controllers

package
v0.1.13 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 6, 2023 License: Apache-2.0 Imports: 45 Imported by: 1

Documentation

Index

Constants

View Source
const (
	TokenSecretReleaseKey          = "release"
	TokenSecretConfigKey           = "config"
	TokenSecretTokenKey            = "token"
	TokenSecretOldTokenKey         = "old_token"
	TokenSecretPayloadKey          = "payload"
	TokenSecretMessageKey          = "message"
	TokenSecretPullSecretHashKey   = "pull-secret-hash"
	InvalidConfigReason            = "InvalidConfig"
	TokenSecretReasonKey           = "reason"
	TokenSecretAnnotation          = "hypershift.openshift.io/ignition-config"
	TokenSecretNodePoolUpgradeType = "hypershift.openshift.io/node-pool-upgrade-type"
	TokenSecretTokenGenerationTime = "hypershift.openshift.io/last-token-generation-time"
)

Variables

View Source
var (
	TokenRotationTotal = prometheus.NewCounter(prometheus.CounterOpts{
		Name: "ign_server_token_rotation_total",
	})

	PayloadCacheMissTotal = prometheus.NewCounter(prometheus.CounterOpts{
		Name: "ign_server_payload_cache_miss_total",
	})

	PayloadGenerationSeconds = prometheus.NewHistogram(prometheus.HistogramOpts{
		Name:    "ign_server_payload_generation_seconds",
		Buckets: []float64{5, 15, 30, 45, 60},
	})
)
View Source
var (
	PayloadCacheSizeTotal = prometheus.NewGauge(prometheus.GaugeOpts{
		Name: "ign_server_payload_cache_total",
	})
)

Functions

func NewImageFileCache

func NewImageFileCache(workDir string) (*imageFileCache, error)

Types

type CacheValue

type CacheValue struct {
	Payload    []byte
	SecretName string
}

type ExpiringCache

type ExpiringCache struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

ExpiringCache enables a cache of pairs "token: payload". Any pair in the cache is expired once entry.expiry time is above the cache ttl. The expiry time is renewed for an existing value on every Get operation. Garbage collection of expired values happens on every Get operation.

func NewPayloadStore

func NewPayloadStore() *ExpiringCache

func (*ExpiringCache) Delete

func (c *ExpiringCache) Delete(key string)

func (*ExpiringCache) Get

func (c *ExpiringCache) Get(key string) (value CacheValue, ok bool)

func (*ExpiringCache) Keys

func (c *ExpiringCache) Keys() []string

func (*ExpiringCache) Set

func (c *ExpiringCache) Set(key string, value CacheValue)

type IgnitionProvider

type IgnitionProvider interface {
	// GetPayload returns the ignition payload content for
	// the provided release image and a config string containing 0..N MachineConfig yaml definitions.
	GetPayload(ctx context.Context, payloadImage, config string, pullSecretHash string) ([]byte, error)
}

IgnitionProvider can build ignition payload contents for a given release image.

type LocalIgnitionProvider

type LocalIgnitionProvider struct {
	Client          client.Client
	ReleaseProvider releaseinfo.Provider
	CloudProvider   hyperv1.PlatformType
	Namespace       string

	// WorkDir is the base working directory for contents extracted from a
	// release payload. Usually this would map to a volume mount.
	WorkDir string

	// PreserveOutput indicates whether the temporary working directory created
	// under WorkDir should be preserved. If false, the temporary directory is
	// deleted after use.
	PreserveOutput bool

	// FeatureGateManifest is the path to a rendered feature gate manifest.
	// This must be copied into the MCC directory as it is required
	// to render the ignition payload.
	FeatureGateManifest string

	ImageFileCache *imageFileCache
	// contains filtered or unexported fields
}

LocalIgnitionProvider is an IgnitionProvider that executes MCO binaries directly to build ignition payload contents out of a given release image and a config string containing 0..N MachineConfig YAML definitions.

To do this, MCO binaries and other static input files are extracted from a release image into WorkDir. These contents are cleaned up after each execution and are not currently cached between executions for a given release image because the effort of managing the cache is not yet justified by any performance measurements.

Currently, all GetPayload executions are performed serially, enforced by a mutex. Enabling concurrent executions requires more work because of the of MCS, which is an HTTP server process, implying work to allocate non-conflicting ports. This effort is not yet justified by any performance measurements.

func (*LocalIgnitionProvider) GetPayload

func (p *LocalIgnitionProvider) GetPayload(ctx context.Context, releaseImage string, customConfig string, pullSecretHash string) ([]byte, error)

type MCSIgnitionProvider

type MCSIgnitionProvider struct {
	Client          client.Client
	ReleaseProvider releaseinfo.Provider
	CloudProvider   hyperv1.PlatformType
	Namespace       string
}

MCSIgnitionProvider is an IgnitionProvider that uses MachineConfigServer pods to build ignition payload contents out of a given releaseImage and a config string containing 0..N MachineConfig yaml definitions.

func (*MCSIgnitionProvider) GetPayload

func (p *MCSIgnitionProvider) GetPayload(ctx context.Context, releaseImage string, config string, pullSecretHash string) (payload []byte, err error)

type TokenSecretReconciler

type TokenSecretReconciler struct {
	client.Client
	IgnitionProvider IgnitionProvider
	PayloadStore     *ExpiringCache
}

TokenSecretReconciler watches token Secrets and uses an IgnitionProvider to get a payload out them, stores it in the PayloadsStore, and rotates the token ID periodically. A token Secret is by contractual convention: type: Secret

  metadata:
  annotations:
	   hypershift.openshift.io/ignition-config: "true"
	 data:
    token: <authz token>
    old_token: <authz token>
    release: <release image string>
    config: |-

func (*TokenSecretReconciler) Reconcile

func (r *TokenSecretReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

func (*TokenSecretReconciler) SetupWithManager

func (r *TokenSecretReconciler) SetupWithManager(ctx context.Context, mgr ctrl.Manager) error

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL