Documentation ¶
Index ¶
- Constants
- func EvaluateHostnameOverride(hostnameOverride string) (string, error)
- type Architecture
- type CloudConfigBuilder
- type DirectoryBuilder
- type DockerBuilder
- type EtcdBuilder
- type EtcdTLSBuilder
- type FileAssetsBuilder
- type FirewallBuilder
- type HookBuilder
- type KubeAPIServerBuilder
- type KubeControllerManagerBuilder
- type KubeProxyBuilder
- type KubeRouterBuilder
- type KubeSchedulerBuilder
- type KubectlBuilder
- type KubeletBuilder
- type LogrotateBuilder
- type ManifestsBuilder
- type NetworkBuilder
- type NodeAuthorizationBuilder
- type NodeupModelContext
- func (c *NodeupModelContext) BuildCertificatePairTask(ctx *fi.ModelBuilderContext, key, path, filename string) error
- func (c *NodeupModelContext) BuildCertificateTask(ctx *fi.ModelBuilderContext, name, filename string) error
- func (c *NodeupModelContext) BuildKubeConfig(username string, ca, certificate, privateKey []byte) (string, error)
- func (c *NodeupModelContext) BuildPKIKubeconfig(name string) (string, error)
- func (c *NodeupModelContext) BuildPrivateKeyTask(ctx *fi.ModelBuilderContext, name, filename string) error
- func (c *NodeupModelContext) CNIBinDir() string
- func (c *NodeupModelContext) CNIConfDir() string
- func (c *NodeupModelContext) FileAssetsDefaultPath() string
- func (c *NodeupModelContext) FindCert(name string) ([]byte, error)
- func (c *NodeupModelContext) FindPrivateKey(name string) ([]byte, error)
- func (c *NodeupModelContext) Init() error
- func (c *NodeupModelContext) IsKubernetesGTE(version string) bool
- func (c *NodeupModelContext) KubectlPath() string
- func (c *NodeupModelContext) KubeletBootstrapKubeconfig() string
- func (c *NodeupModelContext) KubeletKubeConfig() string
- func (c *NodeupModelContext) NodeName() (string, error)
- func (c *NodeupModelContext) PathSrvKubernetes() string
- func (c *NodeupModelContext) PathSrvSshproxy() string
- func (c *NodeupModelContext) SSLHostPaths() []string
- func (c *NodeupModelContext) UseBootstrapTokens() bool
- func (c *NodeupModelContext) UseEtcdTLS() bool
- func (c *NodeupModelContext) UseEtcdTLSAuth() bool
- func (c *NodeupModelContext) UseNodeAuthorization() bool
- func (c *NodeupModelContext) UseNodeAuthorizer() bool
- func (c *NodeupModelContext) UseSecureKubelet() bool
- func (c *NodeupModelContext) UsesCNI() bool
- func (c *NodeupModelContext) UsesSecondaryIP() bool
- type PackagesBuilder
- type ProtokubeBuilder
- func (t *ProtokubeBuilder) Build(c *fi.ModelBuilderContext) error
- func (t *ProtokubeBuilder) ProtokubeEnvironmentVariables() string
- func (t *ProtokubeBuilder) ProtokubeFlags(k8sVersion semver.Version) (*ProtokubeFlags, error)
- func (t *ProtokubeBuilder) ProtokubeImageName() string
- func (t *ProtokubeBuilder) ProtokubeImagePullCommand() string
- type ProtokubeFlags
- type SecretBuilder
- type SysctlBuilder
- type UpdateServiceBuilder
Constants ¶
const CloudConfigFilePath = "/etc/kubernetes/cloud.config"
const DefaultDockerVersion = "1.12.3"
DefaultDockerVersion is the (legacy) docker version we use if one is not specified in the manifest. We don't change this with each version of kops, we expect newer versions of kops to populate the field.
const MinimumVersionForVMUUID = "1.5.3"
Required for vSphere CloudProvider
const PathAuthnConfig = "/etc/kubernetes/authn.config"
PathAuthnConfig is the path to the custom webhook authentication config
const RoleLabelMaster16 = "node-role.kubernetes.io/master"
const RoleLabelName15 = "kubernetes.io/role"
const RoleLabelName16 = "kubernetes.io/role"
const RoleLabelNode16 = "node-role.kubernetes.io/node"
const RoleMasterLabelValue15 = "master"
const RoleNodeLabelValue15 = "node"
const ServiceName = "update-service"
ServiceName is the name given to the service to be created
const VM_UUID_FILE_PATH = "/etc/vmware/vm_uuid"
VM UUID is set by cloud-init
Variables ¶
This section is empty.
Functions ¶
func EvaluateHostnameOverride ¶
EvaluateHostnameOverride returns the hostname after replacing some well-known placeholders
Types ¶
type Architecture ¶
type Architecture string
var ( ArchitectureAmd64 Architecture = "amd64" ArchitectureArm Architecture = "arm" )
type CloudConfigBuilder ¶
type CloudConfigBuilder struct {
*NodeupModelContext
}
CloudConfigBuilder creates the cloud configuration file
func (*CloudConfigBuilder) Build ¶
func (b *CloudConfigBuilder) Build(c *fi.ModelBuilderContext) error
type DirectoryBuilder ¶
type DirectoryBuilder struct {
*NodeupModelContext
}
DirectoryBuilder creates required directories
func (*DirectoryBuilder) Build ¶
func (b *DirectoryBuilder) Build(c *fi.ModelBuilderContext) error
Build is responsible for specific directories are created - os dependent
type DockerBuilder ¶
type DockerBuilder struct {
*NodeupModelContext
}
DockerBuilder install docker (just the packages at the moment)
func (*DockerBuilder) Build ¶
func (b *DockerBuilder) Build(c *fi.ModelBuilderContext) error
Build is responsible for configuring the docker daemon
type EtcdBuilder ¶
type EtcdBuilder struct {
*NodeupModelContext
}
EtcdBuilder installs etcd
func (*EtcdBuilder) Build ¶
func (b *EtcdBuilder) Build(c *fi.ModelBuilderContext) error
Build is responsible for creating the etcd user
type EtcdTLSBuilder ¶
type EtcdTLSBuilder struct {
*NodeupModelContext
}
EtcdTLSBuilder configures the etcd TLS support
func (*EtcdTLSBuilder) Build ¶
func (b *EtcdTLSBuilder) Build(c *fi.ModelBuilderContext) error
Build is responsible for performing setup for CNIs that need etcd TLS support
type FileAssetsBuilder ¶
type FileAssetsBuilder struct {
*NodeupModelContext
}
FileAssetsBuilder configures the hooks
func (*FileAssetsBuilder) Build ¶
func (f *FileAssetsBuilder) Build(c *fi.ModelBuilderContext) error
Build is responsible for writing out the file assets from cluster and instanceGroup
type FirewallBuilder ¶
type FirewallBuilder struct {
*NodeupModelContext
}
FirewallBuilder configures the firewall (iptables)
func (*FirewallBuilder) Build ¶
func (b *FirewallBuilder) Build(c *fi.ModelBuilderContext) error
Build is responsible for generating any node firewall rules
type HookBuilder ¶
type HookBuilder struct {
*NodeupModelContext
}
HookBuilder configures the hooks
func (*HookBuilder) Build ¶
func (h *HookBuilder) Build(c *fi.ModelBuilderContext) error
Build is responsible for implementing the cluster hook
type KubeAPIServerBuilder ¶
type KubeAPIServerBuilder struct {
*NodeupModelContext
}
KubeAPIServerBuilder install kube-apiserver (just the manifest at the moment)
func (*KubeAPIServerBuilder) Build ¶
func (b *KubeAPIServerBuilder) Build(c *fi.ModelBuilderContext) error
Build is responsible for generating the configuration for the kube-apiserver
type KubeControllerManagerBuilder ¶
type KubeControllerManagerBuilder struct {
*NodeupModelContext
}
KubeControllerManagerBuilder install kube-controller-manager (just the manifest at the moment)
func (*KubeControllerManagerBuilder) Build ¶
func (b *KubeControllerManagerBuilder) Build(c *fi.ModelBuilderContext) error
Build is responsible for configuring the kube-controller-manager
type KubeProxyBuilder ¶
type KubeProxyBuilder struct {
*NodeupModelContext
}
KubeProxyBuilder installs kube-proxy
func (*KubeProxyBuilder) Build ¶
func (b *KubeProxyBuilder) Build(c *fi.ModelBuilderContext) error
Build is responsible for building the kube-proxy manifest @TODO we should probaby change this to a daemonset in the future and follow the kubeadm path
type KubeRouterBuilder ¶
type KubeRouterBuilder struct {
*NodeupModelContext
}
KubeRouterBuilder installs kube-router
func (*KubeRouterBuilder) Build ¶
func (b *KubeRouterBuilder) Build(c *fi.ModelBuilderContext) error
Build is responsible for configuring the kube-router
type KubeSchedulerBuilder ¶
type KubeSchedulerBuilder struct {
*NodeupModelContext
}
KubeSchedulerBuilder install kube-scheduler
func (*KubeSchedulerBuilder) Build ¶
func (b *KubeSchedulerBuilder) Build(c *fi.ModelBuilderContext) error
Build is responsible for building the manifest for the kube-scheduler
type KubectlBuilder ¶
type KubectlBuilder struct {
*NodeupModelContext
}
KubectlBuilder install kubectl
func (*KubectlBuilder) Build ¶
func (b *KubectlBuilder) Build(c *fi.ModelBuilderContext) error
Build is responsible for managing the kubectl on the nodes
type KubeletBuilder ¶
type KubeletBuilder struct {
*NodeupModelContext
}
KubeletBuilder installs kubelet
func (*KubeletBuilder) Build ¶
func (b *KubeletBuilder) Build(c *fi.ModelBuilderContext) error
Build is responsible for building the kubelet configuration
type LogrotateBuilder ¶
type LogrotateBuilder struct {
*NodeupModelContext
}
LogrotateBuilder installs logrotate.d and configures log rotation for kubernetes logs
func (*LogrotateBuilder) Build ¶
func (b *LogrotateBuilder) Build(c *fi.ModelBuilderContext) error
Build is responsible for configuring logrotate
type ManifestsBuilder ¶
type ManifestsBuilder struct {
*NodeupModelContext
}
ManifestsBuilder copies manifests from the store (e.g. etcdmanager)
func (*ManifestsBuilder) Build ¶
func (b *ManifestsBuilder) Build(c *fi.ModelBuilderContext) error
Build creates tasks for copying the manifests
type NetworkBuilder ¶
type NetworkBuilder struct {
*NodeupModelContext
}
NetworkBuilder writes CNI assets
func (*NetworkBuilder) Build ¶
func (b *NetworkBuilder) Build(c *fi.ModelBuilderContext) error
Build is responsible for configuring the network cni
type NodeAuthorizationBuilder ¶
type NodeAuthorizationBuilder struct {
*NodeupModelContext
}
NodeAuthorizationBuilder is responsible for node authorization
func (*NodeAuthorizationBuilder) Build ¶
func (b *NodeAuthorizationBuilder) Build(c *fi.ModelBuilderContext) error
Build is responsible for handling the node authorization client
type NodeupModelContext ¶
type NodeupModelContext struct { Architecture Architecture Assets *fi.AssetStore Cluster *kops.Cluster Distribution distros.Distribution InstanceGroup *kops.InstanceGroup KeyStore fi.CAStore NodeupConfig *nodeup.Config SecretStore fi.SecretStore // IsMaster is true if the InstanceGroup has a role of master (populated by Init) IsMaster bool // contains filtered or unexported fields }
NodeupModelContext is the context supplied the nodeup tasks
func (*NodeupModelContext) BuildCertificatePairTask ¶
func (c *NodeupModelContext) BuildCertificatePairTask(ctx *fi.ModelBuilderContext, key, path, filename string) error
BuildCertificatePairTask creates the tasks to pull down the certificate and private key
func (*NodeupModelContext) BuildCertificateTask ¶
func (c *NodeupModelContext) BuildCertificateTask(ctx *fi.ModelBuilderContext, name, filename string) error
BuildCertificateTask is responsible for build a certificate request task
func (*NodeupModelContext) BuildKubeConfig ¶
func (c *NodeupModelContext) BuildKubeConfig(username string, ca, certificate, privateKey []byte) (string, error)
BuildKubeConfig is responsible for building a kubeconfig
func (*NodeupModelContext) BuildPKIKubeconfig ¶
func (c *NodeupModelContext) BuildPKIKubeconfig(name string) (string, error)
BuildPKIKubeconfig generates a kubeconfig
func (*NodeupModelContext) BuildPrivateKeyTask ¶
func (c *NodeupModelContext) BuildPrivateKeyTask(ctx *fi.ModelBuilderContext, name, filename string) error
BuildPrivateKeyTask is responsible for build a certificate request task
func (*NodeupModelContext) CNIBinDir ¶
func (c *NodeupModelContext) CNIBinDir() string
CNIBinDir returns the path for the CNI binaries
func (*NodeupModelContext) CNIConfDir ¶
func (c *NodeupModelContext) CNIConfDir() string
CNIConfDir returns the CNI directory
func (*NodeupModelContext) FileAssetsDefaultPath ¶
func (c *NodeupModelContext) FileAssetsDefaultPath() string
FileAssetsDefaultPath is the default location for assets which have no path
func (*NodeupModelContext) FindCert ¶
func (c *NodeupModelContext) FindCert(name string) ([]byte, error)
FindCert is a helper method to retrieving a certificate from the store
func (*NodeupModelContext) FindPrivateKey ¶
func (c *NodeupModelContext) FindPrivateKey(name string) ([]byte, error)
FindPrivateKey is a helper method to retrieving a private key from the store
func (*NodeupModelContext) Init ¶
func (c *NodeupModelContext) Init() error
Init completes initialization of the object, for example pre-parsing the kubernetes version
func (*NodeupModelContext) IsKubernetesGTE ¶
func (c *NodeupModelContext) IsKubernetesGTE(version string) bool
IsKubernetesGTE checks if the version is greater-than-or-equal
func (*NodeupModelContext) KubectlPath ¶
func (c *NodeupModelContext) KubectlPath() string
KubectlPath returns distro based path for kubectl
func (*NodeupModelContext) KubeletBootstrapKubeconfig ¶
func (c *NodeupModelContext) KubeletBootstrapKubeconfig() string
KubeletBootstrapKubeconfig is the path the bootstrap config file
func (*NodeupModelContext) KubeletKubeConfig ¶
func (c *NodeupModelContext) KubeletKubeConfig() string
KubeletKubeConfig is the path of the kubelet kubeconfig file
func (*NodeupModelContext) NodeName ¶
func (c *NodeupModelContext) NodeName() (string, error)
NodeName returns the name of the local Node, as it will be created in k8s
func (*NodeupModelContext) PathSrvKubernetes ¶
func (c *NodeupModelContext) PathSrvKubernetes() string
PathSrvKubernetes returns the path for the kubernetes service files
func (*NodeupModelContext) PathSrvSshproxy ¶
func (c *NodeupModelContext) PathSrvSshproxy() string
PathSrvSshproxy returns the path for the SSL proxy
func (*NodeupModelContext) SSLHostPaths ¶
func (c *NodeupModelContext) SSLHostPaths() []string
SSLHostPaths returns the TLS paths for the distribution
func (*NodeupModelContext) UseBootstrapTokens ¶
func (c *NodeupModelContext) UseBootstrapTokens() bool
UseBootstrapTokens checks if we are using bootstrap tokens
func (*NodeupModelContext) UseEtcdTLS ¶
func (c *NodeupModelContext) UseEtcdTLS() bool
UseEtcdTLS checks if the etcd cluster has TLS enabled bool
func (*NodeupModelContext) UseEtcdTLSAuth ¶
func (c *NodeupModelContext) UseEtcdTLSAuth() bool
UseEtcdTLSAuth checks the peer-auth is set in both cluster @NOTE: in retrospect i think we should have consolidated the common config in the wrapper struct; it feels weird we set things like version, tls etc per cluster since they both have to be the same.
func (*NodeupModelContext) UseNodeAuthorization ¶
func (c *NodeupModelContext) UseNodeAuthorization() bool
UseNodeAuthorization checks if have a node authorization policy
func (*NodeupModelContext) UseNodeAuthorizer ¶
func (c *NodeupModelContext) UseNodeAuthorizer() bool
UseNodeAuthorizer checks if node authorization is enabled
func (*NodeupModelContext) UseSecureKubelet ¶
func (c *NodeupModelContext) UseSecureKubelet() bool
UseSecureKubelet checks if the kubelet api should be protected by a client certificate. Note: the settings are in one of three section, master specific kubelet, cluster wide kubelet or the InstanceGroup. Though arguably is doesn't make much sense to unset this on a per InstanceGroup level, but hey :)
func (*NodeupModelContext) UsesCNI ¶
func (c *NodeupModelContext) UsesCNI() bool
UsesCNI checks if the cluster has CNI configured
func (*NodeupModelContext) UsesSecondaryIP ¶
func (c *NodeupModelContext) UsesSecondaryIP() bool
UsesSecondaryIP checks if the CNI in use attaches secondary interfaces to the host.
type PackagesBuilder ¶
type PackagesBuilder struct {
*NodeupModelContext
}
PackagesBuilder adds miscellaneous OS packages that we need
func (*PackagesBuilder) Build ¶
func (b *PackagesBuilder) Build(c *fi.ModelBuilderContext) error
Build is responsible for installing packages
type ProtokubeBuilder ¶
type ProtokubeBuilder struct {
*NodeupModelContext
}
ProtokubeBuilder configures protokube
func (*ProtokubeBuilder) Build ¶
func (t *ProtokubeBuilder) Build(c *fi.ModelBuilderContext) error
Build is responsible for generating the options for protokube
func (*ProtokubeBuilder) ProtokubeEnvironmentVariables ¶
func (t *ProtokubeBuilder) ProtokubeEnvironmentVariables() string
ProtokubeEnvironmentVariables generates the environments variables for docker
func (*ProtokubeBuilder) ProtokubeFlags ¶
func (t *ProtokubeBuilder) ProtokubeFlags(k8sVersion semver.Version) (*ProtokubeFlags, error)
ProtokubeFlags is responsible for building the command line flags for protokube
func (*ProtokubeBuilder) ProtokubeImageName ¶
func (t *ProtokubeBuilder) ProtokubeImageName() string
ProtokubeImageName returns the docker image for protokube
func (*ProtokubeBuilder) ProtokubeImagePullCommand ¶
func (t *ProtokubeBuilder) ProtokubeImagePullCommand() string
ProtokubeImagePullCommand returns the command to pull the image
type ProtokubeFlags ¶
type ProtokubeFlags struct { ApplyTaints *bool `json:"applyTaints,omitempty" flag:"apply-taints"` Channels []string `json:"channels,omitempty" flag:"channels"` Cloud *string `json:"cloud,omitempty" flag:"cloud"` // ClusterID flag is required only for vSphere cloud type, to pass cluster id information to protokube. AWS and GCE workflows ignore this flag. ClusterID *string `json:"cluster-id,omitempty" flag:"cluster-id"` Containerized *bool `json:"containerized,omitempty" flag:"containerized"` DNSInternalSuffix *string `json:"dnsInternalSuffix,omitempty" flag:"dns-internal-suffix"` DNSProvider *string `json:"dnsProvider,omitempty" flag:"dns"` DNSServer *string `json:"dns-server,omitempty" flag:"dns-server"` EtcdBackupImage string `json:"etcd-backup-image,omitempty" flag:"etcd-backup-image"` EtcdBackupStore string `json:"etcd-backup-store,omitempty" flag:"etcd-backup-store"` EtcdImage *string `json:"etcd-image,omitempty" flag:"etcd-image"` EtcdLeaderElectionTimeout *string `json:"etcd-election-timeout,omitempty" flag:"etcd-election-timeout"` EtcdHearbeatInterval *string `json:"etcd-heartbeat-interval,omitempty" flag:"etcd-heartbeat-interval"` InitializeRBAC *bool `json:"initializeRBAC,omitempty" flag:"initialize-rbac"` LogLevel *int32 `json:"logLevel,omitempty" flag:"v"` Master *bool `json:"master,omitempty" flag:"master"` PeerTLSCaFile *string `json:"peer-ca,omitempty" flag:"peer-ca"` PeerTLSCertFile *string `json:"peer-cert,omitempty" flag:"peer-cert"` PeerTLSKeyFile *string `json:"peer-key,omitempty" flag:"peer-key"` TLSAuth *bool `json:"tls-auth,omitempty" flag:"tls-auth"` TLSCAFile *string `json:"tls-ca,omitempty" flag:"tls-ca"` TLSCertFile *string `json:"tls-cert,omitempty" flag:"tls-cert"` TLSKeyFile *string `json:"tls-key,omitempty" flag:"tls-key"` Zone []string `json:"zone,omitempty" flag:"zone"` // ManageEtcd is true if protokube should manage etcd; being replaced by etcd-manager ManageEtcd bool `json:"manageEtcd,omitempty" flag:"manage-etcd"` }
ProtokubeFlags are the flags for protokube
type SecretBuilder ¶
type SecretBuilder struct {
*NodeupModelContext
}
SecretBuilder writes secrets
func (*SecretBuilder) Build ¶
func (b *SecretBuilder) Build(c *fi.ModelBuilderContext) error
Build is responsible for pulling down the secrets
type SysctlBuilder ¶
type SysctlBuilder struct {
*NodeupModelContext
}
SysctlBuilder set up our sysctls
func (*SysctlBuilder) Build ¶
func (b *SysctlBuilder) Build(c *fi.ModelBuilderContext) error
Build is responsible for configuring sysctl settings
type UpdateServiceBuilder ¶
type UpdateServiceBuilder struct {
*NodeupModelContext
}
UpdateServiceBuilder disables the OS automatic updates
func (*UpdateServiceBuilder) Build ¶
func (b *UpdateServiceBuilder) Build(c *fi.ModelBuilderContext) error
Build is responsible for creating the relevant systemd service based on OS
Source Files ¶
- architecture.go
- cloudconfig.go
- context.go
- convenience.go
- directories.go
- docker.go
- etcd.go
- etcd_tls.go
- file_assets.go
- firewall.go
- hooks.go
- kube_apiserver.go
- kube_controller_manager.go
- kube_proxy.go
- kube_router.go
- kube_scheduler.go
- kubectl.go
- kubelet.go
- logrotate.go
- manifests.go
- network.go
- node_authorizer.go
- packages.go
- protokube.go
- secrets.go
- sysctls.go
- update_service.go