apiserver

package
v3.0.0-...-d6c4d9c Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 14, 2023 License: Apache-2.0 Imports: 46 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func AdmissionControlReconciler 

func AdmissionControlReconciler(data *resources.TemplateData) reconciling.NamedConfigMapReconcilerFactory

func AuditConfigMapReconciler 

func AuditConfigMapReconciler(data *resources.TemplateData) reconciling.NamedConfigMapReconcilerFactory

func CABundleReconciler 

func CABundleReconciler(data caBundleProvider) reconciling.NamedConfigMapReconcilerFactory

func ClusterExternalAddrAllowReconciler 

func ClusterExternalAddrAllowReconciler(egressIPs []net.IP, exposeStrategy kubermaticv1.ExposeStrategy) reconciling.NamedNetworkPolicyReconcilerFactory

ClusterExternalAddrAllowReconciler returns a func to create/update the apiserver cluster-external-addr-allow egress policy. This policy is necessary in Konnectivity setup, so that konnectivity-server can connect to the apiserver via the external URL (used as service-account-issuer) to validate konnectivity-agent authentication token.

func DNSAllowReconciler 

func DNSAllowReconciler(c *kubermaticv1.Cluster, data *resources.TemplateData) reconciling.NamedNetworkPolicyReconcilerFactory

DNSAllowReconciler returns a func to create/update the apiserver DNS allow egress policy.

func DenyAllPolicyReconciler 

func DenyAllPolicyReconciler() reconciling.NamedNetworkPolicyReconcilerFactory

DenyAllPolicyReconciler returns a func to create/update the apiserver deny all egress policy.

func DeploymentReconciler 

func DeploymentReconciler(data *resources.TemplateData, enableOIDCAuthentication bool) reconciling.NamedDeploymentReconcilerFactory

DeploymentReconciler returns the function to create and update the API server deployment.

func EctdAllowReconciler 

func EctdAllowReconciler(c *kubermaticv1.Cluster) reconciling.NamedNetworkPolicyReconcilerFactory

EctdAllowReconciler returns a func to create/update the apiserver ETCD allow egress policy.

func EgressSelectorConfigReconciler 

func EgressSelectorConfigReconciler() reconciling.NamedConfigMapReconcilerFactory

EgressSelectorConfigReconciler returns function to create cm that contains egress selection configuration for apiserver to work with konnectivity proxy.

func EncryptionConfigurationSecretReconciler 

func EncryptionConfigurationSecretReconciler(data encryptionData) reconciling.NamedSecretReconcilerFactory

func EncryptionResourcesForDeletion 

func EncryptionResourcesForDeletion(namespace string) []ctrlruntimeclient.Object

func EtcdClientCertificateReconciler 

func EtcdClientCertificateReconciler(data etcdClientCertificateReconcilerData) reconciling.NamedSecretReconcilerFactory

EtcdClientCertificateReconciler returns a function to create/update the secret with the client certificate for authenticating against etcd.

func FluentBitSecretReconciler 

func FluentBitSecretReconciler(data *resources.TemplateData) reconciling.NamedSecretReconcilerFactory

FluentBitSecretReconciler returns a reconciling.NamedSecretReconcilerFactory for a secret that contains fluent-bit configuration for the audit-logs sidecar.

func FrontProxyClientCertificateReconciler 

func FrontProxyClientCertificateReconciler(data frontProxyClientCertificateReconcilerData) reconciling.NamedSecretReconcilerFactory

FrontProxyClientCertificateReconciler returns a function to create/update the secret with the client certificate for authenticating against extension apiserver.

func GetEnvVars 

func GetEnvVars(data kubeAPIServerEnvData) ([]corev1.EnvVar, error)

func IsRunningWrapper 

func IsRunningWrapper(data isRunningInitContainerData, spec corev1.PodSpec, containersToWrap sets.Set[string], crdsToWaitFor ...string) (*corev1.PodSpec, error)

IsRunningWrapper wraps the named containers in the pod with a check if the API server is reachable. This is achieved by copying a `http-prober` binary via an init container into an emptyDir volume, then mounting that volume onto all named containers and replacing the command with a call to the `http-prober` binary. The http prober binary gets the original command as serialized string and does an syscall.Exec onto it once the apiserver became reachable.

func KubeletClientCertificateReconciler 

func KubeletClientCertificateReconciler(data kubeletClientCertificateReconcilerData) reconciling.NamedSecretReconcilerFactory

KubeletClientCertificateReconciler returns a function to create/update a secret with the client certificate for the apiserver -> kubelet connection.

func MachineControllerWebhookAllowReconciler 

func MachineControllerWebhookAllowReconciler(c *kubermaticv1.Cluster) reconciling.NamedNetworkPolicyReconcilerFactory

func MetricsServerAllowReconciler 

func MetricsServerAllowReconciler(c *kubermaticv1.Cluster) reconciling.NamedNetworkPolicyReconcilerFactory

func OIDCIssuerAllowReconciler 

func OIDCIssuerAllowReconciler(egressIPs []net.IP) reconciling.NamedNetworkPolicyReconcilerFactory

OIDCIssuerAllowReconciler returns a func to create/update the apiserver oidc-issuer-allow egress policy.

func OSMWebhookAllowReconciler 

func OSMWebhookAllowReconciler(c *kubermaticv1.Cluster) reconciling.NamedNetworkPolicyReconcilerFactory

func OpenVPNServerAllowReconciler 

func OpenVPNServerAllowReconciler(c *kubermaticv1.Cluster) reconciling.NamedNetworkPolicyReconcilerFactory

OpenVPNServerAllowReconciler returns a func to create/update the apiserver OpenVPN allow egress policy.

func PodDisruptionBudgetReconciler 

func PodDisruptionBudgetReconciler() reconciling.NamedPodDisruptionBudgetReconcilerFactory

PodDisruptionBudgetReconciler returns a func to create/update the apiserver PodDisruptionBudget.

func ServiceAccountKeyReconciler 

func ServiceAccountKeyReconciler() reconciling.NamedSecretReconcilerFactory

ServiceAccountKeyReconciler returns a function to create/update a secret with the ServiceAccount key.

func ServiceReconciler 

func ServiceReconciler(exposeStrategy kubermaticv1.ExposeStrategy, externalURL string) reconciling.NamedServiceReconcilerFactory

ServiceReconciler returns the function to reconcile the external API server service.

func TLSServingCertificateReconciler 

func TLSServingCertificateReconciler(data tlsServingCertReconcilerData) reconciling.NamedSecretReconcilerFactory

TLSServingCertificateReconciler returns a function to create/update the secret with the apiserver tls certificate used to serve https.

func TokenUsersReconciler 

func TokenUsersReconciler(data *resources.TemplateData) reconciling.NamedSecretReconcilerFactory

TokenUsers returns a secret containing the tokens csv.

func TokenViewerReconciler 

func TokenViewerReconciler() reconciling.NamedSecretReconcilerFactory

TokenViewerReconciler returns a secret containing the viewer token.

func UserClusterWebhookAllowReconciler 

func UserClusterWebhookAllowReconciler(c *kubermaticv1.Cluster) reconciling.NamedNetworkPolicyReconcilerFactory

Types

type AdmissionConfiguration 

type AdmissionConfiguration struct {
	Kind string `yaml:"kind,omitempty"`

	APIVersion string `yaml:"apiVersion,omitempty"`

	// Plugins allows specifying a configuration per admission control plugin.
	Plugins []AdmissionPluginConfiguration `yaml:"plugins,omitempty"`
}

AdmissionConfiguration provides versioned configuration for admission controllers.

type AdmissionPluginConfiguration 

type AdmissionPluginConfiguration struct {
	// Name is the name of the admission controller.
	// It must match the registered admission plugin name.
	Name string `yaml:"name"`

	// Path is the path to a configuration file that contains the plugin's
	// configuration
	Path string `yaml:"path"`
}

AdmissionPluginConfiguration provides the configuration for a single plug-in.

type EventConfiguration 

type EventConfiguration struct {
	Kind       string       `yaml:"kind"`
	APIVersion string       `yaml:"apiVersion"`
	Limits     []EventLimit `yaml:"limits"`
}

type EventLimit 

type EventLimit struct {
	Type      string `yaml:"type"`
	QPS       int32  `yaml:"qps"`
	Burst     int32  `yaml:"burst"`
	CacheSize int32  `yaml:"cacheSize,omitempty"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.