common.go

Documentation: edge-infra.dev/pkg/edge/linkerd

     1  package linkerd
     2  
     3  import (
     4  	"fmt"
     5  	"reflect"
     6  
     7  	"github.com/fluxcd/pkg/ssa"
     8  	"github.com/linkerd/linkerd2/pkg/k8s"
     9  	corev1 "k8s.io/api/core/v1"
    10  	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
    11  	"k8s.io/apimachinery/pkg/labels"
    12  	"k8s.io/apimachinery/pkg/types"
    13  	"sigs.k8s.io/controller-runtime/pkg/client"
    14  
    15  	"edge-infra.dev/pkg/edge/constants"
    16  	l5dv1alpha1 "edge-infra.dev/pkg/edge/linkerd/k8s/apis/linkerd/v1alpha1"
    17  )
    18  
    19  const (
    20  	// Linkerd namespace
    21  	Namespace string = "linkerd"
    22  	// Linkerd controller name
    23  	LinkerdControllerName string = "linkerdctl"
    24  	// Workloadinjection controller name
    25  	WorkloadInjectionControllerName string = "linkerdctl-workloadinjection"
    26  	// Name of linkerd destination controlplane pods
    27  	Destination string = "linkerd-destination"
    28  	// Name of linkerd proxy injector controlplane pods
    29  	ProxyInjector string = "linkerd-proxy-injector"
    30  	// Name of linkerd identity controlplane pods
    31  	Identity string = "linkerd-identity"
    32  	// Name of linkerd trust anchor
    33  	TrustAnchorName string = "linkerd-trust-anchor"
    34  	// Name of linkerd indentity issuer
    35  	IssuerName string = "linkerd-identity-issuer"
    36  	// Linkerd admin port
    37  	AdminPort string = "linkerd-admin"
    38  	// Common name for linkerd identity
    39  	IdentityCommonName string = "identity.linkerd.cluster.local"
    40  	// Linkerd injection annotation
    41  	InjectionAnnotation string = "linkerd.io/inject"
    42  	// Linkerd proxy version annotation
    43  	ProxyVersionAnnotation string = "linkerd.io/proxy-version"
    44  	// Control plane default replica scale
    45  	DefaultReplicaScale int32 = 1
    46  	// Name of the identity config map
    47  	LinkerdIdentityConfigMap string = "linkerd-identity-trust-roots"
    48  	// Trust anchor certificate lifetime
    49  	CertDurationYear int = 2
    50  )
    51  
    52  var (
    53  	ControlPlaneSelector = labels.SelectorFromSet(labels.Set{"linkerd.io/control-plane-ns": Namespace})
    54  	ControllerContainers = []string{"destination", "sp-validator", "identity", "proxy-injector"}
    55  )
    56  
    57  const (
    58  	// Linkerd log formatting to json so fluentbit can parse it
    59  	JSONLogFormat string = "json"
    60  
    61  	// Log levels, taken from https://linkerd.io/2.11/reference/proxy-log-level/
    62  	// and https://github.com/linkerd/linkerd2/blob/67bcd8f64243e15519b846afe345c4d72b559173/pkg/flags/flags.go#L36
    63  	//
    64  	// NOTE: Only info, debug, error, and warn are supported by the Go components,
    65  	// and only one can be provided at a time. See WithLogLevel for more information
    66  
    67  	TraceLogLevel string = "trace"
    68  	InfoLogLevel  string = "info"
    69  	DebugLogLevel string = "debug"
    70  	ErrorLogLevel string = "error"
    71  	WarnLogLevel  string = "warn"
    72  
    73  	// linkerd iptables mode
    74  	IptablesModes string = "nft"
    75  )
    76  
    77  const (
    78  	// DefaultThinPosIdentityIssuerCertificateDurationHours is the issuer certificate default
    79  	// maximum certificate duration for linkerd under thin topology
    80  	DefaultThinPosIdentityIssuerCertificateDurationHours = uint(40)
    81  	// DefaultThinPosIdentityIssuerCertificateRenewBeforeHours is the issuer certificate default renew before
    82  	// for linkerd under thin topology
    83  	DefaultThinPosIdentityIssuerCertificateRenewBeforeHours = uint(25)
    84  	// DefaultThickPosIdentityIssuerCertificateDurationHours is the issuer certificate default
    85  	// maximum certificate duration for linkerd under thick topology
    86  	DefaultThickPosIdentityIssuerCertificateDurationHours = uint(96)
    87  	// DefaultThickPosIdentityIssuerCertificateRenewBeforeHours is the issuer certificate default renew before
    88  	// for linkerd under thick topology
    89  	DefaultThickPosIdentityIssuerCertificateRenewBeforeHours = uint(72)
    90  )
    91  
    92  // Typed namespaced name for trust anchor
    93  func TrustAnchorKey() types.NamespacedName {
    94  	return types.NamespacedName{Name: TrustAnchorName, Namespace: Namespace}
    95  }
    96  
    97  // Typed namespaced name for linkerd identity issuer
    98  func IssuerKey() types.NamespacedName {
    99  	return types.NamespacedName{Name: IssuerName, Namespace: Namespace}
   100  }
   101  
   102  // OwnerRef creates an owner reference for this controller that should be added
   103  // to objects this controller / Linkerd object owns.  this enables things like
   104  // automated garbage collection
   105  func OwnerRef(l5d *l5dv1alpha1.Linkerd) []metav1.OwnerReference {
   106  	return []metav1.OwnerReference{
   107  		*metav1.NewControllerRef(
   108  			l5d,
   109  			l5dv1alpha1.GroupVersion.WithKind(reflect.TypeOf(l5dv1alpha1.Linkerd{}).Name()),
   110  		),
   111  	}
   112  }
   113  
   114  // CreateOpts returns client.CreatOptions marking the linkerd controller as the owner.
   115  // The result string should match what fluxcd/pkg/ssa.Onwer adds to resources.
   116  func CreateOpts() *client.CreateOptions {
   117  	return &client.CreateOptions{FieldManager: fmt.Sprintf("%s/%s", constants.Domain, LinkerdControllerName)}
   118  }
   119  
   120  // filters out unchanged objects from changeset
   121  func FilterChanged(changeSet *ssa.ChangeSet) []ssa.ChangeSetEntry {
   122  	changedEntries := []ssa.ChangeSetEntry{}
   123  	for _, entry := range changeSet.Entries {
   124  		if entry.Action != ssa.UnchangedAction {
   125  			changedEntries = append(changedEntries, entry)
   126  		}
   127  	}
   128  	return changedEntries
   129  }
   130  
   131  // ProxyContainerStatus returns the container status for the linkerd proxy sidecar
   132  func ProxyContainerStatus(pod *corev1.Pod) *corev1.ContainerStatus {
   133  	for _, status := range append(pod.Status.ContainerStatuses, pod.Status.InitContainerStatuses...) {
   134  		if status.Name == k8s.ProxyContainerName {
   135  			return &status
   136  		}
   137  	}
   138  	return nil
   139  }
   140  
   141  // ProxyExists returns true if the pod contains a linkerd proxy sidecar
   142  // either as an init container (for native) or a regular container (for injected)
   143  func ProxyExists(pod *corev1.Pod) bool {
   144  	allContainers := append(pod.Spec.InitContainers, pod.Spec.Containers...)
   145  	for _, container := range allContainers {
   146  		if container.Name == k8s.ProxyContainerName {
   147  			return true
   148  		}
   149  	}
   150  	return false
   151  }
   152
View as plain text