v1alpha1

package
v0.0.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 7, 2022 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Overview

Package v1alpha1 contains API Schema definitions for the cloudsql v1alpha1 API group: the custom resource AuthProxyWorkload version v1alpha1 This follows the kubebuilder pattern for defining custom resources.

+kubebuilder:object:generate=true +groupName=cloudsql.cloud.google.com

Index

Constants

View Source 
const (
	// ErrorCodePortConflict occurs when an explicit port assignment for a workload
	// is in conflict with a port assignment from the pod or another proxy container.
	ErrorCodePortConflict = "PortConflict"

	// ErrorCodeEnvConflict occurs when an the environment code does not work.
	ErrorCodeEnvConflict = "EnvVarConflict"

	// ErrorCodeFUSENotSupported occurs when any FUSE configuration is set,
	// because fuse is not yet supported.
	ErrorCodeFUSENotSupported = "FUSENotSupported"

	// AnnotationPrefix is used as the prefix for all annotations added to a domain object.
	// to hold metadata related to this operator.
	AnnotationPrefix = "cloudsql.cloud.google.com"

	// ConditionUpToDate indicates whether the reconciliation loop
	// has properly processed the latest generation of an AuthProxyInstance
	ConditionUpToDate = "UpToDate"

	// ReasonStartedReconcile relates to condition UpToDate, this reason is set
	// when the resource is not up to date because reconcile has started, but not
	// finished.
	ReasonStartedReconcile = "StartedReconcile"

	// ReasonFinishedReconcile relates to condition UpToDate, this reason is set
	// when the resource reconcile has finished running.
	ReasonFinishedReconcile = "FinishedReconcile"

	// ReasonNoWorkloadsFound relates to condition UpToDate, this reason is set
	// when there are no workloads related to this AuthProxyWorkload resource.
	ReasonNoWorkloadsFound = "NoWorkloadsFound"

	// ConditionWorkloadUpToDate indicates whether the reconciliation loop
	// has properly processed the latest generation of an AuthProxyInstance
	ConditionWorkloadUpToDate = "WorkloadUpToDate"

	// ReasonNeedsUpdate relates to condition WorkloadUpToDate, this reason is set
	// when there are no workloads related to this AuthProxyWorkload resource.
	ReasonNeedsUpdate = "NeedsUpdate"

	// ReasonUpToDate relates to condition WorkloadUpToDate, this reason is set
	// when there are no workloads related to this AuthProxyWorkload resource.
	ReasonUpToDate = "UpToDate"
)

Variables

View Source 
var (
	// GroupVersion is group version used to register these objects
	GroupVersion = schema.GroupVersion{Group: "cloudsql.cloud.google.com", Version: "v1alpha1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme
	SchemeBuilder = &scheme.Builder{GroupVersion: GroupVersion}

	// AddToScheme adds the types in this group-version to the given scheme.
	AddToScheme = SchemeBuilder.AddToScheme
)

Functions

This section is empty.

Types

type AuthProxyContainerSpec 

type AuthProxyContainerSpec struct {

	// Container is debugging parameter that when specified will override the
	// proxy container with a completely custom Container spec.
	//+kubebuilder:validation:Optional
	Container *v1.Container `json:"container,omitempty"`

	// Resources specifies the resources required for the proxy pod.
	//+kubebuilder:validation:Optional
	Resources *v1.ResourceRequirements `json:"resources,omitempty"`

	// Telemetry specifies how the proxy should expose telemetry.
	// Optional, by default
	//+kubebuilder:validation:Optional
	Telemetry *TelemetrySpec `json:"telemetry,omitempty"`

	// MaxConnections limits the number of connections. Default value is no limit.
	// This sets the proxy container's CLI argument `--max-connections`
	//+kubebuilder:validation:Optional
	MaxConnections *int64 `json:"maxConnections,omitempty"`

	// MaxSigtermDelay is the maximum number of seconds to wait for connections to close after receiving a TERM signal.
	// This sets the proxy container's CLI argument `--max-sigterm-delay` and
	// configures `terminationGracePeriodSeconds` on the workload's PodSpec.
	//+kubebuilder:validation:Optional
	MaxSigtermDelay *int64 `json:"maxSigtermDelay,omitempty"`

	// FUSEDir is the path where the FUSE volume will be mounted.
	// This sets the proxy container's CLI argument `--fuse` and
	// will mount the FUSE volume at this path on all containers in the workload.
	//+kubebuilder:validation:Optional
	FUSEDir string `json:"fuseDir,omitempty"`

	// FUSETempDir is the path for the temp dir for Unix sockets created with FUSE.
	// This sets the proxy container's CLI argument `--fuse-tmp-dir` and
	// will mount the FUSE temp volume at this path on all containers in the workload.
	//+kubebuilder:validation:Optional
	FUSETempDir string `json:"fuseTempDir,omitempty"`
	// Image is the URL to the proxy image. Optional, by default the operator
	// will use the latest known compatible proxy image.
	//+kubebuilder:validation:Optional
	Image string `json:"image,omitempty"`

	// SQLAdminAPIEndpoint is a debugging parameter that when specified will
	// change the Google Cloud api endpoint used by the proxy.
	//+kubebuilder:validation:Optional
	SQLAdminAPIEndpoint string `json:"sqlAdminAPIEndpoint,omitempty"`
}

AuthProxyContainerSpec specifies configuration for the proxy container.

func (*AuthProxyContainerSpec) DeepCopy 

func (in *AuthProxyContainerSpec) DeepCopy() *AuthProxyContainerSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthProxyContainerSpec.

func (*AuthProxyContainerSpec) DeepCopyInto 

func (in *AuthProxyContainerSpec) DeepCopyInto(out *AuthProxyContainerSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthProxyWorkload 

type AuthProxyWorkload struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   AuthProxyWorkloadSpec   `json:"spec,omitempty"`
	Status AuthProxyWorkloadStatus `json:"status,omitempty"`
}

AuthProxyWorkload declares how a Cloud SQL Proxy container should be applied to a matching set of workloads, and shows the status of those proxy containers. This is the Schema for the authproxyworkloads API.

+kubebuilder:object:root=true +kubebuilder:subresource:status

func (*AuthProxyWorkload) DeepCopy 

func (in *AuthProxyWorkload) DeepCopy() *AuthProxyWorkload

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthProxyWorkload.

func (*AuthProxyWorkload) DeepCopyInto 

func (in *AuthProxyWorkload) DeepCopyInto(out *AuthProxyWorkload)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AuthProxyWorkload) DeepCopyObject 

func (in *AuthProxyWorkload) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

func (*AuthProxyWorkload) Default 

func (r *AuthProxyWorkload) Default()

Default implements webhook.Defaulter so a webhook will be registered for the type

func (*AuthProxyWorkload) SetupWebhookWithManager 

func (r *AuthProxyWorkload) SetupWebhookWithManager(mgr ctrl.Manager) error

func (*AuthProxyWorkload) ValidateCreate 

func (r *AuthProxyWorkload) ValidateCreate() error

ValidateCreate implements webhook.Validator so a webhook will be registered for the type

func (*AuthProxyWorkload) ValidateDelete 

func (r *AuthProxyWorkload) ValidateDelete() error

ValidateDelete implements webhook.Validator so a webhook will be registered for the type

func (*AuthProxyWorkload) ValidateUpdate 

func (r *AuthProxyWorkload) ValidateUpdate(_ runtime.Object) error

ValidateUpdate implements webhook.Validator so a webhook will be registered for the type

type AuthProxyWorkloadList 

type AuthProxyWorkloadList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []AuthProxyWorkload `json:"items"`
}

AuthProxyWorkloadList contains a list of AuthProxyWorkload and is part of the authproxyworkloads API. +kubebuilder:object:root=true

func (*AuthProxyWorkloadList) DeepCopy 

func (in *AuthProxyWorkloadList) DeepCopy() *AuthProxyWorkloadList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthProxyWorkloadList.

func (*AuthProxyWorkloadList) DeepCopyInto 

func (in *AuthProxyWorkloadList) DeepCopyInto(out *AuthProxyWorkloadList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*AuthProxyWorkloadList) DeepCopyObject 

func (in *AuthProxyWorkloadList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type AuthProxyWorkloadSpec 

type AuthProxyWorkloadSpec struct {
	// Workload selects the workload to
	//+kubebuilder:validation:Required
	Workload WorkloadSelectorSpec `json:"workloadSelector"`

	// Authentication describes how to authenticate the Auth Proxy container to Google Cloud
	//+kubebuilder:validation:Optional
	Authentication *AuthenticationSpec `json:"authentication,omitempty"`

	// AuthProxyContainer describes the resources and config for the Auth Proxy container
	//+kubebuilder:validation:Optional
	AuthProxyContainer *AuthProxyContainerSpec `json:"authProxyContainer,omitempty"`

	// Instances lists the Cloud SQL instances to connect
	//+kubebuilder:validation:Required
	//+kubebuilder:validation:MinItems=1
	Instances []InstanceSpec `json:"instances"`
}

AuthProxyWorkloadSpec defines the desired state of AuthProxyWorkload

func (*AuthProxyWorkloadSpec) DeepCopy 

func (in *AuthProxyWorkloadSpec) DeepCopy() *AuthProxyWorkloadSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthProxyWorkloadSpec.

func (*AuthProxyWorkloadSpec) DeepCopyInto 

func (in *AuthProxyWorkloadSpec) DeepCopyInto(out *AuthProxyWorkloadSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthProxyWorkloadStatus 

type AuthProxyWorkloadStatus struct {

	// Conditions show the overall status of the AuthProxyWorkload resource on all
	// matching workloads.
	//
	// The "UpToDate" condition indicates that the proxy was successfully
	// applied to all matching workloads. See ConditionUpToDate.
	Conditions []*metav1.Condition `json:"conditions,omitempty"`

	// WorkloadStatus presents the observed status of individual workloads that match
	// this AuthProxyWorkload resource.
	WorkloadStatus []*WorkloadStatus `json:"WorkloadStatus,omitempty"`
}

AuthProxyWorkloadStatus presents the observed state of AuthProxyWorkload using standard Kubernetes Conditions.

func (*AuthProxyWorkloadStatus) DeepCopy 

func (in *AuthProxyWorkloadStatus) DeepCopy() *AuthProxyWorkloadStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthProxyWorkloadStatus.

func (*AuthProxyWorkloadStatus) DeepCopyInto 

func (in *AuthProxyWorkloadStatus) DeepCopyInto(out *AuthProxyWorkloadStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AuthenticationSpec 

type AuthenticationSpec struct {
	// CredentialsFileSecret the "name" or "namespace/name" for the secret.
	// This sets the Cloud SQL Proxy container's CLI argument `--credentials-file`
	//+kubebuilder:validation:Optional
	CredentialsFileSecret string `json:"credentialsFileSecret,omitempty"`

	// CredentialsFileKey The key within the kubernetes secret containing the credentials file.
	// This sets the Cloud SQL Proxy container's CLI argument `--credentials-file`
	//+kubebuilder:validation:Optional
	CredentialsFileKey string `json:"credentialsFileKey,omitempty"`

	// GCloudAuth true when we should use the Google Cloud metadata server to authenticate.
	// This sets the Cloud SQL Proxy container's CLI argument `--gcloud-auth`
	//+kubebuilder:validation:Optional
	GCloudAuth bool `json:"gcloudAuth,omitempty"`
}

AuthenticationSpec describes how the proxy should get its Google Cloud identity to authenticate to the Google Cloud api. The proxy can get its Google Cloud identity in one of two ways:

  1. Using the Google Cloud metadata server, in which case the AuthenticationSpec would set the GCloudAuth field to true. e.g. `{gcloudAuth:true}`
  2. Using a IAM credential key file stored in a kubernetes secret, in which case the AuthenticationSpec would set CredentialFileSecret and CredentialFileKey. e.g. `{credentialFileSecret: "default/gcloud-cred", credentialFileKey="gcloud.json"}`

func (*AuthenticationSpec) DeepCopy 

func (in *AuthenticationSpec) DeepCopy() *AuthenticationSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthenticationSpec.

func (*AuthenticationSpec) DeepCopyInto 

func (in *AuthenticationSpec) DeepCopyInto(out *AuthenticationSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type InstanceSpec 

type InstanceSpec struct {

	// ConnectionString is the Cloud SQL instance.
	//+kubebuilder:validation:Required
	ConnectionString string `json:"connectionString,omitempty"`

	// SocketType declares what type of socket to create for this database. Allowed
	// values: "tcp" or "unix"
	//+kubebuilder:validation:Enum=tcp;unix
	//+kubebuilder:validation:Optional
	SocketType string `json:"socketType,omitempty"`

	// Port sets the tcp port for this instance. Optional, if not set, a value will
	// be automatically assigned by the operator and set as an environment variable
	// on all containers in the workload named according to PortEnvName. The operator will choose
	// a port so that it does not conflict with other ports on the workload.
	//+kubebuilder:validation:Optional
	Port *int32 `json:"port,omitempty"`

	// UnixSocketPath is the directory to mount the unix socket for this instance.
	// When set, this directory will be mounted on all containers in the workload.
	//+kubebuilder:validation:Optional
	UnixSocketPath string `json:"unixSocketPath,omitempty"`

	// AutoIAMAuthN Enables IAM Authentication for this instance. Optional, default
	// false.
	//+kubebuilder:validation:Optional
	AutoIAMAuthN *bool `json:"autoIAMAuthN,omitempty"`

	// PrivateIP Enable connection to the Cloud SQL instance's private ip for this instance.
	// Optional, default false.
	//+kubebuilder:validation:Optional
	PrivateIP *bool `json:"privateIP,omitempty"`

	// PortEnvName is name of the environment variable containing this instance's tcp port.
	// Optional, when set this environment variable will be added to all containers in the workload.
	//+kubebuilder:validation:Optional
	PortEnvName string `json:"portEnvName,omitempty"`

	// HostEnvName The name of the environment variable containing this instances tcp hostname
	// Optional, when set this environment variable will be added to all containers in the workload.
	//+kubebuilder:validation:Optional
	HostEnvName string `json:"hostEnvName,omitempty"`

	// UnixSocketPathEnvName the name of the environment variable containing the unix socket path
	// Optional, when set this environment variable will be added to all containers in the workload.
	//+kubebuilder:validation:Optional
	UnixSocketPathEnvName string `json:"unixSocketPathEnvName,omitempty"`
}

InstanceSpec describes the configuration for how the proxy should expose a Cloud SQL database instance to a workload. The simplest possible configuration declares just the connection string and the port number or unix socket.

For example, for a TCP port: 

{ "connectionString":"my-project:us-central1:my-db-server", "port":5000 }

or for a unix socket: 

{ "connectionString":"my-project:us-central1:my-db-server",
  "unixSocketPath" : "/mnt/db/my-db-server" }

You may allow the operator to choose a non-conflicting TCP port or unix socket instead of explicitly setting the port or socket path. This may be easier to manage when workload needs to connect to many databases.

For example, for a TCP port: 

{ "connectionString":"my-project:us-central1:my-db-server",
  "portEnvName":"MY_DB_SERVER_PORT"
  "hostEnvName":"MY_DB_SERVER_HOST"
 }

will set environment variables MY_DB_SERVER_PORT MY_DB_SERVER_HOST with the value of the TCP port and hostname. Then, the application can read these values to connect to the database through the proxy.

or for a unix socket: 

{ "connectionString":"my-project:us-central1:my-db-server",
  "unixSocketPathEnvName" : "MY_DB_SERVER_SOCKET_DIR" }

will set environment variables MY_DB_SERVER_SOCKET_DIR with the value of the unix socket path. Then, the application can read this value to connect to the database through the proxy.

func (*InstanceSpec) DeepCopy 

func (in *InstanceSpec) DeepCopy() *InstanceSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InstanceSpec.

func (*InstanceSpec) DeepCopyInto 

func (in *InstanceSpec) DeepCopyInto(out *InstanceSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type TelemetrySpec 

type TelemetrySpec struct {
	// QuotaProject Specifies the project to use for Cloud SQL Admin API quota tracking.
	// The IAM principal must have the "serviceusage.services.use" permission
	// for the given project. See https://cloud.google.com/service-usage/docs/overview and
	// https://cloud.google.com/storage/docs/requester-pays
	// This sets the proxy container's CLI argument `--quota-project`
	//+kubebuilder:validation:Optional
	QuotaProject *string `json:"quotaProject,omitempty"`

	// Prometheus Enables Prometheus HTTP endpoint /metrics on localhost
	// This sets the proxy container's CLI argument `--prometheus`
	//+kubebuilder:validation:Optional
	Prometheus *bool `json:"prometheus,omitempty"`

	// PrometheusNamespace is used the provided Prometheus namespace for metrics
	// This sets the proxy container's CLI argument `--prometheus-namespace`
	//+kubebuilder:validation:Optional
	PrometheusNamespace *string `json:"prometheusNamespace,omitempty"`

	// TelemetryProject enables Cloud Monitoring and Cloud Trace with the provided project ID.
	// This sets the proxy container's CLI argument `--telemetry-project`
	//+kubebuilder:validation:Optional
	TelemetryProject *string `json:"telemetryProject,omitempty"`

	// TelemetryPrefix is the prefix for Cloud Monitoring metrics.
	// This sets the proxy container's CLI argument `--telemetry-prefix`
	//+kubebuilder:validation:Optional
	TelemetryPrefix *string `json:"telemetryPrefix,omitempty"`

	// TelemetrySampleRate is the Cloud Trace sample rate. A smaller number means more traces.
	// This sets the proxy container's CLI argument `--telemetry-sample-rate`
	//+kubebuilder:validation:Optional
	TelemetrySampleRate *int `json:"telemetrySampleRate,omitempty"`

	// HTTPPort the port for Prometheus and health check server.
	// This sets the proxy container's CLI argument `--http-port`
	//+kubebuilder:validation:Optional
	HTTPPort *int32 `json:"httpPort,omitempty"`

	// DisableTraces disables Cloud Trace testintegration (used with telemetryProject)
	// This sets the proxy container's CLI argument `--disable-traces`
	//+kubebuilder:validation:Optional
	DisableTraces *bool `json:"disableTraces,omitempty"`

	// DisableMetrics disables Cloud Monitoring testintegration (used with telemetryProject)
	// This sets the proxy container's CLI argument `--disable-metrics`
	//+kubebuilder:validation:Optional
	DisableMetrics *bool `json:"disableMetrics,omitempty"`
}

TelemetrySpec specifies how the proxy container will expose telemetry.

func (*TelemetrySpec) DeepCopy 

func (in *TelemetrySpec) DeepCopy() *TelemetrySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TelemetrySpec.

func (*TelemetrySpec) DeepCopyInto 

func (in *TelemetrySpec) DeepCopyInto(out *TelemetrySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type WorkloadSelectorSpec 

type WorkloadSelectorSpec struct {
	// Selector selects resources using labels. See "Label selectors" in the kubernetes docs
	// https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors
	//+kubebuilder:validation:Optional
	Selector *metav1.LabelSelector `json:"selector,omitempty"`

	// Kind specifies what kind of workload
	// Supported kinds: Deployment, StatefulSet, Pod, ReplicaSet,DaemonSet, Job, CronJob
	// Example: "Deployment" "Deployment.v1" or "Deployment.v1.apps".
	//+kubebuilder:validation:Required
	//+kubebuilder:validation:Pattern=\w+(\.\w+)*
	Kind string `json:"kind"`

	// Namespace specifies namespace in which to select the resource.
	// Optional, defaults to the namespace of the AuthProxyWorkload resource.
	// All or Wildcard namespaces are not supported.
	//+kubebuilder:validation:Optional
	Namespace string `json:"namespace,omitempty"`

	// Name specifies the name of the resource to select.
	//+kubebuilder:validation:Optional
	Name string `json:"name,omitempty"`
}

WorkloadSelectorSpec describes which workloads should be configured with this proxy configuration. To be valid, WorkloadSelectorSpec must specify Kind and either Name or Selector.

func (*WorkloadSelectorSpec) DeepCopy 

func (in *WorkloadSelectorSpec) DeepCopy() *WorkloadSelectorSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadSelectorSpec.

func (*WorkloadSelectorSpec) DeepCopyInto 

func (in *WorkloadSelectorSpec) DeepCopyInto(out *WorkloadSelectorSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*WorkloadSelectorSpec) LabelsSelector 

func (s *WorkloadSelectorSpec) LabelsSelector() (labels.Selector, error)

LabelsSelector converts the Selector field into a controller-runtime labels.Selector for convenient use in the controller. If the Selector field is nil, returns an empty selector which will match all labels.

type WorkloadStatus 

type WorkloadStatus struct {

	// Kind Version Namespace Name identify the specific workload.
	//+kubebuilder:validation:Enum=Pod;Deployment;StatefulSet;ReplicaSet;DaemonSet;Job;CronJob
	Kind      string `json:"kind,omitempty,"`
	Version   string `json:"version,omitempty,"`
	Namespace string `json:"namespace,omitempty,"`
	Name      string `json:"name,omitempty,"`

	// Conditions show the status of the AuthProxyWorkload resource on this
	// matching workload.
	//
	// The "UpToDate" condition indicates that the proxy was successfully
	// applied to all matching workloads. See ConditionUpToDate.
	Conditions []*metav1.Condition `json:"conditions"`
}

WorkloadStatus presents the status for how this AuthProxyWorkload resource was applied to a specific workload.

func (*WorkloadStatus) DeepCopy 

func (in *WorkloadStatus) DeepCopy() *WorkloadStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadStatus.

func (*WorkloadStatus) DeepCopyInto 

func (in *WorkloadStatus) DeepCopyInto(out *WorkloadStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.