manifestutils

package
v0.16.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 4, 2025 License: AGPL-3.0 Imports: 16 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// PrometheusCAFile declares the path for prometheus CA file for service monitors.
	PrometheusCAFile string = "/etc/prometheus/configmaps/serving-certs-ca-bundle/service-ca.crt"
	// nolint #nosec
	// BearerTokenFile declares the path for bearer token file for service monitors.
	BearerTokenFile string = "/var/run/secrets/kubernetes.io/serviceaccount/token"

	// ConfigVolumeName declares the name of the volume containing the tempo configuration.
	ConfigVolumeName = "tempo-conf"

	// GatewayRBACFileName the name of the RBAC config file in the ConfigMap.
	GatewayRBACFileName = "rbac.yaml"
	// GatewayTenantFileName the name of the tenant config file in the secret.
	GatewayTenantFileName = "tenants.yaml"

	// TmpStorageVolumeName declares the name of the volume containing temporary storage for tempo.
	TmpStorageVolumeName = "tempo-tmp-storage"

	// TmpTempoStoragePath declares the path of temporary storage for tempo.
	TmpTempoStoragePath = "/var/tempo"
	// TmpStoragePath   declares generic default /tmp storage path.
	TmpStoragePath = "/tmp"

	// HttpPortName declares the name of the tempo http port.
	HttpPortName = "http"
	// PortHTTPServer declares the port number of the tempo http port.
	PortHTTPServer = 3200
	// TempoInternalServerPortName declares the name of the internal Tempo HTTP Server (for healthchecks).
	TempoInternalServerPortName = "tempo-internal"
	// PortInternalHTTPServer declares the port number of the internal tempo http port.
	PortInternalHTTPServer = 3101
	// PortJaegerQuery declares the port number of the jaeger query UI port.
	PortJaegerQuery = 16686
	// TempoReadinessPath specifies the path for the readiness probe.
	TempoReadinessPath = "/ready"
	// TempoLivenessPath specifies the path for the liveness probe.
	TempoLivenessPath = "/status/version"

	// GrpcPortName declares the name of the tempo gRPC port.
	GrpcPortName = "grpc"
	// PortGRPCServer declares the port number of the tempo gRPC port.
	PortGRPCServer = 9095

	// JaegerUIPortName declares the name of the Jaeger UI HTTP port.
	JaegerUIPortName = "jaeger-ui"
	// PortJaegerUI declares the port number of the Jaeger UI HTTP port.
	PortJaegerUI = 16686

	// OAuthProxyPortName declares the name of the Jaeger UI oauth proxy HTTP port.
	OAuthProxyPortName = "oauth-proxy"
	// OAuthProxyPort declares the port number of the Jaeger UI oauth proxy HTTP port.
	OAuthProxyPort = 8443

	// JaegerGRPCQuery declares the name of the Jaeger UI gPRC port.
	JaegerGRPCQuery = "jaeger-grpc"
	// PortJaegerGRPCQuery declares the port number of the Jaeger UI gPRC port.
	PortJaegerGRPCQuery = 16685

	// TempoGRPCQuery declares the name of the Jaeger UI gPRC port.
	TempoGRPCQuery = "proxy-grpc"
	// PortTempoGRPCQuery declares the port number of the Tempo storage gPRC port.
	PortTempoGRPCQuery = 7777

	// JaegerMetricsPortName declares the name of the Jaeger UI metrics port.
	JaegerMetricsPortName = "jaeger-metrics"
	// PortJaegerMetrics declares the port number of the Jaeger UI metrics port.
	PortJaegerMetrics = 16687

	// GatewayHttpPortName declares the name of the Gateway HTTP port (e.g. proxying the Jaeger UI).
	GatewayHttpPortName = "public"
	// GatewayPortHTTPServer declares the port number of the Gateway HTTP port.
	GatewayPortHTTPServer = 8080

	// GatewayInternalHttpPortName declares the name of the Gateway Internal HTTP port (e.g. used for health checks).
	GatewayInternalHttpPortName = "internal"
	// GatewayPortInternalHTTPServer declares the port number of the Gateway Internal HTTP port.
	GatewayPortInternalHTTPServer = 8081

	// GatewayGrpcPortName declares the name of the Gateway public gRPC port.
	GatewayGrpcPortName = "grpc-public"
	// GatewayPortGRPCServer declares the port number of the Gateway public gRPC port.
	GatewayPortGRPCServer = 8090

	// OtlpGrpcPortName declares the name of the OpenTelemetry Collector gRPC receiver port.
	OtlpGrpcPortName = "otlp-grpc"
	// PortOtlpGrpcServer declares the port number of the OpenTelemetry Collector gRPC receiver port.
	PortOtlpGrpcServer = 4317

	// PortOtlpHttpName declares the port name of the OpenTelemetry protocol over HTTP.
	PortOtlpHttpName = "otlp-http"
	// PortOtlpHttp declares the port number of the OpenTelemetry protocol over HTTP.
	PortOtlpHttp = 4318

	// PortJaegerThriftHTTPName declares the port name of the Jaeger Thrift HTTP protocol.
	PortJaegerThriftHTTPName = "thrift-http"
	// PortJaegerThriftHTTP declares the port number of the Jaeger Thrift HTTP protocol.
	PortJaegerThriftHTTP = 14268

	// PortJaegerThriftCompactName declares the port name of the Jaeger Thrift compact protocol.
	PortJaegerThriftCompactName = "thrift-compact"
	// PortJaegerThriftCompact declares the port number of the Jaeger Thrift compact protocol.
	PortJaegerThriftCompact = 6831

	// PortJaegerThriftBinaryName declares the port name of the Jaeger Thrift binary protocol.
	PortJaegerThriftBinaryName = "thrift-binary"
	// PortJaegerThriftBinary declares the port number of the Jaeger Thrift binary protocol.
	PortJaegerThriftBinary = 6832

	// PortJaegerGrpcName declares the port number of the Jaeger gRPC port.
	PortJaegerGrpcName = "jaeger-grpc"
	// PortJaegerGrpc declares the port number of the Jaeger gRPC port.
	PortJaegerGrpc = 14250

	// PortZipkinName declares the port number of zipkin receiver port.
	PortZipkinName = "http-zipkin"
	// PortZipkin declares the port number of zipkin receiver port.
	PortZipkin = 9411

	// HttpMemberlistPortName declares the name of the tempo memberlist port.
	HttpMemberlistPortName = "http-memberlist"
	// PortMemberlist declares the port number of the tempo memberlist port.
	PortMemberlist = 7946

	// CompactorComponentName declares the internal name of the compactor component.
	CompactorComponentName = "compactor"
	// QuerierComponentName declares the internal name of the querier component.
	QuerierComponentName = "querier"
	// DistributorComponentName declares the internal name of the distributor component.
	DistributorComponentName = "distributor"
	// QueryFrontendComponentName declares the internal name of the query-frontend component.
	QueryFrontendComponentName = "query-frontend"
	// JaegerFrontendComponentName declares the internal name of the jaeger-frontend component.
	JaegerFrontendComponentName = "jaeger-frontend"

	// QueryFrontendOauthProxyComponentName declares the internal name of the query-frontend-proxy component.
	QueryFrontendOauthProxyComponentName = "query-frontend-proxy"

	// IngesterComponentName declares the internal name of the ingester component.
	IngesterComponentName = "ingester"
	// GatewayComponentName declares the internal name of the gateway component.
	GatewayComponentName = "gateway"

	// TempoMonolithComponentName declares the internal name of the Tempo Monolith component.
	TempoMonolithComponentName = "tempo"
	// TempoConfigName declares the name of the Tempo ConfigMap (tempo-$name-config).
	TempoConfigName = "config"
	// JaegerUIComponentName declares the name of the Jaeger UI component.
	JaegerUIComponentName = "jaegerui"

	// TenantHeader is the header name that contains tenant name.
	TenantHeader = "x-scope-orgid"

	// TLSCAFilename is the key name of the CA file in the ConfigMap.
	TLSCAFilename = "service-ca.crt"
	// TLSCertFilename is the key name of the certificate file in the Secret.
	TLSCertFilename = "tls.crt"
	// TLSKeyFilename is the key name of the private key file in the Secret.
	TLSKeyFilename = "tls.key"

	// StorageTLSCAFilename is the key name of the CA file in the ConfigMap for accessing object storage.
	StorageTLSCAFilename = "ca.crt"

	// ServiceAccountTokenFilePath path for token STS.
	ServiceAccountTokenFilePath = saTokenVolumeMountPath + "/token"
	// AzureDefaultAudience default azure audience.
	AzureDefaultAudience = "api://AzureADTokenExchange"
	// GcpDefaultAudience default gcp audience for short token.
	GcpDefaultAudience = "openshift"
)
View Source 
const (
	// TLSDir is the path that is mounted from the secret for TLS.
	TLSDir = "/var/run/tls"

	// TempoInternalTLSCADir is the path that is mounted from the configmap for TLS.
	TempoInternalTLSCADir = "/var/run/ca"
	// TempoInternalTLSCertDir returns the mount path of the HTTP service certificates for communication between Tempo components.
	TempoInternalTLSCertDir = TLSDir + "/server"

	// ReceiverTLSCADir is the path that is mounted from the configmap for TLS for receiver.
	ReceiverTLSCADir = "/var/run/ca-receiver"
	// ReceiverTLSCertDir returns the mount path of the receivers certificates (for ingesting traces).
	ReceiverTLSCertDir = TLSDir + "/receiver"

	// ReceiverGRPCTLSCADir is the path that is mounted from the configmap for TLS for receiver.
	ReceiverGRPCTLSCADir = "/var/run/ca-receiver/grpc"
	// ReceiverGRPCTLSCertDir returns the mount path of the receivers certificates (for ingesting traces).
	ReceiverGRPCTLSCertDir = TLSDir + "/receiver/grpc"

	// ReceiverHTTPTLSCADir is the path that is mounted from the configmap for TLS for receiver.
	ReceiverHTTPTLSCADir = "/var/run/ca-receiver/http"
	// ReceiverHTTPTLSCertDir returns the mount path of the receivers certificates (for ingesting traces).
	ReceiverHTTPTLSCertDir = TLSDir + "/receiver/http"

	// StorageTLSCADir contains the CA file for accessing object storage.
	StorageTLSCADir = TLSDir + "/storage/ca"
	// StorageTLSCertDir contains the certificate and key file for accessing object storage.
	StorageTLSCertDir = TLSDir + "/storage/cert"
)

Variables

This section is empty.

Functions

func AzureShortLiveTokenAnnotation added in v0.16.0 

func AzureShortLiveTokenAnnotation(secret AzureStorage) map[string]string

AzureShortLiveTokenAnnotation returns service account annotations required by Azure Short Live Token.

func ClusterScopedCommonLabels added in v0.16.0 

func ClusterScopedCommonLabels(instance metav1.ObjectMeta) map[string]string

ClusterScopedCommonLabels returns common labels for cluster-scoped resouces, for example ClusterRole.

func ClusterScopedComponentLabels added in v0.16.0 

func ClusterScopedComponentLabels(instance metav1.ObjectMeta, component string) map[string]string

ClusterScopedComponentLabels returns common labels for cluster-scoped resouces (e.g. ClusterRole) including the app.kubernetes.io/component:<component> label.

func CommonAnnotations 

func CommonAnnotations(configChecksum string) map[string]string

CommonAnnotations returns common annotations for each pod created by the operator.

func CommonLabels 

func CommonLabels(instanceName string) map[string]string

CommonLabels returns common labels for each object created by the operator.

func CommonOperatorLabels 

func CommonOperatorLabels() map[string]string

CommonOperatorLabels returns the common labels for operator components.

func ComponentLabels 

func ComponentLabels(component, instanceName string) labels.Set

ComponentLabels is a list of all commonLabels including the app.kubernetes.io/component:<component> label.

func ConfigureAzureStorage added in v0.8.0 

func ConfigureAzureStorage(podTemplate *corev1.PodSpec, params *AzureStorage, containerName string, storageSecretName string,
	credentialMode v1alpha1.CredentialMode) error

ConfigureAzureStorage mounts the Azure Storage credentials in a pod.

func ConfigureGCS added in v0.8.0 

func ConfigureGCS(pod *corev1.PodSpec, containerName string, storageSecretName string, audience string, credentialMode v1alpha1.CredentialMode) error

ConfigureGCS mounts the Google Cloud Storage credentials in a pod.

func ConfigureS3Storage added in v0.8.0 

func ConfigureS3Storage(pod *corev1.PodSpec, containerName string, storageSecretName string,
	tlsSpec *v1alpha1.TLSSpec, credentialMode v1alpha1.CredentialMode, tempoName string, config *TokenCCOAuthConfig) error

ConfigureS3Storage mounts the Amazon S3 credentials and TLS certs in a pod.

func ConfigureServiceCA 

func ConfigureServiceCA(podSpec *corev1.PodSpec, caBundleName string, containers ...int) error

ConfigureServiceCA modify the PodSpec adding the volumes and volumeMounts to the specified containers.

func ConfigureServiceCAByContainerName added in v0.14.0 

func ConfigureServiceCAByContainerName(podSpec *corev1.PodSpec, caBundleName string, containers ...string) error

ConfigureServiceCAByContainerName modify the PodSpec adding the volumes and volumeMounts to the specified containers.

func ConfigureServicePKI 

func ConfigureServicePKI(tempoStackName string, component string, podSpec *corev1.PodSpec, containers ...int) error

ConfigureServicePKI modify the PodSpec adding cert the volumes and volumeMounts to the specified containers.

func ConfigureServicePKIByContainerName added in v0.14.0 

func ConfigureServicePKIByContainerName(tempoStackName string, component string, podSpec *corev1.PodSpec, containers ...string) error

ConfigureServicePKIByContainerName modify the PodSpec adding cert the volumes and volumeMounts to the specified containers.

func ConfigureStorage 

func ConfigureStorage(storage StorageParams, tempo v1alpha1.TempoStack, pod *corev1.PodSpec, containerName string) error

ConfigureStorage configures storage.

func DefaultAffinity 

func DefaultAffinity(labels labels.Set) *corev1.Affinity

DefaultAffinity returns the default affinity for Tempo components. It defines that two pods with the same labels (i.e. same component) should not be scheduled on the same node or failure domain.

func ManagedCredentialsSecretName added in v0.16.0 

func ManagedCredentialsSecretName(stackName string) string

ManagedCredentialsSecretName secret name with credentials.

func MountCAConfigMap added in v0.10.0 

func MountCAConfigMap(
	pod *corev1.PodSpec,
	containerName string,
	caConfigMap string,
	caDir string,
) error

MountCAConfigMap mounts the CA ConfigMap in a pod.

func MountCertSecret added in v0.10.0 

func MountCertSecret(
	pod *corev1.PodSpec,
	containerName string,
	certSecret string,
	certDir string,
) error

MountCertSecret mounts the Certificate Secret in a pod.

func MountTLSSpecVolumes added in v0.10.0 

func MountTLSSpecVolumes(
	pod *corev1.PodSpec,
	containerName string,
	tlsSpec v1alpha1.TLSSpec,
	caDir string,
	certDir string,
) error

MountTLSSpecVolumes mounts the CA ConfigMap and Certificate Secret in a pod.

func NewConfigMapCABundle added in v0.10.0 

func NewConfigMapCABundle(namespace string, name string, labels labels.Set) *corev1.ConfigMap

NewConfigMapCABundle creates a new ConfigMap with an annotation that triggers the service-ca-operator to inject the cluster CA bundle in this ConfigMap (service-ca.crt key).

func PatchTracingEnvConfiguration added in v0.15.0 

func PatchTracingEnvConfiguration(tempo v1alpha1.TempoStack, pod corev1.PodTemplateSpec) (corev1.PodTemplateSpec, error)

PatchTracingEnvConfiguration configures OTEL SDK via environment variables if operand observability settings exist.

func Resources 

func Resources(tempo v1alpha1.TempoStack, component string, replicas *int32) corev1.ResourceRequirements

Resources calculates the resource requirements of a specific component.

func S3AWSSTSAnnotations added in v0.12.0 

func S3AWSSTSAnnotations(secret S3) map[string]string

S3AWSSTSAnnotations returns service account annotations required by AWS STS.

func SetGoMemLimit added in v0.16.0 

func SetGoMemLimit(containerName string, pod *v1.PodSpec)

SetGoMemLimit sets GOMEMLIMIT env var to 80% memory of the container if it's defined.

func StorageSecretHash added in v0.16.0 

func StorageSecretHash(params StorageParams, annotations map[string]string) map[string]string

StorageSecretHash return annotations for secret storage content hashes.

func TempoContainerSecurityContext 

func TempoContainerSecurityContext() *corev1.SecurityContext

TempoContainerSecurityContext returns the default container security context.

func TempoFromManagerCredentialSecretName added in v0.16.0 

func TempoFromManagerCredentialSecretName(secretName string) string

TempoFromManagerCredentialSecretName tempo stack from secret name.

func TempoReadinessProbe 

func TempoReadinessProbe(tlsEnable bool) *corev1.Probe

TempoReadinessProbe returns a readiness Probe spec for tempo components.

Types

type AzureStorage 

type AzureStorage struct {
	Container  string
	AccountKey string
	ClientID   string
	TenantID   string
	Audience   string
}

AzureStorage for Azure Storage.

type CloudCredentials added in v0.16.0 

type CloudCredentials struct {
	ContentHash string
	Environment *TokenCCOAuthConfig
}

CloudCredentials secret details.

type GCS 

type GCS struct {
	Bucket            string
	IAMServiceAccount string
	ProjectID         string
	Audience          string
}

GCS for Google Cloud Storage.

type GatewayTenantOIDCSecret 

type GatewayTenantOIDCSecret struct {
	TenantName   string
	ClientID     string
	ClientSecret string
	IssuerCAPath string
}

GatewayTenantOIDCSecret holds clientID, clientSecret and issuerCAPath for tenant's authentication.

type GatewayTenantsData 

type GatewayTenantsData struct {
	TenantName string
	// OpenShiftCookieSecret is used for encrypting the auth token when put into the browser session.
	OpenShiftCookieSecret string
}

GatewayTenantsData holds cookie secret for opa-openshift sidecar.

type Params 

type Params struct {
	StorageParams       StorageParams
	ConfigChecksum      string
	Tempo               v1alpha1.TempoStack
	CtrlConfig          configv1alpha1.ProjectConfig
	TLSProfile          tlsprofile.TLSProfileOptions
	GatewayTenantSecret []*GatewayTenantOIDCSecret
	GatewayTenantsData  []*GatewayTenantsData
}

Params holds parameters used to create Tempo objects.

type S3 

type S3 struct {
	Endpoint string
	TLS      StorageTLS
	Bucket   string
	RoleARN  string
	Region   string
	Insecure bool
}

S3 holds S3 configuration.

type StorageParams 

type StorageParams struct {
	AzureStorage     *AzureStorage
	GCS              *GCS
	S3               *S3
	CredentialMode   v1alpha1.CredentialMode
	CloudCredentials CloudCredentials
}

StorageParams holds storage configuration from the storage secret, except the credentials.

type StorageTLS added in v0.8.0 

type StorageTLS struct {
	CAFilename string // for backwards compatibility (can be service-ca.crt or ca.crt)
}

StorageTLS holds StorageTLS configuration.

type TokenCCOAWSEnvironment added in v0.16.0 

type TokenCCOAWSEnvironment struct {
	RoleARN string
}

TokenCCOAWSEnvironment expose AWS settings when using CCO.

type TokenCCOAuthConfig added in v0.16.0 

type TokenCCOAuthConfig struct {
	AWS *TokenCCOAWSEnvironment
}

TokenCCOAuthConfig CCO token config.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.