Documentation ¶
Index ¶
- Constants
- Variables
- func CentralLoggingConfiguration() (component.CentralLoggingConfig, error)
- func GetCRDDeletionProtectionValidatingWebhooks(secretServerCA *corev1.Secret, ...) []admissionregistrationv1.ValidatingWebhook
- func GetExtensionValidationValidatingWebhooks(secretServerCA *corev1.Secret, ...) []admissionregistrationv1.ValidatingWebhook
- func GetHighAvailabilityConfigMutatingWebhook(namespaceSelector, objectSelector *metav1.LabelSelector, ...) admissionregistrationv1.MutatingWebhook
- func GetPodSchedulerNameMutatingWebhook(namespaceSelector *metav1.LabelSelector, secretServerCA *corev1.Secret, ...) admissionregistrationv1.MutatingWebhook
- func GetPodTopologySpreadConstraintsMutatingWebhook(namespaceSelector *metav1.LabelSelector, objectSelector *metav1.LabelSelector, ...) admissionregistrationv1.MutatingWebhook
- func GetSeccompProfileMutatingWebhook(namespaceSelector *metav1.LabelSelector, secretServerCA *corev1.Secret, ...) admissionregistrationv1.MutatingWebhook
- func GetSystemComponentsConfigMutatingWebhook(namespaceSelector, objectSelector *metav1.LabelSelector, ...) admissionregistrationv1.MutatingWebhook
- func GetTokenInvalidatorMutatingWebhook(namespaceSelector *metav1.LabelSelector, secretServerCA *corev1.Secret, ...) admissionregistrationv1.MutatingWebhook
- type Interface
- type Secrets
- type VPAConfig
- type Values
Constants ¶
const ( // ManagedResourceName is the name for the ManagedResource containing resources deployed to the shoot cluster. ManagedResourceName = "shoot-core-gardener-resource-manager" // SecretNameShootAccess is the name of the shoot access secret for the gardener-resource-manager. SecretNameShootAccess = gardenerutils.SecretNamePrefixShootAccess + v1beta1constants.DeploymentNameGardenerResourceManager // LabelValue is a constant for the value of the 'app' label on Kubernetes resources. LabelValue = "gardener-resource-manager" )
Variables ¶
var ( // IntervalWaitForDeployment is the interval used while waiting for the Deployments to become healthy // or deleted. IntervalWaitForDeployment = 5 * time.Second // TimeoutWaitForDeployment is the timeout used while waiting for the Deployments to become healthy // or deleted. TimeoutWaitForDeployment = 5 * time.Minute // Until is an alias for retry.Until. Exposed for tests. Until = retry.Until )
var ( //go:embed assets/crd-resources.gardener.cloud_managedresources.yaml // CRD is the custom resource definition for ManagedResources. CRD string )
Functions ¶
func CentralLoggingConfiguration ¶
func CentralLoggingConfiguration() (component.CentralLoggingConfig, error)
CentralLoggingConfiguration returns a fluent-bit parser and filters for the gardener-resource-manager logs.
func GetCRDDeletionProtectionValidatingWebhooks ¶ added in v1.61.0
func GetCRDDeletionProtectionValidatingWebhooks(secretServerCA *corev1.Secret, buildClientConfigFn func(*corev1.Secret, string) admissionregistrationv1.WebhookClientConfig) []admissionregistrationv1.ValidatingWebhook
GetCRDDeletionProtectionValidatingWebhooks returns the ValidatingWebhooks for the crd-deletion-protection webhook for reuse between the component and integration tests.
func GetExtensionValidationValidatingWebhooks ¶ added in v1.61.0
func GetExtensionValidationValidatingWebhooks(secretServerCA *corev1.Secret, buildClientConfigFn func(*corev1.Secret, string) admissionregistrationv1.WebhookClientConfig) []admissionregistrationv1.ValidatingWebhook
GetExtensionValidationValidatingWebhooks returns the ValidatingWebhooks for the crd-deletion-protection webhook for reuse between the component and integration tests.
func GetHighAvailabilityConfigMutatingWebhook ¶ added in v1.60.0
func GetHighAvailabilityConfigMutatingWebhook(namespaceSelector, objectSelector *metav1.LabelSelector, secretServerCA *corev1.Secret, buildClientConfigFn func(*corev1.Secret, string) admissionregistrationv1.WebhookClientConfig) admissionregistrationv1.MutatingWebhook
GetHighAvailabilityConfigMutatingWebhook returns the high-availability-config mutating webhook for the resourcemanager component for reuse between the component and integration tests.
func GetPodSchedulerNameMutatingWebhook ¶ added in v1.51.0
func GetPodSchedulerNameMutatingWebhook(namespaceSelector *metav1.LabelSelector, secretServerCA *corev1.Secret, buildClientConfigFn func(*corev1.Secret, string) admissionregistrationv1.WebhookClientConfig) admissionregistrationv1.MutatingWebhook
GetPodSchedulerNameMutatingWebhook returns the pod-scheduler-name1 mutating webhook for the resourcemanager component for reuse between the component and integration tests.
func GetPodTopologySpreadConstraintsMutatingWebhook ¶ added in v1.56.0
func GetPodTopologySpreadConstraintsMutatingWebhook( namespaceSelector *metav1.LabelSelector, objectSelector *metav1.LabelSelector, secretServerCA *corev1.Secret, buildClientConfigFn func(*corev1.Secret, string) admissionregistrationv1.WebhookClientConfig, ) admissionregistrationv1.MutatingWebhook
GetPodTopologySpreadConstraintsMutatingWebhook returns the TSC mutating webhook for the resourcemanager component for reuse between the component and integration tests.
func GetSeccompProfileMutatingWebhook ¶ added in v1.54.0
func GetSeccompProfileMutatingWebhook( namespaceSelector *metav1.LabelSelector, secretServerCA *corev1.Secret, buildClientConfigFn func(*corev1.Secret, string) admissionregistrationv1.WebhookClientConfig, ) admissionregistrationv1.MutatingWebhook
GetSeccompProfileMutatingWebhook returns the seccomp-profile mutating webhook for the resourcemanager component for reuse between the component and integration tests.
func GetSystemComponentsConfigMutatingWebhook ¶ added in v1.63.0
func GetSystemComponentsConfigMutatingWebhook(namespaceSelector, objectSelector *metav1.LabelSelector, secretServerCA *corev1.Secret, buildClientConfigFn func(*corev1.Secret, string) admissionregistrationv1.WebhookClientConfig) admissionregistrationv1.MutatingWebhook
GetSystemComponentsConfigMutatingWebhook returns the system-components-config mutating webhook for the resourcemanager component for reuse between the component and integration tests.
func GetTokenInvalidatorMutatingWebhook ¶ added in v1.51.0
func GetTokenInvalidatorMutatingWebhook(namespaceSelector *metav1.LabelSelector, secretServerCA *corev1.Secret, buildClientConfigFn func(*corev1.Secret, string) admissionregistrationv1.WebhookClientConfig) admissionregistrationv1.MutatingWebhook
GetTokenInvalidatorMutatingWebhook returns the token-invalidator mutating webhook for the resourcemanager component for reuse between the component and integration tests.
Types ¶
type Interface ¶ added in v1.24.0
type Interface interface { component.DeployWaiter component.MonitoringComponent // GetReplicas gets the Replicas field in the Values. GetReplicas() *int32 // SetReplicas sets the Replicas field in the Values. SetReplicas(*int32) // SetSecrets sets the secrets. SetSecrets(Secrets) }
Interface contains functions for a gardener-resource-manager deployer.
type Secrets ¶
type Secrets struct { // BootstrapKubeconfig is the kubeconfig of the gardener-resource-manager used during the bootstrapping process. Its // token requestor controller will request a JWT token for itself with this kubeconfig. BootstrapKubeconfig *component.Secret // contains filtered or unexported fields }
Secrets is collection of secrets for the gardener-resource-manager.
type VPAConfig ¶ added in v1.37.1
type VPAConfig struct { // MinAllowed specifies the minimal amount of resources that will be recommended // for the container. MinAllowed corev1.ResourceList }
VPAConfig contains information for configuring VerticalPodAutoscaler settings for the gardener-resource-manager deployment.
type Values ¶
type Values struct { // AlwaysUpdate if set to false then a resource will only be updated if its desired state differs from the actual state. otherwise, an update request will be always sent AlwaysUpdate *bool // ClusterIdentity is the identity of the managing cluster. ClusterIdentity *string // ConcurrentSyncs are the number of worker threads for concurrent reconciliation of resources ConcurrentSyncs *int // HealthSyncPeriod describes the duration of how often the health of existing resources should be synced HealthSyncPeriod *metav1.Duration // Image is the container image. Image string // LogLevel is the level/severity for the logs. Must be one of [info,debug,error]. LogLevel string // LogFormat is the output format for the logs. Must be one of [text,json]. LogFormat string // MaxConcurrentHealthWorkers configures the number of worker threads for concurrent health reconciliation of resources MaxConcurrentHealthWorkers *int // MaxConcurrentTokenInvalidatorWorkers configures the number of worker threads for concurrent token invalidator reconciliations MaxConcurrentTokenInvalidatorWorkers *int // MaxConcurrentTokenRequestorWorkers configures the number of worker threads for concurrent token requestor reconciliations MaxConcurrentTokenRequestorWorkers *int // MaxConcurrentRootCAPublisherWorkers configures the number of worker threads for concurrent root ca publishing reconciliations MaxConcurrentRootCAPublisherWorkers *int // MaxConcurrentCSRApproverWorkers configures the number of worker threads for concurrent kubelet CSR approver reconciliations MaxConcurrentCSRApproverWorkers *int // PriorityClassName is the name of the priority class. PriorityClassName string // Replicas is the number of replicas for the gardener-resource-manager deployment. Replicas *int32 // ResourceClass is used to filter resource resources ResourceClass *string // SecretNameServerCA is the name of the server CA secret. SecretNameServerCA string // SyncPeriod configures the duration of how often existing resources should be synced SyncPeriod *metav1.Duration // SystemComponentTolerations are the tolerations required for shoot system components. SystemComponentTolerations []corev1.Toleration // TargetDiffersFromSourceCluster states whether the target cluster is a different one than the source cluster TargetDiffersFromSourceCluster bool // TargetDisableCache disables the cache for target cluster and always talk directly to the API server (defaults to false) TargetDisableCache *bool // WatchedNamespace restricts the gardener-resource-manager to only watch ManagedResources in the defined namespace. // If not set the gardener-resource-manager controller watches for ManagedResources in all namespaces WatchedNamespace *string // KubernetesVersion is the Kubernetes version for the Kubernetes components. KubernetesVersion *semver.Version // VPA contains information for configuring VerticalPodAutoscaler settings for the gardener-resource-manager deployment. VPA *VPAConfig // SchedulingProfile is the kube-scheduler profile configured for the Shoot. SchedulingProfile *gardencorev1beta1.SchedulingProfile // DefaultSeccompProfileEnabled specifies if the defaulting seccomp profile webhook of GRM should be enabled or not. DefaultSeccompProfileEnabled bool // PodTopologySpreadConstraintsEnabled specifies if the pod's TSC should be mutated to support rolling updates. PodTopologySpreadConstraintsEnabled bool // FailureToleranceType determines the failure tolerance type for the resource manager deployment. FailureToleranceType *gardencorev1beta1.FailureToleranceType // Zones is number of availability zones. Zones []string }
Values holds the optional configuration options for the gardener resource manager