Package io.deephaven.util.kubernetes

Class KubernetesUtil

java.lang.Object
io.deephaven.util.kubernetes.KubernetesUtil
public class KubernetesUtil extends Object

  • Field Details

  • Constructor Details

    • KubernetesUtil

      public KubernetesUtil()

  • Method Details

    • getKubernetesClient

      public static io.deephaven.shadow.kube.io.fabric8.kubernetes.client.KubernetesClient getKubernetesClient()

    • getPersistentVolumeClaim

      public static io.deephaven.shadow.kube.io.fabric8.kubernetes.api.model.PersistentVolumeClaim getPersistentVolumeClaim(String k8sWorkerId, String pvcName, String accessMode, String storageClassName, String storageSize)
      Build the manifest spec for a persistent volume claim for a worker pod if someone has indicated they want one in the PQ's advanced settings.
      Parameters:
      k8sWorkerId - The worker id, typically the pod name e.g. query-server-79c6478c6d-mvvxk-worker-1
      pvcName - The name of the PVC to create or mount
      accessMode - e.g. ReadWriteOnce
      storageClassName - What kind of storage class to use, k8s provider dependent. E.g. standard-rwo for GKE.
      storageSize - Size of the volume to request, e.g. 10Gi
      Returns:
      PersistentVolumeClaim object

    • getWorkerKeystorePasswordSecretName

      public static String getWorkerKeystorePasswordSecretName()
      Return name of the k8s secret holding the password to the keystore mounted in the worker pod.
      Returns:
      Worker keystore password secret name

    • getWorkerKeystorePasswordSecretKey

      public static String getWorkerKeystorePasswordSecretKey()
      Return name of the key in k8s secret holding the password to the keystore mounted in the worker pod that has the password.
      Returns:
      Worker keystore password secret key

    • deleteWorkerKeystorePasswordSecretWithPod

      public static boolean deleteWorkerKeystorePasswordSecretWithPod()

    • getWorkerCertificateName

      public static String getWorkerCertificateName(String k8sWorkerId)
      Return name of the certificate object that will be created for this worker.
      Parameters:
      k8sWorkerId - The worker id, typically the pod name e.g. query-server-79c6478c6d-mvvxk-worker-1
      Returns:
      name of the certificate object that will be created for this worker.

    • getWorkerCertificateSecretName

      public static String getWorkerCertificateSecretName(String k8sWorkerId)
      Return name of the secret object that will be created with the certificate for the worker.
      Parameters:
      k8sWorkerId - The worker id, typically the pod name e.g. query-server-79c6478c6d-mvvxk-worker-1
      Returns:
      name of the secret object that will be created with the worker's certificate.

    • getWorkerServiceName

      public static String getWorkerServiceName(String k8sWorkerId)
      Return name of the k8s headless service object that will be created for this worker. The controller will use this name to lookup the worker's address, and this will be used in the worker certificate's SAN.
      Parameters:
      k8sWorkerId - The worker id, typically the pod name e.g. query-server-79c6478c6d-mvvxk-worker-1
      Returns:
      name of the service object that will be created for this worker.

    • getWorkerCertificateIssuerName

      public static String getWorkerCertificateIssuerName(String k8sNamespace)
      Return name of the certificate issuer object that will used to create certificates. Defaults to <k8sNamespace>-issuer if not explicitly set as a config property.
      Parameters:
      k8sNamespace - The kubernetes namespace.
      Returns:
      name of the certificate issuer.

    • isCertManagerEnabled

      public static boolean isCertManagerEnabled()

    • getNewCertificate

      public static io.deephaven.shadow.kube.io.fabric8.certmanager.api.model.v1.Certificate getNewCertificate(String k8sNamespace, String k8sWorkerId, String... dnsNames) throws ParseException
      Throws:
      ParseException

    • getNewWorkerKeystorePasswordSecret

      public static io.deephaven.shadow.kube.io.fabric8.kubernetes.api.model.Secret getNewWorkerKeystorePasswordSecret(String k8sNamespace)

    • getNewWorkerKeystorePasswordSecret

      public static io.deephaven.shadow.kube.io.fabric8.kubernetes.api.model.Secret getNewWorkerKeystorePasswordSecret(String k8sNamespace, String password)

    • getK8sSafeLabel

      public static String getK8sSafeLabel(@NotNull String label)
      Make sure that names (for containers, pods, ports, etc) conform to RFC 1123 definition of a DNS label no longer than 63 chars. If label cannot be made compliant, a java UUID with a prefix of "dh-" will be returned.
      Parameters:
      label - The string to be sanitized.
      See Also:

    • getK8sSafeLabel

      public static String getK8sSafeLabel(@NotNull String label, int maxLen)
      Make sure that names (for containers, pods, ports, etc) conform to RFC 1123 definition of a DNS label no longer than maxLen chars. If label cannot be made compliant, a java UUID with a prefix of "dh-" will be returned.
      Parameters:
      label - The string to be sanitized.
      See Also:

    • getK8sSafeLabel

      public static String getK8sSafeLabel(@NotNull String label, int maxLen, Supplier<String> generator)
      Make sure that names (for containers, pods, ports, etc) conform to RFC 1123 definition of a DNS label.

      Specifically, must contain at least one letter [a-z] and it must contain only [a-z0-9-]; hyphens cannot be leading or trailing character of the string and cannot be adjacent to other hyphens; must be <= maxLen chars, with maxLen being no more than 63 characters. Input label is lower cased, and invalid characters are removed. In the event that the input label cannot be sanitized, the supplied generator will be invoked to supply a label.

      Parameters:
      label - The string to be possibly sanitized.
      maxLen - The maximum length of the string to be returned; will be adjusted to a value between 2 and 63.
      generator - The label generation Supplier function to be used in the event that the input cannot be sanitized to satisfaction. The caller of this function is responsible for making sure that the generator will return a valid label.
      See Also:
      • "https://github.com/kubernetes/design-proposals-archive/blob/main/architecture/identifiers.md"
      • "https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#ServiceSpec"
      • "https://kubernetes.io/docs/concepts/overview/working-with-objects/names/"

    • cleanupObjects

      public static void cleanupObjects(String k8sNamespace, com.fishlib.io.logger.Logger log)

    • cleanupObjects

      public static void cleanupObjects(io.deephaven.shadow.kube.io.fabric8.kubernetes.client.KubernetesClient k8sClient, io.deephaven.shadow.kube.io.fabric8.certmanager.client.CertManagerClient k8sCertMgrClient, String k8sNamespace, com.fishlib.io.logger.Logger log)
      Called at dispatcher startup to clean up any orphaned workers after a dispatcher restart, it cleans any orphaned objects related to workers. 1st - Delete workers for like-kind (query or merge) dispatchers. 2nd - Delete worker service if worker is not running. 3rd - Delete worker certificate if worker is not running. 4th - Delete certificate secret if certificate is not present. Note: K8SWorkerImpl has been changed to remove worker pods and associated objects when it detects that a worker pod is no longer running (e.g. if the worker/pq exits or is stopped cleanly), and delete these objects through deleteWorkerObjects(KubernetesClient, CertManagerClient, String, String, Logger). This fn will kill any workers that are still around after a dispatcher is restarted though, and is run from the dispatcher's ctor when it starts up.

    • deleteWorkerObjects

      public static void deleteWorkerObjects(io.deephaven.shadow.kube.io.fabric8.kubernetes.client.KubernetesClient k8sClient, io.deephaven.shadow.kube.io.fabric8.certmanager.client.CertManagerClient k8sCertMgrClient, String k8sNamespace, String podName, com.fishlib.io.logger.Logger log)
      Does cleanup for a single worker pod that is being deleted, removing associated objects that may have been created such as a service, certificate, secret for a worker cert, and the secret for the cert keystore password.

      Any PersistentVolumeClaim or PersistentVolume that is created for a worker is not automatically deleted. If a user wishes to delete that, they must do that manually.

      Parameters:
      k8sClient - Kubernetes API client
      k8sCertMgrClient - Kubernetes client for the cert-manager CRD
      k8sNamespace - Kubernetes namespace of worker objects being removed
      podName - The .metadata.name of the worker pod being removed
      log - Logger object

    • isSetCpuLimitToRequest

      public static boolean isSetCpuLimitToRequest()