seedreconfig

package

v0.0.0-...-8662ded Latest Latest Go to latest Published: May 21, 2024 License: Apache-2.0 Imports: 0 Imported by: 1

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/openshift-kni/lifecycle-agent

Links

Open Source Insights

Documentation ¶

Constants ¶

View Source

const (
	SeedReconfigurationVersion = 1
	// BlockDeviceLabel is a configuration volume label to set while providing iso with configuration files
	BlockDeviceLabel = "cluster-config"
)

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ClientAuthCrypto ¶

type ClientAuthCrypto struct {
	AdminCACertificate PEM `json:"admin_ca_certificate,omitempty"`
}

type IngresssCrypto ¶

type IngresssCrypto struct {
	IngressCA PEM `json:"ingress_ca,omitempty"`
}

type KubeAPICrypto ¶

type KubeAPICrypto struct {
	ServingCrypto    ServingCrypto
	ClientAuthCrypto ClientAuthCrypto
}

type KubeConfigCryptoRetention ¶

type KubeConfigCryptoRetention struct {
	KubeAPICrypto  KubeAPICrypto
	IngresssCrypto IngresssCrypto
}

type PEM ¶

type PEM string

type Proxy ¶

type Proxy struct {
	// HTTPProxy is the URL of the proxy for HTTP requests.
	// +optional
	HTTPProxy string `json:"httpProxy,omitempty"`

	// HTTPSProxy is the URL of the proxy for HTTPS requests.
	// +optional
	HTTPSProxy string `json:"httpsProxy,omitempty"`

	// NoProxy is a comma-separated list of domains and CIDRs for which the proxy should not be used.
	// +optional
	NoProxy string `json:"noProxy,omitempty"`
}

Proxy defines the proxy settings for the cluster. At least one of HTTPProxy or HTTPSProxy is required. Aims to be the same as https://github.com/openshift/installer/blob/ad59622147974f2d2d62bcdeaf342ae4f87ed84f/pkg/types/installconfig.go#L454-L468

type SeedReconfiguration ¶

type SeedReconfiguration struct {
	// The version of the SeedReconfiguration struct format. This is used to detect
	// breaking changes to the struct.
	APIVersion int `json:"api_version"`

	// The desired base domain for the cluster. Equivalent to install-config.yaml's baseDomain.
	// This will replace the base domain of the seed cluster.
	BaseDomain string `json:"base_domain,omitempty"`

	// The desired cluster name for the cluster. Equivalent to install-config.yaml's clusterName.
	// This will replace the cluster name of the seed cluster.
	ClusterName string `json:"cluster_name,omitempty"`

	// The desired cluster-ID. During an IBU, this is the ID of the original
	// SNO. During an IBI, this can either be empty, in which case a new
	// cluster-ID will be generated by LCA, or it can be set to the ID of the
	// new cluster, in case one had to be pre-generated for some reason.
	ClusterID string `json:"cluster_id,omitempty"`

	// The desired infra ID for the cluster. No install-config.yaml equivalent,
	// as it is randomly generated from the cluster name + some random chars.
	// Similarly to cluster-ID, this can either be empty, in which case a new
	// infra-ID will be generated by LCA, or it can be set to the infra ID of
	// the new cluster, in case one had to be pre-generated for some reason.
	InfraID string `json:"infra_id,omitempty"`

	// The desired IP address of the SNO node.
	NodeIP string `json:"node_ip,omitempty"`

	// The container registry used to host the release image of the seed cluster.
	ReleaseRegistry string `json:"release_registry,omitempty"`

	// The desired hostname of the SNO node.
	Hostname string `json:"hostname,omitempty"`

	// KubeconfigCryptoRetention contains all the crypto material that is
	// required for recert to ensure existing kubeconfigs can be used to access
	// the cluster after recert.
	//
	// In the case of UBI, this material is taken from the cluster that is
	// being upgraded. In the case of IBI, this material is generated when the
	// cluster's kubeconfig is being prepared in advance.
	KubeconfigCryptoRetention KubeConfigCryptoRetention

	// SSHKey is the public Secure Shell (SSH) key to provide access to
	// instances. Equivalent to install-config.yaml's sshKey. This will replace
	// the SSH keys of the seed cluster.
	SSHKey string `json:"ssh_key,omitempty"`

	// KubeadminPasswordHash is the hash of the password for the kubeadmin
	// user, as can be found in the kubeadmin key of the kube-system/kubeadmin
	// secret. This will replace the kubeadmin password of the seed cluster.
	// The seed image must have an existing kubeadmin password secret, this is
	// because the secret is rejected by OCP if its creation timestamp differs
	// from the kube-system namespace creation timestamp by more than 1 hour.
	// During IBU, this is taken from the cluster that is being upgraded.
	// During IBI, this is generated in advance so it can be displayed to the
	// user. If empty, the kubeadmin password secret of the seed cluster will
	// be deleted (thus disabling kubeadmin password login), to ensure we're
	// not accepting a possibly compromised seed password.
	KubeadminPasswordHash string `json:"kubeadmin_password_hash,omitempty"`

	// RawNMStateConfig contains nmstate configuration YAML file provided as string.
	// String will be written to file and will be applied with "nmstatectl apply" command.
	// Example of nmstate configurations can be found in this link https://nmstate.io/examples.html
	// This field will be used for IBI process as in IBU we will copy nmconnection files
	RawNMStateConfig string `json:"raw_nm_state_config,omitempty"`

	// PullSecret is the secret to use when pulling images. Equivalent to install-config.yaml's pullSecret.
	PullSecret string `json:"pull_secret,omitempty"`

	// MachineNetwork is the subnet provided by user for the ocp cluster.
	// This will be used to create the node network and choose ip address for the node.
	// Equivalent to install-config.yaml's machineNetwork.
	MachineNetwork string `json:"machine_network,omitempty"`

	// Proxy is the proxy settings for the cluster. Equivalent to
	// install-config.yaml's proxy. This will replace the proxy settings of the
	// seed cluster. During IBI, the HTTP and HTTPS and NO proxy settings are
	// given by the user, and IBIO will also calculate a final NO_PROXY
	// configuration based on the user provided NO_PROXY and the cluster's
	// configuration. During an IBU, this is simply taken from the cluster's
	// Proxy CR .spec field.
	Proxy *Proxy `json:"proxy,omitempty"`

	// StatusProxy is the Proxy configuration from the Proxy CR's status field.
	// The Cluster Network Operator calculates a proxy configuration based on
	// the user provided proxy configuration (taken from the Proxy CR's spec)
	// and puts that proxy configuration in the Proxy CR's status. The status
	// proxy configuration is the one that's actually used by the operators in
	// the cluster. During a seed reconfiguration, we need to know both the
	// status proxy configuration and the user's spec proxy configuration, as
	// both are required to perform a rollout free seed reconfiguration.
	// Otherwise we would have to teach recert how to calculate the status
	// proxy from the spec proxy which is non-trivial. During an IBU, we simply
	// take this status from the cluster's Proxy CR .status field. During an
	// IBI, IBIO should do its best to emulate the behavior of the CNO so that
	// the status proxy configuration is identical to what CNO would have
	// calculated, so that rollouts are avoided.
	StatusProxy *Proxy `json:"status_proxy,omitempty"`

	// The install-config.yaml used to generate the cluster. This is used to
	// populate the cluster-config-v1 configmaps in the cluster, which usually
	// hold a slightly modified version of the user's installation
	// install-config.yaml. Changing this is important because the Cluster
	// Network Operator uses the information in this configmap to set the Proxy
	// CR's no_proxy status field. In IBU, LCA simply copies it from the
	// upgraded cluster. In IBI, a fake install-config should be generated by
	// the IBIO. This parameter is required when the proxy parameters are set.
	InstallConfig string `json:"install_config,omitempty"`
}

SeedReconfiguration contains all the information that is required to transform a machine started from a SNO seed image (which contains dummy seed configuration) into a SNO cluster with a desired configuration. During an IBU, this information is taken from the cluster that is being upgraded (the original SNO's LCA writes a file to the seed stateroot to communicate this information). During an IBI, this information is placed in the configuration ISO created by the image-based-install-operator.

WARNING: Changes to this struct and its sub-structs should not be made lightly, as it is also used by the image-based-install-operator. Any changes made here will also need to be handled in the image-based-install-operator or be backwards compatible. If you've made a breaking change, you will need to increment the SeedReconfigVersion constant to avoid silent breakage and allow for backwards compatibility code.

type ServingCrypto ¶

type ServingCrypto struct {
	LocalhostSignerPrivateKey      PEM `json:"localhost_signer_private_key,omitempty"`
	ServiceNetworkSignerPrivateKey PEM `json:"service_network_signer_private_key,omitempty"`
	LoadbalancerSignerPrivateKey   PEM `json:"loadbalancer_external_signer_private_key,omitempty"`
}

Source Files ¶

View all Source files

seedreconfig.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL