Documentation
¶
Index ¶
- Constants
- Variables
- func CentralLoggingConfiguration() (component.CentralLoggingConfig, error)
- func DependencyWatchdogEndpointConfiguration() (map[string]restarterapi.Service, error)
- func DependencyWatchdogProbeConfiguration() ([]scalerapi.ProbeDependants, error)
- func GetLabels() map[string]string
- type AuditConfig
- type AutoscalingConfig
- type Images
- type Interface
- type SNIConfig
- type Secrets
- type ServiceAccountConfig
- type VPNConfig
- type Values
Constants ¶
View Source
const ( // DependencyWatchdogExternalProbeSecretName is the name of the kubecfg secret with internal DNS for external access. DependencyWatchdogExternalProbeSecretName = "dependency-watchdog-external-probe" // DependencyWatchdogInternalProbeSecretName is the name of the kubecfg secret with cluster IP access. DependencyWatchdogInternalProbeSecretName = "dependency-watchdog-internal-probe" )
View Source
const ( // SecretNameBasicAuth is the name of the secret containing basic authentication credentials for the kube-apiserver. SecretNameBasicAuth = "kube-apiserver-basic-auth" // SecretNameEtcdEncryption is the name of the secret which contains the EncryptionConfiguration. The // EncryptionConfiguration contains a key which the kube-apiserver uses for encrypting selected etcd content. SecretNameEtcdEncryption = "etcd-encryption-secret" // SecretNameHTTPProxy is the name of the secret for the http proxy. SecretNameHTTPProxy = "kube-apiserver-http-proxy" // SecretNameKubeAggregator is the name of the secret for the kube-aggregator when talking to the kube-apiserver. SecretNameKubeAggregator = "kube-aggregator" // SecretNameKubeAPIServerToKubelet is the name of the secret for the kube-apiserver credentials when talking to // kubelets. SecretNameKubeAPIServerToKubelet = "kube-apiserver-kubelet" // SecretNameServer is the name of the secret for the kube-apiserver server certificates. SecretNameServer = "kube-apiserver" // SecretNameStaticToken is the name of the secret containing static tokens for the kube-apiserver. SecretNameStaticToken = "static-token" // SecretNameVPNSeed is the name of the secret containing the certificates for the vpn-seed. SecretNameVPNSeed = "vpn-seed" // SecretNameVPNSeedTLSAuth is the name of the secret containing the TLS auth for the vpn-seed. SecretNameVPNSeedTLSAuth = "vpn-seed-tlsauth" // ContainerNameKubeAPIServer is the name of the kube-apiserver container. ContainerNameKubeAPIServer = "kube-apiserver" )
View Source
const ( // Port is the port exposed by the kube-apiserver. Port = 443 // ServicePortName is the name of the port in the service. ServicePortName = "kube-apiserver" // UserName is the name of the kube-apiserver user when communicating with the kubelet. UserName = "system:kube-apiserver:kubelet" )
View Source
const ( // SecretServiceAccountSigningKeyDataKeySigningKey is a constant for a key in the data map that contains the key // which is used to sign service accounts. SecretServiceAccountSigningKeyDataKeySigningKey = "signing-key" // SecretEtcdEncryptionConfigurationDataKey is a constant for a key in the data map that contains the config // which is used to encrypt etcd data. SecretEtcdEncryptionConfigurationDataKey = "encryption-configuration.yaml" )
View Source
const ManagedResourceName = "shoot-core-kube-apiserver"
ManagedResourceName is the name of the ManagedResource containing the resource specifications.
Variables ¶
View Source
var ( // IntervalWaitForDeployment is the interval used while waiting for the Deployments to become healthy // or deleted. IntervalWaitForDeployment = 5 * time.Second // TimeoutWaitForDeployment is the timeout used while waiting for the Deployments to become healthy // or deleted. TimeoutWaitForDeployment = 5 * time.Minute )
Functions ¶
func CentralLoggingConfiguration ¶ added in v1.33.0
func CentralLoggingConfiguration() (component.CentralLoggingConfig, error)
CentralLoggingConfiguration returns a fluent-bit parser and filter for the kube-apiserver logs.
func DependencyWatchdogEndpointConfiguration ¶ added in v1.27.0
func DependencyWatchdogEndpointConfiguration() (map[string]restarterapi.Service, error)
DependencyWatchdogEndpointConfiguration returns the configuration for the dependency watchdog (endpoint role) ensuring that its dependant pods are restarted as soon as it recovers from a crash loop.
func DependencyWatchdogProbeConfiguration ¶ added in v1.27.0
func DependencyWatchdogProbeConfiguration() ([]scalerapi.ProbeDependants, error)
DependencyWatchdogProbeConfiguration returns the configuration for the dependency watchdog (probe role) ensuring that its dependant pods are scaled as soon a probe fails.
Types ¶
type AuditConfig ¶ added in v1.33.0
type AuditConfig struct {
// Policy is the audit policy document in YAML format.
Policy *string
}
AuditConfig contains information for configuring audit settings for the kube-apiserver.
type AutoscalingConfig ¶ added in v1.28.0
type AutoscalingConfig struct {
// APIServerResources are the resource requirements for the kube-apiserver container.
APIServerResources corev1.ResourceRequirements
// HVPAEnabled states whether an HVPA object shall be deployed. If false, HPA and VPA will be used.
HVPAEnabled bool
// Replicas is the number of pod replicas for the kube-apiserver.
Replicas *int32
// MinReplicas are the minimum Replicas for horizontal autoscaling.
MinReplicas int32
// MaxReplicas are the maximum Replicas for horizontal autoscaling.
MaxReplicas int32
// UseMemoryMetricForHvpaHPA states whether the memory metric shall be used when the HPA is configured in an HVPA
// resource.
UseMemoryMetricForHvpaHPA bool
// ScaleDownDisabledForHvpa states whether scale-down shall be disabled when HPA or VPA are configured in an HVPA
// resource.
ScaleDownDisabledForHvpa bool
}
AutoscalingConfig contains information for configuring autoscaling settings for the kube-apiserver.
type Images ¶ added in v1.33.0
type Images struct {
// AlpineIPTables is the container image for alpine-iptables.
AlpineIPTables string
// APIServerProxyPodWebhook is the container image for the apiserver-proxy-pod-webhook.
APIServerProxyPodWebhook string
// KubeAPIServer is the container image for the kube-apiserver.
KubeAPIServer string
// VPNSeed is the container image for the vpn-seed.
VPNSeed string
}
Images is a set of container images used for the containers of the kube-apiserver pods.
type Interface ¶ added in v1.28.0
type Interface interface {
component.DeployWaiter
component.MonitoringComponent
// GetValues returns the current configuration values of the deployer.
GetValues() Values
// SetSecrets sets the secrets.
SetSecrets(Secrets)
// SetAutoscalingAPIServerResources sets the APIServerResources field in the AutoscalingConfig of the Values of the
// deployer.
SetAutoscalingAPIServerResources(corev1.ResourceRequirements)
// SetAutoscalingReplicas sets the Replicas field in the AutoscalingConfig of the Values of the deployer.
SetAutoscalingReplicas(*int32)
// SetServiceAccountConfig sets the ServiceAccount field in the Values of the deployer.
SetServiceAccountConfig(ServiceAccountConfig)
// SetSNIConfig sets the SNI field in the Values of the deployer.
SetSNIConfig(SNIConfig)
// SetProbeToken sets the ProbeToken field in the Values of the deployer.
SetProbeToken(string)
// SetExternalHostname sets the ExternalHostname field in the Values of the deployer.
SetExternalHostname(string)
}
Interface contains functions for a kube-apiserver deployer.
type SNIConfig ¶ added in v1.28.0
type SNIConfig struct {
// Enabled states whether the SNI feature is enabled.
Enabled bool
// PodMutatorEnabled states whether the pod mutator is enabled.
PodMutatorEnabled bool
// APIServerFQDN is the fully qualified domain name for the kube-apiserver.
APIServerFQDN string
// AdvertiseAddress is the address which should be advertised by the kube-apiserver.
AdvertiseAddress string
}
SNIConfig contains information for configuring SNI settings for the kube-apiserver.
type Secrets ¶ added in v1.33.0
type Secrets struct {
// BasicAuthentication contains the basic authentication credentials.
// Only relevant if BasicAuthenticationEnabled is true.
BasicAuthentication *component.Secret
// CA is the cluster's certificate authority.
CA component.Secret
// CAEtcd is the certificate authority for the etcd.
CAEtcd component.Secret
// CAFrontProxy is the certificate authority for the front-proxy.
CAFrontProxy component.Secret
// Etcd is the client certificate for the kube-apiserver to talk to etcd.
Etcd component.Secret
// EtcdEncryptionConfig is the configuration containing information how to encrypt the etcd data.
EtcdEncryptionConfig component.Secret
// HTTPProxy is the client certificate for the http proxy to talk to the kube-apiserver..
// Only relevant if VPNConfig.ReversedVPNEnabled is true.
HTTPProxy *component.Secret
// KubeAggregator is the client certificate for the kube-aggregator to talk to the kube-apiserver.
KubeAggregator component.Secret
// KubeAPIServerToKubelet is the client certificate for the kube-apiserver to talk to kubelets.
KubeAPIServerToKubelet component.Secret
// Server is the server certificate and key for the HTTP server of kube-apiserver.
Server component.Secret
// ServiceAccountKey is key for service accounts.
ServiceAccountKey component.Secret
// StaticToken is the static token secret.
StaticToken component.Secret
// VPNSeed is the client certificate for the vpn-seed to talk to the kube-apiserver.
// Only relevant if VPNConfig.ReversedVPNEnabled is false.
VPNSeed *component.Secret
// VPNSeedTLSAuth is the TLS auth information for the vpn-seed.
// Only relevant if VPNConfig.ReversedVPNEnabled is false.
VPNSeedTLSAuth *component.Secret
// VPNSeedServerTLSAuth is the TLS auth information for the vpn-seed server.
// Only relevant if VPNConfig.ReversedVPNEnabled is true.
VPNSeedServerTLSAuth *component.Secret
}
Secrets is collection of secrets for the kube-apiserver.
type ServiceAccountConfig ¶ added in v1.33.0
type ServiceAccountConfig struct {
// Issuer is the issuer of service accounts.
Issuer string
// SigningKey is the key used when service accounts are signed.
SigningKey []byte
// ExtendTokenExpiration states whether the service account token expirations should be extended.
ExtendTokenExpiration *bool
// MaxTokenExpiration states what the maximal token expiration should be.
MaxTokenExpiration *metav1.Duration
}
ServiceAccountConfig contains information for configuring ServiceAccountConfig settings for the kube-apiserver.
type VPNConfig ¶ added in v1.33.0
type VPNConfig struct {
// ReversedVPNEnabled states whether the 'ReversedVPN' feature gate is enabled.
ReversedVPNEnabled bool
// PodNetworkCIDR is the CIDR of the pod network.
PodNetworkCIDR string
// ServiceNetworkCIDR is the CIDR of the service network.
ServiceNetworkCIDR string
// NodeNetworkCIDR is the CIDR of the node network.
NodeNetworkCIDR *string
}
VPNConfig contains information for configuring the VPN settings for the kube-apiserver.
type Values ¶ added in v1.28.0
type Values struct {
// AdmissionPlugins is the list of admission plugins with configuration for the kube-apiserver.
AdmissionPlugins []gardencorev1beta1.AdmissionPlugin
// AnonymousAuthenticationEnabled states whether anonymous authentication is enabled.
AnonymousAuthenticationEnabled bool
// APIAudiences are identifiers of the API. The service account token authenticator will validate that tokens used
// against the API are bound to at least one of these audiences.
APIAudiences []string
// Audit contains information for configuring audit settings for the kube-apiserver.
Audit *AuditConfig
// Autoscaling contains information for configuring autoscaling settings for the kube-apiserver.
Autoscaling AutoscalingConfig
// BasicAuthenticationEnabled states whether basic authentication is enabled.
BasicAuthenticationEnabled bool
// EventTTL is the amount of time to retain events.
EventTTL *metav1.Duration
// ExternalHostname is the external hostname which should be exposed by the kube-apiserver.
ExternalHostname string
// FeatureGates is the set of feature gates.
FeatureGates map[string]bool
// Images is a set of container images used for the containers of the kube-apiserver pods.
Images Images
// OIDC contains information for configuring OIDC settings for the kube-apiserver.
OIDC *gardencorev1beta1.OIDCConfig
// ProbeToken is the JWT token used for {live,readi}ness probes of the kube-apiserver container.
ProbeToken string
// Requests contains configuration for the kube-apiserver requests.
Requests *gardencorev1beta1.KubeAPIServerRequests
// RuntimeConfig is the set of runtime configurations.
RuntimeConfig map[string]bool
// ServiceAccount contains information for configuring ServiceAccount settings for the kube-apiserver.
ServiceAccount ServiceAccountConfig
// SNI contains information for configuring SNI settings for the kube-apiserver.
SNI SNIConfig
// Version is the Kubernetes version for the kube-apiserver.
Version *semver.Version
// VPN contains information for configuring the VPN settings for the kube-apiserver.
VPN VPNConfig
// WatchCacheSizes are the configured sizes for the watch caches.
WatchCacheSizes *gardencorev1beta1.WatchCacheSizes
}
Values contains configuration values for the kube-apiserver resources.
Source Files
¶
Directories
Click to show internal directories.
Click to hide internal directories.