gardener

package
v0.1.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 29, 2025 License: Apache-2.0 Imports: 63 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// DNSProvider is the key for an annotation on a Kubernetes Secret object whose value must point to a valid
	// DNS provider.
	DNSProvider = "dns.gardener.cloud/provider"
	// DNSDomain is the key for an annotation on a Kubernetes Secret object whose value must point to a valid
	// domain name.
	DNSDomain = "dns.gardener.cloud/domain"
	// DNSDefaultDomainPriority is the priority of the default domain. In case of multiple default domains
	// the default domain with the highest priority is selected per default for new shoots.
	DNSDefaultDomainPriority = "dns.gardener.cloud/domain-default-priority"
	// DNSZone is the key for an annotation on a Kubernetes Secret object whose value must point to a valid
	// DNS hosted zone id.
	DNSZone = "dns.gardener.cloud/zone"

	// APIServerFQDNPrefix is the part of a FQDN which will be used to construct the domain name for the kube-apiserver of
	// a Shoot cluster. For example, when a Shoot specifies domain 'cluster.example.com', the apiserver domain would be
	// 'api.cluster.example.com'.
	APIServerFQDNPrefix = "api"
	// OwnerFQDNPrefix is the part of a FQDN which will be used to construct the domain name for the owner of
	// a Shoot cluster. For example, when a Shoot specifies domain 'cluster.example.com', the owner domain would be
	// 'owner.cluster.example.com'.
	OwnerFQDNPrefix = "owner"
	// IngressPrefix is the part of a FQDN which will be used to construct the domain name for an ingress controller of
	// a Shoot cluster. For example, when a Shoot specifies domain 'cluster.example.com', the ingress domain would be
	// '*.<IngressPrefix>.cluster.example.com'.
	IngressPrefix = "ingress"
	// InternalDomainKey is a key which must be present in an internal domain constructed for a Shoot cluster. If the
	// configured internal domain already contains it, it won't be added twice. If it does not contain it, it will be
	// appended.
	InternalDomainKey = "internal"

	// AnnotationKeyIPStack is the annotation key to set the IP stack for a DNSRecord.
	// This can be used to create different type of records, e.g. A vs. AAAA records.
	AnnotationKeyIPStack = "dns.gardener.cloud/ip-stack"
	// AnnotationValueIPStackIPv4 is the annotation value for ipv4-only.
	AnnotationValueIPStackIPv4 = "ipv4"
	// AnnotationValueIPStackIPv6 is the annotation value for ipv6-only.
	AnnotationValueIPStackIPv6 = "ipv6"
	// AnnotationValueIPStackIPDualStack is the annotation value for dual-stack, i.e. ipv4 and ipv6.
	AnnotationValueIPStackIPDualStack = "dual-stack"
)
View Source 
const (
	// SecretNamePrefixGardenAccess is the prefix of all secrets containing credentials for accessing the garden cluster.
	SecretNamePrefixGardenAccess = "garden-access-"
	// VolumeMountPathGenericGardenKubeconfig is a constant for the path to which the generic garden kubeconfig will be mounted.
	VolumeMountPathGenericGardenKubeconfig = "/var/run/secrets/gardener.cloud/garden/generic-kubeconfig"
	// PathGardenToken is a constant for the path at which the garden token file is accessible.
	PathGardenToken = VolumeMountPathGenericGardenKubeconfig + "/" + resourcesv1alpha1.DataKeyToken
	// PathGenericGardenKubeconfig is a constant for the path at which the kubeconfig file is accessible.
	PathGenericGardenKubeconfig = VolumeMountPathGenericGardenKubeconfig + "/" + secrets.DataKeyKubeconfig
)
View Source 
const (

	// MachineSetKind is the kind of the owner reference of a machine set
	MachineSetKind = "MachineSet"
	// MachineDeploymentKind is the kind of the owner reference of a machine deployment
	MachineDeploymentKind = "MachineDeployment"
	// NodeLeasePrefix describes the Prefix of the lease that this node is corresponding to
	NodeLeasePrefix = "gardener-node-agent-"
)
View Source 
const (
	// ShootProjectSecretSuffixKubeconfig is a constant for a shoot project secret with suffix 'kubeconfig'.
	ShootProjectSecretSuffixKubeconfig = "kubeconfig"
	// ShootProjectSecretSuffixCACluster is a constant for a shoot project secret with suffix 'ca-cluster'.
	//
	// Deprecated: This constant is deprecated in favor of ShootProjectConfigMapSuffixCACluster
	ShootProjectSecretSuffixCACluster = "ca-cluster"
	// ShootProjectSecretSuffixCAClient is a constant for a shoot project secret with suffix 'ca-client'.
	ShootProjectSecretSuffixCAClient = "ca-client"
	// ShootProjectSecretSuffixSSHKeypair is a constant for a shoot project secret with suffix 'ssh-keypair'.
	ShootProjectSecretSuffixSSHKeypair = v1beta1constants.SecretNameSSHKeyPair
	// ShootProjectSecretSuffixOldSSHKeypair is a constant for a shoot project secret with suffix 'ssh-keypair.old'.
	ShootProjectSecretSuffixOldSSHKeypair = v1beta1constants.SecretNameSSHKeyPair + ".old"
	// ShootProjectSecretSuffixMonitoring is a constant for a shoot project secret with suffix 'monitoring'.
	ShootProjectSecretSuffixMonitoring = "monitoring"
	// ShootProjectConfigMapSuffixCACluster is a constant for a shoot project secret with suffix 'ca-cluster'.
	ShootProjectConfigMapSuffixCACluster = "ca-cluster"
)
View Source 
const (
	// SecretNamePrefixShootAccess is the prefix of all secrets containing credentials for accessing shoot clusters.
	SecretNamePrefixShootAccess = "shoot-access-"
	// VolumeMountPathGenericKubeconfig is a constant for the path to which the generic shoot kubeconfig will be mounted.
	VolumeMountPathGenericKubeconfig = "/var/run/secrets/gardener.cloud/shoot/generic-kubeconfig"
	// PathShootToken is a constant for the path at which the shoot token file is accessible.
	PathShootToken = VolumeMountPathGenericKubeconfig + "/" + resourcesv1alpha1.DataKeyToken
	// PathGenericKubeconfig is a constant for the path at which the kubeconfig file is accessible.
	PathGenericKubeconfig = VolumeMountPathGenericKubeconfig + "/" + secrets.DataKeyKubeconfig
)
View Source 
const (
	// DeletionProtected is a label on CustomResourceDefinitions indicating that the deletion is protected, i.e.
	// it must be confirmed with the `confirmation.gardener.cloud/deletion=true` annotation before a `DELETE` call
	// is accepted.
	DeletionProtected = "gardener.cloud/deletion-protected"
)
View Source 
const LabelPurposeGlobalMonitoringSecret = "global-monitoring-secret-replica"

LabelPurposeGlobalMonitoringSecret is a constant for the value of the purpose label for replicated global monitoring secrets.

View Source 
const ProjectNamespacePrefix = "garden-"

ProjectNamespacePrefix is the prefix of namespaces representing projects.

View Source 
const (
	// SeedNamespaceNamePrefix is the prefix used for seed namespaces.
	SeedNamespaceNamePrefix = "seed-"
)

Variables

View Source 
var (
	// NoControlPlaneSecretsReq is a label selector requirement to select non-control plane secrets.
	NoControlPlaneSecretsReq = utils.MustNewRequirement(v1beta1constants.GardenRole, selection.NotIn, v1beta1constants.ControlPlaneSecretRoles...)
	// UncontrolledSecretSelector is a selector for objects which are managed by operators/users and not created by
	// Gardener controllers.
	UncontrolledSecretSelector = client.MatchingLabelsSelector{Selector: labels.NewSelector().Add(NoControlPlaneSecretsReq)}
)
View Source 
var TimeNow = time.Now

TimeNow returns the current time. Exposed for testing.

Functions

func BuildCloudProfileReference 

func BuildCloudProfileReference(shoot *gardencorev1beta1.Shoot) *gardencorev1beta1.CloudProfileReference

BuildCloudProfileReference determines and returns the CloudProfile reference of the given shoot, depending on the availability of cloudProfileName and cloudProfile.

func BuildOwnerToMachineSetsMap 

func BuildOwnerToMachineSetsMap(machineSets []machinev1alpha1.MachineSet) map[string][]machinev1alpha1.MachineSet

BuildOwnerToMachineSetsMap returns a map that associates `MachineDeployment` names to the given `machineSets`.

func BuildOwnerToMachinesMap 

func BuildOwnerToMachinesMap(machines []machinev1alpha1.Machine) map[string][]machinev1alpha1.Machine

BuildOwnerToMachinesMap returns a map that associates `MachineSet` names to the given `machines`.

func CheckIfDeletionIsConfirmed 

func CheckIfDeletionIsConfirmed(obj client.Object) error

CheckIfDeletionIsConfirmed returns whether the deletion of an object is confirmed or not.

func ComputeGardenNamespace 

func ComputeGardenNamespace(seedName string) string

ComputeGardenNamespace returns the name of the namespace belonging to the given seed in the Garden cluster.

func ComputeManagedShootIssuerSecretName 

func ComputeManagedShootIssuerSecretName(projectName string, shootUID types.UID) string

ComputeManagedShootIssuerSecretName returns the name that should be used for storing the service account public keys of a shoot's kube-apiserver in the gardener-system-shoot-issuer namespace in the Garden cluster.

func ComputeRequiredExtensionsForSeed 

func ComputeRequiredExtensionsForSeed(seed *gardencorev1beta1.Seed) sets.Set[string]

ComputeRequiredExtensionsForSeed computes the extension kind/type combinations that are required for the seed reconciliation flow.

func ComputeRequiredExtensionsForShoot 

func ComputeRequiredExtensionsForShoot(shoot *gardencorev1beta1.Shoot, seed *gardencorev1beta1.Seed, controllerRegistrationList *gardencorev1beta1.ControllerRegistrationList, internalDomain, externalDomain *Domain) sets.Set[string]

ComputeRequiredExtensionsForShoot computes the extension kind/type combinations that are required for the shoot reconciliation flow.

func ComputeSeedName 

func ComputeSeedName(seedNamespaceName string) string

ComputeSeedName computes the name of the seed out of the seed namespace in the Garden cluster.

func ComputeShootProjectResourceName 

func ComputeShootProjectResourceName(shootName, suffix string) string

ComputeShootProjectResourceName computes the name of a shoot-related project resource.

func ComputeTechnicalID 

func ComputeTechnicalID(projectName string, shoot *gardencorev1beta1.Shoot) string

ComputeTechnicalID determines the technical id of the given Shoot which is later used for the name of the namespace and for tagging all the resources created in the infrastructure.

func ConfirmDeletion 

func ConfirmDeletion(ctx context.Context, w client.Writer, obj client.Object) error

ConfirmDeletion adds Gardener's deletion confirmation and timestamp annotation to the given object and sends a PATCH request.

func ConstructExternalClusterDomain 

func ConstructExternalClusterDomain(shoot *gardencorev1beta1.Shoot) *string

ConstructExternalClusterDomain constructs the external Shoot cluster domain, i.e. the domain which will be put into the Kubeconfig handed out to the user.

func ConstructInternalClusterDomain 

func ConstructInternalClusterDomain(shootName, shootProject string, internalDomain *Domain) string

ConstructInternalClusterDomain constructs the internal base domain for this shoot cluster. It is only used for internal purposes (all kubeconfigs except the one which is received by the user will only talk with the kube-apiserver via a DNS record of domain). In case the given <internalDomain> already contains "internal", the result is constructed as "<shootName>.<shootProject>.<internalDomain>." In case it does not, the word "internal" will be appended, resulting in "<shootName>.<shootProject>.internal.<internalDomain>".

func DefaultGVKsForEncryption 

func DefaultGVKsForEncryption() []schema.GroupVersionKind

DefaultGVKsForEncryption returns the list of GroupVersionKinds which are encrypted by default.

func DefaultGardenerGVKsForEncryption 

func DefaultGardenerGVKsForEncryption() []schema.GroupVersionKind

DefaultGardenerGVKsForEncryption returns the list of GroupVersionKinds served by Gardener API Server which are encrypted by default.

func DefaultGardenerResourcesForEncryption 

func DefaultGardenerResourcesForEncryption() sets.Set[string]

DefaultGardenerResourcesForEncryption returns the list of resources served by Gardener API Server which are encrypted by default.

func DefaultResourcesForEncryption 

func DefaultResourcesForEncryption() sets.Set[string]

DefaultResourcesForEncryption returns the list of resources which are encrypted by default.

func DeleteVPAForGardenerComponent 

func DeleteVPAForGardenerComponent(ctx context.Context, c client.Client, name, namespace string) error

DeleteVPAForGardenerComponent deletes a VPA for a Gardener component.

func DetermineIdentity 

func DetermineIdentity() (*gardencorev1beta1.Gardener, error)

DetermineIdentity determines the Gardener component identity. We want to determine the Docker container id of the currently running instance because we need to identify for still ongoing operations whether another instance is still operating the respective Shoots. When running locally, we generate a random string because there is no container id.

func EffectiveMaintenanceTimeWindow 

func EffectiveMaintenanceTimeWindow(timeWindow *timewindow.MaintenanceTimeWindow) *timewindow.MaintenanceTimeWindow

EffectiveMaintenanceTimeWindow cuts a maintenance time window at the end with a guess of 15 minutes. It is subtracted from the end of a maintenance time window to use a best-effort kind of finishing the operation before the end. Generally, we can't make sure that the maintenance operation is done by the end of the time window anyway (considering large clusters with hundreds of nodes, a rolling update will take several hours).

func EffectiveShootMaintenanceTimeWindow 

func EffectiveShootMaintenanceTimeWindow(shoot *gardencorev1beta1.Shoot) *timewindow.MaintenanceTimeWindow

EffectiveShootMaintenanceTimeWindow returns the effective MaintenanceTimeWindow of the given Shoot.

func ExtensionsID 

func ExtensionsID(extensionKind, extensionType string) string

ExtensionsID returns an identifier for the given extension kind/type.

func ExtractShootDetailsFromBackupEntryName 

func ExtractShootDetailsFromBackupEntryName(backupEntryName string) (shootTechnicalID string, shootUID types.UID)

ExtractShootDetailsFromBackupEntryName returns Shoot resource technicalID its UID from provided <backupEntryName>.

func ExtractSystemComponentsTolerations 

func ExtractSystemComponentsTolerations(workers []gardencorev1beta1.Worker) []corev1.Toleration

ExtractSystemComponentsTolerations returns tolerations that are required to schedule shoot system components on the given workers. Tolerations are only considered for workers which have `SystemComponents.Allow: true`.

func FetchKubeconfigFromSecret 

func FetchKubeconfigFromSecret(ctx context.Context, c client.Client, key client.ObjectKey) ([]byte, error)

FetchKubeconfigFromSecret tries to retrieve the kubeconfig bytes in given secret.

func GenerateBackupEntryName 

func GenerateBackupEntryName(shootTechnicalID string, shootUID types.UID) (string, error)

GenerateBackupEntryName returns BackupEntry resource name created from provided <seedNamespace> and <shootUID>.

func GenerateDNSProviderName 

func GenerateDNSProviderName(secretName, providerType string) string

GenerateDNSProviderName creates a name for the dns provider out of the passed `secretName` and `providerType`.

func GetAPIServerDomain 

func GetAPIServerDomain(domain string) string

GetAPIServerDomain returns the fully qualified domain name for the api-server of the Shoot cluster. The end result is 'api.<domain>'.

func GetBackupEntrySeedNames 

func GetBackupEntrySeedNames(obj client.Object) (*string, *string)

GetBackupEntrySeedNames returns the spec.seedName and the status.seedName field in case the provided object is a BackupEntry.

func GetCloudProfile 

func GetCloudProfile(ctx context.Context, reader client.Reader, shoot *gardencorev1beta1.Shoot) (*gardencorev1beta1.CloudProfile, error)

GetCloudProfile determines whether the given shoot references a CloudProfile or a NamespacedCloudProfile and returns the appropriate object.

func GetDomainInfoFromAnnotations 

func GetDomainInfoFromAnnotations(annotations map[string]string) (provider string, domain string, zone string, err error)

GetDomainInfoFromAnnotations returns the provider, domain, and zones that are specified in the given annotations.

func GetGardenWildcardCertificate 

func GetGardenWildcardCertificate(ctx context.Context, c client.Client) (*corev1.Secret, error)

GetGardenWildcardCertificate gets the wildcard TLS certificate for the Garden runtime ingress domain. Nil is returned if no wildcard certificate is configured.

func GetIPStackForSeed 

func GetIPStackForSeed(seed *gardencorev1beta1.Seed) string

GetIPStackForSeed returns the value for the AnnotationKeyIPStack annotation based on the given seed. It falls back to IPv4 if no IP families are available.

func GetIPStackForShoot 

func GetIPStackForShoot(shoot *gardencorev1beta1.Shoot) string

GetIPStackForShoot returns the value for the AnnotationKeyIPStack annotation based on the given shoot. It falls back to IPv4 if no IP families are available, e.g. in a workerless shoot cluster.

func GetMandatoryExposureClassHandlerSNILabels 

func GetMandatoryExposureClassHandlerSNILabels(labels map[string]string, exposureClassName string) map[string]string

GetMandatoryExposureClassHandlerSNILabels get the labels of an ExposureClass Handler plus its name and will add the mandatory SNI labels for ExposureClass handlers to it. Existing label keys will be overridden by the mandatory labels keys.

func GetOwnerDomain 

func GetOwnerDomain(domain string) string

GetOwnerDomain returns the fully qualified domain name for the owner of the Shoot cluster. The end result is 'owner.<domain>'.

func GetResponsibleSeedName 

func GetResponsibleSeedName(specSeedName, statusSeedName *string) string

GetResponsibleSeedName returns the seed name which is responsible for the next reconciliation.

func GetShootConditionTypes 

func GetShootConditionTypes(workerless bool) []gardencorev1beta1.ConditionType

GetShootConditionTypes returns all known shoot condition types.

func GetShootNameFromOwnerReferences 

func GetShootNameFromOwnerReferences(objectMeta metav1.Object) string

GetShootNameFromOwnerReferences attempts to get the name of the Shoot object which owns the passed in object. If it is not owned by a Shoot, an empty string is returned.

func GetShootProjectConfigMapSuffixes 

func GetShootProjectConfigMapSuffixes() []string

GetShootProjectConfigMapSuffixes returns the list of shoot-related project config map suffixes.

func GetShootProjectInternalSecretSuffixes 

func GetShootProjectInternalSecretSuffixes() []string

GetShootProjectInternalSecretSuffixes returns the list of shoot-related project internal secret suffixes.

func GetShootProjectSecretSuffixes 

func GetShootProjectSecretSuffixes() []string

GetShootProjectSecretSuffixes returns the list of shoot-related project secret suffixes.

func GetShootSeedNames 

func GetShootSeedNames(obj client.Object) (*string, *string)

GetShootSeedNames returns the spec.seedName and the status.seedName field in case the provided object is a Shoot.

func GetWildcardCertificate 

func GetWildcardCertificate(ctx context.Context, c client.Client) (*corev1.Secret, error)

GetWildcardCertificate gets the wildcard TLS certificate for the seed ingress domain. Nil is returned if no wildcard certificate is configured.

func InjectGenericGardenKubeconfig 

func InjectGenericGardenKubeconfig(obj runtime.Object, genericKubeconfigName, accessSecretName, mountPath string, containerNames ...string) error

InjectGenericGardenKubeconfig injects the volumes, volume mounts, and env vars for the generic garden kubeconfig into the provided object. The access secret name must be the name of a secret containing a JWT token which should be used by the kubeconfig. The mount path is important to match the token path configured in the generic kubeconfig. If containerNames are not specified, the adjustments happen for all containers. If any of the containers in the object already has the GARDEN_KUBECONFIG env var, the object is not mutated.

func InjectGenericKubeconfig 

func InjectGenericKubeconfig(obj runtime.Object, genericKubeconfigName, accessSecretName string, containerNames ...string) error

InjectGenericKubeconfig injects the volumes and volume mounts for the generic shoot kubeconfig into the provided object. The access secret name must be the name of a secret containing a JWT token which should be used by the kubeconfig. If the object has multiple containers then the default is to inject it into all of them. If it should only be done for a selection of containers then their respective names must be provided.

func InjectNetworkPolicyAnnotationsForGardenScrapeTargets 

func InjectNetworkPolicyAnnotationsForGardenScrapeTargets(service *corev1.Service, ports ...networkingv1.NetworkPolicyPort) error

InjectNetworkPolicyAnnotationsForGardenScrapeTargets injects the provided ports into the `networking.resources.gardener.cloud/from-all-garden-scrape-targets-allowed-ports` annotation of the given service.

func InjectNetworkPolicyAnnotationsForScrapeTargets 

func InjectNetworkPolicyAnnotationsForScrapeTargets(service *corev1.Service, ports ...networkingv1.NetworkPolicyPort) error

InjectNetworkPolicyAnnotationsForScrapeTargets injects the provided ports into the `networking.resources.gardener.cloud/from-all-scrape-targets-allowed-ports` annotation of the given service.

func InjectNetworkPolicyAnnotationsForSeedScrapeTargets 

func InjectNetworkPolicyAnnotationsForSeedScrapeTargets(service *corev1.Service, ports ...networkingv1.NetworkPolicyPort) error

InjectNetworkPolicyAnnotationsForSeedScrapeTargets injects the provided ports into the `networking.resources.gardener.cloud/from-all-seed-scrape-targets-allowed-ports` annotation of the given service.

func InjectNetworkPolicyAnnotationsForWebhookTargets 

func InjectNetworkPolicyAnnotationsForWebhookTargets(service *corev1.Service, ports ...networkingv1.NetworkPolicyPort) error

InjectNetworkPolicyAnnotationsForWebhookTargets injects the provided ports into the `networking.resources.gardener.cloud/from-all-webhook-targets-allowed-ports` annotation of the given service.

func InjectNetworkPolicyNamespaceSelectors 

func InjectNetworkPolicyNamespaceSelectors(service *corev1.Service, selectors ...metav1.LabelSelector) error

InjectNetworkPolicyNamespaceSelectors injects the provided selectors into the `networking.resources.gardener.cloud/namespace-selectors` annotation of the given service.

func IsGardenSuccessfullyReconciled 

func IsGardenSuccessfullyReconciled(garden *operatorv1alpha1.Garden) bool

IsGardenSuccessfullyReconciled returns true if the passed garden resource reports a successful reconciliation.

func IsIncompleteDNSConfigError 

func IsIncompleteDNSConfigError(err error) bool

IsIncompleteDNSConfigError returns true if the error indicates that not the DNS config is incomplete.

func IsNowInEffectiveShootMaintenanceTimeWindow 

func IsNowInEffectiveShootMaintenanceTimeWindow(shoot *gardencorev1beta1.Shoot, clock clock.Clock) bool

IsNowInEffectiveShootMaintenanceTimeWindow checks if the current time is in the effective maintenance time window of the Shoot.

func IsObservedAtLatestGenerationAndSucceeded 

func IsObservedAtLatestGenerationAndSucceeded(shoot *gardencorev1beta1.Shoot) bool

IsObservedAtLatestGenerationAndSucceeded checks whether the Shoot's generation has changed or if the LastOperation status is Succeeded.

func IsSeedClientCert 

func IsSeedClientCert(x509cr *x509.CertificateRequest, usages []certificatesv1.KeyUsage) (bool, string)

IsSeedClientCert returns true when the given CSR and usages match the requirements for a client certificate for a seed. If false is returned, a reason will be returned explaining which requirement was not met.

func IsServedByGardenerAPIServer 

func IsServedByGardenerAPIServer(resource string) bool

IsServedByGardenerAPIServer returns true if the passed resources is served by the Gardener API Server.

func IsServedByKubeAPIServer 

func IsServedByKubeAPIServer(resource string) bool

IsServedByKubeAPIServer returns true if the passed resources is served by the Kube API Server.

func IsShootFailedAndUpToDate 

func IsShootFailedAndUpToDate(shoot *gardencorev1beta1.Shoot) bool

IsShootFailedAndUpToDate checks if a Shoot is failed and the observed generation and gardener version are up-to-date.

func IsShootNamespace 

func IsShootNamespace(namespace string) bool

IsShootNamespace returns true if the given namespace is a shoot namespace, i.e. it starts with the technical id prefix.

func IsShootProjectConfigMap 

func IsShootProjectConfigMap(configMapName string) (string, bool)

IsShootProjectConfigMap checks if the given name matches the name of a shoot-related project config map. If no, it returns an empty string and <false>. Otherwise, it returns the shoot name and <true>.

func IsShootProjectInternalSecret 

func IsShootProjectInternalSecret(secretName string) (string, bool)

IsShootProjectInternalSecret checks if the given name matches the name of a shoot-related project internal secret. If no, it returns an empty string and <false>. Otherwise, it returns the shoot name and <true>.

func IsShootProjectSecret 

func IsShootProjectSecret(secretName string) (string, bool)

IsShootProjectSecret checks if the given name matches the name of a shoot-related project secret. If no, it returns an empty string and <false>. Otherwise, it returns the shoot name and <true>.

func LastReconciliationDuringThisTimeWindow 

func LastReconciliationDuringThisTimeWindow(shoot *gardencorev1beta1.Shoot, clock clock.Clock) bool

LastReconciliationDuringThisTimeWindow returns true if <now> is contained in the given effective maintenance time window of the shoot and if the <lastReconciliation> did not happen longer than the longest possible duration of a maintenance time window.

func MaintainSeedNameLabels 

func MaintainSeedNameLabels(obj client.Object, names ...*string)

MaintainSeedNameLabels maintains the seed.gardener.cloud/<name>=true labels on the given object.

func MutateObjectsInSecretData 

func MutateObjectsInSecretData(
	secretData map[string][]byte,
	namespace string,
	apiGroups []string,
	mutateFns ...func(object runtime.Object) error,
) error

MutateObjectsInSecretData iterates over the given rendered secret data and invokes the given mutate functions.

func NamespaceNameForControllerInstallation 

func NamespaceNameForControllerInstallation(controllerInstallation *gardencorev1beta1.ControllerInstallation) string

NamespaceNameForControllerInstallation returns the name of the namespace that will be used for the extension controller in the seed.

func NetworkPolicyLabel 

func NetworkPolicyLabel(serviceName string, port int32) string

NetworkPolicyLabel returns the network policy label for a component initiating the connection to a service with the given name and TCP port.

func NodeAgentLeaseName 

func NodeAgentLeaseName(nodeName string) string

NodeAgentLeaseName returns the name of the Lease object based on the node name.

func NodeLabelsForWorkerPool 

func NodeLabelsForWorkerPool(workerPool gardencorev1beta1.Worker, nodeLocalDNSEnabled bool, gardenerNodeAgentSecretName string) map[string]string

NodeLabelsForWorkerPool returns a combined map of all user-specified and gardener-managed node labels.

func PrepareGardenClientRestConfig 

func PrepareGardenClientRestConfig(baseConfig *rest.Config, address *string, caCert []byte) *rest.Config

PrepareGardenClientRestConfig takes a base rest config and adds an optional host and CA certificate.

func ProjectAndNamespaceFromReader 

func ProjectAndNamespaceFromReader(ctx context.Context, reader client.Reader, namespaceName string) (*gardencorev1beta1.Project, *corev1.Namespace, error)

ProjectAndNamespaceFromReader returns the Project responsible for a given <namespace>. It reads the namespace and fetches the project name label. Then it will read the project with the respective name.

func ProjectForNamespaceFromReader 

func ProjectForNamespaceFromReader(ctx context.Context, reader client.Reader, namespaceName string) (*gardencorev1beta1.Project, error)

ProjectForNamespaceFromReader returns the Project responsible for a given <namespace>. It reads the namespace and fetches the project name label. Then it will read the project with the respective name.

func ReadGardenSecrets 

func ReadGardenSecrets(
	ctx context.Context,
	log logr.Logger,
	c client.Reader,
	namespace string,
	enforceInternalDomainSecret bool,
) (
	map[string]*corev1.Secret,
	error,
)

ReadGardenSecrets reads the Kubernetes Secrets from the Garden cluster which are independent of Shoot clusters. The Secret objects are stored on the Controller in order to pass them to created Garden objects later.

func ReconcileTopologyAwareRoutingMetadata 

func ReconcileTopologyAwareRoutingMetadata(service *corev1.Service, topologyAwareRoutingEnabled bool, k8sVersion *semver.Version)

ReconcileTopologyAwareRoutingMetadata adds (or removes) the required annotation and label to make a Service topology-aware.

func ReconcileVPAForGardenerComponent 

func ReconcileVPAForGardenerComponent(ctx context.Context, c client.Client, name, namespace string) error

ReconcileVPAForGardenerComponent deploys a VPA for a Gardener component.

func ReplicateGlobalMonitoringSecret 

func ReplicateGlobalMonitoringSecret(ctx context.Context, c client.Client, prefix, namespace string, globalMonitoringSecret *corev1.Secret) (*corev1.Secret, error)

ReplicateGlobalMonitoringSecret replicates the global monitoring secret into the given namespace and prefixes it with the given prefix.

func RequiredExtensionsReady 

func RequiredExtensionsReady(ctx context.Context, gardenClient client.Client, seedName string, requiredExtensions sets.Set[string]) error

RequiredExtensionsReady checks if all required extensions for a seed exist and are ready.

func RespectShootSyncPeriodOverwrite 

func RespectShootSyncPeriodOverwrite(respectSyncPeriodOverwrite bool, shoot *gardencorev1beta1.Shoot) bool

RespectShootSyncPeriodOverwrite checks whether to respect the sync period overwrite of a Shoot or not.

func ShootStatusValue 

func ShootStatusValue(s ShootStatus) int

ShootStatusValue returns the value of the given ShootStatus.

func ShouldIgnoreShoot 

func ShouldIgnoreShoot(respectSyncPeriodOverwrite bool, shoot *gardencorev1beta1.Shoot) bool

ShouldIgnoreShoot determines whether a Shoot should be ignored or not.

func SyncPeriodOfShoot 

func SyncPeriodOfShoot(respectSyncPeriodOverwrite bool, defaultMinSyncPeriod time.Duration, shoot *gardencorev1beta1.Shoot) time.Duration

SyncPeriodOfShoot determines the sync period of the given shoot.

If no overwrite is allowed, the defaultMinSyncPeriod is returned. Otherwise, the overwrite is parsed. If an error occurs or it is smaller than the defaultMinSyncPeriod, the defaultMinSyncPeriod is returned. Otherwise, the overwrite is returned.

func WaitUntilMachineResourcesDeleted 

func WaitUntilMachineResourcesDeleted(ctx context.Context, log logr.Logger, reader client.Reader, namespace string) error

WaitUntilMachineResourcesDeleted waits for a maximum of 30 minutes until all machine resources have been properly deleted by the machine-controller-manager. It polls the status every 5 seconds.

Types

type AccessSecret 

type AccessSecret struct {
	Secret             *corev1.Secret
	ServiceAccountName string
	Class              string
	// contains filtered or unexported fields
}

AccessSecret contains settings for a shoot/garden access secret consumed by a component communicating with a shoot or the garden API server.

func NewGardenAccessSecret 

func NewGardenAccessSecret(name, namespace string) *AccessSecret

NewGardenAccessSecret returns a new AccessSecret object and initializes it with an empty corev1.Secret object with the given name and namespace. If not already done, the name will be prefixed with the SecretNamePrefixGardenAccess. The ServiceAccountName field will be defaulted with the name.

func NewShootAccessSecret 

func NewShootAccessSecret(name, namespace string) *AccessSecret

NewShootAccessSecret returns a new AccessSecret object and initializes it with an empty corev1.Secret object with the given name and namespace. If not already done, the name will be prefixed with the SecretNamePrefixShootAccess. The ServiceAccountName field will be defaulted with the name.

func (*AccessSecret) Reconcile 

func (s *AccessSecret) Reconcile(ctx context.Context, c client.Client) error

Reconcile creates or patches the given shoot access secret. Based on the struct configuration, it adds the required annotations for the token requestor controller of gardener-resource-manager.

func (*AccessSecret) WithKubeconfig 

func (s *AccessSecret) WithKubeconfig(kubeconfigRaw *clientcmdv1.Config) *AccessSecret

WithKubeconfig sets the kubeconfig field of the AccessSecret.

func (*AccessSecret) WithNameOverride 

func (s *AccessSecret) WithNameOverride(name string) *AccessSecret

WithNameOverride sets the ObjectMeta.Name field of the *corev1.Secret inside the AccessSecret.

func (*AccessSecret) WithNamespaceOverride 

func (s *AccessSecret) WithNamespaceOverride(namespace string) *AccessSecret

WithNamespaceOverride sets the ObjectMeta.Namespace field of the *corev1.Secret inside the AccessSecret.

func (*AccessSecret) WithServiceAccountLabels 

func (s *AccessSecret) WithServiceAccountLabels(labels map[string]string) *AccessSecret

WithServiceAccountLabels sets the serviceAccountLabels field of the AccessSecret.

func (*AccessSecret) WithServiceAccountName 

func (s *AccessSecret) WithServiceAccountName(name string) *AccessSecret

WithServiceAccountName sets the ServiceAccountName field of the AccessSecret.

func (*AccessSecret) WithTargetSecret 

func (s *AccessSecret) WithTargetSecret(name, namespace string) *AccessSecret

WithTargetSecret sets the kubeconfig field of the AccessSecret.

func (*AccessSecret) WithTokenExpirationDuration 

func (s *AccessSecret) WithTokenExpirationDuration(duration string) *AccessSecret

WithTokenExpirationDuration sets the tokenExpirationDuration field of the AccessSecret.

type Domain 

type Domain struct {
	Domain     string
	Provider   string
	Zone       string
	SecretData map[string][]byte
}

Domain contains information about a domain configured in the garden cluster.

func ConstructExternalDomain 

func ConstructExternalDomain(ctx context.Context, c client.Reader, shoot *gardencorev1beta1.Shoot, shootCredentials client.Object, defaultDomains []*Domain) (*Domain, error)

ConstructExternalDomain constructs an object containing all relevant information of the external domain that shall be used for a shoot cluster - based on the configuration of the Garden cluster and the shoot itself. Shoot credentials should be of type *corev1.Secret or *securityv1alpha1.WorkloadIdentity.

func DomainIsDefaultDomain 

func DomainIsDefaultDomain(domain string, defaultDomains []*Domain) *Domain

DomainIsDefaultDomain identifies whether the given domain is a default domain.

func GetDefaultDomains 

func GetDefaultDomains(secrets map[string]*corev1.Secret) ([]*Domain, error)

GetDefaultDomains finds all the default domain secrets within the given map and returns a list of objects that contains all relevant information about the default domains.

func GetInternalDomain 

func GetInternalDomain(secrets map[string]*corev1.Secret) (*Domain, error)

GetInternalDomain finds the internal domain secret within the given map and returns the object that contains all relevant information about the internal domain.

type IncompleteDNSConfigError 

type IncompleteDNSConfigError struct{}

IncompleteDNSConfigError is a custom error type.

func (*IncompleteDNSConfigError) Error 

func (e *IncompleteDNSConfigError) Error() string

Error prints the error message of the IncompleteDNSConfigError error.

type ShootStatus 

type ShootStatus string

ShootStatus is the status of a shoot used in the common.ShootStatus label. 

const (
	// ShootStatusHealthy indicates that a shoot is considered healthy.
	ShootStatusHealthy ShootStatus = "healthy"
	// ShootStatusProgressing indicates that a shoot was once healthy, currently experienced an issue
	// but is still within a predefined grace period.
	ShootStatusProgressing ShootStatus = "progressing"
	// ShootStatusUnhealthy indicates that a shoot is considered unhealthy.
	ShootStatusUnhealthy ShootStatus = "unhealthy"
	// ShootStatusUnknown indicates that the shoot health status is not known.
	ShootStatusUnknown ShootStatus = "unknown"
)

func BoolToShootStatus 

func BoolToShootStatus(cond bool) ShootStatus

BoolToShootStatus converts the given boolean to a ShootStatus. For true values, it returns ShootStatusHealthy. Otherwise, it returns ShootStatusUnhealthy.

func ComputeConditionStatus 

func ComputeConditionStatus(conditions ...gardencorev1beta1.Condition) ShootStatus

ComputeConditionStatus computes the ShootStatus from the given Conditions. By default, the ShootStatus is ShootStatusHealthy. The condition status is converted to a ShootStatus by using ConditionStatusToShootStatus. Always the worst status of the combined states wins.

func ComputeShootStatus 

func ComputeShootStatus(lastOperation *gardencorev1beta1.LastOperation, lastErrors []gardencorev1beta1.LastError, conditions ...gardencorev1beta1.Condition) ShootStatus

ComputeShootStatus computes the ShootStatus of a shoot depending on the given lastOperation, lastError and conditions.

func ConditionStatusToShootStatus 

func ConditionStatusToShootStatus(status gardencorev1beta1.ConditionStatus) ShootStatus

ConditionStatusToShootStatus converts the given ConditionStatus to a shoot label ShootStatus.

func (ShootStatus) OrWorse 

func (s ShootStatus) OrWorse(other ShootStatus) ShootStatus

OrWorse returns the worse ShootStatus of the given two states.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.