mirror of https://github.com/linkerd/linkerd2.git
254 lines
7.4 KiB
Go
254 lines
7.4 KiB
Go
package k8s
|
|
|
|
import (
|
|
"fmt"
|
|
"strings"
|
|
|
|
corev1 "k8s.io/api/core/v1"
|
|
"k8s.io/client-go/rest"
|
|
"k8s.io/client-go/tools/clientcmd"
|
|
)
|
|
|
|
// These constants are string representations of Kubernetes resource types.
|
|
const (
|
|
All = "all"
|
|
Authority = "authority"
|
|
ConfigMap = "configmap"
|
|
CronJob = "cronjob"
|
|
DaemonSet = "daemonset"
|
|
Deployment = "deployment"
|
|
Endpoints = "endpoints"
|
|
EndpointSlices = "endpointslices"
|
|
ExtWorkload = "externalworkload"
|
|
Job = "job"
|
|
MeshTLSAuthentication = "meshtlsauthentication"
|
|
MutatingWebhookConfig = "mutatingwebhookconfig"
|
|
Namespace = "namespace"
|
|
NetworkAuthentication = "networkauthentication"
|
|
Pod = "pod"
|
|
ReplicationController = "replicationcontroller"
|
|
ReplicaSet = "replicaset"
|
|
Secret = "secret"
|
|
Service = "service"
|
|
ServiceProfile = "serviceprofile"
|
|
StatefulSet = "statefulset"
|
|
Node = "node"
|
|
Server = "server"
|
|
ServerAuthorization = "serverauthorization"
|
|
AuthorizationPolicy = "authorizationpolicy"
|
|
HTTPRoute = "httproute"
|
|
|
|
PolicyAPIGroup = "policy.linkerd.io"
|
|
PolicyServerCRDVersion = "v1beta2"
|
|
|
|
ServiceProfileAPIVersion = "linkerd.io/v1alpha2"
|
|
ServiceProfileKind = "ServiceProfile"
|
|
|
|
LinkAPIGroup = "multicluster.linkerd.io"
|
|
LinkAPIVersion = "v1alpha1"
|
|
LinkAPIGroupVersion = "multicluster.linkerd.io/v1alpha1"
|
|
LinkKind = "Link"
|
|
|
|
K8sCoreAPIGroup = "core"
|
|
|
|
NamespaceKind = "Namespace"
|
|
ServerKind = "Server"
|
|
HTTPRouteKind = "HTTPRoute"
|
|
ExtWorkloadKind = "ExternalWorkload"
|
|
PodKind = "Pod"
|
|
|
|
WorkloadAPIGroup = "workload.linkerd.io"
|
|
WorkloadAPIVersion = "v1alpha1"
|
|
|
|
// special case k8s job label, to not conflict with Prometheus' job label
|
|
l5dJob = "k8s_job"
|
|
)
|
|
|
|
type resourceName struct {
|
|
short string
|
|
full string
|
|
plural string
|
|
}
|
|
|
|
// AllResources is a sorted list of all resources defined as constants above.
|
|
var AllResources = []string{
|
|
Authority,
|
|
AuthorizationPolicy,
|
|
CronJob,
|
|
DaemonSet,
|
|
Deployment,
|
|
HTTPRoute,
|
|
Job,
|
|
Namespace,
|
|
Pod,
|
|
ReplicaSet,
|
|
ReplicationController,
|
|
Server,
|
|
ServerAuthorization,
|
|
Service,
|
|
ServiceProfile,
|
|
StatefulSet,
|
|
}
|
|
|
|
// StatAllResourceTypes represents the resources to query in StatSummary when Resource.Type is "all"
|
|
var StatAllResourceTypes = []string{
|
|
DaemonSet,
|
|
StatefulSet,
|
|
Job,
|
|
Deployment,
|
|
ReplicationController,
|
|
Pod,
|
|
Service,
|
|
Authority,
|
|
CronJob,
|
|
ReplicaSet,
|
|
}
|
|
|
|
// CompletionResourceTypes represents resources the CLI's uses for autocompleting resource type names
|
|
var CompletionResourceTypes = []string{
|
|
Namespace,
|
|
DaemonSet,
|
|
StatefulSet,
|
|
Job,
|
|
Deployment,
|
|
ReplicationController,
|
|
Pod,
|
|
Service,
|
|
Authority,
|
|
CronJob,
|
|
ReplicaSet,
|
|
}
|
|
|
|
var resourceNames = []resourceName{
|
|
{"au", "authority", "authorities"},
|
|
{"cj", "cronjob", "cronjobs"},
|
|
{"ds", "daemonset", "daemonsets"},
|
|
{"deploy", "deployment", "deployments"},
|
|
{"job", "job", "jobs"},
|
|
{"meshtlsauthn", "meshtlsauthentication", "meshtlsauthentications"},
|
|
{"ns", "namespace", "namespaces"},
|
|
{"netauthn", "networkauthentication", "networkauthentications"},
|
|
{"networkauthn", "networkauthentication", "networkauthentications"},
|
|
{"po", "pod", "pods"},
|
|
{"rc", "replicationcontroller", "replicationcontrollers"},
|
|
{"rs", "replicaset", "replicasets"},
|
|
{"svc", "service", "services"},
|
|
{"sp", "serviceprofile", "serviceprofiles"},
|
|
{"saz", "serverauthorization", "serverauthorizations"},
|
|
{"serverauthz", "serverauthorization", "serverauthorizations"},
|
|
{"srvauthz", "serverauthorization", "serverauthorizations"},
|
|
{"srv", "server", "servers"},
|
|
{"ap", "authorizationpolicy", "authorizationpolicies"},
|
|
{"httproute", "httproute", "httproutes"},
|
|
{"authzpolicy", "authorizationpolicy", "authorizationpolicies"},
|
|
{"sts", "statefulset", "statefulsets"},
|
|
{"ln", "link", "links"},
|
|
{"all", "all", "all"},
|
|
}
|
|
|
|
// GetConfig returns kubernetes config based on the current environment.
|
|
// If fpath is provided, loads configuration from that file. Otherwise,
|
|
// GetConfig uses default strategy to load configuration from $KUBECONFIG,
|
|
// .kube/config, or just returns in-cluster config.
|
|
func GetConfig(fpath, kubeContext string) (*rest.Config, error) {
|
|
rules := clientcmd.NewDefaultClientConfigLoadingRules()
|
|
if fpath != "" {
|
|
rules.ExplicitPath = fpath
|
|
}
|
|
overrides := &clientcmd.ConfigOverrides{CurrentContext: kubeContext}
|
|
return clientcmd.
|
|
NewNonInteractiveDeferredLoadingClientConfig(rules, overrides).
|
|
ClientConfig()
|
|
}
|
|
|
|
// CanonicalResourceNameFromFriendlyName returns a canonical name from common shorthands used in command line tools.
|
|
// This works based on https://github.com/kubernetes/kubernetes/blob/63ffb1995b292be0a1e9ebde6216b83fc79dd988/pkg/kubectl/kubectl.go#L39
|
|
// This also works for non-k8s resources, e.g. authorities
|
|
func CanonicalResourceNameFromFriendlyName(friendlyName string) (string, error) {
|
|
for _, name := range resourceNames {
|
|
if friendlyName == name.short || friendlyName == name.full || friendlyName == name.plural {
|
|
return name.full, nil
|
|
}
|
|
}
|
|
return "", fmt.Errorf("cannot find Kubernetes canonical name from friendly name [%s]", friendlyName)
|
|
}
|
|
|
|
// PluralResourceNameFromFriendlyName returns a pluralized canonical name from common shorthands used in command line tools.
|
|
// This works based on https://github.com/kubernetes/kubernetes/blob/63ffb1995b292be0a1e9ebde6216b83fc79dd988/pkg/kubectl/kubectl.go#L39
|
|
// This also works for non-k8s resources, e.g. authorities
|
|
func PluralResourceNameFromFriendlyName(friendlyName string) (string, error) {
|
|
for _, name := range resourceNames {
|
|
if friendlyName == name.short || friendlyName == name.full || friendlyName == name.plural {
|
|
return name.plural, nil
|
|
}
|
|
}
|
|
return "", fmt.Errorf("cannot find Kubernetes canonical name from friendly name [%s]", friendlyName)
|
|
}
|
|
|
|
// ShortNameFromCanonicalResourceName returns the shortest name for a k8s canonical name.
|
|
// Essentially the reverse of CanonicalResourceNameFromFriendlyName
|
|
func ShortNameFromCanonicalResourceName(canonicalName string) string {
|
|
switch canonicalName {
|
|
case Authority:
|
|
return "au"
|
|
case CronJob:
|
|
return "cj"
|
|
case DaemonSet:
|
|
return "ds"
|
|
case Deployment:
|
|
return "deploy"
|
|
case Job:
|
|
return "job"
|
|
case Namespace:
|
|
return "ns"
|
|
case Pod:
|
|
return "po"
|
|
case ReplicationController:
|
|
return "rc"
|
|
case ReplicaSet:
|
|
return "rs"
|
|
case Service:
|
|
return "svc"
|
|
case ServiceProfile:
|
|
return "sp"
|
|
case StatefulSet:
|
|
return "sts"
|
|
default:
|
|
return ""
|
|
}
|
|
}
|
|
|
|
// KindToL5DLabel converts a Kubernetes `kind` to a Linkerd label.
|
|
// For example:
|
|
//
|
|
// `pod` -> `pod`
|
|
// `job` -> `k8s_job`
|
|
func KindToL5DLabel(k8sKind string) string {
|
|
if k8sKind == Job {
|
|
return l5dJob
|
|
}
|
|
return k8sKind
|
|
}
|
|
|
|
// PodIdentity returns the mesh TLS identity name of this pod, as constructed
|
|
// from the pod's service account name and other metadata.
|
|
func PodIdentity(pod *corev1.Pod) (string, error) {
|
|
if pod.Status.Phase != corev1.PodRunning {
|
|
return "", fmt.Errorf("pod not running: %s", pod.GetName())
|
|
}
|
|
|
|
podsa := pod.Spec.ServiceAccountName
|
|
podns := pod.ObjectMeta.Namespace
|
|
containers := append(pod.Spec.InitContainers, pod.Spec.Containers...)
|
|
for _, c := range containers {
|
|
if c.Name == ProxyContainerName {
|
|
for _, env := range c.Env {
|
|
if env.Name == "LINKERD2_PROXY_IDENTITY_LOCAL_NAME" {
|
|
return strings.ReplaceAll(env.Value, "$(_pod_sa).$(_pod_ns)", fmt.Sprintf("%s.%s", podsa, podns)), nil
|
|
}
|
|
}
|
|
}
|
|
}
|
|
return "", nil
|
|
}
|