Documentation
¶
Index ¶
- func AdmissionControlCreator(data *resources.TemplateData) reconciling.NamedConfigMapCreatorGetter
- func AuditConfigMapCreator() reconciling.NamedConfigMapCreatorGetter
- func DeploymentCreator(data *resources.TemplateData, enableOIDCAuthentication bool) reconciling.NamedDeploymentCreatorGetter
- func DexCACertificateCreator(getDexCA func() ([]*x509.Certificate, error)) reconciling.NamedSecretCreatorGetter
- func EtcdClientCertificateCreator(data etcdClientCertificateCreatorData) reconciling.NamedSecretCreatorGetter
- func FrontProxyClientCertificateCreator(data frontProxyClientCertificateCreatorData) reconciling.NamedSecretCreatorGetter
- func GetEnvVars(data kubeAPIServerEnvData) ([]corev1.EnvVar, error)
- func IsRunningWrapper(data isRunningInitContainerData, spec corev1.PodSpec, ...) (*corev1.PodSpec, error)
- func KubeletClientCertificateCreator(data kubeletClientCertificateCreatorData) reconciling.NamedSecretCreatorGetter
- func PodDisruptionBudgetCreator() reconciling.NamedPodDisruptionBudgetCreatorGetter
- func ServiceAccountKeyCreator() reconciling.NamedSecretCreatorGetter
- func ServiceCreator(exposeStrategy corev1.ServiceType) reconciling.NamedServiceCreatorGetter
- func TLSServingCertificateCreator(data tlsServingCertCreatorData) reconciling.NamedSecretCreatorGetter
- func TokenUsersCreator(data *resources.TemplateData) reconciling.NamedSecretCreatorGetter
- func TokenViewerCreator() reconciling.NamedSecretCreatorGetter
- type AdmissionConfiguration
- type AdmissionPluginConfiguration
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func AdmissionControlCreator ¶
func AdmissionControlCreator(data *resources.TemplateData) reconciling.NamedConfigMapCreatorGetter
func AuditConfigMapCreator ¶
func AuditConfigMapCreator() reconciling.NamedConfigMapCreatorGetter
func DeploymentCreator ¶
func DeploymentCreator(data *resources.TemplateData, enableOIDCAuthentication bool) reconciling.NamedDeploymentCreatorGetter
DeploymentCreator returns the function to create and update the API server deployment
func DexCACertificateCreator ¶
func DexCACertificateCreator(getDexCA func() ([]*x509.Certificate, error)) reconciling.NamedSecretCreatorGetter
DexCACertificateCreator returns a function to create/update the secret with the certificate for TLS verification against dex
func EtcdClientCertificateCreator ¶
func EtcdClientCertificateCreator(data etcdClientCertificateCreatorData) reconciling.NamedSecretCreatorGetter
EtcdClientCertificateCreator returns a function to create/update the secret with the client certificate for authenticating against etcd
func FrontProxyClientCertificateCreator ¶
func FrontProxyClientCertificateCreator(data frontProxyClientCertificateCreatorData) reconciling.NamedSecretCreatorGetter
FrontProxyClientCertificateCreator returns a function to create/update the secret with the client certificate for authenticating against extension apiserver
func GetEnvVars ¶
func IsRunningWrapper ¶
func IsRunningWrapper(data isRunningInitContainerData, spec corev1.PodSpec, containersToWrap sets.String, crdsToWaitFor ...string) (*corev1.PodSpec, error)
IsRunningWrapper wraps the named containers in the pod with a check if the API server is reachable. This is achieved by copying a `http-prober` binary via an init container into an emptyDir volume, then mounting that volume onto all named containers and replacing the command with a call to the `http-prober` binary. The http prober binary gets the original command as serialized string and does an syscall.Exec onto it once the apiserver became reachable
func KubeletClientCertificateCreator ¶
func KubeletClientCertificateCreator(data kubeletClientCertificateCreatorData) reconciling.NamedSecretCreatorGetter
KubeletClientCertificateCreator returns a function to create/update a secret with the client certificate for the apiserver -> kubelet connection.
func PodDisruptionBudgetCreator ¶
func PodDisruptionBudgetCreator() reconciling.NamedPodDisruptionBudgetCreatorGetter
PodDisruptionBudgetCreator returns a func to create/update the apiserver PodDisruptionBudget
func ServiceAccountKeyCreator ¶
func ServiceAccountKeyCreator() reconciling.NamedSecretCreatorGetter
ServiceAccountKeyCreator returns a function to create/update a secret with the ServiceAccount key
func ServiceCreator ¶
func ServiceCreator(exposeStrategy corev1.ServiceType) reconciling.NamedServiceCreatorGetter
ServiceCreator returns the function to reconcile the external API server service
func TLSServingCertificateCreator ¶
func TLSServingCertificateCreator(data tlsServingCertCreatorData) reconciling.NamedSecretCreatorGetter
TLSServingCertificateCreator returns a function to create/update the secret with the apiserver tls certificate used to serve https
func TokenUsersCreator ¶
func TokenUsersCreator(data *resources.TemplateData) reconciling.NamedSecretCreatorGetter
TokenUsers returns a secret containing the tokens csv
func TokenViewerCreator ¶
func TokenViewerCreator() reconciling.NamedSecretCreatorGetter
TokenViewerCreator returns a secret containing the viewer token
Types ¶
type AdmissionConfiguration ¶
type AdmissionConfiguration struct {
Kind string `yaml:"kind,omitempty"`
APIVersion string `yaml:"apiVersion,omitempty"`
// Plugins allows specifying a configuration per admission control plugin.
Plugins []AdmissionPluginConfiguration `yaml:"plugins,omitempty"`
}
AdmissionConfiguration provides versioned configuration for admission controllers.
type AdmissionPluginConfiguration ¶
type AdmissionPluginConfiguration struct {
// Name is the name of the admission controller.
// It must match the registered admission plugin name.
Name string `yaml:"name"`
// Path is the path to a configuration file that contains the plugin's
// configuration
Path string `yaml:"path"`
}
AdmissionPluginConfiguration provides the configuration for a single plug-in.
Source Files