Documentation ¶
Index ¶
- Constants
- Variables
- func AdminKubeconfigReconciler(data adminKubeconfigReconcilerData) reconciling.NamedSecretReconcilerFactory
- func AppClusterLabels(appName, clusterName string, additionalLabels map[string]string) map[string]string
- func BackupCABundleConfigMapName(cluster *kubermaticv1.Cluster) string
- func BaseAppLabels(name string, additionalLabels map[string]string) map[string]string
- func Bool(v bool) *bool
- func BuildNewKubeconfigAsByte(ca *triple.KeyPair, server, commonName string, organizations []string, ...) ([]byte, error)
- func CertWillExpireSoon(cert *x509.Certificate) bool
- func ClusterIPForService(name, namespace string, serviceLister corev1lister.ServiceLister) (*net.IP, error)
- func ClusterRoleBindingAuthDelegatorReconciler(username string) reconciling.NamedClusterRoleBindingReconcilerFactory
- func ConfigMapRevision(ctx context.Context, key types.NamespacedName, client ctrlruntimeclient.Client) (string, error)
- func CopyCredentials(data CredentialsData, cluster *kubermaticv1.Cluster) error
- func ExternalCloudControllerClusterName(cloudSpec *kubermaticv1.CloudSpec) bool
- func ExternalCloudControllerFeatureSupported(dc *kubermaticv1.Datacenter, cloudSpec *kubermaticv1.CloudSpec, ...) bool
- func ExternalCloudProviderEnabled(cluster *kubermaticv1.Cluster) bool
- func FailureDomainZoneAntiAffinity(app string, antiAffinityType kubermaticv1.AntiAffinityType) *corev1.Affinity
- func GetAbsoluteServiceDNSName(service, namespace string) string
- func GetAllowedTLSCipherSuites() []string
- func GetApplicationCacheSize(appSettings *kubermaticv1.ApplicationSettings) *resource.Quantity
- func GetBaseKubeconfig(caCert *x509.Certificate, server, clusterName string) *clientcmdapi.Config
- func GetCABundleFromFile(file string) ([]*x509.Certificate, error)
- func GetCSIMigrationFeatureGates(cluster *kubermaticv1.Cluster, version *semverlib.Version) []string
- func GetClusterExternalIP(cluster *kubermaticv1.Cluster) (*net.IP, error)
- func GetClusterFrontProxyCA(ctx context.Context, namespace string, client ctrlruntimeclient.Client) (*triple.KeyPair, error)
- func GetClusterNodeCIDRMaskSizeIPv4(cluster *kubermaticv1.Cluster) int32
- func GetClusterNodeCIDRMaskSizeIPv6(cluster *kubermaticv1.Cluster) int32
- func GetClusterRef(cluster *kubermaticv1.Cluster) metav1.OwnerReference
- func GetClusterRootCA(ctx context.Context, namespace string, client ctrlruntimeclient.Client) (*triple.KeyPair, error)
- func GetCredentialsReference(cluster *kubermaticv1.Cluster) (*providerconfig.GlobalSecretKeySelector, error)
- func GetDefaultPodCIDRIPv4(provider kubermaticv1.ProviderType) string
- func GetDefaultProxyMode(provider kubermaticv1.ProviderType) string
- func GetDefaultServicesCIDRIPv4(provider kubermaticv1.ProviderType) string
- func GetEtcdRestoreRef(restore *kubermaticv1.EtcdRestore) metav1.OwnerReference
- func GetEtcdRestoreS3Client(ctx context.Context, restore *kubermaticv1.EtcdRestore, ...) (*minio.Client, string, error)
- func GetHTTPProxyEnvVarsFromSeed(seed *kubermaticv1.Seed, inClusterAPIServerURL string) []corev1.EnvVar
- func GetInternalKubeconfigReconciler(namespace, name, commonName string, organizations []string, ...) reconciling.NamedSecretReconcilerFactory
- func GetKubeletPreferredAddressTypes(cluster *kubermaticv1.Cluster, isKonnectivityEnabled bool) string
- func GetKubernetesCloudProviderName(cluster *kubermaticv1.Cluster, externalCloudProvider bool) string
- func GetNodePortsAllowedIPRanges(cluster *kubermaticv1.Cluster, allowedIPRanges *kubermaticv1.NetworkRanges, ...) (res kubermaticv1.NetworkRanges)
- func GetOverrides(componentSettings kubermaticv1.ComponentSettings) map[string]*corev1.ResourceRequirements
- func GetPodTemplateLabels(ctx context.Context, client ctrlruntimeclient.Client, ...) (map[string]string, error)
- func GetProjectRef(project *kubermaticv1.Project) metav1.OwnerReference
- func GetVerticalPodAutoscalersForAll(ctx context.Context, client ctrlruntimeclient.Client, ...) ([]reconciling.NamedVerticalPodAutoscalerReconcilerFactory, error)
- func HealthyDaemonSet(ctx context.Context, client ctrlruntimeclient.Client, nn types.NamespacedName, ...) (kubermaticv1.HealthStatus, error)
- func HealthyDeployment(ctx context.Context, client ctrlruntimeclient.Client, nn types.NamespacedName, ...) (kubermaticv1.HealthStatus, error)
- func HealthyStatefulSet(ctx context.Context, client ctrlruntimeclient.Client, nn types.NamespacedName, ...) (kubermaticv1.HealthStatus, error)
- func HostnameAntiAffinity(app string, antiAffinityType kubermaticv1.AntiAffinityType) *corev1.Affinity
- func ImagePullSecretReconciler(dockerPullConfigJSON []byte) reconciling.NamedSecretReconcilerFactory
- func InClusterApiserverIP(cluster *kubermaticv1.Cluster) (*net.IP, error)
- func Int32(v int32) *int32
- func Int64(v int64) *int64
- func IsClientCertificateValidForAllOf(cert *x509.Certificate, commonName string, organizations []string, ...) bool
- func IsServerCertificateValidForAllOf(cert *x509.Certificate, commonName string, altNames certutil.AltNames, ...) bool
- func IsValidKubeconfig(kubeconfigBytes []byte, caCert *x509.Certificate, server, commonName string, ...) (bool, error)
- func MergeAffinities(a *corev1.Affinity, b *corev1.Affinity) *corev1.Affinity
- func MigrationToExternalCloudControllerSupported(dc *kubermaticv1.Datacenter, cluster *kubermaticv1.Cluster, ...) bool
- func RoleBindingAuthenticationReaderReconciler(username string) reconciling.NamedRoleBindingReconcilerFactory
- func SanitizeEnvVars(envVars []corev1.EnvVar) []corev1.EnvVar
- func SecretRevision(ctx context.Context, key types.NamespacedName, client ctrlruntimeclient.Client) (string, error)
- func ServiceAccountSecretReconciler(data CredentialsData) reconciling.NamedSecretReconcilerFactory
- func SetResourceRequirements(containers []corev1.Container, ...) error
- func String(v string) *string
- func SupportsFailureDomainZoneAntiAffinity(ctx context.Context, client ctrlruntimeclient.Client) (bool, error)
- func UnwrapCommand(container corev1.Container) (found bool, command httpproberapi.Command)
- func UserClusterDNSPolicyAndConfig(d userClusterDNSPolicyAndConfigData) (corev1.DNSPolicy, *corev1.PodDNSConfig, error)
- func UserClusterDNSResolverIP(cluster *kubermaticv1.Cluster) (string, error)
- func ViewerKubeconfigReconciler(data *TemplateData) reconciling.NamedSecretReconcilerFactory
- func VolumeRevisionLabels(ctx context.Context, client ctrlruntimeclient.Client, namespace string, ...) (map[string]string, error)
- type AKSCredentials
- type AKSMDState
- type AKSState
- type AWSCredentials
- type AlibabaCredentials
- type AnexiaCredentials
- type AzureCredentials
- type BaremetalCredentials
- type CABundle
- type Credentials
- type CredentialsData
- type DigitaloceanCredentials
- type ECDSAKeyPair
- type EKSCredential
- type EKSCredentials
- type EKSMDState
- type EKSState
- type GCPCredentials
- type GKECredentials
- type GKEMDState
- type GKEState
- type HetznerCredentials
- type KubevirtCredentials
- type NutanixCredentials
- type OpenstackCredentials
- type PacketCredentials
- type Requirements
- type TemplateData
- func (d *TemplateData) BackupSchedule() time.Duration
- func (d *TemplateData) CABundle() CABundle
- func (d *TemplateData) Cluster() *kubermaticv1.Cluster
- func (d *TemplateData) ClusterIPByServiceName(name string) (string, error)
- func (d *TemplateData) ComputedNodePortRange() string
- func (d *TemplateData) DC() *kubermaticv1.Datacenter
- func (d *TemplateData) DNATControllerImage() string
- func (d *TemplateData) DNATControllerTag() string
- func (d *TemplateData) EtcdBackupDeleteContainer() *corev1.Container
- func (d *TemplateData) EtcdBackupDestination() *kubermaticv1.BackupDestination
- func (d *TemplateData) EtcdBackupStoreContainer() *corev1.Container
- func (d *TemplateData) EtcdDiskSize() resource.Quantity
- func (d *TemplateData) EtcdLauncherImage() string
- func (d *TemplateData) EtcdLauncherTag() string
- func (d *TemplateData) ExternalIP() (*net.IP, error)
- func (d *TemplateData) GetAPIServerAlternateNames() (*certutil.AltNames, error)
- func (d *TemplateData) GetCSIMigrationFeatureGates(version *semverlib.Version) []string
- func (d *TemplateData) GetCloudProviderName() (string, error)
- func (d *TemplateData) GetClusterRef() metav1.OwnerReference
- func (data *TemplateData) GetEnvVars() ([]corev1.EnvVar, error)
- func (d *TemplateData) GetFrontProxyCA() (*triple.KeyPair, error)
- func (d *TemplateData) GetGlobalSecretKeySelectorValue(configVar *providerconfig.GlobalSecretKeySelector, key string) (string, error)
- func (d *TemplateData) GetKonnectivityKeepAliveTime() string
- func (d *TemplateData) GetKonnectivityServerPort() (int32, error)
- func (d *TemplateData) GetLegacyOverwriteRegistry() string
- func (d *TemplateData) GetMLAGatewayCA() (*ECDSAKeyPair, error)
- func (d *TemplateData) GetMLAGatewayPort() (int32, error)
- func (d *TemplateData) GetOpenVPNCA() (*ECDSAKeyPair, error)
- func (d *TemplateData) GetOpenVPNServerPort() (int32, error)
- func (d *TemplateData) GetPodTemplateLabels(appName string, volumes []corev1.Volume, additionalLabels map[string]string) (map[string]string, error)
- func (d *TemplateData) GetRootCA() (*triple.KeyPair, error)
- func (d *TemplateData) GetSecretKeyValue(ref *corev1.SecretKeySelector) ([]byte, error)
- func (d *TemplateData) GetTunnelingAgentIP() string
- func (d *TemplateData) GetViewerToken() (string, error)
- func (d *TemplateData) ImageRewriter() registry.ImageRewriter
- func (d *TemplateData) IsKonnectivityEnabled() bool
- func (d *TemplateData) KCMCloudControllersDeactivated() bool
- func (d *TemplateData) KubermaticAPIImage() string
- func (d *TemplateData) KubermaticConfiguration() *kubermaticv1.KubermaticConfiguration
- func (d *TemplateData) KubermaticDockerTag() string
- func (d *TemplateData) MachineControllerImageRepository() string
- func (d *TemplateData) MachineControllerImageTag() string
- func (d *TemplateData) NetworkIntfMgrImage() string
- func (d *TemplateData) NodeAccessNetwork() string
- func (d *TemplateData) NodeLocalDNSCacheEnabled() bool
- func (d *TemplateData) NodePortProxyTag() string
- func (d *TemplateData) NodePortRange() string
- func (d *TemplateData) NodePorts() (int, int)
- func (d *TemplateData) OIDCIssuerClientID() string
- func (d *TemplateData) OIDCIssuerURL() string
- func (d *TemplateData) OperatingSystemManagerImageRepository() string
- func (d *TemplateData) OperatingSystemManagerImageTag() string
- func (d *TemplateData) ProviderName() string
- func (d *TemplateData) RewriteImage(image string) (string, error)
- func (d *TemplateData) Seed() *kubermaticv1.Seed
- func (d *TemplateData) SupportsFailureDomainZoneAntiAffinity() bool
- func (d *TemplateData) UserClusterMLAEnabled() bool
- type TemplateDataBuilder
- func (td TemplateDataBuilder) Build() *TemplateData
- func (td *TemplateDataBuilder) WithBackupPeriod(backupPeriod time.Duration) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithCABundle(bundle CABundle) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithClient(client ctrlruntimeclient.Client) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithCluster(cluster *kubermaticv1.Cluster) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithContext(ctx context.Context) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithDatacenter(dc *kubermaticv1.Datacenter) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithDnatControllerImage(image string) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithEtcdBackupDeleteContainer(container *corev1.Container) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithEtcdBackupDestination(destination *kubermaticv1.BackupDestination) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithEtcdBackupStoreContainer(container *corev1.Container) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithEtcdDiskSize(etcdDiskSize resource.Quantity) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithEtcdLauncherImage(image string) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithFailureDomainZoneAntiaffinity(enabled bool) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithKonnectivityEnabled(enabled bool) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithKubermaticConfiguration(cfg *kubermaticv1.KubermaticConfiguration) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithKubermaticImage(image string) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithMachineControllerImageRepository(repository string) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithMachineControllerImageTag(tag string) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithNetworkIntfMgrImage(image string) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithNodeAccessNetwork(nodeAccessNetwork string) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithNodePortRange(npRange string) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithOIDCIssuerClientID(clientID string) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithOIDCIssuerURL(url string) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithOverwriteRegistry(overwriteRegistry string) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithSeed(s *kubermaticv1.Seed) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithTunnelingAgentIP(tunnelingAgentIP string) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithUserClusterMLAEnabled(enabled bool) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithVersions(v kubermatic.Versions) *TemplateDataBuilder
- type TinkerbellCredentials
- type VMwareCloudDirectorCredentials
- type VSphereCredentials
Constants ¶
const ( // ApiServer secure port. APIServerSecurePort = 6443 NodeLocalDNSCacheAddress = "169.254.20.10" )
const ( // ApiserverDeploymentName is the name of the apiserver deployment. ApiserverDeploymentName = "apiserver" // ControllerManagerDeploymentName is the name for the controller manager deployment. ControllerManagerDeploymentName = "controller-manager" // SchedulerDeploymentName is the name for the scheduler deployment. SchedulerDeploymentName = "scheduler" // OperatingSystemManagerDeploymentName is the name for the operating-system-manager deployment. OperatingSystemManagerDeploymentName = "operating-system-manager" // OperatingSystemManagerContainerName is the name for the container created within the operating-system-manager deployment. OperatingSystemManagerContainerName = "operating-system-manager" // OperatingSystemManagerWebhookDeploymentName is the name for the operating-system-manager webhook deployment. OperatingSystemManagerWebhookDeploymentName = "operating-system-manager-webhook" // OperatingSystemManagerWebhookServiceName is the name for the operating-system-manager webhook service. OperatingSystemManagerWebhookServiceName = "operating-system-manager-webhook" // MachineControllerDeploymentName is the name for the machine-controller deployment. MachineControllerDeploymentName = "machine-controller" // MachineControllerWebhookDeploymentName is the name for the machine-controller webhook deployment. MachineControllerWebhookDeploymentName = "machine-controller-webhook" // MetricsServerDeploymentName is the name for the metrics-server deployment. MetricsServerDeploymentName = "metrics-server" // OpenVPNServerDeploymentName is the name for the openvpn server deployment. OpenVPNServerDeploymentName = "openvpn-server" // DNSResolverDeploymentName is the name of the dns resolver deployment. DNSResolverDeploymentName = "dns-resolver" // DNSResolverConfigMapName is the name of the dns resolvers configmap. DNSResolverConfigMapName = "dns-resolver" // DNSResolverServiceName is the name of the dns resolvers service. DNSResolverServiceName = "dns-resolver" // DNSResolverPodDisruptionBudetName is the name of the dns resolvers pdb. DNSResolverPodDisruptionBudetName = "dns-resolver" // KubeStateMetricsDeploymentName is the name of the kube-state-metrics deployment. KubeStateMetricsDeploymentName = "kube-state-metrics" // UserClusterControllerDeploymentName is the name of the usercluster-controller deployment. UserClusterControllerDeploymentName = "usercluster-controller" // UserClusterControllerContainerName is the name of the container within the usercluster-controller deployment. UserClusterControllerContainerName = "usercluster-controller" // ClusterAutoscalerDeploymentName is the name of the cluster-autoscaler deployment. ClusterAutoscalerDeploymentName = "cluster-autoscaler" // KubernetesDashboardDeploymentName is the name of the Kubernetes Dashboard deployment. KubernetesDashboardDeploymentName = "kubernetes-dashboard" // KubeLBDeploymentName is the name of the KubeLB deployment. KubeLBDeploymentName = "kubelb-ccm" // MetricsScraperDeploymentName is the name of dashboard-metrics-scraper deployment. MetricsScraperDeploymentName = "dashboard-metrics-scraper" // MetricsScraperServiceName is the name of dashboard-metrics-scraper service. MetricsScraperServiceName = "dashboard-metrics-scraper" // PrometheusStatefulSetName is the name for the prometheus StatefulSet. PrometheusStatefulSetName = "prometheus" // EtcdStatefulSetName is the name for the etcd StatefulSet. EtcdStatefulSetName = "etcd" // EtcdDefaultBackupConfigName is the name for the default (preinstalled) EtcdBackupConfig of a cluster. EtcdDefaultBackupConfigName = "default-backups" // EtcdTLSEnabledAnnotation is the annotation assigned to etcd Pods that run with a TLS peer endpoint. EtcdTLSEnabledAnnotation = "etcd.kubermatic.k8c.io/tls-peer-enabled" // EncryptionConfigurationSecretName is the name of secret storing the API server's EncryptionConfiguration. EncryptionConfigurationSecretName = "apiserver-encryption-configuration" // EncryptionConfigurationKeyName is the name of the secret key that is used to store the configuration file for encryption-at-rest. EncryptionConfigurationKeyName = "encryption-configuration.yaml" // NodePortProxyEnvoyDeploymentName is the name of the nodeport-proxy deployment in the user cluster. NodePortProxyEnvoyDeploymentName = "nodeport-proxy-envoy" // NodePortProxyEnvoyContainerName is the name of the envoy container in the nodeport-proxy deployment. NodePortProxyEnvoyContainerName = "envoy" // ApiserverServiceName is the name for the apiserver service. ApiserverServiceName = "apiserver-external" // FrontLoadBalancerServiceName is the name of the LoadBalancer service that fronts everything // when using exposeStrategy "LoadBalancer". FrontLoadBalancerServiceName = "front-loadbalancer" // MetricsServerServiceName is the name for the metrics-server service. MetricsServerServiceName = "metrics-server" // MetricsServerExternalNameServiceName is the name for the metrics-server service inside the user cluster. MetricsServerExternalNameServiceName = "metrics-server" // EtcdServiceName is the name for the etcd service. EtcdServiceName = "etcd" // EtcdDefragCronJobName is the name for the defrag cronjob deployment. EtcdDefragCronJobName = "etcd-defragger" // OpenVPNServerServiceName is the name for the openvpn server service. OpenVPNServerServiceName = "openvpn-server" // MachineControllerWebhookServiceName is the name of the machine-controller webhook service. MachineControllerWebhookServiceName = "machine-controller-webhook" // MetricsServerAPIServiceName is the name for the metrics-server APIService. MetricsServerAPIServiceName = "v1beta1.metrics.k8s.io" // AdminKubeconfigSecretName is the name for the secret containing the private ca key. AdminKubeconfigSecretName = "admin-kubeconfig" // ViewerKubeconfigSecretName is the name for the secret containing the viewer kubeconfig. ViewerKubeconfigSecretName = "viewer-kubeconfig" // SchedulerKubeconfigSecretName is the name for the secret containing the kubeconfig used by the scheduler. SchedulerKubeconfigSecretName = "scheduler-kubeconfig" // KubeLBCCMCertUsername is the name of the user coming from kubeconfig cert. KubeLBCCMCertUsername = "kubermatic:kubelb-ccm" // KubeletDnatControllerKubeconfigSecretName is the name for the secret containing the kubeconfig used by the kubeletdnatcontroller. KubeletDnatControllerKubeconfigSecretName = "kubeletdnatcontroller-kubeconfig" // KubeStateMetricsKubeconfigSecretName is the name for the secret containing the kubeconfig used by kube-state-metrics. KubeStateMetricsKubeconfigSecretName = "kube-state-metrics-kubeconfig" // MetricsServerKubeconfigSecretName is the name for the secret containing the kubeconfig used by the metrics-server. MetricsServerKubeconfigSecretName = "metrics-server" // ControllerManagerKubeconfigSecretName is the name of the secret containing the kubeconfig used by controller manager. ControllerManagerKubeconfigSecretName = "controllermanager-kubeconfig" // OperatingSystemManagerKubeconfigSecretName is the name for the secret containing the kubeconfig used by the osm. OperatingSystemManagerKubeconfigSecretName = "operatingsystemmanager-kubeconfig" // OperatingSystemManagerKubeconfigSecretName is the name for the secret containing the kubeconfig used by the osm webhook. OperatingSystemManagerWebhookKubeconfigSecretName = "operatingsystemmanager-webhook-kubeconfig" // MachineControllerKubeconfigSecretName is the name for the secret containing the kubeconfig used by the machinecontroller. MachineControllerKubeconfigSecretName = "machinecontroller-kubeconfig" // CloudControllerManagerKubeconfigSecretName is the name for the secret containing the kubeconfig used by the external cloud provider. CloudControllerManagerKubeconfigSecretName = "cloud-controller-manager-kubeconfig" // MachineControllerWebhookServingCertSecretName is the name for the secret containing the serving cert for the // machine-controller webhook. MachineControllerWebhookServingCertSecretName = "machinecontroller-webhook-serving-cert" // MachineControllerWebhookServingCertCertKeyName is the name for the key that contains the cert. MachineControllerWebhookServingCertCertKeyName = "cert.pem" // MachineControllerWebhookServingCertKeyKeyName is the name for the key that contains the key. MachineControllerWebhookServingCertKeyKeyName = "key.pem" // OperatingSystemManagerWebhookServingCertSecretName is the name for the operating-system-manager webhook TLS server certificate secret. OperatingSystemManagerWebhookServingCertSecretName = "operating-system-manager-webhook-serving-cert" // OperatingSystemManagerWebhookServingCertCertKeyName is the name for the key that contains the cert. OperatingSystemManagerWebhookServingCertCertKeyName = "tls.crt" // OperatingSystemManagerWebhookServingCertCertKeyName is the name for the key that contains the private key. OperatingSystemManagerWebhookServingCertKeyKeyName = "tls.key" // PrometheusApiserverClientCertificateSecretName is the name for the secret containing the client certificate used by prometheus to access the apiserver. PrometheusApiserverClientCertificateSecretName = "prometheus-apiserver-certificate" // ClusterAutoscalerKubeconfigSecretName is the name of the kubeconfig secret used for // the cluster-autoscaler. ClusterAutoscalerKubeconfigSecretName = "cluster-autoscaler-kubeconfig" // KubernetesDashboardKubeconfigSecretName is the name of the kubeconfig secret user for Kubernetes Dashboard. KubernetesDashboardKubeconfigSecretName = "kubernetes-dashboard-kubeconfig" // WEBTerminalKubeconfigSecretName is the name of the kubeconfig secret user for WEB terminal tools pod. WEBTerminalKubeconfigSecretName = "web-terminal-kubeconfig" // ImagePullSecretName specifies the name of the dockercfg secret used to access the private repo. ImagePullSecretName = "dockercfg" // FrontProxyCASecretName is the name for the secret containing the front proxy ca. FrontProxyCASecretName = "front-proxy-ca" // CASecretName is the name for the secret containing the root ca. CASecretName = "ca" // ApiserverTLSSecretName is the name for the secrets required for the apiserver tls. ApiserverTLSSecretName = "apiserver-tls" // KubeletClientCertificatesSecretName is the name for the secret containing the kubelet client certificates. KubeletClientCertificatesSecretName = "kubelet-client-certificates" // ServiceAccountKeySecretName is the name for the secret containing the service account key. ServiceAccountKeySecretName = "service-account-key" // TokensSecretName is the name for the secret containing the user tokens. TokensSecretName = "tokens" // ViewerTokenSecretName is the name for the secret containing the viewer token. ViewerTokenSecretName = "viewer-token" // OpenVPNCASecretName is the name of the secret that contains the OpenVPN CA. OpenVPNCASecretName = "openvpn-ca" // OpenVPNServerCertificatesSecretName is the name for the secret containing the openvpn server certificates. OpenVPNServerCertificatesSecretName = "openvpn-server-certificates" // OpenVPNClientCertificatesSecretName is the name for the secret containing the openvpn client certificates. OpenVPNClientCertificatesSecretName = "openvpn-client-certificates" // CloudConfigSecretName is the name for the secret containing the cloud-config inside the user cluster. CloudConfigSecretName = "cloud-config" // CSICloudConfigSecretName is the name for the secret containing the cloud-config used by the csi driver inside the user cluster. CSICloudConfigSecretName = "cloud-config-csi" // EtcdTLSCertificateSecretName is the name for the secret containing the etcd tls certificate used for transport security. EtcdTLSCertificateSecretName = "etcd-tls-certificate" // ApiserverEtcdClientCertificateSecretName is the name for the secret containing the client certificate used by the apiserver for authenticating against etcd. ApiserverEtcdClientCertificateSecretName = "apiserver-etcd-client-certificate" // ApiserverFrontProxyClientCertificateSecretName is the name for the secret containing the apiserver's client certificate for proxy auth. ApiserverFrontProxyClientCertificateSecretName = "apiserver-proxy-client-certificate" // GoogleServiceAccountSecretName is the name of the secret that contains the Google Service Account. GoogleServiceAccountSecretName = "google-service-account" // GoogleServiceAccountVolumeName is the name of the volume containing the Google Service Account secret. GoogleServiceAccountVolumeName = "google-service-account-volume" // AuditLogVolumeName is the name of the volume that hold the audit log of the apiserver. AuditLogVolumeName = "audit-log" // KubernetesDashboardKeyHolderSecretName is the name of the secret that contains JWE token encryption key // used by the Kubernetes Dashboard. KubernetesDashboardKeyHolderSecretName = "kubernetes-dashboard-key-holder" // KubernetesDashboardCsrfTokenSecretName is the name of the secret that contains CSRF token used by // the Kubernetes Dashboard. KubernetesDashboardCsrfTokenSecretName = "kubernetes-dashboard-csrf" // CABundleConfigMapName is the name for the configmap that contains the CA bundle for all usercluster components. CABundleConfigMapName = "ca-bundle" // CABundleConfigMapKey is the key under which a ConfigMap must contain a PEM-encoded collection of certificates. CABundleConfigMapKey = "ca-bundle.pem" // CloudConfigSeedSecretName is the name for the secret containing the cloud-config inside the usercluster namespace // on the seed cluster. Not to be confused with CloudConfigSecretName, which is the copy of this Secret inside the // usercluster. CloudConfigSeedSecretName = "cloud-config" // CloudConfigKey is the key under which the cloud-config in the cloud-config Secret can be found. CloudConfigKey = "config" // OpenVPNClientConfigsConfigMapName is the name for the ConfigMap containing the OpenVPN client config used within the user cluster. OpenVPNClientConfigsConfigMapName = "openvpn-client-configs" // OpenVPNClientConfigConfigMapName is the name for the ConfigMap containing the OpenVPN client config used by the client inside the user cluster. OpenVPNClientConfigConfigMapName = "openvpn-client-config" // ClusterInfoConfigMapName is the name for the ConfigMap containing the cluster-info used by the bootstrap token mechanism. ClusterInfoConfigMapName = "cluster-info" // PrometheusConfigConfigMapName is the name for the configmap containing the prometheus config. PrometheusConfigConfigMapName = "prometheus" // AuditConfigMapName is the name for the configmap that contains the content of the file that will be passed to the apiserver with the flag "--audit-policy-file". AuditConfigMapName = "audit-config" // FluentBitSecretName is the name of the secret that contains the fluent-bit configuration mounted // into kube-apisever and used by the "audit-logs" sidecar to ship audit logs. FluentBitSecretName = "audit-logs-fluentbit" // AuditWebhookVolumeName is the name of the volume that contains the audit webhook configuration mounted into kube-apisever. AuditWebhookVolumeName = "audit-webhook-backend" // AdmissionControlConfigMapName is the name for the configmap that contains the Admission Controller config file. AdmissionControlConfigMapName = "adm-control" // PrometheusServiceAccountName is the name for the Prometheus serviceaccount. PrometheusServiceAccountName = "prometheus" // PrometheusRoleName is the name for the Prometheus role. PrometheusRoleName = "prometheus" // PrometheusRoleBindingName is the name for the Prometheus rolebinding. PrometheusRoleBindingName = "prometheus" // CloudControllerManagerRoleBindingName is the name for the cloud controller manager rolebinding. CloudControllerManagerRoleBindingName = "cloud-controller-manager" // DefaultServiceAccountName is the name of Kubernetes default service accounts. DefaultServiceAccountName = "default" // OperatingSystemManagerCertUsername is the name of the user coming from kubeconfig cert. OperatingSystemManagerCertUsername = "operating-system-manager" // OperatingSystemManagerWebhookCertUsername is the name of the user coming from the kubeconfig cert. OperatingSystemManagerWebhookCertUsername = "operating-system-manager-webhook" // MachineControllerCertUsername is the name of the user coming from kubeconfig cert. MachineControllerCertUsername = "machine-controller" // KubeStateMetricsCertUsername is the name of the user coming from kubeconfig cert. KubeStateMetricsCertUsername = "kube-state-metrics" // MetricsServerCertUsername is the name of the user coming from kubeconfig cert. MetricsServerCertUsername = "metrics-server" // MetricsServerServiceAccountName is the name of the metrics server service account. MetricsServerServiceAccountName = "metrics-server" // ControllerManagerCertUsername is the name of the user coming from kubeconfig cert. ControllerManagerCertUsername = "system:kube-controller-manager" // CloudControllerManagerCertUsername is the name of the user coming from kubeconfig cert. CloudControllerManagerCertUsername = "system:cloud-controller-manager" // SchedulerCertUsername is the name of the user coming from kubeconfig cert. SchedulerCertUsername = "system:kube-scheduler" // KubeletDnatControllerCertUsername is the name of the user coming from kubeconfig cert. KubeletDnatControllerCertUsername = "kubermatic:kubeletdnat-controller" // PrometheusCertUsername is the name of the user coming from kubeconfig cert. PrometheusCertUsername = "prometheus" // ClusterAutoscalerCertUsername is the name of the user coming from the CA kubeconfig cert. ClusterAutoscalerCertUsername = "kubermatic:cluster-autoscaler" // KubernetesDashboardCertUsername is the name of the user coming from kubeconfig cert. KubernetesDashboardCertUsername = "kubermatic:kubernetes-dashboard" // MetricsScraperServiceAccountUsername is the name of the user coming from kubeconfig cert. MetricsScraperServiceAccountUsername = "dashboard-metrics-scraper" // KubeletDnatControllerClusterRoleName is the name for the KubeletDnatController cluster role. KubeletDnatControllerClusterRoleName = "system:kubermatic-kubeletdnat-controller" // KubeletDnatControllerClusterRoleBindingName is the name for the KubeletDnatController clusterrolebinding. KubeletDnatControllerClusterRoleBindingName = "system:kubermatic-kubeletdnat-controller" // ClusterInfoReaderRoleName is the name for the role which allows reading the cluster-info ConfigMap. ClusterInfoReaderRoleName = "cluster-info" // MachineControllerRoleName is the name for the MachineController roles. MachineControllerRoleName = "machine-controller" // OperatingSystemManagerRoleName is the name for the OperatingSystemManager roles. OperatingSystemManagerRoleName = "operating-system-manager" // MachineControllerRoleBindingName is the name for the MachineController rolebinding. MachineControllerRoleBindingName = "machine-controller" // OperatingSystemManagerRoleBindingName is the name for the OperatingSystemManager rolebinding. OperatingSystemManagerRoleBindingName = "operating-system-manager" // ClusterInfoAnonymousRoleBindingName is the name for the RoleBinding giving access to the cluster-info ConfigMap to anonymous users. ClusterInfoAnonymousRoleBindingName = "cluster-info" // MetricsServerAuthReaderRoleName is the name for the metrics server role. MetricsServerAuthReaderRoleName = "metrics-server-auth-reader" // MachineControllerClusterRoleName is the name for the MachineController cluster role. MachineControllerClusterRoleName = "system:kubermatic-machine-controller" // OperatingSystemManagerClusterRoleName is the name for the OperatingSystemManager cluster role. OperatingSystemManagerClusterRoleName = "system:kubermatic-operating-system-manager" // KubeStateMetricsClusterRoleName is the name for the KubeStateMetrics cluster role. KubeStateMetricsClusterRoleName = "system:kubermatic-kube-state-metrics" // MetricsServerClusterRoleName is the name for the metrics server cluster role. MetricsServerClusterRoleName = "system:metrics-server" // PrometheusClusterRoleName is the name for the Prometheus cluster role. PrometheusClusterRoleName = "external-prometheus" // MachineControllerClusterRoleBindingName is the name for the MachineController ClusterRoleBinding. MachineControllerClusterRoleBindingName = "system:kubermatic-machine-controller" // OperatingSystemManagerClusterRoleBindingName is the name for the OperatingSystemManager ClusterRoleBinding. OperatingSystemManagerClusterRoleBindingName = "system:kubermatic-operating-system-manager" // KubeStateMetricsClusterRoleBindingName is the name for the KubeStateMetrics ClusterRoleBinding. KubeStateMetricsClusterRoleBindingName = "system:kubermatic-kube-state-metrics" // PrometheusClusterRoleBindingName is the name for the Prometheus ClusterRoleBinding. PrometheusClusterRoleBindingName = "system:external-prometheus" // MetricsServerResourceReaderClusterRoleBindingName is the name for the metrics server ClusterRoleBinding. MetricsServerResourceReaderClusterRoleBindingName = "system:metrics-server" // ClusterAutoscalerClusterRoleName is the name of the clusterrole for the cluster autoscaler. ClusterAutoscalerClusterRoleName = "system:kubermatic-cluster-autoscaler" // ClusterAutoscalerClusterRoleBindingName is the name of the clusterrolebinding for the CA. ClusterAutoscalerClusterRoleBindingName = "system:kubermatic-cluster-autoscaler" // KubernetesDashboardRoleName is the name of the role for the Kubernetes Dashboard. KubernetesDashboardRoleName = "system:kubernetes-dashboard" // KubernetesDashboardRoleBindingName is the name of the role binding for the Kubernetes Dashboard. KubernetesDashboardRoleBindingName = "system:kubernetes-dashboard" // MetricsScraperClusterRoleName is the name of the role for the dashboard-metrics-scraper. MetricsScraperClusterRoleName = "system:dashboard-metrics-scraper" // MetricsScraperClusterRoleBindingName is the name of the role binding for the dashboard-metrics-scraper. MetricsScraperClusterRoleBindingName = "system:dashboard-metrics-scraper" // EtcdPodDisruptionBudgetName is the name of the PDB for the etcd StatefulSet. EtcdPodDisruptionBudgetName = "etcd" // ApiserverPodDisruptionBudgetName is the name of the PDB for the apiserver deployment. ApiserverPodDisruptionBudgetName = "apiserver" // MetricsServerPodDisruptionBudgetName is the name of the PDB for the metrics-server deployment. MetricsServerPodDisruptionBudgetName = "metrics-server" // KubermaticNamespace is the main kubermatic namespace. KubermaticNamespace = "kubermatic" // KubermaticWebhookServiceName is the name of the kuberamtic webhook service in seed cluster. KubermaticWebhookServiceName = "kubermatic-webhook" // GatekeeperControllerDeploymentName is the name of the gatekeeper controller deployment. GatekeeperControllerDeploymentName = "gatekeeper-controller-manager" // GatekeeperAuditDeploymentName is the name of the gatekeeper audit deployment. GatekeeperAuditDeploymentName = "gatekeeper-audit" // GatekeeperWebhookServiceName is the name of the gatekeeper webhook service. GatekeeperWebhookServiceName = "gatekeeper-webhook-service" // GatekeeperWebhookServerCertSecretName is the name of the gatekeeper webhook cert secret name. GatekeeperWebhookServerCertSecretName = "gatekeeper-webhook-server-cert" // GatekeeperPodDisruptionBudgetName is the name of the PDB for the gatekeeper controller manager. GatekeeperPodDisruptionBudgetName = "gatekeeper-controller-manager" // GatekeeperRoleName is the name for the Gatekeeper role. GatekeeperRoleName = "gatekeeper-manager-role" // GatekeeperRoleBindingName is the name for the Gatekeeper rolebinding. GatekeeperRoleBindingName = "gatekeeper-manager-rolebinding" // GatekeeperServiceAccountName is the name for the Gatekeeper service account. GatekeeperServiceAccountName = "gatekeeper-admin" // GatekeeperNamespace is the main gatkeeper namespace where the gatekeeper config is stored. GatekeeperNamespace = "gatekeeper-system" // ExperimentalEnableMutation enables gatekeeper to validate created kubernetes resources and also modify them based on defined mutation policies. ExperimentalEnableMutation = false // AuditMatchKindOnly enables gatekeeper to only audit resources in OPA cache. AuditMatchKindOnly = false // ConstraintViolationsLimit defines the maximum number of audit violations reported on a constraint. ConstraintViolationsLimit = 20 // GatekeeperExemptNamespaceLabel label key for exempting namespaces from Gatekeeper checks. GatekeeperExemptNamespaceLabel = "admission.gatekeeper.sh/ignore" // ClusterCloudCredentialsSecretName is the name the Secret in the cluster namespace that contains // the cloud provider credentials. This Secret is a copy of the credentials secret from the KKP // namespace (which has a dynamic name). ClusterCloudCredentialsSecretName = "cloud-credentials" // CloudInitSettingsNamespace are used in order to reach, authenticate and be authorized by the api server, to fetch // the machine provisioning cloud-init. CloudInitSettingsNamespace = "cloud-init-settings" // DefaultOwnerReadOnlyMode represents file mode with read permission for owner only. DefaultOwnerReadOnlyMode = 0400 // DefaultAllReadOnlyMode represents file mode with read permissions for all. DefaultAllReadOnlyMode = 0444 // AppLabelKey defines the label key app which should be used within resources. AppLabelKey = "app" // ClusterLabelKey defines the label key for the cluster name. ClusterLabelKey = "cluster" // VersionLabel is the label containing the application's version. VersionLabel = "app.kubernetes.io/version" // EtcdClusterSize defines the size of the etcd to use. EtcdClusterSize = 3 // RegistryK8S defines the (new) official registry hosted by the Kubernetes project. RegistryK8S = "registry.k8s.io" // RegistryDocker defines the default docker.io registry. RegistryDocker = "docker.io" // RegistryQuay defines the image registry from coreos/redhat - quay. RegistryQuay = "quay.io" // TopologyKeyHostname defines the topology key for the node hostname. TopologyKeyHostname = "kubernetes.io/hostname" // TopologyKeyZone defines the topology key for the node's cloud provider zone. TopologyKeyZone = "topology.kubernetes.io/zone" // ClusterAutoscalerSafeToEvictVolumesAnnotation is an annotation that contains a comma-separated // list of hostPath/emptyDir volumes that should not block the pod from being evicted by the // cluster-autoscaler. // See https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-types-of-pods-can-prevent-ca-from-removing-a-node // for more information. ClusterAutoscalerSafeToEvictVolumesAnnotation = "cluster-autoscaler.kubernetes.io/safe-to-evict-local-volumes" // MachineCRDName defines the CRD name for machine objects. MachineCRDName = "machines.cluster.k8s.io" // MachineSetCRDName defines the CRD name for machineset objects. MachineSetCRDName = "machinesets.cluster.k8s.io" // MachineDeploymentCRDName defines the CRD name for machinedeployment objects. MachineDeploymentCRDName = "machinedeployments.cluster.k8s.io" // MachineControllerMutatingWebhookConfigurationName is the name of the machine-controllers mutating webhook // configuration. MachineControllerMutatingWebhookConfigurationName = "machine-controller.kubermatic.io" // OperatingSystemManagerMutatingWebhookConfigurationName is the name of OSM's mutating webhook configuration. OperatingSystemManagerMutatingWebhookConfigurationName = "operating-system-manager.kubermatic.io" // OperatingSystemManagerOperatingSystemProfileCRDName defines the CRD name for OSM operatingSysatemProfile objects. OperatingSystemManagerOperatingSystemProfileCRDName = "operatingsystemprofiles.operatingsystemmanager.k8c.io" // OperatingSystemManagerOperatingSystemConfigCRDName defines the CRD name for OSM operatingSystemConfig objects. OperatingSystemManagerOperatingSystemConfigCRDName = "operatingsystemconfigs.operatingsystemmanager.k8c.io" // OperatingSystemManagerValidatingWebhookConfigurationName is the name of OSM's validating webhook configuration. OperatingSystemManagerValidatingWebhookConfigurationName = "operating-system-manager.kubermatic.io" // GatekeeperValidatingWebhookConfigurationName is the name of the gatekeeper validating webhook // configuration. GatekeeperValidatingWebhookConfigurationName = "gatekeeper-validating-webhook-configuration" GatekeeperMutatingWebhookConfigurationName = "gatekeeper-mutating-webhook-configuration" // InternalUserClusterAdminKubeconfigSecretName is the name of the secret containing an admin kubeconfig that can only be used from // within the seed cluster. InternalUserClusterAdminKubeconfigSecretName = "internal-admin-kubeconfig" // InternalUserClusterAdminKubeconfigCertUsername is the name of the user coming from kubeconfig cert. InternalUserClusterAdminKubeconfigCertUsername = "kubermatic-controllers" // IPVSProxyMode defines the ipvs kube-proxy mode. IPVSProxyMode = "ipvs" // IPTablesProxyMode defines the iptables kube-proxy mode. IPTablesProxyMode = "iptables" // EBPFProxyMode defines the eBPF proxy mode (disables kube-proxy and requires CNI support). EBPFProxyMode = "ebpf" // PodNodeSelectorAdmissionPlugin defines PodNodeSelector admission plugin. PodNodeSelectorAdmissionPlugin = "PodNodeSelector" // EventRateLimitAdmisionPlugin defines the EventRateLimit admission plugin. EventRateLimitAdmissionPlugin = "EventRateLimit" // KubeVirtInfraSecretName is the name for the secret containing the kubeconfig of the kubevirt infra cluster. KubeVirtInfraSecretName = "cloud-controller-manager-infra-kubeconfig" // KubeVirtInfraSecretKey infra kubeconfig. KubeVirtInfraSecretKey = "infra-kubeconfig" // KubeVirtCSISecretName is the name for the secret containing the kubeconfig of the kubevirt infra cluster for the CSI controller. KubeVirtCSISecretName = "csi-infra-kubeconfig" // KubeVirtCSISecretKey is the key in the previous secret. KubeVirtCSISecretKey = "kubeconfig" // KubeVirtCSINamespaceKey is the key name of the field containing the infra cluster namespace in the CSI ConfigMap. KubeVirtCSINamespaceKey = "infraClusterNamespace" // KubeVirtCSIClusterLabelKey is the key name of the field containing the infra cluster labels in the CSI ConfigMap. KubeVirtCSIClusterLabelKey = "infraClusterLabels" // KubeVirtCSIConfigMapName is the name of the configmap for the CSI controller. KubeVirtCSIConfigMapName = "csi-driver-config" // KubeVirtCSIControllerName is the name of the deployment of the CSI controller. KubeVirtCSIControllerName = "csi-controller" // KubeVirtCSIServiceAccountName is the name of the service account of the CSI controller. KubeVirtCSIServiceAccountName = "kubevirt-csi" // KubeVirtCSIClusterRoleName is the name of the deployment of the CSI controller. KubeVirtCSIClusterRoleName = "kubevirt-csi-controller" // KubeVirtCSIRoleBindingName is the name of the deployment of the CSI controller. KubeVirtCSIRoleBindingName = "csi-controller" // VMwareCloudDirectorCSIControllerName is the name of the deployment of the CSI controller. VMwareCloudDirectorCSIControllerName = "csi-controller" // VMwareCloudDirectorCSISecretName is the name for the secret containing the credentials for VMware Cloud Director. VMwareCloudDirectorCSISecretName = "vcloud-basic-auth" // VMwareCloudDirectorCSIConfigmapName is the name for the configmap containing the configmap for VMware Cloud Director CSI driver. VMwareCloudDirectorCSIConfigmapName = "vcloud-csi-configmap" // VMwareCloudDirectorCSIServiceAccountName is the name of the service account of the CSI controller. VMwareCloudDirectorCSIServiceAccountName = "vcloud-csi" // VMwareCloudDirectorCertUsername is the name of the user coming from kubeconfig cert. VMwareCloudDirectorCSICertUsername = "kubermatic:vcloud-csi" // VMwareCloudDirectorCSIKubeconfigSecretName is the name for the secret containing the kubeconfig used by the osm. VMwareCloudDirectorCSIKubeconfigSecretName = "vcloud-csi-kubeconfig" // DefaultNodePortRange is a Kubernetes cluster's default nodeport range. DefaultNodePortRange = "30000-32767" // ClusterLastRestartAnnotation is an optional annotation on Cluster objects that is meant to contain // a UNIX timestamp (or similar) value to trigger cluster control plane restarts. The value of this // annotation is copied into control plane components. ClusterLastRestartAnnotation = "kubermatic.k8c.io/last-restart" )
const ( // CAKeySecretKey ca.key. CAKeySecretKey = "ca.key" // CACertSecretKey ca.crt. CACertSecretKey = "ca.crt" // ApiserverTLSKeySecretKey apiserver-tls.key. ApiserverTLSKeySecretKey = "apiserver-tls.key" // ApiserverTLSCertSecretKey apiserver-tls.crt. ApiserverTLSCertSecretKey = "apiserver-tls.crt" // KubeletClientKeySecretKey kubelet-client.key. KubeletClientKeySecretKey = "kubelet-client.key" // KubeletClientCertSecretKey kubelet-client.crt. KubeletClientCertSecretKey = "kubelet-client.crt" // ServiceAccountKeySecretKey sa.key. ServiceAccountKeySecretKey = "sa.key" // ServiceAccountKeyPublicKey is the public key for the service account signer key. ServiceAccountKeyPublicKey = "sa.pub" // KubeconfigSecretKey kubeconfig. KubeconfigSecretKey = "kubeconfig" // TokensSecretKey tokens.csv. TokensSecretKey = "tokens.csv" // ViewersTokenSecretKey viewersToken. ViewerTokenSecretKey = "viewerToken" // OpenVPNCACertKey cert.pem, must match CACertSecretKey, otherwise getClusterCAFromLister doesn't work as it has // the key hardcoded. OpenVPNCACertKey = CACertSecretKey // OpenVPNCAKeyKey key.pem, must match CAKeySecretKey, otherwise getClusterCAFromLister doesn't work as it has // the key hardcoded. OpenVPNCAKeyKey = CAKeySecretKey // OpenVPNServerKeySecretKey server.key. OpenVPNServerKeySecretKey = "server.key" // OpenVPNServerCertSecretKey server.crt. OpenVPNServerCertSecretKey = "server.crt" // OpenVPNInternalClientKeySecretKey client.key. OpenVPNInternalClientKeySecretKey = "client.key" // OpenVPNInternalClientCertSecretKey client.crt. OpenVPNInternalClientCertSecretKey = "client.crt" // EtcdTLSCertSecretKey etcd-tls.crt. EtcdTLSCertSecretKey = "etcd-tls.crt" // EtcdTLSKeySecretKey etcd-tls.key. EtcdTLSKeySecretKey = "etcd-tls.key" EtcdBackupAndRestoreS3AccessKeyIDKey = "ACCESS_KEY_ID" EtcdBackupAndRestoreS3SecretKeyAccessKeyKey = "SECRET_ACCESS_KEY" EtcdRestoreS3BucketNameKey = "BUCKET_NAME" EtcdRestoreS3EndpointKey = "ENDPOINT" EtcdRestoreDefaultS3SEndpoint = "s3.amazonaws.com" // ApiserverEtcdClientCertificateCertSecretKey apiserver-etcd-client.crt. ApiserverEtcdClientCertificateCertSecretKey = "apiserver-etcd-client.crt" // ApiserverEtcdClientCertificateKeySecretKey apiserver-etcd-client.key. ApiserverEtcdClientCertificateKeySecretKey = "apiserver-etcd-client.key" // ApiserverProxyClientCertificateCertSecretKey apiserver-proxy-client.crt. ApiserverProxyClientCertificateCertSecretKey = "apiserver-proxy-client.crt" // ApiserverProxyClientCertificateKeySecretKey apiserver-proxy-client.key. ApiserverProxyClientCertificateKeySecretKey = "apiserver-proxy-client.key" // BackupEtcdClientCertificateCertSecretKey backup-etcd-client.crt. BackupEtcdClientCertificateCertSecretKey = "backup-etcd-client.crt" // BackupEtcdClientCertificateKeySecretKey backup-etcd-client.key. BackupEtcdClientCertificateKeySecretKey = "backup-etcd-client.key" // PrometheusClientCertificateCertSecretKey prometheus-client.crt. PrometheusClientCertificateCertSecretKey = "prometheus-client.crt" // PrometheusClientCertificateKeySecretKey prometheus-client.key. PrometheusClientCertificateKeySecretKey = "prometheus-client.key" // ServingCertSecretKey is the secret key for a generic serving cert. ServingCertSecretKey = "serving.crt" // ServingCertKeySecretKey is the secret key for the key of a generic serving cert. ServingCertKeySecretKey = "serving.key" // CloudConfigSecretKey is the secret key for cloud-config. CloudConfigSecretKey = "config" // NutanixCSIConfigSecretKey is the secret key for nutanix csi secret. NutanixCSIConfigSecretKey = "key" // NutanixCSIConfigSecretName is the secret key for nutanix csi secret. NutanixCSIConfigSecretName = "ntnx-secret" // VMwareCloudDirectorCSIConfigConfigMapKey is the key for VMware Cloud Director CSI configmap. VMwareCloudDirectorCSIConfigConfigMapKey = "vcloud-csi-config.yaml" // VMwareCloudDirectorCSIConfigConfigMapName is the name for VMware Cloud Director CSI configmap. VMwareCloudDirectorCSIConfigConfigMapName = "vcloud-csi-configmap" )
const ( ExternalClusterKubeconfigPrefix = "kubeconfig-external-cluster" // KubeOneNamespacePrefix is the kubeone namespace prefix. KubeOneNamespacePrefix = "kubeone" // CredentialPrefix is the prefix used for the secrets containing cloud provider crednentials. CredentialPrefix = "credential" // KubeOne secret prefixes. // don't change this as these prefixes are used for rbac generation. KubeOneSSHSecretPrefix = "ssh-kubeone-external-cluster" KubeOneManifestSecretPrefix = "manifest-kubeone-external-cluster" // KubOne ConfigMap name. KubeOneScriptConfigMapName = "kubeone" // KubeOne secret keys. KubeOneManifest = "manifest" KubeOneSSHPrivateKey = "id_rsa" KubeOneSSHPassphrase = "passphrase" ContainerRuntimeDocker = "docker" ContainerRuntimeContainerd = "containerd" // KubeOne natively-supported providers. KubeOneAWS = "aws" KubeOneGCP = "gcp" KubeOneAzure = "azure" KubeOneDigitalOcean = "digitalocean" KubeOneHetzner = "hetzner" KubeOneNutanix = "nutanix" KubeOneVMwareCloudDirector = "vmwareCloudDirector" KubeOneOpenStack = "openstack" KubeOneEquinix = "equinix" KubeOneVSphere = "vsphere" KubeOneImage = "quay.io/kubermatic/kubeone" KubeOneImageTag = "v1.7.2" KubeOneScript = ` #!/usr/bin/env bash eval ` + "`" + "ssh-agent" + "`" + ` > /dev/null printf "#!/bin/sh\necho $PASSPHRASE" > script_returning_pass chmod +x script_returning_pass DISPLAY=1 SSH_ASKPASS="./script_returning_pass" ssh-add ~/.ssh/id_rsa > /dev/null 2> /dev/null rm ${SSH_ASKPASS} -f ` )
const ( AWSAccessKeyID = "accessKeyId" AWSSecretAccessKey = "secretAccessKey" AWSAssumeRoleARN = "assumeRoleARN" AWSAssumeRoleExternalID = "assumeRoleExternalID" AzureTenantID = "tenantID" AzureSubscriptionID = "subscriptionID" AzureClientID = "clientID" AzureClientSecret = "clientSecret" DigitaloceanToken = "token" GCPServiceAccount = "serviceAccount" HetznerToken = "token" OpenstackUsername = "username" OpenstackPassword = "password" OpenstackTenant = "tenant" OpenstackTenantID = "tenantID" OpenstackProject = "project" OpenstackProjectID = "projectID" OpenstackDomain = "domain" OpenstackApplicationCredentialID = "applicationCredentialID" OpenstackApplicationCredentialSecret = "applicationCredentialSecret" OpenstackToken = "token" // Below OpenStack constant is added for KubeOne Clusters. OpenstackAuthURL = "authURL" OpenstackRegion = "region" PacketAPIKey = "apiKey" PacketProjectID = "projectID" KubeVirtKubeconfig = "kubeConfig" VsphereUsername = "username" VspherePassword = "password" VsphereInfraManagementUserUsername = "infraManagementUserUsername" VsphereInfraManagementUserPassword = "infraManagementUserPassword" // Below VSphere constant is added for KubeOne Clusters. VsphereServer = "server" AlibabaAccessKeyID = "accessKeyId" AlibabaAccessKeySecret = "accessKeySecret" AnexiaToken = "token" NutanixUsername = "username" NutanixPassword = "password" NutanixCSIUsername = "csiUsername" NutanixCSIPassword = "csiPassword" NutanixProxyURL = "proxyURL" // Below Nutanix constant are added for KubeOne Clusters. NutanixCSIEndpoint = "csiEndpoint" NutanixClusterName = "clusterName" NutanixAllowInsecure = "allowInsecure" NutanixEndpoint = "endpoint" NutanixPort = "port" // VMware Cloud Director provider constants. VMwareCloudDirectorUsername = "username" VMwareCloudDirectorAPIToken = "apiToken" VMwareCloudDirectorPassword = "password" VMwareCloudDirectorOrganization = "organization" VMwareCloudDirectorVDC = "vdc" VMwareCloudDirectorURL = "url" ServiceAccountTokenType = "kubernetes.io/service-account-token" ServiceAccountTokenAnnotation = "kubernetes.io/service-account.name" UserSSHKeys = "usersshkeys" // This Constant is used in GetBaremetalCredentials() to get the Tinkerbell kubeconfig. TinkerbellKubeconfig = "kubeConfig" )
const ( CoreDNSClusterRoleName = "system:coredns" CoreDNSClusterRoleBindingName = "system:coredns" CoreDNSServiceAccountName = "coredns" CoreDNSServiceName = "kube-dns" CoreDNSConfigMapName = "coredns" CoreDNSDeploymentName = "coredns" CoreDNSPodDisruptionBudgetName = "coredns" )
const ( EnvoyAgentConfigMapName = "envoy-agent" EnvoyAgentConfigFileName = "envoy.yaml" EnvoyAgentDaemonSetName = "envoy-agent" EnvoyAgentCreateInterfaceInitContainerName = "create-dummy-interface" EnvoyAgentAssignAddressContainerName = "assign-address" EnvoyAgentDeviceSetupImage = "kubermatic/network-interface-manager" // Default tunneling agent IP address. DefaultTunnelingAgentIP = "100.64.30.10" )
const ( NodeLocalDNSServiceAccountName = "node-local-dns" NodeLocalDNSConfigMapName = "node-local-dns" NodeLocalDNSDaemonSetName = "node-local-dns" DefaultNodeLocalDNSCacheEnabled = true )
const ( ExternalClusterIsImported = "is-imported" ExternalClusterIsImportedTrue = "true" ExternalClusterIsImportedFalse = "false" ExternalClusterKubeconfig = "kubeconfig" ExternalEKSClusterAccessKeyID = "accessKeyId" ExternalEKSClusterSecretAccessKey = "secretAccessKey" ExternalGKEClusterSeriveAccount = "serviceAccount" GKEUnspecifiedReleaseChannel = "UNSPECIFIED" GKERapidReleaseChannel = "RAPID" GKERegularReleaseChannel = "REGULAR" GKEStableReleaseChannel = "STABLE" ExternalAKSClusterTenantID = "tenantID" ExternalAKSClusterSubscriptionID = "subscriptionID" ExternalAKSClusterClientID = "clientID" ExternalAKSClusterClientSecret = "clientSecret" AKSNodepoolNameLabel = "kubernetes.azure.com/agentpool" EKSNodeGroupNameLabel = "eks.amazonaws.com/nodegroup" GKENodepoolNameLabel = "cloud.google.com/gke-nodepool" )
const ( EtcdTrustedCAFile = "/etc/etcd/pki/ca/ca.crt" EtcdCertFile = "/etc/etcd/pki/tls/etcd-tls.crt" EtcdKeyFile = "/etc/etcd/pki/tls/etcd-tls.key" EtcdPeerCertFile = "/etc/etcd/pki/tls/etcd-tls.crt" EtcdPeerKeyFile = "/etc/etcd/pki/tls/etcd-tls.key" EtcdClientCertFile = "/etc/etcd/pki/client/apiserver-etcd-client.crt" EtcdClientKeyFile = "/etc/etcd/pki/client/apiserver-etcd-client.key" )
const ( // CSIMigrationWebhookName is the name of the csi-migration webhook service. CSIMigrationWebhookName = "csi-migration-webhook" // CSIMigrationWebhookSecretName defines the name of the secret containing the certificates for the csi-migration admission webhook. CSIMigrationWebhookSecretName = "csi-migration-webhook-certs" // CSIMigrationWebhookConfig is the name for the key that contains the webhook config. CSIMigrationWebhookConfig = "webhook.config" // CSIMigrationWebhookPort is the port used by the CSI-migration webhook. CSIMigrationWebhookPort = 8443 // VsphereCSIMigrationWebhookConfigurationWebhookName is the webhook's name in the vSphere CSI_migration WebhookConfiguration. VsphereCSIMigrationWebhookConfigurationWebhookName = "validation.csi.vsphere.vmware.com" // CSISnapshotValidationWebhookConfigurationName part of kubernetes-csi external-snapshotter validation webhook. CSISnapshotValidationWebhookConfigurationName = "validation-webhook.snapshot.storage.k8s.io" // CSISnapshotValidationWebhookName part of kubernetes-csi external-snapshotter validation webhook. CSISnapshotValidationWebhookName = "snapshot-validation-service" CSISnapshotWebhookSecretName = "csi-snapshot-webhook-certs" // CSIWebhookServingCertCertKeyName is the name for the key that contains the cert. CSIWebhookServingCertCertKeyName = "cert.pem" // CSIWebhookServingCertKeyKeyName is the name for the key that contains the key. CSIWebhookServingCertKeyKeyName = "key.pem" )
const ( // KubeLBKubeconfigSecretName is the name for the secret containing the kubeconfig used by the kubelb CCM. KubeLBCCMKubeconfigSecretName = "kubelb-ccm-kubeconfig" // KubeLBManagerKubeconfigSecretName is the name for the secret containing the kubeconfig for the kubelb management cluster used by the kubelb CCM. KubeLBManagerKubeconfigSecretName = "kubelb-manager-kubeconfig" // KubeLBAppName is the name of the kubelb app. KubeLBAppName = "kubelb-ccm" )
const ( UserClusterMLANamespace = "mla-system" MLAComponentName = "mla" MLALoggingAgentServiceAccountName = "mla-logging-agent" MLALoggingAgentClusterRoleName = "system:mla:mla-logging-agent" MLALoggingAgentClusterRoleBindingName = "system:mla:mla-logging-agent" MLALoggingAgentSecretName = "mla-logging-agent" MLALoggingAgentDaemonSetName = "mla-logging-agent" MLAMonitoringAgentConfigMapName = "mla-monitoring-agent" MLAMonitoringAgentServiceAccountName = "mla-monitoring-agent" MLAMonitoringAgentClusterRoleName = "system:mla:mla-monitoring-agent" MLAMonitoringAgentClusterRoleBindingName = "system:mla:mla-monitoring-agent" MLAMonitoringAgentDeploymentName = "mla-monitoring-agent" // MLAGatewayExternalServiceName is the name for the MLA Gateway external service. MLAGatewayExternalServiceName = "mla-gateway-ext" // MLAGatewaySNIPrefix is the URL prefix which identifies the MLA Gateway endpoint in the external URL if SNI expose strategy is used. MLAGatewaySNIPrefix = "mla-gateway." // MLAGatewayCASecretName is the name for the secret containing the MLA Gateway CA certificates. MLAGatewayCASecretName = "mla-gateway-ca" MLAGatewayCACertKey = CACertSecretKey MLAGatewayCAKeyKey = CAKeySecretKey // MLAGatewayCertificatesSecretName is the name for the secret containing the MLA Gateway certificates. MLAGatewayCertificatesSecretName = "mla-gateway-certificates" MLAGatewayKeySecretKey = "gateway.key" MLAGatewayCertSecretKey = "gateway.crt" // MLAMonitoringAgentCertificatesSecretName is the name for the secret containing the Monitoring Agent (grafana-agent) client certificates. MLAMonitoringAgentCertificatesSecretName = "monitoring-agent-certificates" MLAMonitoringAgentCertificateCommonName = "grafana-agent" MLAMonitoringAgentClientKeySecretKey = "client.key" MLAMonitoringAgentClientCertSecretKey = "client.crt" MLAMonitoringAgentClientCertMountPath = "/etc/ssl/mla" // MLALoggingAgentCertificatesSecretName is the name for the secret containing the Logging Agent client certificates. MLALoggingAgentCertificatesSecretName = "logging-agent-certificates" MLALoggingAgentCertificateCommonName = "logging-agent" MLALoggingAgentClientKeySecretKey = "client.key" MLALoggingAgentClientCertSecretKey = "client.crt" MLALoggingAgentClientCertMountPath = "/etc/ssl/mla" AlertmanagerName = "alertmanager" DefaultAlertmanagerConfigSecretName = "alertmanager" AlertmanagerConfigSecretKey = "alertmanager.yaml" DefaultAlertmanagerConfig = ` template_files: {} alertmanager_config: | route: receiver: 'null' receivers: - name: 'null' ` // MLAAdminSettingsName specifies a fixed name of the MLA admin settings custom resource in the cluster namespace. MLAAdminSettingsName = "mla-admin-settings" // Konnectivity. KonnectivityDeploymentName = "konnectivity-agent" KonnectivityClusterRoleBindingName = "system:konnectivity-server" KonnectivityClusterRoleBindingUsername = "system:konnectivity-server" KonnectivityServiceAccountName = "system-konnectivity-agent" KonnectivityAgentContainer = "konnectivity-agent" KonnectivityServerContainer = "konnectivity-server" KonnectivityAgentToken = "system-konnectivity-agent-token" KonnectivityProxyServiceName = "konnectivity-server" KonnectivityProxyTLSSecretName = "konnectivityproxy-tls" KonnectivityKubeconfigSecretName = "konnectivity-kubeconfig" KonnectivityKubeconfigUsername = "system:konnectivity-server" KonnectivityServerConf = "kubeconfig" KonnectivityKubeApiserverEgress = "kube-apiserver-egress" KonnectivityUDS = "konnectivity-uds" KonnectivityPodDisruptionBudgetName = "konnectivity-agent" )
const ( // Legacy Prometheus resource names, used only for cleanup/migration purposes. UserClusterLegacyPrometheusConfigMapName = "prometheus" UserClusterLegacyPrometheusServiceAccountName = "prometheus" UserClusterLegacyPrometheusClusterRoleName = "system:mla:prometheus" UserClusterLegacyPrometheusClusterRoleBindingName = "system:mla:prometheus" UserClusterLegacyPrometheusDeploymentName = "prometheus" UserClusterLegacyPrometheusCertificatesSecretName = "prometheus-certificates" // Legacy Promtail resource names, used only for cleanup/migration purposes. UserClusterLegacyPromtailServiceAccountName = "promtail" UserClusterLegacyPromtailClusterRoleName = "system:mla:promtail" UserClusterLegacyPromtailClusterRoleBindingName = "system:mla:promtail" UserClusterLegacyPromtailSecretName = "promtail" UserClusterLegacyPromtailDaemonSetName = "promtail" UserClusterLegacyPromtailCertificatesSecretName = "promtail-certificates" )
const ( NetworkPolicyDefaultDenyAllEgress = "default-deny-all-egress" NetworkPolicyEtcdAllow = "etcd-allow" NetworkPolicyDNSAllow = "dns-allow" NetworkPolicyOpenVPNServerAllow = "openvpn-server-allow" NetworkPolicyMachineControllerWebhookAllow = "machine-controller-webhook-allow" NetworkPolicyUserClusterWebhookAllow = "usercluster-webhook-allow" NetworkPolicyOperatingSystemManagerWebhookAllow = "operating-system-manager-webhook-allow" NetworkPolicyMetricsServerAllow = "metrics-server-allow" NetworkPolicyClusterExternalAddrAllow = "cluster-external-addr-allow" NetworkPolicyOIDCIssuerAllow = "oidc-issuer-allow" NetworkPolicySeedApiserverAllow = "seed-apiserver-allow" NetworkPolicyApiserverInternalAllow = "apiserver-internal-allow" )
const ( UserClusterWebhookDeploymentName = "usercluster-webhook" UserClusterWebhookServiceName = "usercluster-webhook" UserClusterWebhookServingCertSecretName = "usercluster-webhook-serving-cert" UserClusterWebhookSeedListenPort = 443 UserClusterWebhookUserListenPort = 6443 )
const ( // DefaultClusterPodsCIDRIPv4 is the default network range from which IPv4 POD networks are allocated. DefaultClusterPodsCIDRIPv4 = "172.25.0.0/16" // DefaultClusterPodsCIDRIPv4KubeVirt is the default network range from which IPv4 POD networks are allocated for KubeVirt clusters. DefaultClusterPodsCIDRIPv4KubeVirt = "172.26.0.0/16" // DefaultClusterPodsCIDRIPv6 is the default network range from which IPv6 POD networks are allocated. DefaultClusterPodsCIDRIPv6 = "fd01::/48" // DefaultClusterServicesCIDRIPv4 is the default network range from which IPv4 service VIPs are allocated. DefaultClusterServicesCIDRIPv4 = "10.240.16.0/20" // DefaultClusterServicesCIDRIPv4KubeVirt is the default network range from which IPv4 service VIPs are allocated for KubeVirt clusters. DefaultClusterServicesCIDRIPv4KubeVirt = "10.241.0.0/20" // DefaultClusterServicesCIDRIPv6 is the default network range from which IPv6 service VIPs are allocated. DefaultClusterServicesCIDRIPv6 = "fd02::/120" // DefaultNodeCIDRMaskSizeIPv4 is the default mask size used to address the nodes within provided IPv4 Pods CIDR. DefaultNodeCIDRMaskSizeIPv4 = 24 // DefaultNodeCIDRMaskSizeIPv6 is the default mask size used to address the nodes within provided IPv6 Pods CIDR. DefaultNodeCIDRMaskSizeIPv6 = 64 )
const ( // IPv4MatchAnyCIDR is the CIDR used for matching with any IPv4 address. IPv4MatchAnyCIDR = "0.0.0.0/0" // IPv6MatchAnyCIDR is the CIDR used for matching with any IPv6 address. IPv6MatchAnyCIDR = "::/0" )
const ( ApplicationCacheVolumeName = "applications-cache" ApplicationCacheMountPath = "/applications-cache" )
const ( ClusterBackupKubeconfigSecretName = "velero-kubeconfig" ClusterBackupUsername = "velero" ClusterBackupServiceAccountName = "velero" ClusterBackupNamespaceName = "velero" )
const (
CloudProviderExternalFlag = "external"
)
const (
TokenBlacklist = "token-blacklist"
)
Variables ¶
var DefaultApplicationCacheSize = resource.MustParse("300Mi")
Functions ¶
func AdminKubeconfigReconciler ¶ added in v2.22.0
func AdminKubeconfigReconciler(data adminKubeconfigReconcilerData) reconciling.NamedSecretReconcilerFactory
AdminKubeconfigReconciler returns a function to create/update the secret with the admin kubeconfig.
func AppClusterLabels ¶
func AppClusterLabels(appName, clusterName string, additionalLabels map[string]string) map[string]string
AppClusterLabels returns the base app label + the cluster label. Additional labels can be included as well.
func BackupCABundleConfigMapName ¶ added in v2.17.0
func BackupCABundleConfigMapName(cluster *kubermaticv1.Cluster) string
BackupCABundleConfigMapName returns the name of the ConfigMap in the kube-system namespace that holds the CA bundle for a given cluster. As the CA bundle technically can be different per usercluster, this is not a constant.
func BaseAppLabels ¶
BaseAppLabels returns the minimum required labels.
func CertWillExpireSoon ¶
func CertWillExpireSoon(cert *x509.Certificate) bool
CertWillExpireSoon returns if the certificate will expire in the next 30 days.
func ClusterIPForService ¶
func ClusterIPForService(name, namespace string, serviceLister corev1lister.ServiceLister) (*net.IP, error)
ClusterIPForService returns the cluster ip for the given service.
func ClusterRoleBindingAuthDelegatorReconciler ¶ added in v2.22.0
func ClusterRoleBindingAuthDelegatorReconciler(username string) reconciling.NamedClusterRoleBindingReconcilerFactory
ClusterRoleBindingAuthDelegatorReconciler returns a function to create the ClusterRoleBinding which is needed for extension apiserver which do auth delegation.
func ConfigMapRevision ¶
func ConfigMapRevision(ctx context.Context, key types.NamespacedName, client ctrlruntimeclient.Client) (string, error)
ConfigMapRevision returns the resource version of the ConfigMap specified by name.
func CopyCredentials ¶ added in v2.18.0
func CopyCredentials(data CredentialsData, cluster *kubermaticv1.Cluster) error
func ExternalCloudControllerClusterName ¶ added in v2.22.0
func ExternalCloudControllerClusterName(cloudSpec *kubermaticv1.CloudSpec) bool
ExternalCloudControllerClusterName checks if the ClusterFeatureCCMClusterName is supported for the cloud provider.
func ExternalCloudControllerFeatureSupported ¶ added in v2.22.0
func ExternalCloudControllerFeatureSupported(dc *kubermaticv1.Datacenter, cloudSpec *kubermaticv1.CloudSpec, clusterVersion semver.Semver, incompatibilities ...*version.ProviderIncompatibility) bool
ExternalCloudControllerFeatureSupported checks if the cloud provider supports external CCM. The clusterVersion has to be specified, depending on whether you want to verify against the spec'ed (desired) version or the current version in the ClusterStatus.
func ExternalCloudProviderEnabled ¶ added in v2.17.0
func ExternalCloudProviderEnabled(cluster *kubermaticv1.Cluster) bool
func FailureDomainZoneAntiAffinity ¶
func FailureDomainZoneAntiAffinity(app string, antiAffinityType kubermaticv1.AntiAffinityType) *corev1.Affinity
FailureDomainZoneAntiAffinity ensures that same-kind pods are spread across different availability zones.
func GetAbsoluteServiceDNSName ¶
GetAbsoluteServiceDNSName returns the absolute DNS name for the given service and the given cluster. Absolute means a trailing dot will be appended to the DNS name.
func GetAllowedTLSCipherSuites ¶ added in v2.19.0
func GetAllowedTLSCipherSuites() []string
GetAllowedTLSCipherSuites returns a list of allowed TLS cipher suites.
func GetApplicationCacheSize ¶ added in v2.21.0
func GetApplicationCacheSize(appSettings *kubermaticv1.ApplicationSettings) *resource.Quantity
GetApplicationCacheSize return the application cache size if defined, otherwise fallback to the default size.
func GetBaseKubeconfig ¶
func GetBaseKubeconfig(caCert *x509.Certificate, server, clusterName string) *clientcmdapi.Config
func GetCABundleFromFile ¶ added in v2.17.0
func GetCABundleFromFile(file string) ([]*x509.Certificate, error)
GetCABundleFromFile returns the CA bundle from a file.
func GetCSIMigrationFeatureGates ¶ added in v2.17.0
func GetCSIMigrationFeatureGates(cluster *kubermaticv1.Cluster, version *semverlib.Version) []string
func GetClusterExternalIP ¶
func GetClusterExternalIP(cluster *kubermaticv1.Cluster) (*net.IP, error)
GetClusterExternalIP returns a net.IP for the given Cluster.
func GetClusterFrontProxyCA ¶
func GetClusterFrontProxyCA(ctx context.Context, namespace string, client ctrlruntimeclient.Client) (*triple.KeyPair, error)
GetClusterFrontProxyCA returns the frontproxy CA of the cluster from the lister.
func GetClusterNodeCIDRMaskSizeIPv4 ¶ added in v2.21.0
func GetClusterNodeCIDRMaskSizeIPv4(cluster *kubermaticv1.Cluster) int32
GetClusterNodeCIDRMaskSizeIPv4 returns effective mask size used to address the nodes within provided IPv4 Pods CIDR.
func GetClusterNodeCIDRMaskSizeIPv6 ¶ added in v2.21.0
func GetClusterNodeCIDRMaskSizeIPv6(cluster *kubermaticv1.Cluster) int32
GetClusterNodeCIDRMaskSizeIPv6 returns effective mask size used to address the nodes within provided IPv6 Pods CIDR.
func GetClusterRef ¶
func GetClusterRef(cluster *kubermaticv1.Cluster) metav1.OwnerReference
GetClusterRef returns a metav1.OwnerReference for the given Cluster.
func GetClusterRootCA ¶
func GetClusterRootCA(ctx context.Context, namespace string, client ctrlruntimeclient.Client) (*triple.KeyPair, error)
GetClusterRootCA returns the root CA of the cluster from the lister.
func GetCredentialsReference ¶ added in v2.21.0
func GetCredentialsReference(cluster *kubermaticv1.Cluster) (*providerconfig.GlobalSecretKeySelector, error)
GetCredentialsReference returns the CredentialsReference for the cluster's chosen cloud provider (or nil if the provider is BYO). If an unknown provider is used, an error is returned.
func GetDefaultPodCIDRIPv4 ¶ added in v2.21.0
func GetDefaultPodCIDRIPv4(provider kubermaticv1.ProviderType) string
GetDefaultPodCIDRIPv4 returns the default IPv4 pod CIDR for the given provider.
func GetDefaultProxyMode ¶ added in v2.21.0
func GetDefaultProxyMode(provider kubermaticv1.ProviderType) string
GetDefaultProxyMode returns the default proxy mode for the given provider.
func GetDefaultServicesCIDRIPv4 ¶ added in v2.21.0
func GetDefaultServicesCIDRIPv4(provider kubermaticv1.ProviderType) string
GetDefaultServicesCIDRIPv4 returns the default IPv4 services CIDR for the given provider.
func GetEtcdRestoreRef ¶ added in v2.17.0
func GetEtcdRestoreRef(restore *kubermaticv1.EtcdRestore) metav1.OwnerReference
GetEtcdRestoreRef returns a metav1.OwnerReference for the given EtcdRestore.
func GetEtcdRestoreS3Client ¶ added in v2.17.0
func GetEtcdRestoreS3Client(ctx context.Context, restore *kubermaticv1.EtcdRestore, createSecretIfMissing bool, client ctrlruntimeclient.Client, cluster *kubermaticv1.Cluster, destination *kubermaticv1.BackupDestination) (*minio.Client, string, error)
GetEtcdRestoreS3Client returns an S3 client for downloading the backup for a given EtcdRestore. If the EtcdRestore doesn't reference a secret containing the credentials and endpoint and bucket name data, one can optionally be created from a well-known secret and configmap in kube-system, or from a specified backup destination.
func GetHTTPProxyEnvVarsFromSeed ¶
func GetHTTPProxyEnvVarsFromSeed(seed *kubermaticv1.Seed, inClusterAPIServerURL string) []corev1.EnvVar
func GetInternalKubeconfigReconciler ¶ added in v2.22.0
func GetInternalKubeconfigReconciler(namespace, name, commonName string, organizations []string, data internalKubeconfigReconcilerData, log *zap.SugaredLogger) reconciling.NamedSecretReconcilerFactory
GetInternalKubeconfigReconciler is a generic function to return a secret generator to create a kubeconfig which must only be used within the seed-cluster as it uses the ClusterIP of the apiserver.
func GetKubeletPreferredAddressTypes ¶ added in v2.21.1
func GetKubeletPreferredAddressTypes(cluster *kubermaticv1.Cluster, isKonnectivityEnabled bool) string
GetKubeletPreferredAddressTypes returns the preferred address types in the correct order to be used when contacting kubelet from the control plane.
func GetKubernetesCloudProviderName ¶
func GetKubernetesCloudProviderName(cluster *kubermaticv1.Cluster, externalCloudProvider bool) string
func GetNodePortsAllowedIPRanges ¶ added in v2.21.0
func GetNodePortsAllowedIPRanges(cluster *kubermaticv1.Cluster, allowedIPRanges *kubermaticv1.NetworkRanges, allowedIPRange string) (res kubermaticv1.NetworkRanges)
GetNodePortsAllowedIPRanges returns effective CIDR range to be used for NodePort services for the given cluster and provided allowed IP ranges coming from provider-specific API.
func GetOverrides ¶
func GetOverrides(componentSettings kubermaticv1.ComponentSettings) map[string]*corev1.ResourceRequirements
func GetPodTemplateLabels ¶
func GetPodTemplateLabels( ctx context.Context, client ctrlruntimeclient.Client, appName, clusterName, namespace string, volumes []corev1.Volume, additionalLabels map[string]string, ) (map[string]string, error)
GetPodTemplateLabels is a specialized version of VolumeRevisionLabels that adds additional typical labels like app and cluster names.
func GetProjectRef ¶ added in v2.21.0
func GetProjectRef(project *kubermaticv1.Project) metav1.OwnerReference
GetProjectRef returns a metav1.OwnerReference for the given Project.
func GetVerticalPodAutoscalersForAll ¶
func GetVerticalPodAutoscalersForAll(ctx context.Context, client ctrlruntimeclient.Client, deploymentNames, statefulSetNames []string, namespace string, enabled bool) ([]reconciling.NamedVerticalPodAutoscalerReconcilerFactory, error)
GetVerticalPodAutoscalersForAll will return functions to create VPA resource for all supplied Deployments and StatefulSets. All resources must exist in the specified namespace. The VPA resource will have the same selector as the Deployment/StatefulSet. The pod container limits will be set as VPA limits.
func HealthyDaemonSet ¶ added in v2.19.0
func HealthyDaemonSet(ctx context.Context, client ctrlruntimeclient.Client, nn types.NamespacedName, minReady int32) (kubermaticv1.HealthStatus, error)
HealthyDaemonSet tells if the minReady nodes have one Ready pod.
func HealthyDeployment ¶
func HealthyDeployment(ctx context.Context, client ctrlruntimeclient.Client, nn types.NamespacedName, minReady int32) (kubermaticv1.HealthStatus, error)
HealthyDeployment tells if the deployment has a minimum of minReady replicas in Ready status. minReady smaller than 0 means that spec.replicas of the Deployment is used.
func HealthyStatefulSet ¶
func HealthyStatefulSet(ctx context.Context, client ctrlruntimeclient.Client, nn types.NamespacedName, minReady int32) (kubermaticv1.HealthStatus, error)
HealthyStatefulSet tells if the deployment has a minimum of minReady replicas in Ready status. minReady smaller than 0 means that spec.replicas of the StatefulSet is used.
func HostnameAntiAffinity ¶
func HostnameAntiAffinity(app string, antiAffinityType kubermaticv1.AntiAffinityType) *corev1.Affinity
HostnameAntiAffinity returns a simple Affinity rule to prevent* scheduling of same kind pods on the same node. *if scheduling is not possible with this rule, it will be ignored.
func ImagePullSecretReconciler ¶ added in v2.22.0
func ImagePullSecretReconciler(dockerPullConfigJSON []byte) reconciling.NamedSecretReconcilerFactory
ImagePullSecretReconciler returns a creator function to create a ImagePullSecret.
func InClusterApiserverIP ¶
func InClusterApiserverIP(cluster *kubermaticv1.Cluster) (*net.IP, error)
InClusterApiserverIP returns the first usable IP of the service cidr. Its the in cluster IP for the apiserver.
func IsClientCertificateValidForAllOf ¶
func IsClientCertificateValidForAllOf(cert *x509.Certificate, commonName string, organizations []string, ca *x509.Certificate) bool
IsClientCertificateValidForAllOf validates if the given data matches exactly the given client certificate (It also returns true if all given data is in the cert, but the cert has more organizations).
func IsServerCertificateValidForAllOf ¶
func IsServerCertificateValidForAllOf(cert *x509.Certificate, commonName string, altNames certutil.AltNames, ca *x509.Certificate) bool
IsServerCertificateValidForAllOf validates if the given data is present in the given server certificate.
func IsValidKubeconfig ¶
func MergeAffinities ¶ added in v2.23.0
func MigrationToExternalCloudControllerSupported ¶ added in v2.22.0
func MigrationToExternalCloudControllerSupported(dc *kubermaticv1.Datacenter, cluster *kubermaticv1.Cluster, incompatibilities ...*version.ProviderIncompatibility) bool
MigrationToExternalCloudControllerSupported checks if the cloud provider supports the migration to the external CCM.
func RoleBindingAuthenticationReaderReconciler ¶ added in v2.22.0
func RoleBindingAuthenticationReaderReconciler(username string) reconciling.NamedRoleBindingReconcilerFactory
RoleBindingAuthenticationReaderReconciler returns a function to create the RoleBinding which is needed for extension apiserver which do auth delegation.
func SanitizeEnvVars ¶ added in v2.19.0
SanitizeEnvVar will take the value of an environment variable and sanitize it. the need for this comes from github.com/kubermatic/kubermatic/issues/7960.
func SecretRevision ¶
func SecretRevision(ctx context.Context, key types.NamespacedName, client ctrlruntimeclient.Client) (string, error)
SecretRevision returns the resource version of the Secret specified by name.
func ServiceAccountSecretReconciler ¶ added in v2.22.0
func ServiceAccountSecretReconciler(data CredentialsData) reconciling.NamedSecretReconcilerFactory
ServiceAccountSecretReconciler returns a creator function to create a Google Service Account.
func SetResourceRequirements ¶
func SetResourceRequirements(containers []corev1.Container, defaultRequirements, overrides map[string]*corev1.ResourceRequirements, annotations map[string]string) error
SetResourceRequirements sets resource requirements on provided slice of containers. The highest priority has requirements provided using overrides, then requirements provided by the vpa-updater (if VPA is enabled), and at the end provided default requirements for a given resource.
func SupportsFailureDomainZoneAntiAffinity ¶
func SupportsFailureDomainZoneAntiAffinity(ctx context.Context, client ctrlruntimeclient.Client) (bool, error)
SupportsFailureDomainZoneAntiAffinity checks if there are any nodes with the TopologyKeyZone label.
func UnwrapCommand ¶ added in v2.17.0
func UnwrapCommand(container corev1.Container) (found bool, command httpproberapi.Command)
func UserClusterDNSPolicyAndConfig ¶
func UserClusterDNSPolicyAndConfig(d userClusterDNSPolicyAndConfigData) (corev1.DNSPolicy, *corev1.PodDNSConfig, error)
UserClusterDNSPolicyAndConfig returns a DNSPolicy and DNSConfig to configure Pods to use user cluster DNS.
func UserClusterDNSResolverIP ¶
func UserClusterDNSResolverIP(cluster *kubermaticv1.Cluster) (string, error)
UserClusterDNSResolverIP returns the 9th usable IP address from the first Service CIDR block from ClusterNetwork spec. This is by convention the IP address of the DNS resolver. Returns "" on error.
func ViewerKubeconfigReconciler ¶ added in v2.22.0
func ViewerKubeconfigReconciler(data *TemplateData) reconciling.NamedSecretReconcilerFactory
ViewerKubeconfigReconciler returns a function to create/update the secret with the viewer kubeconfig.
func VolumeRevisionLabels ¶
func VolumeRevisionLabels( ctx context.Context, client ctrlruntimeclient.Client, namespace string, volumes []corev1.Volume, ) (map[string]string, error)
VolumeRevisionLabels returns a set of labels for the given volumes, with one label per ConfigMap or Secret, containing the objects' revisions. When used for pod template labels, this will force pods being restarted as soon as one of the secrets/configmaps get updated.
Types ¶
type AKSCredentials ¶ added in v2.19.0
type AKSCredentials struct { TenantID string SubscriptionID string ClientID string ClientSecret string }
func GetAKSCredentials ¶ added in v2.19.0
func GetAKSCredentials(ctx context.Context, client ctrlruntimeclient.Client, cluster *kubermaticv1.ExternalCluster) (AKSCredentials, error)
type AKSMDState ¶ added in v2.21.0
type AKSMDState string
const ( CreatingAKSMDState AKSMDState = "Creating" SucceededAKSMDState AKSMDState = "Succeeded" RunningAKSMDState AKSMDState = "Running" StoppedAKSMDState AKSMDState = "Stopped" FailedAKSMDState AKSMDState = "Failed" DeletingAKSMDState AKSMDState = "Deleting" UpgradingAKSMDState AKSMDState = "Upgrading" UpdatingAKSMDState AKSMDState = "Updating" ScalingAKSMDState AKSMDState = "Scaling" StartingAKSMDState AKSMDState = "Starting" )
type AKSState ¶ added in v2.21.0
type AKSState string
const ( CreatingAKSState AKSState = "Creating" RunningAKSState AKSState = "Running" StartingAKSState AKSState = "Starting" StoppingAKSState AKSState = "Stopping" SucceededAKSState AKSState = "Succeeded" StoppedAKSState AKSState = "Stopped" FailedAKSState AKSState = "Failed" DeletingAKSState AKSState = "Deleting" UpgradingAKSState AKSState = "Upgrading" )
type AWSCredentials ¶
type AWSCredentials struct { AccessKeyID string SecretAccessKey string AssumeRoleARN string AssumeRoleExternalID string }
func GetAWSCredentials ¶
func GetAWSCredentials(data CredentialsData) (AWSCredentials, error)
type AlibabaCredentials ¶
func GetAlibabaCredentials ¶
func GetAlibabaCredentials(data CredentialsData) (AlibabaCredentials, error)
type AnexiaCredentials ¶ added in v2.16.3
type AnexiaCredentials struct {
Token string
}
func GetAnexiaCredentials ¶ added in v2.16.3
func GetAnexiaCredentials(data CredentialsData) (AnexiaCredentials, error)
type AzureCredentials ¶
type AzureCredentials struct { TenantID string SubscriptionID string ClientID string ClientSecret string }
func GetAzureCredentials ¶
func GetAzureCredentials(data CredentialsData) (AzureCredentials, error)
type BaremetalCredentials ¶ added in v2.26.0
type BaremetalCredentials struct {
Tinkerbell TinkerbellCredentials
}
func GetBaremetalCredentials ¶ added in v2.26.0
func GetBaremetalCredentials(data CredentialsData) (BaremetalCredentials, error)
type Credentials ¶
type Credentials struct { AWS AWSCredentials Azure AzureCredentials Baremetal BaremetalCredentials Digitalocean DigitaloceanCredentials GCP GCPCredentials Hetzner HetznerCredentials Openstack OpenstackCredentials Packet PacketCredentials Kubevirt KubevirtCredentials VSphere VSphereCredentials Alibaba AlibabaCredentials Anexia AnexiaCredentials Nutanix NutanixCredentials VMwareCloudDirector VMwareCloudDirectorCredentials }
func GetCredentials ¶
func GetCredentials(data CredentialsData) (Credentials, error)
type CredentialsData ¶
type CredentialsData interface { Cluster() *kubermaticv1.Cluster GetGlobalSecretKeySelectorValue(configVar *providerconfig.GlobalSecretKeySelector, key string) (string, error) }
func NewCredentialsData ¶
func NewCredentialsData(ctx context.Context, cluster *kubermaticv1.Cluster, client ctrlruntimeclient.Client) CredentialsData
type DigitaloceanCredentials ¶
type DigitaloceanCredentials struct {
Token string
}
func GetDigitaloceanCredentials ¶
func GetDigitaloceanCredentials(data CredentialsData) (DigitaloceanCredentials, error)
type ECDSAKeyPair ¶
type ECDSAKeyPair struct { Key *ecdsa.PrivateKey Cert *x509.Certificate }
ECDSAKeyPair is a ECDSA x509 certificate and private key.
func GetMLAGatewayCA ¶ added in v2.18.0
func GetMLAGatewayCA(ctx context.Context, namespace string, client ctrlruntimeclient.Client) (*ECDSAKeyPair, error)
GetMLAGatewayCA returns the MLA Gateway CA of the cluster from the lister.
func GetOpenVPNCA ¶
func GetOpenVPNCA(ctx context.Context, namespace string, client ctrlruntimeclient.Client) (*ECDSAKeyPair, error)
GetOpenVPNCA returns the OpenVPN CA of the cluster from the lister.
type EKSCredential ¶ added in v2.21.0
type EKSCredentials ¶ added in v2.19.0
type EKSCredentials struct { AccessKeyID string SecretAccessKey string AssumeRoleARN string AssumeRoleExternalID string }
func GetEKSCredentials ¶ added in v2.19.0
func GetEKSCredentials(ctx context.Context, client ctrlruntimeclient.Client, cluster *kubermaticv1.ExternalCluster) (EKSCredentials, error)
type EKSMDState ¶ added in v2.21.0
type EKSMDState string
const ( CreatingEKSMDState EKSMDState = "CREATING" ActiveEKSMDState EKSMDState = "ACTIVE" UpdatingEKSMDState EKSMDState = "UPDATING" DeletingEKSMDState EKSMDState = "DELETING" CreateFailedEKSMDState EKSMDState = "CREATE_FAILED" DeleteFailedEKSMDState EKSMDState = "DELETE_FAILED" DegradedEKSMDState EKSMDState = "DEGRADED" )
type GCPCredentials ¶
type GCPCredentials struct {
ServiceAccount string
}
func GetGCPCredentials ¶
func GetGCPCredentials(data CredentialsData) (GCPCredentials, error)
type GKECredentials ¶ added in v2.19.0
type GKECredentials struct {
ServiceAccount string
}
func GetGKECredentials ¶ added in v2.19.0
func GetGKECredentials(ctx context.Context, client ctrlruntimeclient.Client, cluster *kubermaticv1.ExternalCluster) (GKECredentials, error)
type GKEMDState ¶ added in v2.21.0
type GKEMDState string
const ( ProvisioningGKEMDState GKEMDState = "PROVISIONING" RunningGKEMDState GKEMDState = "RUNNING" ReconcilingGKEMDState GKEMDState = "RECONCILING" StoppingGKEMDState GKEMDState = "STOPPING" ErrorGKEMDState GKEMDState = "ERROR" RunningWithErrorGKEMDState GKEMDState = "RUNNING_WITH_ERROR" UnspecifiedGKEMDState GKEMDState = "STATUS_UNSPECIFIED" )
type GKEState ¶ added in v2.21.0
type GKEState string
const ( ProvisioningGKEState GKEState = "PROVISIONING" RunningGKEState GKEState = "RUNNING" ReconcilingGKEState GKEState = "RECONCILING" StoppingGKEState GKEState = "STOPPING" ErrorGKEState GKEState = "ERROR" DegradedGKEState GKEState = "DEGRADED" UnspecifiedGKEState GKEState = "STATUS_UNSPECIFIED" )
type HetznerCredentials ¶
type HetznerCredentials struct {
Token string
}
func GetHetznerCredentials ¶
func GetHetznerCredentials(data CredentialsData) (HetznerCredentials, error)
type KubevirtCredentials ¶
type KubevirtCredentials struct { // Admin kubeconfig for KubeVirt cluster KubeConfig string }
func GetKubevirtCredentials ¶
func GetKubevirtCredentials(data CredentialsData) (KubevirtCredentials, error)
type NutanixCredentials ¶ added in v2.19.0
type NutanixCredentials struct { Username string Password string CSIUsername string CSIPassword string ProxyURL string }
func GetNutanixCredentials ¶ added in v2.19.0
func GetNutanixCredentials(data CredentialsData) (NutanixCredentials, error)
type OpenstackCredentials ¶
type OpenstackCredentials struct { Username string Password string Project string ProjectID string Domain string ApplicationCredentialID string ApplicationCredentialSecret string Token string }
func GetOpenstackCredentials ¶
func GetOpenstackCredentials(data CredentialsData) (OpenstackCredentials, error)
type PacketCredentials ¶
func GetPacketCredentials ¶
func GetPacketCredentials(data CredentialsData) (PacketCredentials, error)
type Requirements ¶
type Requirements struct { Name string `json:"name,omitempty"` Requires *corev1.ResourceRequirements `json:"requires,omitempty"` }
Requirements are how much resources are needed by containers in the pod.
type TemplateData ¶
type TemplateData struct { OverwriteRegistry string // contains filtered or unexported fields }
TemplateData is a group of data required for template generation.
func (*TemplateData) BackupSchedule ¶ added in v2.17.0
func (d *TemplateData) BackupSchedule() time.Duration
func (*TemplateData) CABundle ¶ added in v2.17.0
func (d *TemplateData) CABundle() CABundle
CABundle returns the set of CA certificates that should be used for all outgoing communication.
func (*TemplateData) Cluster ¶
func (d *TemplateData) Cluster() *kubermaticv1.Cluster
Cluster returns the cluster.
func (*TemplateData) ClusterIPByServiceName ¶
func (d *TemplateData) ClusterIPByServiceName(name string) (string, error)
ClusterIPByServiceName returns the ClusterIP as string for the Service specified by `name`. Service lookup happens within `Cluster.Status.NamespaceName`. When ClusterIP fails to parse as valid IP address, an error is returned.
func (*TemplateData) ComputedNodePortRange ¶ added in v2.17.1
func (d *TemplateData) ComputedNodePortRange() string
ComputedNodePortRange is NodePortRange() with defaulting and ComponentsOverride logic.
func (*TemplateData) DNATControllerImage ¶
func (d *TemplateData) DNATControllerImage() string
func (*TemplateData) DNATControllerTag ¶ added in v2.16.3
func (d *TemplateData) DNATControllerTag() string
func (*TemplateData) EtcdBackupDeleteContainer ¶ added in v2.24.0
func (d *TemplateData) EtcdBackupDeleteContainer() *corev1.Container
func (*TemplateData) EtcdBackupDestination ¶ added in v2.24.0
func (d *TemplateData) EtcdBackupDestination() *kubermaticv1.BackupDestination
func (*TemplateData) EtcdBackupStoreContainer ¶ added in v2.24.0
func (d *TemplateData) EtcdBackupStoreContainer() *corev1.Container
func (*TemplateData) EtcdDiskSize ¶
func (d *TemplateData) EtcdDiskSize() resource.Quantity
EtcdDiskSize returns the etcd disk size.
func (*TemplateData) EtcdLauncherImage ¶
func (d *TemplateData) EtcdLauncherImage() string
func (*TemplateData) EtcdLauncherTag ¶ added in v2.16.3
func (d *TemplateData) EtcdLauncherTag() string
func (*TemplateData) ExternalIP ¶
func (d *TemplateData) ExternalIP() (*net.IP, error)
ExternalIP returns the external facing IP or an error if no IP exists.
func (*TemplateData) GetAPIServerAlternateNames ¶ added in v2.26.0
func (d *TemplateData) GetAPIServerAlternateNames() (*certutil.AltNames, error)
GetAPIServerAlternateNames returns the alternate names for the apiserver certificate from the corresponding services. This method ensures that if multiple hostnames or IPs have been assigned to the API server service or front-loadbalancer service, then all of them are included in the certificate.
func (*TemplateData) GetCSIMigrationFeatureGates ¶ added in v2.17.0
func (d *TemplateData) GetCSIMigrationFeatureGates(version *semverlib.Version) []string
func (*TemplateData) GetCloudProviderName ¶ added in v2.18.0
func (d *TemplateData) GetCloudProviderName() (string, error)
func (*TemplateData) GetClusterRef ¶
func (d *TemplateData) GetClusterRef() metav1.OwnerReference
GetClusterRef returns a instance of a OwnerReference for the Cluster in the TemplateData.
func (*TemplateData) GetEnvVars ¶ added in v2.21.0
func (data *TemplateData) GetEnvVars() ([]corev1.EnvVar, error)
func (*TemplateData) GetFrontProxyCA ¶
func (d *TemplateData) GetFrontProxyCA() (*triple.KeyPair, error)
GetFrontProxyCA returns the root CA for the front proxy.
func (*TemplateData) GetGlobalSecretKeySelectorValue ¶
func (d *TemplateData) GetGlobalSecretKeySelectorValue(configVar *providerconfig.GlobalSecretKeySelector, key string) (string, error)
func (*TemplateData) GetKonnectivityKeepAliveTime ¶ added in v2.21.6
func (d *TemplateData) GetKonnectivityKeepAliveTime() string
func (*TemplateData) GetKonnectivityServerPort ¶ added in v2.19.0
func (d *TemplateData) GetKonnectivityServerPort() (int32, error)
GetKonnectivityServerPort returns the nodeport of the external Konnectivity Server service.
func (*TemplateData) GetLegacyOverwriteRegistry ¶ added in v2.22.0
func (d *TemplateData) GetLegacyOverwriteRegistry() string
GetLegacyOverwriteRegistry should not be used by new code, rather the ImageRewriter() should be used instead.
func (*TemplateData) GetMLAGatewayCA ¶ added in v2.18.0
func (d *TemplateData) GetMLAGatewayCA() (*ECDSAKeyPair, error)
GetMLAGatewayCA returns the root CA for the MLA Gateway.
func (*TemplateData) GetMLAGatewayPort ¶ added in v2.18.0
func (d *TemplateData) GetMLAGatewayPort() (int32, error)
GetMLAGatewayPort returns the NodePort of the external MLA Gateway service.
func (*TemplateData) GetOpenVPNCA ¶
func (d *TemplateData) GetOpenVPNCA() (*ECDSAKeyPair, error)
GetOpenVPNCA returns the root ca for the OpenVPN.
func (*TemplateData) GetOpenVPNServerPort ¶
func (d *TemplateData) GetOpenVPNServerPort() (int32, error)
GetOpenVPNServerPort returns the nodeport of the external apiserver service.
func (*TemplateData) GetPodTemplateLabels ¶
func (d *TemplateData) GetPodTemplateLabels(appName string, volumes []corev1.Volume, additionalLabels map[string]string) (map[string]string, error)
GetPodTemplateLabels returns a set of labels for a Pod including the revisions of depending secrets and configmaps. This will force pods being restarted as soon as one of the secrets/configmaps get updated.
func (*TemplateData) GetRootCA ¶
func (d *TemplateData) GetRootCA() (*triple.KeyPair, error)
GetRootCA returns the root CA of the cluster.
func (*TemplateData) GetSecretKeyValue ¶ added in v2.21.0
func (d *TemplateData) GetSecretKeyValue(ref *corev1.SecretKeySelector) ([]byte, error)
func (*TemplateData) GetTunnelingAgentIP ¶ added in v2.20.14
func (d *TemplateData) GetTunnelingAgentIP() string
func (*TemplateData) GetViewerToken ¶
func (d *TemplateData) GetViewerToken() (string, error)
GetViewerToken returns the viewer token.
func (*TemplateData) ImageRewriter ¶ added in v2.22.0
func (d *TemplateData) ImageRewriter() registry.ImageRewriter
ImageRewriter returns a Docker image rewriter.
func (*TemplateData) IsKonnectivityEnabled ¶ added in v2.18.0
func (d *TemplateData) IsKonnectivityEnabled() bool
IsKonnectivityEnabled returns isKonnectivityEnabled.
func (*TemplateData) KCMCloudControllersDeactivated ¶ added in v2.17.0
func (d *TemplateData) KCMCloudControllersDeactivated() bool
KCMCloudControllersDeactivated return true if the KCM is ready and the cloud-controllers are disabled. * There is no 'cloud-provider' flag. * The cloud controllers are disabled. This is used to avoid deploying the CCM before the in-tree cloud controllers have been deactivated.
func (*TemplateData) KubermaticAPIImage ¶
func (d *TemplateData) KubermaticAPIImage() string
func (*TemplateData) KubermaticConfiguration ¶ added in v2.19.0
func (d *TemplateData) KubermaticConfiguration() *kubermaticv1.KubermaticConfiguration
func (*TemplateData) KubermaticDockerTag ¶ added in v2.16.3
func (d *TemplateData) KubermaticDockerTag() string
func (*TemplateData) MachineControllerImageRepository ¶ added in v2.18.0
func (d *TemplateData) MachineControllerImageRepository() string
func (*TemplateData) MachineControllerImageTag ¶ added in v2.18.0
func (d *TemplateData) MachineControllerImageTag() string
func (*TemplateData) NetworkIntfMgrImage ¶ added in v2.22.0
func (d *TemplateData) NetworkIntfMgrImage() string
func (*TemplateData) NodeAccessNetwork ¶
func (d *TemplateData) NodeAccessNetwork() string
NodeAccessNetwork returns the node access network.
func (*TemplateData) NodeLocalDNSCacheEnabled ¶
func (d *TemplateData) NodeLocalDNSCacheEnabled() bool
func (*TemplateData) NodePortProxyTag ¶ added in v2.16.3
func (d *TemplateData) NodePortProxyTag() string
func (*TemplateData) NodePortRange ¶
func (d *TemplateData) NodePortRange() string
NodePortRange returns the node access network.
func (*TemplateData) NodePorts ¶ added in v2.17.1
func (d *TemplateData) NodePorts() (int, int)
NodePorts returns low and high NodePorts from NodePortRange().
func (*TemplateData) OIDCIssuerClientID ¶
func (d *TemplateData) OIDCIssuerClientID() string
OIDCIssuerClientID return the issuer client ID.
func (*TemplateData) OIDCIssuerURL ¶
func (d *TemplateData) OIDCIssuerURL() string
OIDCIssuerURL returns URL of the OpenID token issuer.
func (*TemplateData) OperatingSystemManagerImageRepository ¶ added in v2.20.5
func (d *TemplateData) OperatingSystemManagerImageRepository() string
func (*TemplateData) OperatingSystemManagerImageTag ¶ added in v2.20.5
func (d *TemplateData) OperatingSystemManagerImageTag() string
func (*TemplateData) ProviderName ¶
func (d *TemplateData) ProviderName() string
ProviderName returns the name of the clusters providerName.
func (*TemplateData) RewriteImage ¶ added in v2.22.0
func (d *TemplateData) RewriteImage(image string) (string, error)
RewriteImage rewrites a Docker image to apply a custom registry if specified.
func (*TemplateData) Seed ¶
func (d *TemplateData) Seed() *kubermaticv1.Seed
func (*TemplateData) SupportsFailureDomainZoneAntiAffinity ¶
func (d *TemplateData) SupportsFailureDomainZoneAntiAffinity() bool
func (*TemplateData) UserClusterMLAEnabled ¶ added in v2.18.0
func (d *TemplateData) UserClusterMLAEnabled() bool
UserClusterMLAEnabled returns userClusterMLAEnabled.
type TemplateDataBuilder ¶ added in v2.17.0
type TemplateDataBuilder struct {
// contains filtered or unexported fields
}
func NewTemplateDataBuilder ¶ added in v2.17.0
func NewTemplateDataBuilder() *TemplateDataBuilder
func (TemplateDataBuilder) Build ¶ added in v2.17.0
func (td TemplateDataBuilder) Build() *TemplateData
func (*TemplateDataBuilder) WithBackupPeriod ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithBackupPeriod(backupPeriod time.Duration) *TemplateDataBuilder
func (*TemplateDataBuilder) WithCABundle ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithCABundle(bundle CABundle) *TemplateDataBuilder
func (*TemplateDataBuilder) WithClient ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithClient(client ctrlruntimeclient.Client) *TemplateDataBuilder
func (*TemplateDataBuilder) WithCluster ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithCluster(cluster *kubermaticv1.Cluster) *TemplateDataBuilder
func (*TemplateDataBuilder) WithContext ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithContext(ctx context.Context) *TemplateDataBuilder
func (*TemplateDataBuilder) WithDatacenter ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithDatacenter(dc *kubermaticv1.Datacenter) *TemplateDataBuilder
func (*TemplateDataBuilder) WithDnatControllerImage ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithDnatControllerImage(image string) *TemplateDataBuilder
func (*TemplateDataBuilder) WithEtcdBackupDeleteContainer ¶ added in v2.24.0
func (td *TemplateDataBuilder) WithEtcdBackupDeleteContainer(container *corev1.Container) *TemplateDataBuilder
func (*TemplateDataBuilder) WithEtcdBackupDestination ¶ added in v2.24.0
func (td *TemplateDataBuilder) WithEtcdBackupDestination(destination *kubermaticv1.BackupDestination) *TemplateDataBuilder
func (*TemplateDataBuilder) WithEtcdBackupStoreContainer ¶ added in v2.24.0
func (td *TemplateDataBuilder) WithEtcdBackupStoreContainer(container *corev1.Container) *TemplateDataBuilder
func (*TemplateDataBuilder) WithEtcdDiskSize ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithEtcdDiskSize(etcdDiskSize resource.Quantity) *TemplateDataBuilder
func (*TemplateDataBuilder) WithEtcdLauncherImage ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithEtcdLauncherImage(image string) *TemplateDataBuilder
func (*TemplateDataBuilder) WithFailureDomainZoneAntiaffinity ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithFailureDomainZoneAntiaffinity(enabled bool) *TemplateDataBuilder
func (*TemplateDataBuilder) WithKonnectivityEnabled ¶ added in v2.18.0
func (td *TemplateDataBuilder) WithKonnectivityEnabled(enabled bool) *TemplateDataBuilder
func (*TemplateDataBuilder) WithKubermaticConfiguration ¶ added in v2.19.0
func (td *TemplateDataBuilder) WithKubermaticConfiguration(cfg *kubermaticv1.KubermaticConfiguration) *TemplateDataBuilder
func (*TemplateDataBuilder) WithKubermaticImage ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithKubermaticImage(image string) *TemplateDataBuilder
func (*TemplateDataBuilder) WithMachineControllerImageRepository ¶ added in v2.18.0
func (td *TemplateDataBuilder) WithMachineControllerImageRepository(repository string) *TemplateDataBuilder
func (*TemplateDataBuilder) WithMachineControllerImageTag ¶ added in v2.18.0
func (td *TemplateDataBuilder) WithMachineControllerImageTag(tag string) *TemplateDataBuilder
func (*TemplateDataBuilder) WithNetworkIntfMgrImage ¶ added in v2.22.0
func (td *TemplateDataBuilder) WithNetworkIntfMgrImage(image string) *TemplateDataBuilder
func (*TemplateDataBuilder) WithNodeAccessNetwork ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithNodeAccessNetwork(nodeAccessNetwork string) *TemplateDataBuilder
func (*TemplateDataBuilder) WithNodePortRange ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithNodePortRange(npRange string) *TemplateDataBuilder
func (*TemplateDataBuilder) WithOIDCIssuerClientID ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithOIDCIssuerClientID(clientID string) *TemplateDataBuilder
func (*TemplateDataBuilder) WithOIDCIssuerURL ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithOIDCIssuerURL(url string) *TemplateDataBuilder
func (*TemplateDataBuilder) WithOverwriteRegistry ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithOverwriteRegistry(overwriteRegistry string) *TemplateDataBuilder
func (*TemplateDataBuilder) WithSeed ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithSeed(s *kubermaticv1.Seed) *TemplateDataBuilder
func (*TemplateDataBuilder) WithTunnelingAgentIP ¶ added in v2.20.14
func (td *TemplateDataBuilder) WithTunnelingAgentIP(tunnelingAgentIP string) *TemplateDataBuilder
func (*TemplateDataBuilder) WithUserClusterMLAEnabled ¶ added in v2.18.0
func (td *TemplateDataBuilder) WithUserClusterMLAEnabled(enabled bool) *TemplateDataBuilder
func (*TemplateDataBuilder) WithVersions ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithVersions(v kubermatic.Versions) *TemplateDataBuilder
type TinkerbellCredentials ¶ added in v2.26.0
type TinkerbellCredentials struct { // Admin kubeconfig for Tinkerbell cluster Kubeconfig string }
type VMwareCloudDirectorCredentials ¶ added in v2.21.0
type VMwareCloudDirectorCredentials struct { Username string Password string APIToken string Organization string VDC string }
func GetVMwareCloudDirectorCredentials ¶ added in v2.21.0
func GetVMwareCloudDirectorCredentials(data CredentialsData) (VMwareCloudDirectorCredentials, error)
type VSphereCredentials ¶
func GetVSphereCredentials ¶
func GetVSphereCredentials(data CredentialsData) (VSphereCredentials, error)
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
triple
Package triple generates key-certificate pairs for the triple (CA, Server, Client).
|
Package triple generates key-certificate pairs for the triple (CA, Server, Client). |
Package registry groups all container registry related types and helpers in one place.
|
Package registry groups all container registry related types and helpers in one place. |