apiserver

package
v1.115.2 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 4, 2025 License: Apache-2.0 Imports: 30 Imported by: 7

Documentation

Index

Constants

View Source 
const (
	// SecretWebhookKubeconfigDataKey is a constant for a key in the data of the secret containing a kubeconfig.
	SecretWebhookKubeconfigDataKey = "kubeconfig.yaml" // #nosec G101 -- No credential.

)

Variables

This section is empty.

Functions

func InjectAdmissionSettings 

func InjectAdmissionSettings(deployment *appsv1.Deployment, configMapAdmissionConfigs *corev1.ConfigMap, secretAdmissionKubeconfigs *corev1.Secret, values Values)

InjectAdmissionSettings injects the admission settings into `gardener-apiserver` and `kube-apiserver` deployments.

func InjectAuditSettings 

func InjectAuditSettings(deployment *appsv1.Deployment, configMapAuditPolicy *corev1.ConfigMap, secretWebhookKubeconfig *corev1.Secret, auditConfig *AuditConfig)

InjectAuditSettings injects the audit settings into `gardener-apiserver` and `kube-apiserver` deployments.

func InjectDefaultSettings 

func InjectDefaultSettings(
	deployment *appsv1.Deployment,
	namePrefix string,
	values Values,
	secretCAETCD *corev1.Secret,
	secretETCDClient *corev1.Secret,
	secretServer *corev1.Secret,
)

InjectDefaultSettings injects default settings into `gardener-apiserver` and `kube-apiserver` deployments.

func InjectEncryptionSettings 

func InjectEncryptionSettings(deployment *appsv1.Deployment, secretETCDEncryptionConfiguration *corev1.Secret)

InjectEncryptionSettings injects the encryption settings into `gardener-apiserver` and `kube-apiserver` deployments.

func ReconcileConfigMapAdmission 

func ReconcileConfigMapAdmission(ctx context.Context, c client.Client, configMap *corev1.ConfigMap, values Values) error

ReconcileConfigMapAdmission reconciles the ConfigMap containing the configs for the admission plugins.

func ReconcileConfigMapAuditPolicy 

func ReconcileConfigMapAuditPolicy(ctx context.Context, c client.Client, configMap *corev1.ConfigMap, auditConfig *AuditConfig) error

ReconcileConfigMapAuditPolicy reconciles the ConfigMap containing the audit policy.

func ReconcileSecretAdmissionKubeconfigs 

func ReconcileSecretAdmissionKubeconfigs(ctx context.Context, c client.Client, secret *corev1.Secret, values Values) error

ReconcileSecretAdmissionKubeconfigs reconciles the secret containing the kubeconfig for admission plugins.

func ReconcileSecretAuditWebhookKubeconfig 

func ReconcileSecretAuditWebhookKubeconfig(ctx context.Context, c client.Client, secret *corev1.Secret, auditConfig *AuditConfig) error

ReconcileSecretAuditWebhookKubeconfig reconciles the secret containing the kubeconfig for audit webhooks.

func ReconcileSecretETCDEncryptionConfiguration 

func ReconcileSecretETCDEncryptionConfiguration(
	ctx context.Context,
	c client.Client,
	secretsManager secretsmanager.Interface,
	config ETCDEncryptionConfig,
	secretETCDEncryptionConfiguration *corev1.Secret,
	secretNameETCDEncryptionKey string,
	roleLabel string,
) error

ReconcileSecretETCDEncryptionConfiguration reconciles the ETCD encryption secret configuration.

func ReconcileSecretWebhookKubeconfig 

func ReconcileSecretWebhookKubeconfig(ctx context.Context, c client.Client, secret *corev1.Secret, kubeconfig []byte) error

ReconcileSecretWebhookKubeconfig reconciles the secret containing a kubeconfig for webhooks.

Types

type AdmissionPluginConfig 

type AdmissionPluginConfig struct {
	gardencorev1beta1.AdmissionPlugin
	// Kubeconfig is an optional API server connection configuration of this admission plugin. The configs for some
	// admission plugins like `ImagePolicyWebhook` or `ValidatingAdmissionWebhook` can take a reference to an API server
	Kubeconfig []byte
}

AdmissionPluginConfig contains information about a specific admission plugin and its corresponding configuration.

type AuditConfig 

type AuditConfig struct {
	// Policy is the audit policy document in YAML format.
	Policy *string
	// Webhook contains configuration for the audit webhook.
	Webhook *AuditWebhook
}

AuditConfig contains information for configuring audit settings for the API server.

type AuditWebhook 

type AuditWebhook struct {
	// Kubeconfig contains the API server file that defines the audit webhook configuration.
	Kubeconfig []byte
	// BatchMaxSize is the maximum size of a batch.
	BatchMaxSize *int32
	// Version is the API group and version used for serializing audit events written to webhook.
	Version *string
}

AuditWebhook contains configuration for the audit webhook.

type ETCDEncryptionConfig 

type ETCDEncryptionConfig struct {
	// RotationPhase specifies the credentials rotation phase of the encryption key.
	RotationPhase gardencorev1beta1.CredentialsRotationPhase
	// EncryptWithCurrentKey specifies whether the current encryption key should be used for encryption. If this is
	// false and if there are two keys then the old key will be used for encryption while the current/new key will only
	// be used for decryption.
	EncryptWithCurrentKey bool
	// ResourcesToEncrypt are the resources which should be encrypted.
	ResourcesToEncrypt []string
	// EncryptedResources are the resources which are currently encrypted.
	EncryptedResources []string
}

ETCDEncryptionConfig contains configuration for the encryption of resources in etcd.

type Interface 

type Interface interface {
	component.DeployWaiter
	// GetAutoscalingReplicas gets the Replicas field in the AutoscalingConfig of the Values of the deployer.
	GetAutoscalingReplicas() *int32
	// SetAutoscalingAPIServerResources sets the APIServerResources field in the AutoscalingConfig of the Values of the
	// deployer.
	SetAutoscalingAPIServerResources(corev1.ResourceRequirements)
	// SetAutoscalingReplicas sets the Replicas field in the AutoscalingConfig of the Values of the deployer.
	SetAutoscalingReplicas(*int32)
	// SetETCDEncryptionConfig sets the ETCDEncryptionConfig field in the Values of the deployer.
	SetETCDEncryptionConfig(ETCDEncryptionConfig)
}

Interface contains functions for a deployer for an API server built with k8s.io/apiserver.

type Values 

type Values struct {
	// EnabledAdmissionPlugins is the list of admission plugins that should be enabled with configuration for the API server.
	EnabledAdmissionPlugins []AdmissionPluginConfig
	// DisabledAdmissionPlugins is the list of admission plugins that should be disabled for the API server.
	DisabledAdmissionPlugins []gardencorev1beta1.AdmissionPlugin
	// Audit contains information for configuring audit settings for the API server.
	Audit *AuditConfig
	// ETCDEncryption contains configuration for the encryption of resources in etcd.
	ETCDEncryption ETCDEncryptionConfig
	// FeatureGates is the set of feature gates.
	FeatureGates map[string]bool
	// Logging contains configuration settings for the log and access logging verbosity
	Logging *gardencorev1beta1.APIServerLogging
	// Requests contains configuration for the API server requests.
	Requests *gardencorev1beta1.APIServerRequests
	// RuntimeVersion is the Kubernetes version of the runtime cluster.
	RuntimeVersion *semver.Version
	// WatchCacheSizes are the configured sizes for the watch caches.
	WatchCacheSizes *gardencorev1beta1.WatchCacheSizes
}

Values contains configuration values for the API server resources.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.