common

package
v2.26.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 27, 2024 License: Apache-2.0 Imports: 36 Imported by: 1

Documentation

Index

Constants

View Source
const (
	// NameLabel is the label containing the application's name.
	NameLabel = "app.kubernetes.io/name"

	// VersionLabel is the label containing the application's version.
	VersionLabel = resources.VersionLabel

	// InstanceLabel is A unique name identifying the instance of an application.
	InstanceLabel = "app.kubernetes.io/instance"

	// ComponentLabel is the label of the component within the architecture.
	ComponentLabel = "app.kubernetes.io/component"

	DockercfgSecretName = "dockercfg"

	WebhookServiceName        = "kubermatic-webhook"
	WebhookRoleName           = "kubermatic-webhook"
	WebhookRoleBindingName    = "kubermatic-webhook"
	WebhookServiceAccountName = "kubermatic-webhook"

	// SeedWebhookServiceName is deprecated and only exists to facilitate cleanup by the operator.
	SeedWebhookServiceName = "seed-webhook"
	// ClusterWebhookServiceName is deprecated and only exists to facilitate cleanup by the operator.
	ClusterWebhookServiceName = "cluster-webhook"

	// UserSSHKeyAdmissionWebhookName is the name of the validating and mutation webhooks for UserSSHKeys.
	UserSSHKeyAdmissionWebhookName = "kubermatic-usersshkeys"

	// UserAdmissionWebhookName is the name of the validating webhook for Users.
	UserAdmissionWebhookName = "kubermatic-users"

	// ResourceQuotaAdmissionWebhookName is the name of the validating and mutating webhook for ResourceQuotas.
	ResourceQuotaAdmissionWebhookName = "kubermatic-resourcequotas"

	// ExternalClusterAdmissionWebhookName is the name of the mutating webhook for ExternalClusters.
	ExternalClusterAdmissionWebhookName = "kubermatic-externalclusters"

	// ApplicationDefinitionAdmissionWebhookName is the name of the validating webhook for ApplicationDefnition.
	ApplicationDefinitionAdmissionWebhookName = "kubermatic-application-definitions"

	// GroupProjectBindingAdmissionWebhookName is the name of the validating webhook for GroupProjectBindings.
	GroupProjectBindingAdmissionWebhookName = "kubermatic-groupprojectbindings"

	// PoliciesAdmissionWebhookName is the name of the validating webhook that implements deletion policies.
	PoliciesAdmissionWebhookName = "kubermatic-policies"

	WebhookServingCASecretName   = "webhook-ca"
	WebhookServingCertSecretName = "webhook-cert"

	IngressName                           = "kubermatic"
	MasterControllerManagerDeploymentName = "kubermatic-master-controller-manager"
	SeedControllerManagerDeploymentName   = "kubermatic-seed-controller-manager"
	WebhookDeploymentName                 = "kubermatic-webhook"

	CleanupFinalizer = "kubermatic.k8c.io/cleanup"

	// SkipReconcilingAnnotation can be used on Seed resources to make
	// the operator ignore them and not reconcile the seed components into
	// the cluster. This should only be used during cluster migrations.
	SkipReconcilingAnnotation = "kubermatic.k8c.io/skip-reconciling"
)
View Source
const (
	// OperatorName is used as the value for ManagedBy labels to establish
	// a weak ownership to reconciled resources.
	OperatorName = "kubermatic-operator"

	// ManagedByLabel is the label used to identify the resources
	// created by this controller.
	ManagedByLabel = "app.kubernetes.io/managed-by"
)

Variables

View Source
var (
	// ContainerSecurityContext is a default common security context for containers
	// in the kubermatic/kubermatic container image.
	ContainerSecurityContext = corev1.SecurityContext{
		AllowPrivilegeEscalation: resources.Bool(false),
		ReadOnlyRootFilesystem:   resources.Bool(true),
		Capabilities: &corev1.Capabilities{
			Drop: []corev1.Capability{
				corev1.Capability("ALL"),
			},
		},
	}

	// PodSecurityContext is a default common security context for Pods
	// using the kubermatic/kubermatic image.
	PodSecurityContext = corev1.PodSecurityContext{
		RunAsNonRoot: resources.Bool(true),
		RunAsUser:    resources.Int64(65534),
		RunAsGroup:   resources.Int64(65534),
		FSGroup:      resources.Int64(65534),
		SeccompProfile: &corev1.SeccompProfile{
			Type: corev1.SeccompProfileTypeRuntimeDefault,
		},
	}
)
View Source
var (
	// ManagedByOperatorPredicate is a predicate that matches all resources created by
	// the Kubermatic Operator, based on the ManagedBy label.
	ManagedByOperatorPredicate = predicate.Factory(func(o ctrlruntimeclient.Object) bool {
		for _, ref := range o.GetOwnerReferences() {
			if isKubermaticConfiguration(ref) || isSeed(ref) {
				return true
			}
		}

		return false
	})

	// ManagedByOperatorSelector is a label selector that matches all resources created by
	// the Kubermatic Operator.
	ManagedByOperatorSelector, _ = labels.NewRequirement(ManagedByLabel, selection.Equals, []string{OperatorName})
)

Functions

func CRDReconciler added in v2.22.0

CRDReconciler will reconcile a CRD, but only if the existing CRD is older or the same version (i.e. this function will never downgrade a CRD). Up- and downgrading is only defined for KKP CRDs which have a version annotation.

func CleanupClusterResource

func CleanupClusterResource(ctx context.Context, client ctrlruntimeclient.Client, obj ctrlruntimeclient.Object, name string) error

CleanupClusterResource attempts to find a cluster-wide resource and deletes it if it was found. If no resource with the given name exists, nil is returned.

func CleanupWebhookServices added in v2.21.0

func CleanupWebhookServices(ctx context.Context, client ctrlruntimeclient.Client, logger *zap.SugaredLogger, namespace string)

CleanupWebhookServices removes the unused webhook services. It's here because we need to exact same logic on master and seed clusters.

func DeleteObject added in v2.21.0

func DeleteObject(ctx context.Context, client ctrlruntimeclient.Client, name, namespace string, obj ctrlruntimeclient.Object) error

func DeleteService added in v2.21.0

func DeleteService(ctx context.Context, client ctrlruntimeclient.Client, name, namespace string) error

func KubermaticConfigurationAdmissionWebhookName added in v2.21.0

func KubermaticConfigurationAdmissionWebhookName(cfg *kubermaticv1.KubermaticConfiguration) string

func KubermaticProxyEnvironmentVars added in v2.19.14

func KubermaticProxyEnvironmentVars(p *kubermaticv1.KubermaticProxyConfiguration) (result []corev1.EnvVar)

KubermaticProxyEnvironmentVars returns ProxySettings from Kubermatic configuration as env vars.

func OwnershipModifierFactory

func OwnershipModifierFactory(owner metav1.Object, scheme *runtime.Scheme) reconciling.ObjectModifier

OwnershipModifierFactory is generating a new ObjectModifier that wraps an ObjectReconciler and takes care of applying the ownership and other labels for all managed objects.

func SeedAdmissionWebhookName

func SeedAdmissionWebhookName(cfg *kubermaticv1.KubermaticConfiguration) string

func SeedProxyEnvironmentVars added in v2.19.14

func SeedProxyEnvironmentVars(p *kubermaticv1.ProxySettings) (result []corev1.EnvVar)

SeedProxyEnvironmentVars returns ProxySettings from Seed as env vars.

func StringifyFeatureGates

func StringifyFeatureGates(cfg *kubermaticv1.KubermaticConfiguration) string

StringifyFeatureGates takes a set of enabled features and returns a comma-separated key=value list like "featureA=true,featureB=true,...". The list of feature gates is sorted, so the output of this function is stable.

func VersionLabelModifierFactory added in v2.25.0

func VersionLabelModifierFactory(version string) reconciling.ObjectModifier

VersionLabelModifierFactory adds the version label for Deployments and their corresponding pods.

func VolumeRevisionLabelsModifierFactory

func VolumeRevisionLabelsModifierFactory(ctx context.Context, client ctrlruntimeclient.Client) reconciling.ObjectModifier

VolumeRevisionLabelsModifierFactory scans volume mounts for pod templates for ConfigMaps and Secrets and will then put new labels for these mounts onto the pod template, causing restarts when the volumes changed.

func WebhookCABundle added in v2.16.3

func WebhookCABundle(ctx context.Context, cfg *kubermaticv1.KubermaticConfiguration, client ctrlruntimeclient.Client) ([]byte, error)

func WebhookClusterRoleBindingName added in v2.21.0

func WebhookClusterRoleBindingName(cfg *kubermaticv1.KubermaticConfiguration) string

func WebhookClusterRoleName added in v2.21.0

func WebhookClusterRoleName(cfg *kubermaticv1.KubermaticConfiguration) string

func WebhookDeploymentReconciler added in v2.22.0

func WebhookDeploymentReconciler(cfg *kubermaticv1.KubermaticConfiguration, versions kubermatic.Versions, seed *kubermaticv1.Seed, removeSeed bool) reconciling.NamedDeploymentReconcilerFactory

WebhookDeploymentReconciler returns a DeploymentReconciler for the Kubermatic webhook. The removeSeed flag should always be set to false, except for during seed cleanup. This is important because on shared master+seed clusters, when the Seed is removed, the -seed-name flag must be gone. But because the creator is careful to not accidentally remove the flag (so that the master-operator does not wipe the seed-operator's work), a separate parameter is needed to indicate that yes, we want to in fact remove the flag.

func WebhookServiceReconciler added in v2.22.0

WebhookServiceReconciler creates the Service for all KKP webhooks.

func WebhookServingCASecretReconciler added in v2.22.0

Types

This section is empty.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL