cke

package module
v1.16.0-rc.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 19, 2019 License: MIT Imports: 55 Imported by: 0

README

GitHub release CircleCI GoDoc Go Report Card Docker Repository on Quay CII Best Practices

Cybozu Kubernetes Engine

Kubernetes certification logo

CKE (Cybozu Kubernetes Engine) is a distributed service that automates Kubernetes cluster management.

Project Status: Testing for production.

Requirements

CKE requirements
Node OS Requirements
  • Docker: etcd data is stored in Docker volumes.
  • A user who belongs to docker group
  • SSH access for the user

Features

  • Bootstrapping and life-cycle management.

    CKE can bootstrap a Kubernetes and etcd cluster from scratch. CKE can also add or remove nodes to/from the Kubernetes and etcd cluster.

  • In-place and fast upgrade of Kubernetes

    A version of CKE corresponds strictly to a single version of Kubernetes. Therefore, upgrading CKE will upgrade the managed Kubernetes.

    Unlike kubeadm or similar tools, CKE can automatically upgrade its managed Kubernetes without draining nodes. The time taken for the upgrade is not proportional to the number of nodes, so it is very fast.

  • Managed etcd cluster

    CKE manages an etcd cluster for Kubernetes. Other applications may also store their data in the same etcd cluster. Backups of etcd data are automatically taken by CKE.

    Details are described in docs/etcd.md.

  • CRI runtimes

    In addition to Docker, CRI runtimes such as containerd or cri-o can be used to run Kubernetes Pods.

  • Kubernetes features:

  • User-defined resources:

    CKE automatically creates or updates Kubernetes API resources such as Deployments, Namespaces, or CronJobs that are defined by users. This feature helps users to automate Kubernetes cluster maintenance.

  • Sabakan integration

    CKE can be integrated with sabakan, a service that automates physical server management, to generate cluster configuration automatically.

    Sabakan is not a requirement; cluster configuration can be supplied externally by a YAML file.

  • High availability

    CKE stores its configurations in etcd to share them among multiple instances. Etcd is also used to elect a leader instance that exclusively controls the Kubernetes cluster.

  • Operation logs

    To track problems and life-cycle events, CKE keeps operation logs in etcd.

Programs

This repository contains these programs:

  • cke: the service.
  • ckecli: CLI tool for cke.

To see their usage, run them with -h option.

Getting started

A demonstration of CKE running on docker is available at example directory.

Documentation

docs directory contains tutorials and specifications.

Usage

Run CKE with docker
$ docker run -d --read-only \
    --network host --name cke \
    quay.io/cybozu/cke:1.16 [options...]
Install ckecli to host file system
$ docker run --rm -u root:root \
    --entrypoint /usr/local/cke/install-tools \
    --mount type=bind,src=DIR,target=/host \
    quay.io/cybozu/cke:1.16

Feedback

Please report bugs / issues to GitHub issues.

Feel free to send your pull requests!

License

CKE is licensed under MIT license.

Documentation

Index

Constants

View Source 
const (
	PropagationShared   = BindPropagation("shared")
	PropagationSlave    = BindPropagation("slave")
	PropagationPrivate  = BindPropagation("private")
	PropagationRShared  = BindPropagation("rshared")
	PropagationRSlave   = BindPropagation("rslave")
	PropagationRPrivate = BindPropagation("rprivate")
)

Bind propagation definitions

View Source 
const (
	LabelShared  = SELinuxLabel("z")
	LabelPrivate = SELinuxLabel("Z")
)

SELinux Label definitions

View Source 
const (
	EtcdImage      = Image("quay.io/cybozu/etcd:3.3.18.1")
	HyperkubeImage = Image("quay.io/cybozu/hyperkube:1.16.4.1")
	ToolsImage     = Image("quay.io/cybozu/cke-tools:1.6.4")
	PauseImage     = Image("quay.io/cybozu/pause:3.1.0.3")
	CoreDNSImage   = Image("quay.io/cybozu/coredns:1.6.6.1")
	UnboundImage   = Image("quay.io/cybozu/unbound:1.9.5.1")
)

Container image definitions

View Source 
const (
	CAServer                = "cke/ca-server"
	CAEtcdPeer              = "cke/ca-etcd-peer"
	CAEtcdClient            = "cke/ca-etcd-client"
	CAKubernetes            = "cke/ca-kubernetes"
	CAKubernetesAggregation = "cke/ca-kubernetes-aggregation"
)

CA keys in Vault

View Source 
const (
	RoleSystem                = "system"
	RoleAdmin                 = "admin"
	RoleKubeScheduler         = "kube-scheduler"
	RoleKubeControllerManager = "kube-controller-manager"
	RoleKubelet               = "kubelet"
	RoleKubeProxy             = "kube-proxy"
	RoleServiceAccount        = "service-account"
)

Role name in Vault

View Source 
const (
	StatusNew       = RecordStatus("new")
	StatusRunning   = RecordStatus("running")
	StatusCancelled = RecordStatus("cancelled")
	StatusCompleted = RecordStatus("completed")
)

Record statuses

View Source 
const (
	AnnotationResourceImage    = "cke.cybozu.com/image"
	AnnotationResourceRevision = "cke.cybozu.com/revision"
	AnnotationResourceOriginal = "cke.cybozu.com/last-applied-configuration"
)

Annotations for CKE-managed resources.

View Source 
const (
	KindNamespace           = "Namespace"
	KindServiceAccount      = "ServiceAccount"
	KindPodSecurityPolicy   = "PodSecurityPolicy"
	KindNetworkPolicy       = "NetworkPolicy"
	KindClusterRole         = "ClusterRole"
	KindRole                = "Role"
	KindClusterRoleBinding  = "ClusterRoleBinding"
	KindRoleBinding         = "RoleBinding"
	KindConfigMap           = "ConfigMap"
	KindDeployment          = "Deployment"
	KindDaemonSet           = "DaemonSet"
	KindCronJob             = "CronJob"
	KindService             = "Service"
	KindPodDisruptionBudget = "PodDisruptionBudget"
)

Supported resource kinds

View Source 
const (
	KeyCA                    = "ca/"
	KeyConfigVersion         = "config-version"
	KeyCluster               = "cluster"
	KeyClusterRevision       = "cluster-revision"
	KeyConstraints           = "constraints"
	KeyLeader                = "leader/"
	KeyRecords               = "records/"
	KeyRecordID              = "records"
	KeyResourcePrefix        = "resource/"
	KeySabakanDisabled       = "sabakan/disabled"
	KeySabakanQueryVariables = "sabakan/query-variables"
	KeySabakanTemplate       = "sabakan/template"
	KeySabakanURL            = "sabakan/url"
	KeyServiceAccountCert    = "service-account/certificate"
	KeyServiceAccountKey     = "service-account/key"
	KeyVault                 = "vault"
)

etcd keys and prefixes

View Source 
const AdminGroup = "system:masters"

AdminGroup is the group name of cluster admin users

View Source 
const CKESecret = "cke/secrets"

CKESecret is the path of key-value secret engine for CKE.

View Source 
const CNAPIServer = "front-proxy-client"

CNAPIServer is the common name of API server for aggregation

View Source 
const ConfigVersion = "2"

ConfigVersion represents the current configuration scheme of how CKE constructs its Kubernetes cluster.

View Source 
const (

	// DefaultRunTimeout is the timeout value for Agent.Run().
	DefaultRunTimeout = 10 * time.Minute
)
View Source 
const K8sSecret = CKESecret + "/k8s"

K8sSecret is the path of encryption keys used for Kubernetes Secrets.

View Source 
const SSHSecret = CKESecret + "/ssh"

SSHSecret is the path of SSH private keys in Vault.

View Source 
const Version = "1.16.0-rc.2"

Version represents current cke version

Variables

View Source 
var (
	// ErrNotFound may be returned by Storage methods when a key is not found.
	ErrNotFound = errors.New("not found")
	// ErrNoLeader is returned when the session lost leadership.
	ErrNoLeader = errors.New("lost leadership")
)
View Source 
var CAKeys = []string{
	CAServer,
	CAEtcdPeer,
	CAEtcdClient,
	CAKubernetes,
	CAKubernetesAggregation,
}

CAKeys is list of CA keys

Functions

func AddUserRole 

func AddUserRole(ctx context.Context, cli *clientv3.Client, name, prefix string) error

AddUserRole create etcd user and role.

func AllImages 

func AllImages() []string

AllImages return container images list used by CKE

func ApplyResource added in v1.13.9 

func ApplyResource(clientset *kubernetes.Clientset, data []byte, rev int64) error

ApplyResource creates or patches Kubernetes object.

func ConnectVault 

func ConnectVault(ctx context.Context, data []byte) error

ConnectVault unmarshal data to get VaultConfig and call VaultClient with it. It then start renewing login token for long-running process.

func GetUserRoles 

func GetUserRoles(ctx context.Context, cli *clientv3.Client, user string) ([]string, error)

GetUserRoles get roles of target user.

func IssueEtcdClientCertificate 

func IssueEtcdClientCertificate(inf Infrastructure, username, ttl string) (cert, key string, err error)

IssueEtcdClientCertificate issues TLS client certificate for a user.

func Kubeconfig 

func Kubeconfig(cluster, user, ca, clientCrt, clientKey string) *api.Config

Kubeconfig creates *api.Config that will be rendered as "kubeconfig" file.

func NewEtcdConfig 

func NewEtcdConfig() *etcdutil.Config

NewEtcdConfig creates Config with default prefix.

func ParseResource added in v1.13.9 

func ParseResource(data []byte) (key string, jsonData []byte, err error)

ParseResource parses YAML string.

func SortResources added in v1.13.10 

func SortResources(res []ResourceDefinition)

SortResources sort resources as defined order of creation.

func UserKubeconfig added in v1.14.14 

func UserKubeconfig(cluster, userName, ca, clientCrt, clientKey, server string) *api.Config

UserKubeconfig makes kubeconfig for users

func VaultClient 

func VaultClient(cfg *VaultConfig) (*vault.Client, *vault.Secret, error)

VaultClient creates vault client. The client has logged-in to Vault using RoleID and SecretID in cfg.

Types

type APIServerParams added in v1.13.3 

type APIServerParams struct {
	ServiceParams   `json:",inline"`
	AuditLogEnabled bool   `json:"audit_log_enabled"`
	AuditLogPolicy  string `json:"audit_log_policy"`
}

APIServerParams is a set of extra parameters for kube-apiserver.

type Agent 

type Agent interface {
	// Close closes the underlying connection.
	Close() error

	// Run command on the node.
	// It returns non-nil error if the command takes too long (> DefaultRunTimeout).
	Run(command string) (stdout, stderr []byte, err error)

	// RunWithInput run command with input as stdin.
	// It returns non-nil error if the command takes too long (> DefaultRunTimeout).
	RunWithInput(command, input string) error

	// RunWithTimeout run command with given timeout.
	// If timeout is 0, the command will run indefinitely.
	RunWithTimeout(command, input string, timeout time.Duration) (stdout, stderr []byte, err error)
}

Agent is the interface to run commands on a node.

func SSHAgent 

func SSHAgent(node *Node, privkey string) (Agent, error)

SSHAgent creates an Agent that communicates over SSH. It returns non-nil error when connection could not be established.

type AggregationCA added in v1.14.3 

type AggregationCA struct{}

AggregationCA is a certificate authority for kubernetes aggregation API server

func (AggregationCA) IssueClientCertificate added in v1.14.3 

func (a AggregationCA) IssueClientCertificate(ctx context.Context, inf Infrastructure) (cert, key string, err error)

IssueClientCertificate issues TLS client certificate for API server

type BindPropagation 

type BindPropagation string

BindPropagation is bind propagation option for Docker https://docs.docker.com/storage/bind-mounts/#configure-bind-propagation

func (BindPropagation) String 

func (p BindPropagation) String() string

type CNIConfFile added in v1.13.7 

type CNIConfFile struct {
	Name    string `json:"name"`
	Content string `json:"content"`
}

CNIConfFile is a config file for CNI plugin deployed on worker nodes by CKE.

type Cluster 

type Cluster struct {
	Name          string     `json:"name"`
	Nodes         []*Node    `json:"nodes"`
	TaintCP       bool       `json:"taint_control_plane"`
	ServiceSubnet string     `json:"service_subnet"`
	PodSubnet     string     `json:"pod_subnet"`
	DNSServers    []string   `json:"dns_servers"`
	DNSService    string     `json:"dns_service"`
	EtcdBackup    EtcdBackup `json:"etcd_backup"`
	Options       Options    `json:"options"`
}

Cluster is a set of configurations for a etcd/Kubernetes cluster.

func NewCluster 

func NewCluster() *Cluster

NewCluster creates Cluster

func (*Cluster) Validate 

func (c *Cluster) Validate(isTmpl bool) error

Validate validates the cluster definition.

type ClusterDNSStatus 

type ClusterDNSStatus struct {
	ConfigMap *corev1.ConfigMap
	ClusterIP string
}

ClusterDNSStatus contains cluster resolver status.

type ClusterStatus 

type ClusterStatus struct {
	ConfigVersion string
	Name          string
	NodeStatuses  map[string]*NodeStatus // keys are IP address strings.

	Etcd       EtcdClusterStatus
	Kubernetes KubernetesClusterStatus
}

ClusterStatus represents the working cluster status. The structure reflects Cluster, of course.

type Command 

type Command struct {
	Name   string `json:"name"`
	Target string `json:"target"`
}

Command represents some command

func (Command) String 

func (c Command) String() string

String implements fmt.Stringer

type Commander 

type Commander interface {
	// Run executes the command
	Run(ctx context.Context, inf Infrastructure, leaderKey string) error
	// Command returns the command information
	Command() Command
}

Commander is a single step to proceed an operation

type Constraints 

type Constraints struct {
	ControlPlaneCount int `json:"control-plane-count"`
	MinimumWorkers    int `json:"minimum-workers"`
	MaximumWorkers    int `json:"maximum-workers"`
}

Constraints is a set of conditions that a cluster must satisfy

func DefaultConstraints 

func DefaultConstraints() *Constraints

DefaultConstraints returns the default constraints

func (*Constraints) Check 

func (c *Constraints) Check(cluster *Cluster) error

Check checks the cluster satisfies the constraints

type ContainerEngine 

type ContainerEngine interface {
	// PullImage pulls an image.
	PullImage(img Image) error
	// Run runs a container as a foreground process.
	Run(img Image, binds []Mount, command string) error
	// RunWithInput runs a container as a foreground process with stdin as a string.
	RunWithInput(img Image, binds []Mount, command, input string) error
	// RunSystem runs the named container as a system service.
	RunSystem(name string, img Image, opts []string, params, extra ServiceParams) error
	// Exists returns if named system container exists.
	Exists(name string) (bool, error)
	// Stop stops the named system container.
	Stop(name string) error
	// Kill kills the named system container.
	Kill(name string) error
	// Remove removes the named system container.
	Remove(name string) error
	// Inspect returns ServiceStatus for the named container.
	Inspect(name []string) (map[string]ServiceStatus, error)
	// VolumeCreate creates a local volume.
	VolumeCreate(name string) error
	// VolumeRemove creates a local volume.
	VolumeRemove(name string) error
	// VolumeExists returns true if the named volume exists.
	VolumeExists(name string) (bool, error)
}

ContainerEngine defines interfaces for a container engine.

func Docker 

func Docker(agent Agent) ContainerEngine

Docker is an implementation of ContainerEngine.

type EtcdBackup 

type EtcdBackup struct {
	Enabled  bool   `json:"enabled"`
	PVCName  string `json:"pvc_name"`
	Schedule string `json:"schedule"`
	Rotate   int    `json:"rotate,omitempty"`
}

EtcdBackup is a set of configurations for etcdbackup.

type EtcdBackupStatus 

type EtcdBackupStatus struct {
	ConfigMap *corev1.ConfigMap
	CronJob   *batchv1beta1.CronJob
	Pod       *corev1.Pod
	Secret    *corev1.Secret
	Service   *corev1.Service
}

EtcdBackupStatus is the status of etcdbackup

type EtcdCA 

type EtcdCA struct{}

EtcdCA is a certificate authority for etcd cluster.

func (EtcdCA) IssueForAPIServer 

func (e EtcdCA) IssueForAPIServer(ctx context.Context, inf Infrastructure, node *Node) (crt, key string, err error)

IssueForAPIServer issues TLC client certificate for Kubernetes.

func (EtcdCA) IssueForBackup 

func (e EtcdCA) IssueForBackup(ctx context.Context, inf Infrastructure) (cert, key string, err error)

IssueForBackup issues certificate for etcdbackup.

func (EtcdCA) IssuePeerCert 

func (e EtcdCA) IssuePeerCert(ctx context.Context, inf Infrastructure, node *Node) (crt, key string, err error)

IssuePeerCert issues TLS certificates for mutual peer authentication.

func (EtcdCA) IssueRoot 

func (e EtcdCA) IssueRoot(ctx context.Context, inf Infrastructure) (cert, key string, err error)

IssueRoot issues certificate for root user.

func (EtcdCA) IssueServerCert 

func (e EtcdCA) IssueServerCert(ctx context.Context, inf Infrastructure, node *Node, domain string) (crt, key string, err error)

IssueServerCert issues TLS server certificates.

type EtcdClusterStatus 

type EtcdClusterStatus struct {
	IsHealthy     bool
	Members       map[string]*etcdserverpb.Member
	InSyncMembers map[string]bool
}

EtcdClusterStatus is the status of the etcd cluster.

type EtcdParams 

type EtcdParams struct {
	ServiceParams `json:",inline"`
	VolumeName    string `json:"volume_name"`
}

EtcdParams is a set of extra parameters for etcd.

type EtcdStatus 

type EtcdStatus struct {
	ServiceStatus
	HasData bool
}

EtcdStatus is the status of kubelet.

type Image 

type Image string

Image is the type of container images.

func (Image) Name 

func (i Image) Name() string

Name returns docker image name.

type Infrastructure 

type Infrastructure interface {
	Close()

	// Agent returns the agent corresponding to addr and returns nil if addr is not connected.
	Agent(addr string) Agent
	Engine(addr string) ContainerEngine
	Vault() (*vault.Client, error)
	Storage() Storage

	NewEtcdClient(ctx context.Context, endpoints []string) (*clientv3.Client, error)
	K8sClient(ctx context.Context, n *Node) (*kubernetes.Clientset, error)
	HTTPClient() *well.HTTPClient
	HTTPSClient(ctx context.Context) (*well.HTTPClient, error)
}

Infrastructure presents an interface for infrastructure on CKE

func NewInfrastructure 

func NewInfrastructure(ctx context.Context, c *Cluster, s Storage) (Infrastructure, error)

NewInfrastructure creates a new Infrastructure instance

type IssueResponse 

type IssueResponse struct {
	Cert   string `json:"certificate"`
	Key    string `json:"private_key"`
	CACert string `json:"ca_certificate"`
}

IssueResponse is cli output format.

type Kind added in v1.13.9 

type Kind string

Kind prepresents Kubernetes resource kind

func (Kind) IsSupported added in v1.13.9 

func (k Kind) IsSupported() bool

IsSupported returns true if k is supported by CKE.

func (Kind) Order added in v1.13.9 

func (k Kind) Order() int

Order returns the precedence of resource creation order as an integer.

type KubeComponentStatus 

type KubeComponentStatus struct {
	ServiceStatus
	IsHealthy bool
}

KubeComponentStatus represents service status and endpoint's health

type KubeletParams 

type KubeletParams struct {
	ServiceParams            `json:",inline"`
	ContainerRuntime         string         `json:"container_runtime"`
	ContainerRuntimeEndpoint string         `json:"container_runtime_endpoint"`
	ContainerLogMaxSize      string         `json:"container_log_max_size"`
	ContainerLogMaxFiles     int32          `json:"container_log_max_files"`
	Domain                   string         `json:"domain"`
	AllowSwap                bool           `json:"allow_swap"`
	BootTaints               []corev1.Taint `json:"boot_taints"`
	CNIConfFile              CNIConfFile    `json:"cni_conf_file"`
}

KubeletParams is a set of extra parameters for kubelet.

type KubeletStatus 

type KubeletStatus struct {
	ServiceStatus
	IsHealthy            bool
	Domain               string
	AllowSwap            bool
	ContainerLogMaxSize  string
	ContainerLogMaxFiles int32
}

KubeletStatus represents kubelet status and health

type KubernetesCA 

type KubernetesCA struct{}

KubernetesCA is a certificate authority for k8s cluster.

func (KubernetesCA) IssueForAPIServer 

func (k KubernetesCA) IssueForAPIServer(ctx context.Context, inf Infrastructure, n *Node, serviceSubnet, domain string) (crt, key string, err error)

IssueForAPIServer issues TLS certificate for API servers.

func (KubernetesCA) IssueForControllerManager 

func (k KubernetesCA) IssueForControllerManager(ctx context.Context, inf Infrastructure) (crt, key string, err error)

IssueForControllerManager issues TLS certificate for kube-controller-manager.

func (KubernetesCA) IssueForKubelet 

func (k KubernetesCA) IssueForKubelet(ctx context.Context, inf Infrastructure, node *Node) (crt, key string, err error)

IssueForKubelet issues TLS certificate for kubelet.

func (KubernetesCA) IssueForProxy 

func (k KubernetesCA) IssueForProxy(ctx context.Context, inf Infrastructure) (crt, key string, err error)

IssueForProxy issues TLS certificate for kube-proxy.

func (KubernetesCA) IssueForScheduler 

func (k KubernetesCA) IssueForScheduler(ctx context.Context, inf Infrastructure) (crt, key string, err error)

IssueForScheduler issues TLS certificate for kube-scheduler.

func (KubernetesCA) IssueForServiceAccount 

func (k KubernetesCA) IssueForServiceAccount(ctx context.Context, inf Infrastructure) (crt, key string, err error)

IssueForServiceAccount issues TLS certificate to sign service account tokens.

func (KubernetesCA) IssueUserCert added in v1.14.14 

func (k KubernetesCA) IssueUserCert(ctx context.Context, inf Infrastructure, userName, groupName string, ttl string) (crt, key string, err error)

IssueUserCert issues client certificate for user.

type KubernetesClusterStatus 

type KubernetesClusterStatus struct {
	IsControlPlaneReady bool
	Nodes               []corev1.Node
	DNSService          *corev1.Service
	ClusterDNS          ClusterDNSStatus
	NodeDNS             NodeDNSStatus
	MasterEndpoints     *corev1.Endpoints
	EtcdService         *corev1.Service
	EtcdEndpoints       *corev1.Endpoints
	EtcdBackup          EtcdBackupStatus
	ResourceStatuses    map[string]map[string]string
}

KubernetesClusterStatus contains kubernetes cluster configurations

func (KubernetesClusterStatus) IsReady 

func (s KubernetesClusterStatus) IsReady(cluster *Cluster) bool

IsReady returns the cluster condition whether or not Pod can be scheduled

func (KubernetesClusterStatus) SetResourceStatus added in v1.13.9 

func (s KubernetesClusterStatus) SetResourceStatus(rkey string, annotations map[string]string)

SetResourceStatus sets status of the resource.

type Mount 

type Mount struct {
	Source      string          `json:"source"`
	Destination string          `json:"destination"`
	ReadOnly    bool            `json:"read_only"`
	Propagation BindPropagation `json:"propagation"`
	Label       SELinuxLabel    `json:"selinux_label"`
}

Mount is volume mount information

func (Mount) Equal 

func (m Mount) Equal(o Mount) bool

Equal returns true if the mount is equals to other one, otherwise return false

type Node 

type Node struct {
	Address      string            `json:"address"`
	Hostname     string            `json:"hostname"`
	User         string            `json:"user"`
	ControlPlane bool              `json:"control_plane"`
	Annotations  map[string]string `json:"annotations"`
	Labels       map[string]string `json:"labels"`
	Taints       []corev1.Taint    `json:"taints"`
}

Node represents a node in Kubernetes.

func ControlPlanes 

func ControlPlanes(nodes []*Node) []*Node

ControlPlanes returns control plane []*Node

func (*Node) Nodename 

func (n *Node) Nodename() string

Nodename returns a hostname or address if hostname is empty

type NodeDNSStatus 

type NodeDNSStatus struct {
	ConfigMap *corev1.ConfigMap
}

NodeDNSStatus contains node local resolver status.

type NodeStatus 

type NodeStatus struct {
	SSHConnected      bool
	Etcd              EtcdStatus
	Rivers            ServiceStatus
	EtcdRivers        ServiceStatus
	APIServer         KubeComponentStatus
	ControllerManager KubeComponentStatus
	Scheduler         SchedulerStatus
	Proxy             KubeComponentStatus
	Kubelet           KubeletStatus
	Labels            map[string]string // are labels for k8s Node resource.
}

NodeStatus status of a node.

type Operator 

type Operator interface {
	// Name returns the operation name.
	Name() string
	// NextCommand returns the next command or nil if completed.
	NextCommand() Commander
	// Targets returns the ip which will be affected by the operation
	Targets() []string
}

Operator is the interface for operations

type Options 

type Options struct {
	Etcd              EtcdParams      `json:"etcd"`
	Rivers            ServiceParams   `json:"rivers"`
	EtcdRivers        ServiceParams   `json:"etcd-rivers"`
	APIServer         APIServerParams `json:"kube-api"`
	ControllerManager ServiceParams   `json:"kube-controller-manager"`
	Scheduler         SchedulerParams `json:"kube-scheduler"`
	Proxy             ServiceParams   `json:"kube-proxy"`
	Kubelet           KubeletParams   `json:"kubelet"`
}

Options is a set of optional parameters for k8s components.

type Record 

type Record struct {
	ID        int64        `json:"id,string"`
	Status    RecordStatus `json:"status"`
	Operation string       `json:"operation"`
	Command   Command      `json:"command"`
	Targets   []string     `json:"targets"`
	Error     string       `json:"error"`
	StartAt   time.Time    `json:"start-at"`
	EndAt     time.Time    `json:"end-at"`
}

Record represents a record of an operation

func NewRecord 

func NewRecord(id int64, op string, targets []string) *Record

NewRecord creates new `Record`

func (*Record) Cancel 

func (r *Record) Cancel()

Cancel cancels the operation

func (*Record) Complete 

func (r *Record) Complete()

Complete completes the operation

func (*Record) SetCommand 

func (r *Record) SetCommand(c Command)

SetCommand updates the record for the new command

func (*Record) SetError 

func (r *Record) SetError(e error)

SetError cancels the operation with error information

type RecordChan added in v1.14.1 

type RecordChan <-chan *Record

RecordChan is a channel for watching new operation records.

type RecordStatus 

type RecordStatus string

RecordStatus is status of an operation

type ResourceDefinition added in v1.13.9 

type ResourceDefinition struct {
	Key        string
	Kind       Kind
	Namespace  string
	Name       string
	Revision   int64
	Image      string
	Definition []byte
}

ResourceDefinition represents a CKE-managed kubernetes resource.

func (ResourceDefinition) NeedUpdate added in v1.13.10 

func (d ResourceDefinition) NeedUpdate(annotations map[string]string) bool

NeedUpdate returns true if annotations of the current resource indicates need for update.

func (ResourceDefinition) String added in v1.13.9 

func (d ResourceDefinition) String() string

String implements fmt.Stringer.

type SELinuxLabel 

type SELinuxLabel string

SELinuxLabel is selinux label of the host file or directory https://docs.docker.com/storage/bind-mounts/#configure-the-selinux-label

func (SELinuxLabel) String 

func (l SELinuxLabel) String() string

type SchedulerParams added in v1.14.6 

type SchedulerParams struct {
	ServiceParams `json:",inline"`
	Extenders     []string `json:"extenders"`
}

SchedulerParams is a set of extra parameters for kube-scheduler.

type SchedulerStatus added in v1.14.6 

type SchedulerStatus struct {
	ServiceStatus
	IsHealthy bool
	Extenders []*scheduler.ExtenderConfig
}

SchedulerStatus represents kube-scheduler status and health

type ServiceParams 

type ServiceParams struct {
	ExtraArguments []string          `json:"extra_args"`
	ExtraBinds     []Mount           `json:"extra_binds"`
	ExtraEnvvar    map[string]string `json:"extra_env"`
}

ServiceParams is a common set of extra parameters for k8s components.

func (ServiceParams) Equal 

func (s ServiceParams) Equal(o ServiceParams) bool

Equal returns true if the services params is equals to other one, otherwise return false

type ServiceStatus 

type ServiceStatus struct {
	Running       bool
	Image         string
	BuiltInParams ServiceParams
	ExtraParams   ServiceParams
}

ServiceStatus represents statuses of a service.

If Running is false, the service is not running on the node. ExtraXX are extra parameters of the running service, if any.

type Storage 

type Storage struct {
	*clientv3.Client
}

Storage provides operations to store/retrieve CKE data in etcd.

func (Storage) DeleteResource added in v1.13.9 

func (s Storage) DeleteResource(ctx context.Context, key string) error

DeleteResource removes a user resource from etcd.

func (Storage) EnableSabakan added in v1.14.5 

func (s Storage) EnableSabakan(ctx context.Context, flag bool) error

EnableSabakan enables sabakan integration when flag is true. When flag is false, sabakan integration is disabled.

func (Storage) GetAllResources added in v1.13.9 

func (s Storage) GetAllResources(ctx context.Context) ([]ResourceDefinition, error)

GetAllResources gets all user-defined resources. The returned slice of resources are sorted so that creating resources in order will not fail.

func (Storage) GetCACertificate 

func (s Storage) GetCACertificate(ctx context.Context, name string) (string, error)

GetCACertificate loads CA certificate from etcd.

func (Storage) GetCluster 

func (s Storage) GetCluster(ctx context.Context) (*Cluster, error)

GetCluster loads *Cluster from etcd. If cluster configuration has not been stored, this returns ErrNotFound.

func (Storage) GetClusterWithRevision 

func (s Storage) GetClusterWithRevision(ctx context.Context) (*Cluster, int64, error)

GetClusterWithRevision loads *Cluster from etcd as well as the stored revision number. The revision number was stored with *Cluster by PutClusterWithTemplateRevision().

func (Storage) GetConfigVersion added in v1.15.7 

func (s Storage) GetConfigVersion(ctx context.Context) (string, error)

GetConfigVersion retrieves the configuration version of the Kubernetes cluster.

func (Storage) GetConstraints 

func (s Storage) GetConstraints(ctx context.Context) (*Constraints, error)

GetConstraints loads *Constraints from etcd. If constraints have not been stored, this returns ErrNotFound.

func (Storage) GetLeaderHostname 

func (s Storage) GetLeaderHostname(ctx context.Context) (string, error)

GetLeaderHostname returns the current leader's host name. It returns non-nil error when there is no leader.

func (Storage) GetRecords 

func (s Storage) GetRecords(ctx context.Context, count int64) ([]*Record, error)

GetRecords loads list of *Record from etcd. The returned records are sorted by record ID in decreasing order.

func (Storage) GetResource added in v1.13.9 

func (s Storage) GetResource(ctx context.Context, key string) ([]byte, int64, error)

GetResource gets a user resource.

func (Storage) GetSabakanQueryVariables 

func (s Storage) GetSabakanQueryVariables(ctx context.Context) ([]byte, error)

GetSabakanQueryVariables gets query variables for Sabakan.

func (Storage) GetSabakanTemplate 

func (s Storage) GetSabakanTemplate(ctx context.Context) (*Cluster, int64, error)

GetSabakanTemplate gets template cluster configuration. If a template exists, it will be returned with ModRevision.

func (Storage) GetSabakanURL 

func (s Storage) GetSabakanURL(ctx context.Context) (string, error)

GetSabakanURL gets URL of sabakan API. The URL must be an absolute URL pointing GraphQL endpoint.

func (Storage) GetServiceAccountCert 

func (s Storage) GetServiceAccountCert(ctx context.Context) (string, error)

GetServiceAccountCert loads x509 certificate for service account. The format is PEM.

func (Storage) GetServiceAccountKey 

func (s Storage) GetServiceAccountKey(ctx context.Context) (string, error)

GetServiceAccountKey loads private key for service account. The format is PEM.

func (Storage) GetVaultConfig 

func (s Storage) GetVaultConfig(ctx context.Context) (*VaultConfig, error)

GetVaultConfig loads *VaultConfig from etcd.

func (Storage) IsSabakanDisabled added in v1.14.5 

func (s Storage) IsSabakanDisabled(ctx context.Context) (bool, error)

IsSabakanDisabled returns true if sabakan integration is disabled.

func (Storage) ListResources added in v1.13.9 

func (s Storage) ListResources(ctx context.Context) ([]string, error)

ListResources lists keys of registered user resources.

func (Storage) NextRecordID 

func (s Storage) NextRecordID(ctx context.Context) (int64, error)

NextRecordID get the next record ID from etcd

func (Storage) PutCACertificate 

func (s Storage) PutCACertificate(ctx context.Context, name, pem string) error

PutCACertificate stores CA certificate into etcd.

func (Storage) PutCluster 

func (s Storage) PutCluster(ctx context.Context, c *Cluster) error

PutCluster stores *Cluster into etcd.

func (Storage) PutClusterWithTemplateRevision 

func (s Storage) PutClusterWithTemplateRevision(ctx context.Context, c *Cluster, rev int64, leaderKey string) error

PutClusterWithTemplateRevision stores *Cluster into etcd along with a revision number.

func (Storage) PutConfigVersion added in v1.15.7 

func (s Storage) PutConfigVersion(ctx context.Context, leaderKey string) error

PutConfigVersion sets the current configuration version of the Kubernetes cluster.

func (Storage) PutConstraints 

func (s Storage) PutConstraints(ctx context.Context, c *Constraints) error

PutConstraints stores *Constraints into etcd.

func (Storage) PutServiceAccountData 

func (s Storage) PutServiceAccountData(ctx context.Context, leaderKey, cert, key string) error

PutServiceAccountData stores x509 certificate and private key for service account.

func (Storage) PutVaultConfig 

func (s Storage) PutVaultConfig(ctx context.Context, c *VaultConfig) error

PutVaultConfig stores *VaultConfig into etcd.

func (Storage) RegisterRecord 

func (s Storage) RegisterRecord(ctx context.Context, leaderKey string, r *Record) error

RegisterRecord stores *Record if the leaderKey exists

func (Storage) SetResource added in v1.13.9 

func (s Storage) SetResource(ctx context.Context, key, value string) error

SetResource sets a user resource.

func (Storage) SetSabakanQueryVariables 

func (s Storage) SetSabakanQueryVariables(ctx context.Context, vars string) error

SetSabakanQueryVariables sets query variables for Sabakan. Caller must validate the contents.

func (Storage) SetSabakanTemplate 

func (s Storage) SetSabakanTemplate(ctx context.Context, tmpl *Cluster) error

SetSabakanTemplate stores template cluster configuration. Caller must validate the template.

func (Storage) SetSabakanURL 

func (s Storage) SetSabakanURL(ctx context.Context, url string) error

SetSabakanURL stores URL of sabakan API.

func (Storage) UpdateRecord 

func (s Storage) UpdateRecord(ctx context.Context, leaderKey string, r *Record) error

UpdateRecord updates existing record

func (Storage) WatchRecords added in v1.14.1 

func (s Storage) WatchRecords(ctx context.Context, initialCount int64) (RecordChan, error)

WatchRecords watches new operation records. The watched records will be returned through the returned channel.

type VaultConfig 

type VaultConfig struct {
	// Endpoint is the address of the Vault server.
	Endpoint string `json:"endpoint"`

	// CACert is x509 certificate in PEM format of the endpoint CA.
	CACert string `json:"ca-cert"`

	// RoleID is AppRole ID to login to Vault.
	RoleID string `json:"role-id"`

	// SecretID is AppRole secret to login to Vault.
	SecretID string `json:"secret-id"`
}

VaultConfig is data to store in etcd

func (*VaultConfig) Validate 

func (c *VaultConfig) Validate() error

Validate validates the vault configuration

Source Files

View all Source files

Directories

Path Synopsis
op
clusterdns
common
Package common provides generic commands shared by many Operators.
 Package common provides generic commands shared by many Operators.
etcd
etcdbackup
k8s
nodedns
pkg
apply_gen
cke
ckecli
ckecli/cmd
compile_resources
mock

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.