kas

package
v0.1.17 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 14, 2023 License: Apache-2.0 Imports: 51 Imported by: 0

Documentation

Index

Constants

View Source
const (
	KubeAPIServerConfigKey  = "config.json"
	OauthMetadataConfigKey  = "oauthMetadata.json"
	AuditLogFile            = "audit.log"
	EgressSelectorConfigKey = "config.yaml"
	DefaultEtcdPort         = 2379
)
View Source
const (
	KonnectivityHealthPort      = 2041
	KonnectivityServerLocalPort = 8090
	KonnectivityServerPort      = 8091
)
View Source
const (
	AuditPolicyConfigMapKey = "policy.yaml"
)
View Source
const (
	EgressSelectorConfigMapKey = "config.yaml"
)
View Source
const (
	KubeconfigKey = util.KubeconfigKey
)

Variables

This section is empty.

Functions

func GetKMSProvider added in v0.1.17

func GetKMSProvider(kmsSpec *hyperv1.KMSSpec, images KubeAPIServerImages) (kms.IKMSProvider, error)

func InClusterKASReadyURL

func InClusterKASReadyURL() string

func InClusterKASURL

func InClusterKASURL() string

func ReconcileAESCBCEncryptionConfig

func ReconcileAESCBCEncryptionConfig(config *corev1.Secret,
	ownerRef hcpconfig.OwnerRef,
	activeKey []byte,
	backupKey []byte,
) error

func ReconcileAuditConfig

func ReconcileAuditConfig(auditCfgMap *corev1.ConfigMap, ownerRef config.OwnerRef, auditConfig configv1.Audit) error

func ReconcileAuthenticationTokenWebhookConfigSecret

func ReconcileAuthenticationTokenWebhookConfigSecret(
	secret *corev1.Secret,
	ownerRef config.OwnerRef,
	authenticatorSecret *corev1.Secret,
	servingCA *corev1.ConfigMap,
) error

func ReconcileBootstrapKubeconfigSecret

func ReconcileBootstrapKubeconfigSecret(secret, cert *corev1.Secret, ca *corev1.ConfigMap, ownerRef config.OwnerRef, externalURL string) error

func ReconcileConfig

func ReconcileConfig(config *corev1.ConfigMap,
	ownerRef hcpconfig.OwnerRef,
	p KubeAPIServerConfigParams,
	version semver.Version,
) error

func ReconcileEgressSelectorConfig

func ReconcileEgressSelectorConfig(config *corev1.ConfigMap, ownerRef hcpconfig.OwnerRef) error

func ReconcileExternalKubeconfigSecret

func ReconcileExternalKubeconfigSecret(secret, cert *corev1.Secret, ca *corev1.ConfigMap, ownerRef config.OwnerRef, externalURL, secretKey string) error

func ReconcileExternalPrivateRoute added in v0.1.2

func ReconcileExternalPrivateRoute(route *routev1.Route, owner *metav1.OwnerReference, hostname string) error

func ReconcileExternalPublicRoute added in v0.1.2

func ReconcileExternalPublicRoute(route *routev1.Route, owner *metav1.OwnerReference, hostname string) error

func ReconcileInternalRoute

func ReconcileInternalRoute(route *routev1.Route, owner *metav1.OwnerReference) error

func ReconcileKMSEncryptionConfig

func ReconcileKMSEncryptionConfig(config *corev1.Secret,
	ownerRef hcpconfig.OwnerRef,
	encryptionSpec *hyperv1.KMSSpec,
) error

func ReconcileKonnectivityExternalRoute added in v0.1.10

func ReconcileKonnectivityExternalRoute(route *routev1.Route, ownerRef config.OwnerRef, hostname string, defaultIngressDomain string) error

func ReconcileKonnectivityInternalRoute added in v0.1.10

func ReconcileKonnectivityInternalRoute(route *routev1.Route, ownerRef config.OwnerRef) error

func ReconcileKonnectivityServerLocalService added in v0.1.10

func ReconcileKonnectivityServerLocalService(svc *corev1.Service, ownerRef config.OwnerRef) error

func ReconcileKonnectivityServerService added in v0.1.10

func ReconcileKonnectivityServerService(svc *corev1.Service, ownerRef config.OwnerRef, strategy *hyperv1.ServicePublishingStrategy) error

func ReconcileKonnectivityServerServiceStatus added in v0.1.10

func ReconcileKonnectivityServerServiceStatus(svc *corev1.Service, route *routev1.Route, strategy *hyperv1.ServicePublishingStrategy, messageCollector events.MessageCollector) (host string, port int32, message string, err error)

func ReconcileKubeAPIServerDeployment

func ReconcileKubeAPIServerDeployment(deployment *appsv1.Deployment,
	hcp *hyperv1.HostedControlPlane,
	ownerRef config.OwnerRef,
	deploymentConfig config.DeploymentConfig,
	namedCertificates []configv1.APIServerNamedServingCert,
	cloudProviderName string,
	cloudProviderConfigRef *corev1.LocalObjectReference,
	cloudProviderCreds *corev1.LocalObjectReference,
	images KubeAPIServerImages,
	config *corev1.ConfigMap,
	auditConfig *corev1.ConfigMap,
	auditWebhookRef *corev1.LocalObjectReference,
	aesCBCActiveKey []byte,
	aesCBCBackupKey []byte,
	port int32,
	payloadVersion string,
	featureGateSpec *configv1.FeatureGateSpec,
	oidcCA *corev1.LocalObjectReference,
) error

func ReconcileLocalhostKubeconfigSecret

func ReconcileLocalhostKubeconfigSecret(secret, cert *corev1.Secret, ca *corev1.ConfigMap, ownerRef config.OwnerRef, apiServerPort int32) error

func ReconcileOauthMetadata

func ReconcileOauthMetadata(cfg *corev1.ConfigMap, ownerRef config.OwnerRef, externalOAuthAddress string, externalOAuthPort int32) error

func ReconcilePodDisruptionBudget

func ReconcilePodDisruptionBudget(pdb *policyv1.PodDisruptionBudget, p *KubeAPIServerParams) error

func ReconcilePrivateService

func ReconcilePrivateService(svc *corev1.Service, hcp *hyperv1.HostedControlPlane, owner *metav1.OwnerReference) error

func ReconcileRecordingRules

func ReconcileRecordingRules(r *prometheusoperatorv1.PrometheusRule, clusterID string)

func ReconcileService

func ReconcileService(svc *corev1.Service, strategy *hyperv1.ServicePublishingStrategy, owner *metav1.OwnerReference, apiServerServicePort int, apiAllowedCIDRBlocks []string, isPublic, isPrivate bool) error

func ReconcileServiceCAPIKubeconfigSecret

func ReconcileServiceCAPIKubeconfigSecret(secret, cert *corev1.Secret, ca *corev1.ConfigMap, ownerRef config.OwnerRef, capiClusterName string) error

func ReconcileServiceClusterIP added in v0.1.16

func ReconcileServiceClusterIP(svc *corev1.Service, owner *metav1.OwnerReference) error

func ReconcileServiceKubeconfigSecret

func ReconcileServiceKubeconfigSecret(secret, cert *corev1.Secret, ca *corev1.ConfigMap, ownerRef config.OwnerRef) error

func ReconcileServiceMonitor

func ReconcileServiceMonitor(sm *prometheusoperatorv1.ServiceMonitor, ownerRef config.OwnerRef, clusterID string, metricsSet metrics.MetricsSet) error

func ReconcileServiceStatus

func ReconcileServiceStatus(svc *corev1.Service, strategy *hyperv1.ServicePublishingStrategy, apiServerPort int, messageCollector events.MessageCollector) (host string, port int32, message string, err error)

Types

type KubeAPIServerConfigParams

type KubeAPIServerConfigParams struct {
	ExternalIPConfig             *configv1.ExternalIPConfig
	ClusterNetwork               []string
	ServiceNetwork               []string
	NamedCertificates            []configv1.APIServerNamedServingCert
	KASPodPort                   int32
	TLSSecurityProfile           *configv1.TLSSecurityProfile
	AdditionalCORSAllowedOrigins []string
	InternalRegistryHostName     string
	ExternalRegistryHostNames    []string
	DefaultNodeSelector          string
	AdvertiseAddress             string
	ServiceAccountIssuerURL      string
	CloudProvider                string
	CloudProviderConfigRef       *corev1.LocalObjectReference
	EtcdURL                      string
	FeatureGates                 []string
	NodePortRange                string
	AuditWebhookEnabled          bool
	ConsolePublicURL             string
	DisableProfiling             bool
	APIServerSTSDirectives       string
	Authentication               *configv1.AuthenticationSpec
}

type KubeAPIServerImages

type KubeAPIServerImages struct {
	ClusterConfigOperator      string `json:"clusterConfigOperator"`
	CLI                        string `json:"cli"`
	HyperKube                  string `json:"hyperKube"`
	IBMCloudKMS                string `json:"ibmcloudKMS"`
	AWSKMS                     string `json:"awsKMS"`
	Portieris                  string `json:"portieris"`
	TokenMinterImage           string
	AWSPodIdentityWebhookImage string
	KonnectivityServer         string
}

type KubeAPIServerParams

type KubeAPIServerParams struct {
	APIServer           *configv1.APIServerSpec      `json:"apiServer"`
	Authentication      *configv1.AuthenticationSpec `json:"authentication"`
	FeatureGate         *configv1.FeatureGateSpec    `json:"featureGate"`
	Network             *configv1.NetworkSpec        `json:"network"`
	Image               *configv1.ImageSpec          `json:"image"`
	Scheduler           *configv1.SchedulerSpec      `json:"scheduler"`
	CloudProvider       string                       `json:"cloudProvider"`
	CloudProviderConfig *corev1.LocalObjectReference `json:"cloudProviderConfig"`
	CloudProviderCreds  *corev1.LocalObjectReference `json:"cloudProviderCreds"`

	ServiceAccountIssuer string   `json:"serviceAccountIssuer"`
	ServiceCIDRs         []string `json:"serviceCIDRs"`
	ClusterCIDRs         []string `json:"clusterCIDRs"`
	AdvertiseAddress     string   `json:"advertiseAddress"`
	ExternalAddress      string   `json:"externalAddress"`
	// ExternalPort is the port coming from the status of the SVC which is exposing the KAS, e.g. common router LB, dedicated private/public/ LB...
	// This is used to build kas urls for generated internal kubeconfigs for example.
	ExternalPort    int32  `json:"externalPort"`
	InternalAddress string `json:"internalAddress"`
	// KASPodPort is the port to expose in the KAS Pod.
	KASPodPort           int32                        `json:"apiServerPort"`
	ExternalOAuthAddress string                       `json:"externalOAuthAddress"`
	ExternalOAuthPort    int32                        `json:"externalOAuthPort"`
	OIDCCAConfigMap      *corev1.LocalObjectReference `json:"oidcCAConfigMap"`
	EtcdURL              string                       `json:"etcdAddress"`
	KubeConfigRef        *hyperv1.KubeconfigSecretRef `json:"kubeConfigRef"`
	AuditWebhookRef      *corev1.LocalObjectReference `json:"auditWebhookRef"`
	ConsolePublicURL     string                       `json:"consolePublicURL"`
	DisableProfiling     bool                         `json:"disableProfiling"`
	config.DeploymentConfig
	config.OwnerRef

	Images KubeAPIServerImages `json:"images"`

	Availability           hyperv1.AvailabilityPolicy
	APIServerSTSDirectives string
}

func NewKubeAPIServerParams

func NewKubeAPIServerParams(ctx context.Context, hcp *hyperv1.HostedControlPlane, releaseImageProvider *imageprovider.ReleaseImageProvider, externalAPIAddress string, externalAPIPort int32, externalOAuthAddress string, externalOAuthPort int32, setDefaultSecurityContext bool) *KubeAPIServerParams

func (*KubeAPIServerParams) AdditionalCORSAllowedOrigins

func (p *KubeAPIServerParams) AdditionalCORSAllowedOrigins() []string

func (*KubeAPIServerParams) AuditPolicyConfig

func (p *KubeAPIServerParams) AuditPolicyConfig() configv1.Audit

func (*KubeAPIServerParams) ClusterNetwork

func (p *KubeAPIServerParams) ClusterNetwork() []string

func (*KubeAPIServerParams) ConfigParams

func (*KubeAPIServerParams) DefaultNodeSelector

func (p *KubeAPIServerParams) DefaultNodeSelector() string

func (*KubeAPIServerParams) ExternalIPConfig

func (p *KubeAPIServerParams) ExternalIPConfig() *configv1.ExternalIPConfig

func (*KubeAPIServerParams) ExternalKubeconfigKey

func (p *KubeAPIServerParams) ExternalKubeconfigKey() string

func (*KubeAPIServerParams) ExternalRegistryHostNames

func (p *KubeAPIServerParams) ExternalRegistryHostNames() []string

func (*KubeAPIServerParams) ExternalURL

func (p *KubeAPIServerParams) ExternalURL() string

func (*KubeAPIServerParams) FeatureGates

func (p *KubeAPIServerParams) FeatureGates() []string

func (*KubeAPIServerParams) InternalRegistryHostName

func (p *KubeAPIServerParams) InternalRegistryHostName() string

func (*KubeAPIServerParams) InternalURL

func (p *KubeAPIServerParams) InternalURL() string

InternalURL is used by ReconcileBootstrapKubeconfigSecret.

func (*KubeAPIServerParams) NamedCertificates

func (p *KubeAPIServerParams) NamedCertificates() []configv1.APIServerNamedServingCert

func (*KubeAPIServerParams) ServiceAccountIssuerURL

func (p *KubeAPIServerParams) ServiceAccountIssuerURL() string

func (*KubeAPIServerParams) ServiceNetwork

func (p *KubeAPIServerParams) ServiceNetwork() []string

func (*KubeAPIServerParams) ServiceNodePortRange

func (p *KubeAPIServerParams) ServiceNodePortRange() string

func (*KubeAPIServerParams) TLSSecurityProfile

func (p *KubeAPIServerParams) TLSSecurityProfile() *configv1.TLSSecurityProfile

type KubeAPIServerServiceParams

type KubeAPIServerServiceParams struct {
	AllowedCIDRBlocks []string
	OwnerReference    *metav1.OwnerReference
}

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL