Documentation ¶
Index ¶
- Constants
- Variables
- func CentralLoggingConfiguration() (component.CentralLoggingConfig, error)
- func GetCRDDeletionProtectionValidatingWebhooks(secretServerCA *corev1.Secret, ...) []admissionregistrationv1.ValidatingWebhook
- func GetEndpointSliceHintsMutatingWebhook(namespaceSelector *metav1.LabelSelector, secretServerCA *corev1.Secret, ...) admissionregistrationv1.MutatingWebhook
- func GetExtensionValidationValidatingWebhooks(secretServerCA *corev1.Secret, ...) []admissionregistrationv1.ValidatingWebhook
- func GetHighAvailabilityConfigMutatingWebhook(namespaceSelector, objectSelector *metav1.LabelSelector, ...) admissionregistrationv1.MutatingWebhook
- func GetKubernetesServiceHostMutatingWebhook(namespaceSelector *metav1.LabelSelector, secretServerCA *corev1.Secret, ...) admissionregistrationv1.MutatingWebhook
- func GetPodSchedulerNameMutatingWebhook(namespaceSelector *metav1.LabelSelector, secretServerCA *corev1.Secret, ...) admissionregistrationv1.MutatingWebhook
- func GetPodTopologySpreadConstraintsMutatingWebhook(resourceManagerPrefix string, namespaceSelector *metav1.LabelSelector, ...) admissionregistrationv1.MutatingWebhook
- func GetSeccompProfileMutatingWebhook(resourceManagerPrefix string, namespaceSelector *metav1.LabelSelector, ...) admissionregistrationv1.MutatingWebhook
- func GetSystemComponentsConfigMutatingWebhook(namespaceSelector, objectSelector *metav1.LabelSelector, ...) admissionregistrationv1.MutatingWebhook
- func GetTokenInvalidatorMutatingWebhook(namespaceSelector *metav1.LabelSelector, secretServerCA *corev1.Secret, ...) admissionregistrationv1.MutatingWebhook
- type Interface
- type Secrets
- type VPAConfig
- type Values
Constants ¶
const ( // ManagedResourceName is the name for the ManagedResource containing resources deployed to the shoot cluster. ManagedResourceName = "shoot-core-gardener-resource-manager" // SecretNameShootAccess is the name of the shoot access secret for the gardener-resource-manager. SecretNameShootAccess = gardenerutils.SecretNamePrefixShootAccess + v1beta1constants.DeploymentNameGardenerResourceManager // LabelValue is a constant for the value of the 'app' label on Kubernetes resources. LabelValue = "gardener-resource-manager" )
Variables ¶
var ( //go:embed assets/crd-resources.gardener.cloud_managedresources.yaml // CRD is the custom resource definition for ManagedResources. CRD string // SkipWebhookDeployment is a variable which controls whether the webhook deployment should be skipped. // Exposed for testing. SkipWebhookDeployment bool )
var ( // IntervalWaitForDeployment is the interval used while waiting for the Deployments to become healthy // or deleted. IntervalWaitForDeployment = 5 * time.Second // TimeoutWaitForDeployment is the timeout used while waiting for the Deployments to become healthy // or deleted. TimeoutWaitForDeployment = 5 * time.Minute // Until is an alias for retry.Until. Exposed for tests. Until = retry.Until )
Functions ¶
func CentralLoggingConfiguration ¶
func CentralLoggingConfiguration() (component.CentralLoggingConfig, error)
CentralLoggingConfiguration returns a fluent-bit parser and filters for the gardener-resource-manager logs.
func GetCRDDeletionProtectionValidatingWebhooks ¶
func GetCRDDeletionProtectionValidatingWebhooks(secretServerCA *corev1.Secret, buildClientConfigFn func(*corev1.Secret, string) admissionregistrationv1.WebhookClientConfig) []admissionregistrationv1.ValidatingWebhook
GetCRDDeletionProtectionValidatingWebhooks returns the ValidatingWebhooks for the crd-deletion-protection webhook for reuse between the component and integration tests.
func GetEndpointSliceHintsMutatingWebhook ¶
func GetEndpointSliceHintsMutatingWebhook( namespaceSelector *metav1.LabelSelector, secretServerCA *corev1.Secret, buildClientConfigFn func(*corev1.Secret, string) admissionregistrationv1.WebhookClientConfig, ) admissionregistrationv1.MutatingWebhook
GetEndpointSliceHintsMutatingWebhook returns the EndpointSlice hints mutating webhook for the resourcemanager component for reuse between the component and integration tests.
func GetExtensionValidationValidatingWebhooks ¶
func GetExtensionValidationValidatingWebhooks(secretServerCA *corev1.Secret, buildClientConfigFn func(*corev1.Secret, string) admissionregistrationv1.WebhookClientConfig) []admissionregistrationv1.ValidatingWebhook
GetExtensionValidationValidatingWebhooks returns the ValidatingWebhooks for the crd-deletion-protection webhook for reuse between the component and integration tests.
func GetHighAvailabilityConfigMutatingWebhook ¶
func GetHighAvailabilityConfigMutatingWebhook(namespaceSelector, objectSelector *metav1.LabelSelector, secretServerCA *corev1.Secret, buildClientConfigFn func(*corev1.Secret, string) admissionregistrationv1.WebhookClientConfig) admissionregistrationv1.MutatingWebhook
GetHighAvailabilityConfigMutatingWebhook returns the high-availability-config mutating webhook for the resourcemanager component for reuse between the component and integration tests.
func GetKubernetesServiceHostMutatingWebhook ¶ added in v1.72.0
func GetKubernetesServiceHostMutatingWebhook( namespaceSelector *metav1.LabelSelector, secretServerCA *corev1.Secret, buildClientConfigFn func(*corev1.Secret, string) admissionregistrationv1.WebhookClientConfig, ) admissionregistrationv1.MutatingWebhook
GetKubernetesServiceHostMutatingWebhook returns the kubernetes-service-host mutating webhook for the resourcemanager component for reuse between the component and integration tests.
func GetPodSchedulerNameMutatingWebhook ¶
func GetPodSchedulerNameMutatingWebhook(namespaceSelector *metav1.LabelSelector, secretServerCA *corev1.Secret, buildClientConfigFn func(*corev1.Secret, string) admissionregistrationv1.WebhookClientConfig) admissionregistrationv1.MutatingWebhook
GetPodSchedulerNameMutatingWebhook returns the pod-scheduler-name1 mutating webhook for the resourcemanager component for reuse between the component and integration tests.
func GetPodTopologySpreadConstraintsMutatingWebhook ¶
func GetPodTopologySpreadConstraintsMutatingWebhook( resourceManagerPrefix string, namespaceSelector *metav1.LabelSelector, objectSelector *metav1.LabelSelector, secretServerCA *corev1.Secret, buildClientConfigFn func(*corev1.Secret, string) admissionregistrationv1.WebhookClientConfig, ) admissionregistrationv1.MutatingWebhook
GetPodTopologySpreadConstraintsMutatingWebhook returns the TSC mutating webhook for the resourcemanager component for reuse between the component and integration tests.
func GetSeccompProfileMutatingWebhook ¶
func GetSeccompProfileMutatingWebhook( resourceManagerPrefix string, namespaceSelector *metav1.LabelSelector, secretServerCA *corev1.Secret, buildClientConfigFn func(*corev1.Secret, string) admissionregistrationv1.WebhookClientConfig, ) admissionregistrationv1.MutatingWebhook
GetSeccompProfileMutatingWebhook returns the seccomp-profile mutating webhook for the resourcemanager component for reuse between the component and integration tests.
func GetSystemComponentsConfigMutatingWebhook ¶
func GetSystemComponentsConfigMutatingWebhook(namespaceSelector, objectSelector *metav1.LabelSelector, secretServerCA *corev1.Secret, buildClientConfigFn func(*corev1.Secret, string) admissionregistrationv1.WebhookClientConfig) admissionregistrationv1.MutatingWebhook
GetSystemComponentsConfigMutatingWebhook returns the system-components-config mutating webhook for the resourcemanager component for reuse between the component and integration tests.
func GetTokenInvalidatorMutatingWebhook ¶
func GetTokenInvalidatorMutatingWebhook(namespaceSelector *metav1.LabelSelector, secretServerCA *corev1.Secret, buildClientConfigFn func(*corev1.Secret, string) admissionregistrationv1.WebhookClientConfig) admissionregistrationv1.MutatingWebhook
GetTokenInvalidatorMutatingWebhook returns the token-invalidator mutating webhook for the resourcemanager component for reuse between the component and integration tests.
Types ¶
type Interface ¶
type Interface interface { component.DeployWaiter component.MonitoringComponent // GetReplicas gets the Replicas field in the Values. GetReplicas() *int32 // SetReplicas sets the Replicas field in the Values. SetReplicas(*int32) // SetSecrets sets the secrets. SetSecrets(Secrets) // GetValues returns the current configuration values of the deployer. GetValues() Values }
Interface contains functions for a gardener-resource-manager deployer.
type Secrets ¶
type Secrets struct { // BootstrapKubeconfig is the kubeconfig of the gardener-resource-manager used during the bootstrapping process. Its // token requestor controller will request a JWT token for itself with this kubeconfig. BootstrapKubeconfig *component.Secret // contains filtered or unexported fields }
Secrets is collection of secrets for the gardener-resource-manager.
type VPAConfig ¶
type VPAConfig struct { // MinAllowed specifies the minimal amount of resources that will be recommended // for the container. MinAllowed corev1.ResourceList }
VPAConfig contains information for configuring VerticalPodAutoscaler settings for the gardener-resource-manager deployment.
type Values ¶
type Values struct { // AlwaysUpdate if set to false then a resource will only be updated if its desired state differs from the actual state. otherwise, an update request will be always sent AlwaysUpdate *bool // ClusterIdentity is the identity of the managing cluster. ClusterIdentity *string // ConcurrentSyncs are the number of worker threads for concurrent reconciliation of resources ConcurrentSyncs *int // DefaultNotReadyTolerationSeconds indicates the tolerationSeconds of the toleration for notReady:NoExecute DefaultNotReadyToleration *int64 // DefaultUnreachableTolerationSeconds indicates the tolerationSeconds of the toleration for unreachable:NoExecute DefaultUnreachableToleration *int64 // HealthSyncPeriod describes the duration of how often the health of existing resources should be synced HealthSyncPeriod *metav1.Duration // FullNetworkPolicies makes the network policy controller to consider all relevant namespaces. FullNetworkPolicies bool // NetworkPolicyAdditionalNamespaceSelectors is the list of additional namespace selectors to consider for the // NetworkPolicy controller. NetworkPolicyAdditionalNamespaceSelectors []metav1.LabelSelector // NetworkPolicyControllerIngressControllerSelector is the peer information of the ingress controller for the // network policy controller. NetworkPolicyControllerIngressControllerSelector *resourcemanagerv1alpha1.IngressControllerSelector // Image is the container image. Image string // LogLevel is the level/severity for the logs. Must be one of [info,debug,error]. LogLevel string // LogFormat is the output format for the logs. Must be one of [text,json]. LogFormat string // MaxConcurrentHealthWorkers configures the number of worker threads for concurrent health reconciliation of resources. MaxConcurrentHealthWorkers *int // MaxConcurrentTokenInvalidatorWorkers configures the number of worker threads for concurrent token invalidator reconciliations. MaxConcurrentTokenInvalidatorWorkers *int // MaxConcurrentTokenRequestorWorkers configures the number of worker threads for concurrent token requestor reconciliations. MaxConcurrentTokenRequestorWorkers *int // MaxConcurrentCSRApproverWorkers configures the number of worker threads for concurrent kubelet CSR approver reconciliations. MaxConcurrentCSRApproverWorkers *int // MaxConcurrentCSRApproverWorkers configures the number of worker threads for the network policy controller. MaxConcurrentNetworkPolicyWorkers *int // NamePrefix is the prefix for the resource names. NamePrefix string // PriorityClassName is the name of the priority class. PriorityClassName string // Replicas is the number of replicas for the gardener-resource-manager deployment. Replicas *int32 // ResourceClass is used to filter resource resources ResourceClass *string // SecretNameServerCA is the name of the server CA secret. SecretNameServerCA string // SyncPeriod configures the duration of how often existing resources should be synced SyncPeriod *metav1.Duration // SystemComponentTolerations are the tolerations required for shoot system components. SystemComponentTolerations []corev1.Toleration // TargetDiffersFromSourceCluster states whether the target cluster is a different one than the source cluster TargetDiffersFromSourceCluster bool // TargetDisableCache disables the cache for target cluster and always talk directly to the API server (defaults to false) TargetDisableCache *bool // WatchedNamespace restricts the gardener-resource-manager to only watch ManagedResources in the defined namespace. // If not set the gardener-resource-manager controller watches for ManagedResources in all namespaces WatchedNamespace *string // RuntimeKubernetesVersion is the Kubernetes version of the runtime cluster. RuntimeKubernetesVersion *semver.Version // VPA contains information for configuring VerticalPodAutoscaler settings for the gardener-resource-manager deployment. VPA *VPAConfig // SchedulingProfile is the kube-scheduler profile configured for the Shoot. SchedulingProfile *gardencorev1beta1.SchedulingProfile // DefaultSeccompProfileEnabled specifies if the defaulting seccomp profile webhook of GRM should be enabled or not. DefaultSeccompProfileEnabled bool // EndpointSliceHintsEnabled specifies if the EndpointSlice hints webhook of GRM should be enabled or not. EndpointSliceHintsEnabled bool // KubernetesServiceHost specifies the FQDN of the API server of the target cluster. If it is non-nil, the GRM's // kubernetes-service-host webhook will be enabled. KubernetesServiceHost *string // PodTopologySpreadConstraintsEnabled specifies if the pod's TSC should be mutated to support rolling updates. PodTopologySpreadConstraintsEnabled bool // FailureToleranceType determines the failure tolerance type for the resource manager deployment. FailureToleranceType *gardencorev1beta1.FailureToleranceType // Zones is number of availability zones. Zones []string // TopologyAwareRoutingEnabled indicates whether topology-aware routing is enabled for the gardener-resource-manager service. // This value is only applicable for the GRM that is deployed in the Shoot control plane (when TargetDiffersFromSourceCluster=true). TopologyAwareRoutingEnabled bool // IsWorkerless specifies whether the cluster has workers. IsWorkerless bool }
Values holds the optional configuration options for the gardener resource manager