Documentation
¶
Overview ¶
Package auth provides a general library to authorize Azure ARM clients.
Index ¶
- Variables
- type AzureClientConfig
- type CloudProviderCacheConfig
- type Config
- func (az *Config) DisableLoadBalancerOutboundSNAT() bool
- func (az *Config) ExcludeMasterNodesFromStandardLB() bool
- func (az *Config) GetPutVMSSVMBatchSize() int
- func (az *Config) HasExtendedLocation() bool
- func (az *Config) IsLBBackendPoolTypeNodeIP() bool
- func (az *Config) IsLBBackendPoolTypeNodeIPConfig() bool
- func (az *Config) IsStackCloud() bool
- func (az *Config) UseMultipleStandardLoadBalancers() bool
- func (az *Config) UseSingleStandardLoadBalancer() bool
- func (az *Config) UseStandardLoadBalancer() bool
- type MultipleStandardLoadBalancerConfiguration
- type MultipleStandardLoadBalancerConfigurationSpec
- type MultipleStandardLoadBalancerConfigurationStatus
Constants ¶
This section is empty.
Variables ¶
View Source
var ( // ErrorNoAuth indicates that no credentials are provided. ErrorNoAuth = fmt.Errorf("no credentials provided for Azure cloud provider") )
Functions ¶
This section is empty.
Types ¶
type AzureClientConfig ¶ added in v1.30.8
type AzureClientConfig struct {
azclient.ARMClientConfig `json:",inline" yaml:",inline"`
azclient.AzureAuthConfig `json:",inline" yaml:",inline"`
ratelimit.CloudProviderRateLimitConfig `json:",inline" yaml:",inline"`
CloudProviderCacheConfig `json:",inline" yaml:",inline"`
// Backoff retry limit
CloudProviderBackoffRetries int `json:"cloudProviderBackoffRetries,omitempty" yaml:"cloudProviderBackoffRetries,omitempty"`
// Backoff duration
CloudProviderBackoffDuration int `json:"cloudProviderBackoffDuration,omitempty" yaml:"cloudProviderBackoffDuration,omitempty"`
// The ID of the Azure Subscription that the cluster is deployed in
SubscriptionID string `json:"subscriptionId,omitempty" yaml:"subscriptionId,omitempty"`
// IdentitySystem indicates the identity provider. Relevant only to hybrid clouds (Azure Stack).
// Allowed values are 'azure_ad' (default), 'adfs'.
IdentitySystem string `json:"identitySystem,omitempty" yaml:"identitySystem,omitempty"`
// The ID of the Azure Subscription that the network resources are deployed in
NetworkResourceSubscriptionID string `json:"networkResourceSubscriptionID,omitempty" yaml:"networkResourceSubscriptionID,omitempty"`
}
AzureClientConfig holds azure client related part of cloud config
func (*AzureClientConfig) UsesNetworkResourceInDifferentSubscription ¶ added in v1.30.8
func (config *AzureClientConfig) UsesNetworkResourceInDifferentSubscription() bool
UsesNetworkResourceInDifferentSubscription determines whether the AzureAuthConfig indicates to use network resources in different Subscription than those for the cluster. Return true when NetworkResourceSubscriptionID is specified and not equal to one defined in global configs
type CloudProviderCacheConfig ¶ added in v1.30.8
type CloudProviderCacheConfig struct {
// DisableAPICallCache disables the cache for Azure API calls. It is for ARG support and not all resources will be disabled.
DisableAPICallCache bool `json:"disableAPICallCache,omitempty" yaml:"disableAPICallCache,omitempty"`
// NonVmssUniformNodesCacheTTLInSeconds sets the Cache TTL for NonVmssUniformNodesCacheTTLInSeconds
// if not set, will use default value
NonVmssUniformNodesCacheTTLInSeconds int `json:"nonVmssUniformNodesCacheTTLInSeconds,omitempty" yaml:"nonVmssUniformNodesCacheTTLInSeconds,omitempty"`
// VmssCacheTTLInSeconds sets the cache TTL for VMSS
VmssCacheTTLInSeconds int `json:"vmssCacheTTLInSeconds,omitempty" yaml:"vmssCacheTTLInSeconds,omitempty"`
// VmssVirtualMachinesCacheTTLInSeconds sets the cache TTL for vmssVirtualMachines
VmssVirtualMachinesCacheTTLInSeconds int `json:"vmssVirtualMachinesCacheTTLInSeconds,omitempty" yaml:"vmssVirtualMachinesCacheTTLInSeconds,omitempty"`
// VmssFlexCacheTTLInSeconds sets the cache TTL for VMSS Flex
VmssFlexCacheTTLInSeconds int `json:"vmssFlexCacheTTLInSeconds,omitempty" yaml:"vmssFlexCacheTTLInSeconds,omitempty"`
// VmssFlexVMCacheTTLInSeconds sets the cache TTL for vmss flex vms
VmssFlexVMCacheTTLInSeconds int `json:"vmssFlexVMCacheTTLInSeconds,omitempty" yaml:"vmssFlexVMCacheTTLInSeconds,omitempty"`
// VmCacheTTLInSeconds sets the cache TTL for vm
VMCacheTTLInSeconds int `json:"vmCacheTTLInSeconds,omitempty" yaml:"vmCacheTTLInSeconds,omitempty"`
// LoadBalancerCacheTTLInSeconds sets the cache TTL for load balancer
LoadBalancerCacheTTLInSeconds int `json:"loadBalancerCacheTTLInSeconds,omitempty" yaml:"loadBalancerCacheTTLInSeconds,omitempty"`
// NsgCacheTTLInSeconds sets the cache TTL for network security group
NsgCacheTTLInSeconds int `json:"nsgCacheTTLInSeconds,omitempty" yaml:"nsgCacheTTLInSeconds,omitempty"`
// RouteTableCacheTTLInSeconds sets the cache TTL for route table
RouteTableCacheTTLInSeconds int `json:"routeTableCacheTTLInSeconds,omitempty" yaml:"routeTableCacheTTLInSeconds,omitempty"`
// PlsCacheTTLInSeconds sets the cache TTL for private link service resource
PlsCacheTTLInSeconds int `json:"plsCacheTTLInSeconds,omitempty" yaml:"plsCacheTTLInSeconds,omitempty"`
// AvailabilitySetsCacheTTLInSeconds sets the cache TTL for VMAS
AvailabilitySetsCacheTTLInSeconds int `json:"availabilitySetsCacheTTLInSeconds,omitempty" yaml:"availabilitySetsCacheTTLInSeconds,omitempty"`
// PublicIPCacheTTLInSeconds sets the cache TTL for public ip
PublicIPCacheTTLInSeconds int `json:"publicIPCacheTTLInSeconds,omitempty" yaml:"publicIPCacheTTLInSeconds,omitempty"`
// RouteUpdateWaitingInSeconds is the delay time for waiting route updates to take effect. This waiting delay is added
// because the routes are not taken effect when the async route updating operation returns success. Default is 30 seconds.
RouteUpdateWaitingInSeconds int `json:"routeUpdateWaitingInSeconds,omitempty" yaml:"routeUpdateWaitingInSeconds,omitempty"`
}
type Config ¶ added in v1.31.2
type Config struct {
AzureClientConfig `json:",inline" yaml:",inline"`
// The cloud configure type for Azure cloud provider. Supported values are file, secret and merge.
CloudConfigType configloader.CloudConfigType `json:"cloudConfigType,omitempty" yaml:"cloudConfigType,omitempty"`
// The name of the resource group that the cluster is deployed in
ResourceGroup string `json:"resourceGroup,omitempty" yaml:"resourceGroup,omitempty"`
// The location of the resource group that the cluster is deployed in
Location string `json:"location,omitempty" yaml:"location,omitempty"`
// The name of site where the cluster will be deployed to that is more granular than the region specified by the "location" field.
// Currently only public ip, load balancer and managed disks support this.
ExtendedLocationName string `json:"extendedLocationName,omitempty" yaml:"extendedLocationName,omitempty"`
// The type of site that is being targeted.
// Currently only public ip, load balancer and managed disks support this.
ExtendedLocationType string `json:"extendedLocationType,omitempty" yaml:"extendedLocationType,omitempty"`
// The name of the VNet that the cluster is deployed in
VnetName string `json:"vnetName,omitempty" yaml:"vnetName,omitempty"`
// The name of the resource group that the Vnet is deployed in
VnetResourceGroup string `json:"vnetResourceGroup,omitempty" yaml:"vnetResourceGroup,omitempty"`
// The name of the subnet that the cluster is deployed in
SubnetName string `json:"subnetName,omitempty" yaml:"subnetName,omitempty"`
// The name of the security group attached to the cluster's subnet
SecurityGroupName string `json:"securityGroupName,omitempty" yaml:"securityGroupName,omitempty"`
// The name of the resource group that the security group is deployed in
SecurityGroupResourceGroup string `json:"securityGroupResourceGroup,omitempty" yaml:"securityGroupResourceGroup,omitempty"`
// (Optional in 1.6) The name of the route table attached to the subnet that the cluster is deployed in
RouteTableName string `json:"routeTableName,omitempty" yaml:"routeTableName,omitempty"`
// The name of the resource group that the RouteTable is deployed in
RouteTableResourceGroup string `json:"routeTableResourceGroup,omitempty" yaml:"routeTableResourceGroup,omitempty"`
// (Optional) The name of the availability set that should be used as the load balancer backend
// If this is set, the Azure cloudprovider will only add nodes from that availability set to the load
// balancer backend pool. If this is not set, and multiple agent pools (availability sets) are used, then
// the cloudprovider will try to add all nodes to a single backend pool which is forbidden.
// In other words, if you use multiple agent pools (availability sets), you MUST set this field.
PrimaryAvailabilitySetName string `json:"primaryAvailabilitySetName,omitempty" yaml:"primaryAvailabilitySetName,omitempty"`
// The type of azure nodes. Candidate values are: vmss, standard and vmssflex.
// If not set, it will be default to vmss.
VMType string `json:"vmType,omitempty" yaml:"vmType,omitempty"`
// The name of the scale set that should be used as the load balancer backend.
// If this is set, the Azure cloudprovider will only add nodes from that scale set to the load
// balancer backend pool. If this is not set, and multiple agent pools (scale sets) are used, then
// the cloudprovider will try to add all nodes to a single backend pool which is forbidden in the basic sku.
// In other words, if you use multiple agent pools (scale sets), and loadBalancerSku is set to basic, you MUST set this field.
PrimaryScaleSetName string `json:"primaryScaleSetName,omitempty" yaml:"primaryScaleSetName,omitempty"`
// Tags determines what tags shall be applied to the shared resources managed by controller manager, which
// includes load balancer, security group and route table. The supported format is `a=b,c=d,...`. After updated
// this config, the old tags would be replaced by the new ones.
// Because special characters are not supported in "tags" configuration, "tags" support would be removed in a future release,
// please consider migrating the config to "tagsMap".
Tags string `json:"tags,omitempty" yaml:"tags,omitempty"`
// TagsMap is similar to Tags but holds tags with special characters such as `=` and `,`.
TagsMap map[string]string `json:"tagsMap,omitempty" yaml:"tagsMap,omitempty"`
// SystemTags determines the tag keys managed by cloud provider. If it is not set, no tags would be deleted if
// the `Tags` is changed. However, the old tags would be deleted if they are neither included in `Tags` nor
// in `SystemTags` after the update of `Tags`.
// SystemTags now support prefix match, which means that if a key in `SystemTags` is a prefix of a key in `Tags`, that tag will not be deleted
SystemTags string `json:"systemTags,omitempty" yaml:"systemTags,omitempty"`
// Sku of Load Balancer and Public IP. Candidate values are: basic and standard.
// If not set, it will be default to basic.
LoadBalancerSKU string `json:"loadBalancerSku,omitempty" yaml:"loadBalancerSku,omitempty"`
// LoadBalancerName determines the specific name of the load balancer user want to use, working with
// LoadBalancerResourceGroup
LoadBalancerName string `json:"loadBalancerName,omitempty" yaml:"loadBalancerName,omitempty"`
// LoadBalancerResourceGroup determines the specific resource group of the load balancer user want to use, working
// with LoadBalancerName
LoadBalancerResourceGroup string `json:"loadBalancerResourceGroup,omitempty" yaml:"loadBalancerResourceGroup,omitempty"`
// PreConfiguredBackendPoolLoadBalancerTypes determines whether the LoadBalancer BackendPool has been preconfigured.
// Candidate values are:
// "": exactly with today (not pre-configured for any LBs)
// "internal": for internal LoadBalancer
// "external": for external LoadBalancer
// "all": for both internal and external LoadBalancer
PreConfiguredBackendPoolLoadBalancerTypes string `json:"preConfiguredBackendPoolLoadBalancerTypes,omitempty" yaml:"preConfiguredBackendPoolLoadBalancerTypes,omitempty"`
// DisableAvailabilitySetNodes disables VMAS nodes support when "VMType" is set to "vmss".
DisableAvailabilitySetNodes bool `json:"disableAvailabilitySetNodes,omitempty" yaml:"disableAvailabilitySetNodes,omitempty"`
// EnableVmssFlexNodes enables vmss flex nodes support when "VMType" is set to "vmss".
EnableVmssFlexNodes bool `json:"enableVmssFlexNodes,omitempty" yaml:"enableVmssFlexNodes,omitempty"`
// Use instance metadata service where possible
UseInstanceMetadata bool `json:"useInstanceMetadata,omitempty" yaml:"useInstanceMetadata,omitempty"`
// Backoff exponent
CloudProviderBackoffExponent float64 `json:"cloudProviderBackoffExponent,omitempty" yaml:"cloudProviderBackoffExponent,omitempty"`
// Backoff jitter
CloudProviderBackoffJitter float64 `json:"cloudProviderBackoffJitter,omitempty" yaml:"cloudProviderBackoffJitter,omitempty"`
// ExcludeMasterFromStandardLB excludes master nodes from standard load balancer.
// If not set, it will be default to true.
ExcludeMasterFromStandardLB *bool `json:"excludeMasterFromStandardLB,omitempty" yaml:"excludeMasterFromStandardLB,omitempty"`
// DisableOutboundSNAT disables the outbound SNAT for public load balancer rules.
// It should only be set when loadBalancerSku is standard. If not set, it will be default to false.
DisableOutboundSNAT *bool `json:"disableOutboundSNAT,omitempty" yaml:"disableOutboundSNAT,omitempty"`
// Maximum allowed LoadBalancer Rule Count is the limit enforced by Azure Load balancer
MaximumLoadBalancerRuleCount int `json:"maximumLoadBalancerRuleCount,omitempty" yaml:"maximumLoadBalancerRuleCount,omitempty"`
// LoadBalancerBackendPoolConfigurationType defines how vms join the load balancer backend pools. Supported values
// are `nodeIPConfiguration`, `nodeIP` and `podIP`.
// `nodeIPConfiguration`: vm network interfaces will be attached to the inbound backend pool of the load balancer (default);
// `nodeIP`: vm private IPs will be attached to the inbound backend pool of the load balancer;
// `podIP`: pod IPs will be attached to the inbound backend pool of the load balancer (not supported yet).
LoadBalancerBackendPoolConfigurationType string `json:"loadBalancerBackendPoolConfigurationType,omitempty" yaml:"loadBalancerBackendPoolConfigurationType,omitempty"`
// PutVMSSVMBatchSize defines how many requests the client send concurrently when putting the VMSS VMs.
// If it is smaller than or equal to one, the request will be sent one by one in sequence (default).
PutVMSSVMBatchSize int `json:"putVMSSVMBatchSize" yaml:"putVMSSVMBatchSize"`
// PrivateLinkServiceResourceGroup determines the specific resource group of the private link services user want to use
PrivateLinkServiceResourceGroup string `json:"privateLinkServiceResourceGroup,omitempty" yaml:"privateLinkServiceResourceGroup,omitempty"`
// EnableMigrateToIPBasedBackendPoolAPI uses the migration API to migrate from NIC-based to IP-based backend pool.
// The migration API can provide a migration from NIC-based to IP-based backend pool without service downtime.
// If the API is not used, the migration will be done by decoupling all nodes on the backend pool and then re-attaching
// node IPs, which will introduce service downtime. The downtime increases with the number of nodes in the backend pool.
EnableMigrateToIPBasedBackendPoolAPI bool `json:"enableMigrateToIPBasedBackendPoolAPI" yaml:"enableMigrateToIPBasedBackendPoolAPI"`
// MultipleStandardLoadBalancerConfigurations stores the properties regarding multiple standard load balancers.
// It will be ignored if LoadBalancerBackendPoolConfigurationType is nodeIPConfiguration.
// If the length is not 0, it is assumed the multiple standard load balancers mode is on. In this case,
// there must be one configuration named "<clustername>" or an error will be reported.
MultipleStandardLoadBalancerConfigurations []MultipleStandardLoadBalancerConfiguration `json:"multipleStandardLoadBalancerConfigurations,omitempty" yaml:"multipleStandardLoadBalancerConfigurations,omitempty"`
// RouteUpdateIntervalInSeconds is the interval for updating routes. Default is 30 seconds.
RouteUpdateIntervalInSeconds int `json:"routeUpdateIntervalInSeconds,omitempty" yaml:"routeUpdateIntervalInSeconds,omitempty"`
// LoadBalancerBackendPoolUpdateIntervalInSeconds is the interval for updating load balancer backend pool of local services. Default is 30 seconds.
LoadBalancerBackendPoolUpdateIntervalInSeconds int `` /* 127-byte string literal not displayed */
// ClusterServiceLoadBalancerHealthProbeMode determines the health probe mode for cluster service load balancer.
// Supported values are `shared` and `servicenodeport`.
// `servicenodeport`: the health probe will be created against each port of each service by watching the backend application (default).
// `shared`: all cluster services shares one HTTP probe targeting the kube-proxy on the node (<nodeIP>/healthz:10256).
ClusterServiceLoadBalancerHealthProbeMode string `json:"clusterServiceLoadBalancerHealthProbeMode,omitempty" yaml:"clusterServiceLoadBalancerHealthProbeMode,omitempty"`
ClusterServiceSharedLoadBalancerHealthProbePort int32 `` /* 129-byte string literal not displayed */
ClusterServiceSharedLoadBalancerHealthProbePath string `` /* 129-byte string literal not displayed */
}
Config holds the configuration parsed from the --cloud-config flag All fields are required unless otherwise specified NOTE: Cloud config files should follow the same Kubernetes deprecation policy as flags or CLIs. Config fields should not change behavior in incompatible ways and should be deprecated for at least 2 release prior to removing. See https://kubernetes.io/docs/reference/using-api/deprecation-policy/#deprecating-a-flag-or-cli for more details.
func ParseConfig ¶ added in v1.31.2
ParseConfig returns a parsed configuration for an Azure cloudprovider config file
func (*Config) DisableLoadBalancerOutboundSNAT ¶ added in v1.31.2
func (*Config) ExcludeMasterNodesFromStandardLB ¶ added in v1.31.2
func (*Config) GetPutVMSSVMBatchSize ¶ added in v1.31.2
func (*Config) HasExtendedLocation ¶ added in v1.31.2
HasExtendedLocation returns true if extendedlocation prop are specified.
func (*Config) IsLBBackendPoolTypeNodeIP ¶ added in v1.31.2
func (*Config) IsLBBackendPoolTypeNodeIPConfig ¶ added in v1.31.2
func (*Config) IsStackCloud ¶ added in v1.31.2
func (*Config) UseMultipleStandardLoadBalancers ¶ added in v1.31.2
func (*Config) UseSingleStandardLoadBalancer ¶ added in v1.31.2
func (*Config) UseStandardLoadBalancer ¶ added in v1.31.2
type MultipleStandardLoadBalancerConfiguration ¶ added in v1.31.2
type MultipleStandardLoadBalancerConfiguration struct {
// Name of the public load balancer. There will be an internal load balancer
// created if needed, and the name will be `<name>-internal`. The internal lb
// shares the same configurations as the external one. The internal lbs
// are not needed to be included in `MultipleStandardLoadBalancerConfigurations`.
// There must be a name of "<clustername>" in the load balancer configuration list.
Name string `json:"name" yaml:"name"`
MultipleStandardLoadBalancerConfigurationSpec
MultipleStandardLoadBalancerConfigurationStatus
}
MultipleStandardLoadBalancerConfiguration stores the properties regarding multiple standard load balancers.
type MultipleStandardLoadBalancerConfigurationSpec ¶ added in v1.31.2
type MultipleStandardLoadBalancerConfigurationSpec struct {
// This load balancer can have services placed on it. Defaults to true,
// can be set to false to drain and eventually remove a load balancer.
// This only affects services that will be using the LB. For services
// that is currently using the LB, they will not be affected.
AllowServicePlacement *bool `json:"allowServicePlacement" yaml:"allowServicePlacement"`
// A string value that must specify the name of an existing vmSet.
// All nodes in the given vmSet will always be added to this load balancer.
// A vmSet can only be the primary vmSet for a single load balancer.
PrimaryVMSet string `json:"primaryVMSet" yaml:"primaryVMSet"`
// Services that must match this selector can be placed on this load balancer. If not supplied,
// services with any labels can be created on the load balancer.
// A ServiceLabelSelector with empty matchLabels and matchExpressions will match all services, but
// only works if no non-empty ServiceLabelSelector has matched the service.
ServiceLabelSelector *metav1.LabelSelector `json:"serviceLabelSelector" yaml:"serviceLabelSelector"`
// Services created in namespaces with the supplied label will be allowed to select that load balancer.
// If not supplied, services created in any namespaces can be created on that load balancer.
// A ServiceNamespaceSelector with empty matchLabels and matchExpressions will match all nodes, but
// only works if no non-empty ServiceNamespaceSelector has matched the service.
ServiceNamespaceSelector *metav1.LabelSelector `json:"serviceNamespaceSelector" yaml:"serviceNamespaceSelector"`
// Nodes matching this selector will be preferentially added to the load balancers that
// they match selectors for. NodeSelector does not override primaryAgentPool for node allocation.
// A NodeSelector with empty matchLabels and matchExpressions will match all nodes, but
// only works if no non-empty NodeSelector has matched the node.
NodeSelector *metav1.LabelSelector `json:"nodeSelector" yaml:"nodeSelector"`
}
MultipleStandardLoadBalancerConfigurationSpec stores the properties regarding multiple standard load balancers.
type MultipleStandardLoadBalancerConfigurationStatus ¶ added in v1.31.2
type MultipleStandardLoadBalancerConfigurationStatus struct {
// ActiveServices stores the services that are supposed to use the load balancer.
ActiveServices *utilsets.IgnoreCaseSet `json:"activeServices" yaml:"activeServices"`
// ActiveNodes stores the nodes that are supposed to be in the load balancer.
// It will be used in EnsureHostsInPool to make sure the given ones are in the backend pool.
ActiveNodes *utilsets.IgnoreCaseSet `json:"activeNodes" yaml:"activeNodes"`
}
MultipleStandardLoadBalancerConfigurationStatus stores the properties regarding multiple standard load balancers.
Source Files
Click to show internal directories.
Click to hide internal directories.