resources

package
v0.0.0-...-a30ec6e Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 4, 2020 License: Apache-2.0 Imports: 18 Imported by: 0

Documentation

Index

Constants

View Source 
const CommonServicesProductID = "068a62892a1e4db39641342e592daa25"
View Source 
const CommonServicesProductName = "IBM Cloud Platform Common Services"
View Source 
const CommonServicesProductVersion = "3.4.0"
View Source 
const DefaultAPIKeySecretName = "icp-serviceid-apikey-secret" + ""

use concatenation so linter won't complain about "Secret" vars

View Source 
const DefaultClusterIssuer = "cs-ca-clusterissuer"
View Source 
const DefaultClusterName = "mycluster"
View Source 
const DefaultDmImageName = "metering-data-manager"
View Source 
const DefaultDmImageTag = "3.6.0"

starting with Common Services 3.4, images can be pulled by SHA or tag. run scripts/get-image-sha.sh to update operator.yaml with the SHA values. a SHA value looks like this: "sha256:nnnnnnnn" a tag value looks like this: "3.5.0".

View Source 
const DefaultImageRegistry = "quay.io/opencloudio"
View Source 
const DefaultMcmUIImageName = "metering-mcmui"
View Source 
const DefaultMcmUIImageTag = "3.6.0"
View Source 
const DefaultPlatformOidcSecretName = "platform-oidc-credentials" + ""
View Source 
const McmDeploymentName = "metering-mcmui"
View Source 
const McmServiceName = "metering-mcmui"
View Source 
const McmUICertCommonName = "metering-mcmui"
View Source 
const McmUICertDirName = "metering-mcmui"
View Source 
const McmUICertName = "metering-mcmui-ca-cert"

MCMUI certificate definition

View Source 
const McmUICertSecretName = "metering-mcmui-cert" + ""

use concatenation so linter won't complain about "Secret" vars

View Source 
const McmUICertVolumeName = "metering-mcmui-certs"
View Source 
const MeteringComponentName = "meteringsvc"
View Source 
const MeteringDependencies = "ibm-common-services.auth-idp, mongodb, cert-manager"
View Source 
const MeteringReleaseName = "metering"
View Source 
const VarImageSHAforDM = "IMAGE_SHA_OR_TAG_DM"

define the env vars that contain either the SHA or the tag

View Source 
const VarImageSHAforMCMUI = "IMAGE_SHA_OR_TAG_MCMUI"

Variables

View Source 
var ArchitectureList = []string{
	"amd64",
	"ppc64le",
	"s390x",
}
View Source 
var CommonEnvVars = []corev1.EnvVar{
	{
		Name:  "NODE_TLS_REJECT_UNAUTHORIZED",
		Value: "0",
	},
}
View Source 
var CommonIngressAnnotations = map[string]string{
	"app.kubernetes.io/managed-by": "operator",
	"kubernetes.io/ingress.class":  "ibm-icp-management",
}
View Source 
var CommonMainVolumeMounts = []corev1.VolumeMount{
	{
		Name:      "mongodb-ca-cert",
		MountPath: "/certs/mongodb-ca",
	},
	{
		Name:      "mongodb-client-cert",
		MountPath: "/certs/mongodb-client",
	},
}
View Source 
var DefaultMode int32 = 420
View Source 
var DefaultStatusForCR = []string{"none"}
View Source 
var FalseVar = false
View Source 
var IAMEnvVars = []corev1.EnvVar{
	{
		Name:  "DEFAULT_IAM_TOKEN_SERVICE_PORT",
		Value: "10443",
	},
	{
		Name:  "DEFAULT_IAM_PAP_SERVICE_PORT",
		Value: "39001",
	},
}
View Source 
var Log4jsVolumeMount = corev1.VolumeMount{
	Name:      "log4js",
	MountPath: "/etc/config",
}
View Source 
var LoglevelVolumeMount = corev1.VolumeMount{
	Name:      "loglevel",
	MountPath: "/etc/config",
}
View Source 
var McmIngressData = IngressData{
	Name:        "metering-mcmui",
	Path:        "/metering-mcm",
	Service:     "metering-mcmui",
	Port:        3001,
	Annotations: mcmIngressAnnotations,
}
View Source 
var McmUICertVolume = corev1.Volume{
	Name: McmUICertVolumeName,
	VolumeSource: corev1.VolumeSource{
		Secret: &corev1.SecretVolumeSource{
			SecretName:  McmUICertSecretName,
			DefaultMode: &DefaultMode,
			Optional:    &TrueVar,
		},
	},
}
View Source 
var McmUICertVolumeMountForMain = corev1.VolumeMount{
	Name:      McmUICertVolumeName,
	MountPath: "/certs/" + McmUICertDirName,
}
View Source 
var McmUICertVolumeMountForSecretCheck = corev1.VolumeMount{
	Name:      McmUICertVolumeName,
	MountPath: "/sec/" + McmUICertDirName,
}
View Source 
var McmUICertificateData = CertificateData{
	Name:      McmUICertName,
	Secret:    McmUICertSecretName,
	Common:    McmUICertCommonName,
	App:       McmDeploymentName,
	Component: McmDeploymentName,
}
View Source 
var McmUIMainContainer = corev1.Container{
	Image:           "metering-mcmui",
	Name:            "metering-mcmui",
	ImagePullPolicy: corev1.PullAlways,

	VolumeMounts: []corev1.VolumeMount{
		Log4jsVolumeMount,
	},

	Env: []corev1.EnvVar{
		{
			Name:  "PORT",
			Value: "3001",
		},
		{
			Name:  "PROXY_URI",
			Value: "metering-mcm",
		},
		{
			Name:  "MCM_UI_ISSSL",
			Value: "true",
		},
		{
			Name:  "MCM_UI_SSL_CA",
			Value: "/certs/" + McmUICertDirName + "/ca.crt",
		},
		{
			Name:  "MCM_UI_SSL_CERT",
			Value: "/certs/" + McmUICertDirName + "/tls.crt",
		},
		{
			Name:  "MCM_UI_SSL_KEY",
			Value: "/certs/" + McmUICertDirName + "/tls.key",
		},
	},
	Ports: []corev1.ContainerPort{
		{ContainerPort: 3001},
	},
	LivenessProbe: &corev1.Probe{
		Handler: corev1.Handler{
			HTTPGet: &corev1.HTTPGetAction{
				Path: "/unsecure/livenessProbe",
				Port: intstr.IntOrString{
					Type:   intstr.Int,
					IntVal: 3001,
				},
				Scheme: corev1.URISchemeHTTPS,
			},
		},
		InitialDelaySeconds: 305,
		TimeoutSeconds:      5,
		PeriodSeconds:       300,
		SuccessThreshold:    1,
		FailureThreshold:    3,
	},
	ReadinessProbe: &corev1.Probe{
		Handler: corev1.Handler{
			HTTPGet: &corev1.HTTPGetAction{
				Path: "/unsecure/readinessProbe",
				Port: intstr.IntOrString{
					Type:   intstr.Int,
					IntVal: 3001,
				},
				Scheme: corev1.URISchemeHTTPS,
			},
		},
		InitialDelaySeconds: 15,
		TimeoutSeconds:      5,
		PeriodSeconds:       15,
		SuccessThreshold:    1,
		FailureThreshold:    3,
	},
	Resources: corev1.ResourceRequirements{
		Limits: map[corev1.ResourceName]resource.Quantity{
			corev1.ResourceCPU:    *cpu500,
			corev1.ResourceMemory: *memory256},
		Requests: map[corev1.ResourceName]resource.Quantity{
			corev1.ResourceCPU:    *cpu100,
			corev1.ResourceMemory: *memory128},
	},
	SecurityContext: &commonSecurityContext,
}
View Source 
var Replica1 int32 = 1
View Source 
var Seconds60 int64 = 60
View Source 
var SecretCheckCmd = `set -- $SECRET_LIST; ` +
	`for secretDirName in $SECRET_DIR_LIST; do` +
	`  while true; do` +
	`    echo ` + "`date`" + `: Checking for secret $1;` +
	`    ls /sec/$secretDirName/* && break;` +
	`    echo ` + "`date`" + `: Required secret $1 not found ... try again in 30s;` +
	`    sleep 30;` +
	`  done;` +
	`  echo ` + "`date`" + `: Secret $1 found;` +
	`  shift; ` +
	`done; ` +
	`echo ` + "`date`" + `: All required secrets exist`
View Source 
var TrueVar = true
View Source 
var UIEnvVars = []corev1.EnvVar{
	{
		Name:  "IS_PRIVATECLOUD",
		Value: "true",
	},
	{
		Name:  "USE_PRIVATECLOUD_SECURITY",
		Value: "true",
	},
	{
		Name:  "DEFAULT_PLATFORM_IDENTITY_MANAGEMENT_SERVICE_PORT",
		Value: "4500",
	},
	{
		Name:  "DEFAULT_PLATFORM_HEADER_SERVICE_PORT",
		Value: "3000",
	},
}

Functions

func AnnotationsForPod 

func AnnotationsForPod() map[string]string

AnnotationsForPod returns the annotations associated with the pod being created

func BuildCertificate 

func BuildCertificate(instanceNamespace, instanceClusterIssuer string, certData CertificateData) *certmgr.Certificate

BuildCertificate returns a Certificate object. Call controllerutil.SetControllerReference to set the owner and controller for the Certificate object created by this function.

func BuildCommonClusterEnvVars 

func BuildCommonClusterEnvVars(instanceNamespace, instanceIAMnamespace string) []corev1.EnvVar

func BuildCommonVolumes 

func BuildCommonVolumes(mongoDB operatorv1alpha1.MeteringSpecMongoDB, loglevelPrefix, loglevelType string) []corev1.Volume

set loglevelType to "log4js" when building volumes for metering-mcmui. set loglevelType to "loglevel" when building volumes for any other component.

func BuildIngress 

func BuildIngress(namespace string, ingressData IngressData) *netv1.Ingress

BuildIngress returns an Ingress object. Call controllerutil.SetControllerReference to set the owner and controller for the Ingress object created by this function.

func BuildInitContainer 

func BuildInitContainer(deploymentName, imageName string, envVars []corev1.EnvVar) corev1.Container

func BuildMongoDBEnvVars 

func BuildMongoDBEnvVars(mongoDB operatorv1alpha1.MeteringSpecMongoDB) []corev1.EnvVar

func BuildSecretCheckContainer 

func BuildSecretCheckContainer(deploymentName, imageName, checkerCommand string,
	mongoDB operatorv1alpha1.MeteringSpecMongoDB, additionalInfo *SecretCheckData) corev1.Container

checkerCommand is the command to be executed by the secret-check container. mongoDB contains the password names from the CR. additionalInfo contains info about additional secrets to check.

func BuildUIClusterEnvVars 

func BuildUIClusterEnvVars(instanceNamespace, instanceClusterName string,
	instanceUI operatorv1alpha1.MeteringSpecUI, isMcmUI bool) []corev1.EnvVar

set isMcmUI to true when building env vars for metering-mcmui. set isMcmUI to false when building env vars for any other component.

func BuildUISecretVolumeMounts 

func BuildUISecretVolumeMounts(apiKeySecretName, platformOidcSecretName string) []corev1.VolumeMount

func BuildUISecretVolumes 

func BuildUISecretVolumes(apiKeySecretName, platformOidcSecretName string) []corev1.Volume

func GetImageID 

func GetImageID(instanceImageRegistry, instanceImageTagPostfix, defaultImageRegistry,
	imageName, envVarName, defaultImageTag string) string

GetImageID returns the ID of an operand image, either <imageName>@<SHA> or <imageName>:<tag>

func GetPodNames 

func GetPodNames(pods []corev1.Pod) []string

GetPodNames returns the pod names of the array of pods passed in

func GetServiceAccountName 

func GetServiceAccountName() string

GetServiceAccountName returns the service account name or default if it is not set in the environment

func IsCertificateEqual 

func IsCertificateEqual(oldCertificate, newCertificate *certmgr.Certificate) bool

Use DeepEqual to determine if 2 certificates are equal. Check ObjectMeta and Spec. If there are any differences, return false. Otherwise, return true.

func IsDaemonSetEqual 

func IsDaemonSetEqual(oldDaemonSet, newDaemonSet *appsv1.DaemonSet) bool

Use DeepEqual to determine if 2 daemon sets are equal. Check labels, pod template labels, service account names, volumes, containers, init containers, image name, volume mounts, env vars, liveness, readiness. If there are any differences, return false. Otherwise, return true.

func IsDeploymentEqual 

func IsDeploymentEqual(oldDeployment, newDeployment *appsv1.Deployment) bool

Use DeepEqual to determine if 2 deployments are equal. Check labels, replicas, pod template labels, service account names, volumes, containers, init containers, image name, volume mounts, env vars, liveness, readiness. If there are any differences, return false. Otherwise, return true. oldDeployment is the deployment that is currently running. newDeployment is what we expect the deployment to look like.

func IsIngressEqual 

func IsIngressEqual(oldIngress, newIngress *netv1.Ingress) bool

Use DeepEqual to determine if 2 ingresses are equal. Check ObjectMeta and Spec. If there are any differences, return false. Otherwise, return true.

func IsServiceEqual 

func IsServiceEqual(oldService, newService *corev1.Service) bool

Use DeepEqual to determine if 2 services are equal. Check ObjectMeta, Ports and Selector. If there are any differences, return false. Otherwise, return true.

func LabelsForMetadata 

func LabelsForMetadata(deploymentName string) map[string]string

returns the labels associated with the resource being created

func LabelsForPodMetadata 

func LabelsForPodMetadata(deploymentName string, crType string, crName string) map[string]string

returns the labels associated with the Pod being created

func LabelsForSelector 

func LabelsForSelector(deploymentName string, crType string, crName string) map[string]string

returns the labels for selecting the resources belonging to the given metering CR name

func ReconcileCertificate 

func ReconcileCertificate(client client.Client, instanceNamespace, certificateName string,
	newCertificate *certmgr.Certificate, needToRequeue *bool) error

Check if the Certificates already exist, if not create new ones.

func ReconcileDeployment 

func ReconcileDeployment(client client.Client, instanceNamespace, deploymentName, deploymentType string,
	newDeployment *appsv1.Deployment, needToRequeue *bool) error

Check if a Deployment already exists. If not, create a new one.

func ReconcileIngress 

func ReconcileIngress(client client.Client, instanceNamespace, ingressName, ingressType string,
	newIngress *netv1.Ingress, needToRequeue *bool) error

Check if the Ingress already exists, if not create a new one.

func ReconcileService 

func ReconcileService(client client.Client, instanceNamespace, serviceName, serviceType string,
	newService *corev1.Service, needToRequeue *bool) error

Check if a Service already exists. If not, create a new one.

Types

type CertificateData 

type CertificateData struct {
	Name      string
	Secret    string
	Common    string
	App       string
	Component string
}

type IngressData 

type IngressData struct {
	Name        string
	Path        string
	Service     string
	Port        int32
	Annotations map[string]string
}

type SecretCheckData 

type SecretCheckData struct {
	Names        string
	Dirs         string
	VolumeMounts []corev1.VolumeMount
}

SecretCheckData contains info about additional secrets for the secret-check container. Names will be added to the SECRET_LIST env var. Dirs will be added to the SECRET_DIR_LIST env var. VolumeMounts contains the volume mounts associated with the secrets.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.