-
Notifications
You must be signed in to change notification settings - Fork 2.7k
/
volume.go
96 lines (79 loc) · 3.5 KB
/
volume.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
package keyring
import (
"path"
v1 "k8s.io/api/core/v1"
)
const (
keyringDir = "/etc/ceph/keyring-store/"
// admin keyring path must be different from keyring path so that the two keyrings can be
// mounted independently
adminKeyringDir = "/etc/ceph/admin-keyring-store/"
crashCollectorKeyringDir = "/etc/ceph/crash-collector-keyring-store/"
)
// VolumeBuilder is a helper for creating Kubernetes pod volumes with content sourced by keyrings
// stored in the SecretStore.
type VolumeBuilder struct{}
// VolumeMountBuilder is a helper for creating Kubernetes container volume mounts that mount the
// keyring content from VolumeBuilder volumes.
type VolumeMountBuilder struct{}
// Volume returns a VolumeBuilder.
func Volume() *VolumeBuilder { return &VolumeBuilder{} }
// Resource returns a Kubernetes pod volume whose content is sourced by the keyring created for the
// resource using a SecretStore.
func (v *VolumeBuilder) Resource(resourceName string) v1.Volume {
return v1.Volume{
Name: keyringSecretName(resourceName),
VolumeSource: v1.VolumeSource{Secret: &v1.SecretVolumeSource{
SecretName: keyringSecretName(resourceName),
}},
}
}
// Admin returns a kubernetes pod volume whose content is sourced by the SecretStore admin keyring.
func (v *VolumeBuilder) Admin() v1.Volume {
return v.Resource(adminKeyringResourceName)
}
// CrashCollector returns a kubernetes pod volume whose content is sourced by the SecretStore crash collector keyring.
func (v *VolumeBuilder) CrashCollector() v1.Volume {
return v.Resource(crashCollectorKeyringResourceName)
}
// VolumeMount returns a VolumeMountBuilder.
func VolumeMount() *VolumeMountBuilder { return &VolumeMountBuilder{} }
// Resource returns a Kubernetes container volume mount that mounts the content from the matching
// VolumeBuilder Resource volume for the same resource.
func (*VolumeMountBuilder) Resource(resourceName string) v1.VolumeMount {
return v1.VolumeMount{
Name: keyringSecretName(resourceName),
ReadOnly: true, // should be no reason to write to the keyring in pods, so enforce this
MountPath: keyringDir,
}
}
// Admin returns a Kubernetes container volume mount that mounts the content from the matching
// VolumeBuilder Admin volume.
func (*VolumeMountBuilder) Admin() v1.VolumeMount {
return v1.VolumeMount{
Name: keyringSecretName(adminKeyringResourceName),
ReadOnly: true, // should be no reason to write to the keyring in pods, so enforce this
MountPath: adminKeyringDir,
}
}
// CrashCollector returns a Kubernetes container volume mount that mounts the content from the matching
// VolumeBuilder Crash Collector volume.
func (*VolumeMountBuilder) CrashCollector() v1.VolumeMount {
return v1.VolumeMount{
Name: keyringSecretName(crashCollectorKeyringResourceName),
ReadOnly: true, // should be no reason to write to the keyring in pods, so enforce this
MountPath: crashCollectorKeyringDir,
}
}
// KeyringFilePath returns the full path to the regular keyring file within a container.
func (*VolumeMountBuilder) KeyringFilePath() string {
return path.Join(keyringDir, keyringFileName)
}
// AdminKeyringFilePath returns the full path to the admin keyring file within a container.
func (*VolumeMountBuilder) AdminKeyringFilePath() string {
return path.Join(adminKeyringDir, keyringFileName)
}
// CrashCollectorKeyringFilePath returns the full path to the admin keyring file within a container.
func (*VolumeMountBuilder) CrashCollectorKeyringFilePath() string {
return path.Join(crashCollectorKeyringDir, keyringFileName)
}