Documentation ¶
Index ¶
- Constants
- func AddDefaultCertVolumeAndVolumeMounts(depSpec *appsv1.DeploymentSpec, secretName string)
- func AuthDelegatorClusterRoleBindingName(serviceName string) string
- func AuthReaderRoleBindingName(serviceName string) string
- func CalculateCertExpiration(startingFrom time.Time) time.Time
- func CalculateCertRotatesAt(certExpirationTime time.Time) time.Time
- func DeploymentStatus(deployment *appsv1.Deployment) (string, bool, error)
- func IsAPIServiceAdoptable(opLister operatorlister.OperatorLister, target *v1alpha1.ClusterServiceVersion, ...) (adoptable bool, err error)
- func IsAPIServiceAvailable(apiService *apiregistrationv1.APIService) bool
- func IsErrorUnrecoverable(err error) bool
- func ReasonForError(err error) string
- func SecretName(serviceName string) string
- func ServiceName(deploymentName string) string
- func SetCAAnnotation(depSpec *appsv1.DeploymentSpec, caHash string)
- func ShouldRotateCerts(csv *v1alpha1.ClusterServiceVersion) bool
- func ValidWebhookRules(rules []admissionregistrationv1.RuleWithOperations) error
- type CSVRuleChecker
- func (c *CSVRuleChecker) GetClusterRole(name string) (*rbacv1.ClusterRole, error)
- func (c *CSVRuleChecker) GetRole(namespace, name string) (*rbacv1.Role, error)
- func (c *CSVRuleChecker) ListClusterRoleBindings() ([]*rbacv1.ClusterRoleBinding, error)
- func (c *CSVRuleChecker) ListRoleBindings(namespace string) ([]*rbacv1.RoleBinding, error)
- func (c *CSVRuleChecker) RuleSatisfied(sa *corev1.ServiceAccount, namespace string, rule rbacv1.PolicyRule) (bool, error)
- type DeploymentInitializerBuilderFunc
- type DeploymentInitializerFunc
- type DeploymentInitializerFuncChain
- type NullStrategyInstaller
- type RuleChecker
- type Strategy
- type StrategyDeploymentInstaller
- type StrategyError
- type StrategyInstaller
- type StrategyResolver
- type StrategyResolverInterface
Constants ¶
const ( // DefaultCertMinFresh is the default min-fresh value - 1 day DefaultCertMinFresh = time.Hour * 24 // DefaultCertValidFor is the default duration a cert can be valid for - 2 years DefaultCertValidFor = time.Hour * 24 * 730 // OLMCAPEMKey is the CAPEM OLMCAPEMKey = "olmCAKey" // OLMCAHashAnnotationKey is the label key used to store the hash of the CA cert OLMCAHashAnnotationKey = "olmcahash" // Organization is the organization name used in the generation of x509 certs Organization = "Red Hat, Inc." // Kubernetes System namespace KubeSystem = "kube-system" // olm managed label OLMManagedLabelKey = "olm.managed" OLMManagedLabelValue = "true" )
const ( StrategyErrReasonComponentMissing = "ComponentMissing" StrategyErrReasonAnnotationsMissing = "AnnotationsMissing" StrategyErrReasonWaiting = "Waiting" StrategyErrReasonInvalidStrategy = "InvalidStrategy" StrategyErrReasonTimeout = "Timeout" StrategyErrReasonUnknown = "Unknown" StrategyErrBadPatch = "PatchUnsuccessful" StrategyErrDeploymentUpdated = "DeploymentUpdated" StrategyErrInsufficientPermissions = "InsufficentPermissions" )
const DeploymentSpecHashLabelKey = "olm.deployment-spec-hash"
const TimedOutReason = "ProgressDeadlineExceeded"
const WebhookDescKey = "olm.webhook-description-generate-name"
const WebhookHashKey = "olm.webhook-description-hash"
Variables ¶
This section is empty.
Functions ¶
func AddDefaultCertVolumeAndVolumeMounts ¶
func AddDefaultCertVolumeAndVolumeMounts(depSpec *appsv1.DeploymentSpec, secretName string)
AddDefaultCertVolumeAndVolumeMounts mounts the CA Cert generated by OLM to the location that OLM expects APIService certs to be as well as the location that the Operator-SDK and Kubebuilder expect webhook certs to be.
func AuthDelegatorClusterRoleBindingName ¶ added in v0.26.0
func AuthReaderRoleBindingName ¶ added in v0.26.0
func CalculateCertExpiration ¶ added in v0.22.0
func CalculateCertRotatesAt ¶ added in v0.22.0
func DeploymentStatus ¶
func DeploymentStatus(deployment *appsv1.Deployment) (string, bool, error)
Status returns a message describing deployment status, and a bool value indicating if the status is considered done.
func IsAPIServiceAdoptable ¶
func IsAPIServiceAdoptable(opLister operatorlister.OperatorLister, target *v1alpha1.ClusterServiceVersion, apiService *apiregistrationv1.APIService) (adoptable bool, err error)
func IsAPIServiceAvailable ¶
func IsAPIServiceAvailable(apiService *apiregistrationv1.APIService) bool
func IsErrorUnrecoverable ¶
IsErrorUnrecoverable reports if a given strategy error is one of the predefined unrecoverable types
func ReasonForError ¶
func SecretName ¶
func ServiceName ¶
func SetCAAnnotation ¶ added in v0.18.3
func SetCAAnnotation(depSpec *appsv1.DeploymentSpec, caHash string)
func ShouldRotateCerts ¶
func ShouldRotateCerts(csv *v1alpha1.ClusterServiceVersion) bool
func ValidWebhookRules ¶
func ValidWebhookRules(rules []admissionregistrationv1.RuleWithOperations) error
Types ¶
type CSVRuleChecker ¶
type CSVRuleChecker struct {
// contains filtered or unexported fields
}
CSVRuleChecker determines whether a PolicyRule is satisfied for a ServiceAccount by existing Roles and ClusterRoles
func NewCSVRuleChecker ¶
func NewCSVRuleChecker(roleLister crbacv1.RoleLister, roleBindingLister crbacv1.RoleBindingLister, clusterRoleLister crbacv1.ClusterRoleLister, clusterRoleBindingLister crbacv1.ClusterRoleBindingLister, csv *v1alpha1.ClusterServiceVersion) *CSVRuleChecker
NewCSVRuleChecker returns a pointer to a new CSVRuleChecker
func (*CSVRuleChecker) GetClusterRole ¶
func (c *CSVRuleChecker) GetClusterRole(name string) (*rbacv1.ClusterRole, error)
func (*CSVRuleChecker) GetRole ¶
func (c *CSVRuleChecker) GetRole(namespace, name string) (*rbacv1.Role, error)
func (*CSVRuleChecker) ListClusterRoleBindings ¶
func (c *CSVRuleChecker) ListClusterRoleBindings() ([]*rbacv1.ClusterRoleBinding, error)
func (*CSVRuleChecker) ListRoleBindings ¶
func (c *CSVRuleChecker) ListRoleBindings(namespace string) ([]*rbacv1.RoleBinding, error)
func (*CSVRuleChecker) RuleSatisfied ¶
func (c *CSVRuleChecker) RuleSatisfied(sa *corev1.ServiceAccount, namespace string, rule rbacv1.PolicyRule) (bool, error)
RuleSatisfied returns true if a ServiceAccount is authorized to perform all actions described by a PolicyRule in a namespace
type DeploymentInitializerBuilderFunc ¶
type DeploymentInitializerBuilderFunc func(owner ownerutil.Owner) DeploymentInitializerFunc
DeploymentInitializerBuilderFunc returns a DeploymentInitializerFunc based on the given context.
type DeploymentInitializerFunc ¶
type DeploymentInitializerFunc func(deployment *appsv1.Deployment) error
DeploymentInitializerFunc takes a deployment object and appropriately initializes it for install.
Before a deployment is created on the cluster, we can run a series of overrides functions that will properly initialize the deployment object.
type DeploymentInitializerFuncChain ¶
type DeploymentInitializerFuncChain []DeploymentInitializerFunc
DeploymentInitializerFuncChain defines a chain of DeploymentInitializerFunc.
func (DeploymentInitializerFuncChain) Apply ¶
func (c DeploymentInitializerFuncChain) Apply(deployment *appsv1.Deployment) (err error)
Apply runs series of overrides functions that will properly initialize the deployment object.
type NullStrategyInstaller ¶
type NullStrategyInstaller struct{}
func (*NullStrategyInstaller) CertsRotateAt ¶ added in v0.22.0
func (i *NullStrategyInstaller) CertsRotateAt() time.Time
func (*NullStrategyInstaller) CertsRotated ¶ added in v0.22.0
func (i *NullStrategyInstaller) CertsRotated() bool
func (*NullStrategyInstaller) CheckInstalled ¶
func (i *NullStrategyInstaller) CheckInstalled(s Strategy) (bool, error)
func (*NullStrategyInstaller) Install ¶
func (i *NullStrategyInstaller) Install(s Strategy) error
type RuleChecker ¶
type RuleChecker interface { // RuleSatisfied determines whether a PolicyRule is satisfied for a ServiceAccount // by existing Roles and ClusterRoles RuleSatisfied(sa *corev1.ServiceAccount, namespace string, rule rbacv1.PolicyRule) (bool, error) }
RuleChecker is used to verify whether PolicyRules are satisfied by existing Roles or ClusterRoles
type StrategyDeploymentInstaller ¶
type StrategyDeploymentInstaller struct {
// contains filtered or unexported fields
}
func (*StrategyDeploymentInstaller) CertsRotateAt ¶ added in v0.22.0
func (i *StrategyDeploymentInstaller) CertsRotateAt() time.Time
func (*StrategyDeploymentInstaller) CertsRotated ¶ added in v0.22.0
func (i *StrategyDeploymentInstaller) CertsRotated() bool
func (*StrategyDeploymentInstaller) CheckInstalled ¶
func (i *StrategyDeploymentInstaller) CheckInstalled(s Strategy) (installed bool, err error)
CheckInstalled can return nil (installed), or errors Errors can indicate: some component missing (keep installing), unable to query (check again later), or unrecoverable (failed in a way we know we can't recover from)
func (*StrategyDeploymentInstaller) Install ¶
func (i *StrategyDeploymentInstaller) Install(s Strategy) error
type StrategyError ¶
StrategyError is used to represent error types for install strategies
func (StrategyError) Error ¶
func (e StrategyError) Error() string
Error implements the Error interface.
type StrategyInstaller ¶
type StrategyInstaller interface { Install(strategy Strategy) error CheckInstalled(strategy Strategy) (bool, error) CertsRotateAt() time.Time CertsRotated() bool }
func NewStrategyDeploymentInstaller ¶
func NewStrategyDeploymentInstaller(strategyClient wrappers.InstallStrategyDeploymentInterface, templateAnnotations map[string]string, owner ownerutil.Owner, previousStrategy Strategy, initializers DeploymentInitializerFuncChain, apiServiceDescriptions []v1alpha1.APIServiceDescription, webhookDescriptions []v1alpha1.WebhookDescription) StrategyInstaller
type StrategyResolver ¶
type StrategyResolver struct {
OverridesBuilderFunc DeploymentInitializerBuilderFunc
}
func (*StrategyResolver) InstallerForStrategy ¶
func (r *StrategyResolver) InstallerForStrategy(strategyName string, opClient operatorclient.ClientInterface, opLister operatorlister.OperatorLister, owner ownerutil.Owner, annotations map[string]string, apiServiceDescriptions []v1alpha1.APIServiceDescription, webhookDescriptions []v1alpha1.WebhookDescription, previousStrategy Strategy) StrategyInstaller
func (*StrategyResolver) UnmarshalStrategy ¶
func (r *StrategyResolver) UnmarshalStrategy(s v1alpha1.NamedInstallStrategy) (strategy Strategy, err error)
type StrategyResolverInterface ¶
type StrategyResolverInterface interface { UnmarshalStrategy(s v1alpha1.NamedInstallStrategy) (strategy Strategy, err error) InstallerForStrategy(strategyName string, opClient operatorclient.ClientInterface, opLister operatorlister.OperatorLister, owner ownerutil.Owner, annotations map[string]string, apiServiceDescriptions []v1alpha1.APIServiceDescription, webhookDescriptions []v1alpha1.WebhookDescription, previousStrategy Strategy) StrategyInstaller }