manifestutils

package
v0.15.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 17, 2025 License: AGPL-3.0 Imports: 15 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// PrometheusCAFile declares the path for prometheus CA file for service monitors.
	PrometheusCAFile string = "/etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt"
	// nolint #nosec
	// BearerTokenFile declares the path for bearer token file for service monitors.
	BearerTokenFile string = "/var/run/secrets/kubernetes.io/serviceaccount/token"

	// ConfigVolumeName declares the name of the volume containing the tempo configuration.
	ConfigVolumeName = "tempo-conf"

	// GatewayRBACFileName the name of the RBAC config file in the ConfigMap.
	GatewayRBACFileName = "rbac.yaml"
	// GatewayTenantFileName the name of the tenant config file in the secret.
	GatewayTenantFileName = "tenants.yaml"

	// TmpStorageVolumeName declares the name of the volume containing temporary storage for tempo.
	TmpStorageVolumeName = "tempo-tmp-storage"

	// TmpTempoStoragePath declares the path of temporary storage for tempo.
	TmpTempoStoragePath = "/var/tempo"
	// TmpStoragePath   declares generic default /tmp storage path.
	TmpStoragePath = "/tmp"

	// HttpPortName declares the name of the tempo http port.
	HttpPortName = "http"
	// PortHTTPServer declares the port number of the tempo http port.
	PortHTTPServer = 3200
	// TempoInternalServerPortName declares the name of the internal Tempo HTTP Server (for healthchecks).
	TempoInternalServerPortName = "tempo-internal"
	// PortInternalHTTPServer declares the port number of the internal tempo http port.
	PortInternalHTTPServer = 3101
	// PortJaegerQuery declares the port number of the jaeger query UI port.
	PortJaegerQuery = 16686
	// TempoReadinessPath specifies the path for the readiness probe.
	TempoReadinessPath = "/ready"
	// TempoLivenessPath specifies the path for the liveness probe.
	TempoLivenessPath = "/status/version"

	// GrpcPortName declares the name of the tempo gRPC port.
	GrpcPortName = "grpc"
	// PortGRPCServer declares the port number of the tempo gRPC port.
	PortGRPCServer = 9095

	// JaegerUIPortName declares the name of the Jaeger UI HTTP port.
	JaegerUIPortName = "jaeger-ui"
	// PortJaegerUI declares the port number of the Jaeger UI HTTP port.
	PortJaegerUI = 16686

	// OAuthProxyPortName declares the name of the Jaeger UI oauth proxy HTTP port.
	OAuthProxyPortName = "oauth-proxy"
	// OAuthProxyPort declares the port number of the Jaeger UI oauth proxy HTTP port.
	OAuthProxyPort = 8443

	// JaegerGRPCQuery declares the name of the Jaeger UI gPRC port.
	JaegerGRPCQuery = "jaeger-grpc"
	// PortJaegerGRPCQuery declares the port number of the Jaeger UI gPRC port.
	PortJaegerGRPCQuery = 16685

	// TempoGRPCQuery declares the name of the Jaeger UI gPRC port.
	TempoGRPCQuery = "proxy-grpc"
	// PortTempoGRPCQuery declares the port number of the Tempo storage gPRC port.
	PortTempoGRPCQuery = 7777

	// JaegerMetricsPortName declares the name of the Jaeger UI metrics port.
	JaegerMetricsPortName = "jaeger-metrics"
	// PortJaegerMetrics declares the port number of the Jaeger UI metrics port.
	PortJaegerMetrics = 16687

	// GatewayHttpPortName declares the name of the Gateway HTTP port (e.g. proxying the Jaeger UI).
	GatewayHttpPortName = "public"
	// GatewayPortHTTPServer declares the port number of the Gateway HTTP port.
	GatewayPortHTTPServer = 8080

	// GatewayInternalHttpPortName declares the name of the Gateway Internal HTTP port (e.g. used for health checks).
	GatewayInternalHttpPortName = "internal"
	// GatewayPortInternalHTTPServer declares the port number of the Gateway Internal HTTP port.
	GatewayPortInternalHTTPServer = 8081

	// GatewayGrpcPortName declares the name of the Gateway public gRPC port.
	GatewayGrpcPortName = "grpc-public"
	// GatewayPortGRPCServer declares the port number of the Gateway public gRPC port.
	GatewayPortGRPCServer = 8090

	// OtlpGrpcPortName declares the name of the OpenTelemetry Collector gRPC receiver port.
	OtlpGrpcPortName = "otlp-grpc"
	// PortOtlpGrpcServer declares the port number of the OpenTelemetry Collector gRPC receiver port.
	PortOtlpGrpcServer = 4317

	// PortOtlpHttpName declares the port name of the OpenTelemetry protocol over HTTP.
	PortOtlpHttpName = "otlp-http"
	// PortOtlpHttp declares the port number of the OpenTelemetry protocol over HTTP.
	PortOtlpHttp = 4318

	// PortJaegerThriftHTTPName declares the port name of the Jaeger Thrift HTTP protocol.
	PortJaegerThriftHTTPName = "thrift-http"
	// PortJaegerThriftHTTP declares the port number of the Jaeger Thrift HTTP protocol.
	PortJaegerThriftHTTP = 14268

	// PortJaegerThriftCompactName declares the port name of the Jaeger Thrift compact protocol.
	PortJaegerThriftCompactName = "thrift-compact"
	// PortJaegerThriftCompact declares the port number of the Jaeger Thrift compact protocol.
	PortJaegerThriftCompact = 6831

	// PortJaegerThriftBinaryName declares the port name of the Jaeger Thrift binary protocol.
	PortJaegerThriftBinaryName = "thrift-binary"
	// PortJaegerThriftBinary declares the port number of the Jaeger Thrift binary protocol.
	PortJaegerThriftBinary = 6832

	// PortJaegerGrpcName declares the port number of the Jaeger gRPC port.
	PortJaegerGrpcName = "jaeger-grpc"
	// PortJaegerGrpc declares the port number of the Jaeger gRPC port.
	PortJaegerGrpc = 14250

	// PortZipkinName declares the port number of zipkin receiver port.
	PortZipkinName = "http-zipkin"
	// PortZipkin declares the port number of zipkin receiver port.
	PortZipkin = 9411

	// HttpMemberlistPortName declares the name of the tempo memberlist port.
	HttpMemberlistPortName = "http-memberlist"
	// PortMemberlist declares the port number of the tempo memberlist port.
	PortMemberlist = 7946

	// CompactorComponentName declares the internal name of the compactor component.
	CompactorComponentName = "compactor"
	// QuerierComponentName declares the internal name of the querier component.
	QuerierComponentName = "querier"
	// DistributorComponentName declares the internal name of the distributor component.
	DistributorComponentName = "distributor"
	// QueryFrontendComponentName declares the internal name of the query-frontend component.
	QueryFrontendComponentName = "query-frontend"
	// JaegerFrontendComponentName declares the internal name of the jaeger-frontend component.
	JaegerFrontendComponentName = "jaeger-frontend"

	// QueryFrontendOauthProxyComponentName declares the internal name of the query-frontend-proxy component.
	QueryFrontendOauthProxyComponentName = "query-frontend-proxy"

	// IngesterComponentName declares the internal name of the ingester component.
	IngesterComponentName = "ingester"
	// GatewayComponentName declares the internal name of the gateway component.
	GatewayComponentName = "gateway"

	// TempoMonolithComponentName declares the internal name of the Tempo Monolith component.
	TempoMonolithComponentName = "tempo"
	// TempoConfigName declares the name of the Tempo ConfigMap (tempo-$name-config).
	TempoConfigName = "config"
	// JaegerUIComponentName declares the name of the Jaeger UI component.
	JaegerUIComponentName = "jaegerui"

	// TenantHeader is the header name that contains tenant name.
	TenantHeader = "x-scope-orgid"

	// TLSCAFilename is the key name of the CA file in the ConfigMap.
	TLSCAFilename = "service-ca.crt"
	// TLSCertFilename is the key name of the certificate file in the Secret.
	TLSCertFilename = "tls.crt"
	// TLSKeyFilename is the key name of the private key file in the Secret.
	TLSKeyFilename = "tls.key"

	// StorageTLSCAFilename is the key name of the CA file in the ConfigMap for accessing object storage.
	StorageTLSCAFilename = "ca.crt"
)
View Source 
const (
	// TLSDir is the path that is mounted from the secret for TLS.
	TLSDir = "/var/run/tls"

	// TempoInternalTLSCADir is the path that is mounted from the configmap for TLS.
	TempoInternalTLSCADir = "/var/run/ca"
	// TempoInternalTLSCertDir returns the mount path of the HTTP service certificates for communication between Tempo components.
	TempoInternalTLSCertDir = TLSDir + "/server"

	// ReceiverTLSCADir is the path that is mounted from the configmap for TLS for receiver.
	ReceiverTLSCADir = "/var/run/ca-receiver"
	// ReceiverTLSCertDir returns the mount path of the receivers certificates (for ingesting traces).
	ReceiverTLSCertDir = TLSDir + "/receiver"

	// ReceiverGRPCTLSCADir is the path that is mounted from the configmap for TLS for receiver.
	ReceiverGRPCTLSCADir = "/var/run/ca-receiver/grpc"
	// ReceiverGRPCTLSCertDir returns the mount path of the receivers certificates (for ingesting traces).
	ReceiverGRPCTLSCertDir = TLSDir + "/receiver/grpc"

	// ReceiverHTTPTLSCADir is the path that is mounted from the configmap for TLS for receiver.
	ReceiverHTTPTLSCADir = "/var/run/ca-receiver/http"
	// ReceiverHTTPTLSCertDir returns the mount path of the receivers certificates (for ingesting traces).
	ReceiverHTTPTLSCertDir = TLSDir + "/receiver/http"

	// StorageTLSCADir contains the CA file for accessing object storage.
	StorageTLSCADir = TLSDir + "/storage/ca"
	// StorageTLSCertDir contains the certificate and key file for accessing object storage.
	StorageTLSCertDir = TLSDir + "/storage/cert"
)

Variables

This section is empty.

Functions

func CommonAnnotations 

func CommonAnnotations(configChecksum string) map[string]string

CommonAnnotations returns common annotations for each pod created by the operator.

func CommonLabels 

func CommonLabels(instanceName string) map[string]string

CommonLabels returns common labels for each object created by the operator.

func CommonOperatorLabels 

func CommonOperatorLabels() map[string]string

CommonOperatorLabels returns the common labels for operator components.

func ComponentLabels 

func ComponentLabels(component, instanceName string) labels.Set

ComponentLabels is a list of all commonLabels including the app.kubernetes.io/component:<component> label.

func ConfigureAzureStorage added in v0.8.0 

func ConfigureAzureStorage(pod *corev1.PodSpec, containerName string, storageSecretName string, tlsSpec *v1alpha1.TLSSpec) error

ConfigureAzureStorage mounts the Azure Storage credentials in a pod.

func ConfigureGCS added in v0.8.0 

func ConfigureGCS(pod *corev1.PodSpec, containerName string, storageSecretName string, tlsSpec *v1alpha1.TLSSpec) error

ConfigureGCS mounts the Google Cloud Storage credentials in a pod.

func ConfigureS3Storage added in v0.8.0 

func ConfigureS3Storage(pod *corev1.PodSpec, containerName string, storageSecretName string, tlsSpec *v1alpha1.TLSSpec, s3 *S3) error

ConfigureS3Storage mounts the Amazon S3 credentials and TLS certs in a pod.

func ConfigureServiceCA 

func ConfigureServiceCA(podSpec *corev1.PodSpec, caBundleName string, containers ...int) error

ConfigureServiceCA modify the PodSpec adding the volumes and volumeMounts to the specified containers.

func ConfigureServiceCAByContainerName added in v0.14.0 

func ConfigureServiceCAByContainerName(podSpec *corev1.PodSpec, caBundleName string, containers ...string) error

ConfigureServiceCAByContainerName modify the PodSpec adding the volumes and volumeMounts to the specified containers.

func ConfigureServicePKI 

func ConfigureServicePKI(tempoStackName string, component string, podSpec *corev1.PodSpec, containers ...int) error

ConfigureServicePKI modify the PodSpec adding cert the volumes and volumeMounts to the specified containers.

func ConfigureServicePKIByContainerName added in v0.14.0 

func ConfigureServicePKIByContainerName(tempoStackName string, component string, podSpec *corev1.PodSpec, containers ...string) error

ConfigureServicePKIByContainerName modify the PodSpec adding cert the volumes and volumeMounts to the specified containers.

func ConfigureStorage 

func ConfigureStorage(storage StorageParams, tempo v1alpha1.TempoStack, pod *corev1.PodSpec, containerName string) error

ConfigureStorage configures storage.

func DefaultAffinity 

func DefaultAffinity(labels labels.Set) *corev1.Affinity

DefaultAffinity returns the default affinity for Tempo components. It defines that two pods with the same labels (i.e. same component) should not be scheduled on the same node or failure domain.

func MountCAConfigMap added in v0.10.0 

func MountCAConfigMap(
	pod *corev1.PodSpec,
	containerName string,
	caConfigMap string,
	caDir string,
) error

MountCAConfigMap mounts the CA ConfigMap in a pod.

func MountCertSecret added in v0.10.0 

func MountCertSecret(
	pod *corev1.PodSpec,
	containerName string,
	certSecret string,
	certDir string,
) error

MountCertSecret mounts the Certificate Secret in a pod.

func MountTLSSpecVolumes added in v0.10.0 

func MountTLSSpecVolumes(
	pod *corev1.PodSpec,
	containerName string,
	tlsSpec v1alpha1.TLSSpec,
	caDir string,
	certDir string,
) error

MountTLSSpecVolumes mounts the CA ConfigMap and Certificate Secret in a pod.

func NewConfigMapCABundle added in v0.10.0 

func NewConfigMapCABundle(namespace string, name string, labels labels.Set) *corev1.ConfigMap

NewConfigMapCABundle creates a new ConfigMap with an annotation that triggers the service-ca-operator to inject the cluster CA bundle in this ConfigMap (service-ca.crt key).

func PatchTracingEnvConfiguration added in v0.15.0 

func PatchTracingEnvConfiguration(tempo v1alpha1.TempoStack, pod corev1.PodTemplateSpec) (corev1.PodTemplateSpec, error)

PatchTracingEnvConfiguration configures OTEL SDK via environment variables if operand observability settings exist.

func Resources 

func Resources(tempo v1alpha1.TempoStack, component string, replicas *int32) corev1.ResourceRequirements

Resources calculates the resource requirements of a specific component.

func S3AWSSTSAnnotations added in v0.12.0 

func S3AWSSTSAnnotations(secret S3ShortLived) map[string]string

S3AWSSTSAnnotations returns service account annotations required by AWS STS.

func TempoContainerSecurityContext 

func TempoContainerSecurityContext() *corev1.SecurityContext

TempoContainerSecurityContext returns the default container security context.

func TempoReadinessProbe 

func TempoReadinessProbe(tlsEnable bool) *corev1.Probe

TempoReadinessProbe returns a readiness Probe spec for tempo components.

Types

type AzureStorage 

type AzureStorage struct {
	Container   string
	AccountName string
	AccountKey  string
}

AzureStorage for Azure Storage.

type GCS 

type GCS struct {
	Bucket string
}

GCS for Google Cloud Storage.

type GatewayTenantOIDCSecret 

type GatewayTenantOIDCSecret struct {
	TenantName   string
	ClientID     string
	ClientSecret string
	IssuerCAPath string
}

GatewayTenantOIDCSecret holds clientID, clientSecret and issuerCAPath for tenant's authentication.

type GatewayTenantsData 

type GatewayTenantsData struct {
	TenantName string
	// OpenShiftCookieSecret is used for encrypting the auth token when put into the browser session.
	OpenShiftCookieSecret string
}

GatewayTenantsData holds cookie secret for opa-openshift sidecar.

type Params 

type Params struct {
	StorageParams       StorageParams
	ConfigChecksum      string
	Tempo               v1alpha1.TempoStack
	CtrlConfig          configv1alpha1.ProjectConfig
	TLSProfile          tlsprofile.TLSProfileOptions
	GatewayTenantSecret []*GatewayTenantOIDCSecret
	GatewayTenantsData  []*GatewayTenantsData
}

Params holds parameters used to create Tempo objects.

type S3 

type S3 struct {
	LongLived  *S3LongLived
	ShortLived *S3ShortLived
	Insecure   bool
}

S3 holds S3 configuration.

type S3LongLived added in v0.12.0 

type S3LongLived struct {
	// Endpoint without http/https
	Endpoint string
	Bucket   string
	TLS      StorageTLS
}

S3LongLived holds long-lived S3 configuration. The long-lived token uses access key and secret.

type S3ShortLived added in v0.12.0 

type S3ShortLived struct {
	Bucket  string
	RoleARN string
	Region  string
}

S3ShortLived holds short-lived S3 configuration. The short-lived S3 token uses AWS STS.

type StorageParams 

type StorageParams struct {
	AzureStorage *AzureStorage
	GCS          *GCS
	S3           *S3
}

StorageParams holds storage configuration from the storage secret, except the credentials.

type StorageTLS added in v0.8.0 

type StorageTLS struct {
	CAFilename string // for backwards compatibility (can be service-ca.crt or ca.crt)
}

StorageTLS holds StorageTLS configuration.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.