install

package
v0.27.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 20, 2024 License: Apache-2.0 Imports: 32 Imported by: 8

Documentation

Index

Constants

View Source
const (
	// DefaultCertMinFresh is the default min-fresh value - 1 day
	DefaultCertMinFresh = time.Hour * 24
	// DefaultCertValidFor is the default duration a cert can be valid for - 2 years
	DefaultCertValidFor = time.Hour * 24 * 730
	// OLMCAPEMKey is the CAPEM
	OLMCAPEMKey = "olmCAKey"
	// OLMCAHashAnnotationKey is the label key used to store the hash of the CA cert
	OLMCAHashAnnotationKey = "olmcahash"
	// Organization is the organization name used in the generation of x509 certs
	Organization = "Red Hat, Inc."
	// Kubernetes System namespace
	KubeSystem = "kube-system"
	// olm managed label
	OLMManagedLabelKey   = "olm.managed"
	OLMManagedLabelValue = "true"
)
View Source
const (
	StrategyErrReasonComponentMissing   = "ComponentMissing"
	StrategyErrReasonAnnotationsMissing = "AnnotationsMissing"
	StrategyErrReasonWaiting            = "Waiting"
	StrategyErrReasonInvalidStrategy    = "InvalidStrategy"
	StrategyErrReasonTimeout            = "Timeout"
	StrategyErrReasonUnknown            = "Unknown"
	StrategyErrBadPatch                 = "PatchUnsuccessful"
	StrategyErrDeploymentUpdated        = "DeploymentUpdated"
	StrategyErrInsufficientPermissions  = "InsufficentPermissions"
)
View Source
const DeploymentSpecHashLabelKey = "olm.deployment-spec-hash"
View Source
const TimedOutReason = "ProgressDeadlineExceeded"
View Source
const WebhookDescKey = "olm.webhook-description-generate-name"
View Source
const WebhookHashKey = "olm.webhook-description-hash"

Variables

This section is empty.

Functions

func AddDefaultCertVolumeAndVolumeMounts

func AddDefaultCertVolumeAndVolumeMounts(depSpec *appsv1.DeploymentSpec, secretName string)

AddDefaultCertVolumeAndVolumeMounts mounts the CA Cert generated by OLM to the location that OLM expects APIService certs to be as well as the location that the Operator-SDK and Kubebuilder expect webhook certs to be.

func AuthDelegatorClusterRoleBindingName added in v0.26.0

func AuthDelegatorClusterRoleBindingName(serviceName string) string

func AuthReaderRoleBindingName added in v0.26.0

func AuthReaderRoleBindingName(serviceName string) string

func CalculateCertExpiration added in v0.22.0

func CalculateCertExpiration(startingFrom time.Time) time.Time

func CalculateCertRotatesAt added in v0.22.0

func CalculateCertRotatesAt(certExpirationTime time.Time) time.Time

func DeploymentStatus

func DeploymentStatus(deployment *appsv1.Deployment) (string, bool, error)

Status returns a message describing deployment status, and a bool value indicating if the status is considered done.

func IsAPIServiceAdoptable

func IsAPIServiceAdoptable(opLister operatorlister.OperatorLister, target *v1alpha1.ClusterServiceVersion, apiService *apiregistrationv1.APIService) (adoptable bool, err error)

func IsAPIServiceAvailable

func IsAPIServiceAvailable(apiService *apiregistrationv1.APIService) bool

func IsErrorUnrecoverable

func IsErrorUnrecoverable(err error) bool

IsErrorUnrecoverable reports if a given strategy error is one of the predefined unrecoverable types

func ReasonForError

func ReasonForError(err error) string

func SecretName

func SecretName(serviceName string) string

func ServiceName

func ServiceName(deploymentName string) string

func SetCAAnnotation added in v0.18.3

func SetCAAnnotation(depSpec *appsv1.DeploymentSpec, caHash string)

func ShouldRotateCerts

func ShouldRotateCerts(csv *v1alpha1.ClusterServiceVersion) bool

Types

type CSVRuleChecker

type CSVRuleChecker struct {
	// contains filtered or unexported fields
}

CSVRuleChecker determines whether a PolicyRule is satisfied for a ServiceAccount by existing Roles and ClusterRoles

func NewCSVRuleChecker

func NewCSVRuleChecker(roleLister crbacv1.RoleLister, roleBindingLister crbacv1.RoleBindingLister, clusterRoleLister crbacv1.ClusterRoleLister, clusterRoleBindingLister crbacv1.ClusterRoleBindingLister, csv *v1alpha1.ClusterServiceVersion) *CSVRuleChecker

NewCSVRuleChecker returns a pointer to a new CSVRuleChecker

func (*CSVRuleChecker) GetClusterRole

func (c *CSVRuleChecker) GetClusterRole(name string) (*rbacv1.ClusterRole, error)

func (*CSVRuleChecker) GetRole

func (c *CSVRuleChecker) GetRole(namespace, name string) (*rbacv1.Role, error)

func (*CSVRuleChecker) ListClusterRoleBindings

func (c *CSVRuleChecker) ListClusterRoleBindings() ([]*rbacv1.ClusterRoleBinding, error)

func (*CSVRuleChecker) ListRoleBindings

func (c *CSVRuleChecker) ListRoleBindings(namespace string) ([]*rbacv1.RoleBinding, error)

func (*CSVRuleChecker) RuleSatisfied

func (c *CSVRuleChecker) RuleSatisfied(sa *corev1.ServiceAccount, namespace string, rule rbacv1.PolicyRule) (bool, error)

RuleSatisfied returns true if a ServiceAccount is authorized to perform all actions described by a PolicyRule in a namespace

type DeploymentInitializerBuilderFunc

type DeploymentInitializerBuilderFunc func(owner ownerutil.Owner) DeploymentInitializerFunc

DeploymentInitializerBuilderFunc returns a DeploymentInitializerFunc based on the given context.

type DeploymentInitializerFunc

type DeploymentInitializerFunc func(deployment *appsv1.Deployment) error

DeploymentInitializerFunc takes a deployment object and appropriately initializes it for install.

Before a deployment is created on the cluster, we can run a series of overrides functions that will properly initialize the deployment object.

type DeploymentInitializerFuncChain

type DeploymentInitializerFuncChain []DeploymentInitializerFunc

DeploymentInitializerFuncChain defines a chain of DeploymentInitializerFunc.

func (DeploymentInitializerFuncChain) Apply

func (c DeploymentInitializerFuncChain) Apply(deployment *appsv1.Deployment) (err error)

Apply runs series of overrides functions that will properly initialize the deployment object.

type NullStrategyInstaller

type NullStrategyInstaller struct{}

func (*NullStrategyInstaller) CertsRotateAt added in v0.22.0

func (i *NullStrategyInstaller) CertsRotateAt() time.Time

func (*NullStrategyInstaller) CertsRotated added in v0.22.0

func (i *NullStrategyInstaller) CertsRotated() bool

func (*NullStrategyInstaller) CheckInstalled

func (i *NullStrategyInstaller) CheckInstalled(s Strategy) (bool, error)

func (*NullStrategyInstaller) Install

func (i *NullStrategyInstaller) Install(s Strategy) error

type RuleChecker

type RuleChecker interface {
	// RuleSatisfied determines whether a PolicyRule is satisfied for a ServiceAccount
	// by existing Roles and ClusterRoles
	RuleSatisfied(sa *corev1.ServiceAccount, namespace string, rule rbacv1.PolicyRule) (bool, error)
}

RuleChecker is used to verify whether PolicyRules are satisfied by existing Roles or ClusterRoles

type Strategy

type Strategy interface {
	GetStrategyName() string
}

type StrategyDeploymentInstaller

type StrategyDeploymentInstaller struct {
	// contains filtered or unexported fields
}

func (*StrategyDeploymentInstaller) CertsRotateAt added in v0.22.0

func (i *StrategyDeploymentInstaller) CertsRotateAt() time.Time

func (*StrategyDeploymentInstaller) CertsRotated added in v0.22.0

func (i *StrategyDeploymentInstaller) CertsRotated() bool

func (*StrategyDeploymentInstaller) CheckInstalled

func (i *StrategyDeploymentInstaller) CheckInstalled(s Strategy) (installed bool, err error)

CheckInstalled can return nil (installed), or errors Errors can indicate: some component missing (keep installing), unable to query (check again later), or unrecoverable (failed in a way we know we can't recover from)

func (*StrategyDeploymentInstaller) Install

type StrategyError

type StrategyError struct {
	Reason  string
	Message string
}

StrategyError is used to represent error types for install strategies

func (StrategyError) Error

func (e StrategyError) Error() string

Error implements the Error interface.

type StrategyInstaller

type StrategyInstaller interface {
	Install(strategy Strategy) error
	CheckInstalled(strategy Strategy) (bool, error)
	CertsRotateAt() time.Time
	CertsRotated() bool
}

func NewStrategyDeploymentInstaller

func NewStrategyDeploymentInstaller(strategyClient wrappers.InstallStrategyDeploymentInterface, templateAnnotations map[string]string, owner ownerutil.Owner, previousStrategy Strategy, initializers DeploymentInitializerFuncChain, apiServiceDescriptions []v1alpha1.APIServiceDescription, webhookDescriptions []v1alpha1.WebhookDescription) StrategyInstaller

type StrategyResolver

type StrategyResolver struct {
	OverridesBuilderFunc DeploymentInitializerBuilderFunc
}

func (*StrategyResolver) InstallerForStrategy

func (r *StrategyResolver) InstallerForStrategy(strategyName string, opClient operatorclient.ClientInterface, opLister operatorlister.OperatorLister, owner ownerutil.Owner, annotations map[string]string, apiServiceDescriptions []v1alpha1.APIServiceDescription, webhookDescriptions []v1alpha1.WebhookDescription, previousStrategy Strategy) StrategyInstaller

func (*StrategyResolver) UnmarshalStrategy

func (r *StrategyResolver) UnmarshalStrategy(s v1alpha1.NamedInstallStrategy) (strategy Strategy, err error)

type StrategyResolverInterface

type StrategyResolverInterface interface {
	UnmarshalStrategy(s v1alpha1.NamedInstallStrategy) (strategy Strategy, err error)
	InstallerForStrategy(strategyName string, opClient operatorclient.ClientInterface, opLister operatorlister.OperatorLister, owner ownerutil.Owner, annotations map[string]string, apiServiceDescriptions []v1alpha1.APIServiceDescription, webhookDescriptions []v1alpha1.WebhookDescription, previousStrategy Strategy) StrategyInstaller
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL