/
types_constants.go
743 lines (694 loc) · 52.9 KB
/
types_constants.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
// Copyright (c) 2019 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package constants
const (
// SecretManagerIdentityControllerManager is the identity for the secret manager used inside controller-manager.
SecretManagerIdentityControllerManager = "controller-manager"
// SecretManagerIdentityGardenlet is the identity for the secret manager used inside gardenlet.
SecretManagerIdentityGardenlet = "gardenlet"
// SecretNameCACluster is a constant for the name of a Kubernetes secret object that contains the CA
// certificate of a shoot cluster.
SecretNameCACluster = "ca"
// SecretNameCAClient is a constant for the name of a Kubernetes secret object that contains the client CA
// certificate of a shoot cluster.
SecretNameCAClient = "ca-client"
// SecretNameCAETCD is a constant for the name of a Kubernetes secret object that contains the CA
// certificate of the etcd of a shoot cluster.
SecretNameCAETCD = "ca-etcd"
// SecretNameCAETCDPeer is a constant for the name of a Kubernetes secret object that contains the CA
// certificate of the etcd peer network of a shoot cluster.
SecretNameCAETCDPeer = "ca-etcd-peer"
// SecretNameCAFrontProxy is a constant for the name of a Kubernetes secret object that contains the CA
// certificate of the kube-aggregator a shoot cluster.
SecretNameCAFrontProxy = "ca-front-proxy"
// SecretNameCAKubelet is a constant for the name of a Kubernetes secret object that contains the CA
// certificate of the kubelet of a shoot cluster.
SecretNameCAKubelet = "ca-kubelet"
// SecretNameCAMetricsServer is a constant for the name of a Kubernetes secret object that contains the CA
// certificate of the metrics-server of a shoot cluster.
SecretNameCAMetricsServer = "ca-metrics-server"
// SecretNameCAVPN is a constant for the name of a Kubernetes secret object that contains the CA
// certificate of the VPN components of a shoot cluster.
SecretNameCAVPN = "ca-vpn"
// SecretNameCASeed is a constant for the name of a Kubernetes secret object that contains the CA
// certificate generated for a seed cluster.
SecretNameCASeed = "ca-seed"
// SecretNameCloudProvider is a constant for the name of a Kubernetes secret object that contains the provider
// specific credentials that shall be used to create/delete the shoot.
SecretNameCloudProvider = "cloudprovider"
// SecretNameSSHKeyPair is a constant for the name of a Kubernetes secret object that contains the SSH key pair
// (public and private key) that can be used to SSH into the shoot nodes.
SecretNameSSHKeyPair = "ssh-keypair"
// SecretNameServiceAccountKey is a constant for the name of a Kubernetes secret object that contains a
// PEM-encoded private RSA or ECDSA key used by the Kube Controller Manager to sign service account tokens.
SecretNameServiceAccountKey = "service-account-key"
// SecretNameObservabilityIngress is a constant for the name of a Kubernetes secret object that contains the ingress
// credentials for observability components.
SecretNameObservabilityIngress = "observability-ingress"
// SecretNameObservabilityIngressUsers is a constant for the name of a Kubernetes secret object that contains the
// user's ingress credentials for observability components.
SecretNameObservabilityIngressUsers = "observability-ingress-users"
// SecretNameETCDEncryptionKey is a constant for the name of a Kubernetes secret object that contains the key
// for encryption data in ETCD.
SecretNameETCDEncryptionKey = "kube-apiserver-etcd-encryption-key"
// SecretNamePrefixETCDEncryptionConfiguration is a constant for the name prefix of a Kubernetes secret object that
// contains the configuration for encryption data in ETCD.
SecretNamePrefixETCDEncryptionConfiguration = "kube-apiserver-etcd-encryption-configuration"
// SecretNameGardener is a constant for the name of a Kubernetes secret object that contains the client
// certificate and a kubeconfig for a shoot cluster. It is used by Gardener and can be used by extension
// controllers in order to communicate with the shoot's API server. The client certificate has administrator
// privileges.
SecretNameGardener = "gardener"
// SecretNameGardenerInternal is a constant for the name of a Kubernetes secret object that contains the client
// certificate and a kubeconfig for a shoot cluster. It is used by Gardener and can be used by extension
// controllers in order to communicate with the shoot's API server. The client certificate has administrator
// privileges. The difference to the "gardener" secret is that is contains the in-cluster endpoint as address to
// for the shoot API server instead the DNS name or load balancer address.
SecretNameGardenerInternal = "gardener-internal"
// SecretNameGenericTokenKubeconfig is a constant for the name of the kubeconfig used by the shoot controlplane
// components to authenticate against the shoot Kubernetes API server.
// Use `pkg/extensions.GenericTokenKubeconfigSecretNameFromCluster` instead.
SecretNameGenericTokenKubeconfig = "generic-token-kubeconfig"
// AnnotationKeyGenericTokenKubeconfigSecretName is a constant for the key of an annotation on
// extensions.gardener.cloud/v1alpha1.Cluster resources whose value contains the name of the generic token
// kubeconfig secret in the seed cluster.
AnnotationKeyGenericTokenKubeconfigSecretName = "generic-token-kubeconfig.secret.gardener.cloud/name"
// SecretPrefixGeneratedBackupBucket is a constant for the prefix of a secret name in the garden cluster related to
// BackpuBuckets.
SecretPrefixGeneratedBackupBucket = "generated-bucket-"
// DeploymentNameClusterAutoscaler is a constant for the name of a Kubernetes deployment object that contains
// the cluster-autoscaler pod.
DeploymentNameClusterAutoscaler = "cluster-autoscaler"
// DeploymentNameKubeAPIServer is a constant for the name of a Kubernetes deployment object that contains
// the kube-apiserver pod.
DeploymentNameKubeAPIServer = "kube-apiserver"
// DeploymentNameKubeControllerManager is a constant for the name of a Kubernetes deployment object that contains
// the kube-controller-manager pod.
DeploymentNameKubeControllerManager = "kube-controller-manager"
// DeploymentNameGardenlet is a constant for the name of a Kubernetes deployment object that contains
// the Gardenlet pod.
DeploymentNameGardenlet = "gardenlet"
// DeploymentNameVPNSeedServer is a constant for the name of a Kubernetes deployment object that contains
// the vpn-seed-server pod.
DeploymentNameVPNSeedServer = "vpn-seed-server"
// DeploymentNameKubeScheduler is a constant for the name of a Kubernetes deployment object that contains
// the kube-scheduler pod.
DeploymentNameKubeScheduler = "kube-scheduler"
// DeploymentNameGardenerResourceManager is a constant for the name of a Kubernetes deployment object that contains
// the gardener-resource-manager pod.
DeploymentNameGardenerResourceManager = "gardener-resource-manager"
// DeploymentNameGrafanaOperators is a constant for the name of a Kubernetes deployment object that contains
// the grafana-operators pod.
DeploymentNameGrafanaOperators = "grafana-operators"
// DeploymentNameGrafanaUsers is a constant for the name of a Kubernetes deployment object that contains
// the grafana-users pod.
DeploymentNameGrafanaUsers = "grafana-users"
// DeploymentNameKubeStateMetrics is a constant for the name of a Kubernetes deployment object that contains
// the kube-state-metrics pod.
DeploymentNameKubeStateMetrics = "kube-state-metrics"
// DeploymentNameVPAAdmissionController is a constant for the name of the VPA admission controller deployment.
DeploymentNameVPAAdmissionController = "vpa-admission-controller"
// DeploymentNameVPAExporter is a constant for the name of the VPA exporter deployment.
DeploymentNameVPAExporter = "vpa-exporter"
// DeploymentNameVPARecommender is a constant for the name of the VPA recommender deployment.
DeploymentNameVPARecommender = "vpa-recommender"
// DeploymentNameVPAUpdater is a constant for the name of the VPA updater deployment.
DeploymentNameVPAUpdater = "vpa-updater"
// DeploymentNameMachineControllerManager is a constant for the name of a Kubernetes deployment object that contains
// the machine-controller-manager pod.
DeploymentNameMachineControllerManager = "machine-controller-manager"
// ConfigMapNameShootInfo is the name of a ConfigMap in the kube-system namespace of shoot clusters which contains
// information about the shoot cluster.
ConfigMapNameShootInfo = "shoot-info"
// StatefulSetNameAlertManager is a constant for the name of a Kubernetes stateful set object that contains
// the alertmanager pod.
StatefulSetNameAlertManager = "alertmanager"
// ETCDRoleMain is a constant for the main etcd role.
ETCDRoleMain = "main"
// ETCDRoleEvents is a constant for the events etcd role.
ETCDRoleEvents = "events"
// ETCDMain is a constant for the name of etcd-main Etcd object.
ETCDMain = "etcd-" + ETCDRoleMain
// ETCDEvents is a constant for the name of etcd-events Etcd object.
ETCDEvents = "etcd-" + ETCDRoleEvents
// StatefulSetNameLoki is a constant for the name of a Kubernetes stateful set object that contains
// the loki pod.
StatefulSetNameLoki = "loki"
// StatefulSetNamePrometheus is a constant for the name of a Kubernetes stateful set object that contains
// the prometheus pod.
StatefulSetNamePrometheus = "prometheus"
// GardenerPurpose is a constant for the key in a label describing the purpose of the respective object.
GardenerPurpose = "gardener.cloud/purpose"
// GardenerDescription is a constant for a key in an annotation describing what the resource is used for.
GardenerDescription = "gardener.cloud/description"
// GardenerWarning is a constant for a key in an annotation containing a warning message.
GardenerWarning = "gardener.cloud/warning"
// GardenCreatedBy is the key for an annotation of a Shoot cluster whose value indicates contains the username
// of the user that created the resource.
GardenCreatedBy = "gardener.cloud/created-by"
// GardenerOperation is a constant for an annotation on a resource that describes a desired operation.
GardenerOperation = "gardener.cloud/operation"
// GardenerMaintenanceOperation is a constant for an annotation on a Shoot that describes a desired operation which
// will be performed during maintenance.
GardenerMaintenanceOperation = "maintenance.gardener.cloud/operation"
// GardenerOperationReconcile is a constant for the value of the operation annotation describing a reconcile
// operation.
GardenerOperationReconcile = "reconcile"
// GardenerTimestamp is a constant for an annotation on a resource that describes the timestamp when a reconciliation has been requested.
// It is only used to guarantee an update event for watching clients in case the operation-annotation is already present.
GardenerTimestamp = "gardener.cloud/timestamp"
// GardenerOperationMigrate is a constant for the value of the operation annotation describing a migration
// operation.
GardenerOperationMigrate = "migrate"
// GardenerOperationRestore is a constant for the value of the operation annotation describing a restoration
// operation.
GardenerOperationRestore = "restore"
// GardenerOperationWaitForState is a constant for the value of the operation annotation describing a wait
// operation.
GardenerOperationWaitForState = "wait-for-state"
// GardenerOperationKeepalive is a constant for the value of the operation annotation describing an
// operation that extends the lifetime of the object having the operation annotation.
GardenerOperationKeepalive = "keepalive"
// GardenerOperationRenewKubeconfig is a constant for the value of the operation annotation to renew the gardenlet's kubeconfig secret.
GardenerOperationRenewKubeconfig = "renew-kubeconfig"
// DeprecatedGardenRole is the key for an annotation on a Kubernetes object indicating what it is used for.
//
// Deprecated: Use `GardenRole` instead.
DeprecatedGardenRole = "garden.sapcloud.io/role"
// GardenRole is a constant for a label that describes a role.
GardenRole = "gardener.cloud/role"
// GardenRoleExtension is a constant for a label that describes the 'extensions' role.
GardenRoleExtension = "extension"
// GardenRoleGarden is the value of the GardenRole key indicating type 'garden'.
GardenRoleGarden = "garden"
// GardenRoleSeed is the value of the GardenRole key indicating type 'seed'.
GardenRoleSeed = "seed"
// GardenRoleShoot is the value of the GardenRole key indicating type 'shoot'.
GardenRoleShoot = "shoot"
// GardenRoleLogging is the value of the GardenRole key indicating type 'logging'.
GardenRoleLogging = "logging"
// GardenRoleProject is the value of GardenRole key indicating type 'project'.
GardenRoleProject = "project"
// GardenRoleControlPlane is the value of the GardenRole key indicating type 'controlplane'.
GardenRoleControlPlane = "controlplane"
// GardenRoleSystemComponent is the value of the GardenRole key indicating type 'system-component'.
GardenRoleSystemComponent = "system-component"
// GardenRoleMonitoring is the value of the GardenRole key indicating type 'monitoring'.
GardenRoleMonitoring = "monitoring"
// GardenRoleOptionalAddon is the value of the GardenRole key indicating type 'optional-addon'.
GardenRoleOptionalAddon = "optional-addon"
// GardenRoleCloudConfig is the value of the GardenRole key indicating type 'cloud-config'.
GardenRoleCloudConfig = "cloud-config"
// GardenRoleKubeconfig is the value of the GardenRole key indicating type 'kubeconfig'.
GardenRoleKubeconfig = "kubeconfig"
// GardenRoleCACluster is the value of the GardenRole key indicating type 'ca-cluster'.
GardenRoleCACluster = "ca-cluster"
// GardenRoleSSHKeyPair is the value of the GardenRole key indicating type 'ssh-keypair'.
GardenRoleSSHKeyPair = "ssh-keypair"
// GardenRoleDefaultDomain is the value of the GardenRole key indicating type 'default-domain'.
GardenRoleDefaultDomain = "default-domain"
// GardenRoleInternalDomain is the value of the GardenRole key indicating type 'internal-domain'.
GardenRoleInternalDomain = "internal-domain"
// GardenRoleOpenVPNDiffieHellman is the value of the GardenRole key indicating type 'openvpn-diffie-hellman'.
GardenRoleOpenVPNDiffieHellman = "openvpn-diffie-hellman"
// GardenRoleGlobalMonitoring is the value of the GardenRole key indicating type 'global-monitoring'
GardenRoleGlobalMonitoring = "global-monitoring"
// GardenRoleGlobalShootRemoteWriteMonitoring is the value of the GardenRole key indicating type 'global-shoot-remote-write-monitoring'
GardenRoleGlobalShootRemoteWriteMonitoring = "global-shoot-remote-write-monitoring"
// GardenRoleAlerting is the value of GardenRole key indicating type 'alerting'.
GardenRoleAlerting = "alerting"
// GardenRoleHvpa is the value of GardenRole key indicating type 'hvpa'.
GardenRoleHvpa = "hvpa"
// GardenRoleControlPlaneWildcardCert is the value of the GardenRole key indicating type 'controlplane-cert'.
// It refers to a wildcard tls certificate which can be used for services exposed under the corresponding domain.
GardenRoleControlPlaneWildcardCert = "controlplane-cert"
// GardenRoleExposureClassHandler is the value of the GardenRole key indicating type 'exposureclass-handler'.
GardenRoleExposureClassHandler = "exposureclass-handler"
// ShootUID is an annotation key for the shoot namespace in the seed cluster,
// which value will be the value of `shoot.status.uid`
ShootUID = "shoot.gardener.cloud/uid"
// ShootPurpose is a constant for the shoot purpose.
ShootPurpose = "shoot.gardener.cloud/purpose"
// ShootSyncPeriod is a constant for an annotation on a Shoot which may be used to overwrite the global Shoot controller sync period.
// The value must be a duration. It can also be used to disable the reconciliation at all by setting it to 0m. Disabling the reconciliation
// does only mean that the period reconciliation is disabled. However, when the Gardener is restarted/redeployed or the specification is
// changed then the reconciliation flow will be executed.
ShootSyncPeriod = "shoot.gardener.cloud/sync-period"
// ShootIgnore is a constant for an annotation on a Shoot which may be used to tell the Gardener that the Shoot with this name should be
// ignored completely. That means that the Shoot will never reach the reconciliation flow (independent of the operation (create/update/
// delete)).
ShootIgnore = "shoot.gardener.cloud/ignore"
// ShootNoCleanup is a constant for a label on a resource indicating that the Gardener cleaner should not delete this
// resource when cleaning a shoot during the deletion flow.
ShootNoCleanup = "shoot.gardener.cloud/no-cleanup"
// ShootAlphaScalingAPIServerClass is a constant for an annotation on the shoot stating the initial API server class.
// It influences the size of the initial resource requests/limits.
// Possible values are [small, medium, large, xlarge, 2xlarge].
// Note that this annotation is alpha and can be removed anytime without further notice. Only use it if you know
// what you do.
ShootAlphaScalingAPIServerClass = "alpha.kube-apiserver.scaling.shoot.gardener.cloud/class"
// ShootAlphaControlPlaneScaleDownDisabled is a constant for an annotation on the Shoot resource stating that the
// automatic scale-down shall be disabled for the etcd, kube-apiserver, kube-controller-manager.
// Note that this annotation is alpha and can be removed anytime without further notice. Only use it if you know
// what you do.
ShootAlphaControlPlaneScaleDownDisabled = "alpha.control-plane.scaling.shoot.gardener.cloud/scale-down-disabled"
// ShootAlphaControlPlaneHighAvailability is a constant for an annotation on the Shoot resource stating that the
// high availability setup for the control plane should be enabled.
// Note that this annotation is alpha and can be removed anytime without further notice. Only use it if you know
// what you do.
ShootAlphaControlPlaneHighAvailability = "alpha.control-plane.shoot.gardener.cloud/high-availability"
// ShootAlphaControlPlaneHighAvailabilitySingleZone is a specific value that can be set for the shoot control
// plane high availability annotation, that allows gardener to spread the shoot control plane across
// multiple nodes within a single availability zone if it is possible.
// This enables shoot clusters having a control plane with a higher failure tolerance as well as zero downtime maintenance,
// especially for infrastructure providers that provide less than three zones in a region and thus a multi-zone setup
// is not possible there.
ShootAlphaControlPlaneHighAvailabilitySingleZone = "single-zone"
// ShootAlphaControlPlaneHighAvailabilityMultiZone is a specific value that can be set for the shoot control
// plane high availability annotation, that allows gardener to spread the shoot control plane across
// multiple availability zones if it is possible.
ShootAlphaControlPlaneHighAvailabilityMultiZone = "multi-zone"
// LabelSeedMultiZonal is used to identify whether the seed supports multi-zonal control planes for shoots.
LabelSeedMultiZonal = "seed.gardener.cloud/multi-zonal"
// ShootExpirationTimestamp is an annotation on a Shoot resource whose value represents the time when the Shoot lifetime
// is expired. The lifetime can be extended, but at most by the minimal value of the 'clusterLifetimeDays' property
// of referenced quotas.
ShootExpirationTimestamp = "shoot.gardener.cloud/expiration-timestamp"
// ShootStatus is a constant for a label on a Shoot resource indicating that the Shoot's health.
ShootStatus = "shoot.gardener.cloud/status"
// FailedShootNeedsRetryOperation is a constant for an annotation on a Shoot in a failed state indicating that a retry operation should be triggered during the next maintenance time window.
FailedShootNeedsRetryOperation = "maintenance.shoot.gardener.cloud/needs-retry-operation"
// LabelExcludeWebhookFromRemediation is a constant for a label on a webhook in the shoot which makes it being
// excluded from automatic remediation.
LabelExcludeWebhookFromRemediation = "remediation.webhook.shoot.gardener.cloud/exclude"
// ShootTasks is a constant for an annotation on a Shoot which states that certain tasks should be done.
ShootTasks = "shoot.gardener.cloud/tasks"
// ShootTaskDeployInfrastructure is a name for a Shoot's infrastructure deployment task. It indicates that the
// Infrastructure extension resource shall be reconciled.
ShootTaskDeployInfrastructure = "deployInfrastructure"
// ShootTaskDeployDNSRecordInternal is a name for a Shoot's internal DNS record deployment task. It indicates that
// the internal DNSRecord extension resources shall be reconciled.
ShootTaskDeployDNSRecordInternal = "deployDNSRecordInternal"
// ShootTaskDeployDNSRecordExternal is a name for a Shoot's external DNS record deployment task. It indicates that
// the external DNSRecord extension resources shall be reconciled.
ShootTaskDeployDNSRecordExternal = "deployDNSRecordExternal"
// ShootTaskDeployDNSRecordIngress is a name for a Shoot's ingress DNS record deployment task. It indicates that
// the ingress DNSRecord extension resources shall be reconciled.
ShootTaskDeployDNSRecordIngress = "deployDNSRecordIngress"
// ShootTaskRestartControlPlanePods is a name for a Shoot task which is dedicated to restart related control plane pods.
ShootTaskRestartControlPlanePods = "restartControlPlanePods"
// ShootTaskRestartCoreAddons is a name for a Shoot task which is dedicated to restart some core addons.
ShootTaskRestartCoreAddons = "restartCoreAddons"
// ShootOperationMaintain is a constant for an annotation on a Shoot indicating that the Shoot maintenance shall be
// executed as soon as possible.
ShootOperationMaintain = "maintain"
// ShootOperationRetry is a constant for an annotation on a Shoot indicating that a failed Shoot reconciliation shall be
// retried.
ShootOperationRetry = "retry"
// ShootOperationRotateCredentialsStart is a constant for an annotation on a Shoot indicating that the rotation of
// all credentials shall be started. This includes CAs, certificates, kubeconfigs, SSH keypairs, observability
// credentials, and ServiceAccount signing key.
ShootOperationRotateCredentialsStart = "rotate-credentials-start"
// ShootOperationRotateCredentialsComplete is a constant for an annotation on a Shoot indicating that the rotation
// of the credentials shall be completed.
ShootOperationRotateCredentialsComplete = "rotate-credentials-complete"
// ShootOperationRotateKubeconfigCredentials is a constant for an annotation on a Shoot indicating that the credentials
// contained in the kubeconfig that is handed out to the user shall be rotated.
ShootOperationRotateKubeconfigCredentials = "rotate-kubeconfig-credentials"
// ShootOperationRotateSSHKeypair is a constant for an annotation on a Shoot indicating that the SSH keypair for the shoot
// nodes shall be rotated.
ShootOperationRotateSSHKeypair = "rotate-ssh-keypair"
// ShootOperationRotateCAStart is a constant for an annotation on a Shoot indicating that the rotation of the
// certificate authorities shall be started.
ShootOperationRotateCAStart = "rotate-ca-start"
// ShootOperationRotateCAComplete is a constant for an annotation on a Shoot indicating that the rotation of the
// certificate authorities shall be completed.
ShootOperationRotateCAComplete = "rotate-ca-complete"
// ShootOperationRotateObservabilityCredentials is a constant for an annotation on a Shoot indicating that the credentials
// for the observability stack secret shall be rotated. Note that this only affects the user credentials
// since the operator credentials are rotated automatically each `30d`.
ShootOperationRotateObservabilityCredentials = "rotate-observability-credentials"
// ShootOperationRotateServiceAccountKeyStart is a constant for an annotation on a Shoot indicating that the
// rotation of the service account signing key shall be started.
ShootOperationRotateServiceAccountKeyStart = "rotate-serviceaccount-key-start"
// ShootOperationRotateServiceAccountKeyComplete is a constant for an annotation on a Shoot indicating that the
// rotation of the service account signing key shall be completed.
ShootOperationRotateServiceAccountKeyComplete = "rotate-serviceaccount-key-complete"
// ShootOperationRotateETCDEncryptionKeyStart is a constant for an annotation on a Shoot indicating that the
// rotation of the ETCD encryption key shall be started.
ShootOperationRotateETCDEncryptionKeyStart = "rotate-etcd-encryption-key-start"
// ShootOperationRotateETCDEncryptionKeyComplete is a constant for an annotation on a Shoot indicating that the
// rotation of the ETCD encryption key shall be completed.
ShootOperationRotateETCDEncryptionKeyComplete = "rotate-etcd-encryption-key-complete"
// SeedResourceManagerClass is the resource-class managed by the Gardener-Resource-Manager
// instance in the garden namespace on the seeds.
SeedResourceManagerClass = "seed"
// LabelBackupProvider is used to identify the backup provider.
LabelBackupProvider = "backup.gardener.cloud/provider"
// LabelSeedProvider is used to identify the seed provider.
LabelSeedProvider = "seed.gardener.cloud/provider"
// LabelShootProvider is used to identify the shoot provider.
LabelShootProvider = "shoot.gardener.cloud/provider"
// LabelShootProviderPrefix is used to prefix label that indicates the provider type.
// The label key is in the form provider.shoot.gardener.cloud/<type>.
LabelShootProviderPrefix = "provider.shoot.gardener.cloud/"
// LabelNetworkingProvider is used to identify the networking provider for the cni plugin.
LabelNetworkingProvider = "networking.shoot.gardener.cloud/provider"
// LabelExtensionPrefix is used to prefix extension specific labels.
LabelExtensionPrefix = "extensions.gardener.cloud/"
// LabelExtensionConfiguration is used to identify the provider's configuration which will be added to Gardener configuration
LabelExtensionConfiguration = LabelExtensionPrefix + "configuration"
// LabelLogging is a constant for a label for logging stack configurations
LabelLogging = "logging"
// LabelMonitoring is a constant for a label for monitoring stack configurations
LabelMonitoring = "monitoring"
// LabelSecretBindingReference is used to identify secrets which are referred by a SecretBinding (not necessarily in the same namespace).
LabelSecretBindingReference = "reference.gardener.cloud/secretbinding"
// LabelExtensionExtensionTypePrefix is used to prefix extension label for extension types.
LabelExtensionExtensionTypePrefix = "extensions.extensions.gardener.cloud/"
// LabelExtensionProviderTypePrefix is used to prefix extension label for cloud provider types.
LabelExtensionProviderTypePrefix = "provider.extensions.gardener.cloud/"
// LabelExtensionDNSRecordTypePrefix is used to prefix extension label for DNS types.
LabelExtensionDNSRecordTypePrefix = "dnsrecord.extensions.gardener.cloud/"
// LabelExtensionNetworkingTypePrefix is used to prefix extension label for networking plugin types.
LabelExtensionNetworkingTypePrefix = "networking.extensions.gardener.cloud/"
// LabelExtensionOperatingSystemConfigTypePrefix is used to prefix extension label for OperatingSystemConfig types.
LabelExtensionOperatingSystemConfigTypePrefix = "operatingsystemconfig.extensions.gardener.cloud/"
// LabelExtensionContainerRuntimeTypePrefix is used to prefix extension label for ContainerRuntime types.
LabelExtensionContainerRuntimeTypePrefix = "containerruntime.extensions.gardener.cloud/"
// LabelNetworkPolicyToBlockedCIDRs allows Egress from pods labeled with 'networking.gardener.cloud/to-blocked-cidrs=allowed'.
LabelNetworkPolicyToBlockedCIDRs = "networking.gardener.cloud/to-blocked-cidrs"
// LabelNetworkPolicyToDNS allows Egress from pods labeled with 'networking.gardener.cloud/to-dns=allowed' to DNS running in 'kube-system'.
// In practice, most of the Pods which require network Egress need this label.
LabelNetworkPolicyToDNS = "networking.gardener.cloud/to-dns"
// LabelNetworkPolicyToPrivateNetworks allows Egress from pods labeled with 'networking.gardener.cloud/to-private-networks=allowed' to the
// private networks (RFC1918), Carrier-grade NAT (RFC6598) except for cloudProvider's specific metadata service IP, seed networks,
// shoot networks.
LabelNetworkPolicyToPrivateNetworks = "networking.gardener.cloud/to-private-networks"
// LabelNetworkPolicyToPublicNetworks allows Egress from pods labeled with 'networking.gardener.cloud/to-public-networks=allowed' to all public
// network IPs, except for private networks (RFC1918), carrier-grade NAT (RFC6598), cloudProvider's specific metadata service IP.
// In practice, this blocks Egress traffic to all networks in the Seed cluster and only traffic to public IPv4 addresses.
LabelNetworkPolicyToPublicNetworks = "networking.gardener.cloud/to-public-networks"
// LabelNetworkPolicyToSeedAPIServer allows Egress from pods labeled with 'networking.gardener.cloud/to-seed-apiserver=allowed' to Seed's Kubernetes
// API Server.
LabelNetworkPolicyToSeedAPIServer = "networking.gardener.cloud/to-seed-apiserver"
// LabelNetworkPolicyToShootAPIServer allows Egress from pods labeled with 'networking.gardener.cloud/to-shoot-apiserver=allowed' to talk to Shoot's
// Kubernetes API Server.
LabelNetworkPolicyToShootAPIServer = "networking.gardener.cloud/to-shoot-apiserver"
// LabelNetworkPolicyToShootNetworks allows Egress from pods labeled with 'networking.gardener.cloud/to-shoot-networks=allowed' to IPv4 blocks belonging to the Shoot network.
LabelNetworkPolicyToShootNetworks = "networking.gardener.cloud/to-shoot-networks"
// LabelNetworkPolicyToAllShootAPIServers allows Egress from pods labeled with 'networking.gardener.cloud/to-all-shoot-apiservers=allowed' to talk to all
// Shoots' Kubernetes API Servers.
LabelNetworkPolicyToAllShootAPIServers = "networking.gardener.cloud/to-all-shoot-apiservers"
// LabelNetworkPolicyFromShootAPIServer allows Egress from Shoot's Kubernetes API Server to talk to pods labeled with
// 'networking.gardener.cloud/from-shoot-apiserver=allowed'.
LabelNetworkPolicyFromShootAPIServer = "networking.gardener.cloud/from-shoot-apiserver"
// LabelNetworkPolicyToAll disables all Ingress and Egress traffic into/from this namespace when set to "disallowed".
LabelNetworkPolicyToAll = "networking.gardener.cloud/to-all"
// LabelNetworkPolicyFromPrometheus allows Ingress from Prometheus to pods labeled with 'networking.gardener.cloud/from-prometheus=allowed' and ports
// named 'metrics' in the PodSpecification.
LabelNetworkPolicyFromPrometheus = "networking.gardener.cloud/from-prometheus"
// LabelNetworkPolicyToAggregatePrometheus allows Egress traffic to the aggregate Prometheus.
LabelNetworkPolicyToAggregatePrometheus = "networking.gardener.cloud/to-aggregate-prometheus"
// LabelNetworkPolicyToSeedPrometheus allows Egress traffic to the seed Prometheus.
LabelNetworkPolicyToSeedPrometheus = "networking.gardener.cloud/to-seed-prometheus"
// LabelNetworkPolicyShootFromSeed allows Ingress traffic from the seed cluster (where the shoot's kube-apiserver
// runs).
LabelNetworkPolicyShootFromSeed = "networking.gardener.cloud/from-seed"
// LabelNetworkPolicyShootToAPIServer allows Egress traffic to the shoot's API server.
LabelNetworkPolicyShootToAPIServer = "networking.gardener.cloud/to-apiserver"
// LabelNetworkPolicyShootToKubelet allows Egress traffic to the kubelets.
LabelNetworkPolicyShootToKubelet = "networking.gardener.cloud/to-kubelet"
// LabelNetworkPolicyAllowed is a constant for allowing a network policy.
LabelNetworkPolicyAllowed = "allowed"
// LabelNetworkPolicyDisallowed is a constant for disallowing a network policy.
LabelNetworkPolicyDisallowed = "disallowed"
// LabelApp is a constant for a label key.
LabelApp = "app"
// LabelRole is a constant for a label key.
LabelRole = "role"
// LabelKubernetes is a constant for a label for Kubernetes workload.
LabelKubernetes = "kubernetes"
// LabelAPIServer is a constant for a label for the kube-apiserver.
LabelAPIServer = "apiserver"
// LabelControllerManager is a constant for a label for the kube-controller-manager.
LabelControllerManager = "controller-manager"
// LabelScheduler is a constant for a label for the kube-scheduler.
LabelScheduler = "scheduler"
// LabelProxy is a constant for a label for the kube-proxy.
LabelProxy = "proxy"
// LabelExtensionProjectRole is a constant for a label value for extension project roles
LabelExtensionProjectRole = "extension-project-role"
// LabelAPIServerExposure is a constant for label key which gardener can add to various objects related
// to kube-apiserver exposure.
LabelAPIServerExposure = "core.gardener.cloud/apiserver-exposure"
// LabelAPIServerExposureGardenerManaged is a constant for label value which gardener sets on the label key
// "core.gardener.cloud/apiserver-exposure" to indicate that it's responsible for apiserver exposure (via SNI).
LabelAPIServerExposureGardenerManaged = "gardener-managed"
// LabelExposureClassHandlerName is the label key for exposure class handler names.
LabelExposureClassHandlerName = "handler.exposureclass.gardener.cloud/name"
// LabelNodeLocalDNS is a constant for a label key, which the provider extensions set on the nodes.
// The value can be true or false.
LabelNodeLocalDNS = "networking.gardener.cloud/node-local-dns-enabled"
// GardenNamespace is the namespace in which the configuration and secrets for
// the Gardener controller manager will be stored (e.g., secrets for the Seed clusters).
// It is also used by the gardener-apiserver.
GardenNamespace = "garden"
// IstioSystemNamespace is the istio-system namespace.
IstioSystemNamespace = "istio-system"
// DefaultSNIIngressNamespace is the default sni ingress namespace.
DefaultSNIIngressNamespace = "istio-ingress"
// DefaultSNIIngressServiceName is the default sni ingress service name.
DefaultSNIIngressServiceName = "istio-ingressgateway"
// DefaultIngressGatewayAppLabelValue is the ingress gateway value for the app label.
DefaultIngressGatewayAppLabelValue = "istio-ingressgateway"
// AnnotationManagedSeedAPIServer is a constant for an annotation on a Shoot resource containing the API server settings for a managed seed.
AnnotationManagedSeedAPIServer = "shoot.gardener.cloud/managed-seed-api-server"
// AnnotationShootIgnoreAlerts is the key for an annotation of a Shoot cluster whose value indicates
// if alerts for this cluster should be ignored
AnnotationShootIgnoreAlerts = "shoot.gardener.cloud/ignore-alerts"
// AnnotationShootSkipCleanup is a key for an annotation on a Shoot resource that declares that the clean up steps should be skipped when the
// cluster is deleted. Concretely, this will skip everything except the deletion of (load balancer) services and persistent volume resources.
AnnotationShootSkipCleanup = "shoot.gardener.cloud/skip-cleanup"
// AnnotationShootCleanupWebhooksFinalizeGracePeriodSeconds is a key for an annotation on a Shoot resource that
// declares the grace period in seconds for finalizing the resources handled in the 'cleanup webhooks' step.
// Concretely, after the specified seconds, all the finalizers of the affected resources are forcefully removed.
AnnotationShootCleanupWebhooksFinalizeGracePeriodSeconds = "shoot.gardener.cloud/cleanup-webhooks-finalize-grace-period-seconds"
// AnnotationShootCleanupExtendedAPIsFinalizeGracePeriodSeconds is a key for an annotation on a Shoot resource that
// declares the grace period in seconds for finalizing the resources handled in the 'cleanup extended APIs' step.
// Concretely, after the specified seconds, all the finalizers of the affected resources are forcefully removed.
AnnotationShootCleanupExtendedAPIsFinalizeGracePeriodSeconds = "shoot.gardener.cloud/cleanup-extended-apis-finalize-grace-period-seconds"
// AnnotationShootCleanupKubernetesResourcesFinalizeGracePeriodSeconds is a key for an annotation on a Shoot
// resource that declares the grace period in seconds for finalizing the resources handled in the 'cleanup
// Kubernetes resources' step. Concretely, after the specified seconds, all the finalizers of the affected resources
// are forcefully removed.
AnnotationShootCleanupKubernetesResourcesFinalizeGracePeriodSeconds = "shoot.gardener.cloud/cleanup-kubernetes-resources-finalize-grace-period-seconds"
// AnnotationShootCleanupNamespaceResourcesFinalizeGracePeriodSeconds is a key for an annotation on a Shoot
// resource that declares the grace period in seconds for finalizing the resources handled in the 'cleanup shoot
// namespaces' step. Concretely, after the specified seconds, all the finalizers of the affected resources are
// forcefully removed.
AnnotationShootCleanupNamespaceResourcesFinalizeGracePeriodSeconds = "shoot.gardener.cloud/cleanup-namespaces-finalize-grace-period-seconds"
// AnnotationShootInfrastructureCleanupWaitPeriodSeconds is a key for an annotation on a Shoot
// resource that declares the wait period in seconds for infrastructure resources cleanup. Concretely,
// Gardener will wait for the specified time after the Infrastructure extension object has been deleted to allow
// controllers to gracefully cleanup everything (default behaviour is 300s).
AnnotationShootInfrastructureCleanupWaitPeriodSeconds = "shoot.gardener.cloud/infrastructure-cleanup-wait-period-seconds"
// AnnotationShootCloudConfigExecutionMaxDelaySeconds is a key for an annotation on a Shoot resource that declares
// the maximum delay in seconds when potentially updated cloud-config user data is executed on the worker nodes.
// Concretely, the cloud-config-downloader systemd service running on all worker nodes will wait for a random
// duration based on the configured value before executing the user data (default value is 300) plus an additional
// offset of 30s. If set to 0 then no random delay will be applied and the minimum delay (30s) applies. Any value
// above 1800 is ignored (in this case the default value is used).
// Note that changing this value only applies to new nodes. Existing nodes which already computed their individual
// delays will not recompute it.
AnnotationShootCloudConfigExecutionMaxDelaySeconds = "shoot.gardener.cloud/cloud-config-execution-max-delay-seconds"
// AnnotationShootForceRestore is a key for an annotation on a Shoot or BackupEntry resource to trigger a forceful restoration to a different seed.
AnnotationShootForceRestore = "shoot.gardener.cloud/force-restore"
// AnnotationReversedVPN moves the vpn-server to the seed.
AnnotationReversedVPN = "alpha.featuregates.shoot.gardener.cloud/reversed-vpn"
// AnnotationNodeLocalDNS enables a per node dns cache on the shoot cluster.
AnnotationNodeLocalDNS = "alpha.featuregates.shoot.gardener.cloud/node-local-dns"
// AnnotationNodeLocalDNSForceTcpToClusterDns enforces upgrade to tcp connections for communication between node local and cluster dns.
AnnotationNodeLocalDNSForceTcpToClusterDns = "alpha.featuregates.shoot.gardener.cloud/node-local-dns-force-tcp-to-cluster-dns"
// AnnotationNodeLocalDNSForceTcpToUpstreamDns enforces upgrade to tcp connections for communication between node local and upstream dns.
AnnotationNodeLocalDNSForceTcpToUpstreamDns = "alpha.featuregates.shoot.gardener.cloud/node-local-dns-force-tcp-to-upstream-dns"
// AnnotationShootAPIServerSNIPodInjector is the key for an annotation of a Shoot cluster whose value indicates
// if pod injection of 'KUBERNETES_SERVICE_HOST' environment variable should happen for clusters where APIServerSNI
// featuregate is enabled.
// Any value than 'disable' enables this feature.
AnnotationShootAPIServerSNIPodInjector = "alpha.featuregates.shoot.gardener.cloud/apiserver-sni-pod-injector"
// AnnotationShootAPIServerSNIPodInjectorDisableValue is the value of the
// `alpha.featuregates.shoot.gardener.cloud/apiserver-sni-pod-injector` annotation that disables the pod injection.
AnnotationShootAPIServerSNIPodInjectorDisableValue = "disable"
// OperatingSystemConfigUnitNameKubeletService is a constant for a unit in the operating system config that contains the kubelet service.
OperatingSystemConfigUnitNameKubeletService = "kubelet.service"
// OperatingSystemConfigUnitNameDockerService is a constant for a unit in the operating system config that contains the docker service.
OperatingSystemConfigUnitNameDockerService = "docker.service"
// OperatingSystemConfigUnitNameContainerDService is a constant for a unit in the operating system config that contains the containerd service.
OperatingSystemConfigUnitNameContainerDService = "containerd.service"
// OperatingSystemConfigFilePathKernelSettings is a constant for a path to a file in the operating system config that contains some general kernel settings.
OperatingSystemConfigFilePathKernelSettings = "/etc/sysctl.d/99-k8s-general.conf"
// OperatingSystemConfigFilePathKubeletConfig is a constant for a path to a file in the operating system config that contains the kubelet configuration.
OperatingSystemConfigFilePathKubeletConfig = "/var/lib/kubelet/config/kubelet"
// OperatingSystemConfigUnitNamePromtailService is a constant for a unit in the operating system config that contains the promtail service.
OperatingSystemConfigUnitNamePromtailService = "promtail.service"
// OperatingSystemConfigFilePathPromtailConfig is a constant for a path to a file in the operating system config that contains the kubelet configuration.
OperatingSystemConfigFilePathPromtailConfig = "/var/lib/promtail/config/config"
// OperatingSystemConfigFilePathBinaries is a constant for a path to a directory in the operating system config that contains the binaries.
OperatingSystemConfigFilePathBinaries = "/opt/bin"
// FluentBitConfigMapKubernetesFilter is a constant for the Fluent Bit ConfigMap's section regarding Kubernetes filters
FluentBitConfigMapKubernetesFilter = "filter-kubernetes.conf"
// FluentBitConfigMapParser is a constant for the Fluent Bit ConfigMap's section regarding Parsers for common container types
FluentBitConfigMapParser = "parsers.conf"
// PrometheusConfigMapAlertingRules is a constant for the Prometheus alerting rules tag in provider-specific monitoring configuration
PrometheusConfigMapAlertingRules = "alerting_rules"
// PrometheusConfigMapScrapeConfig is a constant for the Prometheus scrape config tag in provider-specific monitoring configuration
PrometheusConfigMapScrapeConfig = "scrape_config"
// GrafanaConfigMapUserDashboard is a constant for the Grafana user dashboard tag in provider-specific monitoring configuration
GrafanaConfigMapUserDashboard = "dashboard_users"
// GrafanaConfigMapOperatorDashboard is a constant for the Grafana operator dashboard tag in provider-specific monitoring configuration
GrafanaConfigMapOperatorDashboard = "dashboard_operators"
// LabelControllerRegistrationName is the key of a label on extension namespaces that indicates the controller registration name.
LabelControllerRegistrationName = "controllerregistration.core.gardener.cloud/name"
// LabelPodMaintenanceRestart is a constant for a label that describes that a pod should be restarted during maintenance.
LabelPodMaintenanceRestart = "maintenance.gardener.cloud/restart"
// LabelWorkerPool is a constant for a label that indicates the worker pool the node belongs to
LabelWorkerPool = "worker.gardener.cloud/pool"
// LabelWorkerKubernetesVersion is a constant for a label that indicates the Kubernetes version used for the worker pool nodes.
LabelWorkerKubernetesVersion = "worker.gardener.cloud/kubernetes-version"
// LabelWorkerPoolDeprecated is a deprecated constant for a label that indicates the worker pool the node belongs to
LabelWorkerPoolDeprecated = "worker.garden.sapcloud.io/group"
// LabelWorkerPoolSystemComponents is a constant that indicates whether the worker pool should host system components
LabelWorkerPoolSystemComponents = "worker.gardener.cloud/system-components"
// EventResourceReferenced indicates that the resource deletion is in waiting mode because the resource is still
// being referenced by at least one other resource (e.g. a SecretBinding is still referenced by a Shoot)
EventResourceReferenced = "ResourceReferenced"
// ReferencedResourcesPrefix is the prefix used when copying referenced resources to the Shoot namespace in the Seed,
// to avoid naming collisions with resources managed by Gardener.
ReferencedResourcesPrefix = "ref-"
// ClusterIdentity is a constant equal to the name and data key (that stores the identity) of the cluster-identity ConfigMap
ClusterIdentity = "cluster-identity"
// SeedNginxIngressClass defines the ingress class for the seed nginx ingress controller
SeedNginxIngressClass = "nginx-gardener"
// SeedNginxIngressClass122 defines the ingress class for the seed nginx ingress controller for K8s >= 1.22
SeedNginxIngressClass122 = "nginx-ingress-gardener"
// IngressKindNginx defines nginx as kind as managed Seed ingress
IngressKindNginx = "nginx"
// NginxIngressClass defines the ingress class for the seed nginx ingress controller if the seed cluster is a non Gardener managed cluster.
NginxIngressClass = "nginx"
// SeedsGroup is the identity group for gardenlets when authenticating to the API server.
SeedsGroup = "gardener.cloud:system:seeds"
// SeedUserNamePrefix is the identity user name prefix for gardenlets when authenticating to the API server.
SeedUserNamePrefix = "gardener.cloud:system:seed:"
// ProjectName is the key of a label on namespaces whose value holds the project name.
ProjectName = "project.gardener.cloud/name"
// ProjectSkipStaleCheck is the key of an annotation on a project namespace that marks the associated Project to be
// skipped by the stale project controller. If the project has already configured stale timestamps in its status
// then they will be reset.
ProjectSkipStaleCheck = "project.gardener.cloud/skip-stale-check"
// NamespaceProject is the key of an annotation on namespace whose value holds the project uid.
NamespaceProject = "namespace.gardener.cloud/project"
// NamespaceKeepAfterProjectDeletion is a constant for an annotation on a `Namespace` resource that states that it
// should not be deleted if the corresponding `Project` gets deleted. Please note that all project related labels
// from the namespace will be removed when the project is being deleted.
NamespaceKeepAfterProjectDeletion = "namespace.gardener.cloud/keep-after-project-deletion"
// NamespaceCreatedByProjectController is a constant for annotation on a `Namespace` resource that states that it
// was created by the project controller because either the Project's `spec.namespace` field was not specified
// or the specified namespace was not present.
NamespaceCreatedByProjectController = "namespace.gardener.cloud/created-by-project-controller"
// DefaultVpnRange is the default network range for the vpn between seed and shoot cluster.
DefaultVpnRange = "192.168.123.0/24"
// BackupSecretName is the name of secret having credentials for etcd backups.
BackupSecretName string = "etcd-backup"
// DataKeyBackupBucketName is the name of a data key whose value contains the backup bucket name.
DataKeyBackupBucketName string = "bucketName"
// BackupSourcePrefix is the prefix for names of resources related to source backupentries when copying backups.
BackupSourcePrefix = "source"
// GardenerAudience is the identifier for Gardener controllers when interacting with the API Server
GardenerAudience = "gardener"
// DNSRecordInternalName is a constant for DNSRecord objects used for the internal domain name.
DNSRecordInternalName = "internal"
// DNSRecordExternalName is a constant for DNSRecord objects used for the external domain name.
DNSRecordExternalName = "external"
// DNSRecordOwnerName is a constant for DNSRecord objects used for the owner domain name.
DNSRecordOwnerName = "owner"
// ArchitectureAMD64 is a constant for the 'amd64' architecture.
ArchitectureAMD64 = "amd64"
// ArchitectureARM64 is a constant for the 'arm64' architecture.
ArchitectureARM64 = "arm64"
)
var (
// ControlPlaneSecretRoles contains all role values used for control plane secrets synced to the Garden cluster.
ControlPlaneSecretRoles = []string{
GardenRoleKubeconfig,
GardenRoleSSHKeyPair,
GardenRoleMonitoring,
}
// ValidArchitectures contains all CPU architectures which are supported by the Shoot.
ValidArchitectures = []string{
ArchitectureAMD64,
ArchitectureARM64,
}
)
// constants for well-known PriorityClass names
const (
// PriorityClassNameShootSystem900 is the name of a PriorityClass for Shoot system components.
// Please consider the documentation in https://github.com/gardener/gardener/blob/master/docs/development/priority-classes.md
PriorityClassNameShootSystem900 = "gardener-shoot-system-900"
// PriorityClassNameShootSystem800 is the name of a PriorityClass for Shoot system components.
// Please consider the documentation in https://github.com/gardener/gardener/blob/master/docs/development/priority-classes.md
PriorityClassNameShootSystem800 = "gardener-shoot-system-800"
// PriorityClassNameShootSystem700 is the name of a PriorityClass for Shoot system components.
// Please consider the documentation in https://github.com/gardener/gardener/blob/master/docs/development/priority-classes.md
PriorityClassNameShootSystem700 = "gardener-shoot-system-700"
// PriorityClassNameShootSystem600 is the name of a PriorityClass for Shoot system components.
// Please consider the documentation in https://github.com/gardener/gardener/blob/master/docs/development/priority-classes.md
PriorityClassNameShootSystem600 = "gardener-shoot-system-600"
// PriorityClassNameSeedSystemCritical is the name of a PriorityClass for Seed system components.
// Please consider the documentation in https://github.com/gardener/gardener/blob/master/docs/development/priority-classes.md
PriorityClassNameSeedSystemCritical = "gardener-system-critical"
// PriorityClassNameSeedSystem900 is the name of a PriorityClass for Seed system components.
// Please consider the documentation in https://github.com/gardener/gardener/blob/master/docs/development/priority-classes.md
PriorityClassNameSeedSystem900 = "gardener-system-900"
// PriorityClassNameSeedSystem800 is the name of a PriorityClass for Seed system components.
// Please consider the documentation in https://github.com/gardener/gardener/blob/master/docs/development/priority-classes.md
PriorityClassNameSeedSystem800 = "gardener-system-800"
// PriorityClassNameSeedSystem700 is the name of a PriorityClass for Seed system components.
// Please consider the documentation in https://github.com/gardener/gardener/blob/master/docs/development/priority-classes.md
PriorityClassNameSeedSystem700 = "gardener-system-700"
// PriorityClassNameSeedSystem600 is the name of a PriorityClass for Seed system components.
// Please consider the documentation in https://github.com/gardener/gardener/blob/master/docs/development/priority-classes.md
PriorityClassNameSeedSystem600 = "gardener-system-600"
// PriorityClassNameReserveExcessCapacity is the name of a PriorityClass for reserving excess capacity on a Seed cluster.
// Please consider the documentation in https://github.com/gardener/gardener/blob/master/docs/development/priority-classes.md
PriorityClassNameReserveExcessCapacity = "gardener-reserve-excess-capacity"
// PriorityClassNameShootControlPlane500 is the name of a PriorityClass for Shoot control plane components.
// Please consider the documentation in https://github.com/gardener/gardener/blob/master/docs/development/priority-classes.md
PriorityClassNameShootControlPlane500 = "gardener-system-500"
// PriorityClassNameShootControlPlane400 is the name of a PriorityClass for Shoot control plane components.
// Please consider the documentation in https://github.com/gardener/gardener/blob/master/docs/development/priority-classes.md
PriorityClassNameShootControlPlane400 = "gardener-system-400"
// PriorityClassNameShootControlPlane300 is the name of a PriorityClass for Shoot control plane components.
// Please consider the documentation in https://github.com/gardener/gardener/blob/master/docs/development/priority-classes.md
PriorityClassNameShootControlPlane300 = "gardener-system-300"
// PriorityClassNameShootControlPlane200 is the name of a PriorityClass for Shoot control plane components.
// Please consider the documentation in https://github.com/gardener/gardener/blob/master/docs/development/priority-classes.md
PriorityClassNameShootControlPlane200 = "gardener-system-200"
// PriorityClassNameShootControlPlane100 is the name of a PriorityClass for Shoot control plane components.
// Please consider the documentation in https://github.com/gardener/gardener/blob/master/docs/development/priority-classes.md
PriorityClassNameShootControlPlane100 = "gardener-system-100"
// PriorityClassNameShootControlPlane is the name of a PriorityClass for Shoot control plane components.
// Deprecated: this PriorityClass will be removed in a future version, use the fine-granular PriorityClasses above instead.
PriorityClassNameShootControlPlane = "gardener-shoot-controlplane"
)