common

package
v1.1.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 5, 2020 License: Apache-2.0, BSD-2-Clause, MIT, + 1 more Imports: 33 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// BackupBucketName is a constant for the name of bucket of object storage.
	BackupBucketName = "bucketName"

	// BackupSecretName defines the name of the secret containing the credentials which are required to
	// authenticate against the respective cloud provider (required to store the backups of Shoot clusters).
	BackupSecretName = "etcd-backup"

	// BasicAuthSecretName is the name of the secret containing basic authentication credentials for the kube-apiserver.
	BasicAuthSecretName = "kube-apiserver-basic-auth"

	// ChartPath is the path to the Helm charts.
	ChartPath = "charts"

	// CloudConfigPrefix is a constant for the prefix which is added to secret storing the original cloud config (which
	// is being downloaded from the cloud-config-downloader process)
	CloudConfigPrefix = "cloud-config"

	// CloudConfigFilePath is the path on the shoot worker nodes to which the operating system specific configuration
	// will be downloaded.
	CloudConfigFilePath = "/var/lib/cloud-config-downloader/downloads/cloud_config"

	// CloudProviderConfigName is the name of the configmap containing the cloud provider config.
	CloudProviderConfigName = "cloud-provider-config"

	// CloudProviderConfigMapKey is the key storing the cloud provider config as value in the cloud provider configmap.
	CloudProviderConfigMapKey = "cloudprovider.conf"

	// CloudPurposeShoot is a constant used while instantiating a cloud botanist for the Shoot cluster.
	CloudPurposeShoot = "shoot"

	// CloudPurposeSeed is a constant used while instantiating a cloud botanist for the Seed cluster.
	CloudPurposeSeed = "seed"

	// ConfirmationDeletion is an annotation on a Shoot and Project resources whose value must be set to "true" in order to
	// allow deleting the resource (if the annotation is not set any DELETE request will be denied).
	ConfirmationDeletion = "confirmation.gardener.cloud/deletion"

	// ConfirmationDeletionDeprecated is an annotation on a Shoot resource whose value must be set to "true" in order to
	// allow deleting the Shoot (if the annotation is not set any DELETE request will be denied).
	//
	// Deprecated: Use `ConfirmationDeletion` instead.
	ConfirmationDeletionDeprecated = "confirmation.garden.sapcloud.io/deletion"

	// ControllerManagerInternalConfigMapName is the name of the internal config map in which the Gardener controller
	// manager stores its configuration.
	ControllerManagerInternalConfigMapName = "gardener-controller-manager-internal-config"

	// DNSProviderDeprecated is the key for an annotation on a Kubernetes Secret object whose value must point to a valid
	// DNS provider.
	//
	// Deprecated: Use `DNSProvider` instead.
	DNSProviderDeprecated = "dns.garden.sapcloud.io/provider"

	// DNSDomainDeprecated is the key for an annotation on a Kubernetes Secret object whose value must point to a valid
	// domain name.
	//
	// Deprecated: Use `DNSDomain` instead.
	DNSDomainDeprecated = "dns.garden.sapcloud.io/domain"

	// DNSProvider is the key for an annotation on a Kubernetes Secret object whose value must point to a valid
	// DNS provider.
	DNSProvider = "dns.gardener.cloud/provider"

	// DNSDomain is the key for an annotation on a Kubernetes Secret object whose value must point to a valid
	// domain name.
	DNSDomain = "dns.gardener.cloud/domain"

	// DNSIncludeZones is the key for an annotation on a Kubernetes Secret object whose value must point to a list
	// of zones that shall be included.
	DNSIncludeZones = "dns.gardener.cloud/include-zones"

	// DNSExcludeZones is the key for an annotation on a Kubernetes Secret object whose value must point to a list
	// of zones that shall be excluded.
	DNSExcludeZones = "dns.gardener.cloud/exclude-zones"

	// EtcdRoleMain is the constant defining the role for main etcd storing data about objects in Shoot.
	EtcdRoleMain = "main"

	// EtcdRoleEvents is the constant defining the role for etcd storing events in Shoot.
	EtcdRoleEvents = "events"

	// EtcdEncryptionSecretName is the name of the shoot-specific secret which contains
	// that shoot's EncryptionConfiguration. The EncryptionConfiguration contains a key
	// which the shoot's apiserver uses for encrypting selected etcd content.
	// Should match charts/seed-controlplane/charts/kube-apiserver/templates/kube-apiserver.yaml
	EtcdEncryptionSecretName = "etcd-encryption-secret"

	// EtcdEncryptionSecretFileName is the name of the file within the EncryptionConfiguration
	// which is made available as volume mount to the shoot's apiserver.
	// Should match charts/seed-controlplane/charts/kube-apiserver/templates/kube-apiserver.yaml
	EtcdEncryptionSecretFileName = "encryption-configuration.yaml"

	// EtcdEncryptionChecksumAnnotationName is the name of the annotation with which to annotate
	// the EncryptionConfiguration secret to denote the checksum of the EncryptionConfiguration
	// that was used when last rewriting secrets.
	EtcdEncryptionChecksumAnnotationName = "shoot.gardener.cloud/etcd-encryption-configuration-checksum"

	// EtcdEncryptionChecksumLabelName is the name of the label which is added to the shoot
	// secrets after rewriting them to ensure that successfully rewritten secrets are not
	// (unnecessarily) rewritten during each reconciliation.
	EtcdEncryptionChecksumLabelName = "shoot.gardener.cloud/etcd-encryption-configuration-checksum"

	// EtcdEncryptionForcePlaintextAnnotationName is the name of the annotation with which to annotate
	// the EncryptionConfiguration secret to force the decryption of shoot secrets
	EtcdEncryptionForcePlaintextAnnotationName = "shoot.gardener.cloud/etcd-encryption-force-plaintext-secrets"

	// EtcdEncryptionEncryptedResourceSecrets is the name of the secret resource to be encrypted
	EtcdEncryptionEncryptedResourceSecrets = "secrets"

	// EtcdEncryptionKeyPrefix is the prefix for the key name of the EncryptionConfiguration's key
	EtcdEncryptionKeyPrefix = "key"

	// EtcdEncryptionKeySecretLen is the expected length in bytes of the EncryptionConfiguration's key
	EtcdEncryptionKeySecretLen = 32

	// GardenRoleDefaultDomain is the value of the GardenRole key indicating type 'default-domain'.
	GardenRoleDefaultDomain = "default-domain"

	// GardenRoleInternalDomain is the value of the GardenRole key indicating type 'internal-domain'.
	GardenRoleInternalDomain = "internal-domain"

	// GardenRoleAlertingSMTP is the value of the GardenRole key indicating type 'alerting-smtp'.
	GardenRoleAlertingSMTP = "alerting-smtp"

	// GardenRoleOpenVPNDiffieHellman is the value of the GardenRole key indicating type 'openvpn-diffie-hellman'.
	GardenRoleOpenVPNDiffieHellman = "openvpn-diffie-hellman"

	// GardenRoleMembers is the value of GardenRole key indicating type 'members'.
	GardenRoleMembers = "members"

	// GardenRoleGlobalMonitoring is the value of the GardenRole key indicating type 'global-monitoring'
	GardenRoleGlobalMonitoring = "global-monitoring"

	// GardenRoleAlerting is the value of GardenRole key indicating type 'alerting'.
	GardenRoleAlerting = "alerting"

	// GardenRoleHvpa is the value of GardenRole key indicating type 'hvpa'.
	GardenRoleHvpa = "hvpa"

	// GardenCreatedBy is the key for an annotation of a Shoot cluster whose value indicates contains the username
	// of the user that created the resource.
	GardenCreatedBy = "gardener.cloud/created-by"

	// GardenCreatedByDeprecated is the key for an annotation of a Shoot cluster whose value indicates contains the username
	// of the user that created the resource.
	//
	// Deprecated: Use `GardenCreatedBy` instead.
	GardenCreatedByDeprecated = "garden.sapcloud.io/createdBy"

	// GrafanaOperatorsPrefix is a constant for a prefix used for the operators Grafana instance.
	GrafanaOperatorsPrefix = "go"

	// GrafanaUsersPrefix is a constant for a prefix used for the users Grafana instance.
	GrafanaUsersPrefix = "gu"

	// GrafanaOperatorsRole is a constant for the operators role.
	GrafanaOperatorsRole = "operators"

	// GrafanaUsersRole is a constant for the users role.
	GrafanaUsersRole = "users"

	// PrometheusPrefix is a constant for a prefix used for the Prometheus instance.
	PrometheusPrefix = "p"

	// AlertManagerPrefix is a constant for a prefix used for the AlertManager instance.
	AlertManagerPrefix = "au"

	// KibanaPrefix is a constant for a prefix used for the Kibana instance.
	KibanaPrefix = "k"

	// IngressPrefix is the part of a FQDN which will be used to construct the domain name for an ingress controller of
	// a Shoot cluster. For example, when a Shoot specifies domain 'cluster.example.com', the ingress domain would be
	// '*.<IngressPrefix>.cluster.example.com'.
	IngressPrefix = "ingress"

	// APIServerPrefix is the part of a FQDN which will be used to construct the domain name for the kube-apiserver of
	// a Shoot cluster. For example, when a Shoot specifies domain 'cluster.example.com', the apiserver domain would be
	// 'api.cluster.example.com'.
	APIServerPrefix = "api"

	// InternalDomainKey is a key which must be present in an internal domain constructed for a Shoot cluster. If the
	// configured internal domain already contains it, it won't be added twice. If it does not contain it, it will be
	// appended.
	InternalDomainKey = "internal"

	// KubeControllerManagerServerName is the name of the kube-controller-manager server.
	KubeControllerManagerServerName = "kube-controller-manager-server"

	// KubeSchedulerServerName is the name of the kube-scheduler server.
	KubeSchedulerServerName = "kube-scheduler-server"

	// CoreDNSDeploymentName is the name of the coredns deployment.
	CoreDNSDeploymentName = "coredns"

	// VPNShootDeploymentName is the name of the vpn-shoot deployment.
	VPNShootDeploymentName = "vpn-shoot"

	// MetricsServerDeploymentName is the name of the metrics-server deployment.
	MetricsServerDeploymentName = "metrics-server"

	// KubeProxyDaemonSetName is the name of the kube-proxy daemon set.
	KubeProxyDaemonSetName = "kube-proxy"

	// NodeProblemDetectorDaemonSetName is the name of the node-problem-detector daemon set.
	NodeProblemDetectorDaemonSetName = "node-problem-detector"

	// BlackboxExporterDeploymentName is the name of the blackbox-exporter deployment.
	BlackboxExporterDeploymentName = "blackbox-exporter"

	// NodeExporterDaemonSetName is the name of the node-exporter daemon set.
	NodeExporterDaemonSetName = "node-exporter"

	// KibanaAdminIngressCredentialsSecretName is the name of the secret which holds admin credentials.
	KibanaAdminIngressCredentialsSecretName = "logging-ingress-credentials"

	// KubecfgUsername is the username for the token used for the kubeconfig the shoot.
	KubecfgUsername = "system:cluster-admin"

	// KubecfgSecretName is the name of the kubecfg secret.
	KubecfgSecretName = "kubecfg"

	// DependencyWatchdogExternalProbeSecretName is the name of the kubecfg secret with internal DNS for external access.
	DependencyWatchdogExternalProbeSecretName = "dependency-watchdog-external-probe"

	// DependencyWatchdogInternalProbeSecretName is the name of the kubecfg secret with cluster IP access.
	DependencyWatchdogInternalProbeSecretName = "dependency-watchdog-internal-probe"

	// DependencyWatchdogUserName is the user name of the dependency-watchdog.
	DependencyWatchdogUserName = "gardener.cloud:system:dependency-watchdog"

	// DeprecatedKubecfgInternalProbeSecretName is the name of the kubecfg secret with cluster IP access.
	DeprecatedKubecfgInternalProbeSecretName = "kubecfg-internal"

	// KubeAPIServerHealthCheck is a key for the kube-apiserver-health-check user.
	KubeAPIServerHealthCheck = "kube-apiserver-health-check"

	// StaticTokenSecretName is the name of the secret containing static tokens for the kube-apiserver.
	StaticTokenSecretName = "static-token"

	// FluentBitDaemonSetName is the name of the fluent-bit daemon set.
	FluentBitDaemonSetName = "fluent-bit"

	// FluentdEsStatefulSetName is the name of the fluentd-es stateful set.
	FluentdEsStatefulSetName = "fluentd-es"

	// ProjectPrefix is the prefix of namespaces representing projects.
	ProjectPrefix = "garden-"

	// ProjectName is they key of a label on namespaces whose value holds the project name.
	ProjectName = "project.gardener.cloud/name"

	// ProjectNameDeprecated is they key of a label on namespaces whose value holds the project name.
	//
	// Deprecated: Use `ProjectName` instead.
	ProjectNameDeprecated = "project.garden.sapcloud.io/name"

	// NamespaceProject is they key of an annotation on namespace whose value holds the project uid.
	NamespaceProject = "namespace.gardener.cloud/project"

	// NamespaceProjectDeprecated is they key of an annotation on namespace whose value holds the project uid.
	//
	// Deprecated: Use `NamespaceProject` instead.
	NamespaceProjectDeprecated = "namespace.garden.sapcloud.io/project"

	// SecretRefChecksumAnnotation is the annotation key for checksum of referred secret in resource spec.
	SecretRefChecksumAnnotation = "checksum/secret.data"

	// ShootExperimentalAddonKyma is a constant for an annotation on the shoot stating that Kyma shall be installed.
	// TODO: Just a temporary solution. Remove this in a future version once Kyma is moved out again.
	ShootExperimentalAddonKyma = "experimental.addons.shoot.gardener.cloud/kyma"

	// ShootExpirationTimestamp is an annotation on a Shoot resource whose value represents the time when the Shoot lifetime
	// is expired. The lifetime can be extended, but at most by the minimal value of the 'clusterLifetimeDays' property
	// of referenced quotas.
	ShootExpirationTimestamp = "shoot.gardener.cloud/expiration-timestamp"

	// ShootExpirationTimestampDeprecated is an annotation on a Shoot resource whose value represents the time when the Shoot lifetime
	// is expired. The lifetime can be extended, but at most by the minimal value of the 'clusterLifetimeDays' property
	// of referenced quotas.
	//
	// Deprecated: Use `ShootExpirationTimestamp` instead.
	ShootExpirationTimestampDeprecated = "shoot.garden.sapcloud.io/expirationTimestamp"

	// ShootNoCleanup is a constant for a label on a resource indicating the the Gardener cleaner should not delete this
	// resource when cleaning a shoot during the deletion flow.
	ShootNoCleanup = "shoot.gardener.cloud/no-cleanup"

	// ShootStatus is a constant for a label on a Shoot resource indicating that the Shoot's health.
	ShootStatus = "shoot.gardener.cloud/status"

	// ShootStatusDeprecated is a constant for a label on a Shoot resource indicating that the Shoot's health.
	//
	// Deprecated: Use `ShootStatus` instead.
	ShootStatusDeprecated = "shoot.garden.sapcloud.io/status"

	// ShootOperationDeprecated is a constant for an annotation on a Shoot in a failed state indicating that an operation shall be performed.
	//
	// Deprecated: Use `v1beta1constants.GardenerOperation` instead.
	ShootOperationDeprecated = "shoot.garden.sapcloud.io/operation"

	// ShootOperationMaintain is a constant for an annotation on a Shoot indicating that the Shoot maintenance shall be executed as soon as
	// possible.
	ShootOperationMaintain = "maintain"

	// ShootOperationRotateKubeconfigCredentials is a constant for an annotation on a Shoot indicating that the credentials contained in the
	// kubeconfig that is handed out to the user shall be rotated.
	ShootOperationRotateKubeconfigCredentials = "rotate-kubeconfig-credentials"

	// ShootTasks is a constant for an annotation on a Shoot which states that certain tasks should be done.
	ShootTasks = "shoot.gardener.cloud/tasks"

	// ShootTasksDeprecated is a constant for an annotation on a Shoot which states that certain tasks should be done.
	//
	// Deprecated: Use `ShootTasks` instead.
	ShootTasksDeprecated = "shoot.garden.sapcloud.io/tasks"

	// ShootTaskDeployInfrastructure is a name for a Shoot's infrastructure deployment task.
	ShootTaskDeployInfrastructure = "deployInfrastructure"

	// ShootOperationRetry is a constant for an annotation on a Shoot indicating that a failed Shoot reconciliation shall be retried.
	ShootOperationRetry = "retry"

	// ShootOperationReconcile is a constant for an annotation on a Shoot indicating that a Shoot reconciliation shall be triggered.
	ShootOperationReconcile = "reconcile"

	// ShootSyncPeriod is a constant for an annotation on a Shoot which may be used to overwrite the global Shoot controller sync period.
	// The value must be a duration. It can also be used to disable the reconciliation at all by setting it to 0m. Disabling the reconciliation
	// does only mean that the period reconciliation is disabled. However, when the Gardener is restarted/redeployed or the specification is
	// changed then the reconciliation flow will be executed.
	ShootSyncPeriod = "shoot.gardener.cloud/sync-period"

	// ShootSyncPeriodDeprecated is a constant for an annotation on a Shoot which may be used to overwrite the global Shoot controller sync period.
	// The value must be a duration. It can also be used to disable the reconciliation at all by setting it to 0m. Disabling the reconciliation
	// does only mean that the period reconciliation is disabled. However, when the Gardener is restarted/redeployed or the specification is
	// changed then the reconciliation flow will be executed.
	//
	// Deprecated: Use `ShootSyncPeriod` instead.
	ShootSyncPeriodDeprecated = "shoot.garden.sapcloud.io/sync-period"

	// ShootIgnore is a constant for an annotation on a Shoot which may be used to tell the Gardener that the Shoot with this name should be
	// ignored completely. That means that the Shoot will never reach the reconciliation flow (independent of the operation (create/update/
	// delete)).
	ShootIgnore = "shoot.gardener.cloud/ignore"

	// ShootIgnoreDeprecated is a constant for an annotation on a Shoot which may be used to tell the Gardener that the Shoot with this name should be
	// ignored completely. That means that the Shoot will never reach the reconciliation flow (independent of the operation (create/update/
	// delete)).
	//
	// Deprecated: Use `ShootIgnore` instead.
	ShootIgnoreDeprecated = "shoot.garden.sapcloud.io/ignore"

	// BackupNamespacePrefix is a constant for backup namespace created for shoot's backup infrastructure related resources.
	BackupNamespacePrefix = "backup"

	// GardenerResourceManagerImageName is the name of the GardenerResourceManager image.
	GardenerResourceManagerImageName = "gardener-resource-manager"

	// CoreDNSImageName is the name of the CoreDNS image.
	CoreDNSImageName = "coredns"

	// NodeProblemDetectorImageName is the name of the node-problem-detector image.
	NodeProblemDetectorImageName = "node-problem-detector"

	// KubeAPIServerImageName is the name of the kube-apiserver image.
	KubeAPIServerImageName = "kube-apiserver"

	// KubeControllerManagerImageName is the name of the kube-controller-manager image.
	KubeControllerManagerImageName = "kube-controller-manager"

	// KubeSchedulerImageName is the name of the kube-scheduler image.
	KubeSchedulerImageName = "kube-scheduler"

	// KubeProxyImageName is the name of the kube-proxy image.
	KubeProxyImageName = "kube-proxy"

	// HyperkubeImageName is the name of the hyperkube image (used for kubectl + kubelet on the worker nodes).
	HyperkubeImageName = "hyperkube"

	// MetricsServerImageName is the name of the MetricsServer image.
	MetricsServerImageName = "metrics-server"

	// VPNShootImageName is the name of the VPNShoot image.
	VPNShootImageName = "vpn-shoot"

	// VPNSeedImageName is the name of the VPNSeed image.
	VPNSeedImageName = "vpn-seed"

	// NodeExporterImageName is the name of the NodeExporter image.
	NodeExporterImageName = "node-exporter"

	// KubernetesDashboardImageName is the name of the kubernetes-dashboard image.
	KubernetesDashboardImageName = "kubernetes-dashboard"

	// KubernetesDashboardMetricsScraperImageName is the name of the kubernetes-dashboard-metrics-scraper image.
	KubernetesDashboardMetricsScraperImageName = "kubernetes-dashboard-metrics-scraper"

	// BusyboxImageName is the name of the Busybox image.
	BusyboxImageName = "busybox"

	// NginxIngressControllerImageName is the name of the NginxIngressController image.
	NginxIngressControllerImageName = "nginx-ingress-controller"

	// IngressDefaultBackendImageName is the name of the IngressDefaultBackend image.
	IngressDefaultBackendImageName = "ingress-default-backend"

	// ClusterAutoscalerImageName is the name of the ClusterAutoscaler image.
	ClusterAutoscalerImageName = "cluster-autoscaler"

	// AlertManagerImageName is the name of the AlertManager image.
	AlertManagerImageName = "alertmanager"

	// ConfigMapReloaderImageName is the name of the ConfigMapReloader image.
	ConfigMapReloaderImageName = "configmap-reloader"

	// GrafanaImageName is the name of the Grafana image.
	GrafanaImageName = "grafana"

	// PrometheusImageName is the name of the Prometheus image.
	PrometheusImageName = "prometheus"

	// BlackboxExporterImageName is the name of the BlackboxExporter image.
	BlackboxExporterImageName = "blackbox-exporter"

	// KubeStateMetricsImageName is the name of the KubeStateMetrics image.
	KubeStateMetricsImageName = "kube-state-metrics"

	// ETCDImageName is the name of the ETCD image.
	ETCDImageName = "etcd"

	// PauseContainerImageName is the name of the PauseContainer image.
	PauseContainerImageName = "pause-container"

	// ElasticsearchImageName is the name of the Elastic-Search image used for logging
	ElasticsearchImageName = "elasticsearch-oss"

	// ElasticsearchMetricsExporterImageName is the name of the metrics exporter image used to fetch elasticsearch metrics.
	ElasticsearchMetricsExporterImageName = "elasticsearch-metrics-exporter"

	// ElasticsearchSearchguardImageName is the name of the Elastic-Search image with installed searchguard plugin used for logging
	ElasticsearchSearchguardImageName = "elasticsearch-searchguard-oss"

	// CuratorImageName is the name of the curator image used to alter the Elastic-search logs
	CuratorImageName = "curator-es"

	// KibanaImageName is the name of the Kibana image used for logging  UI
	KibanaImageName = "kibana-oss"

	// SearchguardImageName is the name of the Searchguard image used for updating the users and roles
	SearchguardImageName = "sg-sgadmin"

	// FluentdEsImageName is the image of the Fluentd image used for logging
	FluentdEsImageName = "fluentd-es"

	// FluentBitImageName is the image of Fluent-bit image
	FluentBitImageName = "fluent-bit"

	// AlpineImageName is the name of alpine image
	AlpineImageName = "alpine"

	// AlpineIptablesImageName is the name of the alpine image with pre-installed iptable rules
	AlpineIptablesImageName = "alpine-iptables"

	// SeedSpecHash is a constant for a label on `ControllerInstallation`s (similar to `pod-template-hash` on `Pod`s).
	SeedSpecHash = "seed-spec-hash"

	// RegistrationSpecHash is a constant for a label on `ControllerInstallation`s (similar to `pod-template-hash` on `Pod`s).
	RegistrationSpecHash = "registration-spec-hash"

	// VpaAdmissionControllerImageName is the name of the vpa-admission-controller image
	VpaAdmissionControllerImageName = "vpa-admission-controller"

	// VpaRecommenderImageName is the name of the vpa-recommender image
	VpaRecommenderImageName = "vpa-recommender"

	// VpaUpdaterImageName is the name of the vpa-updater image
	VpaUpdaterImageName = "vpa-updater"

	// VpaExporterImageName is the name of the vpa-exporter image
	VpaExporterImageName = "vpa-exporter"

	// HvpaControllerImageName is the name of the hvpa-controller image
	HvpaControllerImageName = "hvpa-controller"

	// DependencyWatchdogImageName is the name of the dependency-watchdog image
	DependencyWatchdogImageName = "dependency-watchdog"

	// ServiceAccountSigningKeySecretDataKey is the data key of a signing key Kubernetes secret.
	ServiceAccountSigningKeySecretDataKey = "signing-key"

	// ControlPlaneWildcardCert is the value of the GardenRole key indicating type 'controlplane-cert'.
	// It refers to a wildcard tls certificate which can be used for services exposed under the corresponding domain.
	ControlPlaneWildcardCert = "controlplane-cert"

	// AlertManagerTLS is the name of the secret resource which holds the TLS certificate for Alert Manager.
	AlertManagerTLS = "alertmanager-tls"
	// GrafanaTLS is the name of the secret resource which holds the TLS certificate for Grafana.
	GrafanaTLS = "grafana-tls"
	// PrometheusTLS is the name of the secret resource which holds the TLS certificate for Prometheus.
	PrometheusTLS = "prometheus-tls"
	// KibanaTLS is the name of the secret resource which holds the TLS certificate for Kibana.
	KibanaTLS = "kibana-tls"

	// EndUserCrtValidity is the time period a user facing certificate is valid.
	EndUserCrtValidity = 730 * 24 * time.Hour // ~2 years, see https://support.apple.com/en-us/HT210176
)

Variables

View Source 
var (
	// RequiredControlPlaneDeployments is a set of the required shoot control plane deployments
	// running in the seed.
	RequiredControlPlaneDeployments = sets.NewString(
		v1beta1constants.DeploymentNameGardenerResourceManager,
		v1beta1constants.DeploymentNameKubeAPIServer,
		v1beta1constants.DeploymentNameKubeControllerManager,
		v1beta1constants.DeploymentNameKubeScheduler,
	)

	// RequiredControlPlaneStatefulSets is a set of the required shoot control plane stateful
	// sets running in the seed.
	RequiredControlPlaneStatefulSets = sets.NewString(
		v1beta1constants.ETCDMain,
		v1beta1constants.ETCDEvents,
	)

	// RequiredSystemComponentDeployments is a set of the required system components.
	RequiredSystemComponentDeployments = sets.NewString(
		CoreDNSDeploymentName,
		VPNShootDeploymentName,
		MetricsServerDeploymentName,
	)

	// RequiredSystemComponentDaemonSets is a set of the required shoot control plane daemon sets.
	RequiredSystemComponentDaemonSets = sets.NewString(
		KubeProxyDaemonSetName,
		NodeProblemDetectorDaemonSetName,
	)

	// RequiredMonitoringSeedDeployments is a set of the required seed monitoring deployments.
	RequiredMonitoringSeedDeployments = sets.NewString(
		v1beta1constants.DeploymentNameGrafanaOperators,
		v1beta1constants.DeploymentNameGrafanaUsers,
		v1beta1constants.DeploymentNameKubeStateMetricsSeed,
		v1beta1constants.DeploymentNameKubeStateMetricsShoot,
	)

	// RequiredMonitoringShootDeployments is a set of the required shoot monitoring deployments.
	RequiredMonitoringShootDeployments = sets.NewString(
		BlackboxExporterDeploymentName,
	)

	// RequiredMonitoringShootDaemonSets is a set of the required shoot monitoring daemon sets.
	RequiredMonitoringShootDaemonSets = sets.NewString(
		NodeExporterDaemonSetName,
	)

	// RequiredLoggingStatefulSets is a set of the required logging stateful sets.
	RequiredLoggingStatefulSets = sets.NewString(
		v1beta1constants.StatefulSetNameElasticSearch,
	)

	// RequiredLoggingDeployments is a set of the required logging deployments.
	RequiredLoggingDeployments = sets.NewString(
		v1beta1constants.DeploymentNameKibana,
	)
)
View Source 
var GardenerDeletionGracePeriod = 5 * time.Minute

GardenerDeletionGracePeriod is the default grace period for Gardener's force deletion methods.

Functions

func AllPrivateNetworkBlocks 

func AllPrivateNetworkBlocks() []net.IPNet

AllPrivateNetworkBlocks returns a list of all Private network (RFC1918) and Carrier-grade NAT (RFC6598) IPv4 blocks.

func CarrierGradeNATBlock 

func CarrierGradeNATBlock() *net.IPNet

CarrierGradeNATBlock returns a Carrier-grade NAT (RFC6598) 100.64.0.0/10 IPv4 block

func ComputeOffsetIP added in v1.1.0 

func ComputeOffsetIP(subnet *net.IPNet, offset int64) (net.IP, error)

ComputeOffsetIP parses the provided <subnet> and offsets with the value of <offset>. For example, <subnet> = 100.64.0.0/11 and <offset> = 10 the result would be 100.64.0.10 IPv6 and IPv4 is supported.

func ComputeSecretCheckSum 

func ComputeSecretCheckSum(m map[string][]byte) string

ComputeSecretCheckSum computes the sha256 checksum of secret data.

func CurrentReplicaCount 

func CurrentReplicaCount(client client.Client, namespace, deploymentName string) (int32, error)

CurrentReplicaCount returns the current replicaCount for the given deployment.

func DeleteAlertmanager 

func DeleteAlertmanager(ctx context.Context, k8sClient client.Client, namespace string) error

DeleteAlertmanager deletes all resources of the Alertmanager in a given namespace.

func DeleteGrafanaByRole 

func DeleteGrafanaByRole(k8sClient kubernetes.Interface, namespace, role string) error

DeleteGrafanaByRole deletes the monitoring stack for the shoot owner.

func DeleteHvpa 

func DeleteHvpa(k8sClient kubernetes.Interface, namespace string) error

DeleteHvpa delete all resources required for the HVPA in the given namespace.

func DeleteLoggingStack 

func DeleteLoggingStack(ctx context.Context, k8sClient client.Client, namespace string) error

DeleteLoggingStack deletes all resource of the EFK logging stack in the given namespace.

func EffectiveMaintenanceTimeWindow 

func EffectiveMaintenanceTimeWindow(timeWindow *utils.MaintenanceTimeWindow) *utils.MaintenanceTimeWindow

EffectiveMaintenanceTimeWindow cuts a maintenance time window at the end with a guess of 15 minutes. It is subtracted from the end of a maintenance time window to use a best-effort kind of finishing the operation before the end. Generally, we can't make sure that the maintenance operation is done by the end of the time window anyway (considering large clusters with hundreds of nodes, a rolling update will take several hours).

func EffectiveShootMaintenanceTimeWindow 

func EffectiveShootMaintenanceTimeWindow(shoot *gardencorev1beta1.Shoot) *utils.MaintenanceTimeWindow

EffectiveShootMaintenanceTimeWindow returns the effective MaintenanceTimeWindow of the given Shoot.

func ExceptNetworks 

func ExceptNetworks(networks []string, except ...string) ([]interface{}, error)

ExceptNetworks returns a list of maps with `network` key containing one of `networks` and `except` key containgn list of `cidr` which are part of those CIDRs.

Calling `ExceptNetworks([]garden.CIDR{"10.0.0.0/8","172.16.0.0/12"},"10.10.0.0/24","172.16.1.0/24")` produces:

[ 

{"network": "10.0.0.0/8", "except": ["10.10.0.0/24"]},
{"network": "172.16.0.0/12", "except": ["172.16.1.0/24"]},

]

func ExtractShootDetailsFromBackupEntryName 

func ExtractShootDetailsFromBackupEntryName(backupEntryName string) (shootTechnicalID, shootUID string)

ExtractShootDetailsFromBackupEntryName returns Shoot resource technicalID its UID from provided <backupEntryName>.

func GardenEtcdEncryptionSecretKey 

func GardenEtcdEncryptionSecretKey(shootNamespace, shootName string) client.ObjectKey

GardenEtcdEncryptionSecretKey is the key to the 'backup' of the etcd encryption secret in the Garden cluster.

func GenerateAddonConfig 

func GenerateAddonConfig(values map[string]interface{}, enabled bool) map[string]interface{}

GenerateAddonConfig returns the provided <values> in case <enabled> is true. Otherwise, nil is being returned.

func GenerateBackupEntryName 

func GenerateBackupEntryName(seedNamespace string, shootUID types.UID) string

GenerateBackupEntryName returns BackupEntry resource name created from provided <seedNamespace> and <shootUID>.

func GetAPIServerDomain 

func GetAPIServerDomain(domain string) string

GetAPIServerDomain returns the fully qualified domain name of for the api-server for the Shoot cluster. The end result is 'api.<domain>'.

func GetConfirmationDeletionAnnotation added in v1.0.0 

func GetConfirmationDeletionAnnotation(annotations map[string]string) (string, bool)

GetConfirmationDeletionAnnotation fetches the value for ConfirmationDeletion annotation. If not present, it fallbacks to ConfirmationDeletionDeprecated.

func GetDomainInfoFromAnnotations 

func GetDomainInfoFromAnnotations(annotations map[string]string) (provider string, domain string, includeZones, excludeZones []string, err error)

GetDomainInfoFromAnnotations returns the provider and the domain that is specified in the give annotations.

func GetSecretFromSecretRef 

func GetSecretFromSecretRef(ctx context.Context, c client.Client, secretRef *corev1.SecretReference) (*corev1.Secret, error)

GetSecretFromSecretRef gets the Secret object from <secretRef>.

func GetSecretKeysWithPrefix 

func GetSecretKeysWithPrefix(kind string, m map[string]*corev1.Secret) []string

GetSecretKeysWithPrefix returns a list of keys of the given map <m> which are prefixed with <kind>.

func GetServiceAccountSigningKeySecret 

func GetServiceAccountSigningKeySecret(ctx context.Context, c client.Client, shootNamespace, secretName string) (string, error)

GetServiceAccountSigningKeySecret gets the signing key from the secret with the given name and namespace.

func GetShootExpirationTimestampAnnotation added in v1.0.0 

func GetShootExpirationTimestampAnnotation(annotations map[string]string) (string, bool)

GetShootExpirationTimestampAnnotation fetches the value for ShootExpirationTimestamp annotation. If not present, it fallbacks to ShootExpirationTimestampDeprecated.

func GetShootIgnoreAnnotation added in v1.0.0 

func GetShootIgnoreAnnotation(annotations map[string]string) (string, bool)

GetShootIgnoreAnnotation fetches the value for ShootIgnore annotation. If not present, it fallbacks to ShootIgnoreDeprecated.

func GetShootOperationAnnotation added in v1.0.0 

func GetShootOperationAnnotation(annotations map[string]string) (string, bool)

GetShootOperationAnnotation fetches the value for v1beta1constants.GardenerOperation annotation. If not present, it fallbacks to ShootOperationDeprecated.

func GetShootSyncPeriodAnnotation added in v1.0.0 

func GetShootSyncPeriodAnnotation(annotations map[string]string) (string, bool)

GetShootSyncPeriodAnnotation fetches the value for ShootSyncPeriod annotation. If not present, it fallbacks to ShootSyncPeriodDeprecated.

func GetTasksAnnotation added in v1.0.0 

func GetTasksAnnotation(annotations map[string]string) (string, bool)

GetTasksAnnotation fetches the value for ShootTasks annotation. If not present, it fallbacks to ShootTasksDeprecated.

func IsFollowingNewNamingConvention 

func IsFollowingNewNamingConvention(seedNamespace string) bool

IsFollowingNewNamingConvention determines whether the new naming convention followed for shoot resources. TODO: Remove this and use only "--" as separator, once we have all shoots deployed as per new naming conventions.

func IsNowInEffectiveShootMaintenanceTimeWindow 

func IsNowInEffectiveShootMaintenanceTimeWindow(shoot *gardencorev1beta1.Shoot) bool

IsNowInEffectiveShootMaintenanceTimeWindow checks if the current time is in the effective maintenance time window of the Shoot.

func IsObservedAtLatestGenerationAndSucceeded 

func IsObservedAtLatestGenerationAndSucceeded(shoot *gardencorev1beta1.Shoot) bool

IsObservedAtLatestGenerationAndSucceeded checks whether the Shoot's generation has changed or if the LastOperation status is Succeeded.

func IsShootFailed 

func IsShootFailed(shoot *gardencorev1beta1.Shoot) bool

IsShootFailed checks if a Shoot is failed.

func MergeOwnerReferences 

func MergeOwnerReferences(references []metav1.OwnerReference, newReferences ...metav1.OwnerReference) []metav1.OwnerReference

MergeOwnerReferences merges the newReferences with the list of existing references.

func Private12BitBlock 

func Private12BitBlock() *net.IPNet

Private12BitBlock returns a private network (RFC1918) 172.16.0.0/12 IPv4 block

func Private16BitBlock 

func Private16BitBlock() *net.IPNet

Private16BitBlock returns a private network (RFC1918) 192.168.0.0/16 IPv4 block

func Private8BitBlock 

func Private8BitBlock() *net.IPNet

Private8BitBlock returns a private network (RFC1918) 10.0.0.0/8 IPv4 block

func ProjectForNamespace 

func ProjectForNamespace(projectLister gardencorelisters.ProjectLister, namespaceName string) (*gardencorev1beta1.Project, error)

ProjectForNamespace returns the project object responsible for a given <namespace>. It tries to identify the project object by looking for the namespace name in the project statuses.

func ProjectNameForNamespace 

func ProjectNameForNamespace(namespace *corev1.Namespace) string

ProjectNameForNamespace determines the project name for a given <namespace>. It tries to identify it first per the namespace's ownerReferences. If it doesn't help then it will check whether the project name is a label on the namespace object. If it doesn't help then the name can be inferred from the namespace name in case it is prefixed with the project prefix. If none of those approaches the namespace name itself is returned as project name.

func ReadLeaderElectionRecord 

func ReadLeaderElectionRecord(k8sClient kubernetes.Interface, lock, namespace, name string) (*resourcelock.LeaderElectionRecord, error)

ReadLeaderElectionRecord returns the leader election record for a given lock type and a namespace/name combination.

func ReadServiceAccountSigningKeySecret 

func ReadServiceAccountSigningKeySecret(secret *corev1.Secret) (string, error)

ReadServiceAccountSigningKeySecret reads the signing key secret to extract the signing key. It errors if there is no value at ServiceAccountSigningKeySecretDataKey.

func ReplaceCloudProviderConfigKey 

func ReplaceCloudProviderConfigKey(cloudProviderConfig, separator, key, value string) string

ReplaceCloudProviderConfigKey replaces a key with the new value in the given cloud provider config.

func RespectShootSyncPeriodOverwrite 

func RespectShootSyncPeriodOverwrite(respectSyncPeriodOverwrite bool, shoot *gardencorev1beta1.Shoot) bool

RespectShootSyncPeriodOverwrite checks whether to respect the sync period overwrite of a Shoot or not.

func ShouldIgnoreShoot 

func ShouldIgnoreShoot(respectSyncPeriodOverwrite bool, shoot *gardencorev1beta1.Shoot) bool

ShouldIgnoreShoot determines whether a Shoot should be ignored or not.

func ShouldObjectBeRemoved 

func ShouldObjectBeRemoved(obj metav1.Object, gracePeriod time.Duration) bool

ShouldObjectBeRemoved determines whether the given object should be gone now. This is calculated by first checking the deletion timestamp of an object: If the deletion timestamp is unset, the object should not be removed - i.e. this returns false. Otherwise, it is checked whether the deletionTimestamp is before the current time minus the grace period.

func SyncPeriodOfShoot 

func SyncPeriodOfShoot(respectSyncPeriodOverwrite bool, defaultMinSyncPeriod time.Duration, shoot *gardencorev1beta1.Shoot) time.Duration

SyncPeriodOfShoot determines the sync period of the given shoot.

If no overwrite is allowed, the defaultMinSyncPeriod is returned. Otherwise, the overwrite is parsed. If an error occurs or it is smaller than the defaultMinSyncPeriod, the defaultMinSyncPeriod is returned. Otherwise, the overwrite is returned.

func ToExceptNetworks 

func ToExceptNetworks(networks []net.IPNet, except ...string) ([]interface{}, error)

ToExceptNetworks returns a list of maps with `network` key containing one of `networks` and `except` key containgn list of `cidr` which are part of those CIDRs.

Calling `ToExceptNetworks(AllPrivateNetworkBlocks(),"10.10.0.0/24","172.16.1.0/24","192.168.1.0/24","100.64.1.0/24")` produces:

[ 

{"network": "10.0.0.0/8", "except": ["10.10.0.0/24"]},
{"network": "172.16.0.0/12", "except": ["172.16.1.0/24"]},
{"network": "192.168.0.0/16", "except": ["192.168.1.0/24"]},
{"network": "100.64.0.0/10", "except": ["100.64.1.0/24"]},

]

Types

This section is empty.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.