consts

Documentation

Index

• Constants
• type ServiceType

Constants

const (
	// OperatorLabelPrefix is the common label prefix used by the operator
	OperatorLabelPrefix = "gateway-operator.konghq.com/"

	// OperatorAnnotationPrefix is the common annotation prefix used by the operator
	OperatorAnnotationPrefix = OperatorLabelPrefix

	// GatewayOperatorManagedByLabel is the label that is used for objects which
	// were created by this operator.
	// The value associated with this label indicated what component is controlling
	// the resource that has this label set, e.g. controlplane.
	GatewayOperatorManagedByLabel = OperatorLabelPrefix + "managed-by"

	// GatewayOperatorManagedByNameLabel is the label that is used for objects which
	// were created by this operator.
	// The value set for this label is the name of the object that is controlling
	// the resource that has this label set.
	// This can be used e.g. as a link between a managing object and the managed object
	// specifying when there's a cross namespace reference which is disallowed by the
	// Kubernetes API.
	GatewayOperatorManagedByNameLabel = OperatorLabelPrefix + "managed-by-name"

	// GatewayOperatorManagedByNamespaceLabel is the label that is used for objects which
	// were created by this operator.
	// The value set for this label is the namespace of the object that is controlling
	// the resource that has this label set.
	// This can be used e.g. as a link between a managing object and the managed object
	// specifying when there's a cross namespace reference which is disallowed by the
	// Kubernetes API.
	GatewayOperatorManagedByNamespaceLabel = OperatorLabelPrefix + "managed-by-namespace"

	// GatewayOperatorManagedByLabelLegacy is the legacy label used for object
	// with were created by this operator
	//
	// Notice: use GatewayOperatorManagedByLabel instead.
	//
	// TODO: Remove adding this to managed resources after several versions with
	// the new managed-by label were released: https://github.com/Kong/gateway-operator/issues/1101
	GatewayOperatorManagedByLabelLegacy = "konghq.com/gateway-operator"

	// GatewayManagedLabelValue indicates that the object's lifecycle is managed by
	// the gateway controller.
	GatewayManagedLabelValue = "gateway"

	// ServiceSecretLabel is a label that is added to operator related Service
	// Secrets to designate which Service this particular Secret it used by.
	ServiceSecretLabel = OperatorLabelPrefix + "service-secret"

	// OperatorLabelSelector is a label name that is used for operator resources
	// as a label selector key.
	// Used with e.g. DataPlane's status.selector field.
	OperatorLabelSelector = OperatorLabelPrefix + "selector"

	// ControlPlaneServiceLabel is a Service's label that is used to indicate which kind of Service it is.
	ControlPlaneServiceLabel = OperatorLabelPrefix + "service"

	// SecretUsedByServiceLabel is a Secret's label that is used to indicate which Service kind is using the Secret.
	SecretUsedByServiceLabel = OperatorLabelPrefix + "secret-used-by-service"

	// ControlPlaneServiceKindAdmin is the value for SecretUsedByServiceLabel or ControlPlaneServiceLabel that
	// is used to indicate that a Service is an admin service.
	ControlPlaneServiceKindAdmin = "admin"

	// ControlPlaneServiceKindWebhook is the value for the SecretUsedByServiceLabel or ControlPlaneServiceLabel
	// that is used to indicate that a Service is a webhook service.
	ControlPlaneServiceKindWebhook = "webhook"

	// CertPurposeLabel indicates the purpose of a certificate.
	CertPurposeLabel = OperatorLabelPrefix + "cert-purpose"

	// OwnerIDLabel indicates a resource's owner ID when references are not available.
	OwnerIDLabel = OperatorLabelPrefix + "owner-id"
)

const (
	// ClusterCertificateVolume is the name of the volume that holds the certificate
	// and keys which are used for serving traffic and  ControlPlane and DataPlane communication.
	ClusterCertificateVolume = "cluster-certificate"

	// ClusterCertificateVolumeMountPath holds the path where cluster certificate
	// volume will be mounted.
	ClusterCertificateVolumeMountPath = "/var/cluster-certificate"

	// TLSCRT is the filename for the tls.crt.
	TLSCRT = "tls.crt"

	// TLSKey is the filename for the tls.key.
	TLSKey = "tls.key"

	// CACRT is the filename for the ca.crt.
	CACRT = "ca.crt"

	// TLSCRTPath is the full path for the tls.crt file.
	TLSCRTPath = ClusterCertificateVolumeMountPath + "/" + TLSCRT

	// TLSKeyPath is the full path for the tls.key file.
	TLSKeyPath = ClusterCertificateVolumeMountPath + "/" + TLSKey

	// TLSCACRTPath is the full path for the ca.crt file.
	TLSCACRTPath = ClusterCertificateVolumeMountPath + "/" + CACRT

	// TLSFieldSecret is the field name in Kubernetes secret - WebhookCertificateConfigSecretName.
	CertFieldSecret = "cert"

	// KeyFieldSecret is the field name in Kubernetes secret - WebhookCertificateConfigSecretName.
	KeyFieldSecret = "key"

	// CAFieldSecret is the field name in Kubernetes secret - WebhookCertificateConfigSecretName.
	CAFieldSecret = "ca"
)

const (
	// WebhookCertificateConfigBaseImage is the image to use by the certificate config Jobs.
	WebhookCertificateConfigBaseImage = "registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0"
	// WebhookName is the ValidatingWebhookConfiguration name.
	WebhookName = "gateway-operator-validation.konghq.com"
	// WebhookCertificateConfigSecretName is the name of the secret containing the webhook certificate.
	WebhookCertificateConfigSecretName = "gateway-operator-webhook-certs"
	// WebhookCertificateConfigName is the name given to the resources related by the certificate config Jobs.
	WebhookCertificateConfigName = "gateway-operator-admission"
	// WebhookCertificateConfigLabelvalue is the default label for all the resources related
	// to the certificate config Jobs.
	WebhookCertificateConfigLabelvalue = "gateway-operator-certificate-config"
	// WebhookServiceName is the name of the service that exposes the validating webhook
	WebhookServiceName = "gateway-operator-validating-webhook"
)

const (
	// ClusterCertEnvKey is the environment variable name for the cluster certificate.
	ClusterCertEnvKey = "KONG_CLUSTER_CERT"
	// ClusterCertEnvKey is the environment variable name for the cluster certificate key.
	ClusterCertKeyEnvKey = "KONG_CLUSTER_CERT_KEY"
)

const (
	// DefaultControlPlaneBaseImage is the base container image that can be used
	// by default for a ControlPlane resource if all other attempts to dynamically
	// decide an image fail.
	DefaultControlPlaneBaseImage = "kong/kubernetes-ingress-controller"

	// DefaultControlPlaneImage is the default container image that can be used if
	// all other attempts to dynamically decide the default image fail.
	DefaultControlPlaneImage = DefaultControlPlaneBaseImage + ":" + versions.DefaultControlPlaneVersion

	// ControlPlaneControllerContainerName is the name of the ingress controller container in a ControlPlane Deployment.
	ControlPlaneControllerContainerName = "controller"

	// DataPlaneInitRetryDelay is the time delay between every attempt (on controller startup)
	// to connect to the Kong Admin API. It needs to be customized to 5 seconds to avoid
	// the ControlPlane crash due to DataPlane slow starts.
	DataPlaneInitRetryDelay = "5s"
)

const (
	// ControlPlaneAdmissionWebhookListenPort is the port on which the control plane admission webhook listens.
	ControlPlaneAdmissionWebhookListenPort = 8080
	// ControlPlaneAdmissionWebhookEnvVarValue is the default value for the admission webhook env var.
	ControlPlaneAdmissionWebhookEnvVarValue = "0.0.0.0:8080"
	// ControlPlaneAdmissionWebhookVolumeName is the name of the volume that holds the certificate that's used
	// for serving the admission webhook in control plane.
	ControlPlaneAdmissionWebhookVolumeName = "admission-webhook-certificate"
	// ControlPlaneAdmissionWebhookVolumeMountPath is the path where the admission webhook certificate will be mounted.
	ControlPlaneAdmissionWebhookVolumeMountPath = "/admission-webhook"
)

const (
	// DataPlaneManagedLabelValue indicates that an object's lifecycle is managed
	// by the dataplane controller.
	DataPlaneManagedLabelValue = "dataplane"

	// DataPlaneServiceTypeLabel is the label that is used for the services created by
	// the DataPlane controller to expose the DataPlane deployment.
	DataPlaneServiceTypeLabel = "gateway-operator.konghq.com/dataplane-service-type"

	// DataPlaneServiceTypeLabelLegacy is the legacy label that is used for the services created by
	// the DataPlane controller to expose the DataPlane deployment.
	DataPlaneServiceTypeLabelLegacy = "konghq.com/dataplane-service-type"

	// DataPlaneServiceStateLabel indicates the state of a DataPlane service.
	// Useful for progressive rollouts.
	DataPlaneServiceStateLabel = "gateway-operator.konghq.com/dataplane-service-state"

	// DataPlaneDeploymentStateLabel indicates the state of a DataPlane deployment.
	// Useful for progressive rollouts.
	DataPlaneDeploymentStateLabel = "gateway-operator.konghq.com/dataplane-deployment-state"

	// AnnotationLastAppliedAnnotations is the annotation key to store the last annotations
	// of a DataPlane-owned object (e.g. Ingress `Service`) applied by the DataPlane controller.
	// It allows the controller to decide which annotations are outdated compared to the DataPlane spec and
	// shall be removed. This guarantees no interference with annotations from other sources (e.g. users).
	AnnotationLastAppliedAnnotations = "gateway-operator.konghq.com/last-applied-annotations"

	// DataPlanePodStateLabel indicates the state of a DataPlane Pod.
	// Useful for progressive rollouts.
	DataPlanePodStateLabel = "gateway-operator.konghq.com/dataplane-pod-state"

	// DataPlaneStateLabelValuePreview indicates that a DataPlane resource is
	// a "preview" resource.
	// This is used in:
	// - the "preview" Service that is available to access the "preview" DataPlane Pods.
	// - the "preview" Deployment wraps the "preview" DataPlane Pods.
	DataPlaneStateLabelValuePreview = "preview"

	// DataPlaneStateLabelValueLive indicates that a DataPlane resource is
	// a "live" resource.
	// This is used in:
	// - the "live" Service that is available to access the "live" DataPlane Pods.
	// - the "live" Deployment wraps the "live" DataPlane Pods.
	DataPlaneStateLabelValueLive = "live"

	// DataPlaneAdminServiceLabelValue indicates that the service is intended to expose the
	// DataPlane admin API.
	DataPlaneAdminServiceLabelValue ServiceType = "admin"

	// DataPlaneIngressServiceLabelValue indicates that the service is inteded to expose the
	// DataPlane proxy.
	DataPlaneIngressServiceLabelValue ServiceType = "ingress"

	// DataPlaneProxyServiceLabelValue is the legacy label value which indicates
	// that the service is inteded to expose the DataPlane proxy.
	DataPlaneProxyServiceLabelValueLegacy ServiceType = "proxy"
)

const (
	// DefaultDataPlaneBaseImage is the base container image that can be used
	// by default for a DataPlane resource if all other attempts to dynamically
	// decide an image fail.
	DefaultDataPlaneBaseImage = "kong"

	// DefaultDataPlaneBaseEnterpriseImage is the enterprise base container image.
	DefaultDataPlaneBaseEnterpriseImage = "kong/kong-gateway"

	// DefaultDataPlaneTag is the base container image tag that can be used
	// by default for a DataPlane resource if all other attempts to dynamically
	// decide an image tag fail.
	DefaultDataPlaneTag = "3.6" // TODO: automatic PR updates https://github.com/Kong/gateway-operator/issues/209

	// DefaultDataPlaneImage is the default container image that can be used if
	// all other attempts to dynamically decide the default image fail.
	DefaultDataPlaneImage = DefaultDataPlaneBaseImage + ":" + DefaultDataPlaneTag

	// DefaultDataPlaneEnterpriseImage is the default enterprise container image that can be used if
	// all other attempts to dynamically decide the default image fail.
	DefaultDataPlaneEnterpriseImage = DefaultDataPlaneBaseEnterpriseImage + ":" + DefaultDataPlaneTag

	// ServiceSelectorOverrideAnnotation is used on the dataplane to override the Selector
	// of both the admin and proxy services.
	// The value of such an annotation is to be intended as a comma-separated list of
	// key=value selectors, so that it is possible to add multiple selectors to the same
	// service.
	//
	// Example:
	// gateway-operator.konghq.com/service-selector-override: "key1=value,key2=value2"
	ServiceSelectorOverrideAnnotation = "gateway-operator.konghq.com/service-selector-override"

	// DataPlaneProxyContainerName is the name of the Kong proxy container
	DataPlaneProxyContainerName = "proxy"

	// DataPlaneReadyEndpoint is the endpoint to use for DataPlane readiness probe.
	DataPlaneStatusEndpoint = "/status"

	// DataPlaneStatusReadyEndpoint is the endpoint to use for DataPlane readiness probe
	// in the context of managed gateways.
	DataPlaneStatusReadyEndpoint = "/status/ready"
)

const (
	// DefaultHTTPPort is the default port used for HTTP ingress network traffic
	// from outside clusters.
	DefaultHTTPPort = 80

	// DefaultHTTPSPort is the default port used for HTTPS ingress network traffic
	// from outside clusters.
	DefaultHTTPSPort = 443

	// DataPlaneHTTPSPort is the port that the dataplane uses for Admin API.
	DataPlaneAdminAPIPort = 8444

	// DataPlaneHTTPSPort is the port that the dataplane uses for HTTP.
	DataPlaneProxyPort = 8000

	// DataPlaneHTTPSPort is the port that the dataplane uses for HTTPS.
	DataPlaneProxySSLPort = 8443

	// DataPlaneMetricsPort is the port that the dataplane uses for metrics.
	DataPlaneMetricsPort = 8100

	// DefaultKongStatusPort is the port that the dataplane uses for status.
	DataPlaneStatusPort = 8100
)

const (
	// DataPlaneAdminServicePortName is the port name of the DataPlane admin service.
	DataPlaneAdminServicePortName = "admin"

	// DataPlanePODDNSDiscoveryStrategy is DNS strategy to use when creating Gateway's Admin API addresses.
	DataPlaneServiceDNSDiscoveryStrategy = "service"
)

----------------------------------------------------------------------------- Consts - DataPlane Services parameters -----------------------------------------------------------------------------

const (
	// DataPlaneConditionReasonRolloutAwaitingPromotion is a reason which indicates a DataPlane
	// preview has been deployed successfully and is awaiting promotion.
	// If this Reason is present and no automated rollout is disabled, user can
	// use the preview services and deployment to inspect the state of those
	// make a judgement call if the promotion should happen.
	DataPlaneConditionReasonRolloutAwaitingPromotion k8sutils.ConditionReason = "AwaitingPromotion"

	// DataPlaneConditionReasonRolloutFailed is a reason which indicates a DataPlane
	// has failed to roll out. This may be caused for example by a Deployment or
	// a Service failing to get created during a rollout.
	DataPlaneConditionReasonRolloutFailed k8sutils.ConditionReason = "Failed"

	// DataPlaneConditionReasonRolloutProgressing is a reason which indicates a DataPlane's
	// new version is being rolled out.
	DataPlaneConditionReasonRolloutProgressing k8sutils.ConditionReason = "Progressing"

	// DataPlaneConditionReasonRolloutWaitingForChange is a reason which indicates a DataPlane
	// is waiting for a change to trigger new version to be made available before promotion.
	DataPlaneConditionReasonRolloutWaitingForChange k8sutils.ConditionReason = "WaitingForChange"

	// DataPlaneConditionReasonRolloutPromotionInProgress is a reason which
	// indicates that a promotion is in progress.
	DataPlaneConditionReasonRolloutPromotionInProgress k8sutils.ConditionReason = "PromotionInProgress"

	// DataPlaneConditionReasonRolloutPromotionFailed is a reason which indicates
	// a DataPlane has failed to promote. This may be caused for example by
	// a failure in updating a live Service.
	DataPlaneConditionReasonRolloutPromotionFailed k8sutils.ConditionReason = "PromotionFailed"

	// DataPlaneConditionReasonRolloutPromotionDone is a reason which indicates that a promotion is done.
	DataPlaneConditionReasonRolloutPromotionDone k8sutils.ConditionReason = "PromotionDone"
)

const (
	// DataPlaneConditionMessageRolledOutRolloutInitialized contains the message
	// that is set for the RolledOut Condition when Reason is Progressing
	// and the DataPlane has initiated a rollout.
	DataPlaneConditionMessageRolledOutRolloutInitialized = "Rollout initialized"

	// DataPlaneConditionMessageRolledOutPreviewDeploymentNotYetReady contains the message
	// that is set for the RolledOut Condition when Reason is Progressing
	// and the operator is waiting for preview Deployment to be ready.
	DataPlaneConditionMessageRolledOutPreviewDeploymentNotYetReady = "Preview Deployment not yet ready"
)

const (
	// ControlPlaneManagedLabelValue indicates that an object's lifecycle is managed
	// by the controlplane controller.
	ControlPlaneManagedLabelValue = "controlplane"
)

const (
	// ControlPlanePrefix is used as a name prefix to generate controlplane-owned objects' name.
	ControlPlanePrefix = "controlplane"
)

const (
	// DataPlaneConditionTypeRolledOut is a condition type indicating whether or
	// not, DataPlane's rollout has been successful or not.
	DataPlaneConditionTypeRolledOut k8sutils.ConditionType = "RolledOut"
)

const (
	// DataPlaneOwnedWaitForOwnerFinalizer is the finalizer added to resources owned by a DataPlane
	// to ensure that the resources are not deleted before the DataPlane is deleted.
	DataPlaneOwnedWaitForOwnerFinalizer = "gateway-operator.konghq.com/wait-for-owner"
)

const (
	// DataPlanePrefix is used as a name prefix to generate dataplane-owned objects' name
	DataPlanePrefix = "dataplane"
)

const (
	// EnvVarKongDatabase is the environment variable name to specify database
	// backend used for dataplane(Kong gateway). Currently only DBLess mode
	// (empty, or "off") is supported.
	EnvVarKongDatabase = "KONG_DATABASE"
)

Types

type ServiceType

type ServiceType string

ServiceType is a re-typing of string to be used to distinguish between proxy and admin service