Documentation ¶
Index ¶
- Constants
- Variables
- func AllPrivateNetworkBlocks() []net.IPNet
- func AnnotateExtensionObjectWithOperation(ctx context.Context, c client.Client, extensionObj extensionsv1alpha1.Object, ...) error
- func CarrierGradeNATBlock() *net.IPNet
- func CheckIfDeletionIsConfirmed(obj client.Object) error
- func ComputeOffsetIP(subnet *net.IPNet, offset int64) (net.IP, error)
- func ConfirmDeletion(ctx context.Context, c client.Client, obj client.Object) error
- func CurrentReplicaCount(ctx context.Context, client client.Client, namespace, deploymentName string) (int32, error)
- func DeleteAlertmanager(ctx context.Context, k8sClient client.Client, namespace string) error
- func DeleteDeploymentsHavingDeprecatedRoleLabelKey(ctx context.Context, c client.Client, keys []client.ObjectKey) error
- func DeleteExtensionCR(ctx context.Context, c client.Client, ...) error
- func DeleteExtensionCRs(ctx context.Context, c client.Client, listObj client.ObjectList, ...) error
- func DeleteGrafanaByRole(ctx context.Context, k8sClient kubernetes.Interface, namespace, role string) error
- func DeleteHvpa(ctx context.Context, k8sClient kubernetes.Interface, namespace string) error
- func DeleteLoki(ctx context.Context, k8sClient client.Client, namespace string) error
- func DeleteManagedResourceForSeed(ctx context.Context, c client.Client, name, namespace string) error
- func DeleteManagedResourceForShoot(ctx context.Context, c client.Client, name, namespace string) error
- func DeleteReserveExcessCapacity(ctx context.Context, k8sClient client.Client) error
- func DeleteSeedLoggingStack(ctx context.Context, k8sClient client.Client) error
- func DeleteShootLoggingStack(ctx context.Context, k8sClient client.Client, namespace string) error
- func DeleteVpa(ctx context.Context, c client.Client, namespace string, isShoot bool) error
- func DeployManagedResourceForSeed(ctx context.Context, c client.Client, name, namespace string, keepObjects bool, ...) error
- func DeployManagedResourceForShoot(ctx context.Context, c client.Client, name, namespace string, keepObjects bool, ...) error
- func EffectiveMaintenanceTimeWindow(timeWindow *utils.MaintenanceTimeWindow) *utils.MaintenanceTimeWindow
- func EffectiveShootMaintenanceTimeWindow(shoot *gardencorev1beta1.Shoot) *utils.MaintenanceTimeWindow
- func ExceptNetworks(networks []string, except ...string) ([]interface{}, error)
- func ExtensionID(extensionKind, extensionType string) string
- func ExtractShootDetailsFromBackupEntryName(backupEntryName string) (shootTechnicalID, shootUID string)
- func GardenEtcdEncryptionSecretName(shootName string) string
- func GenerateAddonConfig(values map[string]interface{}, enabled bool) map[string]interface{}
- func GenerateBackupEntryName(seedNamespace string, shootUID types.UID) string
- func GetAPIServerDomain(domain string) string
- func GetContainerResourcesInStatefulSet(ctx context.Context, k8sClient client.Client, key client.ObjectKey) (map[string]*corev1.ResourceRequirements, error)
- func GetDomainInfoFromAnnotations(annotations map[string]string) (provider string, domain string, includeZones, excludeZones []string, err error)
- func GetSecretFromSecretRef(ctx context.Context, c client.Client, secretRef *corev1.SecretReference) (*corev1.Secret, error)
- func GetSecretKeysWithPrefix(kind string, m map[string]*corev1.Secret) []string
- func GetServiceAccountSigningKeySecret(ctx context.Context, c client.Client, shootNamespace, secretName string) (string, error)
- func IsNowInEffectiveShootMaintenanceTimeWindow(shoot *gardencorev1beta1.Shoot) bool
- func IsObservedAtLatestGenerationAndSucceeded(shoot *gardencorev1beta1.Shoot) bool
- func IsShootFailed(shoot *gardencorev1beta1.Shoot) bool
- func LastReconciliationDuringThisTimeWindow(shoot *gardencorev1beta1.Shoot) bool
- func ManagedResourceSecretName(managedResourceName string) string
- func MigrateExtensionCR(ctx context.Context, c client.Client, ...) error
- func MigrateExtensionCRs(ctx context.Context, c client.Client, listObj client.ObjectList, ...) error
- func NewManagedResourceForSeed(c client.Client, name, namespace string, keepObjects bool) *manager.ManagedResource
- func NewManagedResourceForShoot(c client.Client, name, namespace string, keepObjects bool) *manager.ManagedResource
- func NewManagedResourceSecret(c client.Client, name, namespace string) (string, *manager.Secret)
- func Private12BitBlock() *net.IPNet
- func Private16BitBlock() *net.IPNet
- func Private8BitBlock() *net.IPNet
- func ProjectForNamespace(projectLister gardencorelisters.ProjectLister, namespaceName string) (*gardencorev1beta1.Project, error)
- func ProjectForNamespaceWithClient(ctx context.Context, c client.Reader, namespaceName string) (*gardencorev1beta1.Project, error)
- func ReadServiceAccountSigningKeySecret(secret *corev1.Secret) (string, error)
- func ReplaceCloudProviderConfigKey(cloudProviderConfig, separator, key, value string) string
- func RespectShootSyncPeriodOverwrite(respectSyncPeriodOverwrite bool, shoot *gardencorev1beta1.Shoot) bool
- func RestoreExtensionObjectState(ctx context.Context, c client.Client, ...) error
- func RestoreExtensionWithDeployFunction(ctx context.Context, c client.Client, ...) error
- func ShouldIgnoreShoot(respectSyncPeriodOverwrite bool, shoot *gardencorev1beta1.Shoot) bool
- func ShouldObjectBeRemoved(obj metav1.Object, gracePeriod time.Duration) bool
- func SyncClusterResourceToSeed(ctx context.Context, client client.Client, clusterName string, ...) error
- func SyncPeriodOfShoot(respectSyncPeriodOverwrite bool, defaultMinSyncPeriod time.Duration, ...) time.Duration
- func ToExceptNetworks(networks []net.IPNet, except ...string) ([]interface{}, error)
- func WaitUntilExtensionCRDeleted(ctx context.Context, c client.Client, logger logrus.FieldLogger, ...) error
- func WaitUntilExtensionCRMigrated(ctx context.Context, c client.Client, ...) error
- func WaitUntilExtensionCRReady(ctx context.Context, c client.Client, logger logrus.FieldLogger, ...) error
- func WaitUntilExtensionCRsDeleted(ctx context.Context, c client.Client, logger logrus.FieldLogger, ...) error
- func WaitUntilExtensionCRsMigrated(ctx context.Context, c client.Client, listObj client.ObjectList, ...) error
- func WaitUntilObjectReadyWithHealthFunction(ctx context.Context, c client.Client, logger logrus.FieldLogger, ...) error
Constants ¶
const ( // ManagedResourceLabelKeyOrigin is a key for a label on a managed resource with the value 'origin'. ManagedResourceLabelKeyOrigin = "origin" // ManagedResourceLabelValueGardener is a value for a label on a managed resource with the value 'gardener'. ManagedResourceLabelValueGardener = "gardener" // ManagedResourceSecretPrefix is the prefix that is used for secrets referenced by managed resources. ManagedResourceSecretPrefix = "managedresource-" )
const ( // VPNTunnel dictates that VPN is used as a tunnel between seed and shoot networks. VPNTunnel string = "vpn-shoot" // BasicAuthSecretName is the name of the secret containing basic authentication credentials for the kube-apiserver. BasicAuthSecretName = "kube-apiserver-basic-auth" // ConfirmationDeletion is an annotation on a Shoot and Project resources whose value must be set to "true" in order to // allow deleting the resource (if the annotation is not set any DELETE request will be denied). ConfirmationDeletion = "confirmation.gardener.cloud/deletion" // DNSProvider is the key for an annotation on a Kubernetes Secret object whose value must point to a valid // DNS provider. DNSProvider = "dns.gardener.cloud/provider" // DNSDomain is the key for an annotation on a Kubernetes Secret object whose value must point to a valid // domain name. DNSDomain = "dns.gardener.cloud/domain" // DNSIncludeZones is the key for an annotation on a Kubernetes Secret object whose value must point to a list // of zones that shall be included. DNSIncludeZones = "dns.gardener.cloud/include-zones" // DNSExcludeZones is the key for an annotation on a Kubernetes Secret object whose value must point to a list // of zones that shall be excluded. DNSExcludeZones = "dns.gardener.cloud/exclude-zones" // EtcdEncryptionSecretName is the name of the shoot-specific secret which contains // that shoot's EncryptionConfiguration. The EncryptionConfiguration contains a key // which the shoot's apiserver uses for encrypting selected etcd content. // Should match charts/seed-controlplane/charts/kube-apiserver/templates/deployment.yaml EtcdEncryptionSecretName = "etcd-encryption-secret" // EtcdEncryptionSecretFileName is the name of the file within the EncryptionConfiguration // which is made available as volume mount to the shoot's apiserver. // Should match charts/seed-controlplane/charts/kube-apiserver/templates/deployment.yaml EtcdEncryptionSecretFileName = "encryption-configuration.yaml" // EtcdEncryptionChecksumLabelName is the name of the label which is added to the shoot // secrets after rewriting them to ensure that successfully rewritten secrets are not // (unnecessarily) rewritten during each reconciliation. EtcdEncryptionChecksumLabelName = "shoot.gardener.cloud/etcd-encryption-configuration-checksum" // EtcdEncryptionForcePlaintextAnnotationName is the name of the annotation with which to annotate // the EncryptionConfiguration secret to force the decryption of shoot secrets EtcdEncryptionForcePlaintextAnnotationName = "shoot.gardener.cloud/etcd-encryption-force-plaintext-secrets" // EtcdEncryptionEncryptedResourceSecrets is the name of the secret resource to be encrypted EtcdEncryptionEncryptedResourceSecrets = "secrets" // EtcdEncryptionKeyPrefix is the prefix for the key name of the EncryptionConfiguration's key EtcdEncryptionKeyPrefix = "key" // EtcdEncryptionKeySecretLen is the expected length in bytes of the EncryptionConfiguration's key EtcdEncryptionKeySecretLen = 32 // GardenerDeletionProtected is a label on CustomResourceDefinitions indicating that the deletion is protected, i.e. // it must be confirmed with the `confirmation.gardener.cloud/deletion=true` annotation before a `DELETE` call // is accepted. GardenerDeletionProtected = "gardener.cloud/deletion-protected" // ETCDEncryptionConfigDataName is the name of ShootState data entry holding the current key and encryption state used to encrypt shoot resources ETCDEncryptionConfigDataName = "etcdEncryptionConfiguration" // GardenRoleDefaultDomain is the value of the GardenRole key indicating type 'default-domain'. GardenRoleDefaultDomain = "default-domain" // GardenRoleInternalDomain is the value of the GardenRole key indicating type 'internal-domain'. GardenRoleInternalDomain = "internal-domain" // GardenRoleOpenVPNDiffieHellman is the value of the GardenRole key indicating type 'openvpn-diffie-hellman'. GardenRoleOpenVPNDiffieHellman = "openvpn-diffie-hellman" // GardenRoleGlobalMonitoring is the value of the GardenRole key indicating type 'global-monitoring' GardenRoleGlobalMonitoring = "global-monitoring" // GardenRoleAlerting is the value of GardenRole key indicating type 'alerting'. GardenRoleAlerting = "alerting" // GardenRoleHvpa is the value of GardenRole key indicating type 'hvpa'. GardenRoleHvpa = "hvpa" // GardenCreatedBy is the key for an annotation of a Shoot cluster whose value indicates contains the username // of the user that created the resource. GardenCreatedBy = "gardener.cloud/created-by" // GrafanaOperatorsPrefix is a constant for a prefix used for the operators Grafana instance. GrafanaOperatorsPrefix = "go" // GrafanaUsersPrefix is a constant for a prefix used for the users Grafana instance. GrafanaUsersPrefix = "gu" // GrafanaOperatorsRole is a constant for the operators role. GrafanaOperatorsRole = "operators" // GrafanaUsersRole is a constant for the users role. GrafanaUsersRole = "users" // PrometheusPrefix is a constant for a prefix used for the Prometheus instance. PrometheusPrefix = "p" // AlertManagerPrefix is a constant for a prefix used for the AlertManager instance. AlertManagerPrefix = "au" // IngressPrefix is the part of a FQDN which will be used to construct the domain name for an ingress controller of // a Shoot cluster. For example, when a Shoot specifies domain 'cluster.example.com', the ingress domain would be // '*.<IngressPrefix>.cluster.example.com'. IngressPrefix = "ingress" // APIServerPrefix is the part of a FQDN which will be used to construct the domain name for the kube-apiserver of // a Shoot cluster. For example, when a Shoot specifies domain 'cluster.example.com', the apiserver domain would be // 'api.cluster.example.com'. APIServerPrefix = "api" // InternalDomainKey is a key which must be present in an internal domain constructed for a Shoot cluster. If the // configured internal domain already contains it, it won't be added twice. If it does not contain it, it will be // appended. InternalDomainKey = "internal" // CoreDNSDeploymentName is the name of the coredns deployment. CoreDNSDeploymentName = "coredns" // KubecfgUsername is the username for the token used for the kubeconfig the shoot. KubecfgUsername = "system:cluster-admin" // KubecfgSecretName is the name of the kubecfg secret. KubecfgSecretName = "kubecfg" // DependencyWatchdogExternalProbeSecretName is the name of the kubecfg secret with internal DNS for external access. DependencyWatchdogExternalProbeSecretName = "dependency-watchdog-external-probe" // DependencyWatchdogInternalProbeSecretName is the name of the kubecfg secret with cluster IP access. DependencyWatchdogInternalProbeSecretName = "dependency-watchdog-internal-probe" // DependencyWatchdogUserName is the user name of the dependency-watchdog. DependencyWatchdogUserName = "gardener.cloud:system:dependency-watchdog" // KubeAPIServerHealthCheck is a key for the kube-apiserver-health-check user. KubeAPIServerHealthCheck = "kube-apiserver-health-check" // StaticTokenSecretName is the name of the secret containing static tokens for the kube-apiserver. StaticTokenSecretName = "static-token" // VPASecretName is the name of the secret used by VPA VPASecretName = "vpa-tls-certs" // ProjectName is the key of a label on namespaces whose value holds the project name. ProjectName = "project.gardener.cloud/name" // ProjectSkipStaleCheck is the key of an annotation on a project namespace that marks the associated Project to be // skipped by the stale project controller. If the project has already configured stale timestamps in its status // then they will be reset. ProjectSkipStaleCheck = "project.gardener.cloud/skip-stale-check" // NamespaceProject is the key of an annotation on namespace whose value holds the project uid. NamespaceProject = "namespace.gardener.cloud/project" // NamespaceKeepAfterProjectDeletion is a constant for an annotation on a `Namespace` resource that states that it // should not be deleted if the corresponding `Project` gets deleted. Please note that all project related labels // from the namespace will be removed when the project is being deleted. NamespaceKeepAfterProjectDeletion = "namespace.gardener.cloud/keep-after-project-deletion" // ShootAlphaScalingAPIServerClass is a constant for an annotation on the shoot stating the initial API server class. // It influences the size of the initial resource requests/limits. // Possible values are [small, medium, large, xlarge, 2xlarge]. // Note that this annotation is alpha and can be removed anytime without further notice. Only use it if you know // what you do. ShootAlphaScalingAPIServerClass = "alpha.kube-apiserver.scaling.shoot.gardener.cloud/class" // ShootExpirationTimestamp is an annotation on a Shoot resource whose value represents the time when the Shoot lifetime // is expired. The lifetime can be extended, but at most by the minimal value of the 'clusterLifetimeDays' property // of referenced quotas. ShootExpirationTimestamp = "shoot.gardener.cloud/expiration-timestamp" // ShootNoCleanup is a constant for a label on a resource indicating that the Gardener cleaner should not delete this // resource when cleaning a shoot during the deletion flow. ShootNoCleanup = "shoot.gardener.cloud/no-cleanup" // ShootStatus is a constant for a label on a Shoot resource indicating that the Shoot's health. ShootStatus = "shoot.gardener.cloud/status" // ShootOperationMaintain is a constant for an annotation on a Shoot indicating that the Shoot maintenance shall be executed as soon as // possible. ShootOperationMaintain = "maintain" // FailedShootNeedsRetryOperation is a constant for an annotation on a Shoot in a failed state indicating that a retry operation should be triggered during the next maintenance time window. FailedShootNeedsRetryOperation = "maintenance.shoot.gardener.cloud/needs-retry-operation" // ShootOperationRotateKubeconfigCredentials is a constant for an annotation on a Shoot indicating that the credentials contained in the // kubeconfig that is handed out to the user shall be rotated. ShootOperationRotateKubeconfigCredentials = "rotate-kubeconfig-credentials" // ShootTasks is a constant for an annotation on a Shoot which states that certain tasks should be done. ShootTasks = "shoot.gardener.cloud/tasks" // ShootTaskDeployInfrastructure is a name for a Shoot's infrastructure deployment task. It indicates that the // Infrastructure extension resource shall be reconciled. ShootTaskDeployInfrastructure = "deployInfrastructure" // ShootTaskRestartControlPlanePods is a name for a Shoot task which is dedicated to restart related control plane pods. ShootTaskRestartControlPlanePods = "restartControlPlanePods" // ShootTaskRestartCoreAddons is a name for a Shoot task which is dedicated to restart some core addons. ShootTaskRestartCoreAddons = "restartCoreAddons" // ShootOperationRetry is a constant for an annotation on a Shoot indicating that a failed Shoot reconciliation shall be retried. ShootOperationRetry = "retry" // ShootOperationReconcile is a constant for an annotation on a Shoot indicating that a Shoot reconciliation shall be triggered. ShootOperationReconcile = "reconcile" // ShootSyncPeriod is a constant for an annotation on a Shoot which may be used to overwrite the global Shoot controller sync period. // The value must be a duration. It can also be used to disable the reconciliation at all by setting it to 0m. Disabling the reconciliation // does only mean that the period reconciliation is disabled. However, when the Gardener is restarted/redeployed or the specification is // changed then the reconciliation flow will be executed. ShootSyncPeriod = "shoot.gardener.cloud/sync-period" // ShootIgnore is a constant for an annotation on a Shoot which may be used to tell the Gardener that the Shoot with this name should be // ignored completely. That means that the Shoot will never reach the reconciliation flow (independent of the operation (create/update/ // delete)). ShootIgnore = "shoot.gardener.cloud/ignore" // ManagedResourceShootCoreName is the name of the shoot core managed resource. ManagedResourceShootCoreName = "shoot-core" // ManagedResourceAddonsName is the name of the addons managed resource. ManagedResourceAddonsName = "addons" // SeedSpecHash is a constant for a label on `ControllerInstallation`s (similar to `pod-template-hash` on `Pod`s). SeedSpecHash = "seed-spec-hash" // RegistrationSpecHash is a constant for a label on `ControllerInstallation`s (similar to `pod-template-hash` on `Pod`s). RegistrationSpecHash = "registration-spec-hash" // VpaAdmissionControllerName is the name of the vpa-admission-controller name. VpaAdmissionControllerName = "gardener.cloud:vpa:admission-controller" // VpaRecommenderName is the name of the vpa-recommender name. VpaRecommenderName = "gardener.cloud:vpa:recommender" // VpaUpdaterName is the name of the vpa-updater name. VpaUpdaterName = "gardener.cloud:vpa:updater" // VpaExporterName is the name of the vpa-exporter name. VpaExporterName = "gardener.cloud:vpa:exporter" // IstioNamespace is the istio-system namespace IstioNamespace = "istio-system" // ServiceAccountSigningKeySecretDataKey is the data key of a signing key Kubernetes secret. ServiceAccountSigningKeySecretDataKey = "signing-key" // ControlPlaneWildcardCert is the value of the GardenRole key indicating type 'controlplane-cert'. // It refers to a wildcard tls certificate which can be used for services exposed under the corresponding domain. ControlPlaneWildcardCert = "controlplane-cert" // AlertManagerTLS is the name of the secret resource which holds the TLS certificate for Alert Manager. AlertManagerTLS = "alertmanager-tls" // GrafanaTLS is the name of the secret resource which holds the TLS certificate for Grafana. GrafanaTLS = "grafana-tls" // PrometheusTLS is the name of the secret resource which holds the TLS certificate for Prometheus. PrometheusTLS = "prometheus-tls" // EndUserCrtValidity is the time period a user facing certificate is valid. EndUserCrtValidity = 730 * 24 * time.Hour // ~2 years, see https://support.apple.com/en-us/HT210176 // ShootDNSIngressName is a constant for the DNS resources used for the shoot ingress addon. ShootDNSIngressName = "ingress" )
Variables ¶
var GardenerDeletionGracePeriod = 5 * time.Minute
GardenerDeletionGracePeriod is the default grace period for Gardener's force deletion methods.
var TimeNow = time.Now
TimeNow returns the current time. Exposed for testing.
Functions ¶
func AllPrivateNetworkBlocks ¶
AllPrivateNetworkBlocks returns a list of all Private network (RFC1918) and Carrier-grade NAT (RFC6598) IPv4 blocks.
func AnnotateExtensionObjectWithOperation ¶ added in v1.8.0
func AnnotateExtensionObjectWithOperation(ctx context.Context, c client.Client, extensionObj extensionsv1alpha1.Object, operation string) error
AnnotateExtensionObjectWithOperation annotates the extension resource with the provided operation annotation value.
func CarrierGradeNATBlock ¶
CarrierGradeNATBlock returns a Carrier-grade NAT (RFC6598) 100.64.0.0/10 IPv4 block
func CheckIfDeletionIsConfirmed ¶ added in v1.3.0
CheckIfDeletionIsConfirmed returns whether the deletion of an object is confirmed or not.
func ComputeOffsetIP ¶ added in v1.1.0
ComputeOffsetIP parses the provided <subnet> and offsets with the value of <offset>. For example, <subnet> = 100.64.0.0/11 and <offset> = 10 the result would be 100.64.0.10 IPv6 and IPv4 is supported.
func ConfirmDeletion ¶ added in v1.3.0
ConfirmDeletion adds Gardener's deletion confirmation annotation to the given object and sends an UPDATE request.
func CurrentReplicaCount ¶
func CurrentReplicaCount(ctx context.Context, client client.Client, namespace, deploymentName string) (int32, error)
CurrentReplicaCount returns the current replicaCount for the given deployment.
func DeleteAlertmanager ¶
DeleteAlertmanager deletes all resources of the Alertmanager in a given namespace.
func DeleteDeploymentsHavingDeprecatedRoleLabelKey ¶ added in v1.14.0
func DeleteDeploymentsHavingDeprecatedRoleLabelKey(ctx context.Context, c client.Client, keys []client.ObjectKey) error
DeleteDeploymentsHavingDeprecatedRoleLabelKey deletes the Deployments with the passed object keys if the corresponding Deployment .spec.selector contains the deprecated "garden.sapcloud.io/role" label key.
func DeleteExtensionCR ¶ added in v1.4.0
func DeleteExtensionCR( ctx context.Context, c client.Client, newObjFunc func() extensionsv1alpha1.Object, namespace string, name string, deleteOpts ...client.DeleteOption, ) error
DeleteExtensionCR deletes an extension resource.
func DeleteExtensionCRs ¶ added in v1.4.0
func DeleteExtensionCRs( ctx context.Context, c client.Client, listObj client.ObjectList, newObjFunc func() extensionsv1alpha1.Object, namespace string, predicateFunc func(obj extensionsv1alpha1.Object) bool, deleteOpts ...client.DeleteOption, ) error
DeleteExtensionCRs lists all extension resources and loops over them. It executes the given <predicateFunc> for each of them, and if it evaluates to true then the resource will be deleted.
func DeleteGrafanaByRole ¶
func DeleteGrafanaByRole(ctx context.Context, k8sClient kubernetes.Interface, namespace, role string) error
DeleteGrafanaByRole deletes the monitoring stack for the shoot owner.
func DeleteHvpa ¶
DeleteHvpa delete all resources required for the HVPA in the given namespace.
func DeleteLoki ¶ added in v1.15.4
DeleteLoki deletes all resources of the Loki in a given namespace.
func DeleteManagedResourceForSeed ¶ added in v1.13.0
func DeleteManagedResourceForSeed(ctx context.Context, c client.Client, name, namespace string) error
DeleteManagedResourceForSeed deploys a ManagedResource CR for the seed's gardener-resource-manager.
func DeleteManagedResourceForShoot ¶ added in v1.13.0
func DeleteManagedResourceForShoot(ctx context.Context, c client.Client, name, namespace string) error
DeleteManagedResourceForShoot deploys a ManagedResource CR for the shoot's gardener-resource-manager.
func DeleteReserveExcessCapacity ¶ added in v1.5.0
DeleteReserveExcessCapacity deletes the deployment and priority class for excess capacity
func DeleteSeedLoggingStack ¶ added in v1.15.4
DeleteSeedLoggingStack deletes all seed resource of the logging stack in the garden namespace.
func DeleteShootLoggingStack ¶ added in v1.15.4
DeleteShootLoggingStack deletes all shoot resource of the logging stack in the given namespace.
func DeleteVpa ¶ added in v1.7.0
DeleteVpa delete all resources required for the VPA in the given namespace.
func DeployManagedResourceForSeed ¶ added in v1.12.0
func DeployManagedResourceForSeed(ctx context.Context, c client.Client, name, namespace string, keepObjects bool, data map[string][]byte) error
DeployManagedResourceForSeed deploys a ManagedResource CR for the seed's gardener-resource-manager.
func DeployManagedResourceForShoot ¶ added in v1.12.0
func DeployManagedResourceForShoot(ctx context.Context, c client.Client, name, namespace string, keepObjects bool, data map[string][]byte) error
DeployManagedResourceForShoot deploys a ManagedResource CR for the shoot's gardener-resource-manager.
func EffectiveMaintenanceTimeWindow ¶
func EffectiveMaintenanceTimeWindow(timeWindow *utils.MaintenanceTimeWindow) *utils.MaintenanceTimeWindow
EffectiveMaintenanceTimeWindow cuts a maintenance time window at the end with a guess of 15 minutes. It is subtracted from the end of a maintenance time window to use a best-effort kind of finishing the operation before the end. Generally, we can't make sure that the maintenance operation is done by the end of the time window anyway (considering large clusters with hundreds of nodes, a rolling update will take several hours).
func EffectiveShootMaintenanceTimeWindow ¶
func EffectiveShootMaintenanceTimeWindow(shoot *gardencorev1beta1.Shoot) *utils.MaintenanceTimeWindow
EffectiveShootMaintenanceTimeWindow returns the effective MaintenanceTimeWindow of the given Shoot.
func ExceptNetworks ¶
ExceptNetworks returns a list of maps with `network` key containing one of `networks` and `except` key containgn list of `cidr` which are part of those CIDRs.
Calling `ExceptNetworks([]garden.CIDR{"10.0.0.0/8","172.16.0.0/12"},"10.10.0.0/24","172.16.1.0/24")` produces:
[
{"network": "10.0.0.0/8", "except": ["10.10.0.0/24"]}, {"network": "172.16.0.0/12", "except": ["172.16.1.0/24"]},
]
func ExtensionID ¶ added in v1.5.0
ExtensionID returns an identifier for the given extension kind/type.
func ExtractShootDetailsFromBackupEntryName ¶
func ExtractShootDetailsFromBackupEntryName(backupEntryName string) (shootTechnicalID, shootUID string)
ExtractShootDetailsFromBackupEntryName returns Shoot resource technicalID its UID from provided <backupEntryName>.
func GardenEtcdEncryptionSecretName ¶ added in v1.4.0
GardenEtcdEncryptionSecretName returns the name to the 'backup' of the etcd encryption secret in the Garden cluster.
func GenerateAddonConfig ¶
GenerateAddonConfig returns the provided <values> in case <enabled> is true. Otherwise, nil is being returned.
func GenerateBackupEntryName ¶
GenerateBackupEntryName returns BackupEntry resource name created from provided <seedNamespace> and <shootUID>.
func GetAPIServerDomain ¶
GetAPIServerDomain returns the fully qualified domain name of for the api-server for the Shoot cluster. The end result is 'api.<domain>'.
func GetContainerResourcesInStatefulSet ¶ added in v1.12.5
func GetContainerResourcesInStatefulSet(ctx context.Context, k8sClient client.Client, key client.ObjectKey) (map[string]*corev1.ResourceRequirements, error)
GetContainerResourcesInStatefulSet returns the containers resources in StatefulSet
func GetDomainInfoFromAnnotations ¶
func GetDomainInfoFromAnnotations(annotations map[string]string) (provider string, domain string, includeZones, excludeZones []string, err error)
GetDomainInfoFromAnnotations returns the provider and the domain that is specified in the give annotations.
func GetSecretFromSecretRef ¶
func GetSecretFromSecretRef(ctx context.Context, c client.Client, secretRef *corev1.SecretReference) (*corev1.Secret, error)
GetSecretFromSecretRef gets the Secret object from <secretRef>.
func GetSecretKeysWithPrefix ¶
GetSecretKeysWithPrefix returns a list of keys of the given map <m> which are prefixed with <kind>.
func GetServiceAccountSigningKeySecret ¶
func GetServiceAccountSigningKeySecret(ctx context.Context, c client.Client, shootNamespace, secretName string) (string, error)
GetServiceAccountSigningKeySecret gets the signing key from the secret with the given name and namespace.
func IsNowInEffectiveShootMaintenanceTimeWindow ¶
func IsNowInEffectiveShootMaintenanceTimeWindow(shoot *gardencorev1beta1.Shoot) bool
IsNowInEffectiveShootMaintenanceTimeWindow checks if the current time is in the effective maintenance time window of the Shoot.
func IsObservedAtLatestGenerationAndSucceeded ¶
func IsObservedAtLatestGenerationAndSucceeded(shoot *gardencorev1beta1.Shoot) bool
IsObservedAtLatestGenerationAndSucceeded checks whether the Shoot's generation has changed or if the LastOperation status is Succeeded.
func IsShootFailed ¶
func IsShootFailed(shoot *gardencorev1beta1.Shoot) bool
IsShootFailed checks if a Shoot is failed.
func LastReconciliationDuringThisTimeWindow ¶ added in v1.12.9
func LastReconciliationDuringThisTimeWindow(shoot *gardencorev1beta1.Shoot) bool
LastReconciliationDuringThisTimeWindow returns true if <now> is contained in the given effective maintenance time window of the shoot and if the <lastReconciliation> did not happen longer than the longest possible duration of a maintenance time window.
func ManagedResourceSecretName ¶ added in v1.11.0
ManagedResourceSecretName returns the name of a corev1.Scret for the given name of a resourcesv1alpha1.ManagedResource.
func MigrateExtensionCR ¶ added in v1.8.0
func MigrateExtensionCR( ctx context.Context, c client.Client, newObjFunc func() extensionsv1alpha1.Object, namespace string, name string, ) error
MigrateExtensionCR adds the migrate operation annotation to the extension CR.
func MigrateExtensionCRs ¶ added in v1.10.0
func MigrateExtensionCRs( ctx context.Context, c client.Client, listObj client.ObjectList, newObjFunc func() extensionsv1alpha1.Object, namespace string, ) error
MigrateExtensionCRs lists all extension resources of a given kind and annotates them with the Migrate operation.
func NewManagedResourceForSeed ¶ added in v1.12.0
func NewManagedResourceForSeed(c client.Client, name, namespace string, keepObjects bool) *manager.ManagedResource
NewManagedResourceForSeed constructs a new ManagedResource object for the seed's Gardener-Resource-Manager.
func NewManagedResourceForShoot ¶ added in v1.12.0
func NewManagedResourceForShoot(c client.Client, name, namespace string, keepObjects bool) *manager.ManagedResource
NewManagedResourceForShoot constructs a new ManagedResource object for the shoot's Gardener-Resource-Manager.
func NewManagedResourceSecret ¶ added in v1.11.0
NewManagedResourceSecret constructs a new Secret object containing manifests managed by the Gardener-Resource-Manager which can be reconciled.
func Private12BitBlock ¶
Private12BitBlock returns a private network (RFC1918) 172.16.0.0/12 IPv4 block
func Private16BitBlock ¶
Private16BitBlock returns a private network (RFC1918) 192.168.0.0/16 IPv4 block
func Private8BitBlock ¶
Private8BitBlock returns a private network (RFC1918) 10.0.0.0/8 IPv4 block
func ProjectForNamespace ¶
func ProjectForNamespace(projectLister gardencorelisters.ProjectLister, namespaceName string) (*gardencorev1beta1.Project, error)
ProjectForNamespace returns the project object responsible for a given <namespace>. It tries to identify the project object by looking for the namespace name in the project spec.
func ProjectForNamespaceWithClient ¶ added in v1.7.0
func ProjectForNamespaceWithClient(ctx context.Context, c client.Reader, namespaceName string) (*gardencorev1beta1.Project, error)
ProjectForNamespaceWithClient returns the project object responsible for a given <namespace>. It tries to identify the project object by looking for the namespace name in the project spec.
func ReadServiceAccountSigningKeySecret ¶
ReadServiceAccountSigningKeySecret reads the signing key secret to extract the signing key. It errors if there is no value at ServiceAccountSigningKeySecretDataKey.
func ReplaceCloudProviderConfigKey ¶
ReplaceCloudProviderConfigKey replaces a key with the new value in the given cloud provider config.
func RespectShootSyncPeriodOverwrite ¶
func RespectShootSyncPeriodOverwrite(respectSyncPeriodOverwrite bool, shoot *gardencorev1beta1.Shoot) bool
RespectShootSyncPeriodOverwrite checks whether to respect the sync period overwrite of a Shoot or not.
func RestoreExtensionObjectState ¶ added in v1.8.0
func RestoreExtensionObjectState( ctx context.Context, c client.Client, shootState *gardencorev1alpha1.ShootState, namespace string, extensionObj extensionsv1alpha1.Object, resourceKind string, ) error
RestoreExtensionObjectState restores the status.state field of the extension resources and deploys any required resources from the provided shoot state
func RestoreExtensionWithDeployFunction ¶ added in v1.8.0
func RestoreExtensionWithDeployFunction( ctx context.Context, c client.Client, shootState *gardencorev1alpha1.ShootState, resourceKind string, namespace string, deployFunc func(ctx context.Context, operationAnnotation string) (extensionsv1alpha1.Object, error), ) error
RestoreExtensionWithDeployFunction deploys the extension resource with the passed in deployFunc and sets its operation annotation to wait-for-state. It then restores the state of the extension resource from the ShootState, creates any required state resources and sets the operation annotation to restore.
func ShouldIgnoreShoot ¶
func ShouldIgnoreShoot(respectSyncPeriodOverwrite bool, shoot *gardencorev1beta1.Shoot) bool
ShouldIgnoreShoot determines whether a Shoot should be ignored or not.
func ShouldObjectBeRemoved ¶
ShouldObjectBeRemoved determines whether the given object should be gone now. This is calculated by first checking the deletion timestamp of an object: If the deletion timestamp is unset, the object should not be removed - i.e. this returns false. Otherwise, it is checked whether the deletionTimestamp is before the current time minus the grace period.
func SyncClusterResourceToSeed ¶ added in v1.7.0
func SyncClusterResourceToSeed(ctx context.Context, client client.Client, clusterName string, shoot *gardencorev1beta1.Shoot, cloudProfile *gardencorev1beta1.CloudProfile, seed *gardencorev1beta1.Seed) error
SyncClusterResourceToSeed creates or updates the `extensions.gardener.cloud/v1alpha1.Cluster` resource in the seed cluster by adding the shoot, seed, and cloudprofile specification.
func SyncPeriodOfShoot ¶
func SyncPeriodOfShoot(respectSyncPeriodOverwrite bool, defaultMinSyncPeriod time.Duration, shoot *gardencorev1beta1.Shoot) time.Duration
SyncPeriodOfShoot determines the sync period of the given shoot.
If no overwrite is allowed, the defaultMinSyncPeriod is returned. Otherwise, the overwrite is parsed. If an error occurs or it is smaller than the defaultMinSyncPeriod, the defaultMinSyncPeriod is returned. Otherwise, the overwrite is returned.
func ToExceptNetworks ¶
ToExceptNetworks returns a list of maps with `network` key containing one of `networks` and `except` key containgn list of `cidr` which are part of those CIDRs.
Calling `ToExceptNetworks(AllPrivateNetworkBlocks(),"10.10.0.0/24","172.16.1.0/24","192.168.1.0/24","100.64.1.0/24")` produces:
[
{"network": "10.0.0.0/8", "except": ["10.10.0.0/24"]}, {"network": "172.16.0.0/12", "except": ["172.16.1.0/24"]}, {"network": "192.168.0.0/16", "except": ["192.168.1.0/24"]}, {"network": "100.64.0.0/10", "except": ["100.64.1.0/24"]},
]
func WaitUntilExtensionCRDeleted ¶ added in v1.4.0
func WaitUntilExtensionCRDeleted( ctx context.Context, c client.Client, logger logrus.FieldLogger, newObjFunc func() extensionsv1alpha1.Object, kind string, namespace string, name string, interval time.Duration, timeout time.Duration, ) error
WaitUntilExtensionCRDeleted waits until an extension resource is deleted from the system.
func WaitUntilExtensionCRMigrated ¶ added in v1.8.0
func WaitUntilExtensionCRMigrated( ctx context.Context, c client.Client, newObjFunc func() extensionsv1alpha1.Object, namespace string, name string, interval time.Duration, timeout time.Duration, ) error
WaitUntilExtensionCRMigrated waits until the migrate operation for the extension resource is successful.
func WaitUntilExtensionCRReady ¶ added in v1.4.0
func WaitUntilExtensionCRReady( ctx context.Context, c client.Client, logger logrus.FieldLogger, newObjFunc func() client.Object, kind string, namespace string, name string, interval time.Duration, severeThreshold time.Duration, timeout time.Duration, postReadyFunc func(client.Object) error, ) error
WaitUntilExtensionCRReady waits until the given extension resource has become ready.
func WaitUntilExtensionCRsDeleted ¶ added in v1.4.0
func WaitUntilExtensionCRsDeleted( ctx context.Context, c client.Client, logger logrus.FieldLogger, listObj client.ObjectList, newObjFunc func() extensionsv1alpha1.Object, kind string, namespace string, interval time.Duration, timeout time.Duration, predicateFunc func(obj extensionsv1alpha1.Object) bool, ) error
WaitUntilExtensionCRsDeleted lists all extension resources and loops over them. It executes the given <predicateFunc> for each of them, and if it evaluates to true then it waits for the resource to be deleted.
func WaitUntilExtensionCRsMigrated ¶ added in v1.10.0
func WaitUntilExtensionCRsMigrated( ctx context.Context, c client.Client, listObj client.ObjectList, newObjFunc func() extensionsv1alpha1.Object, namespace string, interval time.Duration, timeout time.Duration, ) error
WaitUntilExtensionCRsMigrated lists all extension resources of a given kind and waits until they are migrated
func WaitUntilObjectReadyWithHealthFunction ¶ added in v1.4.0
func WaitUntilObjectReadyWithHealthFunction( ctx context.Context, c client.Client, logger logrus.FieldLogger, healthFunc health.Func, newObjFunc func() client.Object, kind string, namespace string, name string, interval time.Duration, severeThreshold time.Duration, timeout time.Duration, postReadyFunc func(client.Object) error, ) error
WaitUntilObjectReadyWithHealthFunction waits until the given resource has become ready. It takes the health check function that should be executed.
Types ¶
This section is empty.