Documentation
¶
Index ¶
Constants ¶
View Source
const ( OperatorModeWatchers = OperatorMode(1 << iota) OperatorModeWebhooks OperatorModeBoth = OperatorModeWatchers | OperatorModeWebhooks )
View Source
const ( RateLimitModeDisabled = RateLimitMode("disabled") RateLimitModeBucket = RateLimitMode("bucket") )
Variables ¶
View Source
var ( DefaultEndpoint = "https://management.azure.com" DefaultAudience = "https://management.core.windows.net/" DefaultAADAuthorityHost = "https://login.microsoftonline.com/" DefaultMaxConcurrentReconciles = 1 )
Functions ¶
This section is empty.
Types ¶
type OperatorMode ¶
type OperatorMode int
OperatorMode determines whether we'll run watchers and/or webhooks.
func ParseOperatorMode ¶
func ParseOperatorMode(value string) (OperatorMode, error)
ParseOperatorMode converts a string value into the corresponding operator mode.
func (OperatorMode) IncludesWatchers ¶
func (m OperatorMode) IncludesWatchers() bool
IncludesWatchers returns whether an operator running in this mode should register reconcilers.
func (OperatorMode) IncludesWebhooks ¶
func (m OperatorMode) IncludesWebhooks() bool
IncludesWebhooks returns whether an operator running in this mode should register webhooks.
func (OperatorMode) String ¶
func (m OperatorMode) String() string
String converts the mode into a readable value.
type RateLimit ¶ added in v2.9.0
type RateLimit struct {
// Mode configures the internal rate-limiting mode.
// Valid values are [disabled, bucket]
// * disabled: No ASO-controlled rate-limiting occurs. ASO will attempt to communicate with Azure and
// kube-apiserver as much as needed based on load. It will back off based on throttling from
// either kube-apiserver or Azure, but will not artificially limit its throughput.
// * bucket: Uses a token-bucket algorithm to rate-limit reconciliations. Note that this limits how often
// the operator performs a reconciliation, but not every reconciliation triggers a call to kube-apiserver
// or Azure (though many do). Since this controls reconciles it can be used to coarsely control throughput
// and CPU usage of the operator, as well as the number of requests that the operator issues to Azure.
// Keep in mind that the Azure throttling limits (defined at
// https://learn.microsoft.com/en-us/azure/azure-resource-manager/management/request-limits-and-throttling)
// differentiate between request types. Since a given reconcile for a resource may result in polling (a GET) or
// modification (a PUT) it's not possible to entirely avoid Azure throttling by tuning these bucket limits.
// We don't recommend enabling this mode by default.
// If enabling this mode, we strongly recommend doing some experimentation to tune these values to something to
// works for your specific need.
Mode RateLimitMode
// QPS is the rate (per second) that the bucket is refilled. This value only has an effect if Mode is 'bucket'.
QPS float64
// BucketSize is the size of the bucket. This value only has an effect if Mode is 'bucket'.
BucketSize int
}
type RateLimitMode ¶ added in v2.9.0
type RateLimitMode string
func ParseRateLimitMode ¶ added in v2.9.0
func ParseRateLimitMode(s string) (RateLimitMode, error)
type Values ¶
type Values struct {
// SubscriptionID is the Azure subscription the operator will use
// for ARM communication.
SubscriptionID string
// TenantID is the Azure tenantID the operator will use
// for ARM communication.
TenantID string
// ClientID is the Azure clientID the operator will use
// for ARM communication.
ClientID string
// PodNamespace is the namespace the operator pods are running in.
PodNamespace string
// OperatorMode determines whether the operator should run
// watchers, webhooks or both.
OperatorMode OperatorMode
// TargetNamespaces lists the namespaces the operator will watch
// for Azure resources (if the mode includes running watchers). If
// it's empty the operator will watch all namespaces.
TargetNamespaces []string
// SyncPeriod is the frequency at which resources are re-reconciled with Azure
// when there have been no triggering changes in the Kubernetes resources. This sync
// exists to detect and correct changes that happened in Azure that Kubernetes is not
// aware about. BE VERY CAREFUL setting this value low - even a modest number of resources
// can cause subscription level throttling if they are re-synced frequently.
// If nil, no sync is performed. Durations are specified as "1h", "15m", or "60s". See
// https://pkg.go.dev/time#ParseDuration for more details.
//
// Specify the special value "never" for AZURE_SYNC_PERIOD to prevent syncing.
SyncPeriod *time.Duration
// ResourceManagerEndpoint is the Azure Resource Manager endpoint.
// If not specified, the default is the Public cloud resource manager endpoint.
// See https://docs.microsoft.com/cli/azure/manage-clouds-azure-cli#list-available-clouds for details
// about how to find available resource manager endpoints for your cloud. Note that the resource manager
// endpoint is referred to as "resourceManager" in the Azure CLI.
ResourceManagerEndpoint string
// ResourceManagerAudience is the Azure Resource Manager AAD audience.
// If not specified, the default is the Public cloud resource manager audience https://management.core.windows.net/.
// See https://docs.microsoft.com/cli/azure/manage-clouds-azure-cli#list-available-clouds for details
// about how to find available resource manager audiences for your cloud. Note that the resource manager
// audience is referred to as "activeDirectoryResourceId" in the Azure CLI.
ResourceManagerAudience string
// AzureAuthorityHost is the URL of the AAD authority. If not specified, the default
// is the AAD URL for the public cloud: https://login.microsoftonline.com/. See
// https://docs.microsoft.com/azure/active-directory/develop/authentication-national-cloud
AzureAuthorityHost string
// UseWorkloadIdentityAuth boolean is used to determine if we're using Workload Identity authentication for global credential
UseWorkloadIdentityAuth bool
// UserAgentSuffix is appended to the default User-Agent for Azure HTTP clients.
UserAgentSuffix string
// MaxConcurrentReconciles is the number of threads/goroutines dedicated to reconciling each resource type.
// If not specified, the default is 1.
// IMPORTANT: Having MaxConcurrentReconciles set to N does not mean that ASO is limited to N interactions with
// Azure at any given time, because the control loop yields to another resource while it is not actively issuing HTTP
// calls to Azure. Any single resource only blocks the control-loop for its resource-type for as long as it takes to issue
// an HTTP call to Azure, view the result, and make a decision. In most cases the time taken to perform these actions
// (and thus how long the loop is blocked and preventing other resources from being acted upon) is a few hundred
// milliseconds to at most a second or two. In a typical 60s period, many hundreds or even thousands of resources
// can be managed with this set to 1.
// MaxConcurrentReconciles applies to every registered resource type being watched/managed by ASO.
MaxConcurrentReconciles int
RateLimit RateLimit
}
Values stores configuration values that are set for the operator.
func ReadAndValidate ¶
ReadAndValidate loads the configuration values and checks that they're consistent.
func ReadFromEnvironment ¶
ReadFromEnvironment loads configuration values from the AZURE_* environment variables.
func (Values) Cloud ¶
func (v Values) Cloud() cloud.Configuration
Cloud returns the cloud the configuration is using
Source Files
Click to show internal directories.
Click to hide internal directories.