewScheduler ¶

func NewScheduler(config Config) (*Scheduler, error)

func (*Scheduler) Authenticate ¶

func (s *Scheduler) Authenticate(ctx context.Context, in *gen.AuthRequest) (*gen.AuthResponse, error)

func (*Scheduler) GetTenantIdP ¶

func (s *Scheduler) GetTenantIdP(ctx context.Context, in *gen.GetTenantIdPRequest) (*gen.GetTenantIdPResponse, error)

GetTenantIdP returns the OAuth discovery info for a tenant so the client doesn't have to hardcode token_url/issuer/audience in its config. Unauthenticated by design — the client has only its tenant_id + scheduler URL at this point. Unknown tenant returns an error; the response contains no secrets (issuer/token_url are publicly observable in any issued JWT or OAuth flow).

func (*Scheduler) Heartbeat ¶

func (s *Scheduler) Heartbeat(ctx context.Context, in *gen.WorkerHeartbeat) (*gen.HeartbeatResponse, error)

func (*Scheduler) RegisterWorker ¶

func (s *Scheduler) RegisterWorker(ctx context.Context, in *gen.RegisterWorkerRequest) (*gen.RegisterWorkerResponse, error)

func (*Scheduler) RegisteredWorkers ¶

func (s *Scheduler) RegisteredWorkers() int

RegisteredWorkers returns the current count of workers in the registration table. Exposed for the metrics observable gauge; snapshot only — does not distinguish healthy from stale (the scheduler does not yet evict stale registrations).

func (*Scheduler) Route ¶

func (s *Scheduler) Route(ctx context.Context, in *gen.RouteRequest) (*gen.RouteResponse, error)

type TLSConfig ¶

type TLSConfig struct {
	CertFile string `toml:"cert_file"`
	KeyFile  string `toml:"key_file"`
	CertRef  string `toml:"cert_ref"`
	KeyRef   string `toml:"key_ref"`
}

TLSConfig points the gRPC server at a serving certificate. The cert and key may live on disk (CertFile/KeyFile) or in a secret store referenced by URI (CertRef/KeyRef). Exactly one form per material — see internal/secret for supported schemes.

type Tenant ¶

type Tenant struct {
	ID       string `toml:"id"`
	Issuer   string `toml:"issuer"`
	JWKSURL  string `toml:"jwks_url"`
	TokenURL string `toml:"token_url"` // returned by GetTenantIdP so clients don't hardcode it
	Audience string `toml:"audience"`
	// ClientID and Scope are served back via GetTenantIdP so clients
	// don't carry them either. Both optional — empty fields are
	// omitted from the OAuth password-grant POST.
	ClientID string `toml:"client_id"`
	Scope    string `toml:"scope"`
}

Tenant is one namespace boundary. A JWT carrying tenant_id = ID is validated against this entry's IdP (JWKSURL, Issuer, Audience). See docs/plan/multi-tenant.md for the threat model the per-tenant IdP closes.

type VMInfo ¶

type VMInfo struct {
	VMID        string
	TenantID    string
	ImageDigest string
	State       gen.VMState
}

type WorkerState ¶

type WorkerState struct {
	WorkerID        string
	PublicAddr      string
	ImageDigests    []string
	AvailableVCPUs  int32
	CurrentLoad     int32
	Runtime         gen.RuntimeType
	CertFingerprint []byte
	ActiveVMs       []VMInfo
	LastHeartbeat   time.Time
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL