Documentation ¶
Index ¶
- Constants
- Variables
- func AddUserRole(ctx context.Context, cli *clientv3.Client, name, prefix string) error
- func AllImages() []string
- func ApplyResource(clientset *kubernetes.Clientset, data []byte, rev int64) error
- func ConnectVault(ctx context.Context, data []byte) error
- func GetUserRoles(ctx context.Context, cli *clientv3.Client, user string) ([]string, error)
- func IssueEtcdClientCertificate(inf Infrastructure, username, ttl string) (cert, key string, err error)
- func Kubeconfig(cluster, user, ca, clientCrt, clientKey string) *api.Config
- func NewEtcdConfig() *etcdutil.Config
- func ParseResource(data []byte) (key string, jsonData []byte, err error)
- func SortResources(res []ResourceDefinition)
- func UserKubeconfig(cluster, userName, ca, clientCrt, clientKey, server string) *api.Config
- func VaultClient(cfg *VaultConfig) (*vault.Client, *vault.Secret, error)
- type APIServerParams
- type Agent
- type AggregationCA
- type BindPropagation
- type CNIConfFile
- type Cluster
- type ClusterDNSStatus
- type ClusterStatus
- type Command
- type Commander
- type Constraints
- type ContainerEngine
- type EtcdBackup
- type EtcdBackupStatus
- type EtcdCA
- func (e EtcdCA) IssueForAPIServer(ctx context.Context, inf Infrastructure, node *Node) (crt, key string, err error)
- func (e EtcdCA) IssueForBackup(ctx context.Context, inf Infrastructure) (cert, key string, err error)
- func (e EtcdCA) IssuePeerCert(ctx context.Context, inf Infrastructure, node *Node) (crt, key string, err error)
- func (e EtcdCA) IssueRoot(ctx context.Context, inf Infrastructure) (cert, key string, err error)
- func (e EtcdCA) IssueServerCert(ctx context.Context, inf Infrastructure, node *Node, domain string) (crt, key string, err error)
- type EtcdClusterStatus
- type EtcdParams
- type EtcdStatus
- type Image
- type Infrastructure
- type IssueResponse
- type Kind
- type KubeComponentStatus
- type KubeletParams
- type KubeletStatus
- type KubernetesCA
- func (k KubernetesCA) IssueForAPIServer(ctx context.Context, inf Infrastructure, n *Node, serviceSubnet, domain string) (crt, key string, err error)
- func (k KubernetesCA) IssueForControllerManager(ctx context.Context, inf Infrastructure) (crt, key string, err error)
- func (k KubernetesCA) IssueForKubelet(ctx context.Context, inf Infrastructure, node *Node) (crt, key string, err error)
- func (k KubernetesCA) IssueForProxy(ctx context.Context, inf Infrastructure) (crt, key string, err error)
- func (k KubernetesCA) IssueForScheduler(ctx context.Context, inf Infrastructure) (crt, key string, err error)
- func (k KubernetesCA) IssueForServiceAccount(ctx context.Context, inf Infrastructure) (crt, key string, err error)
- func (k KubernetesCA) IssueUserCert(ctx context.Context, inf Infrastructure, userName, groupName string, ...) (crt, key string, err error)
- type KubernetesClusterStatus
- type Mount
- type Node
- type NodeDNSStatus
- type NodeStatus
- type Operator
- type Options
- type Record
- type RecordChan
- type RecordStatus
- type ResourceDefinition
- type SELinuxLabel
- type SchedulerParams
- type SchedulerStatus
- type ServiceParams
- type ServiceStatus
- type Storage
- func (s Storage) DeleteResource(ctx context.Context, key string) error
- func (s Storage) EnableSabakan(ctx context.Context, flag bool) error
- func (s Storage) GetAllResources(ctx context.Context) ([]ResourceDefinition, error)
- func (s Storage) GetCACertificate(ctx context.Context, name string) (string, error)
- func (s Storage) GetCluster(ctx context.Context) (*Cluster, error)
- func (s Storage) GetClusterWithRevision(ctx context.Context) (*Cluster, int64, error)
- func (s Storage) GetConstraints(ctx context.Context) (*Constraints, error)
- func (s Storage) GetLeaderHostname(ctx context.Context) (string, error)
- func (s Storage) GetRecords(ctx context.Context, count int64) ([]*Record, error)
- func (s Storage) GetResource(ctx context.Context, key string) ([]byte, int64, error)
- func (s Storage) GetSabakanQueryVariables(ctx context.Context) ([]byte, error)
- func (s Storage) GetSabakanTemplate(ctx context.Context) (*Cluster, int64, error)
- func (s Storage) GetSabakanURL(ctx context.Context) (string, error)
- func (s Storage) GetServiceAccountCert(ctx context.Context) (string, error)
- func (s Storage) GetServiceAccountKey(ctx context.Context) (string, error)
- func (s Storage) GetVaultConfig(ctx context.Context) (*VaultConfig, error)
- func (s Storage) IsSabakanDisabled(ctx context.Context) (bool, error)
- func (s Storage) ListResources(ctx context.Context) ([]string, error)
- func (s Storage) NextRecordID(ctx context.Context) (int64, error)
- func (s Storage) PutCACertificate(ctx context.Context, name, pem string) error
- func (s Storage) PutCluster(ctx context.Context, c *Cluster) error
- func (s Storage) PutClusterWithTemplateRevision(ctx context.Context, c *Cluster, rev int64, leaderKey string) error
- func (s Storage) PutConstraints(ctx context.Context, c *Constraints) error
- func (s Storage) PutServiceAccountData(ctx context.Context, leaderKey, cert, key string) error
- func (s Storage) PutVaultConfig(ctx context.Context, c *VaultConfig) error
- func (s Storage) RegisterRecord(ctx context.Context, leaderKey string, r *Record) error
- func (s Storage) SetResource(ctx context.Context, key, value string) error
- func (s Storage) SetSabakanQueryVariables(ctx context.Context, vars string) error
- func (s Storage) SetSabakanTemplate(ctx context.Context, tmpl *Cluster) error
- func (s Storage) SetSabakanURL(ctx context.Context, url string) error
- func (s Storage) UpdateRecord(ctx context.Context, leaderKey string, r *Record) error
- func (s Storage) WatchRecords(ctx context.Context, initialCount int64) (RecordChan, error)
- type VaultConfig
Constants ¶
const ( PropagationSlave = BindPropagation("slave") PropagationPrivate = BindPropagation("private") PropagationRSlave = BindPropagation("rslave") PropagationRPrivate = BindPropagation("rprivate") )
Bind propagation definitions
const ( LabelPrivate = SELinuxLabel("Z") )
SELinux Label definitions
const ( EtcdImage = Image("quay.io/cybozu/etcd:3.3.12.2") HyperkubeImage = Image("quay.io/cybozu/hyperkube:1.14.1.1") ToolsImage = Image("quay.io/cybozu/cke-tools:1.6.0") PauseImage = Image("quay.io/cybozu/pause:3.1.0.3") CoreDNSImage = Image("quay.io/cybozu/coredns:1.5.0.1") UnboundImage = Image("quay.io/cybozu/unbound:1.9.0.1") )
Container image definitions
const ( CAServer = "cke/ca-server" CAEtcdPeer = "cke/ca-etcd-peer" CAEtcdClient = "cke/ca-etcd-client" CAKubernetes = "cke/ca-kubernetes" CAKubernetesAggregation = "cke/ca-kubernetes-aggregation" )
CA keys in Vault
const ( RoleSystem = "system" RoleAdmin = "admin" RoleKubeScheduler = "kube-scheduler" RoleKubeControllerManager = "kube-controller-manager" RoleKubelet = "kubelet" RoleKubeProxy = "kube-proxy" RoleServiceAccount = "service-account" )
Role name in Vault
const ( StatusNew = RecordStatus("new") StatusRunning = RecordStatus("running") StatusCancelled = RecordStatus("cancelled") StatusCompleted = RecordStatus("completed") )
Record statuses
const ( AnnotationResourceImage = "cke.cybozu.com/image" AnnotationResourceRevision = "cke.cybozu.com/revision" AnnotationResourceOriginal = "cke.cybozu.com/last-applied-configuration" )
Annotations for CKE-managed resources.
const ( KindNamespace = "Namespace" KindServiceAccount = "ServiceAccount" KindPodSecurityPolicy = "PodSecurityPolicy" KindNetworkPolicy = "NetworkPolicy" KindClusterRole = "ClusterRole" KindRole = "Role" KindClusterRoleBinding = "ClusterRoleBinding" KindRoleBinding = "RoleBinding" KindConfigMap = "ConfigMap" KindDeployment = "Deployment" KindDaemonSet = "DaemonSet" KindCronJob = "CronJob" KindService = "Service" )
Supported resource kinds
const ( KeyCA = "ca/" KeyCluster = "cluster" KeyClusterRevision = "cluster-revision" KeyConstraints = "constraints" KeyLeader = "leader/" KeyRecords = "records/" KeyRecordID = "records" KeyResourcePrefix = "resource/" KeySabakanDisabled = "sabakan/disabled" KeySabakanQueryVariables = "sabakan/query-variables" KeySabakanTemplate = "sabakan/template" KeySabakanURL = "sabakan/url" KeyServiceAccountCert = "service-account/certificate" KeyServiceAccountKey = "service-account/key" KeyVault = "vault" )
etcd keys and prefixes
const AdminGroup = "system:masters"
AdminGroup is the group name of cluster admin users
const CKESecret = "cke/secrets"
CKESecret is the path of key-value secret engine for CKE.
const CNAPIServer = "front-proxy-client"
CNAPIServer is the common name of API server for aggregation
const ( // DefaultRunTimeout is the timeout value for Agent.Run(). DefaultRunTimeout = 10 * time.Minute )
const K8sSecret = CKESecret + "/k8s"
K8sSecret is the path of encryption keys used for Kubernetes Secrets.
const SSHSecret = CKESecret + "/ssh"
SSHSecret is the path of SSH private keys in Vault.
const Version = "1.14.15"
Version represents current cke version
Variables ¶
var ( // ErrNotFound may be returned by Storage methods when a key is not found. ErrNotFound = errors.New("not found") // ErrNoLeader is returned when the session lost leadership. ErrNoLeader = errors.New("lost leadership") )
var CAKeys = []string{ CAServer, CAEtcdPeer, CAEtcdClient, CAKubernetes, CAKubernetesAggregation, }
CAKeys is list of CA keys
Functions ¶
func AddUserRole ¶
AddUserRole create etcd user and role.
func ApplyResource ¶ added in v1.13.9
func ApplyResource(clientset *kubernetes.Clientset, data []byte, rev int64) error
ApplyResource creates or patches Kubernetes object.
func ConnectVault ¶
ConnectVault unmarshal data to get VaultConfig and call VaultClient with it. It then start renewing login token for long-running process.
func GetUserRoles ¶
GetUserRoles get roles of target user.
func IssueEtcdClientCertificate ¶
func IssueEtcdClientCertificate(inf Infrastructure, username, ttl string) (cert, key string, err error)
IssueEtcdClientCertificate issues TLS client certificate for a user.
func Kubeconfig ¶
Kubeconfig creates *api.Config that will be rendered as "kubeconfig" file.
func NewEtcdConfig ¶
NewEtcdConfig creates Config with default prefix.
func ParseResource ¶ added in v1.13.9
ParseResource parses YAML string.
func SortResources ¶ added in v1.13.10
func SortResources(res []ResourceDefinition)
SortResources sort resources as defined order of creation.
func UserKubeconfig ¶ added in v1.14.14
UserKubeconfig makes kubeconfig for users
func VaultClient ¶
VaultClient creates vault client. The client has logged-in to Vault using RoleID and SecretID in cfg.
Types ¶
type APIServerParams ¶ added in v1.13.3
type APIServerParams struct { ServiceParams `yaml:",inline"` AuditLogEnabled bool `json:"audit_log_enabled" yaml:"audit_log_enabled"` AuditLogPolicy string `json:"audit_log_policy" yaml:"audit_log_policy"` }
APIServerParams is a set of extra parameters for kube-apiserver.
type Agent ¶
type Agent interface { // Close closes the underlying connection. Close() error // Run command on the node. // It returns non-nil error if the command takes too long (> DefaultRunTimeout). Run(command string) (stdout, stderr []byte, err error) // RunWithInput run command with input as stdin. // It returns non-nil error if the command takes too long (> DefaultRunTimeout). RunWithInput(command, input string) error // RunWithTimeout run command with given timeout. // If timeout is 0, the command will run indefinitely. RunWithTimeout(command, input string, timeout time.Duration) (stdout, stderr []byte, err error) }
Agent is the interface to run commands on a node.
type AggregationCA ¶ added in v1.14.3
type AggregationCA struct{}
AggregationCA is a certificate authority for kubernetes aggregation API server
func (AggregationCA) IssueClientCertificate ¶ added in v1.14.3
func (a AggregationCA) IssueClientCertificate(ctx context.Context, inf Infrastructure) (cert, key string, err error)
IssueClientCertificate issues TLS client certificate for API server
type BindPropagation ¶
type BindPropagation string
BindPropagation is bind propagation option for Docker https://docs.docker.com/storage/bind-mounts/#configure-bind-propagation
func (BindPropagation) String ¶
func (p BindPropagation) String() string
type CNIConfFile ¶ added in v1.13.7
type CNIConfFile struct { Name string `json:"name" yaml:"name"` Content string `json:"content" yaml:"content"` }
CNIConfFile is a config file for CNI plugin deployed on worker nodes by CKE.
type Cluster ¶
type Cluster struct { Name string `json:"name" yaml:"name"` Nodes []*Node `json:"nodes" yaml:"nodes"` TaintCP bool `json:"taint_control_plane" yaml:"taint_control_plane"` ServiceSubnet string `json:"service_subnet" yaml:"service_subnet"` PodSubnet string `json:"pod_subnet" yaml:"pod_subnet"` DNSServers []string `json:"dns_servers" yaml:"dns_servers"` DNSService string `json:"dns_service" yaml:"dns_service"` EtcdBackup EtcdBackup `json:"etcd_backup" yaml:"etcd_backup"` Options Options `json:"options" yaml:"options"` }
Cluster is a set of configurations for a etcd/Kubernetes cluster.
type ClusterDNSStatus ¶
ClusterDNSStatus contains cluster resolver status.
type ClusterStatus ¶
type ClusterStatus struct { Name string NodeStatuses map[string]*NodeStatus // keys are IP address strings. Etcd EtcdClusterStatus Kubernetes KubernetesClusterStatus }
ClusterStatus represents the working cluster status. The structure reflects Cluster, of course.
type Commander ¶
type Commander interface { // Run executes the command Run(ctx context.Context, inf Infrastructure) error // Command returns the command information Command() Command }
Commander is a single step to proceed an operation
type Constraints ¶
type Constraints struct { ControlPlaneCount int `json:"control-plane-count"` MinimumWorkers int `json:"minimum-workers"` MaximumWorkers int `json:"maximum-workers"` }
Constraints is a set of conditions that a cluster must satisfy
func DefaultConstraints ¶
func DefaultConstraints() *Constraints
DefaultConstraints returns the default constraints
func (*Constraints) Check ¶
func (c *Constraints) Check(cluster *Cluster) error
Check checks the cluster satisfies the constraints
type ContainerEngine ¶
type ContainerEngine interface { // PullImage pulls an image. PullImage(img Image) error // Run runs a container as a foreground process. Run(img Image, binds []Mount, command string) error // RunWithInput runs a container as a foreground process with stdin as a string. RunWithInput(img Image, binds []Mount, command, input string) error // RunSystem runs the named container as a system service. RunSystem(name string, img Image, opts []string, params, extra ServiceParams) error // Exists returns if named system container exists. Exists(name string) (bool, error) // Stop stops the named system container. Stop(name string) error // Kill kills the named system container. Kill(name string) error // Remove removes the named system container. Remove(name string) error // Inspect returns ServiceStatus for the named container. Inspect(name []string) (map[string]ServiceStatus, error) // VolumeCreate creates a local volume. VolumeCreate(name string) error // VolumeRemove creates a local volume. VolumeRemove(name string) error // VolumeExists returns true if the named volume exists. VolumeExists(name string) (bool, error) }
ContainerEngine defines interfaces for a container engine.
func Docker ¶
func Docker(agent Agent) ContainerEngine
Docker is an implementation of ContainerEngine.
type EtcdBackup ¶
type EtcdBackup struct { Enabled bool `json:"enabled" yaml:"enabled"` PVCName string `json:"pvc_name" yaml:"pvc_name"` Schedule string `json:"schedule" yaml:"schedule"` Rotate int `json:"rotate,omitempty" yaml:"rotate,omitempty"` }
EtcdBackup is a set of configurations for etcdbackup.
type EtcdBackupStatus ¶
type EtcdBackupStatus struct { ConfigMap *corev1.ConfigMap CronJob *batchv1beta1.CronJob Pod *corev1.Pod Secret *corev1.Secret Service *corev1.Service }
EtcdBackupStatus is the status of etcdbackup
type EtcdCA ¶
type EtcdCA struct{}
EtcdCA is a certificate authority for etcd cluster.
func (EtcdCA) IssueForAPIServer ¶
func (e EtcdCA) IssueForAPIServer(ctx context.Context, inf Infrastructure, node *Node) (crt, key string, err error)
IssueForAPIServer issues TLC client certificate for Kubernetes.
func (EtcdCA) IssueForBackup ¶
func (e EtcdCA) IssueForBackup(ctx context.Context, inf Infrastructure) (cert, key string, err error)
IssueForBackup issues certificate for etcdbackup.
func (EtcdCA) IssuePeerCert ¶
func (e EtcdCA) IssuePeerCert(ctx context.Context, inf Infrastructure, node *Node) (crt, key string, err error)
IssuePeerCert issues TLS certificates for mutual peer authentication.
func (EtcdCA) IssueServerCert ¶
func (e EtcdCA) IssueServerCert(ctx context.Context, inf Infrastructure, node *Node, domain string) (crt, key string, err error)
IssueServerCert issues TLS server certificates.
type EtcdClusterStatus ¶
type EtcdClusterStatus struct { IsHealthy bool Members map[string]*etcdserverpb.Member InSyncMembers map[string]bool }
EtcdClusterStatus is the status of the etcd cluster.
type EtcdParams ¶
type EtcdParams struct { ServiceParams `yaml:",inline"` VolumeName string `json:"volume_name" yaml:"volume_name"` }
EtcdParams is a set of extra parameters for etcd.
type EtcdStatus ¶
type EtcdStatus struct { ServiceStatus HasData bool }
EtcdStatus is the status of kubelet.
type Infrastructure ¶
type Infrastructure interface { Close() Agent(addr string) Agent Engine(addr string) ContainerEngine Vault() (*vault.Client, error) Storage() Storage NewEtcdClient(ctx context.Context, endpoints []string) (*clientv3.Client, error) K8sClient(ctx context.Context, n *Node) (*kubernetes.Clientset, error) HTTPClient() *well.HTTPClient HTTPSClient(ctx context.Context) (*well.HTTPClient, error) }
Infrastructure presents an interface for infrastructure on CKE
func NewInfrastructure ¶
NewInfrastructure creates a new Infrastructure instance
type IssueResponse ¶
type IssueResponse struct { Cert string `json:"certificate"` Key string `json:"private_key"` CACert string `json:"ca_certificate"` }
IssueResponse is cli output format.
type Kind ¶ added in v1.13.9
type Kind string
Kind prepresents Kubernetes resource kind
func (Kind) IsSupported ¶ added in v1.13.9
IsSupported returns true if k is supported by CKE.
type KubeComponentStatus ¶
type KubeComponentStatus struct { ServiceStatus IsHealthy bool }
KubeComponentStatus represents service status and endpoint's health
type KubeletParams ¶
type KubeletParams struct { ServiceParams `yaml:",inline"` ContainerRuntime string `json:"container_runtime" yaml:"container_runtime"` ContainerRuntimeEndpoint string `json:"container_runtime_endpoint" yaml:"container_runtime_endpoint"` ContainerLogMaxSize string `json:"container_log_max_size" yaml:"container_log_max_size"` ContainerLogMaxFiles int32 `json:"container_log_max_files" yaml:"container_log_max_files"` Domain string `json:"domain" yaml:"domain"` AllowSwap bool `json:"allow_swap" yaml:"allow_swap"` BootTaints []corev1.Taint `json:"boot_taints" yaml:"boot_taints"` CNIConfFile CNIConfFile `json:"cni_conf_file" yaml:"cni_conf_file"` }
KubeletParams is a set of extra parameters for kubelet.
type KubeletStatus ¶
type KubeletStatus struct { ServiceStatus IsHealthy bool Domain string AllowSwap bool ContainerLogMaxSize string ContainerLogMaxFiles int32 }
KubeletStatus represents kubelet status and health
type KubernetesCA ¶
type KubernetesCA struct{}
KubernetesCA is a certificate authority for k8s cluster.
func (KubernetesCA) IssueForAPIServer ¶
func (k KubernetesCA) IssueForAPIServer(ctx context.Context, inf Infrastructure, n *Node, serviceSubnet, domain string) (crt, key string, err error)
IssueForAPIServer issues TLS certificate for API servers.
func (KubernetesCA) IssueForControllerManager ¶
func (k KubernetesCA) IssueForControllerManager(ctx context.Context, inf Infrastructure) (crt, key string, err error)
IssueForControllerManager issues TLS certificate for kube-controller-manager.
func (KubernetesCA) IssueForKubelet ¶
func (k KubernetesCA) IssueForKubelet(ctx context.Context, inf Infrastructure, node *Node) (crt, key string, err error)
IssueForKubelet issues TLS certificate for kubelet.
func (KubernetesCA) IssueForProxy ¶
func (k KubernetesCA) IssueForProxy(ctx context.Context, inf Infrastructure) (crt, key string, err error)
IssueForProxy issues TLS certificate for kube-proxy.
func (KubernetesCA) IssueForScheduler ¶
func (k KubernetesCA) IssueForScheduler(ctx context.Context, inf Infrastructure) (crt, key string, err error)
IssueForScheduler issues TLS certificate for kube-scheduler.
func (KubernetesCA) IssueForServiceAccount ¶
func (k KubernetesCA) IssueForServiceAccount(ctx context.Context, inf Infrastructure) (crt, key string, err error)
IssueForServiceAccount issues TLS certificate to sign service account tokens.
func (KubernetesCA) IssueUserCert ¶ added in v1.14.14
func (k KubernetesCA) IssueUserCert(ctx context.Context, inf Infrastructure, userName, groupName string, ttl string) (crt, key string, err error)
IssueUserCert issues client certificate for user.
type KubernetesClusterStatus ¶
type KubernetesClusterStatus struct { IsControlPlaneReady bool Nodes []corev1.Node DNSService *corev1.Service ClusterDNS ClusterDNSStatus NodeDNS NodeDNSStatus MasterEndpoints *corev1.Endpoints EtcdService *corev1.Service EtcdEndpoints *corev1.Endpoints EtcdBackup EtcdBackupStatus ResourceStatuses map[string]map[string]string }
KubernetesClusterStatus contains kubernetes cluster configurations
func (KubernetesClusterStatus) IsReady ¶
func (s KubernetesClusterStatus) IsReady(cluster *Cluster) bool
IsReady returns the cluster condition whether or not Pod can be scheduled
func (KubernetesClusterStatus) SetResourceStatus ¶ added in v1.13.9
func (s KubernetesClusterStatus) SetResourceStatus(rkey string, annotations map[string]string)
SetResourceStatus sets status of the resource.
type Mount ¶
type Mount struct { Source string `json:"source" yaml:"source"` Destination string `json:"destination" yaml:"destination"` ReadOnly bool `json:"read_only" yaml:"read_only"` Propagation BindPropagation `json:"propagation" yaml:"propagation"` Label SELinuxLabel `json:"selinux_label" yaml:"selinux_label"` }
Mount is volume mount information
type Node ¶
type Node struct { Address string `json:"address" yaml:"address"` Hostname string `json:"hostname" yaml:"hostname"` User string `json:"user" yaml:"user"` ControlPlane bool `json:"control_plane" yaml:"control_plane"` Annotations map[string]string `json:"annotations" yaml:"annotations"` Labels map[string]string `json:"labels" yaml:"labels"` Taints []corev1.Taint `json:"taints" yaml:"taints"` }
Node represents a node in Kubernetes.
func ControlPlanes ¶
ControlPlanes returns control plane []*Node
type NodeDNSStatus ¶
NodeDNSStatus contains node local resolver status.
type NodeStatus ¶
type NodeStatus struct { Etcd EtcdStatus Rivers ServiceStatus EtcdRivers ServiceStatus APIServer KubeComponentStatus ControllerManager KubeComponentStatus Scheduler SchedulerStatus Proxy KubeComponentStatus Kubelet KubeletStatus Labels map[string]string // are labels for k8s Node resource. }
NodeStatus status of a node.
type Operator ¶
type Operator interface { // Name returns the operation name. Name() string // NextCommand returns the next command or nil if completed. NextCommand() Commander // Targets returns the ip which will be affected by the operation Targets() []string }
Operator is the interface for operations
type Options ¶
type Options struct { Etcd EtcdParams `json:"etcd" yaml:"etcd"` Rivers ServiceParams `json:"rivers" yaml:"rivers"` EtcdRivers ServiceParams `json:"etcd-rivers" yaml:"etcd-rivers"` APIServer APIServerParams `json:"kube-api" yaml:"kube-api"` ControllerManager ServiceParams `json:"kube-controller-manager" yaml:"kube-controller-manager"` Scheduler SchedulerParams `json:"kube-scheduler" yaml:"kube-scheduler"` Proxy ServiceParams `json:"kube-proxy" yaml:"kube-proxy"` Kubelet KubeletParams `json:"kubelet" yaml:"kubelet"` }
Options is a set of optional parameters for k8s components.
type Record ¶
type Record struct { ID int64 `json:"id,string"` Status RecordStatus `json:"status"` Operation string `json:"operation"` Command Command `json:"command"` Targets []string `json:"targets"` Error string `json:"error"` StartAt time.Time `json:"start-at"` EndAt time.Time `json:"end-at"` }
Record represents a record of an operation
func (*Record) SetCommand ¶
SetCommand updates the record for the new command
type RecordChan ¶ added in v1.14.1
type RecordChan <-chan *Record
RecordChan is a channel for watching new operation records.
type ResourceDefinition ¶ added in v1.13.9
type ResourceDefinition struct { Key string Kind Kind Namespace string Name string Revision int64 Image string Definition []byte }
ResourceDefinition represents a CKE-managed kubernetes resource.
func (ResourceDefinition) NeedUpdate ¶ added in v1.13.10
func (d ResourceDefinition) NeedUpdate(annotations map[string]string) bool
NeedUpdate returns true if annotations of the current resource indicates need for update.
func (ResourceDefinition) String ¶ added in v1.13.9
func (d ResourceDefinition) String() string
String implements fmt.Stringer.
type SELinuxLabel ¶
type SELinuxLabel string
SELinuxLabel is selinux label of the host file or directory https://docs.docker.com/storage/bind-mounts/#configure-the-selinux-label
func (SELinuxLabel) String ¶
func (l SELinuxLabel) String() string
type SchedulerParams ¶ added in v1.14.6
type SchedulerParams struct { ServiceParams `yaml:",inline"` Extenders []string `json:"extenders" yaml:"extenders"` }
SchedulerParams is a set of extra parameters for kube-scheduler.
type SchedulerStatus ¶ added in v1.14.6
type SchedulerStatus struct { ServiceStatus IsHealthy bool Extenders []*scheduler.ExtenderConfig }
SchedulerStatus represents kube-scheduler status and health
type ServiceParams ¶
type ServiceParams struct { ExtraArguments []string `json:"extra_args" yaml:"extra_args"` ExtraBinds []Mount `json:"extra_binds" yaml:"extra_binds"` ExtraEnvvar map[string]string `json:"extra_env" yaml:"extra_env"` }
ServiceParams is a common set of extra parameters for k8s components.
func (ServiceParams) Equal ¶
func (s ServiceParams) Equal(o ServiceParams) bool
Equal returns true if the services params is equals to other one, otherwise return false
type ServiceStatus ¶
type ServiceStatus struct { Running bool Image string BuiltInParams ServiceParams ExtraParams ServiceParams }
ServiceStatus represents statuses of a service.
If Running is false, the service is not running on the node. ExtraXX are extra parameters of the running service, if any.
type Storage ¶
Storage provides operations to store/retrieve CKE data in etcd.
func (Storage) DeleteResource ¶ added in v1.13.9
DeleteResource removes a user resource from etcd.
func (Storage) EnableSabakan ¶ added in v1.14.5
EnableSabakan enables sabakan integration when flag is true. When flag is false, sabakan integration is disabled.
func (Storage) GetAllResources ¶ added in v1.13.9
func (s Storage) GetAllResources(ctx context.Context) ([]ResourceDefinition, error)
GetAllResources gets all user-defined resources. The returned slice of resources are sorted so that creating resources in order will not fail.
func (Storage) GetCACertificate ¶
GetCACertificate loads CA certificate from etcd.
func (Storage) GetCluster ¶
GetCluster loads *Cluster from etcd. If cluster configuration has not been stored, this returns ErrNotFound.
func (Storage) GetClusterWithRevision ¶
GetClusterWithRevision loads *Cluster from etcd as well as the stored revision number. The revision number was stored with *Cluster by PutClusterWithTemplateRevision().
func (Storage) GetConstraints ¶
func (s Storage) GetConstraints(ctx context.Context) (*Constraints, error)
GetConstraints loads *Constraints from etcd. If constraints have not been stored, this returns ErrNotFound.
func (Storage) GetLeaderHostname ¶
GetLeaderHostname returns the current leader's host name. It returns non-nil error when there is no leader.
func (Storage) GetRecords ¶
GetRecords loads list of *Record from etcd. The returned records are sorted by record ID in decreasing order.
func (Storage) GetResource ¶ added in v1.13.9
GetResource gets a user resource.
func (Storage) GetSabakanQueryVariables ¶
GetSabakanQueryVariables gets query variables for Sabakan.
func (Storage) GetSabakanTemplate ¶
GetSabakanTemplate gets template cluster configuration. If a template exists, it will be returned with ModRevision.
func (Storage) GetSabakanURL ¶
GetSabakanURL gets URL of sabakan API. The URL must be an absolute URL pointing GraphQL endpoint.
func (Storage) GetServiceAccountCert ¶
GetServiceAccountCert loads x509 certificate for service account. The format is PEM.
func (Storage) GetServiceAccountKey ¶
GetServiceAccountKey loads private key for service account. The format is PEM.
func (Storage) GetVaultConfig ¶
func (s Storage) GetVaultConfig(ctx context.Context) (*VaultConfig, error)
GetVaultConfig loads *VaultConfig from etcd.
func (Storage) IsSabakanDisabled ¶ added in v1.14.5
IsSabakanDisabled returns true if sabakan integration is disabled.
func (Storage) ListResources ¶ added in v1.13.9
ListResources lists keys of registered user resources.
func (Storage) NextRecordID ¶
NextRecordID get the next record ID from etcd
func (Storage) PutCACertificate ¶
PutCACertificate stores CA certificate into etcd.
func (Storage) PutCluster ¶
PutCluster stores *Cluster into etcd.
func (Storage) PutClusterWithTemplateRevision ¶
func (s Storage) PutClusterWithTemplateRevision(ctx context.Context, c *Cluster, rev int64, leaderKey string) error
PutClusterWithTemplateRevision stores *Cluster into etcd along with a revision number.
func (Storage) PutConstraints ¶
func (s Storage) PutConstraints(ctx context.Context, c *Constraints) error
PutConstraints stores *Constraints into etcd.
func (Storage) PutServiceAccountData ¶
PutServiceAccountData stores x509 certificate and private key for service account.
func (Storage) PutVaultConfig ¶
func (s Storage) PutVaultConfig(ctx context.Context, c *VaultConfig) error
PutVaultConfig stores *VaultConfig into etcd.
func (Storage) RegisterRecord ¶
RegisterRecord stores *Record if the leaderKey exists
func (Storage) SetResource ¶ added in v1.13.9
SetResource sets a user resource.
func (Storage) SetSabakanQueryVariables ¶
SetSabakanQueryVariables sets query variables for Sabakan. Caller must validate the contents.
func (Storage) SetSabakanTemplate ¶
SetSabakanTemplate stores template cluster configuration. Caller must validate the template.
func (Storage) SetSabakanURL ¶
SetSabakanURL stores URL of sabakan API.
func (Storage) UpdateRecord ¶
UpdateRecord updates existing record
func (Storage) WatchRecords ¶ added in v1.14.1
WatchRecords watches new operation records. The watched records will be returned through the returned channel.
type VaultConfig ¶
type VaultConfig struct { // Endpoint is the address of the Vault server. Endpoint string `json:"endpoint"` // CACert is x509 certificate in PEM format of the endpoint CA. CACert string `json:"ca-cert"` // RoleID is AppRole ID to login to Vault. RoleID string `json:"role-id"` // SecretID is AppRole secret to login to Vault. SecretID string `json:"secret-id"` }
VaultConfig is data to store in etcd
func (*VaultConfig) Validate ¶
func (c *VaultConfig) Validate() error
Validate validates the vault configuration