Documentation ¶
Index ¶
- Constants
- Variables
- func AnnotationsForPod() map[string]string
- func BuildCertificate(instanceNamespace, instanceIssuer string, certData CertificateData) *certmgr.Certificate
- func BuildCommonClusterEnvVars(instanceNamespace, instanceIAMnamespace string) []corev1.EnvVar
- func BuildCommonVolumes(mongoDB operatorv1alpha1.MeteringSpecMongoDB, ...) []corev1.Volume
- func BuildIngress(namespace string, ingressData IngressData) *netv1.Ingress
- func BuildInitContainer(deploymentName, imageName string, envVars []corev1.EnvVar) corev1.Container
- func BuildMongoDBEnvVars(mongoDB operatorv1alpha1.MeteringSpecMongoDB) []corev1.EnvVar
- func BuildReceiverEnvVars(multiCloudReceiverEnabled bool) []corev1.EnvVar
- func BuildResourceRequirements(requestedResources, defaultResources corev1.ResourceRequirements) corev1.ResourceRequirements
- func BuildSecretCheckContainer(deploymentName, imageName, checkerCommand string, ...) corev1.Container
- func BuildSenderClusterEnvVars(instanceNamespace, instanceClusterNamespace, instanceClusterName, ... string) []corev1.EnvVar
- func BuildUIClusterEnvVars(instanceNamespace, instanceClusterName string, ...) []corev1.EnvVar
- func BuildUISecretVolumeMounts(apiKeySecretName, platformOidcSecretName string) []corev1.VolumeMount
- func BuildUISecretVolumes(apiKeySecretName, platformOidcSecretName string) []corev1.Volume
- func CheckRhacm(cfg *rest.Config) error
- func GetAffinity(addAntiAffinity bool, appName string) *corev1.Affinity
- func GetImageID(...) string
- func GetPodNames(pods []corev1.Pod) []string
- func GetServiceAccountName() string
- func GetTolerations() []corev1.Toleration
- func GetTopologySpreadConstraints(appName string) []corev1.TopologySpreadConstraint
- func IsAPIServiceEqual(oldAPIService, newAPIService *apiregistrationv1.APIService) bool
- func IsCertificateEqual(oldCertificate, newCertificate *certmgr.Certificate) bool
- func IsDaemonSetEqual(oldDaemonSet, newDaemonSet *appsv1.DaemonSet) bool
- func IsDeploymentEqual(oldDeployment, newDeployment *appsv1.Deployment) bool
- func IsIngressEqual(oldIngress, newIngress *netv1.Ingress) bool
- func IsRouteEqual(oldRoute, newRoute *ocproutev1.Route) bool
- func IsServiceEqual(oldService, newService *corev1.Service) bool
- func LabelsForMetadata(deploymentName string) map[string]string
- func LabelsForPodMetadata(deploymentName string, crType string, crName string) map[string]string
- func LabelsForSelector(deploymentName string, crType string, crName string) map[string]string
- func ReconcileCertificate(client client.Client, instanceNamespace, certificateName string, ...) error
- func ReconcileDeployment(client client.Client, instanceNamespace, deploymentName, deploymentType string, ...) error
- func ReconcileIngress(client client.Client, instanceNamespace, ingressName, ingressType string, ...) error
- func ReconcileRoute(client client.Client, instanceNamespace, routeName, routeType string, ...) error
- func ReconcileService(client client.Client, instanceNamespace, serviceName, serviceType string, ...) error
- type CertificateData
- type IngressData
- type SecretCheckData
Constants ¶
const APICertCommonName = "metering-server"
const APICertDirName = "metering-api"
const APICertName = "icp-metering-api-ca-cert"
API certificate definition
const APICertSecretName = "icp-metering-api-secret" + ""
use concatenation so linter won't complain about "Secret" vars
const APICertVolumeName = "icp-metering-api-certs"
const CommonServicesProductID = "068a62892a1e4db39641342e592daa25"
const CommonServicesProductName = "IBM Cloud Platform Common Services"
const DefaultAPIKeySecretName = "icp-serviceid-apikey-secret" + ""
use concatenation so linter won't complain about "Secret" vars
const DefaultAPIServiceName = "v1.metering.ibm.com"
const DefaultCaIssuer = "cs-ca-issuer"
const DefaultClusterName = "mycluster"
const DefaultDmImageName = "metering-data-manager"
const DefaultDmImageTag = "3.7.1"
starting with Common Services 3.4, images can be pulled by SHA or tag. run scripts/get-image-sha.sh to update operator.yaml with the SHA values. a SHA value looks like this: "sha256:nnnnnnnn" a tag value looks like this: "3.5.0".
const DefaultImageRegistry = "quay.io/opencloudio"
const DefaultMcmUIImageName = "metering-mcmui"
const DefaultMcmUIImageTag = "3.7.1"
const DefaultPlatformOidcSecretName = "platform-oidc-credentials" + ""
const DefaultReportImageName = "metering-report"
const DefaultReportImageTag = "3.7.1"
const DefaultUIImageName = "metering-ui"
const DefaultUIImageTag = "3.7.1"
const DefaultWatchNamespace = "ibm-common-services"
const DmDeploymentName = "metering-dm"
const DmNodeHeapSizeVar = "NODE_HEAP_SIZE"
const DmServiceName = "metering-dm"
const McmDeploymentName = "metering-mcmui"
const McmServiceName = "metering-mcmui"
const McmUICertCommonName = "metering-mcmui"
const McmUICertDirName = "metering-mcmui"
const McmUICertName = "metering-mcmui-ca-cert"
MCMUI certificate definition
const McmUICertSecretName = "metering-mcmui-cert" + ""
use concatenation so linter won't complain about "Secret" vars
const McmUICertVolumeName = "metering-mcmui-certs"
const MeteringComponentName = "meteringsvc"
const MeteringDependencies = "ibm-common-services.auth-idp, mongodb, cert-manager"
const MeteringReleaseName = "metering"
const ReaderDaemonSetName = "metering-reader"
const ReaderDeploymentName = "metering-reader"
const ReaderServiceName = "metering-server"
const ReceiverCertCommonName = "metering-receiver"
const ReceiverCertDirName = "metering-receiver"
const ReceiverCertName = "icp-metering-receiver-ca-cert"
Receiver certificate definition
const ReceiverCertSecretName = "icp-metering-receiver-secret" + ""
use concatenation so linter won't complain about "Secret" vars
const ReceiverCertVolumeName = "icp-metering-receiver-certs"
const ReceiverRouteName = "metering-receiver-route"
const ReceiverServiceName = "metering-receiver"
const ReportDeploymentName = "metering-report"
const ReportServiceName = "metering-report"
const SenderDeploymentName = "metering-sender"
const UICertCommonName = "metering-ui"
const UICertDirName = "metering-ui"
const UICertName = "metering-ui-ca-cert"
UI certificate definition
const UICertSecretName = "metering-ui-cert" + ""
use concatenation so linter won't complain about "Secret" vars
const UICertVolumeName = "metering-ui-certs"
const UIDeploymentName = "metering-ui"
const UIServiceName = "metering-ui"
const VarImageSHAforDM = "IMAGE_SHA_OR_TAG_DM"
define the env vars that contain either the SHA or the tag
const VarImageSHAforMCMUI = "IMAGE_SHA_OR_TAG_MCMUI"
const VarImageSHAforReport = "IMAGE_SHA_OR_TAG_REPORT"
const VarImageSHAforUI = "IMAGE_SHA_OR_TAG_UI"
const WatchNamespaceV350 = "ibm-common-services"
Variables ¶
var APICertVolume = corev1.Volume{ Name: APICertVolumeName, VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: APICertSecretName, DefaultMode: &DefaultMode, Optional: &TrueVar, }, }, }
var APICertVolumeMount = corev1.VolumeMount{ Name: APICertVolumeName, MountPath: "/sec/" + APICertDirName, }
var APICertificateData = CertificateData{ Name: APICertName, Secret: APICertSecretName, Common: APICertCommonName, App: ReaderDeploymentName, Component: ReaderDeploymentName, }
var APIcheckIngressData = IngressData{ Name: "metering-api-check", Path: "/meteringapi/api/v1", Service: ReaderServiceName, Port: apiIngressPort, Annotations: apiCheckIngressAnnotations, }
var APIrbacIngressData = IngressData{ Name: "metering-api-rbac", Path: "/meteringapi/api/", Service: ReaderServiceName, Port: apiIngressPort, Annotations: apiRBACIngressAnnotations, }
var APIswaggerIngressData = IngressData{ Name: "metering-api-swagger", Path: "/meteringapi/api/swagger", Service: ReaderServiceName, Port: apiIngressPort, Annotations: apiSwaggerIngressAnnotations, }
var ArchitectureList = []string{
"amd64",
"ppc64le",
"s390x",
}
var CommonEnvVars = []corev1.EnvVar{
{
Name: "NODE_TLS_REJECT_UNAUTHORIZED",
Value: "0",
},
}
var CommonIngressAnnotations = map[string]string{
"app.kubernetes.io/managed-by": "operator",
"kubernetes.io/ingress.class": "ibm-icp-management",
}
var CommonMainVolumeMounts = []corev1.VolumeMount{
{
Name: "mongodb-ca-cert",
MountPath: "/certs/mongodb-ca",
},
{
Name: "mongodb-client-cert",
MountPath: "/certs/mongodb-client",
},
}
var DefaultMode int32 = 420
var DefaultStatusForCR = []string{"none"}
var DmMainContainer = corev1.Container{ Image: "metering-data-manager", Name: "metering-dm", ImagePullPolicy: corev1.PullAlways, VolumeMounts: []corev1.VolumeMount{ LoglevelVolumeMount, }, Env: []corev1.EnvVar{ { Name: "METERING_API_ENABLED", Value: "true", }, { Name: "HC_DM_USE_HTTPS", Value: "false", }, { Name: "HC_DM_MCM_SENDER_ENABLED", Value: "false", }, { Name: "HC_DM_STORAGEREADER_ENABLED", Value: "true", }, { Name: "HC_DM_REPORTER2_ENABLED", Value: "true", }, { Name: "HC_DM_PURGER2_ENABLED", Value: "true", }, { Name: "HC_DM_PREAGGREGATOR_ENABLED", Value: "true", }, { Name: "HC_DM_METRICS_ENABLED", Value: "true", }, { Name: "HC_DM_SELFMETER_PURGER_ENABLED", Value: "true", }, }, Ports: []corev1.ContainerPort{ {ContainerPort: 3000}, {ContainerPort: 5000}, }, LivenessProbe: &corev1.Probe{ Handler: corev1.Handler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/livenessProbe", Port: intstr.IntOrString{ Type: intstr.Int, IntVal: 3000, }, Scheme: corev1.URISchemeHTTP, }, }, InitialDelaySeconds: 305, TimeoutSeconds: 5, PeriodSeconds: 300, SuccessThreshold: 1, FailureThreshold: 3, }, ReadinessProbe: &corev1.Probe{ Handler: corev1.Handler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/readinessProbe", Port: intstr.IntOrString{ Type: intstr.Int, IntVal: 3000, }, Scheme: corev1.URISchemeHTTP, }, }, InitialDelaySeconds: 15, TimeoutSeconds: 15, PeriodSeconds: 30, SuccessThreshold: 1, FailureThreshold: 3, }, Resources: corev1.ResourceRequirements{}, SecurityContext: &commonSecurityContext, }
var DmResourceRequirements = corev1.ResourceRequirements{ Limits: map[corev1.ResourceName]resource.Quantity{ corev1.ResourceCPU: *cpu450, corev1.ResourceMemory: *memory850}, Requests: map[corev1.ResourceName]resource.Quantity{ corev1.ResourceCPU: *cpu200, corev1.ResourceMemory: *memory230}, }
var FalseVar = false
var IAMEnvVars = []corev1.EnvVar{
{
Name: "DEFAULT_IAM_TOKEN_SERVICE_PORT",
Value: "10443",
},
{
Name: "DEFAULT_IAM_PAP_SERVICE_PORT",
Value: "39001",
},
}
var Log4jsVolumeMount = corev1.VolumeMount{
Name: "log4js",
MountPath: "/etc/config",
}
var LoglevelVolumeMount = corev1.VolumeMount{
Name: "loglevel",
MountPath: "/etc/config",
}
var McmIngressData = IngressData{
Name: "metering-mcmui",
Path: "/metering-mcm",
Service: "metering-mcmui",
Port: 3001,
Annotations: mcmIngressAnnotations,
}
var McmUICertVolume = corev1.Volume{ Name: McmUICertVolumeName, VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: McmUICertSecretName, DefaultMode: &DefaultMode, Optional: &TrueVar, }, }, }
var McmUICertVolumeMountForMain = corev1.VolumeMount{ Name: McmUICertVolumeName, MountPath: "/certs/" + McmUICertDirName, }
var McmUICertVolumeMountForSecretCheck = corev1.VolumeMount{ Name: McmUICertVolumeName, MountPath: "/sec/" + McmUICertDirName, }
var McmUICertificateData = CertificateData{ Name: McmUICertName, Secret: McmUICertSecretName, Common: McmUICertCommonName, App: McmDeploymentName, Component: McmDeploymentName, }
var McmUIMainContainer = corev1.Container{ Image: "metering-mcmui", Name: "metering-mcmui", ImagePullPolicy: corev1.PullAlways, VolumeMounts: []corev1.VolumeMount{ Log4jsVolumeMount, }, Env: []corev1.EnvVar{ { Name: "PORT", Value: "3001", }, { Name: "PROXY_URI", Value: "metering-mcm", }, { Name: "MCM_UI_ISSSL", Value: "true", }, { Name: "MCM_UI_SSL_CA", Value: "/certs/" + McmUICertDirName + "/ca.crt", }, { Name: "MCM_UI_SSL_CERT", Value: "/certs/" + McmUICertDirName + "/tls.crt", }, { Name: "MCM_UI_SSL_KEY", Value: "/certs/" + McmUICertDirName + "/tls.key", }, }, Ports: []corev1.ContainerPort{ {ContainerPort: 3001}, }, LivenessProbe: &corev1.Probe{ Handler: corev1.Handler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/unsecure/livenessProbe", Port: intstr.IntOrString{ Type: intstr.Int, IntVal: 3001, }, Scheme: corev1.URISchemeHTTPS, }, }, InitialDelaySeconds: 305, TimeoutSeconds: 5, PeriodSeconds: 300, SuccessThreshold: 1, FailureThreshold: 3, }, ReadinessProbe: &corev1.Probe{ Handler: corev1.Handler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/unsecure/readinessProbe", Port: intstr.IntOrString{ Type: intstr.Int, IntVal: 3001, }, Scheme: corev1.URISchemeHTTPS, }, }, InitialDelaySeconds: 15, TimeoutSeconds: 5, PeriodSeconds: 15, SuccessThreshold: 1, FailureThreshold: 3, }, Resources: corev1.ResourceRequirements{}, SecurityContext: &commonSecurityContext, }
var McmUIResourceRequirements = corev1.ResourceRequirements{ Limits: map[corev1.ResourceName]resource.Quantity{ corev1.ResourceCPU: *cpu100, corev1.ResourceMemory: *memory375}, Requests: map[corev1.ResourceName]resource.Quantity{ corev1.ResourceCPU: *cpu50, corev1.ResourceMemory: *memory370}, }
var RdrMainContainer = corev1.Container{ Image: "metering-data-manager", Name: "metering-reader", ImagePullPolicy: corev1.PullAlways, VolumeMounts: []corev1.VolumeMount{ { Name: APICertVolumeName, MountPath: "/certs/" + APICertDirName, }, LoglevelVolumeMount, }, Env: []corev1.EnvVar{ { Name: "METERING_API_ENABLED", Value: "true", }, { Name: "METERING_INTERNALAPI_ENABLED", Value: "true", }, { Name: "HC_DM_USE_HTTPS", Value: "true", }, { Name: "HC_DM_MCM_RECEIVER_ENABLED", Value: "false", }, { Name: "HC_DM_MCM_SENDER_ENABLED", Value: "false", }, { Name: "HC_DM_MCMREADER_ENABLED", Value: "false", }, { Name: "HC_DM_READER_ENABLED", Value: "true", }, { Name: "HC_DM_STORAGEREADER_ENABLED", Value: "false", }, { Name: "HC_DM_READER_APIENABLED", Value: "true", }, { Name: "HC_DM_REPORTER2_ENABLED", Value: "false", }, { Name: "HC_DM_PURGER2_ENABLED", Value: "false", }, { Name: "HC_DM_PREAGGREGATOR_ENABLED", Value: "false", }, { Name: "HC_DM_SELFMETER_PURGER_ENABLED", Value: "false", }, { Name: "HC_DM_API_PORT", Value: "4000", }, { Name: "HC_DM_INTERNAL_API_PORT", Value: "4002", }, { Name: "HC_API_SSL_CA", Value: "/certs/" + APICertDirName + "/ca.crt", }, { Name: "HC_API_SSL_CERT", Value: "/certs/" + APICertDirName + "/tls.crt", }, { Name: "HC_API_SSL_KEY", Value: "/certs/" + APICertDirName + "/tls.key", }, }, Ports: []corev1.ContainerPort{ {ContainerPort: 3000}, {ContainerPort: 4000}, {ContainerPort: 4002}, }, LivenessProbe: &corev1.Probe{ Handler: corev1.Handler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/livenessProbe", Port: intstr.IntOrString{ Type: intstr.Int, IntVal: 3000, }, Scheme: corev1.URISchemeHTTP, }, }, InitialDelaySeconds: 305, TimeoutSeconds: 5, PeriodSeconds: 300, SuccessThreshold: 1, FailureThreshold: 3, }, ReadinessProbe: &corev1.Probe{ Handler: corev1.Handler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/readinessProbe", Port: intstr.IntOrString{ Type: intstr.Int, IntVal: 3000, }, Scheme: corev1.URISchemeHTTP, }, }, InitialDelaySeconds: 15, TimeoutSeconds: 15, PeriodSeconds: 30, SuccessThreshold: 1, FailureThreshold: 3, }, Resources: corev1.ResourceRequirements{}, SecurityContext: &commonSecurityContext, }
var RdrResourceRequirements = corev1.ResourceRequirements{ Limits: map[corev1.ResourceName]resource.Quantity{ corev1.ResourceCPU: *cpu60, corev1.ResourceMemory: *memory320}, Requests: map[corev1.ResourceName]resource.Quantity{ corev1.ResourceCPU: *cpu50, corev1.ResourceMemory: *memory240}, }
var ReceiverCertVolume = corev1.Volume{ Name: ReceiverCertVolumeName, VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: ReceiverCertSecretName, DefaultMode: &DefaultMode, Optional: &TrueVar, }, }, }
var ReceiverCertVolumeMountForMain = corev1.VolumeMount{ Name: ReceiverCertVolumeName, MountPath: "/certs/" + ReceiverCertDirName, }
var ReceiverCertVolumeMountForSecretCheck = corev1.VolumeMount{ Name: ReceiverCertVolumeName, MountPath: "/sec/" + ReceiverCertDirName, }
var ReceiverCertificateData = CertificateData{ Name: ReceiverCertName, Secret: ReceiverCertSecretName, Common: ReceiverCertCommonName, App: DmDeploymentName, Component: ReceiverCertCommonName, }
var ReceiverSslEnvVars = []corev1.EnvVar{ { Name: "HC_RECEIVER_SSL_CA", Value: "/certs/" + ReceiverCertDirName + "/ca.crt", }, { Name: "HC_RECEIVER_SSL_CERT", Value: "/certs/" + ReceiverCertDirName + "/tls.crt", }, { Name: "HC_RECEIVER_SSL_KEY", Value: "/certs/" + ReceiverCertDirName + "/tls.key", }, }
var Replica1 int32 = 1
var ReportContainer = corev1.Container{ Image: "metering-report", Name: "metering-report", ImagePullPolicy: corev1.PullAlways, Command: []string{ "./apiserver", }, Args: []string{ "--cert-dir=/tmp", "--secure-port=7443", "--disable-admission-plugins=NamespaceLifecycle,MutatingAdmissionWebhook,ValidatingAdmissionWebhook", }, VolumeMounts: []corev1.VolumeMount{ { Name: "tmp-dir", MountPath: "/tmp", }, { Name: APICertVolumeName, MountPath: "/certs/" + APICertDirName, }, }, SecurityContext: &commonSecurityContext, LivenessProbe: &corev1.Probe{ Handler: corev1.Handler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/livenessProbe", Port: intstr.IntOrString{ Type: intstr.Int, IntVal: 3000, }, Scheme: corev1.URISchemeHTTP, }, }, InitialDelaySeconds: 305, TimeoutSeconds: 5, PeriodSeconds: 300, SuccessThreshold: 1, FailureThreshold: 3, }, ReadinessProbe: &corev1.Probe{ Handler: corev1.Handler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/readinessProbe", Port: intstr.IntOrString{ Type: intstr.Int, IntVal: 3000, }, Scheme: corev1.URISchemeHTTP, }, }, InitialDelaySeconds: 15, TimeoutSeconds: 15, PeriodSeconds: 30, SuccessThreshold: 1, FailureThreshold: 3, }, Resources: corev1.ResourceRequirements{}, }
var ReportResourceRequirements = corev1.ResourceRequirements{ Limits: map[corev1.ResourceName]resource.Quantity{ corev1.ResourceCPU: *cpu100, corev1.ResourceMemory: *memory90}, Requests: map[corev1.ResourceName]resource.Quantity{ corev1.ResourceCPU: *cpu50, corev1.ResourceMemory: *memory65}, }
var Seconds60 int64 = 60
var SecretCheckCmd = `set -- $SECRET_LIST; ` +
`for secretDirName in $SECRET_DIR_LIST; do` +
` while true; do` +
` echo ` + "`date`" + `: Checking for secret $1;` +
` ls /sec/$secretDirName/* && break;` +
` echo ` + "`date`" + `: Required secret $1 not found ... try again in 30s;` +
` sleep 30;` +
` done;` +
` echo ` + "`date`" + `: Secret $1 found;` +
` shift; ` +
`done; ` +
`echo ` + "`date`" + `: All required secrets exist`
var SenderMainContainer = corev1.Container{ Image: "metering-data-manager", Name: "metering-sender", ImagePullPolicy: corev1.PullAlways, VolumeMounts: []corev1.VolumeMount{ LoglevelVolumeMount, }, Env: []corev1.EnvVar{ { Name: "METERING_API_ENABLED", Value: "false", }, { Name: "HC_DM_SELFMETER_PURGER_ENABLED", Value: "false", }, { Name: "HC_DM_REPORTER2_ENABLED", Value: "false", }, { Name: "HC_DM_PURGER2_ENABLED", Value: "false", }, { Name: "HC_DM_PREAGGREGATOR_ENABLED", Value: "false", }, { Name: "HC_DM_METRICS_ENABLED", Value: "false", }, { Name: "HC_DM_READER_APIENABLED", Value: "false", }, { Name: "HC_DM_MCM_RECEIVER_ENABLED", Value: "false", }, { Name: "HC_DM_MCMREADER_ENABLED", Value: "false", }, { Name: "HC_DM_MCM_SENDER_ENABLED", Value: "true", }, }, LivenessProbe: &corev1.Probe{ Handler: corev1.Handler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/livenessProbe", Port: intstr.IntOrString{ Type: intstr.Int, IntVal: 3000, }, Scheme: corev1.URISchemeHTTP, }, }, InitialDelaySeconds: 305, TimeoutSeconds: 5, PeriodSeconds: 300, SuccessThreshold: 1, FailureThreshold: 3, }, ReadinessProbe: &corev1.Probe{ Handler: corev1.Handler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/readinessProbe", Port: intstr.IntOrString{ Type: intstr.Int, IntVal: 3000, }, Scheme: corev1.URISchemeHTTP, }, }, InitialDelaySeconds: 15, TimeoutSeconds: 15, PeriodSeconds: 30, SuccessThreshold: 1, FailureThreshold: 3, }, Resources: corev1.ResourceRequirements{}, SecurityContext: &commonSecurityContext, }
var SenderResourceRequirements = corev1.ResourceRequirements{ Limits: map[corev1.ResourceName]resource.Quantity{ corev1.ResourceCPU: *cpu60, corev1.ResourceMemory: *memory320}, Requests: map[corev1.ResourceName]resource.Quantity{ corev1.ResourceCPU: *cpu50, corev1.ResourceMemory: *memory240}, }
var SenderSecretCheckCmd = SecretCheckCmd + ";" +
`echo ` + "`date`" + `: Further, checking for kubeConfig secret...;` +
`node /datamanager/lib/metering_init.js kubeconfig_secretcheck `
var TempDirVolume = corev1.Volume{ Name: "tmp-dir", VolumeSource: corev1.VolumeSource{ EmptyDir: &corev1.EmptyDirVolumeSource{}, }, }
var TrueVar = true
var UICertVolume = corev1.Volume{ Name: UICertVolumeName, VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: UICertSecretName, DefaultMode: &DefaultMode, Optional: &TrueVar, }, }, }
var UICertVolumeMountForMain = corev1.VolumeMount{ Name: UICertVolumeName, MountPath: "/certs/" + UICertDirName, }
var UICertVolumeMountForSecretCheck = corev1.VolumeMount{ Name: UICertVolumeName, MountPath: "/sec/" + UICertDirName, }
var UICertificateData = CertificateData{ Name: UICertName, Secret: UICertSecretName, Common: UICertCommonName, App: UIDeploymentName, Component: UIDeploymentName, }
var UIEnvVars = []corev1.EnvVar{
{
Name: "IS_PRIVATECLOUD",
Value: "true",
},
{
Name: "USE_PRIVATECLOUD_SECURITY",
Value: "true",
},
{
Name: "DEFAULT_PLATFORM_IDENTITY_MANAGEMENT_SERVICE_PORT",
Value: "4500",
},
{
Name: "DEFAULT_PLATFORM_HEADER_SERVICE_PORT",
Value: "3000",
},
}
var UIIngressData = IngressData{
Name: "metering-ui",
Path: "/metering/",
Service: "metering-ui",
Port: 3130,
Annotations: uiIngressAnnotations,
}
var UIMainContainer = corev1.Container{ Image: "metering-ui", Name: "metering-ui", ImagePullPolicy: corev1.PullAlways, VolumeMounts: []corev1.VolumeMount{ LoglevelVolumeMount, }, Env: []corev1.EnvVar{ { Name: "ICP_DEFAULT_DASHBOARD", Value: "cpi.icp.main", }, { Name: "PORT", Value: "3130", }, { Name: "PROXY_URI", Value: "metering", }, { Name: "HC_UI_ISSSL", Value: "true", }, { Name: "HC_UI_SSL_CA", Value: "/certs/" + UICertDirName + "/ca.crt", }, { Name: "HC_UI_SSL_CERT", Value: "/certs/" + UICertDirName + "/tls.crt", }, { Name: "HC_UI_SSL_KEY", Value: "/certs/" + UICertDirName + "/tls.key", }, }, Ports: []corev1.ContainerPort{ {ContainerPort: 3130}, }, LivenessProbe: &corev1.Probe{ Handler: corev1.Handler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/unsecure/c2c/status/livenessProbe", Port: intstr.IntOrString{ Type: intstr.Int, IntVal: 3130, }, Scheme: corev1.URISchemeHTTPS, }, }, InitialDelaySeconds: 305, TimeoutSeconds: 5, PeriodSeconds: 300, SuccessThreshold: 1, FailureThreshold: 3, }, ReadinessProbe: &corev1.Probe{ Handler: corev1.Handler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/unsecure/c2c/status/readinessProbe", Port: intstr.IntOrString{ Type: intstr.Int, IntVal: 3130, }, Scheme: corev1.URISchemeHTTPS, }, }, InitialDelaySeconds: 15, TimeoutSeconds: 15, PeriodSeconds: 30, SuccessThreshold: 1, FailureThreshold: 3, }, Resources: corev1.ResourceRequirements{}, SecurityContext: &commonSecurityContext, }
var UIResourceRequirements = corev1.ResourceRequirements{ Limits: map[corev1.ResourceName]resource.Quantity{ corev1.ResourceCPU: *cpu100, corev1.ResourceMemory: *memory375}, Requests: map[corev1.ResourceName]resource.Quantity{ corev1.ResourceCPU: *cpu50, corev1.ResourceMemory: *memory370}, }
Functions ¶
func AnnotationsForPod ¶
AnnotationsForPod returns the annotations associated with the pod being created
func BuildCertificate ¶
func BuildCertificate(instanceNamespace, instanceIssuer string, certData CertificateData) *certmgr.Certificate
BuildCertificate returns a Certificate object. Call controllerutil.SetControllerReference to set the owner and controller for the Certificate object created by this function.
func BuildCommonVolumes ¶
func BuildCommonVolumes(mongoDB operatorv1alpha1.MeteringSpecMongoDB, loglevelPrefix, loglevelType string) []corev1.Volume
set loglevelType to "log4js" when building volumes for metering-mcmui. set loglevelType to "loglevel" when building volumes for any other component.
func BuildIngress ¶
func BuildIngress(namespace string, ingressData IngressData) *netv1.Ingress
BuildIngress returns an Ingress object. Call controllerutil.SetControllerReference to set the owner and controller for the Ingress object created by this function.
func BuildInitContainer ¶
func BuildMongoDBEnvVars ¶
func BuildMongoDBEnvVars(mongoDB operatorv1alpha1.MeteringSpecMongoDB) []corev1.EnvVar
func BuildReceiverEnvVars ¶
func BuildResourceRequirements ¶
func BuildResourceRequirements(requestedResources, defaultResources corev1.ResourceRequirements) corev1.ResourceRequirements
returns a ResourceRequirements object. if any value in requestedResources is not zero, use that value to override the corresponding value in defaultResources.
func BuildSecretCheckContainer ¶
func BuildSecretCheckContainer(deploymentName, imageName, checkerCommand string, mongoDB operatorv1alpha1.MeteringSpecMongoDB, additionalInfo *SecretCheckData) corev1.Container
checkerCommand is the command to be executed by the secret-check container. mongoDB contains the password names from the CR. additionalInfo contains info about additional secrets to check.
func BuildUIClusterEnvVars ¶
func BuildUIClusterEnvVars(instanceNamespace, instanceClusterName string, instanceUI operatorv1alpha1.MeteringSpecUI, isMcmUI bool) []corev1.EnvVar
set isMcmUI to true when building env vars for metering-mcmui. set isMcmUI to false when building env vars for any other component.
func BuildUISecretVolumeMounts ¶
func BuildUISecretVolumeMounts(apiKeySecretName, platformOidcSecretName string) []corev1.VolumeMount
func BuildUISecretVolumes ¶
func GetAffinity ¶
GetAffinity returns the Affinity definition for a PodSpec. if AntiAffinity is needed, set addAntiAffinity to true and pass the app name.
func GetImageID ¶
func GetImageID(instanceImageRegistry, instanceImageTagPostfix, defaultImageRegistry, imageName, envVarName, defaultImageTag string) string
GetImageID returns the ID of an operand image, either <imageName>@<SHA> or <imageName>:<tag>
func GetPodNames ¶
GetPodNames returns the pod names of the array of pods passed in
func GetServiceAccountName ¶
func GetServiceAccountName() string
GetServiceAccountName returns the service account name or default if it is not set in the environment
func GetTolerations ¶
func GetTolerations() []corev1.Toleration
GetTolerations returns the Tolerations definition for a PodSpec.
func GetTopologySpreadConstraints ¶
func GetTopologySpreadConstraints(appName string) []corev1.TopologySpreadConstraint
GetTopologySpreadConstraints returns the TopologySpreadConstraints definition for a PodSpec.
func IsAPIServiceEqual ¶
func IsAPIServiceEqual(oldAPIService, newAPIService *apiregistrationv1.APIService) bool
Use DeepEqual to determine if 2 APIService are equal. Check labels, insecureSkipTLSVerify, service name and service namespace. If there are any differences, return false. Otherwise, return true.
func IsCertificateEqual ¶
func IsCertificateEqual(oldCertificate, newCertificate *certmgr.Certificate) bool
Use DeepEqual to determine if 2 certificates are equal. Check ObjectMeta and Spec. If there are any differences, return false. Otherwise, return true.
func IsDaemonSetEqual ¶
Use DeepEqual to determine if 2 daemon sets are equal. Check labels, pod template labels, service account names, volumes, containers, init containers, image name, volume mounts, env vars, liveness, readiness. If there are any differences, return false. Otherwise, return true. oldDaemonSet is the daemon set that is currently running. newDaemonSet is what we expect the daemon set to look like.
func IsDeploymentEqual ¶
func IsDeploymentEqual(oldDeployment, newDeployment *appsv1.Deployment) bool
Use DeepEqual to determine if 2 deployments are equal. Check labels, replicas, pod template labels, service account names, volumes, containers, init containers, image name, volume mounts, env vars, liveness, readiness. If there are any differences, return false. Otherwise, return true. oldDeployment is the deployment that is currently running. newDeployment is what we expect the deployment to look like.
func IsIngressEqual ¶
Use DeepEqual to determine if 2 ingresses are equal. Check ObjectMeta and Spec. If there are any differences, return false. Otherwise, return true.
func IsRouteEqual ¶
func IsRouteEqual(oldRoute, newRoute *ocproutev1.Route) bool
Use DeepEqual to determine if 2 routes are equal. Check ObjectMeta, Port, Host and To. If there are any differences, return false. Otherwise, return true. oldRoute is the route that is currently running. newRoute is what we expect the route to look like.
func IsServiceEqual ¶
Use DeepEqual to determine if 2 services are equal. Check ObjectMeta, Ports and Selector. If there are any differences, return false. Otherwise, return true. oldService is the service that is currently running. newService is what we expect the service to look like.
func LabelsForMetadata ¶
returns the labels associated with the resource being created
func LabelsForPodMetadata ¶
returns the labels associated with the Pod being created
func LabelsForSelector ¶
returns the labels for selecting the resources belonging to the given metering CR name
func ReconcileCertificate ¶
func ReconcileCertificate(client client.Client, instanceNamespace, certificateName string, newCertificate *certmgr.Certificate, needToRequeue *bool) error
Check if the Certificates already exist, if not create new ones.
func ReconcileDeployment ¶
func ReconcileDeployment(client client.Client, instanceNamespace, deploymentName, deploymentType string, newDeployment *appsv1.Deployment, needToRequeue *bool) error
Check if a Deployment already exists. If not, create a new one.
func ReconcileIngress ¶
func ReconcileIngress(client client.Client, instanceNamespace, ingressName, ingressType string, newIngress *netv1.Ingress, needToRequeue *bool) error
Check if the Ingress already exists, if not create a new one.
func ReconcileRoute ¶
func ReconcileRoute(client client.Client, instanceNamespace, routeName, routeType string, newRoute *ocproutev1.Route, needToRequeue *bool) error
Check if a Route already exists. If not, create a new one.
Types ¶
type CertificateData ¶
type IngressData ¶
type SecretCheckData ¶
type SecretCheckData struct { Names string Dirs string VolumeMounts []corev1.VolumeMount }
SecretCheckData contains info about additional secrets for the secret-check container. Names will be added to the SECRET_LIST env var. Dirs will be added to the SECRET_DIR_LIST env var. VolumeMounts contains the volume mounts associated with the secrets.