Documentation
¶
Overview ¶
Package azure contains Azure-specific structures for installer configuration and management.
Index ¶
- Constants
- type CloudEnvironment
- type ConfidentialVM
- type DiskEncryptionSet
- type ImagePurchasePlan
- type MachinePool
- type Metadata
- type OSDisk
- type OSImage
- type OutboundType
- type Platform
- type SecurityEncryptionTypes
- type SecuritySettings
- type SecurityTypes
- type TrustedLaunch
- type UEFISettings
- type VMDiskSecurityProfile
- type VMNetworkingCapability
Constants ¶
View Source
const DefaultDiskType string = "Premium_LRS"
DefaultDiskType holds the default Azure disk type used by the VMs.
View Source
const Name string = "azure"
Name is the name for the Azure platform.
View Source
const StackTerraformName string = "azurestack"
StackTerraformName is the name used for Terraform code when installing to the Azure Stack platform.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type CloudEnvironment ¶
type CloudEnvironment string
CloudEnvironment is the name of the Azure cloud environment +kubebuilder:validation:Enum="";AzurePublicCloud;AzureUSGovernmentCloud;AzureChinaCloud;AzureGermanCloud;AzureStackCloud
const ( // PublicCloud is the general-purpose, public Azure cloud environment. PublicCloud CloudEnvironment = "AzurePublicCloud" // USGovernmentCloud is the Azure cloud environment for the US government. USGovernmentCloud CloudEnvironment = "AzureUSGovernmentCloud" // ChinaCloud is the Azure cloud environment used in China. ChinaCloud CloudEnvironment = "AzureChinaCloud" // GermanCloud is the Azure cloud environment used in Germany. GermanCloud CloudEnvironment = "AzureGermanCloud" // StackCloud is the Azure cloud environment used at the edge and on premises. StackCloud CloudEnvironment = "AzureStackCloud" )
func (CloudEnvironment) Name ¶
func (e CloudEnvironment) Name() string
Name returns name that Azure uses for the cloud environment. See https://github.com/Azure/go-autorest/blob/ec5f4903f77ed9927ac95b19ab8e44ada64c1356/autorest/azure/environments.go#L13
type ConfidentialVM ¶
type ConfidentialVM struct {
// UEFISettings specifies the security settings like secure boot and vTPM used while creating the virtual machine.
// +kubebuilder:validation:Required
UEFISettings *UEFISettings `json:"uefiSettings,omitempty"`
}
ConfidentialVM defines the UEFI settings for the virtual machine.
type DiskEncryptionSet ¶
type DiskEncryptionSet struct {
// SubscriptionID defines the Azure subscription the disk encryption
// set is in.
SubscriptionID string `json:"subscriptionId"`
// ResourceGroup defines the Azure resource group used by the disk
// encryption set.
ResourceGroup string `json:"resourceGroup"`
// Name is the name of the disk encryption set.
Name string `json:"name"`
}
DiskEncryptionSet defines the configuration for a disk encryption set.
func (*DiskEncryptionSet) ToID ¶
func (d *DiskEncryptionSet) ToID() string
ToID creates an Azure resource ID for the disk encryption set. It is possible to return a non-valid ID when SubscriptionID is empty. This should never happen since if SubscriptionID is empty, it is set to the current subscription. Also, should it somehow be empty and this returns an invalid ID, the validation code will produce an error when checked against the validation.RxDiskEncryptionSetID regular expression.
type ImagePurchasePlan ¶
type ImagePurchasePlan string
ImagePurchasePlan defines the purchase plan of a Marketplace image. +kubebuilder:validation:Enum=WithPurchasePlan;NoPurchasePlan
const ( // ImageWithPurchasePlan enum attribute which is the default setting. ImageWithPurchasePlan ImagePurchasePlan = "WithPurchasePlan" // ImageNoPurchasePlan enum attribute which speficies the image does not need a purchase plan. ImageNoPurchasePlan ImagePurchasePlan = "NoPurchasePlan" )
type MachinePool ¶
type MachinePool struct {
// Zones is list of availability zones that can be used.
// eg. ["1", "2", "3"]
//
// +optional
Zones []string `json:"zones,omitempty"`
// InstanceType defines the azure instance type.
// eg. Standard_DS_V2
//
// +optional
InstanceType string `json:"type"`
// EncryptionAtHost enables encryption at the VM host.
//
// +optional
EncryptionAtHost bool `json:"encryptionAtHost,omitempty"`
// OSDisk defines the storage for instance.
//
// +optional
OSDisk `json:"osDisk"`
// ultraSSDCapability defines if the instance should use Ultra SSD disks.
//
// +optional
// +kubebuilder:validation:Enum=Enabled;Disabled
UltraSSDCapability string `json:"ultraSSDCapability,omitempty"`
// VMNetworkingType specifies whether to enable accelerated networking.
// Accelerated networking enables single root I/O virtualization (SR-IOV) to a VM, greatly improving its
// networking performance.
// eg. values: "Accelerated", "Basic"
//
// +kubebuilder:validation:Enum="Accelerated"; "Basic"
// +optional
VMNetworkingType string `json:"vmNetworkingType,omitempty"`
// OSImage defines the image to use for the OS.
// +optional
OSImage OSImage `json:"osImage,omitempty"`
// Settings specify the security type and the UEFI settings of the virtual machine. This field can
// be set for Confidential VMs and Trusted Launch for VMs.
// +optional
Settings *SecuritySettings `json:"settings,omitempty"`
}
MachinePool stores the configuration for a machine pool installed on Azure.
func (*MachinePool) Set ¶
func (a *MachinePool) Set(required *MachinePool)
Set sets the values from `required` to `a`.
type Metadata ¶
type Metadata struct {
ARMEndpoint string `json:"armEndpoint"`
CloudName CloudEnvironment `json:"cloudName"`
Region string `json:"region"`
ResourceGroupName string `json:"resourceGroupName"`
BaseDomainResourceGroupName string `json:"baseDomainResourceGroupName"`
}
Metadata contains Azure metadata (e.g. for uninstalling the cluster).
type OSDisk ¶
type OSDisk struct {
// DiskSizeGB defines the size of disk in GB.
//
// +kubebuilder:validation:Minimum=0
DiskSizeGB int32 `json:"diskSizeGB"`
// DiskType defines the type of disk.
// For control plane nodes, the valid values are Premium_LRS and StandardSSD_LRS.
// Default is Premium_LRS.
// +optional
// +kubebuilder:validation:Enum=Standard_LRS;Premium_LRS;StandardSSD_LRS
DiskType string `json:"diskType"`
// DiskEncryptionSet defines a disk encryption set.
//
// +optional
*DiskEncryptionSet `json:"diskEncryptionSet,omitempty"`
// SecurityProfile specifies the security profile for the managed disk.
// +optional
SecurityProfile *VMDiskSecurityProfile `json:"securityProfile,omitempty"`
}
OSDisk defines the disk for machines on Azure.
type OSImage ¶
type OSImage struct {
// Plan is the purchase plan of the image.
// If omitted, it defaults to "WithPurchasePlan".
// +optional
Plan ImagePurchasePlan `json:"plan"`
// Publisher is the publisher of the image.
Publisher string `json:"publisher"`
// Offer is the offer of the image.
Offer string `json:"offer"`
// SKU is the SKU of the image.
SKU string `json:"sku"`
// Version is the version of the image.
Version string `json:"version"`
}
OSImage is the image to use for the OS of a machine.
type OutboundType ¶
type OutboundType string
OutboundType is a strategy for how egress from cluster is achieved. +kubebuilder:validation:Enum="";Loadbalancer;NatGateway;UserDefinedRouting
const ( // LoadbalancerOutboundType uses Standard loadbalancer for egress from the cluster. // see https://docs.microsoft.com/en-us/azure/load-balancer/load-balancer-outbound-connections#lb LoadbalancerOutboundType OutboundType = "Loadbalancer" // NatGatewayOutboundType uses NAT gateway for egress from the cluster // see https://learn.microsoft.com/en-us/azure/virtual-network/nat-gateway/nat-gateway-resource NatGatewayOutboundType OutboundType = "NatGateway" // UserDefinedRoutingOutboundType uses user defined routing for egress from the cluster. // see https://docs.microsoft.com/en-us/azure/virtual-network/virtual-networks-udr-overview UserDefinedRoutingOutboundType OutboundType = "UserDefinedRouting" )
type Platform ¶
type Platform struct {
// Region specifies the Azure region where the cluster will be created.
Region string `json:"region"`
// ARMEndpoint is the endpoint for the Azure API when installing on Azure Stack.
ARMEndpoint string `json:"armEndpoint,omitempty"`
// ClusterOSImage is the url of a storage blob in the Azure Stack environment containing an RHCOS VHD. This field is required for Azure Stack and not applicable to Azure.
ClusterOSImage string `json:"clusterOSImage,omitempty"`
// BaseDomainResourceGroupName specifies the resource group where the Azure DNS zone for the base domain is found. This field is optional when creating a private cluster, otherwise required.
//
// +optional
BaseDomainResourceGroupName string `json:"baseDomainResourceGroupName,omitempty"`
// DefaultMachinePlatform is the default configuration used when
// installing on Azure for machine pools which do not define their own
// platform configuration.
// +optional
DefaultMachinePlatform *MachinePool `json:"defaultMachinePlatform,omitempty"`
// NetworkResourceGroupName specifies the network resource group that contains an existing VNet
//
// +optional
NetworkResourceGroupName string `json:"networkResourceGroupName,omitempty"`
// VirtualNetwork specifies the name of an existing VNet for the installer to use
//
// +optional
VirtualNetwork string `json:"virtualNetwork,omitempty"`
// ControlPlaneSubnet specifies an existing subnet for use by the control plane nodes
//
// +optional
ControlPlaneSubnet string `json:"controlPlaneSubnet,omitempty"`
// ComputeSubnet specifies an existing subnet for use by compute nodes
//
// +optional
ComputeSubnet string `json:"computeSubnet,omitempty"`
// cloudName is the name of the Azure cloud environment which can be used to configure the Azure SDK
// with the appropriate Azure API endpoints.
// If empty, the value is equal to "AzurePublicCloud".
// +optional
CloudName CloudEnvironment `json:"cloudName,omitempty"`
// OutboundType is a strategy for how egress from cluster is achieved. When not specified default is "Loadbalancer".
// "NatGateway" is only available in TechPreview.
//
// +kubebuilder:default=Loadbalancer
// +optional
OutboundType OutboundType `json:"outboundType"`
// ResourceGroupName is the name of an already existing resource group where the cluster should be installed.
// This resource group should only be used for this specific cluster and the cluster components will assume
// ownership of all resources in the resource group. Destroying the cluster using installer will delete this
// resource group.
// This resource group must be empty with no other resources when trying to use it for creating a cluster.
// If empty, a new resource group will created for the cluster.
//
// +optional
ResourceGroupName string `json:"resourceGroupName,omitempty"`
// UserTags has additional keys and values that the installer will add
// as tags to all resources that it creates on AzurePublicCloud alone.
// Resources created by the cluster itself may not include these tags.
// +optional
UserTags map[string]string `json:"userTags,omitempty"`
}
Platform stores all the global configuration that all machinesets use.
func (*Platform) ClusterResourceGroupName ¶
ClusterResourceGroupName returns the name of the resource group for the cluster.
func (*Platform) SetBaseDomain ¶
SetBaseDomain parses the baseDomainID and sets the related fields on azure.Platform
type SecurityEncryptionTypes ¶
type SecurityEncryptionTypes string
SecurityEncryptionTypes represents the Encryption Type when the Azure Virtual Machine is a Confidential VM.
const ( // SecurityEncryptionTypesVMGuestStateOnly disables OS disk confidential encryption. SecurityEncryptionTypesVMGuestStateOnly SecurityEncryptionTypes = "VMGuestStateOnly" // SecurityEncryptionTypesDiskWithVMGuestState enables OS disk confidential encryption with // a platform-managed key (PMK) or a customer-managed key (CMK). SecurityEncryptionTypesDiskWithVMGuestState SecurityEncryptionTypes = "DiskWithVMGuestState" )
type SecuritySettings ¶
type SecuritySettings struct {
// SecurityType specifies the SecurityType of the virtual machine. It has to be set to any specified value to
// enable secure boot and vTPM. The default behavior is: secure boot and vTPM will not be enabled unless this property is set.
// +kubebuilder:validation:Enum=ConfidentialVM;TrustedLaunch
// +kubebuilder:validation:Required
SecurityType SecurityTypes `json:"securityType,omitempty"`
// ConfidentialVM specifies the security configuration of the virtual machine.
// For more information regarding Confidential VMs, please refer to:
// https://learn.microsoft.com/azure/confidential-computing/confidential-vm-overview
// +optional
ConfidentialVM *ConfidentialVM `json:"confidentialVM,omitempty"`
// TrustedLaunch specifies the security configuration of the virtual machine.
// For more information regarding TrustedLaunch for VMs, please refer to:
// https://learn.microsoft.com/azure/virtual-machines/trusted-launch
// +optional
TrustedLaunch *TrustedLaunch `json:"trustedLaunch,omitempty"`
}
SecuritySettings define the security type and the UEFI settings of the virtual machine.
type SecurityTypes ¶
type SecurityTypes string
SecurityTypes represents the SecurityType of the virtual machine.
const ( // SecurityTypesConfidentialVM defines the SecurityType of the virtual machine as a Confidential VM. SecurityTypesConfidentialVM SecurityTypes = "ConfidentialVM" // SecurityTypesTrustedLaunch defines the SecurityType of the virtual machine as a Trusted Launch VM. SecurityTypesTrustedLaunch SecurityTypes = "TrustedLaunch" )
type TrustedLaunch ¶
type TrustedLaunch struct {
// UEFISettings specifies the security settings like secure boot and vTPM used while creating the virtual machine.
// +kubebuilder:validation:Required
UEFISettings *UEFISettings `json:"uefiSettings,omitempty"`
}
TrustedLaunch defines the UEFI settings for the virtual machine.
type UEFISettings ¶
type UEFISettings struct {
// SecureBoot specifies whether secure boot should be enabled on the virtual machine.
// Secure Boot verifies the digital signature of all boot components and halts the boot process if
// signature verification fails.
// If omitted, the platform chooses a default, which is subject to change over time, currently that default is disabled.
// +kubebuilder:validation:Enum=Enabled;Disabled
// +optional
SecureBoot *string `json:"secureBoot,omitempty"`
// VirtualizedTrustedPlatformModule specifies whether vTPM should be enabled on the virtual machine.
// When enabled the virtualized trusted platform module measurements are used to create a known good boot integrity policy baseline.
// The integrity policy baseline is used for comparison with measurements from subsequent VM boots to determine if anything has changed.
// This is required to be set to enabled if the SecurityEncryptionType is defined.
// If omitted, the platform chooses a default, which is subject to change over time, currently that default is disabled.
// +kubebuilder:validation:Enum=Enabled;Disabled
// +optional
VirtualizedTrustedPlatformModule *string `json:"virtualizedTrustedPlatformModule,omitempty"`
}
UEFISettings specifies the security settings like secure boot and vTPM used while creating the virtual machine.
type VMDiskSecurityProfile ¶
type VMDiskSecurityProfile struct {
// DiskEncryptionSet specifies the customer managed disk encryption set resource id for the
// managed disk that is used for Customer Managed Key encrypted ConfidentialVM OS Disk and
// VMGuestState blob.
// +optional
DiskEncryptionSet *DiskEncryptionSet `json:"diskEncryptionSet,omitempty"`
// SecurityEncryptionType specifies the encryption type of the managed disk.
// It is set to DiskWithVMGuestState to encrypt the managed disk along with the VMGuestState
// blob, and to VMGuestStateOnly to encrypt the VMGuestState blob only.
// When set to VMGuestStateOnly, the VTpmEnabled should be set to true.
// When set to DiskWithVMGuestState, both SecureBootEnabled and VTpmEnabled should be set to true.
// It can be set only for Confidential VMs.
// +kubebuilder:validation:Enum=VMGuestStateOnly;DiskWithVMGuestState
// +optional
SecurityEncryptionType SecurityEncryptionTypes `json:"securityEncryptionType,omitempty"`
}
VMDiskSecurityProfile specifies the security profile settings for the managed disk. It can be set only for Confidential VMs.
type VMNetworkingCapability ¶
type VMNetworkingCapability string
VMNetworkingCapability defines the states for accelerated networking feature
const ( // AcceleratedNetworkingEnabled is string representation of the VMNetworkingType / AcceleratedNetworking Capability // provided by the Azure API AcceleratedNetworkingEnabled = "AcceleratedNetworkingEnabled" // VMNetworkingTypeBasic enum attribute that is the default setting which means AcceleratedNetworking is disabled. VMNetworkingTypeBasic VMNetworkingCapability = "Basic" // VMnetworkingTypeAccelerated enum attribute that enables AcceleratedNetworking on a VM NIC. VMnetworkingTypeAccelerated VMNetworkingCapability = "Accelerated" )
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.