Documentation ¶
Index ¶
- Constants
- Variables
- func ApplicationDefinitionValidatingWebhookConfigurationCreator(ctx context.Context, cfg *kubermaticv1.KubermaticConfiguration, ...) reconciling.NamedValidatingWebhookConfigurationCreatorGetter
- func CRDCreator(crd *apiextensionsv1.CustomResourceDefinition, log *zap.SugaredLogger, ...) reconciling.NamedCustomResourceDefinitionCreatorGetter
- func CleanupClusterResource(ctx context.Context, client ctrlruntimeclient.Client, ...) error
- func CleanupWebhookServices(ctx context.Context, client ctrlruntimeclient.Client, ...)
- func DeleteObject(ctx context.Context, client ctrlruntimeclient.Client, name, namespace string, ...) error
- func DeleteService(ctx context.Context, client ctrlruntimeclient.Client, name, namespace string) error
- func DockercfgSecretCreator(cfg *kubermaticv1.KubermaticConfiguration) reconciling.NamedSecretCreatorGetter
- func KubermaticConfigurationAdmissionWebhookCreator(ctx context.Context, cfg *kubermaticv1.KubermaticConfiguration, ...) reconciling.NamedValidatingWebhookConfigurationCreatorGetter
- func KubermaticConfigurationAdmissionWebhookName(cfg *kubermaticv1.KubermaticConfiguration) string
- func OwnershipModifierFactory(owner metav1.Object, scheme *runtime.Scheme) reconciling.ObjectModifier
- func ProxyEnvironmentVars(cfg *kubermaticv1.KubermaticConfiguration) []corev1.EnvVar
- func SeedAdmissionWebhookCreator(ctx context.Context, cfg *kubermaticv1.KubermaticConfiguration, ...) reconciling.NamedValidatingWebhookConfigurationCreatorGetter
- func SeedAdmissionWebhookName(cfg *kubermaticv1.KubermaticConfiguration) string
- func StringifyFeatureGates(cfg *kubermaticv1.KubermaticConfiguration) string
- func VolumeRevisionLabelsModifierFactory(ctx context.Context, client ctrlruntimeclient.Client) reconciling.ObjectModifier
- func WebhookCABundle(ctx context.Context, cfg *kubermaticv1.KubermaticConfiguration, ...) ([]byte, error)
- func WebhookClusterRoleBindingCreator(cfg *kubermaticv1.KubermaticConfiguration) reconciling.NamedClusterRoleBindingCreatorGetter
- func WebhookClusterRoleBindingName(cfg *kubermaticv1.KubermaticConfiguration) string
- func WebhookClusterRoleCreator(cfg *kubermaticv1.KubermaticConfiguration) reconciling.NamedClusterRoleCreatorGetter
- func WebhookClusterRoleName(cfg *kubermaticv1.KubermaticConfiguration) string
- func WebhookDeploymentCreator(cfg *kubermaticv1.KubermaticConfiguration, versions kubermatic.Versions, ...) reconciling.NamedDeploymentCreatorGetter
- func WebhookRoleBindingCreator(cfg *kubermaticv1.KubermaticConfiguration) reconciling.NamedRoleBindingCreatorGetter
- func WebhookRoleCreator(cfg *kubermaticv1.KubermaticConfiguration) reconciling.NamedRoleCreatorGetter
- func WebhookServiceAccountCreator(cfg *kubermaticv1.KubermaticConfiguration) reconciling.NamedServiceAccountCreatorGetter
- func WebhookServiceCreator(cfg *kubermaticv1.KubermaticConfiguration, client ctrlruntimeclient.Client) reconciling.NamedServiceCreatorGetter
- func WebhookServingCASecretCreator(cfg *kubermaticv1.KubermaticConfiguration) reconciling.NamedSecretCreatorGetter
- func WebhookServingCertSecretCreator(ctx context.Context, cfg *kubermaticv1.KubermaticConfiguration, ...) reconciling.NamedSecretCreatorGetter
Constants ¶
const ( // NameLabel is the label containing the application's name. NameLabel = "app.kubernetes.io/name" // VersionLabel is the label containing the application's version. VersionLabel = resources.VersionLabel // InstanceLabel is A unique name identifying the instance of an application. InstanceLabel = "app.kubernetes.io/instance" // ComponentLabel is the label of the component within the architecture. ComponentLabel = "app.kubernetes.io/component" DockercfgSecretName = "dockercfg" WebhookServiceName = "kubermatic-webhook" WebhookRoleName = "kubermatic-webhook" WebhookRoleBindingName = "kubermatic-webhook" WebhookServiceAccountName = "kubermatic-webhook" // SeedWebhookServiceName is deprecated and only exists to facilitate cleanup by the operator. SeedWebhookServiceName = "seed-webhook" // ClusterWebhookServiceName is deprecated and only exists to facilitate cleanup by the operator. ClusterWebhookServiceName = "cluster-webhook" // UserSSHKeyAdmissionWebhookName is the name of the validating and mutation webhooks for UserSSHKeys. UserSSHKeyAdmissionWebhookName = "kubermatic-usersshkeys" // UserAdmissionWebhookName is the name of the validating webhook for Users. UserAdmissionWebhookName = "kubermatic-users" // ResourceQuotaAdmissionWebhookName is the name of the validating and mutating webhook for ResourceQuotas. ResourceQuotaAdmissionWebhookName = "kubermatic-resourcequotas" // ExternalClusterAdmissionWebhookName is the name of the mutating webhook for ExternalClusters. ExternalClusterAdmissionWebhookName = "kubermatic-externalclusters" // ApplicationDefinitionAdmissionWebhookName is the name of the validating webhook for ApplicationDefnition. ApplicationDefinitionAdmissionWebhookName = "kubermatic-application-definitions" // GroupProjectBindingAdmissionWebhookName is the name of the validating webhook for GroupProjectBindings. GroupProjectBindingAdmissionWebhookName = "kubermatic-groupprojectbindings" WebhookServingCASecretName = "webhook-ca" WebhookServingCertSecretName = "webhook-cert" IngressName = "kubermatic" MasterControllerManagerDeploymentName = "kubermatic-master-controller-manager" SeedControllerManagerDeploymentName = "kubermatic-seed-controller-manager" WebhookDeploymentName = "kubermatic-webhook" CleanupFinalizer = "kubermatic.k8c.io/cleanup" // SkipReconcilingAnnotation can be used on Seed resources to make // the operator ignore them and not reconcile the seed components into // the cluster. This should only be used during cluster migrations. SkipReconcilingAnnotation = "kubermatic.k8c.io/skip-reconciling" )
const ( // OperatorName is used as the value for ManagedBy labels to establish // a weak ownership to reconciled resources. OperatorName = "kubermatic-operator" // ManagedByLabel is the label used to identify the resources // created by this controller. ManagedByLabel = "app.kubernetes.io/managed-by" )
Variables ¶
var ( // ManagedByOperatorPredicate is a predicate that matches all resources created by // the Kubermatic Operator, based on the ManagedBy label. ManagedByOperatorPredicate = predicate.Factory(func(o ctrlruntimeclient.Object) bool { for _, ref := range o.GetOwnerReferences() { if isKubermaticConfiguration(ref) || isSeed(ref) { return true } } return false }) // ManagedByOperatorSelector is a label selector that matches all resources created by // the Kubermatic Operator. ManagedByOperatorSelector, _ = labels.NewRequirement(ManagedByLabel, selection.Equals, []string{OperatorName}) )
Functions ¶
func ApplicationDefinitionValidatingWebhookConfigurationCreator ¶ added in v2.21.0
func ApplicationDefinitionValidatingWebhookConfigurationCreator(ctx context.Context, cfg *kubermaticv1.KubermaticConfiguration, client ctrlruntimeclient.Client) reconciling.NamedValidatingWebhookConfigurationCreatorGetter
func CRDCreator ¶ added in v2.21.0
func CRDCreator(crd *apiextensionsv1.CustomResourceDefinition, log *zap.SugaredLogger, versions kubermaticversion.Versions) reconciling.NamedCustomResourceDefinitionCreatorGetter
CRDCreator will reconcile a CRD, but only if the existing CRD is older or the same version (i.e. this function will never downgrade a CRD). Up- and downgrading is only defined for KKP CRDs which have a version annotation.
func CleanupClusterResource ¶
func CleanupClusterResource(ctx context.Context, client ctrlruntimeclient.Client, obj ctrlruntimeclient.Object, name string) error
CleanupClusterResource attempts to find a cluster-wide resource and deletes it if it was found. If no resource with the given name exists, nil is returned.
func CleanupWebhookServices ¶ added in v2.21.0
func CleanupWebhookServices(ctx context.Context, client ctrlruntimeclient.Client, logger *zap.SugaredLogger, namespace string)
CleanupWebhookServices removes the unused webhook services. It's here because we need to exact same logic on master and seed clusters.
func DeleteObject ¶ added in v2.21.0
func DeleteObject(ctx context.Context, client ctrlruntimeclient.Client, name, namespace string, obj ctrlruntimeclient.Object) error
func DeleteService ¶ added in v2.21.0
func DockercfgSecretCreator ¶
func DockercfgSecretCreator(cfg *kubermaticv1.KubermaticConfiguration) reconciling.NamedSecretCreatorGetter
func KubermaticConfigurationAdmissionWebhookCreator ¶ added in v2.21.0
func KubermaticConfigurationAdmissionWebhookCreator(ctx context.Context, cfg *kubermaticv1.KubermaticConfiguration, client ctrlruntimeclient.Client) reconciling.NamedValidatingWebhookConfigurationCreatorGetter
func KubermaticConfigurationAdmissionWebhookName ¶ added in v2.21.0
func KubermaticConfigurationAdmissionWebhookName(cfg *kubermaticv1.KubermaticConfiguration) string
func OwnershipModifierFactory ¶
func OwnershipModifierFactory(owner metav1.Object, scheme *runtime.Scheme) reconciling.ObjectModifier
OwnershipModifierFactory is generating a new ObjectModifier that wraps an ObjectCreator and takes care of applying the ownership and other labels for all managed objects.
func ProxyEnvironmentVars ¶
func ProxyEnvironmentVars(cfg *kubermaticv1.KubermaticConfiguration) []corev1.EnvVar
func SeedAdmissionWebhookCreator ¶
func SeedAdmissionWebhookCreator(ctx context.Context, cfg *kubermaticv1.KubermaticConfiguration, client ctrlruntimeclient.Client) reconciling.NamedValidatingWebhookConfigurationCreatorGetter
func SeedAdmissionWebhookName ¶
func SeedAdmissionWebhookName(cfg *kubermaticv1.KubermaticConfiguration) string
func StringifyFeatureGates ¶
func StringifyFeatureGates(cfg *kubermaticv1.KubermaticConfiguration) string
StringifyFeatureGates takes a set of enabled features and returns a comma-separated key=value list like "featureA=true,featureB=true,...". The list of feature gates is sorted, so the output of this function is stable.
func VolumeRevisionLabelsModifierFactory ¶
func VolumeRevisionLabelsModifierFactory(ctx context.Context, client ctrlruntimeclient.Client) reconciling.ObjectModifier
VolumeRevisionLabelsModifierFactory scans volume mounts for pod templates for ConfigMaps and Secrets and will then put new labels for these mounts onto the pod template, causing restarts when the volumes changed.
func WebhookCABundle ¶ added in v2.16.3
func WebhookCABundle(ctx context.Context, cfg *kubermaticv1.KubermaticConfiguration, client ctrlruntimeclient.Client) ([]byte, error)
func WebhookClusterRoleBindingCreator ¶ added in v2.21.0
func WebhookClusterRoleBindingCreator(cfg *kubermaticv1.KubermaticConfiguration) reconciling.NamedClusterRoleBindingCreatorGetter
func WebhookClusterRoleBindingName ¶ added in v2.21.0
func WebhookClusterRoleBindingName(cfg *kubermaticv1.KubermaticConfiguration) string
func WebhookClusterRoleCreator ¶ added in v2.21.0
func WebhookClusterRoleCreator(cfg *kubermaticv1.KubermaticConfiguration) reconciling.NamedClusterRoleCreatorGetter
func WebhookClusterRoleName ¶ added in v2.21.0
func WebhookClusterRoleName(cfg *kubermaticv1.KubermaticConfiguration) string
func WebhookDeploymentCreator ¶ added in v2.21.0
func WebhookDeploymentCreator(cfg *kubermaticv1.KubermaticConfiguration, versions kubermatic.Versions, seed *kubermaticv1.Seed, removeSeed bool) reconciling.NamedDeploymentCreatorGetter
WebhookDeploymentCreator returns a DeploymentCreator for the Kubermatic webhook. The removeSeed flag should always be set to false, except for during seed cleanup. This is important because on shared master+seed clusters, when the Seed is removed, the -seed-name flag must be gone. But because the creator is careful to not accidentally remove the flag (so that the master-operator does not wipe the seed-operator's work), a separate parameter is needed to indicate that yes, we want to in fact remove the flag.
func WebhookRoleBindingCreator ¶ added in v2.21.0
func WebhookRoleBindingCreator(cfg *kubermaticv1.KubermaticConfiguration) reconciling.NamedRoleBindingCreatorGetter
func WebhookRoleCreator ¶ added in v2.21.0
func WebhookRoleCreator(cfg *kubermaticv1.KubermaticConfiguration) reconciling.NamedRoleCreatorGetter
func WebhookServiceAccountCreator ¶ added in v2.21.0
func WebhookServiceAccountCreator(cfg *kubermaticv1.KubermaticConfiguration) reconciling.NamedServiceAccountCreatorGetter
func WebhookServiceCreator ¶ added in v2.21.0
func WebhookServiceCreator(cfg *kubermaticv1.KubermaticConfiguration, client ctrlruntimeclient.Client) reconciling.NamedServiceCreatorGetter
WebhookServiceCreator creates the Service for all KKP webhooks.
func WebhookServingCASecretCreator ¶ added in v2.16.3
func WebhookServingCASecretCreator(cfg *kubermaticv1.KubermaticConfiguration) reconciling.NamedSecretCreatorGetter
func WebhookServingCertSecretCreator ¶ added in v2.16.3
func WebhookServingCertSecretCreator(ctx context.Context, cfg *kubermaticv1.KubermaticConfiguration, client ctrlruntimeclient.Client) reconciling.NamedSecretCreatorGetter
Types ¶
This section is empty.