Documentation
¶
Overview ¶
Package metadata contains Config Sync metadata (annotations and labels) and related functions.
Index ¶
- Constants
- Variables
- func GetNomosAnnotationKeys() []string
- func HasConfigSyncMetadata(obj client.Object) bool
- func HasConfigSyncPrefix(s string) bool
- func IsConfigSyncAnnotationKey(k string) bool
- func IsConfigSyncLabelKey(k string) bool
- func IsSourceAnnotation(k string) bool
- func RemoveApplySetPartOfLabel(obj client.Object, applySetID string) bool
- func RemoveConfigSyncMetadata(obj client.Object) bool
- func SyncerLabels() map[string]string
- type DeletionPropagationPolicy
Constants ¶
View Source
const ( // ConfigManagementPrefix is the prefix for all Nomos annotations and labels. ConfigManagementPrefix = configmanagement.GroupName + "/" // ClusterNameAnnotationKey is the annotation key set on Nomos-managed resources that refers to // the name of the cluster that the selectors are applied for. // This annotation is set by Config Sync on a managed resource. ClusterNameAnnotationKey = ConfigManagementPrefix + "cluster-name" // LegacyClusterSelectorAnnotationKey is the annotation key set on Nomos-managed resources that refers // to the name of the ClusterSelector resource. // This annotation is set by Config Sync users on a managed resource. LegacyClusterSelectorAnnotationKey = ConfigManagementPrefix + "cluster-selector" // NamespaceSelectorAnnotationKey is the annotation key set on Nomos-managed resources that refers // to name of NamespaceSelector resource. // This annotation is set by Config Sync users on a managed resource. NamespaceSelectorAnnotationKey = ConfigManagementPrefix + "namespace-selector" // DeclaredConfigAnnotationKey is the annotation key that stores the declared configuration of // a resource in Git. // This annotation is set by Config Sync on a managed resource. DeclaredConfigAnnotationKey = ConfigManagementPrefix + "declared-config" // SourcePathAnnotationKey is the annotation key representing the relative path from POLICY_DIR // where the object was originally declared. Paths are slash-separated and OS-agnostic. // This annotation is set by Config Sync on a managed resource. SourcePathAnnotationKey = ConfigManagementPrefix + "source-path" // SyncTokenAnnotationKey is the annotation key representing the last version token that a Nomos- // managed resource was successfully synced from. // This annotation is set by Config Sync on a managed resource. SyncTokenAnnotationKey = ConfigManagementPrefix + "token" // ResourceManagementKey is the annotation that indicates if Nomos will manage the content and // lifecycle for the resource. // This annotation is set by Config Sync on a managed resource. ResourceManagementKey = ConfigManagementPrefix + "managed" // ResourceManagementEnabled is the value corresponding to ResourceManagementKey indicating that // Nomos will manage content and lifecycle for the given resource. ResourceManagementEnabled = "enabled" // ResourceManagementDisabled is the value corresponding to ResourceManagementKey indicating that // Nomos will not manage content and lifecycle for the given resource. // By design, the `configmanagement.gke.io/managed: disabled` annotation // should not be pushed to the cluster. Instead, we remove all the Config // Sync metadata from the object on the cluster. ResourceManagementDisabled = "disabled" // ResourceStatusErrorsKey is the annotation that indicates any errors, encoded as a JSON array. // This annotation is set by Config Sync on a managed resource. ResourceStatusErrorsKey = ConfigManagementPrefix + "errors" // ResourceStatusReconcilingKey is the annotation that indicates reasons why a resource is // reconciling, encoded as a JSON array. // This annotation is set by Config Sync on a managed resource. ResourceStatusReconcilingKey = ConfigManagementPrefix + "reconciling" )
Annotations with the `configmanagement.gke.io/` prefix.
View Source
const ( // ConfigMapAnnotationKey is the annotation key representing the hash of all the configmaps // required to run a root-reconciler, namespace-reconciler, or otel-collector pod. // This annotation is set by Config Sync on a root-reconciler, namespace-reconciler, or otel-collector pod. ConfigMapAnnotationKey = configsync.ConfigSyncPrefix + "configmap" // DeclaredFieldsKey is the annotation key that stores the declared configuration of // a resource in Git. This uses the same format as the managed fields of server-side apply. // This annotation is set by Config Sync on a managed resource. DeclaredFieldsKey = configsync.ConfigSyncPrefix + "declared-fields" // GitContextKey is the annotation key for the git source-of-truth a resource is synced from. // This annotation is set by Config Sync on a managed resource. GitContextKey = configsync.ConfigSyncPrefix + "git-context" // ResourceManagerKey is the annotation that indicates which multi-repo reconciler is managing // the resource. // This annotation is set by Config Sync on a managed resource. ResourceManagerKey = configsync.ConfigSyncPrefix + "manager" // ClusterNameSelectorAnnotationKey is the annotation key set on ConfigSync-managed resources that refers // to the name of the ClusterSelector resource. // This annotation is set by Config Sync users on a managed resource. ClusterNameSelectorAnnotationKey = configsync.ConfigSyncPrefix + "cluster-name-selector" // ResourceIDKey is the annotation that indicates the resource's GKNN. // This annotation is set by Config on a managed resource. ResourceIDKey = configsync.ConfigSyncPrefix + "resource-id" // OriginalHNCManagedByValue is the annotation that stores the original value of the // hnc.x-k8s.io/managed-by annotation before Config Sync overrides the annotation. // This annotation is set by Config Sync on a managed namespace resource. OriginalHNCManagedByValue = configsync.ConfigSyncPrefix + "original-hnc-managed-by-value" // UnknownScopeAnnotationKey is the annotation that indicates the scope of a resource is unknown. // This annotation is set by Config Sync on a managed resource whose scope is unknown. UnknownScopeAnnotationKey = configsync.ConfigSyncPrefix + "unknown-scope" // UnknownScopeAnnotationValue is the value for UnknownScopeAnnotationKey // to indicate that the scope of a resource is unknown. UnknownScopeAnnotationValue = "true" // DeletionPropagationPolicyAnnotationKey is the annotation key set on // RootSync/RepoSync objects to indicate what do do with the managed // resources when the RootSync/RepoSync object is deleted. DeletionPropagationPolicyAnnotationKey = configsync.ConfigSyncPrefix + "deletion-propagation-policy" // RequiresRenderingAnnotationKey is the annotation key set on // RootSync/RepoSync objects to indicate whether the source of truth // requires last mile hydration. The reconciler writes the value of this // annotation and the reconciler-manager reads it. If set to true, the // reconciler-manager will create the reconciler with the hydration-controller // sidecar container. RequiresRenderingAnnotationKey = configsync.ConfigSyncPrefix + "requires-rendering" // DynamicNSSelectorEnabledAnnotationKey is the annotation key set on R*Sync // object to indicate whether the source of truth contains at least one // NamespaceSelector using the dynamic mode, which requires the Namespace // controller. The reconciler writes the value of this annotation and the // reconciler-manager reads it. If set to true, the reconciler-manager will // create the reconciler with the Namespace controller in the reconciler container. DynamicNSSelectorEnabledAnnotationKey = configsync.ConfigSyncPrefix + "dynamic-ns-selector-enabled" // ImageToSyncAnnotationKey is the annotation key used to store the full image reference // (including the digest) for OCI and Helm (with oci:// URL) sources. // This annotation is set by Config Sync on the RootSync/RepoSync object // to indicate the exact image that should be synced. ImageToSyncAnnotationKey = configsync.ConfigSyncPrefix + "image-to-sync" )
Annotations with the `configsync.gke.io/` prefix.
View Source
const ( // LifecyclePrefix is the prefix for all lifecycle annotations. LifecyclePrefix = "client.lifecycle.config.k8s.io" // LifecycleMutationAnnotation is the lifecycle annotation key for the mutation // operation. The annotation must be declared in the repository in order to // function properly. This annotation only has effect when the object // updated in the cluster or the declaration changes. It has no impact on // behavior related to object creation/deletion, or if the object does not // already exist. // This annotation is set by Config Sync users on a managed resource. LifecycleMutationAnnotation = LifecyclePrefix + "/mutation" // IgnoreMutation is the value used with LifecycleMutationAnnotation to // prevent mutating a resource. That is, if the resource exists on the cluster // then ACM will make no attempt to modify it. IgnoreMutation = "ignore" )
Lifecycle annotations
View Source
const ( // LocalConfigAnnotationKey is the annotation key to mark // a resource is only local. When its value is "true", // the resource shouldn't be applied to the cluster. // This annotation is set by Config Sync users on a resource that // should be only used by local tools such as kpt function. LocalConfigAnnotationKey = filters.LocalConfigAnnotation // Any value except for NoLocalConfigAnnoVal will mark a resource as a local configuration. NoLocalConfigAnnoVal = "false" )
Annotation for local configuration
View Source
const ( // DeletionPropagationPolicyForeground indicates that the managed resources // should all be deleted/pruned before the RootSync/RepoSync object is deleted. // This will block deletion of the RootSync/RepoSync using a finalizer. DeletionPropagationPolicyForeground = DeletionPropagationPolicy("Foreground") // DeletionPropagationPolicyOrphan indicates that the managed resources // should all be orphanned (not deleted) when the RootSync/RepoSync object // is deleted. // This will NOT block deletion of the RootSync/RepoSync AND will not // remove or modify any config sync managed annotations. // This allows the RootSync/RepoSync to be deleted and re-created without // affecting the managed resources. // This is the default behavior if the annotation is not specified. DeletionPropagationPolicyOrphan = DeletionPropagationPolicy("Orphan") )
View Source
const ( // ApplySetPartOfLabel is the key of the label which indicates that the // object is a member of an ApplySet. The value of the label MUST match the // value of ApplySetParentIDLabel on the parent object. ApplySetPartOfLabel = kubectlapply.ApplysetPartOfLabel // ApplySetParentIDLabel is the key of the label that makes object an // ApplySet parent object. Its value MUST use the format specified in // k8s.io/kubectl/pkg/cmd/apply.V1ApplySetIdFormat. ApplySetParentIDLabel = kubectlapply.ApplySetParentIDLabel )
Labels with the `applyset.kubernetes.io/` prefix.
View Source
const ( // ApplySetToolingAnnotation is the key of the label that indicates which // tool is used to manage this ApplySet. Tooling should refuse to mutate // ApplySets belonging to other tools. The value must be in the format // <toolname>/<semver>. Example value: "kubectl/v1.27" or "helm/v3" or // "kpt/v1.0.0" ApplySetToolingAnnotation = kubectlapply.ApplySetToolingAnnotation // ApplySetToolingName is the name used to represent Config Sync in the // ApplySet tooling annotation. ApplySetToolingName = configsync.GroupName // ApplySetToolingVersion is the version used to represent Config Sync in // the ApplySet tooling annotation. // // The ApplySetKEP and kubectl require this to be a semantic version, // implying that it should be the version of the tool. But we're using a // static version instead, to allow listing all objects managed Config Sync, // regardless of version. ApplySetToolingVersion = "v1" )
Annotations with the `applyset.kubernetes.io/` prefix.
View Source
const ( // ReconcilerFinalizer is the finalizer added to the RootSync/RepoSync by // the reconciler when the deletion-propagation-policy is Foreground to // ensure deletion of the user objects it manages, before the // RootSync/RepoSync is deleted. ReconcilerFinalizer = configsync.ConfigSyncPrefix + reconcilermanager.Reconciler // ReconcilerManagerFinalizer is the finalizer added to the // RootSync/RepoSync by the reconciler-manager to ensure // deletion of the reconciler and its dependencies, before the // RootSync/RepoSync is deleted. ReconcilerManagerFinalizer = configsync.ConfigSyncPrefix + reconcilermanager.ManagerName )
View Source
const ( // ManagedByValue marks the resource as managed by Nomos. ManagedByValue = configmanagement.GroupName // SystemLabel is the system Nomos label. SystemLabel = ConfigManagementPrefix + "system" // ArchLabel is the arch Nomos label. ArchLabel = ConfigManagementPrefix + "arch" )
Labels with the `configmanagement.gke.io/` prefix.
View Source
const ( // ReconcilerLabel is the unique label given to each reconciler pod. // This label is set by Config Sync on a root-reconciler or namespace-reconciler pod. ReconcilerLabel = configsync.ConfigSyncPrefix + "reconciler" // DeclaredVersionLabel declares the API Version in which a resource was initially // declared. // This label is set by Config Sync on a managed resource. DeclaredVersionLabel = configsync.ConfigSyncPrefix + "declared-version" // SyncNamespaceLabel indicates the namespace of RootSync or RepoSync. SyncNamespaceLabel = configsync.ConfigSyncPrefix + "sync-namespace" // SyncNameLabel indicates the name of RootSync or RepoSync. SyncNameLabel = configsync.ConfigSyncPrefix + "sync-name" // SyncKindLabel indicates the RSync kind: RootSync or RepoSync. SyncKindLabel = configsync.ConfigSyncPrefix + "sync-kind" // SyncGenerationLabel indicates the generation of RootSync or RepoSync. SyncGenerationLabel = configsync.ConfigSyncPrefix + "sync-generation" // DeploymentNameLabel indicates the name of the Deployment. // This is used to enable selecting pods by label, primarily for printing logs. // Example: kubectl logs deployment/<deploy-name> <container-name> -n config-management-system DeploymentNameLabel = configsync.ConfigSyncPrefix + "deployment-name" // ConfigSyncManagedByLabel indicates which Config Sync component is managing // the resource. Similar to the well known app.kubernetes.io/managed-by label, // but scoped to Config Sync. ConfigSyncManagedByLabel = configsync.ConfigSyncPrefix + "managed-by" )
Labels with the `configsync.gke.io/` prefix.
View Source
const AutoPilotAnnotation = "autopilot.gke.io/resource-adjustment"
AutoPilotAnnotation is the annotation generated by the autopilot for resource adjustment.
View Source
const DepthSuffix = ".tree.hnc.x-k8s.io/depth"
DepthSuffix is a label suffix for hierarchical namespace depth. See definition at http://bit.ly/k8s-hnc-design#heading=h.1wg2oqxxn6ka. This label is set by Config Sync on a managed namespace resource.
View Source
const FleetWorkloadIdentityCredentials = "config.kubernetes.io/fleet-workload-identity"
FleetWorkloadIdentityCredentials is the key for the credentials file of the Fleet Workload Identity.
View Source
const HNCManagedBy = "hnc.x-k8s.io/managed-by"
HNCManagedBy is the annotation that indicates the namespace hierarchy is not managed by the Hierarchical Namespace Controller (http://bit.ly/k8s-hnc-design) but someone else, "configmanagement.gke.io" in this case. This annotation is set by Config Sync on a managed namespace resource.
View Source
const KustomizeOrigin = "config.kubernetes.io/origin"
KustomizeOrigin is the annotation generated by Kustomize to indicate the origin of the rendered resource.
View Source
const ManagedByKey = "app.kubernetes.io/managed-by"
ManagedByKey is the recommended Kubernetes label for marking a resource as managed by an application.
View Source
const OwningInventoryKey = "config.k8s.io/owning-inventory"
OwningInventoryKey is the annotation key for marking the owning-inventory object. This annotation is needed because the kpt library cannot apply a single resource. This annotation is set by Config Sync on a managed resource.
Variables ¶
View Source
var CommonAnnotationKeys = []string{ ClusterNameAnnotationKey, ResourceManagementKey, SourcePathAnnotationKey, SyncTokenAnnotationKey, DeclaredFieldsKey, ResourceIDKey, }
CommonAnnotationKeys include the annotation keys used in both the mono-repo and multi-repo mode.
View Source
var ConfigSyncAnnotations = []string{ DeclaredFieldsKey, GitContextKey, ResourceManagerKey, ResourceIDKey, }
ConfigSyncAnnotations contain the keys for ConfigSync annotations.
View Source
var MultiRepoOnlyAnnotationKeys = []string{ GitContextKey, ResourceManagerKey, OwningInventoryKey, }
MultiRepoOnlyAnnotationKeys include the annotation keys used only in the multi-repo mode.
Functions ¶
func GetNomosAnnotationKeys ¶
func GetNomosAnnotationKeys() []string
GetNomosAnnotationKeys returns the set of Nomos annotations that Config Sync should manage.
func HasConfigSyncMetadata ¶
HasConfigSyncMetadata returns true if the given obj has at least one Config Sync annotation or label.
func HasConfigSyncPrefix ¶
HasConfigSyncPrefix returns true if the string begins with a ConfigSync annotation prefix.
func IsConfigSyncAnnotationKey ¶
IsConfigSyncAnnotationKey returns whether an annotation key is a Config Sync annotation key.
func IsConfigSyncLabelKey ¶
IsConfigSyncLabelKey returns whether a label key is a Config Sync label key.
func IsSourceAnnotation ¶
IsSourceAnnotation returns true if the annotation is a ConfigSync source annotation.
func RemoveApplySetPartOfLabel ¶ added in v1.20.0
RemoveApplySetPartOfLabel removes the ApplySet part-of label IFF the value matches the specified applySetID. The resource is modified in place. Returns true if the object was modified.
func RemoveConfigSyncMetadata ¶
RemoveConfigSyncMetadata removes the Config Sync metadata, including both Config Sync annotations and labels, from the given resource. The only Config Sync metadata which will not be removed is `LifecycleMutationAnnotation`. The resource is modified in place. Returns true if the object was modified.
func SyncerLabels ¶
SyncerLabels returns the Nomos labels that the syncer should manage.
Types ¶
type DeletionPropagationPolicy ¶ added in v1.15.1
type DeletionPropagationPolicy string
DeletionPropagationPolicy is the type used to identify value enums to use with the deletion-propagation-policy annotation.
Source Files
Click to show internal directories.
Click to hide internal directories.