Documentation ¶
Index ¶
- Constants
- Variables
- func CalculateBatchTimeout(timeoutMinutes, numBatches, currentBatch int, ...) time.Duration
- func CleanupManifestWorkForBatch(ctx context.Context, c client.Client, ...) error
- func ClusterVersionGroupVersionKind() schema.GroupVersionKind
- func ContainsTemplates(s string) bool
- func CreateManifestWorkForCluster(ctx context.Context, client client.Client, ...) error
- func DeleteManagedClusterActions(ctx context.Context, c client.Client, ...) error
- func DeleteManagedClusterViews(ctx context.Context, c client.Client, ...) error
- func DeleteMultiCloudObjects(ctx context.Context, c client.Client, ...) error
- func DeletePlacementBindings(ctx context.Context, c client.Client, ns string, labels map[string]string) error
- func DeletePlacementRules(ctx context.Context, c client.Client, ns string, labels map[string]string) error
- func DeletePolicies(ctx context.Context, c client.Client, ns string, labels map[string]string) error
- func EnsureManagedClusterActionForInstallPlan(ctx context.Context, c client.Client, namespace, cguLabel string, ...) (*actionv1beta1.ManagedClusterAction, error)
- func EnsureManagedClusterView(ctx context.Context, c client.Client, ...) (*viewv1beta1.ManagedClusterView, error)
- func FinalMultiCloudObjectCleanup(ctx context.Context, c client.Client, ...) error
- func FindStringInSlice(a []string, s string) (int, bool)
- func GetChildPolicies(ctx context.Context, c client.Client, clusters []string) ([]policiesv1.Policy, error)
- func GetClustersListFromRemediationPlan(clusterGroupUpgrade *ranv1alpha1.ClusterGroupUpgrade) []string
- func GetMCVUpdateInterval(totalClusters int) int
- func GetManifestWorkForCluster(ctx context.Context, client client.Client, ...) (*mwv1.ManifestWork, error)
- func GetMinOf3(number1, number2, number3 int) int
- func GetMultiCloudObjectName(clusterGroupUpgrade *ranv1alpha1.ClusterGroupUpgrade, kind, objectName string) string
- func GetParentPolicyNameAndNamespace(childPolicyName string) ([]string, error)
- func GetResourceName(clusterGroupUpgrade *ranv1alpha1.ClusterGroupUpgrade, initialString string) string
- func GetSafeResourceName(name, namespace string, clusterGroupUpgrade *ranv1alpha1.ClusterGroupUpgrade, ...) string
- func InspectPolicyObjects(policy *unstructured.Unstructured) (bool, error)
- func IsManifestWorkCompleted(mw *mwv1.ManifestWork) (bool, error)
- func NewManagedClusterActionForInstallPlanSpec(installPlan operatorsv1alpha1.InstallPlan) (*actionv1beta1.ActionSpec, error)
- func NewSafeResourceName(name, namespace, suffix string, maxLength int) (safename string)
- func PrefixNameWithNamespace(namespace, name string) string
- func ProcessSubscriptionManagedClusterView(ctx context.Context, c client.Client, ...) (int, error)
- func SetStatusCondition(existingConditions *[]metav1.Condition, conditionType ConditionType, ...)
- func ShouldSoak(policy *unstructured.Unstructured, firstCompliantAt metav1.Time) (bool, error)
- func StringToYaml(s string) (interface{}, error)
- func StripObjectTemplatesRaw(tmplStr string) string
- func SubscriptionGroupVersionKind() schema.GroupVersionKind
- func UpdateManagedPolicyNamespaceList(policyNs map[string][]string, policyNameArr []string)
- type ConditionReason
- type ConditionType
- type ManifestWorkExpectedValues
- type PolicyErr
Constants ¶
const ( CGUControllerWorkerCountEnv = "TALM_CGU_CTRL_WORKER_COUNT" DefaultCGUControllerWorkerCount = 5 )
CGU controller constants
const ( RemediationActionEnforce = "enforce" RemediationActionInform = "inform" )
RemediationActionEnforce - Policy remediation for policies.
const ( ClusterStatusNonCompliant = "NonCompliant" ClusterStatusCompliant = "Compliant" ClusterStatusPending = "Pending" ClusterNotMatchedWithPolicy = "NotMatchedWithPolicy" PolicyStatusPresent = "PolicyStatusPresent" )
Possible status returned when checking the compliance of a cluster with a policy.
const ( ClusterRemediationComplete = "complete" ClusterRemediationTimedout = "timedout" )
Possible status of cluster remediation progress
const ( // Maximum length of policy + namespace (not including extra separator dot so 63 -1 = 62) // this is calculated with utf8.RuneCountInString(policy.Name)+utf8.RuneCountInString+utf8.RuneCountInString(policy.Namespace) MaxPolicyNameLengthExcludingTheDot = 62 MaxObjectNameLength = 253 NameSuffixAnnotation = CsvNamePrefix + "/name-suffix" RandomNameSuffixLength = 5 )
CR name length limits and suffix annotation
const ( CsvNamePrefix = "cluster-group-upgrades-operator" KubeconfigSecretSuffix = "admin-kubeconfig" OperatorConfigOverrides = "cluster-group-upgrade-overrides" PrecacheJobNamespace = "openshift-talo-pre-cache" PrecacheJobName = "pre-cache" PrecacheServiceAccountName = "pre-cache-agent" PrecacheSpecCmName = "pre-cache-spec" PrecacheSpecValidCondition = "PrecacheSpecValid" )
Pre-cache constants
const ( ViewUpdateSecPerCluster = 6 ViewUpdateSecTotalMin = 30 ViewUpdateSecTotalMax = 300 )
ViewUpdateSecPerCluster defines default ManagementClusterView update periodicity When configuring managedclusterview for clusters in precache-starting state, this value is multiplied by number of clusters, then bound by min and max
const ( SubscriptionStateAtLatestKnown = "AtLatestKnown" SubscriptionStateUpgradePending = "UpgradePending" )
Subscription possible states
const ( ManagedClusterViewPrefix = "view" ManagedClusterActionPrefix = "action" )
Multicloud object types
const ( InstallPlanWasApproved = 0 InstallPlanCannotBeApproved = 1 NoActionForApprovingInstallPlan = 2 MultiCloudPendingStatus = 3 InstallPlanAlreadyApproved = 4 MultiCloudWaitTimeSec = 3 TestManagedClusterActionTimeoutMessage = `ManagedClusterAction hasn't completed in the required timeout` TestManagedClusterActionFailedMessage = "ManagedClusterAction failed" )
Constants used for working with multicloud-operators-foundation
const ( ReconcileNow = 0 StopReconciling = 1 DontReconcile = 2 )
Reconciling instructions.
const ( ObjectTemplates = "object-templates" ObjectTemplatesRaw = "object-templates-raw" )
Object template constants
const ( PlcMissTmplDef = "policy is missing its spec.policy-templates.objectDefinition" PlcMissTmplDefMeta = "policy is missing its spec.policy-templates.objectDefinition.metadata" PlcMissTmplDefSpec = "policy is missing its spec.policy-templates.objectDefinition.spec" ConfigPlcFailRawMarshal = "policy was unable to be unmmarshalled from object-templates-raw" ConfigPlcHasBothObjTmpl = "" /* 145-byte string literal not displayed */ ConfigPlcMissAnyObjTmpl = "" /* 152-byte string literal not displayed */ ConfigPlcMissObjTmplDef = "policy is missing its spec.policy-templates.objectDefinition.spec.object-templates.objectDefinition" ConfigPlcRawObjTmplErr = "policy defines spec.policy-templates.objectDefinition.spec.object-templates-raw but is empty" Placeholder = "placeholder" PlcHasHubTmplErr = "" /* 141-byte string literal not displayed */ PlcHubTmplFmtErr = "template format is not supported in TALM" PlcHubTmplFuncErr = "template function is not supported in TALM" PlcHubTmplPrinfInNameErr = "printf variable is not supported in the template function Name field" PlcHubTmplPrinfInNsErr = "printf variable is not supported in the template function Namespace field" PlcLookupFuncResErr = "" /* 146-byte string literal not displayed */ )
Policy errors
const (
CannotStart = "UpgradeCannotStart"
)
Upgrade status
const (
ChildPolicyLabel = "policy.open-cluster-management.io/root-policy"
)
Label specific to ACM child policies.
const (
CleanupFinalizer = "ran.openshift.io/cleanup-finalizer"
)
Finalizers
const (
DesiredResourceName = CsvNamePrefix + "/rname"
)
Annotation for TALO created object names
const ExcludeFromClusterBackup = "velero.io/exclude-from-backup"
ExcludeFromClusterBackup is a label to exclude object from cluster-backup-operator https://github.com/stolostron/cluster-backup-operator#steps-to-identify-backup-data
const (
PolicyTypeCatalogSource = "CatalogSource"
)
Policy types used within the operator
const SoakAnnotation = "ran.openshift.io/soak-seconds"
SoakAnnotation is the annotation that can be set on policies, which indicates the least number of seconds which policies should be compliant before the cgu moves on from that policy
const SpaceRequiredForPrecache = "35 GiB"
SpaceRequiredForPrecache is an env variable for precaching job that indicates the amount of space required for precaching job. This is a rough estimate. 30 GiB for OCP images and 5 GiB as a buffer for operator images and other disk allocations that can happen between the job and the actual upgrade kicked off by the CGU.
Variables ¶
var CompletedMessages = map[ranv1alpha1.RolloutType]string{ ranv1alpha1.RolloutTypes.Policy: "All clusters are compliant with all the managed policies", ranv1alpha1.RolloutTypes.ManifestWork: "All manifestworks rolled out successfully on all clusters", }
CompletedMessages defines the completed messages for the conditions by rollout type
var ConditionReasons = struct { Completed ConditionReason ClusterSelectionCompleted ConditionReason ValidationCompleted ConditionReason BackupCompleted ConditionReason PrecachingCompleted ConditionReason Failed ConditionReason IncompleteBlockingCR ConditionReason InProgress ConditionReason InvalidPlatformImage ConditionReason MissingBlockingCR ConditionReason NotAllManagedPoliciesExist ConditionReason AmbiguousManagedPoliciesNames ConditionReason NotEnabled ConditionReason NotStarted ConditionReason ClusterNotFound ConditionReason NotPresent ConditionReason PartiallyDone ConditionReason PrecacheSpecIncomplete ConditionReason PrecacheSpecIsWellFormed ConditionReason TimedOut ConditionReason UnresolvableDenpendency ConditionReason }{ Completed: "Completed", ClusterSelectionCompleted: "ClusterSelectionCompleted", ValidationCompleted: "ValidationCompleted", BackupCompleted: "BackupCompleted", PrecachingCompleted: "PrecachingCompleted", Failed: "Failed", IncompleteBlockingCR: "IncompleteBlockingCR", InProgress: "InProgress", InvalidPlatformImage: "InvalidPlatformImage", MissingBlockingCR: "MissingBlockingCR", NotAllManagedPoliciesExist: "NotAllManagedPoliciesExist", AmbiguousManagedPoliciesNames: "AmbiguousManagedPoliciesNames", NotEnabled: "NotEnabled", NotStarted: "NotStarted", ClusterNotFound: "ClusterNotFound", NotPresent: "NotPresent", PartiallyDone: "PartiallyDone", PrecacheSpecIncomplete: "PrecacheSpecIncomplete", PrecacheSpecIsWellFormed: "PrecacheSpecIsWellFormed", TimedOut: "TimedOut", UnresolvableDenpendency: "UnresolvableDenpendency", }
ConditionReasons define the different reasons that conditions will be set for
var ConditionTypes = struct { BackupSuceeded ConditionType ClustersSelected ConditionType PrecacheSpecValid ConditionType PrecachingSuceeded ConditionType Progressing ConditionType Succeeded ConditionType Validated ConditionType }{ BackupSuceeded: "BackupSuceeded", ClustersSelected: "ClustersSelected", PrecacheSpecValid: "PrecacheSpecValid", PrecachingSuceeded: "PrecachingSuceeded", Progressing: "Progressing", Succeeded: "Succeeded", Validated: "Validated", }
ConditionTypes define the different types of conditions that will be set
var EnsureInstallPlanIsApproved = func( ctx context.Context, c client.Client, clusterGroupUpgrade *ranv1alpha1.ClusterGroupUpgrade, subscription operatorsv1alpha1.Subscription, clusterName string) (int, error) { multiCloudLog.Info("[EnsureInstallPlanIsApproved] Create MCV for InstallPlan", "InstallPlan", subscription.Status.Install.Name, "ns", clusterName) mcvForInstallPlan, err := EnsureManagedClusterView( ctx, c, subscription.Status.Install.Name, subscription.Status.Install.Name, clusterName, "InstallPlan", subscription.Status.Install.Name, subscription.ObjectMeta.Namespace, clusterGroupUpgrade.Name, clusterGroupUpgrade.Namespace) if err != nil { return InstallPlanCannotBeApproved, err } conditionMCVforInstallPlan := meta.FindStatusCondition( mcvForInstallPlan.Status.Conditions, viewv1beta1.ConditionViewProcessing) if conditionMCVforInstallPlan == nil { multiCloudLog.Info("ManagedClusterView was not (yet) ready, try again later", "managedclusterview", mcvForInstallPlan.ObjectMeta.Name, "namespace", mcvForInstallPlan.ObjectMeta.Namespace) return MultiCloudPendingStatus, nil } if conditionMCVforInstallPlan.Reason != viewv1beta1.ReasonGetResource { multiCloudLog.Info("ManagedClusterView was not able to retrieve the requested resource (yet), trying again later", "managedclusterview", mcvForInstallPlan.ObjectMeta.Name, "namespace", mcvForInstallPlan.ObjectMeta.Namespace) return MultiCloudPendingStatus, nil } if conditionMCVforInstallPlan.Status == "True" && conditionMCVforInstallPlan.Reason == viewv1beta1.ReasonGetResource { installPlan := operatorsv1alpha1.InstallPlan{} json.Unmarshal(mcvForInstallPlan.Status.Result.Raw, &installPlan) if installPlan.Spec.Approval != operatorsv1alpha1.ApprovalManual { multiCloudLog.Info("InstallPlan can't be approved as it's approval is not set to Manual", "InstallPlan", installPlan.ObjectMeta.Name, "namespace", installPlan.ObjectMeta.Namespace) return InstallPlanCannotBeApproved, nil } if installPlan.Spec.Approved { multiCloudLog.Info("InstallPlan has already been approved", "InstallPlan", installPlan.ObjectMeta.Name, "namespace", installPlan.ObjectMeta.Namespace) return InstallPlanAlreadyApproved, nil } multiCloudLog.Info("Create ManagedClusterAction for InstallPlan", "InstallPlan", installPlan.ObjectMeta.Name, "namespace", installPlan.ObjectMeta.Namespace) _, err := EnsureManagedClusterActionForInstallPlan(ctx, c, clusterName, clusterGroupUpgrade.Namespace+"-"+clusterGroupUpgrade.Name, installPlan) if err != nil { return InstallPlanCannotBeApproved, err } return InstallPlanWasApproved, nil } return InstallPlanCannotBeApproved, nil }
EnsureInstallPlanIsApproved creates a view to get all the needed information on an InstallPlan and creates an action to approve that plan, if the plan's approval is set to Manual.
var InProgressMessages = map[ranv1alpha1.RolloutType]string{ ranv1alpha1.RolloutTypes.Policy: "Remediating non-compliant policies", ranv1alpha1.RolloutTypes.ManifestWork: "Rolling out manifestworks", }
InProgressMessages defines the in progress messages for the conditions by rollout type
var TimeoutMessages = map[ranv1alpha1.RolloutType]string{ ranv1alpha1.RolloutTypes.Policy: "Policy remediation took too long", ranv1alpha1.RolloutTypes.ManifestWork: "Manifestwork rollout took too long", }
TimeoutMessages defines the timeout messages for the conditions by rollout type
Functions ¶
func CalculateBatchTimeout ¶
func CalculateBatchTimeout(timeoutMinutes, numBatches, currentBatch int, currentBatchStartTime, cguStartTime time.Time) time.Duration
CalculateBatchTimeout calculates the current batch timeout for the running cgu
func CleanupManifestWorkForBatch ¶
func CleanupManifestWorkForBatch(ctx context.Context, c client.Client, clusterGroupUpgrade *ranv1alpha1.ClusterGroupUpgrade, batchIndex int) error
CleanupManifestWorkForBatch deletes manifestwork instances for all clusters in the given batch
func ClusterVersionGroupVersionKind ¶
func ClusterVersionGroupVersionKind() schema.GroupVersionKind
ClusterVersionGroupVersionKind for monitoring and other type specific logic
func ContainsTemplates ¶
ContainsTemplates checks if the string contains some templatized parts
func CreateManifestWorkForCluster ¶
func CreateManifestWorkForCluster(ctx context.Context, client client.Client, clusterGroupUpgrade *ranv1alpha1.ClusterGroupUpgrade, index int, clusterName string) error
CreateManifestWorkForCluster creates the manifest work instance for the given spoke
func DeleteManagedClusterActions ¶
func DeleteManagedClusterActions( ctx context.Context, c client.Client, clusterGroupUpgrade *ranv1alpha1.ClusterGroupUpgrade, clusterName string) error
DeleteManagedClusterActions cleans up actions associated to a cluster. This needs to be done explicitly when the action can't be executed, e.g. cluster offline. Leaving actions behind may cause unexpected behavior if the cluster comes back online later after the CGU times out, i.e. outside of the maintenance window.
func DeleteManagedClusterViews ¶
func DeleteManagedClusterViews( ctx context.Context, c client.Client, clusterGroupUpgrade *ranv1alpha1.ClusterGroupUpgrade, clusterName string) error
DeleteManagedClusterViews cleans up views associated to a cluster.
func DeleteMultiCloudObjects ¶
func DeleteMultiCloudObjects( ctx context.Context, c client.Client, clusterGroupUpgrade *ranv1alpha1.ClusterGroupUpgrade, clusterName string) error
DeleteMultiCloudObjects cleans up views and actions associated to a cluster.
func DeletePlacementBindings ¶
func DeletePlacementBindings(ctx context.Context, c client.Client, ns string, labels map[string]string) error
DeletePlacementBindings deletes PlacementBindings
func DeletePlacementRules ¶
func DeletePlacementRules(ctx context.Context, c client.Client, ns string, labels map[string]string) error
DeletePlacementRules deletes PlacementRules
func DeletePolicies ¶
func DeletePolicies(ctx context.Context, c client.Client, ns string, labels map[string]string) error
DeletePolicies deletes Policies
func EnsureManagedClusterActionForInstallPlan ¶
func EnsureManagedClusterActionForInstallPlan( ctx context.Context, c client.Client, namespace, cguLabel string, installPlan operatorsv1alpha1.InstallPlan) (*actionv1beta1.ManagedClusterAction, error)
EnsureManagedClusterActionForInstallPlan creates or updates an action for an InstallPlan.
func EnsureManagedClusterView ¶
func EnsureManagedClusterView( ctx context.Context, c client.Client, safeName, name, namespace, resourceType, resourceName, resourceNamespace, cguName, cguNamespace string) (*viewv1beta1.ManagedClusterView, error)
EnsureManagedClusterView creates or updates a view.
func FinalMultiCloudObjectCleanup ¶
func FinalMultiCloudObjectCleanup( ctx context.Context, c client.Client, clusterGroupUpgrade *ranv1alpha1.ClusterGroupUpgrade) error
FinalMultiCloudObjectCleanup cleans up views and actions associated to all clusters from the current batch that haven't completed If current batch is not set yet, clean up for the first batch
func FindStringInSlice ¶
FindStringInSlice checks if a given string is in the slice, and returns true along with its index if it's found
func GetChildPolicies ¶
func GetChildPolicies(ctx context.Context, c client.Client, clusters []string) ([]policiesv1.Policy, error)
GetChildPolicies gets the child policies for a list of clusters
func GetClustersListFromRemediationPlan ¶
func GetClustersListFromRemediationPlan(clusterGroupUpgrade *ranv1alpha1.ClusterGroupUpgrade) []string
GetClustersListFromRemediationPlan gets the list of clusters from the remediation plan
func GetMCVUpdateInterval ¶
GetMCVUpdateInterval computes a reasonable value based on the number of clusters
func GetManifestWorkForCluster ¶
func GetManifestWorkForCluster(ctx context.Context, client client.Client, clusterGroupUpgrade *ranv1alpha1.ClusterGroupUpgrade, startIndex int, clusterName string) (*mwv1.ManifestWork, error)
GetManifestWorkForCluster returns the manifest work instance for the given spoke
func GetMultiCloudObjectName ¶
func GetMultiCloudObjectName(clusterGroupUpgrade *ranv1alpha1.ClusterGroupUpgrade, kind, objectName string) string
GetMultiCloudObjectName computes the name of a view or action
func GetParentPolicyNameAndNamespace ¶
GetParentPolicyNameAndNamespace gets the parent policy name and namespace from a given child policy returns: []string a two-element slice which the first element is policy namespace and the second one is policy name
func GetResourceName ¶
func GetResourceName(clusterGroupUpgrade *ranv1alpha1.ClusterGroupUpgrade, initialString string) string
GetResourceName constructs composite names for policy objects
func GetSafeResourceName ¶
func GetSafeResourceName(name, namespace string, clusterGroupUpgrade *ranv1alpha1.ClusterGroupUpgrade, maxLength int) string
GetSafeResourceName returns the safename if already allocated in the map and creates a new one if not
func InspectPolicyObjects ¶
func InspectPolicyObjects(policy *unstructured.Unstructured) (bool, error)
InspectPolicyObjects validates the policy objects, checks if it contains a status section in any object templates and return error if the policy is invalid
func IsManifestWorkCompleted ¶
func IsManifestWorkCompleted(mw *mwv1.ManifestWork) (bool, error)
IsManifestWorkCompleted returns true if the manifestwork is applied and the field values match the expectation
func NewManagedClusterActionForInstallPlanSpec ¶
func NewManagedClusterActionForInstallPlanSpec(installPlan operatorsv1alpha1.InstallPlan) (*actionv1beta1.ActionSpec, error)
NewManagedClusterActionForInstallPlanSpec returns the action spec for approving an InstallPlan.
func NewSafeResourceName ¶
NewSafeResourceName creates a safe name to use with random suffix and possible truncation based on limits passed in
func PrefixNameWithNamespace ¶
PrefixNameWithNamespace Prefixes the passed name with the passed namespace. Use '/' as a separator
func ProcessSubscriptionManagedClusterView ¶
func ProcessSubscriptionManagedClusterView( ctx context.Context, c client.Client, clusterGroupUpgrade *ranv1alpha1.ClusterGroupUpgrade, clusterName string, mcv *viewv1beta1.ManagedClusterView) (int, error)
ProcessSubscriptionManagedClusterView processes the content of a view that is configured to watch a Subscription type object and takes the necessary actions to approve the InstallPlan associated with that Subscription.
func SetStatusCondition ¶
func SetStatusCondition(existingConditions *[]metav1.Condition, conditionType ConditionType, conditionReason ConditionReason, conditionStatus metav1.ConditionStatus, message string)
SetStatusCondition is a convenience wrapper for meta.SetStatusCondition that takes in the types defined here and converts them to strings
func ShouldSoak ¶
func ShouldSoak(policy *unstructured.Unstructured, firstCompliantAt metav1.Time) (bool, error)
ShouldSoak returns whether the reconciler should wait for some time before moving on from a policy after it is compliant
func StringToYaml ¶
StringToYaml takes a string and attempts to unmarshal it into a YAML
func StripObjectTemplatesRaw ¶
StripObjectTemplatesRaw removes all the ACM raw templating from a string and returns an interface of what the object-templates would be if not for the raw templating
func SubscriptionGroupVersionKind ¶
func SubscriptionGroupVersionKind() schema.GroupVersionKind
SubscriptionGroupVersionKind for monitoring and other type specific logic
func UpdateManagedPolicyNamespaceList ¶
UpdateManagedPolicyNamespaceList updates policyNs with the corresponding namespaces of a managed policy as contained in the policyNameArr parameter.
Types ¶
type ConditionReason ¶
type ConditionReason string
ConditionReason is a string representing the condition's reason
type ConditionType ¶
type ConditionType string
ConditionType is a string representing the condition's type
type ManifestWorkExpectedValues ¶
type ManifestWorkExpectedValues []struct { ManifestIndex int32 `json:"manifestIndex,omitempty"` Name string `json:"name,omitempty"` Value string `json:"value,omitempty"` }
ManifestWorkExpectedValues defines the expected values for the fields synced back from the spoke through feedback rules.