Documentation ¶
Index ¶
- func AdmissionControlCreator(data *resources.TemplateData) reconciling.NamedConfigMapCreatorGetter
- func AuditConfigMapCreator() reconciling.NamedConfigMapCreatorGetter
- func CABundleCreator(data caBundleProvider) reconciling.NamedConfigMapCreatorGetter
- func DNSAllowCreator(c *kubermaticv1.Cluster) reconciling.NamedNetworkPolicyCreatorGetter
- func DenyAllPolicyCreator() reconciling.NamedNetworkPolicyCreatorGetter
- func DeploymentCreator(data *resources.TemplateData, enableOIDCAuthentication bool) reconciling.NamedDeploymentCreatorGetter
- func EctdAllowCreator(c *kubermaticv1.Cluster) reconciling.NamedNetworkPolicyCreatorGetter
- func EtcdClientCertificateCreator(data etcdClientCertificateCreatorData) reconciling.NamedSecretCreatorGetter
- func FrontProxyClientCertificateCreator(data frontProxyClientCertificateCreatorData) reconciling.NamedSecretCreatorGetter
- func GetEnvVars(data kubeAPIServerEnvData) ([]corev1.EnvVar, error)
- func IsRunningWrapper(data isRunningInitContainerData, spec corev1.PodSpec, ...) (*corev1.PodSpec, error)
- func KubeletClientCertificateCreator(data kubeletClientCertificateCreatorData) reconciling.NamedSecretCreatorGetter
- func MachineControllerWebhookCreator(c *kubermaticv1.Cluster) reconciling.NamedNetworkPolicyCreatorGetter
- func MetricsServerAllowCreator(c *kubermaticv1.Cluster) reconciling.NamedNetworkPolicyCreatorGetter
- func OpenVPNServerAllowCreator(c *kubermaticv1.Cluster) reconciling.NamedNetworkPolicyCreatorGetter
- func PodDisruptionBudgetCreator() reconciling.NamedPodDisruptionBudgetCreatorGetter
- func ServiceAccountKeyCreator() reconciling.NamedSecretCreatorGetter
- func ServiceCreator(exposeStrategy kubermaticv1.ExposeStrategy, externalURL string) reconciling.NamedServiceCreatorGetter
- func TLSServingCertificateCreator(data tlsServingCertCreatorData) reconciling.NamedSecretCreatorGetter
- func TokenUsersCreator(data *resources.TemplateData) reconciling.NamedSecretCreatorGetter
- func TokenViewerCreator() reconciling.NamedSecretCreatorGetter
- type AdmissionConfiguration
- type AdmissionPluginConfiguration
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AdmissionControlCreator ¶
func AdmissionControlCreator(data *resources.TemplateData) reconciling.NamedConfigMapCreatorGetter
func AuditConfigMapCreator ¶
func AuditConfigMapCreator() reconciling.NamedConfigMapCreatorGetter
func CABundleCreator ¶ added in v2.17.0
func CABundleCreator(data caBundleProvider) reconciling.NamedConfigMapCreatorGetter
func DNSAllowCreator ¶ added in v2.17.4
func DNSAllowCreator(c *kubermaticv1.Cluster) reconciling.NamedNetworkPolicyCreatorGetter
DNSAllowCreator returns a func to create/update the apiserver deny all egress policy.
func DenyAllPolicyCreator ¶ added in v2.17.4
func DenyAllPolicyCreator() reconciling.NamedNetworkPolicyCreatorGetter
DenyAllPolicyCreator returns a func to create/update the apiserver deny all egress policy.
func DeploymentCreator ¶
func DeploymentCreator(data *resources.TemplateData, enableOIDCAuthentication bool) reconciling.NamedDeploymentCreatorGetter
DeploymentCreator returns the function to create and update the API server deployment
func EctdAllowCreator ¶ added in v2.17.4
func EctdAllowCreator(c *kubermaticv1.Cluster) reconciling.NamedNetworkPolicyCreatorGetter
EtcdAllowCreator returns a func to create/update the apiserver deny all egress policy.
func EtcdClientCertificateCreator ¶
func EtcdClientCertificateCreator(data etcdClientCertificateCreatorData) reconciling.NamedSecretCreatorGetter
EtcdClientCertificateCreator returns a function to create/update the secret with the client certificate for authenticating against etcd
func FrontProxyClientCertificateCreator ¶
func FrontProxyClientCertificateCreator(data frontProxyClientCertificateCreatorData) reconciling.NamedSecretCreatorGetter
FrontProxyClientCertificateCreator returns a function to create/update the secret with the client certificate for authenticating against extension apiserver
func GetEnvVars ¶
func IsRunningWrapper ¶
func IsRunningWrapper(data isRunningInitContainerData, spec corev1.PodSpec, containersToWrap sets.String, crdsToWaitFor ...string) (*corev1.PodSpec, error)
IsRunningWrapper wraps the named containers in the pod with a check if the API server is reachable. This is achieved by copying a `http-prober` binary via an init container into an emptyDir volume, then mounting that volume onto all named containers and replacing the command with a call to the `http-prober` binary. The http prober binary gets the original command as serialized string and does an syscall.Exec onto it once the apiserver became reachable
func KubeletClientCertificateCreator ¶
func KubeletClientCertificateCreator(data kubeletClientCertificateCreatorData) reconciling.NamedSecretCreatorGetter
KubeletClientCertificateCreator returns a function to create/update a secret with the client certificate for the apiserver -> kubelet connection.
func MachineControllerWebhookCreator ¶ added in v2.17.4
func MachineControllerWebhookCreator(c *kubermaticv1.Cluster) reconciling.NamedNetworkPolicyCreatorGetter
func MetricsServerAllowCreator ¶ added in v2.17.4
func MetricsServerAllowCreator(c *kubermaticv1.Cluster) reconciling.NamedNetworkPolicyCreatorGetter
func OpenVPNServerAllowCreator ¶ added in v2.17.4
func OpenVPNServerAllowCreator(c *kubermaticv1.Cluster) reconciling.NamedNetworkPolicyCreatorGetter
OpenVPNServerAllowCreator returns a func to create/update the apiserver deny all egress policy.
func PodDisruptionBudgetCreator ¶
func PodDisruptionBudgetCreator() reconciling.NamedPodDisruptionBudgetCreatorGetter
PodDisruptionBudgetCreator returns a func to create/update the apiserver PodDisruptionBudget
func ServiceAccountKeyCreator ¶
func ServiceAccountKeyCreator() reconciling.NamedSecretCreatorGetter
ServiceAccountKeyCreator returns a function to create/update a secret with the ServiceAccount key
func ServiceCreator ¶
func ServiceCreator(exposeStrategy kubermaticv1.ExposeStrategy, externalURL string) reconciling.NamedServiceCreatorGetter
ServiceCreator returns the function to reconcile the external API server service
func TLSServingCertificateCreator ¶
func TLSServingCertificateCreator(data tlsServingCertCreatorData) reconciling.NamedSecretCreatorGetter
TLSServingCertificateCreator returns a function to create/update the secret with the apiserver tls certificate used to serve https
func TokenUsersCreator ¶
func TokenUsersCreator(data *resources.TemplateData) reconciling.NamedSecretCreatorGetter
TokenUsers returns a secret containing the tokens csv
func TokenViewerCreator ¶
func TokenViewerCreator() reconciling.NamedSecretCreatorGetter
TokenViewerCreator returns a secret containing the viewer token
Types ¶
type AdmissionConfiguration ¶
type AdmissionConfiguration struct { Kind string `yaml:"kind,omitempty"` APIVersion string `yaml:"apiVersion,omitempty"` // Plugins allows specifying a configuration per admission control plugin. Plugins []AdmissionPluginConfiguration `yaml:"plugins,omitempty"` }
AdmissionConfiguration provides versioned configuration for admission controllers.
type AdmissionPluginConfiguration ¶
type AdmissionPluginConfiguration struct { // Name is the name of the admission controller. // It must match the registered admission plugin name. Name string `yaml:"name"` // Path is the path to a configuration file that contains the plugin's // configuration Path string `yaml:"path"` }
AdmissionPluginConfiguration provides the configuration for a single plug-in.