Documentation
¶
Index ¶
- func ApprovalAllCSRs(cluster *clusterv1.ManagedCluster, addon *addonapiv1alpha1.ManagedClusterAddOn, ...) bool
- func DefaultGroups(clusterName, addonName string) []string
- func DefaultUser(clusterName, addonName, agentName string) string
- func KubeClientSignerConfigurations(addonName, agentName string) func(cluster *clusterv1.ManagedCluster) []addonapiv1alpha1.RegistrationConfig
- type AddonHealthCheckFunc
- type AgentAddon
- type AgentAddonOptions
- type CSRApproveFunc
- type CSRSignerFunc
- type HealthProber
- type HealthProberType
- type InstallStrategy
- type PermissionConfigFunc
- type ProbeField
- type RegistrationOption
- type Updater
- type WorkHealthProber
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ApprovalAllCSRs ¶
func ApprovalAllCSRs(cluster *clusterv1.ManagedCluster, addon *addonapiv1alpha1.ManagedClusterAddOn, csr *certificatesv1.CertificateSigningRequest) bool
ApprovalAllCSRs returns true for all csrs.
func DefaultGroups ¶
DefaultGroups returns the default groups
func DefaultUser ¶
DefaultUser returns the default User
func KubeClientSignerConfigurations ¶
func KubeClientSignerConfigurations(addonName, agentName string) func(cluster *clusterv1.ManagedCluster) []addonapiv1alpha1.RegistrationConfig
Types ¶
type AddonHealthCheckFunc ¶ added in v0.3.0
type AddonHealthCheckFunc func(workapiv1.ResourceIdentifier, workapiv1.StatusFeedbackResult) error
type AgentAddon ¶
type AgentAddon interface {
// Manifests returns a list of manifest resources to be deployed on the managed cluster for this addon.
// The resources in this list are required to explicitly clarify their TypeMta (i.e. apiVersion, kind)
// otherwise the addon deploying will fail constantly. A recommended set of addon component returned
// here will be:
// - the hosting namespace of the addon-agents.
// - a deployment of the addon agents.
// - the configurations (e.g. configmaps) mounted by the deployment.
// - the RBAC permission bond to the addon agents *in the managed cluster*. (the hub cluster's RBAC
// setup shall be done at GetAgentAddonOptions below.)
// NB for dispatching namespaced resources, it's recommended to include the namespace in the list.
Manifests(cluster *clusterv1.ManagedCluster, addon *addonapiv1alpha1.ManagedClusterAddOn) ([]runtime.Object, error)
// GetAgentAddonOptions returns the agent options for advanced agent customization.
// A minimal option is merely setting a unique addon name in the AgentAddonOptions.
GetAgentAddonOptions() AgentAddonOptions
}
AgentAddon is a mandatory interface for implementing a custom addon. The addon is expected to be registered into an AddonManager so the manager will be invoking the addon implementation below as callbacks upon:
- receiving valid watch events from ManagedClusterAddon.
- receiving valid watch events from ManifestWork.
type AgentAddonOptions ¶
type AgentAddonOptions struct {
// AddonName is the name of the addon.
// Should be globally unique.
// +required
AddonName string
// Registration prescribes the custom behavior during CSR applying, approval and signing.
// +optional
Registration *RegistrationOption
// InstallStrategy defines that addon should be created in which clusters.
// Addon will not be installed automatically until a ManagedClusterAddon is applied to the cluster's
// namespace if InstallStrategy is nil.
// Deprecated: use installStrategy config in ClusterManagementAddOn API instead
// The migration plan refer to https://github.com/open-cluster-management-io/ocm/issues/355.
// +optional
InstallStrategy *InstallStrategy
// Updaters select a set of resources and define the strategies to update them.
// UpdateStrategy is Update if no Updater is defined for a resource.
// +optional
Updaters []Updater
// HealthProber defines how is the healthiness status of the ManagedClusterAddon probed.
// Note that the prescribed prober type here only applies to the automatically installed
// addons configured via InstallStrategy.
// If nil, will be defaulted to "Lease" type.
// +optional
HealthProber *HealthProber
// HostedModeEnabled defines whether the Hosted deploying mode for the addon agent is enabled
// If not set, will be defaulted to false.
// +optional
HostedModeEnabled bool
// SupportedConfigGVRs is a list of addon supported configuration GroupVersionResource
// each configuration GroupVersionResource should be unique
SupportedConfigGVRs []schema.GroupVersionResource
// AgentDeployTriggerClusterFilter defines the filter func to trigger the agent deploy/redploy when cluster info is
// changed. Addons that need information from the ManagedCluster resource when deploying the agent should use this
// field to set what information they need, otherwise the expected/up-to-date agent may be deployed delayed since
// the default filter func returns false when the ManagedCluster resource is updated.
//
// For example, the agentAddon needs information from the ManagedCluster annotation, it can set the filter function
// like:
//
// AgentDeployTriggerClusterFilter: func(old, new *clusterv1.ManagedCluster) bool {
// return !equality.Semantic.DeepEqual(old.Annotations, new.Annotations)
// }
// +optional
AgentDeployTriggerClusterFilter func(old, new *clusterv1.ManagedCluster) bool
// ManifestConfigs represents the configurations of manifests defined in workload field. It will:
// - override the update strategy set by the "Updaters" field
// - merge the feedback rules set by the "HealthProber" field if they have the same resource identifier,
// when merging the feedback rules, if the rule configured here is json path type, will ignore the
// json path which is already in the existing rules, compare by the path name.
// +optional
ManifestConfigs []workapiv1.ManifestConfigOption
}
AgentAddonOptions prescribes the future customization for the addon.
type CSRApproveFunc ¶ added in v0.2.0
type CSRApproveFunc func(cluster *clusterv1.ManagedCluster, addon *addonapiv1alpha1.ManagedClusterAddOn, csr *certificatesv1.CertificateSigningRequest) bool
type CSRSignerFunc ¶ added in v0.2.0
type CSRSignerFunc func(csr *certificatesv1.CertificateSigningRequest) []byte
type HealthProber ¶ added in v0.2.0
type HealthProber struct {
Type HealthProberType
WorkProber *WorkHealthProber
}
type HealthProberType ¶ added in v0.2.0
type HealthProberType string
const ( // HealthProberTypeNone indicates the healthiness status will be refreshed, which is // leaving the healthiness of ManagedClusterAddon to an empty string. HealthProberTypeNone HealthProberType = "None" // HealthProberTypeLease indicates the healthiness of the addon is connected with the // corresponding lease resource in the cluster namespace with the same name as the addon. // Note that the lease object is expected to periodically refresh by a local agent // deployed in the managed cluster implementing lease.LeaseUpdater interface. HealthProberTypeLease HealthProberType = "Lease" // HealthProberTypeWork indicates the healthiness of the addon is equal to the overall // dispatching status of the corresponding ManifestWork resource. // It's applicable to those addons that don't have a local agent instance in the managed // clusters. The addon framework will check if the work is Available on the spoke. In addition // user can define a prober to check more detailed status based on status feedback from work. HealthProberTypeWork HealthProberType = "Work" // HealthProberTypeDeploymentAvailability indicates the healthiness of the addon is connected // with the availability of the corresponding agent deployment resources on the managed cluster. // It's a special case of HealthProberTypeWork. HealthProberTypeDeploymentAvailability HealthProberType = "DeploymentAvailability" )
type InstallStrategy ¶
type InstallStrategy struct {
// contains filtered or unexported fields
}
InstallStrategy is the installation strategy of the manifests prescribed by Manifests(..).
func InstallAllStrategy ¶
func InstallAllStrategy(installNamespace string) *InstallStrategy
InstallAllStrategy indicate to install addon to all clusters
func InstallByFilterFunctionStrategy ¶ added in v0.5.0
func InstallByFilterFunctionStrategy(installNamespace string, f func(cluster *clusterv1.ManagedCluster) bool) *InstallStrategy
InstallByFilterFunctionStrategy indicate to install addon based on a filter function, and it will also install addons if the filter function is nil.
func InstallByLabelStrategy ¶ added in v0.3.0
func InstallByLabelStrategy(installNamespace string, selector metav1.LabelSelector) *InstallStrategy
InstallByLabelStrategy indicate to install addon based on clusters' label
func (*InstallStrategy) GetManagedClusterFilter ¶ added in v0.5.0
func (s *InstallStrategy) GetManagedClusterFilter() func(cluster *clusterv1.ManagedCluster) bool
type PermissionConfigFunc ¶ added in v0.3.0
type PermissionConfigFunc func(cluster *clusterv1.ManagedCluster, addon *addonapiv1alpha1.ManagedClusterAddOn) error
type ProbeField ¶ added in v0.3.0
type ProbeField struct {
// ResourceIdentifier sets what resource should be probed
ResourceIdentifier workapiv1.ResourceIdentifier
// ProbeRules sets the rules to probe the field
ProbeRules []workapiv1.FeedbackRule
}
ProbeField defines the field of a resource to be probed
type RegistrationOption ¶
type RegistrationOption struct {
// CSRConfigurations returns a list of csr configuration for the adddon agent in a managed cluster.
// A csr will be created from the managed cluster for addon agent with each CSRConfiguration.
// +required
CSRConfigurations func(cluster *clusterv1.ManagedCluster) []addonapiv1alpha1.RegistrationConfig
// Namespace is the namespace where registraiton credential will be put on the managed cluster. It
// will be overridden by installNamespace on ManagedClusterAddon spec if set
// Deprecated: use AgentInstallNamespace instead
Namespace string
// AgentInstallNamespace returns the namespace where registration credential will be put on the managed cluster.
// It will override the installNamespace on ManagedClusterAddon spec if set and the returned value is not empty.
// Note: Set this very carefully. If this is set, the addon agent must be deployed in the same namespace, which
// means when implementing Manifests function in AgentAddon interface, the namespace of the addon agent manifest
// must be set to the same value returned by this function.
AgentInstallNamespace func(addon *addonapiv1alpha1.ManagedClusterAddOn) (string, error)
// CSRApproveCheck checks whether the addon agent registration should be approved by the hub.
// Addon hub controller can implement this func to auto-approve all the CSRs. A better CSR check is
// recommended to include (1) the validity of requester's requesting identity and (2) the other request
// payload such as key-usages.
// If the function is not set, the registration and certificate renewal of addon agent needs to be approved
// manually on hub.
// NB auto-approving csr requires the addon manager to have sufficient RBAC permission for the target
// signer, e.g.:
// >> { "apiGroups":["certificates.k8s.io"],
// >> "resources":["signers"],
// >> "resourceNames":["kubernetes.io/kube-apiserver-client"]...}
// +optional
CSRApproveCheck CSRApproveFunc
// PermissionConfig defines the function for an addon to setup rbac permission. This callback doesn't
// couple with any concrete RBAC Api so the implementation is expected to ensure the RBAC in the hub
// cluster by calling the kubernetes api explicitly. Additionally we can also extend arbitrary third-party
// permission setup in this callback.
// +optional
PermissionConfig PermissionConfigFunc
// CSRSign signs a csr and returns a certificate. It is used when the addon has its own customized signer.
// The returned byte array shall be a valid non-nil PEM encoded x509 certificate.
// +optional
CSRSign CSRSignerFunc
}
RegistrationOption defines how agent is registered to the hub cluster. It needs to define: 1. csr with what subject/signer should be created 2. how csr is approved 3. the RBAC setting of agent on the hub 4. how csr is signed if the customized signer is used.
type Updater ¶ added in v0.7.0
type Updater struct {
// ResourceIdentifier sets what resources the strategy applies to
ResourceIdentifier workapiv1.ResourceIdentifier
// UpdateStrategy defines the strategy used to update the manifests.
UpdateStrategy workapiv1.UpdateStrategy
}
type WorkHealthProber ¶ added in v0.3.0
type WorkHealthProber struct {
// ProbeFields tells addon framework what field to probe
ProbeFields []ProbeField
// HealthCheck check status of the addon based on probe result.
HealthCheck AddonHealthCheckFunc
}
Source Files
Click to show internal directories.
Click to hide internal directories.