kubeapiserver

package
v1.44.3 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 12, 2022 License: Apache-2.0, BSD-2-Clause, MIT, + 1 more Imports: 55 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// SecretNameServer is the name of the secret for the kube-apiserver server certificates.
	SecretNameServer = "kube-apiserver"
	// SecretNameVPNSeedTLSAuth is the name of the secret containing the TLS auth for the vpn-seed.
	SecretNameVPNSeedTLSAuth = "vpn-seed-tlsauth"

	// ContainerNameKubeAPIServer is the name of the kube-apiserver container.
	ContainerNameKubeAPIServer = "kube-apiserver"
)
View Source
const (
	// Port is the port exposed by the kube-apiserver.
	Port = 443
	// SecretNameUserKubeconfig is the name for the user kubeconfig.
	SecretNameUserKubeconfig = "user-kubeconfig"
	// ServicePortName is the name of the port in the service.
	ServicePortName = "kube-apiserver"
	// UserNameVPNSeed is the user name for the vpn-seed components (used as common name in its client certificate)
	UserNameVPNSeed = "vpn-seed"
)
View Source
const (

	// SecretServiceAccountSigningKeyDataKeySigningKey is a constant for a key in the data map that contains the key
	// which is used to sign service accounts.
	SecretServiceAccountSigningKeyDataKeySigningKey = "signing-key"

	// SecretStaticTokenName is a constant for the name of the static-token secret.
	SecretStaticTokenName = "kube-apiserver-static-token"
	// SecretBasicAuthName is a constant for the name of the basic-auth secret.
	SecretBasicAuthName = "kube-apiserver-basic-auth"
)
View Source
const ManagedResourceName = "shoot-core-kube-apiserver"

ManagedResourceName is the name of the ManagedResource containing the resource specifications.

Variables

View Source
var (
	// IntervalWaitForDeployment is the interval used while waiting for the Deployments to become healthy
	// or deleted.
	IntervalWaitForDeployment = 5 * time.Second
	// TimeoutWaitForDeployment is the timeout used while waiting for the Deployments to become healthy
	// or deleted.
	TimeoutWaitForDeployment = 5 * time.Minute
)

Functions

func CentralLoggingConfiguration added in v1.33.0

func CentralLoggingConfiguration() (component.CentralLoggingConfig, error)

CentralLoggingConfiguration returns a fluent-bit parser and filter for the kube-apiserver logs.

func DependencyWatchdogEndpointConfiguration added in v1.27.0

func DependencyWatchdogEndpointConfiguration() (map[string]restarterapi.Service, error)

DependencyWatchdogEndpointConfiguration returns the configuration for the dependency watchdog (endpoint role) ensuring that its dependant pods are restarted as soon as it recovers from a crash loop.

func DependencyWatchdogProbeConfiguration added in v1.27.0

func DependencyWatchdogProbeConfiguration() ([]scalerapi.ProbeDependants, error)

DependencyWatchdogProbeConfiguration returns the configuration for the dependency watchdog (probe role) ensuring that its dependant pods are scaled as soon a probe fails.

func GetLabels added in v1.30.0

func GetLabels() map[string]string

GetLabels returns the labels for the kube-apiserver.

Types

type AuditConfig added in v1.33.0

type AuditConfig struct {
	// Policy is the audit policy document in YAML format.
	Policy *string
}

AuditConfig contains information for configuring audit settings for the kube-apiserver.

type AutoscalingConfig added in v1.28.0

type AutoscalingConfig struct {
	// APIServerResources are the resource requirements for the kube-apiserver container.
	APIServerResources corev1.ResourceRequirements
	// HVPAEnabled states whether an HVPA object shall be deployed. If false, HPA and VPA will be used.
	HVPAEnabled bool
	// Replicas is the number of pod replicas for the kube-apiserver.
	Replicas *int32
	// MinReplicas are the minimum Replicas for horizontal autoscaling.
	MinReplicas int32
	// MaxReplicas are the maximum Replicas for horizontal autoscaling.
	MaxReplicas int32
	// UseMemoryMetricForHvpaHPA states whether the memory metric shall be used when the HPA is configured in an HVPA
	// resource.
	UseMemoryMetricForHvpaHPA bool
	// ScaleDownDisabledForHvpa states whether scale-down shall be disabled when HPA or VPA are configured in an HVPA
	// resource.
	ScaleDownDisabledForHvpa bool
}

AutoscalingConfig contains information for configuring autoscaling settings for the kube-apiserver.

type Images added in v1.33.0

type Images struct {
	// AlpineIPTables is the container image for alpine-iptables.
	AlpineIPTables string
	// APIServerProxyPodWebhook is the container image for the apiserver-proxy-pod-webhook.
	APIServerProxyPodWebhook string
	// KubeAPIServer is the container image for the kube-apiserver.
	KubeAPIServer string
	// VPNSeed is the container image for the vpn-seed.
	VPNSeed string
}

Images is a set of container images used for the containers of the kube-apiserver pods.

type Interface added in v1.28.0

type Interface interface {
	component.DeployWaiter
	component.MonitoringComponent
	// GetAutoscalingReplicas gets the Replicas field in the AutoscalingConfig of the Values of the deployer.
	GetAutoscalingReplicas() *int32
	// GetValues returns the current configuration values of the deployer.
	GetValues() Values
	// SetSecrets sets the secrets.
	SetSecrets(Secrets)
	// SetAutoscalingAPIServerResources sets the APIServerResources field in the AutoscalingConfig of the Values of the
	// deployer.
	SetAutoscalingAPIServerResources(corev1.ResourceRequirements)
	// SetAutoscalingReplicas sets the Replicas field in the AutoscalingConfig of the Values of the deployer.
	SetAutoscalingReplicas(*int32)
	// SetServerCertificateConfig sets the ServerCertificateConfig field in the Values of the deployer.
	SetServerCertificateConfig(ServerCertificateConfig)
	// SetServiceAccountConfig sets the ServiceAccount field in the Values of the deployer.
	SetServiceAccountConfig(ServiceAccountConfig)
	// SetSNIConfig sets the SNI field in the Values of the deployer.
	SetSNIConfig(SNIConfig)
	// SetExternalHostname sets the ExternalHostname field in the Values of the deployer.
	SetExternalHostname(string)
	// SetExternalServer sets the ExternalServer field in the Values of the deployer.
	SetExternalServer(string)
}

Interface contains functions for a kube-apiserver deployer.

func New added in v1.28.0

func New(client kubernetes.Interface, namespace string, secretsManager secretsmanager.Interface, values Values) Interface

New creates a new instance of DeployWaiter for the kube-apiserver.

type SNIConfig added in v1.28.0

type SNIConfig struct {
	// Enabled states whether the SNI feature is enabled.
	Enabled bool
	// PodMutatorEnabled states whether the pod mutator is enabled.
	PodMutatorEnabled bool
	// APIServerFQDN is the fully qualified domain name for the kube-apiserver.
	APIServerFQDN string
	// AdvertiseAddress is the address which should be advertised by the kube-apiserver.
	AdvertiseAddress string
}

SNIConfig contains information for configuring SNI settings for the kube-apiserver.

type Secrets added in v1.33.0

type Secrets struct {
	// CA is the cluster's certificate authority.
	CA component.Secret
	// CAFrontProxy is the certificate authority for the front-proxy.
	CAFrontProxy component.Secret
}

Secrets is collection of secrets for the kube-apiserver.

type ServerCertificateConfig added in v1.44.0

type ServerCertificateConfig struct {
	// ExtraIPAddresses is a list of additional IP addresses to use for the SANS of the server certificate.
	ExtraIPAddresses []net.IP
	// ExtraDNSNames is a list of additional DNS names to use for the SANS of the server certificate.
	ExtraDNSNames []string
}

ServerCertificateConfig contains configuration for the server certificate.

type ServiceAccountConfig added in v1.33.0

type ServiceAccountConfig struct {
	// Issuer is the issuer of service accounts.
	Issuer string
	// AcceptedIssuers is an additional set of issuers that are used to determine which service account tokens are accepted.
	AcceptedIssuers []string
	// SigningKey is the key used when service accounts are signed.
	SigningKey []byte
	// ExtendTokenExpiration states whether the service account token expirations should be extended.
	ExtendTokenExpiration *bool
	// MaxTokenExpiration states what the maximal token expiration should be.
	MaxTokenExpiration *metav1.Duration
}

ServiceAccountConfig contains information for configuring ServiceAccountConfig settings for the kube-apiserver.

type VPNConfig added in v1.33.0

type VPNConfig struct {
	// ReversedVPNEnabled states whether the 'ReversedVPN' feature gate is enabled.
	ReversedVPNEnabled bool
	// PodNetworkCIDR is the CIDR of the pod network.
	PodNetworkCIDR string
	// ServiceNetworkCIDR is the CIDR of the service network.
	ServiceNetworkCIDR string
	// NodeNetworkCIDR is the CIDR of the node network.
	NodeNetworkCIDR *string
}

VPNConfig contains information for configuring the VPN settings for the kube-apiserver.

type Values added in v1.28.0

type Values struct {
	// AdmissionPlugins is the list of admission plugins with configuration for the kube-apiserver.
	AdmissionPlugins []gardencorev1beta1.AdmissionPlugin
	// AnonymousAuthenticationEnabled states whether anonymous authentication is enabled.
	AnonymousAuthenticationEnabled bool
	// APIAudiences are identifiers of the API. The service account token authenticator will validate that tokens used
	// against the API are bound to at least one of these audiences.
	APIAudiences []string
	// Audit contains information for configuring audit settings for the kube-apiserver.
	Audit *AuditConfig
	// Autoscaling contains information for configuring autoscaling settings for the kube-apiserver.
	Autoscaling AutoscalingConfig
	// BasicAuthenticationEnabled states whether basic authentication is enabled.
	BasicAuthenticationEnabled bool
	// EventTTL is the amount of time to retain events.
	EventTTL *metav1.Duration
	// ExternalHostname is the external hostname which should be exposed by the kube-apiserver.
	ExternalHostname string
	// ExternalServer is the external server which should be used when generating the user kubeconfig.
	ExternalServer string
	// FeatureGates is the set of feature gates.
	FeatureGates map[string]bool
	// Images is a set of container images used for the containers of the kube-apiserver pods.
	Images Images
	// OIDC contains information for configuring OIDC settings for the kube-apiserver.
	OIDC *gardencorev1beta1.OIDCConfig
	// Requests contains configuration for the kube-apiserver requests.
	Requests *gardencorev1beta1.KubeAPIServerRequests
	// RuntimeConfig is the set of runtime configurations.
	RuntimeConfig map[string]bool
	// ServerCertificate contains configuration for the server certificate.
	ServerCertificate ServerCertificateConfig
	// ServiceAccount contains information for configuring ServiceAccount settings for the kube-apiserver.
	ServiceAccount ServiceAccountConfig
	// SNI contains information for configuring SNI settings for the kube-apiserver.
	SNI SNIConfig
	// Version is the Kubernetes version for the kube-apiserver.
	Version *semver.Version
	// VPN contains information for configuring the VPN settings for the kube-apiserver.
	VPN VPNConfig
	// WatchCacheSizes are the configured sizes for the watch caches.
	WatchCacheSizes *gardencorev1beta1.WatchCacheSizes
	// EnableStaticTokenKubeconfig indicates whether static token kubeconfig secret will be created for shoot.
	EnableStaticTokenKubeconfig *bool
}

Values contains configuration values for the kube-apiserver resources.

Directories

Path Synopsis
Package mock is a generated GoMock package.
Package mock is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL