Documentation ¶
Overview ¶
Package v1alpha1 contains the configuration of the Gardener Resource Manager. +groupName=resources.gardener.cloud
Index ¶
Constants ¶
const ( // Ignore is an annotation that dictates whether a resources should be ignored during // reconciliation. Ignore = "resources.gardener.cloud/ignore" // SkipHealthCheck is an annotation that dictates whether a resource should be ignored during health check. SkipHealthCheck = "resources.gardener.cloud/skip-health-check" // DeleteOnInvalidUpdate is a constant for an annotation on a resource managed by a ManagedResource. If set to // true then the controller will delete the object in case it faces an "Invalid" response during an update operation. DeleteOnInvalidUpdate = "resources.gardener.cloud/delete-on-invalid-update" // KeepObject is a constant for an annotation on a resource managed by a ManagedResource. If set to // true then the controller will not delete the object in case it is removed from the ManagedResource or the // ManagedResource itself is deleted. KeepObject = "resources.gardener.cloud/keep-object" // Mode is a constant for an annotation on a resource managed by a ManagedResource. It indicates the // mode that should be used to reconcile the resource. Mode = "resources.gardener.cloud/mode" // ModeIgnore is a constant for the value of the mode annotation describing an ignore mode. // Reconciliation in ignore mode removes the resource from the ManagedResource status and does not // perform any action on the cluster. ModeIgnore = "Ignore" // PreserveReplicas is a constant for an annotation on a resource managed by a ManagedResource. If set to // true then the controller will keep the `spec.replicas` field's value during updates to the resource. PreserveReplicas = "resources.gardener.cloud/preserve-replicas" // PreserveResources is a constant for an annotation on a resource managed by a ManagedResource. If set to // true then the controller will keep the resource requests and limits in Pod templates (e.g. in a // DeploymentSpec) during updates to the resource. This applies for all containers. PreserveResources = "resources.gardener.cloud/preserve-resources" // OriginAnnotation is a constant for an annotation on a resource managed by a ManagedResource. // It is set by the ManagedResource controller to the key of the owning ManagedResource, optionally prefixed with the // clusterID. OriginAnnotation = "resources.gardener.cloud/origin" // FinalizeDeletionAfter is an annotation on an object part of a ManagedResource that whose value states the // duration after which a deletion should be finalized (i.e., removal of `.metadata.finalizers[]`). FinalizeDeletionAfter = "resources.gardener.cloud/finalize-deletion-after" // BrotliCompressionSuffix is the common suffix used for Brotli compression. BrotliCompressionSuffix = ".br" // CompressedDataKey is the name of a data key containing Brotli compressed YAML manifests. CompressedDataKey = "data.yaml" + BrotliCompressionSuffix // ManagedBy is a constant for a label on an object managed by a ManagedResource. // It is set by the ManagedResource controller depending on its configuration. By default it is set to "gardener". ManagedBy = "resources.gardener.cloud/managed-by" // GardenerManager is a constant for the default value of the 'ManagedBy' label. GardenerManager = "gardener" // StaticTokenSkip is a constant for a label on a ServiceAccount which indicates that this ServiceAccount should not // be considered by this controller. StaticTokenSkip = "token-invalidator.resources.gardener.cloud/skip" // StaticTokenConsider is a constant for a label on a Secret which indicates that this Secret should be considered // for the invalidation of the static ServiceAccount token. StaticTokenConsider = "token-invalidator.resources.gardener.cloud/consider" // TokenRequestorTargetSecretName is a constant for an annotation on a Secret which indicates that the token requestor // shall sync the token to a secret in the target cluster with the given name. TokenRequestorTargetSecretName = "token-requestor.resources.gardener.cloud/target-secret-name" // TokenRequestorTargetSecretNamespace is a constant for an annotation on a Secret which indicates that the token // requestor shall sync the token to a secret in the target cluster with the given namespace. TokenRequestorTargetSecretNamespace = "token-requestor.resources.gardener.cloud/target-secret-namespace" // ResourceManagerPurpose is a constant for the key in a label describing the purpose of the respective object // reconciled by the resource manager. ResourceManagerPurpose = "resources.gardener.cloud/purpose" // LabelPurposeTokenRequest is a constant for a label value indicating that this secret should be reconciled by the // token-requestor. LabelPurposeTokenRequest = "token-requestor" // LabelPurposeTokenInvalidation is a constant for a label value indicating that this secret should be considered by // the token-invalidator. LabelPurposeTokenInvalidation = "token-invalidator" // ResourceManagerClass is a constant for the key in a label describing the class of the respective object. This can // be used to differentiate between multiple instances of the same controller (e.g., token-requestor). ResourceManagerClass = "resources.gardener.cloud/class" // ResourceManagerClassGarden is a constant for the 'garden' class. ResourceManagerClassGarden = "garden" // ResourceManagerClassShoot is a constant for the 'shoot' class. ResourceManagerClassShoot = "shoot" // ServiceAccountName is the key of an annotation of a secret whose value contains the service account name. ServiceAccountName = "serviceaccount.resources.gardener.cloud/name" // ServiceAccountNamespace is the key of an annotation of a secret whose value contains the service account // namespace. ServiceAccountNamespace = "serviceaccount.resources.gardener.cloud/namespace" // ServiceAccountLabels is the key of an annotation of a secret whose value contains the service account // labels. ServiceAccountLabels = "serviceaccount.resources.gardener.cloud/labels" // ServiceAccountTokenExpirationDuration is the key of an annotation of a secret whose value contains the expiration // duration of the token created. ServiceAccountTokenExpirationDuration = "serviceaccount.resources.gardener.cloud/token-expiration-duration" // ServiceAccountTokenRenewTimestamp is the key of an annotation of a secret whose value contains the timestamp when // the token needs to be renewed. ServiceAccountTokenRenewTimestamp = "serviceaccount.resources.gardener.cloud/token-renew-timestamp" // DataKeyToken is the data key whose value contains a service account token. DataKeyToken = "token" // DataKeyKubeconfig is the data key whose value contains a kubeconfig with a service account token. DataKeyKubeconfig = "kubeconfig" // ProjectedTokenSkip is a constant for a label on a Pod which indicates that this Pod should not be considered for // an automatic mount of a projected ServiceAccount token. ProjectedTokenSkip = "projected-token-mount.resources.gardener.cloud/skip" // ProjectedTokenExpirationSeconds is a constant for an annotation on a Pod which overwrites the default token expiration // seconds for the automatic mount of a projected ServiceAccount token. ProjectedTokenExpirationSeconds = "projected-token-mount.resources.gardener.cloud/expiration-seconds" // HighAvailabilityConfigConsider is a constant for a label on a Namespace which indicates that the workload // resources in this namespace should be considered by the HA config webhook. HighAvailabilityConfigConsider = "high-availability-config.resources.gardener.cloud/consider" // HighAvailabilityConfigSkip is a constant for a label on a resource which indicates that this resource should not // be considered by the HA config webhook. HighAvailabilityConfigSkip = "high-availability-config.resources.gardener.cloud/skip" // HighAvailabilityConfigFailureToleranceType is a constant for a label on a Namespace which describes the HA // failure tolerance type. HighAvailabilityConfigFailureToleranceType = "high-availability-config.resources.gardener.cloud/failure-tolerance-type" // HighAvailabilityConfigZones is a constant for an annotation on a Namespace which describes the availability // zones are used. HighAvailabilityConfigZones = "high-availability-config.resources.gardener.cloud/zones" // HighAvailabilityConfigZonePinning is a constant for an annotation on a Namespace which enables pinning of // workload to the specified zones. HighAvailabilityConfigZonePinning = "high-availability-config.resources.gardener.cloud/zone-pinning" // HighAvailabilityConfigType is a constant for a label on a resource which describes which component type it is. HighAvailabilityConfigType = "high-availability-config.resources.gardener.cloud/type" // HighAvailabilityConfigHostSpread is a constant for an annotation on a resource which enforces a topology spread // constraint across hosts. HighAvailabilityConfigHostSpread = "high-availability-config.resources.gardener.cloud/host-spread" // HighAvailabilityConfigTypeController is a constant for a label value on a resource describing it's a controller. HighAvailabilityConfigTypeController = "controller" // HighAvailabilityConfigTypeServer is a constant for a label value on a resource describing it's a (webhook) // server. HighAvailabilityConfigTypeServer = "server" // HighAvailabilityConfigReplicas is a constant for an annotation on a resource which overwrites the desired replica // count. HighAvailabilityConfigReplicas = "high-availability-config.resources.gardener.cloud/replicas" // SeccompProfileSkip is a constant for a label on a Pod which indicates that this Pod should not be considered for // defaulting of its seccomp profile. SeccompProfileSkip = "seccompprofile.resources.gardener.cloud/skip" // KubernetesServiceHostInject is a constant for a label on a Pod or a Namespace which indicates that all pods in // this namespace (or the specific pod) should not be considered for injection of the KUBERNETES_SERVICE_HOST // environment variable. KubernetesServiceHostInject = "apiserver-proxy.networking.gardener.cloud/inject" // SystemComponentsConfigSkip is a constant for a label on a Pod which indicates that this Pod should not be considered for // adding default node selector and tolerations. SystemComponentsConfigSkip = "system-components-config.resources.gardener.cloud/skip" // PodTopologySpreadConstraintsSkip is a constant for a label on a Pod which indicates that this Pod should not be considered for // adding the pod-template-hash selector to the topology spread constraint. PodTopologySpreadConstraintsSkip = "topology-spread-constraints.resources.gardener.cloud/skip" // EndpointSliceHintsConsider is a constant for a label on an Service which indicates that the EndpointSlices of the // Service should be considered by the EndpointSlice hints webhook. This label is added to the Service object, Kubernetes // maintains the Service label as EndpointSlice label. Finally, the EndpointSlice hints webhook mutates EndpointSlice resources // containing this label. EndpointSliceHintsConsider = "endpoint-slice-hints.resources.gardener.cloud/consider" // NetworkingNamespaceSelectors is a constant for an annotation on a Service which contains a list of namespace // selectors. By default, NetworkPolicy resources are only created in the Service's namespace. If any selector is // present, NetworkPolicy resources are also created in all namespaces matching any of the provided selectors. NetworkingNamespaceSelectors = "networking.resources.gardener.cloud/namespace-selectors" // NetworkingPodLabelSelectorNamespaceAlias is a constant for an annotation on a Service which describes the label // that can be used to define an alias for the namespace name in the default pod label selector. This is helpful for // scenarios where the target service can exist n-times in multiple namespaces and a component needs to talk to all // of them but doesn't know the namespace names upfront. NetworkingPodLabelSelectorNamespaceAlias = "networking.resources.gardener.cloud/pod-label-selector-namespace-alias" // NetworkingFromWorldToPorts is a constant for an annotation on a Service which contains a list of ports to which // ingress traffic from everywhere shall be allowed. NetworkingFromWorldToPorts = "networking.resources.gardener.cloud/from-world-to-ports" // NetworkPolicyFromPolicyAnnotationPrefix is a constant for an annotation key prefix on a Service which contains // the label selector alias which is used by pods initiating the communication to this Service. The annotation key // must be suffixed with NetworkPolicyFromPolicyAnnotationSuffix, and the annotations value must be a list of // container ports (not service ports). NetworkPolicyFromPolicyAnnotationPrefix = "networking.resources.gardener.cloud/from-" // NetworkPolicyFromPolicyAnnotationSuffix is a constant for an annotation key suffix on a Service which contains // the label selector alias which is used by pods initiating the communication to this Service. The annotation key // must be prefixed with NetworkPolicyFromPolicyAnnotationPrefix, and the annotations value must be a list of // container ports (not service ports). NetworkPolicyFromPolicyAnnotationSuffix = "-allowed-ports" // NetworkingServiceName is a constant for a label on a NetworkPolicy which contains the name of the Service is has // been created for. NetworkingServiceName = "networking.resources.gardener.cloud/service-name" // NetworkingServiceNamespace is a constant for a label on a NetworkPolicy which contains the namespace of the // Service is has been created for. NetworkingServiceNamespace = "networking.resources.gardener.cloud/service-namespace" )
const ( // ResourcesApplied is a condition type that indicates whether all resources are applied to the target cluster. ResourcesApplied gardencorev1beta1.ConditionType = "ResourcesApplied" // ResourcesHealthy is a condition type that indicates whether all resources are present and healthy. ResourcesHealthy gardencorev1beta1.ConditionType = "ResourcesHealthy" // ResourcesProgressing is a condition type that indicates whether some resources are still progressing to be rolled out. ResourcesProgressing gardencorev1beta1.ConditionType = "ResourcesProgressing" )
const ( // ConditionApplySucceeded indicates that the `ResourcesApplied` condition is `True`, // because all resources have been applied successfully. ConditionApplySucceeded = "ApplySucceeded" // ConditionApplyFailed indicates that the `ResourcesApplied` condition is `False`, // because applying the resources failed. ConditionApplyFailed = "ApplyFailed" // ConditionDecodingFailed indicates that the `ResourcesApplied` condition is `False`, // because decoding the resources of the ManagedResource failed. ConditionDecodingFailed = "DecodingFailed" // ConditionApplyProgressing indicates that the `ResourcesApplied` condition is `Progressing`, // because the resources are currently being reconciled. ConditionApplyProgressing = "ApplyProgressing" // ConditionDeletionFailed indicates that the `ResourcesApplied` condition is `False`, // because deleting the resources failed. ConditionDeletionFailed = "DeletionFailed" // ConditionDeletionPending indicates that the `ResourcesApplied` condition is `Progressing`, // because the deletion of some resources is still pending. ConditionDeletionPending = "DeletionPending" // ReleaseOfOrphanedResourcesFailed indicates that the `ResourcesApplied` condition is `False`, // because the release of orphaned resources failed. ReleaseOfOrphanedResourcesFailed = "ReleaseOfOrphanedResourcesFailed" // ConditionManagedResourceIgnored indicates that the ManagedResource's conditions are not checked, // because the ManagedResource is marked to be ignored. ConditionManagedResourceIgnored = "ManagedResourceIgnored" // ConditionChecksPending indicates that the `ResourcesProgressing` condition is `Unknown`, // because the condition checks have not been completely executed yet for the current set of resources. ConditionChecksPending = "ChecksPending" )
These are well-known reasons for Conditions.
Variables ¶
var ( // SchemeBuilder is a new Scheme Builder which registers our API. SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) // AddToScheme is a reference to the Scheme Builder's AddToScheme function. AddToScheme = SchemeBuilder.AddToScheme )
var SchemeGroupVersion = schema.GroupVersion{Group: resources.GroupName, Version: "v1alpha1"}
SchemeGroupVersion is group version used to register these objects
Functions ¶
func Resource ¶
func Resource(resource string) schema.GroupResource
Resource takes an unqualified resource and returns a Group qualified GroupResource
Types ¶
type ManagedResource ¶
type ManagedResource struct { metav1.TypeMeta `json:",inline"` // Standard object metadata. metav1.ObjectMeta `json:"metadata,omitempty"` // Spec contains the specification of this managed resource. Spec ManagedResourceSpec `json:"spec,omitempty"` // Status contains the status of this managed resource. Status ManagedResourceStatus `json:"status,omitempty"` }
ManagedResource describes a list of managed resources.
func (*ManagedResource) DeepCopy ¶
func (in *ManagedResource) DeepCopy() *ManagedResource
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedResource.
func (*ManagedResource) DeepCopyInto ¶
func (in *ManagedResource) DeepCopyInto(out *ManagedResource)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ManagedResource) DeepCopyObject ¶
func (in *ManagedResource) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ManagedResourceList ¶
type ManagedResourceList struct { metav1.TypeMeta `json:",inline"` // +optional metav1.ListMeta `json:"metadata,omitempty"` // Items is the list of ManagedResource. Items []ManagedResource `json:"items"` }
ManagedResourceList is a list of ManagedResource resources.
func (*ManagedResourceList) DeepCopy ¶
func (in *ManagedResourceList) DeepCopy() *ManagedResourceList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedResourceList.
func (*ManagedResourceList) DeepCopyInto ¶
func (in *ManagedResourceList) DeepCopyInto(out *ManagedResourceList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*ManagedResourceList) DeepCopyObject ¶
func (in *ManagedResourceList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type ManagedResourceSpec ¶
type ManagedResourceSpec struct { // Class holds the resource class used to control the responsibility for multiple resource manager instances // +optional Class *string `json:"class,omitempty"` // SecretRefs is a list of secret references. SecretRefs []corev1.LocalObjectReference `json:"secretRefs"` // InjectLabels injects the provided labels into every resource that is part of the referenced secrets. // +optional InjectLabels map[string]string `json:"injectLabels,omitempty"` // ForceOverwriteLabels specifies that all existing labels should be overwritten. Defaults to false. // +optional ForceOverwriteLabels *bool `json:"forceOverwriteLabels,omitempty"` // ForceOverwriteAnnotations specifies that all existing annotations should be overwritten. Defaults to false. // +optional ForceOverwriteAnnotations *bool `json:"forceOverwriteAnnotations,omitempty"` // KeepObjects specifies whether the objects should be kept although the managed resource has already been deleted. // Defaults to false. // +optional KeepObjects *bool `json:"keepObjects,omitempty"` // Equivalences specifies possible group/kind equivalences for objects. // +optional Equivalences [][]metav1.GroupKind `json:"equivalences,omitempty"` // DeletePersistentVolumeClaims specifies if PersistentVolumeClaims created by StatefulSets, which are managed by this // resource, should also be deleted when the corresponding StatefulSet is deleted (defaults to false). // +optional DeletePersistentVolumeClaims *bool `json:"deletePersistentVolumeClaims,omitempty"` }
ManagedResourceSpec contains the specification of this managed resource.
func (*ManagedResourceSpec) DeepCopy ¶
func (in *ManagedResourceSpec) DeepCopy() *ManagedResourceSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedResourceSpec.
func (*ManagedResourceSpec) DeepCopyInto ¶
func (in *ManagedResourceSpec) DeepCopyInto(out *ManagedResourceSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ManagedResourceStatus ¶
type ManagedResourceStatus struct { Conditions []gardencorev1beta1.Condition `json:"conditions,omitempty"` // ObservedGeneration is the most recent generation observed for this resource. ObservedGeneration int64 `json:"observedGeneration,omitempty"` // Resources is a list of objects that have been created. // +optional Resources []ObjectReference `json:"resources,omitempty"` // SecretsDataChecksum is the checksum of referenced secrets data. // +optional SecretsDataChecksum *string `json:"secretsDataChecksum,omitempty"` }
ManagedResourceStatus is the status of a managed resource.
func (*ManagedResourceStatus) DeepCopy ¶
func (in *ManagedResourceStatus) DeepCopy() *ManagedResourceStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ManagedResourceStatus.
func (*ManagedResourceStatus) DeepCopyInto ¶
func (in *ManagedResourceStatus) DeepCopyInto(out *ManagedResourceStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type ObjectReference ¶
type ObjectReference struct { corev1.ObjectReference `json:",inline"` // Labels is a map of labels that were used during last update of the resource. Labels map[string]string `json:"labels,omitempty"` // Annotations is a map of annotations that were used during last update of the resource. Annotations map[string]string `json:"annotations,omitempty"` }
ObjectReference is a reference to another object.
func (*ObjectReference) DeepCopy ¶
func (in *ObjectReference) DeepCopy() *ObjectReference
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ObjectReference.
func (*ObjectReference) DeepCopyInto ¶
func (in *ObjectReference) DeepCopyInto(out *ObjectReference)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.