Documentation ¶
Overview ¶
Package metadata contains Config Sync metadata (annotations and labels) and related functions.
Index ¶
- Constants
- Variables
- func GetNomosAnnotationKeys() []string
- func HasConfigSyncMetadata(obj client.Object) bool
- func HasConfigSyncPrefix(s string) bool
- func IsConfigSyncAnnotationKey(k string) bool
- func IsConfigSyncLabelKey(k string) bool
- func IsSourceAnnotation(k string) bool
- func RemoveConfigSyncMetadata(obj client.Object) bool
- func SyncerLabels() map[string]string
- type DeletionPropagationPolicy
Constants ¶
const ( // ConfigManagementPrefix is the prefix for all Nomos annotations and labels. ConfigManagementPrefix = configmanagement.GroupName + "/" // ClusterNameAnnotationKey is the annotation key set on Nomos-managed resources that refers to // the name of the cluster that the selectors are applied for. // This annotation is set by Config Sync on a managed resource. ClusterNameAnnotationKey = ConfigManagementPrefix + "cluster-name" // LegacyClusterSelectorAnnotationKey is the annotation key set on Nomos-managed resources that refers // to the name of the ClusterSelector resource. // This annotation is set by Config Sync users on a managed resource. LegacyClusterSelectorAnnotationKey = ConfigManagementPrefix + "cluster-selector" // NamespaceSelectorAnnotationKey is the annotation key set on Nomos-managed resources that refers // to name of NamespaceSelector resource. // This annotation is set by Config Sync users on a managed resource. NamespaceSelectorAnnotationKey = ConfigManagementPrefix + "namespace-selector" // DeclaredConfigAnnotationKey is the annotation key that stores the declared configuration of // a resource in Git. // This annotation is set by Config Sync on a managed resource. DeclaredConfigAnnotationKey = ConfigManagementPrefix + "declared-config" // SourcePathAnnotationKey is the annotation key representing the relative path from POLICY_DIR // where the object was originally declared. Paths are slash-separated and OS-agnostic. // This annotation is set by Config Sync on a managed resource. SourcePathAnnotationKey = ConfigManagementPrefix + "source-path" // SyncTokenAnnotationKey is the annotation key representing the last version token that a Nomos- // managed resource was successfully synced from. // This annotation is set by Config Sync on a managed resource. SyncTokenAnnotationKey = ConfigManagementPrefix + "token" // ResourceManagementKey is the annotation that indicates if Nomos will manage the content and // lifecycle for the resource. // This annotation is set by Config Sync on a managed resource. ResourceManagementKey = ConfigManagementPrefix + "managed" // ResourceManagementEnabled is the value corresponding to ResourceManagementKey indicating that // Nomos will manage content and lifecycle for the given resource. ResourceManagementEnabled = "enabled" // ResourceManagementDisabled is the value corresponding to ResourceManagementKey indicating that // Nomos will not manage content and lifecycle for the given resource. // By design, the `configmanagement.gke.io/managed: disabled` annotation // should not be pushed to the cluster. Instead, we remove all the Config // Sync metadata from the object on the cluster. ResourceManagementDisabled = "disabled" // ResourceStatusErrorsKey is the annotation that indicates any errors, encoded as a JSON array. // This annotation is set by Config Sync on a managed resource. ResourceStatusErrorsKey = ConfigManagementPrefix + "errors" // ResourceStatusReconcilingKey is the annotation that indicates reasons why a resource is // reconciling, encoded as a JSON array. // This annotation is set by Config Sync on a managed resource. ResourceStatusReconcilingKey = ConfigManagementPrefix + "reconciling" )
Annotations with the `configmanagement.gke.io/` prefix.
const ( // ConfigMapAnnotationKey is the annotation key representing the hash of all the configmaps // required to run a root-reconciler, namespace-reconciler, or otel-collector pod. // This annotation is set by Config Sync on a root-reconciler, namespace-reconciler, or otel-collector pod. ConfigMapAnnotationKey = configsync.ConfigSyncPrefix + "configmap" // DeclaredFieldsKey is the annotation key that stores the declared configuration of // a resource in Git. This uses the same format as the managed fields of server-side apply. // This annotation is set by Config Sync on a managed resource. DeclaredFieldsKey = configsync.ConfigSyncPrefix + "declared-fields" // GitContextKey is the annotation key for the git source-of-truth a resource is synced from. // This annotation is set by Config Sync on a managed resource. GitContextKey = configsync.ConfigSyncPrefix + "git-context" // ResourceManagerKey is the annotation that indicates which multi-repo reconciler is managing // the resource. // This annotation is set by Config Sync on a managed resource. ResourceManagerKey = configsync.ConfigSyncPrefix + "manager" // ClusterNameSelectorAnnotationKey is the annotation key set on ConfigSync-managed resources that refers // to the name of the ClusterSelector resource. // This annotation is set by Config Sync users on a managed resource. ClusterNameSelectorAnnotationKey = configsync.ConfigSyncPrefix + "cluster-name-selector" // ResourceIDKey is the annotation that indicates the resource's GKNN. // This annotation is set by Config on a managed resource. ResourceIDKey = configsync.ConfigSyncPrefix + "resource-id" // OriginalHNCManagedByValue is the annotation that stores the original value of the // hnc.x-k8s.io/managed-by annotation before Config Sync overrides the annotation. // This annotation is set by Config Sync on a managed namespace resource. OriginalHNCManagedByValue = configsync.ConfigSyncPrefix + "original-hnc-managed-by-value" // WebhookconfigurationKey annotation declares if the webhook configuration // should be updated. // This annotation is set by Config Sync users on the Config Sync ValidatingWebhookConfiguration object. WebhookconfigurationKey = configsync.ConfigSyncPrefix + "webhook-configuration-update" // WebhookConfigurationUpdateDisabled is the value for WebhookConfigurationKey // to disable updating the webhook configuration. WebhookConfigurationUpdateDisabled = "disabled" // UnknownScopeAnnotationKey is the annotation that indicates the scope of a resource is unknown. // This annotation is set by Config Sync on a managed resource whose scope is unknown. UnknownScopeAnnotationKey = configsync.ConfigSyncPrefix + "unknown-scope" // UnknownScopeAnnotationValue is the value for UnknownScopeAnnotationKey // to indicate that the scope of a resource is unknown. UnknownScopeAnnotationValue = "true" // DeletionPropagationPolicyAnnotationKey is the annotation key set on // RootSync/RepoSync objects to indicate what do do with the managed // resources when the RootSync/RepoSync object is deleted. DeletionPropagationPolicyAnnotationKey = configsync.ConfigSyncPrefix + "deletion-propagation-policy" // RequiresRenderingAnnotationKey is the annotation key set on // RootSync/RepoSync objects to indicate whether the source of truth // requires last mile hydration. The reconciler writes the value of this // annotation and the reconciler-manager reads it. If set to true, the // reconciler-manager will create the reconciler with the hydration-controller // sidecar container. RequiresRenderingAnnotationKey = configsync.ConfigSyncPrefix + "requires-rendering" )
Annotations with the `configsync.gke.io/` prefix.
const ( // LifecyclePrefix is the prefix for all lifecycle annotations. LifecyclePrefix = "client.lifecycle.config.k8s.io" // LifecycleMutationAnnotation is the lifecycle annotation key for the mutation // operation. The annotation must be declared in the repository in order to // function properly. This annotation only has effect when the object // updated in the cluster or the declaration changes. It has no impact on // behavior related to object creation/deletion, or if the object does not // already exist. // This annotation is set by Config Sync users on a managed resource. LifecycleMutationAnnotation = LifecyclePrefix + "/mutation" // IgnoreMutation is the value used with LifecycleMutationAnnotation to // prevent mutating a resource. That is, if the resource exists on the cluster // then ACM will make no attempt to modify it. IgnoreMutation = "ignore" )
Lifecycle annotations
const ( // LocalConfigAnnotationKey is the annotation key to mark // a resource is only local. When its value is "true", // the resource shouldn't be applied to the cluster. // This annotation is set by Config Sync users on a resource that // should be only used by local tools such as kpt function. LocalConfigAnnotationKey = filters.LocalConfigAnnotation // Any value except for NoLocalConfigAnnoVal will mark a resource as a local configuration. NoLocalConfigAnnoVal = "false" )
Annotation for local configuration
const ( // DeletionPropagationPolicyForeground indicates that the managed resources // should all be deleted/pruned before the RootSync/RepoSync object is deleted. // This will block deletion of the RootSync/RepoSync using a finalizer. DeletionPropagationPolicyForeground = DeletionPropagationPolicy("Foreground") // DeletionPropagationPolicyOrphan indicates that the managed resources // should all be orphanned (not deleted) when the RootSync/RepoSync object // is deleted. // This will NOT block deletion of the RootSync/RepoSync AND will not // remove or modify any config sync managed annotations. // This allows the RootSync/RepoSync to be deleted and re-created without // affecting the managed resources. // This is the default behavior if the annotation is not specified. DeletionPropagationPolicyOrphan = DeletionPropagationPolicy("Orphan") )
const ( // ReconcilerFinalizer is the finalizer added to the RootSync/RepoSync by // the reconciler when the deletion-propagation-policy is Foreground to // ensure deletion of the user objects it manages, before the // RootSync/RepoSync is deleted. ReconcilerFinalizer = configsync.ConfigSyncPrefix + reconcilermanager.Reconciler // ReconcilerManagerFinalizer is the finalizer added to the // RootSync/RepoSync by the reconciler-manager to ensure // deletion of the reconciler and its dependencies, before the // RootSync/RepoSync is deleted. ReconcilerManagerFinalizer = configsync.ConfigSyncPrefix + reconcilermanager.ManagerName )
const ( // ManagedByValue marks the resource as managed by Nomos. ManagedByValue = configmanagement.GroupName // SystemLabel is the system Nomos label. SystemLabel = ConfigManagementPrefix + "system" // ArchLabel is the arch Nomos label. ArchLabel = ConfigManagementPrefix + "arch" )
Labels with the `configmanagement.gke.io/` prefix.
const ( // ReconcilerLabel is the unique label given to each reconciler pod. // This label is set by Config Sync on a root-reconciler or namespace-reconciler pod. ReconcilerLabel = configsync.ConfigSyncPrefix + "reconciler" // DeclaredVersionLabel declares the API Version in which a resource was initially // declared. // This label is set by Config Sync on a managed resource. DeclaredVersionLabel = configsync.ConfigSyncPrefix + "declared-version" // SyncNamespaceLabel indicates the namespace of RootSync or RepoSync. SyncNamespaceLabel = configsync.ConfigSyncPrefix + "sync-namespace" // SyncNameLabel indicates the name of RootSync or RepoSync. SyncNameLabel = configsync.ConfigSyncPrefix + "sync-name" // SyncKindLabel indicates the RSync kind: RootSync or RepoSync. SyncKindLabel = configsync.ConfigSyncPrefix + "sync-kind" // SyncGenerationLabel indicates the generation of RootSync or RepoSync. SyncGenerationLabel = configsync.ConfigSyncPrefix + "sync-generation" // DeploymentNameLabel indicates the name of the Deployment. // This is used to enable selecting pods by label, primarily for printing logs. // Example: kubectl logs deployment/<deploy-name> <container-name> -n config-management-system DeploymentNameLabel = configsync.ConfigSyncPrefix + "deployment-name" )
Labels with the `configsync.gke.io/` prefix.
const AutoPilotAnnotation = "autopilot.gke.io/resource-adjustment"
AutoPilotAnnotation is the annotation generated by the autopilot for resource adjustment.
const DepthSuffix = ".tree.hnc.x-k8s.io/depth"
DepthSuffix is a label suffix for hierarchical namespace depth. See definition at http://bit.ly/k8s-hnc-design#heading=h.1wg2oqxxn6ka. This label is set by Config Sync on a managed namespace resource.
const FleetWorkloadIdentityCredentials = "config.kubernetes.io/fleet-workload-identity"
FleetWorkloadIdentityCredentials is the key for the credentials file of the Fleet Workload Identity.
const HNCManagedBy = "hnc.x-k8s.io/managed-by"
HNCManagedBy is the annotation that indicates the namespace hierarchy is not managed by the Hierarchical Namespace Controller (http://bit.ly/k8s-hnc-design) but someone else, "configmanagement.gke.io" in this case. This annotation is set by Config Sync on a managed namespace resource.
const KustomizeOrigin = "config.kubernetes.io/origin"
KustomizeOrigin is the annotation generated by Kustomize to indicate the origin of the rendered resource.
const ManagedByKey = "app.kubernetes.io/managed-by"
ManagedByKey is the recommended Kubernetes label for marking a resource as managed by an application.
const OwningInventoryKey = "config.k8s.io/owning-inventory"
OwningInventoryKey is the annotation key for marking the owning-inventory object. This annotation is needed because the kpt library cannot apply a single resource. This annotation is set by Config Sync on a managed resource.
Variables ¶
var CommonAnnotationKeys = []string{ ClusterNameAnnotationKey, ResourceManagementKey, SourcePathAnnotationKey, SyncTokenAnnotationKey, DeclaredFieldsKey, ResourceIDKey, }
CommonAnnotationKeys include the annotation keys used in both the mono-repo and multi-repo mode.
var ConfigSyncAnnotations = []string{ DeclaredFieldsKey, GitContextKey, ResourceManagerKey, ResourceIDKey, }
ConfigSyncAnnotations contain the keys for ConfigSync annotations.
var MultiRepoOnlyAnnotationKeys = []string{ GitContextKey, ResourceManagerKey, OwningInventoryKey, }
MultiRepoOnlyAnnotationKeys include the annotation keys used only in the multi-repo mode.
Functions ¶
func GetNomosAnnotationKeys ¶
func GetNomosAnnotationKeys() []string
GetNomosAnnotationKeys returns the set of Nomos annotations that Config Sync should manage.
func HasConfigSyncMetadata ¶
HasConfigSyncMetadata returns true if the given obj has at least one Config Sync annotation or label.
func HasConfigSyncPrefix ¶
HasConfigSyncPrefix returns true if the string begins with a ConfigSync annotation prefix.
func IsConfigSyncAnnotationKey ¶
IsConfigSyncAnnotationKey returns whether an annotation key is a Config Sync annotation key.
func IsConfigSyncLabelKey ¶
IsConfigSyncLabelKey returns whether a label key is a Config Sync label key.
func IsSourceAnnotation ¶
IsSourceAnnotation returns true if the annotation is a ConfigSync source annotation.
func RemoveConfigSyncMetadata ¶
RemoveConfigSyncMetadata removes the Config Sync metadata, including both Config Sync annotations and labels, from the given resource. The only Config Sync metadata which will not be removed is `LifecycleMutationAnnotation`. The resource is modified in place. Returns true if the object was modified.
func SyncerLabels ¶
SyncerLabels returns the Nomos labels that the syncer should manage.
Types ¶
type DeletionPropagationPolicy ¶ added in v1.15.1
type DeletionPropagationPolicy string
DeletionPropagationPolicy is the type used to identify value enums to use with the deletion-propagation-policy annotation.