Documentation ¶
Index ¶
- Constants
- Variables
- func IsProblematicWebhook(webhook admissionregistrationv1beta1.Webhook) bool
- func IsValidAuditPolicyVersion(shootVersion string, schemaVersion *schema.GroupVersionKind) (bool, error)
- func MustNewRequirement(key string, op selection.Operator, vals ...string) labels.Requirement
- type Botanist
- func (b *Botanist) ApplyEncryptionConfiguration(ctx context.Context) error
- func (b *Botanist) CheckHibernationPossible(ctx context.Context, constraint gardencorev1alpha1.Condition) (*gardencorev1alpha1.Condition, error)
- func (b *Botanist) CleanExtendedAPIs(ctx context.Context) error
- func (b *Botanist) CleanKubernetesResources(ctx context.Context) error
- func (b *Botanist) CleanShootNamespaces(ctx context.Context) error
- func (b *Botanist) CleanWebhooks(ctx context.Context) error
- func (b *Botanist) CleanupOperatingSystemConfigs(ctx context.Context, usedOscNames map[string]string) error
- func (b *Botanist) ComputeShootOperatingSystemConfig(ctx context.Context) error
- func (b *Botanist) ConstraintsChecks(ctx context.Context, initializeShootClients func() error, ...) gardencorev1alpha1.Condition
- func (b *Botanist) DeleteClusterAutoscaler(ctx context.Context) error
- func (b *Botanist) DeleteExtensionResources(ctx context.Context) error
- func (b *Botanist) DeleteKubeAPIServer(ctx context.Context) error
- func (b *Botanist) DeleteManagedResources(ctx context.Context) error
- func (b *Botanist) DeleteNamespace(ctx context.Context) error
- func (b *Botanist) DeleteSeedMonitoring(ctx context.Context) error
- func (b *Botanist) DeleteStaleExtensionResources(ctx context.Context) error
- func (b *Botanist) DeployBackupEntryInGarden(ctx context.Context) error
- func (b *Botanist) DeployCloudProviderSecret(ctx context.Context) error
- func (b *Botanist) DeployClusterAutoscaler(ctx context.Context) error
- func (b *Botanist) DeployControlPlane(ctx context.Context) error
- func (b *Botanist) DeployControlPlaneExposure(ctx context.Context) error
- func (b *Botanist) DeployETCD(ctx context.Context) error
- func (b *Botanist) DeployExtensionResources(ctx context.Context) error
- func (b *Botanist) DeployExternalDomainDNSRecord(ctx context.Context) error
- func (b *Botanist) DeployGardenerResourceManager(ctx context.Context) error
- func (b *Botanist) DeployInfrastructure(ctx context.Context) error
- func (b *Botanist) DeployInternalDomainDNSRecord(ctx context.Context) error
- func (b *Botanist) DeployKubeAPIServer() error
- func (b *Botanist) DeployKubeAPIServerService() error
- func (b *Botanist) DeployKubeControllerManager() error
- func (b *Botanist) DeployKubeScheduler() error
- func (b *Botanist) DeployManagedResources(ctx context.Context) error
- func (b *Botanist) DeployNamespace(ctx context.Context) error
- func (b *Botanist) DeployNetwork(ctx context.Context) error
- func (b *Botanist) DeployNetworkPolicies(ctx context.Context) error
- func (b *Botanist) DeploySecrets(ctx context.Context) error
- func (b *Botanist) DeploySeedLogging(ctx context.Context) error
- func (b *Botanist) DeploySeedMonitoring(ctx context.Context) error
- func (b *Botanist) DeployWorker(ctx context.Context) error
- func (b *Botanist) DestroyControlPlane(ctx context.Context) error
- func (b *Botanist) DestroyControlPlaneExposure(ctx context.Context) error
- func (b *Botanist) DestroyExternalDomainDNSRecord(ctx context.Context) error
- func (b *Botanist) DestroyInfrastructure(ctx context.Context) error
- func (b *Botanist) DestroyIngressDNSRecord(ctx context.Context) error
- func (b *Botanist) DestroyInternalDomainDNSRecord(ctx context.Context) error
- func (b *Botanist) DestroyNetwork(ctx context.Context) error
- func (b *Botanist) DestroyWorker(ctx context.Context) error
- func (b *Botanist) EnsureIngressDNSRecord(ctx context.Context) error
- func (b *Botanist) GenerateKubernetesDashboardConfig() (map[string]interface{}, error)
- func (b *Botanist) GenerateNginxIngressConfig() (map[string]interface{}, error)
- func (b *Botanist) HealthChecks(initializeShootClients func() error, ...) (gardencorev1alpha1.Condition, gardencorev1alpha1.Condition, ...)
- func (b *Botanist) HibernateControlPlane(ctx context.Context) error
- func (b *Botanist) MonitoringHealthChecks(checker *HealthChecker, inactiveAlerts gardencorev1alpha1.Condition) gardencorev1alpha1.Condition
- func (b *Botanist) PerformGarbageCollectionSeed() error
- func (b *Botanist) PerformGarbageCollectionShoot() error
- func (b *Botanist) RequiredExtensionsExist() error
- func (b *Botanist) RewriteShootSecretsIfEncryptionConfigurationChanged(ctx context.Context) error
- func (b *Botanist) SyncShootCredentialsToGarden(ctx context.Context) error
- func (b *Botanist) WaitForControllersToBeActive(ctx context.Context) error
- func (b *Botanist) WaitUntilBackupEntryInGardenReconciled(ctx context.Context) error
- func (b *Botanist) WaitUntilClusterAutoscalerDeleted(ctx context.Context) error
- func (b *Botanist) WaitUntilControlPlaneDeleted(ctx context.Context) error
- func (b *Botanist) WaitUntilControlPlaneExposureDeleted(ctx context.Context) error
- func (b *Botanist) WaitUntilControlPlaneExposureReady(ctx context.Context) error
- func (b *Botanist) WaitUntilControlPlaneReady(ctx context.Context) error
- func (b *Botanist) WaitUntilEndpointsDoNotContainPodIPs(ctx context.Context) error
- func (b *Botanist) WaitUntilEtcdMainReady(ctx context.Context) error
- func (b *Botanist) WaitUntilEtcdReady(ctx context.Context) error
- func (b *Botanist) WaitUntilExtensionResourcesDeleted(ctx context.Context) error
- func (b *Botanist) WaitUntilExtensionResourcesReady(ctx context.Context) error
- func (b *Botanist) WaitUntilInfrastructureDeleted(ctx context.Context) error
- func (b *Botanist) WaitUntilInfrastructureReady(ctx context.Context) error
- func (b *Botanist) WaitUntilKubeAPIServerReady(ctx context.Context) error
- func (b *Botanist) WaitUntilKubeAPIServerServiceIsReady(ctx context.Context) error
- func (b *Botanist) WaitUntilManagedResourcesDeleted(ctx context.Context) error
- func (b *Botanist) WaitUntilNetworkIsDeleted(ctx context.Context) error
- func (b *Botanist) WaitUntilNetworkIsReady(ctx context.Context) error
- func (b *Botanist) WaitUntilNoPodRunning(ctx context.Context) error
- func (b *Botanist) WaitUntilNodesDeleted(ctx context.Context) error
- func (b *Botanist) WaitUntilSeedNamespaceDeleted(ctx context.Context) error
- func (b *Botanist) WaitUntilVPNConnectionExists(ctx context.Context) error
- func (b *Botanist) WaitUntilWorkerDeleted(ctx context.Context) error
- func (b *Botanist) WaitUntilWorkerReady(ctx context.Context) error
- func (b *Botanist) WakeUpControlPlane(ctx context.Context) error
- type HealthChecker
- func (b *HealthChecker) CheckClusterNodes(namespace string, condition gardencorev1alpha1.Condition, ...) (*gardencorev1alpha1.Condition, error)
- func (b *HealthChecker) CheckControlPlane(shoot *gardencorev1alpha1.Shoot, namespace string, ...) (*gardencorev1alpha1.Condition, error)
- func (b *HealthChecker) CheckExtensionCondition(condition gardencorev1alpha1.Condition, ...) *gardencorev1alpha1.Condition
- func (b *HealthChecker) CheckLoggingControlPlane(namespace string, condition gardencorev1alpha1.Condition, ...) (*gardencorev1alpha1.Condition, error)
- func (b *HealthChecker) CheckMonitoringControlPlane(namespace string, wantsAlertmanager bool, ...) (*gardencorev1alpha1.Condition, error)
- func (b *HealthChecker) CheckMonitoringSystemComponents(namespace string, condition gardencorev1alpha1.Condition, ...) (*gardencorev1alpha1.Condition, error)
- func (b *HealthChecker) CheckOptionalAddonsSystemComponents(namespace string, condition gardencorev1alpha1.Condition, ...) (*gardencorev1alpha1.Condition, error)
- func (b *HealthChecker) CheckSystemComponents(gardenerVersion string, namespace string, ...) (*gardencorev1alpha1.Condition, error)
- func (b *HealthChecker) FailedCondition(condition gardencorev1alpha1.Condition, reason, message string) gardencorev1alpha1.Condition
Constants ¶
const ( // DefaultInterval is the default interval for retry operations. DefaultInterval = 5 * time.Second // Provider is the kubernetes provider label. Provider = "provider" // KubernetesProvider is the 'kubernetes' value of the Provider label. KubernetesProvider = "kubernetes" // KubeAggregatorAutoManaged is the label whether an APIService is automanaged by kube-aggregator. KubeAggregatorAutoManaged = autoregister.AutoRegisterManagedLabel // MetadataNameField ist the `metadata.name` field for a field selector. MetadataNameField = "metadata.name" )
const ( // DNSPurposeInternal is a constant for a DNS record used for the internal domain name. DNSPurposeInternal = "internal" // DNSPurposeExternal is a constant for a DNS record used for the external domain name. DNSPurposeExternal = "external" )
const ( // ManagedResourceLabelKeyOrigin is a key for a label on a managed resource with the value 'origin'. ManagedResourceLabelKeyOrigin = "origin" // ManagedResourceLabelValueGardener is a value for a label on a managed resource with the value 'gardener'. ManagedResourceLabelValueGardener = "gardener" )
const ControlPlaneDefaultTimeout = 3 * time.Minute
ControlPlaneDefaultTimeout is the default timeout and defines how long Gardener should wait for a successful reconciliation of a control plane resource.
const DNSPurposeIngress = "ingress"
DNSPurposeIngress is a constant for a DNS record used for the ingress domain name.
const InfrastructureDefaultTimeout = 5 * time.Minute
InfrastructureDefaultTimeout is the default timeout and defines how long Gardener should wait for a successful reconciliation of an infrastructure resource.
const NetworkDefaultTimeout = 3 * time.Minute
NetworkDefaultTimeout is the default timeout and defines how long Gardener should wait for a successful reconciliation of a network resource.
const WorkerDefaultTimeout = 10 * time.Minute
WorkerDefaultTimeout is the default timeout and defines how long Gardener should wait for a successful reconciliation of a worker resource.
Variables ¶
var ( // FinalizeAfterFiveMinutes is an option to finalize resources after five minutes. FinalizeAfterFiveMinutes = utilclient.FinalizeGracePeriodSeconds(5 * 60) // FinalizeAfterOneHour is an option to finalize resources after one hour. FinalizeAfterOneHour = utilclient.FinalizeGracePeriodSeconds(60 * 60) // ZeroGracePeriod is an option to delete resources with no grace period. ZeroGracePeriod = utilclient.DeleteWith{client.GracePeriodSeconds(0)} // GracePeriodFiveMinutes is an option to delete resources with a grace period of five minutes. GracePeriodFiveMinutes = utilclient.DeleteWith{client.GracePeriodSeconds(5 * 60)} // NotSystemComponent is a requirement that something doesn't have the GardenRole GardenRoleSystemComponent. NotSystemComponent = MustNewRequirement(v1alpha1constants.DeprecatedGardenRole, selection.NotEquals, v1alpha1constants.GardenRoleSystemComponent) // NoCleanupPrevention is a requirement that the ShootNoCleanup label of something is not true. NoCleanupPrevention = MustNewRequirement(common.ShootNoCleanup, selection.NotEquals, "true") // NotKubernetesProvider is a requirement that the Provider label of something is not KubernetesProvider. NotKubernetesProvider = MustNewRequirement(Provider, selection.NotEquals, KubernetesProvider) // NotKubeAggregatorAutoManaged is a requirement that something is not auto-managed by Kube-Aggregator. NotKubeAggregatorAutoManaged = MustNewRequirement(KubeAggregatorAutoManaged, selection.DoesNotExist) // CleanupSelector is a selector that excludes system components and all resources not considered for auto cleanup. CleanupSelector = labels.NewSelector().Add(NotSystemComponent).Add(NoCleanupPrevention) // NoCleanupPreventionListOption are CollectionMatching that exclude system components or non-auto cleaned up resource. NoCleanupPreventionListOption = client.MatchingLabelsSelector{Selector: CleanupSelector} // MutatingWebhookConfigurationCleanOption is the delete selector for MutatingWebhookConfigurations. MutatingWebhookConfigurationCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption} // ValidatingWebhookConfigurationCleanOption is the delete selector for ValidatingWebhookConfigurations. ValidatingWebhookConfigurationCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption} // CustomResourceDefinitionCleanOption is the delete selector for CustomResources. CustomResourceDefinitionCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption} // DaemonSetCleanOption is the delete selector for DaemonSets. DaemonSetCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption} // DeploymentCleanOption is the delete selector for Deployments. DeploymentCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption} // StatefulSetCleanOption is the delete selector for StatefulSets. StatefulSetCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption} // ServiceCleanOption is the delete selector for Services. ServiceCleanOption = utilclient.ListWith{ client.MatchingLabelsSelector{ Selector: labels.NewSelector().Add(NotKubernetesProvider, NotSystemComponent, NoCleanupPrevention), }, } // NamespaceMatchingLabelsSelector is the delete label selector for Namespaces. NamespaceMatchingLabelsSelector = utilclient.ListWith{&NoCleanupPreventionListOption} // NamespaceMatchingFieldsSelector is the delete field selector for Namespaces. NamespaceMatchingFieldsSelector = utilclient.ListWith{ client.MatchingFieldsSelector{ Selector: fields.AndSelectors( fields.OneTermNotEqualSelector(MetadataNameField, metav1.NamespacePublic), fields.OneTermNotEqualSelector(MetadataNameField, metav1.NamespaceSystem), fields.OneTermNotEqualSelector(MetadataNameField, metav1.NamespaceDefault), fields.OneTermNotEqualSelector(MetadataNameField, corev1.NamespaceNodeLease), ), }, } // APIServiceCleanOption is the delete selector for APIServices. APIServiceCleanOption = utilclient.ListWith{ client.MatchingLabelsSelector{ Selector: labels.NewSelector().Add(NotSystemComponent, NotKubeAggregatorAutoManaged), }, } // CronJobCleanOption is the delete selector for CronJobs. CronJobCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption} // IngressCleanOption is the delete selector for Ingresses. IngressCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption} // JobCleanOption is the delete selector for Jobs. JobCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption} // PodCleanOption is the delete selector for Pods. PodCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption} // ReplicaSetCleanOption is the delete selector for ReplicaSets. ReplicaSetCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption} // ReplicationControllerCleanOption is the delete selector for ReplicationControllers. ReplicationControllerCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption} // PersistentVolumeClaimCleanOption is the delete selector for PersistentVolumeClaims. PersistentVolumeClaimCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption} // NamespaceErrorToleration are the errors to be tolerated during deletion. NamespaceErrorToleration = utilclient.TolerateErrors{apierrors.IsConflict} )
var Now = time.Now
Now determines the current time.
Functions ¶
func IsProblematicWebhook ¶
func IsProblematicWebhook(webhook admissionregistrationv1beta1.Webhook) bool
IsProblematicWebhook checks if a single webhook of the Shoot Cluster is problematic and the Shoot should therefore not be hibernated. Problematic webhooks are webhooks with rules for CREATE/UPDATE/* pods or nodes and failurePolicy=Fail/nil. If the Shoot contains such a webhook, we can never wake up this shoot cluster again as new nodes cannot get created/ready, or our system component pods cannot get created/ready (because the webhook's backing pod is not yet running).
func IsValidAuditPolicyVersion ¶
func IsValidAuditPolicyVersion(shootVersion string, schemaVersion *schema.GroupVersionKind) (bool, error)
IsValidAuditPolicyVersion checks whether the api server support the provided audit policy apiVersion
func MustNewRequirement ¶
MustNewRequirement creates a labels.Requirement with the given values and panics if there is an error.
Types ¶
type Botanist ¶
type Botanist struct { *operation.Operation DefaultDomainSecret *corev1.Secret // contains filtered or unexported fields }
Botanist is a struct which has methods that perform cloud-independent operations for a Shoot cluster.
func New ¶
New takes an operation object <o> and creates a new Botanist object. It checks whether the given Shoot DNS domain is covered by a default domain, and if so, it sets the <DefaultDomainSecret> attribute on the Botanist object.
func (*Botanist) ApplyEncryptionConfiguration ¶
ApplyEncryptionConfiguration creates or updates a secret on the Seed which contains the encryption configuration that is necessary to encrypt the Kubernetes secrets in etcd.
To mitigate data loss to a certain degree, the secret is also synced to the Garden cluster.
func (*Botanist) CheckHibernationPossible ¶
func (b *Botanist) CheckHibernationPossible(ctx context.Context, constraint gardencorev1alpha1.Condition) (*gardencorev1alpha1.Condition, error)
CheckHibernationPossible checks the Shoot for problematic webhooks which could prevent wakeup after hibernation
func (*Botanist) CleanExtendedAPIs ¶
CleanExtendedAPIs removes API extensions like CRDs and API services from the Shoot cluster.
func (*Botanist) CleanKubernetesResources ¶
CleanKubernetesResources deletes all the Kubernetes resources in the Shoot cluster other than those stored in the exceptions map. It will check whether all the Kubernetes resources in the Shoot cluster other than those stored in the exceptions map have been deleted. It will return an error in case it has not finished yet, and nil if all resources are gone.
func (*Botanist) CleanShootNamespaces ¶
CleanShootNamespaces deletes all non-system namespaces in the Shoot cluster. It assumes that all workload resources are cleaned up in previous step(s).
func (*Botanist) CleanWebhooks ¶
CleanWebhooks deletes all Webhooks in the Shoot cluster that are not being managed by the addon manager.
func (*Botanist) CleanupOperatingSystemConfigs ¶
func (b *Botanist) CleanupOperatingSystemConfigs(ctx context.Context, usedOscNames map[string]string) error
CleanupOperatingSystemConfigs deletes all unused operating system configs in the shoot seed namespace (i.e., those which are not part of the provided map <usedOscNames>.
func (*Botanist) ComputeShootOperatingSystemConfig ¶
ComputeShootOperatingSystemConfig generates the shoot operating system configuration. Both, the downloader and original configuration will be generated and stored in the shoot specific cloud config map for later usage.
func (*Botanist) ConstraintsChecks ¶
func (b *Botanist) ConstraintsChecks(ctx context.Context, initializeShootClients func() error, hibernation gardencorev1alpha1.Condition) gardencorev1alpha1.Condition
ConstraintsChecks conducts the constraints checks on all the given constraints.
func (*Botanist) DeleteClusterAutoscaler ¶
DeleteClusterAutoscaler deletes the cluster-autoscaler deployment in the Seed cluster which holds the Shoot's control plane.
func (*Botanist) DeleteExtensionResources ¶
DeleteExtensionResources deletes all extension resources from the Shoot namespace in the Seed.
func (*Botanist) DeleteKubeAPIServer ¶
DeleteKubeAPIServer deletes the kube-apiserver deployment in the Seed cluster which holds the Shoot's control plane.
func (*Botanist) DeleteManagedResources ¶
DeleteManagedResources deletes all managed resources from the Shoot namespace in the Seed.
func (*Botanist) DeleteNamespace ¶
DeleteNamespace deletes the namespace in the Seed cluster which holds the control plane components. The built-in garbage collection in Kubernetes will automatically delete all resources which belong to this namespace. This comprises volumes and load balancers as well.
func (*Botanist) DeleteSeedMonitoring ¶
DeleteSeedMonitoring will delete the monitoring stack from the Seed cluster to avoid phantom alerts during the deletion process. More precisely, the Alertmanager and Prometheus StatefulSets will be deleted.
func (*Botanist) DeleteStaleExtensionResources ¶
DeleteStaleExtensionResources deletes unused extensions from the shoot namespace in the seed.
func (*Botanist) DeployBackupEntryInGarden ¶
DeployBackupEntryInGarden deploys the BackupEntry resource in garden.
func (*Botanist) DeployCloudProviderSecret ¶
DeployCloudProviderSecret creates or updates the cloud provider secret in the Shoot namespace in the Seed cluster.
func (*Botanist) DeployClusterAutoscaler ¶
DeployClusterAutoscaler deploys the cluster-autoscaler into the Shoot namespace in the Seed cluster. It is responsible for automatically scaling the worker pools of the Shoot.
func (*Botanist) DeployControlPlane ¶
DeployControlPlane creates the `ControlPlane` extension resource in the shoot namespace in the seed cluster. Gardener waits until an external controller did reconcile the cluster successfully.
func (*Botanist) DeployControlPlaneExposure ¶
DeployControlPlaneExposure creates the `ControlPlane` extension resource with purpose `exposure` in the shoot namespace in the seed cluster. Gardener waits until an external controller did reconcile the cluster successfully.
func (*Botanist) DeployETCD ¶
DeployETCD deploys two etcd clusters via StatefulSets. The first etcd cluster (called 'main') is used for all the data the Shoot Kubernetes cluster needs to store, whereas the second etcd luster (called 'events') is only used to store the events data. The objectstore is also set up to store the backups.
func (*Botanist) DeployExtensionResources ¶
DeployExtensionResources creates the `Extension` extension resource in the shoot namespace in the seed cluster. Gardener waits until an external controller did reconcile the cluster successfully.
func (*Botanist) DeployExternalDomainDNSRecord ¶
DeployExternalDomainDNSRecord deploys the DNS record for the external cluster domain.
func (*Botanist) DeployGardenerResourceManager ¶
DeployGardenerResourceManager deploys the gardener-resource-manager which will use CRD resources in order to ensure that they exist in a cluster/reconcile them in case somebody changed something.
func (*Botanist) DeployInfrastructure ¶
DeployInfrastructure creates the `Infrastructure` extension resource in the shoot namespace in the seed cluster. Gardener waits until an external controller did reconcile the cluster successfully.
func (*Botanist) DeployInternalDomainDNSRecord ¶
DeployInternalDomainDNSRecord deploys the DNS record for the internal cluster domain.
func (*Botanist) DeployKubeAPIServer ¶
DeployKubeAPIServer deploys kube-apiserver deployment.
func (*Botanist) DeployKubeAPIServerService ¶
DeployKubeAPIServerService deploys kube-apiserver service.
func (*Botanist) DeployKubeControllerManager ¶
DeployKubeControllerManager deploys kube-controller-manager deployment.
func (*Botanist) DeployKubeScheduler ¶
DeployKubeScheduler deploys kube-scheduler deployment.
func (*Botanist) DeployManagedResources ¶
DeployManagedResources deploys all the ManagedResource CRDs for the gardener-resource-manager.
func (*Botanist) DeployNamespace ¶
DeployNamespace creates a namespace in the Seed cluster which is used to deploy all the control plane components for the Shoot cluster. Moreover, the cloud provider configuration and all the secrets will be stored as ConfigMaps/Secrets.
func (*Botanist) DeployNetwork ¶
DeployNetwork creates the `Network` extension resource in the shoot namespace in the seed cluster. Gardener waits until an external controller did reconcile the cluster successfully.
func (*Botanist) DeployNetworkPolicies ¶
DeployNetworkPolicies creates a network policies in a Shoot cluster's namespace that deny all traffic and allow certain components to use annotations to declare their desire to transmit/receive traffic to/from other Pods/IP addresses.
func (*Botanist) DeploySecrets ¶
DeploySecrets creates a CA certificate for the Shoot cluster and uses it to sign the server certificate used by the kube-apiserver, and all client certificates used for communication. It also creates RSA key pairs for SSH connections to the nodes/VMs and for the VPN tunnel. Moreover, basic authentication credentials are computed which will be used to secure the Ingress resources and the kube-apiserver itself. Server certificates for the exposed monitoring endpoints (via Ingress) are generated as well.
func (*Botanist) DeploySeedLogging ¶
DeploySeedLogging will install the Helm release "seed-bootstrap/charts/elastic-kibana-curator" in the Seed clusters.
func (*Botanist) DeploySeedMonitoring ¶
DeploySeedMonitoring will install the Helm release "seed-monitoring" in the Seed clusters. It comprises components to monitor the Shoot cluster whose control plane runs in the Seed cluster.
func (*Botanist) DeployWorker ¶
DeployWorker creates the `Worker` extension resource in the shoot namespace in the seed cluster. Gardener waits until an external controller did reconcile the resource successfully.
func (*Botanist) DestroyControlPlane ¶
DestroyControlPlane deletes the `ControlPlane` extension resource in the shoot namespace in the seed cluster, and it waits for a maximum of 10m until it is deleted.
func (*Botanist) DestroyControlPlaneExposure ¶
DestroyControlPlaneExposure deletes the `ControlPlane` extension resource with purpose `exposure` in the shoot namespace in the seed cluster, and it waits for a maximum of 10m until it is deleted.
func (*Botanist) DestroyExternalDomainDNSRecord ¶
DestroyExternalDomainDNSRecord destroys the DNS record for the external cluster domain.
func (*Botanist) DestroyInfrastructure ¶
DestroyInfrastructure deletes the `Infrastructure` extension resource in the shoot namespace in the seed cluster, and it waits for a maximum of 10m until it is deleted.
func (*Botanist) DestroyIngressDNSRecord ¶
DestroyIngressDNSRecord destroys the nginx-ingress resources created by Terraform.
func (*Botanist) DestroyInternalDomainDNSRecord ¶
DestroyInternalDomainDNSRecord destroys the DNS record for the internal cluster domain.
func (*Botanist) DestroyNetwork ¶
DestroyNetwork deletes the `Network` extension resource in the shoot namespace in the seed cluster, and it waits for a maximum of 10m until it is deleted.
func (*Botanist) DestroyWorker ¶
DestroyWorker deletes the `Worker` extension resource in the shoot namespace in the seed cluster, and it waits for a maximum of 5m until it is deleted.
func (*Botanist) EnsureIngressDNSRecord ¶
EnsureIngressDNSRecord creates the respective wildcard DNS record for the nginx-ingress-controller.
func (*Botanist) GenerateKubernetesDashboardConfig ¶
GenerateKubernetesDashboardConfig generates the values which are required to render the chart of the kubernetes-dashboard properly.
func (*Botanist) GenerateNginxIngressConfig ¶
GenerateNginxIngressConfig generates the values which are required to render the chart of the nginx-ingress properly.
func (*Botanist) HealthChecks ¶
func (b *Botanist) HealthChecks(initializeShootClients func() error, thresholdMappings map[gardencorev1alpha1.ConditionType]time.Duration, apiserverAvailability, controlPlane, nodes, systemComponents gardencorev1alpha1.Condition) (gardencorev1alpha1.Condition, gardencorev1alpha1.Condition, gardencorev1alpha1.Condition, gardencorev1alpha1.Condition)
HealthChecks conducts the health checks on all the given conditions.
func (*Botanist) HibernateControlPlane ¶
HibernateControlPlane hibernates the entire control plane if the shoot shall be hibernated.
func (*Botanist) MonitoringHealthChecks ¶
func (b *Botanist) MonitoringHealthChecks(checker *HealthChecker, inactiveAlerts gardencorev1alpha1.Condition) gardencorev1alpha1.Condition
MonitoringHealthChecks performs the monitoring related health checks.
func (*Botanist) PerformGarbageCollectionSeed ¶
PerformGarbageCollectionSeed performs garbage collection in the Shoot namespace in the Seed cluster, i.e., it deletes old machine sets which have a desired=actual=0 replica count.
func (*Botanist) PerformGarbageCollectionShoot ¶
PerformGarbageCollectionShoot performs garbage collection in the kube-system namespace in the Shoot cluster, i.e., it deletes evicted pods (mitigation for https://github.com/kubernetes/kubernetes/issues/55051).
func (*Botanist) RequiredExtensionsExist ¶
RequiredExtensionsExist checks whether all required extensions needed for an shoot operation exist.
func (*Botanist) RewriteShootSecretsIfEncryptionConfigurationChanged ¶
RewriteShootSecretsIfEncryptionConfigurationChanged rewrites the secrets in the Shoot if the etcd encryption configuration changed. Rewriting here means that a patch request is sent that forces the etcd to encrypt them with the new configuration.
func (*Botanist) SyncShootCredentialsToGarden ¶
SyncShootCredentialsToGarden copies the kubeconfig generated for the user, the SSH keypair to the project namespace in the Garden cluster and the monitoring credentials for the user-facing monitoring stack are also copied.
func (*Botanist) WaitForControllersToBeActive ¶
WaitForControllersToBeActive checks whether kube-controller-manager has recently written to the Endpoint object holding the leader information. If yes, it is active.
func (*Botanist) WaitUntilBackupEntryInGardenReconciled ¶
WaitUntilBackupEntryInGardenReconciled waits until the backup entry within the garden cluster has been reconciled.
func (*Botanist) WaitUntilClusterAutoscalerDeleted ¶
WaitUntilClusterAutoscalerDeleted waits until the cluster-autoscaler deployment within the Seed cluster has been deleted.
func (*Botanist) WaitUntilControlPlaneDeleted ¶
WaitUntilControlPlaneDeleted waits until the control plane resource has been deleted.
func (*Botanist) WaitUntilControlPlaneExposureDeleted ¶
WaitUntilControlPlaneExposureDeleted waits until the control plane resource with purpose `exposure` has been deleted.
func (*Botanist) WaitUntilControlPlaneExposureReady ¶
WaitUntilControlPlaneExposureReady waits until the control plane resource with purpose `exposure` has been reconciled successfully.
func (*Botanist) WaitUntilControlPlaneReady ¶
WaitUntilControlPlaneReady waits until the control plane resource has been reconciled successfully.
func (*Botanist) WaitUntilEndpointsDoNotContainPodIPs ¶
WaitUntilEndpointsDoNotContainPodIPs waits until all endpoints in the shoot cluster to not contain any IPs from the Shoot's PodCIDR.
func (*Botanist) WaitUntilEtcdMainReady ¶
WaitUntilEtcdMainReady waits until the etcd-main statefulsets indicate readiness in its status.
func (*Botanist) WaitUntilEtcdReady ¶
WaitUntilEtcdReady waits until the etcd statefulsets indicate readiness in their statuses.
func (*Botanist) WaitUntilExtensionResourcesDeleted ¶
WaitUntilExtensionResourcesDeleted waits until all extension resources are gone or the context is cancelled.
func (*Botanist) WaitUntilExtensionResourcesReady ¶
WaitUntilExtensionResourcesReady waits until all extension resources report `Succeeded` in their last operation state. The state must be reported before the passed context is cancelled or an extension's timeout has been reached. As soon as one timeout has been overstepped the function returns an error, further waits on extensions will be aborted.
func (*Botanist) WaitUntilInfrastructureDeleted ¶
WaitUntilInfrastructureDeleted waits until the infrastructure resource has been deleted.
func (*Botanist) WaitUntilInfrastructureReady ¶
WaitUntilInfrastructureReady waits until the infrastructure resource has been reconciled successfully.
func (*Botanist) WaitUntilKubeAPIServerReady ¶
WaitUntilKubeAPIServerReady waits until the kube-apiserver pod(s) indicate readiness in their statuses.
func (*Botanist) WaitUntilKubeAPIServerServiceIsReady ¶
WaitUntilKubeAPIServerServiceIsReady waits until the external load balancer of the kube-apiserver has been created (i.e., its ingress information has been updated in the service status).
func (*Botanist) WaitUntilManagedResourcesDeleted ¶
WaitUntilManagedResourcesDeleted waits until all managed resources are gone or the context is cancelled.
func (*Botanist) WaitUntilNetworkIsDeleted ¶
WaitUntilNetworkIsDeleted waits until the Network resource has been deleted.
func (*Botanist) WaitUntilNetworkIsReady ¶
WaitUntilNetworkIsReady waits until the network resource has been reconciled successfully.
func (*Botanist) WaitUntilNoPodRunning ¶
WaitUntilNoPodRunning waits until there is no running Pod in the shoot cluster.
func (*Botanist) WaitUntilNodesDeleted ¶
WaitUntilNodesDeleted waits until no nodes exist in the shoot cluster anymore.
func (*Botanist) WaitUntilSeedNamespaceDeleted ¶
WaitUntilSeedNamespaceDeleted waits until the namespace of the Shoot cluster within the Seed cluster is deleted.
func (*Botanist) WaitUntilVPNConnectionExists ¶
WaitUntilVPNConnectionExists waits until a port forward connection to the vpn-shoot pod in the kube-system namespace of the Shoot cluster can be established.
func (*Botanist) WaitUntilWorkerDeleted ¶
WaitUntilWorkerDeleted waits until the worker extension resource has been deleted.
func (*Botanist) WaitUntilWorkerReady ¶
WaitUntilWorkerReady waits until the worker extension resource has been successfully reconciled.
type HealthChecker ¶
type HealthChecker struct {
// contains filtered or unexported fields
}
HealthChecker contains the condition thresholds.
func NewHealthChecker ¶
func NewHealthChecker(conditionThresholds map[gardencorev1alpha1.ConditionType]time.Duration) *HealthChecker
NewHealthChecker creates a new health checker.
func (*HealthChecker) CheckClusterNodes ¶
func (b *HealthChecker) CheckClusterNodes( namespace string, condition gardencorev1alpha1.Condition, nodeLister kutil.NodeLister, machineDeploymentLister kutil.MachineDeploymentLister, ) (*gardencorev1alpha1.Condition, error)
CheckClusterNodes checks whether cluster nodes in the given listers are complete and healthy.
func (*HealthChecker) CheckControlPlane ¶
func (b *HealthChecker) CheckControlPlane( shoot *gardencorev1alpha1.Shoot, namespace string, condition gardencorev1alpha1.Condition, deploymentLister kutil.DeploymentLister, statefulSetLister kutil.StatefulSetLister, machineDeploymentLister kutil.MachineDeploymentLister, ) (*gardencorev1alpha1.Condition, error)
CheckControlPlane checks whether the control plane components in the given listers are complete and healthy.
func (*HealthChecker) CheckExtensionCondition ¶
func (b *HealthChecker) CheckExtensionCondition(condition gardencorev1alpha1.Condition, extensionsCondition []extensionCondition) *gardencorev1alpha1.Condition
CheckExtensionCondition checks whether the conditions provided by extensions are healthy.
func (*HealthChecker) CheckLoggingControlPlane ¶
func (b *HealthChecker) CheckLoggingControlPlane( namespace string, condition gardencorev1alpha1.Condition, deploymentLister kutil.DeploymentLister, statefulSetLister kutil.StatefulSetLister, ) (*gardencorev1alpha1.Condition, error)
CheckLoggingControlPlane checks whether the logging components in the given listers are complete and healthy.
func (*HealthChecker) CheckMonitoringControlPlane ¶
func (b *HealthChecker) CheckMonitoringControlPlane( namespace string, wantsAlertmanager bool, condition gardencorev1alpha1.Condition, deploymentLister kutil.DeploymentLister, statefulSetLister kutil.StatefulSetLister, ) (*gardencorev1alpha1.Condition, error)
CheckMonitoringControlPlane checks whether the monitoring in the given listers are complete and healthy.
func (*HealthChecker) CheckMonitoringSystemComponents ¶
func (b *HealthChecker) CheckMonitoringSystemComponents( namespace string, condition gardencorev1alpha1.Condition, daemonSetLister kutil.DaemonSetLister, ) (*gardencorev1alpha1.Condition, error)
CheckMonitoringSystemComponents checks whether the monitoring in the given listers are complete and healthy.
func (*HealthChecker) CheckOptionalAddonsSystemComponents ¶
func (b *HealthChecker) CheckOptionalAddonsSystemComponents( namespace string, condition gardencorev1alpha1.Condition, deploymentLister kutil.DeploymentLister, daemonSetLister kutil.DaemonSetLister, ) (*gardencorev1alpha1.Condition, error)
CheckOptionalAddonsSystemComponents checks whether the addons in the given listers are healthy.
func (*HealthChecker) CheckSystemComponents ¶
func (b *HealthChecker) CheckSystemComponents( gardenerVersion string, namespace string, condition gardencorev1alpha1.Condition, deploymentLister kutil.DeploymentLister, daemonSetLister kutil.DaemonSetLister, ) (*gardencorev1alpha1.Condition, error)
CheckSystemComponents checks whether the system components in the given listers are complete and healthy.
func (*HealthChecker) FailedCondition ¶
func (b *HealthChecker) FailedCondition(condition gardencorev1alpha1.Condition, reason, message string) gardencorev1alpha1.Condition
FailedCondition returns a progressing or false condition depending on the progressing threshold.