Documentation ¶
Index ¶
- Constants
- Variables
- func AnnotationsForPod() map[string]string
- func BuildCertificate(instanceNamespace, instanceClusterIssuer string, certData CertificateData) *certmgr.Certificate
- func BuildCommonClusterEnvVars(instanceNamespace, instanceIAMnamespace string) []corev1.EnvVar
- func BuildCommonVolumes(mongoDB operatorv1alpha1.MeteringSpecMongoDB, ...) []corev1.Volume
- func BuildIngress(namespace string, ingressData IngressData) *netv1.Ingress
- func BuildInitContainer(deploymentName, imageName string, envVars []corev1.EnvVar) corev1.Container
- func BuildMongoDBEnvVars(mongoDB operatorv1alpha1.MeteringSpecMongoDB) []corev1.EnvVar
- func BuildSecretCheckContainer(deploymentName, imageName, checkerCommand string, ...) corev1.Container
- func BuildUIClusterEnvVars(instanceNamespace, instanceClusterName string, ...) []corev1.EnvVar
- func BuildUISecretVolumeMounts(apiKeySecretName, platformOidcSecretName string) []corev1.VolumeMount
- func BuildUISecretVolumes(apiKeySecretName, platformOidcSecretName string) []corev1.Volume
- func GetImageID(...) string
- func GetPodNames(pods []corev1.Pod) []string
- func GetServiceAccountName() string
- func IsCertificateEqual(oldCertificate, newCertificate *certmgr.Certificate) bool
- func IsDaemonSetEqual(oldDaemonSet, newDaemonSet *appsv1.DaemonSet) bool
- func IsDeploymentEqual(oldDeployment, newDeployment *appsv1.Deployment) bool
- func IsIngressEqual(oldIngress, newIngress *netv1.Ingress) bool
- func IsServiceEqual(oldService, newService *corev1.Service) bool
- func LabelsForMetadata(deploymentName string) map[string]string
- func LabelsForPodMetadata(deploymentName string, crType string, crName string) map[string]string
- func LabelsForSelector(deploymentName string, crType string, crName string) map[string]string
- func ReconcileCertificate(client client.Client, instanceNamespace, certificateName string, ...) error
- func ReconcileDeployment(client client.Client, instanceNamespace, deploymentName, deploymentType string, ...) error
- func ReconcileIngress(client client.Client, instanceNamespace, ingressName, ingressType string, ...) error
- func ReconcileService(client client.Client, instanceNamespace, serviceName, serviceType string, ...) error
- type CertificateData
- type IngressData
- type SecretCheckData
Constants ¶
const CommonServicesProductID = "068a62892a1e4db39641342e592daa25"
const CommonServicesProductName = "IBM Cloud Platform Common Services"
const CommonServicesProductVersion = "3.4.0"
const DefaultAPIKeySecretName = "icp-serviceid-apikey-secret" + ""
use concatenation so linter won't complain about "Secret" vars
const DefaultClusterIssuer = "cs-ca-clusterissuer"
const DefaultClusterName = "mycluster"
const DefaultDmImageName = "metering-data-manager"
const DefaultDmImageTag = "3.6.0"
starting with Common Services 3.4, images can be pulled by SHA or tag. run scripts/get-image-sha.sh to update operator.yaml with the SHA values. a SHA value looks like this: "sha256:nnnnnnnn" a tag value looks like this: "3.5.0".
const DefaultImageRegistry = "quay.io/opencloudio"
const DefaultMcmUIImageName = "metering-mcmui"
const DefaultMcmUIImageTag = "3.6.0"
const DefaultPlatformOidcSecretName = "platform-oidc-credentials" + ""
const McmDeploymentName = "metering-mcmui"
const McmServiceName = "metering-mcmui"
const McmUICertCommonName = "metering-mcmui"
const McmUICertDirName = "metering-mcmui"
const McmUICertName = "metering-mcmui-ca-cert"
MCMUI certificate definition
const McmUICertSecretName = "metering-mcmui-cert" + ""
use concatenation so linter won't complain about "Secret" vars
const McmUICertVolumeName = "metering-mcmui-certs"
const MeteringComponentName = "meteringsvc"
const MeteringDependencies = "ibm-common-services.auth-idp, mongodb, cert-manager"
const MeteringReleaseName = "metering"
const VarImageSHAforDM = "IMAGE_SHA_OR_TAG_DM"
define the env vars that contain either the SHA or the tag
const VarImageSHAforMCMUI = "IMAGE_SHA_OR_TAG_MCMUI"
Variables ¶
var ArchitectureList = []string{
"amd64",
"ppc64le",
"s390x",
}
var CommonEnvVars = []corev1.EnvVar{
{
Name: "NODE_TLS_REJECT_UNAUTHORIZED",
Value: "0",
},
}
var CommonIngressAnnotations = map[string]string{
"app.kubernetes.io/managed-by": "operator",
"kubernetes.io/ingress.class": "ibm-icp-management",
}
var CommonMainVolumeMounts = []corev1.VolumeMount{
{
Name: "mongodb-ca-cert",
MountPath: "/certs/mongodb-ca",
},
{
Name: "mongodb-client-cert",
MountPath: "/certs/mongodb-client",
},
}
var DefaultMode int32 = 420
var DefaultStatusForCR = []string{"none"}
var FalseVar = false
var IAMEnvVars = []corev1.EnvVar{
{
Name: "DEFAULT_IAM_TOKEN_SERVICE_PORT",
Value: "10443",
},
{
Name: "DEFAULT_IAM_PAP_SERVICE_PORT",
Value: "39001",
},
}
var Log4jsVolumeMount = corev1.VolumeMount{
Name: "log4js",
MountPath: "/etc/config",
}
var LoglevelVolumeMount = corev1.VolumeMount{
Name: "loglevel",
MountPath: "/etc/config",
}
var McmIngressData = IngressData{
Name: "metering-mcmui",
Path: "/metering-mcm",
Service: "metering-mcmui",
Port: 3001,
Annotations: mcmIngressAnnotations,
}
var McmUICertVolume = corev1.Volume{ Name: McmUICertVolumeName, VolumeSource: corev1.VolumeSource{ Secret: &corev1.SecretVolumeSource{ SecretName: McmUICertSecretName, DefaultMode: &DefaultMode, Optional: &TrueVar, }, }, }
var McmUICertVolumeMountForMain = corev1.VolumeMount{ Name: McmUICertVolumeName, MountPath: "/certs/" + McmUICertDirName, }
var McmUICertVolumeMountForSecretCheck = corev1.VolumeMount{ Name: McmUICertVolumeName, MountPath: "/sec/" + McmUICertDirName, }
var McmUICertificateData = CertificateData{ Name: McmUICertName, Secret: McmUICertSecretName, Common: McmUICertCommonName, App: McmDeploymentName, Component: McmDeploymentName, }
var McmUIMainContainer = corev1.Container{ Image: "metering-mcmui", Name: "metering-mcmui", ImagePullPolicy: corev1.PullAlways, VolumeMounts: []corev1.VolumeMount{ Log4jsVolumeMount, }, Env: []corev1.EnvVar{ { Name: "PORT", Value: "3001", }, { Name: "PROXY_URI", Value: "metering-mcm", }, { Name: "MCM_UI_ISSSL", Value: "true", }, { Name: "MCM_UI_SSL_CA", Value: "/certs/" + McmUICertDirName + "/ca.crt", }, { Name: "MCM_UI_SSL_CERT", Value: "/certs/" + McmUICertDirName + "/tls.crt", }, { Name: "MCM_UI_SSL_KEY", Value: "/certs/" + McmUICertDirName + "/tls.key", }, }, Ports: []corev1.ContainerPort{ {ContainerPort: 3001}, }, LivenessProbe: &corev1.Probe{ Handler: corev1.Handler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/unsecure/livenessProbe", Port: intstr.IntOrString{ Type: intstr.Int, IntVal: 3001, }, Scheme: corev1.URISchemeHTTPS, }, }, InitialDelaySeconds: 305, TimeoutSeconds: 5, PeriodSeconds: 300, SuccessThreshold: 1, FailureThreshold: 3, }, ReadinessProbe: &corev1.Probe{ Handler: corev1.Handler{ HTTPGet: &corev1.HTTPGetAction{ Path: "/unsecure/readinessProbe", Port: intstr.IntOrString{ Type: intstr.Int, IntVal: 3001, }, Scheme: corev1.URISchemeHTTPS, }, }, InitialDelaySeconds: 15, TimeoutSeconds: 5, PeriodSeconds: 15, SuccessThreshold: 1, FailureThreshold: 3, }, Resources: corev1.ResourceRequirements{ Limits: map[corev1.ResourceName]resource.Quantity{ corev1.ResourceCPU: *cpu500, corev1.ResourceMemory: *memory256}, Requests: map[corev1.ResourceName]resource.Quantity{ corev1.ResourceCPU: *cpu100, corev1.ResourceMemory: *memory128}, }, SecurityContext: &commonSecurityContext, }
var Replica1 int32 = 1
var Seconds60 int64 = 60
var SecretCheckCmd = `set -- $SECRET_LIST; ` +
`for secretDirName in $SECRET_DIR_LIST; do` +
` while true; do` +
` echo ` + "`date`" + `: Checking for secret $1;` +
` ls /sec/$secretDirName/* && break;` +
` echo ` + "`date`" + `: Required secret $1 not found ... try again in 30s;` +
` sleep 30;` +
` done;` +
` echo ` + "`date`" + `: Secret $1 found;` +
` shift; ` +
`done; ` +
`echo ` + "`date`" + `: All required secrets exist`
var TrueVar = true
var UIEnvVars = []corev1.EnvVar{
{
Name: "IS_PRIVATECLOUD",
Value: "true",
},
{
Name: "USE_PRIVATECLOUD_SECURITY",
Value: "true",
},
{
Name: "DEFAULT_PLATFORM_IDENTITY_MANAGEMENT_SERVICE_PORT",
Value: "4500",
},
{
Name: "DEFAULT_PLATFORM_HEADER_SERVICE_PORT",
Value: "3000",
},
}
Functions ¶
func AnnotationsForPod ¶
AnnotationsForPod returns the annotations associated with the pod being created
func BuildCertificate ¶
func BuildCertificate(instanceNamespace, instanceClusterIssuer string, certData CertificateData) *certmgr.Certificate
BuildCertificate returns a Certificate object. Call controllerutil.SetControllerReference to set the owner and controller for the Certificate object created by this function.
func BuildCommonVolumes ¶
func BuildCommonVolumes(mongoDB operatorv1alpha1.MeteringSpecMongoDB, loglevelPrefix, loglevelType string) []corev1.Volume
set loglevelType to "log4js" when building volumes for metering-mcmui. set loglevelType to "loglevel" when building volumes for any other component.
func BuildIngress ¶
func BuildIngress(namespace string, ingressData IngressData) *netv1.Ingress
BuildIngress returns an Ingress object. Call controllerutil.SetControllerReference to set the owner and controller for the Ingress object created by this function.
func BuildInitContainer ¶
func BuildMongoDBEnvVars ¶
func BuildMongoDBEnvVars(mongoDB operatorv1alpha1.MeteringSpecMongoDB) []corev1.EnvVar
func BuildSecretCheckContainer ¶
func BuildSecretCheckContainer(deploymentName, imageName, checkerCommand string, mongoDB operatorv1alpha1.MeteringSpecMongoDB, additionalInfo *SecretCheckData) corev1.Container
checkerCommand is the command to be executed by the secret-check container. mongoDB contains the password names from the CR. additionalInfo contains info about additional secrets to check.
func BuildUIClusterEnvVars ¶
func BuildUIClusterEnvVars(instanceNamespace, instanceClusterName string, instanceUI operatorv1alpha1.MeteringSpecUI, isMcmUI bool) []corev1.EnvVar
set isMcmUI to true when building env vars for metering-mcmui. set isMcmUI to false when building env vars for any other component.
func BuildUISecretVolumeMounts ¶
func BuildUISecretVolumeMounts(apiKeySecretName, platformOidcSecretName string) []corev1.VolumeMount
func BuildUISecretVolumes ¶
func GetImageID ¶
func GetImageID(instanceImageRegistry, instanceImageTagPostfix, defaultImageRegistry, imageName, envVarName, defaultImageTag string) string
GetImageID returns the ID of an operand image, either <imageName>@<SHA> or <imageName>:<tag>
func GetPodNames ¶
GetPodNames returns the pod names of the array of pods passed in
func GetServiceAccountName ¶
func GetServiceAccountName() string
GetServiceAccountName returns the service account name or default if it is not set in the environment
func IsCertificateEqual ¶
func IsCertificateEqual(oldCertificate, newCertificate *certmgr.Certificate) bool
Use DeepEqual to determine if 2 certificates are equal. Check ObjectMeta and Spec. If there are any differences, return false. Otherwise, return true.
func IsDaemonSetEqual ¶
Use DeepEqual to determine if 2 daemon sets are equal. Check labels, pod template labels, service account names, volumes, containers, init containers, image name, volume mounts, env vars, liveness, readiness. If there are any differences, return false. Otherwise, return true.
func IsDeploymentEqual ¶
func IsDeploymentEqual(oldDeployment, newDeployment *appsv1.Deployment) bool
Use DeepEqual to determine if 2 deployments are equal. Check labels, replicas, pod template labels, service account names, volumes, containers, init containers, image name, volume mounts, env vars, liveness, readiness. If there are any differences, return false. Otherwise, return true. oldDeployment is the deployment that is currently running. newDeployment is what we expect the deployment to look like.
func IsIngressEqual ¶
Use DeepEqual to determine if 2 ingresses are equal. Check ObjectMeta and Spec. If there are any differences, return false. Otherwise, return true.
func IsServiceEqual ¶
Use DeepEqual to determine if 2 services are equal. Check ObjectMeta, Ports and Selector. If there are any differences, return false. Otherwise, return true.
func LabelsForMetadata ¶
returns the labels associated with the resource being created
func LabelsForPodMetadata ¶
returns the labels associated with the Pod being created
func LabelsForSelector ¶
returns the labels for selecting the resources belonging to the given metering CR name
func ReconcileCertificate ¶
func ReconcileCertificate(client client.Client, instanceNamespace, certificateName string, newCertificate *certmgr.Certificate, needToRequeue *bool) error
Check if the Certificates already exist, if not create new ones.
func ReconcileDeployment ¶
func ReconcileDeployment(client client.Client, instanceNamespace, deploymentName, deploymentType string, newDeployment *appsv1.Deployment, needToRequeue *bool) error
Check if a Deployment already exists. If not, create a new one.
Types ¶
type CertificateData ¶
type IngressData ¶
type SecretCheckData ¶
type SecretCheckData struct { Names string Dirs string VolumeMounts []corev1.VolumeMount }
SecretCheckData contains info about additional secrets for the secret-check container. Names will be added to the SECRET_LIST env var. Dirs will be added to the SECRET_DIR_LIST env var. VolumeMounts contains the volume mounts associated with the secrets.