resourcemanager

package
v1.77.3 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 7, 2023 License: Apache-2.0, BSD-2-Clause, MIT, + 1 more Imports: 70 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// ManagedResourceName is the name for the ManagedResource containing resources deployed to the shoot cluster.
	ManagedResourceName = "shoot-core-gardener-resource-manager"
	// SecretNameShootAccess is the name of the shoot access secret for the gardener-resource-manager.
	SecretNameShootAccess = gardenerutils.SecretNamePrefixShootAccess + v1beta1constants.DeploymentNameGardenerResourceManager
	// LabelValue is a constant for the value of the 'app' label on Kubernetes resources.
	LabelValue = "gardener-resource-manager"
)

Variables

View Source 
var (

	//go:embed assets/crd-resources.gardener.cloud_managedresources.yaml
	// CRD is the custom resource definition for ManagedResources.
	CRD string

	// SkipWebhookDeployment is a variable which controls whether the webhook deployment should be skipped.
	// Exposed for testing.
	SkipWebhookDeployment bool
)
View Source 
var (
	// IntervalWaitForDeployment is the interval used while waiting for the Deployments to become healthy
	// or deleted.
	IntervalWaitForDeployment = 5 * time.Second
	// TimeoutWaitForDeployment is the timeout used while waiting for the Deployments to become healthy
	// or deleted.
	TimeoutWaitForDeployment = 5 * time.Minute
	// Until is an alias for retry.Until. Exposed for tests.
	Until = retry.Until
)

Functions

func CentralLoggingConfiguration 

func CentralLoggingConfiguration() (component.CentralLoggingConfig, error)

CentralLoggingConfiguration returns a fluent-bit parser and filters for the gardener-resource-manager logs.

func GetCRDDeletionProtectionValidatingWebhooks 

func GetCRDDeletionProtectionValidatingWebhooks(secretServerCA *corev1.Secret, buildClientConfigFn func(*corev1.Secret, string) admissionregistrationv1.WebhookClientConfig) []admissionregistrationv1.ValidatingWebhook

GetCRDDeletionProtectionValidatingWebhooks returns the ValidatingWebhooks for the crd-deletion-protection webhook for reuse between the component and integration tests.

func GetEndpointSliceHintsMutatingWebhook 

func GetEndpointSliceHintsMutatingWebhook(
	namespaceSelector *metav1.LabelSelector,
	secretServerCA *corev1.Secret,
	buildClientConfigFn func(*corev1.Secret, string) admissionregistrationv1.WebhookClientConfig,
) admissionregistrationv1.MutatingWebhook

GetEndpointSliceHintsMutatingWebhook returns the EndpointSlice hints mutating webhook for the resourcemanager component for reuse between the component and integration tests.

func GetExtensionValidationValidatingWebhooks 

func GetExtensionValidationValidatingWebhooks(secretServerCA *corev1.Secret, buildClientConfigFn func(*corev1.Secret, string) admissionregistrationv1.WebhookClientConfig) []admissionregistrationv1.ValidatingWebhook

GetExtensionValidationValidatingWebhooks returns the ValidatingWebhooks for the crd-deletion-protection webhook for reuse between the component and integration tests.

func GetHighAvailabilityConfigMutatingWebhook 

func GetHighAvailabilityConfigMutatingWebhook(namespaceSelector, objectSelector *metav1.LabelSelector, secretServerCA *corev1.Secret, buildClientConfigFn func(*corev1.Secret, string) admissionregistrationv1.WebhookClientConfig) admissionregistrationv1.MutatingWebhook

GetHighAvailabilityConfigMutatingWebhook returns the high-availability-config mutating webhook for the resourcemanager component for reuse between the component and integration tests.

func GetKubernetesServiceHostMutatingWebhook added in v1.72.0 

func GetKubernetesServiceHostMutatingWebhook(
	namespaceSelector *metav1.LabelSelector,
	secretServerCA *corev1.Secret,
	buildClientConfigFn func(*corev1.Secret, string) admissionregistrationv1.WebhookClientConfig,
) admissionregistrationv1.MutatingWebhook

GetKubernetesServiceHostMutatingWebhook returns the kubernetes-service-host mutating webhook for the resourcemanager component for reuse between the component and integration tests.

func GetPodSchedulerNameMutatingWebhook 

func GetPodSchedulerNameMutatingWebhook(namespaceSelector *metav1.LabelSelector, secretServerCA *corev1.Secret, buildClientConfigFn func(*corev1.Secret, string) admissionregistrationv1.WebhookClientConfig) admissionregistrationv1.MutatingWebhook

GetPodSchedulerNameMutatingWebhook returns the pod-scheduler-name1 mutating webhook for the resourcemanager component for reuse between the component and integration tests.

func GetPodTopologySpreadConstraintsMutatingWebhook 

func GetPodTopologySpreadConstraintsMutatingWebhook(
	resourceManagerPrefix string,
	namespaceSelector *metav1.LabelSelector,
	objectSelector *metav1.LabelSelector,
	secretServerCA *corev1.Secret,
	buildClientConfigFn func(*corev1.Secret, string) admissionregistrationv1.WebhookClientConfig,
) admissionregistrationv1.MutatingWebhook

GetPodTopologySpreadConstraintsMutatingWebhook returns the TSC mutating webhook for the resourcemanager component for reuse between the component and integration tests.

func GetSeccompProfileMutatingWebhook 

func GetSeccompProfileMutatingWebhook(
	resourceManagerPrefix string,
	namespaceSelector *metav1.LabelSelector,
	secretServerCA *corev1.Secret,
	buildClientConfigFn func(*corev1.Secret, string) admissionregistrationv1.WebhookClientConfig,
) admissionregistrationv1.MutatingWebhook

GetSeccompProfileMutatingWebhook returns the seccomp-profile mutating webhook for the resourcemanager component for reuse between the component and integration tests.

func GetSystemComponentsConfigMutatingWebhook 

func GetSystemComponentsConfigMutatingWebhook(namespaceSelector, objectSelector *metav1.LabelSelector, secretServerCA *corev1.Secret, buildClientConfigFn func(*corev1.Secret, string) admissionregistrationv1.WebhookClientConfig) admissionregistrationv1.MutatingWebhook

GetSystemComponentsConfigMutatingWebhook returns the system-components-config mutating webhook for the resourcemanager component for reuse between the component and integration tests.

func GetTokenInvalidatorMutatingWebhook 

func GetTokenInvalidatorMutatingWebhook(namespaceSelector *metav1.LabelSelector, secretServerCA *corev1.Secret, buildClientConfigFn func(*corev1.Secret, string) admissionregistrationv1.WebhookClientConfig) admissionregistrationv1.MutatingWebhook

GetTokenInvalidatorMutatingWebhook returns the token-invalidator mutating webhook for the resourcemanager component for reuse between the component and integration tests.

Types

type Interface 

type Interface interface {
	component.DeployWaiter
	component.MonitoringComponent
	// GetReplicas gets the Replicas field in the Values.
	GetReplicas() *int32
	// SetReplicas sets the Replicas field in the Values.
	SetReplicas(*int32)
	// SetSecrets sets the secrets.
	SetSecrets(Secrets)
	// GetValues returns the current configuration values of the deployer.
	GetValues() Values
}

Interface contains functions for a gardener-resource-manager deployer.

func New 

func New(
	client client.Client,
	namespace string,
	secretsManager secretsmanager.Interface,
	values Values,
) Interface

New creates a new instance of the gardener-resource-manager.

type Secrets 

type Secrets struct {
	// BootstrapKubeconfig is the kubeconfig of the gardener-resource-manager used during the bootstrapping process. Its
	// token requestor controller will request a JWT token for itself with this kubeconfig.
	BootstrapKubeconfig *component.Secret
	// contains filtered or unexported fields
}

Secrets is collection of secrets for the gardener-resource-manager.

type VPAConfig 

type VPAConfig struct {
	// MinAllowed specifies the minimal amount of resources that will be recommended
	// for the container.
	MinAllowed corev1.ResourceList
}

VPAConfig contains information for configuring VerticalPodAutoscaler settings for the gardener-resource-manager deployment.

type Values 

type Values struct {
	// AlwaysUpdate if set to false then a resource will only be updated if its desired state differs from the actual state. otherwise, an update request will be always sent
	AlwaysUpdate *bool
	// ClusterIdentity is the identity of the managing cluster.
	ClusterIdentity *string
	// ConcurrentSyncs are the number of worker threads for concurrent reconciliation of resources
	ConcurrentSyncs *int
	// DefaultNotReadyTolerationSeconds indicates the tolerationSeconds of the toleration for notReady:NoExecute
	DefaultNotReadyToleration *int64
	// DefaultUnreachableTolerationSeconds indicates the tolerationSeconds of the toleration for unreachable:NoExecute
	DefaultUnreachableToleration *int64
	// HealthSyncPeriod describes the duration of how often the health of existing resources should be synced
	HealthSyncPeriod *metav1.Duration
	// NetworkPolicyAdditionalNamespaceSelectors is the list of additional namespace selectors to consider for the
	// NetworkPolicy controller.
	NetworkPolicyAdditionalNamespaceSelectors []metav1.LabelSelector
	// NetworkPolicyControllerIngressControllerSelector is the peer information of the ingress controller for the
	// network policy controller.
	NetworkPolicyControllerIngressControllerSelector *resourcemanagerv1alpha1.IngressControllerSelector
	// Image is the container image.
	Image string
	// LogLevel is the level/severity for the logs. Must be one of [info,debug,error].
	LogLevel string
	// LogFormat is the output format for the logs. Must be one of [text,json].
	LogFormat string
	// MaxConcurrentHealthWorkers configures the number of worker threads for concurrent health reconciliation of resources.
	MaxConcurrentHealthWorkers *int
	// MaxConcurrentTokenInvalidatorWorkers configures the number of worker threads for concurrent token invalidator reconciliations.
	MaxConcurrentTokenInvalidatorWorkers *int
	// MaxConcurrentTokenRequestorWorkers configures the number of worker threads for concurrent token requestor reconciliations.
	MaxConcurrentTokenRequestorWorkers *int
	// MaxConcurrentCSRApproverWorkers configures the number of worker threads for concurrent kubelet CSR approver reconciliations.
	MaxConcurrentCSRApproverWorkers *int
	// MaxConcurrentCSRApproverWorkers configures the number of worker threads for the network policy controller.
	MaxConcurrentNetworkPolicyWorkers *int
	// NamePrefix is the prefix for the resource names.
	NamePrefix string
	// PriorityClassName is the name of the priority class.
	PriorityClassName string
	// Replicas is the number of replicas for the gardener-resource-manager deployment.
	Replicas *int32
	// ResourceClass is used to filter resource resources
	ResourceClass *string
	// SecretNameServerCA is the name of the server CA secret.
	SecretNameServerCA string
	// SyncPeriod configures the duration of how often existing resources should be synced
	SyncPeriod *metav1.Duration
	// SystemComponentTolerations are the tolerations required for shoot system components.
	SystemComponentTolerations []corev1.Toleration
	// TargetDiffersFromSourceCluster states whether the target cluster is a different one than the source cluster
	TargetDiffersFromSourceCluster bool
	// TargetDisableCache disables the cache for target cluster and always talk directly to the API server (defaults to false)
	TargetDisableCache *bool
	// WatchedNamespace restricts the gardener-resource-manager to only watch ManagedResources in the defined namespace.
	// If not set the gardener-resource-manager controller watches for ManagedResources in all namespaces
	WatchedNamespace *string
	// RuntimeKubernetesVersion is the Kubernetes version of the runtime cluster.
	RuntimeKubernetesVersion *semver.Version
	// VPA contains information for configuring VerticalPodAutoscaler settings for the gardener-resource-manager deployment.
	VPA *VPAConfig
	// SchedulingProfile is the kube-scheduler profile configured for the Shoot.
	SchedulingProfile *gardencorev1beta1.SchedulingProfile
	// DefaultSeccompProfileEnabled specifies if the defaulting seccomp profile webhook of GRM should be enabled or not.
	DefaultSeccompProfileEnabled bool
	// EndpointSliceHintsEnabled specifies if the EndpointSlice hints webhook of GRM should be enabled or not.
	EndpointSliceHintsEnabled bool
	// KubernetesServiceHost specifies the FQDN of the API server of the target cluster. If it is non-nil, the GRM's
	// kubernetes-service-host webhook will be enabled.
	KubernetesServiceHost *string
	// PodTopologySpreadConstraintsEnabled specifies if the pod's TSC should be mutated to support rolling updates.
	PodTopologySpreadConstraintsEnabled bool
	// FailureToleranceType determines the failure tolerance type for the resource manager deployment.
	FailureToleranceType *gardencorev1beta1.FailureToleranceType
	// Zones is number of availability zones.
	Zones []string
	// TopologyAwareRoutingEnabled indicates whether topology-aware routing is enabled for the gardener-resource-manager service.
	// This value is only applicable for the GRM that is deployed in the Shoot control plane (when TargetDiffersFromSourceCluster=true).
	TopologyAwareRoutingEnabled bool
	// IsWorkerless specifies whether the cluster has workers.
	IsWorkerless bool
}

Values holds the optional configuration options for the gardener resource manager

Source Files

View all Source files

Directories

Path Synopsis
Package mock is a generated GoMock package.
 Package mock is a generated GoMock package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.