Documentation ¶
Index ¶
- Constants
- func CipherSuites(securityProfile *configv1.TLSSecurityProfile) []string
- func ControllerOwnerRef(obj client.Object) *metav1.OwnerReference
- func CopyStringMap(source map[string]string) map[string]string
- func FeatureGates(fg *configv1.FeatureGateSelection) []string
- func KMSEncryptedObjects() []string
- func MinTLSVersion(securityProfile *configv1.TLSSecurityProfile) string
- func OpenSSLToIANACipherSuites(ciphers []string) []string
- func SerializeAuditPolicy(policy *auditv1.Policy) ([]byte, error)
- type AdditionalAnnotations
- type AdditionalLabels
- type DeploymentConfig
- func (c *DeploymentConfig) ApplyTo(deployment *appsv1.Deployment)
- func (c *DeploymentConfig) ApplyToDaemonSet(daemonset *appsv1.DaemonSet)
- func (c *DeploymentConfig) ApplyToStatefulSet(sts *appsv1.StatefulSet)
- func (c *DeploymentConfig) SetContainerResourcesIfPresent(container *corev1.Container)
- func (c *DeploymentConfig) SetDefaults(hcp *hyperv1.HostedControlPlane, multiZoneSpreadLabels map[string]string, ...)
- func (c *DeploymentConfig) SetReleaseImageAnnotation(releaseImage string)
- func (c *DeploymentConfig) SetRequestServingDefaults(hcp *hyperv1.HostedControlPlane, multiZoneSpreadLabels map[string]string, ...)
- func (c *DeploymentConfig) SetRestartAnnotation(objectMetadata metav1.ObjectMeta)
- type LivenessProbes
- type OwnerRef
- type ReadinessProbes
- type ResourceOverrides
- type ResourcesSpec
- type Scheduling
- type SecurityContextSpec
Constants ¶
View Source
const ( // NeedManagementKASAccessLabel is used by network policies // to prevent any pod which doesn't contain the label from accessing the management cluster KAS. NeedManagementKASAccessLabel = "hypershift.openshift.io/need-management-kas-access" // NeedMetricsServerAccessLabel is used by network policies // to allow egress communication to the metrics server on the management cluster. NeedMetricsServerAccessLabel = "hypershift.openshift.io/need-metrics-server-access" // EtcdPriorityClass is for etcd pods. EtcdPriorityClass = "hypershift-etcd" // APICriticalPriorityClass is for pods that are required for API calls and // resource admission to succeed. This includes pods like kube-apiserver, // aggregated API servers, and webhooks. APICriticalPriorityClass = "hypershift-api-critical" // DefaultPriorityClass is for pods in the Hypershift control plane that are // not API critical but still need elevated priority. DefaultPriorityClass = "hypershift-control-plane" DefaultServiceAccountIssuer = "https://kubernetes.default.svc" DefaultImageRegistryHostname = "image-registry.openshift-image-registry.svc:5000" DefaultAdvertiseIPv4Address = "172.20.0.1" DefaultAdvertiseIPv6Address = "fd00::1" DefaultEtcdURL = "https://etcd-client:2379" // KASSVCLBAzurePort is needed because for Azure we currently hardcode 7443 for the SVC LB as 6443 collides with public LB rule for the management cluster. // https://bugzilla.redhat.com/show_bug.cgi?id=2060650 // TODO(alberto): explore exposing multiple Azure frontend IPs on the load balancer. KASSVCLBAzurePort = 7443 KASSVCPort = 6443 KASPodDefaultPort = 6443 DefaultServiceNodePortRange = "30000-32767" DefaultSecurityContextUser = 1001 RecommendedLeaseDuration = "137s" RecommendedRenewDeadline = "107s" RecommendedRetryPeriod = "26s" KCMRecommendedRenewDeadline = "12s" KCMRecommendedRetryPeriod = "3s" DefaultIngressDomainEnvVar = "DEFAULT_INGRESS_DOMAIN" EnableCVOManagementClusterMetricsAccessEnvVar = "ENABLE_CVO_MANAGEMENT_CLUSTER_METRICS_ACCESS" )
View Source
const (
// ManagedByLabel can be used to filter deployments.
ManagedByLabel = "hypershift.openshift.io/managed-by"
)
View Source
const ( // PodSafeToEvictLocalVolumesKey is an annotation used by the CA operator which makes sure // all the pods annotated with it and the picking the desired local volumes that are safe to evict, could be drained properly. PodSafeToEvictLocalVolumesKey = "cluster-autoscaler.kubernetes.io/safe-to-evict-local-volumes" )
Variables ¶
This section is empty.
Functions ¶
func CipherSuites ¶
func CipherSuites(securityProfile *configv1.TLSSecurityProfile) []string
func ControllerOwnerRef ¶
func ControllerOwnerRef(obj client.Object) *metav1.OwnerReference
func CopyStringMap ¶ added in v0.1.10
func FeatureGates ¶
func FeatureGates(fg *configv1.FeatureGateSelection) []string
func KMSEncryptedObjects ¶ added in v0.1.18
func KMSEncryptedObjects() []string
func MinTLSVersion ¶
func MinTLSVersion(securityProfile *configv1.TLSSecurityProfile) string
func OpenSSLToIANACipherSuites ¶
OpenSSLToIANACipherSuites maps input OpenSSL Cipher Suite names to their IANA counterparts. Unknown ciphers are left out.
Types ¶
type AdditionalAnnotations ¶
func (AdditionalAnnotations) ApplyTo ¶
func (l AdditionalAnnotations) ApplyTo(podMeta *metav1.ObjectMeta)
type AdditionalLabels ¶
func (AdditionalLabels) ApplyTo ¶
func (l AdditionalLabels) ApplyTo(podMeta *metav1.ObjectMeta)
type DeploymentConfig ¶
type DeploymentConfig struct { Replicas int Scheduling Scheduling AdditionalLabels AdditionalLabels AdditionalAnnotations AdditionalAnnotations SecurityContexts SecurityContextSpec SetDefaultSecurityContext bool LivenessProbes LivenessProbes ReadinessProbes ReadinessProbes Resources ResourcesSpec DebugDeployments sets.String ResourceRequestOverrides ResourceOverrides IsolateAsRequestServing bool }
func (*DeploymentConfig) ApplyTo ¶
func (c *DeploymentConfig) ApplyTo(deployment *appsv1.Deployment)
func (*DeploymentConfig) ApplyToDaemonSet ¶
func (c *DeploymentConfig) ApplyToDaemonSet(daemonset *appsv1.DaemonSet)
func (*DeploymentConfig) ApplyToStatefulSet ¶
func (c *DeploymentConfig) ApplyToStatefulSet(sts *appsv1.StatefulSet)
func (*DeploymentConfig) SetContainerResourcesIfPresent ¶
func (c *DeploymentConfig) SetContainerResourcesIfPresent(container *corev1.Container)
func (*DeploymentConfig) SetDefaults ¶
func (c *DeploymentConfig) SetDefaults(hcp *hyperv1.HostedControlPlane, multiZoneSpreadLabels map[string]string, replicas *int)
SetDefaults populates opinionated default DeploymentConfig for any Deployment.
func (*DeploymentConfig) SetReleaseImageAnnotation ¶
func (c *DeploymentConfig) SetReleaseImageAnnotation(releaseImage string)
func (*DeploymentConfig) SetRequestServingDefaults ¶ added in v0.1.10
func (c *DeploymentConfig) SetRequestServingDefaults(hcp *hyperv1.HostedControlPlane, multiZoneSpreadLabels map[string]string, replicas *int)
SetRequestServingDefaults wraps the call to SetDefaults. It is meant to be invoked by request serving components so that their sheduling attributes can be modified accordingly.
func (*DeploymentConfig) SetRestartAnnotation ¶
func (c *DeploymentConfig) SetRestartAnnotation(objectMetadata metav1.ObjectMeta)
type LivenessProbes ¶
func (LivenessProbes) ApplyTo ¶
func (p LivenessProbes) ApplyTo(podSpec *corev1.PodSpec)
func (LivenessProbes) ApplyToContainer ¶
func (p LivenessProbes) ApplyToContainer(container string, c *corev1.Container)
type OwnerRef ¶
type OwnerRef struct {
Reference *metav1.OwnerReference
}
func MutatingOwnerRefFromHCP ¶
func MutatingOwnerRefFromHCP(hcp *hyperv1.HostedControlPlane, version semver.Version) OwnerRef
MutatingOwnerRefFromHCP returns ownerRef with altered API version based on OCP release version
func OwnerRefFrom ¶
type ReadinessProbes ¶
func (ReadinessProbes) ApplyTo ¶
func (p ReadinessProbes) ApplyTo(podSpec *corev1.PodSpec)
func (ReadinessProbes) ApplyToContainer ¶
func (p ReadinessProbes) ApplyToContainer(container string, c *corev1.Container)
type ResourceOverrides ¶
type ResourceOverrides map[string]ResourcesSpec
func (ResourceOverrides) ApplyRequestsTo ¶
func (o ResourceOverrides) ApplyRequestsTo(name string, podSpec *corev1.PodSpec)
type ResourcesSpec ¶
type ResourcesSpec map[string]corev1.ResourceRequirements
func (ResourcesSpec) ApplyRequestsOverrideTo ¶
func (s ResourcesSpec) ApplyRequestsOverrideTo(podSpec *corev1.PodSpec)
func (ResourcesSpec) ApplyTo ¶
func (s ResourcesSpec) ApplyTo(podSpec *corev1.PodSpec)
type Scheduling ¶
type Scheduling struct { Affinity *corev1.Affinity `json:"affinity,omitempty"` Tolerations []corev1.Toleration `json:"tolerations,omitempty"` PriorityClass string `json:"priorityClass"` NodeSelector map[string]string `json:"nodeSelector"` }
func (*Scheduling) ApplyTo ¶
func (s *Scheduling) ApplyTo(podSpec *corev1.PodSpec)
type SecurityContextSpec ¶
type SecurityContextSpec map[string]corev1.SecurityContext
func (SecurityContextSpec) ApplyTo ¶
func (s SecurityContextSpec) ApplyTo(podSpec *corev1.PodSpec)
func (SecurityContextSpec) ApplyToContainer ¶
func (s SecurityContextSpec) ApplyToContainer(name string, c *corev1.Container)
Click to show internal directories.
Click to hide internal directories.