common

package
v1.7.1-0...-23dd39d Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 16, 2021 License: Apache-2.0, BSD-2-Clause, MIT, + 1 more Imports: 26 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// VPNTunnel dictates that VPN is used as a tunnel between seed and shoot networks.
	VPNTunnel string = "vpn-shoot"

	// BasicAuthSecretName is the name of the secret containing basic authentication credentials for the kube-apiserver.
	BasicAuthSecretName = "kube-apiserver-basic-auth"

	// EtcdEncryptionSecretName is the name of the shoot-specific secret which contains
	// that shoot's EncryptionConfiguration. The EncryptionConfiguration contains a key
	// which the shoot's apiserver uses for encrypting selected etcd content.
	// Should match charts/seed-controlplane/charts/kube-apiserver/templates/deployment.yaml
	EtcdEncryptionSecretName = "etcd-encryption-secret"

	// EtcdEncryptionSecretFileName is the name of the file within the EncryptionConfiguration
	// which is made available as volume mount to the shoot's apiserver.
	// Should match charts/seed-controlplane/charts/kube-apiserver/templates/deployment.yaml
	EtcdEncryptionSecretFileName = "encryption-configuration.yaml"

	// EtcdEncryptionChecksumLabelName is the name of the label which is added to the shoot
	// secrets after rewriting them to ensure that successfully rewritten secrets are not
	// (unnecessarily) rewritten during each reconciliation.
	EtcdEncryptionChecksumLabelName = "shoot.gardener.cloud/etcd-encryption-configuration-checksum"

	// EtcdEncryptionForcePlaintextAnnotationName is the name of the annotation with which to annotate
	// the EncryptionConfiguration secret to force the decryption of shoot secrets
	EtcdEncryptionForcePlaintextAnnotationName = "shoot.gardener.cloud/etcd-encryption-force-plaintext-secrets"

	// EtcdEncryptionEncryptedResourceSecrets is the name of the secret resource to be encrypted
	EtcdEncryptionEncryptedResourceSecrets = "secrets"

	// EtcdEncryptionKeyPrefix is the prefix for the key name of the EncryptionConfiguration's key
	EtcdEncryptionKeyPrefix = "key"

	// EtcdEncryptionKeySecretLen is the expected length in bytes of the EncryptionConfiguration's key
	EtcdEncryptionKeySecretLen = 32

	// ETCDEncryptionConfigDataName is the name of ShootState data entry holding the current key and encryption state used to encrypt shoot resources
	ETCDEncryptionConfigDataName = "etcdEncryptionConfiguration"

	// GrafanaOperatorsPrefix is a constant for a prefix used for the operators Grafana instance.
	GrafanaOperatorsPrefix = "go"

	// GrafanaUsersPrefix is a constant for a prefix used for the users Grafana instance.
	GrafanaUsersPrefix = "gu"

	// GrafanaOperatorsRole is a constant for the operators role.
	GrafanaOperatorsRole = "operators"

	// GrafanaUsersRole is a constant for the users role.
	GrafanaUsersRole = "users"

	// PrometheusPrefix is a constant for a prefix used for the Prometheus instance.
	PrometheusPrefix = "p"

	// AlertManagerPrefix is a constant for a prefix used for the AlertManager instance.
	AlertManagerPrefix = "au"

	// CoreDNSDeploymentName is the name of the coredns deployment.
	CoreDNSDeploymentName = "coredns"

	// KubecfgUsername is the username for the token used for the kubeconfig the shoot.
	KubecfgUsername = "system:cluster-admin"

	// KubecfgSecretName is the name of the kubecfg secret.
	KubecfgSecretName = "kubecfg"

	// DependencyWatchdogExternalProbeSecretName is the name of the kubecfg secret with internal DNS for external access.
	DependencyWatchdogExternalProbeSecretName = "dependency-watchdog-external-probe"

	// DependencyWatchdogInternalProbeSecretName is the name of the kubecfg secret with cluster IP access.
	DependencyWatchdogInternalProbeSecretName = "dependency-watchdog-internal-probe"

	// DependencyWatchdogUserName is the user name of the dependency-watchdog.
	DependencyWatchdogUserName = "gardener.cloud:system:dependency-watchdog"

	// KubeAPIServerHealthCheck is a key for the kube-apiserver-health-check user.
	KubeAPIServerHealthCheck = "kube-apiserver-health-check"

	// StaticTokenSecretName is the name of the secret containing static tokens for the kube-apiserver.
	StaticTokenSecretName = "static-token"

	// VPASecretName is the name of the secret used by VPA
	VPASecretName = "vpa-tls-certs"

	// ManagedResourceShootCoreName is the name of the shoot core managed resource.
	ManagedResourceShootCoreName = "shoot-core"
	// ManagedResourceAddonsName is the name of the addons managed resource.
	ManagedResourceAddonsName = "addons"

	// SeedSpecHash is a constant for a label on `ControllerInstallation`s (similar to `pod-template-hash` on `Pod`s).
	SeedSpecHash = "seed-spec-hash"

	// RegistrationSpecHash is a constant for a label on `ControllerInstallation`s (similar to `pod-template-hash` on `Pod`s).
	RegistrationSpecHash = "registration-spec-hash"

	// VpaAdmissionControllerName is the name of the vpa-admission-controller name.
	VpaAdmissionControllerName = "gardener.cloud:vpa:admission-controller"
	// VpaRecommenderName is the name of the vpa-recommender name.
	VpaRecommenderName = "gardener.cloud:vpa:recommender"
	// VpaUpdaterName is the name of the vpa-updater name.
	VpaUpdaterName = "gardener.cloud:vpa:updater"
	// VpaExporterName is the name of the vpa-exporter name.
	VpaExporterName = "gardener.cloud:vpa:exporter"

	// IstioNamespace is the istio-system namespace
	IstioNamespace = "istio-system"

	// ServiceAccountSigningKeySecretDataKey is the data key of a signing key Kubernetes secret.
	ServiceAccountSigningKeySecretDataKey = "signing-key"

	// AlertManagerTLS is the name of the secret resource which holds the TLS certificate for Alert Manager.
	AlertManagerTLS = "alertmanager-tls"
	// GrafanaTLS is the name of the secret resource which holds the TLS certificate for Grafana.
	GrafanaTLS = "grafana-tls"
	// PrometheusTLS is the name of the secret resource which holds the TLS certificate for Prometheus.
	PrometheusTLS = "prometheus-tls"

	// EndUserCrtValidity is the time period a user facing certificate is valid.
	EndUserCrtValidity = 730 * 24 * time.Hour // ~2 years, see https://support.apple.com/en-us/HT210176

	// ShootDNSIngressName is a constant for the DNS resources used for the shoot ingress addon.
	ShootDNSIngressName = "ingress"

	// GardenLokiPriorityClassName is the name of the PriorityClass for the Loki in the garden namespace
	GardenLokiPriorityClassName = "garden-loki"
)

Variables

This section is empty.

Functions

func AllPrivateNetworkBlocks

func AllPrivateNetworkBlocks() []net.IPNet

AllPrivateNetworkBlocks returns a list of all Private network (RFC1918) and Carrier-grade NAT (RFC6598) IPv4 blocks.

func CarrierGradeNATBlock

func CarrierGradeNATBlock() *net.IPNet

CarrierGradeNATBlock returns a Carrier-grade NAT (RFC6598) 100.64.0.0/10 IPv4 block

func ComputeOffsetIP

func ComputeOffsetIP(subnet *net.IPNet, offset int64) (net.IP, error)

ComputeOffsetIP parses the provided <subnet> and offsets with the value of <offset>. For example, <subnet> = 100.64.0.0/11 and <offset> = 10 the result would be 100.64.0.10 IPv6 and IPv4 is supported.

func DeleteAlertmanager

func DeleteAlertmanager(ctx context.Context, k8sClient client.Client, namespace string) error

DeleteAlertmanager deletes all resources of the Alertmanager in a given namespace.

func DeleteDeploymentsHavingDeprecatedRoleLabelKey

func DeleteDeploymentsHavingDeprecatedRoleLabelKey(ctx context.Context, c client.Client, keys []client.ObjectKey) error

DeleteDeploymentsHavingDeprecatedRoleLabelKey deletes the Deployments with the passed object keys if the corresponding Deployment .spec.selector contains the deprecated "garden.sapcloud.io/role" label key.

func DeleteGrafanaByRole

func DeleteGrafanaByRole(ctx context.Context, k8sClient kubernetes.Interface, namespace, role string) error

DeleteGrafanaByRole deletes the monitoring stack for the shoot owner.

func DeleteHvpa

func DeleteHvpa(ctx context.Context, k8sClient kubernetes.Interface, namespace string) error

DeleteHvpa delete all resources required for the HVPA in the given namespace.

func DeleteLoki

func DeleteLoki(ctx context.Context, k8sClient client.Client, namespace string) error

DeleteLoki deletes all resources of the Loki in a given namespace.

func DeleteReserveExcessCapacity

func DeleteReserveExcessCapacity(ctx context.Context, k8sClient client.Client) error

DeleteReserveExcessCapacity deletes the deployment and priority class for excess capacity

func DeleteSeedLoggingStack

func DeleteSeedLoggingStack(ctx context.Context, k8sClient client.Client) error

DeleteSeedLoggingStack deletes all seed resource of the logging stack in the garden namespace.

func DeleteShootLoggingStack

func DeleteShootLoggingStack(ctx context.Context, k8sClient client.Client, namespace string) error

DeleteShootLoggingStack deletes all shoot resource of the logging stack in the given namespace.

func DeleteVpa

func DeleteVpa(ctx context.Context, c client.Client, namespace string, isShoot bool) error

DeleteVpa delete all resources required for the VPA in the given namespace.

func ExceptNetworks

func ExceptNetworks(networks []string, except ...string) ([]interface{}, error)

ExceptNetworks returns a list of maps with `network` key containing one of `networks` and `except` key containgn list of `cidr` which are part of those CIDRs.

Calling `ExceptNetworks([]garden.CIDR{"10.0.0.0/8","172.16.0.0/12"},"10.10.0.0/24","172.16.1.0/24")` produces:

[

{"network": "10.0.0.0/8", "except": ["10.10.0.0/24"]},
{"network": "172.16.0.0/12", "except": ["172.16.1.0/24"]},

]

func ExtractShootDetailsFromBackupEntryName

func ExtractShootDetailsFromBackupEntryName(backupEntryName string) (shootTechnicalID, shootUID string)

ExtractShootDetailsFromBackupEntryName returns Shoot resource technicalID its UID from provided <backupEntryName>.

func GenerateAddonConfig

func GenerateAddonConfig(values map[string]interface{}, enabled bool) map[string]interface{}

GenerateAddonConfig returns the provided <values> in case <enabled> is true. Otherwise, nil is being returned.

func GenerateBackupEntryName

func GenerateBackupEntryName(seedNamespace string, shootUID types.UID) string

GenerateBackupEntryName returns BackupEntry resource name created from provided <seedNamespace> and <shootUID>.

func GetSecretKeysWithPrefix

func GetSecretKeysWithPrefix(kind string, m map[string]*corev1.Secret) []string

GetSecretKeysWithPrefix returns a list of keys of the given map <m> which are prefixed with <kind>.

func GetServiceAccountSigningKeySecret

func GetServiceAccountSigningKeySecret(ctx context.Context, c client.Client, shootNamespace, secretName string) (string, error)

GetServiceAccountSigningKeySecret gets the signing key from the secret with the given name and namespace.

func Private12BitBlock

func Private12BitBlock() *net.IPNet

Private12BitBlock returns a private network (RFC1918) 172.16.0.0/12 IPv4 block

func Private16BitBlock

func Private16BitBlock() *net.IPNet

Private16BitBlock returns a private network (RFC1918) 192.168.0.0/16 IPv4 block

func Private8BitBlock

func Private8BitBlock() *net.IPNet

Private8BitBlock returns a private network (RFC1918) 10.0.0.0/8 IPv4 block

func ReadServiceAccountSigningKeySecret

func ReadServiceAccountSigningKeySecret(secret *corev1.Secret) (string, error)

ReadServiceAccountSigningKeySecret reads the signing key secret to extract the signing key. It errors if there is no value at ServiceAccountSigningKeySecretDataKey.

func ReplaceCloudProviderConfigKey

func ReplaceCloudProviderConfigKey(cloudProviderConfig, separator, key, value string) string

ReplaceCloudProviderConfigKey replaces a key with the new value in the given cloud provider config.

func ToExceptNetworks

func ToExceptNetworks(networks []net.IPNet, except ...string) ([]interface{}, error)

ToExceptNetworks returns a list of maps with `network` key containing one of `networks` and `except` key containgn list of `cidr` which are part of those CIDRs.

Calling `ToExceptNetworks(AllPrivateNetworkBlocks(),"10.10.0.0/24","172.16.1.0/24","192.168.1.0/24","100.64.1.0/24")` produces:

[

{"network": "10.0.0.0/8", "except": ["10.10.0.0/24"]},
{"network": "172.16.0.0/12", "except": ["172.16.1.0/24"]},
{"network": "192.168.0.0/16", "except": ["192.168.1.0/24"]},
{"network": "100.64.0.0/10", "except": ["100.64.1.0/24"]},

]

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL