Documentation ¶
Index ¶
- Constants
- func AllPrivateNetworkBlocks() []net.IPNet
- func CarrierGradeNATBlock() *net.IPNet
- func ComputeOffsetIP(subnet *net.IPNet, offset int64) (net.IP, error)
- func DeleteAlertmanager(ctx context.Context, k8sClient client.Client, namespace string) error
- func DeleteDeploymentsHavingDeprecatedRoleLabelKey(ctx context.Context, c client.Client, keys []client.ObjectKey) error
- func DeleteGrafanaByRole(ctx context.Context, k8sClient kubernetes.Interface, namespace, role string) error
- func DeleteHvpa(ctx context.Context, k8sClient kubernetes.Interface, namespace string) error
- func DeleteLoki(ctx context.Context, k8sClient client.Client, namespace string) error
- func DeleteReserveExcessCapacity(ctx context.Context, k8sClient client.Client) error
- func DeleteSeedLoggingStack(ctx context.Context, k8sClient client.Client) error
- func DeleteShootLoggingStack(ctx context.Context, k8sClient client.Client, namespace string) error
- func DeleteVpa(ctx context.Context, c client.Client, namespace string, isShoot bool) error
- func ExceptNetworks(networks []string, except ...string) ([]interface{}, error)
- func ExtractShootDetailsFromBackupEntryName(backupEntryName string) (shootTechnicalID, shootUID string)
- func GenerateAddonConfig(values map[string]interface{}, enabled bool) map[string]interface{}
- func GenerateBackupEntryName(seedNamespace string, shootUID types.UID) string
- func GetSecretKeysWithPrefix(kind string, m map[string]*corev1.Secret) []string
- func GetServiceAccountSigningKeySecret(ctx context.Context, c client.Client, shootNamespace, secretName string) (string, error)
- func Private12BitBlock() *net.IPNet
- func Private16BitBlock() *net.IPNet
- func Private8BitBlock() *net.IPNet
- func ReadServiceAccountSigningKeySecret(secret *corev1.Secret) (string, error)
- func ReplaceCloudProviderConfigKey(cloudProviderConfig, separator, key, value string) string
- func ToExceptNetworks(networks []net.IPNet, except ...string) ([]interface{}, error)
Constants ¶
const ( // VPNTunnel dictates that VPN is used as a tunnel between seed and shoot networks. VPNTunnel string = "vpn-shoot" // BasicAuthSecretName is the name of the secret containing basic authentication credentials for the kube-apiserver. BasicAuthSecretName = "kube-apiserver-basic-auth" // EtcdEncryptionSecretName is the name of the shoot-specific secret which contains // that shoot's EncryptionConfiguration. The EncryptionConfiguration contains a key // which the shoot's apiserver uses for encrypting selected etcd content. // Should match charts/seed-controlplane/charts/kube-apiserver/templates/deployment.yaml EtcdEncryptionSecretName = "etcd-encryption-secret" // EtcdEncryptionSecretFileName is the name of the file within the EncryptionConfiguration // which is made available as volume mount to the shoot's apiserver. // Should match charts/seed-controlplane/charts/kube-apiserver/templates/deployment.yaml EtcdEncryptionSecretFileName = "encryption-configuration.yaml" // EtcdEncryptionChecksumLabelName is the name of the label which is added to the shoot // secrets after rewriting them to ensure that successfully rewritten secrets are not // (unnecessarily) rewritten during each reconciliation. EtcdEncryptionChecksumLabelName = "shoot.gardener.cloud/etcd-encryption-configuration-checksum" // EtcdEncryptionForcePlaintextAnnotationName is the name of the annotation with which to annotate // the EncryptionConfiguration secret to force the decryption of shoot secrets EtcdEncryptionForcePlaintextAnnotationName = "shoot.gardener.cloud/etcd-encryption-force-plaintext-secrets" // EtcdEncryptionEncryptedResourceSecrets is the name of the secret resource to be encrypted EtcdEncryptionEncryptedResourceSecrets = "secrets" // EtcdEncryptionKeyPrefix is the prefix for the key name of the EncryptionConfiguration's key EtcdEncryptionKeyPrefix = "key" // EtcdEncryptionKeySecretLen is the expected length in bytes of the EncryptionConfiguration's key EtcdEncryptionKeySecretLen = 32 // ETCDEncryptionConfigDataName is the name of ShootState data entry holding the current key and encryption state used to encrypt shoot resources ETCDEncryptionConfigDataName = "etcdEncryptionConfiguration" // GrafanaOperatorsPrefix is a constant for a prefix used for the operators Grafana instance. GrafanaOperatorsPrefix = "go" // GrafanaUsersPrefix is a constant for a prefix used for the users Grafana instance. GrafanaUsersPrefix = "gu" // GrafanaOperatorsRole is a constant for the operators role. GrafanaOperatorsRole = "operators" // GrafanaUsersRole is a constant for the users role. GrafanaUsersRole = "users" // PrometheusPrefix is a constant for a prefix used for the Prometheus instance. PrometheusPrefix = "p" // AlertManagerPrefix is a constant for a prefix used for the AlertManager instance. AlertManagerPrefix = "au" // CoreDNSDeploymentName is the name of the coredns deployment. CoreDNSDeploymentName = "coredns" // KubecfgUsername is the username for the token used for the kubeconfig the shoot. KubecfgUsername = "system:cluster-admin" // KubecfgSecretName is the name of the kubecfg secret. KubecfgSecretName = "kubecfg" // DependencyWatchdogExternalProbeSecretName is the name of the kubecfg secret with internal DNS for external access. DependencyWatchdogExternalProbeSecretName = "dependency-watchdog-external-probe" // DependencyWatchdogInternalProbeSecretName is the name of the kubecfg secret with cluster IP access. DependencyWatchdogInternalProbeSecretName = "dependency-watchdog-internal-probe" // DependencyWatchdogUserName is the user name of the dependency-watchdog. DependencyWatchdogUserName = "gardener.cloud:system:dependency-watchdog" // KubeAPIServerHealthCheck is a key for the kube-apiserver-health-check user. KubeAPIServerHealthCheck = "kube-apiserver-health-check" // StaticTokenSecretName is the name of the secret containing static tokens for the kube-apiserver. StaticTokenSecretName = "static-token" // VPASecretName is the name of the secret used by VPA VPASecretName = "vpa-tls-certs" // ManagedResourceShootCoreName is the name of the shoot core managed resource. ManagedResourceShootCoreName = "shoot-core" // ManagedResourceAddonsName is the name of the addons managed resource. ManagedResourceAddonsName = "addons" // SeedSpecHash is a constant for a label on `ControllerInstallation`s (similar to `pod-template-hash` on `Pod`s). SeedSpecHash = "seed-spec-hash" // RegistrationSpecHash is a constant for a label on `ControllerInstallation`s (similar to `pod-template-hash` on `Pod`s). RegistrationSpecHash = "registration-spec-hash" // VpaAdmissionControllerName is the name of the vpa-admission-controller name. VpaAdmissionControllerName = "gardener.cloud:vpa:admission-controller" // VpaRecommenderName is the name of the vpa-recommender name. VpaRecommenderName = "gardener.cloud:vpa:recommender" // VpaUpdaterName is the name of the vpa-updater name. VpaUpdaterName = "gardener.cloud:vpa:updater" // VpaExporterName is the name of the vpa-exporter name. VpaExporterName = "gardener.cloud:vpa:exporter" // IstioNamespace is the istio-system namespace IstioNamespace = "istio-system" // ServiceAccountSigningKeySecretDataKey is the data key of a signing key Kubernetes secret. ServiceAccountSigningKeySecretDataKey = "signing-key" // AlertManagerTLS is the name of the secret resource which holds the TLS certificate for Alert Manager. AlertManagerTLS = "alertmanager-tls" // GrafanaTLS is the name of the secret resource which holds the TLS certificate for Grafana. GrafanaTLS = "grafana-tls" // PrometheusTLS is the name of the secret resource which holds the TLS certificate for Prometheus. PrometheusTLS = "prometheus-tls" // EndUserCrtValidity is the time period a user facing certificate is valid. EndUserCrtValidity = 730 * 24 * time.Hour // ~2 years, see https://support.apple.com/en-us/HT210176 // ShootDNSIngressName is a constant for the DNS resources used for the shoot ingress addon. ShootDNSIngressName = "ingress" // GardenLokiPriorityClassName is the name of the PriorityClass for the Loki in the garden namespace GardenLokiPriorityClassName = "garden-loki" )
Variables ¶
This section is empty.
Functions ¶
func AllPrivateNetworkBlocks ¶
AllPrivateNetworkBlocks returns a list of all Private network (RFC1918) and Carrier-grade NAT (RFC6598) IPv4 blocks.
func CarrierGradeNATBlock ¶
CarrierGradeNATBlock returns a Carrier-grade NAT (RFC6598) 100.64.0.0/10 IPv4 block
func ComputeOffsetIP ¶
ComputeOffsetIP parses the provided <subnet> and offsets with the value of <offset>. For example, <subnet> = 100.64.0.0/11 and <offset> = 10 the result would be 100.64.0.10 IPv6 and IPv4 is supported.
func DeleteAlertmanager ¶
DeleteAlertmanager deletes all resources of the Alertmanager in a given namespace.
func DeleteDeploymentsHavingDeprecatedRoleLabelKey ¶
func DeleteDeploymentsHavingDeprecatedRoleLabelKey(ctx context.Context, c client.Client, keys []client.ObjectKey) error
DeleteDeploymentsHavingDeprecatedRoleLabelKey deletes the Deployments with the passed object keys if the corresponding Deployment .spec.selector contains the deprecated "garden.sapcloud.io/role" label key.
func DeleteGrafanaByRole ¶
func DeleteGrafanaByRole(ctx context.Context, k8sClient kubernetes.Interface, namespace, role string) error
DeleteGrafanaByRole deletes the monitoring stack for the shoot owner.
func DeleteHvpa ¶
DeleteHvpa delete all resources required for the HVPA in the given namespace.
func DeleteLoki ¶
DeleteLoki deletes all resources of the Loki in a given namespace.
func DeleteReserveExcessCapacity ¶
DeleteReserveExcessCapacity deletes the deployment and priority class for excess capacity
func DeleteSeedLoggingStack ¶
DeleteSeedLoggingStack deletes all seed resource of the logging stack in the garden namespace.
func DeleteShootLoggingStack ¶
DeleteShootLoggingStack deletes all shoot resource of the logging stack in the given namespace.
func ExceptNetworks ¶
ExceptNetworks returns a list of maps with `network` key containing one of `networks` and `except` key containgn list of `cidr` which are part of those CIDRs.
Calling `ExceptNetworks([]garden.CIDR{"10.0.0.0/8","172.16.0.0/12"},"10.10.0.0/24","172.16.1.0/24")` produces:
[
{"network": "10.0.0.0/8", "except": ["10.10.0.0/24"]}, {"network": "172.16.0.0/12", "except": ["172.16.1.0/24"]},
]
func ExtractShootDetailsFromBackupEntryName ¶
func ExtractShootDetailsFromBackupEntryName(backupEntryName string) (shootTechnicalID, shootUID string)
ExtractShootDetailsFromBackupEntryName returns Shoot resource technicalID its UID from provided <backupEntryName>.
func GenerateAddonConfig ¶
GenerateAddonConfig returns the provided <values> in case <enabled> is true. Otherwise, nil is being returned.
func GenerateBackupEntryName ¶
GenerateBackupEntryName returns BackupEntry resource name created from provided <seedNamespace> and <shootUID>.
func GetSecretKeysWithPrefix ¶
GetSecretKeysWithPrefix returns a list of keys of the given map <m> which are prefixed with <kind>.
func GetServiceAccountSigningKeySecret ¶
func GetServiceAccountSigningKeySecret(ctx context.Context, c client.Client, shootNamespace, secretName string) (string, error)
GetServiceAccountSigningKeySecret gets the signing key from the secret with the given name and namespace.
func Private12BitBlock ¶
Private12BitBlock returns a private network (RFC1918) 172.16.0.0/12 IPv4 block
func Private16BitBlock ¶
Private16BitBlock returns a private network (RFC1918) 192.168.0.0/16 IPv4 block
func Private8BitBlock ¶
Private8BitBlock returns a private network (RFC1918) 10.0.0.0/8 IPv4 block
func ReadServiceAccountSigningKeySecret ¶
ReadServiceAccountSigningKeySecret reads the signing key secret to extract the signing key. It errors if there is no value at ServiceAccountSigningKeySecretDataKey.
func ReplaceCloudProviderConfigKey ¶
ReplaceCloudProviderConfigKey replaces a key with the new value in the given cloud provider config.
func ToExceptNetworks ¶
ToExceptNetworks returns a list of maps with `network` key containing one of `networks` and `except` key containgn list of `cidr` which are part of those CIDRs.
Calling `ToExceptNetworks(AllPrivateNetworkBlocks(),"10.10.0.0/24","172.16.1.0/24","192.168.1.0/24","100.64.1.0/24")` produces:
[
{"network": "10.0.0.0/8", "except": ["10.10.0.0/24"]}, {"network": "172.16.0.0/12", "except": ["172.16.1.0/24"]}, {"network": "192.168.0.0/16", "except": ["192.168.1.0/24"]}, {"network": "100.64.0.0/10", "except": ["100.64.1.0/24"]},
]
Types ¶
This section is empty.