Documentation ¶
Index ¶
- Constants
- func AdminKubeconfigCreator(data adminKubeconfigCreatorData) reconciling.NamedSecretCreatorGetter
- func AppClusterLabels(appName, clusterName string, additionalLabels map[string]string) map[string]string
- func BackupCABundleConfigMapName(cluster *kubermaticv1.Cluster) string
- func BaseAppLabels(name string, additionalLabels map[string]string) map[string]string
- func Bool(v bool) *bool
- func BuildNewKubeconfigAsByte(ca *triple.KeyPair, server, commonName string, organizations []string, ...) ([]byte, error)
- func CertWillExpireSoon(cert *x509.Certificate) bool
- func ClusterIPForService(name, namespace string, serviceLister corev1lister.ServiceLister) (*net.IP, error)
- func ClusterRoleBindingAuthDelegatorCreator(username string) reconciling.NamedClusterRoleBindingCreatorGetter
- func ConfigMapRevision(ctx context.Context, key types.NamespacedName, client ctrlruntimeclient.Client) (string, error)
- func CopyCredentials(data CredentialsData, cluster *kubermaticv1.Cluster) error
- func ExternalCloudProviderEnabled(cluster *kubermaticv1.Cluster) bool
- func FailureDomainZoneAntiAffinity(app string) corev1.WeightedPodAffinityTerm
- func GetAbsoluteServiceDNSName(service, namespace string) string
- func GetAllowedTLSCipherSuites() []string
- func GetBaseKubeconfig(caCert *x509.Certificate, server, clusterName string) *clientcmdapi.Config
- func GetCABundleFromFile(file string) ([]*x509.Certificate, error)
- func GetCSIMigrationFeatureGates(cluster *kubermaticv1.Cluster) []string
- func GetClusterExternalIP(cluster *kubermaticv1.Cluster) (*net.IP, error)
- func GetClusterFrontProxyCA(ctx context.Context, namespace string, client ctrlruntimeclient.Client) (*triple.KeyPair, error)
- func GetClusterRef(cluster *kubermaticv1.Cluster) metav1.OwnerReference
- func GetClusterRootCA(ctx context.Context, namespace string, client ctrlruntimeclient.Client) (*triple.KeyPair, error)
- func GetEtcdRestoreRef(restore *kubermaticv1.EtcdRestore) metav1.OwnerReference
- func GetEtcdRestoreS3Client(ctx context.Context, restore *kubermaticv1.EtcdRestore, ...) (*minio.Client, string, error)
- func GetHTTPProxyEnvVarsFromSeed(seed *kubermaticv1.Seed, inClusterAPIServerURL string) []corev1.EnvVar
- func GetInternalKubeconfigCreator(name, commonName string, organizations []string, ...) reconciling.NamedSecretCreatorGetter
- func GetKubernetesCloudProviderName(cluster *kubermaticv1.Cluster, externalCloudProvider bool) string
- func GetOverrides(componentSettings kubermaticv1.ComponentSettings) map[string]*corev1.ResourceRequirements
- func GetPodTemplateLabels(ctx context.Context, client ctrlruntimeclient.Client, ...) (map[string]string, error)
- func GetVerticalPodAutoscalersForAll(ctx context.Context, client ctrlruntimeclient.Client, ...) ([]reconciling.NamedVerticalPodAutoscalerCreatorGetter, error)
- func HealthyDaemonSet(ctx context.Context, client ctrlruntimeclient.Client, nn types.NamespacedName, ...) (kubermaticv1.HealthStatus, error)
- func HealthyDeployment(ctx context.Context, client ctrlruntimeclient.Client, nn types.NamespacedName, ...) (kubermaticv1.HealthStatus, error)
- func HealthyStatefulSet(ctx context.Context, client ctrlruntimeclient.Client, nn types.NamespacedName, ...) (kubermaticv1.HealthStatus, error)
- func HostnameAntiAffinity(app, clusterName string) *corev1.Affinity
- func ImagePullSecretCreator(dockerPullConfigJSON []byte) reconciling.NamedSecretCreatorGetter
- func InClusterApiserverIP(cluster *kubermaticv1.Cluster) (*net.IP, error)
- func Int32(v int32) *int32
- func Int64(v int64) *int64
- func IsClientCertificateValidForAllOf(cert *x509.Certificate, commonName string, organizations []string, ...) bool
- func IsServerCertificateValidForAllOf(cert *x509.Certificate, commonName string, altNames certutil.AltNames, ...) bool
- func IsValidKubeconfig(kubeconfigBytes []byte, caCert *x509.Certificate, server, commonName string, ...) (bool, error)
- func RoleBindingAuthenticationReaderCreator(username string) reconciling.NamedRoleBindingCreatorGetter
- func SanitizeEnvVars(envVars []corev1.EnvVar) []corev1.EnvVar
- func SecretRevision(ctx context.Context, key types.NamespacedName, client ctrlruntimeclient.Client) (string, error)
- func ServiceAccountSecretCreator(data CredentialsData) reconciling.NamedSecretCreatorGetter
- func SetResourceRequirements(containers []corev1.Container, ...) error
- func String(v string) *string
- func SupportsFailureDomainZoneAntiAffinity(ctx context.Context, client ctrlruntimeclient.Client) (bool, error)
- func UnwrapCommand(container corev1.Container) (found bool, command httpproberapi.Command)
- func UserClusterDNSPolicyAndConfig(d userClusterDNSPolicyAndConfigData) (corev1.DNSPolicy, *corev1.PodDNSConfig, error)
- func UserClusterDNSResolverIP(cluster *kubermaticv1.Cluster) (string, error)
- func ViewerKubeconfigCreator(data *TemplateData) reconciling.NamedSecretCreatorGetter
- func VolumeRevisionLabels(ctx context.Context, client ctrlruntimeclient.Client, namespace string, ...) (map[string]string, error)
- type AKSCredentials
- type AWSCredentials
- type AlibabaCredentials
- type AnexiaCredentials
- type AzureCredentials
- type CABundle
- type Credentials
- type CredentialsData
- type DigitaloceanCredentials
- type ECDSAKeyPair
- type EKSCredentials
- type GCPCredentials
- type GKECredentials
- type HetznerCredentials
- type KubevirtCredentials
- type NutanixCredentials
- type OpenstackCredentials
- type PacketCredentials
- type Requirements
- type TemplateData
- func (d *TemplateData) BackupSchedule() time.Duration
- func (d *TemplateData) CABundle() CABundle
- func (d *TemplateData) Cluster() *kubermaticv1.Cluster
- func (d *TemplateData) ClusterIPByServiceName(name string) (string, error)
- func (d *TemplateData) ClusterVersion() string
- func (d *TemplateData) ComputedNodePortRange() string
- func (d *TemplateData) DC() *kubermaticv1.Datacenter
- func (d *TemplateData) DNATControllerImage() string
- func (d *TemplateData) DNATControllerTag() string
- func (d *TemplateData) EtcdDiskSize() resource.Quantity
- func (d *TemplateData) EtcdLauncherImage() string
- func (d *TemplateData) EtcdLauncherTag() string
- func (d *TemplateData) ExternalIP() (*net.IP, error)
- func (d *TemplateData) GetCSIMigrationFeatureGates() []string
- func (d *TemplateData) GetCloudProviderName() (string, error)
- func (d *TemplateData) GetClusterRef() metav1.OwnerReference
- func (d *TemplateData) GetFrontProxyCA() (*triple.KeyPair, error)
- func (d *TemplateData) GetGlobalSecretKeySelectorValue(configVar *providerconfig.GlobalSecretKeySelector, key string) (string, error)
- func (d *TemplateData) GetKonnectivityServerPort() (int32, error)
- func (d *TemplateData) GetMLAGatewayCA() (*ECDSAKeyPair, error)
- func (d *TemplateData) GetMLAGatewayPort() (int32, error)
- func (d *TemplateData) GetOpenVPNCA() (*ECDSAKeyPair, error)
- func (d *TemplateData) GetOpenVPNServerPort() (int32, error)
- func (d *TemplateData) GetPodTemplateLabels(appName string, volumes []corev1.Volume, additionalLabels map[string]string) (map[string]string, error)
- func (d *TemplateData) GetRootCA() (*triple.KeyPair, error)
- func (d *TemplateData) GetViewerToken() (string, error)
- func (d *TemplateData) ImageRegistry(defaultRegistry string) string
- func (d *TemplateData) IsKonnectivityEnabled() bool
- func (d *TemplateData) KCMCloudControllersDeactivated() bool
- func (d *TemplateData) KubermaticAPIImage() string
- func (d *TemplateData) KubermaticConfiguration() *operatorv1alpha1.KubermaticConfiguration
- func (d *TemplateData) KubermaticDockerTag() string
- func (d *TemplateData) MachineControllerImageRepository() string
- func (d *TemplateData) MachineControllerImageTag() string
- func (d *TemplateData) NodeAccessNetwork() string
- func (d *TemplateData) NodeLocalDNSCacheEnabled() bool
- func (d *TemplateData) NodePortProxyTag() string
- func (d *TemplateData) NodePortRange() string
- func (d *TemplateData) NodePorts() (int, int)
- func (d *TemplateData) OIDCIssuerClientID() string
- func (d *TemplateData) OIDCIssuerURL() string
- func (d *TemplateData) ProviderName() string
- func (d *TemplateData) Seed() *kubermaticv1.Seed
- func (d *TemplateData) SupportsFailureDomainZoneAntiAffinity() bool
- func (d *TemplateData) UserClusterMLAEnabled() bool
- type TemplateDataBuilder
- func (td TemplateDataBuilder) Build() *TemplateData
- func (td *TemplateDataBuilder) WithBackupPeriod(backupPeriod time.Duration) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithCABundle(bundle CABundle) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithClient(client ctrlruntimeclient.Client) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithCluster(cluster *kubermaticv1.Cluster) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithContext(ctx context.Context) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithDatacenter(dc *kubermaticv1.Datacenter) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithDnatControllerImage(image string) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithEtcdDiskSize(etcdDiskSize resource.Quantity) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithEtcdLauncherImage(image string) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithFailureDomainZoneAntiaffinity(enabled bool) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithKonnectivityEnabled(enabled bool) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithKubermaticConfiguration(cfg *operatorv1alpha1.KubermaticConfiguration) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithKubermaticImage(image string) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithMachineControllerImageRepository(repository string) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithMachineControllerImageTag(tag string) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithNodeAccessNetwork(nodeAccessNetwork string) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithNodePortRange(npRange string) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithOIDCIssuerClientID(clientID string) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithOIDCIssuerURL(url string) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithOverwriteRegistry(overwriteRegistry string) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithSeed(s *kubermaticv1.Seed) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithUserClusterMLAEnabled(enabled bool) *TemplateDataBuilder
- func (td *TemplateDataBuilder) WithVersions(v kubermatic.Versions) *TemplateDataBuilder
- type VSphereCredentials
Constants ¶
const ( // ApiServer secure port APIServerSecurePort = 6443 NodeLocalDNSCacheAddress = "169.254.20.10" )
const ( // ApiserverDeploymentName is the name of the apiserver deployment ApiserverDeploymentName = "apiserver" // ControllerManagerDeploymentName is the name for the controller manager deployment ControllerManagerDeploymentName = "controller-manager" // SchedulerDeploymentName is the name for the scheduler deployment SchedulerDeploymentName = "scheduler" // OperatingSystemManagerDeploymentName is the name for the operating-system-manager deployment OperatingSystemManagerDeploymentName = "operating-system-manager" // MachineControllerDeploymentName is the name for the machine-controller deployment MachineControllerDeploymentName = "machine-controller" // MachineControllerWebhookDeploymentName is the name for the machine-controller webhook deployment MachineControllerWebhookDeploymentName = "machine-controller-webhook" // MetricsServerDeploymentName is the name for the metrics-server deployment MetricsServerDeploymentName = "metrics-server" // OpenVPNServerDeploymentName is the name for the openvpn server deployment OpenVPNServerDeploymentName = "openvpn-server" // DNSResolverDeploymentName is the name of the dns resolver deployment DNSResolverDeploymentName = "dns-resolver" // DNSResolverConfigMapName is the name of the dns resolvers configmap DNSResolverConfigMapName = "dns-resolver" // DNSResolverServiceName is the name of the dns resolvers service DNSResolverServiceName = "dns-resolver" // DNSResolverPodDisruptionBudetName is the name of the dns resolvers pdb DNSResolverPodDisruptionBudetName = "dns-resolver" // KubeStateMetricsDeploymentName is the name of the kube-state-metrics deployment KubeStateMetricsDeploymentName = "kube-state-metrics" // UserClusterControllerDeploymentName is the name of the usercluster-controller deployment UserClusterControllerDeploymentName = "usercluster-controller" // ClusterAutoscalerDeploymentName is the name of the cluster-autoscaler deployment ClusterAutoscalerDeploymentName = "cluster-autoscaler" // KubernetesDashboardDeploymentName is the name of the Kubernetes Dashboard deployment KubernetesDashboardDeploymentName = "kubernetes-dashboard" // MetricsScraperDeploymentName is the name of dashboard-metrics-scraper deployment MetricsScraperDeploymentName = "dashboard-metrics-scraper" // MetricsScraperServiceName is the name of dashboard-metrics-scraper service MetricsScraperServiceName = "dashboard-metrics-scraper" // PrometheusStatefulSetName is the name for the prometheus StatefulSet PrometheusStatefulSetName = "prometheus" // EtcdStatefulSetName is the name for the etcd StatefulSet EtcdStatefulSetName = "etcd" // EtcdDefaultBackupConfigName is the name for the default (preinstalled) EtcdBackupConfig of a cluster EtcdDefaultBackupConfigName = "default-backups" // EtcdTLSEnabledAnnotation is the annotation assigned to etcd Pods that run with a TLS peer endpoint EtcdTLSEnabledAnnotation = "etcd.kubermatic.k8c.io/tls-peer-enabled" // NodePortProxyEnvoyDeploymentName is the name of the nodeport-proxy deployment in the user cluster. NodePortProxyEnvoyDeploymentName = "nodeport-proxy-envoy" // NodePortProxyEnvoyContainerName is the name of the envoy container in the nodeport-proxy deployment. NodePortProxyEnvoyContainerName = "envoy" // ApiserverServiceName is the name for the apiserver service ApiserverServiceName = "apiserver-external" // FrontLoadBalancerServiceName is the name of the LoadBalancer service that fronts everything // when using exposeStrategy "LoadBalancer" FrontLoadBalancerServiceName = "front-loadbalancer" // MetricsServerServiceName is the name for the metrics-server service MetricsServerServiceName = "metrics-server" // MetricsServerExternalNameServiceName is the name for the metrics-server service inside the user cluster MetricsServerExternalNameServiceName = "metrics-server" // EtcdServiceName is the name for the etcd service EtcdServiceName = "etcd" // EtcdDefragCronJobName is the name for the defrag cronjob deployment EtcdDefragCronJobName = "etcd-defragger" // OpenVPNServerServiceName is the name for the openvpn server service OpenVPNServerServiceName = "openvpn-server" // MachineControllerWebhookServiceName is the name of the machine-controller webhook service MachineControllerWebhookServiceName = "machine-controller-webhook" // MetricsServerAPIServiceName is the name for the metrics-server APIService MetricsServerAPIServiceName = "v1beta1.metrics.k8s.io" // AdminKubeconfigSecretName is the name for the secret containing the private ca key AdminKubeconfigSecretName = "admin-kubeconfig" // ViewerKubeconfigSecretName is the name for the secret containing the viewer kubeconfig ViewerKubeconfigSecretName = "viewer-kubeconfig" // SchedulerKubeconfigSecretName is the name for the secret containing the kubeconfig used by the scheduler SchedulerKubeconfigSecretName = "scheduler-kubeconfig" // KubeletDnatControllerKubeconfigSecretName is the name for the secret containing the kubeconfig used by the kubeletdnatcontroller KubeletDnatControllerKubeconfigSecretName = "kubeletdnatcontroller-kubeconfig" // KubeStateMetricsKubeconfigSecretName is the name for the secret containing the kubeconfig used by kube-state-metrics KubeStateMetricsKubeconfigSecretName = "kube-state-metrics-kubeconfig" // MetricsServerKubeconfigSecretName is the name for the secret containing the kubeconfig used by the metrics-server MetricsServerKubeconfigSecretName = "metrics-server" // ControllerManagerKubeconfigSecretName is the name of the secret containing the kubeconfig used by controller manager ControllerManagerKubeconfigSecretName = "controllermanager-kubeconfig" // OperatingSystemManagerKubeconfigSecretName is the name for the secret containing the kubeconfig used by the osm OperatingSystemManagerKubeconfigSecretName = "operatingsystemmanager-kubeconfig" // MachineControllerKubeconfigSecretName is the name for the secret containing the kubeconfig used by the machinecontroller MachineControllerKubeconfigSecretName = "machinecontroller-kubeconfig" // CloudControllerManagerKubeconfigSecretName is the name for the secret containing the kubeconfig used by the external cloud provider CloudControllerManagerKubeconfigSecretName = "cloud-controller-manager-kubeconfig" // MachineControllerWebhookServingCertSecretName is the name for the secret containing the serving cert for the // machine-controller webhook MachineControllerWebhookServingCertSecretName = "machinecontroller-webhook-serving-cert" // MachineControllerWebhookServingCertCertKeyName is the name for the key that contains the cert MachineControllerWebhookServingCertCertKeyName = "cert.pem" // MachineControllerWebhookServingCertKeyKeyName is the name for the key that contains the key MachineControllerWebhookServingCertKeyKeyName = "key.pem" // PrometheusApiserverClientCertificateSecretName is the name for the secret containing the client certificate used by prometheus to access the apiserver PrometheusApiserverClientCertificateSecretName = "prometheus-apiserver-certificate" // ClusterAutoscalerKubeconfigSecretName is the name of the kubeconfig secret used for // the cluster-autoscaler ClusterAutoscalerKubeconfigSecretName = "cluster-autoscaler-kubeconfig" // KubernetesDashboardKubeconfigSecretName is the name of the kubeconfig secret user for Kubernetes Dashboard KubernetesDashboardKubeconfigSecretName = "kubernetes-dashboard-kubeconfig" // ImagePullSecretName specifies the name of the dockercfg secret used to access the private repo. ImagePullSecretName = "dockercfg" // FrontProxyCASecretName is the name for the secret containing the front proxy ca FrontProxyCASecretName = "front-proxy-ca" // CASecretName is the name for the secret containing the root ca CASecretName = "ca" // ApiserverTLSSecretName is the name for the secrets required for the apiserver tls ApiserverTLSSecretName = "apiserver-tls" // KubeletClientCertificatesSecretName is the name for the secret containing the kubelet client certificates KubeletClientCertificatesSecretName = "kubelet-client-certificates" // ServiceAccountKeySecretName is the name for the secret containing the service account key ServiceAccountKeySecretName = "service-account-key" // TokensSecretName is the name for the secret containing the user tokens TokensSecretName = "tokens" // ViewerTokenSecretName is the name for the secret containing the viewer token ViewerTokenSecretName = "viewer-token" // OpenVPNCASecretName is the name of the secret that contains the OpenVPN CA OpenVPNCASecretName = "openvpn-ca" // OpenVPNServerCertificatesSecretName is the name for the secret containing the openvpn server certificates OpenVPNServerCertificatesSecretName = "openvpn-server-certificates" // OpenVPNClientCertificatesSecretName is the name for the secret containing the openvpn client certificates OpenVPNClientCertificatesSecretName = "openvpn-client-certificates" // CloudConfigSecretName is the name for the secret containing the cloud-config inside the user cluster. CloudConfigSecretName = "cloud-config" // CSICloudConfigSecretName is the name for the secret containing the cloud-config used by the csi driver inside the user cluster CSICloudConfigSecretName = "cloud-config-csi" // EtcdTLSCertificateSecretName is the name for the secret containing the etcd tls certificate used for transport security EtcdTLSCertificateSecretName = "etcd-tls-certificate" // ApiserverEtcdClientCertificateSecretName is the name for the secret containing the client certificate used by the apiserver for authenticating against etcd ApiserverEtcdClientCertificateSecretName = "apiserver-etcd-client-certificate" // ApiserverFrontProxyClientCertificateSecretName is the name for the secret containing the apiserver's client certificate for proxy auth ApiserverFrontProxyClientCertificateSecretName = "apiserver-proxy-client-certificate" // GoogleServiceAccountSecretName is the name of the secret that contains the Google Service Account. GoogleServiceAccountSecretName = "google-service-account" // GoogleServiceAccountVolumeName is the name of the volume containing the Google Service Account secret. GoogleServiceAccountVolumeName = "google-service-account-volume" // AuditLogVolumeName is the name of the volume that hold the audit log of the apiserver. AuditLogVolumeName = "audit-log" // KubernetesDashboardKeyHolderSecretName is the name of the secret that contains JWE token encryption key // used by the Kubernetes Dashboard KubernetesDashboardKeyHolderSecretName = "kubernetes-dashboard-key-holder" // KubernetesDashboardCsrfTokenSecretName is the name of the secret that contains CSRF token used by // the Kubernetes Dashboard KubernetesDashboardCsrfTokenSecretName = "kubernetes-dashboard-csrf" // CABundleConfigMapName is the name for the configmap that contains the CA bundle for all usercluster components CABundleConfigMapName = "ca-bundle" // CABundleConfigMapKey is the key under which a ConfigMap must contain a PEM-encoded collection of certificates CABundleConfigMapKey = "ca-bundle.pem" // CloudConfigConfigMapName is the name for the configmap containing the cloud-config CloudConfigConfigMapName = "cloud-config" // CSICloudConfigConfigMapName is the name for the configmap containing the cloud-config used by the csi driver CSICloudConfigConfigMapName = "cloud-config-csi" // CloudConfigConfigMapKey is the key under which the cloud-config in the cloud-config configmap can be found CloudConfigConfigMapKey = "config" // OpenVPNClientConfigsConfigMapName is the name for the ConfigMap containing the OpenVPN client config used within the user cluster OpenVPNClientConfigsConfigMapName = "openvpn-client-configs" // OpenVPNClientConfigConfigMapName is the name for the ConfigMap containing the OpenVPN client config used by the client inside the user cluster OpenVPNClientConfigConfigMapName = "openvpn-client-config" // ClusterInfoConfigMapName is the name for the ConfigMap containing the cluster-info used by the bootstrap token mechanism ClusterInfoConfigMapName = "cluster-info" // PrometheusConfigConfigMapName is the name for the configmap containing the prometheus config PrometheusConfigConfigMapName = "prometheus" // AuditConfigMapName is the name for the configmap that contains the content of the file that will be passed to the apiserver with the flag "--audit-policy-file". AuditConfigMapName = "audit-config" // AdmissionControlConfigMapName is the name for the configmap that contains the Admission Controller config file AdmissionControlConfigMapName = "adm-control" // PrometheusServiceAccountName is the name for the Prometheus serviceaccount PrometheusServiceAccountName = "prometheus" // PrometheusRoleName is the name for the Prometheus role PrometheusRoleName = "prometheus" // PrometheusRoleBindingName is the name for the Prometheus rolebinding PrometheusRoleBindingName = "prometheus" // CloudControllerManagerRoleBindingName is the name for the cloud controller manager rolebinding. CloudControllerManagerRoleBindingName = "cloud-controller-manager" // DefaultServiceAccountName is the name of Kubernetes default service accounts DefaultServiceAccountName = "default" // KubeSystemNamespaceName is the name of Kubernetes kube-system namespace KubeSystemNamespaceName = "kube-system" // OperatingSystemManagerCertUsername is the name of the user coming from kubeconfig cert OperatingSystemManagerCertUsername = "operating-system-manager" // MachineControllerCertUsername is the name of the user coming from kubeconfig cert MachineControllerCertUsername = "machine-controller" // KubeStateMetricsCertUsername is the name of the user coming from kubeconfig cert KubeStateMetricsCertUsername = "kube-state-metrics" // MetricsServerCertUsername is the name of the user coming from kubeconfig cert MetricsServerCertUsername = "metrics-server" // MetricsServerServiceAccountName is the name of the metrics server service account MetricsServerServiceAccountName = "metrics-server" // ControllerManagerCertUsername is the name of the user coming from kubeconfig cert ControllerManagerCertUsername = "system:kube-controller-manager" // CloudControllerManagerCertUsername is the name of the user coming from kubeconfig cert CloudControllerManagerCertUsername = "system:cloud-controller-manager" // SchedulerCertUsername is the name of the user coming from kubeconfig cert SchedulerCertUsername = "system:kube-scheduler" // KubeletDnatControllerCertUsername is the name of the user coming from kubeconfig cert KubeletDnatControllerCertUsername = "kubermatic:kubeletdnat-controller" // PrometheusCertUsername is the name of the user coming from kubeconfig cert PrometheusCertUsername = "prometheus" // ClusterAutoscalerCertUsername is the name of the user coming from the CA kubeconfig cert ClusterAutoscalerCertUsername = "kubermatic:cluster-autoscaler" // KubernetesDashboardCertUsername is the name of the user coming from kubeconfig cert KubernetesDashboardCertUsername = "kubermatic:kubernetes-dashboard" // MetricsScraperServiceAccountUsername is the name of the user coming from kubeconfig cert MetricsScraperServiceAccountUsername = "dashboard-metrics-scraper" // KubeletDnatControllerClusterRoleName is the name for the KubeletDnatController cluster role KubeletDnatControllerClusterRoleName = "system:kubermatic-kubeletdnat-controller" // KubeletDnatControllerClusterRoleBindingName is the name for the KubeletDnatController clusterrolebinding KubeletDnatControllerClusterRoleBindingName = "system:kubermatic-kubeletdnat-controller" // ClusterInfoReaderRoleName is the name for the role which allows reading the cluster-info ConfigMap ClusterInfoReaderRoleName = "cluster-info" // MachineControllerRoleName is the name for the MachineController roles MachineControllerRoleName = "machine-controller" // OperatingSystemManagerRoleName is the name for the OperatingSystemManager roles OperatingSystemManagerRoleName = "operating-system-manager" // MachineControllerRoleBindingName is the name for the MachineController rolebinding MachineControllerRoleBindingName = "machine-controller" // OperatingSystemManagerRoleBindingName is the name for the OperatingSystemManager rolebinding OperatingSystemManagerRoleBindingName = "operating-system-manager" // ClusterInfoAnonymousRoleBindingName is the name for the RoleBinding giving access to the cluster-info ConfigMap to anonymous users ClusterInfoAnonymousRoleBindingName = "cluster-info" // MetricsServerAuthReaderRoleName is the name for the metrics server role MetricsServerAuthReaderRoleName = "metrics-server-auth-reader" // MachineControllerClusterRoleName is the name for the MachineController cluster role MachineControllerClusterRoleName = "system:kubermatic-machine-controller" // OperatingSystemManagerClusterRoleName is the name for the OperatingSystemManager cluster role OperatingSystemManagerClusterRoleName = "system:kubermatic-operating-system-manager" // KubeStateMetricsClusterRoleName is the name for the KubeStateMetrics cluster role KubeStateMetricsClusterRoleName = "system:kubermatic-kube-state-metrics" // MetricsServerClusterRoleName is the name for the metrics server cluster role MetricsServerClusterRoleName = "system:metrics-server" // PrometheusClusterRoleName is the name for the Prometheus cluster role PrometheusClusterRoleName = "external-prometheus" // MachineControllerClusterRoleBindingName is the name for the MachineController ClusterRoleBinding MachineControllerClusterRoleBindingName = "system:kubermatic-machine-controller" // OperatingSystemManagerClusterRoleBindingName is the name for the OperatingSystemManager ClusterRoleBinding OperatingSystemManagerClusterRoleBindingName = "system:kubermatic-operating-system-manager" // KubeStateMetricsClusterRoleBindingName is the name for the KubeStateMetrics ClusterRoleBinding KubeStateMetricsClusterRoleBindingName = "system:kubermatic-kube-state-metrics" // PrometheusClusterRoleBindingName is the name for the Prometheus ClusterRoleBinding PrometheusClusterRoleBindingName = "system:external-prometheus" // MetricsServerResourceReaderClusterRoleBindingName is the name for the metrics server ClusterRoleBinding MetricsServerResourceReaderClusterRoleBindingName = "system:metrics-server" // ClusterAutoscalerClusterRoleName is the name of the clusterrole for the cluster autoscaler ClusterAutoscalerClusterRoleName = "system:kubermatic-cluster-autoscaler" // ClusterAutoscalerClusterRoleBindingName is the name of the clusterrolebinding for the CA ClusterAutoscalerClusterRoleBindingName = "system:kubermatic-cluster-autoscaler" // KubernetesDashboardRoleName is the name of the role for the Kubernetes Dashboard KubernetesDashboardRoleName = "system:kubernetes-dashboard" // KubernetesDashboardRoleBindingName is the name of the role binding for the Kubernetes Dashboard KubernetesDashboardRoleBindingName = "system:kubernetes-dashboard" // MetricsScraperClusterRoleName is the name of the role for the dashboard-metrics-scraper MetricsScraperClusterRoleName = "system:dashboard-metrics-scraper" // MetricsScraperClusterRoleBindingName is the name of the role binding for the dashboard-metrics-scraper MetricsScraperClusterRoleBindingName = "system:dashboard-metrics-scraper" // EtcdPodDisruptionBudgetName is the name of the PDB for the etcd StatefulSet EtcdPodDisruptionBudgetName = "etcd" // ApiserverPodDisruptionBudgetName is the name of the PDB for the apiserver deployment ApiserverPodDisruptionBudgetName = "apiserver" // MetricsServerPodDisruptionBudgetName is the name of the PDB for the metrics-server deployment MetricsServerPodDisruptionBudgetName = "metrics-server" // KubermaticNamespace is the main kubermatic namespace KubermaticNamespace = "kubermatic" // GatekeeperControllerDeploymentName is the name of the gatekeeper controller deployment GatekeeperControllerDeploymentName = "gatekeeper-controller-manager" // GatekeeperAuditDeploymentName is the name of the gatekeeper audit deployment GatekeeperAuditDeploymentName = "gatekeeper-audit" // GatekeeperWebhookServiceName is the name of the gatekeeper webhook service GatekeeperWebhookServiceName = "gatekeeper-webhook-service" // GatekeeperWebhookServerCertSecretName is the name of the gatekeeper webhook cert secret name GatekeeperWebhookServerCertSecretName = "gatekeeper-webhook-server-cert" // GatekeeperPodDisruptionBudgetName is the name of the PDB for the gatekeeper controller manager GatekeeperPodDisruptionBudgetName = "gatekeeper-controller-manager" // GatekeeperRoleName is the name for the Gatekeeper role GatekeeperRoleName = "gatekeeper-manager-role" // GatekeeperRoleBindingName is the name for the Gatekeeper rolebinding GatekeeperRoleBindingName = "gatekeeper-manager-rolebinding" // GatekeeperServiceAccountName is the name for the Gatekeeper service account GatekeeperServiceAccountName = "gatekeeper-admin" // GatekeeperNamespace is the main gatkeeper namespace where the gatekeeper config is stored GatekeeperNamespace = "gatekeeper-system" // ExperimentalEnableMutation enables gatekeeper to validate created kubernetes resources and also modify them based on defined mutation policies ExperimentalEnableMutation = false // AuditMatchKindOnly enables gatekeeper to only audit resources in OPA cache AuditMatchKindOnly = false // ConstraintViolationsLimit defines the maximum number of audit violations reported on a constraint ConstraintViolationsLimit = 20 // GatekeeperExemptNamespaceLabel label key for exempting namespaces from Gatekeeper checks GatekeeperExemptNamespaceLabel = "admission.gatekeeper.sh/ignore" // CloudInitSettingsNamespace are used in order to reach, authenticate and be authorized by the api server, to fetch // the machine provisioning cloud-init CloudInitSettingsNamespace = "cloud-init-settings" // DefaultOwnerReadOnlyMode represents file mode with read permission for owner only DefaultOwnerReadOnlyMode = 0400 // DefaultAllReadOnlyMode represents file mode with read permissions for all DefaultAllReadOnlyMode = 0444 // AppLabelKey defines the label key app which should be used within resources AppLabelKey = "app" // ClusterLabelKey defines the label key for the cluster name ClusterLabelKey = "cluster" // EtcdClusterSize defines the size of the etcd to use EtcdClusterSize = 3 // RegistryK8SGCR defines the kubernetes specific docker registry at google RegistryK8SGCR = "k8s.gcr.io" // RegistryK8S defines the (new) official registry hosted by the Kubernetes project. RegistryK8S = "registry.k8s.io" // RegistryEUGCR defines the docker registry at google EU RegistryEUGCR = "eu.gcr.io" // RegistryUSGCR defines the docker registry at google US RegistryUSGCR = "us.gcr.io" // RegistryGCR defines the kubernetes docker registry at google RegistryGCR = "gcr.io" // RegistryDocker defines the default docker.io registry RegistryDocker = "docker.io" // RegistryQuay defines the image registry from coreos/redhat - quay RegistryQuay = "quay.io" // RegistryAnexia defines the anexia specific docker registry RegistryAnexia = "anx-cr.io" // TopologyKeyHostname defines the topology key for the node hostname TopologyKeyHostname = "kubernetes.io/hostname" // TopologyKeyFailureDomainZone defines the topology key for the node's cloud provider zone TopologyKeyFailureDomainZone = "failure-domain.beta.kubernetes.io/zone" // MachineCRDName defines the CRD name for machine objects MachineCRDName = "machines.cluster.k8s.io" // MachineSetCRDName defines the CRD name for machineset objects MachineSetCRDName = "machinesets.cluster.k8s.io" // MachineDeploymentCRDName defines the CRD name for machinedeployment objects MachineDeploymentCRDName = "machinedeployments.cluster.k8s.io" // ClusterCRDName defines the CRD name for cluster objects ClusterCRDName = "clusters.cluster.k8s.io" // GatekeeperConfigCRDName defines the CRD name for gatekeeper config objects GatekeeperConfigCRDName = "configs.config.gatekeeper.sh" // GatekeeperConstraintTemplateCRDName defines the CRD name for gatekeeper constraint template objects GatekeeperConstraintTemplateCRDName = "constrainttemplates.templates.gatekeeper.sh" // GatekeeperMutatorPodStatusCRDName defines the CRD name for gatekeeper MutatorPodStatus objects GatekeeperMutatorPodStatusCRDName = "mutatorpodstatuses.status.gatekeeper.sh" // GatekeeperAssignCRDName defines the CRD name for gatekeeper assign objects GatekeeperAssignCRDName = "assign.mutations.gatekeeper.sh" // GatekeeperAssignMetadataCRDName defines the CRD name for gatekeeper assign metadata objects GatekeeperAssignMetadataCRDName = "assignmetadata.mutations.gatekeeper.sh" // GatekeeperConstraintPodStatusCRDName defines the CRD name for gatekeeper ConstraintPodStatus objects GatekeeperConstraintPodStatusCRDName = "constraintpodstatuses.status.gatekeeper.sh" // GatekeeperConstraintTemplatePodStatusCRDName defines the CRD name for gatekeeper ConstraintTemplatePodStatus objects GatekeeperConstraintTemplatePodStatusCRDName = "constrainttemplatepodstatuses.status.gatekeeper.sh" // MachineControllerMutatingWebhookConfigurationName is the name of the machine-controllers mutating webhook // configuration MachineControllerMutatingWebhookConfigurationName = "machine-controller.kubermatic.io" // GatekeeperValidatingWebhookConfigurationName is the name of the gatekeeper validating webhook // configuration GatekeeperValidatingWebhookConfigurationName = "gatekeeper-validating-webhook-configuration" GatekeeperMutatingWebhookConfigurationName = "gatekeeper-mutating-webhook-configuration" // InternalUserClusterAdminKubeconfigSecretName is the name of the secret containing an admin kubeconfig that can only be used from // within the seed cluster InternalUserClusterAdminKubeconfigSecretName = "internal-admin-kubeconfig" // InternalUserClusterAdminKubeconfigCertUsername is the name of the user coming from kubeconfig cert InternalUserClusterAdminKubeconfigCertUsername = "kubermatic-controllers" // IPVSProxyMode defines the ipvs kube-proxy mode. IPVSProxyMode = "ipvs" // IPTablesProxyMode defines the iptables kube-proxy mode. IPTablesProxyMode = "iptables" // EBPFProxyMode defines the eBPF proxy mode (disables kube-proxy and requires CNI support). EBPFProxyMode = "ebpf" // IPVSStrictArp defines IPVS configuration strictArp setting. IPVSStrictArp = true // PodNodeSelectorAdmissionPlugin defines PodNodeSelector admission plugin PodNodeSelectorAdmissionPlugin = "PodNodeSelector" // EventRateLimitAdmisionPlugin defines the EventRateLimit admission plugin EventRateLimitAdmissionPlugin = "EventRateLimit" )
const ( // CAKeySecretKey ca.key CAKeySecretKey = "ca.key" // CACertSecretKey ca.crt CACertSecretKey = "ca.crt" // ApiserverTLSKeySecretKey apiserver-tls.key ApiserverTLSKeySecretKey = "apiserver-tls.key" // ApiserverTLSCertSecretKey apiserver-tls.crt ApiserverTLSCertSecretKey = "apiserver-tls.crt" // KubeletClientKeySecretKey kubelet-client.key KubeletClientKeySecretKey = "kubelet-client.key" // KubeletClientCertSecretKey kubelet-client.crt KubeletClientCertSecretKey = "kubelet-client.crt" // FIXME confusing naming: s/CertSecretKey/CertSecretName/ // ServiceAccountKeySecretKey sa.key ServiceAccountKeySecretKey = "sa.key" // ServiceAccountKeyPublicKey is the public key for the service account signer key ServiceAccountKeyPublicKey = "sa.pub" // KubeconfigSecretKey kubeconfig KubeconfigSecretKey = "kubeconfig" // TokensSecretKey tokens.csv TokensSecretKey = "tokens.csv" // ViewersTokenSecretKey viewersToken ViewerTokenSecretKey = "viewerToken" // OpenVPNCACertKey cert.pem, must match CACertSecretKey, otherwise getClusterCAFromLister doesn't work as it has // the key hardcoded OpenVPNCACertKey = CACertSecretKey // OpenVPNCAKeyKey key.pem, must match CAKeySecretKey, otherwise getClusterCAFromLister doesn't work as it has // the key hardcoded OpenVPNCAKeyKey = CAKeySecretKey // OpenVPNServerKeySecretKey server.key OpenVPNServerKeySecretKey = "server.key" // OpenVPNServerCertSecretKey server.crt OpenVPNServerCertSecretKey = "server.crt" // OpenVPNInternalClientKeySecretKey client.key OpenVPNInternalClientKeySecretKey = "client.key" // OpenVPNInternalClientCertSecretKey client.crt OpenVPNInternalClientCertSecretKey = "client.crt" // EtcdTLSCertSecretKey etcd-tls.crt EtcdTLSCertSecretKey = "etcd-tls.crt" // EtcdTLSKeySecretKey etcd-tls.key EtcdTLSKeySecretKey = "etcd-tls.key" // EtcdRestoreS3CredentialsSecret names the secret expected in seed kube-system that must contain S3 credentials for etcd backup restores EtcdRestoreS3CredentialsSecret = "backup-s3" EtcdBackupAndRestoreS3AccessKeyIDKey = "ACCESS_KEY_ID" EtcdBackupAndRestoreS3SecretKeyAccessKeyKey = "SECRET_ACCESS_KEY" // EtcdRestoreS3SettingsConfigMap names the configmap expected in seed kube-system that must contain S3 bucket and endpoint names. EtcdRestoreS3SettingsConfigMap = "s3-settings" EtcdRestoreS3BucketNameKey = "BUCKET_NAME" EtcdRestoreS3EndpointKey = "ENDPOINT" EtcdRestoreDefaultS3SEndpoint = "s3.amazonaws.com" // KubeconfigDefaultContextKey is the context key used for all kubeconfigs KubeconfigDefaultContextKey = "default" // ApiserverEtcdClientCertificateCertSecretKey apiserver-etcd-client.crt ApiserverEtcdClientCertificateCertSecretKey = "apiserver-etcd-client.crt" // ApiserverEtcdClientCertificateKeySecretKey apiserver-etcd-client.key ApiserverEtcdClientCertificateKeySecretKey = "apiserver-etcd-client.key" // ApiserverProxyClientCertificateCertSecretKey apiserver-proxy-client.crt ApiserverProxyClientCertificateCertSecretKey = "apiserver-proxy-client.crt" // ApiserverProxyClientCertificateKeySecretKey apiserver-proxy-client.key ApiserverProxyClientCertificateKeySecretKey = "apiserver-proxy-client.key" // BackupEtcdClientCertificateCertSecretKey backup-etcd-client.crt BackupEtcdClientCertificateCertSecretKey = "backup-etcd-client.crt" // BackupEtcdClientCertificateKeySecretKey backup-etcd-client.key BackupEtcdClientCertificateKeySecretKey = "backup-etcd-client.key" // PrometheusClientCertificateCertSecretKey prometheus-client.crt PrometheusClientCertificateCertSecretKey = "prometheus-client.crt" // PrometheusClientCertificateKeySecretKey prometheus-client.key PrometheusClientCertificateKeySecretKey = "prometheus-client.key" // ServingCertSecretKey is the secret key for a generic serving cert ServingCertSecretKey = "serving.crt" // ServingCertKeySecretKey is the secret key for the key of a generic serving cert ServingCertKeySecretKey = "serving.key" // CloudConfigSecretKey is the secret key for cloud-config CloudConfigSecretKey = "config" )
const ( AWSAccessKeyID = "accessKeyId" AWSSecretAccessKey = "secretAccessKey" AzureTenantID = "tenantID" AzureSubscriptionID = "subscriptionID" AzureClientID = "clientID" AzureClientSecret = "clientSecret" DigitaloceanToken = "token" GCPServiceAccount = "serviceAccount" HetznerToken = "token" OpenstackUsername = "username" OpenstackPassword = "password" OpenstackTenant = "tenant" OpenstackTenantID = "tenantID" OpenstackProject = "project" OpenstackProjectID = "projectID" OpenstackDomain = "domain" OpenstackApplicationCredentialID = "applicationCredentialID" OpenstackApplicationCredentialSecret = "applicationCredentialSecret" OpenstackToken = "token" PacketAPIKey = "apiKey" PacketProjectID = "projectID" KubevirtKubeConfig = "kubeConfig" KubevirtCSIKubeConfig = "csiKubeConfig" VsphereUsername = "username" VspherePassword = "password" VsphereInfraManagementUserUsername = "infraManagementUserUsername" VsphereInfraManagementUserPassword = "infraManagementUserPassword" AlibabaAccessKeyID = "accessKeyId" AlibabaAccessKeySecret = "accessKeySecret" AnexiaToken = "token" NutanixUsername = "username" NutanixPassword = "password" NutanixProxyURL = "proxyURL" UserSSHKeys = "usersshkeys" )
const ( CoreDNSClusterRoleName = "system:coredns" CoreDNSClusterRoleBindingName = "system:coredns" CoreDNSServiceAccountName = "coredns" CoreDNSServiceName = "kube-dns" CoreDNSConfigMapName = "coredns" CoreDNSDeploymentName = "coredns" CoreDNSPodDisruptionBudgetName = "coredns" )
const ( EnvoyAgentConfigMapName = "envoy-agent" EnvoyAgentConfigFileName = "envoy.yaml" EnvoyAgentDaemonSetName = "envoy-agent" EnvoyAgentCreateInterfaceInitContainerName = "create-dummy-interface" EnvoyAgentAssignAddressInitContainerName = "assign-address" EnvoyAgentDeviceSetupImage = "kubermatic/kubeletdnat-controller" )
const ( NodeLocalDNSServiceAccountName = "node-local-dns" NodeLocalDNSConfigMapName = "node-local-dns" NodeLocalDNSDaemonSetName = "node-local-dns" )
const ( ExternalClusterKubeconfig = "kubeconfig" ExternalEKSClusterAccessKeyID = "accessKeyId" ExternalEKSClusterSecretAccessKey = "secretAccessKey" ExternalGKEClusterSeriveAccount = "serviceAccount" ExternalAKSClusterTenantID = "tenantID" ExternalAKSClusterSubscriptionID = "subscriptionID" ExternalAKSClusterClientID = "clientID" ExternalAKSClusterClientSecret = "clientSecret" )
const ( EtcdTrustedCAFile = "/etc/etcd/pki/ca/ca.crt" EtcdCertFile = "/etc/etcd/pki/tls/etcd-tls.crt" EtcdKetFile = "/etc/etcd/pki/tls/etcd-tls.key" EtcdPeerCertFile = "/etc/etcd/pki/tls/etcd-tls.crt" EtcdPeerKeyFile = "/etc/etcd/pki/tls/etcd-tls.key" EtcdClientCertFile = "/etc/etcd/pki/client/apiserver-etcd-client.crt" EtcdClientKeyFile = "/etc/etcd/pki/client/apiserver-etcd-client.key" )
const ( // CSIMigrationWebhookName is the name of the csi-migration webhook service CSIMigrationWebhookName = "csi-migration-webhook" // CSIMigrationWebhookSecretName defines the name of the secret containing the certificates for the csi-migration admission webhook CSIMigrationWebhookSecretName = "csi-migration-webhook-certs" // CSIMigrationWebhookServingCertCertKeyName is the name for the key that contains the cert CSIMigrationWebhookServingCertCertKeyName = "cert.pem" // CSIMigrationWebhookServingCertKeyKeyName is the name for the key that contains the key CSIMigrationWebhookServingCertKeyKeyName = "key.pem" // CSIMigrationWebhookConfig is the name for the key that contains the webhook config CSIMigrationWebhookConfig = "webhook.config" // CSIMigrationWebhookPort is the port used by the CSI-migration webhook CSIMigrationWebhookPort = 8443 // VsphereCSIMigrationWebhookConfigurationWebhookName is the webhook's name in the vSphere CSI_migration WebhookConfiguration VsphereCSIMigrationWebhookConfigurationWebhookName = "validation.csi.vsphere.vmware.com" )
const ( UserClusterMLANamespace = "mla-system" MLAComponentName = "mla" PromtailServiceAccountName = "promtail" PromtailClusterRoleName = "system:mla:promtail" PromtailClusterRoleBindingName = "system:mla:promtail" PromtailSecretName = "promtail" PromtailDaemonSetName = "promtail" UserClusterPrometheusConfigMapName = "prometheus" UserClusterPrometheusServiceAccountName = "prometheus" UserClusterPrometheusClusterRoleName = "system:mla:prometheus" UserClusterPrometheusClusterRoleBindingName = "system:mla:prometheus" UserClusterPrometheusDeploymentName = "prometheus" // MLAGatewayExternalServiceName is the name for the MLA Gateway external service MLAGatewayExternalServiceName = "mla-gateway-ext" // MLAGatewaySNIPrefix is the URL prefix which identifies the MLA Gateway endpoint in the external URL if SNI expose strategy is used MLAGatewaySNIPrefix = "mla-gateway." // MLAGatewayCASecretName is the name for the secret containing the MLA Gateway CA certificates MLAGatewayCASecretName = "mla-gateway-ca" MLAGatewayCACertKey = CACertSecretKey MLAGatewayCAKeyKey = CAKeySecretKey // MLAGatewayCertificatesSecretName is the name for the secret containing the MLA Gateway certificates MLAGatewayCertificatesSecretName = "mla-gateway-certificates" MLAGatewayKeySecretKey = "gateway.key" MLAGatewayCertSecretKey = "gateway.crt" // UserClusterPrometheusCertificatesSecretName is the name for the secret containing the Prometheus client certificates UserClusterPrometheusCertificatesSecretName = "prometheus-certificates" UserClusterPrometheusCertificateCommonName = "prometheus" UserClusterPrometheusClientKeySecretKey = "client.key" UserClusterPrometheusClientCertSecretKey = "client.crt" UserClusterPrometheusClientCertMountPath = "/etc/ssl/mla" // PromtailCertificatesSecretName is the name for the secret containing the promtail client certificates PromtailCertificatesSecretName = "promtail-certificates" PromtailCertificateCommonName = "promtail" PromtailClientKeySecretKey = "client.key" PromtailClientCertSecretKey = "client.crt" PromtailClientCertMountPath = "/etc/ssl/mla" AlertmanagerName = "alertmanager" DefaultAlertmanagerConfigSecretName = "alertmanager" AlertmanagerConfigSecretKey = "alertmanager.yaml" DefaultAlertmanagerConfig = ` template_files: {} alertmanager_config: | route: receiver: 'null' receivers: - name: 'null' ` // MLAAdminSettingsName specifies a fixed name of the MLA admin settings custom resource in the cluster namespace MLAAdminSettingsName = "mla-admin-settings" // Konnectivity KonnectivityDeploymentName = "konnectivity-agent" KonnectivityClusterRoleBindingName = "system:konnectivity-server" KonnectivityClusterRoleBindingUsername = "system:konnectivity-server" KonnectivityServiceAccountName = "system-konnectivity-agent" KonnectivityAgentContainer = "konnectivity-agent" KonnectivityServerContainer = "konnectivity-server" KonnectivityAgentToken = "system-konnectivity-agent-token" KonnectivityProxyServiceName = "konnectivity-server" KonnectivityProxyTLSSecretName = "konnectivityproxy-tls" KonnectivityKubeconfigSecretName = "konnectivity-kubeconfig" KonnectivityServerConf = "konnectivity-server.conf" KonnectivityKubeApiserverEgress = "kube-apiserver-egress" KonnectivityUDS = "konnectivity-uds" KonnectivityPodDisruptionBudgetName = "konnectivity-agent" )
const ( NetworkPolicyDefaultDenyAllEgress = "default-deny-all-egress" NetworkPolicyEtcdAllow = "etcd-allow" NetworkPolicyDNSAllow = "dns-allow" NetworkPolicyOpenVPNServerAllow = "openvpn-server-allow" NetworkPolicyMachineControllerWebhookAllow = "machine-controller-webhook-allow" NetworkPolicyMetricsServerAllow = "metrics-server-allow" NetworkPolicyClusterExternalAddrAllow = "cluster-external-addr-allow" NetworkPolicyOIDCIssuerAllow = "oidc-issuer-allow" )
const (
TokenBlacklist = "token-blacklist"
)
Variables ¶
This section is empty.
Functions ¶
func AdminKubeconfigCreator ¶
func AdminKubeconfigCreator(data adminKubeconfigCreatorData) reconciling.NamedSecretCreatorGetter
AdminKubeconfigCreator returns a function to create/update the secret with the admin kubeconfig
func AppClusterLabels ¶
func AppClusterLabels(appName, clusterName string, additionalLabels map[string]string) map[string]string
AppClusterLabels returns the base app label + the cluster label. Additional labels can be included as well
func BackupCABundleConfigMapName ¶ added in v2.17.0
func BackupCABundleConfigMapName(cluster *kubermaticv1.Cluster) string
BackupCABundleConfigMapName returns the name of the ConfigMap in the kube-system namespace that holds the CA bundle for a given cluster. As the CA bundle technically can be different per usercluster, this is not a constant.
func BaseAppLabels ¶
BaseAppLabels returns the minimum required labels
func CertWillExpireSoon ¶
func CertWillExpireSoon(cert *x509.Certificate) bool
CertWillExpireSoon returns if the certificate will expire in the next 30 days
func ClusterIPForService ¶
func ClusterIPForService(name, namespace string, serviceLister corev1lister.ServiceLister) (*net.IP, error)
ClusterIPForService returns the cluster ip for the given service
func ClusterRoleBindingAuthDelegatorCreator ¶
func ClusterRoleBindingAuthDelegatorCreator(username string) reconciling.NamedClusterRoleBindingCreatorGetter
ClusterRoleBindingAuthDelegatorCreator returns a function to create the ClusterRoleBinding which is needed for extension apiserver which do auth delegation
func ConfigMapRevision ¶
func ConfigMapRevision(ctx context.Context, key types.NamespacedName, client ctrlruntimeclient.Client) (string, error)
ConfigMapRevision returns the resource version of the ConfigMap specified by name.
func CopyCredentials ¶ added in v2.18.0
func CopyCredentials(data CredentialsData, cluster *kubermaticv1.Cluster) error
func ExternalCloudProviderEnabled ¶ added in v2.17.0
func ExternalCloudProviderEnabled(cluster *kubermaticv1.Cluster) bool
func FailureDomainZoneAntiAffinity ¶
func FailureDomainZoneAntiAffinity(app string) corev1.WeightedPodAffinityTerm
FailureDomainZoneAntiAffinity ensures that same-kind pods are spread across different availability zones.
func GetAbsoluteServiceDNSName ¶
GetAbsoluteServiceDNSName returns the absolute DNS name for the given service and the given cluster. Absolute means a trailing dot will be appended to the DNS name
func GetAllowedTLSCipherSuites ¶ added in v2.19.0
func GetAllowedTLSCipherSuites() []string
GetAllowedTLSCipherSuites returns a list of allowed TLS cipher suites
func GetBaseKubeconfig ¶
func GetBaseKubeconfig(caCert *x509.Certificate, server, clusterName string) *clientcmdapi.Config
func GetCABundleFromFile ¶ added in v2.17.0
func GetCABundleFromFile(file string) ([]*x509.Certificate, error)
GetCABundleFromFile returns the CA bundle from a file
func GetCSIMigrationFeatureGates ¶ added in v2.17.0
func GetCSIMigrationFeatureGates(cluster *kubermaticv1.Cluster) []string
func GetClusterExternalIP ¶
func GetClusterExternalIP(cluster *kubermaticv1.Cluster) (*net.IP, error)
GetClusterExternalIP returns a net.IP for the given Cluster
func GetClusterFrontProxyCA ¶
func GetClusterFrontProxyCA(ctx context.Context, namespace string, client ctrlruntimeclient.Client) (*triple.KeyPair, error)
GetClusterFrontProxyCA returns the frontproxy CA of the cluster from the lister
func GetClusterRef ¶
func GetClusterRef(cluster *kubermaticv1.Cluster) metav1.OwnerReference
GetClusterRef returns a metav1.OwnerReference for the given Cluster
func GetClusterRootCA ¶
func GetClusterRootCA(ctx context.Context, namespace string, client ctrlruntimeclient.Client) (*triple.KeyPair, error)
GetClusterRootCA returns the root CA of the cluster from the lister
func GetEtcdRestoreRef ¶ added in v2.17.0
func GetEtcdRestoreRef(restore *kubermaticv1.EtcdRestore) metav1.OwnerReference
GetEtcdRestoreRef returns a metav1.OwnerReference for the given EtcdRestore
func GetEtcdRestoreS3Client ¶ added in v2.17.0
func GetEtcdRestoreS3Client(ctx context.Context, restore *kubermaticv1.EtcdRestore, createSecretIfMissing bool, client ctrlruntimeclient.Client, cluster *kubermaticv1.Cluster, destination *kubermaticv1.BackupDestination) (*minio.Client, string, error)
GetEtcdRestoreS3Client returns an S3 client for downloading the backup for a given EtcdRestore. If the EtcdRestore doesn't reference a secret containing the credentials and endpoint and bucket name data, one can optionally be created from a well-known secret and configmap in kube-system, or from a specified backup destination
func GetHTTPProxyEnvVarsFromSeed ¶
func GetHTTPProxyEnvVarsFromSeed(seed *kubermaticv1.Seed, inClusterAPIServerURL string) []corev1.EnvVar
func GetInternalKubeconfigCreator ¶
func GetInternalKubeconfigCreator(name, commonName string, organizations []string, data internalKubeconfigCreatorData) reconciling.NamedSecretCreatorGetter
GetInternalKubeconfigCreator is a generic function to return a secret generator to create a kubeconfig which must only be used within the seed-cluster as it uses the ClusterIP of the apiserver.
func GetKubernetesCloudProviderName ¶
func GetKubernetesCloudProviderName(cluster *kubermaticv1.Cluster, externalCloudProvider bool) string
func GetOverrides ¶
func GetOverrides(componentSettings kubermaticv1.ComponentSettings) map[string]*corev1.ResourceRequirements
func GetPodTemplateLabels ¶
func GetPodTemplateLabels( ctx context.Context, client ctrlruntimeclient.Client, appName, clusterName, namespace string, volumes []corev1.Volume, additionalLabels map[string]string, ) (map[string]string, error)
GetPodTemplateLabels is a specialized version of VolumeRevisionLabels that adds additional typical labels like app and cluster names.
func GetVerticalPodAutoscalersForAll ¶
func GetVerticalPodAutoscalersForAll(ctx context.Context, client ctrlruntimeclient.Client, deploymentNames, statefulSetNames []string, namespace string, enabled bool) ([]reconciling.NamedVerticalPodAutoscalerCreatorGetter, error)
GetVerticalPodAutoscalersForAll will return functions to create VPA resource for all supplied Deployments and StatefulSets. All resources must exist in the specified namespace. The VPA resource will have the same selector as the Deployment/StatefulSet. The pod container limits will be set as VPA limits.
func HealthyDaemonSet ¶ added in v2.19.0
func HealthyDaemonSet(ctx context.Context, client ctrlruntimeclient.Client, nn types.NamespacedName, minReady int32) (kubermaticv1.HealthStatus, error)
HealthyDaemonSet tells if the minReady nodes have one Ready pod
func HealthyDeployment ¶
func HealthyDeployment(ctx context.Context, client ctrlruntimeclient.Client, nn types.NamespacedName, minReady int32) (kubermaticv1.HealthStatus, error)
HealthyDeployment tells if the deployment has a minimum of minReady replicas in Ready status
func HealthyStatefulSet ¶
func HealthyStatefulSet(ctx context.Context, client ctrlruntimeclient.Client, nn types.NamespacedName, minReady int32) (kubermaticv1.HealthStatus, error)
HealthyStatefulSet tells if the deployment has a minimum of minReady replicas in Ready status
func HostnameAntiAffinity ¶
HostnameAntiAffinity returns a simple Affinity rule to prevent* scheduling of same kind pods on the same node. It contains 2 AntiAffinity terms: High priority: We don't schedule multiple pods of this app & cluster on a single node Low priority: We don't schedule multiple pods of this app on a single node - regardless of the cluster. This prevents that we schedule all API server pods on a single node *if scheduling is not possible with this rule, it will be ignored.
func ImagePullSecretCreator ¶
func ImagePullSecretCreator(dockerPullConfigJSON []byte) reconciling.NamedSecretCreatorGetter
ImagePullSecretCreator returns a creator function to create a ImagePullSecret
func InClusterApiserverIP ¶
func InClusterApiserverIP(cluster *kubermaticv1.Cluster) (*net.IP, error)
InClusterApiserverIP returns the first usable IP of the service cidr. Its the in cluster IP for the apiserver
func IsClientCertificateValidForAllOf ¶
func IsClientCertificateValidForAllOf(cert *x509.Certificate, commonName string, organizations []string, ca *x509.Certificate) bool
IsClientCertificateValidForAllOf validates if the given data matches exactly the given client certificate (It also returns true if all given data is in the cert, but the cert has more organizations)
func IsServerCertificateValidForAllOf ¶
func IsServerCertificateValidForAllOf(cert *x509.Certificate, commonName string, altNames certutil.AltNames, ca *x509.Certificate) bool
IsServerCertificateValidForAllOf validates if the given data is present in the given server certificate
func IsValidKubeconfig ¶
func RoleBindingAuthenticationReaderCreator ¶
func RoleBindingAuthenticationReaderCreator(username string) reconciling.NamedRoleBindingCreatorGetter
RoleBindingAuthenticationReaderCreator returns a function to create the RoleBinding which is needed for extension apiserver which do auth delegation
func SanitizeEnvVars ¶ added in v2.19.0
SanitizeEnvVar will take the value of an environment variable and sanitize it. the need for this comes from github.com/kubermatic/kubermatic/issues/7960
func SecretRevision ¶
func SecretRevision(ctx context.Context, key types.NamespacedName, client ctrlruntimeclient.Client) (string, error)
SecretRevision returns the resource version of the Secret specified by name.
func ServiceAccountSecretCreator ¶
func ServiceAccountSecretCreator(data CredentialsData) reconciling.NamedSecretCreatorGetter
ServiceAccountSecretCreator returns a creator function to create a Google Service Account.
func SetResourceRequirements ¶
func SetResourceRequirements(containers []corev1.Container, defaultRequirements, overrides map[string]*corev1.ResourceRequirements, annotations map[string]string) error
SetResourceRequirements sets resource requirements on provided slice of containers. The highest priority has requirements provided using overrides, then requirements provided by the vpa-updater (if VPA is enabled), and at the end provided default requirements for a given resource.
func SupportsFailureDomainZoneAntiAffinity ¶
func SupportsFailureDomainZoneAntiAffinity(ctx context.Context, client ctrlruntimeclient.Client) (bool, error)
SupportsFailureDomainZoneAntiAffinity checks if there are any nodes with the TopologyKeyFailureDomainZone label.
func UnwrapCommand ¶ added in v2.17.0
func UnwrapCommand(container corev1.Container) (found bool, command httpproberapi.Command)
func UserClusterDNSPolicyAndConfig ¶
func UserClusterDNSPolicyAndConfig(d userClusterDNSPolicyAndConfigData) (corev1.DNSPolicy, *corev1.PodDNSConfig, error)
UserClusterDNSPolicyAndConfig returns a DNSPolicy and DNSConfig to configure Pods to use user cluster DNS
func UserClusterDNSResolverIP ¶
func UserClusterDNSResolverIP(cluster *kubermaticv1.Cluster) (string, error)
UserClusterDNSResolverIP returns the 9th usable IP address from the first Service CIDR block from ClusterNetwork spec. This is by convention the IP address of the DNS resolver. Returns "" on error.
func ViewerKubeconfigCreator ¶
func ViewerKubeconfigCreator(data *TemplateData) reconciling.NamedSecretCreatorGetter
ViewerKubeconfigCreator returns a function to create/update the secret with the viewer kubeconfig
func VolumeRevisionLabels ¶
func VolumeRevisionLabels( ctx context.Context, client ctrlruntimeclient.Client, namespace string, volumes []corev1.Volume, ) (map[string]string, error)
VolumeRevisionLabels returns a set of labels for the given volumes, with one label per ConfigMap or Secret, containing the objects' revisions. When used for pod template labels, this will force pods being restarted as soon as one of the secrets/configmaps get updated.
Types ¶
type AKSCredentials ¶ added in v2.19.0
type AKSCredentials struct { TenantID string SubscriptionID string ClientID string ClientSecret string }
func GetAKSCredentials ¶ added in v2.19.0
func GetAKSCredentials(ctx context.Context, client ctrlruntimeclient.Client, cluster *kubermaticv1.ExternalCluster) (AKSCredentials, error)
type AWSCredentials ¶
type AWSCredentials struct { AccessKeyID string SecretAccessKey string AssumeRoleARN string AssumeRoleExternalID string }
func GetAWSCredentials ¶
func GetAWSCredentials(data CredentialsData) (AWSCredentials, error)
type AlibabaCredentials ¶
func GetAlibabaCredentials ¶
func GetAlibabaCredentials(data CredentialsData) (AlibabaCredentials, error)
type AnexiaCredentials ¶ added in v2.16.3
type AnexiaCredentials struct {
Token string
}
func GetAnexiaCredentials ¶ added in v2.16.3
func GetAnexiaCredentials(data CredentialsData) (AnexiaCredentials, error)
type AzureCredentials ¶
type AzureCredentials struct { TenantID string SubscriptionID string ClientID string ClientSecret string }
func GetAzureCredentials ¶
func GetAzureCredentials(data CredentialsData) (AzureCredentials, error)
type Credentials ¶
type Credentials struct { AWS AWSCredentials Azure AzureCredentials Digitalocean DigitaloceanCredentials GCP GCPCredentials Hetzner HetznerCredentials Openstack OpenstackCredentials Packet PacketCredentials Kubevirt KubevirtCredentials VSphere VSphereCredentials Alibaba AlibabaCredentials Anexia AnexiaCredentials Nutanix NutanixCredentials }
func GetCredentials ¶
func GetCredentials(data CredentialsData) (Credentials, error)
type CredentialsData ¶
type CredentialsData interface { Cluster() *kubermaticv1.Cluster GetGlobalSecretKeySelectorValue(configVar *providerconfig.GlobalSecretKeySelector, key string) (string, error) }
func NewCredentialsData ¶
func NewCredentialsData(ctx context.Context, cluster *kubermaticv1.Cluster, client ctrlruntimeclient.Client) CredentialsData
type DigitaloceanCredentials ¶
type DigitaloceanCredentials struct {
Token string
}
func GetDigitaloceanCredentials ¶
func GetDigitaloceanCredentials(data CredentialsData) (DigitaloceanCredentials, error)
type ECDSAKeyPair ¶
type ECDSAKeyPair struct { Key *ecdsa.PrivateKey Cert *x509.Certificate }
ECDSAKeyPair is a ECDSA x509 certificate and private key
func GetMLAGatewayCA ¶ added in v2.18.0
func GetMLAGatewayCA(ctx context.Context, namespace string, client ctrlruntimeclient.Client) (*ECDSAKeyPair, error)
GetMLAGatewayCA returns the MLA Gateway CA of the cluster from the lister
func GetOpenVPNCA ¶
func GetOpenVPNCA(ctx context.Context, namespace string, client ctrlruntimeclient.Client) (*ECDSAKeyPair, error)
GetOpenVPNCA returns the OpenVPN CA of the cluster from the lister
type EKSCredentials ¶ added in v2.19.0
type EKSCredentials struct { AccessKeyID string SecretAccessKey string AssumeRoleARN string AssumeRoleExternalID string }
func GetEKSCredentials ¶ added in v2.19.0
func GetEKSCredentials(ctx context.Context, client ctrlruntimeclient.Client, cluster *kubermaticv1.ExternalCluster) (EKSCredentials, error)
type GCPCredentials ¶
type GCPCredentials struct {
ServiceAccount string
}
func GetGCPCredentials ¶
func GetGCPCredentials(data CredentialsData) (GCPCredentials, error)
type GKECredentials ¶ added in v2.19.0
type GKECredentials struct {
ServiceAccount string
}
func GetGKECredentials ¶ added in v2.19.0
func GetGKECredentials(ctx context.Context, client ctrlruntimeclient.Client, cluster *kubermaticv1.ExternalCluster) (GKECredentials, error)
type HetznerCredentials ¶
type HetznerCredentials struct {
Token string
}
func GetHetznerCredentials ¶
func GetHetznerCredentials(data CredentialsData) (HetznerCredentials, error)
type KubevirtCredentials ¶
type KubevirtCredentials struct { // Admin kubeconfig for KubeVirt cluster KubeConfig string // CSI driver kubeconfig for user cluster to provision storage on KubeVirt cluster CSIKubeConfig string }
func GetKubevirtCredentials ¶
func GetKubevirtCredentials(data CredentialsData) (KubevirtCredentials, error)
type NutanixCredentials ¶ added in v2.19.0
func GetNutanixCredentials ¶ added in v2.19.0
func GetNutanixCredentials(data CredentialsData) (NutanixCredentials, error)
type OpenstackCredentials ¶
type OpenstackCredentials struct { Username string Password string Project string ProjectID string Domain string ApplicationCredentialID string ApplicationCredentialSecret string Token string }
func GetOpenstackCredentials ¶
func GetOpenstackCredentials(data CredentialsData) (OpenstackCredentials, error)
type PacketCredentials ¶
func GetPacketCredentials ¶
func GetPacketCredentials(data CredentialsData) (PacketCredentials, error)
type Requirements ¶
type Requirements struct { Name string `json:"name,omitempty"` Requires *corev1.ResourceRequirements `json:"requires,omitempty"` }
Requirements are how much resources are needed by containers in the pod
type TemplateData ¶
type TemplateData struct { OverwriteRegistry string // contains filtered or unexported fields }
TemplateData is a group of data required for template generation
func (*TemplateData) BackupSchedule ¶ added in v2.17.0
func (d *TemplateData) BackupSchedule() time.Duration
func (*TemplateData) CABundle ¶ added in v2.17.0
func (d *TemplateData) CABundle() CABundle
CABundle returns the set of CA certificates that should be used for all outgoing communication.
func (*TemplateData) Cluster ¶
func (d *TemplateData) Cluster() *kubermaticv1.Cluster
Cluster returns the cluster
func (*TemplateData) ClusterIPByServiceName ¶
func (d *TemplateData) ClusterIPByServiceName(name string) (string, error)
ClusterIPByServiceName returns the ClusterIP as string for the Service specified by `name`. Service lookup happens within `Cluster.Status.NamespaceName`. When ClusterIP fails to parse as valid IP address, an error is returned.
func (*TemplateData) ClusterVersion ¶
func (d *TemplateData) ClusterVersion() string
ClusterVersion returns version of the cluster
func (*TemplateData) ComputedNodePortRange ¶ added in v2.17.1
func (d *TemplateData) ComputedNodePortRange() string
ComputedNodePortRange is NodePortRange() with defaulting and ComponentsOverride logic
func (*TemplateData) DNATControllerImage ¶
func (d *TemplateData) DNATControllerImage() string
func (*TemplateData) DNATControllerTag ¶ added in v2.16.3
func (d *TemplateData) DNATControllerTag() string
func (*TemplateData) EtcdDiskSize ¶
func (d *TemplateData) EtcdDiskSize() resource.Quantity
EtcdDiskSize returns the etcd disk size
func (*TemplateData) EtcdLauncherImage ¶
func (d *TemplateData) EtcdLauncherImage() string
func (*TemplateData) EtcdLauncherTag ¶ added in v2.16.3
func (d *TemplateData) EtcdLauncherTag() string
func (*TemplateData) ExternalIP ¶
func (d *TemplateData) ExternalIP() (*net.IP, error)
ExternalIP returns the external facing IP or an error if no IP exists
func (*TemplateData) GetCSIMigrationFeatureGates ¶ added in v2.17.0
func (d *TemplateData) GetCSIMigrationFeatureGates() []string
func (*TemplateData) GetCloudProviderName ¶ added in v2.18.0
func (d *TemplateData) GetCloudProviderName() (string, error)
func (*TemplateData) GetClusterRef ¶
func (d *TemplateData) GetClusterRef() metav1.OwnerReference
GetClusterRef returns a instance of a OwnerReference for the Cluster in the TemplateData
func (*TemplateData) GetFrontProxyCA ¶
func (d *TemplateData) GetFrontProxyCA() (*triple.KeyPair, error)
GetFrontProxyCA returns the root CA for the front proxy
func (*TemplateData) GetGlobalSecretKeySelectorValue ¶
func (d *TemplateData) GetGlobalSecretKeySelectorValue(configVar *providerconfig.GlobalSecretKeySelector, key string) (string, error)
func (*TemplateData) GetKonnectivityServerPort ¶ added in v2.19.0
func (d *TemplateData) GetKonnectivityServerPort() (int32, error)
GetKonnectivityServerPort returns the nodeport of the external Konnectivity Server service
func (*TemplateData) GetMLAGatewayCA ¶ added in v2.18.0
func (d *TemplateData) GetMLAGatewayCA() (*ECDSAKeyPair, error)
GetMLAGatewayCA returns the root CA for the MLA Gateway
func (*TemplateData) GetMLAGatewayPort ¶ added in v2.18.0
func (d *TemplateData) GetMLAGatewayPort() (int32, error)
GetMLAGatewayPort returns the NodePort of the external MLA Gateway service
func (*TemplateData) GetOpenVPNCA ¶
func (d *TemplateData) GetOpenVPNCA() (*ECDSAKeyPair, error)
GetOpenVPNCA returns the root ca for the OpenVPN
func (*TemplateData) GetOpenVPNServerPort ¶
func (d *TemplateData) GetOpenVPNServerPort() (int32, error)
GetOpenVPNServerPort returns the nodeport of the external apiserver service
func (*TemplateData) GetPodTemplateLabels ¶
func (d *TemplateData) GetPodTemplateLabels(appName string, volumes []corev1.Volume, additionalLabels map[string]string) (map[string]string, error)
GetPodTemplateLabels returns a set of labels for a Pod including the revisions of depending secrets and configmaps. This will force pods being restarted as soon as one of the secrets/configmaps get updated.
func (*TemplateData) GetRootCA ¶
func (d *TemplateData) GetRootCA() (*triple.KeyPair, error)
GetRootCA returns the root CA of the cluster
func (*TemplateData) GetViewerToken ¶
func (d *TemplateData) GetViewerToken() (string, error)
GetViewerToken returns the viewer token
func (*TemplateData) ImageRegistry ¶
func (d *TemplateData) ImageRegistry(defaultRegistry string) string
ImageRegistry returns the image registry to use or the passed in default if no override is specified
func (*TemplateData) IsKonnectivityEnabled ¶ added in v2.18.0
func (d *TemplateData) IsKonnectivityEnabled() bool
IsKonnectivityEnabled returns isKonnectivityEnabled
func (*TemplateData) KCMCloudControllersDeactivated ¶ added in v2.17.0
func (d *TemplateData) KCMCloudControllersDeactivated() bool
KCMCloudControllersDeactivated return true if the KCM is ready and the cloud-controllers are disabled. * There is no 'cloud-provider' flag. * The cloud controllers are disabled. This is used to avoid deploying the CCM before the in-tree cloud controllers have been deactivated.
func (*TemplateData) KubermaticAPIImage ¶
func (d *TemplateData) KubermaticAPIImage() string
func (*TemplateData) KubermaticConfiguration ¶ added in v2.19.0
func (d *TemplateData) KubermaticConfiguration() *operatorv1alpha1.KubermaticConfiguration
func (*TemplateData) KubermaticDockerTag ¶ added in v2.16.3
func (d *TemplateData) KubermaticDockerTag() string
func (*TemplateData) MachineControllerImageRepository ¶ added in v2.18.0
func (d *TemplateData) MachineControllerImageRepository() string
func (*TemplateData) MachineControllerImageTag ¶ added in v2.18.0
func (d *TemplateData) MachineControllerImageTag() string
func (*TemplateData) NodeAccessNetwork ¶
func (d *TemplateData) NodeAccessNetwork() string
NodeAccessNetwork returns the node access network
func (*TemplateData) NodeLocalDNSCacheEnabled ¶
func (d *TemplateData) NodeLocalDNSCacheEnabled() bool
func (*TemplateData) NodePortProxyTag ¶ added in v2.16.3
func (d *TemplateData) NodePortProxyTag() string
func (*TemplateData) NodePortRange ¶
func (d *TemplateData) NodePortRange() string
NodePortRange returns the node access network
func (*TemplateData) NodePorts ¶ added in v2.17.1
func (d *TemplateData) NodePorts() (int, int)
NodePorts returns low and high NodePorts from NodePortRange()
func (*TemplateData) OIDCIssuerClientID ¶
func (d *TemplateData) OIDCIssuerClientID() string
OIDCIssuerClientID return the issuer client ID
func (*TemplateData) OIDCIssuerURL ¶
func (d *TemplateData) OIDCIssuerURL() string
OIDCIssuerURL returns URL of the OpenID token issuer
func (*TemplateData) ProviderName ¶
func (d *TemplateData) ProviderName() string
ProviderName returns the name of the clusters providerName
func (*TemplateData) Seed ¶
func (d *TemplateData) Seed() *kubermaticv1.Seed
func (*TemplateData) SupportsFailureDomainZoneAntiAffinity ¶
func (d *TemplateData) SupportsFailureDomainZoneAntiAffinity() bool
func (*TemplateData) UserClusterMLAEnabled ¶ added in v2.18.0
func (d *TemplateData) UserClusterMLAEnabled() bool
UserClusterMLAEnabled returns userClusterMLAEnabled
type TemplateDataBuilder ¶ added in v2.17.0
type TemplateDataBuilder struct {
// contains filtered or unexported fields
}
func NewTemplateDataBuilder ¶ added in v2.17.0
func NewTemplateDataBuilder() *TemplateDataBuilder
func (TemplateDataBuilder) Build ¶ added in v2.17.0
func (td TemplateDataBuilder) Build() *TemplateData
func (*TemplateDataBuilder) WithBackupPeriod ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithBackupPeriod(backupPeriod time.Duration) *TemplateDataBuilder
func (*TemplateDataBuilder) WithCABundle ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithCABundle(bundle CABundle) *TemplateDataBuilder
func (*TemplateDataBuilder) WithClient ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithClient(client ctrlruntimeclient.Client) *TemplateDataBuilder
func (*TemplateDataBuilder) WithCluster ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithCluster(cluster *kubermaticv1.Cluster) *TemplateDataBuilder
func (*TemplateDataBuilder) WithContext ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithContext(ctx context.Context) *TemplateDataBuilder
func (*TemplateDataBuilder) WithDatacenter ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithDatacenter(dc *kubermaticv1.Datacenter) *TemplateDataBuilder
func (*TemplateDataBuilder) WithDnatControllerImage ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithDnatControllerImage(image string) *TemplateDataBuilder
func (*TemplateDataBuilder) WithEtcdDiskSize ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithEtcdDiskSize(etcdDiskSize resource.Quantity) *TemplateDataBuilder
func (*TemplateDataBuilder) WithEtcdLauncherImage ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithEtcdLauncherImage(image string) *TemplateDataBuilder
func (*TemplateDataBuilder) WithFailureDomainZoneAntiaffinity ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithFailureDomainZoneAntiaffinity(enabled bool) *TemplateDataBuilder
func (*TemplateDataBuilder) WithKonnectivityEnabled ¶ added in v2.18.0
func (td *TemplateDataBuilder) WithKonnectivityEnabled(enabled bool) *TemplateDataBuilder
func (*TemplateDataBuilder) WithKubermaticConfiguration ¶ added in v2.19.0
func (td *TemplateDataBuilder) WithKubermaticConfiguration(cfg *operatorv1alpha1.KubermaticConfiguration) *TemplateDataBuilder
func (*TemplateDataBuilder) WithKubermaticImage ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithKubermaticImage(image string) *TemplateDataBuilder
func (*TemplateDataBuilder) WithMachineControllerImageRepository ¶ added in v2.18.0
func (td *TemplateDataBuilder) WithMachineControllerImageRepository(repository string) *TemplateDataBuilder
func (*TemplateDataBuilder) WithMachineControllerImageTag ¶ added in v2.18.0
func (td *TemplateDataBuilder) WithMachineControllerImageTag(tag string) *TemplateDataBuilder
func (*TemplateDataBuilder) WithNodeAccessNetwork ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithNodeAccessNetwork(nodeAccessNetwork string) *TemplateDataBuilder
func (*TemplateDataBuilder) WithNodePortRange ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithNodePortRange(npRange string) *TemplateDataBuilder
func (*TemplateDataBuilder) WithOIDCIssuerClientID ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithOIDCIssuerClientID(clientID string) *TemplateDataBuilder
func (*TemplateDataBuilder) WithOIDCIssuerURL ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithOIDCIssuerURL(url string) *TemplateDataBuilder
func (*TemplateDataBuilder) WithOverwriteRegistry ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithOverwriteRegistry(overwriteRegistry string) *TemplateDataBuilder
func (*TemplateDataBuilder) WithSeed ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithSeed(s *kubermaticv1.Seed) *TemplateDataBuilder
func (*TemplateDataBuilder) WithUserClusterMLAEnabled ¶ added in v2.18.0
func (td *TemplateDataBuilder) WithUserClusterMLAEnabled(enabled bool) *TemplateDataBuilder
func (*TemplateDataBuilder) WithVersions ¶ added in v2.17.0
func (td *TemplateDataBuilder) WithVersions(v kubermatic.Versions) *TemplateDataBuilder
type VSphereCredentials ¶
func GetVSphereCredentials ¶
func GetVSphereCredentials(data CredentialsData) (VSphereCredentials, error)
Source Files ¶
Directories ¶
Path | Synopsis |
---|---|
triple
Package triple generates key-certificate pairs for the triple (CA, Server, Client).
|
Package triple generates key-certificate pairs for the triple (CA, Server, Client). |
This file is generated.
|
This file is generated. |
Package registry groups all container registry related types and helpers in one place.
|
Package registry groups all container registry related types and helpers in one place. |