constants

package
v0.12.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 23, 2025 License: Apache-2.0 Imports: 0 Imported by: 8

Documentation

Index

Constants

View Source 
const (
	LabelKubernetesComponent = "app.kubernetes.io/component"
	LabelKubernetesInstance  = "app.kubernetes.io/instance"
	LabelKubernetesName      = "app.kubernetes.io/name"
	LabelKubernetesManagedBy = "app.kubernetes.io/managed-by"
	LabelKubernetesRoleGroup = "app.kubernetes.io/role-group"
	LabelKubernetesVersion   = "app.kubernetes.io/version"
)

k8s recommended labels for app https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/ https://kubernetes.io/docs/reference/labels-annotations-taints/

View Source 
const (
	KubedoopRoot = "/kubedoop/"

	KubedoopKerberosDir    = KubedoopRoot + "kerberos/"
	KubedoopTlsDir         = KubedoopRoot + "tls/"
	KubedoopListenerDir    = KubedoopRoot + "listener/"
	KubedoopJmxDir         = KubedoopRoot + "jmx/"
	KubedoopSecretDir      = KubedoopRoot + "secret/"
	KubedoopDataDir        = KubedoopRoot + "data/"
	KubedoopConfigDir      = KubedoopRoot + "config/"
	KubedoopLogDir         = KubedoopRoot + "log/"
	KubedoopConfigDirMount = KubedoopRoot + "mount/config/"
	KubedoopLogDirMount    = KubedoopRoot + "mount/log/"
)
View Source 
const (
	LabelEnrichmentEnable      = "enrichment." + KubedoopDomain + "/enable"
	LabelEnrichmentEnableValue = "true"
	LabelEnrichmentNodeAddress = "enrichment." + KubedoopDomain + "/node-address"
)

When a pod has the label `enrichment.kubedoop.dev/enable=true`, the enrichment controller will set the node address to the pod annotation when the pod is created.

View Source 
const (
	LabelRestarterEnable      = "restarter." + KubedoopDomain + "/enable"
	LabelRestarterEnableValue = "true"

	AnnotationSecretRestarterPrefix    = "secret.restarter." + KubedoopDomain + "/"
	AnnotationConfigmapRestarterPrefix = "configmap.restarter." + KubedoopDomain + "/"

	// eg:
	// 	- restarter.kubedoop.dev/expires-at.<RFC3339>: <volume-id>
	// RFC3339: 2006-01-02T15:04:05Z07:00
	PrefixLabelRestarterExpiresAt = "restarter." + KubedoopDomain + "/expires-at."
)

Restarter policy has workload restart and pod expiration.

Workload restarter: 

If a workload has the label `restarter.kubedoop.dev/enable=true`,
 and a configmap or secret is updated when mounted as a volume in the pod,
 the restarter will update the annotations in the workload podTemplate.
 The workload controller will update all the pods of the workload.

Pod expiration: 

When workload mount with secret-class of secret-operator, some secrets will be
 created and mount for the pod by the secret-operator. Eg: kerberos, tls, etc.
 Tls and kerberos secrets have expiration time, when the secrets is created,
 secret-operator will set the expiration time in the pod annotation.
 The restarter will check the expiration time in the pod annotation, if the expiration time is expired,
 the restarter will restart the pod.
View Source 
const (
	ListenerAPIGroup     string = "listeners." + KubedoopDomain
	ListenerStorageClass string = ListenerAPIGroup
)
View Source 
const (
	// Specify which network listening rules to use, it is REQUIRED.
	// It can be one of the following values:
	//	- cluster-internal
	//	- external-unstable
	//	- external-stable
	//	- <other user defined class name>
	AnnotationListenersClass string = listenerAPIGroupPrefix + "class"
	// The listener name is used to identify the listener, it is OPTIONAL.
	// If not set, the listener name will be the same as the pod name.
	AnnotationListenerName string = listenerAPIGroupPrefix + "listenerName"
)

Kubeddoop defined annotations for PVCTemplate. Then csi driver can extract annotations from PVC to prepare the listener for pod.

View Source 
const (
	SecretAPIGroup     string = "secrets." + KubedoopDomain
	SecretStorageClass string = SecretAPIGroup
)
View Source 
const (
	LabelSecretsNode    string = secretAPIGroupPrefix + "node"
	LabelSecretsPod     string = secretAPIGroupPrefix + "pod"
	LabelSecretsService string = secretAPIGroupPrefix + "service"
)

Labels for k8s search secret k8s search secret obj by filter one or more labels

View Source 
const (
	AnnotationSecretsClass string = secretAPIGroupPrefix + "class"

	// Scope is the scope of the secret.
	// It can be one of the following values:
	//	- pod
	//	- node
	//	- service	// can be multiple
	//	- listener-volume	// can be multiple
	//
	// Example:
	//	- "secrets.kubedoop.dev/scope": "pod"
	//	- "secrets.kubedoop.dev/scope": "node"
	//	- "secrets.kubedoop.dev/scope": "service=foo"
	//	- "secrets.kubedoop.dev/scope": "listener-volume=foo"
	//	- "secrets.kubedoop.dev/scope": "pod,service=foo,service=bar,listner-volume=xyz"
	AnnotationSecretsScope string = secretAPIGroupPrefix + "scope"

	// Format is mounted format of the secret.
	// It can be one of the following values:
	//	- tls-pem  A PEM-encoded TLS certificate, include "tls.crt", "tls.key", "ca.crt".
	//	- tls-p12 A PKCS#12 archive, include "keystore.p12", "truststore.p12".
	//	- kerberos A Kerberos keytab, include "keytab", "krb5.conf".
	AnnotationSecretsFormat string = secretAPIGroupPrefix + "format"

	// PKCS12 format password, it will be used truststore and keystore password.
	AnnotationSecretsPKCS12Password string = secretAPIGroupPrefix + "tlsPKCS12Password"
	// golang time.Duration string, it will be used to create certificate expiration time.
	AnnotationSecretCertLifeTime      string = secretAPIGroupPrefix + "autoTlsCertLifetime"
	AnnotationSecretsCertJitterFactor string = secretAPIGroupPrefix + "autoTlsCertJitterFactor"
	// When a large number of Pods restart at a similar time,
	// because the pod restart time is uncertain, the restart process may be relatively long,
	// even if there is a time limit for elegant shutdown, there will still be a case of pod late restart
	// resulting in certificate expiration.
	// To avoid this, the pod expiration time is checked before this buffer time.
	AnnotationSecretsCertRestartBuffer string = "secrets.kubedoop.dev/" + "autoTlsCertRestartBuffer"

	// KerberosServiceNames is the list of Kerberos service names.
	// It is a comma separated list of Kerberos realms.
	//
	// If this filed value is "HTTP,NN,DN", and scope is specified a service name: "service=<k8s-service>".
	// It is used to create kerberos realm.
	// 	- HTTP -> HTTP/<k8s-service>.<k8s-namespace>.cluster.local@REALM
	// 	- NN -> nn/<k8s-service>.<k8s-namespace>.cluster.local@REALM
	// 	- DN -> dn/<k8s-service>.<k8s-namespace>.cluster.local@REALM
	//
	// If this field value is "NN", and scope is "pod"
	// It is used to create kerberos realm:
	// 	- nn/<pod-name>.<pod-subdomain>.<k8s-namespace>.cluster.local@REALM		# https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pods
	//
	// If this field value is "DN", and scope is "node"
	// It is used to create kerberos realm:
	// 	- dn/<node-name>.<k8s-namespace>.cluster.local@REALM
	//
	// If this field value is "HTTP", and scope is "listener-volume=foo"
	// It is used to create kerberos realm:
	// 	- HTTP/<the-service-of-listener-foo>.<k8s-namespace>.cluster.local@REALM
	AnnotationSecretsKerberosServiceNames string = secretAPIGroupPrefix + "kerberosServiceNames"
)

Kubedoop defined annotations for PVCTemplate. Then csi driver can extract annotations from PVC to prepare the secret for pod.

View Source 
const (
	CommonDelimiter               string = ","
	ListenerVolumeDelimiter       string = CommonDelimiter
	KerberosServiceNamesDelimiter string = CommonDelimiter
)
View Source 
const (
	KubedoopDomain = "kubedoop.dev"
)

Variables

This section is empty.

Functions

func ListenerStorageClassPtr 

func ListenerStorageClassPtr() *string

func MatchingLabelsNames 

func MatchingLabelsNames() []string

func SecretStorageClassPtr 

func SecretStorageClassPtr() *string

Types

type ListenerClass added in v0.10.0 

type ListenerClass string
const (
	// ClusterInternal is the default listener class.
	// cluster-internal --> k8s service with ClusterIP
	ClusterInternal ListenerClass = "cluster-internal"
	// external-unstable --> k8s service with NodePort
	ExternalUnstable ListenerClass = "external-unstable"
	// ExternalStable requires a k8s LoadBalancer
	// external-stable --> k8s service with LoadBalancer
	ExternalStable ListenerClass = "external-stable"
)

type SecretFormat 

type SecretFormat string
const (
	TLSPEM   SecretFormat = "tls-pem"
	TLSP12   SecretFormat = "tls-p12"
	Kerberos SecretFormat = "kerberos"
)

type SecretScope 

type SecretScope string
const (
	PodScope            SecretScope = "pod"
	NodeScope           SecretScope = "node"
	ServiceScope        SecretScope = "service"
	ListenerVolumeScope SecretScope = "listener-volume"
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.
JackTT - Gopher 🇻🇳