botanist

package
v1.7.1-0...-23dd39d Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 16, 2021 License: Apache-2.0, BSD-2-Clause, MIT, + 1 more Imports: 107 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// Provider is the kubernetes provider label.
	Provider = "provider"
	// KubernetesProvider is the 'kubernetes' value of the Provider label.
	KubernetesProvider = "kubernetes"

	// KubeAggregatorAutoManaged is the label whether an APIService is automanaged by kube-aggregator.
	KubeAggregatorAutoManaged = autoregister.AutoRegisterManagedLabel

	// MetadataNameField ist the `metadata.name` field for a field selector.
	MetadataNameField = "metadata.name"
)
View Source 
const (
	// DNSInternalName is a constant for a DNS resources used for the internal domain name.
	DNSInternalName = "internal"
	// DNSExternalName is a constant for a DNS resources used for the external domain name.
	DNSExternalName = "external"
	// DNSProviderRoleAdditional is a constant for additionally managed DNS providers.
	DNSProviderRoleAdditional = "managed-dns-provider"
	// DNSRealmAnnotation is the annotation key for restricting provider access for shoot DNS entries
	DNSRealmAnnotation = "dns.gardener.cloud/realms"
)
View Source 
const CloudConfigExecutionManagedResourceName = "shoot-cloud-config-execution"

CloudConfigExecutionManagedResourceName is a constant for the name of a ManagedResource in the seed cluster in the shoot namespace which contains the cloud config user data execution script.

View Source 
const (
	// DefaultInterval is the default interval for retry operations.
	DefaultInterval = 5 * time.Second
)
View Source 
const (
	// ManagedResourceName is the name of the managed resource used to deploy referenced resources to the Seed cluster.
	ManagedResourceName = "referenced-resources"
)
View Source 
const NodeLocalIPVSAddress = "169.254.20.10"

NodeLocalIPVSAddress is the IPv4 address used by node local dns when IPVS is used.

View Source 
const (
	// SecretLabelKeyManagedResource is a key for a label on a secret with the value 'managed-resource'.
	SecretLabelKeyManagedResource = "managed-resource"
)

Variables

View Source 
var (
	// FinalizeAfterFiveMinutes is an option to finalize resources after five minutes.
	FinalizeAfterFiveMinutes = utilclient.FinalizeGracePeriodSeconds(5 * 60)

	// FinalizeAfterOneHour is an option to finalize resources after one hour.
	FinalizeAfterOneHour = utilclient.FinalizeGracePeriodSeconds(60 * 60)

	// ZeroGracePeriod is an option to delete resources with no grace period.
	ZeroGracePeriod = utilclient.DeleteWith{client.GracePeriodSeconds(0)}
	// GracePeriodFiveMinutes is an option to delete resources with a grace period of five minutes.
	GracePeriodFiveMinutes = utilclient.DeleteWith{client.GracePeriodSeconds(5 * 60)}

	// NotSystemComponent is a requirement that something doesn't have the GardenRole GardenRoleSystemComponent.
	NotSystemComponent = utils.MustNewRequirement(v1beta1constants.GardenRole, selection.NotEquals, v1beta1constants.GardenRoleSystemComponent)
	// NoCleanupPrevention is a requirement that the ShootNoCleanup label of something is not true.
	NoCleanupPrevention = utils.MustNewRequirement(v1beta1constants.ShootNoCleanup, selection.NotEquals, "true")
	// NotKubernetesProvider is a requirement that the Provider label of something is not KubernetesProvider.
	NotKubernetesProvider = utils.MustNewRequirement(Provider, selection.NotEquals, KubernetesProvider)
	// NotKubeAggregatorAutoManaged is a requirement that something is not auto-managed by Kube-Aggregator.
	NotKubeAggregatorAutoManaged = utils.MustNewRequirement(KubeAggregatorAutoManaged, selection.DoesNotExist)

	// CleanupSelector is a selector that excludes system components and all resources not considered for auto cleanup.
	CleanupSelector = labels.NewSelector().Add(NotSystemComponent).Add(NoCleanupPrevention)

	// NoCleanupPreventionListOption are CollectionMatching that exclude system components or non-auto cleaned up resource.
	NoCleanupPreventionListOption = client.MatchingLabelsSelector{Selector: CleanupSelector}

	// MutatingWebhookConfigurationCleanOption is the delete selector for MutatingWebhookConfigurations.
	MutatingWebhookConfigurationCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption}

	// ValidatingWebhookConfigurationCleanOption is the delete selector for ValidatingWebhookConfigurations.
	ValidatingWebhookConfigurationCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption}

	// CustomResourceDefinitionCleanOption is the delete selector for CustomResources.
	CustomResourceDefinitionCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption}

	// DaemonSetCleanOption is the delete selector for DaemonSets.
	DaemonSetCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption}

	// DeploymentCleanOption is the delete selector for Deployments.
	DeploymentCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption}

	// StatefulSetCleanOption is the delete selector for StatefulSets.
	StatefulSetCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption}

	// ServiceCleanOption is the delete selector for Services.
	ServiceCleanOption = utilclient.ListWith{
		client.MatchingLabelsSelector{
			Selector: labels.NewSelector().Add(NotKubernetesProvider, NotSystemComponent, NoCleanupPrevention),
		},
	}

	// NamespaceMatchingLabelsSelector is the delete label selector for Namespaces.
	NamespaceMatchingLabelsSelector = utilclient.ListWith{&NoCleanupPreventionListOption}

	// NamespaceMatchingFieldsSelector is the delete field selector for Namespaces.
	NamespaceMatchingFieldsSelector = utilclient.ListWith{
		client.MatchingFieldsSelector{
			Selector: fields.AndSelectors(
				fields.OneTermNotEqualSelector(MetadataNameField, metav1.NamespacePublic),
				fields.OneTermNotEqualSelector(MetadataNameField, metav1.NamespaceSystem),
				fields.OneTermNotEqualSelector(MetadataNameField, metav1.NamespaceDefault),
				fields.OneTermNotEqualSelector(MetadataNameField, corev1.NamespaceNodeLease),
			),
		},
	}

	// APIServiceCleanOption is the delete selector for APIServices.
	APIServiceCleanOption = utilclient.ListWith{
		client.MatchingLabelsSelector{
			Selector: labels.NewSelector().Add(NotSystemComponent, NotKubeAggregatorAutoManaged),
		},
	}

	// CronJobCleanOption is the delete selector for CronJobs.
	CronJobCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption}

	// IngressCleanOption is the delete selector for Ingresses.
	IngressCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption}

	// JobCleanOption is the delete selector for Jobs.
	JobCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption}

	// PodCleanOption is the delete selector for Pods.
	PodCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption}

	// ReplicaSetCleanOption is the delete selector for ReplicaSets.
	ReplicaSetCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption}

	// ReplicationControllerCleanOption is the delete selector for ReplicationControllers.
	ReplicationControllerCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption}

	// PersistentVolumeClaimCleanOption is the delete selector for PersistentVolumeClaims.
	PersistentVolumeClaimCleanOption = utilclient.ListWith{&NoCleanupPreventionListOption}

	// NamespaceErrorToleration are the errors to be tolerated during deletion.
	NamespaceErrorToleration = utilclient.TolerateErrors{apierrors.IsConflict}
)
View Source 
var (
	// ExecutorScriptFn is a function for computing the cloud config user data executor script.
	ExecutorScriptFn = executor.Script
	// DownloaderGenerateRBACResourcesDataFn is a function for generating the RBAC resources data map for the cloud
	// config user data executor scripts downloader.
	DownloaderGenerateRBACResourcesDataFn = downloader.GenerateRBACResourcesData
)

exposed for testing

View Source 
var (
	// IntervalWaitCloudConfigUpdated is the interval when waiting until the cloud config was updated for all worker pools.
	IntervalWaitCloudConfigUpdated = 5 * time.Second
	// TimeoutWaitCloudConfigUpdated is the timeout when waiting until the cloud config was updated for all worker pools.
	TimeoutWaitCloudConfigUpdated = downloader.UnitRestartSeconds*time.Second*2 + executor.ExecutionMaxDelaySeconds*time.Second
)

exposed for testing

View Source 
var NewEtcd = etcd.New

NewEtcd is a function exposed for testing.

Functions

func CloudConfigUpdatedForAllWorkerPools 

func CloudConfigUpdatedForAllWorkerPools(workers []gardencorev1beta1.Worker, workerPoolToNodes map[string][]corev1.Node, workerPoolToCloudConfigSecretChecksum map[string]string) error

CloudConfigUpdatedForAllWorkerPools checks if all the nodes for all the provided worker pools have successfully applied the desired version of their cloud-config user data.

func DeleteVolumeAttachments 

func DeleteVolumeAttachments(ctx context.Context, c client.Client) error

DeleteVolumeAttachments deletes all VolumeAttachments.

func WaitUntilVolumeAttachmentsDeleted 

func WaitUntilVolumeAttachmentsDeleted(ctx context.Context, c client.Client, log *logrus.Entry) error

WaitUntilVolumeAttachmentsDeleted waits until no VolumeAttachments exist anymore.

func WorkerPoolToCloudConfigSecretChecksumMap 

func WorkerPoolToCloudConfigSecretChecksumMap(ctx context.Context, shootClient client.Client) (map[string]string, error)

WorkerPoolToCloudConfigSecretChecksumMap lists all the cloud-config secrets with the given client in the shoot cluster. It returns a map whose key is the name of a worker pool and whose values are the corresponding checksums of the cloud-config script stored inside the secret's data.

func WorkerPoolToNodesMap 

func WorkerPoolToNodesMap(ctx context.Context, shootClient client.Client) (map[string][]corev1.Node, error)

WorkerPoolToNodesMap lists all the nodes with the given client in the shoot cluster. It returns a map whose key is the name of a worker pool and whose values are the corresponding nodes.

Types

type Botanist 

type Botanist struct {
	*operation.Operation
	DefaultDomainSecret *corev1.Secret
	// contains filtered or unexported fields
}

Botanist is a struct which has methods that perform cloud-independent operations for a Shoot cluster.

func New 

func New(ctx context.Context, o *operation.Operation) (*Botanist, error)

New takes an operation object <o> and creates a new Botanist object. It checks whether the given Shoot DNS domain is covered by a default domain, and if so, it sets the <DefaultDomainSecret> attribute on the Botanist object.

func (*Botanist) APIServerSNIEnabled 

func (b *Botanist) APIServerSNIEnabled() bool

APIServerSNIEnabled returns true if APIServerSNI feature gate is enabled and the shoot uses internal and external DNS.

func (*Botanist) APIServerSNIPodMutatorEnabled 

func (b *Botanist) APIServerSNIPodMutatorEnabled() bool

APIServerSNIPodMutatorEnabled returns false if the value of the Shoot annotation 'alpha.featuregates.shoot.gardener.cloud/apiserver-sni-pod-injector' is 'disable' or APIServereSNI feature is disabled.

func (*Botanist) AdditionalDNSProviders 

func (b *Botanist) AdditionalDNSProviders(ctx context.Context, gardenClient, seedClient client.Client) (map[string]component.DeployWaiter, error)

AdditionalDNSProviders returns a map containing DNSProviders where the key is the provider name. Providers and DNSEntries which are no longer needed / or in use, contain a DeployWaiter which removes said DNSEntry / DNSProvider.

func (*Botanist) ApplyEncryptionConfiguration 

func (b *Botanist) ApplyEncryptionConfiguration(ctx context.Context) error

ApplyEncryptionConfiguration creates or updates a secret on the Seed which contains the encryption configuration that is necessary to encrypt the Kubernetes secrets in etcd.

func (*Botanist) CheckTunnelConnection 

func (b *Botanist) CheckTunnelConnection(ctx context.Context, logger *logrus.Entry, tunnelName string) (bool, error)

CheckTunnelConnection checks if the tunnel connection between the control plane and the shoot networks is established.

func (*Botanist) CleanExtendedAPIs 

func (b *Botanist) CleanExtendedAPIs(ctx context.Context) error

CleanExtendedAPIs removes API extensions like CRDs and API services from the Shoot cluster.

func (*Botanist) CleanKubernetesResources 

func (b *Botanist) CleanKubernetesResources(ctx context.Context) error

CleanKubernetesResources deletes all the Kubernetes resources in the Shoot cluster other than those stored in the exceptions map. It will check whether all the Kubernetes resources in the Shoot cluster other than those stored in the exceptions map have been deleted. It will return an error in case it has not finished yet, and nil if all resources are gone.

func (*Botanist) CleanShootNamespaces 

func (b *Botanist) CleanShootNamespaces(ctx context.Context) error

CleanShootNamespaces deletes all non-system namespaces in the Shoot cluster. It assumes that all workload resources are cleaned up in previous step(s).

func (*Botanist) CleanWebhooks 

func (b *Botanist) CleanWebhooks(ctx context.Context) error

CleanWebhooks deletes all Webhooks in the Shoot cluster that are not being managed by the addon manager.

func (*Botanist) DefaultClusterAutoscaler 

func (b *Botanist) DefaultClusterAutoscaler() (clusterautoscaler.ClusterAutoscaler, error)

DefaultClusterAutoscaler returns a deployer for the cluster-autoscaler.

func (*Botanist) DefaultContainerRuntime 

func (b *Botanist) DefaultContainerRuntime(seedClient client.Client) containerruntime.Interface

DefaultContainerRuntime creates the default deployer for the ContainerRuntime custom resource.

func (*Botanist) DefaultControlPlane 

func (b *Botanist) DefaultControlPlane(seedClient client.Client, purpose extensionsv1alpha1.Purpose) extensionscontrolplane.Interface

DefaultControlPlane creates the default deployer for the ControlPlane custom resource with the given purpose.

func (*Botanist) DefaultCoreBackupEntry 

func (b *Botanist) DefaultCoreBackupEntry(gardenClient client.Client) component.DeployWaiter

DefaultCoreBackupEntry creates the default deployer for the core.gardener.cloud/v1beta1.BackupEntry resource.

func (*Botanist) DefaultEtcd 

func (b *Botanist) DefaultEtcd(role string, class etcd.Class) (etcd.Etcd, error)

DefaultEtcd returns a deployer for the etcd.

func (*Botanist) DefaultExtension 

func (b *Botanist) DefaultExtension(ctx context.Context, seedClient client.Client) (extension.Interface, error)

DefaultExtension creates the default deployer for the Extension custom resources.

func (*Botanist) DefaultExtensionsBackupEntry 

func (b *Botanist) DefaultExtensionsBackupEntry(seedClient client.Client) extensionsbackupentry.Interface

DefaultExtensionsBackupEntry creates the default deployer for the extensions.gardener.cloud/v1alpha1.BackupEntry custom resource.

func (*Botanist) DefaultExternalDNSEntry 

func (b *Botanist) DefaultExternalDNSEntry(seedClient client.Client) component.DeployWaiter

DefaultExternalDNSEntry returns DeployWaiter which removes the external DNSEntry.

func (*Botanist) DefaultExternalDNSOwner 

func (b *Botanist) DefaultExternalDNSOwner(seedClient client.Client) component.DeployWaiter

DefaultExternalDNSOwner returns DeployWaiter which removes the external DNSOwner.

func (*Botanist) DefaultExternalDNSProvider 

func (b *Botanist) DefaultExternalDNSProvider(seedClient client.Client) component.DeployWaiter

DefaultExternalDNSProvider returns the external DNSProvider if external DNS is enabled and if not DeployWaiter which removes the external DNSProvider.

func (*Botanist) DefaultInfrastructure 

func (b *Botanist) DefaultInfrastructure(seedClient client.Client) infrastructure.Interface

DefaultInfrastructure creates the default deployer for the Infrastructure custom resource.

func (*Botanist) DefaultInternalDNSEntry 

func (b *Botanist) DefaultInternalDNSEntry(seedClient client.Client) component.DeployWaiter

DefaultInternalDNSEntry returns DeployWaiter which removes the internal DNSEntry.

func (*Botanist) DefaultInternalDNSOwner 

func (b *Botanist) DefaultInternalDNSOwner(seedClient client.Client) component.DeployWaiter

DefaultInternalDNSOwner returns a DeployWaiter which removes the internal DNSOwner.

func (*Botanist) DefaultInternalDNSProvider 

func (b *Botanist) DefaultInternalDNSProvider(seedClient client.Client) component.DeployWaiter

DefaultInternalDNSProvider returns the internal DNSProvider if internal DNS is enabled and if not, DeployWaiter which removes the internal DNSProvider.

func (*Botanist) DefaultKonnectivityServer 

func (b *Botanist) DefaultKonnectivityServer() (konnectivity.KonnectivityServer, error)

DefaultKonnectivityServer returns a deployer for the konnectivity-server.

func (*Botanist) DefaultKubeAPIServerSNI 

func (b *Botanist) DefaultKubeAPIServerSNI() component.DeployWaiter

DefaultKubeAPIServerSNI returns a deployer for kube-apiserver SNI.

func (*Botanist) DefaultKubeAPIServerService 

func (b *Botanist) DefaultKubeAPIServerService(sniPhase component.Phase) component.DeployWaiter

DefaultKubeAPIServerService returns a deployer for kube-apiserver service.

func (*Botanist) DefaultKubeControllerManager 

func (b *Botanist) DefaultKubeControllerManager() (kubecontrollermanager.KubeControllerManager, error)

DefaultKubeControllerManager returns a deployer for the kube-controller-manager.

func (*Botanist) DefaultKubeScheduler 

func (b *Botanist) DefaultKubeScheduler() (kubescheduler.KubeScheduler, error)

DefaultKubeScheduler returns a deployer for the kube-scheduler.

func (*Botanist) DefaultMetricsServer 

func (b *Botanist) DefaultMetricsServer() (metricsserver.MetricsServer, error)

DefaultMetricsServer returns a deployer for the metrics-server.

func (*Botanist) DefaultNetwork 

func (b *Botanist) DefaultNetwork(seedClient client.Client) component.DeployMigrateWaiter

DefaultNetwork creates the default deployer for the Network custom resource.

func (*Botanist) DefaultNginxIngressDNSEntry 

func (b *Botanist) DefaultNginxIngressDNSEntry(seedClient client.Client) component.DeployWaiter

DefaultNginxIngressDNSEntry returns a Deployer which removes existing nginx ingress DNSEntry.

func (*Botanist) DefaultNginxIngressDNSOwner 

func (b *Botanist) DefaultNginxIngressDNSOwner(seedClient client.Client) component.DeployWaiter

DefaultNginxIngressDNSOwner returns DeployWaiter which removes the nginx ingress DNSOwner.

func (*Botanist) DefaultOperatingSystemConfig 

func (b *Botanist) DefaultOperatingSystemConfig(seedClient client.Client) (operatingsystemconfig.Interface, error)

DefaultOperatingSystemConfig creates the default deployer for the OperatingSystemConfig custom resource.

func (*Botanist) DefaultResourceManager 

func (b *Botanist) DefaultResourceManager() (resourcemanager.ResourceManager, error)

DefaultResourceManager returns an instance of Gardener Resource Manager with defaults configured for being deployed in a Shoot namespace

func (*Botanist) DefaultShootNamespaces 

func (b *Botanist) DefaultShootNamespaces() component.DeployWaiter

DefaultShootNamespaces returns a deployer for the shoot namespaces.

func (*Botanist) DefaultWorker 

func (b *Botanist) DefaultWorker(seedClient client.Client) worker.Interface

DefaultWorker creates the default deployer for the Worker custom resource.

func (*Botanist) DeleteAllManagedResourcesObjects 

func (b *Botanist) DeleteAllManagedResourcesObjects(ctx context.Context) error

DeleteAllManagedResourcesObjects deletes all managed resources from the Shoot namespace in the Seed.

func (*Botanist) DeleteDNSProviders 

func (b *Botanist) DeleteDNSProviders(ctx context.Context) error

DeleteDNSProviders deletes all DNS providers in the shoot namespace of the seed.

func (*Botanist) DeleteGrafana 

func (b *Botanist) DeleteGrafana(ctx context.Context) error

DeleteGrafana will delete all grafana instances from the seed cluster.

func (*Botanist) DeleteKubeAPIServer 

func (b *Botanist) DeleteKubeAPIServer(ctx context.Context) error

DeleteKubeAPIServer deletes the kube-apiserver deployment in the Seed cluster which holds the Shoot's control plane.

func (*Botanist) DeleteManagedResources 

func (b *Botanist) DeleteManagedResources(ctx context.Context) error

DeleteManagedResources deletes all managed resources labeled with `origin=gardener` from the Shoot namespace in the Seed.

func (*Botanist) DeleteSeedMonitoring 

func (b *Botanist) DeleteSeedMonitoring(ctx context.Context) error

DeleteSeedMonitoring will delete the monitoring stack from the Seed cluster to avoid phantom alerts during the deletion process. More precisely, the Alertmanager and Prometheus StatefulSets will be deleted.

func (*Botanist) DeleteSeedNamespace 

func (b *Botanist) DeleteSeedNamespace(ctx context.Context) error

DeleteSeedNamespace deletes the namespace in the Seed cluster which holds the control plane components. The built-in garbage collection in Kubernetes will automatically delete all resources which belong to this namespace. This comprises volumes and load balancers as well.

func (*Botanist) DeployCloudProviderSecret 

func (b *Botanist) DeployCloudProviderSecret(ctx context.Context) error

DeployCloudProviderSecret creates or updates the cloud provider secret in the Shoot namespace in the Seed cluster.

func (*Botanist) DeployClusterAutoscaler 

func (b *Botanist) DeployClusterAutoscaler(ctx context.Context) error

DeployClusterAutoscaler deploys the Kubernetes cluster-autoscaler.

func (*Botanist) DeployContainerRuntime 

func (b *Botanist) DeployContainerRuntime(ctx context.Context) error

DeployContainerRuntime deploys the ContainerRuntime custom resources and triggers the restore operation in case the Shoot is in the restore phase of the control plane migration

func (*Botanist) DeployControlPlane 

func (b *Botanist) DeployControlPlane(ctx context.Context) error

DeployControlPlane deploys or restores the ControlPlane custom resource (purpose normal).

func (*Botanist) DeployControlPlaneExposure 

func (b *Botanist) DeployControlPlaneExposure(ctx context.Context) error

DeployControlPlaneExposure deploys or restores the ControlPlane custom resource (purpose exposure).

func (*Botanist) DeployEtcd 

func (b *Botanist) DeployEtcd(ctx context.Context) error

DeployEtcd deploys the etcd main and events.

func (*Botanist) DeployExtensions 

func (b *Botanist) DeployExtensions(ctx context.Context) error

DeployExtensions deploys the Extension custom resources and triggers the restore operation in case the Shoot is in the restore phase of the control plane migration.

func (*Botanist) DeployExternalDNS 

func (b *Botanist) DeployExternalDNS(ctx context.Context) error

DeployExternalDNS deploys the external DNSOwner, DNSProvider, and DNSEntry resources.

func (*Botanist) DeployGardenerResourceManager 

func (b *Botanist) DeployGardenerResourceManager(ctx context.Context) error

DeployGardenerResourceManager deploys the gardener-resource-manager

func (*Botanist) DeployInfrastructure 

func (b *Botanist) DeployInfrastructure(ctx context.Context) error

DeployInfrastructure deploys the Infrastructure custom resource and triggers the restore operation in case the Shoot is in the restore phase of the control plane migration.

func (*Botanist) DeployInternalDNS 

func (b *Botanist) DeployInternalDNS(ctx context.Context) error

DeployInternalDNS deploys the internal DNSOwner, DNSProvider, and DNSEntry resources.

func (*Botanist) DeployKonnectivityServer 

func (b *Botanist) DeployKonnectivityServer(ctx context.Context) error

DeployKonnectivityServer deploys the KonnectivityServer.

func (*Botanist) DeployKubeAPIServer 

func (b *Botanist) DeployKubeAPIServer(ctx context.Context) error

DeployKubeAPIServer deploys kube-apiserver deployment.

func (*Botanist) DeployKubeAPIServerSNI 

func (b *Botanist) DeployKubeAPIServerSNI(ctx context.Context) error

DeployKubeAPIServerSNI deploys the kube-apiserver-sni chart.

func (*Botanist) DeployKubeAPIService 

func (b *Botanist) DeployKubeAPIService(ctx context.Context, sniPhase component.Phase) error

DeployKubeAPIService deploys for kube-apiserver service.

func (*Botanist) DeployKubeControllerManager 

func (b *Botanist) DeployKubeControllerManager(ctx context.Context) error

DeployKubeControllerManager deploys the Kubernetes Controller Manager.

func (*Botanist) DeployKubeScheduler 

func (b *Botanist) DeployKubeScheduler(ctx context.Context) error

DeployKubeScheduler deploys the Kubernetes scheduler.

func (*Botanist) DeployManagedResourceForAddons 

func (b *Botanist) DeployManagedResourceForAddons(ctx context.Context) error

DeployManagedResourceForAddons deploys all the ManagedResource CRDs for the gardener-resource-manager.

func (*Botanist) DeployManagedResourceForCloudConfigExecutor 

func (b *Botanist) DeployManagedResourceForCloudConfigExecutor(ctx context.Context) error

DeployManagedResourceForCloudConfigExecutor creates the cloud config managed resource that contains: 1. A secret containing the dedicated cloud config execution script for each worker group 2. A secret containing some shared RBAC policies for downloading the cloud config execution script

func (*Botanist) DeployMetricsServer 

func (b *Botanist) DeployMetricsServer(ctx context.Context) error

DeployMetricsServer deploys the metrics-server.

func (*Botanist) DeployNetwork 

func (b *Botanist) DeployNetwork(ctx context.Context) error

DeployNetwork deploys the Network custom resource and triggers the restore operation in case the Shoot is in the restore phase of the control plane migration

func (*Botanist) DeployNetworkPolicies 

func (b *Botanist) DeployNetworkPolicies(ctx context.Context) error

DeployNetworkPolicies creates a network policies in a Shoot cluster's namespace that deny all traffic and allow certain components to use annotations to declare their desire to transmit/receive traffic to/from other Pods/IP addresses.

func (*Botanist) DeployOperatingSystemConfig 

func (b *Botanist) DeployOperatingSystemConfig(ctx context.Context) error

DeployOperatingSystemConfig deploys the OperatingSystemConfig custom resource and triggers the restore operation in case the Shoot is in the restore phase of the control plane migration.

func (*Botanist) DeployReferencedResources 

func (b *Botanist) DeployReferencedResources(ctx context.Context) error

DeployReferencedResources reads all referenced resources from the Garden cluster and writes a managed resource to the Seed cluster.

func (*Botanist) DeploySecrets 

func (b *Botanist) DeploySecrets(ctx context.Context) error

DeploySecrets takes all existing secrets from the ShootState resource and deploys them in the shoot's control plane.

func (*Botanist) DeploySeedLogging 

func (b *Botanist) DeploySeedLogging(ctx context.Context) error

DeploySeedLogging will install the Helm release "seed-bootstrap/charts/loki" in the Seed clusters.

func (*Botanist) DeploySeedMonitoring 

func (b *Botanist) DeploySeedMonitoring(ctx context.Context) error

DeploySeedMonitoring will install the Helm release "seed-monitoring" in the Seed clusters. It comprises components to monitor the Shoot cluster whose control plane runs in the Seed cluster.

func (*Botanist) DeploySeedNamespace 

func (b *Botanist) DeploySeedNamespace(ctx context.Context) error

DeploySeedNamespace creates a namespace in the Seed cluster which is used to deploy all the control plane components for the Shoot cluster. Moreover, the cloud provider configuration and all the secrets will be stored as ConfigMaps/Secrets.

func (*Botanist) DeployVerticalPodAutoscaler 

func (b *Botanist) DeployVerticalPodAutoscaler(ctx context.Context) error

DeployVerticalPodAutoscaler deploys the VPA into the shoot namespace in the seed.

func (*Botanist) DeployWorker 

func (b *Botanist) DeployWorker(ctx context.Context) error

DeployWorker deploys the Worker custom resource and triggers the restore operation in case the Shoot is in the restore phase of the control plane migration

func (*Botanist) DestroyAllExtensionResources 

func (b *Botanist) DestroyAllExtensionResources(ctx context.Context) error

DestroyAllExtensionResources deletes all extension CRs from the Shoot namespace.

func (*Botanist) DestroyExternalDNS 

func (b *Botanist) DestroyExternalDNS(ctx context.Context) error

DestroyExternalDNS destroys the external DNSEntry, DNSOwner, and DNSProvider resources.

func (*Botanist) DestroyIngressDNSRecord 

func (b *Botanist) DestroyIngressDNSRecord(ctx context.Context) error

DestroyIngressDNSRecord destroys the nginx ingress DNSEntry and DNSOwner resources.

func (*Botanist) DestroyInternalDNS 

func (b *Botanist) DestroyInternalDNS(ctx context.Context) error

DestroyInternalDNS destroys the internal DNSEntry, DNSOwner, and DNSProvider resources.

func (*Botanist) DestroyReferencedResources 

func (b *Botanist) DestroyReferencedResources(ctx context.Context) error

DestroyReferencedResources deletes the managed resource containing referenced resources from the Seed cluster.

func (*Botanist) EnsureClusterIdentity 

func (b *Botanist) EnsureClusterIdentity(ctx context.Context) error

EnsureClusterIdentity ensures that Shoot cluster-identity ConfigMap exists and stores its data in the operation. Updates shoot.status.clusterIdentity if it doesn't exist already.

func (*Botanist) EnsureIngressDNSRecord 

func (b *Botanist) EnsureIngressDNSRecord(ctx context.Context) error

EnsureIngressDNSRecord deploys the nginx ingress DNSEntry and DNSOwner resources.

func (*Botanist) GenerateAndSaveSecrets 

func (b *Botanist) GenerateAndSaveSecrets(ctx context.Context) error

GenerateAndSaveSecrets creates a CA certificate for the Shoot cluster and uses it to sign the server certificate used by the kube-apiserver, and all client certificates used for communication. It also creates RSA key pairs for SSH connections to the nodes/VMs and for the VPN tunnel. Moreover, basic authentication credentials are computed which will be used to secure the Ingress resources and the kube-apiserver itself. Server certificates for the exposed monitoring endpoints (via Ingress) are generated as well.

func (*Botanist) GenerateEncryptionConfiguration 

func (b *Botanist) GenerateEncryptionConfiguration(ctx context.Context) error

GenerateEncryptionConfiguration generates new encryption configuration data or syncs it from the etcd encryption configuration secret if it already exists.

func (*Botanist) GenerateKubernetesDashboardConfig 

func (b *Botanist) GenerateKubernetesDashboardConfig() (map[string]interface{}, error)

GenerateKubernetesDashboardConfig generates the values which are required to render the chart of the kubernetes-dashboard properly.

func (*Botanist) GenerateNginxIngressConfig 

func (b *Botanist) GenerateNginxIngressConfig() (map[string]interface{}, error)

GenerateNginxIngressConfig generates the values which are required to render the chart of the nginx-ingress properly.

func (*Botanist) HibernateControlPlane 

func (b *Botanist) HibernateControlPlane(ctx context.Context) error

HibernateControlPlane hibernates the entire control plane if the shoot shall be hibernated.

func (*Botanist) KeepObjectsForAllManagedResources 

func (b *Botanist) KeepObjectsForAllManagedResources(ctx context.Context) error

KeepObjectsForAllManagedResources sets ManagedResource.Spec.KeepObjects to true.

func (*Botanist) MigrateAllExtensionResources 

func (b *Botanist) MigrateAllExtensionResources(ctx context.Context) (err error)

MigrateAllExtensionResources migrates all extension CRs.

func (*Botanist) MigrateExternalDNS 

func (b *Botanist) MigrateExternalDNS(ctx context.Context) error

MigrateExternalDNS destroys the external DNSEntry, DNSOwner, and DNSProvider resources, without removing the entry from the DNS provider.

func (*Botanist) MigrateIngressDNSRecord 

func (b *Botanist) MigrateIngressDNSRecord(ctx context.Context) error

MigrateIngressDNSRecord destroys the nginx ingress DNSEntry and DNSOwner resources, without removing the entry from the DNS provider.

func (*Botanist) MigrateInternalDNS 

func (b *Botanist) MigrateInternalDNS(ctx context.Context) error

MigrateInternalDNS destroys the internal DNSEntry, DNSOwner, and DNSProvider resources, without removing the entry from the DNS provider.

func (*Botanist) NeedsAdditionalDNSProviders 

func (b *Botanist) NeedsAdditionalDNSProviders() bool

NeedsAdditionalDNSProviders returns true if additional DNS providers are needed.

func (*Botanist) NeedsExternalDNS 

func (b *Botanist) NeedsExternalDNS() bool

NeedsExternalDNS returns true if the Shoot cluster needs external DNS.

func (*Botanist) NeedsInternalDNS 

func (b *Botanist) NeedsInternalDNS() bool

NeedsInternalDNS returns true if the Shoot cluster needs internal DNS.

func (*Botanist) PersistEncryptionConfiguration 

func (b *Botanist) PersistEncryptionConfiguration(ctx context.Context) error

PersistEncryptionConfiguration adds the encryption configuration to the ShootState.

func (*Botanist) PrepareKubeAPIServerForMigration 

func (b *Botanist) PrepareKubeAPIServerForMigration(ctx context.Context) error

PrepareKubeAPIServerForMigration deletes the kube-apiserver and deletes its hvpa

func (*Botanist) RemoveOldETCDEncryptionSecretFromGardener 

func (b *Botanist) RemoveOldETCDEncryptionSecretFromGardener(ctx context.Context) error

RemoveOldETCDEncryptionSecretFromGardener removes the etcd encryption configuration secret from the Shoot's namespace in the garden cluster as it is no longer necessary. This step can be removed in the future after all secrets have been cleaned up.

func (*Botanist) RequiredExtensionsReady 

func (b *Botanist) RequiredExtensionsReady(ctx context.Context) error

RequiredExtensionsReady checks whether all required extensions needed for a shoot operation exist and are ready.

func (*Botanist) RestartControlPlanePods 

func (b *Botanist) RestartControlPlanePods(ctx context.Context) error

RestartControlPlanePods restarts (deletes) pods of the shoot control plane.

func (*Botanist) RewriteShootSecretsIfEncryptionConfigurationChanged 

func (b *Botanist) RewriteShootSecretsIfEncryptionConfigurationChanged(ctx context.Context) error

RewriteShootSecretsIfEncryptionConfigurationChanged rewrites the secrets in the Shoot if the etcd encryption configuration changed. Rewriting here means that a patch request is sent that forces the etcd to encrypt them with the new configuration.

func (*Botanist) SNIPhase 

func (b *Botanist) SNIPhase(ctx context.Context) (component.Phase, error)

SNIPhase returns the current phase of the SNI enablement of kube-apiserver's service.

func (*Botanist) ScaleETCDToOne 

func (b *Botanist) ScaleETCDToOne(ctx context.Context) error

ScaleETCDToOne scales ETCD main and events replicas to one.

func (*Botanist) ScaleETCDToZero 

func (b *Botanist) ScaleETCDToZero(ctx context.Context) error

ScaleETCDToZero scales ETCD main and events replicas to zero.

func (*Botanist) ScaleGardenerResourceManagerToOne 

func (b *Botanist) ScaleGardenerResourceManagerToOne(ctx context.Context) error

ScaleGardenerResourceManagerToOne scales the gardener-resource-manager deployment

func (*Botanist) ScaleKubeAPIServerToOne 

func (b *Botanist) ScaleKubeAPIServerToOne(ctx context.Context) error

ScaleKubeAPIServerToOne scales kube-apiserver replicas to one

func (*Botanist) ScaleKubeControllerManagerToOne 

func (b *Botanist) ScaleKubeControllerManagerToOne(ctx context.Context) error

ScaleKubeControllerManagerToOne scales kube-controller-manager replicas to one.

func (*Botanist) SetNginxIngressAddress 

func (b *Botanist) SetNginxIngressAddress(address string, seedClient client.Client)

SetNginxIngressAddress sets the IP address of the API server's LoadBalancer.

func (*Botanist) SnapshotEtcd 

func (b *Botanist) SnapshotEtcd(ctx context.Context) error

SnapshotEtcd executes into the etcd-main pod and triggers a full snapshot.

func (*Botanist) SyncShootCredentialsToGarden 

func (b *Botanist) SyncShootCredentialsToGarden(ctx context.Context) error

SyncShootCredentialsToGarden copies the kubeconfig generated for the user, the SSH keypair to the project namespace in the Garden cluster and the monitoring credentials for the user-facing monitoring stack are also copied.

func (*Botanist) UpdateShootAndCluster 

func (b *Botanist) UpdateShootAndCluster(ctx context.Context, shoot *gardencorev1beta1.Shoot, transform func() error) error

UpdateShootAndCluster updates the given `core.gardener.cloud/v1beta1.Shoot` resource in the garden cluster after applying the given transform function to it. It will also update the `shoot` field in the extensions.gardener.cloud/v1alpha1.Cluster` resource in the seed cluster with the updated shoot information.

func (*Botanist) WaitForInfrastructure 

func (b *Botanist) WaitForInfrastructure(ctx context.Context) error

WaitForInfrastructure waits until the infrastructure reconciliation has finished and extracts the provider status out of it.

func (*Botanist) WaitForKubeControllerManagerToBeActive 

func (b *Botanist) WaitForKubeControllerManagerToBeActive(ctx context.Context) error

WaitForKubeControllerManagerToBeActive waits for the kube controller manager of a Shoot cluster has acquired leader election, thus is active.

func (*Botanist) WaitUntilAllExtensionResourcesMigrated 

func (b *Botanist) WaitUntilAllExtensionResourcesMigrated(ctx context.Context) error

WaitUntilAllExtensionResourcesMigrated waits until all extension CRs were successfully migrated.

func (*Botanist) WaitUntilAllManagedResourcesDeleted 

func (b *Botanist) WaitUntilAllManagedResourcesDeleted(ctx context.Context) error

WaitUntilAllManagedResourcesDeleted waits until all managed resources are gone or the context is cancelled.

func (*Botanist) WaitUntilCloudConfigUpdatedForAllWorkerPools 

func (b *Botanist) WaitUntilCloudConfigUpdatedForAllWorkerPools(ctx context.Context) error

WaitUntilCloudConfigUpdatedForAllWorkerPools waits for a maximum of 6 minutes until all the nodes for all the worker pools in the Shoot have successfully applied the desired version of their cloud-config user data.

func (*Botanist) WaitUntilEndpointsDoNotContainPodIPs 

func (b *Botanist) WaitUntilEndpointsDoNotContainPodIPs(ctx context.Context) error

WaitUntilEndpointsDoNotContainPodIPs waits until all endpoints in the shoot cluster to not contain any IPs from the Shoot's PodCIDR.

func (*Botanist) WaitUntilEtcdsReady 

func (b *Botanist) WaitUntilEtcdsReady(ctx context.Context) error

WaitUntilEtcdsReady waits until both etcd-main and etcd-events are ready.

func (*Botanist) WaitUntilKubeAPIServerIsDeleted 

func (b *Botanist) WaitUntilKubeAPIServerIsDeleted(ctx context.Context) error

WaitUntilKubeAPIServerIsDeleted waits until the kube-apiserver is deleted

func (*Botanist) WaitUntilKubeAPIServerReady 

func (b *Botanist) WaitUntilKubeAPIServerReady(ctx context.Context) error

WaitUntilKubeAPIServerReady waits until the kube-apiserver pod(s) indicate readiness in their statuses.

func (*Botanist) WaitUntilManagedResourcesDeleted 

func (b *Botanist) WaitUntilManagedResourcesDeleted(ctx context.Context) error

WaitUntilManagedResourcesDeleted waits until all managed resources labeled with `origin=gardener` are gone or the context is cancelled.

func (*Botanist) WaitUntilNginxIngressServiceIsReady 

func (b *Botanist) WaitUntilNginxIngressServiceIsReady(ctx context.Context) error

WaitUntilNginxIngressServiceIsReady waits until the external load balancer of the nginx ingress controller has been created.

func (*Botanist) WaitUntilNoPodRunning 

func (b *Botanist) WaitUntilNoPodRunning(ctx context.Context) error

WaitUntilNoPodRunning waits until there is no running Pod in the shoot cluster.

func (*Botanist) WaitUntilNodesDeleted 

func (b *Botanist) WaitUntilNodesDeleted(ctx context.Context) error

WaitUntilNodesDeleted waits until no nodes exist in the shoot cluster anymore.

func (*Botanist) WaitUntilRequiredExtensionsReady 

func (b *Botanist) WaitUntilRequiredExtensionsReady(ctx context.Context) error

WaitUntilRequiredExtensionsReady waits until all the extensions required for a shoot reconciliation are ready

func (*Botanist) WaitUntilSeedNamespaceDeleted 

func (b *Botanist) WaitUntilSeedNamespaceDeleted(ctx context.Context) error

WaitUntilSeedNamespaceDeleted waits until the namespace of the Shoot cluster within the Seed cluster is deleted.

func (*Botanist) WaitUntilTunnelConnectionExists 

func (b *Botanist) WaitUntilTunnelConnectionExists(ctx context.Context) error

WaitUntilTunnelConnectionExists waits until a port forward connection to the tunnel pod (vpn-shoot or konnectivity-agent) in the kube-system namespace of the Shoot cluster can be established.

func (*Botanist) WaitUntilVpnShootServiceIsReady 

func (b *Botanist) WaitUntilVpnShootServiceIsReady(ctx context.Context) error

WaitUntilVpnShootServiceIsReady waits until the external load balancer of the VPN has been created.

func (*Botanist) WakeUpKubeAPIServer 

func (b *Botanist) WakeUpKubeAPIServer(ctx context.Context) error

WakeUpKubeAPIServer creates a service and ensures API Server is scaled up

Source Files

View all Source files

Directories

Path Synopsis
addons
networkpolicy
backupentry
clusterautoscaler
clusterautoscaler/mock
Package mock is a generated GoMock package.
 Package mock is a generated GoMock package.
clusteridentity
etcd
etcd/mock
Package mock is a generated GoMock package.
 Package mock is a generated GoMock package.
extensions/backupentry
extensions/backupentry/mock
Package backupentry is a generated GoMock package.
 Package backupentry is a generated GoMock package.
extensions/containerruntime
extensions/containerruntime/mock
Package containerruntime is a generated GoMock package.
 Package containerruntime is a generated GoMock package.
extensions/controlplane
extensions/controlplane/mock
Package controlplane is a generated GoMock package.
 Package controlplane is a generated GoMock package.
extensions/dns
extensions/extension
extensions/extension/mock
Package extension is a generated GoMock package.
 Package extension is a generated GoMock package.
extensions/infrastructure
extensions/infrastructure/mock
Package infrastructure is a generated GoMock package.
 Package infrastructure is a generated GoMock package.
extensions/network
extensions/operatingsystemconfig
extensions/operatingsystemconfig/downloader
extensions/operatingsystemconfig/executor
extensions/operatingsystemconfig/mock
Package operatingsystemconfig is a generated GoMock package.
 Package operatingsystemconfig is a generated GoMock package.
extensions/operatingsystemconfig/original
extensions/operatingsystemconfig/original/components
extensions/operatingsystemconfig/original/components/containerd
extensions/operatingsystemconfig/original/components/docker
extensions/operatingsystemconfig/original/components/gardeneruser
extensions/operatingsystemconfig/original/components/journald
extensions/operatingsystemconfig/original/components/kernelconfig
extensions/operatingsystemconfig/original/components/kubelet
extensions/operatingsystemconfig/original/components/kubelet/mock
Package kubelet is a generated GoMock package.
 Package kubelet is a generated GoMock package.
extensions/operatingsystemconfig/original/components/logrotate
extensions/operatingsystemconfig/original/components/mock
Package mock is a generated GoMock package.
 Package mock is a generated GoMock package.
extensions/operatingsystemconfig/original/components/rootcertificates
extensions/operatingsystemconfig/original/components/varlibmount
extensions/operatingsystemconfig/utils
extensions/operatingsystemconfig/utils/mock
Package utils is a generated GoMock package.
 Package utils is a generated GoMock package.
extensions/worker
extensions/worker/mock
Package worker is a generated GoMock package.
 Package worker is a generated GoMock package.
gardenerkubescheduler
gardenerkubescheduler/configurator
Package configurator contains the Configurator interface It is a separate package to avoid dependency cycle.
 Package configurator contains the Configurator interface It is a separate package to avoid dependency cycle.
gardenerkubescheduler/v18
Package v18 a kube-scheduler specific configuration for 1.18 Kubernetes version.
 Package v18 a kube-scheduler specific configuration for 1.18 Kubernetes version.
gardenerkubescheduler/v19
Package v19 a kube-scheduler specific configuration for 1.19 Kubernetes version.
 Package v19 a kube-scheduler specific configuration for 1.19 Kubernetes version.
gardenerkubescheduler/v20
Package v20 a kube-scheduler specific configuration for 1.20 Kubernetes version.
 Package v20 a kube-scheduler specific configuration for 1.20 Kubernetes version.
istio
konnectivity
konnectivity/mock
Package mock is a generated GoMock package.
 Package mock is a generated GoMock package.
kubecontrollermanager
kubecontrollermanager/mock
Package mock is a generated GoMock package.
 Package mock is a generated GoMock package.
kubescheduler
kubescheduler/mock
Package mock is a generated GoMock package.
 Package mock is a generated GoMock package.
metricsserver
metricsserver/mock
Package mock is a generated GoMock package.
 Package mock is a generated GoMock package.
mock
Package mock is a generated GoMock package.
 Package mock is a generated GoMock package.
namespaces
projectrbac
resourcemanager
resourcemanager/mock
Package mock is a generated GoMock package.
 Package mock is a generated GoMock package.
seedadmissioncontroller
test
this file is copy of https://github.com/kubernetes/kubernetes/blob/f247e75980061d7cf83c63c0fb1f12c7060c599f/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/rules/rules.go with some modifications for the webhook matching use-case.
 this file is copy of https://github.com/kubernetes/kubernetes/blob/f247e75980061d7cf83c63c0fb1f12c7060c599f/staging/src/k8s.io/apiserver/pkg/admission/plugin/webhook/rules/rules.go with some modifications for the webhook matching use-case.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.