Documentation ¶
Index ¶
- Constants
- Variables
- func AddUserRole(ctx context.Context, cli *clientv3.Client, name, prefix string) error
- func AllImages() []string
- func ApplyResource(ctx context.Context, dynclient dynamic.Interface, mapper meta.RESTMapper, ...) error
- func ConnectVault(ctx context.Context, data []byte) error
- func CountRebootQueueEntries(entries []*RebootQueueEntry) map[string]int
- func GetUserRoles(ctx context.Context, cli *clientv3.Client, user string) ([]string, error)
- func IssueEtcdClientCertificate(inf Infrastructure, username, ttl string) (cert, key string, err error)
- func Kubeconfig(cluster, user, ca, clientCrt, clientKey string) *api.Config
- func NewEtcdConfig() *etcdutil.Config
- func ParseResource(data []byte) (string, error)
- func SortResources(res []ResourceDefinition)
- func UserKubeconfig(cluster, userName, ca, clientCrt, clientKey, server string) *api.Config
- func ValidateProxyMode(mode proxyv1alpha1.ProxyMode) error
- func VaultClient(cfg *VaultConfig) (*vault.Client, *vault.Secret, error)
- func VaultPKIKey(caKey string) string
- type APIServerParams
- type Agent
- type AggregationCA
- type BindPropagation
- type CNIConfFile
- type Cluster
- type ClusterDNSStatus
- type ClusterStatus
- type Command
- type Commander
- type Constraints
- type ContainerEngine
- type EtcdCA
- func (e EtcdCA) IssueForAPIServer(ctx context.Context, inf Infrastructure, node *Node) (crt, key string, err error)
- func (e EtcdCA) IssuePeerCert(ctx context.Context, inf Infrastructure, node *Node) (crt, key string, err error)
- func (e EtcdCA) IssueRoot(ctx context.Context, inf Infrastructure) (cert, key string, err error)
- func (e EtcdCA) IssueServerCert(ctx context.Context, inf Infrastructure, node *Node) (crt, key string, err error)
- type EtcdClusterStatus
- type EtcdParams
- type EtcdStatus
- type Image
- type InfoOperator
- type Infrastructure
- type IssueResponse
- type KubeComponentStatus
- type KubeHTTP
- type KubeletParams
- type KubeletStatus
- type KubernetesCA
- func (k KubernetesCA) IssueForAPIServer(ctx context.Context, inf Infrastructure, n *Node, ...) (crt, key string, err error)
- func (k KubernetesCA) IssueForControllerManager(ctx context.Context, inf Infrastructure) (crt, key string, err error)
- func (k KubernetesCA) IssueForKubelet(ctx context.Context, inf Infrastructure, node *Node) (crt, key string, err error)
- func (k KubernetesCA) IssueForProxy(ctx context.Context, inf Infrastructure) (crt, key string, err error)
- func (k KubernetesCA) IssueForScheduler(ctx context.Context, inf Infrastructure) (crt, key string, err error)
- func (k KubernetesCA) IssueForServiceAccount(ctx context.Context, inf Infrastructure) (crt, key string, err error)
- func (k KubernetesCA) IssueUserCert(ctx context.Context, inf Infrastructure, userName, groupName string, ...) (crt, key string, err error)
- type KubernetesClusterStatus
- type Mount
- type Node
- type NodeDNSStatus
- type NodeStatus
- type OperationPhase
- type Operator
- type Options
- type ProxyMode
- type ProxyParams
- type ProxyStatus
- type Reboot
- type RebootQueueEntry
- type RebootStatus
- type Record
- type RecordChan
- type RecordStatus
- type ResourceDefinition
- type ResourceStatus
- type SELinuxLabel
- type SchedulerParams
- type SchedulerStatus
- type ServerStatus
- type ServiceParams
- type ServiceStatus
- type Storage
- func (s Storage) DeleteRebootsEntry(ctx context.Context, leaderKey string, index int64) error
- func (s Storage) DeleteResource(ctx context.Context, key string) error
- func (s Storage) EnableRebootQueue(ctx context.Context, flag bool) error
- func (s Storage) EnableSabakan(ctx context.Context, flag bool) error
- func (s Storage) GetAllResources(ctx context.Context) ([]ResourceDefinition, error)
- func (s Storage) GetCACertificate(ctx context.Context, name string) (string, error)
- func (s Storage) GetCluster(ctx context.Context) (*Cluster, error)
- func (s Storage) GetClusterWithRevision(ctx context.Context) (*Cluster, int64, error)
- func (s Storage) GetConfigVersion(ctx context.Context) (string, error)
- func (s Storage) GetConstraints(ctx context.Context) (*Constraints, error)
- func (s Storage) GetLeaderHostname(ctx context.Context) (string, error)
- func (s Storage) GetRebootsEntries(ctx context.Context) ([]*RebootQueueEntry, error)
- func (s Storage) GetRebootsEntry(ctx context.Context, index int64) (*RebootQueueEntry, error)
- func (s Storage) GetRecords(ctx context.Context, count int64) ([]*Record, error)
- func (s Storage) GetResource(ctx context.Context, key string) ([]byte, int64, error)
- func (s Storage) GetSabakanQueryVariables(ctx context.Context) ([]byte, error)
- func (s Storage) GetSabakanTemplate(ctx context.Context) (*Cluster, int64, error)
- func (s Storage) GetSabakanURL(ctx context.Context) (string, error)
- func (s Storage) GetServiceAccountCert(ctx context.Context) (string, error)
- func (s Storage) GetServiceAccountKey(ctx context.Context) (string, error)
- func (s Storage) GetStatus(ctx context.Context) (*ServerStatus, error)
- func (s Storage) GetVaultConfig(ctx context.Context) (*VaultConfig, error)
- func (s Storage) IsRebootQueueDisabled(ctx context.Context) (bool, error)
- func (s Storage) IsSabakanDisabled(ctx context.Context) (bool, error)
- func (s Storage) ListResources(ctx context.Context) ([]string, error)
- func (s Storage) NextRecordID(ctx context.Context) (int64, error)
- func (s Storage) PutCACertificate(ctx context.Context, name, pem string) error
- func (s Storage) PutCluster(ctx context.Context, c *Cluster) error
- func (s Storage) PutClusterWithTemplateRevision(ctx context.Context, c *Cluster, rev int64, leaderKey string) error
- func (s Storage) PutConfigVersion(ctx context.Context, leaderKey string) error
- func (s Storage) PutConstraints(ctx context.Context, c *Constraints) error
- func (s Storage) PutServiceAccountData(ctx context.Context, leaderKey, cert, key string) error
- func (s Storage) PutVaultConfig(ctx context.Context, c *VaultConfig) error
- func (s Storage) RegisterRebootsEntry(ctx context.Context, r *RebootQueueEntry) error
- func (s Storage) RegisterRecord(ctx context.Context, leaderKey string, r *Record) error
- func (s Storage) SetResource(ctx context.Context, key, value string) error
- func (s Storage) SetSabakanQueryVariables(ctx context.Context, vars string) error
- func (s Storage) SetSabakanTemplate(ctx context.Context, tmpl *Cluster) error
- func (s Storage) SetSabakanURL(ctx context.Context, url string) error
- func (s Storage) SetStatus(ctx context.Context, lease clientv3.LeaseID, st *ServerStatus) error
- func (s Storage) UpdateRebootsEntry(ctx context.Context, r *RebootQueueEntry) error
- func (s Storage) UpdateRecord(ctx context.Context, leaderKey string, r *Record) error
- func (s Storage) WatchRecords(ctx context.Context, initialCount int64) (RecordChan, error)
- type VaultConfig
- type WebhookCA
Constants ¶
const ( PropagationSlave = BindPropagation("slave") PropagationPrivate = BindPropagation("private") PropagationRSlave = BindPropagation("rslave") PropagationRPrivate = BindPropagation("rprivate") )
Bind propagation definitions
const ( LabelPrivate = SELinuxLabel("Z") )
SELinux Label definitions
const ( ProxyModeUserspace proxyv1alpha1.ProxyMode = "userspace" ProxyModeIptables proxyv1alpha1.ProxyMode = "iptables" ProxyModeIPVS proxyv1alpha1.ProxyMode = "ipvs" )
const ( EtcdImage = Image("quay.io/cybozu/etcd:3.5.5.1") KubernetesImage = Image("quay.io/cybozu/kubernetes:1.23.9.1") ToolsImage = Image("quay.io/cybozu/cke-tools:1.23.0") PauseImage = Image("quay.io/cybozu/pause:3.6.0.1") CoreDNSImage = Image("quay.io/cybozu/coredns:1.9.3.2") UnboundImage = Image("quay.io/cybozu/unbound:1.16.3.2") UnboundExporterImage = Image("quay.io/cybozu/unbound_exporter:0.4.1.4") )
Container image definitions
const ( PhaseUpgradeAborted = OperationPhase("upgrade-aborted") PhaseUpgrade = OperationPhase("upgrade") PhaseRivers = OperationPhase("rivers") PhaseEtcdBootAborted = OperationPhase("etcd-boot-aborted") PhaseEtcdBoot = OperationPhase("etcd-boot") PhaseEtcdStart = OperationPhase("etcd-start") PhaseEtcdWait = OperationPhase("etcd-wait") PhaseK8sStart = OperationPhase("k8s-start") PhaseEtcdMaintain = OperationPhase("etcd-maintain") PhaseK8sMaintain = OperationPhase("k8s-maintain") PhaseStopCP = OperationPhase("stop-control-plane") PhaseUncordonNodes = OperationPhase("uncordon-nodes") PhaseRebootNodes = OperationPhase("reboot-nodes") PhaseCompleted = OperationPhase("completed") )
Processing statuses of CKE server.
const ( CAServer = "server" CAEtcdPeer = "etcd-peer" CAEtcdClient = "etcd-client" CAKubernetes = "kubernetes" CAKubernetesAggregation = "kubernetes-aggregation" CAWebhook = "kubernetes-webhook" )
CA keys for etcd storage.
const ( RoleSystem = "system" RoleAdmin = "admin" RoleKubeScheduler = "kube-scheduler" RoleKubeControllerManager = "kube-controller-manager" RoleKubelet = "kubelet" RoleKubeProxy = "kube-proxy" RoleServiceAccount = "service-account" )
Role name in Vault
const ( RebootStatusQueued = RebootStatus("queued") RebootStatusDraining = RebootStatus("draining") RebootStatusRebooting = RebootStatus("rebooting") RebootStatusCancelled = RebootStatus("cancelled") )
Reboot statuses
const ( StatusNew = RecordStatus("new") StatusRunning = RecordStatus("running") StatusCancelled = RecordStatus("cancelled") StatusCompleted = RecordStatus("completed") )
Record statuses
const ( AnnotationResourceImage = "cke.cybozu.com/image" AnnotationResourceRevision = "cke.cybozu.com/revision" AnnotationResourceInjectCA = "cke.cybozu.com/inject-cacert" AnnotationResourceIssueCert = "cke.cybozu.com/issue-cert" )
Annotations for CKE-managed resources.
const ( KindDeployment = "Deployment" KindMutatingWebhookConfiguration = "MutatingWebhookConfiguration" KindSecret = "Secret" KindValidatingWebhookConfiguration = "ValidatingWebhookConfiguration" )
kinds
const ( KeyCA = "ca/" KeyConfigVersion = "config-version" KeyCluster = "cluster" KeyClusterRevision = "cluster-revision" KeyConstraints = "constraints" KeyLeader = "leader/" KeyRebootsDisabled = "reboots/disabled" KeyRebootsPrefix = "reboots/data/" KeyRebootsWriteIndex = "reboots/write-index" KeyRecords = "records/" KeyRecordID = "records" KeyResourcePrefix = "resource/" KeySabakanDisabled = "sabakan/disabled" KeySabakanQueryVariables = "sabakan/query-variables" KeySabakanTemplate = "sabakan/template" KeySabakanURL = "sabakan/url" KeyServiceAccountCert = "service-account/certificate" KeyServiceAccountKey = "service-account/key" KeyStatus = "status" KeyVault = "vault" )
etcd keys and prefixes
const AdminGroup = "system:masters"
AdminGroup is the group name of cluster admin users
const (
// CKELabelName is the name of a Docker label used by CKE.
CKELabelName = "com.cybozu.cke"
)
const CKESecret = "cke/secrets"
CKESecret is the path of key-value secret engine for CKE.
const CNAPIServer = "front-proxy-client"
CNAPIServer is the common name of API server for aggregation
const ConfigVersion = "2"
ConfigVersion represents the current configuration scheme of how CKE constructs its Kubernetes cluster.
const DefaultMaxConcurrentReboots = 1
const DefaultRebootEvictionTimeoutSeconds = 600
const ( // DefaultRunTimeout is the timeout value for Agent.Run(). DefaultRunTimeout = 10 * time.Minute )
const K8sSecret = CKESecret + "/k8s"
K8sSecret is the path of encryption keys used for Kubernetes Secrets.
const SSHSecret = CKESecret + "/ssh"
SSHSecret is the path of SSH private keys in Vault.
const Version = "1.23.5"
Version represents current cke version
Variables ¶
var ( // ErrNotFound may be returned by Storage methods when a key is not found. ErrNotFound = errors.New("not found") // ErrNoLeader is returned when the session lost leadership. ErrNoLeader = errors.New("lost leadership") )
var AllOperationPhases = []OperationPhase{ PhaseUpgradeAborted, PhaseUpgrade, PhaseRivers, PhaseEtcdBootAborted, PhaseEtcdBoot, PhaseEtcdStart, PhaseEtcdWait, PhaseK8sStart, PhaseEtcdMaintain, PhaseK8sMaintain, PhaseStopCP, PhaseUncordonNodes, PhaseRebootNodes, PhaseCompleted, }
AllOperationPhases contains all kinds of OperationPhases.
var CAKeys = []string{ CAServer, CAEtcdPeer, CAEtcdClient, CAKubernetes, CAKubernetesAggregation, CAWebhook, }
CAKeys is list of CA keys
Functions ¶
func AddUserRole ¶
AddUserRole create etcd user and role.
func ApplyResource ¶ added in v1.13.9
func ApplyResource(ctx context.Context, dynclient dynamic.Interface, mapper meta.RESTMapper, inf Infrastructure, data []byte, rev int64, forceConflicts bool) error
ApplyResource creates or updates given resource using server-side-apply.
func ConnectVault ¶
ConnectVault unmarshal data to get VaultConfig and call VaultClient with it. It then start renewing login token for long-running process.
func CountRebootQueueEntries ¶ added in v1.22.8
func CountRebootQueueEntries(entries []*RebootQueueEntry) map[string]int
func GetUserRoles ¶
GetUserRoles get roles of target user.
func IssueEtcdClientCertificate ¶
func IssueEtcdClientCertificate(inf Infrastructure, username, ttl string) (cert, key string, err error)
IssueEtcdClientCertificate issues TLS client certificate for a user.
func Kubeconfig ¶
Kubeconfig creates *api.Config that will be rendered as "kubeconfig" file.
func NewEtcdConfig ¶
NewEtcdConfig creates Config with default prefix.
func ParseResource ¶ added in v1.13.9
ParseResource parses YAML string.
func SortResources ¶ added in v1.13.10
func SortResources(res []ResourceDefinition)
SortResources sort resources as defined order of creation.
func UserKubeconfig ¶ added in v1.14.14
UserKubeconfig makes kubeconfig for users
func ValidateProxyMode ¶ added in v1.20.0
func ValidateProxyMode(mode proxyv1alpha1.ProxyMode) error
ValidateProxyMode validates ProxyMode
func VaultClient ¶
VaultClient creates vault client. The client has logged-in to Vault using RoleID and SecretID in cfg.
func VaultPKIKey ¶ added in v1.18.1
VaultPKIKey returns a key string for Vault corresponding to a CA.
Types ¶
type APIServerParams ¶ added in v1.13.3
type APIServerParams struct { ServiceParams `json:",inline"` AuditLogEnabled bool `json:"audit_log_enabled"` AuditLogPolicy string `json:"audit_log_policy"` AuditLogPath string `json:"audit_log_path"` }
APIServerParams is a set of extra parameters for kube-apiserver.
type Agent ¶
type Agent interface { // Close closes the underlying connection. Close() error // Run command on the node. // It returns non-nil error if the command takes too long (> DefaultRunTimeout). Run(command string) (stdout, stderr []byte, err error) // RunWithInput run command with input as stdin. // It returns non-nil error if the command takes too long (> DefaultRunTimeout). RunWithInput(command, input string) error // RunWithTimeout run command with given timeout. // If timeout is 0, the command will run indefinitely. RunWithTimeout(command, input string, timeout time.Duration) (stdout, stderr []byte, err error) }
Agent is the interface to run commands on a node.
type AggregationCA ¶ added in v1.14.3
type AggregationCA struct{}
AggregationCA is a certificate authority for kubernetes aggregation API server
func (AggregationCA) IssueClientCertificate ¶ added in v1.14.3
func (a AggregationCA) IssueClientCertificate(ctx context.Context, inf Infrastructure) (cert, key string, err error)
IssueClientCertificate issues TLS client certificate for API server
type BindPropagation ¶
type BindPropagation string
BindPropagation is bind propagation option for Docker https://docs.docker.com/storage/bind-mounts/#configure-bind-propagation
func (BindPropagation) String ¶
func (p BindPropagation) String() string
type CNIConfFile ¶ added in v1.13.7
CNIConfFile is a config file for CNI plugin deployed on worker nodes by CKE.
type Cluster ¶
type Cluster struct { Name string `json:"name"` Nodes []*Node `json:"nodes"` TaintCP bool `json:"taint_control_plane"` CPTolerations []string `json:"control_plane_tolerations"` ServiceSubnet string `json:"service_subnet"` DNSServers []string `json:"dns_servers"` DNSService string `json:"dns_service"` Reboot Reboot `json:"reboot"` Options Options `json:"options"` }
Cluster is a set of configurations for a etcd/Kubernetes cluster.
type ClusterDNSStatus ¶
ClusterDNSStatus contains cluster resolver status.
type ClusterStatus ¶
type ClusterStatus struct { ConfigVersion string Name string NodeStatuses map[string]*NodeStatus // keys are IP address strings. Etcd EtcdClusterStatus Kubernetes KubernetesClusterStatus }
ClusterStatus represents the working cluster status. The structure reflects Cluster, of course.
type Commander ¶
type Commander interface { // Run executes the command Run(ctx context.Context, inf Infrastructure, leaderKey string) error // Command returns the command information Command() Command }
Commander is a single step to proceed an operation
type Constraints ¶
type Constraints struct { ControlPlaneCount int `json:"control-plane-count"` MinimumWorkers int `json:"minimum-workers"` MaximumWorkers int `json:"maximum-workers"` RebootMaximumUnreachable int `json:"maximum-unreachable-nodes-for-reboot"` }
Constraints is a set of conditions that a cluster must satisfy
func DefaultConstraints ¶
func DefaultConstraints() *Constraints
DefaultConstraints returns the default constraints
func (*Constraints) Check ¶
func (c *Constraints) Check(cluster *Cluster) error
Check checks the cluster satisfies the constraints
type ContainerEngine ¶
type ContainerEngine interface { // PullImage pulls an image. PullImage(img Image) error // Run runs a container as a foreground process. Run(img Image, binds []Mount, command string, args ...string) error // RunWithInput runs a container as a foreground process with stdin as a string. RunWithInput(img Image, binds []Mount, command, input string, args ...string) error /// RunWithOutput runs a container as a foreground process and get stdout and stderr. RunWithOutput(img Image, binds []Mount, command string, args ...string) ([]byte, []byte, error) // RunSystem runs the named container as a system service. RunSystem(name string, img Image, opts []string, params, extra ServiceParams) error // Exists returns if named system container exists. Exists(name string) (bool, error) // Stop stops the named system container. Stop(name string) error // Kill kills the named system container. Kill(name string) error // Remove removes the named system container. Remove(name string) error // Inspect returns ServiceStatus for the named container. Inspect(name []string) (map[string]ServiceStatus, error) // VolumeCreate creates a local volume. VolumeCreate(name string) error // VolumeRemove creates a local volume. VolumeRemove(name string) error // VolumeExists returns true if the named volume exists. VolumeExists(name string) (bool, error) }
ContainerEngine defines interfaces for a container engine.
func Docker ¶
func Docker(agent Agent) ContainerEngine
Docker is an implementation of ContainerEngine.
type EtcdCA ¶
type EtcdCA struct{}
EtcdCA is a certificate authority for etcd cluster.
func (EtcdCA) IssueForAPIServer ¶
func (e EtcdCA) IssueForAPIServer(ctx context.Context, inf Infrastructure, node *Node) (crt, key string, err error)
IssueForAPIServer issues TLC client certificate for Kubernetes.
func (EtcdCA) IssuePeerCert ¶
func (e EtcdCA) IssuePeerCert(ctx context.Context, inf Infrastructure, node *Node) (crt, key string, err error)
IssuePeerCert issues TLS certificates for mutual peer authentication.
func (EtcdCA) IssueServerCert ¶
func (e EtcdCA) IssueServerCert(ctx context.Context, inf Infrastructure, node *Node) (crt, key string, err error)
IssueServerCert issues TLS server certificates.
type EtcdClusterStatus ¶
type EtcdClusterStatus struct { IsHealthy bool Members map[string]*etcdserverpb.Member InSyncMembers map[string]bool }
EtcdClusterStatus is the status of the etcd cluster.
type EtcdParams ¶
type EtcdParams struct { ServiceParams `json:",inline"` VolumeName string `json:"volume_name"` }
EtcdParams is a set of extra parameters for etcd.
type EtcdStatus ¶
type EtcdStatus struct { ServiceStatus HasData bool }
EtcdStatus is the status of kubelet.
type InfoOperator ¶ added in v1.18.3
InfoOperator is an extension of Operator that provides some information after the operation
type Infrastructure ¶
type Infrastructure interface { Close() // Agent returns the agent corresponding to addr and returns nil if addr is not connected. Agent(addr string) Agent Engine(addr string) ContainerEngine Vault() (*vault.Client, error) Storage() Storage NewEtcdClient(ctx context.Context, endpoints []string) (*clientv3.Client, error) K8sConfig(ctx context.Context, n *Node) (*rest.Config, error) K8sClient(ctx context.Context, n *Node) (*kubernetes.Clientset, error) HTTPClient() *well.HTTPClient HTTPSClient(ctx context.Context) (*well.HTTPClient, error) ReleaseAgent(addrs string) }
Infrastructure presents an interface for infrastructure on CKE
func NewInfrastructure ¶
NewInfrastructure creates a new Infrastructure instance
type IssueResponse ¶
type IssueResponse struct { Cert string `json:"certificate"` Key string `json:"private_key"` CACert string `json:"ca_certificate"` }
IssueResponse is cli output format.
type KubeComponentStatus ¶
type KubeComponentStatus struct { ServiceStatus IsHealthy bool }
KubeComponentStatus represents service status and endpoint's health
type KubeHTTP ¶ added in v1.19.6
type KubeHTTP struct {
// contains filtered or unexported fields
}
KubeHTTP provides TLS client certificate to access kube-apiserver. The certificate is cached in memory in order to avoid excessive certificate issuance.
func (*KubeHTTP) Client ¶ added in v1.19.6
func (k *KubeHTTP) Client() *well.HTTPClient
Client returns a HTTP client to acess kube-apiserver.
type KubeletParams ¶
type KubeletParams struct { ServiceParams `json:",inline"` BootTaints []corev1.Taint `json:"boot_taints"` CNIConfFile CNIConfFile `json:"cni_conf_file"` Config *unstructured.Unstructured `json:"config,omitempty"` CRIEndpoint string `json:"cri_endpoint"` }
KubeletParams is a set of extra parameters for kubelet.
func (KubeletParams) MergeConfig ¶ added in v1.19.0
func (p KubeletParams) MergeConfig(base *kubeletv1beta1.KubeletConfiguration) (*kubeletv1beta1.KubeletConfiguration, error)
MergeConfig merges the input struct with `base`.
type KubeletStatus ¶
type KubeletStatus struct { ServiceStatus IsHealthy bool Config *kubeletv1beta1.KubeletConfiguration }
KubeletStatus represents kubelet status and health
type KubernetesCA ¶
type KubernetesCA struct{}
KubernetesCA is a certificate authority for k8s cluster.
func (KubernetesCA) IssueForAPIServer ¶
func (k KubernetesCA) IssueForAPIServer(ctx context.Context, inf Infrastructure, n *Node, serviceSubnet, clusterDomain string) (crt, key string, err error)
IssueForAPIServer issues TLS certificate for API servers.
func (KubernetesCA) IssueForControllerManager ¶
func (k KubernetesCA) IssueForControllerManager(ctx context.Context, inf Infrastructure) (crt, key string, err error)
IssueForControllerManager issues TLS certificate for kube-controller-manager.
func (KubernetesCA) IssueForKubelet ¶
func (k KubernetesCA) IssueForKubelet(ctx context.Context, inf Infrastructure, node *Node) (crt, key string, err error)
IssueForKubelet issues TLS certificate for kubelet.
func (KubernetesCA) IssueForProxy ¶
func (k KubernetesCA) IssueForProxy(ctx context.Context, inf Infrastructure) (crt, key string, err error)
IssueForProxy issues TLS certificate for kube-proxy.
func (KubernetesCA) IssueForScheduler ¶
func (k KubernetesCA) IssueForScheduler(ctx context.Context, inf Infrastructure) (crt, key string, err error)
IssueForScheduler issues TLS certificate for kube-scheduler.
func (KubernetesCA) IssueForServiceAccount ¶
func (k KubernetesCA) IssueForServiceAccount(ctx context.Context, inf Infrastructure) (crt, key string, err error)
IssueForServiceAccount issues TLS certificate to sign service account tokens.
func (KubernetesCA) IssueUserCert ¶ added in v1.14.14
func (k KubernetesCA) IssueUserCert(ctx context.Context, inf Infrastructure, userName, groupName string, ttl string) (crt, key string, err error)
IssueUserCert issues client certificate for user.
type KubernetesClusterStatus ¶
type KubernetesClusterStatus struct { IsControlPlaneReady bool Nodes []corev1.Node DNSService *corev1.Service ClusterDNS ClusterDNSStatus NodeDNS NodeDNSStatus MasterEndpoints *corev1.Endpoints MasterEndpointSlice *discoveryv1.EndpointSlice EtcdService *corev1.Service EtcdEndpoints *corev1.Endpoints EtcdEndpointSlice *discoveryv1.EndpointSlice ResourceStatuses map[string]ResourceStatus }
KubernetesClusterStatus contains kubernetes cluster configurations
func (KubernetesClusterStatus) IsReady ¶
func (s KubernetesClusterStatus) IsReady(cluster *Cluster) bool
IsReady returns the cluster condition whether or not Pod can be scheduled
func (KubernetesClusterStatus) SetResourceStatus ¶ added in v1.13.9
func (s KubernetesClusterStatus) SetResourceStatus(rkey string, ann map[string]string, isManaged bool)
SetResourceStatus sets status of the resource.
type Mount ¶
type Mount struct { Source string `json:"source"` Destination string `json:"destination"` ReadOnly bool `json:"read_only"` Propagation BindPropagation `json:"propagation"` Label SELinuxLabel `json:"selinux_label"` }
Mount is volume mount information
type Node ¶
type Node struct { Address string `json:"address"` Hostname string `json:"hostname"` User string `json:"user"` ControlPlane bool `json:"control_plane"` Annotations map[string]string `json:"annotations"` Labels map[string]string `json:"labels"` Taints []corev1.Taint `json:"taints"` }
Node represents a node in Kubernetes.
func ControlPlanes ¶
ControlPlanes returns control planes []*Node
type NodeDNSStatus ¶
NodeDNSStatus contains node local resolver status.
type NodeStatus ¶
type NodeStatus struct { SSHConnected bool Etcd EtcdStatus Rivers ServiceStatus EtcdRivers ServiceStatus APIServer KubeComponentStatus ControllerManager KubeComponentStatus Scheduler SchedulerStatus Proxy ProxyStatus Kubelet KubeletStatus Labels map[string]string // are labels for k8s Node resource. }
NodeStatus status of a node.
type OperationPhase ¶ added in v1.16.1
type OperationPhase string
OperationPhase represents the processing status of CKE server.
type Operator ¶
type Operator interface { // Name returns the operation name. Name() string // NextCommand returns the next command or nil if completed. NextCommand() Commander // Targets returns the ip which will be affected by the operation Targets() []string }
Operator is the interface for operations
type Options ¶
type Options struct { Etcd EtcdParams `json:"etcd"` Rivers ServiceParams `json:"rivers"` EtcdRivers ServiceParams `json:"etcd-rivers"` APIServer APIServerParams `json:"kube-api"` ControllerManager ServiceParams `json:"kube-controller-manager"` Scheduler SchedulerParams `json:"kube-scheduler"` Proxy ProxyParams `json:"kube-proxy"` Kubelet KubeletParams `json:"kubelet"` }
Options is a set of optional parameters for k8s components.
type ProxyMode ¶ added in v1.19.2
type ProxyMode string
ProxyMode is a type for kube-proxy's --proxy-mode argument.
type ProxyParams ¶ added in v1.19.2
type ProxyParams struct { ServiceParams `json:",inline"` Disable bool `json:"disable,omitempty"` Config *unstructured.Unstructured `json:"config,omitempty"` }
ProxyParams is a set of extra parameters for kube-proxy.
func (ProxyParams) GetMode ¶ added in v1.19.2
func (p ProxyParams) GetMode() string
GetMode returns the proxy mode.
func (ProxyParams) MergeConfig ¶ added in v1.20.0
func (p ProxyParams) MergeConfig(base *proxyv1alpha1.KubeProxyConfiguration) (*proxyv1alpha1.KubeProxyConfiguration, error)
MergeConfig merges the input struct with `base`.
type ProxyStatus ¶ added in v1.20.0
type ProxyStatus struct { ServiceStatus IsHealthy bool Config *proxyv1alpha1.KubeProxyConfiguration }
ProxyStatus represents kubelet status and health
type Reboot ¶ added in v1.18.3
type Reboot struct { RebootCommand []string `json:"reboot_command"` BootCheckCommand []string `json:"boot_check_command"` MaxConcurrentReboots *int `json:"max_concurrent_reboots,omitempty"` EvictionTimeoutSeconds *int `json:"eviction_timeout_seconds,omitempty"` CommandTimeoutSeconds *int `json:"command_timeout_seconds,omitempty"` ProtectedNamespaces *metav1.LabelSelector `json:"protected_namespaces,omitempty"` }
Reboot is a set of configurations for reboot.
type RebootQueueEntry ¶ added in v1.18.3
type RebootQueueEntry struct { Index int64 `json:"index,string"` Node string `json:"node"` Status RebootStatus `json:"status"` LastTransitionTime time.Time `json:"last_transition_time,omitempty"` DrainBackOffCount int `json:"drain_backoff_count,omitempty"` DrainBackOffExpire time.Time `json:"drain_backoff_expire,omitempty"` }
RebootQueueEntry represents a queue entry of reboot operation
func DedupRebootQueueEntries ¶ added in v1.22.8
func DedupRebootQueueEntries(entries []*RebootQueueEntry) []*RebootQueueEntry
func NewRebootQueueEntry ¶ added in v1.18.3
func NewRebootQueueEntry(node string) *RebootQueueEntry
NewRebootQueueEntry creates new `RebootQueueEntry`. `Index` will be supplied in registration.
func (*RebootQueueEntry) ClusterMember ¶ added in v1.22.8
func (entry *RebootQueueEntry) ClusterMember(c *Cluster) bool
ClusterMember returns whether the node in this entry is a cluster member.
type RebootStatus ¶ added in v1.18.3
type RebootStatus string
RebootStatus is status of reboot operation
type Record ¶
type Record struct { ID int64 `json:"id,string"` Status RecordStatus `json:"status"` Operation string `json:"operation"` Command Command `json:"command"` Targets []string `json:"targets"` Info string `json:"info"` Error string `json:"error"` StartAt time.Time `json:"start-at"` EndAt time.Time `json:"end-at"` }
Record represents a record of an operation
func (*Record) SetCommand ¶
SetCommand updates the record for the new command
type RecordChan ¶ added in v1.14.1
type RecordChan <-chan *Record
RecordChan is a channel for watching new operation records.
type ResourceDefinition ¶ added in v1.13.9
type ResourceDefinition struct { Key string Kind string Namespace string Name string Revision int64 Image string // may contains multiple images; we should not use this whole string as an image name. Definition []byte }
ResourceDefinition represents a CKE-managed kubernetes resource.
func (ResourceDefinition) NeedUpdate ¶ added in v1.13.10
func (d ResourceDefinition) NeedUpdate(rs *ResourceStatus) bool
NeedUpdate returns true if annotations of the current resource indicates need for update.
func (ResourceDefinition) String ¶ added in v1.13.9
func (d ResourceDefinition) String() string
String implements fmt.Stringer.
type ResourceStatus ¶ added in v1.17.0
type ResourceStatus struct { // Annotations is the copy of metadata.annotations Annotations map[string]string // HasBeenSSA indicates that this resource has been already updated by server-side apply HasBeenSSA bool }
ResourceStatus represents the status of registered K8s resources
type SELinuxLabel ¶
type SELinuxLabel string
SELinuxLabel is selinux label of the host file or directory https://docs.docker.com/storage/bind-mounts/#configure-the-selinux-label
func (SELinuxLabel) String ¶
func (l SELinuxLabel) String() string
type SchedulerParams ¶ added in v1.14.6
type SchedulerParams struct { ServiceParams `json:",inline"` Config *unstructured.Unstructured `json:"config,omitempty"` }
SchedulerParams is a set of extra parameters for kube-scheduler.
func (SchedulerParams) MergeConfig ¶ added in v1.19.0
func (p SchedulerParams) MergeConfig(base *schedulerv1beta3.KubeSchedulerConfiguration) (*schedulerv1beta3.KubeSchedulerConfiguration, error)
MergeConfig merges the input struct `base`.
type SchedulerStatus ¶ added in v1.14.6
type SchedulerStatus struct { ServiceStatus IsHealthy bool Config *schedulerv1beta3.KubeSchedulerConfiguration }
SchedulerStatus represents kube-scheduler status and health
type ServerStatus ¶ added in v1.16.1
type ServerStatus struct { Phase OperationPhase `json:"phase"` Timestamp time.Time `json:"timestamp"` }
ServerStatus represents the current server status.
type ServiceParams ¶
type ServiceParams struct { ExtraArguments []string `json:"extra_args"` ExtraBinds []Mount `json:"extra_binds"` ExtraEnvvar map[string]string `json:"extra_env"` }
ServiceParams is a common set of extra parameters for k8s components.
func (ServiceParams) Equal ¶
func (s ServiceParams) Equal(o ServiceParams) bool
Equal returns true if the services params is equals to other one, otherwise return false
type ServiceStatus ¶
type ServiceStatus struct { Running bool Image string BuiltInParams ServiceParams ExtraParams ServiceParams }
ServiceStatus represents statuses of a service.
If Running is false, the service is not running on the node. ExtraXX are extra parameters of the running service, if any.
type Storage ¶
Storage provides operations to store/retrieve CKE data in etcd.
func (Storage) DeleteRebootsEntry ¶ added in v1.18.3
DeleteRebootsEntry deletes the entry specified by the index from the reboot queue.
func (Storage) DeleteResource ¶ added in v1.13.9
DeleteResource removes a user resource from etcd.
func (Storage) EnableRebootQueue ¶ added in v1.18.7
EnableRebootQueue enables reboot queue processing when flag is true. When flag is false, reboot queue is not processed.
func (Storage) EnableSabakan ¶ added in v1.14.5
EnableSabakan enables sabakan integration when flag is true. When flag is false, sabakan integration is disabled.
func (Storage) GetAllResources ¶ added in v1.13.9
func (s Storage) GetAllResources(ctx context.Context) ([]ResourceDefinition, error)
GetAllResources gets all user-defined resources. The returned slice of resources are sorted so that creating resources in order will not fail.
func (Storage) GetCACertificate ¶
GetCACertificate loads CA certificate from etcd.
func (Storage) GetCluster ¶
GetCluster loads *Cluster from etcd. If cluster configuration has not been stored, this returns ErrNotFound.
func (Storage) GetClusterWithRevision ¶
GetClusterWithRevision loads *Cluster from etcd as well as the stored revision number. The revision number was stored with *Cluster by PutClusterWithTemplateRevision().
func (Storage) GetConfigVersion ¶ added in v1.15.7
GetConfigVersion retrieves the configuration version of the Kubernetes cluster.
func (Storage) GetConstraints ¶
func (s Storage) GetConstraints(ctx context.Context) (*Constraints, error)
GetConstraints loads *Constraints from etcd. If constraints have not been stored, this returns ErrNotFound.
func (Storage) GetLeaderHostname ¶
GetLeaderHostname returns the current leader's host name. It returns non-nil error when there is no leader.
func (Storage) GetRebootsEntries ¶ added in v1.18.3
func (s Storage) GetRebootsEntries(ctx context.Context) ([]*RebootQueueEntry, error)
GetRebootsEntries loads the entries from the reboot queue.
func (Storage) GetRebootsEntry ¶ added in v1.18.3
GetRebootsEntry loads the entry specified by the index from the reboot queue. If the pointed entry is not found, this returns ErrNotFound.
func (Storage) GetRecords ¶
GetRecords loads list of *Record from etcd. The returned records are sorted by record ID in decreasing order.
func (Storage) GetResource ¶ added in v1.13.9
GetResource gets a user resource.
func (Storage) GetSabakanQueryVariables ¶
GetSabakanQueryVariables gets query variables for Sabakan.
func (Storage) GetSabakanTemplate ¶
GetSabakanTemplate gets template cluster configuration. If a template exists, it will be returned with ModRevision.
func (Storage) GetSabakanURL ¶
GetSabakanURL gets URL of sabakan API. The URL must be an absolute URL pointing GraphQL endpoint.
func (Storage) GetServiceAccountCert ¶
GetServiceAccountCert loads x509 certificate for service account. The format is PEM.
func (Storage) GetServiceAccountKey ¶
GetServiceAccountKey loads private key for service account. The format is PEM.
func (Storage) GetStatus ¶ added in v1.16.1
func (s Storage) GetStatus(ctx context.Context) (*ServerStatus, error)
GetStatus retrieves the server status if exists. If the status is not found, this returns ("", ErrNotFound).
func (Storage) GetVaultConfig ¶
func (s Storage) GetVaultConfig(ctx context.Context) (*VaultConfig, error)
GetVaultConfig loads *VaultConfig from etcd.
func (Storage) IsRebootQueueDisabled ¶ added in v1.18.7
IsRebootQueueDisabled returns true if reboot queue is disabled.
func (Storage) IsSabakanDisabled ¶ added in v1.14.5
IsSabakanDisabled returns true if sabakan integration is disabled.
func (Storage) ListResources ¶ added in v1.13.9
ListResources lists keys of registered user resources.
func (Storage) NextRecordID ¶
NextRecordID get the next record ID from etcd
func (Storage) PutCACertificate ¶
PutCACertificate stores CA certificate into etcd.
func (Storage) PutCluster ¶
PutCluster stores *Cluster into etcd.
func (Storage) PutClusterWithTemplateRevision ¶
func (s Storage) PutClusterWithTemplateRevision(ctx context.Context, c *Cluster, rev int64, leaderKey string) error
PutClusterWithTemplateRevision stores *Cluster into etcd along with a revision number.
func (Storage) PutConfigVersion ¶ added in v1.15.7
PutConfigVersion sets the current configuration version of the Kubernetes cluster.
func (Storage) PutConstraints ¶
func (s Storage) PutConstraints(ctx context.Context, c *Constraints) error
PutConstraints stores *Constraints into etcd.
func (Storage) PutServiceAccountData ¶
PutServiceAccountData stores x509 certificate and private key for service account.
func (Storage) PutVaultConfig ¶
func (s Storage) PutVaultConfig(ctx context.Context, c *VaultConfig) error
PutVaultConfig stores *VaultConfig into etcd.
func (Storage) RegisterRebootsEntry ¶ added in v1.18.3
func (s Storage) RegisterRebootsEntry(ctx context.Context, r *RebootQueueEntry) error
RegisterRebootsEntry enqueues a reboot queue entry to the reboot queue. "Index" of the entry is retrieved and updated in this method. The given value is ignored.
func (Storage) RegisterRecord ¶
RegisterRecord stores *Record if the leaderKey exists
func (Storage) SetResource ¶ added in v1.13.9
SetResource sets a user resource.
func (Storage) SetSabakanQueryVariables ¶
SetSabakanQueryVariables sets query variables for Sabakan. Caller must validate the contents.
func (Storage) SetSabakanTemplate ¶
SetSabakanTemplate stores template cluster configuration. Caller must validate the template.
func (Storage) SetSabakanURL ¶
SetSabakanURL stores URL of sabakan API.
func (Storage) UpdateRebootsEntry ¶ added in v1.18.3
func (s Storage) UpdateRebootsEntry(ctx context.Context, r *RebootQueueEntry) error
UpdateRebootsEntry updates existing reboot queue entry. It always overwrites the contents with a CAS loop. If the entry is not found in the reboot queue, this returns ErrNotFound.
func (Storage) UpdateRecord ¶
UpdateRecord updates existing record
func (Storage) WatchRecords ¶ added in v1.14.1
WatchRecords watches new operation records. The watched records will be returned through the returned channel.
type VaultConfig ¶
type VaultConfig struct { // Endpoint is the address of the Vault server. Endpoint string `json:"endpoint"` // CACert is x509 certificate in PEM format of the endpoint CA. CACert string `json:"ca-cert"` // RoleID is AppRole ID to login to Vault. RoleID string `json:"role-id"` // SecretID is AppRole secret to login to Vault. SecretID string `json:"secret-id"` }
VaultConfig is data to store in etcd
func (*VaultConfig) Validate ¶
func (c *VaultConfig) Validate() error
Validate validates the vault configuration
type WebhookCA ¶ added in v1.18.1
type WebhookCA struct{}
WebhookCA is a certificate authority for kubernetes admission webhooks
func (WebhookCA) IssueCertificate ¶ added in v1.18.1
func (WebhookCA) IssueCertificate(ctx context.Context, inf Infrastructure, namespace, name string) (cert, key string, err error)
IssueCertificate issues TLS server certificate `namespace` and `name` specifies the namespace/name of a webhook Service.