Documentation ¶
Index ¶
- type AuditConfig
- type Brand
- type CA
- type Calico
- type CertManager
- type Cluster
- type ConfigMapReloader
- type Connection
- type Consul
- type DB
- type Dashboard
- type DynamicDNS
- type ECK
- type Elasticsearch
- type Enabled
- type Filebeat
- type FluentdOperator
- type GitOps
- type Grafana
- type Harbor
- type HarborProject
- type HarborSettings
- type Kubernetes
- type Ldap
- type LdapAccessConfig
- type LdapE2E
- type Machine
- type Memory
- type Monitoring
- type MonitoringE2E
- type NFS
- type NSX
- type Nginx
- type NodeLocalDNS
- type NsxCOE
- type NsxHA
- type NsxK8s
- type NsxNodeAgent
- type NsxV3
- type OAuth2Proxy
- type OPA
- type OPAE2E
- type Persistence
- type PlatformConfig
- type PostgresOperator
- type Prometheus
- type RegistryCredentials
- type RegistryCredentialsACR
- type RegistryCredentialsDPR
- type RegistryCredentialsECR
- type RegistryCredentialsGCR
- type S3
- type S3E2E
- type SMTP
- type SealedSecrets
- type Thanos
- type ThanosE2E
- type VM
- type Vault
- type VaultClient
- type VaultPolicy
- type VaultPolicyPath
- type Velero
- type Versions
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AuditConfig ¶
type AuditConfig struct {
PolicyFile string `yaml:"policyFile,omitempty"`
}
AuditConfig is used to specify the audit policy file. If a policy file is specified them cluster auditing is enabled. Configure additional `--audit-log-*` flags under kubernetes.apiServerExtraArgs
type Calico ¶
type Calico struct { Disabled bool `yaml:"disabled,omitempty"` IPIP calico.IPIPMode `yaml:"ipip"` VxLAN calico.VXLANMode `yaml:"vxlan"` Version string `yaml:"version,omitempty"` Log string `yaml:"log,omitempty"` BGPPeers []calico.BGPPeer `yaml:"bgpPeers,omitempty"` BGPConfig calico.BGPConfiguration `yaml:"bgpConfig,omitempty"` IPPools []calico.IPPool `yaml:"ipPools,omitempty"` }
type CertManager ¶
type CertManager struct { Version string `yaml:"version"` // Details of a vault server to use for signing ingress certificates Vault *VaultClient `yaml:"vault,omitempty"` }
type ConfigMapReloader ¶
type Connection ¶
type Connection struct { URL string `yaml:"url"` User string `yaml:"user,omitempty"` Password string `yaml:"password,omitempty"` Port string `yaml:"port,omitempty"` Scheme string `yaml:"scheme,omitempty"` Verify string `yaml:"verify,omitempty"` }
func (Connection) GetURL ¶
func (c Connection) GetURL() string
type DB ¶
type DB struct { Host string `yaml:"host"` Username string `yaml:"username"` Password string `yaml:"password"` Port int `yaml:"port"` }
func (DB) GetConnectionURL ¶
type Dashboard ¶
type Dashboard struct { Enabled AccessRestricted LdapAccessConfig `yaml:"accessRestricted,omitempty"` }
type DynamicDNS ¶
type DynamicDNS struct { Disabled bool `yaml:"disabled,omitempty"` Nameserver string `yaml:"nameserver,omitempty"` Key string `yaml:"key,omitempty"` KeyName string `yaml:"keyName,omitempty"` Algorithm string `yaml:"algorithm,omitempty"` Zone string `yaml:"zone,omitempty"` AccessKey string `yaml:"accessKey,omitempty"` SecretKey string `yaml:"secretKey,omitempty"` Type string `yaml:"type,omitempty"` }
type Elasticsearch ¶
type Elasticsearch struct { Version string `yaml:"version"` Mem *Memory `yaml:"mem,omitempty"` Replicas int `yaml:"replicas,omitempty"` Persistence *Persistence `yaml:"persistence,omitempty"` Disabled bool `yaml:"disabled,omitempty"` }
type Filebeat ¶
type Filebeat struct { Version string `yaml:"version"` Disabled bool `yaml:"disabled,omitempty"` Elasticsearch *Connection `yaml:"elasticsearch,omitempty"` Logstash *Connection `yaml:"logstash,omitempty"` }
type FluentdOperator ¶
type FluentdOperator struct { Disabled bool `yaml:"disabled,omitempty"` Version string `yaml:"version"` Elasticsearch Connection `yaml:"elasticsearch,omitempty"` DisableDefaultConfig bool `yaml:"disableDefaultConfig"` }
type GitOps ¶
type GitOps struct { // The name of the gitops deployment, defaults to namespace name Name string `yaml:"name,omitempty"` // Do not scan container image registries to fill in the registry cache, implies `--git-read-only` (default: true) DisableScanning *bool `yaml:"disableScanning,omitempty"` // The namespace to deploy the GitOps operator into, if empty then it will be deployed cluster-wide into kube-system Namespace string `yaml:"namespace,omitempty"` // The URL to git repository to clone GitURL string `yaml:"gitUrl"` // The git branch to use (default: `master`) GitBranch string `yaml:"gitBranch,omitempty"` // The path with in the git repository to look for YAML in (default: `.`) GitPath string `yaml:"gitPath,omitempty"` // The frequency with which to fetch the git repository (default: `5m0s`) GitPollInterval string `yaml:"gitPollInterval,omitempty"` // The frequency with which to sync the manifests in the repository to the cluster (default: `5m0s`) SyncInterval string `yaml:"syncInterval,omitempty"` // The Kubernetes secret to use for cloning, if it does not exist it will be generated (default: `flux-$name-git-deploy`) GitKey string `yaml:"gitKey,omitempty"` // The contents of the known_hosts file to mount into Flux and helm-operator KnownHosts string `yaml:"knownHosts,omitempty"` // The contents of the ~/.ssh/config file to mount into Flux and helm-operator SSHConfig string `yaml:"sshConfig,omitempty"` // The version to use for flux (default: 1.9.0 ) FluxVersion string `yaml:"fluxVersion,omitempty"` // a map of args to pass to flux without -- prepended. See [fluxd](https://docs.fluxcd.io/en/1.19.0/references/daemon/) for a full list Args map[string]string `yaml:"args,omitempty"` }
type Harbor ¶
type Harbor struct { Disabled bool `yaml:"disabled,omitempty"` Version string `yaml:"version,omitempty"` ChartVersion string `yaml:"chartVersion,omitempty"` AdminPassword string `yaml:"-"` ClairVersion string `yaml:"clairVersion"` RegistryVersion string `yaml:"registryVersion"` // Logging level for various components, valid options are `info`,`warn`,`debug` (default: `warn`) LogLevel string `yaml:"logLevel,omitempty"` DB *DB `yaml:"db,omitempty"` URL string `yaml:"url,omitempty"` Projects map[string]HarborProject `yaml:"projects,omitempty"` Settings *HarborSettings `yaml:"settings,omitempty"` Replicas int `yaml:"replicas,omitempty"` // S3 bucket for the docker registry to use Bucket string `yaml:"bucket"` }
type HarborProject ¶
type HarborSettings ¶
type HarborSettings struct { AuthMode string `json:"auth_mode,omitempty" yaml:"auth_mode,omitempty"` EmailFrom string `json:"email_from,omitempty" yaml:"email_from,omitempty"` EmailHost string `json:"email_host,omitempty" yaml:"email_host,omitempty"` EmailIdentity string `json:"email_identity,omitempty" yaml:"email_identity,omitempty"` EmailPassword string `json:"email_password,omitempty" yaml:"email_password,omitempty"` EmailInsecure string `json:"email_insecure,omitempty" yaml:"email_insecure,omitempty"` EmailPort string `json:"email_port,omitempty" yaml:"email_port,omitempty"` EmailSsl *bool `json:"email_ssl,omitempty" yaml:"email_ssl,omitempty"` EmailUsername string `json:"email_username,omitempty" yaml:"email_username,omitempty"` LdapURL string `json:"ldap_url,omitempty" yaml:"ldap_url,omitempty"` LdapBaseDN string `json:"ldap_base_dn,omitempty" yaml:"ldap_base_dn,omitempty"` LdapFilter string `json:"ldap_filter,omitempty" yaml:"ldap_filter,omitempty"` LdapScope string `json:"ldap_scope,omitempty" yaml:"ldap_scope,omitempty"` LdapSearchDN string `json:"ldap_search_dn,omitempty" yaml:"ldap_search_dn,omitempty"` LdapSearchPassword string `json:"ldap_search_password,omitempty" yaml:"ldap_search_password,omitempty"` LdapTimeout string `json:"ldap_timeout,omitempty" yaml:"ldap_timeout,omitempty"` LdapUID string `json:"ldap_uid,omitempty" yaml:"ldap_uid,omitempty"` LdapVerifyCert *bool `json:"ldap_verify_cert,omitempty" yaml:"ldap_verify_cert,omitempty"` LdapGroupAdminDN string `json:"ldap_group_admin_dn,omitempty" yaml:"ldap_group_admin_dn,omitempty"` LdapGroupAttributeName string `json:"ldap_group_attribute_name,omitempty" yaml:"ldap_group_attribute_name,omitempty"` LdapGroupBaseDN string `json:"ldap_group_base_dn,omitempty" yaml:"ldap_group_base_dn,omitempty"` LdapGroupSearchFilter string `json:"ldap_group_search_filter,omitempty" yaml:"ldap_group_search_filter,omitempty"` LdapGroupSearchScope string `json:"ldap_group_search_scope,omitempty" yaml:"ldap_group_search_scope,omitempty"` LdapGroupMembershipAttribute string `json:"ldap_group_membership_attribute,omitempty" yaml:"ldap_group_membership_attribute,omitempty"` ProjectCreationRestriction string `json:"project_creation_restriction,omitempty" yaml:"project_creation_restriction,omitempty"` ReadOnly string `json:"read_only,omitempty" yaml:"read_only,omitempty"` SelfRegistration *bool `json:"self_registration,omitempty" yaml:"self_registration,omitempty"` TokenExpiration int `json:"token_expiration,omitempty" yaml:"token_expiration,omitempty"` OidcName string `json:"oidc_name,omitempty" yaml:"oidc_name,omitempty"` OidcEndpoint string `json:"oidc_endpoint,omitempty" yaml:"oidc_endpoint,omitempty"` OidcClientID string `json:"oidc_client_id,omitempty" yaml:"oidc_client_id,omitempty"` OidcClientSecret string `json:"oidc_client_secret,omitempty" yaml:"oidc_client_secret,omitempty"` OidcScope string `json:"oidc_scope,omitempty" yaml:"oidc_scope,omitempty"` OidcVerifyCert string `json:"oidc_verify_cert,omitempty" yaml:"oidc_verify_cert,omitempty"` RobotTokenDuration int `json:"robot_token_duration,omitempty" yaml:"robot_token_duration,omitempty"` }
type Kubernetes ¶
type Kubernetes struct { Version string `yaml:"version"` // Configure additional kubelet [flags](https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/) KubeletExtraArgs map[string]string `yaml:"kubeletExtraArgs,omitempty"` // Configure additional kube-controller-manager [flags](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/) ControllerExtraArgs map[string]string `yaml:"controllerExtraArgs,omitempty"` // Configure additional kube-scheduler [flags](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-scheduler/) SchedulerExtraArgs map[string]string `yaml:"schedulerExtraArgs,omitempty"` // Configure additional kube-apiserver [flags](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/) APIServerExtraArgs map[string]string `yaml:"apiServerExtraArgs,omitempty"` // Configure additional etcd [flags](https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/configuration.md) EtcdExtraArgs map[string]string `yaml:"etcdExtraArgs,omitempty"` MasterIP string `yaml:"masterIP,omitempty"` // Configure Kubernetes auditing AuditConfig AuditConfig `yaml:"auditing,omitempty"` }
func (*Kubernetes) UnmarshalYAML ¶
func (c *Kubernetes) UnmarshalYAML(unmarshal func(interface{}) error) error
UnmarshalYAML is used to customize the YAML unmarshalling of Kubernetes objects. It makes sure that if a audit policy is specified that a default audit-log-path will be supplied.
type Ldap ¶
type Ldap struct { Disabled bool `yaml:"disabled,omitempty"` Host string `yaml:"host,omitempty"` Port string `yaml:"port,omitempty"` Username string `yaml:"username,omitempty"` Password string `yaml:"password,omitempty"` Domain string `yaml:"domain,omitempty"` // Members of this group will become cluster-admins AdminGroup string `yaml:"adminGroup,omitempty"` UserDN string `yaml:"userDN,omitempty"` GroupDN string `yaml:"groupDN,omitempty"` // GroupObjectClass is used for searching user groups in LDAP. Default is `group` for Active Directory and `groupOfNames` for Apache DS GroupObjectClass string `yaml:"groupObjectClass,omitempty"` // GroupNameAttr is the attribute used for returning group name in OAuth tokens. Default is `name` in ActiveDirectory and `DN` in Apache DS GroupNameAttr string `yaml:"groupNameAttr,omitempty"` E2E LdapE2E `yaml:"e2e,omitempty"` }
func (Ldap) GetConnectionURL ¶
type LdapAccessConfig ¶
type Machine ¶
type Machine interface { String() string WaitForPoweredOff() error GetIP(timeout time.Duration) (string, error) WaitForIP() (string, error) SetAttributes(attributes map[string]string) error GetAttributes() (map[string]string, error) Shutdown() error PowerOff() error Terminate() error Name() string GetAge() time.Duration GetTemplate() string IP() string }
Machine represents a running instance of a VM
type Monitoring ¶
type Monitoring struct { Disabled bool `yaml:"disabled,omitempty"` AlertEmail string `yaml:"alert_email,omitempty"` Version string `yaml:"version,omitempty" json:"version,omitempty"` Prometheus Prometheus `yaml:"prometheus,omitempty" json:"prometheus,omitempty"` Grafana Grafana `yaml:"grafana,omitempty" json:"grafana,omitempty"` AlertManager string `yaml:"alertMmanager,omitempty"` KubeStateMetrics string `yaml:"kubeStateMetrics,omitempty"` KubeRbacProxy string `yaml:"kubeRbacProxy,omitempty"` NodeExporter string `yaml:"nodeExporter,omitempty"` AddonResizer string `yaml:"addonResizer,omitempty"` PrometheusOperator string `yaml:"prometheus_operator,omitempty"` E2E MonitoringE2E `yaml:"e2e,omitempty"` }
type MonitoringE2E ¶
type MonitoringE2E struct { // MinAlertLevel is the minimum alert level for which E2E tests should fail. can be // can be one of critical, warning, info MinAlertLevel string `yaml:"minAlertLevel,omitempty"` }
type NSX ¶
type NSX struct { LoadBalancerIPPool string `yaml:"loadbalancer_ip_pool,omitempty"` Tier0 string `yaml:"tier0,omitempty"` Disabled bool `structs:"-" yaml:"disabled"` Image string `structs:"-" yaml:""` Version string `structs:"-" yaml:"version"` // If set to true, the logging level will be set to DEBUG instead of the // default INFO level. Debug *bool `structs:"debug,omitempty" yaml:"debug,omitempty"` // If set to true, log output to standard error. UseStderr *bool `structs:"use_stderr,omitempty" yaml:"use_stderr,omitempty"` // If set to true, use syslog for logging. UseSyslog *bool `structs:"use_syslog,omitempty" yaml:"use_syslog,omitempty"` // The base directory used for relative log_file paths. LogDir string `structs:"log_dir,omitempty" yaml:"log_dir,omitempty"` // Name of log file to send logging output to. LogFile string `structs:"log_file,omitempty" yaml:"log_file,omitempty"` // max MB for each compressed file. Defaults to 100 MB. //log_rotation_file_max_mb = 100 LogRotationFileMaxMb *int `structs:"log_rotation_file_max_mb,omitempty" yaml:"log_rotation_file_max_mb,omitempty"` // Total number of compressed backup files to store. Defaults to 5. LogRotationBackupCount *int `structs:"log_rotation_backup_count,omitempty" yaml:"log_rotation_backup_count,omitempty"` // Specify the directory where nsx-python-logging is installed NsxPythonLoggingPath string `structs:"nsx_python_logging_path,omitempty" yaml:"nsx_python_logging_path,omitempty"` // Specify the directory where nsx-cli is installed NsxCliPath string `structs:"nsx_cli_path,omitempty" yaml:"nsx_cli_path,omitempty"` NsxV3 *NsxV3 `structs:"nsx_v3,omitempty" yaml:"nsx_v3,omitempty"` NsxHA *NsxHA `structs:"ha,omitempty" yaml:"nsx_ha,omitempty"` NsxCOE *NsxCOE `structs:"coe,omitempty" yaml:"coe,omitempty"` NsxK8s *NsxK8s `structs:"k8s" yaml:"nsx_k8s,omitempty"` NsxNodeAgent *NsxNodeAgent `structs:"nsx_node_agent" yaml:"nsx_node_agent,omitempty"` }
type Nginx ¶
type Nginx struct { Disabled bool `yaml:"disabled"` // The version of the nginx controller to deploy (default: `0.25.1.flanksource.1`) Version string `yaml:"version"` // Disable access logs DisableAccessLog bool `yaml:"disableAccessLog,omitempty"` // Size of request body buffer (default: `16M`) RequestBodyBuffer string `yaml:"requestBodyBuffer,omitempty"` // Max size of request body (default: `32M`) RequestBodyMax string `yaml:"requestBodyMax,omitempty"` }
Configures the Nginx Ingress Controller, the controller Docker image is forked from upstream to include more LUA packages for OAuth. <br> To configure global settings not available below, override the <b>ingress-nginx/nginx-configuration</b> configmap with settings from [here](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/configmap/)
type NodeLocalDNS ¶
type NsxCOE ¶
type NsxCOE struct { // Container orchestrator adaptor to plug in. Adaptor string `structs:"adaptor,omitempty" yaml:"adaptor,omitempty"` // Specify cluster for adaptor. Cluster string `structs:"cluster,omitempty" yaml:"cluster,omitempty"` // Log level for NCP operations // Choices: NOTSET DEBUG INFO WARNING ERROR CRITICAL Loglevel string `structs:"loglevel,omitempty" yaml:"loglevel,omitempty"` // Log level for NSX API client operations // Choices: NOTSET DEBUG INFO WARNING ERROR CRITICAL NsxlibLoglevel string `structs:"nsxlib_loglevel,omitempty" yaml:"nsxlib_loglevel,omitempty"` // Enable SNAT for all projects in this cluster EnableSnat *bool `structs:"enable_snat,omitempty" yaml:"enable_snat,omitempty"` // Option to enable profiling Profiling *bool `structs:"profiling,omitempty" yaml:"profiling,omitempty"` // The type of container host node // Choices: HOSTVM BAREMETAL CLOUD WCP_WORKER NodeType string `structs:"node_type,omitempty" yaml:"node_type,omitempty"` // The time in seconds for NCP/nsx_node_agent to recover the connection to // NSX manager/container orchestrator adaptor/Hyperbus before exiting. If // the value is 0, NCP/nsx_node_agent wont exit automatically when the // connection check fails ConnectRetryTimeout *int `structs:"connect_retry_timeout,omitempty" yaml:"connect_retry_timeout,omitempty"` }
type NsxHA ¶
type NsxHA struct { // Time duration in seconds of mastership timeout. NCP instance will remain // master for this duration after elected. Note that the heartbeat period // plus the update timeout must not be greater than this period. This is // done to ensure that the master instance will either confirm liveness or // fail before the timeout. MasterTimeout *int `structs:"master_timeout,omitempty"` // Time in seconds between heartbeats for elected leader. Once an NCP // instance is elected master, it will periodically confirm liveness based // on this value. HeartbeatPeriod *int `structs:"heartbeat_period,omitempty"` // Timeout duration in seconds for update to election resource. The default // value is calculated by subtracting heartbeat period from master timeout. // If the update request does not complete before the timeout it will be // aborted. Used for master heartbeats to ensure that the update fstructs:shes or // is aborted before the master timeout occurs. UpdateTimeout *int `structs:"update_timeout,omitempty"` }
type NsxK8s ¶
type NsxK8s struct { // Kubernetes API server IP address. ApiserverHostIP string `structs:"apiserver_host_ip,omitempty" yaml:"apiserver_host_ip,omitempty"` // Kubernetes API server port. ApiserverHostPort string `structs:"apiserver_host_port,omitempty" yaml:"apiserver_host_port,omitempty"` // Full path of the Token file to use for authenticating with the k8s API // server. ClientTokenFile string `structs:"client_token_file,omitempty" yaml:"client_token_file,omitempty"` // Full path of the client certificate file to use for authenticating with // the k8s API server. It must be specified together with // "client_private_key_file". ClientCertFile string `structs:"client_cert_file,omitempty" yaml:"client_cert_file,omitempty"` ClientPrivateKeyFile string `structs:"client_private_key_file,omitempty" yaml:"client_private_key_file,omitempty"` // Specify a CA bundle file to use in verifying the k8s API server // certificate. CaFile string `structs:"ca_file,omitempty" yaml:"ca_file,omitempty"` // Specify whether ingress controllers are expected to be deployed in // hostnework mode or as regular pods externally accessed via NAT // Choices: hostnetwork nat IngressMode string `structs:"ingress_mode,omitempty" yaml:"ingress_mode,omitempty"` // Log level for the kubernetes adaptor // Choices: NOTSET DEBUG INFO WARNING ERROR CRITICAL Loglevel string `structs:"loglevel,omitempty" yaml:"loglevel,omitempty"` HTTPIngressPort *int `structs:"http_ingress_port,omitempty" yaml:"http_ingress_port,omitempty"` // The default HTTPS ingress port HTTPSIngressPort *int `structs:"https_ingress_port,omitempty" yaml:"https_ingress_port,omitempty"` // Specify thread pool size to process resource events ResourceWatcherThreadPoolSize *int `structs:"resource_watcher_thread_pool_size,omitempty" yaml:"resource_watcher_thread_pool_size,omitempty"` // User specified IP address for HTTP and HTTPS ingresses // nolint: golint, stylecheck HttpAndHttpsIngressIp string `structs:"http_and_https_ingress_ip,omitempty" yaml:"http_and_https_ingress_ip,omitempty"` // Set this to True to enable NCP to create segment port for VM through // NsxNetworkInterface CRD. EnableNsxNetifCrd *bool `structs:"enable_nsx_netif_crd,omitempty" yaml:"enable_nsx_netif_crd,omitempty"` // Option to set the type of baseline cluster policy. ALLOW_CLUSTER creates // an explicit baseline policy to allow any pod to communicate any other pod // within the cluster. ALLOW_NAMESPACE creates an explicit baseline policy // to allow pods within the same namespace to communicate with each other. // By default, no baseline rule will be created and the cluster will assume // the default behavior as specified by the backend. // Choices: <None> allow_cluster allow_namespace BaselinePolicyType string `structs:"baseline_policy_type,omitempty" yaml:"baseline_policy_type,omitempty"` }
type NsxNodeAgent ¶
type NsxNodeAgent struct { // The log level of NSX RPC library // Choices: NOTSET DEBUG INFO WARNING ERROR CRITICAL LogLevel string `structs:"nsxrpc_loglevel,omitempty" yaml:"log_level,omitempty"` // OVS bridge name OvsBridge string `structs:"ovs_bridge,omitempty" yaml:"ovs_bridge,omitempty"` // The OVS uplink OpenFlow port where to apply the NAT rules to. OvsUplinkPort string `structs:"ovs_uplink_port,omit_empty" yaml:"ovs_uplink_port,omitempty"` // The time in seconds for nsx_node_agent to wait CIF config from HyperBus // before returning to CNI ConfigRetryTimeout *int `structs:"config_retry_timeout,omitempty" yaml:"config_retry_timeout,omitempty"` // The time in seconds for nsx_node_agent to backoff before re-using an // existing cached CIF to serve CNI request. Must be less than config_retry_timeout. ConfigReuseBackoffTime *int `structs:"config_reuse_backoff_time,omitempty" yaml:"config_reuse_backoff_time,omitempty"` }
type NsxV3 ¶
type NsxV3 struct { NsxAPIUser string `structs:"nsx_api_user,omitempty" yaml:"nsx_api_user,omitempty"` NsxAPIPass string `structs:"nsx_api_password,omitempty" yaml:"nsx_api_password,omitempty"` PolicyNSXAPI *bool `structs:"policy_nsxapi" yaml:"policy_nsxapi,omitempty"` // Path to NSX client certificate file. If specified, the nsx_api_user and // nsx_api_password options will be ignored. Must be specified along with // nsx_api_private_key_file option NsxAPICertFile string `structs:"nsx_api_cert_file,omitempty" yaml:"nsx_api_cert_file,omitempty"` // Path to NSX client private key file. If specified, the nsx_api_user and // nsx_api_password options will be ignored. Must be specified along with // nsx_api_cert_file option NsxAPIPrivateKeyFile string `structs:"nsx_api_private_key_file,omitempty" yaml:"nsx_api_private_key_file,omitempty"` // IP address of one or more NSX managers separated by commas. The IP // address should be of the form: // [<scheme>://]<ip_adress>[:<port>] // If // scheme is not provided https is used. If port is not provided port 80 is // used for http and port 443 for https. NsxAPIManagers []string `structs:"nsx_api_managers,omitempty" yaml:"nsx_api_managers,omitempty"` // is available to serve a request, and retry the request instead ClusterUnavailableRetry *bool `structs:"cluster_unavailable_retry,omitempty" yaml:"cluster_unavailable_retry,omitempty"` // Maximum number of times to retry API requests upon stale revision errors. Retries *int `structs:"retries,omitempty" yaml:"retries,omitempty"` // Specify one or a list of CA bundle files to use in verifying the NSX // Manager server certificate. This option is ignored if "insecure" is set // to True. If "insecure" is set to False and ca_file is unset, the system // root CAs will be used to verify the server certificate. CaFile []string `structs:"ca_file,omitempty" yaml:"ca_file,omitempty"` // If true, the NSX Manager server certificate is not verified. If false the // CA bundle specified via "ca_file" will be used or if unset the default // system root CAs will be used. Insecure *bool `structs:"insecure,omitempty" yaml:"insecure,omitempty"` // The time in seconds before aborting a HTTP connection to a NSX manager. HTTPTimeout *int `structs:"http_timeout,omitempty" yaml:"http_timeout,omitempty"` // The time in seconds before aborting a HTTP read response from a NSX // manager. HTTPReadTimeout *int `structs:"http_read_timeout,omitempty" yaml:"http_read_timeout,omitempty"` // Maximum number of times to retry a HTTP connection. HTTPRetries *int `structs:"http_retries,omitempty" yaml:"http_retries,omitempty"` // Maximum concurrent connections to each NSX manager. ConcurrentConnections *int `structs:"concurrent_connections,omitempty" yaml:"concurrent_connections,omitempty"` // The amount of time in seconds to wait before ensuring connectivity to the // NSX manager if no manager connection has been used. ConnIdltTimeout *int `structs:"conn_idlt_timeout,omitempty" yaml:"conn_idlt_timeout,omitempty"` // Number of times a HTTP redirect should be followed. Redirects *int `structs:"redirects,omitempty" yaml:"redirects,omitempty"` // Subnet prefix of IP block. SubnetPrefix *int `structs:"subnet_prefix,omitempty" yaml:"subnet_prefix,omitempty"` // Indicates whether distributed firewall DENY rules are logged. LogDroppedTraffic *bool `structs:"log_dropped_traffic,omitempty" yaml:"log_dropped_traffic,omitempty"` // Option to use native load balancer or not UseNativeLoadbalancer *bool `structs:"use_native_loadbalancer,omitempty" yaml:"use_native_loadbalancer,omitempty"` // Option to auto scale layer 4 load balancer or not. If set to True, NCP // will create additional LB when necessary upon K8s Service of type LB // creation/update. L4LBAutoScaling *bool `structs:"l_4_lb_auto_scaling,omitempty" yaml:"l_4_lb_auto_scaling,omitempty"` // Option to use native load balancer or not when ingress class annotation // is missing. Only effective if use_native_loadbalancer is set to true DefaultIngressClassNsx *bool `structs:"default_ingress_class_nsx,omitempty" yaml:"default_ingress_class_nsx,omitempty"` // Path to the default certificate file for HTTPS load balancing. Must be // specified along with lb_priv_key_path option LBDefaultCertPath string `structs:"lb_default_cert_path,omitempty" yaml:"lb_default_cert_path,omitempty"` // Path to the private key file for default certificate for HTTPS load // balancing. Must be specified along with lb_default_cert_path option LBPrivKeyPath string `structs:"lb_priv_key_path,omitempty" yaml:"lb_priv_key_path,omitempty"` // Option to set load balancing algorithm in load balancer pool object. // Choices: ROUND_ROBIN LEAST_CONNECTION IP_HASH WEIGHTED_ROUND_ROBIN PoolAlgorithm string `structs:"pool_algorithm,omitempty" yaml:"pool_algorithm,omitempty"` // Option to set load balancer service size. MEDIUM Edge VM (4 vCPU, 8GB) // only supports SMALL LB. LARGE Edge VM (8 vCPU, 16GB) only supports MEDIUM // and SMALL LB. Bare Metal Edge (IvyBridge, 2 socket, 128GB) supports // LARGE, MEDIUM and SMALL LB // Choices: SMALL MEDIUM LARGE ServiceSize string `structs:"service_size,omitempty" yaml:"service_size,omitempty"` // Option to set load balancer persistence option. If cookie is selected, // cookie persistence will be offered.If source_ip is selected, source IP // persistence will be offered for ingress traffic through L7 load balancer // Choices: <None> cookie source_ip L7Persistence string `structs:"l7_persistence,omitempty" yaml:"l7_persistence,omitempty"` // An integer for LoadBalancer side timeout value in seconds on layer 7 // persistence profile, if the profile exists. L7PersistenceTimeout *int `structs:"l7_persistence_timeout,omitempty" yaml:"l7_persistence_timeout,omitempty"` // Option to set load balancer persistence option. If source_ip is selected, // source IP persistence will be offered for ingress traffic through L4 load // balancer L4Persistence string `structs:"l4_persistence,omitempty" yaml:"l4_persistence,omitempty"` // The interval to check VIF for node. It is a workaroud for bug 2006790. // Old orphan LSP may not be removed on MP, so NCP will retrieve parent VIF // back once in a while. NCP will use the last created LSP from the list VIFCheckInterval *int `structs:"vif_check_interval,omitempty" yaml:"vif_check_interval,omitempty"` // Name or UUID of the container ip blocks that will be used for creating // subnets. If name, it must be unique. If policy_nsxapi is enabled, it also // support automatically creating the IP blocks. The definition is a comma // separated list: CIDR,CIDR,... Mixing different formats (e.g. UUID,CIDR) // is not supported. ContainerIPBlocks []string `structs:"container_ip_blocks,omitempty" yaml:"container_ip_blocks,omitempty"` // Name or UUID of the container ip blocks that will be used for creating // subnets for no-SNAT projects. If specified, no-SNAT projects will use // these ip blocks ONLY. Otherwise they will use container_ip_blocks NoSNATIPBlocks []string `structs:"no_snat_ip_blocks,omitempty" yaml:"no_snat_ip_blocks,omitempty"` // Name or UUID of the external ip pools that will be used for allocating IP // addresses which will be used for translating container IPs via SNAT // rules. If policy_nsxapi is enabled, it also support automatically // creating the ip pools. The definition is a comma separated list: // CIDR,IP_1-IP_2,... Mixing different formats (e.g. UUID, CIDR&IP_Range) is // not supported. ExternalIPPools []string `structs:"external_ip_pools,omitempty" yaml:"external_ip_pools,omitempty"` // Name or UUID of the top-tier router for the container cluster network, // which could be either tier0 or tier1. When policy_nsxapi is enabled, // single_tier_topology is True and tier0_gateway is defined, // top_tier_router value can be empty and a tier1 gateway is automatically // created for the cluster TopTierRouter string `structs:"top_tier_router,omitempty" yaml:"top_tier_router,omitempty"` // Name or UUID of the external ip pools that will be used only for // allocating IP addresses for Ingress controller and LB service ExternalIPPoolsLB []string `structs:"external_ip_pools_lb,omitempty" yaml:"external_ip_pools_lb,omitempty"` // Name or UUID of the NSX overlay transport zone that will be used for // creating logical switches for container networking. It must refer to an // already existing resource on NSX and every transport node where VMs // hosting containers are deployed must be enabled on this transport zone OverlayTZ string `structs:"overlay_tz,omitempty" yaml:"overlay_tz,omitempty"` // Enable X_forward_for for ingress. Available values are INSERT or REPLACE. // When this config is set, if x_forwarded_for is missing, LB will add // x_forwarded_for in the request header with value client ip. When // x_forwarded_for is present and its set to REPLACE, LB will replace // x_forwarded_for in the header to client_ip. When x_forwarded_for is // present and its set to INSERT, LB will append client_ip to // x_forwarded_for in the header. If not wanting to use x_forwarded_for, // remove this config // Choices: <None> INSERT REPLACE XForwardedFor string `structs:"x_forwarded_for,omitempty" yaml:"x_forwarded_for,omitempty"` // Name or UUID of the spoof guard switching profile that will be used by // NCP for leader election ElectionProfile string `structs:"election_profile,omitempty" yaml:"election_profile,omitempty"` // Name or UUID of the firewall section that will be used to create firewall // sections below this mark section TopFirewallSectionMarker string `structs:"top_firewall_section_marker,omitempty" yaml:"top_firewall_section_marker,omitempty"` // Name or UUID of the firewall section that will be used to create firewall // sections above this mark section BottomFirewallSectionMarker string `structs:"bottom_firewall_section_marker,omitempty" yaml:"bottom_firewall_section_marker,omitempty"` // Replication mode of container logical switch, set SOURCE for cloud as it // only supports head replication mode // Choices: MTEP SOURCE LSReplicationMode string `structs:"ls_replication_mode,omitempty" yaml:"ls_replication_mode,omitempty"` // Allocate vlan ID for container interface or not. Set it to False for // cloud mode. AllocVlanTag string `structs:"alloc_vlan_tag,omitempty" yaml:"alloc_vlan_tag,omitempty"` // The resource which NCP will search tag 'node_name' on, to get parent VIF // or transport node uuid for container LSP API context field. For HOSTVM // mode, it will search tag on LSP. For BM mode, it will search tag on LSP // then search TN. For CLOUD mode, it will search tag on VM. For WCP_WORKER // mode, it will search TN by hostname. // Choices: tag_on_lsp tag_on_tn tag_on_vm hostname_on_tn //search_node_tag_on = tag_on_lsp SearchNodeTagOn string `structs:"search_node_tag_on,omitempty" yaml:"search_node_tag_on,omitempty"` // Determines which kind of information to be used as VIF app_id. Defaults // to pod_resource_key. In WCP mode, pod_uid is used. // Choices: pod_resource_key pod_uid VifAppIDType string `structs:"vif_app_id_type,omitempty" yaml:"vif_app_id_type,omitempty"` // SNAT IP to secondary IPs mapping. In the cloud case, SNAT rules are // created using the PCG public or link local IPs, local IPs which will be // translated to PCG secondary IPs for on-prem traffic. The secondary IPs // might be used by admstructs:strator to configure on-prem firewall or other // physical network services. SnatSecondaryIps []string `structs:"snat_secondary_ips,omitempty" yaml:"snat_secondary_ips,omitempty"` // If this value is not empty, NCP will append it to nameserver list DNSServers []string `structs:"dns_servers,omitempty" yaml:"dns_servers,omitempty"` // Set this to True to enable NCP to report errors through NSXError CRD. EnableNsxErrCrd *bool `structs:"enable_nsx_err_crd,omitempty" yaml:"enable_nsx_err_crd,omitempty"` // Maximum number of virtual servers allowed to create in cluster for // LoadBalancer type of services. MaxAllowedVirtualServers *int `structs:"max_allowed_virtual_servers,omitempty" yaml:"max_allowed_virtual_servers,omitempty"` // Edge cluster ID needed when creating Tier1 router for loadbalancer // service. Information could be retrieved from Tier0 router EdgeCluster string `structs:"edge_cluster,omitempty" yaml:"edge_cluster,omitempty"` }
type OAuth2Proxy ¶
type OPA ¶
type OPA struct { Disabled bool `yaml:"disabled,omitempty"` NamespaceWhitelist []string `yaml:"namespaceWhitelist,omitempty"` KubeMgmtVersion string `yaml:"kubeMgmtVersion,omitempty"` Version string `yaml:"version,omitempty"` BundleURL string `yaml:"bundleUrl,omitempty"` BundlePrefix string `yaml:"bundlePrefix,omitempty"` BundleServiceName string `yaml:"bundleServiceName,omitempty"` LogFormat string `yaml:"logFormat,omitempty"` SetDecisionLogs bool `yaml:"setDecisionLogs,omitempty"` // Policies is a path to directory containing .rego policy files Policies string `yaml:"policies,omitempty"` // Log level for opa server, one of: `debug`,`info`,`error` (default: `error`) LogLevel string `yaml:"logLevel,omitempty"` E2E OPAE2E `yaml:"e2e,omitempty"` }
type Persistence ¶
type Persistence struct { // Enable persistence for Prometheus Enabled bool `yaml:"enabled,omitempty"` // Storage class to use. If not set default one will be used StorageClass string `yaml:"storageClass,omitempty"` // Capacity. Required if persistence is enabled Capacity string `yaml:"capacity,omitempty"` }
type PlatformConfig ¶
type PlatformConfig struct { Brand Brand `yaml:"brand,omitempty"` Version string `yaml:"version"` Velero *Velero `yaml:"velero,omitempty"` CA *CA `yaml:"ca"` Calico Calico `yaml:"calico,omitempty"` CertManager CertManager `yaml:"certmanager,omitempty"` // The endpoint for an externally hosted consul cluster // that is used for master discovery Consul string `yaml:"consul"` Dashboard Dashboard `yaml:"dashboard,omitempty"` Datacenter string `yaml:"datacenter"` DNS *DynamicDNS `yaml:"dns,omitempty"` DockerRegistry string `yaml:"dockerRegistry,omitempty"` // The wildcard domain that cluster will be available at Domain string `yaml:"domain"` EventRouter *Enabled `yaml:"eventRouter,omitempty"` Harbor *Harbor `yaml:"harbor,omitempty"` // A prefix to be added to VM hostnames. HostPrefix string `yaml:"hostPrefix"` ImportConfigs []string `yaml:"importConfigs,omitempty"` IngressCA *CA `yaml:"ingressCA"` GitOps []GitOps `yaml:"gitops,omitempty"` Kubernetes Kubernetes `yaml:"kubernetes"` Ldap *Ldap `yaml:"ldap,omitempty"` LocalPath *Enabled `yaml:"localPath,omitempty"` Master VM `yaml:"master,omitempty"` Monitoring *Monitoring `yaml:"monitoring,omitempty"` Name string `yaml:"name"` NamespaceConfigurator *Enabled `yaml:"namespaceConfigurator,omitempty"` NFS *NFS `yaml:"nfs,omitempty"` Nodes map[string]VM `yaml:"workers,omitempty"` NodeLocalDNS NodeLocalDNS `yaml:"nodeLocalDNS,omitempty"` NSX *NSX `yaml:"nsx,omitempty"` OAuth2Proxy *OAuth2Proxy `yaml:"oauth2Proxy,omitempty"` OPA *OPA `yaml:"opa,omitempty"` PostgresOperator *PostgresOperator `yaml:"postgresOperator,omitempty"` PodSubnet string `yaml:"podSubnet"` Policies []string `yaml:"policies,omitempty"` // A list of strategic merge patches that will be applied to all resources created Patches []string `yaml:"patches,omitempty"` Quack *Enabled `yaml:"quack,omitempty"` RegistryCredentials *RegistryCredentials `yaml:"registryCredentials,omitempty"` Resources map[string]string `yaml:"resources,omitempty"` S3 S3 `yaml:"s3,omitempty"` SealedSecrets *SealedSecrets `yaml:"sealedSecrets,omitempty"` ServiceSubnet string `yaml:"serviceSubnet"` SMTP SMTP `yaml:"smtp,omitempty"` Specs []string `yaml:"specs,omitempty"` TrustedCA string `yaml:"trustedCA,omitempty"` Versions map[string]string `yaml:"versions,omitempty"` PlatformOperator *Enabled `yaml:"platformOperator,omitempty"` Nginx *Nginx `yaml:"nginx,omitempty"` Minio *Enabled `yaml:"minio,omitempty"` FluentdOperator *FluentdOperator `yaml:"fluentd,omitempty"` ECK *ECK `yaml:"eck,omitempty"` Thanos *Thanos `yaml:"thanos,omitempty"` Filebeat *Filebeat `yaml:"filebeat,omitempty"` Vault *Vault `yaml:"vault,omitempty"` ConfigMapReloader ConfigMapReloader `yaml:"configmapReloader,omitempty"` Elasticsearch *Elasticsearch `yaml:"elasticsearch,omitempty"` // If true, terminate operations will return an error. Used to // protect stateful clusters TerminationProtection bool `yaml:"terminationProtection,omitempty"` BootstrapToken string `yaml:"-"` DryRun bool `yaml:"-"` Trace bool `yaml:"-"` JoinEndpoint string `yaml:"-"` Source string `yaml:"-"` ControlPlaneEndpoint string `yaml:"-"` // E2E is true if end to end tests are being run E2E bool `yaml:"-"` }
func DefaultPlatformConfig ¶
func DefaultPlatformConfig() PlatformConfig
func (PlatformConfig) GetImagePath ¶
func (p PlatformConfig) GetImagePath(image string) string
func (PlatformConfig) GetVMCount ¶
func (p PlatformConfig) GetVMCount() int
func (*PlatformConfig) String ¶
func (p *PlatformConfig) String() string
type PostgresOperator ¶
type PostgresOperator struct { Disabled bool `yaml:"disabled,omitempty"` Version string `yaml:"version"` DBVersion string `yaml:"dbVersion,omitempty"` BackupBucket string `yaml:"backupBucket,omitempty"` BackupSchedule string `yaml:"backupSchedule,omitempty"` SpiloImage string `yaml:"spiloImage,omitempty"` BackupImage string `yaml:"backupImage,omitempty"` }
type Prometheus ¶
type Prometheus struct { Version string `yaml:"version,omitempty"` Disabled bool `yaml:"disabled,omitempty"` Persistence Persistence `yaml:"persistence,omitempty"` }
type RegistryCredentials ¶
type RegistryCredentials struct { Disabled bool `yaml:"disabled,omitempty"` Version string `yaml:"version,omitempty"` Namespace string `yaml:"namespace,omitempty"` Aws RegistryCredentialsECR `yaml:"aws,omitempty"` DockerPrivateRegistry RegistryCredentialsDPR `yaml:"dockerRegistry,omitempty"` GCR RegistryCredentialsGCR `yaml:"gcr,omitempty"` ACR RegistryCredentialsACR `yaml:"azure,omitempty"` }
type RegistryCredentialsACR ¶
type RegistryCredentialsDPR ¶
type RegistryCredentialsECR ¶
type RegistryCredentialsECR struct { Enabled bool `yaml:"enabled,omitempty"` AccessKey string `yaml:"accessKey,omitempty"` SecretKey string `yaml:"secretKey,omitempty"` SessionToken string `yaml:"secretToken,omitempty"` Account string `yaml:"account,omitempty"` Region string `yaml:"region,omitempty"` AssumeRole string `yaml:"assumeRole,omitempty"` }
type RegistryCredentialsGCR ¶
type S3 ¶
type S3 struct { AccessKey string `yaml:"access_key,omitempty"` SecretKey string `yaml:"secret_key,omitempty"` Bucket string `yaml:"bucket,omitempty"` Region string `yaml:"region,omitempty"` // The endpoint at which the S3-like object storage will be available from inside the cluster // e.g. if minio is deployed inside the cluster, specify: `http://minio.minio.svc:9000` Endpoint string `yaml:"endpoint,omitempty"` // The endpoint at which S3 is accessible outside the cluster, // When deploying locally on kind specify: *minio.127.0.0.1.nip.io* ExternalEndpoint string `yaml:"externalEndpoint,omitempty"` // Whether to enable the *s3* storage class that creates persistent volumes FUSE mounted to // S3 buckets CSIVolumes bool `yaml:"csiVolumes,omitempty"` // Provide a KMS Master Key KMSMasterKey string `yaml:"kmsMasterKey,omitempty"` // UsePathStyle http://s3host/bucket instead of http://bucket.s3host UsePathStyle bool `yaml:"usePathStyle"` // Skip TLS verify when connecting to S3 SkipTLSVerify bool `yaml:"skipTLSVerify"` E2E S3E2E `yaml:"e2e,omitempty"` }
func (S3) GetExternalEndpoint ¶
type SealedSecrets ¶
type SealedSecrets struct { Enabled Version string `yaml:"version,omitempty"` Certificate *certs.Certificate `yaml:"certificate,omitempty"` }
type Thanos ¶
type Thanos struct { Disabled bool `yaml:"disabled"` Version string `yaml:"version"` // Must be either `client` or `obeservability`. Mode string `yaml:"mode,omitempty"` // Bucket to store metrics. Must be the same across all environments Bucket string `yaml:"bucket,omitempty"` // Only for observability mode. List of client sidecars in `<hostname>:<port>“ format ClientSidecars []string `yaml:"clientSidecars,omitempty"` // Only for observability mode. Disable compactor singleton if there are multiple observability clusters EnableCompactor bool `yaml:"enableCompactor,omitempty"` E2E ThanosE2E `yaml:"e2e,omitempty"` }
type VM ¶
type VM struct { Name string `yaml:"name,omitempty"` Prefix string `yaml:"prefix,omitempty"` // Number of VM's to provision Count int `yaml:"count"` Template string `yaml:"template"` Cluster string `yaml:"cluster,omitempty"` Folder string `yaml:"folder,omitempty"` Datastore string `yaml:"datastore,omitempty"` ResourcePool string `yaml:"resourcePool,omitempty"` CPUs int32 `yaml:"cpu"` MemoryGB int64 `yaml:"memory"` Network []string `yaml:"networks,omitempty"` // Size in GB of the VM root volume DiskGB int `yaml:"disk"` // Tags to be applied to the VM Tags map[string]string `yaml:"tags,omitempty"` Commands []string `yaml:"commands,omitempty"` // A path to a konfigadm specification used for configuring the VM on creation. KonfigadmFile string `yaml:"konfigadm,omitempty"` IP string `yaml:"-"` }
VM captures the specifications of a virtual machine
type Vault ¶
type Vault struct { Version string `yaml:"version"` // A VAULT_TOKEN to use when authenticating with Vault Token string `yaml:"token,omitempty"` // A map of PKI secret roles to create/update See [pki](https://www.vaultproject.io/api-docs/secret/pki/#createupdate-role) Roles map[string]map[string]interface{} `yaml:"roles,omitempty"` Policies map[string]VaultPolicy `yaml:"policies,omitempty"` GroupMappings map[string][]string `yaml:"groupMappings,omitempty"` // ExtraConfig is an escape hatch that allows writing to arbritrary vault paths ExtraConfig map[string]map[string]interface{} `yaml:"config,omitempty"` Disabled bool `yaml:"disabled,omitempty"` AccessKey string `yaml:"accessKey,omitempty"` SecretKey string `yaml:"secretKey,omitempty"` // The AWS KMS ARN Id to use to unseal vault KmsKeyID string `yaml:"kmsKeyId,omitempty"` Region string `yaml:"region,omitempty"` Consul Consul `yaml:"consul,omitempty"` }
type VaultClient ¶
type VaultClient struct { // The address of a remote Vault server to use for signinig Address string `yaml:"address"` // The path to the PKI Role to use for signing ingress certificates e.g. /pki/role/ingress-ca Path string `yaml:"path"` // A VAULT_TOKEN to use when authenticating with Vault Token string `yaml:"token"` }
type VaultPolicy ¶
type VaultPolicy map[string]VaultPolicyPath
func (VaultPolicy) String ¶
func (vaultPolicy VaultPolicy) String() string