utils

package
v1.36.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 26, 2024 License: Apache-2.0 Imports: 59 Imported by: 0

Documentation

Overview

This file contains functions common to the controllers to help them interact with elasticsearch.

Index

Constants

View Source
const (
	ElasticsearchRetentionFactor = 4
	DefaultMaxIndexSizeGi        = 30
	ElasticConnRetries           = 10
	ElasticConnRetryInterval     = "500ms"
)

Variables

View Source
var (
	ElasticsearchUserNameLinseed            = "tigera-ee-linseed"
	ElasticsearchUserNameDashboardInstaller = "tigera-ee-dashboards-installer"
)

User's name in ES.

View Source
var (
	DefaultInstanceKey     = client.ObjectKey{Name: "default"}
	DefaultTSEEInstanceKey = client.ObjectKey{Name: "tigera-secure"}
	OverlayInstanceKey     = client.ObjectKey{Name: "overlay"}

	PeriodicReconcileTime = 5 * time.Minute

	// StandardRetry is the amount of time to wait beofre retrying a request in
	// most scenarios. Retries should be used sparingly, and only in extraordinary
	// circumstances. Use this as a default when retries are needed.
	StandardRetry = 30 * time.Second

	// AllowedSysctlKeys controls the allowed Sysctl keys can be set in Tuning plugin
	AllowedSysctlKeys = map[string]bool{
		"net.ipv4.tcp_keepalive_intvl":  true,
		"net.ipv4.tcp_keepalive_probes": true,
		"net.ipv4.tcp_keepalive_time":   true,
	}
)

Functions

func AddAPIServerWatch

func AddAPIServerWatch(c ctrlruntime.Controller) error

func AddCSRWatchWithRelevancyFn added in v1.33.0

func AddCSRWatchWithRelevancyFn(c ctrlruntime.Controller, isRelevantFn func(*certificatesv1.CertificateSigningRequest) bool) error

AddCSRWatchWithRelevancyFn adds a watch for CSRs with the given label. isRelevantFn is a function that returns true for items that are relevant to the caller.

func AddComplianceWatch added in v0.2.1

func AddComplianceWatch(c ctrlruntime.Controller) error

func AddConfigMapWatch added in v1.0.0

func AddConfigMapWatch(c ctrlruntime.Controller, name, namespace string, h handler.EventHandler) error

func AddDeploymentWatch added in v1.32.0

func AddDeploymentWatch(c ctrlruntime.Controller, name, namespace string) error

func AddInstallationWatch added in v1.32.0

func AddInstallationWatch(c ctrlruntime.Controller) error

func AddNamespaceWatch added in v1.6.0

func AddNamespaceWatch(c ctrlruntime.Controller, name string) error

func AddNamespacedWatch added in v1.19.0

func AddNamespacedWatch(c ctrlruntime.Controller, obj client.Object, h handler.EventHandler, metaMatches ...MetaMatch) error

AddNamespacedWatch creates a watch on the given object. If a name and namespace are provided, then it will use predicates to only return matching objects. If they are not, then all events of the provided kind will be generated. Updates that do not modify the object's generation (e.g., status and metadata) will be ignored.

func AddNodeLocalDNSWatch added in v1.30.0

func AddNodeLocalDNSWatch(c ctrlruntime.Controller) error

AddNodeLocalDNSWatch creates a watch on the node-local-dns pods.

func AddPeriodicReconcile added in v1.28.12

func AddPeriodicReconcile(c ctrlruntime.Controller, period time.Duration, handler handler.EventHandler) error

func AddSecretWatchWithLabel added in v1.32.0

func AddSecretWatchWithLabel(c ctrlruntime.Controller, ns, label string) error

AddSecretWatchWithLabel adds a secret watch for secrets with the given label in the given namespace. If no namespace is provided, it watches cluster-wide.

func AddSecretsWatch added in v1.0.0

func AddSecretsWatch(c ctrlruntime.Controller, name, namespace string, metaMatches ...MetaMatch) error

func AddSecretsWatchWithHandler added in v1.32.0

func AddSecretsWatchWithHandler(c ctrlruntime.Controller, name, namespace string, h handler.EventHandler, metaMatches ...MetaMatch) error

func AddServiceWatch added in v1.2.0

func AddServiceWatch(c ctrlruntime.Controller, name, namespace string) error

func AddServiceWatchWithHandler added in v1.32.0

func AddServiceWatchWithHandler(c ctrlruntime.Controller, name, namespace string, h handler.EventHandler) error

func AddTigeraStatusWatch added in v1.29.0

func AddTigeraStatusWatch(c ctrlruntime.Controller, name string) error

AddTigeraStatusWatch creates a watch on the given object. It uses predicates to only return matching objects.

func AutoDiscoverProvider added in v1.0.0

func AutoDiscoverProvider(ctx context.Context, clientset kubernetes.Interface) (operatorv1.Provider, error)

func ContextLoggerForResource

func ContextLoggerForResource(log logr.Logger, obj client.Object) logr.Logger

ContextLoggerForResource provides a logger instance with context set for the provided object.

func ElasticsearchSecrets added in v1.0.0

func ElasticsearchSecrets(ctx context.Context, userSecretNames []string, cli client.Client) ([]*corev1.Secret, error)

ElasticsearchSecrets gets the secrets needed for a component to be able to access Elasticsearch.

func EnqueueAllTenants added in v1.32.0

func EnqueueAllTenants(c client.Client) handler.EventHandler

func FetchLicenseKey added in v1.16.0

func FetchLicenseKey(ctx context.Context, cli client.Client) (v3.LicenseKey, error)

FetchLicenseKey returns the license if it has been installed. It's useful to prevent rollout of TSEE components that might require it. It will return an error if the license is not installed/cannot be read

func GetAPIServer added in v1.19.0

func GetAPIServer(ctx context.Context, client client.Client) (*operatorv1.APIServer, string, error)

GetAPIServer finds the correct API server instance and returns a message and error in the case of an error.

func GetApplicationLayer added in v1.36.0

func GetApplicationLayer(ctx context.Context, c client.Client) (*operatorv1.ApplicationLayer, error)

Return the AplicationLayer CR if present. No error is returned if it was not found.

func GetAuthentication added in v1.9.0

func GetAuthentication(ctx context.Context, cli client.Client) (*operatorv1.Authentication, error)

GetAuthentication finds the authentication CR in your cluster.

func GetDNSServiceIPs added in v1.30.6

func GetDNSServiceIPs(ctx context.Context, client client.Client, provider operatorv1.Provider) ([]string, error)

func GetDNSServiceName added in v1.32.0

func GetDNSServiceName(provider operatorv1.Provider) types.NamespacedName

GetDNSServiceName returns the name and namespace for the DNS service based on the given provider. This is "kube-dns" for most providers, but varies on OpenShift and RKE2.

func GetElasticLicenseType added in v1.14.0

func GetElasticLicenseType(ctx context.Context, cli client.Client, logger logr.Logger) (render.ElasticsearchLicenseType, error)

GetElasticLicenseType returns the license type from elastic-licensing ConfigMap that ECK operator keeps updated.

func GetElasticsearch added in v1.28.11

func GetElasticsearch(ctx context.Context, c client.Client) (*esv1.Elasticsearch, error)

func GetElasticsearchClusterConfig added in v1.2.0

func GetElasticsearchClusterConfig(ctx context.Context, cli client.Client) (*relasticsearch.ClusterConfig, error)

GetElasticsearchClusterConfig retrieves the config map containing the elasticsearch configuration values, such as the the cluster name and replica count.

func GetIDPSecret added in v1.32.0

func GetIDPSecret(ctx context.Context, client client.Client, authentication *operatorv1.Authentication) (*corev1.Secret, error)

GetIDPSecret retrieves the Secret containing sensitive information for the configuration IdP specified in the given operatorv1.Authentication CR.

func GetInstallation added in v1.19.0

GetInstallation returns the current installation, for use by other controllers. It accounts for overlays and returns the variant according to status.Variant, which is leveraged by other controllers to know when it is safe to launch enterprise-dependent components.

func GetInstallationStatus added in v1.29.0

func GetInstallationStatus(ctx context.Context, client client.Client) (*operatorv1.InstallationStatus, error)

GetInstallationStatus returns the current installation status, for use by other controllers.

func GetK8sServiceEndPoint added in v1.17.0

func GetK8sServiceEndPoint(client client.Client) (*corev1.ConfigMap, error)

GetK8sServiceEndPoint returns the kubernetes-service-endpoint configmap

func GetKeyValidatorConfig added in v1.18.0

func GetKeyValidatorConfig(ctx context.Context, cli client.Client, authenticationCR *operatorv1.Authentication, clusterDomain string) (rauth.KeyValidatorConfig, error)

GetKeyValidatorConfig uses the operatorv1.Authentication CR given to create the KeyValidatorConfig. This may be either a DexKeyValidatorConfig or a tigerakvc.KeyValidatorConfig.

func GetKubeControllerMetricsPort added in v1.30.0

func GetKubeControllerMetricsPort(ctx context.Context, client client.Client) (int, error)

GetKubeControllerMetricsPort fetches kube controller metrics port.

func GetLogCollector added in v1.21.0

func GetLogCollector(ctx context.Context, cli client.Client) (*operatorv1.LogCollector, error)

func GetManagementCluster added in v1.9.0

func GetManagementCluster(ctx context.Context, c client.Client) (*operatorv1.ManagementCluster, error)

Return the ManagementCluster CR if present. No error is returned if it was not found.

func GetManagementClusterConnection added in v1.9.0

func GetManagementClusterConnection(ctx context.Context, c client.Client) (*operatorv1.ManagementClusterConnection, error)

Return the ManagementClusterConnection CR if present. No error is returned if it was not found.

func GetNetworkingPullSecrets

func GetNetworkingPullSecrets(i *operatorv1.InstallationSpec, c client.Client) ([]*corev1.Secret, error)

func GetNonClusterHost added in v1.36.0

func GetNonClusterHost(ctx context.Context, cli client.Client) (*operatorv1.NonClusterHost, error)

GetNonClusterHost finds the NonClusterHost CR in your cluster.

func GetPacketCaptureAPI added in v1.34.0

func GetPacketCaptureAPI(ctx context.Context, cli client.Client) (*operatorv1.PacketCaptureAPI, error)

GetPacketCapture finds the PacketCapture CR in your cluster.

func GetPodEnvVar added in v1.34.0

func GetPodEnvVar(spec corev1.PodSpec, name, key string) *string

func GetSecret added in v1.14.0

func GetSecret(ctx context.Context, client client.Client, name string, ns string) (*corev1.Secret, error)

func GetTenant added in v1.32.0

func GetTenant(ctx context.Context, mt bool, cli client.Client, ns string) (*operatorv1.Tenant, string, error)

GetTenant returns the Tenant instance in the given namespace.

func IgnoreObject

func IgnoreObject(obj runtime.Object) bool

IgnoreObject returns true if the object has been marked as ignored by the user, and returns false otherwise.

func IsAPIServerReady

func IsAPIServerReady(client client.Client, l logr.Logger) bool

func IsDexDisabled added in v1.32.0

func IsDexDisabled(authentication *operatorv1.Authentication) bool

func IsFeatureActive added in v1.16.0

func IsFeatureActive(license v3.LicenseKey, featureName string) bool

IsFeatureActive return true if the feature is listed in LicenseStatusKey

func IsNodeLocalDNSAvailable added in v1.30.0

func IsNodeLocalDNSAvailable(ctx context.Context, cli client.Client) (bool, error)

func LogStorageExists added in v1.9.0

func LogStorageExists(ctx context.Context, cli client.Client) (bool, error)

func MonitorConfigMap added in v1.33.0

func MonitorConfigMap(cs kubernetes.Interface, name string, data map[string]string) error

MonitorConfigMap starts a goroutine which exits if the given configmap's data is changed.

func MultiTenant added in v1.32.0

func MultiTenant(ctx context.Context, c kubernetes.Interface) (bool, error)

func OverrideInstallationSpec added in v1.19.0

func OverrideInstallationSpec(cfg, override operatorv1.InstallationSpec) operatorv1.InstallationSpec

func PatchFelixConfiguration added in v1.31.0

func PatchFelixConfiguration(ctx context.Context, c client.Client, patchFn func(fc *crdv1.FelixConfiguration) (bool, error)) (*crdv1.FelixConfiguration, error)

func PopulateK8sServiceEndPoint added in v1.32.0

func PopulateK8sServiceEndPoint(client client.Client) error

PopulateK8sServiceEndPoint reads the kubernetes-service-endpoint configmap and pushes KUBERNETES_SERVICE_HOST, KUBERNETES_SERVICE_PORT to calico-node daemonset, typha apiserver deployments

func RemoveInstallationFinalizer added in v1.34.0

func RemoveInstallationFinalizer(i *operatorv1.Installation, finalizer string)

func RequiresTigeraSecure added in v1.0.0

func RequiresTigeraSecure(cfg *rest.Config) (bool, error)

RequiresTigeraSecure determines if the configuration requires we start the tigera secure controllers.

func SetInstallationFinalizer added in v1.34.0

func SetInstallationFinalizer(i *operatorv1.Installation, finalizer string)

func StrToElasticLicenseType added in v1.14.0

func StrToElasticLicenseType(license string, logger logr.Logger) render.ElasticsearchLicenseType

StrToElasticLicenseType maps Elasticsearch license to one of the known and expected value.

func TenantNamespaces added in v1.32.0

func TenantNamespaces(ctx context.Context, cli client.Client) ([]string, error)

TenantNamespaces returns all namespaces that contain a tenant.

func UseExternalElastic added in v1.33.0

func UseExternalElastic(config *corev1.ConfigMap) bool

UseExternalElastic returns true if this cluster is configured to use an external elasticsearch cluster, and false otherwise.

func ValidateCertPair

func ValidateCertPair(client client.Client, namespace, certPairSecretName, keyName, certName string) (*corev1.Secret, error)

ValidateCertPair checks if the given secret exists in the given namespace and if so that it contains key and cert fields. If an empty string is passed for the keyName argument it is skipped. If a secret exists then it is returned. If there is an error accessing the secret (except NotFound) or the cert does not have both a key and cert field then an appropriate error is returned. If no secret exists then nil, nil is returned to represent that no cert is valid.

func ValidateResourceNameIsQualified added in v1.28.1

func ValidateResourceNameIsQualified(name string) error

ValidateResourceNameIsQualified returns a compiled list of errors which states which rule the name did not respect. Returns nil if it's a valid name.

func VerifySysctl added in v1.33.0

func VerifySysctl(pluginData []operatorv1.Sysctl) error

func WaitToAddLicenseKeyWatch added in v1.16.0

func WaitToAddLicenseKeyWatch(controller ctrlruntime.Controller, c kubernetes.Interface, log logr.Logger, flag *ReadyFlag)

func WaitToAddNetworkPolicyWatches added in v1.28.0

func WaitToAddNetworkPolicyWatches(controller ctrlruntime.Controller, c kubernetes.Interface, log logr.Logger, policies []types.NamespacedName)

func WaitToAddPolicyRecommendationScopeWatch added in v1.30.5

func WaitToAddPolicyRecommendationScopeWatch(controller ctrlruntime.Controller, c kubernetes.Interface, log logr.Logger, flag *ReadyFlag)

func WaitToAddResourceWatch added in v1.22.0

func WaitToAddResourceWatch(controller ctrlruntime.Controller, c kubernetes.Interface, log logr.Logger, flag *ReadyFlag, objs []client.Object)

WaitToAddResourceWatch will check if projectcalico.org APIs are available and if so, it will add a watch for resource The completion of this operation will be signaled on a ready channel

func WaitToAddTierWatch added in v1.28.0

func WaitToAddTierWatch(tierName string, controller ctrlruntime.Controller, c kubernetes.Interface, log logr.Logger, flag *ReadyFlag)

Types

type Application added in v1.32.0

type Application struct {
	Application string   `json:"application"`
	Privileges  []string `json:"privileges"`
	Resources   []string `json:"resources"`
}

type CompareResult added in v1.19.0

type CompareResult int
const (
	Same CompareResult = iota
	AOnlySet
	BOnlySet
	Different
)

type ComponentHandler

type ComponentHandler interface {
	CreateOrUpdateOrDelete(context.Context, render.Component, status.StatusManager) error
}

func NewComponentHandler

func NewComponentHandler(log logr.Logger, client client.Client, scheme *runtime.Scheme, cr metav1.Object) ComponentHandler

cr is allowed to be nil in the case we don't want to put ownership on a resource, this is useful for CRD management so that they are not removed automatically.

type ElasticClient added in v1.14.0

type ElasticClient interface {
	SetILMPolicies(context.Context, *operatorv1.LogStorage) error
	CreateUser(context.Context, *User) error
	DeleteUser(context.Context, *User) error
	GetUsers(ctx context.Context) ([]User, error)
}

func NewElasticClient added in v1.14.0

func NewElasticClient(client client.Client, ctx context.Context, elasticHTTPSEndpoint string, external bool) (ElasticClient, error)

type ElasticsearchClientCreator added in v1.14.1

type ElasticsearchClientCreator func(client client.Client, ctx context.Context, elasticHTTPSEndpoint string, external bool) (ElasticClient, error)

type MetaMatch added in v1.2.0

type MetaMatch func(metav1.ObjectMeta) bool

type NamespaceHelper added in v1.32.0

type NamespaceHelper interface {
	// InstallNamespace returns the namespace that components will be installed into.
	// for single-tenant clusters, this is generally a well-known namespace of the form tigera-*.
	// For multi-tenant clusters, this is the tenant's namespace.
	InstallNamespace() string

	// TruthNamespace returns the namespace to use as the source of truth for storing data.
	// For single-tenant installs, this is the tigera-operator namespace.
	// For multi-tenant installs, this is tenant's namespace.
	TruthNamespace() string

	// TenantNamespaces returns all namespaces in the cluster for this component, across all tenants. This is useful when
	// binding global resources to potentially several different Tenant namespaces.
	// For single-tenant clusters, this simply returns the InstallNamespace.
	TenantNamespaces(client.Client) ([]string, error)

	// Returns whether or not this is a multi-tenant helper.
	MultiTenant() bool
}

func NewNamespaceHelper added in v1.32.0

func NewNamespaceHelper(mt bool, singleTenantNS, multiTenantNS string) NamespaceHelper

func NewSingleTenantNamespaceHelper added in v1.32.0

func NewSingleTenantNamespaceHelper(ns string) NamespaceHelper

type Policy added in v1.14.0

type Policy struct {
	Phases struct {
		Hot struct {
			Actions struct {
				Rollover struct {
					MaxSize string `json:"max_size"`
					MaxAge  string `json:"max_age"`
				}
			}
		}
		Warm struct {
			Actions struct {
				Readonly *struct{} `json:"readonly,omitempty"`
			}
		}
		Delete struct {
			MinAge string `json:"min_age"`
		}
	}
}

type ReadyFlag added in v1.16.0

type ReadyFlag struct {
	// contains filtered or unexported fields
}

ReadyFlag is used to synchronize access to a boolean flag flag that can be shared between go routines. The flag can be marked as ready once,as part of a initialization procedure and read multiple times afterwards

func (*ReadyFlag) IsReady added in v1.16.0

func (r *ReadyFlag) IsReady() bool

IsReady returns true if was marked as ready

func (*ReadyFlag) MarkAsReady added in v1.16.0

func (r *ReadyFlag) MarkAsReady()

MarkAsReady sets the flag as true

type Role added in v1.32.0

type Role struct {
	Name       string `json:"-"`
	Definition *RoleDefinition
}

Role represents an Elasticsearch role that may be attached to a User

type RoleDefinition added in v1.32.0

type RoleDefinition struct {
	Cluster      []string      `json:"cluster"`
	Indices      []RoleIndex   `json:"indices"`
	Applications []Application `json:"applications,omitempty"`
}

type RoleIndex added in v1.32.0

type RoleIndex struct {
	Names      []string `json:"names"`
	Privileges []string `json:"privileges"`
}

type User added in v1.32.0

type User struct {
	Username string
	Password string
	Roles    []Role
}

User represents an Elasticsearch user, which may or may not have roles attached to it

func DashboardUser added in v1.34.0

func DashboardUser(clusterID, tenant string) *User

func LinseedUser added in v1.32.0

func LinseedUser(clusterID, tenant string) *User

func (User) RoleNames added in v1.32.0

func (u User) RoleNames() []string

RoleNames is a convenience function for getting the names of all the roles defined for this Elasticsearch user

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL