cluster

package
v1.3.18-rc2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 16, 2022 License: Apache-2.0 Imports: 66 Imported by: 182

Documentation

Index

Constants

View Source
const (
	UserAddonResourceName         = "rke-user-addon"
	IngressAddonResourceName      = "rke-ingress-controller"
	UserAddonsIncludeResourceName = "rke-user-includes-addons"

	IngressAddonJobName            = "rke-ingress-controller-deploy-job"
	MetricsServerAddonJobName      = "rke-metrics-addon-deploy-job"
	UserAddonJobName               = "rke-user-addon-deploy-job"
	UserAddonIncludeJobName        = "rke-user-includes-addons-deploy-job"
	MetricsServerAddonResourceName = "rke-metrics-addon"
	KubeDNSAddonAppName            = "kube-dns"
	KubeDNSAutoscalerAppName       = "kube-dns-autoscaler"
	CoreDNSAutoscalerAppName       = "coredns-autoscaler"
	KubeAPIAuthAppName             = "kube-api-auth"
	CattleClusterAgentAppName      = "cattle-cluster-agent"

	CoreDNSPriorityClassNameKey           = "coredns_priority_class_name"
	CoreDNSAutoscalerPriorityClassNameKey = "coredns_autoscaler_priority_class_name"
	KubeDNSPriorityClassNameKey           = "kube_dns_priority_class_name"
	KubeDNSAutoscalerPriorityClassNameKey = "kube_dns_autoscaler_priority_class_name"

	CoreDNSProvider = "coredns"
	KubeDNSProvider = "kube-dns"
	Nodelocal       = "nodelocal"

	NginxIngressAddonAppName                 = "ingress-nginx"
	NginxIngressAddonAppNamespace            = "ingress-nginx"
	NginxIngressAddonDefaultBackendName      = "default-http-backend"
	NginxIngressAddonDefaultBackendNamespace = "ingress-nginx"
)
View Source
const (
	AuthnX509Provider      = "x509"
	AuthnWebhookProvider   = "webhook"
	StateConfigMapName     = "cluster-state"
	FullStateConfigMapName = "full-cluster-state"
	UpdateStateTimeout     = 30
	GetStateTimeout        = 30
	RewriteWorkers         = 5
	SyncWorkers            = 10
	NoneAuthorizationMode  = "none"
	LocalNodeAddress       = "127.0.0.1"
	LocalNodeHostname      = "localhost"
	LocalNodeUser          = "root"
	CloudProvider          = "CloudProvider"
	ControlPlane           = "controlPlane"
	KubeAppLabel           = "k8s-app"
	AppLabel               = "app"
	NameLabel              = "name"

	WorkerThreads = util.WorkerThreads
	SELinuxLabel  = services.SELinuxLabel

	SystemNamespace = "kube-system"
)
View Source
const (
	DefaultServiceClusterIPRange = "10.43.0.0/16"
	DefaultNodePortRange         = "30000-32767"
	DefaultClusterCIDR           = "10.42.0.0/16"
	DefaultClusterDNSService     = "10.43.0.10"
	DefaultClusterDomain         = "cluster.local"
	DefaultClusterName           = "local"
	DefaultClusterSSHKeyPath     = "~/.ssh/id_rsa"

	DefaultSSHPort        = "22"
	DefaultDockerSockPath = "/var/run/docker.sock"

	DefaultAuthStrategy      = "x509"
	DefaultAuthorizationMode = "rbac"

	DefaultAuthnWebhookFile  = templates.AuthnWebhook
	DefaultAuthnCacheTimeout = "5s"

	DefaultNetworkPlugin        = "canal"
	DefaultNetworkCloudProvider = "none"

	DefaultIngressController             = "nginx"
	DefaultEtcdBackupCreationPeriod      = "12h"
	DefaultEtcdBackupRetentionPeriod     = "72h"
	DefaultEtcdSnapshot                  = true
	DefaultMonitoringProvider            = "metrics-server"
	DefaultEtcdBackupConfigIntervalHours = 12
	DefaultEtcdBackupConfigRetention     = 6
	DefaultEtcdBackupConfigTimeout       = docker.WaitTimeout

	DefaultDNSProvider = "kube-dns"
	K8sVersionCoreDNS  = "1.14.0"

	DefaultEtcdHeartbeatIntervalName  = "heartbeat-interval"
	DefaultEtcdHeartbeatIntervalValue = "500"
	DefaultEtcdElectionTimeoutName    = "election-timeout"
	DefaultEtcdElectionTimeoutValue   = "5000"

	DefaultFlannelBackendVxLan     = "vxlan"
	DefaultFlannelBackendVxLanPort = "8472"
	DefaultFlannelBackendVxLanVNI  = "1"

	DefaultCalicoFlexVolPluginDirectory = "/usr/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds"

	DefaultCanalFlexVolPluginDirectory = "/usr/libexec/kubernetes/kubelet-plugins/volume/exec/nodeagent~uds"

	DefaultAciApicRefreshTime                   = "1200"
	DefaultAciOVSMemoryLimit                    = "1Gi"
	DefaultAciImagePullPolicy                   = "Always"
	DefaultAciServiceMonitorInterval            = "5"
	DefaultAciPBRTrackingNonSnat                = "false"
	DefaultAciInstallIstio                      = "false"
	DefaultAciIstioProfile                      = "demo"
	DefaultAciDropLogEnable                     = "true"
	DefaultAciControllerLogLevel                = "info"
	DefaultAciHostAgentLogLevel                 = "info"
	DefaultAciOpflexAgentLogLevel               = "info"
	DefaultAciUseAciCniPriorityClass            = "false"
	DefaultAciNoPriorityClass                   = "false"
	DefaultAciMaxNodesSvcGraph                  = "32"
	DefaultAciSnatContractScope                 = "global"
	DefaultAciSnatNamespace                     = "aci-containers-system"
	DefaultAciCApic                             = "false"
	DefaultAciPodSubnetChunkSize                = "32"
	DefaultAciSnatPortRangeStart                = "5000"
	DefaultAciSnatPortRangeEnd                  = "65000"
	DefaultAciSnatPortsPerNode                  = "3000"
	DefaultAciUseHostNetnsVolume                = "false"
	DefaultAciRunGbpContainer                   = "false"
	DefaultAciRunOpflexServerContainer          = "false"
	DefaultAciUseAciAnywhereCRD                 = "false"
	DefaultAciEnableEndpointSlice               = "false"
	DefaultAciOpflexClientSSL                   = "true"
	DefaultAciUsePrivilegedContainer            = "false"
	DefaultAciUseOpflexServerVolume             = "false"
	DefaultAciDurationWaitForNetwork            = "210"
	DefaultAciUseClusterRole                    = "true"
	DefaultAciDisableWaitForNetwork             = "false"
	DefaultAciApicSubscriptionDelay             = "0"
	DefaultAciApicRefreshTickerAdjust           = "0"
	DefaultAciDisablePeriodicSnatGlobalInfoSync = "false"
	DefaultAciOpflexDeviceDeleteTimeout         = "0"
	DefaultAciMTUHeadRoom                       = "0"
	DefaultAciNodePodIfEnable                   = "false"
	DefaultAciSriovEnable                       = "false"
	DefaultAciMultusDisable                     = "true"
	DefaultAciNoWaitForServiceEpReadiness       = "false"
	DefaultAciAddExternalSubnetsToRdconfig      = "false"

	KubeAPIArgAdmissionControlConfigFile             = "admission-control-config-file"
	DefaultKubeAPIArgAdmissionControlConfigFileValue = "/etc/kubernetes/admission.yaml"

	EventRateLimitPluginName = "EventRateLimit"

	KubeAPIArgAuditLogPath                = "audit-log-path"
	KubeAPIArgAuditLogMaxAge              = "audit-log-maxage"
	KubeAPIArgAuditLogMaxBackup           = "audit-log-maxbackup"
	KubeAPIArgAuditLogMaxSize             = "audit-log-maxsize"
	KubeAPIArgAuditLogFormat              = "audit-log-format"
	KubeAPIArgAuditPolicyFile             = "audit-policy-file"
	DefaultKubeAPIArgAuditLogPathValue    = "/var/log/kube-audit/audit-log.json"
	DefaultKubeAPIArgAuditPolicyFileValue = "/etc/kubernetes/audit-policy.yaml"

	DefaultMaxUnavailableWorker       = "10%"
	DefaultMaxUnavailableControlplane = "1"
	DefaultNodeDrainTimeout           = 120
	DefaultNodeDrainGracePeriod       = -1
	DefaultHTTPPort                   = 80
	DefaultHTTPSPort                  = 443
	DefaultNetworkMode                = "hostNetwork"
	DefaultNetworkModeV121            = "hostPort"
)
View Source
const (
	ContainerName = "file-deployer"
	ServiceName   = "file-deploy"
	ConfigEnv     = "FILE_DEPLOY"
)
View Source
const (
	NetworkPluginResourceName = "rke-network-plugin"

	PortCheckContainer        = "rke-port-checker"
	EtcdPortListenContainer   = "rke-etcd-port-listener"
	CPPortListenContainer     = "rke-cp-port-listener"
	WorkerPortListenContainer = "rke-worker-port-listener"

	KubeAPIPort      = "6443"
	EtcdPort1        = "2379"
	EtcdPort2        = "2380"
	KubeletPort      = "10250"
	FlannelVxLanPort = 8472

	FlannelVxLanNetworkIdentify = 1

	ProtocolTCP = "TCP"
	ProtocolUDP = "UDP"

	NoNetworkPlugin = "none"

	FlannelNetworkPlugin = "flannel"
	FlannelIface         = "flannel_iface"
	FlannelBackendType   = "flannel_backend_type"
	// FlannelBackendPort must be 4789 if using VxLan mode in the cluster with Windows nodes
	FlannelBackendPort = "flannel_backend_port"
	// FlannelBackendVxLanNetworkIdentify should be greater than or equal to 4096 if using VxLan mode in the cluster with Windows nodes
	FlannelBackendVxLanNetworkIdentify  = "flannel_backend_vni"
	KubeFlannelPriorityClassNameKeyName = "kube_flannel_priority_class_name"

	CalicoNetworkPlugin                           = "calico"
	CalicoNodeLabel                               = "calico-node"
	CalicoControllerLabel                         = "calico-kube-controllers"
	CalicoCloudProvider                           = "calico_cloud_provider"
	CalicoFlexVolPluginDirectory                  = "calico_flex_volume_plugin_dir"
	CalicoNodePriorityClassNameKeyName            = "calico_node_priority_class_name"
	CalicoKubeControllersPriorityClassNameKeyName = "calico_kube_controllers_priority_class_name"

	CanalNetworkPlugin      = "canal"
	CanalIface              = "canal_iface"
	CanalFlannelBackendType = "canal_flannel_backend_type"
	// CanalFlannelBackendPort must be 4789 if using Flannel VxLan mode in the cluster with Windows nodes
	CanalFlannelBackendPort = "canal_flannel_backend_port"
	// CanalFlannelBackendVxLanNetworkIdentify should be greater than or equal to 4096 if using Flannel VxLan mode in the cluster with Windows nodes
	CanalFlannelBackendVxLanNetworkIdentify = "canal_flannel_backend_vni"
	CanalFlexVolPluginDirectory             = "canal_flex_volume_plugin_dir"
	CanalPriorityClassNameKeyName           = "canal_priority_class_name"

	WeaveNetworkPlugin               = "weave"
	WeaveNetworkAppName              = "weave-net"
	WeaveNetPriorityClassNameKeyName = "weave_net_priority_class_name"

	AciNetworkPlugin                     = "aci"
	AciOVSMemoryLimit                    = "aci_ovs_memory_limit"
	AciImagePullPolicy                   = "aci_image_pull_policy"
	AciPBRTrackingNonSnat                = "aci_pbr_tracking_non_snat"
	AciInstallIstio                      = "aci_install_istio"
	AciIstioProfile                      = "aci_istio_profile"
	AciDropLogEnable                     = "aci_drop_log_enable"
	AciControllerLogLevel                = "aci_controller_log_level"
	AciHostAgentLogLevel                 = "aci_host_agent_log_level"
	AciOpflexAgentLogLevel               = "aci_opflex_agent_log_level"
	AciApicRefreshTime                   = "aci_apic_refresh_time"
	AciServiceMonitorInterval            = "aci_server_monitor_interval"
	AciSystemIdentifier                  = "aci_system_identifier"
	AciToken                             = "aci_token"
	AciApicUserName                      = "aci_apic_user_name"
	AciApicUserKey                       = "aci_apic_user_key"
	AciApicUserCrt                       = "aci_apic_user_crt"
	AciVmmDomain                         = "aci_vmm_domain"
	AciVmmController                     = "aci_vmm_controller"
	AciEncapType                         = "aci_encap_type"
	AciAEP                               = "aci_aep"
	AciVRFName                           = "aci_vrf_name"
	AciVRFTenant                         = "aci_vrf_tenant"
	AciL3Out                             = "aci_l3out"
	AciDynamicExternalSubnet             = "aci_dynamic_external_subnet"
	AciStaticExternalSubnet              = "aci_static_external_subnet"
	AciServiceGraphSubnet                = "aci_service_graph_subnet"
	AciKubeAPIVlan                       = "aci_kubeapi_vlan"
	AciServiceVlan                       = "aci_service_vlan"
	AciInfraVlan                         = "aci_infra_vlan"
	AciImagePullSecret                   = "aci_image_pull_secret"
	AciTenant                            = "aci_tenant"
	AciNodeSubnet                        = "aci_node_subnet"
	AciMcastRangeStart                   = "aci_mcast_range_start"
	AciMcastRangeEnd                     = "aci_mcast_range_end"
	AciUseAciCniPriorityClass            = "aci_use_aci_cni_priority_class"
	AciNoPriorityClass                   = "aci_no_priority_class"
	AciMaxNodesSvcGraph                  = "aci_max_nodes_svc_graph"
	AciSnatContractScope                 = "aci_snat_contract_scope"
	AciPodSubnetChunkSize                = "aci_pod_subnet_chunk_size"
	AciEnableEndpointSlice               = "aci_enable_endpoint_slice"
	AciSnatNamespace                     = "aci_snat_namespace"
	AciEpRegistry                        = "aci_ep_registry"
	AciOpflexMode                        = "aci_opflex_mode"
	AciSnatPortRangeStart                = "aci_snat_port_range_start"
	AciSnatPortRangeEnd                  = "aci_snat_port_range_end"
	AciSnatPortsPerNode                  = "aci_snat_ports_per_node"
	AciOpflexClientSSL                   = "aci_opflex_client_ssl"
	AciUsePrivilegedContainer            = "aci_use_privileged_container"
	AciUseHostNetnsVolume                = "aci_use_host_netns_volume"
	AciUseOpflexServerVolume             = "aci_use_opflex_server_volume"
	AciKafkaClientCrt                    = "aci_kafka_client_crt"
	AciKafkaClientKey                    = "aci_kafka_client_key"
	AciSubnetDomainName                  = "aci_subnet_domain_name"
	AciCApic                             = "aci_capic"
	AciUseAciAnywhereCRD                 = "aci_use_aci_anywhere_crd"
	AciOverlayVRFName                    = "aci_overlay_vrf_name"
	AciGbpPodSubnet                      = "aci_gbp_pod_subnet"
	AciRunGbpContainer                   = "aci_run_gbp_container"
	AciRunOpflexServerContainer          = "aci_run_opflex_server_container"
	AciOpflexServerPort                  = "aci_opflex_server_port"
	AciDurationWaitForNetwork            = "aci_duration_wait_for_network"
	AciDisableWaitForNetwork             = "aci_disable_wait_for_network"
	AciUseClusterRole                    = "aci_use_cluster_role"
	AciApicSubscriptionDelay             = "aci_apic_subscription_delay"
	AciApicRefreshTickerAdjust           = "aci_apic_refresh_ticker_adjust"
	AciDisablePeriodicSnatGlobalInfoSync = "aci_disable_periodic_snat_global_info_sync"
	AciOpflexDeviceDeleteTimeout         = "aci_opflex_device_delete_timeout"
	AciMTUHeadRoom                       = "aci_mtu_head_room"
	AciNodePodIfEnable                   = "aci_node_pod_if_enable"
	AciSriovEnable                       = "aci_sriov_enable"
	AciMultusDisable                     = "aci_multus_disable"
	AciNoWaitForServiceEpReadiness       = "aci_no_wait_for_service_ep_readiness"
	AciAddExternalSubnetsToRdconfig      = "aci_add_external_subnets_to_rdconfig"

	// EtcdEndpoints is the server address for Etcd, used by calico
	EtcdEndpoints = "EtcdEndpoints"
	// APIRoot is the kubernetes API address
	APIRoot = "APIRoot"

	EtcdClientCert     = "EtcdClientCert"
	EtcdClientKey      = "EtcdClientKey"
	EtcdClientCA       = "EtcdClientCA"
	EtcdClientCertPath = "EtcdClientCertPath"
	EtcdClientKeyPath  = "EtcdClientKeyPath"
	EtcdClientCAPath   = "EtcdClientCAPath"

	ClientCertPath = "ClientCertPath"
	ClientKeyPath  = "ClientKeyPath"
	ClientCAPath   = "ClientCAPath"

	KubeCfg = "KubeCfg"

	ClusterCIDR = "ClusterCIDR"

	Image              = "Image"
	CNIImage           = "CNIImage"
	NodeImage          = "NodeImage"
	ControllersImage   = "ControllersImage"
	CanalFlannelImg    = "CanalFlannelImg"
	FlexVolImg         = "FlexVolImg"
	WeaveLoopbackImage = "WeaveLoopbackImage"

	Calicoctl = "Calicoctl"

	FlannelInterface                       = "FlannelInterface"
	FlannelBackend                         = "FlannelBackend"
	KubeFlannelPriorityClassName           = "KubeFlannelPriorityClassName"
	CalicoNodePriorityClassName            = "CalicoNodePriorityClassName"
	CalicoKubeControllersPriorityClassName = "CalicoKubeControllersPriorityClassName"
	CanalInterface                         = "CanalInterface"
	CanalPriorityClassName                 = "CanalPriorityClassName"
	FlexVolPluginDir                       = "FlexVolPluginDir"
	WeavePassword                          = "WeavePassword"
	WeaveNetPriorityClassName              = "WeaveNetPriorityClassName"
	MTU                                    = "MTU"
	RBACConfig                             = "RBACConfig"
	ClusterVersion                         = "ClusterVersion"
	SystemIdentifier                       = "SystemIdentifier"
	ApicHosts                              = "ApicHosts"
	Token                                  = "Token"
	ApicUserName                           = "ApicUserName"
	ApicUserKey                            = "ApicUserKey"
	ApicUserCrt                            = "ApicUserCrt"
	ApicRefreshTime                        = "ApicRefreshTime"
	VmmDomain                              = "VmmDomain"
	VmmController                          = "VmmController"
	EncapType                              = "EncapType"
	McastRangeStart                        = "McastRangeStart"
	McastRangeEnd                          = "McastRangeEnd"
	AEP                                    = "AEP"
	VRFName                                = "VRFName"
	VRFTenant                              = "VRFTenant"
	L3Out                                  = "L3Out"
	L3OutExternalNetworks                  = "L3OutExternalNetworks"
	DynamicExternalSubnet                  = "DynamicExternalSubnet"
	StaticExternalSubnet                   = "StaticExternalSubnet"
	ServiceGraphSubnet                     = "ServiceGraphSubnet"
	KubeAPIVlan                            = "KubeAPIVlan"
	ServiceVlan                            = "ServiceVlan"
	InfraVlan                              = "InfraVlan"
	ImagePullPolicy                        = "ImagePullPolicy"
	ImagePullSecret                        = "ImagePullSecret"
	Tenant                                 = "Tenant"
	ServiceMonitorInterval                 = "ServiceMonitorInterval"
	PBRTrackingNonSnat                     = "PBRTrackingNonSnat"
	InstallIstio                           = "InstallIstio"
	IstioProfile                           = "IstioProfile"
	DropLogEnable                          = "DropLogEnable"
	ControllerLogLevel                     = "ControllerLogLevel"
	HostAgentLogLevel                      = "HostAgentLogLevel"
	OpflexAgentLogLevel                    = "OpflexAgentLogLevel"
	AciCniDeployContainer                  = "AciCniDeployContainer"
	AciHostContainer                       = "AciHostContainer"
	AciOpflexContainer                     = "AciOpflexContainer"
	AciMcastContainer                      = "AciMcastContainer"
	AciOpenvSwitchContainer                = "AciOpenvSwitchContainer"
	AciControllerContainer                 = "AciControllerContainer"
	AciGbpServerContainer                  = "AciGbpServerContainer"
	AciOpflexServerContainer               = "AciOpflexServerContainer"
	StaticServiceIPStart                   = "StaticServiceIPStart"
	StaticServiceIPEnd                     = "StaticServiceIPEnd"
	PodGateway                             = "PodGateway"
	PodIPStart                             = "PodIPStart"
	PodIPEnd                               = "PodIPEnd"
	NodeServiceIPStart                     = "NodeServiceIPStart"
	NodeServiceIPEnd                       = "NodeServiceIPEnd"
	ServiceIPStart                         = "ServiceIPStart"
	ServiceIPEnd                           = "ServiceIPEnd"
	UseAciCniPriorityClass                 = "UseAciCniPriorityClass"
	NoPriorityClass                        = "NoPriorityClass"
	MaxNodesSvcGraph                       = "MaxNodesSvcGraph"
	SnatContractScope                      = "SnatContractScope"
	PodSubnetChunkSize                     = "PodSubnetChunkSize"
	EnableEndpointSlice                    = "EnableEndpointSlice"
	SnatNamespace                          = "SnatNamespace"
	EpRegistry                             = "EpRegistry"
	OpflexMode                             = "OpflexMode"
	SnatPortRangeStart                     = "SnatPortRangeStart"
	SnatPortRangeEnd                       = "SnatPortRangeEnd"
	SnatPortsPerNode                       = "SnatPortsPerNode"
	OpflexClientSSL                        = "OpflexClientSSL"
	UsePrivilegedContainer                 = "UsePrivilegedContainer"
	UseHostNetnsVolume                     = "UseHostNetnsVolume"
	UseOpflexServerVolume                  = "UseOpflexServerVolume"
	KafkaBrokers                           = "KafkaBrokers"
	KafkaClientCrt                         = "KafkaClientCrt"
	KafkaClientKey                         = "KafkaClientKey"
	SubnetDomainName                       = "SubnetDomainName"
	CApic                                  = "CApic"
	UseAciAnywhereCRD                      = "UseAciAnywhereCRD"
	OverlayVRFName                         = "OverlayVRFName"
	GbpPodSubnet                           = "GbpPodSubnet"
	RunGbpContainer                        = "RunGbpContainer"
	RunOpflexServerContainer               = "RunOpflexServerContainer"
	OpflexServerPort                       = "OpflexServerPort"
	DurationWaitForNetwork                 = "DurationWaitForNetwork"
	DisableWaitForNetwork                  = "DisableWaitForNetwork"
	UseClusterRole                         = "UseClusterRole"
	ApicSubscriptionDelay                  = "ApicSubscriptionDelay"
	ApicRefreshTickerAdjust                = "ApicRefreshTickerAdjust"
	DisablePeriodicSnatGlobalInfoSync      = "DisablePeriodicSnatGlobalInfoSync"
	OpflexDeviceDeleteTimeout              = "OpflexDeviceDeleteTimeout"
	MTUHeadRoom                            = "MTUHeadRoom"
	NodePodIfEnable                        = "NodePodIfEnable"
	SriovEnable                            = "SriovEnable"
	MultusDisable                          = "MultusDisable"
	NoWaitForServiceEpReadiness            = "NoWaitForServiceEpReadiness"
	AddExternalSubnetsToRdconfig           = "AddExternalSubnetsToRdconfig"
	OVSMemoryLimit                         = "OVSMemoryLimit"
	NodeSubnet                             = "NodeSubnet"
	NodeSelector                           = "NodeSelector"
	UpdateStrategy                         = "UpdateStrategy"
	Tolerations                            = "Tolerations"
)
View Source
const (
	ClusterCIDREnv        = "RKE_CLUSTER_CIDR"
	ClusterServiceCIDREnv = "RKE_CLUSTER_SERVICE_CIDR"
	ClusterDNSServerEnv   = "RKE_CLUSTER_DNS_SERVER"
	ClusterDomainEnv      = "RKE_CLUSTER_DOMAIN"

	NodeAddressEnv         = "RKE_NODE_ADDRESS"
	NodeInternalAddressEnv = "RKE_NODE_INTERNAL_ADDRESS"
	NodeNameOverrideEnv    = "RKE_NODE_NAME_OVERRIDE"
	NodePrefixPath         = "RKE_NODE_PREFIX_PATH"

	NetworkConfigurationEnv = "RKE_NETWORK_CONFIGURATION"

	EtcdPathPrefix       = "/registry"
	CloudConfigSumEnv    = "RKE_CLOUD_CONFIG_CHECKSUM"
	CloudProviderNameEnv = "RKE_CLOUD_PROVIDER_NAME"
	AuditLogConfigSumEnv = "RKE_AUDITLOG_CONFIG_CHECKSUM"

	DefaultToolsEntrypoint        = "/opt/rke-tools/entrypoint.sh"
	DefaultToolsEntrypointVersion = "0.1.13"
	LegacyToolsEntrypoint         = "/opt/rke/entrypoint.sh"

	KubeletDockerConfigEnv     = "RKE_KUBELET_DOCKER_CONFIG"
	KubeletDockerConfigFileEnv = "RKE_KUBELET_DOCKER_FILE"
	KubeletDockerConfigPath    = "/var/lib/kubelet/config.json"

	// MaxEtcdOldEnvVersion The versions are maxed out for minor versions because -rancher1 suffix will cause semver to think its older, example: v1.15.0 > v1.15.0-rancher1
	MaxEtcdOldEnvVersion      = "v3.2.99"
	MaxK8s115Version          = "v1.15"
	MaxEtcdPort4001Version    = "v3.4.3-rancher99"
	MaxEtcdNoStrictTLSVersion = "v3.4.14-rancher99"
	MaxK8s121Version          = "v1.21.99-rancher99"
	MaxK8s122Version          = "v1.22.99-rancher99"

	EncryptionProviderConfigArgument = "encryption-provider-config"

	KubeletCRIDockerdNameEnv = "RKE_KUBELET_CRIDOCKERD"
)
View Source
const (
	EncryptionProviderFilePath = "/etc/kubernetes/ssl/encryption.yaml"
)
View Source
const (
	EtcdPlaneNodesReplacedErr = "Etcd plane nodes are replaced. Stopping provisioning. Please restore your cluster from backup."
)
View Source
const (
	SELinuxCheckContainer = "rke-selinux-checker"
)

Variables

View Source
var (
	DNSProviders              = []string{KubeDNSProvider, CoreDNSProvider}
	NginxIngressAddonJobNames = []string{"ingress-nginx-admission-create", "ingress-nginx-admission-patch"}
)
View Source
var (
	DefaultNodeDrainIgnoreDaemonsets      = true
	DefaultDaemonSetMaxUnavailable        = intstr.FromInt(1)
	DefaultDeploymentUpdateStrategyParams = intstr.FromString("25%")
	DefaultDaemonSetUpdateStrategy        = v3.DaemonSetUpdateStrategy{
		Strategy:      appsv1.RollingUpdateDaemonSetStrategyType,
		RollingUpdate: &appsv1.RollingUpdateDaemonSet{MaxUnavailable: &DefaultDaemonSetMaxUnavailable},
	}
	DefaultDeploymentUpdateStrategy = v3.DeploymentStrategy{
		Strategy: appsv1.RollingUpdateDeploymentStrategyType,
		RollingUpdate: &appsv1.RollingUpdateDeployment{
			MaxUnavailable: &DefaultDeploymentUpdateStrategyParams,
			MaxSurge:       &DefaultDeploymentUpdateStrategyParams,
		},
	}
	DefaultClusterProportionalAutoscalerLinearParams = v3.LinearAutoscalerParams{CoresPerReplica: 128, NodesPerReplica: 4, Min: 1, PreventSinglePointFailure: true}
	DefaultMonitoringAddonReplicas                   = int32(1)
)
View Source
var ControlPlanePortList = []string{
	KubeAPIPort,
}
View Source
var EtcdClientPortList = []string{
	EtcdPort1,
}
View Source
var EtcdPortList = []string{
	EtcdPort1,
	EtcdPort2,
}
View Source
var IPv6CompatibleNetworkPlugins = []string{CalicoNetworkPlugin}
View Source
var WorkerPortList = []string{
	KubeletPort,
}

Functions

func ApplyAuthzResources added in v0.1.2

func ApplyAuthzResources(ctx context.Context, rkeConfig v3.RancherKubernetesEngineConfig, flags ExternalFlags, dailersOptions hosts.DialersOptions) error

func BuildPortChecksFromPortList added in v0.1.2

func BuildPortChecksFromPortList(host *hosts.Host, portList []string, proto string) []v3.PortCheck

func BuildRKEConfigNodePlan added in v0.1.2

func BuildRKEConfigNodePlan(ctx context.Context, myCluster *Cluster, host *hosts.Host, svcOptions v3.KubernetesServicesOptions) v3.RKEConfigNodePlan

func CheckEtcdHostsChanged

func CheckEtcdHostsChanged(kubeCluster, currentCluster *Cluster) error

func ConfigureCluster added in v0.1.2

func ConfigureCluster(
	ctx context.Context,
	rkeConfig v3.RancherKubernetesEngineConfig,
	crtBundle map[string]pki.CertificatePKI,
	flags ExternalFlags,
	dailersOptions hosts.DialersOptions,
	data map[string]interface{},
	useKubectl bool) error

func GeneratePlan added in v0.1.2

func GeneratePlan(ctx context.Context, rkeConfig *v3.RancherKubernetesEngineConfig, hostsInfoMap map[string]types.Info, data map[string]interface{}) (v3.RKEPlan, error)

func GetCertificateDirPath added in v0.2.0

func GetCertificateDirPath(configPath, configDir string) string

func GetClusterCertsFromKubernetes added in v0.2.0

func GetClusterCertsFromKubernetes(ctx context.Context, kubeCluster *Cluster) (map[string]pki.CertificatePKI, error)

func GetClusterCertsFromNodes added in v0.2.0

func GetClusterCertsFromNodes(ctx context.Context, kubeCluster *Cluster) (map[string]pki.CertificatePKI, error)

func GetK8sVersion

func GetK8sVersion(localConfigPath string, k8sWrapTransport transport.WrapperFunc) (string, error)

func GetLocalRKEConfig

func GetLocalRKEConfig() *v3.RancherKubernetesEngineConfig

func GetLocalRKENodeConfig

func GetLocalRKENodeConfig() *v3.RKEConfigNode

func GetServiceOptionData added in v0.3.0

func GetServiceOptionData(data map[string]interface{}) map[string]*v3.KubernetesServicesOptions

func GetStateFilePath added in v0.2.0

func GetStateFilePath(configPath, configDir string) string

func IsLegacyKubeAPI added in v0.2.0

func IsLegacyKubeAPI(ctx context.Context, kubeCluster *Cluster) (bool, error)

func ParseConfig

func ParseConfig(clusterFile string) (*v3.RancherKubernetesEngineConfig, error)

func RebuildKubeconfig added in v0.2.0

func RebuildKubeconfig(ctx context.Context, kubeCluster *Cluster) error

func ReconcileCluster

func ReconcileCluster(ctx context.Context, kubeCluster, currentCluster *Cluster, flags ExternalFlags, svcOptionData map[string]*v3.KubernetesServicesOptions) error

func ReconcileEncryptionProviderConfig added in v1.0.0

func ReconcileEncryptionProviderConfig(ctx context.Context, kubeCluster, currentCluster *Cluster) error

func RemoveStateFile added in v1.2.0

func RemoveStateFile(ctx context.Context, statePath string)

func RestartClusterPods added in v0.2.0

func RestartClusterPods(ctx context.Context, kubeCluster *Cluster) error

func RotateRKECertificates added in v0.1.18

func RotateRKECertificates(ctx context.Context, c *Cluster, flags ExternalFlags, clusterState *FullState) error

func SaveFullStateToKubernetes added in v0.2.0

func SaveFullStateToKubernetes(ctx context.Context, kubeCluster *Cluster, fullState *FullState) error

func SetUpAuthentication

func SetUpAuthentication(ctx context.Context, kubeCluster, currentCluster *Cluster, fullState *FullState) error

func ValidateHostCount added in v0.1.2

func ValidateHostCount(c *Cluster) error

Types

type Cluster

type Cluster struct {
	AuthnStrategies                  map[string]bool
	ConfigPath                       string
	ConfigDir                        string
	CloudConfigFile                  string
	ControlPlaneHosts                []*hosts.Host
	Certificates                     map[string]pki.CertificatePKI
	CertificateDir                   string
	ClusterDomain                    string
	ClusterCIDR                      string
	ClusterDNSServer                 string
	DinD                             bool
	DockerDialerFactory              hosts.DialerFactory
	EtcdHosts                        []*hosts.Host
	EtcdReadyHosts                   []*hosts.Host
	ForceDeployCerts                 bool
	InactiveHosts                    []*hosts.Host
	K8sWrapTransport                 transport.WrapperFunc
	KubeClient                       *kubernetes.Clientset
	KubernetesServiceIP              []net.IP
	LocalKubeConfigPath              string
	LocalConnDialerFactory           hosts.DialerFactory
	PrivateRegistriesMap             map[string]v3.PrivateRegistry
	StateFilePath                    string
	UpdateWorkersOnly                bool
	UseKubectlDeploy                 bool
	v3.RancherKubernetesEngineConfig `yaml:",inline"`
	WorkerHosts                      []*hosts.Host
	EncryptionConfig                 encryptionConfig
	NewHosts                         map[string]bool
	MaxUnavailableForWorkerNodes     int
	MaxUnavailableForControlNodes    int
}

func GetStateFromKubernetes added in v0.2.0

func GetStateFromKubernetes(ctx context.Context, kubeCluster *Cluster) (*Cluster, error)

func GetStateFromNodes added in v0.2.0

func GetStateFromNodes(ctx context.Context, kubeCluster *Cluster) *Cluster

func InitClusterObject added in v0.2.0

func InitClusterObject(ctx context.Context, rkeConfig *v3.RancherKubernetesEngineConfig, flags ExternalFlags, encryptConfig string) (*Cluster, error)

func (*Cluster) ApplySystemAddonExecuteJob added in v0.1.9

func (c *Cluster) ApplySystemAddonExecuteJob(addonJob, resourceName string, addonUpdated bool) error

func (*Cluster) BuildEtcdProcess added in v0.1.2

func (c *Cluster) BuildEtcdProcess(host *hosts.Host, etcdHosts []*hosts.Host, serviceOptions v3.KubernetesServicesOptions) v3.Process

func (*Cluster) BuildKubeAPIProcess added in v0.1.2

func (c *Cluster) BuildKubeAPIProcess(host *hosts.Host, serviceOptions v3.KubernetesServicesOptions) v3.Process

func (*Cluster) BuildKubeControllerProcess added in v0.1.2

func (c *Cluster) BuildKubeControllerProcess(host *hosts.Host, serviceOptions v3.KubernetesServicesOptions) v3.Process

func (*Cluster) BuildKubeProxyProcess added in v0.1.2

func (c *Cluster) BuildKubeProxyProcess(host *hosts.Host, serviceOptions v3.KubernetesServicesOptions) v3.Process

func (*Cluster) BuildKubeletProcess added in v0.1.2

func (c *Cluster) BuildKubeletProcess(host *hosts.Host, serviceOptions v3.KubernetesServicesOptions) v3.Process

func (*Cluster) BuildProxyProcess added in v0.1.2

func (c *Cluster) BuildProxyProcess(host *hosts.Host) v3.Process

func (*Cluster) BuildSchedulerProcess added in v0.1.2

func (c *Cluster) BuildSchedulerProcess(host *hosts.Host, serviceOptions v3.KubernetesServicesOptions) v3.Process

func (*Cluster) BuildSidecarProcess added in v0.1.2

func (c *Cluster) BuildSidecarProcess(host *hosts.Host) v3.Process

func (*Cluster) CalculateMaxUnavailable added in v1.0.7

func (c *Cluster) CalculateMaxUnavailable() (int, int, error)

func (*Cluster) CheckClusterPorts

func (c *Cluster) CheckClusterPorts(ctx context.Context, currentCluster *Cluster) error

func (*Cluster) CleanDeadLogs added in v0.1.3

func (c *Cluster) CleanDeadLogs(ctx context.Context) error

func (*Cluster) CleanupFiles added in v0.2.0

func (c *Cluster) CleanupFiles(ctx context.Context) error

func (*Cluster) CleanupNodes added in v0.2.0

func (c *Cluster) CleanupNodes(ctx context.Context) error

func (*Cluster) ClusterRemove

func (c *Cluster) ClusterRemove(ctx context.Context) error

func (*Cluster) DeployControlPlane

func (c *Cluster) DeployControlPlane(ctx context.Context, svcOptionData map[string]*v3.KubernetesServicesOptions, reconcileCluster bool) (string, error)

func (*Cluster) DeployEncryptionProviderFile added in v1.0.0

func (c *Cluster) DeployEncryptionProviderFile(ctx context.Context) error

func (*Cluster) DeployRestoreCerts added in v0.2.0

func (c *Cluster) DeployRestoreCerts(ctx context.Context, clusterCerts map[string]pki.CertificatePKI) error

func (*Cluster) DeployStateFile added in v1.1.5

func (c *Cluster) DeployStateFile(ctx context.Context, stateFilePath, snapshotName string) error

func (*Cluster) DeployWorkerPlane

func (c *Cluster) DeployWorkerPlane(ctx context.Context, svcOptionData map[string]*v3.KubernetesServicesOptions, reconcileCluster bool) (string, error)

func (*Cluster) DisableSecretsEncryption added in v1.0.0

func (c *Cluster) DisableSecretsEncryption(ctx context.Context, currentCluster *Cluster, custom bool) error

func (*Cluster) GetClusterState

func (c *Cluster) GetClusterState(ctx context.Context, fullState *FullState) (*Cluster, error)

func (*Cluster) GetHostInfoMap added in v0.2.0

func (c *Cluster) GetHostInfoMap() map[string]types.Info

func (*Cluster) GetKubernetesServicesOptions added in v0.1.6

func (c *Cluster) GetKubernetesServicesOptions(osType string, data map[string]*v3.KubernetesServicesOptions) (v3.KubernetesServicesOptions, error)

func (*Cluster) GetStateFileFromConfigMap added in v1.2.5

func (c *Cluster) GetStateFileFromConfigMap(ctx context.Context) (string, error)

func (*Cluster) GetStateFileFromSnapshot added in v1.1.5

func (c *Cluster) GetStateFileFromSnapshot(ctx context.Context, snapshotName string) (string, error)

func (*Cluster) InvertIndexHosts

func (c *Cluster) InvertIndexHosts() error

func (*Cluster) IsCRIDockerdEnabled added in v1.3.0

func (c *Cluster) IsCRIDockerdEnabled() bool

func (*Cluster) IsEncryptionCustomConfig added in v1.0.0

func (c *Cluster) IsEncryptionCustomConfig() bool

func (*Cluster) IsEncryptionEnabled added in v1.0.0

func (c *Cluster) IsEncryptionEnabled() bool

func (*Cluster) IsKubeletGenerateServingCertificateEnabled added in v1.0.0

func (c *Cluster) IsKubeletGenerateServingCertificateEnabled() bool

func (*Cluster) PrePullK8sImages added in v0.1.1

func (c *Cluster) PrePullK8sImages(ctx context.Context) error

func (*Cluster) PrepareBackup added in v0.2.0

func (c *Cluster) PrepareBackup(ctx context.Context, snapshotPath string) error

func (*Cluster) ReconcileDesiredStateEncryptionConfig added in v1.0.0

func (c *Cluster) ReconcileDesiredStateEncryptionConfig(ctx context.Context, fullState *FullState) error

ReconcileDesiredStateEncryptionConfig We do the rotation outside of the cluster reconcile logic. When we are done, DesiredState needs to be updated to reflect the "new" configuration

func (*Cluster) RemoveEtcdSnapshot added in v0.2.3

func (c *Cluster) RemoveEtcdSnapshot(ctx context.Context, snapshotName string) error

func (*Cluster) RemoveOldNodes added in v0.2.0

func (c *Cluster) RemoveOldNodes(ctx context.Context) error

func (*Cluster) RestoreEtcdSnapshot added in v0.1.7

func (c *Cluster) RestoreEtcdSnapshot(ctx context.Context, snapshotPath string) error

func (*Cluster) RewriteSecrets added in v1.0.0

func (c *Cluster) RewriteSecrets(ctx context.Context) error

RewriteSecrets does the following: - retrieves all cluster secrets in batches with size of <secretBatchSize> - triggers rewrites with new encryption key by sending each secret over a channel consumed by workers that perform the rewrite - logs progress of rewrite operation

func (*Cluster) RotateEncryptionKey added in v1.0.0

func (c *Cluster) RotateEncryptionKey(ctx context.Context, fullState *FullState) error

func (*Cluster) RunSELinuxCheck added in v1.3.3

func (c *Cluster) RunSELinuxCheck(ctx context.Context) error

func (*Cluster) SetUpHosts

func (c *Cluster) SetUpHosts(ctx context.Context, flags ExternalFlags) error

func (*Cluster) SetupDialers added in v0.2.0

func (c *Cluster) SetupDialers(ctx context.Context, dailersOptions hosts.DialersOptions) error

func (*Cluster) SnapshotEtcd added in v0.1.7

func (c *Cluster) SnapshotEtcd(ctx context.Context, snapshotName string) error

func (*Cluster) StoreAddonConfigMap

func (c *Cluster) StoreAddonConfigMap(ctx context.Context, addonYaml string, addonName string) (bool, error)

func (*Cluster) SyncLabelsAndTaints added in v0.1.1

func (c *Cluster) SyncLabelsAndTaints(ctx context.Context, currentCluster *Cluster) error

func (*Cluster) TunnelHosts

func (c *Cluster) TunnelHosts(ctx context.Context, flags ExternalFlags) error

func (*Cluster) UpdateClusterCurrentState added in v0.2.0

func (c *Cluster) UpdateClusterCurrentState(ctx context.Context, fullState *FullState) error

func (*Cluster) UpgradeControlPlane added in v1.0.7

func (c *Cluster) UpgradeControlPlane(ctx context.Context, kubeClient *kubernetes.Clientset, cpNodePlanMap map[string]v3.RKEConfigNodePlan) (string, error)

func (*Cluster) UpgradeWorkerPlane added in v1.0.7

func (c *Cluster) UpgradeWorkerPlane(ctx context.Context, kubeClient *kubernetes.Clientset, workerNodePlanMap map[string]v3.RKEConfigNodePlan, etcdAndWorkerHosts, workerOnlyHosts []*hosts.Host) (string, error)

func (*Cluster) ValidateCluster

func (c *Cluster) ValidateCluster(ctx context.Context) error

type CoreDNSOptions added in v0.2.0

type CoreDNSOptions struct {
	RBACConfig                         string
	CoreDNSImage                       string
	CoreDNSAutoScalerImage             string
	ClusterDomain                      string
	ClusterDNSServer                   string
	ReverseCIDRs                       []string
	UpstreamNameservers                []string
	NodeSelector                       map[string]string
	UpdateStrategy                     *appsv1.DeploymentStrategy
	LinearAutoscalerParams             string
	Tolerations                        []v1.Toleration
	CoreDNSPriorityClassName           string
	CoreDNSAutoscalerPriorityClassName string
}

type ExternalFlags added in v0.2.0

type ExternalFlags struct {
	CertificateDir   string
	ClusterFilePath  string
	DinD             bool
	ConfigDir        string
	CustomCerts      bool
	DisablePortCheck bool
	GenerateCSR      bool
	Local            bool
	UpdateOnly       bool
	UseLocalState    bool
}

func GetExternalFlags added in v0.2.0

func GetExternalFlags(local, updateOnly, disablePortCheck, useLocalState bool, configDir, clusterFilePath string) ExternalFlags

type FullState added in v0.2.0

type FullState struct {
	DesiredState State `json:"desiredState,omitempty"`
	CurrentState State `json:"currentState,omitempty"`
}

func ReadStateFile added in v0.2.0

func ReadStateFile(ctx context.Context, statePath string) (*FullState, error)

func RebuildState added in v0.2.0

func RebuildState(ctx context.Context, kubeCluster *Cluster, oldState *FullState, flags ExternalFlags) (*FullState, error)

func StringToFullState added in v1.1.5

func StringToFullState(ctx context.Context, stateFileContent string) (*FullState, error)

func (*FullState) WriteStateFile added in v0.2.0

func (s *FullState) WriteStateFile(ctx context.Context, statePath string) error

type KubeDNSOptions added in v0.2.0

type KubeDNSOptions struct {
	RBACConfig                         string
	KubeDNSImage                       string
	DNSMasqImage                       string
	KubeDNSAutoScalerImage             string
	KubeDNSSidecarImage                string
	ClusterDomain                      string
	ClusterDNSServer                   string
	ReverseCIDRs                       []string
	UpstreamNameservers                []string
	StubDomains                        map[string][]string
	NodeSelector                       map[string]string
	UpdateStrategy                     *appsv1.DeploymentStrategy
	LinearAutoscalerParams             string
	Tolerations                        []v1.Toleration
	KubeDNSPriorityClassName           string
	KubeDNSAutoscalerPriorityClassName string
}

type MetricsServerOptions added in v0.1.9

type MetricsServerOptions struct {
	RBACConfig                     string
	Options                        map[string]string
	NodeSelector                   map[string]string
	MetricsServerImage             string
	Version                        string
	UpdateStrategy                 *appsv1.DeploymentStrategy
	Replicas                       *int32
	Tolerations                    []v1.Toleration
	MetricsServerPriorityClassName string
}

type NodelocalOptions added in v1.0.7

type NodelocalOptions struct {
	RBACConfig                    string
	NodelocalImage                string
	ClusterDomain                 string
	ClusterDNSServer              string
	IPAddress                     string
	NodeSelector                  map[string]string
	UpdateStrategy                *appsv1.DaemonSetUpdateStrategy
	NodeLocalDNSPriorityClassName string
}

type State added in v0.2.0

type State struct {
	RancherKubernetesEngineConfig *v3.RancherKubernetesEngineConfig `json:"rkeConfig,omitempty"`
	CertificatesBundle            map[string]pki.CertificatePKI     `json:"certificatesBundle,omitempty"`
	EncryptionConfig              string                            `json:"encryptionConfig,omitempty"`
}

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL