v1.28.1 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Nov 11, 2023 License: Apache-2.0 Imports: 83 Imported by: 383




View Source
const (

	// OldestSupportedKubernetesVersion is the oldest kubernetes version that is supported in kOps.
	OldestSupportedKubernetesVersion = "1.23.0"
	// OldestRecommendedKubernetesVersion is the oldest kubernetes version that is not deprecated in kOps.
	OldestRecommendedKubernetesVersion = "1.25.0"
View Source
const (
	// PlaceholderIP is from TEST-NET-3
	PlaceholderIP   = ""
	PlaceholderIPv6 = "fd00:dead:add::"
	PlaceholderTTL  = 10
	// DigitalOcean's DNS servers require a certain minimum TTL (it's 30), keeping 60 here.
	PlaceholderTTLDigitialOcean = 60
View Source
const (

	// Environment variable for overriding CNI url
View Source
const (
	AuthorizationFlagAlwaysAllow = "AlwaysAllow"
	AuthorizationFlagRBAC        = "RBAC"
View Source
const (
	TargetDirect    = "direct"
	TargetDryRun    = "dryrun"
	TargetTerraform = "terraform"


Phases are used for validation and cli help.

TerraformCloudProviders is the list of cloud providers with terraform target support


func BaseURL added in v1.19.0

func BaseURL() (*url.URL, error)

BaseURL returns the base url for the distribution of kops - in particular for nodeup & docker images

func BuildCloud

func BuildCloud(cluster *kops.Cluster) (fi.Cloud, error)

func ChannelForCluster

func ChannelForCluster(vfsContext *vfs.VFSContext, c *kops.Cluster) (*kops.Channel, error)

func ChannelsAsset added in v1.21.0

func ChannelsAsset(assetsBuilder *assets.AssetBuilder, arch architectures.Architecture) (*mirrors.MirroredAsset, error)

ChannelsAsset returns the url and hash of the channels binary

func FindDNSHostedZone added in v1.10.0

func FindDNSHostedZone(dns dnsprovider.Interface, clusterDNSName string, dnsType kops.DNSType) (string, error)

func FindLatestKubernetesVersion added in v1.10.0

func FindLatestKubernetesVersion() (string, error)

FindLatestKubernetesVersion returns the latest kubernetes version, as stored at This shouldn't be used any more; we prefer reading the stable channel

func KopsFileURL added in v1.19.0

func KopsFileURL(file string, assetBuilder *assets.AssetBuilder) (*url.URL, *hashing.Hash, error)

KopsFileURL returns the base url for the distribution of kops - in particular for nodeup & docker images

func MachineArchitecture added in v1.20.0

func MachineArchitecture(cloud fi.Cloud, machineType string) (architectures.Architecture, error)

func NodeUpAsset added in v1.15.1

func NodeUpAsset(assetsBuilder *assets.AssetBuilder, arch architectures.Architecture) (*mirrors.MirroredAsset, error)

NodeUpAsset returns the asset for where nodeup should be downloaded

func PerformAssignments added in v1.10.0

func PerformAssignments(c *kops.Cluster, vfsContext *vfs.VFSContext, cloud fi.Cloud) error

PerformAssignments populates values that are required and immutable For example, it assigns stable Keys to InstanceGroups & Masters, and it assigns CIDRs to subnets We also assign KubernetesVersion, because we want it to be explicit

PerformAssignments is called on create, as well as an update. In fact any time Run() is called in apply_cluster.go we will reach this function. Please do all after-market logic here.

func PopulateClusterSpec

func PopulateClusterSpec(ctx context.Context, clientset simple.Clientset, cluster *kopsapi.Cluster, instanceGroups []*kopsapi.InstanceGroup, cloud fi.Cloud, assetBuilder *assets.AssetBuilder) (*kopsapi.Cluster, error)

PopulateClusterSpec takes a user-specified cluster spec, and computes the full specification that should be set on the cluster. We do this so that we don't need any real "brains" on the node side.

func PopulateInstanceGroupSpec

func PopulateInstanceGroupSpec(cluster *kops.Cluster, input *kops.InstanceGroup, cloud fi.Cloud, channel *kops.Channel) (*kops.InstanceGroup, error)

PopulateInstanceGroupSpec sets default values in the InstanceGroup

func ProtokubeAsset added in v1.21.0

func ProtokubeAsset(assetsBuilder *assets.AssetBuilder, arch architectures.Architecture) (*mirrors.MirroredAsset, error)

ProtokubeAsset returns the url and hash of the protokube binary


type ApplyClusterCmd

type ApplyClusterCmd struct {
	Cloud   fi.Cloud
	Cluster *kops.Cluster

	InstanceGroups []*kops.InstanceGroup

	// NodeUpAssets are the assets for downloading nodeup
	NodeUpAssets map[architectures.Architecture]*mirrors.MirroredAsset

	// TargetName specifies how we are operating e.g. direct to GCE, or AWS, or dry-run, or terraform
	TargetName string

	// Target is the fi.Target we will operate against
	Target fi.CloudupTarget

	// OutDir is a local directory in which we place output, can cache files etc
	OutDir string

	// Assets is a list of sources for files (primarily when not using everything containerized)
	// Formats:
	//  raw url: http://... or https://...
	//  url with hash: <hex>@http://... or <hex>@https://...
	Assets map[architectures.Architecture][]*mirrors.MirroredAsset

	Clientset simple.Clientset

	// DryRun is true if this is only a dry run
	DryRun bool

	// AllowKopsDowngrade permits applying with a kops version older than what was last used to apply to the cluster.
	AllowKopsDowngrade bool

	// RunTasksOptions defines parameters for task execution, e.g. retry interval
	RunTasksOptions *fi.RunTasksOptions

	// Phase can be set to a Phase to run the specific subset of tasks, if we don't want to run everything
	Phase Phase

	// LifecycleOverrides is passed in to override the lifecycle for one of more tasks.
	// The key value is the task name such as InternetGateway and the value is the fi.Lifecycle
	// that is re-mapped.
	LifecycleOverrides map[string]fi.Lifecycle

	// GetAssets is whether this is called just to obtain the list of assets.
	GetAssets bool

	// TaskMap is the map of tasks that we built (output)
	TaskMap map[string]fi.CloudupTask

	// ImageAssets are the image assets we use (output).
	ImageAssets []*assets.ImageAsset
	// FileAssets are the file assets we use (output).
	FileAssets []*assets.FileAsset

	// AdditionalObjects holds cluster-asssociated configuration objects, other than the Cluster and InstanceGroups.
	AdditionalObjects kubemanifest.ObjectList
	// contains filtered or unexported fields

func (*ApplyClusterCmd) Run

func (c *ApplyClusterCmd) Run(ctx context.Context) error

type ByZone added in v1.10.0

type ByZone []*kops.ClusterSubnetSpec

ByZone implements sort.Interface for []*ClusterSubnetSpec based on the Zone field.

func (ByZone) Len added in v1.10.0

func (a ByZone) Len() int

func (ByZone) Less added in v1.10.0

func (a ByZone) Less(i, j int) bool

func (ByZone) Swap added in v1.10.0

func (a ByZone) Swap(i, j int)

type ClusterAutoscalerNodeGroup added in v1.26.0

type ClusterAutoscalerNodeGroup struct {
	AutoScale *bool
	MinSize   int32
	MaxSize   int32
	Other     string

type Loader

type Loader struct {
	Builders []fi.CloudupModelBuilder
	// contains filtered or unexported fields

func (*Loader) BuildTasks

func (l *Loader) BuildTasks(ctx context.Context, lifecycleOverrides map[string]fi.Lifecycle) (map[string]fi.CloudupTask, error)

func (*Loader) FindDeletions added in v1.21.0

func (l *Loader) FindDeletions(cloud fi.Cloud, lifecycleOverrides map[string]fi.Lifecycle) (map[string]fi.CloudupTask, error)

func (*Loader) Init

func (l *Loader) Init()

type NewClusterOptions added in v1.19.0

type NewClusterOptions struct {
	// ClusterName is the name of the cluster to initialize.
	ClusterName string

	// Authorization is the authorization mode to use. The options are "RBAC" (default) and "AlwaysAllow".
	Authorization string
	// Channel is a channel location for initializing the cluster. It defaults to "stable".
	Channel string
	// ConfigBase is the location where we will store the configuration. It defaults to the state store.
	ConfigBase string
	// DiscoveryStore is the location where we will store public OIDC-compatible discovery documents, under a cluster-specific directory. It defaults to not publishing discovery documents.
	DiscoveryStore string
	// KubernetesVersion is the version of Kubernetes to deploy. It defaults to the version recommended by the channel.
	KubernetesVersion string
	// KubernetesFeatureGates is the list of Kubernetes feature gates to enable/disable.
	KubernetesFeatureGates []string
	// AdminAccess is the set of CIDR blocks permitted to connect to the Kubernetes API. It defaults to "" and "::/0".
	AdminAccess []string
	// SSHAccess is the set of CIDR blocks permitted to connect to SSH on the nodes. It defaults to the value of AdminAccess.
	SSHAccess []string
	// NetworkCIDRs is the set of CIDR blocks of the cluster network.
	NetworkCIDRs []string

	// CloudProvider is the name of the cloud provider. The default is to guess based on the Zones name.
	CloudProvider string
	// Zones are the availability zones in which to run the cluster.
	Zones []string
	// ControlPlaneZones are the availability zones in which to run the control-plane nodes. Defaults to the list in the Zones field.
	ControlPlaneZones []string

	// Project is the cluster's GCE project.
	Project string
	// GCEServiceAccount specifies the service account with which the GCE VM runs.
	GCEServiceAccount string

	// Spotinst options
	SpotinstProduct     string
	SpotinstOrientation string

	// NetworkID is the ID of the shared network (VPC).
	// If empty, SubnetIDs are not empty, and on AWS or OpenStack, determines network ID from the first SubnetID.
	// If empty otherwise, creates a new network/VPC to be owned by the cluster.
	NetworkID string
	// SubnetIDs are the IDs of the shared subnets.
	// If empty, creates new subnets to be owned by the cluster.
	SubnetIDs []string
	// UtilitySubnetIDs are the IDs of the shared utility subnets. If empty and the topology is "private", creates new subnets to be owned by the cluster.
	UtilitySubnetIDs []string
	// Egress defines the method of traffic egress for subnets.
	Egress string
	// IPv6 adds IPv6 CIDRs to subnets
	IPv6 bool

	// OpenstackExternalNet is the name of the external network for the openstack router.
	OpenstackExternalNet     string
	OpenstackExternalSubnet  string
	OpenstackStorageIgnoreAZ bool
	OpenstackDNSServers      string
	OpenstackLBSubnet        string
	// OpenstackLBOctavia is whether to use use octavia instead of haproxy.
	OpenstackLBOctavia       bool
	OpenstackOctaviaProvider string

	AzureSubscriptionID    string
	AzureTenantID          string
	AzureResourceGroupName string
	AzureRouteTableName    string
	AzureAdminUser         string

	// ControlPlaneCount is the number of control-plane nodes to create. Defaults to the length of ControlPlaneZones.
	// if ControlPlaneZones is explicitly nonempty, otherwise defaults to 1.
	ControlPlaneCount int32
	// APIServerCount is the number of API servers to create. Defaults to 0.
	APIServerCount int32
	// EncryptEtcdStorage is whether to encrypt the etcd volumes.
	EncryptEtcdStorage *bool

	// EtcdClusters contains the names of the etcd clusters.
	EtcdClusters []string
	// EtcdStorageType is the underlying cloud storage class of the etcd volumes.
	EtcdStorageType string

	// NodeCount is the number of nodes to create. Defaults to leaving the count unspecified
	// on the InstanceGroup, which results in a count of 2.
	NodeCount int32
	// Bastion enables the creation of a Bastion instance.
	Bastion bool
	// BastionLoadBalancerType is the bastion loadbalancer type to use; "public" or "internal".
	// Defaults to "public".
	BastionLoadBalancerType string

	// Networking is the networking provider/node to use.
	Networking string
	// Topology is the network topology to use. Defaults to "public" for IPv4 clusters and "private" for IPv6 clusters.
	Topology string
	// DNSType is the DNS type to use; "public" or "private". Defaults to "public".
	DNSType string

	// APILoadBalancerClass determines whether to use classic or network load balancers for the API
	APILoadBalancerClass string
	// APILoadBalancerType is the Kubernetes API loadbalancer type to use; "public" or "internal".
	// Defaults to using DNS instead of a load balancer if using public topology and not gossip, otherwise "public".
	APILoadBalancerType string
	// APISSLCertificate is the SSL certificate to use for the API loadbalancer.
	// Currently only supported in AWS.
	APISSLCertificate string

	// InstanceManager specifies which manager to use for managing instances.
	InstanceManager string

	Image             string
	NodeImage         string
	ControlPlaneImage string
	BastionImage      string
	ControlPlaneSize  string
	NodeSize          string

func (*NewClusterOptions) InitDefaults added in v1.19.0

func (o *NewClusterOptions) InitDefaults()

type NewClusterResult added in v1.19.0

type NewClusterResult struct {
	// Cluster is the initialized Cluster resource.
	Cluster *api.Cluster
	// InstanceGroups are the initialized InstanceGroup resources.
	InstanceGroups []*api.InstanceGroup
	// Channel is the loaded Channel object.
	Channel *api.Channel

func NewCluster added in v1.19.0

func NewCluster(opt *NewClusterOptions, clientset simple.Clientset) (*NewClusterResult, error)

NewCluster initializes cluster and instance groups specifications as intended for newly created clusters. It is the responsibility of the caller to call cloudup.PerformAssignments() on the returned cluster spec.

type Phase added in v1.10.0

type Phase string

Phase is a portion of work that kops completes.

const (
	// PhaseNetwork creates network infrastructure.
	PhaseNetwork Phase = "network"
	// PhaseSecurity creates IAM profiles and roles, security groups and firewalls
	PhaseSecurity Phase = "security"
	// PhaseCluster creates the servers, and load-alancers
	PhaseCluster Phase = "cluster"

type SpecBuilder

type SpecBuilder struct {
	OptionsLoader *loader.OptionsLoader

func (*SpecBuilder) BuildCompleteSpec

func (l *SpecBuilder) BuildCompleteSpec(clusterSpec *kopsapi.ClusterSpec) (*kopsapi.ClusterSpec, error)

type TemplateFunctions

type TemplateFunctions struct {
	// contains filtered or unexported fields

TemplateFunctions provides a collection of methods used throughout the templates

func (*TemplateFunctions) APIServerNodeRole added in v1.21.3

func (tf *TemplateFunctions) APIServerNodeRole() string

func (*TemplateFunctions) AddTo

func (tf *TemplateFunctions) AddTo(dest template.FuncMap, secretStore fi.SecretStore) (err error)

AddTo defines the available functions we can use in our YAML models. If we are trying to get a new function implemented it MUST be defined here.

func (*TemplateFunctions) CloudControllerConfigArgv added in v1.16.0

func (tf *TemplateFunctions) CloudControllerConfigArgv() ([]string, error)

CloudControllerConfigArgv returns the args to external cloud controller

func (*TemplateFunctions) ControlPlaneControllerReplicas added in v1.21.0

func (tf *TemplateFunctions) ControlPlaneControllerReplicas(deployOnWorkersIfExternalPermissions bool) int

ControlPlaneControllerReplicas returns the amount of replicas for a controllers that should run in the cluster. deployOnWorkersIfExternalPermissons indicates if a controller can run on worker nodes when external IAM permissions is enabled for the cluster.

func (*TemplateFunctions) DNSControllerArgv added in v1.19.0

func (tf *TemplateFunctions) DNSControllerArgv() ([]string, error)

DNSControllerArgv returns the args to the DNS controller

func (*TemplateFunctions) DNSControllerEnvs added in v1.27.0

func (tf *TemplateFunctions) DNSControllerEnvs() map[string]string

func (*TemplateFunctions) ExternalDNSArgv added in v1.19.0

func (tf *TemplateFunctions) ExternalDNSArgv() ([]string, error)

func (*TemplateFunctions) GetClusterAutoscalerNodeGroups added in v1.26.0

func (tf *TemplateFunctions) GetClusterAutoscalerNodeGroups() map[string]ClusterAutoscalerNodeGroup

GetClusterAutoscalerGroups returns a map containing ClusterAutoscaler info for each instance group of type Node.

func (*TemplateFunctions) GetInstanceGroup

func (tf *TemplateFunctions) GetInstanceGroup(name string) (*kops.InstanceGroup, error)

GetInstanceGroup returns the instance group with the specified name

func (*TemplateFunctions) GetNodeInstanceGroups added in v1.19.0

func (tf *TemplateFunctions) GetNodeInstanceGroups() map[string]kops.InstanceGroupSpec

GetNodeInstanceGroups returns a map containing the defined instance groups of role "Node".

func (*TemplateFunctions) HasHighlyAvailableControlPlane added in v1.21.0

func (tf *TemplateFunctions) HasHighlyAvailableControlPlane() bool

HasHighlyAvailableControlPlane returns true of the cluster has more than one control plane node. False otherwise.

func (*TemplateFunctions) KopsControllerArgv added in v1.16.0

func (tf *TemplateFunctions) KopsControllerArgv() ([]string, error)

KopsControllerArgv returns the args to kops-controller

func (*TemplateFunctions) KopsControllerConfig added in v1.16.0

func (tf *TemplateFunctions) KopsControllerConfig() (string, error)

KopsControllerConfig returns the yaml configuration for kops-controller

func (*TemplateFunctions) KopsSystemEnv added in v1.16.0

func (tf *TemplateFunctions) KopsSystemEnv() []corev1.EnvVar

KopsSystemEnv builds the env vars for a system component

func (*TemplateFunctions) OpenStackCCMTag added in v1.19.0

func (tf *TemplateFunctions) OpenStackCCMTag() string

OpenStackCCM returns OpenStack external cloud controller manager current image with tag specified to k8s version

func (*TemplateFunctions) OpenStackCSITag added in v1.23.0

func (tf *TemplateFunctions) OpenStackCSITag() string

OpenStackCSI returns OpenStack csi current image with tag specified to k8s version

func (*TemplateFunctions) ProxyEnv added in v1.10.0

func (tf *TemplateFunctions) ProxyEnv() map[string]string

func (*TemplateFunctions) SharedVPC

func (tf *TemplateFunctions) SharedVPC() bool

SharedVPC is a simple helper function which makes the templates for a shared VPC clearer

func (*TemplateFunctions) ToJSON added in v1.10.0

func (tf *TemplateFunctions) ToJSON(data interface{}) string

ToJSON returns a json representation of the struct or on error an empty string

func (*TemplateFunctions) ToYAML added in v1.21.3

func (tf *TemplateFunctions) ToYAML(data interface{}) string

ToYAML returns a yaml representation of the struct or on error an empty string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL