kas

package
v0.1.13 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 6, 2023 License: Apache-2.0 Imports: 50 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	KubeAPIServerConfigKey  = "config.json"
	OauthMetadataConfigKey  = "oauthMetadata.json"
	AuditLogFile            = "audit.log"
	EgressSelectorConfigKey = "config.yaml"
	DefaultEtcdPort         = 2379
)
View Source 
const (
	KonnectivityHealthPort      = 2041
	KonnectivityServerLocalPort = 8090
	KonnectivityServerPort      = 8091
)
View Source 
const (
	AuditPolicyConfigMapKey = "policy.yaml"
)
View Source 
const (
	EgressSelectorConfigMapKey = "config.yaml"
)
View Source 
const (
	KubeconfigKey = util.KubeconfigKey
)

Variables

This section is empty.

Functions

func InClusterKASReadyURL 

func InClusterKASReadyURL(namespace string, securePort *int32) string

func InClusterKASURL 

func InClusterKASURL(namespace string, apiServerPort int32) string

func ReconcileAESCBCEncryptionConfig 

func ReconcileAESCBCEncryptionConfig(config *corev1.Secret,
	ownerRef hcpconfig.OwnerRef,
	activeKey []byte,
	backupKey []byte,
) error

func ReconcileAuditConfig 

func ReconcileAuditConfig(auditCfgMap *corev1.ConfigMap, ownerRef config.OwnerRef, auditConfig configv1.Audit) error

func ReconcileAuthenticationTokenWebhookConfigSecret 

func ReconcileAuthenticationTokenWebhookConfigSecret(
	secret *corev1.Secret,
	ownerRef config.OwnerRef,
	authenticatorSecret *corev1.Secret,
	servingCA *corev1.ConfigMap,
) error

func ReconcileBootstrapKubeconfigSecret 

func ReconcileBootstrapKubeconfigSecret(secret, cert *corev1.Secret, ca *corev1.ConfigMap, ownerRef config.OwnerRef, externalURL string) error

func ReconcileConfig 

func ReconcileConfig(config *corev1.ConfigMap,
	ownerRef hcpconfig.OwnerRef,
	p KubeAPIServerConfigParams,
	version semver.Version,
) error

func ReconcileEgressSelectorConfig 

func ReconcileEgressSelectorConfig(config *corev1.ConfigMap, ownerRef hcpconfig.OwnerRef) error

func ReconcileExternalKubeconfigSecret 

func ReconcileExternalKubeconfigSecret(secret, cert *corev1.Secret, ca *corev1.ConfigMap, ownerRef config.OwnerRef, externalURL, secretKey string) error

func ReconcileExternalPrivateRoute added in v0.1.2 

func ReconcileExternalPrivateRoute(route *routev1.Route, owner *metav1.OwnerReference, hostname string) error

func ReconcileExternalPublicRoute added in v0.1.2 

func ReconcileExternalPublicRoute(route *routev1.Route, owner *metav1.OwnerReference, hostname string) error

func ReconcileInternalRoute 

func ReconcileInternalRoute(route *routev1.Route, owner *metav1.OwnerReference) error

func ReconcileKMSEncryptionConfig 

func ReconcileKMSEncryptionConfig(config *corev1.Secret,
	ownerRef hcpconfig.OwnerRef,
	encryptionSpec *hyperv1.KMSSpec,
) error

func ReconcileKonnectivityExternalRoute added in v0.1.10 

func ReconcileKonnectivityExternalRoute(route *routev1.Route, ownerRef config.OwnerRef, hostname string, defaultIngressDomain string) error

func ReconcileKonnectivityInternalRoute added in v0.1.10 

func ReconcileKonnectivityInternalRoute(route *routev1.Route, ownerRef config.OwnerRef) error

func ReconcileKonnectivityServerLocalService added in v0.1.10 

func ReconcileKonnectivityServerLocalService(svc *corev1.Service, ownerRef config.OwnerRef) error

func ReconcileKonnectivityServerService added in v0.1.10 

func ReconcileKonnectivityServerService(svc *corev1.Service, ownerRef config.OwnerRef, strategy *hyperv1.ServicePublishingStrategy) error

func ReconcileKonnectivityServerServiceStatus added in v0.1.10 

func ReconcileKonnectivityServerServiceStatus(svc *corev1.Service, route *routev1.Route, strategy *hyperv1.ServicePublishingStrategy, messageCollector events.MessageCollector) (host string, port int32, message string, err error)

func ReconcileKubeAPIServerDeployment 

func ReconcileKubeAPIServerDeployment(deployment *appsv1.Deployment,
	hcp *hyperv1.HostedControlPlane,
	ownerRef config.OwnerRef,
	deploymentConfig config.DeploymentConfig,
	namedCertificates []configv1.APIServerNamedServingCert,
	cloudProviderName string,
	cloudProviderConfigRef *corev1.LocalObjectReference,
	cloudProviderCreds *corev1.LocalObjectReference,
	images KubeAPIServerImages,
	config *corev1.ConfigMap,
	auditConfig *corev1.ConfigMap,
	auditWebhookRef *corev1.LocalObjectReference,
	aesCBCActiveKey []byte,
	aesCBCBackupKey []byte,
	port int32,
	payloadVersion string,
	featureGateSpec *configv1.FeatureGateSpec,
) error

func ReconcileLocalhostKubeconfigSecret 

func ReconcileLocalhostKubeconfigSecret(secret, cert *corev1.Secret, ca *corev1.ConfigMap, ownerRef config.OwnerRef, apiServerPort int32) error

func ReconcileOauthMetadata 

func ReconcileOauthMetadata(cfg *corev1.ConfigMap, ownerRef config.OwnerRef, externalOAuthAddress string, externalOAuthPort int32) error

func ReconcilePodDisruptionBudget 

func ReconcilePodDisruptionBudget(pdb *policyv1.PodDisruptionBudget, p *KubeAPIServerParams) error

func ReconcilePrivateService 

func ReconcilePrivateService(svc *corev1.Service, hcp *hyperv1.HostedControlPlane, owner *metav1.OwnerReference) error

func ReconcilePrivateServiceStatus 

func ReconcilePrivateServiceStatus(hcp *hyperv1.HostedControlPlane) (host string, port int32, err error)

func ReconcileRecordingRules 

func ReconcileRecordingRules(r *prometheusoperatorv1.PrometheusRule, clusterID string)

func ReconcileService 

func ReconcileService(svc *corev1.Service, strategy *hyperv1.ServicePublishingStrategy, owner *metav1.OwnerReference, apiServerServicePort int, apiServerListenPort int, apiAllowedCIDRBlocks []string, isPublic, isPrivate bool) error

func ReconcileServiceCAPIKubeconfigSecret 

func ReconcileServiceCAPIKubeconfigSecret(secret, cert *corev1.Secret, ca *corev1.ConfigMap, ownerRef config.OwnerRef, apiServerPort int32) error

func ReconcileServiceKubeconfigSecret 

func ReconcileServiceKubeconfigSecret(secret, cert *corev1.Secret, ca *corev1.ConfigMap, ownerRef config.OwnerRef, apiServerPort int32) error

func ReconcileServiceMonitor 

func ReconcileServiceMonitor(sm *prometheusoperatorv1.ServiceMonitor, apiServerPort int, ownerRef config.OwnerRef, clusterID string, metricsSet metrics.MetricsSet) error

func ReconcileServiceStatus 

func ReconcileServiceStatus(svc *corev1.Service, strategy *hyperv1.ServicePublishingStrategy, apiServerPort int, messageCollector events.MessageCollector) (host string, port int32, message string, err error)

Types

type KubeAPIServerConfigParams 

type KubeAPIServerConfigParams struct {
	ExternalIPConfig             *configv1.ExternalIPConfig
	ClusterNetwork               []string
	ServiceNetwork               []string
	NamedCertificates            []configv1.APIServerNamedServingCert
	APIServerPort                int32
	TLSSecurityProfile           *configv1.TLSSecurityProfile
	AdditionalCORSAllowedOrigins []string
	InternalRegistryHostName     string
	ExternalRegistryHostNames    []string
	DefaultNodeSelector          string
	AdvertiseAddress             string
	ServiceAccountIssuerURL      string
	CloudProvider                string
	CloudProviderConfigRef       *corev1.LocalObjectReference
	EtcdURL                      string
	FeatureGates                 []string
	NodePortRange                string
	AuditWebhookEnabled          bool
	ConsolePublicURL             string
	DisableProfiling             bool
}

type KubeAPIServerImages 

type KubeAPIServerImages struct {
	ClusterConfigOperator      string `json:"clusterConfigOperator"`
	CLI                        string `json:"cli"`
	HyperKube                  string `json:"hyperKube"`
	IBMCloudKMS                string `json:"ibmcloudKMS"`
	AWSKMS                     string `json:"awsKMS"`
	Portieris                  string `json:"portieris"`
	TokenMinterImage           string
	AWSPodIdentityWebhookImage string
	KonnectivityServer         string
}

type KubeAPIServerParams 

type KubeAPIServerParams struct {
	APIServer           *configv1.APIServerSpec      `json:"apiServer"`
	FeatureGate         *configv1.FeatureGateSpec    `json:"featureGate"`
	Network             *configv1.NetworkSpec        `json:"network"`
	Image               *configv1.ImageSpec          `json:"image"`
	Scheduler           *configv1.SchedulerSpec      `json:"scheduler"`
	CloudProvider       string                       `json:"cloudProvider"`
	CloudProviderConfig *corev1.LocalObjectReference `json:"cloudProviderConfig"`
	CloudProviderCreds  *corev1.LocalObjectReference `json:"cloudProviderCreds"`

	ServiceAccountIssuer string   `json:"serviceAccountIssuer"`
	ServiceCIDRs         []string `json:"serviceCIDRs"`
	ClusterCIDRs         []string `json:"clusterCIDRs"`
	AdvertiseAddress     string   `json:"advertiseAddress"`
	ExternalAddress      string   `json:"externalAddress"`
	// ExternalPort is the port coming from the status of the SVC which is exposing the KAS, e.g. common router LB, dedicated private/public/ LB...
	// This is used to build kas urls for generated internal kubeconfigs for example.
	ExternalPort    int32  `json:"externalPort"`
	InternalAddress string `json:"internalAddress"`
	// InternalPort is the port that was used to expose the KAS SVC.
	// This is used to build kas urls for generated external kubeconfigs for example.
	InternalPort int32 `json:"internalPort"`
	// APIServerPort is port to expose the KAS Pod.
	APIServerPort        int32                        `json:"apiServerPort"`
	ExternalOAuthAddress string                       `json:"externalOAuthAddress"`
	ExternalOAuthPort    int32                        `json:"externalOAuthPort"`
	EtcdURL              string                       `json:"etcdAddress"`
	KubeConfigRef        *hyperv1.KubeconfigSecretRef `json:"kubeConfigRef"`
	AuditWebhookRef      *corev1.LocalObjectReference `json:"auditWebhookRef"`
	ConsolePublicURL     string                       `json:"consolePublicURL"`
	DisableProfiling     bool                         `json:"disableProfiling"`
	config.DeploymentConfig
	config.OwnerRef

	Images KubeAPIServerImages `json:"images"`

	Availability hyperv1.AvailabilityPolicy
}

func NewKubeAPIServerParams 

func NewKubeAPIServerParams(ctx context.Context, hcp *hyperv1.HostedControlPlane, releaseImageProvider *imageprovider.ReleaseImageProvider, externalAPIAddress string, externalAPIPort int32, externalOAuthAddress string, externalOAuthPort int32, setDefaultSecurityContext bool) *KubeAPIServerParams

func (*KubeAPIServerParams) AdditionalCORSAllowedOrigins 

func (p *KubeAPIServerParams) AdditionalCORSAllowedOrigins() []string

func (*KubeAPIServerParams) AuditPolicyConfig 

func (p *KubeAPIServerParams) AuditPolicyConfig() configv1.Audit

func (*KubeAPIServerParams) ClusterNetwork 

func (p *KubeAPIServerParams) ClusterNetwork() []string

func (*KubeAPIServerParams) ConfigParams 

func (p *KubeAPIServerParams) ConfigParams() KubeAPIServerConfigParams

func (*KubeAPIServerParams) DefaultNodeSelector 

func (p *KubeAPIServerParams) DefaultNodeSelector() string

func (*KubeAPIServerParams) ExternalIPConfig 

func (p *KubeAPIServerParams) ExternalIPConfig() *configv1.ExternalIPConfig

func (*KubeAPIServerParams) ExternalKubeconfigKey 

func (p *KubeAPIServerParams) ExternalKubeconfigKey() string

func (*KubeAPIServerParams) ExternalRegistryHostNames 

func (p *KubeAPIServerParams) ExternalRegistryHostNames() []string

func (*KubeAPIServerParams) ExternalURL 

func (p *KubeAPIServerParams) ExternalURL() string

func (*KubeAPIServerParams) FeatureGates 

func (p *KubeAPIServerParams) FeatureGates() []string

func (*KubeAPIServerParams) InternalRegistryHostName 

func (p *KubeAPIServerParams) InternalRegistryHostName() string

func (*KubeAPIServerParams) InternalURL 

func (p *KubeAPIServerParams) InternalURL() string

func (*KubeAPIServerParams) NamedCertificates 

func (p *KubeAPIServerParams) NamedCertificates() []configv1.APIServerNamedServingCert

func (*KubeAPIServerParams) ServiceAccountIssuerURL 

func (p *KubeAPIServerParams) ServiceAccountIssuerURL() string

func (*KubeAPIServerParams) ServiceNetwork 

func (p *KubeAPIServerParams) ServiceNetwork() []string

func (*KubeAPIServerParams) ServiceNodePortRange 

func (p *KubeAPIServerParams) ServiceNodePortRange() string

func (*KubeAPIServerParams) TLSSecurityProfile 

func (p *KubeAPIServerParams) TLSSecurityProfile() *configv1.TLSSecurityProfile

type KubeAPIServerServiceParams 

type KubeAPIServerServiceParams struct {
	// APIServerPort is the port used for the SVC.
	APIServerPort int
	// APIServerListenPort is the port used for the TargetPort.
	APIServerListenPort int
	AllowedCIDRBlocks   []string
	OwnerReference      *metav1.OwnerReference
}

func NewKubeAPIServerServiceParams 

func NewKubeAPIServerServiceParams(hcp *hyperv1.HostedControlPlane) *KubeAPIServerServiceParams

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.