resources

package
v2.20.12 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 16, 2023 License: Apache-2.0 Imports: 46 Imported by: 1

Documentation

Index

Constants

View Source
const (
	// ApiServer secure port.
	APIServerSecurePort = 6443

	NodeLocalDNSCacheAddress = "169.254.20.10"
)
View Source
const (
	// ApiserverDeploymentName is the name of the apiserver deployment.
	ApiserverDeploymentName = "apiserver"
	// ControllerManagerDeploymentName is the name for the controller manager deployment.
	ControllerManagerDeploymentName = "controller-manager"
	// SchedulerDeploymentName is the name for the scheduler deployment.
	SchedulerDeploymentName = "scheduler"
	// OperatingSystemManagerDeploymentName is the name for the operating-system-manager deployment.
	OperatingSystemManagerDeploymentName = "operating-system-manager"
	// MachineControllerDeploymentName is the name for the machine-controller deployment.
	MachineControllerDeploymentName = "machine-controller"
	// MachineControllerWebhookDeploymentName is the name for the machine-controller webhook deployment.
	MachineControllerWebhookDeploymentName = "machine-controller-webhook"
	// MetricsServerDeploymentName is the name for the metrics-server deployment.
	MetricsServerDeploymentName = "metrics-server"
	// OpenVPNServerDeploymentName is the name for the openvpn server deployment.
	OpenVPNServerDeploymentName = "openvpn-server"
	// DNSResolverDeploymentName is the name of the dns resolver deployment.
	DNSResolverDeploymentName = "dns-resolver"
	// DNSResolverConfigMapName is the name of the dns resolvers configmap.
	DNSResolverConfigMapName = "dns-resolver"
	// DNSResolverServiceName is the name of the dns resolvers service.
	DNSResolverServiceName = "dns-resolver"
	// DNSResolverPodDisruptionBudetName is the name of the dns resolvers pdb.
	DNSResolverPodDisruptionBudetName = "dns-resolver"
	// KubeStateMetricsDeploymentName is the name of the kube-state-metrics deployment.
	KubeStateMetricsDeploymentName = "kube-state-metrics"
	// UserClusterControllerDeploymentName is the name of the usercluster-controller deployment.
	UserClusterControllerDeploymentName = "usercluster-controller"
	// ClusterAutoscalerDeploymentName is the name of the cluster-autoscaler deployment.
	ClusterAutoscalerDeploymentName = "cluster-autoscaler"
	// KubernetesDashboardDeploymentName is the name of the Kubernetes Dashboard deployment.
	KubernetesDashboardDeploymentName = "kubernetes-dashboard"
	// MetricsScraperDeploymentName is the name of dashboard-metrics-scraper deployment.
	MetricsScraperDeploymentName = "dashboard-metrics-scraper"
	// MetricsScraperServiceName is the name of dashboard-metrics-scraper service.
	MetricsScraperServiceName = "dashboard-metrics-scraper"
	// PrometheusStatefulSetName is the name for the prometheus StatefulSet.
	PrometheusStatefulSetName = "prometheus"
	// EtcdStatefulSetName is the name for the etcd StatefulSet.
	EtcdStatefulSetName = "etcd"
	// EtcdDefaultBackupConfigName is the name for the default (preinstalled) EtcdBackupConfig of a cluster.
	EtcdDefaultBackupConfigName = "default-backups"
	// EtcdTLSEnabledAnnotation is the annotation assigned to etcd Pods that run with a TLS peer endpoint.
	EtcdTLSEnabledAnnotation = "etcd.kubermatic.k8c.io/tls-peer-enabled"
	// NodePortProxyEnvoyDeploymentName is the name of the nodeport-proxy deployment in the user cluster.
	NodePortProxyEnvoyDeploymentName = "nodeport-proxy-envoy"
	// NodePortProxyEnvoyContainerName is the name of the envoy container in the nodeport-proxy deployment.
	NodePortProxyEnvoyContainerName = "envoy"

	// ApiserverServiceName is the name for the apiserver service.
	ApiserverServiceName = "apiserver-external"
	// FrontLoadBalancerServiceName is the name of the LoadBalancer service that fronts everything
	// when using exposeStrategy "LoadBalancer".
	FrontLoadBalancerServiceName = "front-loadbalancer"
	// MetricsServerServiceName is the name for the metrics-server service.
	MetricsServerServiceName = "metrics-server"
	// MetricsServerExternalNameServiceName is the name for the metrics-server service inside the user cluster.
	MetricsServerExternalNameServiceName = "metrics-server"
	// EtcdServiceName is the name for the etcd service.
	EtcdServiceName = "etcd"
	// EtcdDefragCronJobName is the name for the defrag cronjob deployment.
	EtcdDefragCronJobName = "etcd-defragger"
	// OpenVPNServerServiceName is the name for the openvpn server service.
	OpenVPNServerServiceName = "openvpn-server"
	// MachineControllerWebhookServiceName is the name of the machine-controller webhook service.
	MachineControllerWebhookServiceName = "machine-controller-webhook"
	// MetricsServerAPIServiceName is the name for the metrics-server APIService.
	MetricsServerAPIServiceName = "v1beta1.metrics.k8s.io"

	// AdminKubeconfigSecretName is the name for the secret containing the private ca key.
	AdminKubeconfigSecretName = "admin-kubeconfig"
	// ViewerKubeconfigSecretName is the name for the secret containing the viewer kubeconfig.
	ViewerKubeconfigSecretName = "viewer-kubeconfig"
	// SchedulerKubeconfigSecretName is the name for the secret containing the kubeconfig used by the scheduler.
	SchedulerKubeconfigSecretName = "scheduler-kubeconfig"
	// KubeletDnatControllerKubeconfigSecretName is the name for the secret containing the kubeconfig used by the kubeletdnatcontroller.
	KubeletDnatControllerKubeconfigSecretName = "kubeletdnatcontroller-kubeconfig"
	// KubeStateMetricsKubeconfigSecretName is the name for the secret containing the kubeconfig used by kube-state-metrics.
	KubeStateMetricsKubeconfigSecretName = "kube-state-metrics-kubeconfig"
	// MetricsServerKubeconfigSecretName is the name for the secret containing the kubeconfig used by the metrics-server.
	MetricsServerKubeconfigSecretName = "metrics-server"
	// ControllerManagerKubeconfigSecretName is the name of the secret containing the kubeconfig used by controller manager.
	ControllerManagerKubeconfigSecretName = "controllermanager-kubeconfig"
	// OperatingSystemManagerKubeconfigSecretName is the name for the secret containing the kubeconfig used by the osm.
	OperatingSystemManagerKubeconfigSecretName = "operatingsystemmanager-kubeconfig"
	// MachineControllerKubeconfigSecretName is the name for the secret containing the kubeconfig used by the machinecontroller.
	MachineControllerKubeconfigSecretName = "machinecontroller-kubeconfig"
	// CloudControllerManagerKubeconfigSecretName is the name for the secret containing the kubeconfig used by the external cloud provider.
	CloudControllerManagerKubeconfigSecretName = "cloud-controller-manager-kubeconfig"
	// MachineControllerWebhookServingCertSecretName is the name for the secret containing the serving cert for the
	// machine-controller webhook.
	MachineControllerWebhookServingCertSecretName = "machinecontroller-webhook-serving-cert"
	// MachineControllerWebhookServingCertCertKeyName is the name for the key that contains the cert.
	MachineControllerWebhookServingCertCertKeyName = "cert.pem"
	// MachineControllerWebhookServingCertKeyKeyName is the name for the key that contains the key.
	MachineControllerWebhookServingCertKeyKeyName = "key.pem"
	// PrometheusApiserverClientCertificateSecretName is the name for the secret containing the client certificate used by prometheus to access the apiserver.
	PrometheusApiserverClientCertificateSecretName = "prometheus-apiserver-certificate"
	// ClusterAutoscalerKubeconfigSecretName is the name of the kubeconfig secret used for
	// the cluster-autoscaler.
	ClusterAutoscalerKubeconfigSecretName = "cluster-autoscaler-kubeconfig"
	// KubernetesDashboardKubeconfigSecretName is the name of the kubeconfig secret user for Kubernetes Dashboard.
	KubernetesDashboardKubeconfigSecretName = "kubernetes-dashboard-kubeconfig"

	// ImagePullSecretName specifies the name of the dockercfg secret used to access the private repo.
	ImagePullSecretName = "dockercfg"

	// FrontProxyCASecretName is the name for the secret containing the front proxy ca.
	FrontProxyCASecretName = "front-proxy-ca"
	// CASecretName is the name for the secret containing the root ca.
	CASecretName = "ca"
	// ApiserverTLSSecretName is the name for the secrets required for the apiserver tls.
	ApiserverTLSSecretName = "apiserver-tls"
	// KubeletClientCertificatesSecretName is the name for the secret containing the kubelet client certificates.
	KubeletClientCertificatesSecretName = "kubelet-client-certificates"
	// ServiceAccountKeySecretName is the name for the secret containing the service account key.
	ServiceAccountKeySecretName = "service-account-key"
	// TokensSecretName is the name for the secret containing the user tokens.
	TokensSecretName = "tokens"
	// ViewerTokenSecretName is the name for the secret containing the viewer token.
	ViewerTokenSecretName = "viewer-token"
	// OpenVPNCASecretName is the name of the secret that contains the OpenVPN CA.
	OpenVPNCASecretName = "openvpn-ca"
	// OpenVPNServerCertificatesSecretName is the name for the secret containing the openvpn server certificates.
	OpenVPNServerCertificatesSecretName = "openvpn-server-certificates"
	// OpenVPNClientCertificatesSecretName is the name for the secret containing the openvpn client certificates.
	OpenVPNClientCertificatesSecretName = "openvpn-client-certificates"
	// CloudConfigSecretName is the name for the secret containing the cloud-config inside the user cluster.
	CloudConfigSecretName = "cloud-config"
	// CSICloudConfigSecretName is the name for the secret containing the cloud-config used by the csi driver inside the user cluster.
	CSICloudConfigSecretName = "cloud-config-csi"
	// EtcdTLSCertificateSecretName is the name for the secret containing the etcd tls certificate used for transport security.
	EtcdTLSCertificateSecretName = "etcd-tls-certificate"
	// ApiserverEtcdClientCertificateSecretName is the name for the secret containing the client certificate used by the apiserver for authenticating against etcd.
	ApiserverEtcdClientCertificateSecretName = "apiserver-etcd-client-certificate"
	// ApiserverFrontProxyClientCertificateSecretName is the name for the secret containing the apiserver's client certificate for proxy auth.
	ApiserverFrontProxyClientCertificateSecretName = "apiserver-proxy-client-certificate"
	// GoogleServiceAccountSecretName is the name of the secret that contains the Google Service Account.
	GoogleServiceAccountSecretName = "google-service-account"
	// GoogleServiceAccountVolumeName is the name of the volume containing the Google Service Account secret.
	GoogleServiceAccountVolumeName = "google-service-account-volume"
	// AuditLogVolumeName is the name of the volume that hold the audit log of the apiserver.
	AuditLogVolumeName = "audit-log"
	// KubernetesDashboardKeyHolderSecretName is the name of the secret that contains JWE token encryption key
	// used by the Kubernetes Dashboard.
	KubernetesDashboardKeyHolderSecretName = "kubernetes-dashboard-key-holder"
	// KubernetesDashboardCsrfTokenSecretName is the name of the secret that contains CSRF token used by
	// the Kubernetes Dashboard.
	KubernetesDashboardCsrfTokenSecretName = "kubernetes-dashboard-csrf"

	// CABundleConfigMapName is the name for the configmap that contains the CA bundle for all usercluster components.
	CABundleConfigMapName = "ca-bundle"
	// CABundleConfigMapKey is the key under which a ConfigMap must contain a PEM-encoded collection of certificates.
	CABundleConfigMapKey = "ca-bundle.pem"

	// CloudConfigConfigMapName is the name for the configmap containing the cloud-config.
	CloudConfigConfigMapName = "cloud-config"
	// CSICloudConfigName is the name for the configmap containing the cloud-config used by the csi driver.
	CSICloudConfigName = "cloud-config-csi"
	// CloudConfigKey is the key under which the cloud-config in the cloud-config configmap can be found.
	CloudConfigKey = "config"
	// OpenVPNClientConfigsConfigMapName is the name for the ConfigMap containing the OpenVPN client config used within the user cluster.
	OpenVPNClientConfigsConfigMapName = "openvpn-client-configs"
	// OpenVPNClientConfigConfigMapName is the name for the ConfigMap containing the OpenVPN client config used by the client inside the user cluster.
	OpenVPNClientConfigConfigMapName = "openvpn-client-config"
	// ClusterInfoConfigMapName is the name for the ConfigMap containing the cluster-info used by the bootstrap token mechanism.
	ClusterInfoConfigMapName = "cluster-info"
	// PrometheusConfigConfigMapName is the name for the configmap containing the prometheus config.
	PrometheusConfigConfigMapName = "prometheus"
	// AuditConfigMapName is the name for the configmap that contains the content of the file that will be passed to the apiserver with the flag "--audit-policy-file".
	AuditConfigMapName = "audit-config"
	// AdmissionControlConfigMapName is the name for the configmap that contains the Admission Controller config file.
	AdmissionControlConfigMapName = "adm-control"

	// PrometheusServiceAccountName is the name for the Prometheus serviceaccount.
	PrometheusServiceAccountName = "prometheus"

	// PrometheusRoleName is the name for the Prometheus role.
	PrometheusRoleName = "prometheus"

	// PrometheusRoleBindingName is the name for the Prometheus rolebinding.
	PrometheusRoleBindingName = "prometheus"

	// CloudControllerManagerRoleBindingName is the name for the cloud controller manager rolebinding.
	CloudControllerManagerRoleBindingName = "cloud-controller-manager"

	// DefaultServiceAccountName is the name of Kubernetes default service accounts.
	DefaultServiceAccountName = "default"
	// KubeSystemNamespaceName is the name of Kubernetes kube-system namespace.
	KubeSystemNamespaceName = "kube-system"

	// OperatingSystemManagerCertUsername is the name of the user coming from kubeconfig cert.
	OperatingSystemManagerCertUsername = "operating-system-manager"
	// MachineControllerCertUsername is the name of the user coming from kubeconfig cert.
	MachineControllerCertUsername = "machine-controller"
	// KubeStateMetricsCertUsername is the name of the user coming from kubeconfig cert.
	KubeStateMetricsCertUsername = "kube-state-metrics"
	// MetricsServerCertUsername is the name of the user coming from kubeconfig cert.
	MetricsServerCertUsername = "metrics-server"
	// MetricsServerServiceAccountName is the name of the metrics server service account.
	MetricsServerServiceAccountName = "metrics-server"
	// ControllerManagerCertUsername is the name of the user coming from kubeconfig cert.
	ControllerManagerCertUsername = "system:kube-controller-manager"
	// CloudControllerManagerCertUsername is the name of the user coming from kubeconfig cert.
	CloudControllerManagerCertUsername = "system:cloud-controller-manager"
	// SchedulerCertUsername is the name of the user coming from kubeconfig cert.
	SchedulerCertUsername = "system:kube-scheduler"
	// KubeletDnatControllerCertUsername is the name of the user coming from kubeconfig cert.
	KubeletDnatControllerCertUsername = "kubermatic:kubeletdnat-controller"
	// PrometheusCertUsername is the name of the user coming from kubeconfig cert.
	PrometheusCertUsername = "prometheus"
	// ClusterAutoscalerCertUsername is the name of the user coming from the CA kubeconfig cert.
	ClusterAutoscalerCertUsername = "kubermatic:cluster-autoscaler"
	// KubernetesDashboardCertUsername is the name of the user coming from kubeconfig cert.
	KubernetesDashboardCertUsername = "kubermatic:kubernetes-dashboard"
	// MetricsScraperServiceAccountUsername is the name of the user coming from kubeconfig cert.
	MetricsScraperServiceAccountUsername = "dashboard-metrics-scraper"

	// KubeletDnatControllerClusterRoleName is the name for the KubeletDnatController cluster role.
	KubeletDnatControllerClusterRoleName = "system:kubermatic-kubeletdnat-controller"
	// KubeletDnatControllerClusterRoleBindingName is the name for the KubeletDnatController clusterrolebinding.
	KubeletDnatControllerClusterRoleBindingName = "system:kubermatic-kubeletdnat-controller"

	// ClusterInfoReaderRoleName is the name for the role which allows reading the cluster-info ConfigMap.
	ClusterInfoReaderRoleName = "cluster-info"
	// MachineControllerRoleName is the name for the MachineController roles.
	MachineControllerRoleName = "machine-controller"
	// OperatingSystemManagerRoleName is the name for the OperatingSystemManager roles.
	OperatingSystemManagerRoleName = "operating-system-manager"
	// MachineControllerRoleBindingName is the name for the MachineController rolebinding.
	MachineControllerRoleBindingName = "machine-controller"
	// OperatingSystemManagerRoleBindingName is the name for the OperatingSystemManager rolebinding.
	OperatingSystemManagerRoleBindingName = "operating-system-manager"
	// ClusterInfoAnonymousRoleBindingName is the name for the RoleBinding giving access to the cluster-info ConfigMap to anonymous users.
	ClusterInfoAnonymousRoleBindingName = "cluster-info"
	// MetricsServerAuthReaderRoleName is the name for the metrics server role.
	MetricsServerAuthReaderRoleName = "metrics-server-auth-reader"
	// MachineControllerClusterRoleName is the name for the MachineController cluster role.
	MachineControllerClusterRoleName = "system:kubermatic-machine-controller"
	// OperatingSystemManagerClusterRoleName is the name for the OperatingSystemManager cluster role.
	OperatingSystemManagerClusterRoleName = "system:kubermatic-operating-system-manager"
	// KubeStateMetricsClusterRoleName is the name for the KubeStateMetrics cluster role.
	KubeStateMetricsClusterRoleName = "system:kubermatic-kube-state-metrics"
	// MetricsServerClusterRoleName is the name for the metrics server cluster role.
	MetricsServerClusterRoleName = "system:metrics-server"
	// PrometheusClusterRoleName is the name for the Prometheus cluster role.
	PrometheusClusterRoleName = "external-prometheus"
	// MachineControllerClusterRoleBindingName is the name for the MachineController ClusterRoleBinding.
	MachineControllerClusterRoleBindingName = "system:kubermatic-machine-controller"
	// OperatingSystemManagerClusterRoleBindingName is the name for the OperatingSystemManager ClusterRoleBinding.
	OperatingSystemManagerClusterRoleBindingName = "system:kubermatic-operating-system-manager"
	// KubeStateMetricsClusterRoleBindingName is the name for the KubeStateMetrics ClusterRoleBinding.
	KubeStateMetricsClusterRoleBindingName = "system:kubermatic-kube-state-metrics"
	// PrometheusClusterRoleBindingName is the name for the Prometheus ClusterRoleBinding.
	PrometheusClusterRoleBindingName = "system:external-prometheus"
	// MetricsServerResourceReaderClusterRoleBindingName is the name for the metrics server ClusterRoleBinding.
	MetricsServerResourceReaderClusterRoleBindingName = "system:metrics-server"
	// ClusterAutoscalerClusterRoleName is the name of the clusterrole for the cluster autoscaler.
	ClusterAutoscalerClusterRoleName = "system:kubermatic-cluster-autoscaler"
	// ClusterAutoscalerClusterRoleBindingName is the name of the clusterrolebinding for the CA.
	ClusterAutoscalerClusterRoleBindingName = "system:kubermatic-cluster-autoscaler"
	// KubernetesDashboardRoleName is the name of the role for the Kubernetes Dashboard.
	KubernetesDashboardRoleName = "system:kubernetes-dashboard"
	// KubernetesDashboardRoleBindingName is the name of the role binding for the Kubernetes Dashboard.
	KubernetesDashboardRoleBindingName = "system:kubernetes-dashboard"
	// MetricsScraperClusterRoleName is the name of the role for the dashboard-metrics-scraper.
	MetricsScraperClusterRoleName = "system:dashboard-metrics-scraper"
	// MetricsScraperClusterRoleBindingName is the name of the role binding for the dashboard-metrics-scraper.
	MetricsScraperClusterRoleBindingName = "system:dashboard-metrics-scraper"

	// EtcdPodDisruptionBudgetName is the name of the PDB for the etcd StatefulSet.
	EtcdPodDisruptionBudgetName = "etcd"
	// ApiserverPodDisruptionBudgetName is the name of the PDB for the apiserver deployment.
	ApiserverPodDisruptionBudgetName = "apiserver"
	// MetricsServerPodDisruptionBudgetName is the name of the PDB for the metrics-server deployment.
	MetricsServerPodDisruptionBudgetName = "metrics-server"

	// KubermaticNamespace is the main kubermatic namespace.
	KubermaticNamespace = "kubermatic"
	// GatekeeperControllerDeploymentName is the name of the gatekeeper controller deployment.
	GatekeeperControllerDeploymentName = "gatekeeper-controller-manager"
	// GatekeeperAuditDeploymentName is the name of the gatekeeper audit deployment.
	GatekeeperAuditDeploymentName = "gatekeeper-audit"
	// GatekeeperWebhookServiceName is the name of the gatekeeper webhook service.
	GatekeeperWebhookServiceName = "gatekeeper-webhook-service"
	// GatekeeperWebhookServerCertSecretName is the name of the gatekeeper webhook cert secret name.
	GatekeeperWebhookServerCertSecretName = "gatekeeper-webhook-server-cert"
	// GatekeeperPodDisruptionBudgetName is the name of the PDB for the gatekeeper controller manager.
	GatekeeperPodDisruptionBudgetName = "gatekeeper-controller-manager"
	// GatekeeperRoleName is the name for the Gatekeeper role.
	GatekeeperRoleName = "gatekeeper-manager-role"
	// GatekeeperRoleBindingName is the name for the Gatekeeper rolebinding.
	GatekeeperRoleBindingName = "gatekeeper-manager-rolebinding"
	// GatekeeperServiceAccountName is the name for the Gatekeeper service account.
	GatekeeperServiceAccountName = "gatekeeper-admin"
	// GatekeeperNamespace is the main gatkeeper namespace where the gatekeeper config is stored.
	GatekeeperNamespace = "gatekeeper-system"
	// ExperimentalEnableMutation enables gatekeeper to validate created kubernetes resources and also modify them based on defined mutation policies.
	ExperimentalEnableMutation = false
	// AuditMatchKindOnly enables gatekeeper to only audit resources in OPA cache.
	AuditMatchKindOnly = false
	// ConstraintViolationsLimit defines the maximum number of audit violations reported on a constraint.
	ConstraintViolationsLimit = 20
	// GatekeeperExemptNamespaceLabel label key for exempting namespaces from Gatekeeper checks.
	GatekeeperExemptNamespaceLabel = "admission.gatekeeper.sh/ignore"

	// CloudInitSettingsNamespace are used in order to reach, authenticate and be authorized by the api server, to fetch
	// the machine  provisioning cloud-init.
	CloudInitSettingsNamespace = "cloud-init-settings"
	// DefaultOwnerReadOnlyMode represents file mode with read permission for owner only.
	DefaultOwnerReadOnlyMode = 0400

	// DefaultAllReadOnlyMode represents file mode with read permissions for all.
	DefaultAllReadOnlyMode = 0444

	// AppLabelKey defines the label key app which should be used within resources.
	AppLabelKey = "app"
	// ClusterLabelKey defines the label key for the cluster name.
	ClusterLabelKey = "cluster"

	// EtcdClusterSize defines the size of the etcd to use.
	EtcdClusterSize = 3

	// RegistryK8SGCR defines the kubernetes specific docker registry at google.
	RegistryK8SGCR = "k8s.gcr.io"
	// RegistryK8S defines the (new) official registry hosted by the Kubernetes project.
	RegistryK8S = "registry.k8s.io"
	// RegistryEUGCR defines the docker registry at google EU.
	RegistryEUGCR = "eu.gcr.io"
	// RegistryUSGCR defines the docker registry at google US.
	RegistryUSGCR = "us.gcr.io"
	// RegistryGCR defines the kubernetes docker registry at google.
	RegistryGCR = "gcr.io"
	// RegistryDocker defines the default docker.io registry.
	RegistryDocker = "docker.io"
	// RegistryQuay defines the image registry from coreos/redhat - quay.
	RegistryQuay = "quay.io"
	// RegistryAnexia defines the anexia specific docker registry.
	RegistryAnexia = "anx-cr.io"

	// TopologyKeyHostname defines the topology key for the node hostname.
	TopologyKeyHostname = "kubernetes.io/hostname"
	// TopologyKeyFailureDomainZone defines the topology key for the node's cloud provider zone.
	TopologyKeyFailureDomainZone = "failure-domain.beta.kubernetes.io/zone"

	// MachineCRDName defines the CRD name for machine objects.
	MachineCRDName = "machines.cluster.k8s.io"
	// MachineSetCRDName defines the CRD name for machineset objects.
	MachineSetCRDName = "machinesets.cluster.k8s.io"
	// MachineDeploymentCRDName defines the CRD name for machinedeployment objects.
	MachineDeploymentCRDName = "machinedeployments.cluster.k8s.io"
	// ClusterCRDName defines the CRD name for cluster objects.
	ClusterCRDName = "clusters.cluster.k8s.io"
	// GatekeeperConfigCRDName defines the CRD name for gatekeeper config objects.
	GatekeeperConfigCRDName = "configs.config.gatekeeper.sh"
	// GatekeeperConstraintTemplateCRDName defines the CRD name for gatekeeper constraint template objects.
	GatekeeperConstraintTemplateCRDName = "constrainttemplates.templates.gatekeeper.sh"
	// GatekeeperMutatorPodStatusCRDName defines the CRD name for gatekeeper MutatorPodStatus objects.
	GatekeeperMutatorPodStatusCRDName = "mutatorpodstatuses.status.gatekeeper.sh"
	// GatekeeperAssignCRDName defines the CRD name for gatekeeper assign objects.
	GatekeeperAssignCRDName = "assign.mutations.gatekeeper.sh"
	// GatekeeperAssignMetadataCRDName defines the CRD name for gatekeeper assign metadata objects.
	GatekeeperAssignMetadataCRDName = "assignmetadata.mutations.gatekeeper.sh"
	// GatekeeperConstraintPodStatusCRDName defines the CRD name for gatekeeper ConstraintPodStatus objects.
	GatekeeperConstraintPodStatusCRDName = "constraintpodstatuses.status.gatekeeper.sh"
	// GatekeeperConstraintTemplatePodStatusCRDName defines the CRD name for gatekeeper ConstraintTemplatePodStatus objects.
	GatekeeperConstraintTemplatePodStatusCRDName = "constrainttemplatepodstatuses.status.gatekeeper.sh"

	// MachineControllerMutatingWebhookConfigurationName is the name of the machine-controllers mutating webhook
	// configuration.
	MachineControllerMutatingWebhookConfigurationName = "machine-controller.kubermatic.io"

	// GatekeeperValidatingWebhookConfigurationName is the name of the gatekeeper validating webhook
	// configuration.
	GatekeeperValidatingWebhookConfigurationName = "gatekeeper-validating-webhook-configuration"
	GatekeeperMutatingWebhookConfigurationName   = "gatekeeper-mutating-webhook-configuration"
	// InternalUserClusterAdminKubeconfigSecretName is the name of the secret containing an admin kubeconfig that can only be used from
	// within the seed cluster.
	InternalUserClusterAdminKubeconfigSecretName = "internal-admin-kubeconfig"
	// InternalUserClusterAdminKubeconfigCertUsername is the name of the user coming from kubeconfig cert.
	InternalUserClusterAdminKubeconfigCertUsername = "kubermatic-controllers"

	// IPVSProxyMode defines the ipvs kube-proxy mode.
	IPVSProxyMode = "ipvs"
	// IPTablesProxyMode defines the iptables kube-proxy mode.
	IPTablesProxyMode = "iptables"
	// EBPFProxyMode defines the eBPF proxy mode (disables kube-proxy and requires CNI support).
	EBPFProxyMode = "ebpf"

	// IPVSStrictArp defines IPVS configuration strictArp setting.
	IPVSStrictArp = true

	// PodNodeSelectorAdmissionPlugin defines PodNodeSelector admission plugin.
	PodNodeSelectorAdmissionPlugin = "PodNodeSelector"

	// EventRateLimitAdmisionPlugin defines the EventRateLimit admission plugin.
	EventRateLimitAdmissionPlugin = "EventRateLimit"
)
View Source
const (
	// CAKeySecretKey ca.key.
	CAKeySecretKey = "ca.key"
	// CACertSecretKey ca.crt.
	CACertSecretKey = "ca.crt"
	// ApiserverTLSKeySecretKey apiserver-tls.key.
	ApiserverTLSKeySecretKey = "apiserver-tls.key"
	// ApiserverTLSCertSecretKey apiserver-tls.crt.
	ApiserverTLSCertSecretKey = "apiserver-tls.crt"
	// KubeletClientKeySecretKey kubelet-client.key.
	KubeletClientKeySecretKey = "kubelet-client.key"
	// KubeletClientCertSecretKey kubelet-client.crt.
	KubeletClientCertSecretKey = "kubelet-client.crt" // FIXME confusing naming: s/CertSecretKey/CertSecretName/
	// ServiceAccountKeySecretKey sa.key.
	ServiceAccountKeySecretKey = "sa.key"
	// ServiceAccountKeyPublicKey is the public key for the service account signer key.
	ServiceAccountKeyPublicKey = "sa.pub"
	// KubeconfigSecretKey kubeconfig.
	KubeconfigSecretKey = "kubeconfig"
	// TokensSecretKey tokens.csv.
	TokensSecretKey = "tokens.csv"
	// ViewersTokenSecretKey viewersToken.
	ViewerTokenSecretKey = "viewerToken"
	// OpenVPNCACertKey cert.pem, must match CACertSecretKey, otherwise getClusterCAFromLister doesn't work as it has
	// the key hardcoded.
	OpenVPNCACertKey = CACertSecretKey
	// OpenVPNCAKeyKey key.pem, must match CAKeySecretKey, otherwise getClusterCAFromLister doesn't work as it has
	// the key hardcoded.
	OpenVPNCAKeyKey = CAKeySecretKey
	// OpenVPNServerKeySecretKey server.key.
	OpenVPNServerKeySecretKey = "server.key"
	// OpenVPNServerCertSecretKey server.crt.
	OpenVPNServerCertSecretKey = "server.crt"
	// OpenVPNInternalClientKeySecretKey client.key.
	OpenVPNInternalClientKeySecretKey = "client.key"
	// OpenVPNInternalClientCertSecretKey client.crt.
	OpenVPNInternalClientCertSecretKey = "client.crt"
	// EtcdTLSCertSecretKey etcd-tls.crt.
	EtcdTLSCertSecretKey = "etcd-tls.crt"
	// EtcdTLSKeySecretKey etcd-tls.key.
	EtcdTLSKeySecretKey = "etcd-tls.key"

	// EtcdRestoreS3CredentialsSecret names the secret expected in seed kube-system that must contain S3 credentials for etcd backup restores.
	EtcdRestoreS3CredentialsSecret              = "backup-s3"
	EtcdBackupAndRestoreS3AccessKeyIDKey        = "ACCESS_KEY_ID"
	EtcdBackupAndRestoreS3SecretKeyAccessKeyKey = "SECRET_ACCESS_KEY"

	// EtcdRestoreS3SettingsConfigMap names the configmap expected in seed kube-system that must contain S3 bucket and endpoint names.
	EtcdRestoreS3SettingsConfigMap = "s3-settings"
	EtcdRestoreS3BucketNameKey     = "BUCKET_NAME"
	EtcdRestoreS3EndpointKey       = "ENDPOINT"
	EtcdRestoreDefaultS3SEndpoint  = "s3.amazonaws.com"

	// KubeconfigDefaultContextKey is the context key used for all kubeconfigs.
	KubeconfigDefaultContextKey = "default"

	// ApiserverEtcdClientCertificateCertSecretKey apiserver-etcd-client.crt.
	ApiserverEtcdClientCertificateCertSecretKey = "apiserver-etcd-client.crt"
	// ApiserverEtcdClientCertificateKeySecretKey apiserver-etcd-client.key.
	ApiserverEtcdClientCertificateKeySecretKey = "apiserver-etcd-client.key"

	// ApiserverProxyClientCertificateCertSecretKey apiserver-proxy-client.crt.
	ApiserverProxyClientCertificateCertSecretKey = "apiserver-proxy-client.crt"
	// ApiserverProxyClientCertificateKeySecretKey apiserver-proxy-client.key.
	ApiserverProxyClientCertificateKeySecretKey = "apiserver-proxy-client.key"

	// BackupEtcdClientCertificateCertSecretKey backup-etcd-client.crt.
	BackupEtcdClientCertificateCertSecretKey = "backup-etcd-client.crt"
	// BackupEtcdClientCertificateKeySecretKey backup-etcd-client.key.
	BackupEtcdClientCertificateKeySecretKey = "backup-etcd-client.key"

	// PrometheusClientCertificateCertSecretKey prometheus-client.crt.
	PrometheusClientCertificateCertSecretKey = "prometheus-client.crt"
	// PrometheusClientCertificateKeySecretKey prometheus-client.key.
	PrometheusClientCertificateKeySecretKey = "prometheus-client.key"

	// ServingCertSecretKey is the secret key for a generic serving cert.
	ServingCertSecretKey = "serving.crt"
	// ServingCertKeySecretKey is the secret key for the key of a generic serving cert.
	ServingCertKeySecretKey = "serving.key"

	// CloudConfigSecretKey is the secret key for cloud-config.
	CloudConfigSecretKey = "config"
	// NutanixCSIConfigSecretKey is the secret key for nutanix csi secret.
	NutanixCSIConfigSecretKey = "key"
	// NutanixCSIConfigSecretName is the secret key for nutanix csi secret.
	NutanixCSIConfigSecretName = "ntnx-secret"
)
View Source
const (
	AWSAccessKeyID     = "accessKeyId"
	AWSSecretAccessKey = "secretAccessKey"

	AzureTenantID       = "tenantID"
	AzureSubscriptionID = "subscriptionID"
	AzureClientID       = "clientID"
	AzureClientSecret   = "clientSecret"

	DigitaloceanToken = "token"

	GCPServiceAccount = "serviceAccount"

	HetznerToken = "token"

	OpenstackUsername                    = "username"
	OpenstackPassword                    = "password"
	OpenstackTenant                      = "tenant"
	OpenstackTenantID                    = "tenantID"
	OpenstackProject                     = "project"
	OpenstackProjectID                   = "projectID"
	OpenstackDomain                      = "domain"
	OpenstackApplicationCredentialID     = "applicationCredentialID"
	OpenstackApplicationCredentialSecret = "applicationCredentialSecret"
	OpenstackToken                       = "token"

	PacketAPIKey    = "apiKey"
	PacketProjectID = "projectID"

	KubevirtKubeConfig    = "kubeConfig"
	KubevirtCSIKubeConfig = "csiKubeConfig"

	VsphereUsername                    = "username"
	VspherePassword                    = "password"
	VsphereInfraManagementUserUsername = "infraManagementUserUsername"
	VsphereInfraManagementUserPassword = "infraManagementUserPassword"

	AlibabaAccessKeyID     = "accessKeyId"
	AlibabaAccessKeySecret = "accessKeySecret"

	AnexiaToken = "token"

	NutanixUsername    = "username"
	NutanixPassword    = "password"
	NutanixCSIUsername = "csiUsername"
	NutanixCSIPassword = "csiPassword"
	NutanixProxyURL    = "proxyURL"

	UserSSHKeys = "usersshkeys"
)
View Source
const (
	CoreDNSClusterRoleName         = "system:coredns"
	CoreDNSClusterRoleBindingName  = "system:coredns"
	CoreDNSServiceAccountName      = "coredns"
	CoreDNSServiceName             = "kube-dns"
	CoreDNSConfigMapName           = "coredns"
	CoreDNSDeploymentName          = "coredns"
	CoreDNSPodDisruptionBudgetName = "coredns"
)
View Source
const (
	EnvoyAgentConfigMapName                    = "envoy-agent"
	EnvoyAgentConfigFileName                   = "envoy.yaml"
	EnvoyAgentDaemonSetName                    = "envoy-agent"
	EnvoyAgentCreateInterfaceInitContainerName = "create-dummy-interface"
	EnvoyAgentAssignAddressInitContainerName   = "assign-address"
	EnvoyAgentDeviceSetupImage                 = "kubermatic/kubeletdnat-controller"
)
View Source
const (
	NodeLocalDNSServiceAccountName = "node-local-dns"
	NodeLocalDNSConfigMapName      = "node-local-dns"
	NodeLocalDNSDaemonSetName      = "node-local-dns"
)
View Source
const (
	ExternalClusterKubeconfig         = "kubeconfig"
	ExternalEKSClusterAccessKeyID     = "accessKeyId"
	ExternalEKSClusterSecretAccessKey = "secretAccessKey"
	ExternalGKEClusterSeriveAccount   = "serviceAccount"
	ExternalAKSClusterTenantID        = "tenantID"
	ExternalAKSClusterSubscriptionID  = "subscriptionID"
	ExternalAKSClusterClientID        = "clientID"
	ExternalAKSClusterClientSecret    = "clientSecret"
)
View Source
const (
	EtcdTrustedCAFile = "/etc/etcd/pki/ca/ca.crt"
	EtcdCertFile      = "/etc/etcd/pki/tls/etcd-tls.crt"
	EtcdKetFile       = "/etc/etcd/pki/tls/etcd-tls.key"

	EtcdPeerCertFile = "/etc/etcd/pki/tls/etcd-tls.crt"
	EtcdPeerKeyFile  = "/etc/etcd/pki/tls/etcd-tls.key"

	EtcdClientCertFile = "/etc/etcd/pki/client/apiserver-etcd-client.crt"
	EtcdClientKeyFile  = "/etc/etcd/pki/client/apiserver-etcd-client.key"
)
View Source
const (
	// CSIMigrationWebhookName is the name of the csi-migration webhook service.
	CSIMigrationWebhookName = "csi-migration-webhook"
	// CSIMigrationWebhookSecretName defines the name of the secret containing the certificates for the csi-migration admission webhook.
	CSIMigrationWebhookSecretName = "csi-migration-webhook-certs"

	// CSIMigrationWebhookConfig is the name for the key that contains the webhook config.
	CSIMigrationWebhookConfig = "webhook.config"
	// CSIMigrationWebhookPort is the port used by the CSI-migration webhook.
	CSIMigrationWebhookPort = 8443
	// VsphereCSIMigrationWebhookConfigurationWebhookName is the webhook's name in the vSphere CSI_migration WebhookConfiguration.
	VsphereCSIMigrationWebhookConfigurationWebhookName = "validation.csi.vsphere.vmware.com"

	// CSISnapshotValidationWebhookConfigurationName part of kubernetes-csi external-snapshotter validation webhook.
	CSISnapshotValidationWebhookConfigurationName = "validation-webhook.snapshot.storage.k8s.io"
	// CSISnapshotValidationWebhookName part of kubernetes-csi external-snapshotter validation webhook.
	CSISnapshotValidationWebhookName = "snapshot-validation-service"

	CSISnapshotWebhookSecretName = "csi-snapshot-webhook-certs"
	// CSIWebhookServingCertCertKeyName is the name for the key that contains the cert.
	CSIWebhookServingCertCertKeyName = "cert.pem"
	// CSIWebhookServingCertKeyKeyName is the name for the key that contains the key.
	CSIWebhookServingCertKeyKeyName = "key.pem"
)
View Source
const (
	UserClusterMLANamespace = "mla-system"
	MLAComponentName        = "mla"

	PromtailServiceAccountName     = "promtail"
	PromtailClusterRoleName        = "system:mla:promtail"
	PromtailClusterRoleBindingName = "system:mla:promtail"
	PromtailSecretName             = "promtail"
	PromtailDaemonSetName          = "promtail"

	UserClusterPrometheusConfigMapName          = "prometheus"
	UserClusterPrometheusServiceAccountName     = "prometheus"
	UserClusterPrometheusClusterRoleName        = "system:mla:prometheus"
	UserClusterPrometheusClusterRoleBindingName = "system:mla:prometheus"
	UserClusterPrometheusDeploymentName         = "prometheus"

	// MLAGatewayExternalServiceName is the name for the MLA Gateway external service.
	MLAGatewayExternalServiceName = "mla-gateway-ext"
	// MLAGatewaySNIPrefix is the URL prefix which identifies the MLA Gateway endpoint in the external URL if SNI expose strategy is used.
	MLAGatewaySNIPrefix = "mla-gateway."

	// MLAGatewayCASecretName is the name for the secret containing the MLA Gateway CA certificates.
	MLAGatewayCASecretName = "mla-gateway-ca"
	MLAGatewayCACertKey    = CACertSecretKey
	MLAGatewayCAKeyKey     = CAKeySecretKey

	// MLAGatewayCertificatesSecretName is the name for the secret containing the MLA Gateway certificates.
	MLAGatewayCertificatesSecretName = "mla-gateway-certificates"
	MLAGatewayKeySecretKey           = "gateway.key"
	MLAGatewayCertSecretKey          = "gateway.crt"

	// UserClusterPrometheusCertificatesSecretName is the name for the secret containing the Prometheus client certificates.
	UserClusterPrometheusCertificatesSecretName = "prometheus-certificates"
	UserClusterPrometheusCertificateCommonName  = "prometheus"
	UserClusterPrometheusClientKeySecretKey     = "client.key"
	UserClusterPrometheusClientCertSecretKey    = "client.crt"
	UserClusterPrometheusClientCertMountPath    = "/etc/ssl/mla"

	// PromtailCertificatesSecretName is the name for the secret containing the promtail client certificates.
	PromtailCertificatesSecretName = "promtail-certificates"
	PromtailCertificateCommonName  = "promtail"
	PromtailClientKeySecretKey     = "client.key"
	PromtailClientCertSecretKey    = "client.crt"
	PromtailClientCertMountPath    = "/etc/ssl/mla"

	AlertmanagerName                    = "alertmanager"
	DefaultAlertmanagerConfigSecretName = "alertmanager"
	AlertmanagerConfigSecretKey         = "alertmanager.yaml"
	DefaultAlertmanagerConfig           = `
template_files: {}
alertmanager_config: |
  route:
    receiver: 'null'
  receivers:
    - name: 'null'
`

	// MLAAdminSettingsName specifies a fixed name of the MLA admin settings custom resource in the cluster namespace.
	MLAAdminSettingsName = "mla-admin-settings"

	// Konnectivity.
	KonnectivityDeploymentName             = "konnectivity-agent"
	KonnectivityClusterRoleBindingName     = "system:konnectivity-server"
	KonnectivityClusterRoleBindingUsername = "system:konnectivity-server"
	KonnectivityServiceAccountName         = "system-konnectivity-agent"
	KonnectivityAgentContainer             = "konnectivity-agent"
	KonnectivityServerContainer            = "konnectivity-server"
	KonnectivityAgentToken                 = "system-konnectivity-agent-token"
	KonnectivityProxyServiceName           = "konnectivity-server"
	KonnectivityProxyTLSSecretName         = "konnectivityproxy-tls"
	KonnectivityKubeconfigSecretName       = "konnectivity-kubeconfig"
	KonnectivityServerConf                 = "konnectivity-server.conf"
	KonnectivityKubeApiserverEgress        = "kube-apiserver-egress"
	KonnectivityUDS                        = "konnectivity-uds"
	KonnectivityPodDisruptionBudgetName    = "konnectivity-agent"
)
View Source
const (
	NetworkPolicyDefaultDenyAllEgress          = "default-deny-all-egress"
	NetworkPolicyEtcdAllow                     = "etcd-allow"
	NetworkPolicyDNSAllow                      = "dns-allow"
	NetworkPolicyOpenVPNServerAllow            = "openvpn-server-allow"
	NetworkPolicyMachineControllerWebhookAllow = "machine-controller-webhook-allow"
	NetworkPolicyMetricsServerAllow            = "metrics-server-allow"
	NetworkPolicyClusterExternalAddrAllow      = "cluster-external-addr-allow"
	NetworkPolicyOIDCIssuerAllow               = "oidc-issuer-allow"
)
View Source
const (
	TokenBlacklist = "token-blacklist"
)

Variables

This section is empty.

Functions

func AdminKubeconfigCreator

func AdminKubeconfigCreator(data adminKubeconfigCreatorData) reconciling.NamedSecretCreatorGetter

AdminKubeconfigCreator returns a function to create/update the secret with the admin kubeconfig.

func AppClusterLabels

func AppClusterLabels(appName, clusterName string, additionalLabels map[string]string) map[string]string

AppClusterLabels returns the base app label + the cluster label. Additional labels can be included as well.

func BackupCABundleConfigMapName added in v2.17.0

func BackupCABundleConfigMapName(cluster *kubermaticv1.Cluster) string

BackupCABundleConfigMapName returns the name of the ConfigMap in the kube-system namespace that holds the CA bundle for a given cluster. As the CA bundle technically can be different per usercluster, this is not a constant.

func BaseAppLabels

func BaseAppLabels(name string, additionalLabels map[string]string) map[string]string

BaseAppLabels returns the minimum required labels.

func Bool

func Bool(v bool) *bool

Bool returns a pointer to the bool value passed in.

func BuildNewKubeconfigAsByte

func BuildNewKubeconfigAsByte(ca *triple.KeyPair, server, commonName string, organizations []string, clusterName string) ([]byte, error)

func CertWillExpireSoon

func CertWillExpireSoon(cert *x509.Certificate) bool

CertWillExpireSoon returns if the certificate will expire in the next 30 days.

func ClusterIPForService

func ClusterIPForService(name, namespace string, serviceLister corev1lister.ServiceLister) (*net.IP, error)

ClusterIPForService returns the cluster ip for the given service.

func ClusterRoleBindingAuthDelegatorCreator

func ClusterRoleBindingAuthDelegatorCreator(username string) reconciling.NamedClusterRoleBindingCreatorGetter

ClusterRoleBindingAuthDelegatorCreator returns a function to create the ClusterRoleBinding which is needed for extension apiserver which do auth delegation.

func ConfigMapRevision

func ConfigMapRevision(ctx context.Context, key types.NamespacedName, client ctrlruntimeclient.Client) (string, error)

ConfigMapRevision returns the resource version of the ConfigMap specified by name.

func CopyCredentials added in v2.18.0

func CopyCredentials(data CredentialsData, cluster *kubermaticv1.Cluster) error

func ExternalCloudProviderEnabled added in v2.17.0

func ExternalCloudProviderEnabled(cluster *kubermaticv1.Cluster) bool

func FailureDomainZoneAntiAffinity

func FailureDomainZoneAntiAffinity(app string) corev1.WeightedPodAffinityTerm

FailureDomainZoneAntiAffinity ensures that same-kind pods are spread across different availability zones.

func GetAbsoluteServiceDNSName

func GetAbsoluteServiceDNSName(service, namespace string) string

GetAbsoluteServiceDNSName returns the absolute DNS name for the given service and the given cluster. Absolute means a trailing dot will be appended to the DNS name.

func GetAllowedTLSCipherSuites added in v2.19.0

func GetAllowedTLSCipherSuites() []string

GetAllowedTLSCipherSuites returns a list of allowed TLS cipher suites.

func GetBaseKubeconfig

func GetBaseKubeconfig(caCert *x509.Certificate, server, clusterName string) *clientcmdapi.Config

func GetCABundleFromFile added in v2.17.0

func GetCABundleFromFile(file string) ([]*x509.Certificate, error)

GetCABundleFromFile returns the CA bundle from a file.

func GetCSIMigrationFeatureGates added in v2.17.0

func GetCSIMigrationFeatureGates(cluster *kubermaticv1.Cluster) []string

func GetClusterExternalIP

func GetClusterExternalIP(cluster *kubermaticv1.Cluster) (*net.IP, error)

GetClusterExternalIP returns a net.IP for the given Cluster.

func GetClusterFrontProxyCA

func GetClusterFrontProxyCA(ctx context.Context, namespace string, client ctrlruntimeclient.Client) (*triple.KeyPair, error)

GetClusterFrontProxyCA returns the frontproxy CA of the cluster from the lister.

func GetClusterRef

func GetClusterRef(cluster *kubermaticv1.Cluster) metav1.OwnerReference

GetClusterRef returns a metav1.OwnerReference for the given Cluster.

func GetClusterRootCA

func GetClusterRootCA(ctx context.Context, namespace string, client ctrlruntimeclient.Client) (*triple.KeyPair, error)

GetClusterRootCA returns the root CA of the cluster from the lister.

func GetEtcdRestoreRef added in v2.17.0

func GetEtcdRestoreRef(restore *kubermaticv1.EtcdRestore) metav1.OwnerReference

GetEtcdRestoreRef returns a metav1.OwnerReference for the given EtcdRestore.

func GetEtcdRestoreS3Client added in v2.17.0

func GetEtcdRestoreS3Client(ctx context.Context, restore *kubermaticv1.EtcdRestore, createSecretIfMissing bool, client ctrlruntimeclient.Client, cluster *kubermaticv1.Cluster,
	destination *kubermaticv1.BackupDestination) (*minio.Client, string, error)

GetEtcdRestoreS3Client returns an S3 client for downloading the backup for a given EtcdRestore. If the EtcdRestore doesn't reference a secret containing the credentials and endpoint and bucket name data, one can optionally be created from a well-known secret and configmap in kube-system, or from a specified backup destination.

func GetHTTPProxyEnvVarsFromSeed

func GetHTTPProxyEnvVarsFromSeed(seed *kubermaticv1.Seed, inClusterAPIServerURL string) []corev1.EnvVar

func GetInternalKubeconfigCreator

func GetInternalKubeconfigCreator(name, commonName string, organizations []string, data internalKubeconfigCreatorData) reconciling.NamedSecretCreatorGetter

GetInternalKubeconfigCreator is a generic function to return a secret generator to create a kubeconfig which must only be used within the seed-cluster as it uses the ClusterIP of the apiserver.

func GetKubernetesCloudProviderName

func GetKubernetesCloudProviderName(cluster *kubermaticv1.Cluster, externalCloudProvider bool) string

func GetOverrides

func GetOverrides(componentSettings kubermaticv1.ComponentSettings) map[string]*corev1.ResourceRequirements

func GetPodTemplateLabels

func GetPodTemplateLabels(
	ctx context.Context,
	client ctrlruntimeclient.Client,
	appName, clusterName, namespace string,
	volumes []corev1.Volume,
	additionalLabels map[string]string,
) (map[string]string, error)

GetPodTemplateLabels is a specialized version of VolumeRevisionLabels that adds additional typical labels like app and cluster names.

func GetVerticalPodAutoscalersForAll

func GetVerticalPodAutoscalersForAll(ctx context.Context, client ctrlruntimeclient.Client, deploymentNames, statefulSetNames []string, namespace string, enabled bool) ([]reconciling.NamedVerticalPodAutoscalerCreatorGetter, error)

GetVerticalPodAutoscalersForAll will return functions to create VPA resource for all supplied Deployments and StatefulSets. All resources must exist in the specified namespace. The VPA resource will have the same selector as the Deployment/StatefulSet. The pod container limits will be set as VPA limits.

func HealthyDaemonSet added in v2.19.0

func HealthyDaemonSet(ctx context.Context, client ctrlruntimeclient.Client, nn types.NamespacedName, minReady int32) (kubermaticv1.HealthStatus, error)

HealthyDaemonSet tells if the minReady nodes have one Ready pod.

func HealthyDeployment

func HealthyDeployment(ctx context.Context, client ctrlruntimeclient.Client, nn types.NamespacedName, minReady int32) (kubermaticv1.HealthStatus, error)

HealthyDeployment tells if the deployment has a minimum of minReady replicas in Ready status.

func HealthyStatefulSet

func HealthyStatefulSet(ctx context.Context, client ctrlruntimeclient.Client, nn types.NamespacedName, minReady int32) (kubermaticv1.HealthStatus, error)

HealthyStatefulSet tells if the deployment has a minimum of minReady replicas in Ready status.

func HostnameAntiAffinity

func HostnameAntiAffinity(app, clusterName string) *corev1.Affinity

HostnameAntiAffinity returns a simple Affinity rule to prevent* scheduling of same kind pods on the same node. It contains 2 AntiAffinity terms: High priority: We don't schedule multiple pods of this app & cluster on a single node Low priority: We don't schedule multiple pods of this app on a single node - regardless of the cluster. This prevents that we schedule all API server pods on a single node *if scheduling is not possible with this rule, it will be ignored.

func ImagePullSecretCreator

func ImagePullSecretCreator(dockerPullConfigJSON []byte) reconciling.NamedSecretCreatorGetter

ImagePullSecretCreator returns a creator function to create a ImagePullSecret.

func InClusterApiserverIP

func InClusterApiserverIP(cluster *kubermaticv1.Cluster) (*net.IP, error)

InClusterApiserverIP returns the first usable IP of the service cidr. Its the in cluster IP for the apiserver.

func Int32

func Int32(v int32) *int32

Int32 returns a pointer to the int32 value passed in.

func Int64

func Int64(v int64) *int64

Int64 returns a pointer to the int64 value passed in.

func IsClientCertificateValidForAllOf

func IsClientCertificateValidForAllOf(cert *x509.Certificate, commonName string, organizations []string, ca *x509.Certificate) bool

IsClientCertificateValidForAllOf validates if the given data matches exactly the given client certificate (It also returns true if all given data is in the cert, but the cert has more organizations).

func IsServerCertificateValidForAllOf

func IsServerCertificateValidForAllOf(cert *x509.Certificate, commonName string, altNames certutil.AltNames, ca *x509.Certificate) bool

IsServerCertificateValidForAllOf validates if the given data is present in the given server certificate.

func IsValidKubeconfig

func IsValidKubeconfig(kubeconfigBytes []byte, caCert *x509.Certificate, server, commonName string, organizations []string, clusterName string) (bool, error)

func RoleBindingAuthenticationReaderCreator

func RoleBindingAuthenticationReaderCreator(username string) reconciling.NamedRoleBindingCreatorGetter

RoleBindingAuthenticationReaderCreator returns a function to create the RoleBinding which is needed for extension apiserver which do auth delegation.

func SanitizeEnvVars added in v2.19.0

func SanitizeEnvVars(envVars []corev1.EnvVar) []corev1.EnvVar

SanitizeEnvVar will take the value of an environment variable and sanitize it. the need for this comes from github.com/kubermatic/kubermatic/issues/7960.

func SecretRevision

func SecretRevision(ctx context.Context, key types.NamespacedName, client ctrlruntimeclient.Client) (string, error)

SecretRevision returns the resource version of the Secret specified by name.

func ServiceAccountSecretCreator

func ServiceAccountSecretCreator(data CredentialsData) reconciling.NamedSecretCreatorGetter

ServiceAccountSecretCreator returns a creator function to create a Google Service Account.

func SetResourceRequirements

func SetResourceRequirements(containers []corev1.Container, defaultRequirements, overrides map[string]*corev1.ResourceRequirements, annotations map[string]string) error

SetResourceRequirements sets resource requirements on provided slice of containers. The highest priority has requirements provided using overrides, then requirements provided by the vpa-updater (if VPA is enabled), and at the end provided default requirements for a given resource.

func String

func String(v string) *string

String returns a pointer to the string value passed in.

func SupportsFailureDomainZoneAntiAffinity

func SupportsFailureDomainZoneAntiAffinity(ctx context.Context, client ctrlruntimeclient.Client) (bool, error)

SupportsFailureDomainZoneAntiAffinity checks if there are any nodes with the TopologyKeyFailureDomainZone label.

func UnwrapCommand added in v2.17.0

func UnwrapCommand(container corev1.Container) (found bool, command httpproberapi.Command)

func UserClusterDNSPolicyAndConfig

func UserClusterDNSPolicyAndConfig(d userClusterDNSPolicyAndConfigData) (corev1.DNSPolicy, *corev1.PodDNSConfig, error)

UserClusterDNSPolicyAndConfig returns a DNSPolicy and DNSConfig to configure Pods to use user cluster DNS.

func UserClusterDNSResolverIP

func UserClusterDNSResolverIP(cluster *kubermaticv1.Cluster) (string, error)

UserClusterDNSResolverIP returns the 9th usable IP address from the first Service CIDR block from ClusterNetwork spec. This is by convention the IP address of the DNS resolver. Returns "" on error.

func ViewerKubeconfigCreator

func ViewerKubeconfigCreator(data *TemplateData) reconciling.NamedSecretCreatorGetter

ViewerKubeconfigCreator returns a function to create/update the secret with the viewer kubeconfig.

func VolumeRevisionLabels

func VolumeRevisionLabels(
	ctx context.Context,
	client ctrlruntimeclient.Client,
	namespace string,
	volumes []corev1.Volume,
) (map[string]string, error)

VolumeRevisionLabels returns a set of labels for the given volumes, with one label per ConfigMap or Secret, containing the objects' revisions. When used for pod template labels, this will force pods being restarted as soon as one of the secrets/configmaps get updated.

Types

type AKSCredentials added in v2.19.0

type AKSCredentials struct {
	TenantID       string
	SubscriptionID string
	ClientID       string
	ClientSecret   string
}

func GetAKSCredentials added in v2.19.0

func GetAKSCredentials(ctx context.Context, client ctrlruntimeclient.Client, cluster *kubermaticv1.ExternalCluster) (AKSCredentials, error)

type AWSCredentials

type AWSCredentials struct {
	AccessKeyID          string
	SecretAccessKey      string
	AssumeRoleARN        string
	AssumeRoleExternalID string
}

func GetAWSCredentials

func GetAWSCredentials(data CredentialsData) (AWSCredentials, error)

type AlibabaCredentials

type AlibabaCredentials struct {
	AccessKeyID     string
	AccessKeySecret string
}

func GetAlibabaCredentials

func GetAlibabaCredentials(data CredentialsData) (AlibabaCredentials, error)

type AnexiaCredentials added in v2.16.3

type AnexiaCredentials struct {
	Token string
}

func GetAnexiaCredentials added in v2.16.3

func GetAnexiaCredentials(data CredentialsData) (AnexiaCredentials, error)

type AzureCredentials

type AzureCredentials struct {
	TenantID       string
	SubscriptionID string
	ClientID       string
	ClientSecret   string
}

func GetAzureCredentials

func GetAzureCredentials(data CredentialsData) (AzureCredentials, error)

type CABundle added in v2.17.0

type CABundle interface {
	CertPool() *x509.CertPool
	String() string
}

type CredentialsData

type CredentialsData interface {
	Cluster() *kubermaticv1.Cluster
	GetGlobalSecretKeySelectorValue(configVar *providerconfig.GlobalSecretKeySelector, key string) (string, error)
}

func NewCredentialsData

func NewCredentialsData(ctx context.Context, cluster *kubermaticv1.Cluster, client ctrlruntimeclient.Client) CredentialsData

type DigitaloceanCredentials

type DigitaloceanCredentials struct {
	Token string
}

func GetDigitaloceanCredentials

func GetDigitaloceanCredentials(data CredentialsData) (DigitaloceanCredentials, error)

type ECDSAKeyPair

type ECDSAKeyPair struct {
	Key  *ecdsa.PrivateKey
	Cert *x509.Certificate
}

ECDSAKeyPair is a ECDSA x509 certificate and private key.

func GetMLAGatewayCA added in v2.18.0

func GetMLAGatewayCA(ctx context.Context, namespace string, client ctrlruntimeclient.Client) (*ECDSAKeyPair, error)

GetMLAGatewayCA returns the MLA Gateway CA of the cluster from the lister.

func GetOpenVPNCA

func GetOpenVPNCA(ctx context.Context, namespace string, client ctrlruntimeclient.Client) (*ECDSAKeyPair, error)

GetOpenVPNCA returns the OpenVPN CA of the cluster from the lister.

type EKSCredentials added in v2.19.0

type EKSCredentials struct {
	AccessKeyID          string
	SecretAccessKey      string
	AssumeRoleARN        string
	AssumeRoleExternalID string
}

func GetEKSCredentials added in v2.19.0

func GetEKSCredentials(ctx context.Context, client ctrlruntimeclient.Client, cluster *kubermaticv1.ExternalCluster) (EKSCredentials, error)

type GCPCredentials

type GCPCredentials struct {
	ServiceAccount string
}

func GetGCPCredentials

func GetGCPCredentials(data CredentialsData) (GCPCredentials, error)

type GKECredentials added in v2.19.0

type GKECredentials struct {
	ServiceAccount string
}

func GetGKECredentials added in v2.19.0

func GetGKECredentials(ctx context.Context, client ctrlruntimeclient.Client, cluster *kubermaticv1.ExternalCluster) (GKECredentials, error)

type HetznerCredentials

type HetznerCredentials struct {
	Token string
}

func GetHetznerCredentials

func GetHetznerCredentials(data CredentialsData) (HetznerCredentials, error)

type KubevirtCredentials

type KubevirtCredentials struct {
	// Admin kubeconfig for KubeVirt cluster
	KubeConfig string
	// CSI driver kubeconfig for user cluster to provision storage on KubeVirt cluster
	CSIKubeConfig string
}

func GetKubevirtCredentials

func GetKubevirtCredentials(data CredentialsData) (KubevirtCredentials, error)

type NutanixCredentials added in v2.19.0

type NutanixCredentials struct {
	Username    string
	Password    string
	CSIUsername string
	CSIPassword string
	ProxyURL    string
}

func GetNutanixCredentials added in v2.19.0

func GetNutanixCredentials(data CredentialsData) (NutanixCredentials, error)

type OpenstackCredentials

type OpenstackCredentials struct {
	Username                    string
	Password                    string
	Project                     string
	ProjectID                   string
	Domain                      string
	ApplicationCredentialID     string
	ApplicationCredentialSecret string
	Token                       string
}

func GetOpenstackCredentials

func GetOpenstackCredentials(data CredentialsData) (OpenstackCredentials, error)

type PacketCredentials

type PacketCredentials struct {
	APIKey    string
	ProjectID string
}

func GetPacketCredentials

func GetPacketCredentials(data CredentialsData) (PacketCredentials, error)

type Requirements

type Requirements struct {
	Name     string                       `json:"name,omitempty"`
	Requires *corev1.ResourceRequirements `json:"requires,omitempty"`
}

Requirements are how much resources are needed by containers in the pod.

type TemplateData

type TemplateData struct {
	OverwriteRegistry string
	// contains filtered or unexported fields
}

TemplateData is a group of data required for template generation.

func (*TemplateData) BackupSchedule added in v2.17.0

func (d *TemplateData) BackupSchedule() time.Duration

func (*TemplateData) CABundle added in v2.17.0

func (d *TemplateData) CABundle() CABundle

CABundle returns the set of CA certificates that should be used for all outgoing communication.

func (*TemplateData) Cluster

func (d *TemplateData) Cluster() *kubermaticv1.Cluster

Cluster returns the cluster.

func (*TemplateData) ClusterIPByServiceName

func (d *TemplateData) ClusterIPByServiceName(name string) (string, error)

ClusterIPByServiceName returns the ClusterIP as string for the Service specified by `name`. Service lookup happens within `Cluster.Status.NamespaceName`. When ClusterIP fails to parse as valid IP address, an error is returned.

func (*TemplateData) ClusterVersion

func (d *TemplateData) ClusterVersion() string

ClusterVersion returns version of the cluster.

func (*TemplateData) ComputedNodePortRange added in v2.17.1

func (d *TemplateData) ComputedNodePortRange() string

ComputedNodePortRange is NodePortRange() with defaulting and ComponentsOverride logic.

func (*TemplateData) DC

DC returns the dc.

func (*TemplateData) DNATControllerImage

func (d *TemplateData) DNATControllerImage() string

func (*TemplateData) DNATControllerTag added in v2.16.3

func (d *TemplateData) DNATControllerTag() string

func (*TemplateData) EtcdDiskSize

func (d *TemplateData) EtcdDiskSize() resource.Quantity

EtcdDiskSize returns the etcd disk size.

func (*TemplateData) EtcdLauncherImage

func (d *TemplateData) EtcdLauncherImage() string

func (*TemplateData) EtcdLauncherTag added in v2.16.3

func (d *TemplateData) EtcdLauncherTag() string

func (*TemplateData) ExternalIP

func (d *TemplateData) ExternalIP() (*net.IP, error)

ExternalIP returns the external facing IP or an error if no IP exists.

func (*TemplateData) GetCSIMigrationFeatureGates added in v2.17.0

func (d *TemplateData) GetCSIMigrationFeatureGates() []string

func (*TemplateData) GetCloudProviderName added in v2.18.0

func (d *TemplateData) GetCloudProviderName() (string, error)

func (*TemplateData) GetClusterRef

func (d *TemplateData) GetClusterRef() metav1.OwnerReference

GetClusterRef returns a instance of a OwnerReference for the Cluster in the TemplateData.

func (*TemplateData) GetFrontProxyCA

func (d *TemplateData) GetFrontProxyCA() (*triple.KeyPair, error)

GetFrontProxyCA returns the root CA for the front proxy.

func (*TemplateData) GetGlobalSecretKeySelectorValue

func (d *TemplateData) GetGlobalSecretKeySelectorValue(configVar *providerconfig.GlobalSecretKeySelector, key string) (string, error)

func (*TemplateData) GetKonnectivityServerPort added in v2.19.0

func (d *TemplateData) GetKonnectivityServerPort() (int32, error)

GetKonnectivityServerPort returns the nodeport of the external Konnectivity Server service.

func (*TemplateData) GetMLAGatewayCA added in v2.18.0

func (d *TemplateData) GetMLAGatewayCA() (*ECDSAKeyPair, error)

GetMLAGatewayCA returns the root CA for the MLA Gateway.

func (*TemplateData) GetMLAGatewayPort added in v2.18.0

func (d *TemplateData) GetMLAGatewayPort() (int32, error)

GetMLAGatewayPort returns the NodePort of the external MLA Gateway service.

func (*TemplateData) GetOpenVPNCA

func (d *TemplateData) GetOpenVPNCA() (*ECDSAKeyPair, error)

GetOpenVPNCA returns the root ca for the OpenVPN.

func (*TemplateData) GetOpenVPNServerPort

func (d *TemplateData) GetOpenVPNServerPort() (int32, error)

GetOpenVPNServerPort returns the nodeport of the external apiserver service.

func (*TemplateData) GetPodTemplateLabels

func (d *TemplateData) GetPodTemplateLabels(appName string, volumes []corev1.Volume, additionalLabels map[string]string) (map[string]string, error)

GetPodTemplateLabels returns a set of labels for a Pod including the revisions of depending secrets and configmaps. This will force pods being restarted as soon as one of the secrets/configmaps get updated.

func (*TemplateData) GetRootCA

func (d *TemplateData) GetRootCA() (*triple.KeyPair, error)

GetRootCA returns the root CA of the cluster.

func (*TemplateData) GetViewerToken

func (d *TemplateData) GetViewerToken() (string, error)

GetViewerToken returns the viewer token.

func (*TemplateData) ImageRegistry

func (d *TemplateData) ImageRegistry(defaultRegistry string) string

ImageRegistry returns the image registry to use or the passed in default if no override is specified.

func (*TemplateData) IsKonnectivityEnabled added in v2.18.0

func (d *TemplateData) IsKonnectivityEnabled() bool

IsKonnectivityEnabled returns isKonnectivityEnabled.

func (*TemplateData) KCMCloudControllersDeactivated added in v2.17.0

func (d *TemplateData) KCMCloudControllersDeactivated() bool

KCMCloudControllersDeactivated return true if the KCM is ready and the cloud-controllers are disabled. * There is no 'cloud-provider' flag. * The cloud controllers are disabled. This is used to avoid deploying the CCM before the in-tree cloud controllers have been deactivated.

func (*TemplateData) KubermaticAPIImage

func (d *TemplateData) KubermaticAPIImage() string

func (*TemplateData) KubermaticConfiguration added in v2.19.0

func (d *TemplateData) KubermaticConfiguration() *kubermaticv1.KubermaticConfiguration

func (*TemplateData) KubermaticDockerTag added in v2.16.3

func (d *TemplateData) KubermaticDockerTag() string

func (*TemplateData) MachineControllerImageRepository added in v2.18.0

func (d *TemplateData) MachineControllerImageRepository() string

func (*TemplateData) MachineControllerImageTag added in v2.18.0

func (d *TemplateData) MachineControllerImageTag() string

func (*TemplateData) NodeAccessNetwork

func (d *TemplateData) NodeAccessNetwork() string

NodeAccessNetwork returns the node access network.

func (*TemplateData) NodeLocalDNSCacheEnabled

func (d *TemplateData) NodeLocalDNSCacheEnabled() bool

func (*TemplateData) NodePortProxyTag added in v2.16.3

func (d *TemplateData) NodePortProxyTag() string

func (*TemplateData) NodePortRange

func (d *TemplateData) NodePortRange() string

NodePortRange returns the node access network.

func (*TemplateData) NodePorts added in v2.17.1

func (d *TemplateData) NodePorts() (int, int)

NodePorts returns low and high NodePorts from NodePortRange().

func (*TemplateData) OIDCIssuerClientID

func (d *TemplateData) OIDCIssuerClientID() string

OIDCIssuerClientID return the issuer client ID.

func (*TemplateData) OIDCIssuerURL

func (d *TemplateData) OIDCIssuerURL() string

OIDCIssuerURL returns URL of the OpenID token issuer.

func (*TemplateData) OperatingSystemManagerImageRepository added in v2.20.5

func (d *TemplateData) OperatingSystemManagerImageRepository() string

func (*TemplateData) OperatingSystemManagerImageTag added in v2.20.5

func (d *TemplateData) OperatingSystemManagerImageTag() string

func (*TemplateData) ProviderName

func (d *TemplateData) ProviderName() string

ProviderName returns the name of the clusters providerName.

func (*TemplateData) Seed

func (d *TemplateData) Seed() *kubermaticv1.Seed

func (*TemplateData) SupportsFailureDomainZoneAntiAffinity

func (d *TemplateData) SupportsFailureDomainZoneAntiAffinity() bool

func (*TemplateData) UserClusterMLAEnabled added in v2.18.0

func (d *TemplateData) UserClusterMLAEnabled() bool

UserClusterMLAEnabled returns userClusterMLAEnabled.

type TemplateDataBuilder added in v2.17.0

type TemplateDataBuilder struct {
	// contains filtered or unexported fields
}

func NewTemplateDataBuilder added in v2.17.0

func NewTemplateDataBuilder() *TemplateDataBuilder

func (TemplateDataBuilder) Build added in v2.17.0

func (td TemplateDataBuilder) Build() *TemplateData

func (*TemplateDataBuilder) WithBackupPeriod added in v2.17.0

func (td *TemplateDataBuilder) WithBackupPeriod(backupPeriod time.Duration) *TemplateDataBuilder

func (*TemplateDataBuilder) WithCABundle added in v2.17.0

func (td *TemplateDataBuilder) WithCABundle(bundle CABundle) *TemplateDataBuilder

func (*TemplateDataBuilder) WithClient added in v2.17.0

func (*TemplateDataBuilder) WithCluster added in v2.17.0

func (td *TemplateDataBuilder) WithCluster(cluster *kubermaticv1.Cluster) *TemplateDataBuilder

func (*TemplateDataBuilder) WithContext added in v2.17.0

func (*TemplateDataBuilder) WithDatacenter added in v2.17.0

func (*TemplateDataBuilder) WithDnatControllerImage added in v2.17.0

func (td *TemplateDataBuilder) WithDnatControllerImage(image string) *TemplateDataBuilder

func (*TemplateDataBuilder) WithEtcdDiskSize added in v2.17.0

func (td *TemplateDataBuilder) WithEtcdDiskSize(etcdDiskSize resource.Quantity) *TemplateDataBuilder

func (*TemplateDataBuilder) WithEtcdLauncherImage added in v2.17.0

func (td *TemplateDataBuilder) WithEtcdLauncherImage(image string) *TemplateDataBuilder

func (*TemplateDataBuilder) WithFailureDomainZoneAntiaffinity added in v2.17.0

func (td *TemplateDataBuilder) WithFailureDomainZoneAntiaffinity(enabled bool) *TemplateDataBuilder

func (*TemplateDataBuilder) WithKonnectivityEnabled added in v2.18.0

func (td *TemplateDataBuilder) WithKonnectivityEnabled(enabled bool) *TemplateDataBuilder

func (*TemplateDataBuilder) WithKubermaticConfiguration added in v2.19.0

func (td *TemplateDataBuilder) WithKubermaticConfiguration(cfg *kubermaticv1.KubermaticConfiguration) *TemplateDataBuilder

func (*TemplateDataBuilder) WithKubermaticImage added in v2.17.0

func (td *TemplateDataBuilder) WithKubermaticImage(image string) *TemplateDataBuilder

func (*TemplateDataBuilder) WithMachineControllerImageRepository added in v2.18.0

func (td *TemplateDataBuilder) WithMachineControllerImageRepository(repository string) *TemplateDataBuilder

func (*TemplateDataBuilder) WithMachineControllerImageTag added in v2.18.0

func (td *TemplateDataBuilder) WithMachineControllerImageTag(tag string) *TemplateDataBuilder

func (*TemplateDataBuilder) WithNodeAccessNetwork added in v2.17.0

func (td *TemplateDataBuilder) WithNodeAccessNetwork(nodeAccessNetwork string) *TemplateDataBuilder

func (*TemplateDataBuilder) WithNodePortRange added in v2.17.0

func (td *TemplateDataBuilder) WithNodePortRange(npRange string) *TemplateDataBuilder

func (*TemplateDataBuilder) WithOIDCIssuerClientID added in v2.17.0

func (td *TemplateDataBuilder) WithOIDCIssuerClientID(clientID string) *TemplateDataBuilder

func (*TemplateDataBuilder) WithOIDCIssuerURL added in v2.17.0

func (td *TemplateDataBuilder) WithOIDCIssuerURL(url string) *TemplateDataBuilder

func (*TemplateDataBuilder) WithOverwriteRegistry added in v2.17.0

func (td *TemplateDataBuilder) WithOverwriteRegistry(overwriteRegistry string) *TemplateDataBuilder

func (*TemplateDataBuilder) WithSeed added in v2.17.0

func (*TemplateDataBuilder) WithUserClusterMLAEnabled added in v2.18.0

func (td *TemplateDataBuilder) WithUserClusterMLAEnabled(enabled bool) *TemplateDataBuilder

func (*TemplateDataBuilder) WithVersions added in v2.17.0

type VSphereCredentials

type VSphereCredentials struct {
	Username string
	Password string
}

func GetVSphereCredentials

func GetVSphereCredentials(data CredentialsData) (VSphereCredentials, error)

Directories

Path Synopsis
triple
Package triple generates key-certificate pairs for the triple (CA, Server, Client).
Package triple generates key-certificate pairs for the triple (CA, Server, Client).
This file is generated.
This file is generated.
Package registry groups all container registry related types and helpers in one place.
Package registry groups all container registry related types and helpers in one place.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL