Documentation
¶
Overview ¶
Package controlplane allows to create and manage static Kubernetes controlplane running in containers.
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type Common ¶
type Common struct {
// Image allows to set Docker image with tag, which will be used by all controlplane containers,
// if they have no image set. If empty, hyperkube image defined in pkg/defaults
// will be used.
//
// Example value: 'k8s.gcr.io/hyperkube:v1.18.3'.
//
// This field is optional.
Image string `json:"image,omitempty"`
// KubernetesCACertificate stores Kubernetes X.509 CA certificate, PEM encoded.
//
// This field is optional.
KubernetesCACertificate types.Certificate `json:"kubernetesCACertificate,omitempty"`
// FrontProxyCACertificate stores Kubernetes front proxy X.509 CA certificate, PEM
// encoded.
FrontProxyCACertificate types.Certificate `json:"frontProxyCACertificate,omitempty"`
}
Common struct contains fields, which are common between all controlplane components.
type Controlplane ¶
type Controlplane struct {
// Common stores common fields for all controlplane components. If defined here, the
// values will be propagated to all 3 components, which allows to de-duplicate parts
// of the configuration.
Common *Common `json:"common,omitempty"`
// SSH stores common SSH configuration for all controlplane components and will be merged
// with SSH configuration of each component.
//
// Usually entire static controlplane runs on a single host, so all values should be defined
// here.
//
// This field is optional.
SSH *ssh.Config `json:"ssh,omitempty"`
// APIServerAddress defines Kubernetes API address, which will be used by kube-controller-manager
// and kube-scheduler to talk to kube-apiserver.
APIServerAddress string `json:"apiServerAddress,omitempty"`
// APIServerPort defines Kubernetes API port, which will be used by kube-controller-manager
// and kube-scheduler to talk to kube-apiserver.
APIServerPort int `json:"apiServerPort,omitempty"`
// KubeAPIServer stores kube-apiserver specific configuration.
KubeAPIServer KubeAPIServer `json:"kubeAPIServer,omitempty"`
// KubeControllerManager stores kube-controller-manager specific configuration.
KubeControllerManager KubeControllerManager `json:"kubeControllerManager,omitempty"`
// KubeScheduler stores kube-scheduler specific configuration.
KubeScheduler KubeScheduler `json:"kubeScheduler,omitempty"`
// Destroy controls, if containers should be created or removed. If set to true, all managed
// containers will be removed.
Destroy bool `json:"destroy,omitempty"`
// PKI field allows to use PKI resource for managing all Kubernetes certificates. It will be used for
// components configuration, if they don't have certificates defined.
PKI *pki.PKI `json:"pki,omitempty"`
// State stores state of the created containers. After deployment, it is up to the user to export
// the state and restore it on consecutive runs.
State *container.ContainersState `json:"state,omitempty"`
}
Controlplane allows creating static Kubernetes controlplane running as containers.
It is usually used to bootstrap self-hosted Kubernetes.
func (*Controlplane) New ¶
func (c *Controlplane) New() (types.Resource, error)
New validates Controlplane configuration and fills populates all values provided by the users to the structs underneath.
func (*Controlplane) Validate ¶
func (c *Controlplane) Validate() error
Validate validates Controlplane configuration.
type KubeAPIServer ¶
type KubeAPIServer struct {
// Common stores common information between all controlplane components.
Common *Common `json:"common,omitempty"`
// Host defines on which host kube-apiserver container should be created.
Host *host.Host `json:"host,omitempty"`
// APIServerCertificate stores X.509 certificate, PEM encoded, which will be
// used for serving.
APIServerCertificate types.Certificate `json:"apiServerCertificate"`
// APIServerKey is a PEM encoded, private key in either PKCS1, PKCS8 or EC format.
// It must match certificate defined in APIServerCertificate field.
APIServerKey types.PrivateKey `json:"apiServerKey"`
// ServiceAccountPrivateKey stores PEM encoded private key, which will be used
// to sign and validate service account tokens.
ServiceAccountPrivateKey string `json:"serviceAccountPrivateKey"`
// BindAddress defines IP address where kube-apiserver process should listen for
// incoming requests.
BindAddress string `json:"bindAddress"`
// AdvertiseAddress defines IP address, which should be advertised to
// kubernetes.default.svc Service on the cluster.
AdvertiseAddress string `json:"advertiseAddress"`
// EtcdServers is a list of etcd servers URLs.
//
// Example value: '[]string{"https://localhost:2380"}'.
EtcdServers []string `json:"etcdServers"`
// ServiceCIDR defines, from which CIDR Service type ClusterIP should get IP addresses
// assigned. You should make sure, that this CIDR does not collide with any of CIDRs
// accessible from your cluster nodes.
//
// Example value: '10.96.0.0/12'.
ServiceCIDR string `json:"serviceCIDR"`
// SecurePort defines TCP port, where kube-apiserver will be listening for incoming
// requests and which will be advertised to kubernetes.default.svc Service on the cluster.
//
// Currently, there is no way to use advertise different port due to kube-apiserver limitations.
//
// If you want to mitigate that, you can use APILoadBalancers resource.
SecurePort int `json:"securePort"`
// FrontProxyCertificate stores X.509 client certificate, PEM encoded, which will be used by
// kube-apiserver to talk to extension API server.
//
// See https://kubernetes.io/docs/tasks/access-kubernetes-api/configure-aggregation-layer/
// for more details.
FrontProxyCertificate types.Certificate `json:"frontProxyCertificate"`
// FrontProxyKey is a PEM encoded, private key in either PKCS1, PKCS8 or EC format.
//
// It must match certificate defined in FrontProxyCertificate field.
FrontProxyKey types.PrivateKey `json:"frontProxyKey"`
// KubeletClientCertificate stores X.509 client certificate, PEM encoded, which will be used by
// kube-apiserver to talk to kubelet process on all nodes, to fetch logs etc.
KubeletClientCertificate types.Certificate `json:"kubeletClientCertificate"`
// KubeletClientKey is a PEM encoded, private key in either PKCS1, PKCS8 or EC format.
//
// It must match certificate defined in KubeletClientCertificate field.
KubeletClientKey types.PrivateKey `json:"kubeletClientKey"`
// EtcdCACertificate stores X.509 CA certificate, PEM encoded, which will be used by
// kube-apiserver to validate etcd servers certificate.
EtcdCACertificate types.Certificate `json:"etcdCACertificate"`
// EtcdClientCertificate stores X.509 client certificate, PEM encoded, which will be used by
// kube-apiserver to talk to etcd members.
EtcdClientCertificate types.Certificate `json:"etcdClientCertificate"`
// EtcdClientKey is a PEM encoded, private key in either PKCS1, PKCS8 or EC format.
//
// It must match certificate defined in EtcdClientCertificate field.
EtcdClientKey types.PrivateKey `json:"etcdClientKey"`
}
KubeAPIServer represents kube-apiserver container configuration.
func (*KubeAPIServer) New ¶
func (k *KubeAPIServer) New() (container.ResourceInstance, error)
New validates KubeAPIServer configuration and populates default for some fields, if they are empty.
func (*KubeAPIServer) Validate ¶
func (k *KubeAPIServer) Validate() error
Validate validates KubeAPIServer struct.
TODO: Add validation of certificates if specified.
type KubeControllerManager ¶
type KubeControllerManager struct {
// Common stores common information between all controlplane components.
Common *Common `json:"common,omitempty"`
// Host defines on which host kube-controller-manager container should be created.
Host *host.Host `json:"host,omitempty"`
// Kubeconfig stores client information used by kube-controller-manager to talk to
// Kubernetes API.
Kubeconfig client.Config `json:"kubeconfig"`
// KubernetesCAKey is a PEM encoded, private key in either PKCS1, PKCS8 or EC format,
// which was used to sign all Kubernetes certificates. It will be used by
// kube-controller-manager to sign Kubernetes certificate requests, for example issued by
// kubelet as part of TLS bootstrapping and rotation process.
KubernetesCAKey types.PrivateKey `json:"kubernetesCAKey"`
// ServiceAccountPrivateKey is a PEM encoded, private key in either PKCS1, PKCS8 or EC format,
// which will be used by to sing service account tokens.
ServiceAccountPrivateKey types.PrivateKey `json:"serviceAccountPrivateKey"`
// RootCACertificate is a X.509 CA certificate, PEM encoded, which signed Kubernetes CA
// certificate. It will be included into service account tokens, so clients like 'curl', can
// perform full validation of Kubernetes API certificate.
RootCACertificate types.Certificate `json:"rootCACertificate"`
// FlexVolumePluginDir is a plugin directory for FlexVolumes, which must be defined for
// kube-controller-manager, as stated in Flexvolume specification.
//
// Example value: '/usr/libexec/kubernetes/kubelet-plugins/volume/exec/'.
FlexVolumePluginDir string `json:"flexVolumePluginDir"`
}
KubeControllerManager represents kube-controller-manager container configuration.
func (*KubeControllerManager) New ¶
func (k *KubeControllerManager) New() (container.ResourceInstance, error)
New validates KubeControllerManager and returns usable kubeControllerManager.
func (*KubeControllerManager) Validate ¶
func (k *KubeControllerManager) Validate() error
Validate validates KubeControllerManager configuration.
type KubeScheduler ¶
type KubeScheduler struct {
// Common stores common information between all controlplane components.
Common *Common `json:"common,omitempty"`
// Host defines on which host kube-scheduler container should be created.
Host *host.Host `json:"host,omitempty"`
// Kubeconfig stores client information used by kube-scheduler to talk to
// Kubernetes API.
Kubeconfig client.Config `json:"kubeconfig"`
}
KubeScheduler represents kube-scheduler configuration data.
func (*KubeScheduler) New ¶
func (k *KubeScheduler) New() (container.ResourceInstance, error)
New validates KubeScheduler struct and returns it's usable version.
func (*KubeScheduler) Validate ¶
func (k *KubeScheduler) Validate() error
Validate validates kube-scheduler configuration.
Source Files
Click to show internal directories.
Click to hide internal directories.