1
0
Fork 0
mirror of https://github.com/arangodb/kube-arangodb.git synced 2024-12-14 11:57:37 +00:00

[Feature] [Scheduler] Extract Integration (#1723)

This commit is contained in:
Adam Janikowski 2024-09-12 14:45:36 +02:00 committed by GitHub
parent 0d6108158f
commit c5ffe866a0
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
29 changed files with 2417 additions and 1993 deletions

View file

@ -3045,7 +3045,7 @@ Type: `boolean` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.
### .spec.gateway.dynamic ### .spec.gateway.dynamic
Type: `boolean` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/deployment/v1/deployment_spec_gateway.go#L38)</sup> Type: `boolean` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/deployment/v1/deployment_spec_gateway.go#L36)</sup>
Dynamic setting enables/disables support dynamic configuration of the gateway in the cluster. Dynamic setting enables/disables support dynamic configuration of the gateway in the cluster.
When enabled, gateway config will be reloaded by ConfigMap live updates. When enabled, gateway config will be reloaded by ConfigMap live updates.
@ -3056,7 +3056,7 @@ Default Value: `false`
### .spec.gateway.enabled ### .spec.gateway.enabled
Type: `boolean` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/deployment/v1/deployment_spec_gateway.go#L33)</sup> Type: `boolean` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/deployment/v1/deployment_spec_gateway.go#L31)</sup>
Enabled setting enables/disables support for gateway in the cluster. Enabled setting enables/disables support for gateway in the cluster.
When enabled, the cluster will contain a number of `gateway` servers. When enabled, the cluster will contain a number of `gateway` servers.
@ -3067,217 +3067,13 @@ Default Value: `false`
### .spec.gateway.image ### .spec.gateway.image
Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/deployment/v1/deployment_spec_gateway.go#L42)</sup> Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/deployment/v1/deployment_spec_gateway.go#L40)</sup>
Image is the image to use for the gateway. Image is the image to use for the gateway.
By default, the image is determined by the operator. By default, the image is determined by the operator.
*** ***
### .spec.gateway.sidecar.args
Type: `array` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/core.go#L54)</sup>
Arguments to the entrypoint.
The container image's CMD is used if this is not provided.
Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
of whether the variable exists or not. Cannot be updated.
Links:
* [Kubernetes Docs](https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell)
***
### .spec.gateway.sidecar.command
Type: `array` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/core.go#L44)</sup>
Entrypoint array. Not executed within a shell.
The container image's ENTRYPOINT is used if this is not provided.
Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
of whether the variable exists or not. Cannot be updated.
Links:
* [Kubernetes Docs](https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell)
***
### .spec.gateway.sidecar.controllerListenPort
Type: `integer` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/integration/integration.go#L36)</sup>
ControllerListenPort defines on which port the sidecar container will be listening for controller requests
Default Value: `9202`
***
### .spec.gateway.sidecar.env
Type: `core.EnvVar` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/environments.go#L36)</sup>
Env keeps the information about environment variables provided to the container
Links:
* [Kubernetes Docs](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#envvar-v1-core)
***
### .spec.gateway.sidecar.envFrom
Type: `core.EnvFromSource` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/environments.go#L41)</sup>
EnvFrom keeps the information about environment variable sources provided to the container
Links:
* [Kubernetes Docs](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#envfromsource-v1-core)
***
### .spec.gateway.sidecar.image
Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/image.go#L35)</sup>
Image define image details
***
### .spec.gateway.sidecar.imagePullPolicy
Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/image.go#L39)</sup>
ImagePullPolicy define Image pull policy
Default Value: `IfNotPresent`
***
### .spec.gateway.sidecar.lifecycle
Type: `core.Lifecycle` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/lifecycle.go#L35)</sup>
Lifecycle keeps actions that the management system should take in response to container lifecycle events.
***
### .spec.gateway.sidecar.listenPort
Type: `integer` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/integration/integration.go#L32)</sup>
ListenPort defines on which port the sidecar container will be listening for connections
Default Value: `9201`
***
### .spec.gateway.sidecar.livenessProbe
Type: `core.Probe` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/probes.go#L37)</sup>
LivenessProbe keeps configuration of periodic probe of container liveness.
Container will be restarted if the probe fails.
Links:
* [Kubernetes docs](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes)
***
### .spec.gateway.sidecar.method
Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/policy/merge.go#L32)</sup>
Method defines the merge method
Possible Values:
* `"override"` (default) - Overrides values during configuration merge
* `"append"` - Appends, if possible, values during configuration merge
***
### .spec.gateway.sidecar.ports
Type: `[]core.ContainerPort` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/networking.go#L39)</sup>
Ports contains list of ports to expose from the container. Not specifying a port here
DOES NOT prevent that port from being exposed. Any port which is
listening on the default "0.0.0.0" address inside a container will be
accessible from the network.
***
### .spec.gateway.sidecar.readinessProbe
Type: `core.Probe` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/probes.go#L42)</sup>
ReadinessProbe keeps configuration of periodic probe of container service readiness.
Container will be removed from service endpoints if the probe fails.
Links:
* [Kubernetes docs](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes)
***
### .spec.gateway.sidecar.resources
Type: `core.ResourceRequirements` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/resources.go#L37)</sup>
Resources holds resource requests & limits for container
Links:
* [Documentation of core.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#resourcerequirements-v1-core)
***
### .spec.gateway.sidecar.securityContext
Type: `core.SecurityContext` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/security.go#L35)</sup>
SecurityContext holds container-level security attributes and common container settings.
Links:
* [Kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
***
### .spec.gateway.sidecar.startupProbe
Type: `core.Probe` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/probes.go#L50)</sup>
StartupProbe indicates that the Pod has successfully initialized.
If specified, no other probes are executed until this completes successfully.
If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
when it might take a long time to load data or warm a cache, than during steady-state operation.
Links:
* [Kubernetes docs](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes)
***
### .spec.gateway.sidecar.volumeMounts
Type: `[]core.VolumeMount` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/volume_mounts.go#L35)</sup>
VolumeMounts keeps list of pod volumes to mount into the container's filesystem.
***
### .spec.gateway.sidecar.workingDir
Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/core.go#L59)</sup>
Container's working directory.
If not specified, the container runtime's default will be used, which
might be configured in the container image.
***
### .spec.gateways.affinity ### .spec.gateways.affinity
Type: `core.PodAffinity` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/deployment/v1/server_group_spec.go#L156)</sup> Type: `core.PodAffinity` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/deployment/v1/server_group_spec.go#L156)</sup>
@ -4478,6 +4274,210 @@ ImagePullSecrets specifies the list of image pull secrets for the docker image t
*** ***
### .spec.integration.sidecar.args
Type: `array` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/core.go#L54)</sup>
Arguments to the entrypoint.
The container image's CMD is used if this is not provided.
Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
of whether the variable exists or not. Cannot be updated.
Links:
* [Kubernetes Docs](https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell)
***
### .spec.integration.sidecar.command
Type: `array` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/core.go#L44)</sup>
Entrypoint array. Not executed within a shell.
The container image's ENTRYPOINT is used if this is not provided.
Variable references $(VAR_NAME) are expanded using the container's environment. If a variable
cannot be resolved, the reference in the input string will be unchanged. Double $$ are reduced
to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e. "$$(VAR_NAME)" will
produce the string literal "$(VAR_NAME)". Escaped references will never be expanded, regardless
of whether the variable exists or not. Cannot be updated.
Links:
* [Kubernetes Docs](https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/#running-a-command-in-a-shell)
***
### .spec.integration.sidecar.controllerListenPort
Type: `integer` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/integration/integration.go#L36)</sup>
ControllerListenPort defines on which port the sidecar container will be listening for controller requests
Default Value: `9202`
***
### .spec.integration.sidecar.env
Type: `core.EnvVar` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/environments.go#L36)</sup>
Env keeps the information about environment variables provided to the container
Links:
* [Kubernetes Docs](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#envvar-v1-core)
***
### .spec.integration.sidecar.envFrom
Type: `core.EnvFromSource` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/environments.go#L41)</sup>
EnvFrom keeps the information about environment variable sources provided to the container
Links:
* [Kubernetes Docs](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#envfromsource-v1-core)
***
### .spec.integration.sidecar.image
Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/image.go#L35)</sup>
Image define image details
***
### .spec.integration.sidecar.imagePullPolicy
Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/image.go#L39)</sup>
ImagePullPolicy define Image pull policy
Default Value: `IfNotPresent`
***
### .spec.integration.sidecar.lifecycle
Type: `core.Lifecycle` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/lifecycle.go#L35)</sup>
Lifecycle keeps actions that the management system should take in response to container lifecycle events.
***
### .spec.integration.sidecar.listenPort
Type: `integer` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/integration/integration.go#L32)</sup>
ListenPort defines on which port the sidecar container will be listening for connections
Default Value: `9201`
***
### .spec.integration.sidecar.livenessProbe
Type: `core.Probe` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/probes.go#L37)</sup>
LivenessProbe keeps configuration of periodic probe of container liveness.
Container will be restarted if the probe fails.
Links:
* [Kubernetes docs](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes)
***
### .spec.integration.sidecar.method
Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/policy/merge.go#L32)</sup>
Method defines the merge method
Possible Values:
* `"override"` (default) - Overrides values during configuration merge
* `"append"` - Appends, if possible, values during configuration merge
***
### .spec.integration.sidecar.ports
Type: `[]core.ContainerPort` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/networking.go#L39)</sup>
Ports contains list of ports to expose from the container. Not specifying a port here
DOES NOT prevent that port from being exposed. Any port which is
listening on the default "0.0.0.0" address inside a container will be
accessible from the network.
***
### .spec.integration.sidecar.readinessProbe
Type: `core.Probe` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/probes.go#L42)</sup>
ReadinessProbe keeps configuration of periodic probe of container service readiness.
Container will be removed from service endpoints if the probe fails.
Links:
* [Kubernetes docs](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes)
***
### .spec.integration.sidecar.resources
Type: `core.ResourceRequirements` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/resources.go#L37)</sup>
Resources holds resource requests & limits for container
Links:
* [Documentation of core.ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.29/#resourcerequirements-v1-core)
***
### .spec.integration.sidecar.securityContext
Type: `core.SecurityContext` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/security.go#L35)</sup>
SecurityContext holds container-level security attributes and common container settings.
Links:
* [Kubernetes docs](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
***
### .spec.integration.sidecar.startupProbe
Type: `core.Probe` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/probes.go#L50)</sup>
StartupProbe indicates that the Pod has successfully initialized.
If specified, no other probes are executed until this completes successfully.
If this probe fails, the Pod will be restarted, just as if the livenessProbe failed.
This can be used to provide different probe parameters at the beginning of a Pod's lifecycle,
when it might take a long time to load data or warm a cache, than during steady-state operation.
Links:
* [Kubernetes docs](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle#container-probes)
***
### .spec.integration.sidecar.volumeMounts
Type: `[]core.VolumeMount` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/volume_mounts.go#L35)</sup>
VolumeMounts keeps list of pod volumes to mount into the container's filesystem.
***
### .spec.integration.sidecar.workingDir
Type: `string` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/scheduler/v1beta1/container/resources/core.go#L59)</sup>
Container's working directory.
If not specified, the container runtime's default will be used, which
might be configured in the container image.
***
### .spec.labels ### .spec.labels
Type: `object` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/deployment/v1/deployment_spec.go#L127)</sup> Type: `object` <sup>[\[ref\]](https://github.com/arangodb/kube-arangodb/blob/1.2.42/pkg/apis/deployment/v1/deployment_spec.go#L127)</sup>

View file

@ -18,65 +18,65 @@ Available Commands:
help Help about any command help Help about any command
Flags: Flags:
--health.address string Address to expose health service (default "0.0.0.0:9091") --health.address string Address to expose health service (Env: HEALTH_ADDRESS) (default "0.0.0.0:9091")
--health.auth.token string Token for health service (when auth service is token) --health.auth.token string Token for health service (when auth service is token) (Env: HEALTH_AUTH_TOKEN)
--health.auth.type string Auth type for health service (default "None") --health.auth.type string Auth type for health service (Env: HEALTH_AUTH_TYPE) (default "None")
--health.shutdown.enabled Determines if shutdown service should be enabled and exposed (default true) --health.shutdown.enabled Determines if shutdown service should be enabled and exposed (Env: HEALTH_SHUTDOWN_ENABLED) (default true)
--health.tls.keyfile string Path to the keyfile --health.tls.keyfile string Path to the keyfile (Env: HEALTH_TLS_KEYFILE)
-h, --help help for arangodb_operator_integration -h, --help help for arangodb_operator_integration
--integration.authentication.v1 Enable AuthenticationV1 Integration Service --integration.authentication.v1 Enable AuthenticationV1 Integration Service (Env: INTEGRATION_AUTHENTICATION_V1)
--integration.authentication.v1.enabled Defines if Authentication is enabled (default true) --integration.authentication.v1.enabled Defines if Authentication is enabled (Env: INTEGRATION_AUTHENTICATION_V1_ENABLED) (default true)
--integration.authentication.v1.external Defones if External access to service authentication.v1 is enabled --integration.authentication.v1.external Defones if External access to service authentication.v1 is enabled (Env: INTEGRATION_AUTHENTICATION_V1_EXTERNAL)
--integration.authentication.v1.internal Defones if Internal access to service authentication.v1 is enabled (default true) --integration.authentication.v1.internal Defones if Internal access to service authentication.v1 is enabled (Env: INTEGRATION_AUTHENTICATION_V1_INTERNAL) (default true)
--integration.authentication.v1.path string Path to the JWT Folder --integration.authentication.v1.path string Path to the JWT Folder (Env: INTEGRATION_AUTHENTICATION_V1_PATH)
--integration.authentication.v1.token.allowed strings Allowed users for the Token --integration.authentication.v1.token.allowed strings Allowed users for the Token (Env: INTEGRATION_AUTHENTICATION_V1_TOKEN_ALLOWED)
--integration.authentication.v1.token.max-size uint16 Max Token max size in bytes (default 64) --integration.authentication.v1.token.max-size uint16 Max Token max size in bytes (Env: INTEGRATION_AUTHENTICATION_V1_TOKEN_MAX_SIZE) (default 64)
--integration.authentication.v1.token.ttl.default duration Default Token TTL (default 1h0m0s) --integration.authentication.v1.token.ttl.default duration Default Token TTL (Env: INTEGRATION_AUTHENTICATION_V1_TOKEN_TTL_DEFAULT) (default 1h0m0s)
--integration.authentication.v1.token.ttl.max duration Max Token TTL (default 1h0m0s) --integration.authentication.v1.token.ttl.max duration Max Token TTL (Env: INTEGRATION_AUTHENTICATION_V1_TOKEN_TTL_MAX) (default 1h0m0s)
--integration.authentication.v1.token.ttl.min duration Min Token TTL (default 1m0s) --integration.authentication.v1.token.ttl.min duration Min Token TTL (Env: INTEGRATION_AUTHENTICATION_V1_TOKEN_TTL_MIN) (default 1m0s)
--integration.authentication.v1.token.user string Default user of the Token (default "root") --integration.authentication.v1.token.user string Default user of the Token (Env: INTEGRATION_AUTHENTICATION_V1_TOKEN_USER) (default "root")
--integration.authentication.v1.ttl duration TTL of the JWT cache (default 15s) --integration.authentication.v1.ttl duration TTL of the JWT cache (Env: INTEGRATION_AUTHENTICATION_V1_TTL) (default 15s)
--integration.authorization.v0 Enable AuthorizationV0 Integration Service --integration.authorization.v0 Enable AuthorizationV0 Integration Service (Env: INTEGRATION_AUTHORIZATION_V0)
--integration.authorization.v0.external Defones if External access to service authorization.v0 is enabled --integration.authorization.v0.external Defones if External access to service authorization.v0 is enabled (Env: INTEGRATION_AUTHORIZATION_V0_EXTERNAL)
--integration.authorization.v0.internal Defones if Internal access to service authorization.v0 is enabled (default true) --integration.authorization.v0.internal Defones if Internal access to service authorization.v0 is enabled (Env: INTEGRATION_AUTHORIZATION_V0_INTERNAL) (default true)
--integration.config.v1 Enable ConfigV1 Integration Service --integration.config.v1 Enable ConfigV1 Integration Service (Env: INTEGRATION_CONFIG_V1)
--integration.config.v1.external Defones if External access to service config.v1 is enabled --integration.config.v1.external Defones if External access to service config.v1 is enabled (Env: INTEGRATION_CONFIG_V1_EXTERNAL)
--integration.config.v1.internal Defones if Internal access to service config.v1 is enabled (default true) --integration.config.v1.internal Defones if Internal access to service config.v1 is enabled (Env: INTEGRATION_CONFIG_V1_INTERNAL) (default true)
--integration.config.v1.module strings Module in the reference <name>=<abs path> --integration.config.v1.module strings Module in the reference <name>=<abs path> (Env: INTEGRATION_CONFIG_V1_MODULE)
--integration.envoy.auth.v3 Enable EnvoyAuthV3 Integration Service --integration.envoy.auth.v3 Enable EnvoyAuthV3 Integration Service (Env: INTEGRATION_ENVOY_AUTH_V3)
--integration.envoy.auth.v3.external Defones if External access to service envoy.auth.v3 is enabled --integration.envoy.auth.v3.external Defones if External access to service envoy.auth.v3 is enabled (Env: INTEGRATION_ENVOY_AUTH_V3_EXTERNAL)
--integration.envoy.auth.v3.internal Defones if Internal access to service envoy.auth.v3 is enabled (default true) --integration.envoy.auth.v3.internal Defones if Internal access to service envoy.auth.v3 is enabled (Env: INTEGRATION_ENVOY_AUTH_V3_INTERNAL) (default true)
--integration.scheduler.v1 SchedulerV1 Integration --integration.scheduler.v1 SchedulerV1 Integration (Env: INTEGRATION_SCHEDULER_V1)
--integration.scheduler.v1.external Defones if External access to service scheduler.v1 is enabled --integration.scheduler.v1.external Defones if External access to service scheduler.v1 is enabled (Env: INTEGRATION_SCHEDULER_V1_EXTERNAL)
--integration.scheduler.v1.internal Defones if Internal access to service scheduler.v1 is enabled (default true) --integration.scheduler.v1.internal Defones if Internal access to service scheduler.v1 is enabled (Env: INTEGRATION_SCHEDULER_V1_INTERNAL) (default true)
--integration.scheduler.v1.namespace string Kubernetes Namespace (default "default") --integration.scheduler.v1.namespace string Kubernetes Namespace (Env: INTEGRATION_SCHEDULER_V1_NAMESPACE) (default "default")
--integration.scheduler.v1.verify-access Verify the CRD Access (default true) --integration.scheduler.v1.verify-access Verify the CRD Access (Env: INTEGRATION_SCHEDULER_V1_VERIFY_ACCESS) (default true)
--integration.shutdown.v1 ShutdownV1 Handler --integration.shutdown.v1 ShutdownV1 Handler (Env: INTEGRATION_SHUTDOWN_V1)
--integration.shutdown.v1.external Defones if External access to service shutdown.v1 is enabled --integration.shutdown.v1.external Defones if External access to service shutdown.v1 is enabled (Env: INTEGRATION_SHUTDOWN_V1_EXTERNAL)
--integration.shutdown.v1.internal Defones if Internal access to service shutdown.v1 is enabled (default true) --integration.shutdown.v1.internal Defones if Internal access to service shutdown.v1 is enabled (Env: INTEGRATION_SHUTDOWN_V1_INTERNAL) (default true)
--integration.storage.v1 StorageBucket Integration --integration.storage.v1 StorageBucket Integration (Env: INTEGRATION_STORAGE_V1)
--integration.storage.v1.external Defones if External access to service storage.v1 is enabled --integration.storage.v1.external Defones if External access to service storage.v1 is enabled (Env: INTEGRATION_STORAGE_V1_EXTERNAL)
--integration.storage.v1.internal Defones if Internal access to service storage.v1 is enabled (default true) --integration.storage.v1.internal Defones if Internal access to service storage.v1 is enabled (Env: INTEGRATION_STORAGE_V1_INTERNAL) (default true)
--integration.storage.v1.s3.access-key string Path to file containing S3 AccessKey --integration.storage.v1.s3.access-key string Path to file containing S3 AccessKey (Env: INTEGRATION_STORAGE_V1_S3_ACCESS_KEY)
--integration.storage.v1.s3.allow-insecure If set to true, the Endpoint certificates won't be checked --integration.storage.v1.s3.allow-insecure If set to true, the Endpoint certificates won't be checked (Env: INTEGRATION_STORAGE_V1_S3_ALLOW_INSECURE)
--integration.storage.v1.s3.bucket string Bucket name --integration.storage.v1.s3.bucket string Bucket name (Env: INTEGRATION_STORAGE_V1_S3_BUCKET)
--integration.storage.v1.s3.ca-crt string Path to file containing CA certificate to validate endpoint connection --integration.storage.v1.s3.ca-crt string Path to file containing CA certificate to validate endpoint connection (Env: INTEGRATION_STORAGE_V1_S3_CA_CRT)
--integration.storage.v1.s3.ca-key string Path to file containing keyfile to validate endpoint connection --integration.storage.v1.s3.ca-key string Path to file containing keyfile to validate endpoint connection (Env: INTEGRATION_STORAGE_V1_S3_CA_KEY)
--integration.storage.v1.s3.disable-ssl If set to true, the SSL won't be used when connecting to Endpoint --integration.storage.v1.s3.disable-ssl If set to true, the SSL won't be used when connecting to Endpoint (Env: INTEGRATION_STORAGE_V1_S3_DISABLE_SSL)
--integration.storage.v1.s3.endpoint string Endpoint of S3 API implementation --integration.storage.v1.s3.endpoint string Endpoint of S3 API implementation (Env: INTEGRATION_STORAGE_V1_S3_ENDPOINT)
--integration.storage.v1.s3.region string Region --integration.storage.v1.s3.region string Region (Env: INTEGRATION_STORAGE_V1_S3_REGION)
--integration.storage.v1.s3.secret-key string Path to file containing S3 SecretKey --integration.storage.v1.s3.secret-key string Path to file containing S3 SecretKey (Env: INTEGRATION_STORAGE_V1_S3_SECRET_KEY)
--integration.storage.v1.type string Type of the Storage Integration (default "s3") --integration.storage.v1.type string Type of the Storage Integration (Env: INTEGRATION_STORAGE_V1_TYPE) (default "s3")
--services.address string Address to expose internal services (default "127.0.0.1:9092") --services.address string Address to expose internal services (Env: SERVICES_ADDRESS) (default "127.0.0.1:9092")
--services.auth.token string Token for internal service (when auth service is token) --services.auth.token string Token for internal service (when auth service is token) (Env: SERVICES_AUTH_TOKEN)
--services.auth.type string Auth type for internal service (default "None") --services.auth.type string Auth type for internal service (Env: SERVICES_AUTH_TYPE) (default "None")
--services.enabled Defines if internal access is enabled (default true) --services.enabled Defines if internal access is enabled (Env: SERVICES_ENABLED) (default true)
--services.external.address string Address to expose external services (default "0.0.0.0:9093") --services.external.address string Address to expose external services (Env: SERVICES_EXTERNAL_ADDRESS) (default "0.0.0.0:9093")
--services.external.auth.token string Token for external service (when auth service is token) --services.external.auth.token string Token for external service (when auth service is token) (Env: SERVICES_EXTERNAL_AUTH_TOKEN)
--services.external.auth.type string Auth type for external service (default "None") --services.external.auth.type string Auth type for external service (Env: SERVICES_EXTERNAL_AUTH_TYPE) (default "None")
--services.external.enabled Defines if external access is enabled --services.external.enabled Defines if external access is enabled (Env: SERVICES_EXTERNAL_ENABLED)
--services.external.tls.keyfile string Path to the keyfile --services.external.tls.keyfile string Path to the keyfile (Env: SERVICES_EXTERNAL_TLS_KEYFILE)
--services.tls.keyfile string Path to the keyfile --services.tls.keyfile string Path to the keyfile (Env: SERVICES_TLS_KEYFILE)
Use "arangodb_operator_integration [command] --help" for more information about a command. Use "arangodb_operator_integration [command] --help" for more information about a command.
``` ```

View file

@ -262,6 +262,9 @@ type DeploymentSpec struct {
// Gateway defined main Gateway configuration. // Gateway defined main Gateway configuration.
Gateway *DeploymentSpecGateway `json:"gateway,omitempty"` Gateway *DeploymentSpecGateway `json:"gateway,omitempty"`
// Integration defined main Integration configuration.
Integration *DeploymentSpecIntegration `json:"integration,omitempty"`
} }
// GetAllowMemberRecreation returns member recreation policy based on group and settings // GetAllowMemberRecreation returns member recreation policy based on group and settings
@ -582,7 +585,10 @@ func (s *DeploymentSpec) Validate() error {
return errors.WithStack(errors.Wrap(err, "spec.architecture")) return errors.WithStack(errors.Wrap(err, "spec.architecture"))
} }
if err := s.Gateway.Validate(); err != nil { if err := s.Gateway.Validate(); err != nil {
return errors.WithStack(errors.Wrap(err, "spec.architecture")) return errors.WithStack(errors.Wrap(err, "spec.gateway"))
}
if err := s.Integration.Validate(); err != nil {
return errors.WithStack(errors.Wrap(err, "spec.integration"))
} }
return nil return nil
} }

View file

@ -21,8 +21,6 @@
package v1 package v1
import ( import (
schedulerIntegrationApi "github.com/arangodb/kube-arangodb/pkg/apis/scheduler/v1beta1/integration"
shared "github.com/arangodb/kube-arangodb/pkg/apis/shared"
"github.com/arangodb/kube-arangodb/pkg/util" "github.com/arangodb/kube-arangodb/pkg/util"
) )
@ -40,9 +38,6 @@ type DeploymentSpecGateway struct {
// Image is the image to use for the gateway. // Image is the image to use for the gateway.
// By default, the image is determined by the operator. // By default, the image is determined by the operator.
Image *string `json:"image"` Image *string `json:"image"`
// Sidecar define the integration sidecar spec
Sidecar *schedulerIntegrationApi.Sidecar `json:"sidecar,omitempty"`
} }
// IsEnabled returns whether the gateway is enabled. // IsEnabled returns whether the gateway is enabled.
@ -63,22 +58,9 @@ func (d *DeploymentSpecGateway) IsDynamic() bool {
return *d.Dynamic return *d.Dynamic
} }
func (d *DeploymentSpecGateway) GetSidecar() *schedulerIntegrationApi.Sidecar {
if d == nil || d.Sidecar == nil {
return nil
}
return d.Sidecar
}
// Validate the given spec // Validate the given spec
func (d *DeploymentSpecGateway) Validate() error { func (d *DeploymentSpecGateway) Validate() error {
if d == nil { return nil
d = &DeploymentSpecGateway{}
}
return shared.WithErrors(
shared.PrefixResourceErrors("integrationSidecar", d.GetSidecar().Validate()),
)
} }
// GetImage returns the image to use for the gateway. // GetImage returns the image to use for the gateway.

View file

@ -0,0 +1,49 @@
//
// DISCLAIMER
//
// Copyright 2024 ArangoDB GmbH, Cologne, Germany
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Copyright holder is ArangoDB GmbH, Cologne, Germany
//
package v1
import (
schedulerIntegrationApi "github.com/arangodb/kube-arangodb/pkg/apis/scheduler/v1beta1/integration"
shared "github.com/arangodb/kube-arangodb/pkg/apis/shared"
)
type DeploymentSpecIntegration struct {
// Sidecar define the integration sidecar spec
Sidecar *schedulerIntegrationApi.Sidecar `json:"sidecar,omitempty"`
}
func (d *DeploymentSpecIntegration) GetSidecar() *schedulerIntegrationApi.Sidecar {
if d == nil || d.Sidecar == nil {
return nil
}
return d.Sidecar
}
// Validate the given spec
func (d *DeploymentSpecIntegration) Validate() error {
if d == nil {
d = &DeploymentSpecIntegration{}
}
return shared.WithErrors(
shared.PrefixResourceErrors("sidecar", d.GetSidecar().Validate()),
)
}

View file

@ -1159,6 +1159,11 @@ func (in *DeploymentSpec) DeepCopyInto(out *DeploymentSpec) {
*out = new(DeploymentSpecGateway) *out = new(DeploymentSpecGateway)
(*in).DeepCopyInto(*out) (*in).DeepCopyInto(*out)
} }
if in.Integration != nil {
in, out := &in.Integration, &out.Integration
*out = new(DeploymentSpecIntegration)
(*in).DeepCopyInto(*out)
}
return return
} }
@ -1190,11 +1195,6 @@ func (in *DeploymentSpecGateway) DeepCopyInto(out *DeploymentSpecGateway) {
*out = new(string) *out = new(string)
**out = **in **out = **in
} }
if in.Sidecar != nil {
in, out := &in.Sidecar, &out.Sidecar
*out = new(integration.Sidecar)
(*in).DeepCopyInto(*out)
}
return return
} }
@ -1208,6 +1208,27 @@ func (in *DeploymentSpecGateway) DeepCopy() *DeploymentSpecGateway {
return out return out
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *DeploymentSpecIntegration) DeepCopyInto(out *DeploymentSpecIntegration) {
*out = *in
if in.Sidecar != nil {
in, out := &in.Sidecar, &out.Sidecar
*out = new(integration.Sidecar)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeploymentSpecIntegration.
func (in *DeploymentSpecIntegration) DeepCopy() *DeploymentSpecIntegration {
if in == nil {
return nil
}
out := new(DeploymentSpecIntegration)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *DeploymentStatus) DeepCopyInto(out *DeploymentStatus) { func (in *DeploymentStatus) DeepCopyInto(out *DeploymentStatus) {
*out = *in *out = *in

View file

@ -262,6 +262,9 @@ type DeploymentSpec struct {
// Gateway defined main Gateway configuration. // Gateway defined main Gateway configuration.
Gateway *DeploymentSpecGateway `json:"gateway,omitempty"` Gateway *DeploymentSpecGateway `json:"gateway,omitempty"`
// Integration defined main Integration configuration.
Integration *DeploymentSpecIntegration `json:"integration,omitempty"`
} }
// GetAllowMemberRecreation returns member recreation policy based on group and settings // GetAllowMemberRecreation returns member recreation policy based on group and settings
@ -582,7 +585,10 @@ func (s *DeploymentSpec) Validate() error {
return errors.WithStack(errors.Wrap(err, "spec.architecture")) return errors.WithStack(errors.Wrap(err, "spec.architecture"))
} }
if err := s.Gateway.Validate(); err != nil { if err := s.Gateway.Validate(); err != nil {
return errors.WithStack(errors.Wrap(err, "spec.architecture")) return errors.WithStack(errors.Wrap(err, "spec.gateway"))
}
if err := s.Integration.Validate(); err != nil {
return errors.WithStack(errors.Wrap(err, "spec.integration"))
} }
return nil return nil
} }

View file

@ -21,8 +21,6 @@
package v2alpha1 package v2alpha1
import ( import (
schedulerIntegrationApi "github.com/arangodb/kube-arangodb/pkg/apis/scheduler/v1beta1/integration"
shared "github.com/arangodb/kube-arangodb/pkg/apis/shared"
"github.com/arangodb/kube-arangodb/pkg/util" "github.com/arangodb/kube-arangodb/pkg/util"
) )
@ -40,9 +38,6 @@ type DeploymentSpecGateway struct {
// Image is the image to use for the gateway. // Image is the image to use for the gateway.
// By default, the image is determined by the operator. // By default, the image is determined by the operator.
Image *string `json:"image"` Image *string `json:"image"`
// Sidecar define the integration sidecar spec
Sidecar *schedulerIntegrationApi.Sidecar `json:"sidecar,omitempty"`
} }
// IsEnabled returns whether the gateway is enabled. // IsEnabled returns whether the gateway is enabled.
@ -63,22 +58,9 @@ func (d *DeploymentSpecGateway) IsDynamic() bool {
return *d.Dynamic return *d.Dynamic
} }
func (d *DeploymentSpecGateway) GetSidecar() *schedulerIntegrationApi.Sidecar {
if d == nil || d.Sidecar == nil {
return nil
}
return d.Sidecar
}
// Validate the given spec // Validate the given spec
func (d *DeploymentSpecGateway) Validate() error { func (d *DeploymentSpecGateway) Validate() error {
if d == nil { return nil
d = &DeploymentSpecGateway{}
}
return shared.WithErrors(
shared.PrefixResourceErrors("integrationSidecar", d.GetSidecar().Validate()),
)
} }
// GetImage returns the image to use for the gateway. // GetImage returns the image to use for the gateway.

View file

@ -0,0 +1,49 @@
//
// DISCLAIMER
//
// Copyright 2024 ArangoDB GmbH, Cologne, Germany
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Copyright holder is ArangoDB GmbH, Cologne, Germany
//
package v2alpha1
import (
schedulerIntegrationApi "github.com/arangodb/kube-arangodb/pkg/apis/scheduler/v1beta1/integration"
shared "github.com/arangodb/kube-arangodb/pkg/apis/shared"
)
type DeploymentSpecIntegration struct {
// Sidecar define the integration sidecar spec
Sidecar *schedulerIntegrationApi.Sidecar `json:"sidecar,omitempty"`
}
func (d *DeploymentSpecIntegration) GetSidecar() *schedulerIntegrationApi.Sidecar {
if d == nil || d.Sidecar == nil {
return nil
}
return d.Sidecar
}
// Validate the given spec
func (d *DeploymentSpecIntegration) Validate() error {
if d == nil {
d = &DeploymentSpecIntegration{}
}
return shared.WithErrors(
shared.PrefixResourceErrors("sidecar", d.GetSidecar().Validate()),
)
}

View file

@ -1159,6 +1159,11 @@ func (in *DeploymentSpec) DeepCopyInto(out *DeploymentSpec) {
*out = new(DeploymentSpecGateway) *out = new(DeploymentSpecGateway)
(*in).DeepCopyInto(*out) (*in).DeepCopyInto(*out)
} }
if in.Integration != nil {
in, out := &in.Integration, &out.Integration
*out = new(DeploymentSpecIntegration)
(*in).DeepCopyInto(*out)
}
return return
} }
@ -1190,11 +1195,6 @@ func (in *DeploymentSpecGateway) DeepCopyInto(out *DeploymentSpecGateway) {
*out = new(string) *out = new(string)
**out = **in **out = **in
} }
if in.Sidecar != nil {
in, out := &in.Sidecar, &out.Sidecar
*out = new(integration.Sidecar)
(*in).DeepCopyInto(*out)
}
return return
} }
@ -1208,6 +1208,27 @@ func (in *DeploymentSpecGateway) DeepCopy() *DeploymentSpecGateway {
return out return out
} }
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *DeploymentSpecIntegration) DeepCopyInto(out *DeploymentSpecIntegration) {
*out = *in
if in.Sidecar != nil {
in, out := &in.Sidecar, &out.Sidecar
*out = new(integration.Sidecar)
(*in).DeepCopyInto(*out)
}
return
}
// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DeploymentSpecIntegration.
func (in *DeploymentSpecIntegration) DeepCopy() *DeploymentSpecIntegration {
if in == nil {
return nil
}
out := new(DeploymentSpecIntegration)
in.DeepCopyInto(out)
return out
}
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *DeploymentStatus) DeepCopyInto(out *DeploymentStatus) { func (in *DeploymentStatus) DeepCopyInto(out *DeploymentStatus) {
*out = *in *out = *in

File diff suppressed because it is too large Load diff

View file

@ -135,7 +135,7 @@ func (r *Resources) renderGatewayConfig(cachedStatus inspectorInterface.Inspecto
cfg.IntegrationSidecar = &gateway.ConfigDestinationTarget{ cfg.IntegrationSidecar = &gateway.ConfigDestinationTarget{
Host: "127.0.0.1", Host: "127.0.0.1",
Port: int32(r.context.GetSpec().Gateway.GetSidecar().GetListenPort()), Port: int32(r.context.GetSpec().Integration.GetSidecar().GetListenPort()),
} }
cfg.DefaultDestination = gateway.ConfigDestination{ cfg.DefaultDestination = gateway.ConfigDestination{

View file

@ -238,7 +238,13 @@ func (m *MemberGatewayPod) Labels() map[string]string {
func (m *MemberGatewayPod) Profiles() (schedulerApi.ProfileTemplates, error) { func (m *MemberGatewayPod) Profiles() (schedulerApi.ProfileTemplates, error) {
integration, err := sidecar.NewIntegration(&schedulerContainerResourcesApi.Image{ integration, err := sidecar.NewIntegration(&schedulerContainerResourcesApi.Image{
Image: util.NewType(m.resources.context.GetOperatorImage()), Image: util.NewType(m.resources.context.GetOperatorImage()),
}, m.spec.Gateway.GetSidecar(), []string{shared.ServerContainerName}, }, m.spec.Integration.GetSidecar())
if err != nil {
return nil, err
}
integrations, err := sidecar.NewIntegrationEnablement(
sidecar.IntegrationEnvoyV3{ sidecar.IntegrationEnvoyV3{
Spec: m.spec, Spec: m.spec,
}, sidecar.IntegrationAuthenticationV1{ }, sidecar.IntegrationAuthenticationV1{
@ -250,5 +256,7 @@ func (m *MemberGatewayPod) Profiles() (schedulerApi.ProfileTemplates, error) {
return nil, err return nil, err
} }
return []*schedulerApi.ProfileTemplate{integration}, nil shutdownAnnotation := sidecar.NewShutdownAnnotations([]string{shared.ServerContainerName})
return []*schedulerApi.ProfileTemplate{integration, integrations, shutdownAnnotation}, nil
} }

View file

@ -27,6 +27,7 @@ import (
pbImplAuthenticationV1 "github.com/arangodb/kube-arangodb/integrations/authentication/v1" pbImplAuthenticationV1 "github.com/arangodb/kube-arangodb/integrations/authentication/v1"
pbAuthenticationV1 "github.com/arangodb/kube-arangodb/integrations/authentication/v1/definition" pbAuthenticationV1 "github.com/arangodb/kube-arangodb/integrations/authentication/v1/definition"
"github.com/arangodb/kube-arangodb/pkg/util/errors"
"github.com/arangodb/kube-arangodb/pkg/util/svc" "github.com/arangodb/kube-arangodb/pkg/util/svc"
) )
@ -40,20 +41,18 @@ type authenticationV1 struct {
config pbImplAuthenticationV1.Configuration config pbImplAuthenticationV1.Configuration
} }
func (a *authenticationV1) Register(cmd *cobra.Command, arg ArgGen) error { func (a *authenticationV1) Register(cmd *cobra.Command, fs FlagEnvHandler) error {
f := cmd.Flags() return errors.Errors(
fs.StringVar(&a.config.Path, "path", "", "Path to the JWT Folder"),
f.StringVar(&a.config.Path, arg("path"), "", "Path to the JWT Folder") fs.BoolVar(&a.config.Enabled, "enabled", true, "Defines if Authentication is enabled"),
f.BoolVar(&a.config.Enabled, arg("enabled"), true, "Defines if Authentication is enabled") fs.DurationVar(&a.config.TTL, "ttl", pbImplAuthenticationV1.DefaultTTL, "TTL of the JWT cache"),
f.DurationVar(&a.config.TTL, arg("ttl"), pbImplAuthenticationV1.DefaultTTL, "TTL of the JWT cache") fs.StringVar(&a.config.Create.DefaultUser, "token.user", pbImplAuthenticationV1.DefaultUser, "Default user of the Token"),
f.StringVar(&a.config.Create.DefaultUser, arg("token.user"), pbImplAuthenticationV1.DefaultUser, "Default user of the Token") fs.DurationVar(&a.config.Create.DefaultTTL, "token.ttl.default", pbImplAuthenticationV1.DefaultTokenDefaultTTL, "Default Token TTL"),
f.DurationVar(&a.config.Create.DefaultTTL, arg("token.ttl.default"), pbImplAuthenticationV1.DefaultTokenDefaultTTL, "Default Token TTL") fs.DurationVar(&a.config.Create.MinTTL, "token.ttl.min", pbImplAuthenticationV1.DefaultTokenMinTTL, "Min Token TTL"),
f.DurationVar(&a.config.Create.MinTTL, arg("token.ttl.min"), pbImplAuthenticationV1.DefaultTokenMinTTL, "Min Token TTL") fs.DurationVar(&a.config.Create.MaxTTL, "token.ttl.max", pbImplAuthenticationV1.DefaultTokenMaxTTL, "Max Token TTL"),
f.DurationVar(&a.config.Create.MaxTTL, arg("token.ttl.max"), pbImplAuthenticationV1.DefaultTokenMaxTTL, "Max Token TTL") fs.Uint16Var(&a.config.Create.MaxSize, "token.max-size", pbImplAuthenticationV1.DefaultMaxTokenSize, "Max Token max size in bytes"),
f.Uint16Var(&a.config.Create.MaxSize, arg("token.max-size"), pbImplAuthenticationV1.DefaultMaxTokenSize, "Max Token max size in bytes") fs.StringSliceVar(&a.config.Create.AllowedUsers, "token.allowed", []string{}, "Allowed users for the Token"),
f.StringSliceVar(&a.config.Create.AllowedUsers, arg("token.allowed"), []string{}, "Allowed users for the Token") )
return nil
} }
func (a *authenticationV1) Handler(ctx context.Context, cmd *cobra.Command) (svc.Handler, error) { func (a *authenticationV1) Handler(ctx context.Context, cmd *cobra.Command) (svc.Handler, error) {

View file

@ -47,7 +47,7 @@ func (a authorizationV0) Description() string {
return "Enable AuthorizationV0 Integration Service" return "Enable AuthorizationV0 Integration Service"
} }
func (a authorizationV0) Register(cmd *cobra.Command, arg ArgGen) error { func (a authorizationV0) Register(cmd *cobra.Command, fs FlagEnvHandler) error {
return nil return nil
} }

View file

@ -41,12 +41,10 @@ type configV1 struct {
modules []string modules []string
} }
func (a *configV1) Register(cmd *cobra.Command, arg ArgGen) error { func (a *configV1) Register(cmd *cobra.Command, fs FlagEnvHandler) error {
f := cmd.Flags() return errors.Errors(
fs.StringSliceVar(&a.modules, "module", nil, "Module in the reference <name>=<abs path>"),
f.StringSliceVar(&a.modules, arg("module"), nil, "Module in the reference <name>=<abs path>") )
return nil
} }
func (a *configV1) Handler(ctx context.Context, cmd *cobra.Command) (svc.Handler, error) { func (a *configV1) Handler(ctx context.Context, cmd *cobra.Command) (svc.Handler, error) {

View file

@ -48,7 +48,7 @@ func (a *envoyAuthV3) Description() string {
return "Enable EnvoyAuthV3 Integration Service" return "Enable EnvoyAuthV3 Integration Service"
} }
func (a *envoyAuthV3) Register(cmd *cobra.Command, arg ArgGen) error { func (a *envoyAuthV3) Register(cmd *cobra.Command, fs FlagEnvHandler) error {
return nil return nil
} }

243
pkg/integrations/flags.go Normal file
View file

@ -0,0 +1,243 @@
//
// DISCLAIMER
//
// Copyright 2024 ArangoDB GmbH, Cologne, Germany
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
//
// Copyright holder is ArangoDB GmbH, Cologne, Germany
//
package integrations
import (
"fmt"
"os"
"reflect"
"strconv"
"strings"
"time"
flag "github.com/spf13/pflag"
"github.com/arangodb/kube-arangodb/pkg/util"
"github.com/arangodb/kube-arangodb/pkg/util/errors"
)
func NewFlagEnvHandler(fs *flag.FlagSet) FlagEnvHandler {
return flagEnvHandler{
fs: fs,
}
}
type FlagEnvHandler interface {
WithPrefix(prefix string) FlagEnvHandler
StringVar(p *string, name string, value string, usage string) error
String(name string, value string, usage string) error
StringSliceVar(p *[]string, name string, value []string, usage string) error
StringSlice(name string, value []string, usage string) error
BoolVar(p *bool, name string, value bool, usage string) error
Bool(name string, value bool, usage string) error
Uint16Var(p *uint16, name string, value uint16, usage string) error
Uint16(name string, value uint16, usage string) error
DurationVar(p *time.Duration, name string, value time.Duration, usage string) error
Duration(name string, value time.Duration, usage string) error
}
type flagEnvHandler struct {
prefix string
fs *flag.FlagSet
}
func (f flagEnvHandler) StringVar(p *string, name string, value string, usage string) error {
v, err := parseEnvToString(f.getEnv(name), value)
if err != nil {
return err
}
f.fs.StringVar(p, f.name(name), v, f.varDesc(name, usage))
return nil
}
func (f flagEnvHandler) String(name string, value string, usage string) error {
v, err := parseEnvToString(f.getEnv(name), value)
if err != nil {
return err
}
f.fs.String(f.name(name), v, f.varDesc(name, usage))
return nil
}
func (f flagEnvHandler) StringSliceVar(p *[]string, name string, value []string, usage string) error {
v, err := parseEnvToStringArray(f.getEnv(name), value)
if err != nil {
return err
}
f.fs.StringSliceVar(p, f.name(name), v, f.varDesc(name, usage))
return nil
}
func (f flagEnvHandler) StringSlice(name string, value []string, usage string) error {
v, err := parseEnvToStringArray(f.getEnv(name), value)
if err != nil {
return err
}
f.fs.StringSlice(f.name(name), v, f.varDesc(name, usage))
return nil
}
func (f flagEnvHandler) BoolVar(p *bool, name string, value bool, usage string) error {
v, err := parseEnvToBool(f.getEnv(name), value)
if err != nil {
return err
}
f.fs.BoolVar(p, f.name(name), v, f.varDesc(name, usage))
return nil
}
func (f flagEnvHandler) Bool(name string, value bool, usage string) error {
v, err := parseEnvToBool(f.getEnv(name), value)
if err != nil {
return err
}
f.fs.Bool(f.name(name), v, f.varDesc(name, usage))
return nil
}
func (f flagEnvHandler) DurationVar(p *time.Duration, name string, value time.Duration, usage string) error {
v, err := parseEnvToDuration(f.getEnv(name), value)
if err != nil {
return err
}
f.fs.DurationVar(p, f.name(name), v, f.varDesc(name, usage))
return nil
}
func (f flagEnvHandler) Duration(name string, value time.Duration, usage string) error {
v, err := parseEnvToDuration(f.getEnv(name), value)
if err != nil {
return err
}
f.fs.Duration(f.name(name), v, f.varDesc(name, usage))
return nil
}
func (f flagEnvHandler) Uint16Var(p *uint16, name string, value uint16, usage string) error {
v, err := parseEnvToUint16(f.getEnv(name), value)
if err != nil {
return err
}
f.fs.Uint16Var(p, f.name(name), v, f.varDesc(name, usage))
return nil
}
func (f flagEnvHandler) Uint16(name string, value uint16, usage string) error {
v, err := parseEnvToUint16(f.getEnv(name), value)
if err != nil {
return err
}
f.fs.Uint16(f.name(name), v, f.varDesc(name, usage))
return nil
}
func (f flagEnvHandler) varDesc(name string, dest string) string {
return fmt.Sprintf("%s (Env: %s)", dest, f.getEnv(name))
}
func (f flagEnvHandler) getEnv(n string) string {
z := f.name(n)
z = strings.ReplaceAll(z, ".", "_")
z = strings.ReplaceAll(z, "-", "_")
return strings.ToUpper(z)
}
func (f flagEnvHandler) name(n string) string {
if f.prefix == "" {
return n
}
if n == "" {
return f.prefix
}
return fmt.Sprintf("%s.%s", f.prefix, n)
}
func (f flagEnvHandler) WithPrefix(prefix string) FlagEnvHandler {
return flagEnvHandler{
prefix: f.name(prefix),
fs: f.fs,
}
}
func parseEnvToDuration(env string, def time.Duration) (time.Duration, error) {
return parseEnvToType(env, def, time.ParseDuration)
}
func parseEnvToUint16(env string, def uint16) (uint16, error) {
return parseEnvToType(env, def, func(in string) (uint16, error) {
v, err := strconv.ParseUint(in, 10, 16)
return uint16(v), err
})
}
func parseEnvToBool(env string, def bool) (bool, error) {
return parseEnvToType(env, def, strconv.ParseBool)
}
func parseEnvToStringArray(env string, def []string) ([]string, error) {
return parseEnvToType(env, def, func(in string) ([]string, error) {
return strings.Split(in, ","), nil
})
}
func parseEnvToString(env string, def string) (string, error) {
return parseEnvToType(env, def, func(in string) (string, error) {
return in, nil
})
}
func parseEnvToType[T any](env string, def T, parser func(in string) (T, error)) (T, error) {
if v, ok := os.LookupEnv(env); ok {
if q, err := parser(v); err != nil {
return util.Default[T](), errors.Wrapf(err, "Unable to parse env `%s` as %s", env, reflect.TypeOf(def).String())
} else {
return q, nil
}
}
return def, nil
}

View file

@ -30,13 +30,11 @@ import (
type Factory func() Integration type Factory func() Integration
type ArgGen func(name string) string
type Integration interface { type Integration interface {
Name() string Name() string
Description() string Description() string
Register(cmd *cobra.Command, arg ArgGen) error Register(cmd *cobra.Command, fs FlagEnvHandler) error
Handler(ctx context.Context, cmd *cobra.Command) (svc.Handler, error) Handler(ctx context.Context, cmd *cobra.Command) (svc.Handler, error)
} }

View file

@ -125,37 +125,44 @@ func (c *configuration) Register(cmd *cobra.Command) error {
cmd.RunE = c.run cmd.RunE = c.run
f := cmd.Flags() f := NewFlagEnvHandler(cmd.Flags())
f.StringVar(&c.health.address, "health.address", "0.0.0.0:9091", "Address to expose health service") if err := errors.Errors(
f.BoolVar(&c.health.shutdownEnabled, "health.shutdown.enabled", true, "Determines if shutdown service should be enabled and exposed") f.StringVar(&c.health.address, "health.address", "0.0.0.0:9091", "Address to expose health service"),
f.StringVar(&c.health.auth.t, "health.auth.type", "None", "Auth type for health service") f.BoolVar(&c.health.shutdownEnabled, "health.shutdown.enabled", true, "Determines if shutdown service should be enabled and exposed"),
f.StringVar(&c.health.auth.token, "health.auth.token", "", "Token for health service (when auth service is token)") f.StringVar(&c.health.auth.t, "health.auth.type", "None", "Auth type for health service"),
f.StringVar(&c.health.tls.keyfile, "health.tls.keyfile", "", "Path to the keyfile") f.StringVar(&c.health.auth.token, "health.auth.token", "", "Token for health service (when auth service is token)"),
f.StringVar(&c.health.tls.keyfile, "health.tls.keyfile", "", "Path to the keyfile"),
f.BoolVar(&c.services.internal.enabled, "services.enabled", true, "Defines if internal access is enabled") f.BoolVar(&c.services.internal.enabled, "services.enabled", true, "Defines if internal access is enabled"),
f.StringVar(&c.services.internal.address, "services.address", "127.0.0.1:9092", "Address to expose internal services") f.StringVar(&c.services.internal.address, "services.address", "127.0.0.1:9092", "Address to expose internal services"),
f.StringVar(&c.services.internal.auth.t, "services.auth.type", "None", "Auth type for internal service") f.StringVar(&c.services.internal.auth.t, "services.auth.type", "None", "Auth type for internal service"),
f.StringVar(&c.services.internal.auth.token, "services.auth.token", "", "Token for internal service (when auth service is token)") f.StringVar(&c.services.internal.auth.token, "services.auth.token", "", "Token for internal service (when auth service is token)"),
f.StringVar(&c.services.internal.tls.keyfile, "services.tls.keyfile", "", "Path to the keyfile") f.StringVar(&c.services.internal.tls.keyfile, "services.tls.keyfile", "", "Path to the keyfile"),
f.BoolVar(&c.services.external.enabled, "services.external.enabled", false, "Defines if external access is enabled")
f.StringVar(&c.services.external.address, "services.external.address", "0.0.0.0:9093", "Address to expose external services")
f.StringVar(&c.services.external.auth.t, "services.external.auth.type", "None", "Auth type for external service")
f.StringVar(&c.services.external.auth.token, "services.external.auth.token", "", "Token for external service (when auth service is token)")
f.StringVar(&c.services.external.tls.keyfile, "services.external.tls.keyfile", "", "Path to the keyfile")
f.BoolVar(&c.services.external.enabled, "services.external.enabled", false, "Defines if external access is enabled"),
f.StringVar(&c.services.external.address, "services.external.address", "0.0.0.0:9093", "Address to expose external services"),
f.StringVar(&c.services.external.auth.t, "services.external.auth.type", "None", "Auth type for external service"),
f.StringVar(&c.services.external.auth.token, "services.external.auth.token", "", "Token for external service (when auth service is token)"),
f.StringVar(&c.services.external.tls.keyfile, "services.external.tls.keyfile", "", "Path to the keyfile"),
); err != nil {
return err
}
for _, service := range c.registered { for _, service := range c.registered {
prefix := fmt.Sprintf("integration.%s", service.Name()) prefix := fmt.Sprintf("integration.%s", service.Name())
f.Bool(prefix, false, service.Description()) fs := f.WithPrefix(prefix)
internal, external := GetIntegrationEnablement(service) internal, external := GetIntegrationEnablement(service)
f.Bool(fmt.Sprintf("%s.internal", prefix), internal, fmt.Sprintf("Defones if Internal access to service %s is enabled", service.Name()))
f.Bool(fmt.Sprintf("%s.external", prefix), external, fmt.Sprintf("Defones if External access to service %s is enabled", service.Name()))
if err := service.Register(cmd, func(name string) string { if err := errors.Errors(
return fmt.Sprintf("%s.%s", prefix, name) fs.Bool("", false, service.Description()),
}); err != nil { fs.Bool("internal", internal, fmt.Sprintf("Defones if Internal access to service %s is enabled", service.Name())),
fs.Bool("external", external, fmt.Sprintf("Defones if External access to service %s is enabled", service.Name())),
); err != nil {
return err
}
if err := service.Register(cmd, fs); err != nil {
return errors.Wrapf(err, "Unable to register service %s", service.Name()) return errors.Wrapf(err, "Unable to register service %s", service.Name())
} }
} }

View file

@ -50,13 +50,11 @@ func (b *schedulerV1) Description() string {
return "SchedulerV1 Integration" return "SchedulerV1 Integration"
} }
func (b *schedulerV1) Register(cmd *cobra.Command, arg ArgGen) error { func (b *schedulerV1) Register(cmd *cobra.Command, fs FlagEnvHandler) error {
f := cmd.Flags() return errors.Errors(
fs.StringVar(&b.Configuration.Namespace, "namespace", constants.NamespaceWithDefault("default"), "Kubernetes Namespace"),
f.StringVar(&b.Configuration.Namespace, arg("namespace"), constants.NamespaceWithDefault("default"), "Kubernetes Namespace") fs.BoolVar(&b.Configuration.VerifyAccess, "verify-access", true, "Verify the CRD Access"),
f.BoolVar(&b.Configuration.VerifyAccess, arg("verify-access"), true, "Verify the CRD Access") )
return nil
} }
func (b *schedulerV1) Handler(ctx context.Context, cmd *cobra.Command) (svc.Handler, error) { func (b *schedulerV1) Handler(ctx context.Context, cmd *cobra.Command) (svc.Handler, error) {

View file

@ -52,7 +52,7 @@ func (s *shutdownV1) Description() string {
return "ShutdownV1 Handler" return "ShutdownV1 Handler"
} }
func (s *shutdownV1) Register(cmd *cobra.Command, arg ArgGen) error { func (s *shutdownV1) Register(cmd *cobra.Command, fs FlagEnvHandler) error {
return nil return nil
} }

View file

@ -24,8 +24,9 @@ import (
"fmt" "fmt"
"strings" "strings"
core "k8s.io/api/core/v1"
"github.com/arangodb/kube-arangodb/pkg/util" "github.com/arangodb/kube-arangodb/pkg/util"
"github.com/arangodb/kube-arangodb/pkg/util/k8sutil"
) )
type Core struct { type Core struct {
@ -49,14 +50,22 @@ func (c *Core) GetExternal() bool {
return *c.External return *c.External
} }
func (c *Core) Args(int Integration) k8sutil.OptionPairs { func (c *Core) Envs(int Integration, envs ...core.EnvVar) []core.EnvVar {
var options k8sutil.OptionPairs
cmd := strings.Join(util.FormatList(int.Name(), func(a string) string { cmd := strings.Join(util.FormatList(int.Name(), func(a string) string {
return strings.ToLower(a) return strings.ToUpper(a)
}), ".") }), "_")
var r = []core.EnvVar{
{
Name: fmt.Sprintf("INTEGRATION_%s_INTERNAL", cmd),
Value: util.BoolSwitch(c.GetInternal(), "true", "false"),
},
{
Name: fmt.Sprintf("INTEGRATION_%s_EXTERNAL", cmd),
Value: util.BoolSwitch(c.GetExternal(), "true", "false"),
},
}
options.Add(fmt.Sprintf("--integration.%s.internal", cmd), c.GetInternal()) r = append(r, envs...)
options.Add(fmt.Sprintf("--integration.%s.external", cmd), c.GetExternal())
return options return r
} }

View file

@ -26,11 +26,9 @@ import (
api "github.com/arangodb/kube-arangodb/pkg/apis/deployment/v1" api "github.com/arangodb/kube-arangodb/pkg/apis/deployment/v1"
shared "github.com/arangodb/kube-arangodb/pkg/apis/shared" shared "github.com/arangodb/kube-arangodb/pkg/apis/shared"
"github.com/arangodb/kube-arangodb/pkg/deployment/pod" "github.com/arangodb/kube-arangodb/pkg/deployment/pod"
"github.com/arangodb/kube-arangodb/pkg/util/k8sutil" "github.com/arangodb/kube-arangodb/pkg/util"
) )
var _ IntegrationVolumes = IntegrationAuthenticationV1{}
type IntegrationAuthenticationV1 struct { type IntegrationAuthenticationV1 struct {
Core *Core Core *Core
@ -46,16 +44,27 @@ func (i IntegrationAuthenticationV1) Validate() error {
return nil return nil
} }
func (i IntegrationAuthenticationV1) Args() (k8sutil.OptionPairs, error) { func (i IntegrationAuthenticationV1) Envs() ([]core.EnvVar, error) {
options := k8sutil.CreateOptionPairs() var envs = []core.EnvVar{
{
Name: "INTEGRATION_AUTHENTICATION_V1",
Value: "true",
},
{
Name: "INTEGRATION_AUTHENTICATION_V1_ENABLED",
Value: util.BoolSwitch(i.Spec.IsAuthenticated(), "true", "false"),
},
{
Name: "INTEGRATION_AUTHENTICATION_V1_PATH",
Value: shared.ClusterJWTSecretVolumeMountDir,
},
}
options.Add("--integration.authentication.v1", true) return i.Core.Envs(i, envs...), nil
options.Add("--integration.authentication.v1.enabled", i.Spec.IsAuthenticated()) }
options.Add("--integration.authentication.v1.path", shared.ClusterJWTSecretVolumeMountDir)
options.Merge(i.Core.Args(i)) func (i IntegrationAuthenticationV1) GlobalEnvs() ([]core.EnvVar, error) {
return nil, nil
return options, nil
} }
func (i IntegrationAuthenticationV1) Volumes() ([]core.Volume, []core.VolumeMount, error) { func (i IntegrationAuthenticationV1) Volumes() ([]core.Volume, []core.VolumeMount, error) {

View file

@ -21,7 +21,7 @@
package sidecar package sidecar
import ( import (
"github.com/arangodb/kube-arangodb/pkg/util/k8sutil" core "k8s.io/api/core/v1"
) )
type IntegrationAuthorizationV0 struct { type IntegrationAuthorizationV0 struct {
@ -36,12 +36,21 @@ func (i IntegrationAuthorizationV0) Validate() error {
return nil return nil
} }
func (i IntegrationAuthorizationV0) Args() (k8sutil.OptionPairs, error) { func (i IntegrationAuthorizationV0) Envs() ([]core.EnvVar, error) {
options := k8sutil.CreateOptionPairs() var envs = []core.EnvVar{
{
Name: "INTEGRATION_AUTHENTICATION_V0",
Value: "true",
},
}
options.Add("--integration.authorization.v0", true) return i.Core.Envs(i, envs...), nil
}
options.Merge(i.Core.Args(i))
func (i IntegrationAuthorizationV0) GlobalEnvs() ([]core.EnvVar, error) {
return options, nil return nil, nil
}
func (i IntegrationAuthorizationV0) Volumes() ([]core.Volume, []core.VolumeMount, error) {
return nil, nil, nil
} }

View file

@ -21,8 +21,9 @@
package sidecar package sidecar
import ( import (
core "k8s.io/api/core/v1"
api "github.com/arangodb/kube-arangodb/pkg/apis/deployment/v1" api "github.com/arangodb/kube-arangodb/pkg/apis/deployment/v1"
"github.com/arangodb/kube-arangodb/pkg/util/k8sutil"
) )
type IntegrationEnvoyV3 struct { type IntegrationEnvoyV3 struct {
@ -38,12 +39,21 @@ func (i IntegrationEnvoyV3) Validate() error {
return nil return nil
} }
func (i IntegrationEnvoyV3) Args() (k8sutil.OptionPairs, error) { func (i IntegrationEnvoyV3) Envs() ([]core.EnvVar, error) {
options := k8sutil.CreateOptionPairs() var envs = []core.EnvVar{
{
Name: "INTEGRATION_ENVOY_AUTH_V3",
Value: "true",
},
}
options.Add("--integration.envoy.auth.v3", true) return i.Core.Envs(i, envs...), nil
}
options.Merge(i.Core.Args(i))
func (i IntegrationEnvoyV3) GlobalEnvs() ([]core.EnvVar, error) {
return options, nil return nil, nil
}
func (i IntegrationEnvoyV3) Volumes() ([]core.Volume, []core.VolumeMount, error) {
return nil, nil, nil
} }

View file

@ -29,47 +29,93 @@ const (
ListenPortHealthName = "health" ListenPortHealthName = "health"
) )
func WithIntegrationEnvs(in Integration) ([]core.EnvVar, error) {
if v, ok := in.(IntegrationEnvs); ok {
return v.Envs()
}
return nil, nil
}
type IntegrationEnvs interface {
Integration
Envs() ([]core.EnvVar, error)
}
func WithIntegrationVolumes(in Integration) ([]core.Volume, []core.VolumeMount, error) {
if v, ok := in.(IntegrationVolumes); ok {
return v.Volumes()
}
return nil, nil, nil
}
type IntegrationVolumes interface {
Integration
Volumes() ([]core.Volume, []core.VolumeMount, error)
}
type Integration interface { type Integration interface {
Name() []string Name() []string
Args() (k8sutil.OptionPairs, error) Envs() ([]core.EnvVar, error)
GlobalEnvs() ([]core.EnvVar, error)
Volumes() ([]core.Volume, []core.VolumeMount, error)
Validate() error Validate() error
} }
func NewIntegration(image *schedulerContainerResourcesApi.Image, integration *schedulerIntegrationApi.Sidecar, coreContainers []string, integrations ...Integration) (*schedulerApi.ProfileTemplate, error) { func NewShutdownAnnotations(coreContainers []string) *schedulerApi.ProfileTemplate {
pt := schedulerApi.ProfileTemplate{
Pod: &schedulerPodApi.Pod{
Metadata: &schedulerPodResourcesApi.Metadata{
Annotations: map[string]string{},
},
},
}
for _, container := range coreContainers {
pt.Pod.Metadata.Annotations[fmt.Sprintf("%s/%s", constants.AnnotationShutdownCoreContainer, container)] = constants.AnnotationShutdownCoreContainerModeWait
}
return &pt
}
func NewIntegrationEnablement(integrations ...Integration) (*schedulerApi.ProfileTemplate, error) {
var envs, gEnvs []core.EnvVar
var volumes []core.Volume
var volumeMounts []core.VolumeMount
for _, integration := range integrations { for _, integration := range integrations {
if err := integration.Validate(); err != nil {
name := strings.Join(integration.Name(), "/") name := strings.Join(integration.Name(), "/")
if err := integration.Validate(); err != nil {
return nil, errors.Wrapf(err, "Failure in %s", name) return nil, errors.Wrapf(err, "Failure in %s", name)
} }
if lvolumes, lvolumeMounts, err := integration.Volumes(); err != nil {
return nil, errors.Wrapf(err, "Failure in volumes %s", name)
} else if len(lvolumes) > 0 || len(lvolumeMounts) > 0 {
volumes = append(volumes, lvolumes...)
volumeMounts = append(volumeMounts, lvolumeMounts...)
}
if lenvs, err := integration.Envs(); err != nil {
return nil, errors.Wrapf(err, "Failure in envs %s", name)
} else if len(lenvs) > 0 {
envs = append(envs, lenvs...)
}
if lgenvs, err := integration.GlobalEnvs(); err != nil {
return nil, errors.Wrapf(err, "Failure in global envs %s", name)
} else if len(lgenvs) > 0 {
gEnvs = append(gEnvs, lgenvs...)
}
} }
if len(envs) == 0 && len(gEnvs) == 0 {
return nil, nil
}
return &schedulerApi.ProfileTemplate{
Pod: &schedulerPodApi.Pod{
Volumes: &schedulerPodResourcesApi.Volumes{
Volumes: volumes,
},
},
Container: &schedulerApi.ProfileContainerTemplate{
Containers: map[string]schedulerContainerApi.Container{
ContainerName: {
Environments: &schedulerContainerResourcesApi.Environments{
Env: envs,
},
VolumeMounts: &schedulerContainerResourcesApi.VolumeMounts{
VolumeMounts: volumeMounts,
},
},
},
All: &schedulerContainerApi.Generic{
Environments: &schedulerContainerResourcesApi.Environments{
Env: gEnvs,
},
},
},
}, nil
}
func NewIntegration(image *schedulerContainerResourcesApi.Image, integration *schedulerIntegrationApi.Sidecar) (*schedulerApi.ProfileTemplate, error) {
// Arguments // Arguments
exePath := k8sutil.BinaryPath() exePath := k8sutil.BinaryPath()
@ -83,10 +129,6 @@ func NewIntegration(image *schedulerContainerResourcesApi.Image, integration *sc
options.Addf("--services.address", "127.0.0.1:%d", integration.GetListenPort()) options.Addf("--services.address", "127.0.0.1:%d", integration.GetListenPort())
options.Addf("--health.address", "0.0.0.0:%d", integration.GetControllerListenPort()) options.Addf("--health.address", "0.0.0.0:%d", integration.GetControllerListenPort())
// Volumes
var volumes []core.Volume
var volumeMounts []core.VolumeMount
// Envs // Envs
var envs = []core.EnvVar{ var envs = []core.EnvVar{
@ -100,40 +142,6 @@ func NewIntegration(image *schedulerContainerResourcesApi.Image, integration *sc
}, },
} }
for _, i := range integrations {
name := strings.Join(i.Name(), "/")
if err := i.Validate(); err != nil {
return nil, errors.Wrapf(err, "Failure in %s", name)
}
if args, err := i.Args(); err != nil {
return nil, errors.Wrapf(err, "Failure in arguments %s", name)
} else if len(args) > 0 {
options.Merge(args)
}
if lvolumes, lvolumeMounts, err := WithIntegrationVolumes(i); err != nil {
return nil, errors.Wrapf(err, "Failure in volumes %s", name)
} else if len(lvolumes) > 0 || len(lvolumeMounts) > 0 {
volumes = append(volumes, lvolumes...)
volumeMounts = append(volumeMounts, lvolumeMounts...)
}
if lenvs, err := WithIntegrationEnvs(i); err != nil {
return nil, errors.Wrapf(err, "Failure in envs %s", name)
} else if len(lenvs) > 0 {
envs = append(envs, lenvs...)
}
envs = append(envs, core.EnvVar{
Name: fmt.Sprintf("INTEGRATION_SERVICE_%s", strings.Join(util.FormatList(i.Name(), func(a string) string {
return strings.ToUpper(a)
}), "_")),
Value: fmt.Sprintf("127.0.0.1:%d", integration.GetListenPort()),
})
}
c := schedulerContainerApi.Container{ c := schedulerContainerApi.Container{
Core: &schedulerContainerResourcesApi.Core{ Core: &schedulerContainerResourcesApi.Core{
Command: append([]string{exePath, "integration"}, options.Sort().AsArgs()...), Command: append([]string{exePath, "integration"}, options.Sort().AsArgs()...),
@ -175,14 +183,15 @@ func NewIntegration(image *schedulerContainerResourcesApi.Image, integration *sc
FailureThreshold: 2, // Need 2 failed probes to consider a failed state FailureThreshold: 2, // Need 2 failed probes to consider a failed state
}, },
}, },
VolumeMounts: &schedulerContainerResourcesApi.VolumeMounts{
VolumeMounts: volumeMounts,
},
} }
pt := schedulerApi.ProfileTemplate{ pt := schedulerApi.ProfileTemplate{
Container: &schedulerApi.ProfileContainerTemplate{ Container: &schedulerApi.ProfileContainerTemplate{
All: &schedulerContainerApi.Generic{
Environments: &schedulerContainerResourcesApi.Environments{
Env: envs,
},
},
Containers: map[string]schedulerContainerApi.Container{ Containers: map[string]schedulerContainerApi.Container{
ContainerName: util.TypeOrDefault(k8sutil.CreateDefaultContainerTemplate(image).With(&c).With(integration.GetContainer())), ContainerName: util.TypeOrDefault(k8sutil.CreateDefaultContainerTemplate(image).With(&c).With(integration.GetContainer())),
}, },
@ -191,24 +200,15 @@ func NewIntegration(image *schedulerContainerResourcesApi.Image, integration *sc
Metadata: &schedulerPodResourcesApi.Metadata{ Metadata: &schedulerPodResourcesApi.Metadata{
Annotations: map[string]string{}, Annotations: map[string]string{},
}, },
Volumes: &schedulerPodResourcesApi.Volumes{
Volumes: volumes,
}, },
},
}
for _, container := range coreContainers {
pt.Pod.Metadata.Annotations[fmt.Sprintf("%s/%s", constants.AnnotationShutdownCoreContainer, container)] = constants.AnnotationShutdownCoreContainerModeWait
} }
pt.Pod.Metadata.Annotations[fmt.Sprintf("%s/%s", constants.AnnotationShutdownContainer, ContainerName)] = ListenPortHealthName pt.Pod.Metadata.Annotations[fmt.Sprintf("%s/%s", constants.AnnotationShutdownContainer, ContainerName)] = ListenPortHealthName
pt.Pod.Metadata.Annotations[constants.AnnotationShutdownManagedContainer] = "true" pt.Pod.Metadata.Annotations[constants.AnnotationShutdownManagedContainer] = "true"
pt.Container.Containers.ExtendContainers(&schedulerContainerApi.Container{ pt.Container.All.Environments = &schedulerContainerResourcesApi.Environments{
Environments: &schedulerContainerResourcesApi.Environments{
Env: envs, Env: envs,
}, }
}, coreContainers...)
return &pt, nil return &pt, nil
} }

View file

@ -21,7 +21,7 @@
package sidecar package sidecar
import ( import (
"github.com/arangodb/kube-arangodb/pkg/util/k8sutil" core "k8s.io/api/core/v1"
) )
type IntegrationShutdownV1 struct { type IntegrationShutdownV1 struct {
@ -36,12 +36,21 @@ func (i IntegrationShutdownV1) Validate() error {
return nil return nil
} }
func (i IntegrationShutdownV1) Args() (k8sutil.OptionPairs, error) { func (i IntegrationShutdownV1) Envs() ([]core.EnvVar, error) {
options := k8sutil.CreateOptionPairs() var envs = []core.EnvVar{
{
Name: "INTEGRATION_SHUTDOWN_V1",
Value: "true",
},
}
options.Add("--integration.shutdown.v1", true) return i.Core.Envs(i, envs...), nil
}
options.Merge(i.Core.Args(i))
func (i IntegrationShutdownV1) GlobalEnvs() ([]core.EnvVar, error) {
return options, nil return nil, nil
}
func (i IntegrationShutdownV1) Volumes() ([]core.Volume, []core.VolumeMount, error) {
return nil, nil, nil
} }

View file

@ -26,6 +26,7 @@ import (
"github.com/spf13/cobra" "github.com/spf13/cobra"
"github.com/arangodb/kube-arangodb/pkg/ml/storage" "github.com/arangodb/kube-arangodb/pkg/ml/storage"
"github.com/arangodb/kube-arangodb/pkg/util/errors"
"github.com/arangodb/kube-arangodb/pkg/util/svc" "github.com/arangodb/kube-arangodb/pkg/util/svc"
) )
@ -47,21 +48,19 @@ func (b *storageV1) Description() string {
return "StorageBucket Integration" return "StorageBucket Integration"
} }
func (b *storageV1) Register(cmd *cobra.Command, arg ArgGen) error { func (b *storageV1) Register(cmd *cobra.Command, fs FlagEnvHandler) error {
f := cmd.Flags() return errors.Errors(
fs.StringVar((*string)(&b.Configuration.Type), "type", string(storage.S3), "Type of the Storage Integration"),
f.StringVar((*string)(&b.Configuration.Type), arg("type"), string(storage.S3), "Type of the Storage Integration") fs.StringVar(&b.Configuration.S3.Endpoint, "s3.endpoint", "", "Endpoint of S3 API implementation"),
f.StringVar(&b.Configuration.S3.Endpoint, arg("s3.endpoint"), "", "Endpoint of S3 API implementation") fs.StringVar(&b.Configuration.S3.CACrtFile, "s3.ca-crt", "", "Path to file containing CA certificate to validate endpoint connection"),
f.StringVar(&b.Configuration.S3.CACrtFile, arg("s3.ca-crt"), "", "Path to file containing CA certificate to validate endpoint connection") fs.StringVar(&b.Configuration.S3.CAKeyFile, "s3.ca-key", "", "Path to file containing keyfile to validate endpoint connection"),
f.StringVar(&b.Configuration.S3.CAKeyFile, arg("s3.ca-key"), "", "Path to file containing keyfile to validate endpoint connection") fs.BoolVar(&b.Configuration.S3.AllowInsecure, "s3.allow-insecure", false, "If set to true, the Endpoint certificates won't be checked"),
f.BoolVar(&b.Configuration.S3.AllowInsecure, arg("s3.allow-insecure"), false, "If set to true, the Endpoint certificates won't be checked") fs.BoolVar(&b.Configuration.S3.DisableSSL, "s3.disable-ssl", false, "If set to true, the SSL won't be used when connecting to Endpoint"),
f.BoolVar(&b.Configuration.S3.DisableSSL, arg("s3.disable-ssl"), false, "If set to true, the SSL won't be used when connecting to Endpoint") fs.StringVar(&b.Configuration.S3.Region, "s3.region", "", "Region"),
f.StringVar(&b.Configuration.S3.Region, arg("s3.region"), "", "Region") fs.StringVar(&b.Configuration.S3.BucketName, "s3.bucket", "", "Bucket name"),
f.StringVar(&b.Configuration.S3.BucketName, arg("s3.bucket"), "", "Bucket name") fs.StringVar(&b.Configuration.S3.AccessKeyFile, "s3.access-key", "", "Path to file containing S3 AccessKey"),
f.StringVar(&b.Configuration.S3.AccessKeyFile, arg("s3.access-key"), "", "Path to file containing S3 AccessKey") fs.StringVar(&b.Configuration.S3.SecretKeyFile, "s3.secret-key", "", "Path to file containing S3 SecretKey"),
f.StringVar(&b.Configuration.S3.SecretKeyFile, arg("s3.secret-key"), "", "Path to file containing S3 SecretKey") )
return nil
} }
func (b *storageV1) Handler(ctx context.Context, cmd *cobra.Command) (svc.Handler, error) { func (b *storageV1) Handler(ctx context.Context, cmd *cobra.Command) (svc.Handler, error) {