Documentation
¶
Index ¶
Constants ¶
View Source
const ( LabelKubernetesComponent = "app.kubernetes.io/component" LabelKubernetesInstance = "app.kubernetes.io/instance" LabelKubernetesName = "app.kubernetes.io/name" LabelKubernetesManagedBy = "app.kubernetes.io/managed-by" LabelKubernetesRoleGroup = "app.kubernetes.io/role-group" LabelKubernetesVersion = "app.kubernetes.io/version" )
k8s recommended labels for app https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/ https://kubernetes.io/docs/reference/labels-annotations-taints/
View Source
const ( KubedoopRoot = "/kubedoop/" KubedoopKerberosDir = KubedoopRoot + "kerberos/" KubedoopTlsDir = KubedoopRoot + "tls/" KubedoopListenerDir = KubedoopRoot + "listener/" KubedoopSecretDir = KubedoopRoot + "secret/" KubedoopDataDir = KubedoopRoot + "data/" KubedoopConfigDir = KubedoopRoot + "config/" KubedoopLogDir = KubedoopRoot + "log/" KubedoopConfigDirMount = KubedoopRoot + "mount/config/" KubedoopLogDirMount = KubedoopRoot + "mount/log/" )
View Source
const ( ListenerAPIGroup string = "listeners." + KubedoopDomain ListenerStorageClass string = ListenerAPIGroup )
View Source
const ( // Specify which network listening rules to use, it is REQUIRED. // It can be one of the following values: // - cluster-internal // - external-unstable // - external-stable // - <other user defined class name> AnnotationListenersClass string = listenerAPIGroupPrefix + "class" // The listener name is used to identify the listener, it is OPTIONAL. // If not set, the listener name will be the same as the pod name. AnnotationListenerName string = listenerAPIGroupPrefix + "listenerName" )
Kubeddoop defined annotations for PVCTemplate. Then csi driver can extract annotations from PVC to prepare the listener for pod.
View Source
const ( SecretAPIGroup string = "secrets." + KubedoopDomain SecretStorageClass string = SecretAPIGroup )
View Source
const ( LabelSecretsNode string = secretAPIGroupPrefix + "node" LabelSecretsPod string = secretAPIGroupPrefix + "pod" LabelSecretsService string = secretAPIGroupPrefix + "service" )
Labels for k8s search secret k8s search secret obj by filter one or more labels
View Source
const ( AnnotationSecretsClass string = secretAPIGroupPrefix + "class" // Scope is the scope of the secret. // It can be one of the following values: // - pod // - node // - service // - listener-volume // // Example: // - "secrets.zncdata.dev/scope": "pod" // - "secrets.zncdata.dev/scope": "node" // - "secrets.zncdata.dev/scope": "service=foo" // - "secrets.zncdata.dev/scope": "listener-volume=foo" // - "secrets.zncdata.dev/scope": "pod,service=foo,bar,listner-volume=xyz" AnnotationSecretsScope string = secretAPIGroupPrefix + "scope" // Format is mounted format of the secret. // It can be one of the following values: // - tls-pem A PEM-encoded TLS certificate, include "tls.crt", "tls.key", "ca.crt". // - tls-p12 A PKCS#12 archive, include "keystore.p12", "truststore.p12". // - kerberos A Kerberos keytab, include "keytab", "krb5.conf". AnnotationSecretsFormat string = secretAPIGroupPrefix + "format" // PKCS12 format password, it will be used truststore and keystore password. AnnotationSecretsPKCS12Password string = secretAPIGroupPrefix + "tlsPKCS12Password" // golang time.Duration string, it will be used to create certificate expiration time. AnnotationSecretCertLifeTime string = secretAPIGroupPrefix + "autoTlsCertLifetime" AnnotationSecretsCertJitterFactor string = secretAPIGroupPrefix + "autoTlsCertJitterFactor" // Annotation for expiration time of the secret for pod. // When the secret is created, the expiration time is set to the current time plus the lifetime. // Then we can clean up the secret after expiration time AnnonationSecretExpirationTimeName string = secretAPIGroupPrefix + "expirationTime" // KerberosServiceNames is the list of Kerberos service names. // It is a comma separated list of Kerberos realms. // // If this filed value is "HTTP,NN,DN", and scope is specified a service name: "service=<k8s-service>". // It is used to create kerberos realm. // - HTTP -> HTTP/<k8s-service>.<k8s-namespace>.cluster.local@REALM // - NN -> nn/<k8s-service>.<k8s-namespace>.cluster.local@REALM // - DN -> dn/<k8s-service>.<k8s-namespace>.cluster.local@REALM // // If this field value is "NN", and scope is "pod" // It is used to create kerberos realm: // - nn/<pod-name>.<pod-subdomain>.<k8s-namespace>.cluster.local@REALM # https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pods // // If this field value is "DN", and scope is "node" // It is used to create kerberos realm: // - dn/<node-name>.<k8s-namespace>.cluster.local@REALM // // If this field value is "HTTP", and scope is "listener-volume=foo" // It is used to create kerberos realm: // - HTTP/<the-service-of-listener-foo>.<k8s-namespace>.cluster.local@REALM AnnotationSecretsKerberosServiceNames string = secretAPIGroupPrefix + "kerberosServiceNames" )
Kubedoop defined annotations for PVCTemplate. Then csi driver can extract annotations from PVC to prepare the secret for pod.
View Source
const ( CommonDelimiter string = "," ListenerVolumeDelimiter string = CommonDelimiter KerberosServiceNamesDelimiter string = CommonDelimiter )
View Source
const (
KubedoopDomain = "zncdata.dev"
)
Variables ¶
This section is empty.
Functions ¶
func ListenerStorageClassPtr ¶
func ListenerStorageClassPtr() *string
func MatchingLabelsNames ¶
func MatchingLabelsNames() []string
func SecretStorageClassPtr ¶
func SecretStorageClassPtr() *string
Types ¶
type SecretFormat ¶
type SecretFormat string
const ( TLSPEM SecretFormat = "tls-pem" TLSP12 SecretFormat = "tls-p12" Kerberos SecretFormat = "kerberos" )
type SecretScope ¶
type SecretScope string
const ( PodScope SecretScope = "pod" NodeScope SecretScope = "node" ServiceScope SecretScope = "service" ListenerVolumeScope SecretScope = "listener-volume" )
Source Files
Click to show internal directories.
Click to hide internal directories.