common

package
v2.27.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 18, 2025 License: Apache-2.0 Imports: 34 Imported by: 1

Documentation

Index

Constants

View Source 
const (
	// NameLabel is the label containing the application's name.
	NameLabel = "app.kubernetes.io/name"

	// VersionLabel is the label containing the application's version.
	VersionLabel = resources.VersionLabel

	// InstanceLabel is A unique name identifying the instance of an application.
	InstanceLabel = "app.kubernetes.io/instance"

	// ComponentLabel is the label of the component within the architecture.
	ComponentLabel = "app.kubernetes.io/component"

	DockercfgSecretName = "dockercfg"

	WebhookServiceName        = "kubermatic-webhook"
	WebhookRoleName           = "kubermatic-webhook"
	WebhookRoleBindingName    = "kubermatic-webhook"
	WebhookServiceAccountName = "kubermatic-webhook"

	// SeedWebhookServiceName is deprecated and only exists to facilitate cleanup by the operator.
	SeedWebhookServiceName = "seed-webhook"
	// ClusterWebhookServiceName is deprecated and only exists to facilitate cleanup by the operator.
	ClusterWebhookServiceName = "cluster-webhook"

	// UserSSHKeyAdmissionWebhookName is the name of the validating and mutation webhooks for UserSSHKeys.
	UserSSHKeyAdmissionWebhookName = "kubermatic-usersshkeys"

	// UserAdmissionWebhookName is the name of the validating webhook for Users.
	UserAdmissionWebhookName = "kubermatic-users"

	// ResourceQuotaAdmissionWebhookName is the name of the validating and mutating webhook for ResourceQuotas.
	ResourceQuotaAdmissionWebhookName = "kubermatic-resourcequotas"

	// ExternalClusterAdmissionWebhookName is the name of the mutating webhook for ExternalClusters.
	ExternalClusterAdmissionWebhookName = "kubermatic-externalclusters"

	// ApplicationDefinitionAdmissionWebhookName is the name of the validating webhook for ApplicationDefnition.
	ApplicationDefinitionAdmissionWebhookName = "kubermatic-application-definitions"

	// GroupProjectBindingAdmissionWebhookName is the name of the validating webhook for GroupProjectBindings.
	GroupProjectBindingAdmissionWebhookName = "kubermatic-groupprojectbindings"

	// PoliciesAdmissionWebhookName is the name of the validating webhook that implements deletion policies.
	PoliciesAdmissionWebhookName = "kubermatic-policies"

	WebhookServingCASecretName   = "webhook-ca"
	WebhookServingCertSecretName = "webhook-cert"

	IngressName                           = "kubermatic"
	MasterControllerManagerDeploymentName = "kubermatic-master-controller-manager"
	SeedControllerManagerDeploymentName   = "kubermatic-seed-controller-manager"
	WebhookDeploymentName                 = "kubermatic-webhook"

	CleanupFinalizer = "kubermatic.k8c.io/cleanup"

	// SkipReconcilingAnnotation can be used on Seed resources to make
	// the operator ignore them and not reconcile the seed components into
	// the cluster. This should only be used during cluster migrations.
	SkipReconcilingAnnotation = "kubermatic.k8c.io/skip-reconciling"
)
View Source 
const (
	// OperatorName is used as the value for ManagedBy labels to establish
	// a weak ownership to reconciled resources.
	OperatorName = "kubermatic-operator"
)

Variables

View Source 
var (
	// ContainerSecurityContext is a default common security context for containers
	// in the kubermatic/kubermatic container image.
	ContainerSecurityContext = corev1.SecurityContext{
		AllowPrivilegeEscalation: resources.Bool(false),
		ReadOnlyRootFilesystem:   resources.Bool(true),
		Capabilities: &corev1.Capabilities{
			Drop: []corev1.Capability{
				corev1.Capability("ALL"),
			},
		},
	}

	// PodSecurityContext is a default common security context for Pods
	// using the kubermatic/kubermatic image.
	PodSecurityContext = corev1.PodSecurityContext{
		RunAsNonRoot: resources.Bool(true),
		RunAsUser:    resources.Int64(65534),
		RunAsGroup:   resources.Int64(65534),
		FSGroup:      resources.Int64(65534),
		SeccompProfile: &corev1.SeccompProfile{
			Type: corev1.SeccompProfileTypeRuntimeDefault,
		},
	}
)
View Source 
var (
	// ManagedByOperatorPredicate is a predicate that matches all resources created by
	// the Kubermatic Operator, based on the ManagedBy label.
	ManagedByOperatorPredicate = predicate.Factory(func(o ctrlruntimeclient.Object) bool {
		for _, ref := range o.GetOwnerReferences() {
			if isKubermaticConfiguration(ref) || isSeed(ref) {
				return true
			}
		}

		return false
	})

	// ManagedByOperatorSelector is a label selector that matches all resources created by
	// the Kubermatic Operator.
	ManagedByOperatorSelector, _ = labels.NewRequirement(modifier.ManagedByLabel, selection.Equals, []string{OperatorName})
)

Functions

func ApplicationDefinitionMutatingWebhookConfigurationReconciler added in v2.22.0 

func ApplicationDefinitionMutatingWebhookConfigurationReconciler(ctx context.Context, cfg *kubermaticv1.KubermaticConfiguration, client ctrlruntimeclient.Client) reconciling.NamedMutatingWebhookConfigurationReconcilerFactory

func ApplicationDefinitionValidatingWebhookConfigurationReconciler added in v2.22.0 

func ApplicationDefinitionValidatingWebhookConfigurationReconciler(ctx context.Context, cfg *kubermaticv1.KubermaticConfiguration, client ctrlruntimeclient.Client) reconciling.NamedValidatingWebhookConfigurationReconcilerFactory

func CRDReconciler added in v2.22.0 

func CRDReconciler(crd *apiextensionsv1.CustomResourceDefinition, log *zap.SugaredLogger, versions kubermaticversion.Versions) kkpreconciling.NamedCustomResourceDefinitionReconcilerFactory

CRDReconciler will reconcile a CRD, but only if the existing CRD is older or the same version (i.e. this function will never downgrade a CRD). Up- and downgrading is only defined for KKP CRDs which have a version annotation.

func CleanupClusterResource 

func CleanupClusterResource(ctx context.Context, client ctrlruntimeclient.Client, obj ctrlruntimeclient.Object, name string) error

CleanupClusterResource attempts to find a cluster-wide resource and deletes it if it was found. If no resource with the given name exists, nil is returned.

func CleanupWebhookServices added in v2.21.0 

func CleanupWebhookServices(ctx context.Context, client ctrlruntimeclient.Client, logger *zap.SugaredLogger, namespace string)

CleanupWebhookServices removes the unused webhook services. It's here because we need to exact same logic on master and seed clusters.

func DeleteObject added in v2.21.0 

func DeleteObject(ctx context.Context, client ctrlruntimeclient.Client, name, namespace string, obj ctrlruntimeclient.Object) error

func DeleteService added in v2.21.0 

func DeleteService(ctx context.Context, client ctrlruntimeclient.Client, name, namespace string) error

func DockercfgSecretReconciler added in v2.22.0 

func DockercfgSecretReconciler(cfg *kubermaticv1.KubermaticConfiguration) reconciling.NamedSecretReconcilerFactory

func KubermaticConfigurationAdmissionWebhookName added in v2.21.0 

func KubermaticConfigurationAdmissionWebhookName(cfg *kubermaticv1.KubermaticConfiguration) string

func KubermaticConfigurationAdmissionWebhookReconciler added in v2.22.0 

func KubermaticConfigurationAdmissionWebhookReconciler(ctx context.Context, cfg *kubermaticv1.KubermaticConfiguration, client ctrlruntimeclient.Client) reconciling.NamedValidatingWebhookConfigurationReconcilerFactory

func KubermaticProxyEnvironmentVars added in v2.19.14 

func KubermaticProxyEnvironmentVars(p *kubermaticv1.KubermaticProxyConfiguration) (result []corev1.EnvVar)

KubermaticProxyEnvironmentVars returns ProxySettings from Kubermatic configuration as env vars.

func PoliciesWebhookConfigurationReconciler added in v2.26.0 

func PoliciesWebhookConfigurationReconciler(ctx context.Context, cfg *kubermaticv1.KubermaticConfiguration, client ctrlruntimeclient.Client) reconciling.NamedValidatingWebhookConfigurationReconcilerFactory

func SeedAdmissionWebhookName 

func SeedAdmissionWebhookName(cfg *kubermaticv1.KubermaticConfiguration) string

func SeedAdmissionWebhookReconciler added in v2.22.0 

func SeedAdmissionWebhookReconciler(ctx context.Context, cfg *kubermaticv1.KubermaticConfiguration, client ctrlruntimeclient.Client) reconciling.NamedValidatingWebhookConfigurationReconcilerFactory

func SeedProxyEnvironmentVars added in v2.19.14 

func SeedProxyEnvironmentVars(p *kubermaticv1.ProxySettings) (result []corev1.EnvVar)

SeedProxyEnvironmentVars returns ProxySettings from Seed as env vars.

func StringifyFeatureGates 

func StringifyFeatureGates(cfg *kubermaticv1.KubermaticConfiguration) string

StringifyFeatureGates takes a set of enabled features and returns a comma-separated key=value list like "featureA=true,featureB=true,...". The list of feature gates is sorted, so the output of this function is stable.

func WebhookCABundle added in v2.16.3 

func WebhookCABundle(ctx context.Context, cfg *kubermaticv1.KubermaticConfiguration, client ctrlruntimeclient.Client) ([]byte, error)

func WebhookClusterRoleBindingName added in v2.21.0 

func WebhookClusterRoleBindingName(cfg *kubermaticv1.KubermaticConfiguration) string

func WebhookClusterRoleBindingReconciler added in v2.22.0 

func WebhookClusterRoleBindingReconciler(cfg *kubermaticv1.KubermaticConfiguration) reconciling.NamedClusterRoleBindingReconcilerFactory

func WebhookClusterRoleName added in v2.21.0 

func WebhookClusterRoleName(cfg *kubermaticv1.KubermaticConfiguration) string

func WebhookClusterRoleReconciler added in v2.22.0 

func WebhookClusterRoleReconciler(cfg *kubermaticv1.KubermaticConfiguration) reconciling.NamedClusterRoleReconcilerFactory

func WebhookDeploymentReconciler added in v2.22.0 

func WebhookDeploymentReconciler(cfg *kubermaticv1.KubermaticConfiguration, versions kubermatic.Versions, seed *kubermaticv1.Seed, removeSeed bool) reconciling.NamedDeploymentReconcilerFactory

WebhookDeploymentReconciler returns a DeploymentReconciler for the Kubermatic webhook. The removeSeed flag should always be set to false, except for during seed cleanup. This is important because on shared master+seed clusters, when the Seed is removed, the -seed-name flag must be gone. But because the creator is careful to not accidentally remove the flag (so that the master-operator does not wipe the seed-operator's work), a separate parameter is needed to indicate that yes, we want to in fact remove the flag.

func WebhookRoleBindingReconciler added in v2.22.0 

func WebhookRoleBindingReconciler(cfg *kubermaticv1.KubermaticConfiguration) reconciling.NamedRoleBindingReconcilerFactory

func WebhookRoleReconciler added in v2.22.0 

func WebhookRoleReconciler(cfg *kubermaticv1.KubermaticConfiguration) reconciling.NamedRoleReconcilerFactory

func WebhookServiceAccountReconciler added in v2.22.0 

func WebhookServiceAccountReconciler(cfg *kubermaticv1.KubermaticConfiguration) reconciling.NamedServiceAccountReconcilerFactory

func WebhookServiceReconciler added in v2.22.0 

func WebhookServiceReconciler(cfg *kubermaticv1.KubermaticConfiguration, client ctrlruntimeclient.Client) reconciling.NamedServiceReconcilerFactory

WebhookServiceReconciler creates the Service for all KKP webhooks.

func WebhookServingCASecretReconciler added in v2.22.0 

func WebhookServingCASecretReconciler(cfg *kubermaticv1.KubermaticConfiguration) reconciling.NamedSecretReconcilerFactory

func WebhookServingCertSecretReconciler added in v2.22.0 

func WebhookServingCertSecretReconciler(ctx context.Context, cfg *kubermaticv1.KubermaticConfiguration, client ctrlruntimeclient.Client) reconciling.NamedSecretReconcilerFactory

Types

This section is empty.

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.