feat: add listener and secret constants (#102)

pkg/builder/deployment_test.go

@@ -16,6 +16,7 @@ import (
 	commonsv1alpha1 "github.com/zncdatadev/operator-go/pkg/apis/commons/v1alpha1"
 	"github.com/zncdatadev/operator-go/pkg/builder"
 	"github.com/zncdatadev/operator-go/pkg/client"
+	"github.com/zncdatadev/operator-go/pkg/constants"
 	"github.com/zncdatadev/operator-go/pkg/util"
 )
 
@@ -68,11 +69,11 @@ var _ = Describe("DeploymentBuilder test", func() {
 							RoleName:      "coordinator",
 							RoleGroupName: "default",
 							Labels: map[string]string{
-								util.AppKubernetesInstanceName:  ownerName,
-								util.AppKubernetesManagedByName: "trino.zncdata.dev",
-								util.AppKubernetesComponentName: "coordinator",
-								util.AppKubernetesNameName:      "TrinoCluster",
-								util.AppKubernetesRoleGroupName: "default",
+								constants.LabelKubernetesInstance:  ownerName,
+								constants.LabelKubernetesManagedBy: "trino.zncdata.dev",
+								constants.LabelKubernetesComponent: "coordinator",
+								constants.LabelKubernetesName:      "TrinoCluster",
+								constants.LabelKubernetesRoleGroup: "default",
 							},
 						},
 
@@ -104,17 +105,17 @@ var _ = Describe("DeploymentBuilder test", func() {
 
 			By("validating the Deployment object's labels")
 			labels := deployment.Spec.Template.ObjectMeta.Labels
-			Expect(labels).To(HaveKeyWithValue(util.AppKubernetesInstanceName, ownerName))
-			Expect(labels).To(HaveKeyWithValue(util.AppKubernetesManagedByName, "trino.zncdata.dev"))
-			Expect(labels).To(HaveKeyWithValue(util.AppKubernetesComponentName, "coordinator"))
-			Expect(labels).To(HaveKeyWithValue(util.AppKubernetesRoleGroupName, "default"))
+			Expect(labels).To(HaveKeyWithValue(constants.LabelKubernetesInstance, ownerName))
+			Expect(labels).To(HaveKeyWithValue(constants.LabelKubernetesManagedBy, "trino.zncdata.dev"))
+			Expect(labels).To(HaveKeyWithValue(constants.LabelKubernetesComponent, "coordinator"))
+			Expect(labels).To(HaveKeyWithValue(constants.LabelKubernetesRoleGroup, "default"))
 
 			By("validating the Deployment object's match labels")
 			matchLabels := deployment.Spec.Selector.MatchLabels
-			Expect(matchLabels).To(HaveKeyWithValue(util.AppKubernetesInstanceName, ownerName))
-			Expect(matchLabels).To(HaveKeyWithValue(util.AppKubernetesManagedByName, "trino.zncdata.dev"))
-			Expect(matchLabels).To(HaveKeyWithValue(util.AppKubernetesComponentName, "coordinator"))
-			Expect(matchLabels).To(HaveKeyWithValue(util.AppKubernetesRoleGroupName, "default"))
+			Expect(matchLabels).To(HaveKeyWithValue(constants.LabelKubernetesInstance, ownerName))
+			Expect(matchLabels).To(HaveKeyWithValue(constants.LabelKubernetesManagedBy, "trino.zncdata.dev"))
+			Expect(matchLabels).To(HaveKeyWithValue(constants.LabelKubernetesComponent, "coordinator"))
+			Expect(matchLabels).To(HaveKeyWithValue(constants.LabelKubernetesRoleGroup, "default"))
 
 			By("validating the Deployment object's containers")
 			Expect(deployment.Spec.Template.Spec.Containers).To(HaveLen(1))

pkg/builder/resource.go

@@ -4,7 +4,7 @@ import (
 	"context"
 
 	"github.com/zncdatadev/operator-go/pkg/client"
-	"github.com/zncdatadev/operator-go/pkg/util"
+	"github.com/zncdatadev/operator-go/pkg/constants"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	ctrl "sigs.k8s.io/controller-runtime"
 	ctrlclient "sigs.k8s.io/controller-runtime/pkg/client"
@@ -68,20 +68,20 @@ func (b *BaseResourceBuilder) AddLabels(labels map[string]string) {
 func (b *BaseResourceBuilder) GetLabels() map[string]string {
 	if b.labels == nil {
 		b.labels = map[string]string{
-			util.AppKubernetesInstanceName:  b.Client.GetOwnerName(),
-			util.AppKubernetesManagedByName: util.StackDomain,
+			constants.LabelKubernetesInstance:  b.Client.GetOwnerName(),
+			constants.LabelKubernetesManagedBy: constants.ZncdataDomain,
 		}
 
 		if b.clusterName != "" {
-			b.labels[util.AppKubernetesInstanceName] = b.clusterName
+			b.labels[constants.LabelKubernetesInstance] = b.clusterName
 		}
 
 		if b.roleName != "" {
-			b.labels[util.AppKubernetesComponentName] = b.roleName
+			b.labels[constants.LabelKubernetesComponent] = b.roleName
 		}
 
 		if b.roleGroupName != "" {
-			b.labels[util.AppKubernetesRoleGroupName] = b.roleGroupName
+			b.labels[constants.LabelKubernetesRoleGroup] = b.roleGroupName
 		}
 	}
 
@@ -90,7 +90,7 @@ func (b *BaseResourceBuilder) GetLabels() map[string]string {
 
 func (o *BaseResourceBuilder) filterLabels(labels map[string]string) map[string]string {
 	matchingLabels := make(map[string]string)
-	for _, label := range util.AppMatchingLabelsNames {
+	for _, label := range constants.MatchingLabelsNames() {
 		if value, ok := labels[label]; ok {
 			matchingLabels[label] = value
 		}

pkg/builder/workload.go

@@ -2,6 +2,7 @@ package builder
 
 import (
 	"errors"
+	"maps"
 	"time"
 
 	commonsv1alpha1 "github.com/zncdatadev/operator-go/pkg/apis/commons/v1alpha1"
@@ -277,8 +278,8 @@ func (b *BaseWorkloadBuilder) getOverridedPodTemplate() (*corev1.PodTemplateSpec
 	podTemplate := b.podOverrides.DeepCopy()
 
 	meta := &podTemplate.ObjectMeta
-	meta.Labels = util.MergeStringMaps(meta.Labels, b.GetLabels())
-	meta.Annotations = util.MergeStringMaps(meta.Annotations, b.GetAnnotations())
+	maps.Copy(b.GetLabels(), meta.Labels)
+	maps.Copy(b.GetAnnotations(), meta.Annotations)
 
 	pod := &podTemplate.Spec
 

pkg/constants/constants.go

@@ -0,0 +1,25 @@
+package constants
+
+// k8s recommended labels for app
+// https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/
+// https://kubernetes.io/docs/reference/labels-annotations-taints/
+const (
+	LabelKubernetesComponent = "app.kubernetes.io/component"
+	LabelKubernetesInstance  = "app.kubernetes.io/instance"
+	LabelKubernetesName      = "app.kubernetes.io/name"
+	LabelKubernetesManagedBy = "app.kubernetes.io/managed-by"
+	LabelKubernetesRoleGroup = "app.kubernetes.io/role-group"
+	LabelKubernetesVersion   = "app.kubernetes.io/version"
+
+	ZncdataDomain = "zncdata.dev"
+)
+
+func MatchingLabelsNames() []string {
+	return []string{
+		LabelKubernetesName,
+		LabelKubernetesInstance,
+		LabelKubernetesRoleGroup,
+		LabelKubernetesComponent,
+		LabelKubernetesManagedBy,
+	}
+}

pkg/constants/listener.go

@@ -0,0 +1,28 @@
+package constants
+
+const (
+	ListenerOperatorGroup string = "listeners." + ZncdataDomain
+	ListenerStorageClass  string = ListenerOperatorGroup
+
+	listenerOperatorGroupPrefix string = ListenerOperatorGroup + "/"
+)
+
+func ListenerStorageClassPtr() *string {
+	listenersStorageClass := ListenerStorageClass
+	return &listenersStorageClass
+}
+
+// Zncdata defined annotations for PVCTemplate.
+// Then csi driver can extract annotations from PVC to prepare the listener for pod.
+const (
+	// Specify which network listening rules to use, it is REQUIRED.
+	// It can be one of the following values:
+	//	- cluster-internal
+	//	- external-unstable
+	//	- external-stable
+	//	- <other user defined class name>
+	AnnotationListenersClass string = listenerOperatorGroupPrefix + "class"
+	// The listener name is used to identify the listener, it is OPTIONAL.
+	// If not set, the listener name will be the same as the pod name.
+	AnnotationListenerName string = listenerOperatorGroupPrefix + "listenerName"
+)

pkg/constants/secret.go

@@ -0,0 +1,107 @@
+package constants
+
+const (
+	SecretOperatorGroup string = "secrets." + ZncdataDomain
+	SecretStorageClass  string = SecretOperatorGroup
+
+	secretOperatorGroupPrefix string = SecretOperatorGroup + "/"
+)
+
+func SecretStorageClassPtr() *string {
+	secretStorageClass := SecretStorageClass
+	return &secretStorageClass
+}
+
+// Labels for k8s search secret
+// k8s search secret obj by filter one or more labels
+const (
+	LabelSecretsNode    string = secretOperatorGroupPrefix + "node"
+	LabelSecretsPod     string = secretOperatorGroupPrefix + "/pod"
+	LabelSecretsService string = secretOperatorGroupPrefix + "service"
+)
+
+// Annotation for expiration time of zncdata secret for pod.
+// When the secret is created, the expiration time is set to the current time plus the lifetime.
+// Then we can clean up the secret after expiration time
+const (
+	SecretZncdataExpirationTimeName string = secretOperatorGroupPrefix + "expirationTime"
+)
+
+// Zncdata defined annotations for PVCTemplate.
+// Then csi driver can extract annotations from PVC to prepare the secret for pod.
+const (
+	AnnotationSecretsClass string = secretOperatorGroupPrefix + "class"
+
+	// Scope is the scope of the secret.
+	// It can be one of the following values:
+	//	- pod
+	//	- node
+	//	- service
+	//	- listener-volume
+	//
+	// Example:
+	//	- "secrets.zncdata.dev/scope": "pod"
+	//	- "secrets.zncdata.dev/scope": "node"
+	//	- "secrets.zncdata.dev/scope": "service=foo"
+	//	- "secrets.zncdata.dev/scope": "listener-volume=foo"
+	//	- "secrets.zncdata.dev/scope": "pod,service=foo,bar,listner-volume=xyz"
+	AnnotationSecretsScope string = secretOperatorGroupPrefix + "scope"
+
+	// Format is mounted format of the secret.
+	// It can be one of the following values:
+	//	- tls-pem  A PEM-encoded TLS certificate, include "tls.crt", "tls.key", "ca.crt".
+	//	- tls-p12 A PKCS#12 archive, include "keystore.p12", "truststore.p12".
+	//	- kerberos A Kerberos keytab, include "keytab", "krb5.conf".
+	AnnotationSecretsFormat string = secretOperatorGroupPrefix + "format"
+
+	// PKCS12 format password, it will be used truststore and keystore password.
+	AnnotationSecretsPKCS12Password string = secretOperatorGroupPrefix + "tlsPKCS12Password"
+	// golang time.Duration string, it will be used to create certificate expiration time.
+	AnnotationSecretCertLifeTime      string = secretOperatorGroupPrefix + "autoTlsCertLifetime"
+	AnnotationSecretsCertJitterFactor string = secretOperatorGroupPrefix + "autoTlsCertJitterFactor"
+
+	// KerberosServiceNames is the list of Kerberos service names.
+	// It is a comma separated list of Kerberos realms.
+	//
+	// If this filed value is "HTTP,NN,DN", and scope is specified a service name: "service=<k8s-service>".
+	// It is used to create kerberos realm.
+	// 	- HTTP -> HTTP/<k8s-service>.<k8s-namespace>.cluster.local@REALM
+	// 	- NN -> nn/<k8s-service>.<k8s-namespace>.cluster.local@REALM
+	// 	- DN -> dn/<k8s-service>.<k8s-namespace>.cluster.local@REALM
+	//
+	// If this field value is "NN", and scope is "pod"
+	// It is used to create kerberos realm:
+	// 	- nn/<pod-name>.<pod-subdomain>.<k8s-namespace>.cluster.local@REALM		# https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pods
+	//
+	// If this field value is "DN", and scope is "node"
+	// It is used to create kerberos realm:
+	// 	- dn/<node-name>.<k8s-namespace>.cluster.local@REALM
+	//
+	// If this field value is "HTTP", and scope is "listener-volume=foo"
+	// It is used to create kerberos realm:
+	// 	- HTTP/<the-service-of-listener-foo>.<k8s-namespace>.cluster.local@REALM
+	AnnotationSecretsKerberosServiceNames string = secretOperatorGroupPrefix + "kerberosServiceNames"
+)
+
+type SecretFormat string
+
+const (
+	TLSPEM   SecretFormat = "tls-pem"
+	TLSP12   SecretFormat = "tls-p12"
+	Kerberos SecretFormat = "kerberos"
+)
+
+const (
+	CommonDelimiter               string = ","
+	ListenerVolumeDelimiter       string = CommonDelimiter
+	KerberosServiceNamesDelimiter string = CommonDelimiter
+)
+
+type SecretScope string
+
+const (
+	PodScope            SecretScope = "pod"
+	NodeScope           SecretScope = "node"
+	ServiceScope        SecretScope = "service"
+	ListenerVolumeScope SecretScope = "listener-volume"
+)

pkg/reconciler/cluster_test.go

@@ -10,8 +10,8 @@ import (
 	. "github.com/onsi/gomega"
 	commonsv1alpha1 "github.com/zncdatadev/operator-go/pkg/apis/commons/v1alpha1"
 	"github.com/zncdatadev/operator-go/pkg/client"
+	"github.com/zncdatadev/operator-go/pkg/constants"
 	"github.com/zncdatadev/operator-go/pkg/reconciler"
-	"github.com/zncdatadev/operator-go/pkg/util"
 	appv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -170,9 +170,9 @@ var _ = Describe("Cluster reconciler", func() {
 			Expect(k8sClient.Get(ctx, types.NamespacedName{Name: serviceName, Namespace: namespace}, service)).Should(Succeed())
 
 			By("Checking the service labels")
-			Expect(service.Labels).Should(HaveKeyWithValue(util.AppKubernetesInstanceName, clusterInfo.GetClusterName()))
-			Expect(service.Labels).ShouldNot(HaveKey(util.AppKubernetesRoleGroupName))
-			Expect(service.Labels).ShouldNot(HaveKey(util.AppKubernetesComponentName))
+			Expect(service.Labels).Should(HaveKeyWithValue(constants.LabelKubernetesInstance, clusterInfo.GetClusterName()))
+			Expect(service.Labels).ShouldNot(HaveKey(constants.LabelKubernetesRoleGroup))
+			Expect(service.Labels).ShouldNot(HaveKey(constants.LabelKubernetesComponent))
 
 			By("Checking Deployment resource of coordinator")
 			coordinatorDeployment := &appv1.Deployment{}

pkg/reconciler/info.go

@@ -3,7 +3,7 @@ package reconciler
 import (
 	"strings"
 
-	"github.com/zncdatadev/operator-go/pkg/util"
+	"github.com/zncdatadev/operator-go/pkg/constants"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
@@ -34,9 +34,9 @@ func (i *ClusterInfo) AddLabel(key, value string) {
 func (i *ClusterInfo) GetLabels() map[string]string {
 	if i.labels == nil {
 		i.labels = map[string]string{
-			util.AppKubernetesInstanceName:  i.ClusterName,
-			util.AppKubernetesNameName:      strings.ToLower(i.GVK.Kind),
-			util.AppKubernetesManagedByName: i.GVK.Group,
+			constants.LabelKubernetesInstance:  i.ClusterName,
+			constants.LabelKubernetesName:      strings.ToLower(i.GVK.Kind),
+			constants.LabelKubernetesManagedBy: i.GVK.Group,
 		}
 	}
 	return i.labels
@@ -91,7 +91,7 @@ func (i *RoleInfo) GetLabels() map[string]string {
 		}
 	}
 
-	i.labels[util.AppKubernetesComponentName] = i.RoleName
+	i.labels[constants.LabelKubernetesComponent] = i.RoleName
 	return i.labels
 }
 
@@ -140,7 +140,7 @@ func (i *RoleGroupInfo) GetLabels() map[string]string {
 		}
 	}
 
-	i.labels[util.AppKubernetesRoleGroupName] = i.RoleGroupName
+	i.labels[constants.LabelKubernetesRoleGroup] = i.RoleGroupName
 	return i.labels
 }