Documentation ¶
Overview ¶
This file contains functions common to the controllers to help them interact with elasticsearch.
Index ¶
- Constants
- Variables
- func AddAPIServerWatch(c ctrlruntime.Controller) error
- func AddCSRWatchWithRelevancyFn(c ctrlruntime.Controller, ...) error
- func AddComplianceWatch(c ctrlruntime.Controller) error
- func AddConfigMapWatch(c ctrlruntime.Controller, name, namespace string, h handler.EventHandler) error
- func AddDeploymentWatch(c ctrlruntime.Controller, name, namespace string) error
- func AddInstallationWatch(c ctrlruntime.Controller) error
- func AddNamespaceWatch(c ctrlruntime.Controller, name string) error
- func AddNamespacedWatch(c ctrlruntime.Controller, obj client.Object, h handler.EventHandler, ...) error
- func AddNodeLocalDNSWatch(c ctrlruntime.Controller) error
- func AddPeriodicReconcile(c ctrlruntime.Controller, period time.Duration, handler handler.EventHandler) error
- func AddSecretWatchWithLabel(c ctrlruntime.Controller, ns, label string) error
- func AddSecretsWatch(c ctrlruntime.Controller, name, namespace string, metaMatches ...MetaMatch) error
- func AddSecretsWatchWithHandler(c ctrlruntime.Controller, name, namespace string, h handler.EventHandler, ...) error
- func AddServiceWatch(c ctrlruntime.Controller, name, namespace string) error
- func AddServiceWatchWithHandler(c ctrlruntime.Controller, name, namespace string, h handler.EventHandler) error
- func AddTigeraStatusWatch(c ctrlruntime.Controller, name string) error
- func AutoDiscoverProvider(ctx context.Context, clientset kubernetes.Interface) (operatorv1.Provider, error)
- func ContextLoggerForResource(log logr.Logger, obj client.Object) logr.Logger
- func ElasticsearchSecrets(ctx context.Context, userSecretNames []string, cli client.Client) ([]*corev1.Secret, error)
- func EnqueueAllTenants(c client.Client) handler.EventHandler
- func FetchLicenseKey(ctx context.Context, cli client.Client) (v3.LicenseKey, error)
- func GetAPIServer(ctx context.Context, client client.Client) (*operatorv1.APIServer, string, error)
- func GetApplicationLayer(ctx context.Context, c client.Client) (*operatorv1.ApplicationLayer, error)
- func GetAuthentication(ctx context.Context, cli client.Client) (*operatorv1.Authentication, error)
- func GetDNSServiceIPs(ctx context.Context, client client.Client, provider operatorv1.Provider) ([]string, error)
- func GetDNSServiceName(provider operatorv1.Provider) types.NamespacedName
- func GetElasticLicenseType(ctx context.Context, cli client.Client, logger logr.Logger) (render.ElasticsearchLicenseType, error)
- func GetElasticsearch(ctx context.Context, c client.Client) (*esv1.Elasticsearch, error)
- func GetElasticsearchClusterConfig(ctx context.Context, cli client.Client) (*relasticsearch.ClusterConfig, error)
- func GetIDPSecret(ctx context.Context, client client.Client, ...) (*corev1.Secret, error)
- func GetInstallation(ctx context.Context, client client.Client) (operatorv1.ProductVariant, *operatorv1.InstallationSpec, error)
- func GetInstallationStatus(ctx context.Context, client client.Client) (*operatorv1.InstallationStatus, error)
- func GetK8sServiceEndPoint(client client.Client) (*corev1.ConfigMap, error)
- func GetKeyValidatorConfig(ctx context.Context, cli client.Client, ...) (rauth.KeyValidatorConfig, error)
- func GetKubeControllerMetricsPort(ctx context.Context, client client.Client) (int, error)
- func GetLogCollector(ctx context.Context, cli client.Client) (*operatorv1.LogCollector, error)
- func GetManagementCluster(ctx context.Context, c client.Client) (*operatorv1.ManagementCluster, error)
- func GetManagementClusterConnection(ctx context.Context, c client.Client) (*operatorv1.ManagementClusterConnection, error)
- func GetNetworkingPullSecrets(i *operatorv1.InstallationSpec, c client.Client) ([]*corev1.Secret, error)
- func GetNonClusterHost(ctx context.Context, cli client.Client) (*operatorv1.NonClusterHost, error)
- func GetPacketCaptureAPI(ctx context.Context, cli client.Client) (*operatorv1.PacketCaptureAPI, error)
- func GetPodEnvVar(spec corev1.PodSpec, name, key string) *string
- func GetSecret(ctx context.Context, client client.Client, name string, ns string) (*corev1.Secret, error)
- func GetTenant(ctx context.Context, mt bool, cli client.Client, ns string) (*operatorv1.Tenant, string, error)
- func IgnoreObject(obj runtime.Object) bool
- func IsAPIServerReady(client client.Client, l logr.Logger) bool
- func IsDexDisabled(authentication *operatorv1.Authentication) bool
- func IsFeatureActive(license v3.LicenseKey, featureName string) bool
- func IsNodeLocalDNSAvailable(ctx context.Context, cli client.Client) (bool, error)
- func LogStorageExists(ctx context.Context, cli client.Client) (bool, error)
- func MonitorConfigMap(cs kubernetes.Interface, name string, data map[string]string) error
- func MultiTenant(ctx context.Context, c kubernetes.Interface) (bool, error)
- func OverrideInstallationSpec(cfg, override operatorv1.InstallationSpec) operatorv1.InstallationSpec
- func PatchFelixConfiguration(ctx context.Context, c client.Client, ...) (*crdv1.FelixConfiguration, error)
- func PopulateK8sServiceEndPoint(client client.Client) error
- func RemoveInstallationFinalizer(i *operatorv1.Installation, finalizer string)
- func RequiresTigeraSecure(cfg *rest.Config) (bool, error)
- func SetInstallationFinalizer(i *operatorv1.Installation, finalizer string)
- func StrToElasticLicenseType(license string, logger logr.Logger) render.ElasticsearchLicenseType
- func TenantNamespaces(ctx context.Context, cli client.Client) ([]string, error)
- func UseExternalElastic(config *corev1.ConfigMap) bool
- func ValidateCertPair(client client.Client, namespace, certPairSecretName, keyName, certName string) (*corev1.Secret, error)
- func ValidateResourceNameIsQualified(name string) error
- func VerifySysctl(pluginData []operatorv1.Sysctl) error
- func WaitToAddLicenseKeyWatch(controller ctrlruntime.Controller, c kubernetes.Interface, log logr.Logger, ...)
- func WaitToAddNetworkPolicyWatches(controller ctrlruntime.Controller, c kubernetes.Interface, log logr.Logger, ...)
- func WaitToAddPolicyRecommendationScopeWatch(controller ctrlruntime.Controller, c kubernetes.Interface, log logr.Logger, ...)
- func WaitToAddResourceWatch(controller ctrlruntime.Controller, c kubernetes.Interface, log logr.Logger, ...)
- func WaitToAddTierWatch(tierName string, controller ctrlruntime.Controller, c kubernetes.Interface, ...)
- type Application
- type CompareResult
- type ComponentHandler
- type ElasticClient
- type ElasticsearchClientCreator
- type MetaMatch
- type NamespaceHelper
- type Policy
- type ReadyFlag
- type Role
- type RoleDefinition
- type RoleIndex
- type User
Constants ¶
const ( ElasticsearchRetentionFactor = 4 DefaultMaxIndexSizeGi = 30 ElasticConnRetries = 10 ElasticConnRetryInterval = "500ms" )
Variables ¶
var ( ElasticsearchUserNameLinseed = "tigera-ee-linseed" ElasticsearchUserNameDashboardInstaller = "tigera-ee-dashboards-installer" )
User's name in ES.
var ( DefaultInstanceKey = client.ObjectKey{Name: "default"} DefaultTSEEInstanceKey = client.ObjectKey{Name: "tigera-secure"} OverlayInstanceKey = client.ObjectKey{Name: "overlay"} PeriodicReconcileTime = 5 * time.Minute // StandardRetry is the amount of time to wait beofre retrying a request in // most scenarios. Retries should be used sparingly, and only in extraordinary // circumstances. Use this as a default when retries are needed. StandardRetry = 30 * time.Second // AllowedSysctlKeys controls the allowed Sysctl keys can be set in Tuning plugin AllowedSysctlKeys = map[string]bool{ "net.ipv4.tcp_keepalive_intvl": true, "net.ipv4.tcp_keepalive_probes": true, "net.ipv4.tcp_keepalive_time": true, } )
Functions ¶
func AddAPIServerWatch ¶
func AddAPIServerWatch(c ctrlruntime.Controller) error
func AddCSRWatchWithRelevancyFn ¶ added in v1.33.0
func AddCSRWatchWithRelevancyFn(c ctrlruntime.Controller, isRelevantFn func(*certificatesv1.CertificateSigningRequest) bool) error
AddCSRWatchWithRelevancyFn adds a watch for CSRs with the given label. isRelevantFn is a function that returns true for items that are relevant to the caller.
func AddComplianceWatch ¶ added in v0.2.1
func AddComplianceWatch(c ctrlruntime.Controller) error
func AddConfigMapWatch ¶ added in v1.0.0
func AddConfigMapWatch(c ctrlruntime.Controller, name, namespace string, h handler.EventHandler) error
func AddDeploymentWatch ¶ added in v1.32.0
func AddDeploymentWatch(c ctrlruntime.Controller, name, namespace string) error
func AddInstallationWatch ¶ added in v1.32.0
func AddInstallationWatch(c ctrlruntime.Controller) error
func AddNamespaceWatch ¶ added in v1.6.0
func AddNamespaceWatch(c ctrlruntime.Controller, name string) error
func AddNamespacedWatch ¶ added in v1.19.0
func AddNamespacedWatch(c ctrlruntime.Controller, obj client.Object, h handler.EventHandler, metaMatches ...MetaMatch) error
AddNamespacedWatch creates a watch on the given object. If a name and namespace are provided, then it will use predicates to only return matching objects. If they are not, then all events of the provided kind will be generated. Updates that do not modify the object's generation (e.g., status and metadata) will be ignored.
func AddNodeLocalDNSWatch ¶ added in v1.30.0
func AddNodeLocalDNSWatch(c ctrlruntime.Controller) error
AddNodeLocalDNSWatch creates a watch on the node-local-dns pods.
func AddPeriodicReconcile ¶ added in v1.28.12
func AddPeriodicReconcile(c ctrlruntime.Controller, period time.Duration, handler handler.EventHandler) error
func AddSecretWatchWithLabel ¶ added in v1.32.0
func AddSecretWatchWithLabel(c ctrlruntime.Controller, ns, label string) error
AddSecretWatchWithLabel adds a secret watch for secrets with the given label in the given namespace. If no namespace is provided, it watches cluster-wide.
func AddSecretsWatch ¶ added in v1.0.0
func AddSecretsWatch(c ctrlruntime.Controller, name, namespace string, metaMatches ...MetaMatch) error
func AddSecretsWatchWithHandler ¶ added in v1.32.0
func AddSecretsWatchWithHandler(c ctrlruntime.Controller, name, namespace string, h handler.EventHandler, metaMatches ...MetaMatch) error
func AddServiceWatch ¶ added in v1.2.0
func AddServiceWatch(c ctrlruntime.Controller, name, namespace string) error
func AddServiceWatchWithHandler ¶ added in v1.32.0
func AddServiceWatchWithHandler(c ctrlruntime.Controller, name, namespace string, h handler.EventHandler) error
func AddTigeraStatusWatch ¶ added in v1.29.0
func AddTigeraStatusWatch(c ctrlruntime.Controller, name string) error
AddTigeraStatusWatch creates a watch on the given object. It uses predicates to only return matching objects.
func AutoDiscoverProvider ¶ added in v1.0.0
func AutoDiscoverProvider(ctx context.Context, clientset kubernetes.Interface) (operatorv1.Provider, error)
func ContextLoggerForResource ¶
ContextLoggerForResource provides a logger instance with context set for the provided object.
func ElasticsearchSecrets ¶ added in v1.0.0
func ElasticsearchSecrets(ctx context.Context, userSecretNames []string, cli client.Client) ([]*corev1.Secret, error)
ElasticsearchSecrets gets the secrets needed for a component to be able to access Elasticsearch.
func EnqueueAllTenants ¶ added in v1.32.0
func EnqueueAllTenants(c client.Client) handler.EventHandler
func FetchLicenseKey ¶ added in v1.16.0
FetchLicenseKey returns the license if it has been installed. It's useful to prevent rollout of TSEE components that might require it. It will return an error if the license is not installed/cannot be read
func GetAPIServer ¶ added in v1.19.0
GetAPIServer finds the correct API server instance and returns a message and error in the case of an error.
func GetApplicationLayer ¶ added in v1.36.0
func GetApplicationLayer(ctx context.Context, c client.Client) (*operatorv1.ApplicationLayer, error)
Return the AplicationLayer CR if present. No error is returned if it was not found.
func GetAuthentication ¶ added in v1.9.0
func GetAuthentication(ctx context.Context, cli client.Client) (*operatorv1.Authentication, error)
GetAuthentication finds the authentication CR in your cluster.
func GetDNSServiceIPs ¶ added in v1.30.6
func GetDNSServiceName ¶ added in v1.32.0
func GetDNSServiceName(provider operatorv1.Provider) types.NamespacedName
GetDNSServiceName returns the name and namespace for the DNS service based on the given provider. This is "kube-dns" for most providers, but varies on OpenShift and RKE2.
func GetElasticLicenseType ¶ added in v1.14.0
func GetElasticLicenseType(ctx context.Context, cli client.Client, logger logr.Logger) (render.ElasticsearchLicenseType, error)
GetElasticLicenseType returns the license type from elastic-licensing ConfigMap that ECK operator keeps updated.
func GetElasticsearch ¶ added in v1.28.11
func GetElasticsearchClusterConfig ¶ added in v1.2.0
func GetElasticsearchClusterConfig(ctx context.Context, cli client.Client) (*relasticsearch.ClusterConfig, error)
GetElasticsearchClusterConfig retrieves the config map containing the elasticsearch configuration values, such as the the cluster name and replica count.
func GetIDPSecret ¶ added in v1.32.0
func GetIDPSecret(ctx context.Context, client client.Client, authentication *operatorv1.Authentication) (*corev1.Secret, error)
GetIDPSecret retrieves the Secret containing sensitive information for the configuration IdP specified in the given operatorv1.Authentication CR.
func GetInstallation ¶ added in v1.19.0
func GetInstallation(ctx context.Context, client client.Client) (operatorv1.ProductVariant, *operatorv1.InstallationSpec, error)
GetInstallation returns the current installation, for use by other controllers. It accounts for overlays and returns the variant according to status.Variant, which is leveraged by other controllers to know when it is safe to launch enterprise-dependent components.
func GetInstallationStatus ¶ added in v1.29.0
func GetInstallationStatus(ctx context.Context, client client.Client) (*operatorv1.InstallationStatus, error)
GetInstallationStatus returns the current installation status, for use by other controllers.
func GetK8sServiceEndPoint ¶ added in v1.17.0
GetK8sServiceEndPoint returns the kubernetes-service-endpoint configmap
func GetKeyValidatorConfig ¶ added in v1.18.0
func GetKeyValidatorConfig(ctx context.Context, cli client.Client, authenticationCR *operatorv1.Authentication, clusterDomain string) (rauth.KeyValidatorConfig, error)
GetKeyValidatorConfig uses the operatorv1.Authentication CR given to create the KeyValidatorConfig. This may be either a DexKeyValidatorConfig or a tigerakvc.KeyValidatorConfig.
func GetKubeControllerMetricsPort ¶ added in v1.30.0
GetKubeControllerMetricsPort fetches kube controller metrics port.
func GetLogCollector ¶ added in v1.21.0
func GetLogCollector(ctx context.Context, cli client.Client) (*operatorv1.LogCollector, error)
func GetManagementCluster ¶ added in v1.9.0
func GetManagementCluster(ctx context.Context, c client.Client) (*operatorv1.ManagementCluster, error)
Return the ManagementCluster CR if present. No error is returned if it was not found.
func GetManagementClusterConnection ¶ added in v1.9.0
func GetManagementClusterConnection(ctx context.Context, c client.Client) (*operatorv1.ManagementClusterConnection, error)
Return the ManagementClusterConnection CR if present. No error is returned if it was not found.
func GetNetworkingPullSecrets ¶
func GetNetworkingPullSecrets(i *operatorv1.InstallationSpec, c client.Client) ([]*corev1.Secret, error)
func GetNonClusterHost ¶ added in v1.36.0
func GetNonClusterHost(ctx context.Context, cli client.Client) (*operatorv1.NonClusterHost, error)
GetNonClusterHost finds the NonClusterHost CR in your cluster.
func GetPacketCaptureAPI ¶ added in v1.34.0
func GetPacketCaptureAPI(ctx context.Context, cli client.Client) (*operatorv1.PacketCaptureAPI, error)
GetPacketCapture finds the PacketCapture CR in your cluster.
func GetPodEnvVar ¶ added in v1.34.0
func GetTenant ¶ added in v1.32.0
func GetTenant(ctx context.Context, mt bool, cli client.Client, ns string) (*operatorv1.Tenant, string, error)
GetTenant returns the Tenant instance in the given namespace.
func IgnoreObject ¶
IgnoreObject returns true if the object has been marked as ignored by the user, and returns false otherwise.
func IsDexDisabled ¶ added in v1.32.0
func IsDexDisabled(authentication *operatorv1.Authentication) bool
func IsFeatureActive ¶ added in v1.16.0
func IsFeatureActive(license v3.LicenseKey, featureName string) bool
IsFeatureActive return true if the feature is listed in LicenseStatusKey
func IsNodeLocalDNSAvailable ¶ added in v1.30.0
func LogStorageExists ¶ added in v1.9.0
func MonitorConfigMap ¶ added in v1.33.0
MonitorConfigMap starts a goroutine which exits if the given configmap's data is changed.
func MultiTenant ¶ added in v1.32.0
func OverrideInstallationSpec ¶ added in v1.19.0
func OverrideInstallationSpec(cfg, override operatorv1.InstallationSpec) operatorv1.InstallationSpec
func PatchFelixConfiguration ¶ added in v1.31.0
func PopulateK8sServiceEndPoint ¶ added in v1.32.0
PopulateK8sServiceEndPoint reads the kubernetes-service-endpoint configmap and pushes KUBERNETES_SERVICE_HOST, KUBERNETES_SERVICE_PORT to calico-node daemonset, typha apiserver deployments
func RemoveInstallationFinalizer ¶ added in v1.34.0
func RemoveInstallationFinalizer(i *operatorv1.Installation, finalizer string)
func RequiresTigeraSecure ¶ added in v1.0.0
RequiresTigeraSecure determines if the configuration requires we start the tigera secure controllers.
func SetInstallationFinalizer ¶ added in v1.34.0
func SetInstallationFinalizer(i *operatorv1.Installation, finalizer string)
func StrToElasticLicenseType ¶ added in v1.14.0
func StrToElasticLicenseType(license string, logger logr.Logger) render.ElasticsearchLicenseType
StrToElasticLicenseType maps Elasticsearch license to one of the known and expected value.
func TenantNamespaces ¶ added in v1.32.0
TenantNamespaces returns all namespaces that contain a tenant.
func UseExternalElastic ¶ added in v1.33.0
UseExternalElastic returns true if this cluster is configured to use an external elasticsearch cluster, and false otherwise.
func ValidateCertPair ¶
func ValidateCertPair(client client.Client, namespace, certPairSecretName, keyName, certName string) (*corev1.Secret, error)
ValidateCertPair checks if the given secret exists in the given namespace and if so that it contains key and cert fields. If an empty string is passed for the keyName argument it is skipped. If a secret exists then it is returned. If there is an error accessing the secret (except NotFound) or the cert does not have both a key and cert field then an appropriate error is returned. If no secret exists then nil, nil is returned to represent that no cert is valid.
func ValidateResourceNameIsQualified ¶ added in v1.28.1
ValidateResourceNameIsQualified returns a compiled list of errors which states which rule the name did not respect. Returns nil if it's a valid name.
func VerifySysctl ¶ added in v1.33.0
func VerifySysctl(pluginData []operatorv1.Sysctl) error
func WaitToAddLicenseKeyWatch ¶ added in v1.16.0
func WaitToAddLicenseKeyWatch(controller ctrlruntime.Controller, c kubernetes.Interface, log logr.Logger, flag *ReadyFlag)
func WaitToAddNetworkPolicyWatches ¶ added in v1.28.0
func WaitToAddNetworkPolicyWatches(controller ctrlruntime.Controller, c kubernetes.Interface, log logr.Logger, policies []types.NamespacedName)
func WaitToAddPolicyRecommendationScopeWatch ¶ added in v1.30.5
func WaitToAddPolicyRecommendationScopeWatch(controller ctrlruntime.Controller, c kubernetes.Interface, log logr.Logger, flag *ReadyFlag)
func WaitToAddResourceWatch ¶ added in v1.22.0
func WaitToAddResourceWatch(controller ctrlruntime.Controller, c kubernetes.Interface, log logr.Logger, flag *ReadyFlag, objs []client.Object)
WaitToAddResourceWatch will check if projectcalico.org APIs are available and if so, it will add a watch for resource The completion of this operation will be signaled on a ready channel
func WaitToAddTierWatch ¶ added in v1.28.0
func WaitToAddTierWatch(tierName string, controller ctrlruntime.Controller, c kubernetes.Interface, log logr.Logger, flag *ReadyFlag)
Types ¶
type Application ¶ added in v1.32.0
type CompareResult ¶ added in v1.19.0
type CompareResult int
const ( Same CompareResult = iota AOnlySet BOnlySet Different )
type ComponentHandler ¶
type ComponentHandler interface {
CreateOrUpdateOrDelete(context.Context, render.Component, status.StatusManager) error
}
func NewComponentHandler ¶
func NewComponentHandler(log logr.Logger, client client.Client, scheme *runtime.Scheme, cr metav1.Object) ComponentHandler
cr is allowed to be nil in the case we don't want to put ownership on a resource, this is useful for CRD management so that they are not removed automatically.
type ElasticClient ¶ added in v1.14.0
type ElasticClient interface { SetILMPolicies(context.Context, *operatorv1.LogStorage) error CreateUser(context.Context, *User) error DeleteUser(context.Context, *User) error GetUsers(ctx context.Context) ([]User, error) }
func NewElasticClient ¶ added in v1.14.0
type ElasticsearchClientCreator ¶ added in v1.14.1
type MetaMatch ¶ added in v1.2.0
type MetaMatch func(metav1.ObjectMeta) bool
type NamespaceHelper ¶ added in v1.32.0
type NamespaceHelper interface { // InstallNamespace returns the namespace that components will be installed into. // for single-tenant clusters, this is generally a well-known namespace of the form tigera-*. // For multi-tenant clusters, this is the tenant's namespace. InstallNamespace() string // TruthNamespace returns the namespace to use as the source of truth for storing data. // For single-tenant installs, this is the tigera-operator namespace. // For multi-tenant installs, this is tenant's namespace. TruthNamespace() string // TenantNamespaces returns all namespaces in the cluster for this component, across all tenants. This is useful when // binding global resources to potentially several different Tenant namespaces. // For single-tenant clusters, this simply returns the InstallNamespace. TenantNamespaces(client.Client) ([]string, error) // Returns whether or not this is a multi-tenant helper. MultiTenant() bool }
func NewNamespaceHelper ¶ added in v1.32.0
func NewNamespaceHelper(mt bool, singleTenantNS, multiTenantNS string) NamespaceHelper
func NewSingleTenantNamespaceHelper ¶ added in v1.32.0
func NewSingleTenantNamespaceHelper(ns string) NamespaceHelper
type ReadyFlag ¶ added in v1.16.0
type ReadyFlag struct {
// contains filtered or unexported fields
}
ReadyFlag is used to synchronize access to a boolean flag flag that can be shared between go routines. The flag can be marked as ready once,as part of a initialization procedure and read multiple times afterwards
func (*ReadyFlag) MarkAsReady ¶ added in v1.16.0
func (r *ReadyFlag) MarkAsReady()
MarkAsReady sets the flag as true
type Role ¶ added in v1.32.0
type Role struct { Name string `json:"-"` Definition *RoleDefinition }
Role represents an Elasticsearch role that may be attached to a User
type RoleDefinition ¶ added in v1.32.0
type RoleDefinition struct { Cluster []string `json:"cluster"` Indices []RoleIndex `json:"indices"` Applications []Application `json:"applications,omitempty"` }
type User ¶ added in v1.32.0
User represents an Elasticsearch user, which may or may not have roles attached to it