-
Notifications
You must be signed in to change notification settings - Fork 463
/
types_constants.go
533 lines (497 loc) · 37.3 KB
/
types_constants.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package constants
const (
// SecretNameCACluster is a constant for the name of a Kubernetes secret object that contains the CA
// certificate of a shoot cluster.
SecretNameCACluster = "ca"
// SecretNameCAETCD is a constant for the name of a Kubernetes secret object that contains the CA
// certificate of the etcd of a shoot cluster.
SecretNameCAETCD = "ca-etcd"
// SecretNameCAFrontProxy is a constant for the name of a Kubernetes secret object that contains the CA
// certificate of the kube-aggregator a shoot cluster.
SecretNameCAFrontProxy = "ca-front-proxy"
// SecretNameCAKubelet is a constant for the name of a Kubernetes secret object that contains the CA
// certificate of the kubelet of a shoot cluster.
SecretNameCAKubelet = "ca-kubelet"
// SecretNameCAMetricsServer is a constant for the name of a Kubernetes secret object that contains the CA
// certificate of the metrics-server of a shoot cluster.
SecretNameCAMetricsServer = "ca-metrics-server"
// SecretNameCAVPN is a constant for the name of a Kubernetes secret object that contains the CA
// certificate of the VPN components of a shoot cluster.
SecretNameCAVPN = "ca-vpn"
// SecretNameCloudProvider is a constant for the name of a Kubernetes secret object that contains the provider
// specific credentials that shall be used to create/delete the shoot.
SecretNameCloudProvider = "cloudprovider"
// SecretNameSSHKeyPair is a constant for the name of a Kubernetes secret object that contains the SSH key pair
// (public and private key) that can be used to SSH into the shoot nodes.
SecretNameSSHKeyPair = "ssh-keypair"
// SecretNameOldSSHKeyPair is a constant for the name of a Kubernetes secret object that contains the previous
// SSH key pair for a shoot cluster. This exists only after the first key rotation. Both the current and the
// old key are placed onto each shoot node.
SecretNameOldSSHKeyPair = "ssh-keypair.old"
// SecretNameServiceAccountKey is a constant for the name of a Kubernetes secret object that contains a
// PEM-encoded private RSA or ECDSA key used by the Kube Controller Manager to sign service account tokens
SecretNameServiceAccountKey = "service-account-key"
// SecretNameGardener is a constant for the name of a Kubernetes secret object that contains the client
// certificate and a kubeconfig for a shoot cluster. It is used by Gardener and can be used by extension
// controllers in order to communicate with the shoot's API server. The client certificate has administrator
// privileges.
SecretNameGardener = "gardener"
// SecretNameGardenerInternal is a constant for the name of a Kubernetes secret object that contains the client
// certificate and a kubeconfig for a shoot cluster. It is used by Gardener and can be used by extension
// controllers in order to communicate with the shoot's API server. The client certificate has administrator
// privileges. The difference to the "gardener" secret is that is contains the in-cluster endpoint as address to
// for the shoot API server instead the DNS name or load balancer address.
SecretNameGardenerInternal = "gardener-internal"
// SecretNameGenericTokenKubeconfig is a constant for the name of the kubeconfig used by the shoot controlplane
// components to authenticate against the shoot Kubernetes API server.
SecretNameGenericTokenKubeconfig = "generic-token-kubeconfig"
// SecretPrefixGeneratedBackupBucket is a constant for the prefix of a secret name in the garden cluster related to
// BackpuBuckets.
SecretPrefixGeneratedBackupBucket = "generated-bucket-"
// DeploymentNameClusterAutoscaler is a constant for the name of a Kubernetes deployment object that contains
// the cluster-autoscaler pod.
DeploymentNameClusterAutoscaler = "cluster-autoscaler"
// DeploymentNameKubeAPIServer is a constant for the name of a Kubernetes deployment object that contains
// the kube-apiserver pod.
DeploymentNameKubeAPIServer = "kube-apiserver"
// DeploymentNameKubeControllerManager is a constant for the name of a Kubernetes deployment object that contains
// the kube-controller-manager pod.
DeploymentNameKubeControllerManager = "kube-controller-manager"
// DeploymentNameGardenlet is a constant for the name of a Kubernetes deployment object that contains
// the Gardenlet pod.
DeploymentNameGardenlet = "gardenlet"
// DeploymentNameVPNSeedServer is a constant for the name of a Kubernetes deployment object that contains
// the vpn-seed-server pod.
DeploymentNameVPNSeedServer = "vpn-seed-server"
// DeploymentNameKubeScheduler is a constant for the name of a Kubernetes deployment object that contains
// the kube-scheduler pod.
DeploymentNameKubeScheduler = "kube-scheduler"
// DeploymentNameGardenerResourceManager is a constant for the name of a Kubernetes deployment object that contains
// the gardener-resource-manager pod.
DeploymentNameGardenerResourceManager = "gardener-resource-manager"
// DeploymentNameGrafanaOperators is a constant for the name of a Kubernetes deployment object that contains
// the grafana-operators pod.
DeploymentNameGrafanaOperators = "grafana-operators"
// DeploymentNameGrafanaUsers is a constant for the name of a Kubernetes deployment object that contains
// the grafana-users pod.
DeploymentNameGrafanaUsers = "grafana-users"
// DeploymentNameKubeStateMetricsShoot is a constant for the name of a Kubernetes deployment object that contains
// the kube-state-metrics pod.
DeploymentNameKubeStateMetricsShoot = "kube-state-metrics"
// DeploymentNameVPAAdmissionController is a constant for the name of the VPA admission controller deployment.
DeploymentNameVPAAdmissionController = "vpa-admission-controller"
// DeploymentNameVPAExporter is a constant for the name of the VPA exporter deployment.
DeploymentNameVPAExporter = "vpa-exporter"
// DeploymentNameVPARecommender is a constant for the name of the VPA recommender deployment.
DeploymentNameVPARecommender = "vpa-recommender"
// DeploymentNameVPAUpdater is a constant for the name of the VPA updater deployment.
DeploymentNameVPAUpdater = "vpa-updater"
// StatefulSetNameAlertManager is a constant for the name of a Kubernetes stateful set object that contains
// the alertmanager pod.
StatefulSetNameAlertManager = "alertmanager"
// ETCDRoleMain is a constant for the main etcd role.
ETCDRoleMain = "main"
// ETCDRoleEvents is a constant for the events etcd role.
ETCDRoleEvents = "events"
// ETCDMain is a constant for the name of etcd-main Etcd object.
ETCDMain = "etcd-" + ETCDRoleMain
// ETCDEvents is a constant for the name of etcd-events Etcd object.
ETCDEvents = "etcd-" + ETCDRoleEvents
// StatefulSetNameLoki is a constant for the name of a Kubernetes stateful set object that contains
// the loki pod.
StatefulSetNameLoki = "loki"
// StatefulSetNamePrometheus is a constant for the name of a Kubernetes stateful set object that contains
// the prometheus pod.
StatefulSetNamePrometheus = "prometheus"
// GardenerPurpose is a constant for the key in a label describing the purpose of the respective object.
GardenerPurpose = "gardener.cloud/purpose"
// GardenerDescription is a constant for a key in an annotation describing what the resource is used for.
GardenerDescription = "gardener.cloud/description"
// GardenCreatedBy is the key for an annotation of a Shoot cluster whose value indicates contains the username
// of the user that created the resource.
GardenCreatedBy = "gardener.cloud/created-by"
// GardenerOperation is a constant for an annotation on a resource that describes a desired operation.
GardenerOperation = "gardener.cloud/operation"
// GardenerOperationReconcile is a constant for the value of the operation annotation describing a reconcile
// operation.
GardenerOperationReconcile = "reconcile"
// GardenerTimestamp is a constant for an annotation on a resource that describes the timestamp when a reconciliation has been requested.
// It is only used to guarantee an update event for watching clients in case the operation-annotation is already present.
GardenerTimestamp = "gardener.cloud/timestamp"
// GardenerOperationMigrate is a constant for the value of the operation annotation describing a migration
// operation.
GardenerOperationMigrate = "migrate"
// GardenerOperationRestore is a constant for the value of the operation annotation describing a restoration
// operation.
GardenerOperationRestore = "restore"
// GardenerOperationWaitForState is a constant for the value of the operation annotation describing a wait
// operation.
GardenerOperationWaitForState = "wait-for-state"
// GardenerOperationKeepalive is a constant for the value of the operation annotation describing an
// operation that extends the lifetime of the object having the operation annotation.
GardenerOperationKeepalive = "keepalive"
// DeprecatedGardenRole is the key for an annotation on a Kubernetes object indicating what it is used for.
//
// Deprecated: Use `GardenRole` instead.
DeprecatedGardenRole = "garden.sapcloud.io/role"
// GardenRole is a constant for a label that describes a role.
GardenRole = "gardener.cloud/role"
// GardenRoleExtension is a constant for a label that describes the 'extensions' role.
GardenRoleExtension = "extension"
// GardenRoleGarden is the value of the GardenRole key indicating type 'garden'.
GardenRoleGarden = "garden"
// GardenRoleSeed is the value of the GardenRole key indicating type 'seed'.
GardenRoleSeed = "seed"
// GardenRoleShoot is the value of the GardenRole key indicating type 'shoot'.
GardenRoleShoot = "shoot"
// GardenRoleLogging is the value of the GardenRole key indicating type 'logging'.
GardenRoleLogging = "logging"
// GardenRoleProject is the value of GardenRole key indicating type 'project'.
GardenRoleProject = "project"
// GardenRoleControlPlane is the value of the GardenRole key indicating type 'controlplane'.
GardenRoleControlPlane = "controlplane"
// GardenRoleSystemComponent is the value of the GardenRole key indicating type 'system-component'.
GardenRoleSystemComponent = "system-component"
// GardenRoleMonitoring is the value of the GardenRole key indicating type 'monitoring'.
GardenRoleMonitoring = "monitoring"
// GardenRoleOptionalAddon is the value of the GardenRole key indicating type 'optional-addon'.
GardenRoleOptionalAddon = "optional-addon"
// GardenRoleCloudConfig is the value of the GardenRole key indicating type 'cloud-config'.
GardenRoleCloudConfig = "cloud-config"
// GardenRoleKubeconfig is the value of the GardenRole key indicating type 'kubeconfig'.
GardenRoleKubeconfig = "kubeconfig"
// GardenRoleSSHKeyPair is the value of the GardenRole key indicating type 'ssh-keypair'.
GardenRoleSSHKeyPair = "ssh-keypair"
// GardenRoleDefaultDomain is the value of the GardenRole key indicating type 'default-domain'.
GardenRoleDefaultDomain = "default-domain"
// GardenRoleInternalDomain is the value of the GardenRole key indicating type 'internal-domain'.
GardenRoleInternalDomain = "internal-domain"
// GardenRoleOpenVPNDiffieHellman is the value of the GardenRole key indicating type 'openvpn-diffie-hellman'.
GardenRoleOpenVPNDiffieHellman = "openvpn-diffie-hellman"
// GardenRoleGlobalMonitoring is the value of the GardenRole key indicating type 'global-monitoring'
GardenRoleGlobalMonitoring = "global-monitoring"
// GardenRoleGlobalShootRemoteWriteMonitoring is the value of the GardenRole key indicating type 'global-shoot-remote-write-monitoring'
GardenRoleGlobalShootRemoteWriteMonitoring = "global-shoot-remote-write-monitoring"
// GardenRoleAlerting is the value of GardenRole key indicating type 'alerting'.
GardenRoleAlerting = "alerting"
// GardenRoleHvpa is the value of GardenRole key indicating type 'hvpa'.
GardenRoleHvpa = "hvpa"
// GardenRoleControlPlaneWildcardCert is the value of the GardenRole key indicating type 'controlplane-cert'.
// It refers to a wildcard tls certificate which can be used for services exposed under the corresponding domain.
GardenRoleControlPlaneWildcardCert = "controlplane-cert"
// ShootUID is an annotation key for the shoot namespace in the seed cluster,
// which value will be the value of `shoot.status.uid`
ShootUID = "shoot.gardener.cloud/uid"
// ShootPurpose is a constant for the shoot purpose.
ShootPurpose = "shoot.gardener.cloud/purpose"
// ShootSyncPeriod is a constant for an annotation on a Shoot which may be used to overwrite the global Shoot controller sync period.
// The value must be a duration. It can also be used to disable the reconciliation at all by setting it to 0m. Disabling the reconciliation
// does only mean that the period reconciliation is disabled. However, when the Gardener is restarted/redeployed or the specification is
// changed then the reconciliation flow will be executed.
ShootSyncPeriod = "shoot.gardener.cloud/sync-period"
// ShootIgnore is a constant for an annotation on a Shoot which may be used to tell the Gardener that the Shoot with this name should be
// ignored completely. That means that the Shoot will never reach the reconciliation flow (independent of the operation (create/update/
// delete)).
ShootIgnore = "shoot.gardener.cloud/ignore"
// ShootNoCleanup is a constant for a label on a resource indicating that the Gardener cleaner should not delete this
// resource when cleaning a shoot during the deletion flow.
ShootNoCleanup = "shoot.gardener.cloud/no-cleanup"
// ShootAlphaScalingAPIServerClass is a constant for an annotation on the shoot stating the initial API server class.
// It influences the size of the initial resource requests/limits.
// Possible values are [small, medium, large, xlarge, 2xlarge].
// Note that this annotation is alpha and can be removed anytime without further notice. Only use it if you know
// what you do.
ShootAlphaScalingAPIServerClass = "alpha.kube-apiserver.scaling.shoot.gardener.cloud/class"
// ShootAlphaControlPlaneScaleDownDisabled is a constant for an annotation on the Shoot resource stating that the
// automatic scale-down shall be disabled for the etcd, kube-apiserver, kube-controller-manager.
// Note that this annotation is alpha and can be removed anytime without further notice. Only use it if you know
// what you do.
ShootAlphaControlPlaneScaleDownDisabled = "alpha.control-plane.scaling.shoot.gardener.cloud/scale-down-disabled"
// ShootExpirationTimestamp is an annotation on a Shoot resource whose value represents the time when the Shoot lifetime
// is expired. The lifetime can be extended, but at most by the minimal value of the 'clusterLifetimeDays' property
// of referenced quotas.
ShootExpirationTimestamp = "shoot.gardener.cloud/expiration-timestamp"
// ShootStatus is a constant for a label on a Shoot resource indicating that the Shoot's health.
ShootStatus = "shoot.gardener.cloud/status"
// FailedShootNeedsRetryOperation is a constant for an annotation on a Shoot in a failed state indicating that a retry operation should be triggered during the next maintenance time window.
FailedShootNeedsRetryOperation = "maintenance.shoot.gardener.cloud/needs-retry-operation"
// ShootTasks is a constant for an annotation on a Shoot which states that certain tasks should be done.
ShootTasks = "shoot.gardener.cloud/tasks"
// ShootTaskDeployInfrastructure is a name for a Shoot's infrastructure deployment task. It indicates that the
// Infrastructure extension resource shall be reconciled.
ShootTaskDeployInfrastructure = "deployInfrastructure"
// ShootTaskRestartControlPlanePods is a name for a Shoot task which is dedicated to restart related control plane pods.
ShootTaskRestartControlPlanePods = "restartControlPlanePods"
// ShootTaskRestartCoreAddons is a name for a Shoot task which is dedicated to restart some core addons.
ShootTaskRestartCoreAddons = "restartCoreAddons"
// ShootOperationMaintain is a constant for an annotation on a Shoot indicating that the Shoot maintenance shall be
// executed as soon as possible.
ShootOperationMaintain = "maintain"
// ShootOperationRetry is a constant for an annotation on a Shoot indicating that a failed Shoot reconciliation shall be
// retried.
ShootOperationRetry = "retry"
// ShootOperationRotateKubeconfigCredentials is a constant for an annotation on a Shoot indicating that the credentials
// contained in the kubeconfig that is handed out to the user shall be rotated.
ShootOperationRotateKubeconfigCredentials = "rotate-kubeconfig-credentials"
// ShootOperationRotateSSHKeypair is a constant for an annotation on a Shoot indicating that the SSH keypair for the shoot
// nodes shall be rotated.
ShootOperationRotateSSHKeypair = "rotate-ssh-keypair"
// SeedResourceManagerClass is the resource-class managed by the Gardener-Resource-Manager
// instance in the garden namespace on the seeds.
SeedResourceManagerClass = "seed"
// LabelBackupProvider is used to identify the backup provider.
LabelBackupProvider = "backup.gardener.cloud/provider"
// LabelSeedProvider is used to identify the seed provider.
LabelSeedProvider = "seed.gardener.cloud/provider"
// LabelShootProvider is used to identify the shoot provider.
LabelShootProvider = "shoot.gardener.cloud/provider"
// LabelShootProviderPrefix is used to prefix label that indicates the provider type.
// The label key is in the form provider.shoot.gardener.cloud/<type>.
LabelShootProviderPrefix = "provider.shoot.gardener.cloud/"
// LabelNetworkingProvider is used to identify the networking provider for the cni plugin.
LabelNetworkingProvider = "networking.shoot.gardener.cloud/provider"
// LabelExtensionPrefix is used to prefix extension specific labels.
LabelExtensionPrefix = "extensions.gardener.cloud/"
// LabelExtensionConfiguration is used to identify the provider's configuration which will be added to Gardener configuration
LabelExtensionConfiguration = LabelExtensionPrefix + "configuration"
// LabelLogging is a constant for a label for logging stack configurations
LabelLogging = "logging"
// LabelMonitoring is a constant for a label for monitoring stack configurations
LabelMonitoring = "monitoring"
// LabelNetworkPolicyToBlockedCIDRs allows Egress from pods labeled with 'networking.gardener.cloud/to-blocked-cidrs=allowed'.
LabelNetworkPolicyToBlockedCIDRs = "networking.gardener.cloud/to-blocked-cidrs"
// LabelNetworkPolicyToDNS allows Egress from pods labeled with 'networking.gardener.cloud/to-dns=allowed' to DNS running in 'kube-system'.
// In practice, most of the Pods which require network Egress need this label.
LabelNetworkPolicyToDNS = "networking.gardener.cloud/to-dns"
// LabelNetworkPolicyToPrivateNetworks allows Egress from pods labeled with 'networking.gardener.cloud/to-private-networks=allowed' to the
// private networks (RFC1918), Carrier-grade NAT (RFC6598) except for cloudProvider's specific metadata service IP, seed networks,
// shoot networks.
LabelNetworkPolicyToPrivateNetworks = "networking.gardener.cloud/to-private-networks"
// LabelNetworkPolicyToPublicNetworks allows Egress from pods labeled with 'networking.gardener.cloud/to-public-networks=allowed' to all public
// network IPs, except for private networks (RFC1918), carrier-grade NAT (RFC6598), cloudProvider's specific metadata service IP.
// In practice, this blocks Egress traffic to all networks in the Seed cluster and only traffic to public IPv4 addresses.
LabelNetworkPolicyToPublicNetworks = "networking.gardener.cloud/to-public-networks"
// LabelNetworkPolicyToSeedAPIServer allows Egress from pods labeled with 'networking.gardener.cloud/to-seed-apiserver=allowed' to Seed's Kubernetes
// API Server.
LabelNetworkPolicyToSeedAPIServer = "networking.gardener.cloud/to-seed-apiserver"
// LabelNetworkPolicyToShootAPIServer allows Egress from pods labeled with 'networking.gardener.cloud/to-shoot-apiserver=allowed' to talk to Shoot's
// Kubernetes API Server.
LabelNetworkPolicyToShootAPIServer = "networking.gardener.cloud/to-shoot-apiserver"
// LabelNetworkPolicyToShootNetworks allows Egress from pods labeled with 'networking.gardener.cloud/to-shoot-networks=allowed' to IPv4 blocks belonging to the Shoot network.
LabelNetworkPolicyToShootNetworks = "networking.gardener.cloud/to-shoot-networks"
// LabelNetworkPolicyToAllShootAPIServers allows Egress from pods labeled with 'networking.gardener.cloud/to-all-shoot-apiservers=allowed' to talk to all
// Shoots' Kubernetes API Servers.
LabelNetworkPolicyToAllShootAPIServers = "networking.gardener.cloud/to-all-shoot-apiservers"
// LabelNetworkPolicyFromShootAPIServer allows Egress from Shoot's Kubernetes API Server to talk to pods labeled with
// 'networking.gardener.cloud/from-shoot-apiserver=allowed'.
LabelNetworkPolicyFromShootAPIServer = "networking.gardener.cloud/from-shoot-apiserver"
// LabelNetworkPolicyToAll disables all Ingress and Egress traffic into/from this namespace when set to "disallowed".
LabelNetworkPolicyToAll = "networking.gardener.cloud/to-all"
// LabelNetworkPolicyFromPrometheus allows Ingress from Prometheus to pods labeled with 'networking.gardener.cloud/from-prometheus=allowed' and ports
// named 'metrics' in the PodSpecification.
LabelNetworkPolicyFromPrometheus = "networking.gardener.cloud/from-prometheus"
// LabelNetworkPolicyToAggregatePrometheus allows Egress traffic to the aggregate Prometheus.
LabelNetworkPolicyToAggregatePrometheus = "networking.gardener.cloud/to-aggregate-prometheus"
// LabelNetworkPolicyToSeedPrometheus allows Egress traffic to the seed Prometheus.
LabelNetworkPolicyToSeedPrometheus = "networking.gardener.cloud/to-seed-prometheus"
// LabelNetworkPolicyShootFromSeed allows Ingress traffic from the seed cluster (where the shoot's kube-apiserver
// runs).
LabelNetworkPolicyShootFromSeed = "networking.gardener.cloud/from-seed"
// LabelNetworkPolicyShootToAPIServer allows Egress traffic to the shoot's API server.
LabelNetworkPolicyShootToAPIServer = "networking.gardener.cloud/to-apiserver"
// LabelNetworkPolicyShootToKubelet allows Egress traffic to the kubelets.
LabelNetworkPolicyShootToKubelet = "networking.gardener.cloud/to-kubelet"
// LabelNetworkPolicyAllowed is a constant for allowing a network policy.
LabelNetworkPolicyAllowed = "allowed"
// LabelNetworkPolicyDisallowed is a constant for disallowing a network policy.
LabelNetworkPolicyDisallowed = "disallowed"
// LabelApp is a constant for a label key.
LabelApp = "app"
// LabelRole is a constant for a label key.
LabelRole = "role"
// LabelKubernetes is a constant for a label for Kubernetes workload.
LabelKubernetes = "kubernetes"
// LabelAPIServer is a constant for a label for the kube-apiserver.
LabelAPIServer = "apiserver"
// LabelControllerManager is a constant for a label for the kube-controller-manager.
LabelControllerManager = "controller-manager"
// LabelScheduler is a constant for a label for the kube-scheduler.
LabelScheduler = "scheduler"
// LabelExtensionProjectRole is a constant for a label value for extension project roles
LabelExtensionProjectRole = "extension-project-role"
// LabelAPIServerExposure is a constant for label key which gardener can add to various objects related
// to kube-apiserver exposure.
LabelAPIServerExposure = "core.gardener.cloud/apiserver-exposure"
// LabelAPIServerExposureGardenerManaged is a constant for label value which gardener sets on the label key
// "core.gardener.cloud/apiserver-exposure" to indicate that it's responsible for apiserver exposure (via SNI).
LabelAPIServerExposureGardenerManaged = "gardener-managed"
// GardenNamespace is the namespace in which the configuration and secrets for
// the Gardener controller manager will be stored (e.g., secrets for the Seed clusters).
// It is also used by the gardener-apiserver.
GardenNamespace = "garden"
// AnnotationShootUseAsSeed is a constant for an annotation on a Shoot resource indicating that the Shoot shall be registered as Seed in the
// Garden cluster once successfully created.
AnnotationShootUseAsSeed = "shoot.gardener.cloud/use-as-seed"
// AnnotationManagedSeedAPIServer is a constant for an annotation on a Shoot resource containing the API server settings for a managed seed.
AnnotationManagedSeedAPIServer = "shoot.gardener.cloud/managed-seed-api-server"
// AnnotationShootIgnoreAlerts is the key for an annotation of a Shoot cluster whose value indicates
// if alerts for this cluster should be ignored
AnnotationShootIgnoreAlerts = "shoot.gardener.cloud/ignore-alerts"
// AnnotationShootSkipCleanup is a key for an annotation on a Shoot resource that declares that the clean up steps should be skipped when the
// cluster is deleted. Concretely, this will skip everything except the deletion of (load balancer) services and persistent volume resources.
AnnotationShootSkipCleanup = "shoot.gardener.cloud/skip-cleanup"
// AnnotationShootCleanupWebhooksFinalizeGracePeriodSeconds is a key for an annotation on a Shoot resource that
// declares the grace period in seconds for finalizing the resources handled in the 'cleanup webhooks' step.
// Concretely, after the specified seconds, all the finalizers of the affected resources are forcefully removed.
AnnotationShootCleanupWebhooksFinalizeGracePeriodSeconds = "shoot.gardener.cloud/cleanup-webhooks-finalize-grace-period-seconds"
// AnnotationShootCleanupExtendedAPIsFinalizeGracePeriodSeconds is a key for an annotation on a Shoot resource that
// declares the grace period in seconds for finalizing the resources handled in the 'cleanup extended APIs' step.
// Concretely, after the specified seconds, all the finalizers of the affected resources are forcefully removed.
AnnotationShootCleanupExtendedAPIsFinalizeGracePeriodSeconds = "shoot.gardener.cloud/cleanup-extended-apis-finalize-grace-period-seconds"
// AnnotationShootCleanupKubernetesResourcesFinalizeGracePeriodSeconds is a key for an annotation on a Shoot
// resource that declares the grace period in seconds for finalizing the resources handled in the 'cleanup
// Kubernetes resources' step. Concretely, after the specified seconds, all the finalizers of the affected resources
// are forcefully removed.
AnnotationShootCleanupKubernetesResourcesFinalizeGracePeriodSeconds = "shoot.gardener.cloud/cleanup-kubernetes-resources-finalize-grace-period-seconds"
// AnnotationShootCleanupNamespaceResourcesFinalizeGracePeriodSeconds is a key for an annotation on a Shoot
// resource that declares the grace period in seconds for finalizing the resources handled in the 'cleanup shoot
// namespaces' step. Concretely, after the specified seconds, all the finalizers of the affected resources are
// forcefully removed.
AnnotationShootCleanupNamespaceResourcesFinalizeGracePeriodSeconds = "shoot.gardener.cloud/cleanup-namespaces-finalize-grace-period-seconds"
// AnnotationShootInfrastructureCleanupWaitPeriodSeconds is a key for an annotation on a Shoot
// resource that declares the wait period in seconds for infrastructure resources cleanup. Concretely,
// Gardener will wait for the specified time after the Infrastructure extension object has been deleted to allow
// controllers to gracefully cleanup everything (default behaviour is 300s).
AnnotationShootInfrastructureCleanupWaitPeriodSeconds = "shoot.gardener.cloud/infrastructure-cleanup-wait-period-seconds"
// AnnotationShootForceRestore is a key for an annotation on a Shoot or BackupEntry resource to trigger a forceful restoration to a different seed.
AnnotationShootForceRestore = "shoot.gardener.cloud/force-restore"
// AnnotationReversedVPN moves the vpn-server to the seed.
AnnotationReversedVPN = "alpha.featuregates.shoot.gardener.cloud/reversed-vpn"
// AnnotationNodeLocalDNS enables a per node dns cache on the shoot cluster.
AnnotationNodeLocalDNS = "alpha.featuregates.shoot.gardener.cloud/node-local-dns"
// AnnotationNodeLocalDNSForceTcpToClusterDns enforces upgrade to tcp connections for communication between node local and cluster dns.
AnnotationNodeLocalDNSForceTcpToClusterDns = "alpha.featuregates.shoot.gardener.cloud/node-local-dns-force-tcp-to-cluster-dns"
// AnnotationNodeLocalDNSForceTcpToUpstreamDns enforces upgrade to tcp connections for communication between node local and upstream dns.
AnnotationNodeLocalDNSForceTcpToUpstreamDns = "alpha.featuregates.shoot.gardener.cloud/node-local-dns-force-tcp-to-upstream-dns"
// AnnotationShootAPIServerSNIPodInjector is the key for an annotation of a Shoot cluster whose value indicates
// if pod injection of 'KUBERNETES_SERVICE_HOST' environment variable should happen for clusters where APIServerSNI
// featuregate is enabled.
// Any value than 'disable' enables this feature.
AnnotationShootAPIServerSNIPodInjector = "alpha.featuregates.shoot.gardener.cloud/apiserver-sni-pod-injector"
// AnnotationShootAPIServerSNIPodInjectorDisableValue is the value of the
// `alpha.featuregates.shoot.gardener.cloud/apiserver-sni-pod-injector` annotation that disables the pod injection.
AnnotationShootAPIServerSNIPodInjectorDisableValue = "disable"
// OperatingSystemConfigUnitNameKubeletService is a constant for a unit in the operating system config that contains the kubelet service.
OperatingSystemConfigUnitNameKubeletService = "kubelet.service"
// OperatingSystemConfigUnitNameDockerService is a constant for a unit in the operating system config that contains the docker service.
OperatingSystemConfigUnitNameDockerService = "docker.service"
// OperatingSystemConfigUnitNameContainerDService is a constant for a unit in the operating system config that contains the containerd service.
OperatingSystemConfigUnitNameContainerDService = "containerd.service"
// OperatingSystemConfigFilePathKernelSettings is a constant for a path to a file in the operating system config that contains some general kernel settings.
OperatingSystemConfigFilePathKernelSettings = "/etc/sysctl.d/99-k8s-general.conf"
// OperatingSystemConfigFilePathKubeletConfig is a constant for a path to a file in the operating system config that contains the kubelet configuration.
OperatingSystemConfigFilePathKubeletConfig = "/var/lib/kubelet/config/kubelet"
// OperatingSystemConfigUnitNamePromtailService is a constant for a unit in the operating system config that contains the promtail service.
OperatingSystemConfigUnitNamePromtailService = "promtail.service"
// OperatingSystemConfigFilePathPromtailConfig is a constant for a path to a file in the operating system config that contains the kubelet configuration.
OperatingSystemConfigFilePathPromtailConfig = "/var/lib/promtail/config/config"
// OperatingSystemConfigFilePathBinaries is a constant for a path to a directory in the operating system config that contains the binaries.
OperatingSystemConfigFilePathBinaries = "/opt/bin"
// FluentBitConfigMapKubernetesFilter is a constant for the Fluent Bit ConfigMap's section regarding Kubernetes filters
FluentBitConfigMapKubernetesFilter = "filter-kubernetes.conf"
// FluentBitConfigMapParser is a constant for the Fluent Bit ConfigMap's section regarding Parsers for common container types
FluentBitConfigMapParser = "parsers.conf"
// PrometheusConfigMapAlertingRules is a constant for the Prometheus alerting rules tag in provider-specific monitoring configuration
PrometheusConfigMapAlertingRules = "alerting_rules"
// PrometheusConfigMapScrapeConfig is a constant for the Prometheus scrape config tag in provider-specific monitoring configuration
PrometheusConfigMapScrapeConfig = "scrape_config"
// GrafanaConfigMapUserDashboard is a constant for the Grafana user dashboard tag in provider-specific monitoring configuration
GrafanaConfigMapUserDashboard = "dashboard_users"
// GrafanaConfigMapOperatorDashboard is a constant for the Grafana operator dashboard tag in provider-specific monitoring configuration
GrafanaConfigMapOperatorDashboard = "dashboard_operators"
// LabelControllerRegistrationName is the key of a label on extension namespaces that indicates the controller registration name.
LabelControllerRegistrationName = "controllerregistration.core.gardener.cloud/name"
// LabelPodMaintenanceRestart is a constant for a label that describes that a pod should be restarted during maintenance.
LabelPodMaintenanceRestart = "maintenance.gardener.cloud/restart"
// LabelWorkerPool is a constant for a label that indicates the worker pool the node belongs to
LabelWorkerPool = "worker.gardener.cloud/pool"
// LabelWorkerKubernetesVersion is a constant for a label that indicates the Kubernetes version used for the worker pool nodes.
LabelWorkerKubernetesVersion = "worker.gardener.cloud/kubernetes-version"
// LabelWorkerPoolDeprecated is a deprecated constant for a label that indicates the worker pool the node belongs to
LabelWorkerPoolDeprecated = "worker.garden.sapcloud.io/group"
// LabelWorkerPoolSystemComponents is a constant that indicates whether the worker pool should host system components
LabelWorkerPoolSystemComponents = "worker.gardener.cloud/system-components"
// EventResourceReferenced indicates that the resource deletion is in waiting mode because the resource is still
// being referenced by at least one other resource (e.g. a SecretBinding is still referenced by a Shoot)
EventResourceReferenced = "ResourceReferenced"
// PriorityClassNameShootControlPlane is the name of a priority class for critical pods of a shoot control plane.
PriorityClassNameShootControlPlane = "gardener-shoot-controlplane"
// ReferencedResourcesPrefix is the prefix used when copying referenced resources to the Shoot namespace in the Seed,
// to avoid naming collisions with resources managed by Gardener.
ReferencedResourcesPrefix = "ref-"
// ClusterIdentity is a constant equal to the name and data key (that stores the identity) of the cluster-identity ConfigMap
ClusterIdentity = "cluster-identity"
// SeedNginxIngressClass defines the ingress class for the seed nginx ingress controller
SeedNginxIngressClass = "nginx-gardener"
// SeedNginxIngressClass122 defines the ingress class for the seed nginx ingress controller for K8s >= 1.22
SeedNginxIngressClass122 = "nginx-ingress-gardener"
// IngressKindNginx defines nginx as kind as managed Seed ingress
IngressKindNginx = "nginx"
// ShootNginxIngressClass defines the ingress class for the seed nginx ingress controller
ShootNginxIngressClass = "nginx"
// SeedsGroup is the identity group for gardenlets when authenticating to the API server.
SeedsGroup = "gardener.cloud:system:seeds"
// SeedUserNamePrefix is the identity user name prefix for gardenlets when authenticating to the API server.
SeedUserNamePrefix = "gardener.cloud:system:seed:"
// ProjectName is the key of a label on namespaces whose value holds the project name.
ProjectName = "project.gardener.cloud/name"
// ProjectSkipStaleCheck is the key of an annotation on a project namespace that marks the associated Project to be
// skipped by the stale project controller. If the project has already configured stale timestamps in its status
// then they will be reset.
ProjectSkipStaleCheck = "project.gardener.cloud/skip-stale-check"
// NamespaceProject is the key of an annotation on namespace whose value holds the project uid.
NamespaceProject = "namespace.gardener.cloud/project"
// NamespaceKeepAfterProjectDeletion is a constant for an annotation on a `Namespace` resource that states that it
// should not be deleted if the corresponding `Project` gets deleted. Please note that all project related labels
// from the namespace will be removed when the project is being deleted.
NamespaceKeepAfterProjectDeletion = "namespace.gardener.cloud/keep-after-project-deletion"
// NamespaceCreatedByProjectController is a constant for annotation on a `Namespace` resource that states that it
// was created by the project controller because either the Project's `spec.namespace` field was not specified
// or the specified namespace was not present.
NamespaceCreatedByProjectController = "namespace.gardener.cloud/created-by-project-controller"
// DefaultVpnRange is the default network range for the vpn between seed and shoot cluster.
DefaultVpnRange = "192.168.123.0/24"
// BackupSecretName is the name of secret having credentials for etcd backups.
BackupSecretName string = "etcd-backup"
// DataKeyBackupBucketName is the name of a data key whose value contains the backup bucket name.
DataKeyBackupBucketName string = "bucketName"
// BackupSourcePrefix is the prefix for names of resources related to source backupentries when copying backups.
BackupSourcePrefix = "source"
// GardenerAudience is the identifier for Gardener controllers when interacting with the API Server
GardenerAudience = "gardener"
// DNSRecordInternalName is a constant for DNSRecord objects used for the internal domain name.
DNSRecordInternalName = "internal"
// DNSRecordExternalName is a constant for DNSRecord objects used for the external domain name.
DNSRecordExternalName = "external"
// DNSRecordOwnerName is a constant for DNSRecord objects used for the owner domain name.
DNSRecordOwnerName = "owner"
)
// ControlPlaneSecretRoles contains all role values used for control plane secrets synced to the Garden cluster.
var ControlPlaneSecretRoles = []string{
GardenRoleKubeconfig,
GardenRoleSSHKeyPair,
GardenRoleMonitoring,
}