Documentation ¶
Index ¶
- Constants
- Variables
- func ComputeOffsetIP(subnet *net.IPNet, offset int64) (net.IP, error)
- func DeleteAlertmanager(ctx context.Context, k8sClient client.Client, namespace string) error
- func DeleteGrafanaByRole(ctx context.Context, k8sClient kubernetes.Interface, namespace, role string) error
- func DeleteHvpa(ctx context.Context, c client.Client, namespace string) error
- func DeleteLoki(ctx context.Context, k8sClient client.Client, namespace string) error
- func DeleteReserveExcessCapacity(ctx context.Context, k8sClient client.Client) error
- func DeleteSeedLoggingStack(ctx context.Context, k8sClient client.Client) error
- func DeleteShootLoggingStack(ctx context.Context, k8sClient client.Client, namespace string) error
- func DeleteShootNodeLoggingStack(ctx context.Context, k8sClient client.Client, namespace string) error
- func DeleteStatefulSetsHavingDeprecatedRoleLabelKey(ctx context.Context, c client.Client, keys []client.ObjectKey) error
- func DeleteVpa(ctx context.Context, c client.Client, namespace string, isShoot bool) error
- func FilterEntriesByPrefix(prefix string, entries []string) []string
- func GenerateAddonConfig(values map[string]interface{}, enabled bool) map[string]interface{}
- func GetSecretKeysWithPrefix(kind string, m map[string]*corev1.Secret) []string
Constants ¶
const ( // VPNTunnel dictates that VPN is used as a tunnel between seed and shoot networks. VPNTunnel string = "vpn-shoot" // EtcdEncryptionChecksumLabelName is the name of the label which is added to the shoot // secrets after rewriting them to ensure that successfully rewritten secrets are not // (unnecessarily) rewritten during each reconciliation. EtcdEncryptionChecksumLabelName = "shoot.gardener.cloud/etcd-encryption-configuration-checksum" // EtcdEncryptionForcePlaintextAnnotationName is the name of the annotation with which to annotate // the EncryptionConfiguration secret to force the decryption of shoot secrets EtcdEncryptionForcePlaintextAnnotationName = "shoot.gardener.cloud/etcd-encryption-force-plaintext-secrets" // EtcdEncryptionEncryptedResourceSecrets is the name of the secret resource to be encrypted EtcdEncryptionEncryptedResourceSecrets = "secrets" // EtcdEncryptionKeyPrefix is the prefix for the key name of the EncryptionConfiguration's key EtcdEncryptionKeyPrefix = "key" // EtcdEncryptionKeySecretLen is the expected length in bytes of the EncryptionConfiguration's key EtcdEncryptionKeySecretLen = 32 // ETCDEncryptionConfigDataName is the name of ShootState data entry holding the current key and encryption state used to encrypt shoot resources ETCDEncryptionConfigDataName = "etcdEncryptionConfiguration" // GrafanaOperatorsPrefix is a constant for a prefix used for the operators Grafana instance. GrafanaOperatorsPrefix = "go" // GrafanaUsersPrefix is a constant for a prefix used for the users Grafana instance. GrafanaUsersPrefix = "gu" // GrafanaOperatorsRole is a constant for the operators role. GrafanaOperatorsRole = "operators" // GrafanaUsersRole is a constant for the users role. GrafanaUsersRole = "users" // PrometheusPrefix is a constant for a prefix used for the Prometheus instance. PrometheusPrefix = "p" // AlertManagerPrefix is a constant for a prefix used for the AlertManager instance. AlertManagerPrefix = "au" // LokiPrefix is a constant for a prefix used for the Loki instance. LokiPrefix = "l" // KubecfgUsername is the username for the token used for the kubeconfig the shoot. KubecfgUsername = "system:cluster-admin" // KubecfgSecretName is the name of the kubecfg secret. KubecfgSecretName = "kubecfg" // KubeAPIServerHealthCheck is a key for the kube-apiserver-health-check user. KubeAPIServerHealthCheck = "kube-apiserver-health-check" // VPASecretName is the name of the secret used by VPA VPASecretName = "vpa-tls-certs" // ManagedResourceShootCoreName is the name of the shoot core managed resource. ManagedResourceShootCoreName = "shoot-core" // ManagedResourceAddonsName is the name of the addons managed resource. ManagedResourceAddonsName = "addons" // SeedSpecHash is a constant for a label on `ControllerInstallation`s (similar to `pod-template-hash` on `Pod`s). SeedSpecHash = "seed-spec-hash" // ControllerDeploymentHash is a constant for a label on `ControllerInstallation`s (similar to `pod-template-hash` on `Pod`s). ControllerDeploymentHash = "deployment-hash" // RegistrationSpecHash is a constant for a label on `ControllerInstallation`s (similar to `pod-template-hash` on `Pod`s). RegistrationSpecHash = "registration-spec-hash" // VpaAdmissionControllerName is the name of the vpa-admission-controller name. VpaAdmissionControllerName = "gardener.cloud:vpa:admission-controller" // VpaRecommenderName is the name of the vpa-recommender name. VpaRecommenderName = "gardener.cloud:vpa:recommender" // VpaUpdaterName is the name of the vpa-updater name. VpaUpdaterName = "gardener.cloud:vpa:updater" // VpaExporterName is the name of the vpa-exporter name. VpaExporterName = "gardener.cloud:vpa:exporter" // IstioNamespace is the istio-system namespace IstioNamespace = "istio-system" // AlertManagerTLS is the name of the secret resource which holds the TLS certificate for Alert Manager. AlertManagerTLS = "alertmanager-tls" // GrafanaTLS is the name of the secret resource which holds the TLS certificate for Grafana. GrafanaTLS = "grafana-tls" // PrometheusTLS is the name of the secret resource which holds the TLS certificate for Prometheus. PrometheusTLS = "prometheus-tls" // LokiTLS is the name of the secret resource which holds the TLS certificate for Loki. LokiTLS = "loki-tls" // EndUserCrtValidity is the time period a user facing certificate is valid. EndUserCrtValidity = 730 * 24 * time.Hour // ~2 years, see https://support.apple.com/en-us/HT210176 // CrtRenewalWindow is the time window in which certificates are supposed to be replaced before they expire. CrtRenewalWindow = 30 * 24 * time.Hour // ShootDNSIngressName is a constant for the DNS resources used for the shoot ingress addon. ShootDNSIngressName = "ingress" // GardenLokiPriorityClassName is the name of the PriorityClass for the Loki in the garden namespace GardenLokiPriorityClassName = "garden-loki" // MonitoringIngressCredentials is a constant for the name of a secret containing the monitoring credentials for // operators monitoring for shoots. MonitoringIngressCredentials = "monitoring-ingress-credentials" // MonitoringIngressCredentialsUsers is a constant for the name of a secret containing the monitoring credentials // for users monitoring for shoots. MonitoringIngressCredentialsUsers = "monitoring-ingress-credentials-users" // NodeLocalIPVSAddress is the IPv4 address used by node local dns when IPVS is used. NodeLocalIPVSAddress = "169.254.20.10" )
Variables ¶
var IngressTLSSecretNames = []string{ AlertManagerTLS, GrafanaTLS, PrometheusTLS, LokiTLS, }
IngressTLSSecretNames are the secrets which contain operator or user facing x509 certificates. These are usually exposed via an `Ingress` in the shoot control plane.
Functions ¶
func ComputeOffsetIP ¶ added in v1.1.0
ComputeOffsetIP parses the provided <subnet> and offsets with the value of <offset>. For example, <subnet> = 100.64.0.0/11 and <offset> = 10 the result would be 100.64.0.10 IPv6 and IPv4 is supported.
func DeleteAlertmanager ¶
DeleteAlertmanager deletes all resources of the Alertmanager in a given namespace.
func DeleteGrafanaByRole ¶
func DeleteGrafanaByRole(ctx context.Context, k8sClient kubernetes.Interface, namespace, role string) error
DeleteGrafanaByRole deletes the monitoring stack for the shoot owner.
func DeleteHvpa ¶
DeleteHvpa delete all resources required for the HVPA in the given namespace.
func DeleteLoki ¶ added in v1.15.4
DeleteLoki deletes all resources of the Loki in a given namespace.
func DeleteReserveExcessCapacity ¶ added in v1.5.0
DeleteReserveExcessCapacity deletes the deployment and priority class for excess capacity
func DeleteSeedLoggingStack ¶ added in v1.15.4
DeleteSeedLoggingStack deletes all seed resource of the logging stack in the garden namespace.
func DeleteShootLoggingStack ¶ added in v1.15.4
DeleteShootLoggingStack deletes all shoot resource of the logging stack in the given namespace.
func DeleteShootNodeLoggingStack ¶ added in v1.27.0
func DeleteShootNodeLoggingStack(ctx context.Context, k8sClient client.Client, namespace string) error
DeleteShootNodeLoggingStack deletes all shoot resource of the shoot-node logging stack in the given namespace.
func DeleteStatefulSetsHavingDeprecatedRoleLabelKey ¶ added in v1.35.0
func DeleteStatefulSetsHavingDeprecatedRoleLabelKey(ctx context.Context, c client.Client, keys []client.ObjectKey) error
DeleteStatefulSetsHavingDeprecatedRoleLabelKey deletes the StatefulSets with the passed object keys if the corresponding StatefulSet .spec.selector contains the deprecated "garden.sapcloud.io/role" label key.
func DeleteVpa ¶ added in v1.7.0
DeleteVpa delete all resources required for the VPA in the given namespace.
func FilterEntriesByPrefix ¶ added in v1.28.3
FilterEntriesByPrefix returns a list of strings which begin with the given prefix.
func GenerateAddonConfig ¶
GenerateAddonConfig returns the provided <values> in case <enabled> is true. Otherwise, nil is being returned.
Types ¶
This section is empty.