Documentation ¶
Overview ¶
This file contains functions common to the controllers to help them interact with elasticsearch.
Index ¶
- Constants
- Variables
- func AddAPIServerWatch(c controller.Controller) error
- func AddComplianceWatch(c controller.Controller) error
- func AddConfigMapWatch(c controller.Controller, name, namespace string) error
- func AddNamespaceWatch(c controller.Controller, name string) error
- func AddNamespacedWatch(c controller.Controller, obj client.Object, metaMatches ...MetaMatch) error
- func AddNetworkWatch(c controller.Controller) error
- func AddNodeLocalDNSWatch(c controller.Controller) error
- func AddPeriodicReconcile(c controller.Controller, period time.Duration) error
- func AddSecretsWatch(c controller.Controller, name, namespace string, metaMatches ...MetaMatch) error
- func AddServiceWatch(c controller.Controller, name, namespace string) error
- func AddTigeraStatusWatch(c controller.Controller, name string) error
- func AutoDiscoverProvider(ctx context.Context, clientset kubernetes.Interface) (operatorv1.Provider, error)
- func ContextLoggerForResource(log logr.Logger, obj client.Object) logr.Logger
- func DeleteAllowTigeraTierAndExpectWait(ctx context.Context, c client.Client, r reconcile.Reconciler, ...)
- func ElasticsearchSecrets(ctx context.Context, userSecretNames []string, cli client.Client) ([]*corev1.Secret, error)
- func ExpectWaitForTierWatch(ctx context.Context, r reconcile.Reconciler, mockStatus *status.MockStatus)
- func FetchLicenseKey(ctx context.Context, cli client.Client) (v3.LicenseKey, error)
- func GetAPIServer(ctx context.Context, client client.Client) (*operatorv1.APIServer, string, error)
- func GetAmazonCloudIntegration(ctx context.Context, client client.Client) (*operatorv1.AmazonCloudIntegration, error)
- func GetAuthentication(ctx context.Context, cli client.Client) (*operatorv1.Authentication, error)
- func GetElasticLicenseType(ctx context.Context, cli client.Client, logger logr.Logger) (render.ElasticsearchLicenseType, error)
- func GetElasticsearch(ctx context.Context, c client.Client) (*esv1.Elasticsearch, error)
- func GetElasticsearchClusterConfig(ctx context.Context, cli client.Client) (*relasticsearch.ClusterConfig, error)
- func GetIdpSecret(ctx context.Context, client client.Client, ...) (*corev1.Secret, error)
- func GetInstallation(ctx context.Context, client client.Client) (operatorv1.ProductVariant, *operatorv1.InstallationSpec, error)
- func GetInstallationStatus(ctx context.Context, client client.Client) (*operatorv1.InstallationStatus, error)
- func GetK8sServiceEndPoint(client client.Client) error
- func GetKeyValidatorConfig(ctx context.Context, cli client.Client, ...) (rauth.KeyValidatorConfig, error)
- func GetKubeControllerMetricsPort(ctx context.Context, client client.Client) (int, error)
- func GetLogCollector(ctx context.Context, cli client.Client) (*operatorv1.LogCollector, error)
- func GetManagementCluster(ctx context.Context, c client.Client) (*operatorv1.ManagementCluster, error)
- func GetManagementClusterConnection(ctx context.Context, c client.Client) (*operatorv1.ManagementClusterConnection, error)
- func GetNetworkingPullSecrets(i *operatorv1.InstallationSpec, c client.Client) ([]*corev1.Secret, error)
- func GetSecret(ctx context.Context, client client.Client, name string, ns string) (*corev1.Secret, error)
- func IgnoreObject(obj runtime.Object) bool
- func IsAPIServerReady(client client.Client, l logr.Logger) bool
- func IsFeatureActive(license v3.LicenseKey, featureName string) bool
- func IsNodeLocalDNSAvailable(ctx context.Context, cli client.Client) (bool, error)
- func LogStorageExists(ctx context.Context, cli client.Client) (bool, error)
- func OverrideInstallationSpec(cfg, override operatorv1.InstallationSpec) operatorv1.InstallationSpec
- func RequiresAmazonController(cfg *rest.Config) (bool, error)
- func RequiresTigeraSecure(cfg *rest.Config) (bool, error)
- func StrToElasticLicenseType(license string, logger logr.Logger) render.ElasticsearchLicenseType
- func SupportsPodSecurityPolicies(c kubernetes.Interface) (bool, error)
- func ValidateCertPair(client client.Client, namespace, certPairSecretName, keyName, certName string) (*corev1.Secret, error)
- func ValidateResourceNameIsQualified(name string) error
- func WaitToAddLicenseKeyWatch(controller controller.Controller, c kubernetes.Interface, log logr.Logger, ...)
- func WaitToAddNetworkPolicyWatches(controller controller.Controller, c kubernetes.Interface, log logr.Logger, ...)
- func WaitToAddResourceWatch(controller controller.Controller, c kubernetes.Interface, log logr.Logger, ...)
- func WaitToAddTierWatch(tierName string, controller controller.Controller, c kubernetes.Interface, ...)
- type CompareResult
- type ComponentHandler
- type ElasticClient
- type ElasticsearchClientCreator
- type MetaMatch
- type Policy
- type ReadyFlag
Constants ¶
const ( ElasticsearchRetentionFactor = 4 DefaultMaxIndexSizeGi = 30 ElasticConnRetries = 10 ElasticConnRetryInterval = "500ms" )
Variables ¶
var DefaultInstanceKey = client.ObjectKey{Name: "default"}
var DefaultTSEEInstanceKey = client.ObjectKey{Name: "tigera-secure"}
var OverlayInstanceKey = client.ObjectKey{Name: "overlay"}
Functions ¶
func AddAPIServerWatch ¶
func AddAPIServerWatch(c controller.Controller) error
func AddComplianceWatch ¶ added in v0.2.1
func AddComplianceWatch(c controller.Controller) error
func AddConfigMapWatch ¶ added in v1.0.0
func AddConfigMapWatch(c controller.Controller, name, namespace string) error
func AddNamespaceWatch ¶ added in v1.6.0
func AddNamespaceWatch(c controller.Controller, name string) error
func AddNamespacedWatch ¶ added in v1.19.0
func AddNamespacedWatch(c controller.Controller, obj client.Object, metaMatches ...MetaMatch) error
AddNamespacedWatch creates a watch on the given object. If a name and namespace are provided, then it will use predicates to only return matching objects. If they are not, then all events of the provided kind will be generated.
func AddNetworkWatch ¶
func AddNetworkWatch(c controller.Controller) error
func AddNodeLocalDNSWatch ¶ added in v1.30.0
func AddNodeLocalDNSWatch(c controller.Controller) error
AddNodeLocalDNSWatch creates a watch on the node-local-dns pods.
func AddPeriodicReconcile ¶ added in v1.28.12
func AddPeriodicReconcile(c controller.Controller, period time.Duration) error
func AddSecretsWatch ¶ added in v1.0.0
func AddSecretsWatch(c controller.Controller, name, namespace string, metaMatches ...MetaMatch) error
func AddServiceWatch ¶ added in v1.2.0
func AddServiceWatch(c controller.Controller, name, namespace string) error
func AddTigeraStatusWatch ¶ added in v1.29.0
func AddTigeraStatusWatch(c controller.Controller, name string) error
AddTigeraStatusWatch creates a watch on the given object. It uses predicates to only return matching objects.
func AutoDiscoverProvider ¶ added in v1.0.0
func AutoDiscoverProvider(ctx context.Context, clientset kubernetes.Interface) (operatorv1.Provider, error)
func ContextLoggerForResource ¶
ContextLoggerForResource provides a logger instance with context set for the provided object.
func DeleteAllowTigeraTierAndExpectWait ¶ added in v1.28.0
func DeleteAllowTigeraTierAndExpectWait(ctx context.Context, c client.Client, r reconcile.Reconciler, mockStatus *status.MockStatus)
DeleteAllowTigeraTierAndExpectWait deletes the tier resource and expects the Reconciler issues a degraded status, waiting for the tier to become available before progressing its status further. Assumes that mockStatus has any required initial status progression expectations set, and that the Reconciler utilizes the mockStatus object. Assumes the tier resource has been created.
func ElasticsearchSecrets ¶ added in v1.0.0
func ElasticsearchSecrets(ctx context.Context, userSecretNames []string, cli client.Client) ([]*corev1.Secret, error)
ElasticsearchSecrets gets the secrets needed for a component to be able to access Elasticsearch
func ExpectWaitForTierWatch ¶ added in v1.28.0
func ExpectWaitForTierWatch(ctx context.Context, r reconcile.Reconciler, mockStatus *status.MockStatus)
ExpectWaitForTierWatch expects the Reconciler issues a degraded status, waiting for a Tier watch to be established. Assumes that mockStatus has any required initial status progression expectations set, and that the Reconciler utilizes the mockStatus object.
func FetchLicenseKey ¶ added in v1.16.0
FetchLicenseKey returns the license if it has been installed. It's useful to prevent rollout of TSEE components that might require it. It will return an error if the license is not installed/cannot be read
func GetAPIServer ¶ added in v1.19.0
GetAPIServer finds the correct API server instance and returns a message and error in the case of an error.
func GetAmazonCloudIntegration ¶ added in v1.8.0
func GetAmazonCloudIntegration(ctx context.Context, client client.Client) (*operatorv1.AmazonCloudIntegration, error)
GetAmazonCloudIntegration returns the tigera AmazonCloudIntegration instance.
func GetAuthentication ¶ added in v1.9.0
func GetAuthentication(ctx context.Context, cli client.Client) (*operatorv1.Authentication, error)
GetAuthentication finds the authentication CR in your cluster.
func GetElasticLicenseType ¶ added in v1.14.0
func GetElasticLicenseType(ctx context.Context, cli client.Client, logger logr.Logger) (render.ElasticsearchLicenseType, error)
GetElasticLicenseType returns the license type from elastic-licensing ConfigMap that ECK operator keeps updated.
func GetElasticsearch ¶ added in v1.28.11
func GetElasticsearchClusterConfig ¶ added in v1.2.0
func GetElasticsearchClusterConfig(ctx context.Context, cli client.Client) (*relasticsearch.ClusterConfig, error)
GetElasticsearchClusterConfig retrieves the config map containing the elasticsearch configuration values, such as the the cluster name and replica count.
func GetIdpSecret ¶ added in v1.18.0
func GetIdpSecret(ctx context.Context, client client.Client, authentication *operatorv1.Authentication) (*corev1.Secret, error)
GetIdpSecret retrieves the Secret containing sensitive information for the configuration IdP specified in the given operatorv1.Authentication CR.
func GetInstallation ¶ added in v1.19.0
func GetInstallation(ctx context.Context, client client.Client) (operatorv1.ProductVariant, *operatorv1.InstallationSpec, error)
GetInstallation returns the current installation, for use by other controllers. It accounts for overlays and returns the variant according to status.Variant, which is leveraged by other controllers to know when it is safe to launch enterprise-dependent components.
func GetInstallationStatus ¶ added in v1.29.0
func GetInstallationStatus(ctx context.Context, client client.Client) (*operatorv1.InstallationStatus, error)
GetInstallationStatus returns the current installation status, for use by other controllers.
func GetK8sServiceEndPoint ¶ added in v1.17.0
GetK8sServiceEndPoint reads the kubernetes-service-endpoint configmap and pushes KUBERNETES_SERVICE_HOST, KUBERNETES_SERVICE_PORT to calico-node daemonset, typha apiserver deployments
func GetKeyValidatorConfig ¶ added in v1.18.0
func GetKeyValidatorConfig(ctx context.Context, cli client.Client, authenticationCR *operatorv1.Authentication, clusterDomain string) (rauth.KeyValidatorConfig, error)
GetKeyValidatorConfig uses the operatorv1.Authentication CR given to create the KeyValidatorConfig. This may be either a DexKeyValidatorConfig or a tigerakvc.KeyValidatorConfig.
func GetKubeControllerMetricsPort ¶ added in v1.30.0
GetKubeControllerMetricsPort fetches kube controller metrics port.
func GetLogCollector ¶ added in v1.21.0
func GetLogCollector(ctx context.Context, cli client.Client) (*operatorv1.LogCollector, error)
func GetManagementCluster ¶ added in v1.9.0
func GetManagementCluster(ctx context.Context, c client.Client) (*operatorv1.ManagementCluster, error)
Return the ManagementCluster CR if present. No error is returned if it was not found.
func GetManagementClusterConnection ¶ added in v1.9.0
func GetManagementClusterConnection(ctx context.Context, c client.Client) (*operatorv1.ManagementClusterConnection, error)
Return the ManagementClusterConnection CR if present. No error is returned if it was not found.
func GetNetworkingPullSecrets ¶
func GetNetworkingPullSecrets(i *operatorv1.InstallationSpec, c client.Client) ([]*corev1.Secret, error)
func IgnoreObject ¶
IgnoreObject returns true if the object has been marked as ignored by the user, and returns false otherwise.
func IsFeatureActive ¶ added in v1.16.0
func IsFeatureActive(license v3.LicenseKey, featureName string) bool
IsFeatureActive return true if the feature is listed in LicenseStatusKey
func IsNodeLocalDNSAvailable ¶ added in v1.30.0
func LogStorageExists ¶ added in v1.9.0
func OverrideInstallationSpec ¶ added in v1.19.0
func OverrideInstallationSpec(cfg, override operatorv1.InstallationSpec) operatorv1.InstallationSpec
func RequiresAmazonController ¶ added in v1.8.0
RequiresAmazonController determines if the configuration requires we start the aws controllers.
func RequiresTigeraSecure ¶ added in v1.0.0
RequiresTigeraSecure determines if the configuration requires we start the tigera secure controllers.
func StrToElasticLicenseType ¶ added in v1.14.0
func StrToElasticLicenseType(license string, logger logr.Logger) render.ElasticsearchLicenseType
StrToElasticLicenseType maps Elasticsearch license to one of the known and expected value.
func SupportsPodSecurityPolicies ¶ added in v1.28.0
func SupportsPodSecurityPolicies(c kubernetes.Interface) (bool, error)
SupportsPodSecurityPolicies returns true if the cluster contains the policy/v1beta1 PodSecurityPolicy API, and false otherwise. This API is scheduled to be removed in Kubernetes v1.25, but should still be used in earlier Kubernetes versions.
func ValidateCertPair ¶
func ValidateCertPair(client client.Client, namespace, certPairSecretName, keyName, certName string) (*corev1.Secret, error)
ValidateCertPair checks if the given secret exists in the given namespace and if so that it contains key and cert fields. If an empty string is passed for the keyName argument it is skipped. If a secret exists then it is returned. If there is an error accessing the secret (except NotFound) or the cert does not have both a key and cert field then an appropriate error is returned. If no secret exists then nil, nil is returned to represent that no cert is valid.
func ValidateResourceNameIsQualified ¶ added in v1.28.1
ValidateResourceNameIsQualified returns a compiled list of errors which states which rule the name did not respect. Returns nil if it's a valid name.
func WaitToAddLicenseKeyWatch ¶ added in v1.16.0
func WaitToAddLicenseKeyWatch(controller controller.Controller, c kubernetes.Interface, log logr.Logger, flag *ReadyFlag)
func WaitToAddNetworkPolicyWatches ¶ added in v1.28.0
func WaitToAddNetworkPolicyWatches(controller controller.Controller, c kubernetes.Interface, log logr.Logger, policies []types.NamespacedName)
func WaitToAddResourceWatch ¶ added in v1.22.0
func WaitToAddResourceWatch(controller controller.Controller, c kubernetes.Interface, log logr.Logger, flag *ReadyFlag, objs []client.Object)
WaitToAddResourceWatch will check if projectcalico.org APIs are available and if so, it will add a watch for resource The completion of this operation will be signaled on a ready channel
func WaitToAddTierWatch ¶ added in v1.28.0
func WaitToAddTierWatch(tierName string, controller controller.Controller, c kubernetes.Interface, log logr.Logger, flag *ReadyFlag)
Types ¶
type CompareResult ¶ added in v1.19.0
type CompareResult int
const ( Same CompareResult = iota AOnlySet BOnlySet Different )
type ComponentHandler ¶
type ComponentHandler interface {
CreateOrUpdateOrDelete(context.Context, render.Component, status.StatusManager) error
}
func NewComponentHandler ¶
func NewComponentHandler(log logr.Logger, client client.Client, scheme *runtime.Scheme, cr metav1.Object) ComponentHandler
cr is allowed to be nil in the case we don't want to put ownership on a resource, this is useful for CRD management so that they are not removed automatically.
type ElasticClient ¶ added in v1.14.0
type ElasticClient interface {
SetILMPolicies(context.Context, *operatorv1.LogStorage) error
}
func NewElasticClient ¶ added in v1.14.0
type ElasticsearchClientCreator ¶ added in v1.14.1
type MetaMatch ¶ added in v1.2.0
type MetaMatch func(metav1.ObjectMeta) bool
type ReadyFlag ¶ added in v1.16.0
type ReadyFlag struct {
// contains filtered or unexported fields
}
ReadyFlag is used to synchronize access to a boolean flag flag that can be shared between go routines. The flag can be marked as ready once,as part of a initialization procedure and read multiple times afterwards
func (*ReadyFlag) MarkAsReady ¶ added in v1.16.0
func (r *ReadyFlag) MarkAsReady()
MarkAsReady sets the flag as true