managedclusters

package
v1.14.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 24, 2024 License: Apache-2.0 Imports: 25 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func New added in v0.5.2

New creates a new service.

Types

type AADProfile added in v1.4.0

type AADProfile struct {
	// Managed defines whether to enable managed AAD.
	Managed bool

	// EnableAzureRBAC defines whether to enable Azure RBAC for Kubernetes authorization.
	EnableAzureRBAC bool

	// AdminGroupObjectIDs are the AAD group object IDs that will have admin role of the cluster.
	AdminGroupObjectIDs []string
}

AADProfile is Azure Active Directory configuration to integrate with AKS, for aad authentication.

type APIServerAccessProfile added in v1.4.0

type APIServerAccessProfile struct {
	// AuthorizedIPRanges are the authorized IP Ranges to kubernetes API server.
	AuthorizedIPRanges []string
	// EnablePrivateCluster defines hether to create the cluster as a private cluster or not.
	EnablePrivateCluster *bool
	// PrivateDNSZone is the private dns zone for private clusters.
	PrivateDNSZone *string
	// EnablePrivateClusterPublicFQDN defines whether to create additional public FQDN for private cluster or not.
	EnablePrivateClusterPublicFQDN *bool
}

APIServerAccessProfile is the access profile for AKS API server.

type AddonProfile added in v1.4.0

type AddonProfile struct {
	Name    string
	Config  map[string]string
	Enabled bool
}

AddonProfile is the profile of a managed cluster add-on.

type AutoScalerProfile added in v1.7.0

type AutoScalerProfile struct {
	// BalanceSimilarNodeGroups - Valid values are 'true' and 'false'
	BalanceSimilarNodeGroups *string
	// Expander - If not specified, the default is 'random'. See [expanders](https://github.com/kubernetes/autoscaler/blob/master/cluster-autoscaler/FAQ.md#what-are-expanders) for more information.
	Expander *string
	// MaxEmptyBulkDelete - The default is 10.
	MaxEmptyBulkDelete *string
	// MaxGracefulTerminationSec - The default is 600.
	MaxGracefulTerminationSec *string
	// MaxNodeProvisionTime - The default is '15m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.
	MaxNodeProvisionTime *string
	// MaxTotalUnreadyPercentage - The default is 45. The maximum is 100 and the minimum is 0.
	MaxTotalUnreadyPercentage *string
	// NewPodScaleUpDelay - For scenarios like burst/batch scale where you don't want CA to act before the kubernetes scheduler could schedule all the pods, you can tell CA to ignore unscheduled pods before they're a certain age. The default is '0s'. Values must be an integer followed by a unit ('s' for seconds, 'm' for minutes, 'h' for hours, etc).
	NewPodScaleUpDelay *string
	// OkTotalUnreadyCount - This must be an integer. The default is 3.
	OkTotalUnreadyCount *string
	// ScanInterval - The default is '10s'. Values must be an integer number of seconds.
	ScanInterval *string
	// ScaleDownDelayAfterAdd - The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.
	ScaleDownDelayAfterAdd *string
	// ScaleDownDelayAfterDelete - The default is the scan-interval. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.
	ScaleDownDelayAfterDelete *string
	// ScaleDownDelayAfterFailure - The default is '3m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.
	ScaleDownDelayAfterFailure *string
	// ScaleDownUnneededTime - The default is '10m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.
	ScaleDownUnneededTime *string
	// ScaleDownUnreadyTime - The default is '20m'. Values must be an integer followed by an 'm'. No unit of time other than minutes (m) is supported.
	ScaleDownUnreadyTime *string
	// ScaleDownUtilizationThreshold - The default is '0.5'.
	ScaleDownUtilizationThreshold *string
	// SkipNodesWithLocalStorage - The default is true.
	SkipNodesWithLocalStorage *string
	// SkipNodesWithSystemPods - The default is true.
	SkipNodesWithSystemPods *string
}

AutoScalerProfile parameters to be applied to the cluster-autoscaler when enabled.

type AzureKeyVaultKms added in v1.14.0

type AzureKeyVaultKms struct {
	// Enabled enables Azure Key Vault key management service. The default is false.
	Enabled *bool

	// KeyID defines the Identifier of Azure Key Vault key.
	// When Azure Key Vault key management service is enabled, this field is required and must be a valid key identifier.
	KeyID *string

	// KeyVaultNetworkAccess defines the network access of key vault.
	// The possible values are Public and Private.
	// Public means the key vault allows public access from all networks.
	// Private means the key vault disables public access and enables private link. The default value is Public.
	KeyVaultNetworkAccess *infrav1.KeyVaultNetworkAccessTypes

	// KeyVaultResourceID is the Resource ID of key vault. When keyVaultNetworkAccess is Private, this field is required and must be a valid resource ID.
	KeyVaultResourceID *string
}

AzureKeyVaultKms Azure Key Vault key management service settings for the security profile.

type HTTPProxyConfig added in v1.11.0

type HTTPProxyConfig struct {
	// HTTPProxy is the HTTP proxy server endpoint to use.
	HTTPProxy *string `json:"httpProxy,omitempty"`

	// HTTPSProxy is the HTTPS proxy server endpoint to use.
	HTTPSProxy *string `json:"httpsProxy,omitempty"`

	// NoProxy is the endpoints that should not go through proxy.
	NoProxy []string `json:"noProxy,omitempty"`

	// TrustedCA is the Alternative CA cert to use for connecting to proxy servers.
	TrustedCA *string `json:"trustedCa,omitempty"`
}

HTTPProxyConfig is the HTTP proxy configuration for the cluster.

type LoadBalancerProfile added in v1.4.0

type LoadBalancerProfile struct {

	// ManagedOutboundIPs are the desired managed outbound IPs for the cluster load balancer.
	ManagedOutboundIPs *int

	// OutboundIPPrefixes are the desired outbound IP Prefix resources for the cluster load balancer.
	OutboundIPPrefixes []string

	// OutboundIPs are the desired outbound IP resources for the cluster load balancer.
	OutboundIPs []string

	// AllocatedOutboundPorts are the desired number of allocated SNAT ports per VM. Allowed values must be in the range of 0 to 64000 (inclusive). The default value is 0 which results in Azure dynamically allocating ports.
	AllocatedOutboundPorts *int

	// IdleTimeoutInMinutes  are the desired outbound flow idle timeout in minutes. Allowed values must be in the range of 4 to 120 (inclusive). The default value is 30 minutes.
	IdleTimeoutInMinutes *int
}

LoadBalancerProfile is the profile of the cluster load balancer.

type ManagedClusterAutoUpgradeProfile added in v1.14.0

type ManagedClusterAutoUpgradeProfile struct {
	// UpgradeChannel defines the channel for auto upgrade configuration.
	UpgradeChannel *infrav1.UpgradeChannel
}

ManagedClusterAutoUpgradeProfile auto upgrade profile for a managed cluster.

type ManagedClusterScope added in v0.5.2

type ManagedClusterScope interface {
	aso.Scope
	azure.Authorizer
	ManagedClusterSpec() azure.ASOResourceSpecGetter[genruntime.MetaObject]
	SetControlPlaneEndpoint(clusterv1.APIEndpoint)
	MakeEmptyKubeConfigSecret() corev1.Secret
	GetAdminKubeconfigData() []byte
	SetAdminKubeconfigData([]byte)
	GetUserKubeconfigData() []byte
	SetUserKubeconfigData([]byte)
	IsAADEnabled() bool
	AreLocalAccountsDisabled() bool
	SetOIDCIssuerProfileStatus(*infrav1.OIDCIssuerProfileStatus)
	MakeClusterCA() *corev1.Secret
	StoreClusterInfo(context.Context, []byte) error
	SetAutoUpgradeVersionStatus(version string)
	SetVersionStatus(version string)
	IsManagedVersionUpgrade() bool
	IsPreviewEnabled() bool
}

ManagedClusterScope defines the scope interface for a managed cluster.

type ManagedClusterSecurityProfile added in v1.14.0

type ManagedClusterSecurityProfile struct {
	// AzureKeyVaultKms defines Azure Key Vault key management service settings for the security profile.
	AzureKeyVaultKms *AzureKeyVaultKms

	// Defender defines Microsoft Defender settings for the security profile.
	Defender *ManagedClusterSecurityProfileDefender

	// ImageCleaner settings for the security profile.
	ImageCleaner *ManagedClusterSecurityProfileImageCleaner

	// Workloadidentity enables Kubernetes applications to access Azure cloud resources securely with Azure AD.
	WorkloadIdentity *ManagedClusterSecurityProfileWorkloadIdentity
}

ManagedClusterSecurityProfile defines the security profile for the cluster.

type ManagedClusterSecurityProfileDefender added in v1.14.0

type ManagedClusterSecurityProfileDefender struct {
	// LogAnalyticsWorkspaceResourceID is the ID of the Log Analytics workspace that has to be associated with Microsoft Defender.
	// When Microsoft Defender is enabled, this field is required and must be a valid workspace resource ID.
	LogAnalyticsWorkspaceResourceID *string

	// SecurityMonitoring profile defines the Microsoft Defender threat detection for Cloud settings for the security profile.
	SecurityMonitoring *ManagedClusterSecurityProfileDefenderSecurityMonitoring
}

ManagedClusterSecurityProfileDefender defines Microsoft Defender settings for the security profile.

type ManagedClusterSecurityProfileDefenderSecurityMonitoring added in v1.14.0

type ManagedClusterSecurityProfileDefenderSecurityMonitoring struct {
	// Enabled enables Defender threat detection
	Enabled *bool
}

ManagedClusterSecurityProfileDefenderSecurityMonitoring settings for the security profile threat detection.

type ManagedClusterSecurityProfileImageCleaner added in v1.14.0

type ManagedClusterSecurityProfileImageCleaner struct {
	// Enabled enables Image Cleaner on AKS cluster.
	Enabled *bool

	// Image Cleaner scanning interval in hours.
	IntervalHours *int
}

ManagedClusterSecurityProfileImageCleaner removes unused images from nodes, freeing up disk space and helping to reduce attack surface area.

type ManagedClusterSecurityProfileWorkloadIdentity added in v1.14.0

type ManagedClusterSecurityProfileWorkloadIdentity struct {
	// Enabled enables workload identity.
	Enabled *bool
}

ManagedClusterSecurityProfileWorkloadIdentity defines Workload identity settings for the security profile.

type ManagedClusterSpec added in v1.4.0

type ManagedClusterSpec struct {
	// Name is the name of this AKS Cluster.
	Name string

	// ResourceGroup is the name of the Azure resource group for this AKS Cluster.
	ResourceGroup string

	// NodeResourceGroup is the name of the Azure resource group containing IaaS VMs.
	NodeResourceGroup string

	// ClusterName is the name of the owning Cluster API Cluster resource.
	ClusterName string

	// VnetSubnetID is the Azure Resource ID for the subnet which should contain nodes.
	VnetSubnetID string

	// Location is a string matching one of the canonical Azure region names. Examples: "westus2", "eastus".
	Location string

	// Tags is a set of tags to add to this cluster.
	Tags map[string]string

	// Version defines the desired Kubernetes version.
	Version string

	// LoadBalancerSKU for the managed cluster. Possible values include: 'Standard', 'Basic'. Defaults to Standard.
	LoadBalancerSKU string

	// NetworkPlugin used for building Kubernetes network. Possible values include: 'azure', 'kubenet'. Defaults to azure.
	NetworkPlugin string

	// NetworkPluginMode is the mode the network plugin should use.
	NetworkPluginMode *infrav1.NetworkPluginMode

	// NetworkPolicy used for building Kubernetes network. Possible values include: 'azure', 'calico', 'cilium'.
	NetworkPolicy string

	// NetworkDataplane used for building Kubernetes network. Possible values include: 'azure', 'cilium'.
	NetworkDataplane *infrav1.NetworkDataplaneType

	// OutboundType used for building Kubernetes network. Possible values include: 'loadBalancer', 'managedNATGateway', 'userAssignedNATGateway', 'userDefinedRouting'.
	OutboundType *infrav1.ManagedControlPlaneOutboundType

	// SSHPublicKey is a string literal containing an ssh public key. Will autogenerate and discard if not provided.
	SSHPublicKey string

	// GetAllAgentPools is a function that returns the list of agent pool specifications in this cluster.
	GetAllAgentPools func() ([]azure.ASOResourceSpecGetter[genruntime.MetaObject], error)

	// PodCIDR is the CIDR block for IP addresses distributed to pods
	PodCIDR string

	// ServiceCIDR is the CIDR block for IP addresses distributed to services
	ServiceCIDR string

	// DNSServiceIP is an IP address assigned to the Kubernetes DNS service
	DNSServiceIP *string

	// AddonProfiles are the profiles of managed cluster add-on.
	AddonProfiles []AddonProfile

	// AADProfile is Azure Active Directory configuration to integrate with AKS, for aad authentication.
	AADProfile *AADProfile

	// SKU is the SKU of the AKS to be provisioned.
	SKU *SKU

	// LoadBalancerProfile is the profile of the cluster load balancer.
	LoadBalancerProfile *LoadBalancerProfile

	// APIServerAccessProfile is the access profile for AKS API server.
	APIServerAccessProfile *APIServerAccessProfile

	// AutoScalerProfile is the parameters to be applied to the cluster-autoscaler when enabled.
	AutoScalerProfile *AutoScalerProfile

	// Identity is the AKS control plane Identity configuration
	Identity *infrav1.Identity

	// KubeletUserAssignedIdentity is the user-assigned identity for kubelet to authenticate to ACR.
	KubeletUserAssignedIdentity string

	// HTTPProxyConfig is the HTTP proxy configuration for the cluster.
	HTTPProxyConfig *HTTPProxyConfig

	// OIDCIssuerProfile is the OIDC issuer profile of the Managed Cluster.
	OIDCIssuerProfile *OIDCIssuerProfile

	// DNSPrefix allows the user to customize dns prefix.
	DNSPrefix *string

	// DisableLocalAccounts disables getting static credentials for this cluster when set. Expected to only be used for AAD clusters.
	DisableLocalAccounts *bool

	// AutoUpgradeProfile defines auto upgrade configuration.
	AutoUpgradeProfile *ManagedClusterAutoUpgradeProfile

	// SecurityProfile defines the security profile for the cluster.
	SecurityProfile *ManagedClusterSecurityProfile

	// Patches are extra patches to be applied to the ASO resource.
	Patches []string

	// Preview enables the preview API version.
	Preview bool
}

ManagedClusterSpec contains properties to create a managed cluster.

func (*ManagedClusterSpec) ExtraPatches added in v1.14.0

func (s *ManagedClusterSpec) ExtraPatches() []string

ExtraPatches implements aso.Patcher.

func (*ManagedClusterSpec) GetAdditionalTags added in v1.12.0

func (s *ManagedClusterSpec) GetAdditionalTags() infrav1.Tags

GetAdditionalTags implements aso.TagsGetterSetter.

func (*ManagedClusterSpec) GetDesiredTags added in v1.12.0

func (s *ManagedClusterSpec) GetDesiredTags(resource genruntime.MetaObject) infrav1.Tags

GetDesiredTags implements aso.TagsGetterSetter.

func (*ManagedClusterSpec) GetLoadBalancerProfile added in v1.10.0

func (s *ManagedClusterSpec) GetLoadBalancerProfile() (loadBalancerProfile *asocontainerservicev1.ManagedClusterLoadBalancerProfile)

GetLoadBalancerProfile returns an asocontainerservicev1.ManagedClusterLoadBalancerProfile from the information present in ManagedClusterSpec.LoadBalancerProfile.

func (*ManagedClusterSpec) Parameters added in v1.4.0

func (s *ManagedClusterSpec) Parameters(ctx context.Context, existingObj genruntime.MetaObject) (params genruntime.MetaObject, err error)

Parameters returns the parameters for the managed clusters.

func (*ManagedClusterSpec) ResourceRef added in v1.12.0

func (s *ManagedClusterSpec) ResourceRef() genruntime.MetaObject

ResourceRef implements azure.ASOResourceSpecGetter.

func (*ManagedClusterSpec) SetTags added in v1.12.0

func (s *ManagedClusterSpec) SetTags(resource genruntime.MetaObject, tags infrav1.Tags)

SetTags implements aso.TagsGetterSetter.

func (*ManagedClusterSpec) WasManaged added in v1.12.0

func (s *ManagedClusterSpec) WasManaged(resource genruntime.MetaObject) bool

WasManaged implements azure.ASOResourceSpecGetter.

type OIDCIssuerProfile added in v1.11.0

type OIDCIssuerProfile struct {
	// Enabled is whether the OIDC issuer is enabled.
	Enabled *bool
}

OIDCIssuerProfile is the OIDC issuer profile of the Managed Cluster.

type SKU added in v1.4.0

type SKU struct {
	// Tier is the tier of a managed cluster SKU.
	Tier string
}

SKU is an AKS SKU.

Directories

Path Synopsis
Code generated by MockGen.
Code generated by MockGen.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL