-
Notifications
You must be signed in to change notification settings - Fork 1.3k
/
labels.go
151 lines (117 loc) · 4.56 KB
/
labels.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
/*
Kubernetes labels and annotations used in Linkerd's control plane and data plane
Kubernetes configs.
*/
package k8s
import (
"fmt"
"github.com/linkerd/linkerd2/pkg/version"
appsV1 "k8s.io/api/apps/v1"
coreV1 "k8s.io/api/core/v1"
)
const (
/*
* Labels
*/
// ControllerComponentLabel identifies this object as a component of Linkerd's
// control plane (e.g. web, controller).
ControllerComponentLabel = "linkerd.io/control-plane-component"
// ControllerNSLabel is injected into mesh-enabled apps, identifying the
// namespace of the Linkerd control plane.
ControllerNSLabel = "linkerd.io/control-plane-ns"
// ProxyDeploymentLabel is injected into mesh-enabled apps, identifying the
// deployment that this proxy belongs to.
ProxyDeploymentLabel = "linkerd.io/proxy-deployment"
// ProxyReplicationControllerLabel is injected into mesh-enabled apps,
// identifying the ReplicationController that this proxy belongs to.
ProxyReplicationControllerLabel = "linkerd.io/proxy-replicationcontroller"
// ProxyReplicaSetLabel is injected into mesh-enabled apps, identifying the
// ReplicaSet that this proxy belongs to.
ProxyReplicaSetLabel = "linkerd.io/proxy-replicaset"
// ProxyJobLabel is injected into mesh-enabled apps, identifying the Job that
// this proxy belongs to.
ProxyJobLabel = "linkerd.io/proxy-job"
// ProxyDaemonSetLabel is injected into mesh-enabled apps, identifying the
// DaemonSet that this proxy belongs to.
ProxyDaemonSetLabel = "linkerd.io/proxy-daemonset"
// ProxyStatefulSetLabel is injected into mesh-enabled apps, identifying the
// StatefulSet that this proxy belongs to.
ProxyStatefulSetLabel = "linkerd.io/proxy-statefulset"
/*
* Annotations
*/
// CreatedByAnnotation indicates the source of the injected data plane
// (e.g. linkerd/cli v2.0.0).
CreatedByAnnotation = "linkerd.io/created-by"
// ProxyVersionAnnotation indicates the version of the injected data plane
// (e.g. v0.1.3).
ProxyVersionAnnotation = "linkerd.io/proxy-version"
/*
* Component Names
*/
// InitContainerName is the name assigned to the injected init container.
InitContainerName = "linkerd-init"
// ProxyContainerName is the name assigned to the injected proxy container.
ProxyContainerName = "linkerd-proxy"
// TLSTrustAnchorConfigMapName is the name of the ConfigMap that holds the
// trust anchors (trusted root certificates).
TLSTrustAnchorConfigMapName = "linkerd-ca-bundle"
// TLSTrustAnchorFileName is the name (key) within the trust anchor ConfigMap
// that contains the actual trust anchor bundle.
TLSTrustAnchorFileName = "trust-anchors.pem"
TLSCertFileName = "certificate.crt"
TLSPrivateKeyFileName = "private-key.p8"
)
// CreatedByAnnotationValue returns the value associated with
// CreatedByAnnotation.
func CreatedByAnnotationValue() string {
return fmt.Sprintf("linkerd/cli %s", version.Version)
}
// GetPodLabels returns the set of prometheus owner labels for a given pod
func GetPodLabels(ownerKind, ownerName string, pod *coreV1.Pod) map[string]string {
labels := map[string]string{"pod": pod.Name}
if ownerKind == "job" {
labels["k8s_job"] = ownerName
} else {
labels[ownerKind] = ownerName
}
if controllerNS := pod.Labels[ControllerNSLabel]; controllerNS != "" {
labels["control_plane_ns"] = controllerNS
}
if pth := pod.Labels[appsV1.DefaultDeploymentUniqueLabelKey]; pth != "" {
labels["pod_template_hash"] = pth
}
return labels
}
func IsMeshed(pod *coreV1.Pod, controllerNS string) bool {
return pod.Labels[ControllerNSLabel] == controllerNS
}
// TLSIdentity is the identity of a pod owner (Deployment, Pod,
// ReplicationController, etc.).
type TLSIdentity struct {
// Name is the name of the pod owner.
Name string
// Kind is the singular, lowercased Kubernetes resource type of the pod owner
// (deployment, daemonset, job, replicationcontroller, etc.).
Kind string
// Namespace is the pod's namespace. Kubernetes requires that pods and
// pod owners be in the same namespace.
Namespace string
// ControllerNamespace is the namespace of the controller for the pod.
ControllerNamespace string
}
func (i TLSIdentity) ToDNSName() string {
return fmt.Sprintf("%s.%s.%s.linkerd-managed.%s.svc.cluster.local", i.Name,
i.Kind, i.Namespace, i.ControllerNamespace)
}
func (i TLSIdentity) ToSecretName() string {
return fmt.Sprintf("%s-%s-tls-linkerd-io", i.Name, i.Kind)
}
func (i TLSIdentity) ToControllerIdentity() TLSIdentity {
return TLSIdentity{
Name: "controller",
Kind: "deployment",
Namespace: i.ControllerNamespace,
ControllerNamespace: i.ControllerNamespace,
}
}