-
Notifications
You must be signed in to change notification settings - Fork 8
Expand file tree
/
Copy pathconstants.go
More file actions
306 lines (254 loc) · 15 KB
/
Copy pathconstants.go
File metadata and controls
306 lines (254 loc) · 15 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
/*
Copyright 2026.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package controller
import (
_ "embed"
"time"
)
const (
// Operator Settings
ResourceCreationTimeout = 60 * time.Second
// Application Server
OpenStackLightspeedAppServerServiceAccountName = "lightspeed-app-server"
OpenStackLightspeedAppServerSARRoleName = OpenStackLightspeedAppServerServiceAccountName + "-sar-role"
OpenStackLightspeedAppServerSARRoleBindingName = OpenStackLightspeedAppServerSARRoleName + "-binding"
OpenStackLightspeedAppServerContainerPort = 8443
OpenStackLightspeedAppServerServicePort = 8443
OpenStackLightspeedAppServerServiceName = "lightspeed-app-server"
OpenStackLightspeedAppServerNetworkPolicyName = "lightspeed-app-server"
OpenStackLightspeedDefaultProvider = "openstack-lightspeed-provider"
OpenStackLightspeedVectorDBPath = "/rag/vector_db/os_product_docs"
ServingCertSecretAnnotationKey = "service.beta.openshift.io/serving-cert-secret-name"
// Monitoring
MetricsReaderServiceAccountTokenSecretName = "metrics-reader-token"
MetricsReaderServiceAccountName = "lightspeed-operator-metrics-reader"
// Postgres
PostgresDeploymentName = "lightspeed-postgres-server"
PostgresServiceName = "lightspeed-postgres-server"
PostgresSecretName = "lightspeed-postgres-secret"
PostgresBootstrapSecretName = "lightspeed-postgres-bootstrap"
PostgresConfigMapName = "lightspeed-postgres-conf"
PostgresNetworkPolicyName = "lightspeed-postgres-server"
PostgresServicePort = int32(5432)
PostgresDefaultUser = "postgres"
PostgresDefaultDbName = "postgres"
PostgresSharedBuffers = "256MB"
PostgresMaxConnections = 100
OpenStackLightspeedComponentPasswordFileName = "password"
PostgresExtensionScript = "create-extensions.sh"
PostgresConfigKey = "postgresql.conf.sample"
PostgresBootstrapVolumeMountPath = "/usr/share/container-scripts/postgresql/start/create-extensions.sh"
PostgresConfigVolumeMountPath = "/usr/share/pgsql/postgresql.conf.sample"
PostgresDataVolume = "postgres-data"
PostgresDataVolumeMountPath = "/var/lib/pgsql"
PostgresDataPVCName = "openstack-lightspeed-database"
PostgresDataPVCDefaultSize = "1Gi"
PostgresVarRunVolumeName = "lightspeed-postgres-var-run"
PostgresVarRunVolumeMountPath = "/var/run/postgresql"
TmpVolumeName = "tmp-writable-volume"
TmpVolumeMountPath = "/tmp"
// LCore specific
LlamaStackContainerPort = int32(8321)
LlamaStackConfigCmName = "llama-stack-config"
LCoreConfigCmName = "lightspeed-stack-config"
LCoreDeploymentName = "lightspeed-stack-deployment"
LCoreConfigMountPath = "/app-root/lightspeed-stack.yaml"
LCoreUserDataMountPath = "/tmp/data"
ForceReloadAnnotationKey = "ols.openshift.io/force-reload"
// Data Exporter
ExporterConfigVolumeName = "exporter-config"
ExporterConfigMountPath = "/etc/config"
ExporterConfigFilename = "config.yaml"
ExporterConfigCmName = "lightspeed-exporter-config"
DataverseExporterContainerName = "lightspeed-to-dataverse-exporter"
UserDataVolumeName = "ols-user-data"
RHOSOLightspeedOwnerIDLabel = "openstack.org/lightspeed-owner-id"
ServiceIDRHOSO = "rhos-lightspeed"
// OKP (Offline Knowledge Portal)
OKPContainerName = "okp"
OKPContainerPort = int32(8080)
OKPDeploymentName = "lightspeed-okp-server"
OKPServiceName = "lightspeed-okp-server"
OKPServicePort = int32(8080)
OKPAccessKeySecretKey = "access_key"
OKPDefaultChunkFilterQuery = "product:(*openstack* OR *openshift*)"
ExternalProvidersDir = "/app-root/providers.d"
// Console Plugin
ConsoleUIConfigMapName = "lightspeed-console-plugin"
ConsoleUIServiceCertSecretName = "lightspeed-console-plugin-cert"
ConsoleUIServiceName = "lightspeed-console-plugin"
ConsoleUIDeploymentName = "lightspeed-console-plugin"
ConsoleUIHTTPSPort = int32(9443)
ConsoleUIPluginName = "lightspeed-console-plugin"
ConsoleUIServiceAccountName = "lightspeed-console-plugin"
ConsoleCRName = "cluster"
ConsoleProxyAlias = "ols"
ConsoleUINetworkPolicyName = "lightspeed-console-plugin"
// Provider name constants representing valid values for
// OpenStackLightpseed.Spec.LLMEndpointType (providers available to users)
RHELAIVLLMProviderName = "rhelai_vllm"
RHOAIVLLMProviderName = "rhoai_vllm"
GeminiProviderName = "gemini"
AzureOpenAIProviderName = "azure_openai"
OpenAIProviderName = "openai"
WatsonXProviderName = "watsonx"
// EnvVarSuffixAPIKey is the environment variable suffix for API key credentials
EnvVarSuffixAPIKey = "_API_KEY"
// VectorDBVolumeName is the name of the volume used by init containers to
// store discovered values from vector DB images.
VectorDBVolumeName = "vector-db-discovered-values"
// VectorDBVolumeMountPath specifies the mount path for the volume that stores
// discovered values from vector database images.
VectorDBVolumeMountPath = "/vector-db-discovered-values"
// VectorDBVolumeOGXConfigPath specifies the path within the `VectorDBVolumeName` volume
// where the final OGX configuration file (ogx_config.yaml) is stored. This file is
// generated by the init container responsible for assembling the final OGX config.
VectorDBVolumeOGXConfigPath = VectorDBVolumeMountPath + "/ogx_config.yaml"
// VectorDBVolumeLightspeedStackConfigPath specifies the path within the
// `VectorDBVolumeName` volume where the final Lightspeed Stack configuration
// file (lightspeed-stack.yaml) is stored. This file is generated by the
// init container responsible for assembling the final Lightspeed Stack config.
VectorDBVolumeLightspeedStackConfigPath = VectorDBVolumeMountPath + "/lightspeed-stack.yaml"
// OGXConfigInitContainerMountPath specifies the path where the operator-generated
// OGX config file is mounted in the init container responsible for assembling
// the final OGX configuration, which includes information about RAG.
OGXConfigInitContainerMountPath = "/ogx_config.yaml"
// LightspeedStackInitContainerMountPath specifies the path where the
// operator-generated Lightspeed Stack config file is mounted in the init
// container responsible for assembling the final Lightspeed Stack configuration,
// which includes information about RAG.
LightspeedStackInitContainerMountPath = "/lightspeed-stack.yaml"
// OGXConfigVolumeName specifies the name of the volume holding config file for OGX
// (generated by the operator and passed to init containers)
OGXConfigVolumeName = "ogx-config"
// LightspeedStackConfig specifies the name of the volume holding config file for
// Lightspeed Stack (generated by the operator and passed to init containers)
LightspeedStackConfig = "lightspeed-stack-config"
// OGXConfigCMKey is the key in the ConfigMap under which the OGX configuration
// is stored.
OGXConfigCMKey = "ogx_config.yaml"
// LightspeedStackConfigCMKey is the key in the ConfigMap under which the Lightspeed Stack
// configuration is stored.
LightspeedStackConfigCMKey = "lightspeed-stack.yaml"
// VectorDBScriptsConfigMapName is the name of the ConfigMap that contains the
// initialization scripts used by init containers to collect and build vector database data
VectorDBScriptsConfigMapName = "vector-db-scripts"
// VectorDBScriptsVolumeName is the name of the volume that mounts the ConfigMap containing
// vector database initialization scripts for use by init containers
VectorDBScriptsVolumeName = "vector-db-scripts"
// VectorDBScriptsMountPath specifies the path where vector database init scripts
// should be mounted within the init containers.
VectorDBScriptsMountPath = "/scripts"
// VectorDBCollectScriptKey is the ConfigMap key under which the vector_database_collect.sh
// script is stored in the ConfigMap containing vector database init scripts.
VectorDBCollectScriptKey = "vector_database_collect.sh"
// VectorDBBuildScriptKey is the ConfigMap key under which the vector_database_build.py
// script is stored in the ConfigMap containing vector database init scripts.
VectorDBBuildScriptKey = "vector_database_build.py"
// Resource Version Annotation
// These constants define annotation keys used to track the resource versions of specific ConfigMaps.
// By recording the resource version of a ConfigMap in a Deployment, StatefulSet, or similar resource,
// changes to the referenced ConfigMaps can be detected and trigger rollouts or reconciliation in the operator.
PostgresConfigMapResourceVersionAnnotation = "ols.openshift.io/postgres-configmap-version"
VectorDBScriptsConfigMapVersionAnnotation = "ols.openshift.io/vector-db-scripts-configmap-version"
LlamaStackConfigMapResourceVersionAnnotation = "ols.openshift.io/llamastack-configmap-version"
LCoreConfigMapResourceVersionAnnotation = "ols.openshift.io/lcore-configmap-version"
CABundleConfigMapVersionAnnotation = "ols.openshift.io/ca-bundle-configmap-version"
// Volume Permissions
// These constants define file permissions for volumes mounted in containers.
VolumeDefaultMode = int32(420)
VolumeRestrictedMode = int32(0600)
VolumeExecutableMode = int32(0755)
// CABundleConfigMapName is the name of the ConfigMap that stores the
// CA certificate bundle. It aggregates certificates from three sources —
// operator system CAs, the OpenShift service serving CA (for in-cluster
// service-to-service TLS), and the OpenShift API server CA — along with
// any user-provided additional CAs.
CABundleConfigMapName = "openstack-lightspeed-ca-bundle"
// CABundleKey is the key within the CA bundle ConfigMap under which
// the PEM-encoded certificate data is stored.
CABundleKey = "tls-ca-bundle.pem"
// CABundleVolumeName is the name of the volume used to mount the
// CA bundle ConfigMap into containers.
CABundleVolumeName = "ca-bundle"
// CABundleMountPath is the filesystem path where the CA bundle is
// mounted inside application containers.
CABundleMountPath = "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"
// SystemTLSCABundlePath is the path to the system-wide CA certificate bundle
// on the operator pod's filesystem. Used to read trusted root certificates
// when building the CA bundle.
SystemTLSCABundlePath = "/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem"
// KubeRootCAConfigMap is the name of the ConfigMap auto-created by
// kube-controller-manager in every namespace, containing the CA certificate
// that signs the API server's serving certificate. Read during CA
// bundle reconciliation and merged into the bundle.
KubeRootCAConfigMap = "kube-root-ca.crt"
// OpenStackLightspeedTLSCertPath is the path to the TLS certificate file
// inside the lightspeed-service-api container, used to serve HTTPS.
OpenStackLightspeedTLSCertPath = OpenStackLightspeedAppCertsMountRoot + "/lightspeed-tls/tls.crt"
// OpenStackLightspeedTLSKeyPath is the path to the TLS private key file
// inside the lightspeed-service-api container, used to serve HTTPS.
OpenStackLightspeedTLSKeyPath = OpenStackLightspeedAppCertsMountRoot + "/lightspeed-tls/tls.key"
// OpenStackLightspeedCertsSecretName is the name of the Secret auto-provisioned
// by the OpenShift service-ca operator when the lightspeed-app-server Service is
// annotated with service.beta.openshift.io/serving-cert-secret-name. Contains
// tls.crt and tls.key used by the lightspeed-service-api container to serve HTTPS.
OpenStackLightspeedCertsSecretName = "lightspeed-tls"
// PostgresCertsSecretName is the name of the Secret auto-provisioned by the
// OpenShift service-ca operator when the lightspeed-postgres-server Service is
// annotated with service.beta.openshift.io/serving-cert-secret-name. Contains
// tls.crt and tls.key used by the postgres container to serve TLS connections.
PostgresCertsSecretName = "lightspeed-postgres-certs"
// PostgresDefaultSSLMode is the sslmode used when connecting to PostgreSQL.
// "verify-full" requires a valid server certificate and checks
// that the server hostname matches the certificate CN/SAN, ensuring both
// encryption and authentication of the database connection.
PostgresDefaultSSLMode = "verify-full"
// OpenStackLightspeedAppCertsMountRoot is the base directory under which
// all application certificate volumes are mounted inside application containers.
OpenStackLightspeedAppCertsMountRoot = "/etc/certs"
// OpenShiftServiceCAConfigMap is the name of the ConfigMap containing the
// OpenShift service serving CA certificate (public part only). This is the CA
// that signs TLS certificates auto-provisioned for Services via the
// service.beta.openshift.io/serving-cert-secret-name annotation.
OpenShiftServiceCAConfigMap = "openshift-service-ca.crt"
)
// PostgreSQL Bootstrap Script - creates database, extensions, and schemas
//
//go:embed assets/postgres_bootstrap.sh
var PostgresBootStrapScriptContent string
// PostgreSQL Configuration - SSL and TLS settings
//
//go:embed assets/postgres.conf
var PostgresConfigMapContent string
// vectorDatabaseCollectScript embeds the contents of the vector_database_collect.sh script
// found in the assets directory. This script is used during the initialization of the
// vector database, run as an init container in the deployment. Read
// assets/vector_database_collect.sh for more comprehensive explanation.
//
//go:embed assets/vector_database_collect.sh
var vectorDatabaseCollectScript string
// vectorDatabaseBuildScript embeds the contents of the vector_database_build.py script
// found in the assets directory. This script is responsible for building or processing
// the vector database and is used by an init container during deployment initialization.
// Read assets/vector_database_build.py for more comprehensive explanation.
//
//go:embed assets/vector_database_build.py
var vectorDatabaseBuildScript string
//go:embed assets/console_nginx.conf.tmpl
var consoleNginxConfigTemplate string
// consoleLocalesRewriteAwk is the awk script that performs case-preserving
// OpenShift -> OpenStack replacement only in JSON values (after the first `": `).
//
//go:embed assets/console_locales_rewrite.awk
var consoleLocalesRewriteAwk string