Documentation ¶
Index ¶
- Constants
- func GetKMSProvider(kmsSpec *hyperv1.KMSSpec, images KubeAPIServerImages) (kms.IKMSProvider, error)
- func InClusterKASReadyURL() string
- func InClusterKASURL() string
- func ReconcileAESCBCEncryptionConfig(config *corev1.Secret, ownerRef hcpconfig.OwnerRef, activeKey []byte, ...) error
- func ReconcileAuditConfig(auditCfgMap *corev1.ConfigMap, ownerRef config.OwnerRef, ...) error
- func ReconcileAuthenticationTokenWebhookConfigSecret(secret *corev1.Secret, ownerRef config.OwnerRef, ...) error
- func ReconcileBootstrapKubeconfigSecret(secret, cert *corev1.Secret, ca *corev1.ConfigMap, ownerRef config.OwnerRef, ...) error
- func ReconcileConfig(config *corev1.ConfigMap, ownerRef hcpconfig.OwnerRef, ...) error
- func ReconcileEgressSelectorConfig(config *corev1.ConfigMap, ownerRef hcpconfig.OwnerRef) error
- func ReconcileExternalKubeconfigSecret(secret, cert *corev1.Secret, ca *corev1.ConfigMap, ownerRef config.OwnerRef, ...) error
- func ReconcileExternalPrivateRoute(route *routev1.Route, owner *metav1.OwnerReference, hostname string) error
- func ReconcileExternalPublicRoute(route *routev1.Route, owner *metav1.OwnerReference, hostname string) error
- func ReconcileInternalRoute(route *routev1.Route, owner *metav1.OwnerReference) error
- func ReconcileKMSEncryptionConfig(config *corev1.Secret, ownerRef hcpconfig.OwnerRef, ...) error
- func ReconcileKonnectivityExternalRoute(route *routev1.Route, ownerRef config.OwnerRef, hostname string, ...) error
- func ReconcileKonnectivityInternalRoute(route *routev1.Route, ownerRef config.OwnerRef) error
- func ReconcileKonnectivityServerLocalService(svc *corev1.Service, ownerRef config.OwnerRef) error
- func ReconcileKonnectivityServerService(svc *corev1.Service, ownerRef config.OwnerRef, ...) error
- func ReconcileKonnectivityServerServiceStatus(svc *corev1.Service, route *routev1.Route, ...) (host string, port int32, message string, err error)
- func ReconcileKubeAPIServerDeployment(deployment *appsv1.Deployment, hcp *hyperv1.HostedControlPlane, ...) error
- func ReconcileLocalhostKubeconfigSecret(secret, cert *corev1.Secret, ca *corev1.ConfigMap, ownerRef config.OwnerRef, ...) error
- func ReconcileOauthMetadata(cfg *corev1.ConfigMap, ownerRef config.OwnerRef, externalOAuthAddress string, ...) error
- func ReconcilePodDisruptionBudget(pdb *policyv1.PodDisruptionBudget, p *KubeAPIServerParams) error
- func ReconcilePrivateService(svc *corev1.Service, hcp *hyperv1.HostedControlPlane, ...) error
- func ReconcileRecordingRules(r *prometheusoperatorv1.PrometheusRule, clusterID string)
- func ReconcileService(svc *corev1.Service, strategy *hyperv1.ServicePublishingStrategy, ...) error
- func ReconcileServiceCAPIKubeconfigSecret(secret, cert *corev1.Secret, ca *corev1.ConfigMap, ownerRef config.OwnerRef, ...) error
- func ReconcileServiceClusterIP(svc *corev1.Service, owner *metav1.OwnerReference) error
- func ReconcileServiceKubeconfigSecret(secret, cert *corev1.Secret, ca *corev1.ConfigMap, ownerRef config.OwnerRef) error
- func ReconcileServiceMonitor(sm *prometheusoperatorv1.ServiceMonitor, ownerRef config.OwnerRef, ...) error
- func ReconcileServiceStatus(svc *corev1.Service, strategy *hyperv1.ServicePublishingStrategy, ...) (host string, port int32, message string, err error)
- type KubeAPIServerConfigParams
- type KubeAPIServerImages
- type KubeAPIServerParams
- func (p *KubeAPIServerParams) AdditionalCORSAllowedOrigins() []string
- func (p *KubeAPIServerParams) AuditPolicyConfig() configv1.Audit
- func (p *KubeAPIServerParams) ClusterNetwork() []string
- func (p *KubeAPIServerParams) ConfigParams() KubeAPIServerConfigParams
- func (p *KubeAPIServerParams) DefaultNodeSelector() string
- func (p *KubeAPIServerParams) ExternalIPConfig() *configv1.ExternalIPConfig
- func (p *KubeAPIServerParams) ExternalKubeconfigKey() string
- func (p *KubeAPIServerParams) ExternalRegistryHostNames() []string
- func (p *KubeAPIServerParams) ExternalURL() string
- func (p *KubeAPIServerParams) FeatureGates() []string
- func (p *KubeAPIServerParams) InternalRegistryHostName() string
- func (p *KubeAPIServerParams) InternalURL() string
- func (p *KubeAPIServerParams) NamedCertificates() []configv1.APIServerNamedServingCert
- func (p *KubeAPIServerParams) ServiceAccountIssuerURL() string
- func (p *KubeAPIServerParams) ServiceNetwork() []string
- func (p *KubeAPIServerParams) ServiceNodePortRange() string
- func (p *KubeAPIServerParams) TLSSecurityProfile() *configv1.TLSSecurityProfile
- type KubeAPIServerServiceParams
Constants ¶
View Source
const ( KubeAPIServerConfigKey = "config.json" OauthMetadataConfigKey = "oauthMetadata.json" AuditLogFile = "audit.log" EgressSelectorConfigKey = "config.yaml" DefaultEtcdPort = 2379 )
View Source
const ( KonnectivityHealthPort = 2041 KonnectivityServerLocalPort = 8090 KonnectivityServerPort = 8091 )
View Source
const (
AuditPolicyConfigMapKey = "policy.yaml"
)
View Source
const (
EgressSelectorConfigMapKey = "config.yaml"
)
View Source
const (
KubeconfigKey = util.KubeconfigKey
)
Variables ¶
This section is empty.
Functions ¶
func GetKMSProvider ¶ added in v0.1.17
func GetKMSProvider(kmsSpec *hyperv1.KMSSpec, images KubeAPIServerImages) (kms.IKMSProvider, error)
func InClusterKASReadyURL ¶
func InClusterKASReadyURL() string
func InClusterKASURL ¶
func InClusterKASURL() string
func ReconcileAuditConfig ¶
func ReconcileConfig ¶
func ReconcileExternalPrivateRoute ¶ added in v0.1.2
func ReconcileExternalPublicRoute ¶ added in v0.1.2
func ReconcileInternalRoute ¶
func ReconcileInternalRoute(route *routev1.Route, owner *metav1.OwnerReference) error
func ReconcileKonnectivityExternalRoute ¶ added in v0.1.10
func ReconcileKonnectivityInternalRoute ¶ added in v0.1.10
func ReconcileKonnectivityServerLocalService ¶ added in v0.1.10
func ReconcileKonnectivityServerService ¶ added in v0.1.10
func ReconcileKonnectivityServerServiceStatus ¶ added in v0.1.10
func ReconcileKubeAPIServerDeployment ¶
func ReconcileKubeAPIServerDeployment(deployment *appsv1.Deployment, hcp *hyperv1.HostedControlPlane, ownerRef config.OwnerRef, deploymentConfig config.DeploymentConfig, namedCertificates []configv1.APIServerNamedServingCert, cloudProviderName string, cloudProviderConfigRef *corev1.LocalObjectReference, cloudProviderCreds *corev1.LocalObjectReference, images KubeAPIServerImages, config *corev1.ConfigMap, auditConfig *corev1.ConfigMap, auditWebhookRef *corev1.LocalObjectReference, aesCBCActiveKey []byte, aesCBCBackupKey []byte, port int32, payloadVersion string, featureGateSpec *configv1.FeatureGateSpec, oidcCA *corev1.LocalObjectReference, ) error
func ReconcileOauthMetadata ¶
func ReconcilePodDisruptionBudget ¶
func ReconcilePodDisruptionBudget(pdb *policyv1.PodDisruptionBudget, p *KubeAPIServerParams) error
func ReconcilePrivateService ¶
func ReconcilePrivateService(svc *corev1.Service, hcp *hyperv1.HostedControlPlane, owner *metav1.OwnerReference) error
func ReconcileRecordingRules ¶
func ReconcileRecordingRules(r *prometheusoperatorv1.PrometheusRule, clusterID string)
func ReconcileService ¶
func ReconcileService(svc *corev1.Service, strategy *hyperv1.ServicePublishingStrategy, owner *metav1.OwnerReference, apiServerServicePort int, apiAllowedCIDRBlocks []string, isPublic, isPrivate bool) error
func ReconcileServiceClusterIP ¶ added in v0.1.16
func ReconcileServiceClusterIP(svc *corev1.Service, owner *metav1.OwnerReference) error
func ReconcileServiceMonitor ¶
func ReconcileServiceMonitor(sm *prometheusoperatorv1.ServiceMonitor, ownerRef config.OwnerRef, clusterID string, metricsSet metrics.MetricsSet) error
func ReconcileServiceStatus ¶
Types ¶
type KubeAPIServerConfigParams ¶
type KubeAPIServerConfigParams struct { ExternalIPConfig *configv1.ExternalIPConfig ClusterNetwork []string ServiceNetwork []string NamedCertificates []configv1.APIServerNamedServingCert KASPodPort int32 TLSSecurityProfile *configv1.TLSSecurityProfile AdditionalCORSAllowedOrigins []string InternalRegistryHostName string ExternalRegistryHostNames []string DefaultNodeSelector string AdvertiseAddress string ServiceAccountIssuerURL string CloudProvider string CloudProviderConfigRef *corev1.LocalObjectReference EtcdURL string FeatureGates []string NodePortRange string AuditWebhookEnabled bool ConsolePublicURL string DisableProfiling bool APIServerSTSDirectives string Authentication *configv1.AuthenticationSpec }
type KubeAPIServerImages ¶
type KubeAPIServerImages struct { ClusterConfigOperator string `json:"clusterConfigOperator"` CLI string `json:"cli"` HyperKube string `json:"hyperKube"` IBMCloudKMS string `json:"ibmcloudKMS"` AWSKMS string `json:"awsKMS"` Portieris string `json:"portieris"` TokenMinterImage string AWSPodIdentityWebhookImage string KonnectivityServer string }
type KubeAPIServerParams ¶
type KubeAPIServerParams struct { APIServer *configv1.APIServerSpec `json:"apiServer"` Authentication *configv1.AuthenticationSpec `json:"authentication"` FeatureGate *configv1.FeatureGateSpec `json:"featureGate"` Network *configv1.NetworkSpec `json:"network"` Image *configv1.ImageSpec `json:"image"` Scheduler *configv1.SchedulerSpec `json:"scheduler"` CloudProvider string `json:"cloudProvider"` CloudProviderConfig *corev1.LocalObjectReference `json:"cloudProviderConfig"` CloudProviderCreds *corev1.LocalObjectReference `json:"cloudProviderCreds"` ServiceAccountIssuer string `json:"serviceAccountIssuer"` ServiceCIDRs []string `json:"serviceCIDRs"` ClusterCIDRs []string `json:"clusterCIDRs"` AdvertiseAddress string `json:"advertiseAddress"` ExternalAddress string `json:"externalAddress"` // ExternalPort is the port coming from the status of the SVC which is exposing the KAS, e.g. common router LB, dedicated private/public/ LB... // This is used to build kas urls for generated internal kubeconfigs for example. ExternalPort int32 `json:"externalPort"` InternalAddress string `json:"internalAddress"` // KASPodPort is the port to expose in the KAS Pod. KASPodPort int32 `json:"apiServerPort"` ExternalOAuthAddress string `json:"externalOAuthAddress"` ExternalOAuthPort int32 `json:"externalOAuthPort"` OIDCCAConfigMap *corev1.LocalObjectReference `json:"oidcCAConfigMap"` EtcdURL string `json:"etcdAddress"` KubeConfigRef *hyperv1.KubeconfigSecretRef `json:"kubeConfigRef"` AuditWebhookRef *corev1.LocalObjectReference `json:"auditWebhookRef"` ConsolePublicURL string `json:"consolePublicURL"` DisableProfiling bool `json:"disableProfiling"` config.DeploymentConfig config.OwnerRef Images KubeAPIServerImages `json:"images"` Availability hyperv1.AvailabilityPolicy APIServerSTSDirectives string }
func NewKubeAPIServerParams ¶
func NewKubeAPIServerParams(ctx context.Context, hcp *hyperv1.HostedControlPlane, releaseImageProvider *imageprovider.ReleaseImageProvider, externalAPIAddress string, externalAPIPort int32, externalOAuthAddress string, externalOAuthPort int32, setDefaultSecurityContext bool) *KubeAPIServerParams
func (*KubeAPIServerParams) AdditionalCORSAllowedOrigins ¶
func (p *KubeAPIServerParams) AdditionalCORSAllowedOrigins() []string
func (*KubeAPIServerParams) AuditPolicyConfig ¶
func (p *KubeAPIServerParams) AuditPolicyConfig() configv1.Audit
func (*KubeAPIServerParams) ClusterNetwork ¶
func (p *KubeAPIServerParams) ClusterNetwork() []string
func (*KubeAPIServerParams) ConfigParams ¶
func (p *KubeAPIServerParams) ConfigParams() KubeAPIServerConfigParams
func (*KubeAPIServerParams) DefaultNodeSelector ¶
func (p *KubeAPIServerParams) DefaultNodeSelector() string
func (*KubeAPIServerParams) ExternalIPConfig ¶
func (p *KubeAPIServerParams) ExternalIPConfig() *configv1.ExternalIPConfig
func (*KubeAPIServerParams) ExternalKubeconfigKey ¶
func (p *KubeAPIServerParams) ExternalKubeconfigKey() string
func (*KubeAPIServerParams) ExternalRegistryHostNames ¶
func (p *KubeAPIServerParams) ExternalRegistryHostNames() []string
func (*KubeAPIServerParams) ExternalURL ¶
func (p *KubeAPIServerParams) ExternalURL() string
func (*KubeAPIServerParams) FeatureGates ¶
func (p *KubeAPIServerParams) FeatureGates() []string
func (*KubeAPIServerParams) InternalRegistryHostName ¶
func (p *KubeAPIServerParams) InternalRegistryHostName() string
func (*KubeAPIServerParams) InternalURL ¶
func (p *KubeAPIServerParams) InternalURL() string
InternalURL is used by ReconcileBootstrapKubeconfigSecret.
func (*KubeAPIServerParams) NamedCertificates ¶
func (p *KubeAPIServerParams) NamedCertificates() []configv1.APIServerNamedServingCert
func (*KubeAPIServerParams) ServiceAccountIssuerURL ¶
func (p *KubeAPIServerParams) ServiceAccountIssuerURL() string
func (*KubeAPIServerParams) ServiceNetwork ¶
func (p *KubeAPIServerParams) ServiceNetwork() []string
func (*KubeAPIServerParams) ServiceNodePortRange ¶
func (p *KubeAPIServerParams) ServiceNodePortRange() string
func (*KubeAPIServerParams) TLSSecurityProfile ¶
func (p *KubeAPIServerParams) TLSSecurityProfile() *configv1.TLSSecurityProfile
type KubeAPIServerServiceParams ¶
type KubeAPIServerServiceParams struct { AllowedCIDRBlocks []string OwnerReference *metav1.OwnerReference }
func NewKubeAPIServerServiceParams ¶
func NewKubeAPIServerServiceParams(hcp *hyperv1.HostedControlPlane) *KubeAPIServerServiceParams
Source Files ¶
Click to show internal directories.
Click to hide internal directories.