package linkerd import ( "fmt" "reflect" "github.com/fluxcd/pkg/ssa" "github.com/linkerd/linkerd2/pkg/k8s" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/labels" "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" "edge-infra.dev/pkg/edge/constants" l5dv1alpha1 "edge-infra.dev/pkg/edge/linkerd/k8s/apis/linkerd/v1alpha1" ) const ( // Linkerd namespace Namespace string = "linkerd" // Linkerd controller name LinkerdControllerName string = "linkerdctl" // Workloadinjection controller name WorkloadInjectionControllerName string = "linkerdctl-workloadinjection" // Name of linkerd destination controlplane pods Destination string = "linkerd-destination" // Name of linkerd proxy injector controlplane pods ProxyInjector string = "linkerd-proxy-injector" // Name of linkerd identity controlplane pods Identity string = "linkerd-identity" // Name of linkerd trust anchor TrustAnchorName string = "linkerd-trust-anchor" // Name of linkerd indentity issuer IssuerName string = "linkerd-identity-issuer" // Linkerd admin port AdminPort string = "linkerd-admin" // Common name for linkerd identity IdentityCommonName string = "identity.linkerd.cluster.local" // Linkerd injection annotation InjectionAnnotation string = "linkerd.io/inject" // Linkerd proxy version annotation ProxyVersionAnnotation string = "linkerd.io/proxy-version" // Control plane default replica scale DefaultReplicaScale int32 = 1 // Name of the identity config map LinkerdIdentityConfigMap string = "linkerd-identity-trust-roots" // Trust anchor certificate lifetime CertDurationYear int = 2 ) var ( ControlPlaneSelector = labels.SelectorFromSet(labels.Set{"linkerd.io/control-plane-ns": Namespace}) ControllerContainers = []string{"destination", "sp-validator", "identity", "proxy-injector"} ) const ( // Linkerd log formatting to json so fluentbit can parse it JSONLogFormat string = "json" // Log levels, taken from https://linkerd.io/2.11/reference/proxy-log-level/ // and https://github.com/linkerd/linkerd2/blob/67bcd8f64243e15519b846afe345c4d72b559173/pkg/flags/flags.go#L36 // // NOTE: Only info, debug, error, and warn are supported by the Go components, // and only one can be provided at a time. See WithLogLevel for more information TraceLogLevel string = "trace" InfoLogLevel string = "info" DebugLogLevel string = "debug" ErrorLogLevel string = "error" WarnLogLevel string = "warn" // linkerd iptables mode IptablesModes string = "nft" ) const ( // DefaultThinPosIdentityIssuerCertificateDurationHours is the issuer certificate default // maximum certificate duration for linkerd under thin topology DefaultThinPosIdentityIssuerCertificateDurationHours = uint(40) // DefaultThinPosIdentityIssuerCertificateRenewBeforeHours is the issuer certificate default renew before // for linkerd under thin topology DefaultThinPosIdentityIssuerCertificateRenewBeforeHours = uint(25) // DefaultThickPosIdentityIssuerCertificateDurationHours is the issuer certificate default // maximum certificate duration for linkerd under thick topology DefaultThickPosIdentityIssuerCertificateDurationHours = uint(96) // DefaultThickPosIdentityIssuerCertificateRenewBeforeHours is the issuer certificate default renew before // for linkerd under thick topology DefaultThickPosIdentityIssuerCertificateRenewBeforeHours = uint(72) ) // Typed namespaced name for trust anchor func TrustAnchorKey() types.NamespacedName { return types.NamespacedName{Name: TrustAnchorName, Namespace: Namespace} } // Typed namespaced name for linkerd identity issuer func IssuerKey() types.NamespacedName { return types.NamespacedName{Name: IssuerName, Namespace: Namespace} } // OwnerRef creates an owner reference for this controller that should be added // to objects this controller / Linkerd object owns. this enables things like // automated garbage collection func OwnerRef(l5d *l5dv1alpha1.Linkerd) []metav1.OwnerReference { return []metav1.OwnerReference{ *metav1.NewControllerRef( l5d, l5dv1alpha1.GroupVersion.WithKind(reflect.TypeOf(l5dv1alpha1.Linkerd{}).Name()), ), } } // CreateOpts returns client.CreatOptions marking the linkerd controller as the owner. // The result string should match what fluxcd/pkg/ssa.Onwer adds to resources. func CreateOpts() *client.CreateOptions { return &client.CreateOptions{FieldManager: fmt.Sprintf("%s/%s", constants.Domain, LinkerdControllerName)} } // filters out unchanged objects from changeset func FilterChanged(changeSet *ssa.ChangeSet) []ssa.ChangeSetEntry { changedEntries := []ssa.ChangeSetEntry{} for _, entry := range changeSet.Entries { if entry.Action != ssa.UnchangedAction { changedEntries = append(changedEntries, entry) } } return changedEntries } // ProxyContainerStatus returns the container status for the linkerd proxy sidecar func ProxyContainerStatus(pod *corev1.Pod) *corev1.ContainerStatus { for _, status := range append(pod.Status.ContainerStatuses, pod.Status.InitContainerStatuses...) { if status.Name == k8s.ProxyContainerName { return &status } } return nil } // ProxyExists returns true if the pod contains a linkerd proxy sidecar // either as an init container (for native) or a regular container (for injected) func ProxyExists(pod *corev1.Pod) bool { allContainers := append(pod.Spec.InitContainers, pod.Spec.Containers...) for _, container := range allContainers { if container.Name == k8s.ProxyContainerName { return true } } return false }