Documentation ¶
Index ¶
- Constants
- Variables
- func CentralLoggingConfiguration() (component.CentralLoggingConfig, error)
- func DependencyWatchdogEndpointConfiguration() (map[string]restarterapi.Service, error)
- func DependencyWatchdogProbeConfiguration() ([]scalerapi.ProbeDependants, error)
- func GetLabels() map[string]string
- type AuditConfig
- type AutoscalingConfig
- type Images
- type Interface
- type SNIConfig
- type Secrets
- type ServiceAccountConfig
- type VPNConfig
- type Values
Constants ¶
const ( // DependencyWatchdogExternalProbeSecretName is the name of the kubecfg secret with internal DNS for external access. DependencyWatchdogExternalProbeSecretName = "dependency-watchdog-external-probe" // DependencyWatchdogInternalProbeSecretName is the name of the kubecfg secret with cluster IP access. DependencyWatchdogInternalProbeSecretName = "dependency-watchdog-internal-probe" )
const ( // SecretNameEtcdEncryption is the name of the secret which contains the EncryptionConfiguration. The // EncryptionConfiguration contains a key which the kube-apiserver uses for encrypting selected etcd content. SecretNameEtcdEncryption = "etcd-encryption-secret" // SecretNameHTTPProxy is the name of the secret for the http proxy. SecretNameHTTPProxy = "kube-apiserver-http-proxy" // SecretNameKubeAggregator is the name of the secret for the kube-aggregator when talking to the kube-apiserver. SecretNameKubeAggregator = "kube-aggregator" // SecretNameKubeAPIServerToKubelet is the name of the secret for the kube-apiserver credentials when talking to // kubelets. SecretNameKubeAPIServerToKubelet = "kube-apiserver-kubelet" // SecretNameServer is the name of the secret for the kube-apiserver server certificates. SecretNameServer = "kube-apiserver" // SecretNameVPNSeed is the name of the secret containing the certificates for the vpn-seed. SecretNameVPNSeed = "vpn-seed" // SecretNameVPNSeedTLSAuth is the name of the secret containing the TLS auth for the vpn-seed. SecretNameVPNSeedTLSAuth = "vpn-seed-tlsauth" // ContainerNameKubeAPIServer is the name of the kube-apiserver container. ContainerNameKubeAPIServer = "kube-apiserver" )
const ( // Port is the port exposed by the kube-apiserver. Port = 443 // SecretNameUserKubeconfig is the name for the user kubeconfig. SecretNameUserKubeconfig = "user-kubeconfig" // ServicePortName is the name of the port in the service. ServicePortName = "kube-apiserver" // UserName is the name of the kube-apiserver user when communicating with the kubelet. UserName = "system:kube-apiserver:kubelet" // UserNameVPNSeed is the user name for the vpn-seed components (used as common name in its client certificate) UserNameVPNSeed = "vpn-seed" )
const ( // SecretServiceAccountSigningKeyDataKeySigningKey is a constant for a key in the data map that contains the key // which is used to sign service accounts. SecretServiceAccountSigningKeyDataKeySigningKey = "signing-key" // SecretEtcdEncryptionConfigurationDataKey is a constant for a key in the data map that contains the config // which is used to encrypt etcd data. SecretEtcdEncryptionConfigurationDataKey = "encryption-configuration.yaml" // SecretStaticTokenName is a constant for the name of the static-token secret. SecretStaticTokenName = "kube-apiserver-static-token" // SecretBasicAuthName is a constant for the name of the basic-auth secret. SecretBasicAuthName = "kube-apiserver-basic-auth" )
const ManagedResourceName = "shoot-core-kube-apiserver"
ManagedResourceName is the name of the ManagedResource containing the resource specifications.
Variables ¶
var ( // IntervalWaitForDeployment is the interval used while waiting for the Deployments to become healthy // or deleted. IntervalWaitForDeployment = 5 * time.Second // TimeoutWaitForDeployment is the timeout used while waiting for the Deployments to become healthy // or deleted. TimeoutWaitForDeployment = 5 * time.Minute )
Functions ¶
func CentralLoggingConfiguration ¶ added in v1.33.0
func CentralLoggingConfiguration() (component.CentralLoggingConfig, error)
CentralLoggingConfiguration returns a fluent-bit parser and filter for the kube-apiserver logs.
func DependencyWatchdogEndpointConfiguration ¶ added in v1.27.0
func DependencyWatchdogEndpointConfiguration() (map[string]restarterapi.Service, error)
DependencyWatchdogEndpointConfiguration returns the configuration for the dependency watchdog (endpoint role) ensuring that its dependant pods are restarted as soon as it recovers from a crash loop.
func DependencyWatchdogProbeConfiguration ¶ added in v1.27.0
func DependencyWatchdogProbeConfiguration() ([]scalerapi.ProbeDependants, error)
DependencyWatchdogProbeConfiguration returns the configuration for the dependency watchdog (probe role) ensuring that its dependant pods are scaled as soon a probe fails.
Types ¶
type AuditConfig ¶ added in v1.33.0
type AuditConfig struct { // Policy is the audit policy document in YAML format. Policy *string }
AuditConfig contains information for configuring audit settings for the kube-apiserver.
type AutoscalingConfig ¶ added in v1.28.0
type AutoscalingConfig struct { // APIServerResources are the resource requirements for the kube-apiserver container. APIServerResources corev1.ResourceRequirements // HVPAEnabled states whether an HVPA object shall be deployed. If false, HPA and VPA will be used. HVPAEnabled bool // Replicas is the number of pod replicas for the kube-apiserver. Replicas *int32 // MinReplicas are the minimum Replicas for horizontal autoscaling. MinReplicas int32 // MaxReplicas are the maximum Replicas for horizontal autoscaling. MaxReplicas int32 // UseMemoryMetricForHvpaHPA states whether the memory metric shall be used when the HPA is configured in an HVPA // resource. UseMemoryMetricForHvpaHPA bool // ScaleDownDisabledForHvpa states whether scale-down shall be disabled when HPA or VPA are configured in an HVPA // resource. ScaleDownDisabledForHvpa bool }
AutoscalingConfig contains information for configuring autoscaling settings for the kube-apiserver.
type Images ¶ added in v1.33.0
type Images struct { // AlpineIPTables is the container image for alpine-iptables. AlpineIPTables string // APIServerProxyPodWebhook is the container image for the apiserver-proxy-pod-webhook. APIServerProxyPodWebhook string // KubeAPIServer is the container image for the kube-apiserver. KubeAPIServer string // VPNSeed is the container image for the vpn-seed. VPNSeed string }
Images is a set of container images used for the containers of the kube-apiserver pods.
type Interface ¶ added in v1.28.0
type Interface interface { component.DeployWaiter component.MonitoringComponent // GetAutoscalingReplicas gets the Replicas field in the AutoscalingConfig of the Values of the deployer. GetAutoscalingReplicas() *int32 // GetValues returns the current configuration values of the deployer. GetValues() Values // SetSecrets sets the secrets. SetSecrets(Secrets) // SetAutoscalingAPIServerResources sets the APIServerResources field in the AutoscalingConfig of the Values of the // deployer. SetAutoscalingAPIServerResources(corev1.ResourceRequirements) // SetAutoscalingReplicas sets the Replicas field in the AutoscalingConfig of the Values of the deployer. SetAutoscalingReplicas(*int32) // SetServiceAccountConfig sets the ServiceAccount field in the Values of the deployer. SetServiceAccountConfig(ServiceAccountConfig) // SetSNIConfig sets the SNI field in the Values of the deployer. SetSNIConfig(SNIConfig) // SetExternalHostname sets the ExternalHostname field in the Values of the deployer. SetExternalHostname(string) // SetExternalServer sets the ExternalServer field in the Values of the deployer. SetExternalServer(string) }
Interface contains functions for a kube-apiserver deployer.
func New ¶ added in v1.28.0
func New(client kubernetes.Interface, namespace string, secretsManager secretsmanager.Interface, values Values) Interface
New creates a new instance of DeployWaiter for the kube-apiserver.
type SNIConfig ¶ added in v1.28.0
type SNIConfig struct { // Enabled states whether the SNI feature is enabled. Enabled bool // PodMutatorEnabled states whether the pod mutator is enabled. PodMutatorEnabled bool // APIServerFQDN is the fully qualified domain name for the kube-apiserver. APIServerFQDN string // AdvertiseAddress is the address which should be advertised by the kube-apiserver. AdvertiseAddress string }
SNIConfig contains information for configuring SNI settings for the kube-apiserver.
type Secrets ¶ added in v1.33.0
type Secrets struct { // CA is the cluster's certificate authority. CA component.Secret // CAEtcd is the certificate authority for the etcd. CAEtcd component.Secret // CAFrontProxy is the certificate authority for the front-proxy. CAFrontProxy component.Secret // Etcd is the client certificate for the kube-apiserver to talk to etcd. Etcd component.Secret // EtcdEncryptionConfig is the configuration containing information how to encrypt the etcd data. EtcdEncryptionConfig component.Secret // HTTPProxy is the client certificate for the http proxy to talk to the kube-apiserver.. // Only relevant if VPNConfig.ReversedVPNEnabled is true. HTTPProxy *component.Secret // KubeAggregator is the client certificate for the kube-aggregator to talk to the kube-apiserver. KubeAggregator component.Secret // KubeAPIServerToKubelet is the client certificate for the kube-apiserver to talk to kubelets. KubeAPIServerToKubelet component.Secret // Server is the server certificate and key for the HTTP server of kube-apiserver. Server component.Secret // ServiceAccountKey is key for service accounts. ServiceAccountKey component.Secret // VPNSeed is the client certificate for the vpn-seed to talk to the kube-apiserver. // Only relevant if VPNConfig.ReversedVPNEnabled is false. VPNSeed *component.Secret // VPNSeedTLSAuth is the TLS auth information for the vpn-seed. // Only relevant if VPNConfig.ReversedVPNEnabled is false. VPNSeedTLSAuth *component.Secret // VPNSeedServerTLSAuth is the TLS auth information for the vpn-seed server. // Only relevant if VPNConfig.ReversedVPNEnabled is true. VPNSeedServerTLSAuth *component.Secret }
Secrets is collection of secrets for the kube-apiserver.
type ServiceAccountConfig ¶ added in v1.33.0
type ServiceAccountConfig struct { // Issuer is the issuer of service accounts. Issuer string // AcceptedIssuers is an additional set of issuers that are used to determine which service account tokens are accepted. AcceptedIssuers []string // SigningKey is the key used when service accounts are signed. SigningKey []byte // ExtendTokenExpiration states whether the service account token expirations should be extended. ExtendTokenExpiration *bool // MaxTokenExpiration states what the maximal token expiration should be. MaxTokenExpiration *metav1.Duration }
ServiceAccountConfig contains information for configuring ServiceAccountConfig settings for the kube-apiserver.
type VPNConfig ¶ added in v1.33.0
type VPNConfig struct { // ReversedVPNEnabled states whether the 'ReversedVPN' feature gate is enabled. ReversedVPNEnabled bool // PodNetworkCIDR is the CIDR of the pod network. PodNetworkCIDR string // ServiceNetworkCIDR is the CIDR of the service network. ServiceNetworkCIDR string // NodeNetworkCIDR is the CIDR of the node network. NodeNetworkCIDR *string }
VPNConfig contains information for configuring the VPN settings for the kube-apiserver.
type Values ¶ added in v1.28.0
type Values struct { // AdmissionPlugins is the list of admission plugins with configuration for the kube-apiserver. AdmissionPlugins []gardencorev1beta1.AdmissionPlugin // AnonymousAuthenticationEnabled states whether anonymous authentication is enabled. AnonymousAuthenticationEnabled bool // APIAudiences are identifiers of the API. The service account token authenticator will validate that tokens used // against the API are bound to at least one of these audiences. APIAudiences []string // Audit contains information for configuring audit settings for the kube-apiserver. Audit *AuditConfig // Autoscaling contains information for configuring autoscaling settings for the kube-apiserver. Autoscaling AutoscalingConfig // BasicAuthenticationEnabled states whether basic authentication is enabled. BasicAuthenticationEnabled bool // EventTTL is the amount of time to retain events. EventTTL *metav1.Duration // ExternalHostname is the external hostname which should be exposed by the kube-apiserver. ExternalHostname string // ExternalServer is the external server which should be used when generating the user kubeconfig. ExternalServer string // FeatureGates is the set of feature gates. FeatureGates map[string]bool // Images is a set of container images used for the containers of the kube-apiserver pods. Images Images // OIDC contains information for configuring OIDC settings for the kube-apiserver. OIDC *gardencorev1beta1.OIDCConfig // Requests contains configuration for the kube-apiserver requests. Requests *gardencorev1beta1.KubeAPIServerRequests // RuntimeConfig is the set of runtime configurations. RuntimeConfig map[string]bool // ServiceAccount contains information for configuring ServiceAccount settings for the kube-apiserver. ServiceAccount ServiceAccountConfig // SNI contains information for configuring SNI settings for the kube-apiserver. SNI SNIConfig // Version is the Kubernetes version for the kube-apiserver. Version *semver.Version // VPN contains information for configuring the VPN settings for the kube-apiserver. VPN VPNConfig // WatchCacheSizes are the configured sizes for the watch caches. WatchCacheSizes *gardencorev1beta1.WatchCacheSizes }
Values contains configuration values for the kube-apiserver resources.