constants

package

v0.9.2 Latest Latest Go to latest Published: Sep 8, 2024 License: Apache-2.0 Imports: 0 Imported by: 8

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/zncdatadev/operator-go

Links

Open Source Insights

Documentation ¶

Constants ¶

View Source

const (
	LabelKubernetesComponent = "app.kubernetes.io/component"
	LabelKubernetesInstance  = "app.kubernetes.io/instance"
	LabelKubernetesName      = "app.kubernetes.io/name"
	LabelKubernetesManagedBy = "app.kubernetes.io/managed-by"
	LabelKubernetesRoleGroup = "app.kubernetes.io/role-group"
	LabelKubernetesVersion   = "app.kubernetes.io/version"
)

View Source

const (
	KubedoopRoot = "/kubedoop/"

	KubedoopKerberosDir    = KubedoopRoot + "kerberos/"
	KubedoopTlsDir         = KubedoopRoot + "tls/"
	KubedoopListenerDir    = KubedoopRoot + "listener/"
	KubedoopJmxDir         = KubedoopRoot + "jmx/"
	KubedoopSecretDir      = KubedoopRoot + "secret/"
	KubedoopDataDir        = KubedoopRoot + "data/"
	KubedoopConfigDir      = KubedoopRoot + "config/"
	KubedoopLogDir         = KubedoopRoot + "log/"
	KubedoopConfigDirMount = KubedoopRoot + "mount/config/"
	KubedoopLogDirMount    = KubedoopRoot + "mount/log/"
)

View Source

const (
	LabelEnrichmentEnable      = "enrichment." + KubedoopDomain + "/enable"
	LabelEnrichmentEnableValue = "true"
	LabelEnrichmentNodeAddress = "enrichment." + KubedoopDomain + "/node-address"
)

When a pod has the label `enrichment.zncdata.dev/enable=true`, the enrichment controller will set the node address to the pod annotation when the pod is created.

View Source

const (
	LabelRestarterEnable      = "restarter." + KubedoopDomain + "/enable"
	LabelRestarterEnableValue = "true"

	AnnotationSecretRestarterPrefix    = "secret.restarter." + KubedoopDomain + "/"
	AnnotationConfigmapRestarterPrefix = "configmap.restarter." + KubedoopDomain + "/"

	// eg:
	// 	- restarter.zncdata.dev/expires-at.<RFC3339>: <volume-id>
	// RFC3339: 2006-01-02T15:04:05Z07:00
	PrefixLabelRestarterExpiresAt = "restarter." + KubedoopDomain + "/expires-at."
)

Restarter policy has workload restart and pod expiration.

Workload restarter:

If a workload has the label `restarter.zncdata.dev/enable=true`,
 and a configmap or secret is updated when mounted as a volume in the pod,
 the restarter will update the annotations in the workload podTemplate.
 The workload controller will update all the pods of the workload.

Pod expiration:

When workload mount with secret-class of secret-operator, some secrets will be
 created and mount for the pod by the secret-operator. Eg: kerberos, tls, etc.
 Tls and kerberos secrets have expiration time, when the secrets is created,
 secret-operator will set the expiration time in the pod annotation.
 The restarter will check the expiration time in the pod annotation, if the expiration time is expired,
 the restarter will restart the pod.

View Source

const (
	ListenerAPIGroup     string = "listeners." + KubedoopDomain
	ListenerStorageClass string = ListenerAPIGroup
)

View Source

const (
	// Specify which network listening rules to use, it is REQUIRED.
	// It can be one of the following values:
	//	- cluster-internal
	//	- external-unstable
	//	- external-stable
	//	- <other user defined class name>
	AnnotationListenersClass string = listenerAPIGroupPrefix + "class"
	// The listener name is used to identify the listener, it is OPTIONAL.
	// If not set, the listener name will be the same as the pod name.
	AnnotationListenerName string = listenerAPIGroupPrefix + "listenerName"
)

Kubeddoop defined annotations for PVCTemplate. Then csi driver can extract annotations from PVC to prepare the listener for pod.

View Source

const (
	SecretAPIGroup     string = "secrets." + KubedoopDomain
	SecretStorageClass string = SecretAPIGroup
)

View Source

const (
	LabelSecretsNode    string = secretAPIGroupPrefix + "node"
	LabelSecretsPod     string = secretAPIGroupPrefix + "pod"
	LabelSecretsService string = secretAPIGroupPrefix + "service"
)

Labels for k8s search secret k8s search secret obj by filter one or more labels

View Source

const (
	AnnotationSecretsClass string = secretAPIGroupPrefix + "class"

	// Scope is the scope of the secret.
	// It can be one of the following values:
	//	- pod
	//	- node
	//	- service
	//	- listener-volume
	//
	// Example:
	//	- "secrets.zncdata.dev/scope": "pod"
	//	- "secrets.zncdata.dev/scope": "node"
	//	- "secrets.zncdata.dev/scope": "service=foo"
	//	- "secrets.zncdata.dev/scope": "listener-volume=foo"
	//	- "secrets.zncdata.dev/scope": "pod,service=foo,bar,listner-volume=xyz"
	AnnotationSecretsScope string = secretAPIGroupPrefix + "scope"

	// Format is mounted format of the secret.
	// It can be one of the following values:
	//	- tls-pem  A PEM-encoded TLS certificate, include "tls.crt", "tls.key", "ca.crt".
	//	- tls-p12 A PKCS#12 archive, include "keystore.p12", "truststore.p12".
	//	- kerberos A Kerberos keytab, include "keytab", "krb5.conf".
	AnnotationSecretsFormat string = secretAPIGroupPrefix + "format"

	// PKCS12 format password, it will be used truststore and keystore password.
	AnnotationSecretsPKCS12Password string = secretAPIGroupPrefix + "tlsPKCS12Password"
	// golang time.Duration string, it will be used to create certificate expiration time.
	AnnotationSecretCertLifeTime      string = secretAPIGroupPrefix + "autoTlsCertLifetime"
	AnnotationSecretsCertJitterFactor string = secretAPIGroupPrefix + "autoTlsCertJitterFactor"

	// Annotation for expiration time of the secret for pod.
	// When the secret is created, the expiration time is set to the current time plus the lifetime.
	// Then we can clean up the secret after expiration time
	AnnonationSecretExpirationTimeName string = secretAPIGroupPrefix + "expirationTime"

	// KerberosServiceNames is the list of Kerberos service names.
	// It is a comma separated list of Kerberos realms.
	//
	// If this filed value is "HTTP,NN,DN", and scope is specified a service name: "service=<k8s-service>".
	// It is used to create kerberos realm.
	// 	- HTTP -> HTTP/<k8s-service>.<k8s-namespace>.cluster.local@REALM
	// 	- NN -> nn/<k8s-service>.<k8s-namespace>.cluster.local@REALM
	// 	- DN -> dn/<k8s-service>.<k8s-namespace>.cluster.local@REALM
	//
	// If this field value is "NN", and scope is "pod"
	// It is used to create kerberos realm:
	// 	- nn/<pod-name>.<pod-subdomain>.<k8s-namespace>.cluster.local@REALM		# https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pods
	//
	// If this field value is "DN", and scope is "node"
	// It is used to create kerberos realm:
	// 	- dn/<node-name>.<k8s-namespace>.cluster.local@REALM
	//
	// If this field value is "HTTP", and scope is "listener-volume=foo"
	// It is used to create kerberos realm:
	// 	- HTTP/<the-service-of-listener-foo>.<k8s-namespace>.cluster.local@REALM
	AnnotationSecretsKerberosServiceNames string = secretAPIGroupPrefix + "kerberosServiceNames"
)

Kubedoop defined annotations for PVCTemplate. Then csi driver can extract annotations from PVC to prepare the secret for pod.

View Source

const (
	CommonDelimiter               string = ","
	ListenerVolumeDelimiter       string = CommonDelimiter
	KerberosServiceNamesDelimiter string = CommonDelimiter
)

View Source

const (
	KubedoopDomain = "zncdata.dev"
)

Variables ¶

This section is empty.

Functions ¶

func ListenerStorageClassPtr ¶

func ListenerStorageClassPtr() *string

func MatchingLabelsNames ¶

func MatchingLabelsNames() []string

func SecretStorageClassPtr ¶

func SecretStorageClassPtr() *string

Types ¶

type SecretFormat ¶

type SecretFormat string

const (
	TLSPEM   SecretFormat = "tls-pem"
	TLSP12   SecretFormat = "tls-p12"
	Kerberos SecretFormat = "kerberos"
)

type SecretScope ¶

type SecretScope string

const (
	PodScope            SecretScope = "pod"
	NodeScope           SecretScope = "node"
	ServiceScope        SecretScope = "service"
	ListenerVolumeScope SecretScope = "listener-volume"
)

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL