config

package
v0.1.18 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 11, 2024 License: Apache-2.0 Imports: 19 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// NeedManagementKASAccessLabel is used by network policies
	// to prevent any pod which doesn't contain the label from accessing the management cluster KAS.
	NeedManagementKASAccessLabel = "hypershift.openshift.io/need-management-kas-access"

	// NeedMetricsServerAccessLabel is used by network policies
	// to allow egress communication to the metrics server on the management cluster.
	NeedMetricsServerAccessLabel = "hypershift.openshift.io/need-metrics-server-access"

	// EtcdPriorityClass is for etcd pods.
	EtcdPriorityClass = "hypershift-etcd"

	// APICriticalPriorityClass is for pods that are required for API calls and
	// resource admission to succeed. This includes pods like kube-apiserver,
	// aggregated API servers, and webhooks.
	APICriticalPriorityClass = "hypershift-api-critical"

	// DefaultPriorityClass is for pods in the Hypershift control plane that are
	// not API critical but still need elevated priority.
	DefaultPriorityClass = "hypershift-control-plane"

	DefaultServiceAccountIssuer  = "https://kubernetes.default.svc"
	DefaultImageRegistryHostname = "image-registry.openshift-image-registry.svc:5000"
	DefaultAdvertiseIPv4Address  = "172.20.0.1"
	DefaultAdvertiseIPv6Address  = "fd00::1"
	DefaultEtcdURL               = "https://etcd-client:2379"
	// KASSVCLBAzurePort is needed because for Azure we currently hardcode 7443 for the SVC LB as 6443 collides with public LB rule for the management cluster.
	// https://bugzilla.redhat.com/show_bug.cgi?id=2060650
	// TODO(alberto): explore exposing multiple Azure frontend IPs on the load balancer.
	KASSVCLBAzurePort           = 7443
	KASSVCPort                  = 6443
	KASPodDefaultPort           = 6443
	DefaultServiceNodePortRange = "30000-32767"
	DefaultSecurityContextUser  = 1001
	RecommendedLeaseDuration    = "137s"
	RecommendedRenewDeadline    = "107s"
	RecommendedRetryPeriod      = "26s"
	KCMRecommendedRenewDeadline = "12s"
	KCMRecommendedRetryPeriod   = "3s"

	DefaultIngressDomainEnvVar                    = "DEFAULT_INGRESS_DOMAIN"
	EnableCVOManagementClusterMetricsAccessEnvVar = "ENABLE_CVO_MANAGEMENT_CLUSTER_METRICS_ACCESS"
)
View Source
const (
	// ManagedByLabel can be used to filter deployments.
	ManagedByLabel = "hypershift.openshift.io/managed-by"
)
View Source
const (
	// PodSafeToEvictLocalVolumesKey is an annotation used by the CA operator which makes sure
	// all the pods annotated with it and the picking the desired local volumes that are safe to evict, could be drained properly.
	PodSafeToEvictLocalVolumesKey = "cluster-autoscaler.kubernetes.io/safe-to-evict-local-volumes"
)

Variables

This section is empty.

Functions

func CipherSuites

func CipherSuites(securityProfile *configv1.TLSSecurityProfile) []string

func ControllerOwnerRef

func ControllerOwnerRef(obj client.Object) *metav1.OwnerReference

func CopyStringMap added in v0.1.10

func CopyStringMap(source map[string]string) map[string]string

func FeatureGates

func FeatureGates(fg *configv1.FeatureGateSelection) []string

func KMSEncryptedObjects added in v0.1.18

func KMSEncryptedObjects() []string

func MinTLSVersion

func MinTLSVersion(securityProfile *configv1.TLSSecurityProfile) string

func OpenSSLToIANACipherSuites

func OpenSSLToIANACipherSuites(ciphers []string) []string

OpenSSLToIANACipherSuites maps input OpenSSL Cipher Suite names to their IANA counterparts. Unknown ciphers are left out.

func SerializeAuditPolicy

func SerializeAuditPolicy(policy *auditv1.Policy) ([]byte, error)

Types

type AdditionalAnnotations

type AdditionalAnnotations map[string]string

func (AdditionalAnnotations) ApplyTo

func (l AdditionalAnnotations) ApplyTo(podMeta *metav1.ObjectMeta)

type AdditionalLabels

type AdditionalLabels map[string]string

func (AdditionalLabels) ApplyTo

func (l AdditionalLabels) ApplyTo(podMeta *metav1.ObjectMeta)

type DeploymentConfig

type DeploymentConfig struct {
	Replicas                  int
	Scheduling                Scheduling
	AdditionalLabels          AdditionalLabels
	AdditionalAnnotations     AdditionalAnnotations
	SecurityContexts          SecurityContextSpec
	SetDefaultSecurityContext bool
	LivenessProbes            LivenessProbes
	ReadinessProbes           ReadinessProbes
	Resources                 ResourcesSpec
	DebugDeployments          sets.String
	ResourceRequestOverrides  ResourceOverrides
	IsolateAsRequestServing   bool
}

func (*DeploymentConfig) ApplyTo

func (c *DeploymentConfig) ApplyTo(deployment *appsv1.Deployment)

func (*DeploymentConfig) ApplyToDaemonSet

func (c *DeploymentConfig) ApplyToDaemonSet(daemonset *appsv1.DaemonSet)

func (*DeploymentConfig) ApplyToStatefulSet

func (c *DeploymentConfig) ApplyToStatefulSet(sts *appsv1.StatefulSet)

func (*DeploymentConfig) SetContainerResourcesIfPresent

func (c *DeploymentConfig) SetContainerResourcesIfPresent(container *corev1.Container)

func (*DeploymentConfig) SetDefaults

func (c *DeploymentConfig) SetDefaults(hcp *hyperv1.HostedControlPlane, multiZoneSpreadLabels map[string]string, replicas *int)

SetDefaults populates opinionated default DeploymentConfig for any Deployment.

func (*DeploymentConfig) SetReleaseImageAnnotation

func (c *DeploymentConfig) SetReleaseImageAnnotation(releaseImage string)

func (*DeploymentConfig) SetRequestServingDefaults added in v0.1.10

func (c *DeploymentConfig) SetRequestServingDefaults(hcp *hyperv1.HostedControlPlane, multiZoneSpreadLabels map[string]string, replicas *int)

SetRequestServingDefaults wraps the call to SetDefaults. It is meant to be invoked by request serving components so that their sheduling attributes can be modified accordingly.

func (*DeploymentConfig) SetRestartAnnotation

func (c *DeploymentConfig) SetRestartAnnotation(objectMetadata metav1.ObjectMeta)

type LivenessProbes

type LivenessProbes map[string]corev1.Probe

func (LivenessProbes) ApplyTo

func (p LivenessProbes) ApplyTo(podSpec *corev1.PodSpec)

func (LivenessProbes) ApplyToContainer

func (p LivenessProbes) ApplyToContainer(container string, c *corev1.Container)

type OwnerRef

type OwnerRef struct {
	Reference *metav1.OwnerReference
}

func MutatingOwnerRefFromHCP

func MutatingOwnerRefFromHCP(hcp *hyperv1.HostedControlPlane, version semver.Version) OwnerRef

MutatingOwnerRefFromHCP returns ownerRef with altered API version based on OCP release version

func OwnerRefFrom

func OwnerRefFrom(obj client.Object) OwnerRef

func (OwnerRef) ApplyTo

func (c OwnerRef) ApplyTo(obj client.Object)

type ReadinessProbes

type ReadinessProbes map[string]corev1.Probe

func (ReadinessProbes) ApplyTo

func (p ReadinessProbes) ApplyTo(podSpec *corev1.PodSpec)

func (ReadinessProbes) ApplyToContainer

func (p ReadinessProbes) ApplyToContainer(container string, c *corev1.Container)

type ResourceOverrides

type ResourceOverrides map[string]ResourcesSpec

func (ResourceOverrides) ApplyRequestsTo

func (o ResourceOverrides) ApplyRequestsTo(name string, podSpec *corev1.PodSpec)

type ResourcesSpec

type ResourcesSpec map[string]corev1.ResourceRequirements

func (ResourcesSpec) ApplyRequestsOverrideTo

func (s ResourcesSpec) ApplyRequestsOverrideTo(podSpec *corev1.PodSpec)

func (ResourcesSpec) ApplyTo

func (s ResourcesSpec) ApplyTo(podSpec *corev1.PodSpec)

type Scheduling

type Scheduling struct {
	Affinity      *corev1.Affinity    `json:"affinity,omitempty"`
	Tolerations   []corev1.Toleration `json:"tolerations,omitempty"`
	PriorityClass string              `json:"priorityClass"`
	NodeSelector  map[string]string   `json:"nodeSelector"`
}

func (*Scheduling) ApplyTo

func (s *Scheduling) ApplyTo(podSpec *corev1.PodSpec)

type SecurityContextSpec

type SecurityContextSpec map[string]corev1.SecurityContext

func (SecurityContextSpec) ApplyTo

func (s SecurityContextSpec) ApplyTo(podSpec *corev1.PodSpec)

func (SecurityContextSpec) ApplyToContainer

func (s SecurityContextSpec) ApplyToContainer(name string, c *corev1.Container)

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL