apiserver

package
v1.95.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: May 31, 2024 License: Apache-2.0 Imports: 30 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// AutoscalingModeBaseline differs substantially between kube-apiserver and gardener-apiserver.
	// For kube-apiserver, it is active HPA and VPA in passive, recommend-only mode.
	// For gardener-apiserver, it is VPA only.
	AutoscalingModeBaseline = 0 + iota
	// AutoscalingModeHVPA uses Gardener's custom HVPA autoscaler.
	AutoscalingModeHVPA
	// AutoscalingModeVPAAndHPA uses VPA on CPU utilization and HPA on CPU usage.
	AutoscalingModeVPAAndHPA
)
View Source
const (
	// SecretWebhookKubeconfigDataKey is a constant for a key in the data of the secret containing a kubeconfig.
	SecretWebhookKubeconfigDataKey = "kubeconfig.yaml"
)

Variables

This section is empty.

Functions

func InjectAdmissionSettings

func InjectAdmissionSettings(deployment *appsv1.Deployment, configMapAdmissionConfigs *corev1.ConfigMap, secretAdmissionKubeconfigs *corev1.Secret, values Values)

InjectAdmissionSettings injects the admission settings into `gardener-apiserver` and `kube-apiserver` deployments.

func InjectAuditSettings

func InjectAuditSettings(deployment *appsv1.Deployment, configMapAuditPolicy *corev1.ConfigMap, secretWebhookKubeconfig *corev1.Secret, auditConfig *AuditConfig)

InjectAuditSettings injects the audit settings into `gardener-apiserver` and `kube-apiserver` deployments.

func InjectDefaultSettings

func InjectDefaultSettings(
	deployment *appsv1.Deployment,
	namePrefix string,
	values Values,
	secretCAETCD *corev1.Secret,
	secretETCDClient *corev1.Secret,
	secretServer *corev1.Secret,
)

InjectDefaultSettings injects default settings into `gardener-apiserver` and `kube-apiserver` deployments.

func InjectEncryptionSettings

func InjectEncryptionSettings(deployment *appsv1.Deployment, secretETCDEncryptionConfiguration *corev1.Secret)

InjectEncryptionSettings injects the encryption settings into `gardener-apiserver` and `kube-apiserver` deployments.

func ReconcileConfigMapAdmission

func ReconcileConfigMapAdmission(ctx context.Context, c client.Client, configMap *corev1.ConfigMap, values Values) error

ReconcileConfigMapAdmission reconciles the ConfigMap containing the configs for the admission plugins.

func ReconcileConfigMapAuditPolicy

func ReconcileConfigMapAuditPolicy(ctx context.Context, c client.Client, configMap *corev1.ConfigMap, auditConfig *AuditConfig) error

ReconcileConfigMapAuditPolicy reconciles the ConfigMap containing the audit policy.

func ReconcileSecretAdmissionKubeconfigs

func ReconcileSecretAdmissionKubeconfigs(ctx context.Context, c client.Client, secret *corev1.Secret, values Values) error

ReconcileSecretAdmissionKubeconfigs reconciles the secret containing the kubeconfig for admission plugins.

func ReconcileSecretAuditWebhookKubeconfig

func ReconcileSecretAuditWebhookKubeconfig(ctx context.Context, c client.Client, secret *corev1.Secret, auditConfig *AuditConfig) error

ReconcileSecretAuditWebhookKubeconfig reconciles the secret containing the kubeconfig for audit webhooks.

func ReconcileSecretETCDEncryptionConfiguration

func ReconcileSecretETCDEncryptionConfiguration(
	ctx context.Context,
	c client.Client,
	secretsManager secretsmanager.Interface,
	config ETCDEncryptionConfig,
	secretETCDEncryptionConfiguration *corev1.Secret,
	secretNameETCDEncryptionKey string,
	roleLabel string,
) error

ReconcileSecretETCDEncryptionConfiguration reconciles the ETCD encryption secret configuration.

func ReconcileSecretWebhookKubeconfig

func ReconcileSecretWebhookKubeconfig(ctx context.Context, c client.Client, secret *corev1.Secret, kubeconfig []byte) error

ReconcileSecretWebhookKubeconfig reconciles the secret containing a kubeconfig for webhooks.

Types

type AdmissionPluginConfig

type AdmissionPluginConfig struct {
	gardencorev1beta1.AdmissionPlugin
	// Kubeconfig is an optional API server connection configuration of this admission plugin. The configs for some
	// admission plugins like `ImagePolicyWebhook` or `ValidatingAdmissionWebhook` can take a reference to an API server
	Kubeconfig []byte
}

AdmissionPluginConfig contains information about a specific admission plugin and its corresponding configuration.

type AuditConfig

type AuditConfig struct {
	// Policy is the audit policy document in YAML format.
	Policy *string
	// Webhook contains configuration for the audit webhook.
	Webhook *AuditWebhook
}

AuditConfig contains information for configuring audit settings for the API server.

type AuditWebhook

type AuditWebhook struct {
	// Kubeconfig contains the API server file that defines the audit webhook configuration.
	Kubeconfig []byte
	// BatchMaxSize is the maximum size of a batch.
	BatchMaxSize *int32
	// Version is the API group and version used for serializing audit events written to webhook.
	Version *string
}

AuditWebhook contains configuration for the audit webhook.

type AutoscalingConfig

type AutoscalingConfig struct {
	// Mode is the strategy for scaling the API server.
	// Defaults to AutoscalingModeBaseline.
	Mode AutoscalingMode
	// APIServerResources are the resource requirements for the API server container.
	APIServerResources corev1.ResourceRequirements
	// Replicas is the number of pod replicas for the API server.
	Replicas *int32
	// MinReplicas are the minimum Replicas for horizontal autoscaling.
	MinReplicas int32
	// MaxReplicas are the maximum Replicas for horizontal autoscaling.
	MaxReplicas int32
	// UseMemoryMetricForHvpaHPA states whether the memory metric shall be used when the HPA is configured in an HVPA
	// resource.
	UseMemoryMetricForHvpaHPA bool
	// ScaleDownDisabled states whether scale-down shall be disabled.
	// Only HVPA and VPAAndHPA autoscaling modes support disabling scale-down.
	ScaleDownDisabled bool
}

AutoscalingConfig contains information for configuring autoscaling settings for the API server.

type AutoscalingMode added in v1.95.0

type AutoscalingMode int8

AutoscalingMode represents the different autoscaling modes for an API Server.

type ETCDEncryptionConfig

type ETCDEncryptionConfig struct {
	// RotationPhase specifies the credentials rotation phase of the encryption key.
	RotationPhase gardencorev1beta1.CredentialsRotationPhase
	// EncryptWithCurrentKey specifies whether the current encryption key should be used for encryption. If this is
	// false and if there are two keys then the old key will be used for encryption while the current/new key will only
	// be used for decryption.
	EncryptWithCurrentKey bool
	// ResourcesToEncrypt are the resources which should be encrypted.
	ResourcesToEncrypt []string
	// EncryptedResources are the resources which are currently encrypted.
	EncryptedResources []string
}

ETCDEncryptionConfig contains configuration for the encryption of resources in etcd.

type Interface

type Interface interface {
	component.DeployWaiter
	// GetAutoscalingReplicas gets the Replicas field in the AutoscalingConfig of the Values of the deployer.
	GetAutoscalingReplicas() *int32
	// SetAutoscalingAPIServerResources sets the APIServerResources field in the AutoscalingConfig of the Values of the
	// deployer.
	SetAutoscalingAPIServerResources(corev1.ResourceRequirements)
	// SetAutoscalingReplicas sets the Replicas field in the AutoscalingConfig of the Values of the deployer.
	SetAutoscalingReplicas(*int32)
	// SetETCDEncryptionConfig sets the ETCDEncryptionConfig field in the Values of the deployer.
	SetETCDEncryptionConfig(ETCDEncryptionConfig)
}

Interface contains functions for a deployer for an API server built with k8s.io/apiserver.

type Values

type Values struct {
	// EnabledAdmissionPlugins is the list of admission plugins that should be enabled with configuration for the API server.
	EnabledAdmissionPlugins []AdmissionPluginConfig
	// DisabledAdmissionPlugins is the list of admission plugins that should be disabled for the API server.
	DisabledAdmissionPlugins []gardencorev1beta1.AdmissionPlugin
	// Audit contains information for configuring audit settings for the API server.
	Audit *AuditConfig
	// Autoscaling contains information for configuring autoscaling settings for the API server.
	Autoscaling AutoscalingConfig
	// ETCDEncryption contains configuration for the encryption of resources in etcd.
	ETCDEncryption ETCDEncryptionConfig
	// FeatureGates is the set of feature gates.
	FeatureGates map[string]bool
	// Logging contains configuration settings for the log and access logging verbosity
	Logging *gardencorev1beta1.APIServerLogging
	// Requests contains configuration for the API server requests.
	Requests *gardencorev1beta1.APIServerRequests
	// RuntimeVersion is the Kubernetes version of the runtime cluster.
	RuntimeVersion *semver.Version
	// WatchCacheSizes are the configured sizes for the watch caches.
	WatchCacheSizes *gardencorev1beta1.WatchCacheSizes
}

Values contains configuration values for the API server resources.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL