Documentation
¶
Index ¶
- Constants
- Variables
- func AnnotationsForPod() map[string]string
- func BuildCertificate(instanceNamespace, instanceClusterIssuer string, certData CertificateData) *certmgr.Certificate
- func BuildCommonVolumes(mongoDB operatorv1alpha1.MeteringReceiverSpecMongoDB, ...) []corev1.Volume
- func BuildInitContainer(deploymentName, imageName string, envVars []corev1.EnvVar) corev1.Container
- func BuildMongoDBEnvVars(mongoDB operatorv1alpha1.MeteringReceiverSpecMongoDB) []corev1.EnvVar
- func BuildSecretCheckContainer(deploymentName, imageName, checkerCommand string, ...) corev1.Container
- func GetImageID(...) string
- func GetPodNames(pods []corev1.Pod) []string
- func GetServiceAccountName() string
- func IsAPIServiceEqual(oldAPIService, newAPIService *apiregistrationv1.APIService) bool
- func IsCertificateEqual(oldCertificate, newCertificate *certmgr.Certificate) bool
- func IsDaemonSetEqual(oldDaemonSet, newDaemonSet *appsv1.DaemonSet) bool
- func IsDeploymentEqual(oldDeployment, newDeployment *appsv1.Deployment) bool
- func IsIngressEqual(oldIngress, newIngress *netv1.Ingress) bool
- func IsServiceEqual(oldService, newService *corev1.Service) bool
- func LabelsForMetadata(deploymentName string) map[string]string
- func LabelsForPodMetadata(deploymentName string, crType string, crName string) map[string]string
- func LabelsForSelector(deploymentName string, crType string, crName string) map[string]string
- func ReconcileCertificate(client client.Client, instanceNamespace, certificateName string, ...) error
- func ReconcileDeployment(client client.Client, instanceNamespace, deploymentName, deploymentType string, ...) error
- func ReconcileIngress(client client.Client, instanceNamespace, ingressName, ingressType string, ...) error
- func ReconcileService(client client.Client, instanceNamespace, serviceName, serviceType string, ...) error
- type CertificateData
- type IngressData
- type SecretCheckData
Constants ¶
const APICertCommonName = "metering-server"
const APICertDirName = "metering-api"
const APICertName = "icp-metering-api-ca-cert"
API certificate definition
const APICertSecretName = "icp-metering-api-secret" + ""
use concatenation so linter won't complain about "Secret" vars
const APICertVolumeName = "icp-metering-api-certs"
const CommonServicesProductID = "068a62892a1e4db39641342e592daa25"
const CommonServicesProductName = "IBM Cloud Platform Common Services"
const CommonServicesProductVersion = "3.4.0"
const DefaultAPIKeySecretName = "icp-serviceid-apikey-secret" + ""
use concatenation so linter won't complain about "Secret" vars
const DefaultClusterIssuer = "cs-ca-clusterissuer"
const DefaultClusterName = "mycluster"
const DefaultImageRegistry = "quay.io/opencloudio"
const DefaultPlatformOidcSecretName = "platform-oidc-credentials" + ""
const DefaultReceiverImageName = "metering-data-manager"
const DefaultReceiverImageTag = "3.6.0"
starting with Common Services 3.4, images can be pulled by SHA or tag. run scripts/get-image-sha.sh to update operator.yaml with the SHA values. a SHA value looks like this: "sha256:nnnnnnnn" a tag value looks like this: "3.5.0".
const MeteringComponentName = "meteringsvc"
const MeteringDependencies = "ibm-common-services.auth-idp, mongodb, cert-manager"
const MeteringReleaseName = "metering"
const ReceiverCertCommonName = "metering-receiver"
const ReceiverCertDirName = "metering-receiver"
const ReceiverCertName = "icp-metering-receiver-ca-cert"
Receiver certificate definition
const ReceiverCertSecretName = "icp-metering-receiver-secret" + ""
use concatenation so linter won't complain about "Secret" vars
const ReceiverCertVolumeName = "icp-metering-receiver-certs"
const ReceiverDeploymentName = "metering-receiver"
const ReceiverServiceName = "metering-receiver"
const VarImageSHAforReceiver = "IMAGE_SHA_OR_TAG_DM"
define the env vars that contain either the SHA or the tag
Variables ¶
var APICertVolume = corev1.Volume{ Name: APICertVolumeName, VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: APICertSecretName, DefaultMode: &DefaultMode, Optional: &TrueVar, }, }, }
var APICertVolumeMount = corev1.VolumeMount{ Name: APICertVolumeName, MountPath: "/sec/" + APICertDirName, }
var ArchitectureList = []string{
"amd64",
"ppc64le",
"s390x",
}
var CommonEnvVars = []corev1.EnvVar{
{
Name: "NODE_TLS_REJECT_UNAUTHORIZED",
Value: "0",
},
}
var CommonIngressAnnotations = map[string]string{
"app.kubernetes.io/managed-by": "operator",
"kubernetes.io/ingress.class": "ibm-icp-management",
}
var CommonMainVolumeMounts = []corev1.VolumeMount{
{
Name: "mongodb-ca-cert",
MountPath: "/certs/mongodb-ca",
},
{
Name: "mongodb-client-cert",
MountPath: "/certs/mongodb-client",
},
}
var DefaultMode int32 = 420
var DefaultStatusForCR = []string{"none"}
var FalseVar = false
var Log4jsVolumeMount = corev1.VolumeMount{
Name: "log4js",
MountPath: "/etc/config",
}
var LoglevelVolumeMount = corev1.VolumeMount{
Name: "loglevel",
MountPath: "/etc/config",
}
var ReceiverCertVolume = corev1.Volume{ Name: ReceiverCertVolumeName, VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: ReceiverCertSecretName, DefaultMode: &DefaultMode, Optional: &TrueVar, }, }, }
var ReceiverCertVolumeMountForMain = corev1.VolumeMount{ Name: ReceiverCertVolumeName, MountPath: "/certs/" + ReceiverCertDirName, }
var ReceiverCertVolumeMountForSecretCheck = corev1.VolumeMount{ Name: ReceiverCertVolumeName, MountPath: "/sec/" + ReceiverCertDirName, }
var ReceiverCertificateData = CertificateData{ Name: ReceiverCertName, Secret: ReceiverCertSecretName, Common: ReceiverCertCommonName, App: ReceiverDeploymentName, Component: ReceiverCertCommonName, }
var ReceiverMainContainer = corev1.Container{ Image: "metering-data-manager", Name: "metering-receiver", ImagePullPolicy: corev1.PullAlways, VolumeMounts: []corev1.VolumeMount{ LoglevelVolumeMount, }, Env: []corev1.EnvVar{ { Name: "METERING_API_ENABLED", Value: "false", }, { Name: "HC_DM_USE_HTTPS", Value: "false", }, { Name: "HC_DM_MCM_SENDER_ENABLED", Value: "false", }, { Name: "HC_DM_STORAGEREADER_ENABLED", Value: "false", }, { Name: "HC_DM_REPORTER2_ENABLED", Value: "false", }, { Name: "HC_DM_PURGER2_ENABLED", Value: "false", }, { Name: "HC_DM_PREAGGREGATOR_ENABLED", Value: "false", }, { Name: "HC_DM_METRICS_ENABLED", Value: "false", }, { Name: "HC_DM_SELFMETER_PURGER_ENABLED", Value: "false", }, }, Ports: []corev1.ContainerPort{ {ContainerPort: 3000}, {ContainerPort: 5000}, }, LivenessProbe: &corev1.Probe{ Handler: corev1.Handler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/livenessProbe", Port: intstr.IntOrString{ Type: intstr.Int, IntVal: 3000, }, Scheme: corev1.URISchemeHTTP, }, }, InitialDelaySeconds: 305, TimeoutSeconds: 5, PeriodSeconds: 300, SuccessThreshold: 1, FailureThreshold: 3, }, ReadinessProbe: &corev1.Probe{ Handler: corev1.Handler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/readinessProbe", Port: intstr.IntOrString{ Type: intstr.Int, IntVal: 3000, }, Scheme: corev1.URISchemeHTTP, }, }, InitialDelaySeconds: 15, TimeoutSeconds: 15, PeriodSeconds: 30, SuccessThreshold: 1, FailureThreshold: 3, }, Resources: corev1.ResourceRequirements{ Limits: map[corev1.ResourceName]resource.Quantity{ corev1.ResourceCPU: *cpu500, corev1.ResourceMemory: *memory512}, Requests: map[corev1.ResourceName]resource.Quantity{ corev1.ResourceCPU: *cpu100, corev1.ResourceMemory: *memory128}, }, SecurityContext: &commonSecurityContext, }
var ReceiverSslEnvVars = []corev1.EnvVar{ { Name: "HC_RECEIVER_SSL_CA", Value: "/certs/" + ReceiverCertDirName + "/ca.crt", }, { Name: "HC_RECEIVER_SSL_CERT", Value: "/certs/" + ReceiverCertDirName + "/tls.crt", }, { Name: "HC_RECEIVER_SSL_KEY", Value: "/certs/" + ReceiverCertDirName + "/tls.key", }, }
var Replica1 int32 = 1
var Seconds60 int64 = 60
var SecretCheckCmd = `set -- $SECRET_LIST; ` +
`for secretDirName in $SECRET_DIR_LIST; do` +
` while true; do` +
` echo ` + "`date`" + `: Checking for secret $1;` +
` ls /sec/$secretDirName/* && break;` +
` echo ` + "`date`" + `: Required secret $1 not found ... try again in 30s;` +
` sleep 30;` +
` done;` +
` echo ` + "`date`" + `: Secret $1 found;` +
` shift; ` +
`done; ` +
`echo ` + "`date`" + `: All required secrets exist`
var TrueVar = true
Functions ¶
func AnnotationsForPod ¶
AnnotationsForPod returns the annotations associated with the pod being created
func BuildCertificate ¶
func BuildCertificate(instanceNamespace, instanceClusterIssuer string, certData CertificateData) *certmgr.Certificate
BuildCertificate returns a Certificate object. Call controllerutil.SetControllerReference to set the owner and controller for the Certificate object created by this function.
func BuildCommonVolumes ¶
func BuildCommonVolumes(mongoDB operatorv1alpha1.MeteringReceiverSpecMongoDB, loglevelPrefix, loglevelType string) []corev1.Volume
func BuildInitContainer ¶
func BuildMongoDBEnvVars ¶
func BuildMongoDBEnvVars(mongoDB operatorv1alpha1.MeteringReceiverSpecMongoDB) []corev1.EnvVar
func BuildSecretCheckContainer ¶
func BuildSecretCheckContainer(deploymentName, imageName, checkerCommand string, mongoDB operatorv1alpha1.MeteringReceiverSpecMongoDB, additionalInfo *SecretCheckData) corev1.Container
checkerCommand is the command to be executed by the secret-check container. mongoDB contains the password names from the CR. additionalInfo contains info about additional secrets to check.
func GetImageID ¶
func GetImageID(instanceImageRegistry, instanceImageTagPostfix, defaultImageRegistry, imageName, envVarName, defaultImageTag string) string
GetImageID returns the ID of an operand image, either <imageName>@<SHA> or <imageName>:<tag>
func GetPodNames ¶
GetPodNames returns the pod names of the array of pods passed in
func GetServiceAccountName ¶
func GetServiceAccountName() string
GetServiceAccountName returns the service account name or default if it is not set in the environment
func IsAPIServiceEqual ¶
func IsAPIServiceEqual(oldAPIService, newAPIService *apiregistrationv1.APIService) bool
Use DeepEqual to determine if 2 APIService are equal. Check labels, insecureSkipTLSVerify, service name and service namespace. If there are any differences, return false. Otherwise, return true.
func IsCertificateEqual ¶
func IsCertificateEqual(oldCertificate, newCertificate *certmgr.Certificate) bool
Use DeepEqual to determine if 2 certificates are equal. Check ObjectMeta and Spec. If there are any differences, return false. Otherwise, return true.
func IsDaemonSetEqual ¶
Use DeepEqual to determine if 2 daemon sets are equal. Check labels, pod template labels, service account names, volumes, containers, init containers, image name, volume mounts, env vars, liveness, readiness. If there are any differences, return false. Otherwise, return true.
func IsDeploymentEqual ¶
func IsDeploymentEqual(oldDeployment, newDeployment *appsv1.Deployment) bool
Use DeepEqual to determine if 2 deployments are equal. Check labels, replicas, pod template labels, service account names, volumes, containers, init containers, image name, volume mounts, env vars, liveness, readiness. If there are any differences, return false. Otherwise, return true. oldDeployment is the deployment that is currently running. newDeployment is what we expect the deployment to look like.
func IsIngressEqual ¶
Use DeepEqual to determine if 2 ingresses are equal. Check ObjectMeta and Spec. If there are any differences, return false. Otherwise, return true.
func IsServiceEqual ¶
Use DeepEqual to determine if 2 services are equal. Check ObjectMeta, Ports and Selector. If there are any differences, return false. Otherwise, return true.
func LabelsForMetadata ¶
returns the labels associated with the resource being created
func LabelsForPodMetadata ¶
returns the labels associated with the Pod being created
func LabelsForSelector ¶
returns the labels for selecting the resources belonging to the given metering CR name
func ReconcileCertificate ¶
func ReconcileCertificate(client client.Client, instanceNamespace, certificateName string, newCertificate *certmgr.Certificate, needToRequeue *bool) error
Check if the Certificates already exist, if not create new ones.
func ReconcileDeployment ¶
func ReconcileDeployment(client client.Client, instanceNamespace, deploymentName, deploymentType string, newDeployment *appsv1.Deployment, needToRequeue *bool) error
Check if a Deployment already exists. If not, create a new one.
Types ¶
type CertificateData ¶
type IngressData ¶
type SecretCheckData ¶
type SecretCheckData struct {
Names string
Dirs string
VolumeMounts []corev1.VolumeMount
}
SecretCheckData contains info about additional secrets for the secret-check container. Names will be added to the SECRET_LIST env var. Dirs will be added to the SECRET_DIR_LIST env var. VolumeMounts contains the volume mounts associated with the secrets.
Source Files