controllers

package
v0.1.52 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 28, 2024 License: Apache-2.0 Imports: 39 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	TokenSecretReleaseKey                   = "release"
	TokenSecretConfigKey                    = "config"
	TokenSecretTokenKey                     = "token"
	TokenSecretOldTokenKey                  = "old_token"
	TokenSecretPayloadKey                   = "payload"
	TokenSecretMessageKey                   = "message"
	TokenSecretPullSecretHashKey            = "pull-secret-hash"
	TokenSecretHCConfigurationHashKey       = "hc-configuration-hash"
	TokenSecretAdditionalTrustBundleHashKey = "additional-trust-bundle-hash"
	InvalidConfigReason                     = "InvalidConfig"
	TokenSecretReasonKey                    = "reason"
	TokenSecretAnnotation                   = "hypershift.openshift.io/ignition-config"
	TokenSecretNodePoolUpgradeType          = "hypershift.openshift.io/node-pool-upgrade-type"
	TokenSecretTokenGenerationTime          = "hypershift.openshift.io/last-token-generation-time"
)

Variables

View Source 
var (
	TokenRotationTotal = prometheus.NewCounter(prometheus.CounterOpts{
		Name: "ign_server_token_rotation_total",
	})

	PayloadCacheMissTotal = prometheus.NewCounter(prometheus.CounterOpts{
		Name: "ign_server_payload_cache_miss_total",
	})

	PayloadGenerationSeconds = prometheus.NewHistogram(prometheus.HistogramOpts{
		Name:    "ign_server_payload_generation_seconds",
		Buckets: []float64{5, 15, 30, 45, 60},
	})
)
View Source 
var (
	PayloadCacheSizeTotal = prometheus.NewGauge(prometheus.GaugeOpts{
		Name: "ign_server_payload_cache_total",
	})
)

Functions

func NewImageFileCache 

func NewImageFileCache(workDir string) (*imageFileCache, error)

Types

type CacheValue 

type CacheValue struct {
	Payload    []byte
	SecretName string
}

type ExpiringCache 

type ExpiringCache struct {
	sync.RWMutex
	// contains filtered or unexported fields
}

ExpiringCache enables a cache of pairs "token: payload". Any pair in the cache is expired once entry.expiry time is above the cache ttl. The expiry time is renewed for an existing value on every Get operation. Garbage collection of expired values happens on every Get operation.

func NewPayloadStore 

func NewPayloadStore() *ExpiringCache

func (*ExpiringCache) Delete 

func (c *ExpiringCache) Delete(key string)

func (*ExpiringCache) Get 

func (c *ExpiringCache) Get(key string) (value CacheValue, ok bool)

func (*ExpiringCache) Keys 

func (c *ExpiringCache) Keys() []string

func (*ExpiringCache) Set 

func (c *ExpiringCache) Set(key string, value CacheValue)

type IgnitionProvider 

type IgnitionProvider interface {
	// GetPayload returns the ignition payload content for
	// the provided release image and a config string containing 0..N MachineConfig yaml definitions.
	GetPayload(ctx context.Context, payloadImage, config, pullSecretHash, additionalTrustBundleHash, hcConfigurationHash string) ([]byte, error)
}

IgnitionProvider can build ignition payload contents for a given release image.

type LocalIgnitionProvider 

type LocalIgnitionProvider struct {
	Client          client.Client
	ReleaseProvider releaseinfo.ProviderWithOpenShiftImageRegistryOverrides
	CloudProvider   hyperv1.PlatformType
	Namespace       string

	// WorkDir is the base working directory for contents extracted from a
	// release payload. Usually this would map to a volume mount.
	WorkDir string

	// PreserveOutput indicates whether the temporary working directory created
	// under WorkDir should be preserved. If false, the temporary directory is
	// deleted after use.
	PreserveOutput bool

	// FeatureGateManifest is the path to a rendered feature gate manifest.
	// This must be copied into the MCC directory as it is required
	// to render the ignition payload.
	FeatureGateManifest string

	ImageFileCache *imageFileCache
	// contains filtered or unexported fields
}

LocalIgnitionProvider is an IgnitionProvider that executes MCO binaries directly to build ignition payload contents out of a given release image and a config string containing 0..N MachineConfig YAML definitions.

To do this, MCO binaries and other static input files are extracted from a release image into WorkDir. These contents are cleaned up after each execution and are not currently cached between executions for a given release image because the effort of managing the cache is not yet justified by any performance measurements.

Currently, all GetPayload executions are performed serially, enforced by a mutex. Enabling concurrent executions requires more work because of the of MCS, which is an HTTP server process, implying work to allocate non-conflicting ports. This effort is not yet justified by any performance measurements.

func (*LocalIgnitionProvider) GetPayload 

func (p *LocalIgnitionProvider) GetPayload(ctx context.Context, releaseImage, customConfig, pullSecretHash, additionalTrustBundleHash, hcConfigurationHash string) ([]byte, error)

type TokenSecretReconciler 

type TokenSecretReconciler struct {
	client.Client
	IgnitionProvider IgnitionProvider
	PayloadStore     *ExpiringCache
}

TokenSecretReconciler watches token Secrets and uses an IgnitionProvider to get a payload out them, stores it in the PayloadsStore, and rotates the token ID periodically. A token Secret is by contractual convention: type: Secret 

  metadata:
  annotations:
	   hypershift.openshift.io/ignition-config: "true"
	 data:
    token: <authz token>
    old_token: <authz token>
    release: <release image string>
    config: |-

func (*TokenSecretReconciler) Reconcile 

func (r *TokenSecretReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ctrl.Result, error)

func (*TokenSecretReconciler) SetupWithManager 

func (r *TokenSecretReconciler) SetupWithManager(ctx context.Context, mgr ctrl.Manager) error

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.