Documentation ¶
Index ¶
- Constants
- Variables
- func CentralLoggingConfiguration() (component.CentralLoggingConfig, error)
- func DependencyWatchdogEndpointConfiguration() (map[string]restarterapi.Service, error)
- func DependencyWatchdogProbeConfiguration() ([]scalerapi.ProbeDependants, error)
- func GetLabels() map[string]string
- type AuditConfig
- type AutoscalingConfig
- type ETCDEncryptionConfig
- type Images
- type Interface
- type SNIConfig
- type ServerCertificateConfig
- type ServiceAccountConfig
- type VPNConfig
- type Values
Constants ¶
const ( // Port is the port exposed by the kube-apiserver. Port = 443 // SecretNameUserKubeconfig is the name for the user kubeconfig. SecretNameUserKubeconfig = "user-kubeconfig" // ServicePortName is the name of the port in the service. ServicePortName = "kube-apiserver" // UserNameVPNSeedClient is the user name for the HA vpn-seed-client components (used as common name in its client certificate) UserNameVPNSeedClient = "vpn-seed-client" )
const (
// ContainerNameKubeAPIServer is the name of the kube-apiserver container.
ContainerNameKubeAPIServer = "kube-apiserver"
)
const ManagedResourceName = "shoot-core-kube-apiserver"
ManagedResourceName is the name of the ManagedResource containing the resource specifications.
const (
// SecretStaticTokenName is a constant for the name of the static-token secret.
SecretStaticTokenName = "kube-apiserver-static-token"
)
Variables ¶
var ( // IntervalWaitForDeployment is the interval used while waiting for the Deployments to become healthy // or deleted. IntervalWaitForDeployment = 5 * time.Second // TimeoutWaitForDeployment is the timeout used while waiting for the Deployments to become healthy // or deleted. TimeoutWaitForDeployment = 5 * time.Minute )
Functions ¶
func CentralLoggingConfiguration ¶ added in v1.33.0
func CentralLoggingConfiguration() (component.CentralLoggingConfig, error)
CentralLoggingConfiguration returns a fluent-bit parser and filter for the kube-apiserver logs.
func DependencyWatchdogEndpointConfiguration ¶ added in v1.27.0
func DependencyWatchdogEndpointConfiguration() (map[string]restarterapi.Service, error)
DependencyWatchdogEndpointConfiguration returns the configuration for the dependency watchdog (endpoint role) ensuring that its dependant pods are restarted as soon as it recovers from a crash loop.
func DependencyWatchdogProbeConfiguration ¶ added in v1.27.0
func DependencyWatchdogProbeConfiguration() ([]scalerapi.ProbeDependants, error)
DependencyWatchdogProbeConfiguration returns the configuration for the dependency watchdog (probe role) ensuring that its dependant pods are scaled as soon a probe fails.
Types ¶
type AuditConfig ¶ added in v1.33.0
type AuditConfig struct { // Policy is the audit policy document in YAML format. Policy *string }
AuditConfig contains information for configuring audit settings for the kube-apiserver.
type AutoscalingConfig ¶ added in v1.28.0
type AutoscalingConfig struct { // APIServerResources are the resource requirements for the kube-apiserver container. APIServerResources corev1.ResourceRequirements // HVPAEnabled states whether an HVPA object shall be deployed. If false, HPA and VPA will be used. HVPAEnabled bool // Replicas is the number of pod replicas for the kube-apiserver. Replicas *int32 // MinReplicas are the minimum Replicas for horizontal autoscaling. MinReplicas int32 // MaxReplicas are the maximum Replicas for horizontal autoscaling. MaxReplicas int32 // UseMemoryMetricForHvpaHPA states whether the memory metric shall be used when the HPA is configured in an HVPA // resource. UseMemoryMetricForHvpaHPA bool // ScaleDownDisabledForHvpa states whether scale-down shall be disabled when HPA or VPA are configured in an HVPA // resource. ScaleDownDisabledForHvpa bool }
AutoscalingConfig contains information for configuring autoscaling settings for the kube-apiserver.
type ETCDEncryptionConfig ¶ added in v1.48.0
type ETCDEncryptionConfig struct { // RotationPhase specifies the credentials rotation phase of the encryption key. RotationPhase gardencorev1beta1.CredentialsRotationPhase // EncryptWithCurrentKey specifies whether the current encryption key should be used for encryption. If this is // false and if there are two keys then the old key will be used for encryption while the current/new key will only // be used for decryption. EncryptWithCurrentKey bool }
ETCDEncryptionConfig contains configuration for the encryption of resources in etcd.
type Images ¶ added in v1.33.0
type Images struct { // APIServerProxyPodWebhook is the container image for the apiserver-proxy-pod-webhook. APIServerProxyPodWebhook string // KubeAPIServer is the container image for the kube-apiserver. KubeAPIServer string // VPNClient is the container image for the vpn-seed-client. VPNClient string // Watchdog is the container image for the termination-handler. Watchdog string }
Images is a set of container images used for the containers of the kube-apiserver pods.
type Interface ¶ added in v1.28.0
type Interface interface { component.DeployWaiter component.MonitoringComponent // GetAutoscalingReplicas gets the Replicas field in the AutoscalingConfig of the Values of the deployer. GetAutoscalingReplicas() *int32 // GetValues returns the current configuration values of the deployer. GetValues() Values // SetAutoscalingAPIServerResources sets the APIServerResources field in the AutoscalingConfig of the Values of the // deployer. SetAutoscalingAPIServerResources(corev1.ResourceRequirements) // SetAutoscalingReplicas sets the Replicas field in the AutoscalingConfig of the Values of the deployer. SetAutoscalingReplicas(*int32) // SetETCDEncryptionConfig sets the ETCDEncryptionConfig field in the Values of the deployer. SetETCDEncryptionConfig(ETCDEncryptionConfig) // SetExternalHostname sets the ExternalHostname field in the Values of the deployer. SetExternalHostname(string) // SetExternalServer sets the ExternalServer field in the Values of the deployer. SetExternalServer(string) // SetServerCertificateConfig sets the ServerCertificateConfig field in the Values of the deployer. SetServerCertificateConfig(ServerCertificateConfig) // SetServiceAccountConfig sets the ServiceAccount field in the Values of the deployer. SetServiceAccountConfig(ServiceAccountConfig) // SetSNIConfig sets the SNI field in the Values of the deployer. SetSNIConfig(SNIConfig) }
Interface contains functions for a kube-apiserver deployer.
func New ¶ added in v1.28.0
func New(client kubernetes.Interface, namespace string, secretsManager secretsmanager.Interface, values Values) Interface
New creates a new instance of DeployWaiter for the kube-apiserver.
type SNIConfig ¶ added in v1.28.0
type SNIConfig struct { // Enabled states whether the SNI feature is enabled. Enabled bool // PodMutatorEnabled states whether the pod mutator is enabled. PodMutatorEnabled bool // APIServerFQDN is the fully qualified domain name for the kube-apiserver. APIServerFQDN string // AdvertiseAddress is the address which should be advertised by the kube-apiserver. AdvertiseAddress string }
SNIConfig contains information for configuring SNI settings for the kube-apiserver.
type ServerCertificateConfig ¶ added in v1.44.0
type ServerCertificateConfig struct { // ExtraIPAddresses is a list of additional IP addresses to use for the SANS of the server certificate. ExtraIPAddresses []net.IP // ExtraDNSNames is a list of additional DNS names to use for the SANS of the server certificate. ExtraDNSNames []string }
ServerCertificateConfig contains configuration for the server certificate.
type ServiceAccountConfig ¶ added in v1.33.0
type ServiceAccountConfig struct { // Issuer is the issuer of service accounts. Issuer string // AcceptedIssuers is an additional set of issuers that are used to determine which service account tokens are accepted. AcceptedIssuers []string // ExtendTokenExpiration states whether the service account token expirations should be extended. ExtendTokenExpiration *bool // MaxTokenExpiration states what the maximal token expiration should be. MaxTokenExpiration *metav1.Duration // RotationPhase specifies the credentials rotation phase of the service account signing key. RotationPhase gardencorev1beta1.CredentialsRotationPhase }
ServiceAccountConfig contains information for configuring ServiceAccountConfig settings for the kube-apiserver.
type VPNConfig ¶ added in v1.33.0
type VPNConfig struct { // Enabled states whether VPN is enabled. Enabled bool // PodNetworkCIDR is the CIDR of the pod network. PodNetworkCIDR string // NodeNetworkCIDR is the CIDR of the node network. NodeNetworkCIDR *string // HighAvailabilityEnabled states if VPN uses HA configuration. HighAvailabilityEnabled bool // HighAvailabilityNumberOfSeedServers is the number of VPN seed servers used for HA HighAvailabilityNumberOfSeedServers int // HighAvailabilityNumberOfShootClients is the number of VPN shoot clients used for HA HighAvailabilityNumberOfShootClients int }
VPNConfig contains information for configuring the VPN settings for the kube-apiserver.
type Values ¶ added in v1.28.0
type Values struct { // EnabledAdmissionPlugins is the list of admission plugins that should be enabled with configuration for the kube-apiserver. EnabledAdmissionPlugins []gardencorev1beta1.AdmissionPlugin // DisabledAdmissionPlugins is the list of admission plugins that should be disabled for the kube-apiserver. DisabledAdmissionPlugins []gardencorev1beta1.AdmissionPlugin // AnonymousAuthenticationEnabled states whether anonymous authentication is enabled. AnonymousAuthenticationEnabled bool // APIAudiences are identifiers of the API. The service account token authenticator will validate that tokens used // against the API are bound to at least one of these audiences. APIAudiences []string // Audit contains information for configuring audit settings for the kube-apiserver. Audit *AuditConfig // Autoscaling contains information for configuring autoscaling settings for the kube-apiserver. Autoscaling AutoscalingConfig // DefaultNotReadyTolerationSeconds indicates the tolerationSeconds of the toleration for notReady:NoExecute // that is added by default to every pod that does not already have such a toleration (flag `--default-not-ready-toleration-seconds`). DefaultNotReadyTolerationSeconds *int64 // DefaultUnreachableTolerationSeconds indicates the tolerationSeconds of the toleration for unreachable:NoExecute // that is added by default to every pod that does not already have such a toleration (flag `--default-unreachable-toleration-seconds`). DefaultUnreachableTolerationSeconds *int64 // ETCDEncryption contains configuration for the encryption of resources in etcd. ETCDEncryption ETCDEncryptionConfig // EventTTL is the amount of time to retain events. EventTTL *metav1.Duration // ExternalHostname is the external hostname which should be exposed by the kube-apiserver. ExternalHostname string // ExternalServer is the external server which should be used when generating the user kubeconfig. ExternalServer string // FeatureGates is the set of feature gates. FeatureGates map[string]bool // Images is a set of container images used for the containers of the kube-apiserver pods. Images Images // IsNodeless specifies whether the cluster managed by this API server has worker nodes. IsNodeless bool // Logging contains configuration settings for the log and access logging verbosity Logging *gardencorev1beta1.KubeAPIServerLogging // OIDC contains information for configuring OIDC settings for the kube-apiserver. OIDC *gardencorev1beta1.OIDCConfig // Requests contains configuration for the kube-apiserver requests. Requests *gardencorev1beta1.KubeAPIServerRequests // RuntimeConfig is the set of runtime configurations. RuntimeConfig map[string]bool // RuntimeVersion is the Kubernetes version of the runtime cluster. RuntimeVersion *semver.Version // ServerCertificate contains configuration for the server certificate. ServerCertificate ServerCertificateConfig // ServiceAccount contains information for configuring ServiceAccount settings for the kube-apiserver. ServiceAccount ServiceAccountConfig // ServiceNetworkCIDR is the CIDR of the service network. ServiceNetworkCIDR string // SNI contains information for configuring SNI settings for the kube-apiserver. SNI SNIConfig // StaticTokenKubeconfigEnabled indicates whether static token kubeconfig secret will be created for shoot. StaticTokenKubeconfigEnabled *bool // Version is the Kubernetes version for the kube-apiserver. Version *semver.Version // VPN contains information for configuring the VPN settings for the kube-apiserver. VPN VPNConfig // WatchCacheSizes are the configured sizes for the watch caches. WatchCacheSizes *gardencorev1beta1.WatchCacheSizes }
Values contains configuration values for the kube-apiserver resources.