controlplane

package
v0.6.0-rc2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 23, 2021 License: Apache-2.0 Imports: 15 Imported by: 1

Documentation

Overview

Package controlplane allows to create and manage static Kubernetes controlplane running in containers.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func FromYaml

func FromYaml(c []byte) (types.Resource, error)

FromYaml allows to restore controlplane configuration and state from YAML format.

Types

type Common

type Common struct {
	// Image allows to set Docker image with tag, which will be used by all controlplane containers,
	// if they have no image set. If empty, hyperkube image defined in pkg/defaults
	// will be used.
	//
	// Example value: 'k8s.gcr.io/hyperkube:v1.18.3'.
	//
	// This field is optional.
	Image string `json:"image,omitempty"`

	// KubernetesCACertificate stores Kubernetes X.509 CA certificate, PEM encoded.
	//
	// This field is optional.
	KubernetesCACertificate types.Certificate `json:"kubernetesCACertificate,omitempty"`

	// FrontProxyCACertificate stores Kubernetes front proxy X.509 CA certificate, PEM
	// encoded.
	FrontProxyCACertificate types.Certificate `json:"frontProxyCACertificate,omitempty"`
}

Common struct contains fields, which are common between all controlplane components.

type Controlplane

type Controlplane struct {
	// Common stores common fields for all controlplane components. If defined here, the
	// values will be propagated to all 3 components, which allows to de-duplicate parts
	// of the configuration.
	Common *Common `json:"common,omitempty"`

	// SSH stores common SSH configuration for all controlplane components and will be merged
	// with SSH configuration of each component.
	//
	// Usually entire static controlplane runs on a single host, so all values should be defined
	// here.
	//
	// This field is optional.
	SSH *ssh.Config `json:"ssh,omitempty"`

	// APIServerAddress defines Kubernetes API address, which will be used by kube-controller-manager
	// and kube-scheduler to talk to kube-apiserver.
	APIServerAddress string `json:"apiServerAddress,omitempty"`

	// APIServerPort defines Kubernetes API port, which will be used by kube-controller-manager
	// and kube-scheduler to talk to kube-apiserver.
	APIServerPort int `json:"apiServerPort,omitempty"`

	// KubeAPIServer stores kube-apiserver specific configuration.
	KubeAPIServer KubeAPIServer `json:"kubeAPIServer,omitempty"`

	// KubeControllerManager stores kube-controller-manager specific configuration.
	KubeControllerManager KubeControllerManager `json:"kubeControllerManager,omitempty"`

	// KubeScheduler stores kube-scheduler specific configuration.
	KubeScheduler KubeScheduler `json:"kubeScheduler,omitempty"`

	// Destroy controls, if containers should be created or removed. If set to true, all managed
	// containers will be removed.
	Destroy bool `json:"destroy,omitempty"`

	// PKI field allows to use PKI resource for managing all Kubernetes certificates. It will be used for
	// components configuration, if they don't have certificates defined.
	PKI *pki.PKI `json:"pki,omitempty"`

	// State stores state of the created containers. After deployment, it is up to the user to export
	// the state and restore it on consecutive runs.
	State *container.ContainersState `json:"state,omitempty"`
}

Controlplane allows creating static Kubernetes controlplane running as containers.

It is usually used to bootstrap self-hosted Kubernetes.

func (*Controlplane) New

func (c *Controlplane) New() (types.Resource, error)

New validates Controlplane configuration and fills populates all values provided by the users to the structs underneath.

func (*Controlplane) Validate

func (c *Controlplane) Validate() error

Validate validates Controlplane configuration.

type KubeAPIServer

type KubeAPIServer struct {
	// Common stores common information between all controlplane components.
	Common *Common `json:"common,omitempty"`

	// Host defines on which host kube-apiserver container should be created.
	Host *host.Host `json:"host,omitempty"`

	// APIServerCertificate stores X.509 certificate, PEM encoded, which will be
	// used for serving.
	APIServerCertificate types.Certificate `json:"apiServerCertificate"`

	// APIServerKey is a PEM encoded, private key in either PKCS1, PKCS8 or EC format.
	// It must match certificate defined in APIServerCertificate field.
	APIServerKey types.PrivateKey `json:"apiServerKey"`

	// ServiceAccountPrivateKey stores PEM encoded private key, which will be used
	// to sign and validate service account tokens.
	ServiceAccountPrivateKey string `json:"serviceAccountPrivateKey"`

	// BindAddress defines IP address where kube-apiserver process should listen for
	// incoming requests.
	BindAddress string `json:"bindAddress"`

	// AdvertiseAddress defines IP address, which should be advertised to
	// kubernetes.default.svc Service on the cluster.
	AdvertiseAddress string `json:"advertiseAddress"`

	// EtcdServers is a list of etcd servers URLs.
	//
	// Example value: '[]string{"https://localhost:2380"}'.
	EtcdServers []string `json:"etcdServers"`

	// ServiceCIDR defines, from which CIDR Service type ClusterIP should get IP addresses
	// assigned. You should make sure, that this CIDR does not collide with any of CIDRs
	// accessible from your cluster nodes.
	//
	// Example value: '10.96.0.0/12'.
	ServiceCIDR string `json:"serviceCIDR"`

	// SecurePort defines TCP port, where kube-apiserver will be listening for incoming
	// requests and which will be advertised to kubernetes.default.svc Service on the cluster.
	//
	// Currently, there is no way to use advertise different port due to kube-apiserver limitations.
	//
	// If you want to mitigate that, you can use APILoadBalancers resource.
	SecurePort int `json:"securePort"`

	// FrontProxyCertificate stores X.509 client certificate, PEM encoded, which will be used by
	// kube-apiserver to talk to extension API server.
	//
	// See https://kubernetes.io/docs/tasks/access-kubernetes-api/configure-aggregation-layer/
	// for more details.
	FrontProxyCertificate types.Certificate `json:"frontProxyCertificate"`

	// FrontProxyKey is a PEM encoded, private key in either PKCS1, PKCS8 or EC format.
	//
	// It must match certificate defined in FrontProxyCertificate field.
	FrontProxyKey types.PrivateKey `json:"frontProxyKey"`

	// KubeletClientCertificate stores X.509 client certificate, PEM encoded, which will be used by
	// kube-apiserver to talk to kubelet process on all nodes, to fetch logs etc.
	KubeletClientCertificate types.Certificate `json:"kubeletClientCertificate"`

	// KubeletClientKey is a PEM encoded, private key in either PKCS1, PKCS8 or EC format.
	//
	// It must match certificate defined in KubeletClientCertificate field.
	KubeletClientKey types.PrivateKey `json:"kubeletClientKey"`

	// EtcdCACertificate stores X.509 CA certificate, PEM encoded, which will be used by
	// kube-apiserver to validate etcd servers certificate.
	EtcdCACertificate types.Certificate `json:"etcdCACertificate"`

	// EtcdClientCertificate stores X.509 client certificate, PEM encoded, which will be used by
	// kube-apiserver to talk to etcd members.
	EtcdClientCertificate types.Certificate `json:"etcdClientCertificate"`

	// EtcdClientKey is a PEM encoded, private key in either PKCS1, PKCS8 or EC format.
	//
	// It must match certificate defined in EtcdClientCertificate field.
	EtcdClientKey types.PrivateKey `json:"etcdClientKey"`
}

KubeAPIServer represents kube-apiserver container configuration.

func (*KubeAPIServer) New

New validates KubeAPIServer configuration and populates default for some fields, if they are empty.

func (*KubeAPIServer) Validate

func (k *KubeAPIServer) Validate() error

Validate validates KubeAPIServer struct.

TODO: Add validation of certificates if specified.

type KubeControllerManager

type KubeControllerManager struct {
	// Common stores common information between all controlplane components.
	Common *Common `json:"common,omitempty"`

	// Host defines on which host kube-controller-manager container should be created.
	Host *host.Host `json:"host,omitempty"`

	// Kubeconfig stores client information used by kube-controller-manager to talk to
	// Kubernetes API.
	Kubeconfig client.Config `json:"kubeconfig"`

	// KubernetesCAKey is a PEM encoded, private key in either PKCS1, PKCS8 or EC format,
	// which was used to sign all Kubernetes certificates. It will be used by
	// kube-controller-manager to sign Kubernetes certificate requests, for example issued by
	// kubelet as part of TLS bootstrapping and rotation process.
	KubernetesCAKey types.PrivateKey `json:"kubernetesCAKey"`

	// ServiceAccountPrivateKey is a PEM encoded, private key in either PKCS1, PKCS8 or EC format,
	// which will be used by to sing service account tokens.
	ServiceAccountPrivateKey types.PrivateKey `json:"serviceAccountPrivateKey"`

	// RootCACertificate is a X.509 CA certificate, PEM encoded, which signed Kubernetes CA
	// certificate. It will be included into service account tokens, so clients like 'curl', can
	// perform full validation of Kubernetes API certificate.
	RootCACertificate types.Certificate `json:"rootCACertificate"`

	// FlexVolumePluginDir is a plugin directory for FlexVolumes, which must be defined for
	// kube-controller-manager, as stated in Flexvolume specification.
	//
	// Example value: '/usr/libexec/kubernetes/kubelet-plugins/volume/exec/'.
	FlexVolumePluginDir string `json:"flexVolumePluginDir"`
}

KubeControllerManager represents kube-controller-manager container configuration.

func (*KubeControllerManager) New

New validates KubeControllerManager and returns usable kubeControllerManager.

func (*KubeControllerManager) Validate

func (k *KubeControllerManager) Validate() error

Validate validates KubeControllerManager configuration.

type KubeScheduler

type KubeScheduler struct {
	// Common stores common information between all controlplane components.
	Common *Common `json:"common,omitempty"`

	// Host defines on which host kube-scheduler container should be created.
	Host *host.Host `json:"host,omitempty"`

	// Kubeconfig stores client information used by kube-scheduler to talk to
	// Kubernetes API.
	Kubeconfig client.Config `json:"kubeconfig"`
}

KubeScheduler represents kube-scheduler configuration data.

func (*KubeScheduler) New

New validates KubeScheduler struct and returns it's usable version.

func (*KubeScheduler) Validate

func (k *KubeScheduler) Validate() error

Validate validates kube-scheduler configuration.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL