Documentation ¶
Index ¶
- Constants
- func InjectAdmissionSettings(deployment *appsv1.Deployment, configMapAdmissionConfigs *corev1.ConfigMap, ...)
- func InjectAuditSettings(deployment *appsv1.Deployment, configMapAuditPolicy *corev1.ConfigMap, ...)
- func InjectDefaultSettings(deployment *appsv1.Deployment, namePrefix string, values Values, ...)
- func InjectEncryptionSettings(deployment *appsv1.Deployment, ...)
- func ReconcileConfigMapAdmission(ctx context.Context, c client.Client, configMap *corev1.ConfigMap, ...) error
- func ReconcileConfigMapAuditPolicy(ctx context.Context, c client.Client, configMap *corev1.ConfigMap, ...) error
- func ReconcileSecretAdmissionKubeconfigs(ctx context.Context, c client.Client, secret *corev1.Secret, values Values) error
- func ReconcileSecretAuditWebhookKubeconfig(ctx context.Context, c client.Client, secret *corev1.Secret, ...) error
- func ReconcileSecretETCDEncryptionConfiguration(ctx context.Context, c client.Client, secretsManager secretsmanager.Interface, ...) error
- func ReconcileSecretWebhookKubeconfig(ctx context.Context, c client.Client, secret *corev1.Secret, kubeconfig []byte) error
- type AdmissionPluginConfig
- type AuditConfig
- type AuditWebhook
- type AutoscalingConfig
- type AutoscalingMode
- type ETCDEncryptionConfig
- type Interface
- type Values
Constants ¶
const ( // AutoscalingModeBaseline differs substantially between kube-apiserver and gardener-apiserver. // For kube-apiserver, it is active HPA and VPA in passive, recommend-only mode. // For gardener-apiserver, it is VPA only. AutoscalingModeBaseline = 0 + iota // AutoscalingModeHVPA uses Gardener's custom HVPA autoscaler. AutoscalingModeHVPA // AutoscalingModeVPAAndHPA uses VPA on CPU utilization and HPA on CPU usage. AutoscalingModeVPAAndHPA )
const ( // SecretWebhookKubeconfigDataKey is a constant for a key in the data of the secret containing a kubeconfig. SecretWebhookKubeconfigDataKey = "kubeconfig.yaml" // #nosec G101 -- No credential. )
Variables ¶
This section is empty.
Functions ¶
func InjectAdmissionSettings ¶
func InjectAdmissionSettings(deployment *appsv1.Deployment, configMapAdmissionConfigs *corev1.ConfigMap, secretAdmissionKubeconfigs *corev1.Secret, values Values)
InjectAdmissionSettings injects the admission settings into `gardener-apiserver` and `kube-apiserver` deployments.
func InjectAuditSettings ¶
func InjectAuditSettings(deployment *appsv1.Deployment, configMapAuditPolicy *corev1.ConfigMap, secretWebhookKubeconfig *corev1.Secret, auditConfig *AuditConfig)
InjectAuditSettings injects the audit settings into `gardener-apiserver` and `kube-apiserver` deployments.
func InjectDefaultSettings ¶
func InjectDefaultSettings( deployment *appsv1.Deployment, namePrefix string, values Values, secretCAETCD *corev1.Secret, secretETCDClient *corev1.Secret, secretServer *corev1.Secret, )
InjectDefaultSettings injects default settings into `gardener-apiserver` and `kube-apiserver` deployments.
func InjectEncryptionSettings ¶
func InjectEncryptionSettings(deployment *appsv1.Deployment, secretETCDEncryptionConfiguration *corev1.Secret)
InjectEncryptionSettings injects the encryption settings into `gardener-apiserver` and `kube-apiserver` deployments.
func ReconcileConfigMapAdmission ¶
func ReconcileConfigMapAdmission(ctx context.Context, c client.Client, configMap *corev1.ConfigMap, values Values) error
ReconcileConfigMapAdmission reconciles the ConfigMap containing the configs for the admission plugins.
func ReconcileConfigMapAuditPolicy ¶
func ReconcileConfigMapAuditPolicy(ctx context.Context, c client.Client, configMap *corev1.ConfigMap, auditConfig *AuditConfig) error
ReconcileConfigMapAuditPolicy reconciles the ConfigMap containing the audit policy.
func ReconcileSecretAdmissionKubeconfigs ¶
func ReconcileSecretAdmissionKubeconfigs(ctx context.Context, c client.Client, secret *corev1.Secret, values Values) error
ReconcileSecretAdmissionKubeconfigs reconciles the secret containing the kubeconfig for admission plugins.
func ReconcileSecretAuditWebhookKubeconfig ¶
func ReconcileSecretAuditWebhookKubeconfig(ctx context.Context, c client.Client, secret *corev1.Secret, auditConfig *AuditConfig) error
ReconcileSecretAuditWebhookKubeconfig reconciles the secret containing the kubeconfig for audit webhooks.
func ReconcileSecretETCDEncryptionConfiguration ¶
func ReconcileSecretETCDEncryptionConfiguration( ctx context.Context, c client.Client, secretsManager secretsmanager.Interface, config ETCDEncryptionConfig, secretETCDEncryptionConfiguration *corev1.Secret, secretNameETCDEncryptionKey string, roleLabel string, ) error
ReconcileSecretETCDEncryptionConfiguration reconciles the ETCD encryption secret configuration.
Types ¶
type AdmissionPluginConfig ¶
type AdmissionPluginConfig struct { gardencorev1beta1.AdmissionPlugin // Kubeconfig is an optional API server connection configuration of this admission plugin. The configs for some // admission plugins like `ImagePolicyWebhook` or `ValidatingAdmissionWebhook` can take a reference to an API server Kubeconfig []byte }
AdmissionPluginConfig contains information about a specific admission plugin and its corresponding configuration.
type AuditConfig ¶
type AuditConfig struct { // Policy is the audit policy document in YAML format. Policy *string // Webhook contains configuration for the audit webhook. Webhook *AuditWebhook }
AuditConfig contains information for configuring audit settings for the API server.
type AuditWebhook ¶
type AuditWebhook struct { // Kubeconfig contains the API server file that defines the audit webhook configuration. Kubeconfig []byte // BatchMaxSize is the maximum size of a batch. BatchMaxSize *int32 // Version is the API group and version used for serializing audit events written to webhook. Version *string }
AuditWebhook contains configuration for the audit webhook.
type AutoscalingConfig ¶
type AutoscalingConfig struct { // Mode is the strategy for scaling the API server. // Defaults to AutoscalingModeBaseline. Mode AutoscalingMode // APIServerResources are the resource requirements for the API server container. APIServerResources corev1.ResourceRequirements // Replicas is the number of pod replicas for the API server. Replicas *int32 // MinReplicas are the minimum Replicas for horizontal autoscaling. MinReplicas int32 // MaxReplicas are the maximum Replicas for horizontal autoscaling. MaxReplicas int32 // UseMemoryMetricForHvpaHPA states whether the memory metric shall be used when the HPA is configured in an HVPA // resource. UseMemoryMetricForHvpaHPA bool // ScaleDownDisabled states whether scale-down shall be disabled. // Only HVPA and VPAAndHPA autoscaling modes support disabling scale-down. ScaleDownDisabled bool }
AutoscalingConfig contains information for configuring autoscaling settings for the API server.
type AutoscalingMode ¶ added in v1.95.0
type AutoscalingMode int8
AutoscalingMode represents the different autoscaling modes for an API Server.
type ETCDEncryptionConfig ¶
type ETCDEncryptionConfig struct { // RotationPhase specifies the credentials rotation phase of the encryption key. RotationPhase gardencorev1beta1.CredentialsRotationPhase // EncryptWithCurrentKey specifies whether the current encryption key should be used for encryption. If this is // false and if there are two keys then the old key will be used for encryption while the current/new key will only // be used for decryption. EncryptWithCurrentKey bool // ResourcesToEncrypt are the resources which should be encrypted. ResourcesToEncrypt []string // EncryptedResources are the resources which are currently encrypted. EncryptedResources []string }
ETCDEncryptionConfig contains configuration for the encryption of resources in etcd.
type Interface ¶
type Interface interface { component.DeployWaiter // GetAutoscalingReplicas gets the Replicas field in the AutoscalingConfig of the Values of the deployer. GetAutoscalingReplicas() *int32 // SetAutoscalingAPIServerResources sets the APIServerResources field in the AutoscalingConfig of the Values of the // deployer. SetAutoscalingAPIServerResources(corev1.ResourceRequirements) // SetAutoscalingReplicas sets the Replicas field in the AutoscalingConfig of the Values of the deployer. SetAutoscalingReplicas(*int32) // SetETCDEncryptionConfig sets the ETCDEncryptionConfig field in the Values of the deployer. SetETCDEncryptionConfig(ETCDEncryptionConfig) }
Interface contains functions for a deployer for an API server built with k8s.io/apiserver.
type Values ¶
type Values struct { // EnabledAdmissionPlugins is the list of admission plugins that should be enabled with configuration for the API server. EnabledAdmissionPlugins []AdmissionPluginConfig // DisabledAdmissionPlugins is the list of admission plugins that should be disabled for the API server. DisabledAdmissionPlugins []gardencorev1beta1.AdmissionPlugin // Audit contains information for configuring audit settings for the API server. Audit *AuditConfig // Autoscaling contains information for configuring autoscaling settings for the API server. Autoscaling AutoscalingConfig // ETCDEncryption contains configuration for the encryption of resources in etcd. ETCDEncryption ETCDEncryptionConfig // FeatureGates is the set of feature gates. FeatureGates map[string]bool // Logging contains configuration settings for the log and access logging verbosity Logging *gardencorev1beta1.APIServerLogging // Requests contains configuration for the API server requests. Requests *gardencorev1beta1.APIServerRequests // RuntimeVersion is the Kubernetes version of the runtime cluster. RuntimeVersion *semver.Version // WatchCacheSizes are the configured sizes for the watch caches. WatchCacheSizes *gardencorev1beta1.WatchCacheSizes }
Values contains configuration values for the API server resources.