-
Notifications
You must be signed in to change notification settings - Fork 461
/
types.go
579 lines (529 loc) · 28.5 KB
/
types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
// Copyright 2022 SAP SE or an SAP affiliate company. All rights reserved. This file is licensed under the Apache Software License, v. 2 except as noted otherwise in the LICENSE file
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package v1alpha1
import (
corev1 "k8s.io/api/core/v1"
rbacv1 "k8s.io/api/rbac/v1"
"k8s.io/apimachinery/pkg/api/resource"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/util/sets"
gardencorev1beta1 "github.com/gardener/gardener/pkg/apis/core/v1beta1"
v1beta1constants "github.com/gardener/gardener/pkg/apis/core/v1beta1/constants"
)
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// +kubebuilder:resource:scope=Cluster,shortName="grdn"
// +kubebuilder:subresource:status
// +kubebuilder:printcolumn:name="K8S Version",type=string,JSONPath=`.spec.virtualCluster.kubernetes.version`,description="Kubernetes version of virtual cluster."
// +kubebuilder:printcolumn:name="Gardener Version",type=string,JSONPath=`.status.gardener.version`,description="Version of the Gardener components."
// +kubebuilder:printcolumn:name="Last Operation",type=string,JSONPath=`.status.lastOperation.state`,description="Status of the last operation"
// +kubebuilder:printcolumn:name="Runtime",type=string,JSONPath=`.status.conditions[?(@.type=="RuntimeComponentsHealthy")].status`,description="Indicates whether the components related to the runtime cluster are healthy."
// +kubebuilder:printcolumn:name="Virtual",type=string,JSONPath=`.status.conditions[?(@.type=="VirtualComponentsHealthy")].status`,description="Indicates whether the components related to the virtual cluster are healthy."
// +kubebuilder:printcolumn:name="API Server",type=string,JSONPath=`.status.conditions[?(@.type=="VirtualGardenAPIServerAvailable")].status`,description="Indicates whether the API server of the virtual cluster is available."
// +kubebuilder:printcolumn:name="Observability",type=string,JSONPath=`.status.conditions[?(@.type=="ObservabilityComponentsHealthy")].status`,description="Indicates whether the observability components related to the runtime cluster are healthy."
// +kubebuilder:printcolumn:name="Age",type=date,JSONPath=`.metadata.creationTimestamp`,description="creation timestamp"
// Garden describes a list of gardens.
type Garden struct {
metav1.TypeMeta `json:",inline"`
// Standard object metadata.
metav1.ObjectMeta `json:"metadata,omitempty"`
// Spec contains the specification of this garden.
Spec GardenSpec `json:"spec,omitempty"`
// Status contains the status of this garden.
Status GardenStatus `json:"status,omitempty"`
}
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// GardenList is a list of Garden resources.
type GardenList struct {
metav1.TypeMeta `json:",inline"`
// +optional
metav1.ListMeta `json:"metadata,omitempty"`
// Items is the list of Garden.
Items []Garden `json:"items"`
}
// GardenSpec contains the specification of a garden environment.
type GardenSpec struct {
// RuntimeCluster contains configuration for the runtime cluster.
RuntimeCluster RuntimeCluster `json:"runtimeCluster"`
// VirtualCluster contains configuration for the virtual cluster.
VirtualCluster VirtualCluster `json:"virtualCluster"`
}
// RuntimeCluster contains configuration for the runtime cluster.
type RuntimeCluster struct {
// Ingress configures Ingress specific settings for the Garden cluster. This field is immutable.
Ingress gardencorev1beta1.Ingress `json:"ingress"`
// Networking defines the networking configuration of the runtime cluster.
Networking RuntimeNetworking `json:"networking"`
// Provider defines the provider-specific information for this cluster.
Provider Provider `json:"provider"`
// Settings contains certain settings for this cluster.
// +optional
Settings *Settings `json:"settings,omitempty"`
}
// RuntimeNetworking defines the networking configuration of the runtime cluster.
type RuntimeNetworking struct {
// Nodes is the CIDR of the node network. This field is immutable.
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
// +optional
Nodes *string `json:"nodes,omitempty"`
// Pods is the CIDR of the pod network. This field is immutable.
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
Pods string `json:"pods"`
// Services is the CIDR of the service network. This field is immutable.
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
Services string `json:"services"`
// BlockCIDRs is a list of network addresses that should be blocked.
// +optional
BlockCIDRs []string `json:"blockCIDRs,omitempty"`
}
// Provider defines the provider-specific information for this cluster.
type Provider struct {
// Zones is the list of availability zones the cluster is deployed to.
// +optional
Zones []string `json:"zones,omitempty"`
}
// Settings contains certain settings for this cluster.
type Settings struct {
// LoadBalancerServices controls certain settings for services of type load balancer that are created in the runtime
// cluster.
// +optional
LoadBalancerServices *SettingLoadBalancerServices `json:"loadBalancerServices,omitempty"`
// VerticalPodAutoscaler controls certain settings for the vertical pod autoscaler components deployed in the
// cluster.
// +optional
VerticalPodAutoscaler *SettingVerticalPodAutoscaler `json:"verticalPodAutoscaler,omitempty"`
// TopologyAwareRouting controls certain settings for topology-aware traffic routing in the cluster.
// See https://github.com/gardener/gardener/blob/master/docs/operations/topology_aware_routing.md.
// +optional
TopologyAwareRouting *SettingTopologyAwareRouting `json:"topologyAwareRouting,omitempty"`
}
// SettingLoadBalancerServices controls certain settings for services of type load balancer that are created in the
// runtime cluster.
type SettingLoadBalancerServices struct {
// Annotations is a map of annotations that will be injected/merged into every load balancer service object.
// +optional
Annotations map[string]string `json:"annotations,omitempty"`
}
// SettingVerticalPodAutoscaler controls certain settings for the vertical pod autoscaler components deployed in the
// seed.
type SettingVerticalPodAutoscaler struct {
// Enabled controls whether the VPA components shall be deployed into this cluster. It is true by default because
// the operator (and Gardener) heavily rely on a VPA being deployed. You should only disable this if your runtime
// cluster already has another, manually/custom managed VPA deployment. If this is not the case, but you still
// disable it, then reconciliation will fail.
// +kubebuilder:default=true
// +optional
Enabled *bool `json:"enabled,omitempty"`
}
// SettingTopologyAwareRouting controls certain settings for topology-aware traffic routing in the cluster.
// See https://github.com/gardener/gardener/blob/master/docs/operations/topology_aware_routing.md.
type SettingTopologyAwareRouting struct {
// Enabled controls whether certain Services deployed in the cluster should be topology-aware.
// These Services are virtual-garden-etcd-main-client, virtual-garden-etcd-events-client and virtual-garden-kube-apiserver.
// Additionally, other components that are deployed to the runtime cluster via other means can read this field and
// according to its value enable/disable topology-aware routing for their Services.
Enabled bool `json:"enabled"`
}
// VirtualCluster contains configuration for the virtual cluster.
type VirtualCluster struct {
// ControlPlane holds information about the general settings for the control plane of the virtual cluster.
// +optional
ControlPlane *ControlPlane `json:"controlPlane,omitempty"`
// DNS holds information about DNS settings.
DNS DNS `json:"dns"`
// ETCD contains configuration for the etcds of the virtual garden cluster.
// +optional
ETCD *ETCD `json:"etcd,omitempty"`
// Gardener contains the configuration options for the Gardener control plane components.
Gardener Gardener `json:"gardener"`
// Kubernetes contains the version and configuration options for the Kubernetes components of the virtual garden
// cluster.
Kubernetes Kubernetes `json:"kubernetes"`
// Maintenance contains information about the time window for maintenance operations.
Maintenance Maintenance `json:"maintenance"`
// Networking contains information about cluster networking such as CIDRs, etc.
Networking Networking `json:"networking"`
}
// DNS holds information about DNS settings.
type DNS struct {
// Domains are the external domains of the virtual garden cluster.
// The first given domain in this list is immutable.
// +kubebuilder:validation:MinItems=1
// +optional
Domains []string `json:"domains,omitempty"`
}
// ETCD contains configuration for the etcds of the virtual garden cluster.
type ETCD struct {
// Main contains configuration for the main etcd.
// +optional
Main *ETCDMain `json:"main,omitempty"`
// Events contains configuration for the events etcd.
// +optional
Events *ETCDEvents `json:"events,omitempty"`
}
// ETCDMain contains configuration for the main etcd.
type ETCDMain struct {
// Backup contains the object store configuration for backups for the virtual garden etcd.
// +optional
Backup *Backup `json:"backup,omitempty"`
// Storage contains storage configuration.
// +optional
Storage *Storage `json:"storage,omitempty"`
}
// ETCDEvents contains configuration for the events etcd.
type ETCDEvents struct {
// Storage contains storage configuration.
// +optional
Storage *Storage `json:"storage,omitempty"`
}
// Storage contains storage configuration.
type Storage struct {
// Capacity is the storage capacity for the volumes.
// +kubebuilder:default=`10Gi`
// +optional
Capacity *resource.Quantity `json:"capacity,omitempty"`
// ClassName is the name of a storage class.
// +optional
ClassName *string `json:"className,omitempty"`
}
// Backup contains the object store configuration for backups for the virtual garden etcd.
type Backup struct {
// Provider is a provider name. This field is immutable.
// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Provider is immutable"
Provider string `json:"provider"`
// BucketName is the name of the backup bucket.
// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="BucketName is immutable"
BucketName string `json:"bucketName"`
// SecretRef is a reference to a Secret object containing the cloud provider credentials for the object store where
// backups should be stored. It should have enough privileges to manipulate the objects as well as buckets.
SecretRef corev1.LocalObjectReference `json:"secretRef"`
}
// Maintenance contains information about the time window for maintenance operations.
type Maintenance struct {
// TimeWindow contains information about the time window for maintenance operations.
TimeWindow gardencorev1beta1.MaintenanceTimeWindow `json:"timeWindow"`
}
// ControlPlane holds information about the general settings for the control plane of the virtual garden cluster.
type ControlPlane struct {
// HighAvailability holds the configuration settings for high availability settings.
// +optional
HighAvailability *HighAvailability `json:"highAvailability,omitempty"`
}
// HighAvailability specifies the configuration settings for high availability for a resource.
type HighAvailability struct{}
// Kubernetes contains the version and configuration options for the Kubernetes components of the virtual garden
// cluster.
type Kubernetes struct {
// KubeAPIServer contains configuration settings for the kube-apiserver.
// +optional
KubeAPIServer *KubeAPIServerConfig `json:"kubeAPIServer,omitempty"`
// KubeControllerManager contains configuration settings for the kube-controller-manager.
// +optional
KubeControllerManager *KubeControllerManagerConfig `json:"kubeControllerManager,omitempty"`
// Version is the semantic Kubernetes version to use for the virtual garden cluster.
// +kubebuilder:validation:MinLength=1
Version string `json:"version"`
}
// KubeAPIServerConfig contains configuration settings for the kube-apiserver.
type KubeAPIServerConfig struct {
// KubeAPIServerConfig contains all configuration values not specific to the virtual garden cluster.
// +optional
*gardencorev1beta1.KubeAPIServerConfig `json:",inline"`
// AuditWebhook contains settings related to an audit webhook configuration.
// +optional
AuditWebhook *AuditWebhook `json:"auditWebhook,omitempty"`
// Authentication contains settings related to authentication.
// +optional
Authentication *Authentication `json:"authentication,omitempty"`
// ResourcesToStoreInETCDEvents contains a list of resources which should be stored in etcd-events instead of
// etcd-main. The 'events' resource is always stored in etcd-events. Note that adding or removing resources from
// this list will not migrate them automatically from the etcd-main to etcd-events or vice versa.
// +optional
ResourcesToStoreInETCDEvents []GroupResource `json:"resourcesToStoreInETCDEvents,omitempty"`
// SNI contains configuration options for the TLS SNI settings.
// +optional
SNI *SNI `json:"sni,omitempty"`
}
// AuditWebhook contains settings related to an audit webhook configuration.
type AuditWebhook struct {
// BatchMaxSize is the maximum size of a batch.
// +kubebuilder:default=30
// +kubebuilder:validation:Minimum=1
// +optional
BatchMaxSize *int32 `json:"batchMaxSize,omitempty"`
// KubeconfigSecretName specifies the name of a secret containing the kubeconfig for this webhook.
// +kubebuilder:validation:MinLength=1
KubeconfigSecretName string `json:"kubeconfigSecretName"`
// Version is the API version to send and expect from the webhook.
// +kubebuilder:default=audit.k8s.io/v1
// +kubebuilder:validation:Enum=audit.k8s.io/v1
// +optional
Version *string `json:"version,omitempty"`
}
// Authentication contains settings related to authentication.
type Authentication struct {
// Webhook contains settings related to an authentication webhook configuration.
// +optional
Webhook *AuthenticationWebhook `json:"webhook,omitempty"`
}
// AuthenticationWebhook contains settings related to an authentication webhook configuration.
type AuthenticationWebhook struct {
// CacheTTL is the duration to cache responses from the webhook authenticator.
// +kubebuilder:validation:Type=string
// +kubebuilder:validation:Pattern="^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$"
// +optional
CacheTTL *metav1.Duration `json:"cacheTTL,omitempty"`
// KubeconfigSecretName specifies the name of a secret containing the kubeconfig for this webhook.
// +kubebuilder:validation:MinLength=1
KubeconfigSecretName string `json:"kubeconfigSecretName"`
// Version is the API version to send and expect from the webhook.
// +kubebuilder:default=v1beta1
// +kubebuilder:validation:Enum=v1alpha1;v1beta1;v1
// +optional
Version *string `json:"version,omitempty"`
}
// GroupResource contains a list of resources which should be stored in etcd-events instead of etcd-main.
type GroupResource struct {
// Group is the API group name.
// +kubebuilder:validation:MinLength=1
Group string `json:"group"`
// Resource is the resource name.
// +kubebuilder:validation:MinLength=1
Resource string `json:"resource"`
}
// SNI contains configuration options for the TLS SNI settings.
type SNI struct {
// SecretName is the name of a secret containing the TLS certificate and private key.
// +kubebuilder:validation:MinLength=1
SecretName string `json:"secretName"`
// DomainPatterns is a list of fully qualified domain names, possibly with prefixed wildcard segments. The domain
// patterns also allow IP addresses, but IPs should only be used if the apiserver has visibility to the IP address
// requested by a client. If no domain patterns are provided, the names of the certificate are extracted.
// Non-wildcard matches trump over wildcard matches, explicit domain patterns trump over extracted names.
// +optional
DomainPatterns []string `json:"domainPatterns,omitempty"`
}
// Networking defines networking parameters for the virtual garden cluster.
type Networking struct {
// Services is the CIDR of the service network. This field is immutable.
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
Services string `json:"services"`
}
// KubeControllerManagerConfig contains configuration settings for the kube-controller-manager.
type KubeControllerManagerConfig struct {
// KubeControllerManagerConfig contains all configuration values not specific to the virtual garden cluster.
// +optional
*gardencorev1beta1.KubeControllerManagerConfig `json:",inline"`
// CertificateSigningDuration is the maximum length of duration signed certificates will be given. Individual CSRs
// may request shorter certs by setting `spec.expirationSeconds`.
// +kubebuilder:validation:Type=string
// +kubebuilder:validation:Pattern="^([0-9]+(\\.[0-9]+)?(ns|us|µs|ms|s|m|h))+$"
// +kubebuilder:default=`48h`
// +optional
CertificateSigningDuration *metav1.Duration `json:"certificateSigningDuration,omitempty"`
}
// Gardener contains the configuration settings for the Gardener components.
type Gardener struct {
// ClusterIdentity is the identity of the garden cluster. This field is immutable.
// +kubebuilder:validation:MinLength=1
// +kubebuilder:validation:XValidation:rule="self == oldSelf",message="Value is immutable"
ClusterIdentity string `json:"clusterIdentity"`
// APIServer contains configuration settings for the gardener-apiserver.
// +optional
APIServer *GardenerAPIServerConfig `json:"gardenerAPIServer,omitempty"`
// AdmissionController contains configuration settings for the gardener-admission-controller.
// +optional
AdmissionController *GardenerAdmissionControllerConfig `json:"gardenerAdmissionController,omitempty"`
// ControllerManager contains configuration settings for the gardener-controller-manager.
// +optional
ControllerManager *GardenerControllerManagerConfig `json:"gardenerControllerManager,omitempty"`
// Scheduler contains configuration settings for the gardener-scheduler.
// +optional
Scheduler *GardenerSchedulerConfig `json:"gardenerScheduler,omitempty"`
}
// GardenerAPIServerConfig contains configuration settings for the gardener-apiserver.
type GardenerAPIServerConfig struct {
gardencorev1beta1.KubernetesConfig `json:",inline"`
// AdmissionPlugins contains the list of user-defined admission plugins (additional to those managed by Gardener),
// and, if desired, the corresponding configuration.
// +optional
AdmissionPlugins []gardencorev1beta1.AdmissionPlugin `json:"admissionPlugins,omitempty"`
// AuditConfig contains configuration settings for the audit of the kube-apiserver.
// +optional
AuditConfig *gardencorev1beta1.AuditConfig `json:"auditConfig,omitempty"`
// AuditWebhook contains settings related to an audit webhook configuration.
// +optional
AuditWebhook *AuditWebhook `json:"auditWebhook,omitempty"`
// Logging contains configuration for the log level and HTTP access logs.
// +optional
Logging *gardencorev1beta1.APIServerLogging `json:"logging,omitempty"`
// Requests contains configuration for request-specific settings for the kube-apiserver.
// +optional
Requests *gardencorev1beta1.APIServerRequests `json:"requests,omitempty"`
// WatchCacheSizes contains configuration of the API server's watch cache sizes.
// Configuring these flags might be useful for large-scale Garden clusters with a lot of parallel update requests
// and a lot of watching controllers (e.g. large ManagedSeed clusters). When the API server's watch cache's
// capacity is too small to cope with the amount of update requests and watchers for a particular resource, it
// might happen that controller watches are permanently stopped with `too old resource version` errors.
// Starting from kubernetes v1.19, the API server's watch cache size is adapted dynamically and setting the watch
// cache size flags will have no effect, except when setting it to 0 (which disables the watch cache).
// +optional
WatchCacheSizes *gardencorev1beta1.WatchCacheSizes `json:"watchCacheSizes,omitempty"`
// EncryptionConfig contains customizable encryption configuration of the Gardener API server.
// +optional
EncryptionConfig *gardencorev1beta1.EncryptionConfig `json:"encryptionConfig,omitempty"`
}
// GardenerAdmissionControllerConfig contains configuration settings for the gardener-admission-controller.
type GardenerAdmissionControllerConfig struct {
// LogLevel is the configured log level for the gardener-admission-controller. Must be one of [info,debug,error].
// Defaults to info.
// +kubebuilder:validation:Enum=info;debug;error
// +kubebuilder:default=info
// +optional
LogLevel *string `json:"logLevel,omitempty"`
// ResourceAdmissionConfiguration is the configuration for resource size restrictions for arbitrary Group-Version-Kinds.
// +optional
ResourceAdmissionConfiguration *ResourceAdmissionConfiguration `json:"resourceAdmissionConfiguration,omitempty"`
}
// ResourceAdmissionConfiguration contains settings about arbitrary kinds and the size each resource should have at most.
type ResourceAdmissionConfiguration struct {
// Limits contains configuration for resources which are subjected to size limitations.
Limits []ResourceLimit `json:"limits"`
// UnrestrictedSubjects contains references to users, groups, or service accounts which aren't subjected to any resource size limit.
// +optional
UnrestrictedSubjects []rbacv1.Subject `json:"unrestrictedSubjects,omitempty"`
// OperationMode specifies the mode the webhooks operates in. Allowed values are "block" and "log". Defaults to "block".
// +optional
OperationMode *ResourceAdmissionWebhookMode `json:"operationMode,omitempty"`
}
// ResourceAdmissionWebhookMode is an alias type for the resource admission webhook mode.
type ResourceAdmissionWebhookMode string
// ResourceLimit contains settings about a kind and the size each resource should have at most.
type ResourceLimit struct {
// APIGroups is the name of the APIGroup that contains the limited resource. WildcardAll represents all groups.
// +optional
APIGroups []string `json:"apiGroups,omitempty"`
// APIVersions is the version of the resource. WildcardAll represents all versions.
// +optional
APIVersions []string `json:"apiVersions,omitempty"`
// Resources is the name of the resource this rule applies to. WildcardAll represents all resources.
Resources []string `json:"resources"`
// Size specifies the imposed limit.
Size resource.Quantity `json:"size"`
}
// GardenerControllerManagerConfig contains configuration settings for the gardener-controller-manager.
type GardenerControllerManagerConfig struct {
gardencorev1beta1.KubernetesConfig `json:",inline"`
// DefaultProjectQuotas is the default configuration matching projects are set up with if a quota is not already
// specified.
// +optional
DefaultProjectQuotas []ProjectQuotaConfiguration `json:"defaultProjectQuotas,omitempty"`
// LogLevel is the configured log level for the gardener-controller-manager. Must be one of [info,debug,error].
// Defaults to info.
// +kubebuilder:validation:Enum=info;debug;error
// +kubebuilder:default=info
// +optional
LogLevel *string `json:"logLevel,omitempty"`
}
// ProjectQuotaConfiguration defines quota configurations.
type ProjectQuotaConfiguration struct {
// Config is the quota specification used for the project set-up.
// Only v1.ResourceQuota resources are supported.
Config runtime.RawExtension `json:"config"`
// ProjectSelector is an optional setting to select the projects considered for quotas.
// Defaults to empty LabelSelector, which matches all projects.
// +optional
ProjectSelector *metav1.LabelSelector `json:"projectSelector,omitempty"`
}
// GardenerSchedulerConfig contains configuration settings for the gardener-scheduler.
type GardenerSchedulerConfig struct {
gardencorev1beta1.KubernetesConfig `json:",inline"`
// LogLevel is the configured log level for the gardener-scheduler. Must be one of [info,debug,error].
// Defaults to info.
// +kubebuilder:validation:Enum=info;debug;error
// +kubebuilder:default=info
// +optional
LogLevel *string `json:"logLevel,omitempty"`
}
// GardenStatus is the status of a garden environment.
type GardenStatus struct {
// Gardener holds information about the Gardener which last acted on the Garden.
// +optional
Gardener *gardencorev1beta1.Gardener `json:"gardener,omitempty"`
// Conditions is a list of conditions.
Conditions []gardencorev1beta1.Condition `json:"conditions,omitempty"`
// LastOperation holds information about the last operation on the Garden.
// +optional
LastOperation *gardencorev1beta1.LastOperation `json:"lastOperation,omitempty"`
// ObservedGeneration is the most recent generation observed for this resource.
ObservedGeneration int64 `json:"observedGeneration,omitempty"`
// Credentials contains information about the virtual garden cluster credentials.
// +optional
Credentials *Credentials `json:"credentials,omitempty"`
// EncryptedResources is the list of resources which are currently encrypted in the virtual garden by the virtual kube-apiserver.
// Resources which are encrypted by default will not appear here.
// See https://github.com/gardener/gardener/blob/master/docs/concepts/operator.md#etcd-encryption-config for more details.
// +optional
EncryptedResources []string `json:"encryptedResources,omitempty"`
}
// Credentials contains information about the virtual garden cluster credentials.
type Credentials struct {
// Rotation contains information about the credential rotations.
// +optional
Rotation *CredentialsRotation `json:"rotation,omitempty"`
}
// CredentialsRotation contains information about the rotation of credentials.
type CredentialsRotation struct {
// CertificateAuthorities contains information about the certificate authority credential rotation.
// +optional
CertificateAuthorities *gardencorev1beta1.CARotation `json:"certificateAuthorities,omitempty"`
// ServiceAccountKey contains information about the service account key credential rotation.
// +optional
ServiceAccountKey *gardencorev1beta1.ServiceAccountKeyRotation `json:"serviceAccountKey,omitempty"`
// ETCDEncryptionKey contains information about the ETCD encryption key credential rotation.
// +optional
ETCDEncryptionKey *gardencorev1beta1.ETCDEncryptionKeyRotation `json:"etcdEncryptionKey,omitempty"`
// Observability contains information about the observability credential rotation.
// +optional
Observability *gardencorev1beta1.ObservabilityRotation `json:"observability,omitempty"`
}
const (
// RuntimeComponentsHealthy is a constant for a condition type indicating the runtime components health.
RuntimeComponentsHealthy gardencorev1beta1.ConditionType = "RuntimeComponentsHealthy"
// VirtualComponentsHealthy is a constant for a condition type indicating the virtual garden components health.
VirtualComponentsHealthy gardencorev1beta1.ConditionType = "VirtualComponentsHealthy"
// VirtualGardenAPIServerAvailable is a constant for a condition type indicating that the virtual garden's API server is available.
VirtualGardenAPIServerAvailable gardencorev1beta1.ConditionType = "VirtualGardenAPIServerAvailable"
// ObservabilityComponentsHealthy is a constant for a condition type indicating the health of observability components.
ObservabilityComponentsHealthy gardencorev1beta1.ConditionType = "ObservabilityComponentsHealthy"
)
// AvailableOperationAnnotations is the set of available operation annotations for Garden resources.
var AvailableOperationAnnotations = sets.New(
v1beta1constants.GardenerOperationReconcile,
v1beta1constants.OperationRotateCAStart,
v1beta1constants.OperationRotateCAComplete,
v1beta1constants.OperationRotateServiceAccountKeyStart,
v1beta1constants.OperationRotateServiceAccountKeyComplete,
v1beta1constants.OperationRotateETCDEncryptionKeyStart,
v1beta1constants.OperationRotateETCDEncryptionKeyComplete,
v1beta1constants.OperationRotateObservabilityCredentials,
v1beta1constants.OperationRotateCredentialsStart,
v1beta1constants.OperationRotateCredentialsComplete,
)
// FinalizerName is the name of the finalizer used by gardener-operator.
const FinalizerName = "gardener.cloud/operator"