gardener

package
v1.107.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 12, 2024 License: Apache-2.0 Imports: 62 Imported by: 39

Documentation

Index

Constants

View Source
const (
	// DNSProvider is the key for an annotation on a Kubernetes Secret object whose value must point to a valid
	// DNS provider.
	DNSProvider = "dns.gardener.cloud/provider"
	// DNSDomain is the key for an annotation on a Kubernetes Secret object whose value must point to a valid
	// domain name.
	DNSDomain = "dns.gardener.cloud/domain"
	// DNSDefaultDomainPriority is the priority of the default domain. In case of multiple default domains
	// the default domain with the highest priority is selected per default for new shoots.
	DNSDefaultDomainPriority = "dns.gardener.cloud/domain-default-priority"
	// DNSZone is the key for an annotation on a Kubernetes Secret object whose value must point to a valid
	// DNS hosted zone id.
	DNSZone = "dns.gardener.cloud/zone"

	// APIServerFQDNPrefix is the part of a FQDN which will be used to construct the domain name for the kube-apiserver of
	// a Shoot cluster. For example, when a Shoot specifies domain 'cluster.example.com', the apiserver domain would be
	// 'api.cluster.example.com'.
	APIServerFQDNPrefix = "api"
	// OwnerFQDNPrefix is the part of a FQDN which will be used to construct the domain name for the owner of
	// a Shoot cluster. For example, when a Shoot specifies domain 'cluster.example.com', the owner domain would be
	// 'owner.cluster.example.com'.
	OwnerFQDNPrefix = "owner"
	// IngressPrefix is the part of a FQDN which will be used to construct the domain name for an ingress controller of
	// a Shoot cluster. For example, when a Shoot specifies domain 'cluster.example.com', the ingress domain would be
	// '*.<IngressPrefix>.cluster.example.com'.
	IngressPrefix = "ingress"
	// InternalDomainKey is a key which must be present in an internal domain constructed for a Shoot cluster. If the
	// configured internal domain already contains it, it won't be added twice. If it does not contain it, it will be
	// appended.
	InternalDomainKey = "internal"

	// AnnotationKeyIPStack is the annotation key to set the IP stack for a DNSRecord.
	// This can be used to create different type of records, e.g. A vs. AAAA records.
	AnnotationKeyIPStack = "dns.gardener.cloud/ip-stack"
	// AnnotationValueIPStackIPv4 is the annotation value for ipv4-only.
	AnnotationValueIPStackIPv4 = "ipv4"
	// AnnotationValueIPStackIPv6 is the annotation value for ipv6-only.
	AnnotationValueIPStackIPv6 = "ipv6"
	// AnnotationValueIPStackIPDualStack is the annotation value for dual-stack, i.e. ipv4 and ipv6.
	AnnotationValueIPStackIPDualStack = "dual-stack"
)
View Source
const (
	// SecretNamePrefixGardenAccess is the prefix of all secrets containing credentials for accessing the garden cluster.
	SecretNamePrefixGardenAccess = "garden-access-"
	// VolumeMountPathGenericGardenKubeconfig is a constant for the path to which the generic garden kubeconfig will be mounted.
	VolumeMountPathGenericGardenKubeconfig = "/var/run/secrets/gardener.cloud/garden/generic-kubeconfig"
	// PathGardenToken is a constant for the path at which the garden token file is accessible.
	PathGardenToken = VolumeMountPathGenericGardenKubeconfig + "/" + resourcesv1alpha1.DataKeyToken
	// PathGenericGardenKubeconfig is a constant for the path at which the kubeconfig file is accessible.
	PathGenericGardenKubeconfig = VolumeMountPathGenericGardenKubeconfig + "/" + secrets.DataKeyKubeconfig
)
View Source
const (

	// MachineSetKind is the kind of the owner reference of a machine set
	MachineSetKind = "MachineSet"
	// MachineDeploymentKind is the kind of the owner reference of a machine deployment
	MachineDeploymentKind = "MachineDeployment"
	// NodeLeasePrefix describes the Prefix of the lease that this node is corresponding to
	NodeLeasePrefix = "gardener-node-agent-"
)
View Source
const (
	// ShootProjectSecretSuffixKubeconfig is a constant for a shoot project secret with suffix 'kubeconfig'.
	ShootProjectSecretSuffixKubeconfig = "kubeconfig"
	// ShootProjectSecretSuffixCACluster is a constant for a shoot project secret with suffix 'ca-cluster'.
	//
	// Deprecated: This constant is deprecated in favor of ShootProjectConfigMapSuffixCACluster
	ShootProjectSecretSuffixCACluster = "ca-cluster"
	// ShootProjectSecretSuffixCAClient is a constant for a shoot project secret with suffix 'ca-client'.
	ShootProjectSecretSuffixCAClient = "ca-client"
	// ShootProjectSecretSuffixSSHKeypair is a constant for a shoot project secret with suffix 'ssh-keypair'.
	ShootProjectSecretSuffixSSHKeypair = v1beta1constants.SecretNameSSHKeyPair
	// ShootProjectSecretSuffixOldSSHKeypair is a constant for a shoot project secret with suffix 'ssh-keypair.old'.
	ShootProjectSecretSuffixOldSSHKeypair = v1beta1constants.SecretNameSSHKeyPair + ".old"
	// ShootProjectSecretSuffixMonitoring is a constant for a shoot project secret with suffix 'monitoring'.
	ShootProjectSecretSuffixMonitoring = "monitoring"
	// ShootProjectConfigMapSuffixCACluster is a constant for a shoot project secret with suffix 'ca-cluster'.
	ShootProjectConfigMapSuffixCACluster = "ca-cluster"
)
View Source
const (
	// SecretNamePrefixShootAccess is the prefix of all secrets containing credentials for accessing shoot clusters.
	SecretNamePrefixShootAccess = "shoot-access-"
	// VolumeMountPathGenericKubeconfig is a constant for the path to which the generic shoot kubeconfig will be mounted.
	VolumeMountPathGenericKubeconfig = "/var/run/secrets/gardener.cloud/shoot/generic-kubeconfig"
	// PathShootToken is a constant for the path at which the shoot token file is accessible.
	PathShootToken = VolumeMountPathGenericKubeconfig + "/" + resourcesv1alpha1.DataKeyToken
	// PathGenericKubeconfig is a constant for the path at which the kubeconfig file is accessible.
	PathGenericKubeconfig = VolumeMountPathGenericKubeconfig + "/" + secrets.DataKeyKubeconfig
)
View Source
const (
	// DeletionProtected is a label on CustomResourceDefinitions indicating that the deletion is protected, i.e.
	// it must be confirmed with the `confirmation.gardener.cloud/deletion=true` annotation before a `DELETE` call
	// is accepted.
	DeletionProtected = "gardener.cloud/deletion-protected"
)
View Source
const LabelPurposeGlobalMonitoringSecret = "global-monitoring-secret-replica"

LabelPurposeGlobalMonitoringSecret is a constant for the value of the purpose label for replicated global monitoring secrets.

View Source
const ProjectNamespacePrefix = "garden-"

ProjectNamespacePrefix is the prefix of namespaces representing projects.

View Source
const (
	// SeedNamespaceNamePrefix is the prefix used for seed namespaces.
	SeedNamespaceNamePrefix = "seed-"
)

Variables

View Source
var (
	// NoControlPlaneSecretsReq is a label selector requirement to select non-control plane secrets.
	NoControlPlaneSecretsReq = utils.MustNewRequirement(v1beta1constants.GardenRole, selection.NotIn, v1beta1constants.ControlPlaneSecretRoles...)
	// UncontrolledSecretSelector is a selector for objects which are managed by operators/users and not created by
	// Gardener controllers.
	UncontrolledSecretSelector = client.MatchingLabelsSelector{Selector: labels.NewSelector().Add(NoControlPlaneSecretsReq)}
)
View Source
var TimeNow = time.Now

TimeNow returns the current time. Exposed for testing.

Functions

func BuildCloudProfileReference added in v1.101.0

func BuildCloudProfileReference(shoot *gardencorev1beta1.Shoot) *gardencorev1beta1.CloudProfileReference

BuildCloudProfileReference determines and returns the CloudProfile reference of the given shoot, depending on the availability of cloudProfileName and cloudProfile.

func BuildOwnerToMachineSetsMap added in v1.82.0

func BuildOwnerToMachineSetsMap(machineSets []machinev1alpha1.MachineSet) map[string][]machinev1alpha1.MachineSet

BuildOwnerToMachineSetsMap returns a map that associates `MachineDeployment` names to the given `machineSets`.

func BuildOwnerToMachinesMap added in v1.82.0

func BuildOwnerToMachinesMap(machines []machinev1alpha1.Machine) map[string][]machinev1alpha1.Machine

BuildOwnerToMachinesMap returns a map that associates `MachineSet` names to the given `machines`.

func CheckIfDeletionIsConfirmed added in v1.21.0

func CheckIfDeletionIsConfirmed(obj client.Object) error

CheckIfDeletionIsConfirmed returns whether the deletion of an object is confirmed or not.

func ComputeGardenNamespace

func ComputeGardenNamespace(seedName string) string

ComputeGardenNamespace returns the name of the namespace belonging to the given seed in the Garden cluster.

func ComputeManagedShootIssuerSecretName added in v1.91.0

func ComputeManagedShootIssuerSecretName(projectName string, shootUID types.UID) string

ComputeManagedShootIssuerSecretName returns the name that should be used for storing the service account public keys of a shoot's kube-apiserver in the gardener-system-shoot-issuer namespace in the Garden cluster.

func ComputeRequiredExtensionsForSeed added in v1.72.0

func ComputeRequiredExtensionsForSeed(seed *gardencorev1beta1.Seed) sets.Set[string]

ComputeRequiredExtensionsForSeed computes the extension kind/type combinations that are required for the seed reconciliation flow.

func ComputeRequiredExtensionsForShoot added in v1.72.0

func ComputeRequiredExtensionsForShoot(shoot *gardencorev1beta1.Shoot, seed *gardencorev1beta1.Seed, controllerRegistrationList *gardencorev1beta1.ControllerRegistrationList, internalDomain, externalDomain *Domain) sets.Set[string]

ComputeRequiredExtensionsForShoot computes the extension kind/type combinations that are required for the shoot reconciliation flow.

func ComputeSeedName

func ComputeSeedName(seedNamespaceName string) string

ComputeSeedName computes the name of the seed out of the seed namespace in the Garden cluster.

func ComputeShootProjectResourceName added in v1.89.0

func ComputeShootProjectResourceName(shootName, suffix string) string

ComputeShootProjectResourceName computes the name of a shoot-related project resource.

func ComputeTechnicalID added in v1.79.0

func ComputeTechnicalID(projectName string, shoot *gardencorev1beta1.Shoot) string

ComputeTechnicalID determines the technical id of the given Shoot which is later used for the name of the namespace and for tagging all the resources created in the infrastructure.

func ConfirmDeletion added in v1.21.0

func ConfirmDeletion(ctx context.Context, w client.Writer, obj client.Object) error

ConfirmDeletion adds Gardener's deletion confirmation and timestamp annotation to the given object and sends a PATCH request.

func ConstructExternalClusterDomain added in v1.66.0

func ConstructExternalClusterDomain(shoot *gardencorev1beta1.Shoot) *string

ConstructExternalClusterDomain constructs the external Shoot cluster domain, i.e. the domain which will be put into the Kubeconfig handed out to the user.

func ConstructInternalClusterDomain added in v1.66.0

func ConstructInternalClusterDomain(shootName, shootProject string, internalDomain *Domain) string

ConstructInternalClusterDomain constructs the internal base domain for this shoot cluster. It is only used for internal purposes (all kubeconfigs except the one which is received by the user will only talk with the kube-apiserver via a DNS record of domain). In case the given <internalDomain> already contains "internal", the result is constructed as "<shootName>.<shootProject>.<internalDomain>." In case it does not, the word "internal" will be appended, resulting in "<shootName>.<shootProject>.internal.<internalDomain>".

func DefaultGVKsForEncryption added in v1.86.0

func DefaultGVKsForEncryption() []schema.GroupVersionKind

DefaultGVKsForEncryption returns the list of GroupVersionKinds which are encrypted by default.

func DefaultGardenerGVKsForEncryption added in v1.86.0

func DefaultGardenerGVKsForEncryption() []schema.GroupVersionKind

DefaultGardenerGVKsForEncryption returns the list of GroupVersionKinds served by Gardener API Server which are encrypted by default.

func DefaultGardenerResourcesForEncryption added in v1.86.0

func DefaultGardenerResourcesForEncryption() sets.Set[string]

DefaultGardenerResourcesForEncryption returns the list of resources served by Gardener API Server which are encrypted by default.

func DefaultResourcesForEncryption added in v1.86.0

func DefaultResourcesForEncryption() sets.Set[string]

DefaultResourcesForEncryption returns the list of resources which are encrypted by default.

func DeleteVPAForGardenerComponent added in v1.102.0

func DeleteVPAForGardenerComponent(ctx context.Context, c client.Client, name, namespace string) error

DeleteVPAForGardenerComponent deletes a VPA for a Gardener component.

func DetermineIdentity added in v1.61.0

func DetermineIdentity() (*gardencorev1beta1.Gardener, error)

DetermineIdentity determines the Gardener component identity. We want to determine the Docker container id of the currently running instance because we need to identify for still ongoing operations whether another instance is still operating the respective Shoots. When running locally, we generate a random string because there is no container id.

func EffectiveMaintenanceTimeWindow added in v1.21.0

func EffectiveMaintenanceTimeWindow(timeWindow *timewindow.MaintenanceTimeWindow) *timewindow.MaintenanceTimeWindow

EffectiveMaintenanceTimeWindow cuts a maintenance time window at the end with a guess of 15 minutes. It is subtracted from the end of a maintenance time window to use a best-effort kind of finishing the operation before the end. Generally, we can't make sure that the maintenance operation is done by the end of the time window anyway (considering large clusters with hundreds of nodes, a rolling update will take several hours).

func EffectiveShootMaintenanceTimeWindow added in v1.21.0

func EffectiveShootMaintenanceTimeWindow(shoot *gardencorev1beta1.Shoot) *timewindow.MaintenanceTimeWindow

EffectiveShootMaintenanceTimeWindow returns the effective MaintenanceTimeWindow of the given Shoot.

func ExtensionsID added in v1.66.0

func ExtensionsID(extensionKind, extensionType string) string

ExtensionsID returns an identifier for the given extension kind/type.

func ExtractShootDetailsFromBackupEntryName added in v1.24.0

func ExtractShootDetailsFromBackupEntryName(backupEntryName string) (shootTechnicalID string, shootUID types.UID)

ExtractShootDetailsFromBackupEntryName returns Shoot resource technicalID its UID from provided <backupEntryName>.

func ExtractSystemComponentsTolerations added in v1.63.0

func ExtractSystemComponentsTolerations(workers []gardencorev1beta1.Worker) []corev1.Toleration

ExtractSystemComponentsTolerations returns tolerations that are required to schedule shoot system components on the given workers. Tolerations are only considered for workers which have `SystemComponents.Allow: true`.

func FetchKubeconfigFromSecret added in v1.75.0

func FetchKubeconfigFromSecret(ctx context.Context, c client.Client, key client.ObjectKey) ([]byte, error)

FetchKubeconfigFromSecret tries to retrieve the kubeconfig bytes in given secret.

func GenerateBackupEntryName added in v1.24.0

func GenerateBackupEntryName(shootTechnicalID string, shootUID types.UID) (string, error)

GenerateBackupEntryName returns BackupEntry resource name created from provided <seedNamespace> and <shootUID>.

func GenerateDNSProviderName added in v1.21.0

func GenerateDNSProviderName(secretName, providerType string) string

GenerateDNSProviderName creates a name for the dns provider out of the passed `secretName` and `providerType`.

func GetAPIServerDomain added in v1.21.0

func GetAPIServerDomain(domain string) string

GetAPIServerDomain returns the fully qualified domain name for the api-server of the Shoot cluster. The end result is 'api.<domain>'.

func GetBackupEntrySeedNames added in v1.62.0

func GetBackupEntrySeedNames(obj client.Object) (*string, *string)

GetBackupEntrySeedNames returns the spec.seedName and the status.seedName field in case the provided object is a BackupEntry.

func GetCloudProfile added in v1.101.0

func GetCloudProfile(ctx context.Context, reader client.Reader, shoot *gardencorev1beta1.Shoot) (*gardencorev1beta1.CloudProfile, error)

GetCloudProfile determines whether the given shoot references a CloudProfile or a NamespacedCloudProfile and returns the appropriate object.

func GetDomainInfoFromAnnotations added in v1.21.0

func GetDomainInfoFromAnnotations(annotations map[string]string) (provider string, domain string, zone string, err error)

GetDomainInfoFromAnnotations returns the provider, domain, and zones that are specified in the given annotations.

func GetIPStackForSeed added in v1.90.0

func GetIPStackForSeed(seed *gardencorev1beta1.Seed) string

GetIPStackForSeed returns the value for the AnnotationKeyIPStack annotation based on the given seed. It falls back to IPv4 if no IP families are available.

func GetIPStackForShoot added in v1.90.0

func GetIPStackForShoot(shoot *gardencorev1beta1.Shoot) string

GetIPStackForShoot returns the value for the AnnotationKeyIPStack annotation based on the given shoot. It falls back to IPv4 if no IP families are available, e.g. in a workerless shoot cluster.

func GetMandatoryExposureClassHandlerSNILabels added in v1.27.0

func GetMandatoryExposureClassHandlerSNILabels(labels map[string]string, exposureClassName string) map[string]string

GetMandatoryExposureClassHandlerSNILabels get the labels of an ExposureClass Handler plus its name and will add the mandatory SNI labels for ExposureClass handlers to it. Existing label keys will be overridden by the mandatory labels keys.

func GetOwnerDomain added in v1.32.0

func GetOwnerDomain(domain string) string

GetOwnerDomain returns the fully qualified domain name for the owner of the Shoot cluster. The end result is 'owner.<domain>'.

func GetResponsibleSeedName added in v1.62.0

func GetResponsibleSeedName(specSeedName, statusSeedName *string) string

GetResponsibleSeedName returns the seed name which is responsible for the next reconciliation.

func GetShootConditionTypes added in v1.84.0

func GetShootConditionTypes(workerless bool) []gardencorev1beta1.ConditionType

GetShootConditionTypes returns all known shoot condition types.

func GetShootNameFromOwnerReferences added in v1.22.0

func GetShootNameFromOwnerReferences(objectMeta metav1.Object) string

GetShootNameFromOwnerReferences attempts to get the name of the Shoot object which owns the passed in object. If it is not owned by a Shoot, an empty string is returned.

func GetShootProjectConfigMapSuffixes added in v1.89.0

func GetShootProjectConfigMapSuffixes() []string

GetShootProjectConfigMapSuffixes returns the list of shoot-related project config map suffixes.

func GetShootProjectInternalSecretSuffixes added in v1.74.0

func GetShootProjectInternalSecretSuffixes() []string

GetShootProjectInternalSecretSuffixes returns the list of shoot-related project internal secret suffixes.

func GetShootProjectSecretSuffixes added in v1.24.0

func GetShootProjectSecretSuffixes() []string

GetShootProjectSecretSuffixes returns the list of shoot-related project secret suffixes.

func GetShootSeedNames added in v1.62.0

func GetShootSeedNames(obj client.Object) (*string, *string)

GetShootSeedNames returns the spec.seedName and the status.seedName field in case the provided object is a Shoot.

func GetWildcardCertificate added in v1.59.0

func GetWildcardCertificate(ctx context.Context, c client.Client) (*corev1.Secret, error)

GetWildcardCertificate gets the wildcard certificate for the ingress domain. Nil is returned if no wildcard certificate is configured.

func InjectGenericGardenKubeconfig added in v1.75.0

func InjectGenericGardenKubeconfig(obj runtime.Object, genericKubeconfigName, accessSecretName, mountPath string, containerNames ...string) error

InjectGenericGardenKubeconfig injects the volumes, volume mounts, and env vars for the generic garden kubeconfig into the provided object. The access secret name must be the name of a secret containing a JWT token which should be used by the kubeconfig. The mount path is important to match the token path configured in the generic kubeconfig. If containerNames are not specified, the adjustments happen for all containers. If any of the containers in the object already has the GARDEN_KUBECONFIG env var, the object is not mutated.

func InjectGenericKubeconfig added in v1.36.0

func InjectGenericKubeconfig(obj runtime.Object, genericKubeconfigName, accessSecretName string, containerNames ...string) error

InjectGenericKubeconfig injects the volumes and volume mounts for the generic shoot kubeconfig into the provided object. The access secret name must be the name of a secret containing a JWT token which should be used by the kubeconfig. If the object has multiple containers then the default is to inject it into all of them. If it should only be done for a selection of containers then their respective names must be provided.

func InjectNetworkPolicyAnnotationsForGardenScrapeTargets added in v1.93.0

func InjectNetworkPolicyAnnotationsForGardenScrapeTargets(service *corev1.Service, ports ...networkingv1.NetworkPolicyPort) error

InjectNetworkPolicyAnnotationsForGardenScrapeTargets injects the provided ports into the `networking.resources.gardener.cloud/from-all-garden-scrape-targets-allowed-ports` annotation of the given service.

func InjectNetworkPolicyAnnotationsForScrapeTargets added in v1.65.0

func InjectNetworkPolicyAnnotationsForScrapeTargets(service *corev1.Service, ports ...networkingv1.NetworkPolicyPort) error

InjectNetworkPolicyAnnotationsForScrapeTargets injects the provided ports into the `networking.resources.gardener.cloud/from-all-scrape-targets-allowed-ports` annotation of the given service.

func InjectNetworkPolicyAnnotationsForSeedScrapeTargets added in v1.67.0

func InjectNetworkPolicyAnnotationsForSeedScrapeTargets(service *corev1.Service, ports ...networkingv1.NetworkPolicyPort) error

InjectNetworkPolicyAnnotationsForSeedScrapeTargets injects the provided ports into the `networking.resources.gardener.cloud/from-all-seed-scrape-targets-allowed-ports` annotation of the given service.

func InjectNetworkPolicyAnnotationsForWebhookTargets added in v1.71.0

func InjectNetworkPolicyAnnotationsForWebhookTargets(service *corev1.Service, ports ...networkingv1.NetworkPolicyPort) error

InjectNetworkPolicyAnnotationsForWebhookTargets injects the provided ports into the `networking.resources.gardener.cloud/from-all-webhook-targets-allowed-ports` annotation of the given service.

func InjectNetworkPolicyNamespaceSelectors added in v1.65.0

func InjectNetworkPolicyNamespaceSelectors(service *corev1.Service, selectors ...metav1.LabelSelector) error

InjectNetworkPolicyNamespaceSelectors injects the provided selectors into the `networking.resources.gardener.cloud/namespace-selectors` annotation of the given service.

func IsIncompleteDNSConfigError added in v1.66.0

func IsIncompleteDNSConfigError(err error) bool

IsIncompleteDNSConfigError returns true if the error indicates that not the DNS config is incomplete.

func IsNowInEffectiveShootMaintenanceTimeWindow added in v1.21.0

func IsNowInEffectiveShootMaintenanceTimeWindow(shoot *gardencorev1beta1.Shoot, clock clock.Clock) bool

IsNowInEffectiveShootMaintenanceTimeWindow checks if the current time is in the effective maintenance time window of the Shoot.

func IsObservedAtLatestGenerationAndSucceeded added in v1.21.0

func IsObservedAtLatestGenerationAndSucceeded(shoot *gardencorev1beta1.Shoot) bool

IsObservedAtLatestGenerationAndSucceeded checks whether the Shoot's generation has changed or if the LastOperation status is Succeeded.

func IsSeedClientCert added in v1.23.0

func IsSeedClientCert(x509cr *x509.CertificateRequest, usages []certificatesv1.KeyUsage) (bool, string)

IsSeedClientCert returns true when the given CSR and usages match the requirements for a client certificate for a seed. If false is returned, a reason will be returned explaining which requirement was not met.

func IsServedByGardenerAPIServer added in v1.86.0

func IsServedByGardenerAPIServer(resource string) bool

IsServedByGardenerAPIServer returns true if the passed resources is served by the Gardener API Server.

func IsServedByKubeAPIServer added in v1.86.0

func IsServedByKubeAPIServer(resource string) bool

IsServedByKubeAPIServer returns true if the passed resources is served by the Kube API Server.

func IsShootFailedAndUpToDate added in v1.62.0

func IsShootFailedAndUpToDate(shoot *gardencorev1beta1.Shoot) bool

IsShootFailedAndUpToDate checks if a Shoot is failed and the observed generation and gardener version are up-to-date.

func IsShootProjectConfigMap added in v1.89.0

func IsShootProjectConfigMap(configMapName string) (string, bool)

IsShootProjectConfigMap checks if the given name matches the name of a shoot-related project config map. If no, it returns an empty string and <false>. Otherwise, it returns the shoot name and <true>.

func IsShootProjectInternalSecret added in v1.74.0

func IsShootProjectInternalSecret(secretName string) (string, bool)

IsShootProjectInternalSecret checks if the given name matches the name of a shoot-related project internal secret. If no, it returns an empty string and <false>. Otherwise, it returns the shoot name and <true>.

func IsShootProjectSecret added in v1.24.0

func IsShootProjectSecret(secretName string) (string, bool)

IsShootProjectSecret checks if the given name matches the name of a shoot-related project secret. If no, it returns an empty string and <false>. Otherwise, it returns the shoot name and <true>.

func LastReconciliationDuringThisTimeWindow added in v1.21.0

func LastReconciliationDuringThisTimeWindow(shoot *gardencorev1beta1.Shoot, clock clock.Clock) bool

LastReconciliationDuringThisTimeWindow returns true if <now> is contained in the given effective maintenance time window of the shoot and if the <lastReconciliation> did not happen longer than the longest possible duration of a maintenance time window.

func MaintainSeedNameLabels added in v1.88.0

func MaintainSeedNameLabels(obj client.Object, names ...*string)

MaintainSeedNameLabels maintains the seed.gardener.cloud/<name>=true labels on the given object.

func MutateObjectsInSecretData added in v1.103.0

func MutateObjectsInSecretData(
	secretData map[string][]byte,
	namespace string,
	apiGroups []string,
	mutateFns ...func(object runtime.Object) error,
) error

MutateObjectsInSecretData iterates over the given rendered secret data and invokes the given mutate functions.

func NamespaceNameForControllerInstallation added in v1.58.0

func NamespaceNameForControllerInstallation(controllerInstallation *gardencorev1beta1.ControllerInstallation) string

NamespaceNameForControllerInstallation returns the name of the namespace that will be used for the extension controller in the seed.

func NetworkPolicyLabel added in v1.65.0

func NetworkPolicyLabel(serviceName string, port int32) string

NetworkPolicyLabel returns the network policy label for a component initiating the connection to a service with the given name and TCP port.

func NodeAgentLeaseName added in v1.88.0

func NodeAgentLeaseName(nodeName string) string

NodeAgentLeaseName returns the name of the Lease object based on the node name.

func NodeLabelsForWorkerPool added in v1.63.0

func NodeLabelsForWorkerPool(workerPool gardencorev1beta1.Worker, nodeLocalDNSEnabled bool, gardenerNodeAgentSecretName string) map[string]string

NodeLabelsForWorkerPool returns a combined map of all user-specified and gardener-managed node labels.

func PrepareGardenClientRestConfig added in v1.75.0

func PrepareGardenClientRestConfig(baseConfig *rest.Config, address *string, caCert []byte) *rest.Config

PrepareGardenClientRestConfig takes a base rest config and adds an optional host and CA certificate.

func ProjectAndNamespaceFromReader added in v1.21.0

func ProjectAndNamespaceFromReader(ctx context.Context, reader client.Reader, namespaceName string) (*gardencorev1beta1.Project, *corev1.Namespace, error)

ProjectAndNamespaceFromReader returns the Project responsible for a given <namespace>. It reads the namespace and fetches the project name label. Then it will read the project with the respective name.

func ProjectForNamespaceFromReader added in v1.21.0

func ProjectForNamespaceFromReader(ctx context.Context, reader client.Reader, namespaceName string) (*gardencorev1beta1.Project, error)

ProjectForNamespaceFromReader returns the Project responsible for a given <namespace>. It reads the namespace and fetches the project name label. Then it will read the project with the respective name.

func ReadGardenSecrets added in v1.66.0

func ReadGardenSecrets(
	ctx context.Context,
	log logr.Logger,
	c client.Reader,
	namespace string,
	enforceInternalDomainSecret bool,
	enforceShootServiceAccountIssuerSecret bool,
) (
	map[string]*corev1.Secret,
	error,
)

ReadGardenSecrets reads the Kubernetes Secrets from the Garden cluster which are independent of Shoot clusters. The Secret objects are stored on the Controller in order to pass them to created Garden objects later.

func ReconcileTopologyAwareRoutingMetadata added in v1.66.0

func ReconcileTopologyAwareRoutingMetadata(service *corev1.Service, topologyAwareRoutingEnabled bool, k8sVersion *semver.Version)

ReconcileTopologyAwareRoutingMetadata adds (or removes) the required annotation and label to make a Service topology-aware.

func ReconcileVPAForGardenerComponent added in v1.102.0

func ReconcileVPAForGardenerComponent(ctx context.Context, c client.Client, name, namespace string) error

ReconcileVPAForGardenerComponent deploys a VPA for a Gardener component.

func ReplicateGlobalMonitoringSecret added in v1.93.0

func ReplicateGlobalMonitoringSecret(ctx context.Context, c client.Client, prefix, namespace string, globalMonitoringSecret *corev1.Secret) (*corev1.Secret, error)

ReplicateGlobalMonitoringSecret replicates the global monitoring secret into the given namespace and prefixes it with the given prefix.

func RequiredExtensionsReady added in v1.72.0

func RequiredExtensionsReady(ctx context.Context, gardenClient client.Client, seedName string, requiredExtensions sets.Set[string]) error

RequiredExtensionsReady checks if all required extensions for a seed exist and are ready.

func RespectShootSyncPeriodOverwrite added in v1.21.0

func RespectShootSyncPeriodOverwrite(respectSyncPeriodOverwrite bool, shoot *gardencorev1beta1.Shoot) bool

RespectShootSyncPeriodOverwrite checks whether to respect the sync period overwrite of a Shoot or not.

func ShootStatusValue added in v1.66.0

func ShootStatusValue(s ShootStatus) int

ShootStatusValue returns the value of the given ShootStatus.

func ShouldIgnoreShoot added in v1.21.0

func ShouldIgnoreShoot(respectSyncPeriodOverwrite bool, shoot *gardencorev1beta1.Shoot) bool

ShouldIgnoreShoot determines whether a Shoot should be ignored or not.

func SyncPeriodOfShoot added in v1.21.0

func SyncPeriodOfShoot(respectSyncPeriodOverwrite bool, defaultMinSyncPeriod time.Duration, shoot *gardencorev1beta1.Shoot) time.Duration

SyncPeriodOfShoot determines the sync period of the given shoot.

If no overwrite is allowed, the defaultMinSyncPeriod is returned. Otherwise, the overwrite is parsed. If an error occurs or it is smaller than the defaultMinSyncPeriod, the defaultMinSyncPeriod is returned. Otherwise, the overwrite is returned.

func WaitUntilMachineResourcesDeleted added in v1.82.0

func WaitUntilMachineResourcesDeleted(ctx context.Context, log logr.Logger, reader client.Reader, namespace string) error

WaitUntilMachineResourcesDeleted waits for a maximum of 30 minutes until all machine resources have been properly deleted by the machine-controller-manager. It polls the status every 5 seconds.

Types

type AccessSecret added in v1.75.0

type AccessSecret struct {
	Secret             *corev1.Secret
	ServiceAccountName string
	Class              string
	// contains filtered or unexported fields
}

AccessSecret contains settings for a shoot/garden access secret consumed by a component communicating with a shoot or the garden API server.

func NewGardenAccessSecret added in v1.75.0

func NewGardenAccessSecret(name, namespace string) *AccessSecret

NewGardenAccessSecret returns a new AccessSecret object and initializes it with an empty corev1.Secret object with the given name and namespace. If not already done, the name will be prefixed with the SecretNamePrefixGardenAccess. The ServiceAccountName field will be defaulted with the name.

func NewShootAccessSecret added in v1.36.0

func NewShootAccessSecret(name, namespace string) *AccessSecret

NewShootAccessSecret returns a new AccessSecret object and initializes it with an empty corev1.Secret object with the given name and namespace. If not already done, the name will be prefixed with the SecretNamePrefixShootAccess. The ServiceAccountName field will be defaulted with the name.

func (*AccessSecret) Reconcile added in v1.75.0

func (s *AccessSecret) Reconcile(ctx context.Context, c client.Client) error

Reconcile creates or patches the given shoot access secret. Based on the struct configuration, it adds the required annotations for the token requestor controller of gardener-resource-manager.

func (*AccessSecret) WithKubeconfig added in v1.75.0

func (s *AccessSecret) WithKubeconfig(kubeconfigRaw *clientcmdv1.Config) *AccessSecret

WithKubeconfig sets the kubeconfig field of the AccessSecret.

func (*AccessSecret) WithNameOverride added in v1.75.0

func (s *AccessSecret) WithNameOverride(name string) *AccessSecret

WithNameOverride sets the ObjectMeta.Name field of the *corev1.Secret inside the AccessSecret.

func (*AccessSecret) WithNamespaceOverride added in v1.75.0

func (s *AccessSecret) WithNamespaceOverride(namespace string) *AccessSecret

WithNamespaceOverride sets the ObjectMeta.Namespace field of the *corev1.Secret inside the AccessSecret.

func (*AccessSecret) WithServiceAccountLabels added in v1.88.0

func (s *AccessSecret) WithServiceAccountLabels(labels map[string]string) *AccessSecret

WithServiceAccountLabels sets the serviceAccountLabels field of the AccessSecret.

func (*AccessSecret) WithServiceAccountName added in v1.75.0

func (s *AccessSecret) WithServiceAccountName(name string) *AccessSecret

WithServiceAccountName sets the ServiceAccountName field of the AccessSecret.

func (*AccessSecret) WithTargetSecret added in v1.75.0

func (s *AccessSecret) WithTargetSecret(name, namespace string) *AccessSecret

WithTargetSecret sets the kubeconfig field of the AccessSecret.

func (*AccessSecret) WithTokenExpirationDuration added in v1.75.0

func (s *AccessSecret) WithTokenExpirationDuration(duration string) *AccessSecret

WithTokenExpirationDuration sets the tokenExpirationDuration field of the AccessSecret.

type Domain added in v1.66.0

type Domain struct {
	Domain     string
	Provider   string
	Zone       string
	SecretData map[string][]byte
}

Domain contains information about a domain configured in the garden cluster.

func ConstructExternalDomain added in v1.66.0

func ConstructExternalDomain(ctx context.Context, c client.Reader, shoot *gardencorev1beta1.Shoot, shootCredentials client.Object, defaultDomains []*Domain) (*Domain, error)

ConstructExternalDomain constructs an object containing all relevant information of the external domain that shall be used for a shoot cluster - based on the configuration of the Garden cluster and the shoot itself. Shoot credentials should be of type *corev1.Secret or *securityv1alpha1.WorkloadIdentity.

func DomainIsDefaultDomain added in v1.66.0

func DomainIsDefaultDomain(domain string, defaultDomains []*Domain) *Domain

DomainIsDefaultDomain identifies whether the given domain is a default domain.

func GetDefaultDomains added in v1.66.0

func GetDefaultDomains(secrets map[string]*corev1.Secret) ([]*Domain, error)

GetDefaultDomains finds all the default domain secrets within the given map and returns a list of objects that contains all relevant information about the default domains.

func GetInternalDomain added in v1.66.0

func GetInternalDomain(secrets map[string]*corev1.Secret) (*Domain, error)

GetInternalDomain finds the internal domain secret within the given map and returns the object that contains all relevant information about the internal domain.

type IncompleteDNSConfigError added in v1.66.0

type IncompleteDNSConfigError struct{}

IncompleteDNSConfigError is a custom error type.

func (*IncompleteDNSConfigError) Error added in v1.66.0

func (e *IncompleteDNSConfigError) Error() string

Error prints the error message of the IncompleteDNSConfigError error.

type ShootStatus added in v1.66.0

type ShootStatus string

ShootStatus is the status of a shoot used in the common.ShootStatus label.

const (
	// ShootStatusHealthy indicates that a shoot is considered healthy.
	ShootStatusHealthy ShootStatus = "healthy"
	// ShootStatusProgressing indicates that a shoot was once healthy, currently experienced an issue
	// but is still within a predefined grace period.
	ShootStatusProgressing ShootStatus = "progressing"
	// ShootStatusUnhealthy indicates that a shoot is considered unhealthy.
	ShootStatusUnhealthy ShootStatus = "unhealthy"
	// ShootStatusUnknown indicates that the shoot health status is not known.
	ShootStatusUnknown ShootStatus = "unknown"
)

func BoolToShootStatus added in v1.66.0

func BoolToShootStatus(cond bool) ShootStatus

BoolToShootStatus converts the given boolean to a ShootStatus. For true values, it returns ShootStatusHealthy. Otherwise, it returns ShootStatusUnhealthy.

func ComputeConditionStatus added in v1.66.0

func ComputeConditionStatus(conditions ...gardencorev1beta1.Condition) ShootStatus

ComputeConditionStatus computes the ShootStatus from the given Conditions. By default, the ShootStatus is ShootStatusHealthy. The condition status is converted to a ShootStatus by using ConditionStatusToShootStatus. Always the worst status of the combined states wins.

func ComputeShootStatus added in v1.66.0

func ComputeShootStatus(lastOperation *gardencorev1beta1.LastOperation, lastErrors []gardencorev1beta1.LastError, conditions ...gardencorev1beta1.Condition) ShootStatus

ComputeShootStatus computes the ShootStatus of a shoot depending on the given lastOperation, lastError and conditions.

func ConditionStatusToShootStatus added in v1.66.0

func ConditionStatusToShootStatus(status gardencorev1beta1.ConditionStatus) ShootStatus

ConditionStatusToShootStatus converts the given ConditionStatus to a shoot label ShootStatus.

func (ShootStatus) OrWorse added in v1.66.0

func (s ShootStatus) OrWorse(other ShootStatus) ShootStatus

OrWorse returns the worse ShootStatus of the given two states.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL