kubeapiserver

package
v1.63.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 28, 2023 License: Apache-2.0, BSD-2-Clause, MIT, + 1 more Imports: 59 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// Port is the port exposed by the kube-apiserver.
	Port = 443
	// SecretNameUserKubeconfig is the name for the user kubeconfig.
	SecretNameUserKubeconfig = "user-kubeconfig"
	// ServicePortName is the name of the port in the service.
	ServicePortName = "kube-apiserver"
	// UserNameVPNSeedClient is the user name for the HA vpn-seed-client components (used as common name in its client certificate)
	UserNameVPNSeedClient = "vpn-seed-client"
)
View Source
const (

	// ContainerNameKubeAPIServer is the name of the kube-apiserver container.
	ContainerNameKubeAPIServer = "kube-apiserver"
)
View Source
const ManagedResourceName = "shoot-core-kube-apiserver"

ManagedResourceName is the name of the ManagedResource containing the resource specifications.

View Source
const (
	// SecretStaticTokenName is a constant for the name of the static-token secret.
	SecretStaticTokenName = "kube-apiserver-static-token"
)

Variables

View Source
var (
	// IntervalWaitForDeployment is the interval used while waiting for the Deployments to become healthy
	// or deleted.
	IntervalWaitForDeployment = 5 * time.Second
	// TimeoutWaitForDeployment is the timeout used while waiting for the Deployments to become healthy
	// or deleted.
	TimeoutWaitForDeployment = 5 * time.Minute
)

Functions

func CentralLoggingConfiguration added in v1.33.0

func CentralLoggingConfiguration() (component.CentralLoggingConfig, error)

CentralLoggingConfiguration returns a fluent-bit parser and filter for the kube-apiserver logs.

func DependencyWatchdogEndpointConfiguration added in v1.27.0

func DependencyWatchdogEndpointConfiguration() (map[string]restarterapi.Service, error)

DependencyWatchdogEndpointConfiguration returns the configuration for the dependency watchdog (endpoint role) ensuring that its dependant pods are restarted as soon as it recovers from a crash loop.

func DependencyWatchdogProbeConfiguration added in v1.27.0

func DependencyWatchdogProbeConfiguration() ([]scalerapi.ProbeDependants, error)

DependencyWatchdogProbeConfiguration returns the configuration for the dependency watchdog (probe role) ensuring that its dependant pods are scaled as soon a probe fails.

func GetLabels added in v1.30.0

func GetLabels() map[string]string

GetLabels returns the labels for the kube-apiserver.

Types

type AuditConfig added in v1.33.0

type AuditConfig struct {
	// Policy is the audit policy document in YAML format.
	Policy *string
}

AuditConfig contains information for configuring audit settings for the kube-apiserver.

type AutoscalingConfig added in v1.28.0

type AutoscalingConfig struct {
	// APIServerResources are the resource requirements for the kube-apiserver container.
	APIServerResources corev1.ResourceRequirements
	// HVPAEnabled states whether an HVPA object shall be deployed. If false, HPA and VPA will be used.
	HVPAEnabled bool
	// Replicas is the number of pod replicas for the kube-apiserver.
	Replicas *int32
	// MinReplicas are the minimum Replicas for horizontal autoscaling.
	MinReplicas int32
	// MaxReplicas are the maximum Replicas for horizontal autoscaling.
	MaxReplicas int32
	// UseMemoryMetricForHvpaHPA states whether the memory metric shall be used when the HPA is configured in an HVPA
	// resource.
	UseMemoryMetricForHvpaHPA bool
	// ScaleDownDisabledForHvpa states whether scale-down shall be disabled when HPA or VPA are configured in an HVPA
	// resource.
	ScaleDownDisabledForHvpa bool
}

AutoscalingConfig contains information for configuring autoscaling settings for the kube-apiserver.

type ETCDEncryptionConfig added in v1.48.0

type ETCDEncryptionConfig struct {
	// RotationPhase specifies the credentials rotation phase of the encryption key.
	RotationPhase gardencorev1beta1.CredentialsRotationPhase
	// EncryptWithCurrentKey specifies whether the current encryption key should be used for encryption. If this is
	// false and if there are two keys then the old key will be used for encryption while the current/new key will only
	// be used for decryption.
	EncryptWithCurrentKey bool
}

ETCDEncryptionConfig contains configuration for the encryption of resources in etcd.

type Images added in v1.33.0

type Images struct {
	// APIServerProxyPodWebhook is the container image for the apiserver-proxy-pod-webhook.
	APIServerProxyPodWebhook string
	// KubeAPIServer is the container image for the kube-apiserver.
	KubeAPIServer string
	// VPNClient is the container image for the vpn-seed-client.
	VPNClient string
	// Watchdog is the container image for the termination-handler.
	Watchdog string
}

Images is a set of container images used for the containers of the kube-apiserver pods.

type Interface added in v1.28.0

type Interface interface {
	component.DeployWaiter
	component.MonitoringComponent
	// GetAutoscalingReplicas gets the Replicas field in the AutoscalingConfig of the Values of the deployer.
	GetAutoscalingReplicas() *int32
	// GetValues returns the current configuration values of the deployer.
	GetValues() Values
	// SetAutoscalingAPIServerResources sets the APIServerResources field in the AutoscalingConfig of the Values of the
	// deployer.
	SetAutoscalingAPIServerResources(corev1.ResourceRequirements)
	// SetAutoscalingReplicas sets the Replicas field in the AutoscalingConfig of the Values of the deployer.
	SetAutoscalingReplicas(*int32)
	// SetETCDEncryptionConfig sets the ETCDEncryptionConfig field in the Values of the deployer.
	SetETCDEncryptionConfig(ETCDEncryptionConfig)
	// SetExternalHostname sets the ExternalHostname field in the Values of the deployer.
	SetExternalHostname(string)
	// SetExternalServer sets the ExternalServer field in the Values of the deployer.
	SetExternalServer(string)
	// SetServerCertificateConfig sets the ServerCertificateConfig field in the Values of the deployer.
	SetServerCertificateConfig(ServerCertificateConfig)
	// SetServiceAccountConfig sets the ServiceAccount field in the Values of the deployer.
	SetServiceAccountConfig(ServiceAccountConfig)
	// SetSNIConfig sets the SNI field in the Values of the deployer.
	SetSNIConfig(SNIConfig)
}

Interface contains functions for a kube-apiserver deployer.

func New added in v1.28.0

func New(client kubernetes.Interface, namespace string, secretsManager secretsmanager.Interface, values Values) Interface

New creates a new instance of DeployWaiter for the kube-apiserver.

type SNIConfig added in v1.28.0

type SNIConfig struct {
	// Enabled states whether the SNI feature is enabled.
	Enabled bool
	// PodMutatorEnabled states whether the pod mutator is enabled.
	PodMutatorEnabled bool
	// APIServerFQDN is the fully qualified domain name for the kube-apiserver.
	APIServerFQDN string
	// AdvertiseAddress is the address which should be advertised by the kube-apiserver.
	AdvertiseAddress string
}

SNIConfig contains information for configuring SNI settings for the kube-apiserver.

type ServerCertificateConfig added in v1.44.0

type ServerCertificateConfig struct {
	// ExtraIPAddresses is a list of additional IP addresses to use for the SANS of the server certificate.
	ExtraIPAddresses []net.IP
	// ExtraDNSNames is a list of additional DNS names to use for the SANS of the server certificate.
	ExtraDNSNames []string
}

ServerCertificateConfig contains configuration for the server certificate.

type ServiceAccountConfig added in v1.33.0

type ServiceAccountConfig struct {
	// Issuer is the issuer of service accounts.
	Issuer string
	// AcceptedIssuers is an additional set of issuers that are used to determine which service account tokens are accepted.
	AcceptedIssuers []string
	// ExtendTokenExpiration states whether the service account token expirations should be extended.
	ExtendTokenExpiration *bool
	// MaxTokenExpiration states what the maximal token expiration should be.
	MaxTokenExpiration *metav1.Duration
	// RotationPhase specifies the credentials rotation phase of the service account signing key.
	RotationPhase gardencorev1beta1.CredentialsRotationPhase
}

ServiceAccountConfig contains information for configuring ServiceAccountConfig settings for the kube-apiserver.

type VPNConfig added in v1.33.0

type VPNConfig struct {
	// Enabled states whether VPN is enabled.
	Enabled bool
	// PodNetworkCIDR is the CIDR of the pod network.
	PodNetworkCIDR string
	// NodeNetworkCIDR is the CIDR of the node network.
	NodeNetworkCIDR *string
	// HighAvailabilityEnabled states if VPN uses HA configuration.
	HighAvailabilityEnabled bool
	// HighAvailabilityNumberOfSeedServers is the number of VPN seed servers used for HA
	HighAvailabilityNumberOfSeedServers int
	// HighAvailabilityNumberOfShootClients is the number of VPN shoot clients used for HA
	HighAvailabilityNumberOfShootClients int
}

VPNConfig contains information for configuring the VPN settings for the kube-apiserver.

type Values added in v1.28.0

type Values struct {
	// EnabledAdmissionPlugins is the list of admission plugins that should be enabled with configuration for the kube-apiserver.
	EnabledAdmissionPlugins []gardencorev1beta1.AdmissionPlugin
	// DisabledAdmissionPlugins is the list of admission plugins that should be disabled for the kube-apiserver.
	DisabledAdmissionPlugins []gardencorev1beta1.AdmissionPlugin
	// AnonymousAuthenticationEnabled states whether anonymous authentication is enabled.
	AnonymousAuthenticationEnabled bool
	// APIAudiences are identifiers of the API. The service account token authenticator will validate that tokens used
	// against the API are bound to at least one of these audiences.
	APIAudiences []string
	// Audit contains information for configuring audit settings for the kube-apiserver.
	Audit *AuditConfig
	// Autoscaling contains information for configuring autoscaling settings for the kube-apiserver.
	Autoscaling AutoscalingConfig
	// DefaultNotReadyTolerationSeconds indicates the tolerationSeconds of the toleration for notReady:NoExecute
	// that is added by default to every pod that does not already have such a toleration (flag `--default-not-ready-toleration-seconds`).
	DefaultNotReadyTolerationSeconds *int64
	// DefaultUnreachableTolerationSeconds indicates the tolerationSeconds of the toleration for unreachable:NoExecute
	// that is added by default to every pod that does not already have such a toleration (flag `--default-unreachable-toleration-seconds`).
	DefaultUnreachableTolerationSeconds *int64
	// ETCDEncryption contains configuration for the encryption of resources in etcd.
	ETCDEncryption ETCDEncryptionConfig
	// EventTTL is the amount of time to retain events.
	EventTTL *metav1.Duration
	// ExternalHostname is the external hostname which should be exposed by the kube-apiserver.
	ExternalHostname string
	// ExternalServer is the external server which should be used when generating the user kubeconfig.
	ExternalServer string
	// FeatureGates is the set of feature gates.
	FeatureGates map[string]bool
	// Images is a set of container images used for the containers of the kube-apiserver pods.
	Images Images
	// IsNodeless specifies whether the cluster managed by this API server has worker nodes.
	IsNodeless bool
	// Logging contains configuration settings for the log and access logging verbosity
	Logging *gardencorev1beta1.KubeAPIServerLogging
	// OIDC contains information for configuring OIDC settings for the kube-apiserver.
	OIDC *gardencorev1beta1.OIDCConfig
	// Requests contains configuration for the kube-apiserver requests.
	Requests *gardencorev1beta1.KubeAPIServerRequests
	// RuntimeConfig is the set of runtime configurations.
	RuntimeConfig map[string]bool
	// RuntimeVersion is the Kubernetes version of the runtime cluster.
	RuntimeVersion *semver.Version
	// ServerCertificate contains configuration for the server certificate.
	ServerCertificate ServerCertificateConfig
	// ServiceAccount contains information for configuring ServiceAccount settings for the kube-apiserver.
	ServiceAccount ServiceAccountConfig
	// ServiceNetworkCIDR is the CIDR of the service network.
	ServiceNetworkCIDR string
	// SNI contains information for configuring SNI settings for the kube-apiserver.
	SNI SNIConfig
	// StaticTokenKubeconfigEnabled indicates whether static token kubeconfig secret will be created for shoot.
	StaticTokenKubeconfigEnabled *bool
	// Version is the Kubernetes version for the kube-apiserver.
	Version *semver.Version
	// VPN contains information for configuring the VPN settings for the kube-apiserver.
	VPN VPNConfig
	// WatchCacheSizes are the configured sizes for the watch caches.
	WatchCacheSizes *gardencorev1beta1.WatchCacheSizes
}

Values contains configuration values for the kube-apiserver resources.

Directories

Path Synopsis
Package mock is a generated GoMock package.
Package mock is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL