mirrors/kube-arangodb
1
0
Fork 0
mirror of https://github.com/arangodb/kube-arangodb.git synced 2024-12-14 11:57:37 +00:00
Code Activity

[Feature] [Scheduler] Extract Integration (#1723)

Browse source
This commit is contained in:
Adam Janikowski 2024-09-12 14:45:36 +02:00 committed by GitHub
parent 0d6108158f
commit c5ffe866a0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
29 changed files with 2417 additions and 1993 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

414
docs/api/ArangoDeployment.V1.md
View file

@ -3045,7 +3045,7 @@ Type: `boolean` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.
### .spec.gateway.dynamic
Type: `boolean` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/deployment/v1/deployment_spec_gateway.go#L38)</sup>
Type: `boolean` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/deployment/v1/deployment_spec_gateway.go#L36)</sup>
Dynamic setting enables/disables support dynamic configuration of the gateway in the cluster.
When enabled, gateway config will be reloaded by ConfigMap live updates.
@ -3056,7 +3056,7 @@ Default Value: `false`
### .spec.gateway.enabled
Type: `boolean` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/deployment/v1/deployment_spec_gateway.go#L33)</sup>
Type: `boolean` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/deployment/v1/deployment_spec_gateway.go#L31)</sup>
Enabled setting enables/disables support for gateway in the cluster.
When enabled, the cluster will contain a number of `gateway` servers.
@ -3067,217 +3067,13 @@ Default Value: `false`
### .spec.gateway.image
Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/deployment/v1/deployment_spec_gateway.go#L42)</sup>
Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/deployment/v1/deployment_spec_gateway.go#L40)</sup>
Image is the image to use for the gateway.
By default, the image is determined by the operator.
***
### .spec.gateway.sidecar.args
Type: `array` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/core.go#L54)</sup>
Arguments to the entrypoint.
The container image's CMD is used if this is not provided.
Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
of whether the variable exists or not. Cannot be updated.
Links:
* [Kubernetes Docs](https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell)
***
### .spec.gateway.sidecar.command
Type: `array` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/core.go#L44)</sup>
Entrypoint array. Not executed within a shell.
The container image's ENTRYPOINT is used if this is not provided.
Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
of whether the variable exists or not. Cannot be updated.
Links:
* [Kubernetes Docs](https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell)
***
### .spec.gateway.sidecar.controllerListenPort
Type: `integer` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/integration/integration.go#L36)</sup>
ControllerListenPort defines on which port the sidecar container will be listening for controller requests
Default Value: `9202`
***
### .spec.gateway.sidecar.env
Type: `core.EnvVar` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/environments.go#L36)</sup>
Env keeps the information about environment variables provided to the container
Links:
* [Kubernetes Docs](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#envvar-v1-core)
***
### .spec.gateway.sidecar.envFrom
Type: `core.EnvFromSource` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/environments.go#L41)</sup>
EnvFrom keeps the information about environment variable sources provided to the container
Links:
* [Kubernetes Docs](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#envfromsource-v1-core)
***
### .spec.gateway.sidecar.image
Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/image.go#L35)</sup>
Image define image details
***
### .spec.gateway.sidecar.imagePullPolicy
Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/image.go#L39)</sup>
ImagePullPolicy define Image pull policy
Default Value: `IfNotPresent`
***
### .spec.gateway.sidecar.lifecycle
Type: `core.Lifecycle` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/lifecycle.go#L35)</sup>
Lifecycle keeps actions that the management system should take in response to container lifecycle events.
***
### .spec.gateway.sidecar.listenPort
Type: `integer` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/integration/integration.go#L32)</sup>
ListenPort defines on which port the sidecar container will be listening for connections
Default Value: `9201`
***
### .spec.gateway.sidecar.livenessProbe
Type: `core.Probe` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/probes.go#L37)</sup>
LivenessProbe keeps configuration of periodic probe of container liveness.
Container will be restarted if the probe fails.
Links:
* [Kubernetes docs](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes)
***
### .spec.gateway.sidecar.method
Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/policy/merge.go#L32)</sup>
Method defines the merge method
Possible Values:
* `"override"` (default) - Overrides values during configuration merge
* `"append"` - Appends, if possible, values during configuration merge
***
### .spec.gateway.sidecar.ports
Type: `[]core.ContainerPort` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/networking.go#L39)</sup>
Ports contains list of ports to expose from the container. Not specifying a port here
DOES NOT prevent that port from being exposed. Any port which is
listening on the default "0.0.0.0" address inside a container will be
accessible from the network.
***
### .spec.gateway.sidecar.readinessProbe
Type: `core.Probe` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/probes.go#L42)</sup>
ReadinessProbe keeps configuration of periodic probe of container service readiness.
Container will be removed from service endpoints if the probe fails.
Links:
* [Kubernetes docs](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes)
***
### .spec.gateway.sidecar.resources
Type: `core.ResourceRequirements` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/resources.go#L37)</sup>
Resources holds resource requests & limits for container
Links:
* [Documentation of core.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#resourcerequirements-v1-core)
***
### .spec.gateway.sidecar.securityContext
Type: `core.SecurityContext` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/security.go#L35)</sup>
SecurityContext holds container-level security attributes and common container settings.
Links:
* [Kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
***
### .spec.gateway.sidecar.startupProbe
Type: `core.Probe` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/probes.go#L50)</sup>
StartupProbe indicates that the Pod has successfully initialized.
If specified, no other probes are executed until this completes successfully.
If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
when it might take a long time to load data or warm a cache, than during steady-state operation.
Links:
* [Kubernetes docs](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes)
***
### .spec.gateway.sidecar.volumeMounts
Type: `[]core.VolumeMount` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/volume_mounts.go#L35)</sup>
VolumeMounts keeps list of pod volumes to mount into the container's filesystem.
***
### .spec.gateway.sidecar.workingDir
Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/core.go#L59)</sup>
Container's working directory.
If not specified, the container runtime's default will be used, which
might be configured in the container image.
***
### .spec.gateways.affinity
Type: `core.PodAffinity` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/deployment/v1/server_group_spec.go#L156)</sup>
@ -4478,6 +4274,210 @@ ImagePullSecrets specifies the list of image pull secrets for the docker image t
***
### .spec.integration.sidecar.args
Type: `array` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/core.go#L54)</sup>
Arguments to the entrypoint.
The container image's CMD is used if this is not provided.
Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
of whether the variable exists or not. Cannot be updated.
Links:
* [Kubernetes Docs](https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell)
***
### .spec.integration.sidecar.command
Type: `array` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/core.go#L44)</sup>
Entrypoint array. Not executed within a shell.
The container image's ENTRYPOINT is used if this is not provided.
Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
of whether the variable exists or not. Cannot be updated.
Links:
* [Kubernetes Docs](https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell)
***
### .spec.integration.sidecar.controllerListenPort
Type: `integer` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/integration/integration.go#L36)</sup>
ControllerListenPort defines on which port the sidecar container will be listening for controller requests
Default Value: `9202`
***
### .spec.integration.sidecar.env
Type: `core.EnvVar` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/environments.go#L36)</sup>
Env keeps the information about environment variables provided to the container
Links:
* [Kubernetes Docs](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#envvar-v1-core)
***
### .spec.integration.sidecar.envFrom
Type: `core.EnvFromSource` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/environments.go#L41)</sup>
EnvFrom keeps the information about environment variable sources provided to the container
Links:
* [Kubernetes Docs](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#envfromsource-v1-core)
***
### .spec.integration.sidecar.image
Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/image.go#L35)</sup>
Image define image details
***
### .spec.integration.sidecar.imagePullPolicy
Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/image.go#L39)</sup>
ImagePullPolicy define Image pull policy
Default Value: `IfNotPresent`
***
### .spec.integration.sidecar.lifecycle
Type: `core.Lifecycle` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/lifecycle.go#L35)</sup>
Lifecycle keeps actions that the management system should take in response to container lifecycle events.
***
### .spec.integration.sidecar.listenPort
Type: `integer` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/integration/integration.go#L32)</sup>
ListenPort defines on which port the sidecar container will be listening for connections
Default Value: `9201`
***
### .spec.integration.sidecar.livenessProbe
Type: `core.Probe` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/probes.go#L37)</sup>
LivenessProbe keeps configuration of periodic probe of container liveness.
Container will be restarted if the probe fails.
Links:
* [Kubernetes docs](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes)
***
### .spec.integration.sidecar.method
Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/policy/merge.go#L32)</sup>
Method defines the merge method
Possible Values:
* `"override"` (default) - Overrides values during configuration merge
* `"append"` - Appends, if possible, values during configuration merge
***
### .spec.integration.sidecar.ports
Type: `[]core.ContainerPort` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/networking.go#L39)</sup>
Ports contains list of ports to expose from the container. Not specifying a port here
DOES NOT prevent that port from being exposed. Any port which is
listening on the default "0.0.0.0" address inside a container will be
accessible from the network.
***
### .spec.integration.sidecar.readinessProbe
Type: `core.Probe` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/probes.go#L42)</sup>
ReadinessProbe keeps configuration of periodic probe of container service readiness.
Container will be removed from service endpoints if the probe fails.
Links:
* [Kubernetes docs](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes)
***
### .spec.integration.sidecar.resources
Type: `core.ResourceRequirements` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/resources.go#L37)</sup>
Resources holds resource requests & limits for container
Links:
* [Documentation of core.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#resourcerequirements-v1-core)
***
### .spec.integration.sidecar.securityContext
Type: `core.SecurityContext` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/security.go#L35)</sup>
SecurityContext holds container-level security attributes and common container settings.
Links:
* [Kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
***
### .spec.integration.sidecar.startupProbe
Type: `core.Probe` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/probes.go#L50)</sup>
StartupProbe indicates that the Pod has successfully initialized.
If specified, no other probes are executed until this completes successfully.
If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
when it might take a long time to load data or warm a cache, than during steady-state operation.
Links:
* [Kubernetes docs](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes)
***
### .spec.integration.sidecar.volumeMounts
Type: `[]core.VolumeMount` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/volume_mounts.go#L35)</sup>
VolumeMounts keeps list of pod volumes to mount into the container's filesystem.
***
### .spec.integration.sidecar.workingDir
Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/core.go#L59)</sup>
Container's working directory.
If not specified, the container runtime's default will be used, which
might be configured in the container image.
***
### .spec.labels
Type: `object` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/deployment/v1/deployment_spec.go#L127)</sup>

116
docs/cli/arangodb_operator_integration.md
View file

@ -18,65 +18,65 @@ Available Commands:
help Help about any command
Flags:
--health.address string Address to expose health service (default "0.0.0.0:9091")
--health.auth.token string Token for health service (when auth service is token)
--health.auth.type string Auth type for health service (default "None")
--health.shutdown.enabled Determines if shutdown service should be enabled and exposed (default true)
--health.tls.keyfile string Path to the keyfile
--health.address string Address to expose health service (Env: HEALTH_ADDRESS) (default "0.0.0.0:9091")
--health.auth.token string Token for health service (when auth service is token) (Env: HEALTH_AUTH_TOKEN)
--health.auth.type string Auth type for health service (Env: HEALTH_AUTH_TYPE) (default "None")
--health.shutdown.enabled Determines if shutdown service should be enabled and exposed (Env: HEALTH_SHUTDOWN_ENABLED) (default true)
--health.tls.keyfile string Path to the keyfile (Env: HEALTH_TLS_KEYFILE)
-h, --help help for arangodb_operator_integration
--integration.authentication.v1 Enable AuthenticationV1 Integration Service
--integration.authentication.v1.enabled Defines if Authentication is enabled (default true)
--integration.authentication.v1.external Defones if External access to service authentication.v1 is enabled
--integration.authentication.v1.internal Defones if Internal access to service authentication.v1 is enabled (default true)
--integration.authentication.v1.path string Path to the JWT Folder
--integration.authentication.v1.token.allowed strings Allowed users for the Token
--integration.authentication.v1.token.max-size uint16 Max Token max size in bytes (default 64)
--integration.authentication.v1.token.ttl.default duration Default Token TTL (default 1h0m0s)
--integration.authentication.v1.token.ttl.max duration Max Token TTL (default 1h0m0s)
--integration.authentication.v1.token.ttl.min duration Min Token TTL (default 1m0s)
--integration.authentication.v1.token.user string Default user of the Token (default "root")
--integration.authentication.v1.ttl duration TTL of the JWT cache (default 15s)
--integration.authorization.v0 Enable AuthorizationV0 Integration Service
--integration.authorization.v0.external Defones if External access to service authorization.v0 is enabled
--integration.authorization.v0.internal Defones if Internal access to service authorization.v0 is enabled (default true)
--integration.config.v1 Enable ConfigV1 Integration Service
--integration.config.v1.external Defones if External access to service config.v1 is enabled
--integration.config.v1.internal Defones if Internal access to service config.v1 is enabled (default true)
--integration.config.v1.module strings Module in the reference <name>=<abs path>
--integration.envoy.auth.v3 Enable EnvoyAuthV3 Integration Service
--integration.envoy.auth.v3.external Defones if External access to service envoy.auth.v3 is enabled
--integration.envoy.auth.v3.internal Defones if Internal access to service envoy.auth.v3 is enabled (default true)
--integration.scheduler.v1 SchedulerV1 Integration
--integration.scheduler.v1.external Defones if External access to service scheduler.v1 is enabled
--integration.scheduler.v1.internal Defones if Internal access to service scheduler.v1 is enabled (default true)
--integration.scheduler.v1.namespace string Kubernetes Namespace (default "default")
--integration.scheduler.v1.verify-access Verify the CRD Access (default true)
--integration.shutdown.v1 ShutdownV1 Handler
--integration.shutdown.v1.external Defones if External access to service shutdown.v1 is enabled
--integration.shutdown.v1.internal Defones if Internal access to service shutdown.v1 is enabled (default true)
--integration.storage.v1 StorageBucket Integration
--integration.storage.v1.external Defones if External access to service storage.v1 is enabled
--integration.storage.v1.internal Defones if Internal access to service storage.v1 is enabled (default true)
--integration.storage.v1.s3.access-key string Path to file containing S3 AccessKey
--integration.storage.v1.s3.allow-insecure If set to true, the Endpoint certificates won't be checked
--integration.storage.v1.s3.bucket string Bucket name
--integration.storage.v1.s3.ca-crt string Path to file containing CA certificate to validate endpoint connection
--integration.storage.v1.s3.ca-key string Path to file containing keyfile to validate endpoint connection
--integration.storage.v1.s3.disable-ssl If set to true, the SSL won't be used when connecting to Endpoint
--integration.storage.v1.s3.endpoint string Endpoint of S3 API implementation
--integration.storage.v1.s3.region string Region
--integration.storage.v1.s3.secret-key string Path to file containing S3 SecretKey
--integration.storage.v1.type string Type of the Storage Integration (default "s3")
--services.address string Address to expose internal services (default "127.0.0.1:9092")
--services.auth.token string Token for internal service (when auth service is token)
--services.auth.type string Auth type for internal service (default "None")
--services.enabled Defines if internal access is enabled (default true)
--services.external.address string Address to expose external services (default "0.0.0.0:9093")
--services.external.auth.token string Token for external service (when auth service is token)
--services.external.auth.type string Auth type for external service (default "None")
--services.external.enabled Defines if external access is enabled
--services.external.tls.keyfile string Path to the keyfile
--services.tls.keyfile string Path to the keyfile
--integration.authentication.v1 Enable AuthenticationV1 Integration Service (Env: INTEGRATION_AUTHENTICATION_V1)
--integration.authentication.v1.enabled Defines if Authentication is enabled (Env: INTEGRATION_AUTHENTICATION_V1_ENABLED) (default true)
--integration.authentication.v1.external Defones if External access to service authentication.v1 is enabled (Env: INTEGRATION_AUTHENTICATION_V1_EXTERNAL)
--integration.authentication.v1.internal Defones if Internal access to service authentication.v1 is enabled (Env: INTEGRATION_AUTHENTICATION_V1_INTERNAL) (default true)
--integration.authentication.v1.path string Path to the JWT Folder (Env: INTEGRATION_AUTHENTICATION_V1_PATH)
--integration.authentication.v1.token.allowed strings Allowed users for the Token (Env: INTEGRATION_AUTHENTICATION_V1_TOKEN_ALLOWED)
--integration.authentication.v1.token.max-size uint16 Max Token max size in bytes (Env: INTEGRATION_AUTHENTICATION_V1_TOKEN_MAX_SIZE) (default 64)
--integration.authentication.v1.token.ttl.default duration Default Token TTL (Env: INTEGRATION_AUTHENTICATION_V1_TOKEN_TTL_DEFAULT) (default 1h0m0s)
--integration.authentication.v1.token.ttl.max duration Max Token TTL (Env: INTEGRATION_AUTHENTICATION_V1_TOKEN_TTL_MAX) (default 1h0m0s)
--integration.authentication.v1.token.ttl.min duration Min Token TTL (Env: INTEGRATION_AUTHENTICATION_V1_TOKEN_TTL_MIN) (default 1m0s)
--integration.authentication.v1.token.user string Default user of the Token (Env: INTEGRATION_AUTHENTICATION_V1_TOKEN_USER) (default "root")
--integration.authentication.v1.ttl duration TTL of the JWT cache (Env: INTEGRATION_AUTHENTICATION_V1_TTL) (default 15s)
--integration.authorization.v0 Enable AuthorizationV0 Integration Service (Env: INTEGRATION_AUTHORIZATION_V0)
--integration.authorization.v0.external Defones if External access to service authorization.v0 is enabled (Env: INTEGRATION_AUTHORIZATION_V0_EXTERNAL)
--integration.authorization.v0.internal Defones if Internal access to service authorization.v0 is enabled (Env: INTEGRATION_AUTHORIZATION_V0_INTERNAL) (default true)
--integration.config.v1 Enable ConfigV1 Integration Service (Env: INTEGRATION_CONFIG_V1)
--integration.config.v1.external Defones if External access to service config.v1 is enabled (Env: INTEGRATION_CONFIG_V1_EXTERNAL)
--integration.config.v1.internal Defones if Internal access to service config.v1 is enabled (Env: INTEGRATION_CONFIG_V1_INTERNAL) (default true)
--integration.config.v1.module strings Module in the reference <name>=<abs path> (Env: INTEGRATION_CONFIG_V1_MODULE)
--integration.envoy.auth.v3 Enable EnvoyAuthV3 Integration Service (Env: INTEGRATION_ENVOY_AUTH_V3)
--integration.envoy.auth.v3.external Defones if External access to service envoy.auth.v3 is enabled (Env: INTEGRATION_ENVOY_AUTH_V3_EXTERNAL)
--integration.envoy.auth.v3.internal Defones if Internal access to service envoy.auth.v3 is enabled (Env: INTEGRATION_ENVOY_AUTH_V3_INTERNAL) (default true)
--integration.scheduler.v1 SchedulerV1 Integration (Env: INTEGRATION_SCHEDULER_V1)
--integration.scheduler.v1.external Defones if External access to service scheduler.v1 is enabled (Env: INTEGRATION_SCHEDULER_V1_EXTERNAL)
--integration.scheduler.v1.internal Defones if Internal access to service scheduler.v1 is enabled (Env: INTEGRATION_SCHEDULER_V1_INTERNAL) (default true)
--integration.scheduler.v1.namespace string Kubernetes Namespace (Env: INTEGRATION_SCHEDULER_V1_NAMESPACE) (default "default")
--integration.scheduler.v1.verify-access Verify the CRD Access (Env: INTEGRATION_SCHEDULER_V1_VERIFY_ACCESS) (default true)
--integration.shutdown.v1 ShutdownV1 Handler (Env: INTEGRATION_SHUTDOWN_V1)
--integration.shutdown.v1.external Defones if External access to service shutdown.v1 is enabled (Env: INTEGRATION_SHUTDOWN_V1_EXTERNAL)
--integration.shutdown.v1.internal Defones if Internal access to service shutdown.v1 is enabled (Env: INTEGRATION_SHUTDOWN_V1_INTERNAL) (default true)
--integration.storage.v1 StorageBucket Integration (Env: INTEGRATION_STORAGE_V1)
--integration.storage.v1.external Defones if External access to service storage.v1 is enabled (Env: INTEGRATION_STORAGE_V1_EXTERNAL)
--integration.storage.v1.internal Defones if Internal access to service storage.v1 is enabled (Env: INTEGRATION_STORAGE_V1_INTERNAL) (default true)
--integration.storage.v1.s3.access-key string Path to file containing S3 AccessKey (Env: INTEGRATION_STORAGE_V1_S3_ACCESS_KEY)
--integration.storage.v1.s3.allow-insecure If set to true, the Endpoint certificates won't be checked (Env: INTEGRATION_STORAGE_V1_S3_ALLOW_INSECURE)
--integration.storage.v1.s3.bucket string Bucket name (Env: INTEGRATION_STORAGE_V1_S3_BUCKET)
--integration.storage.v1.s3.ca-crt string Path to file containing CA certificate to validate endpoint connection (Env: INTEGRATION_STORAGE_V1_S3_CA_CRT)
--integration.storage.v1.s3.ca-key string Path to file containing keyfile to validate endpoint connection (Env: INTEGRATION_STORAGE_V1_S3_CA_KEY)
--integration.storage.v1.s3.disable-ssl If set to true, the SSL won't be used when connecting to Endpoint (Env: INTEGRATION_STORAGE_V1_S3_DISABLE_SSL)
--integration.storage.v1.s3.endpoint string Endpoint of S3 API implementation (Env: INTEGRATION_STORAGE_V1_S3_ENDPOINT)
--integration.storage.v1.s3.region string Region (Env: INTEGRATION_STORAGE_V1_S3_REGION)
--integration.storage.v1.s3.secret-key string Path to file containing S3 SecretKey (Env: INTEGRATION_STORAGE_V1_S3_SECRET_KEY)
--integration.storage.v1.type string Type of the Storage Integration (Env: INTEGRATION_STORAGE_V1_TYPE) (default "s3")
--services.address string Address to expose internal services (Env: SERVICES_ADDRESS) (default "127.0.0.1:9092")
--services.auth.token string Token for internal service (when auth service is token) (Env: SERVICES_AUTH_TOKEN)
--services.auth.type string Auth type for internal service (Env: SERVICES_AUTH_TYPE) (default "None")
--services.enabled Defines if internal access is enabled (Env: SERVICES_ENABLED) (default true)
--services.external.address string Address to expose external services (Env: SERVICES_EXTERNAL_ADDRESS) (default "0.0.0.0:9093")
--services.external.auth.token string Token for external service (when auth service is token) (Env: SERVICES_EXTERNAL_AUTH_TOKEN)
--services.external.auth.type string Auth type for external service (Env: SERVICES_EXTERNAL_AUTH_TYPE) (default "None")
--services.external.enabled Defines if external access is enabled (Env: SERVICES_EXTERNAL_ENABLED)
--services.external.tls.keyfile string Path to the keyfile (Env: SERVICES_EXTERNAL_TLS_KEYFILE)
--services.tls.keyfile string Path to the keyfile (Env: SERVICES_TLS_KEYFILE)
Use "arangodb_operator_integration [command] --help" for more information about a command.
```

8
pkg/apis/deployment/v1/deployment_spec.go
View file

@ -262,6 +262,9 @@ type DeploymentSpec struct {
// Gateway defined main Gateway configuration.
Gateway *DeploymentSpecGateway `json:"gateway,omitempty"`
// Integration defined main Integration configuration.
Integration *DeploymentSpecIntegration `json:"integration,omitempty"`
}
// GetAllowMemberRecreation returns member recreation policy based on group and settings
@ -582,7 +585,10 @@ func (s *DeploymentSpec) Validate() error {
return errors.WithStack(errors.Wrap(err, "spec.architecture"))
}
if err := s.Gateway.Validate(); err != nil {
return errors.WithStack(errors.Wrap(err, "spec.architecture"))
return errors.WithStack(errors.Wrap(err, "spec.gateway"))
}
if err := s.Integration.Validate(); err != nil {
return errors.WithStack(errors.Wrap(err, "spec.integration"))
}
return nil
}

20
pkg/apis/deployment/v1/deployment_spec_gateway.go
View file

@ -21,8 +21,6 @@
package v1
import (
schedulerIntegrationApi "github.com/arangodb/kube-arangodb/pkg/apis/scheduler/v1beta1/integration"
shared "github.com/arangodb/kube-arangodb/pkg/apis/shared"
"github.com/arangodb/kube-arangodb/pkg/util"
)
@ -40,9 +38,6 @@ type DeploymentSpecGateway struct {
// Image is the image to use for the gateway.
// By default, the image is determined by the operator.
Image *string `json:"image"`
// Sidecar define the integration sidecar spec
Sidecar *schedulerIntegrationApi.Sidecar `json:"sidecar,omitempty"`
}
// IsEnabled returns whether the gateway is enabled.
@ -63,22 +58,9 @@ func (d *DeploymentSpecGateway) IsDynamic() bool {
return *d.Dynamic
}
func (d *DeploymentSpecGateway) GetSidecar() *schedulerIntegrationApi.Sidecar {
if d == nil || d.Sidecar == nil {
return nil
}
return d.Sidecar
}
// Validate the given spec
func (d *DeploymentSpecGateway) Validate() error {
if d == nil {
d = &DeploymentSpecGateway{}
}
return shared.WithErrors(
shared.PrefixResourceErrors("integrationSidecar", d.GetSidecar().Validate()),
)
return nil
}
// GetImage returns the image to use for the gateway.

49
pkg/apis/deployment/v1/deployment_spec_integration.go Normal file
View file

@ -0,0 +1,49 @@
//
// DISCLAIMER
//
// Copyright 2024 ArangoDB GmbH, Cologne, Germany
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Copyright holder is ArangoDB GmbH, Cologne, Germany
//
package v1
import (
schedulerIntegrationApi "github.com/arangodb/kube-arangodb/pkg/apis/scheduler/v1beta1/integration"
shared "github.com/arangodb/kube-arangodb/pkg/apis/shared"
)
type DeploymentSpecIntegration struct {
// Sidecar define the integration sidecar spec
Sidecar *schedulerIntegrationApi.Sidecar `json:"sidecar,omitempty"`
}
func (d *DeploymentSpecIntegration) GetSidecar() *schedulerIntegrationApi.Sidecar {
if d == nil || d.Sidecar == nil {
return nil
}
return d.Sidecar
}
// Validate the given spec
func (d *DeploymentSpecIntegration) Validate() error {
if d == nil {
d = &DeploymentSpecIntegration{}
}
return shared.WithErrors(
shared.PrefixResourceErrors("sidecar", d.GetSidecar().Validate()),
)
}

31
pkg/apis/deployment/v1/zz_generated.deepcopy.go generated
View file

@ -1159,6 +1159,11 @@ func (in *DeploymentSpec) DeepCopyInto(out *DeploymentSpec) {
*out = new(DeploymentSpecGateway)
(*in).DeepCopyInto(*out)
}
if in.Integration != nil {
in, out := &in.Integration, &out.Integration
*out = new(DeploymentSpecIntegration)
(*in).DeepCopyInto(*out)
}
return
}
@ -1190,11 +1195,6 @@ func (in *DeploymentSpecGateway) DeepCopyInto(out *DeploymentSpecGateway) {
*out = new(string)
**out = **in
}
if in.Sidecar != nil {
in, out := &in.Sidecar, &out.Sidecar
*out = new(integration.Sidecar)
(*in).DeepCopyInto(*out)
}
return
}
@ -1208,6 +1208,27 @@ func (in *DeploymentSpecGateway) DeepCopy() *DeploymentSpecGateway {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *DeploymentSpecIntegration) DeepCopyInto(out *DeploymentSpecIntegration) {
*out = *in
if in.Sidecar != nil {
in, out := &in.Sidecar, &out.Sidecar
*out = new(integration.Sidecar)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeploymentSpecIntegration.
func (in *DeploymentSpecIntegration) DeepCopy() *DeploymentSpecIntegration {
if in == nil {
return nil
}
out := new(DeploymentSpecIntegration)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *DeploymentStatus) DeepCopyInto(out *DeploymentStatus) {
*out = *in

8
pkg/apis/deployment/v2alpha1/deployment_spec.go
View file

@ -262,6 +262,9 @@ type DeploymentSpec struct {
// Gateway defined main Gateway configuration.
Gateway *DeploymentSpecGateway `json:"gateway,omitempty"`
// Integration defined main Integration configuration.
Integration *DeploymentSpecIntegration `json:"integration,omitempty"`
}
// GetAllowMemberRecreation returns member recreation policy based on group and settings
@ -582,7 +585,10 @@ func (s *DeploymentSpec) Validate() error {
return errors.WithStack(errors.Wrap(err, "spec.architecture"))
}
if err := s.Gateway.Validate(); err != nil {
return errors.WithStack(errors.Wrap(err, "spec.architecture"))
return errors.WithStack(errors.Wrap(err, "spec.gateway"))
}
if err := s.Integration.Validate(); err != nil {
return errors.WithStack(errors.Wrap(err, "spec.integration"))
}
return nil
}

20
pkg/apis/deployment/v2alpha1/deployment_spec_gateway.go
View file

@ -21,8 +21,6 @@
package v2alpha1
import (
schedulerIntegrationApi "github.com/arangodb/kube-arangodb/pkg/apis/scheduler/v1beta1/integration"
shared "github.com/arangodb/kube-arangodb/pkg/apis/shared"
"github.com/arangodb/kube-arangodb/pkg/util"
)
@ -40,9 +38,6 @@ type DeploymentSpecGateway struct {
// Image is the image to use for the gateway.
// By default, the image is determined by the operator.
Image *string `json:"image"`
// Sidecar define the integration sidecar spec
Sidecar *schedulerIntegrationApi.Sidecar `json:"sidecar,omitempty"`
}
// IsEnabled returns whether the gateway is enabled.
@ -63,22 +58,9 @@ func (d *DeploymentSpecGateway) IsDynamic() bool {
return *d.Dynamic
}
func (d *DeploymentSpecGateway) GetSidecar() *schedulerIntegrationApi.Sidecar {
if d == nil || d.Sidecar == nil {
return nil
}
return d.Sidecar
}
// Validate the given spec
func (d *DeploymentSpecGateway) Validate() error {
if d == nil {
d = &DeploymentSpecGateway{}
}
return shared.WithErrors(
shared.PrefixResourceErrors("integrationSidecar", d.GetSidecar().Validate()),
)
return nil
}
// GetImage returns the image to use for the gateway.

49
pkg/apis/deployment/v2alpha1/deployment_spec_integration.go Normal file
View file

@ -0,0 +1,49 @@
//
// DISCLAIMER
//
// Copyright 2024 ArangoDB GmbH, Cologne, Germany
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Copyright holder is ArangoDB GmbH, Cologne, Germany
//
package v2alpha1
import (
schedulerIntegrationApi "github.com/arangodb/kube-arangodb/pkg/apis/scheduler/v1beta1/integration"
shared "github.com/arangodb/kube-arangodb/pkg/apis/shared"
)
type DeploymentSpecIntegration struct {
// Sidecar define the integration sidecar spec
Sidecar *schedulerIntegrationApi.Sidecar `json:"sidecar,omitempty"`
}
func (d *DeploymentSpecIntegration) GetSidecar() *schedulerIntegrationApi.Sidecar {
if d == nil || d.Sidecar == nil {
return nil
}
return d.Sidecar
}
// Validate the given spec
func (d *DeploymentSpecIntegration) Validate() error {
if d == nil {
d = &DeploymentSpecIntegration{}
}
return shared.WithErrors(
shared.PrefixResourceErrors("sidecar", d.GetSidecar().Validate()),
)
}

31
pkg/apis/deployment/v2alpha1/zz_generated.deepcopy.go generated
View file

@ -1159,6 +1159,11 @@ func (in *DeploymentSpec) DeepCopyInto(out *DeploymentSpec) {
*out = new(DeploymentSpecGateway)
(*in).DeepCopyInto(*out)
}
if in.Integration != nil {
in, out := &in.Integration, &out.Integration
*out = new(DeploymentSpecIntegration)
(*in).DeepCopyInto(*out)
}
return
}
@ -1190,11 +1195,6 @@ func (in *DeploymentSpecGateway) DeepCopyInto(out *DeploymentSpecGateway) {
*out = new(string)
**out = **in
}
if in.Sidecar != nil {
in, out := &in.Sidecar, &out.Sidecar
*out = new(integration.Sidecar)
(*in).DeepCopyInto(*out)
}
return
}
@ -1208,6 +1208,27 @@ func (in *DeploymentSpecGateway) DeepCopy() *DeploymentSpecGateway {
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *DeploymentSpecIntegration) DeepCopyInto(out *DeploymentSpecIntegration) {
*out = *in
if in.Sidecar != nil {
in, out := &in.Sidecar, &out.Sidecar
*out = new(integration.Sidecar)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeploymentSpecIntegration.
func (in *DeploymentSpecIntegration) DeepCopy() *DeploymentSpecIntegration {
if in == nil {
return nil
}
out := new(DeploymentSpecIntegration)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *DeploymentStatus) DeepCopyInto(out *DeploymentStatus) {
*out = *in

2964
pkg/crd/crds/database-deployment.schema.generated.yaml
View file

File diff suppressed because it is too large Load diff

2
pkg/deployment/resources/config_map_gateway.go
View file

@ -135,7 +135,7 @@ func (r *Resources) renderGatewayConfig(cachedStatus inspectorInterface.Inspecto
cfg.IntegrationSidecar = &gateway.ConfigDestinationTarget{
Host: "127.0.0.1",
Port: int32(r.context.GetSpec().Gateway.GetSidecar().GetListenPort()),
Port: int32(r.context.GetSpec().Integration.GetSidecar().GetListenPort()),
}
cfg.DefaultDestination = gateway.ConfigDestination{

12
pkg/deployment/resources/pod_creator_gateway_pod.go
View file

@ -238,7 +238,13 @@ func (m *MemberGatewayPod) Labels() map[string]string {
func (m *MemberGatewayPod) Profiles() (schedulerApi.ProfileTemplates, error) {
integration, err := sidecar.NewIntegration(&schedulerContainerResourcesApi.Image{
Image: util.NewType(m.resources.context.GetOperatorImage()),
}, m.spec.Gateway.GetSidecar(), []string{shared.ServerContainerName},
}, m.spec.Integration.GetSidecar())
if err != nil {
return nil, err
}
integrations, err := sidecar.NewIntegrationEnablement(
sidecar.IntegrationEnvoyV3{
Spec: m.spec,
}, sidecar.IntegrationAuthenticationV1{
@ -250,5 +256,7 @@ func (m *MemberGatewayPod) Profiles() (schedulerApi.ProfileTemplates, error) {
return nil, err
}
return []*schedulerApi.ProfileTemplate{integration}, nil
shutdownAnnotation := sidecar.NewShutdownAnnotations([]string{shared.ServerContainerName})
return []*schedulerApi.ProfileTemplate{integration, integrations, shutdownAnnotation}, nil
}

27
pkg/integrations/authentication_v1.go
View file

@ -27,6 +27,7 @@ import (
pbImplAuthenticationV1 "github.com/arangodb/kube-arangodb/integrations/authentication/v1"
pbAuthenticationV1 "github.com/arangodb/kube-arangodb/integrations/authentication/v1/definition"
"github.com/arangodb/kube-arangodb/pkg/util/errors"
"github.com/arangodb/kube-arangodb/pkg/util/svc"
)
@ -40,20 +41,18 @@ type authenticationV1 struct {
config pbImplAuthenticationV1.Configuration
}
func (a *authenticationV1) Register(cmd *cobra.Command, arg ArgGen) error {
f := cmd.Flags()
f.StringVar(&a.config.Path, arg("path"), "", "Path to the JWT Folder")
f.BoolVar(&a.config.Enabled, arg("enabled"), true, "Defines if Authentication is enabled")
f.DurationVar(&a.config.TTL, arg("ttl"), pbImplAuthenticationV1.DefaultTTL, "TTL of the JWT cache")
f.StringVar(&a.config.Create.DefaultUser, arg("token.user"), pbImplAuthenticationV1.DefaultUser, "Default user of the Token")
f.DurationVar(&a.config.Create.DefaultTTL, arg("token.ttl.default"), pbImplAuthenticationV1.DefaultTokenDefaultTTL, "Default Token TTL")
f.DurationVar(&a.config.Create.MinTTL, arg("token.ttl.min"), pbImplAuthenticationV1.DefaultTokenMinTTL, "Min Token TTL")
f.DurationVar(&a.config.Create.MaxTTL, arg("token.ttl.max"), pbImplAuthenticationV1.DefaultTokenMaxTTL, "Max Token TTL")
f.Uint16Var(&a.config.Create.MaxSize, arg("token.max-size"), pbImplAuthenticationV1.DefaultMaxTokenSize, "Max Token max size in bytes")
f.StringSliceVar(&a.config.Create.AllowedUsers, arg("token.allowed"), []string{}, "Allowed users for the Token")
return nil
func (a *authenticationV1) Register(cmd *cobra.Command, fs FlagEnvHandler) error {
return errors.Errors(
fs.StringVar(&a.config.Path, "path", "", "Path to the JWT Folder"),
fs.BoolVar(&a.config.Enabled, "enabled", true, "Defines if Authentication is enabled"),
fs.DurationVar(&a.config.TTL, "ttl", pbImplAuthenticationV1.DefaultTTL, "TTL of the JWT cache"),
fs.StringVar(&a.config.Create.DefaultUser, "token.user", pbImplAuthenticationV1.DefaultUser, "Default user of the Token"),
fs.DurationVar(&a.config.Create.DefaultTTL, "token.ttl.default", pbImplAuthenticationV1.DefaultTokenDefaultTTL, "Default Token TTL"),
fs.DurationVar(&a.config.Create.MinTTL, "token.ttl.min", pbImplAuthenticationV1.DefaultTokenMinTTL, "Min Token TTL"),
fs.DurationVar(&a.config.Create.MaxTTL, "token.ttl.max", pbImplAuthenticationV1.DefaultTokenMaxTTL, "Max Token TTL"),
fs.Uint16Var(&a.config.Create.MaxSize, "token.max-size", pbImplAuthenticationV1.DefaultMaxTokenSize, "Max Token max size in bytes"),
fs.StringSliceVar(&a.config.Create.AllowedUsers, "token.allowed", []string{}, "Allowed users for the Token"),
)
}
func (a *authenticationV1) Handler(ctx context.Context, cmd *cobra.Command) (svc.Handler, error) {

2
pkg/integrations/authorization_v0.go
View file

@ -47,7 +47,7 @@ func (a authorizationV0) Description() string {
return "Enable AuthorizationV0 Integration Service"
}
func (a authorizationV0) Register(cmd *cobra.Command, arg ArgGen) error {
func (a authorizationV0) Register(cmd *cobra.Command, fs FlagEnvHandler) error {
return nil
}

10
pkg/integrations/config_v1.go
View file

@ -41,12 +41,10 @@ type configV1 struct {
modules []string
}
func (a *configV1) Register(cmd *cobra.Command, arg ArgGen) error {
f := cmd.Flags()
f.StringSliceVar(&a.modules, arg("module"), nil, "Module in the reference <name>=<abs path>")
return nil
func (a *configV1) Register(cmd *cobra.Command, fs FlagEnvHandler) error {
return errors.Errors(
fs.StringSliceVar(&a.modules, "module", nil, "Module in the reference <name>=<abs path>"),
)
}
func (a *configV1) Handler(ctx context.Context, cmd *cobra.Command) (svc.Handler, error) {

2
pkg/integrations/envoy_auth_v3.go
View file

@ -48,7 +48,7 @@ func (a *envoyAuthV3) Description() string {
return "Enable EnvoyAuthV3 Integration Service"
}
func (a *envoyAuthV3) Register(cmd *cobra.Command, arg ArgGen) error {
func (a *envoyAuthV3) Register(cmd *cobra.Command, fs FlagEnvHandler) error {
return nil
}

243
pkg/integrations/flags.go Normal file
View file

@ -0,0 +1,243 @@
//
// DISCLAIMER
//
// Copyright 2024 ArangoDB GmbH, Cologne, Germany
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Copyright holder is ArangoDB GmbH, Cologne, Germany
//
package integrations
import (
"fmt"
"os"
"reflect"
"strconv"
"strings"
"time"
flag "github.com/spf13/pflag"
"github.com/arangodb/kube-arangodb/pkg/util"
"github.com/arangodb/kube-arangodb/pkg/util/errors"
)
func NewFlagEnvHandler(fs *flag.FlagSet) FlagEnvHandler {
return flagEnvHandler{
fs: fs,
}
}
type FlagEnvHandler interface {
WithPrefix(prefix string) FlagEnvHandler
StringVar(p *string, name string, value string, usage string) error
String(name string, value string, usage string) error
StringSliceVar(p *[]string, name string, value []string, usage string) error
StringSlice(name string, value []string, usage string) error
BoolVar(p *bool, name string, value bool, usage string) error
Bool(name string, value bool, usage string) error
Uint16Var(p *uint16, name string, value uint16, usage string) error
Uint16(name string, value uint16, usage string) error
DurationVar(p *time.Duration, name string, value time.Duration, usage string) error
Duration(name string, value time.Duration, usage string) error
}
type flagEnvHandler struct {
prefix string
fs *flag.FlagSet
}
func (f flagEnvHandler) StringVar(p *string, name string, value string, usage string) error {
v, err := parseEnvToString(f.getEnv(name), value)
if err != nil {
return err
}
f.fs.StringVar(p, f.name(name), v, f.varDesc(name, usage))
return nil
}
func (f flagEnvHandler) String(name string, value string, usage string) error {
v, err := parseEnvToString(f.getEnv(name), value)
if err != nil {
return err
}
f.fs.String(f.name(name), v, f.varDesc(name, usage))
return nil
}
func (f flagEnvHandler) StringSliceVar(p *[]string, name string, value []string, usage string) error {
v, err := parseEnvToStringArray(f.getEnv(name), value)
if err != nil {
return err
}
f.fs.StringSliceVar(p, f.name(name), v, f.varDesc(name, usage))
return nil
}
func (f flagEnvHandler) StringSlice(name string, value []string, usage string) error {
v, err := parseEnvToStringArray(f.getEnv(name), value)
if err != nil {
return err
}
f.fs.StringSlice(f.name(name), v, f.varDesc(name, usage))
return nil
}
func (f flagEnvHandler) BoolVar(p *bool, name string, value bool, usage string) error {
v, err := parseEnvToBool(f.getEnv(name), value)
if err != nil {
return err
}
f.fs.BoolVar(p, f.name(name), v, f.varDesc(name, usage))
return nil
}
func (f flagEnvHandler) Bool(name string, value bool, usage string) error {
v, err := parseEnvToBool(f.getEnv(name), value)
if err != nil {
return err
}
f.fs.Bool(f.name(name), v, f.varDesc(name, usage))
return nil
}
func (f flagEnvHandler) DurationVar(p *time.Duration, name string, value time.Duration, usage string) error {
v, err := parseEnvToDuration(f.getEnv(name), value)
if err != nil {
return err
}
f.fs.DurationVar(p, f.name(name), v, f.varDesc(name, usage))
return nil
}
func (f flagEnvHandler) Duration(name string, value time.Duration, usage string) error {
v, err := parseEnvToDuration(f.getEnv(name), value)
if err != nil {
return err
}
f.fs.Duration(f.name(name), v, f.varDesc(name, usage))
return nil
}
func (f flagEnvHandler) Uint16Var(p *uint16, name string, value uint16, usage string) error {
v, err := parseEnvToUint16(f.getEnv(name), value)
if err != nil {
return err
}
f.fs.Uint16Var(p, f.name(name), v, f.varDesc(name, usage))
return nil
}
func (f flagEnvHandler) Uint16(name string, value uint16, usage string) error {
v, err := parseEnvToUint16(f.getEnv(name), value)
if err != nil {
return err
}
f.fs.Uint16(f.name(name), v, f.varDesc(name, usage))
return nil
}
func (f flagEnvHandler) varDesc(name string, dest string) string {
return fmt.Sprintf("%s (Env: %s)", dest, f.getEnv(name))
}
func (f flagEnvHandler) getEnv(n string) string {
z := f.name(n)
z = strings.ReplaceAll(z, ".", "_")
z = strings.ReplaceAll(z, "-", "_")
return strings.ToUpper(z)
}
func (f flagEnvHandler) name(n string) string {
if f.prefix == "" {
return n
}
if n == "" {
return f.prefix
}
return fmt.Sprintf("%s.%s", f.prefix, n)
}
func (f flagEnvHandler) WithPrefix(prefix string) FlagEnvHandler {
return flagEnvHandler{
prefix: f.name(prefix),
fs: f.fs,
}
}
func parseEnvToDuration(env string, def time.Duration) (time.Duration, error) {
return parseEnvToType(env, def, time.ParseDuration)
}
func parseEnvToUint16(env string, def uint16) (uint16, error) {
return parseEnvToType(env, def, func(in string) (uint16, error) {
v, err := strconv.ParseUint(in, 10, 16)
return uint16(v), err
})
}
func parseEnvToBool(env string, def bool) (bool, error) {
return parseEnvToType(env, def, strconv.ParseBool)
}
func parseEnvToStringArray(env string, def []string) ([]string, error) {
return parseEnvToType(env, def, func(in string) ([]string, error) {
return strings.Split(in, ","), nil
})
}
func parseEnvToString(env string, def string) (string, error) {
return parseEnvToType(env, def, func(in string) (string, error) {
return in, nil
})
}
func parseEnvToType[T any](env string, def T, parser func(in string) (T, error)) (T, error) {
if v, ok := os.LookupEnv(env); ok {
if q, err := parser(v); err != nil {
return util.Default[T](), errors.Wrapf(err, "Unable to parse env `%s` as %s", env, reflect.TypeOf(def).String())
} else {
return q, nil
}
}
return def, nil
}

4
pkg/integrations/integration.go
View file

@ -30,13 +30,11 @@ import (
type Factory func() Integration
type ArgGen func(name string) string
type Integration interface {
Name() string
Description() string
Register(cmd *cobra.Command, arg ArgGen) error
Register(cmd *cobra.Command, fs FlagEnvHandler) error
Handler(ctx context.Context, cmd *cobra.Command) (svc.Handler, error)
}

53
pkg/integrations/register.go
View file

@ -125,37 +125,44 @@ func (c *configuration) Register(cmd *cobra.Command) error {
cmd.RunE = c.run
f := cmd.Flags()
f := NewFlagEnvHandler(cmd.Flags())
f.StringVar(&c.health.address, "health.address", "0.0.0.0:9091", "Address to expose health service")
f.BoolVar(&c.health.shutdownEnabled, "health.shutdown.enabled", true, "Determines if shutdown service should be enabled and exposed")
f.StringVar(&c.health.auth.t, "health.auth.type", "None", "Auth type for health service")
f.StringVar(&c.health.auth.token, "health.auth.token", "", "Token for health service (when auth service is token)")
f.StringVar(&c.health.tls.keyfile, "health.tls.keyfile", "", "Path to the keyfile")
if err := errors.Errors(
f.StringVar(&c.health.address, "health.address", "0.0.0.0:9091", "Address to expose health service"),
f.BoolVar(&c.health.shutdownEnabled, "health.shutdown.enabled", true, "Determines if shutdown service should be enabled and exposed"),
f.StringVar(&c.health.auth.t, "health.auth.type", "None", "Auth type for health service"),
f.StringVar(&c.health.auth.token, "health.auth.token", "", "Token for health service (when auth service is token)"),
f.StringVar(&c.health.tls.keyfile, "health.tls.keyfile", "", "Path to the keyfile"),
f.BoolVar(&c.services.internal.enabled, "services.enabled", true, "Defines if internal access is enabled")
f.StringVar(&c.services.internal.address, "services.address", "127.0.0.1:9092", "Address to expose internal services")
f.StringVar(&c.services.internal.auth.t, "services.auth.type", "None", "Auth type for internal service")
f.StringVar(&c.services.internal.auth.token, "services.auth.token", "", "Token for internal service (when auth service is token)")
f.StringVar(&c.services.internal.tls.keyfile, "services.tls.keyfile", "", "Path to the keyfile")
f.BoolVar(&c.services.external.enabled, "services.external.enabled", false, "Defines if external access is enabled")
f.StringVar(&c.services.external.address, "services.external.address", "0.0.0.0:9093", "Address to expose external services")
f.StringVar(&c.services.external.auth.t, "services.external.auth.type", "None", "Auth type for external service")
f.StringVar(&c.services.external.auth.token, "services.external.auth.token", "", "Token for external service (when auth service is token)")
f.StringVar(&c.services.external.tls.keyfile, "services.external.tls.keyfile", "", "Path to the keyfile")
f.BoolVar(&c.services.internal.enabled, "services.enabled", true, "Defines if internal access is enabled"),
f.StringVar(&c.services.internal.address, "services.address", "127.0.0.1:9092", "Address to expose internal services"),
f.StringVar(&c.services.internal.auth.t, "services.auth.type", "None", "Auth type for internal service"),
f.StringVar(&c.services.internal.auth.token, "services.auth.token", "", "Token for internal service (when auth service is token)"),
f.StringVar(&c.services.internal.tls.keyfile, "services.tls.keyfile", "", "Path to the keyfile"),
f.BoolVar(&c.services.external.enabled, "services.external.enabled", false, "Defines if external access is enabled"),
f.StringVar(&c.services.external.address, "services.external.address", "0.0.0.0:9093", "Address to expose external services"),
f.StringVar(&c.services.external.auth.t, "services.external.auth.type", "None", "Auth type for external service"),
f.StringVar(&c.services.external.auth.token, "services.external.auth.token", "", "Token for external service (when auth service is token)"),
f.StringVar(&c.services.external.tls.keyfile, "services.external.tls.keyfile", "", "Path to the keyfile"),
); err != nil {
return err
}
for _, service := range c.registered {
prefix := fmt.Sprintf("integration.%s", service.Name())
f.Bool(prefix, false, service.Description())
fs := f.WithPrefix(prefix)
internal, external := GetIntegrationEnablement(service)
f.Bool(fmt.Sprintf("%s.internal", prefix), internal, fmt.Sprintf("Defones if Internal access to service %s is enabled", service.Name()))
f.Bool(fmt.Sprintf("%s.external", prefix), external, fmt.Sprintf("Defones if External access to service %s is enabled", service.Name()))
if err := service.Register(cmd, func(name string) string {
return fmt.Sprintf("%s.%s", prefix, name)
}); err != nil {
if err := errors.Errors(
fs.Bool("", false, service.Description()),
fs.Bool("internal", internal, fmt.Sprintf("Defones if Internal access to service %s is enabled", service.Name())),
fs.Bool("external", external, fmt.Sprintf("Defones if External access to service %s is enabled", service.Name())),
); err != nil {
return err
}
if err := service.Register(cmd, fs); err != nil {
return errors.Wrapf(err, "Unable to register service %s", service.Name())
}
}

12
pkg/integrations/scheduler_v1.go
View file

@ -50,13 +50,11 @@ func (b *schedulerV1) Description() string {
return "SchedulerV1 Integration"
}
func (b *schedulerV1) Register(cmd *cobra.Command, arg ArgGen) error {
f := cmd.Flags()
f.StringVar(&b.Configuration.Namespace, arg("namespace"), constants.NamespaceWithDefault("default"), "Kubernetes Namespace")
f.BoolVar(&b.Configuration.VerifyAccess, arg("verify-access"), true, "Verify the CRD Access")
return nil
func (b *schedulerV1) Register(cmd *cobra.Command, fs FlagEnvHandler) error {
return errors.Errors(
fs.StringVar(&b.Configuration.Namespace, "namespace", constants.NamespaceWithDefault("default"), "Kubernetes Namespace"),
fs.BoolVar(&b.Configuration.VerifyAccess, "verify-access", true, "Verify the CRD Access"),
)
}
func (b *schedulerV1) Handler(ctx context.Context, cmd *cobra.Command) (svc.Handler, error) {

2
pkg/integrations/shutdown_v1.go
View file

@ -52,7 +52,7 @@ func (s *shutdownV1) Description() string {
return "ShutdownV1 Handler"
}
func (s *shutdownV1) Register(cmd *cobra.Command, arg ArgGen) error {
func (s *shutdownV1) Register(cmd *cobra.Command, fs FlagEnvHandler) error {
return nil
}

25
pkg/integrations/sidecar/core.go
View file

@ -24,8 +24,9 @@ import (
"fmt"
"strings"
core "k8s.io/api/core/v1"
"github.com/arangodb/kube-arangodb/pkg/util"
"github.com/arangodb/kube-arangodb/pkg/util/k8sutil"
)
type Core struct {
@ -49,14 +50,22 @@ func (c *Core) GetExternal() bool {
return *c.External
}
func (c *Core) Args(int Integration) k8sutil.OptionPairs {
var options k8sutil.OptionPairs
func (c *Core) Envs(int Integration, envs ...core.EnvVar) []core.EnvVar {
cmd := strings.Join(util.FormatList(int.Name(), func(a string) string {
return strings.ToLower(a)
}), ".")
return strings.ToUpper(a)
}), "_")
var r = []core.EnvVar{
{
Name: fmt.Sprintf("INTEGRATION_%s_INTERNAL", cmd),
Value: util.BoolSwitch(c.GetInternal(), "true", "false"),
},
{
Name: fmt.Sprintf("INTEGRATION_%s_EXTERNAL", cmd),
Value: util.BoolSwitch(c.GetExternal(), "true", "false"),
},
}
options.Add(fmt.Sprintf("--integration.%s.internal", cmd), c.GetInternal())
options.Add(fmt.Sprintf("--integration.%s.external", cmd), c.GetExternal())
r = append(r, envs...)
return options
return r
}

31
pkg/integrations/sidecar/integration.authentication.v1.go
View file

@ -26,11 +26,9 @@ import (
api "github.com/arangodb/kube-arangodb/pkg/apis/deployment/v1"
shared "github.com/arangodb/kube-arangodb/pkg/apis/shared"
"github.com/arangodb/kube-arangodb/pkg/deployment/pod"
"github.com/arangodb/kube-arangodb/pkg/util/k8sutil"
"github.com/arangodb/kube-arangodb/pkg/util"
)
var _ IntegrationVolumes = IntegrationAuthenticationV1{}
type IntegrationAuthenticationV1 struct {
Core *Core
@ -46,16 +44,27 @@ func (i IntegrationAuthenticationV1) Validate() error {
return nil
}
func (i IntegrationAuthenticationV1) Args() (k8sutil.OptionPairs, error) {
options := k8sutil.CreateOptionPairs()
func (i IntegrationAuthenticationV1) Envs() ([]core.EnvVar, error) {
var envs = []core.EnvVar{
{
Name: "INTEGRATION_AUTHENTICATION_V1",
Value: "true",
},
{
Name: "INTEGRATION_AUTHENTICATION_V1_ENABLED",
Value: util.BoolSwitch(i.Spec.IsAuthenticated(), "true", "false"),
},
{
Name: "INTEGRATION_AUTHENTICATION_V1_PATH",
Value: shared.ClusterJWTSecretVolumeMountDir,
},
}
options.Add("--integration.authentication.v1", true)
options.Add("--integration.authentication.v1.enabled", i.Spec.IsAuthenticated())
options.Add("--integration.authentication.v1.path", shared.ClusterJWTSecretVolumeMountDir)
return i.Core.Envs(i, envs...), nil
}
options.Merge(i.Core.Args(i))
return options, nil
func (i IntegrationAuthenticationV1) GlobalEnvs() ([]core.EnvVar, error) {
return nil, nil
}
func (i IntegrationAuthenticationV1) Volumes() ([]core.Volume, []core.VolumeMount, error) {

25
pkg/integrations/sidecar/integration.authorization.v1.go → pkg/integrations/sidecar/integration.authorization.v0.go
View file

@ -21,7 +21,7 @@
package sidecar
import (
"github.com/arangodb/kube-arangodb/pkg/util/k8sutil"
core "k8s.io/api/core/v1"
)
type IntegrationAuthorizationV0 struct {
@ -36,12 +36,21 @@ func (i IntegrationAuthorizationV0) Validate() error {
return nil
}
func (i IntegrationAuthorizationV0) Args() (k8sutil.OptionPairs, error) {
options := k8sutil.CreateOptionPairs()
func (i IntegrationAuthorizationV0) Envs() ([]core.EnvVar, error) {
var envs = []core.EnvVar{
{
Name: "INTEGRATION_AUTHENTICATION_V0",
Value: "true",
},
}
options.Add("--integration.authorization.v0", true)
options.Merge(i.Core.Args(i))
return options, nil
return i.Core.Envs(i, envs...), nil
}
func (i IntegrationAuthorizationV0) GlobalEnvs() ([]core.EnvVar, error) {
return nil, nil
}
func (i IntegrationAuthorizationV0) Volumes() ([]core.Volume, []core.VolumeMount, error) {
return nil, nil, nil
}

26
pkg/integrations/sidecar/integration.envoy.v3.go
View file

@ -21,8 +21,9 @@
package sidecar
import (
core "k8s.io/api/core/v1"
api "github.com/arangodb/kube-arangodb/pkg/apis/deployment/v1"
"github.com/arangodb/kube-arangodb/pkg/util/k8sutil"
)
type IntegrationEnvoyV3 struct {
@ -38,12 +39,21 @@ func (i IntegrationEnvoyV3) Validate() error {
return nil
}
func (i IntegrationEnvoyV3) Args() (k8sutil.OptionPairs, error) {
options := k8sutil.CreateOptionPairs()
func (i IntegrationEnvoyV3) Envs() ([]core.EnvVar, error) {
var envs = []core.EnvVar{
{
Name: "INTEGRATION_ENVOY_AUTH_V3",
Value: "true",
},
}
options.Add("--integration.envoy.auth.v3", true)
options.Merge(i.Core.Args(i))
return options, nil
return i.Core.Envs(i, envs...), nil
}
func (i IntegrationEnvoyV3) GlobalEnvs() ([]core.EnvVar, error) {
return nil, nil
}
func (i IntegrationEnvoyV3) Volumes() ([]core.Volume, []core.VolumeMount, error) {
return nil, nil, nil
}

170
pkg/integrations/sidecar/integration.go
View file

@ -29,47 +29,93 @@ const (
ListenPortHealthName = "health"
)
func WithIntegrationEnvs(in Integration) ([]core.EnvVar, error) {
if v, ok := in.(IntegrationEnvs); ok {
return v.Envs()
}
return nil, nil
}
type IntegrationEnvs interface {
Integration
Envs() ([]core.EnvVar, error)
}
func WithIntegrationVolumes(in Integration) ([]core.Volume, []core.VolumeMount, error) {
if v, ok := in.(IntegrationVolumes); ok {
return v.Volumes()
}
return nil, nil, nil
}
type IntegrationVolumes interface {
Integration
Volumes() ([]core.Volume, []core.VolumeMount, error)
}
type Integration interface {
Name() []string
Args() (k8sutil.OptionPairs, error)
Envs() ([]core.EnvVar, error)
GlobalEnvs() ([]core.EnvVar, error)
Volumes() ([]core.Volume, []core.VolumeMount, error)
Validate() error
}
func NewIntegration(image *schedulerContainerResourcesApi.Image, integration *schedulerIntegrationApi.Sidecar, coreContainers []string, integrations ...Integration) (*schedulerApi.ProfileTemplate, error) {
for _, integration := range integrations {
if err := integration.Validate(); err != nil {
name := strings.Join(integration.Name(), "/")
func NewShutdownAnnotations(coreContainers []string) *schedulerApi.ProfileTemplate {
pt := schedulerApi.ProfileTemplate{
Pod: &schedulerPodApi.Pod{
Metadata: &schedulerPodResourcesApi.Metadata{
Annotations: map[string]string{},
},
},
}
for _, container := range coreContainers {
pt.Pod.Metadata.Annotations[fmt.Sprintf("%s/%s", constants.AnnotationShutdownCoreContainer, container)] = constants.AnnotationShutdownCoreContainerModeWait
}
return &pt
}
func NewIntegrationEnablement(integrations ...Integration) (*schedulerApi.ProfileTemplate, error) {
var envs, gEnvs []core.EnvVar
var volumes []core.Volume
var volumeMounts []core.VolumeMount
for _, integration := range integrations {
name := strings.Join(integration.Name(), "/")
if err := integration.Validate(); err != nil {
return nil, errors.Wrapf(err, "Failure in %s", name)
}
if lvolumes, lvolumeMounts, err := integration.Volumes(); err != nil {
return nil, errors.Wrapf(err, "Failure in volumes %s", name)
} else if len(lvolumes) > 0 || len(lvolumeMounts) > 0 {
volumes = append(volumes, lvolumes...)
volumeMounts = append(volumeMounts, lvolumeMounts...)
}
if lenvs, err := integration.Envs(); err != nil {
return nil, errors.Wrapf(err, "Failure in envs %s", name)
} else if len(lenvs) > 0 {
envs = append(envs, lenvs...)
}
if lgenvs, err := integration.GlobalEnvs(); err != nil {
return nil, errors.Wrapf(err, "Failure in global envs %s", name)
} else if len(lgenvs) > 0 {
gEnvs = append(gEnvs, lgenvs...)
}
}
if len(envs) == 0 && len(gEnvs) == 0 {
return nil, nil
}
return &schedulerApi.ProfileTemplate{
Pod: &schedulerPodApi.Pod{
Volumes: &schedulerPodResourcesApi.Volumes{
Volumes: volumes,
},
},
Container: &schedulerApi.ProfileContainerTemplate{
Containers: map[string]schedulerContainerApi.Container{
ContainerName: {
Environments: &schedulerContainerResourcesApi.Environments{
Env: envs,
},
VolumeMounts: &schedulerContainerResourcesApi.VolumeMounts{
VolumeMounts: volumeMounts,
},
},
},
All: &schedulerContainerApi.Generic{
Environments: &schedulerContainerResourcesApi.Environments{
Env: gEnvs,
},
},
},
}, nil
}
func NewIntegration(image *schedulerContainerResourcesApi.Image, integration *schedulerIntegrationApi.Sidecar) (*schedulerApi.ProfileTemplate, error) {
// Arguments
exePath := k8sutil.BinaryPath()
@ -83,10 +129,6 @@ func NewIntegration(image *schedulerContainerResourcesApi.Image, integration *sc
options.Addf("--services.address", "127.0.0.1:%d", integration.GetListenPort())
options.Addf("--health.address", "0.0.0.0:%d", integration.GetControllerListenPort())
// Volumes
var volumes []core.Volume
var volumeMounts []core.VolumeMount
// Envs
var envs = []core.EnvVar{
@ -100,40 +142,6 @@ func NewIntegration(image *schedulerContainerResourcesApi.Image, integration *sc
},
}
for _, i := range integrations {
name := strings.Join(i.Name(), "/")
if err := i.Validate(); err != nil {
return nil, errors.Wrapf(err, "Failure in %s", name)
}
if args, err := i.Args(); err != nil {
return nil, errors.Wrapf(err, "Failure in arguments %s", name)
} else if len(args) > 0 {
options.Merge(args)
}
if lvolumes, lvolumeMounts, err := WithIntegrationVolumes(i); err != nil {
return nil, errors.Wrapf(err, "Failure in volumes %s", name)
} else if len(lvolumes) > 0 || len(lvolumeMounts) > 0 {
volumes = append(volumes, lvolumes...)
volumeMounts = append(volumeMounts, lvolumeMounts...)
}
if lenvs, err := WithIntegrationEnvs(i); err != nil {
return nil, errors.Wrapf(err, "Failure in envs %s", name)
} else if len(lenvs) > 0 {
envs = append(envs, lenvs...)
}
envs = append(envs, core.EnvVar{
Name: fmt.Sprintf("INTEGRATION_SERVICE_%s", strings.Join(util.FormatList(i.Name(), func(a string) string {
return strings.ToUpper(a)
}), "_")),
Value: fmt.Sprintf("127.0.0.1:%d", integration.GetListenPort()),
})
}
c := schedulerContainerApi.Container{
Core: &schedulerContainerResourcesApi.Core{
Command: append([]string{exePath, "integration"}, options.Sort().AsArgs()...),
@ -175,14 +183,15 @@ func NewIntegration(image *schedulerContainerResourcesApi.Image, integration *sc
FailureThreshold: 2, // Need 2 failed probes to consider a failed state
},
},
VolumeMounts: &schedulerContainerResourcesApi.VolumeMounts{
VolumeMounts: volumeMounts,
},
}
pt := schedulerApi.ProfileTemplate{
Container: &schedulerApi.ProfileContainerTemplate{
All: &schedulerContainerApi.Generic{
Environments: &schedulerContainerResourcesApi.Environments{
Env: envs,
},
},
Containers: map[string]schedulerContainerApi.Container{
ContainerName: util.TypeOrDefault(k8sutil.CreateDefaultContainerTemplate(image).With(&c).With(integration.GetContainer())),
},
@ -191,24 +200,15 @@ func NewIntegration(image *schedulerContainerResourcesApi.Image, integration *sc
Metadata: &schedulerPodResourcesApi.Metadata{
Annotations: map[string]string{},
},
Volumes: &schedulerPodResourcesApi.Volumes{
Volumes: volumes,
},
},
}
for _, container := range coreContainers {
pt.Pod.Metadata.Annotations[fmt.Sprintf("%s/%s", constants.AnnotationShutdownCoreContainer, container)] = constants.AnnotationShutdownCoreContainerModeWait
}
pt.Pod.Metadata.Annotations[fmt.Sprintf("%s/%s", constants.AnnotationShutdownContainer, ContainerName)] = ListenPortHealthName
pt.Pod.Metadata.Annotations[constants.AnnotationShutdownManagedContainer] = "true"
pt.Container.Containers.ExtendContainers(&schedulerContainerApi.Container{
Environments: &schedulerContainerResourcesApi.Environments{
Env: envs,
},
}, coreContainers...)
pt.Container.All.Environments = &schedulerContainerResourcesApi.Environments{
Env: envs,
}
return &pt, nil
}

25
pkg/integrations/sidecar/integration.shutdown.v1.go
View file

@ -21,7 +21,7 @@
package sidecar
import (
"github.com/arangodb/kube-arangodb/pkg/util/k8sutil"
core "k8s.io/api/core/v1"
)
type IntegrationShutdownV1 struct {
@ -36,12 +36,21 @@ func (i IntegrationShutdownV1) Validate() error {
return nil
}
func (i IntegrationShutdownV1) Args() (k8sutil.OptionPairs, error) {
options := k8sutil.CreateOptionPairs()
func (i IntegrationShutdownV1) Envs() ([]core.EnvVar, error) {
var envs = []core.EnvVar{
{
Name: "INTEGRATION_SHUTDOWN_V1",
Value: "true",
},
}
options.Add("--integration.shutdown.v1", true)
options.Merge(i.Core.Args(i))
return options, nil
return i.Core.Envs(i, envs...), nil
}
func (i IntegrationShutdownV1) GlobalEnvs() ([]core.EnvVar, error) {
return nil, nil
}
func (i IntegrationShutdownV1) Volumes() ([]core.Volume, []core.VolumeMount, error) {
return nil, nil, nil
}

29
pkg/integrations/storage_v1.go
View file

@ -26,6 +26,7 @@ import (
"github.com/spf13/cobra"
"github.com/arangodb/kube-arangodb/pkg/ml/storage"
"github.com/arangodb/kube-arangodb/pkg/util/errors"
"github.com/arangodb/kube-arangodb/pkg/util/svc"
)
@ -47,21 +48,19 @@ func (b *storageV1) Description() string {
return "StorageBucket Integration"
}
func (b *storageV1) Register(cmd *cobra.Command, arg ArgGen) error {
f := cmd.Flags()
f.StringVar((*string)(&b.Configuration.Type), arg("type"), string(storage.S3), "Type of the Storage Integration")
f.StringVar(&b.Configuration.S3.Endpoint, arg("s3.endpoint"), "", "Endpoint of S3 API implementation")
f.StringVar(&b.Configuration.S3.CACrtFile, arg("s3.ca-crt"), "", "Path to file containing CA certificate to validate endpoint connection")
f.StringVar(&b.Configuration.S3.CAKeyFile, arg("s3.ca-key"), "", "Path to file containing keyfile to validate endpoint connection")
f.BoolVar(&b.Configuration.S3.AllowInsecure, arg("s3.allow-insecure"), false, "If set to true, the Endpoint certificates won't be checked")
f.BoolVar(&b.Configuration.S3.DisableSSL, arg("s3.disable-ssl"), false, "If set to true, the SSL won't be used when connecting to Endpoint")
f.StringVar(&b.Configuration.S3.Region, arg("s3.region"), "", "Region")
f.StringVar(&b.Configuration.S3.BucketName, arg("s3.bucket"), "", "Bucket name")
f.StringVar(&b.Configuration.S3.AccessKeyFile, arg("s3.access-key"), "", "Path to file containing S3 AccessKey")
f.StringVar(&b.Configuration.S3.SecretKeyFile, arg("s3.secret-key"), "", "Path to file containing S3 SecretKey")
return nil
func (b *storageV1) Register(cmd *cobra.Command, fs FlagEnvHandler) error {
return errors.Errors(
fs.StringVar((*string)(&b.Configuration.Type), "type", string(storage.S3), "Type of the Storage Integration"),
fs.StringVar(&b.Configuration.S3.Endpoint, "s3.endpoint", "", "Endpoint of S3 API implementation"),
fs.StringVar(&b.Configuration.S3.CACrtFile, "s3.ca-crt", "", "Path to file containing CA certificate to validate endpoint connection"),
fs.StringVar(&b.Configuration.S3.CAKeyFile, "s3.ca-key", "", "Path to file containing keyfile to validate endpoint connection"),
fs.BoolVar(&b.Configuration.S3.AllowInsecure, "s3.allow-insecure", false, "If set to true, the Endpoint certificates won't be checked"),
fs.BoolVar(&b.Configuration.S3.DisableSSL, "s3.disable-ssl", false, "If set to true, the SSL won't be used when connecting to Endpoint"),
fs.StringVar(&b.Configuration.S3.Region, "s3.region", "", "Region"),
fs.StringVar(&b.Configuration.S3.BucketName, "s3.bucket", "", "Bucket name"),
fs.StringVar(&b.Configuration.S3.AccessKeyFile, "s3.access-key", "", "Path to file containing S3 AccessKey"),
fs.StringVar(&b.Configuration.S3.SecretKeyFile, "s3.secret-key", "", "Path to file containing S3 SecretKey"),
)
}
func (b *storageV1) Handler(ctx context.Context, cmd *cobra.Command) (svc.Handler, error) {