common

package
v1.42.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Mar 17, 2022 License: Apache-2.0, BSD-2-Clause, MIT, + 1 more Imports: 24 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// VPNTunnel dictates that VPN is used as a tunnel between seed and shoot networks.
	VPNTunnel string = "vpn-shoot"

	// EtcdEncryptionChecksumLabelName is the name of the label which is added to the shoot
	// secrets after rewriting them to ensure that successfully rewritten secrets are not
	// (unnecessarily) rewritten during each reconciliation.
	EtcdEncryptionChecksumLabelName = "shoot.gardener.cloud/etcd-encryption-configuration-checksum"

	// EtcdEncryptionForcePlaintextAnnotationName is the name of the annotation with which to annotate
	// the EncryptionConfiguration secret to force the decryption of shoot secrets
	EtcdEncryptionForcePlaintextAnnotationName = "shoot.gardener.cloud/etcd-encryption-force-plaintext-secrets"

	// EtcdEncryptionEncryptedResourceSecrets is the name of the secret resource to be encrypted
	EtcdEncryptionEncryptedResourceSecrets = "secrets"

	// EtcdEncryptionKeyPrefix is the prefix for the key name of the EncryptionConfiguration's key
	EtcdEncryptionKeyPrefix = "key"

	// EtcdEncryptionKeySecretLen is the expected length in bytes of the EncryptionConfiguration's key
	EtcdEncryptionKeySecretLen = 32

	// ETCDEncryptionConfigDataName is the name of ShootState data entry holding the current key and encryption state used to encrypt shoot resources
	ETCDEncryptionConfigDataName = "etcdEncryptionConfiguration"

	// GrafanaOperatorsPrefix is a constant for a prefix used for the operators Grafana instance.
	GrafanaOperatorsPrefix = "go"

	// GrafanaUsersPrefix is a constant for a prefix used for the users Grafana instance.
	GrafanaUsersPrefix = "gu"

	// GrafanaOperatorsRole is a constant for the operators role.
	GrafanaOperatorsRole = "operators"

	// GrafanaUsersRole is a constant for the users role.
	GrafanaUsersRole = "users"

	// PrometheusPrefix is a constant for a prefix used for the Prometheus instance.
	PrometheusPrefix = "p"

	// AlertManagerPrefix is a constant for a prefix used for the AlertManager instance.
	AlertManagerPrefix = "au"

	// LokiPrefix is a constant for a prefix used for the Loki instance.
	LokiPrefix = "l"

	// KubecfgUsername is the username for the token used for the kubeconfig the shoot.
	KubecfgUsername = "system:cluster-admin"

	// KubecfgSecretName is the name of the kubecfg secret.
	KubecfgSecretName = "kubecfg"

	// KubeAPIServerHealthCheck is a key for the kube-apiserver-health-check user.
	KubeAPIServerHealthCheck = "kube-apiserver-health-check"

	// VPASecretName is the name of the secret used by VPA
	VPASecretName = "vpa-tls-certs"

	// ManagedResourceShootCoreName is the name of the shoot core managed resource.
	ManagedResourceShootCoreName = "shoot-core"
	// ManagedResourceAddonsName is the name of the addons managed resource.
	ManagedResourceAddonsName = "addons"

	// SeedSpecHash is a constant for a label on `ControllerInstallation`s (similar to `pod-template-hash` on `Pod`s).
	SeedSpecHash = "seed-spec-hash"

	// ControllerDeploymentHash is a constant for a label on `ControllerInstallation`s (similar to `pod-template-hash` on `Pod`s).
	ControllerDeploymentHash = "deployment-hash"
	// RegistrationSpecHash is a constant for a label on `ControllerInstallation`s (similar to `pod-template-hash` on `Pod`s).
	RegistrationSpecHash = "registration-spec-hash"

	// IstioNamespace is the istio-system namespace
	IstioNamespace = "istio-system"

	// AlertManagerTLS is the name of the secret resource which holds the TLS certificate for Alert Manager.
	AlertManagerTLS = "alertmanager-tls"
	// GrafanaTLS is the name of the secret resource which holds the TLS certificate for Grafana.
	GrafanaTLS = "grafana-tls"
	// PrometheusTLS is the name of the secret resource which holds the TLS certificate for Prometheus.
	PrometheusTLS = "prometheus-tls"
	// LokiTLS is the name of the secret resource which holds the TLS certificate for Loki.
	LokiTLS = "loki-tls"

	// EndUserCrtValidity is the time period a user facing certificate is valid.
	EndUserCrtValidity = 730 * 24 * time.Hour // ~2 years, see https://support.apple.com/en-us/HT210176

	// CrtRenewalWindow is the time window in which certificates are supposed to be replaced before they expire.
	CrtRenewalWindow = 30 * 24 * time.Hour

	// ShootDNSIngressName is a constant for the DNS resources used for the shoot ingress addon.
	ShootDNSIngressName = "ingress"

	// GardenLokiPriorityClassName is the name of the PriorityClass for the Loki in the garden namespace
	GardenLokiPriorityClassName = "garden-loki"

	// MonitoringIngressCredentials is a constant for the name of a secret containing the monitoring credentials for
	// operators monitoring for shoots.
	MonitoringIngressCredentials = "monitoring-ingress-credentials"
	// MonitoringIngressCredentialsUsers is a constant for the name of a secret containing the monitoring credentials
	// for users monitoring for shoots.
	MonitoringIngressCredentialsUsers = "monitoring-ingress-credentials-users"
)

Variables

View Source
var IngressTLSSecretNames = []string{
	AlertManagerTLS,
	GrafanaTLS,
	PrometheusTLS,
	LokiTLS,
}

IngressTLSSecretNames are the secrets which contain operator or user facing x509 certificates. These are usually exposed via an `Ingress` in the shoot control plane.

Functions

func ComputeOffsetIP added in v1.1.0

func ComputeOffsetIP(subnet *net.IPNet, offset int64) (net.IP, error)

ComputeOffsetIP parses the provided <subnet> and offsets with the value of <offset>. For example, <subnet> = 100.64.0.0/11 and <offset> = 10 the result would be 100.64.0.10 IPv6 and IPv4 is supported.

func DeleteAlertmanager

func DeleteAlertmanager(ctx context.Context, k8sClient client.Client, namespace string) error

DeleteAlertmanager deletes all resources of the Alertmanager in a given namespace.

func DeleteGrafanaByRole

func DeleteGrafanaByRole(ctx context.Context, k8sClient kubernetes.Interface, namespace, role string) error

DeleteGrafanaByRole deletes the monitoring stack for the shoot owner.

func DeleteHvpa

func DeleteHvpa(ctx context.Context, c client.Client, namespace string) error

DeleteHvpa delete all resources required for the HVPA in the given namespace.

func DeleteLoki added in v1.15.4

func DeleteLoki(ctx context.Context, k8sClient client.Client, namespace string) error

DeleteLoki deletes all resources of the Loki in a given namespace.

func DeleteReserveExcessCapacity added in v1.5.0

func DeleteReserveExcessCapacity(ctx context.Context, k8sClient client.Client) error

DeleteReserveExcessCapacity deletes the deployment and priority class for excess capacity

func DeleteSeedLoggingStack added in v1.15.4

func DeleteSeedLoggingStack(ctx context.Context, k8sClient client.Client) error

DeleteSeedLoggingStack deletes all seed resource of the logging stack in the garden namespace.

func DeleteVpa added in v1.7.0

func DeleteVpa(ctx context.Context, c client.Client, namespace string, isShoot bool) error

DeleteVpa delete all resources required for the VPA in the given namespace.

func FilterEntriesByPrefix added in v1.28.3

func FilterEntriesByPrefix(prefix string, entries []string) []string

FilterEntriesByPrefix returns a list of strings which begin with the given prefix.

func GenerateAddonConfig

func GenerateAddonConfig(values map[string]interface{}, enabled bool) map[string]interface{}

GenerateAddonConfig returns the provided <values> in case <enabled> is true. Otherwise, nil is being returned.

func GetSecretKeysWithPrefix

func GetSecretKeysWithPrefix(kind string, m map[string]*corev1.Secret) []string

GetSecretKeysWithPrefix returns a list of keys of the given map <m> which are prefixed with <kind>.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL