Documentation ¶
Index ¶
- Constants
- type Botanist
- func (b *Botanist) CheckConditionControlPlaneHealthy(condition *gardenv1beta1.Condition) *gardenv1beta1.Condition
- func (b *Botanist) CheckConditionEveryNodeReady(condition *gardenv1beta1.Condition) *gardenv1beta1.Condition
- func (b *Botanist) CheckConditionSystemComponentsHealthy(condition *gardenv1beta1.Condition) *gardenv1beta1.Condition
- func (b *Botanist) CleanCustomResourceDefinitions() error
- func (b *Botanist) CleanKubernetesResources() error
- func (b *Botanist) DeleteBackupInfrastructure() error
- func (b *Botanist) DeleteBackupNamespace() error
- func (b *Botanist) DeleteGardenSecrets() error
- func (b *Botanist) DeleteKubeAPIServer() error
- func (b *Botanist) DeleteKubeAddonManager() error
- func (b *Botanist) DeleteNamespace() error
- func (b *Botanist) DeleteSeedMonitoring() error
- func (b *Botanist) DeployBackupInfrastructure() error
- func (b *Botanist) DeployBackupNamespaceFromBackupInfrastructure() error
- func (b *Botanist) DeployBackupNamespaceFromShoot() error
- func (b *Botanist) DeployDNSRecord(terraformerPurpose, name, target string, purposeInternalDomain bool) error
- func (b *Botanist) DeployExternalDomainDNSRecord() error
- func (b *Botanist) DeployInternalDomainDNSRecord() error
- func (b *Botanist) DeployKubeAPIServerService() error
- func (b *Botanist) DeployMachineControllerManager() error
- func (b *Botanist) DeployNamespace() error
- func (b *Botanist) DeploySecrets() error
- func (b *Botanist) DeploySeedMonitoring() error
- func (b *Botanist) DestroyDNSRecord(terraformerPurpose string, purposeInternalDomain bool) error
- func (b *Botanist) DestroyExternalDomainDNSRecord() error
- func (b *Botanist) DestroyIngressDNSRecord() error
- func (b *Botanist) DestroyInternalDomainDNSRecord() error
- func (b *Botanist) EnsureIngressDNSRecord() error
- func (b *Botanist) GenerateHeapsterConfig() (map[string]interface{}, error)
- func (b *Botanist) GenerateHelmTillerConfig() (map[string]interface{}, error)
- func (b *Botanist) GenerateKubeLegoConfig() (map[string]interface{}, error)
- func (b *Botanist) GenerateKubernetesDashboardConfig() (map[string]interface{}, error)
- func (b *Botanist) GenerateMonocularConfig() (map[string]interface{}, error)
- func (b *Botanist) GenerateNginxIngressConfig() (map[string]interface{}, error)
- func (b *Botanist) GenerateTerraformCloudDNSVariablesEnvironment(purposeInternalDomain bool) ([]map[string]interface{}, error)
- func (b *Botanist) GenerateTerraformDNSConfig(name, hostedZoneID string, values []string) map[string]interface{}
- func (b *Botanist) GenerateTerraformRoute53VariablesEnvironment(purposeInternalDomain bool) ([]map[string]interface{}, error)
- func (b *Botanist) MoveBackupTerraformResources() error
- func (b *Botanist) PerformGarbageCollectionSeed() error
- func (b *Botanist) PerformGarbageCollectionShoot() error
- func (b *Botanist) RefreshKubeAPIServerChecksums() error
- func (b *Botanist) RefreshKubeControllerManagerChecksums() error
- func (b *Botanist) RegisterAsSeed() error
- func (b *Botanist) UnregisterAsSeed() error
- func (b *Botanist) WaitUntilBackupInfrastructureReconciled() error
- func (b *Botanist) WaitUntilBackupNamespaceDeleted() error
- func (b *Botanist) WaitUntilKubeAPIServerReady() error
- func (b *Botanist) WaitUntilKubeAPIServerServiceIsReady() error
- func (b *Botanist) WaitUntilKubeAddonManagerDeleted() error
- func (b *Botanist) WaitUntilSeedNamespaceDeleted() error
- func (b *Botanist) WaitUntilVPNConnectionExists() error
- type ControlPlaneSecret
- type RSASecret
- type Secret
- type TLSSecret
Constants ¶
const ( // ServerCert indicates that the certificate should have the ExtKeyUsageServerAuth usage. ServerCert certType = "server" // ClientCert indicates that the certificate should have the ExtKeyUsageClientAuth usage. ClientCert certType = "client" // ServerClientCert indicates that the certificate should have both the ExtKeyUsageServerAuth and ExtKeyUsageClientAuth usage. ServerClientCert certType = "both" )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Botanist ¶
Botanist is a struct which has methods that perform cloud-independent operations for a Shoot cluster.
func New ¶
New takes an operation object <o> and creates a new Botanist object. It checks whether the given Shoot DNS domain is covered by a default domain, and if so, it sets the <DefaultDomainSecret> attribute on the Botanist object.
func (*Botanist) CheckConditionControlPlaneHealthy ¶
func (b *Botanist) CheckConditionControlPlaneHealthy(condition *gardenv1beta1.Condition) *gardenv1beta1.Condition
CheckConditionControlPlaneHealthy checks whether the control plane of the Shoot cluster is healthy, i.e. whether all containers running in the relevant namespace in the Seed cluster are healthy.
func (*Botanist) CheckConditionEveryNodeReady ¶
func (b *Botanist) CheckConditionEveryNodeReady(condition *gardenv1beta1.Condition) *gardenv1beta1.Condition
CheckConditionEveryNodeReady checks whether every node registered at the Shoot cluster is in "Ready" state and that no node known to the IaaS is not registered to the Shoot's kube-apiserver.
func (*Botanist) CheckConditionSystemComponentsHealthy ¶
func (b *Botanist) CheckConditionSystemComponentsHealthy(condition *gardenv1beta1.Condition) *gardenv1beta1.Condition
CheckConditionSystemComponentsHealthy checks whether every container in the kube-system namespace of the Shoot cluster is in "Running" state and that the number of available replicas per deployment matches the number of actual replicas (i.e., the number of desired pods matches the number of actual running pods).
func (*Botanist) CleanCustomResourceDefinitions ¶
CleanCustomResourceDefinitions deletes all the CRDs in the Kubernetes cluster (which will delete the existing custom resources, recursively). It will wait until all resources have been cleaned up.
func (*Botanist) CleanKubernetesResources ¶
CleanKubernetesResources deletes all the Kubernetes resources in the Shoot cluster other than those stored in the exceptions map. It will check whether all the Kubernetes resources in the Shoot cluster other than those stored in the exceptions map have been deleted. It will return an error in case it has not finished yet, and nil if all resources are gone.
func (*Botanist) DeleteBackupInfrastructure ¶
DeleteBackupInfrastructure deletes the sets deletionTimestamp on the backupInfrastructure resource in the Garden namespace which is responsible for actual deletion of cloud resource for Shoot's backup infrastructure.
func (*Botanist) DeleteBackupNamespace ¶
DeleteBackupNamespace deletes the namespace in the Seed cluster which holds the backup infrastructure state. The built-in garbage collection in Kubernetes will automatically delete all resources which belong to this namespace.
func (*Botanist) DeleteGardenSecrets ¶
DeleteGardenSecrets deletes the Shoot-specific secrets from the project namespace in the Garden cluster. TODO: Switch to putting an ownerReference of the Shoot into the Secret's metadata once garbage collection works properly.
func (*Botanist) DeleteKubeAPIServer ¶
DeleteKubeAPIServer deletes the kube-apiserver deployment in the Seed cluster which holds the Shoot's control plane.
func (*Botanist) DeleteKubeAddonManager ¶
DeleteKubeAddonManager deletes the kube-addon-manager deployment in the Seed cluster which holds the Shoot's control plane. It needs to be deleted before trying to remove any resources in the Shoot cluster, otherwise it will automatically recreate them and block the infrastructure deletion.
func (*Botanist) DeleteNamespace ¶
DeleteNamespace deletes the namespace in the Seed cluster which holds the control plane components. The built-in garbage collection in Kubernetes will automatically delete all resources which belong to this namespace. This comprises volumes and load balancers as well.
func (*Botanist) DeleteSeedMonitoring ¶
DeleteSeedMonitoring will delete the monitoring stack from the Seed cluster to avoid phantom alerts during the deletion process. More precisely, the Alertmanager and Prometheus StatefulSets will be deleted.
func (*Botanist) DeployBackupInfrastructure ¶
DeployBackupInfrastructure creates a BackupInfrastructure resource into the project namespace of shoot on garden cluster. BackupInfrastructure controller acting on resource will actually create required cloud resources and updates the status.
func (*Botanist) DeployBackupNamespaceFromBackupInfrastructure ¶
DeployBackupNamespaceFromBackupInfrastructure creates a namespace in the Seed cluster from info in shoot object, which is used to deploy all the backup infrastructure realted resources for shoot cluster. Moreover, the terraform configuration and all the secrets will be stored as ConfigMaps/Secrets.
func (*Botanist) DeployBackupNamespaceFromShoot ¶
DeployBackupNamespaceFromShoot creates a namespace in the Seed cluster from info in shoot object, which is used to deploy all the backup infrastructure realted resources for shoot cluster. Moreover, the terraform configuration and all the secrets will be stored as ConfigMaps/Secrets.
func (*Botanist) DeployDNSRecord ¶
func (b *Botanist) DeployDNSRecord(terraformerPurpose, name, target string, purposeInternalDomain bool) error
DeployDNSRecord kicks off a Terraform job of name <alias> which deploys the DNS record for <name> which will point to <target>.
func (*Botanist) DeployExternalDomainDNSRecord ¶
DeployExternalDomainDNSRecord deploys the DNS record for the external cluster domain.
func (*Botanist) DeployInternalDomainDNSRecord ¶
DeployInternalDomainDNSRecord deploys the DNS record for the internal cluster domain.
func (*Botanist) DeployKubeAPIServerService ¶
DeployKubeAPIServerService creates a Service of type 'LoadBalancer' in the Seed cluster which is used to expose the kube-apiserver deployment (of the Shoot cluster). It waits until the load balancer is available and stores the address on the Botanist's APIServerAddress attribute.
func (*Botanist) DeployMachineControllerManager ¶
DeployMachineControllerManager deploys the machine-controller-manager into the Shoot namespace in the Seed cluster. It is responsible for managing the worker nodes of the Shoot.
func (*Botanist) DeployNamespace ¶
DeployNamespace creates a namespace in the Seed cluster which is used to deploy all the control plane components for the Shoot cluster. Moreover, the cloud provider configuration and all the secrets will be stored as ConfigMaps/Secrets.
func (*Botanist) DeploySecrets ¶
DeploySecrets creates a CA certificate for the Shoot cluster and uses it to sign the server certificate used by the kube-apiserver, and all client certificates used for communcation. It also creates RSA key pairs for SSH connections to the nodes/VMs and for the VPN tunnel. Moreover, basic authentication credentials are computed which will be used to secure the Ingress resources and the kube-apiserver itself. Server certificates for the exposed monitoring endpoints (via Ingress) are generated as well.
func (*Botanist) DeploySeedMonitoring ¶
DeploySeedMonitoring will install the Helm release "seed-monitoring" in the Seed clusters. It comprises components to monitor the Shoot cluster whose control plane runs in the Seed cluster.
func (*Botanist) DestroyDNSRecord ¶
DestroyDNSRecord kicks off a Terraform job which destroys the DNS record.
func (*Botanist) DestroyExternalDomainDNSRecord ¶
DestroyExternalDomainDNSRecord destroys the DNS record for the external cluster domain.
func (*Botanist) DestroyIngressDNSRecord ¶
DestroyIngressDNSRecord destroys the nginx-ingress resources created by Terraform.
func (*Botanist) DestroyInternalDomainDNSRecord ¶
DestroyInternalDomainDNSRecord destroys the DNS record for the internal cluster domain.
func (*Botanist) EnsureIngressDNSRecord ¶
EnsureIngressDNSRecord creates the respective wildcard DNS record for the nginx-ingress-controller.
func (*Botanist) GenerateHeapsterConfig ¶
GenerateHeapsterConfig generates the values which are required to render the chart of heapster properly.
func (*Botanist) GenerateHelmTillerConfig ¶
GenerateHelmTillerConfig generates the values which are required to render the chart of helm-tiller properly.
func (*Botanist) GenerateKubeLegoConfig ¶
GenerateKubeLegoConfig generates the values which are required to render the chart of kube-lego properly.
func (*Botanist) GenerateKubernetesDashboardConfig ¶
GenerateKubernetesDashboardConfig generates the values which are required to render the chart of the kubernetes-dashboard properly.
func (*Botanist) GenerateMonocularConfig ¶
GenerateMonocularConfig generates the values which are required to render the chart of monocular properly.
func (*Botanist) GenerateNginxIngressConfig ¶
GenerateNginxIngressConfig generates the values which are required to render the chart of the nginx-ingress-controller properly.
func (*Botanist) GenerateTerraformCloudDNSVariablesEnvironment ¶
func (b *Botanist) GenerateTerraformCloudDNSVariablesEnvironment(purposeInternalDomain bool) ([]map[string]interface{}, error)
GenerateTerraformCloudDNSVariablesEnvironment generates the environment containing the credentials which are required to validate/apply/destroy the Terraform configuration. These environment must contain Terraform variables which are prefixed with TF_VAR_.
func (*Botanist) GenerateTerraformDNSConfig ¶
func (b *Botanist) GenerateTerraformDNSConfig(name, hostedZoneID string, values []string) map[string]interface{}
GenerateTerraformDNSConfig creates the Terraform variables and the Terraform config (for the DNS record) and returns them (these values will be stored as a ConfigMap and a Secret in the Garden cluster.
func (*Botanist) GenerateTerraformRoute53VariablesEnvironment ¶
func (b *Botanist) GenerateTerraformRoute53VariablesEnvironment(purposeInternalDomain bool) ([]map[string]interface{}, error)
GenerateTerraformRoute53VariablesEnvironment generates the environment containing the credentials which are required to validate/apply/destroy the Terraform configuration. These environment must contain Terraform variables which are prefixed with TF_VAR_.
func (*Botanist) MoveBackupTerraformResources ¶
MoveBackupTerraformResources copies the terraform resources realted to backup infrastructure creation from a shoot's main namespace in the Seed cluster to Shoot's backup namespace.
func (*Botanist) PerformGarbageCollectionSeed ¶
PerformGarbageCollectionSeed performs garbage collection in the Shoot namespace in the Seed cluster, i.e., it deletes old machine sets which have a desired=actual=0 replica count.
func (*Botanist) PerformGarbageCollectionShoot ¶
PerformGarbageCollectionShoot performs garbage collection in the kube-system namespace in the Shoot cluster, i.e., it deletes evicted pods (mitigation for https://github.com/kubernetes/kubernetes/issues/55051).
func (*Botanist) RefreshKubeAPIServerChecksums ¶
RefreshKubeAPIServerChecksums updates the cloud provider checksum in the kube-apiserver pod spec template.
func (*Botanist) RefreshKubeControllerManagerChecksums ¶
RefreshKubeControllerManagerChecksums updates the cloud provider checksum in the kube-controller-manager pod spec template.
func (*Botanist) RegisterAsSeed ¶
RegisterAsSeed registers a Shoot cluster as a Seed in the Garden cluster.
func (*Botanist) UnregisterAsSeed ¶
UnregisterAsSeed unregisters a Shoot cluster as a Seed in the Garden cluster.
func (*Botanist) WaitUntilBackupInfrastructureReconciled ¶
WaitUntilBackupInfrastructureReconciled waits until the backup infrastructure within the garden cluster has been reconciled.
func (*Botanist) WaitUntilBackupNamespaceDeleted ¶
WaitUntilBackupNamespaceDeleted waits until the namespace for the backup of Shoot cluster within the Seed cluster is deleted.
func (*Botanist) WaitUntilKubeAPIServerReady ¶
WaitUntilKubeAPIServerReady waits until the kube-apiserver pod(s) have a condition in its/their status which indicates readiness.
func (*Botanist) WaitUntilKubeAPIServerServiceIsReady ¶
WaitUntilKubeAPIServerServiceIsReady waits until the external load balancer of the kube-apiserver has been created (i.e., its ingress information has been updated in the service status).
func (*Botanist) WaitUntilKubeAddonManagerDeleted ¶
WaitUntilKubeAddonManagerDeleted waits until the kube-addon-manager deployment within the Seed cluster has been deleted.
func (*Botanist) WaitUntilSeedNamespaceDeleted ¶
WaitUntilSeedNamespaceDeleted waits until the namespace of the Shoot cluster within the Seed cluster is deleted.
func (*Botanist) WaitUntilVPNConnectionExists ¶
WaitUntilVPNConnectionExists waits until a port forward connection to the vpn-shoot pod in the kube-system namespace of the Shoot cluster can be established.
type ControlPlaneSecret ¶
type ControlPlaneSecret struct { TLSSecret KubeconfigRequired bool KubeconfigWithBasicAuth bool KubeconfigUseInternalClusterDomain bool RunsInSeed bool }
ControlPlaneSecret is a struct which inherits from TLSSecret and is extended with a couple of additional properties. A control plane secret will always contain a client certificate and optionally a kubeconfig.
- KubeconfigRequired specifies whether a Kubeconfig should be created or not.
- KubeconfigWithBasicAuth specifies whether the generated Kubeconfig should contain the basic authentication credentials (beneath the client certificate).
- KubeconfigUseInternalClusterDomain specifies whether the technical load balancer address or the cluster domain should be used in the Kubeconfig.
- RunsInSeed specifies whether the component using the generated Kubeconfig runs in the Seed cluster (which means it can communicate with the kube-apiserver locally).
type RSASecret ¶
RSASecret is a struct which inherits from Secret (i.e., it gets a name) and which allows specifying the number of bits which should be used for the to-be-created RSA private key. A RSASecret always contains the corresponding public key as well. * Bits is the number of bits for the RSA private key.
type Secret ¶
Secret is a struct which contains a name and is used to be inherited from for more advanced secrets.
- DoNotApply is a boolean value which can be used to prevent creating the Secret in the Seed cluster. This can be useful to generate secrets which will be used in the Shoot cluster (whose API server might not be available yet).
type TLSSecret ¶
type TLSSecret struct { Secret CommonName string Organization []string DNSNames []string IPAddresses []net.IP CertType certType WantsCA bool }
TLSSecret is a struct which inherits from Secret (i.e., it gets a name) and which allows specifying the required properties for the to-be-created certificate. It always contains a 2048-bit RSA private key and can be either a server of a client certificate. * CommonName is the common name used in the certificate. * Organization is a list of organizations used in the certificate. * DNSNames is a list of DNS names for the Subject Alternate Names list. * IPAddresses is a list of IP addresses for the Subject Alternate Names list. * CertType specifies the usages of the certificate (server, client, both).