/
cluster.go
1632 lines (1376 loc) · 76.9 KB
/
cluster.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
/*
Copyright 2020 The Kubermatic Kubernetes Platform contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1
import (
"encoding/base64"
"errors"
"fmt"
"strings"
providerconfig "github.com/kubermatic/machine-controller/pkg/providerconfig/types"
"k8c.io/kubermatic/v2/pkg/semver"
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/resource"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/util/rand"
"k8s.io/apimachinery/pkg/util/sets"
)
const (
// ClusterResourceName represents "Resource" defined in Kubernetes.
ClusterResourceName = "clusters"
// ClusterKindName represents "Kind" defined in Kubernetes.
ClusterKindName = "Cluster"
// CredentialPrefix is the prefix used for the secrets containing cloud provider crednentials.
CredentialPrefix = "credential"
// ForceRestartAnnotation is key of the annotation used to restart machine deployments.
ForceRestartAnnotation = "forceRestart"
// PresetNameAnnotation is key of the annotation used to hold preset name if was used for the cluster creation.
PresetNameAnnotation = "presetName"
// PresetInvalidatedAnnotation is key of the annotation used to indicate why the preset was invalidated.
PresetInvalidatedAnnotation = "presetInvalidated"
)
const (
CCMMigrationNeededAnnotation = "ccm-migration.k8c.io/migration-needed"
CSIMigrationNeededAnnotation = "csi-migration.k8c.io/migration-needed"
)
const (
WorkerNameLabelKey = "worker-name"
ProjectIDLabelKey = "project-id"
ExternalClusterIDLabelKey = "external-cluster-id"
UpdatedByVPALabelKey = "updated-by-vpa"
IsCredentialPresetLabelKey = "is-credential-preset"
DefaultEtcdClusterSize = 3
MinEtcdClusterSize = 3
MaxEtcdClusterSize = 9
DefaultKonnectivityKeepaliveTime = "1m"
)
// +kubebuilder:validation:Enum=standard;basic
// Azure SKU for Load Balancers. Possible values are `basic` and `standard`.
type LBSKU string
const (
AzureStandardLBSKU = LBSKU("standard")
AzureBasicLBSKU = LBSKU("basic")
)
// +kubebuilder:validation:Enum=deleted;changed
type PresetInvalidationReason string
const (
PresetDeleted = PresetInvalidationReason("deleted")
PresetChanged = PresetInvalidationReason("changed")
)
// ProtectedClusterLabels is a set of labels that must not be set by users on clusters,
// as they are security relevant.
var ProtectedClusterLabels = sets.New(WorkerNameLabelKey, ProjectIDLabelKey, IsCredentialPresetLabelKey)
// +kubebuilder:resource:scope=Cluster
// +kubebuilder:object:generate=true
// +kubebuilder:object:root=true
// +kubebuilder:subresource:status
// +kubebuilder:printcolumn:JSONPath=".spec.humanReadableName",name="HumanReadableName",type="string"
// +kubebuilder:printcolumn:JSONPath=".status.userEmail",name="Owner",type="string"
// +kubebuilder:printcolumn:JSONPath=".spec.version",name="Version",type="string"
// +kubebuilder:printcolumn:JSONPath=".spec.cloud.providerName",name="Provider",type="string"
// +kubebuilder:printcolumn:JSONPath=".spec.cloud.dc",name="Datacenter",type="string"
// +kubebuilder:printcolumn:JSONPath=".status.phase",name="Phase",type="string"
// +kubebuilder:printcolumn:JSONPath=".spec.pause",name="Paused",type="boolean"
// +kubebuilder:printcolumn:JSONPath=".metadata.creationTimestamp",name="Age",type="date"
// Cluster represents a Kubermatic Kubernetes Platform user cluster.
// Cluster objects exist on Seed clusters and each user cluster consists
// of a namespace containing the Kubernetes control plane and additional
// pods (like Prometheus or the machine-controller).
type Cluster struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
// Spec describes the desired cluster state.
Spec ClusterSpec `json:"spec,omitempty"`
// Status contains reconciliation information for the cluster.
Status ClusterStatus `json:"status,omitempty"`
}
// +kubebuilder:object:generate=true
// +kubebuilder:object:root=true
// ClusterList specifies a list of user clusters.
type ClusterList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []Cluster `json:"items"`
}
// ClusterSpec describes the desired state of a user cluster.
type ClusterSpec struct {
// HumanReadableName is the cluster name provided by the user.
HumanReadableName string `json:"humanReadableName"`
// Version defines the wanted version of the control plane.
Version semver.Semver `json:"version"`
// Cloud contains information regarding the cloud provider that
// is responsible for hosting the cluster's workload.
Cloud CloudSpec `json:"cloud"`
// +kubebuilder:validation:Enum=docker;containerd
// +kubebuilder:default=containerd
// ContainerRuntime to use, i.e. `docker` or `containerd`. By default `containerd` will be used.
ContainerRuntime string `json:"containerRuntime,omitempty"`
// Optional: ImagePullSecret references a secret with container registry credentials. This is passed to the machine-controller which sets the registry credentials on node level.
ImagePullSecret *corev1.SecretReference `json:"imagePullSecret,omitempty"`
// Optional: CNIPlugin refers to the spec of the CNI plugin used by the Cluster.
CNIPlugin *CNIPluginSettings `json:"cniPlugin,omitempty"`
// Optional: ClusterNetwork specifies the different networking parameters for a cluster.
ClusterNetwork ClusterNetworkingConfig `json:"clusterNetwork"`
// Optional: MachineNetworks is the list of the networking parameters used for IPAM.
MachineNetworks []MachineNetworkingConfig `json:"machineNetworks,omitempty"`
// ExposeStrategy is the strategy used to expose a cluster control plane.
ExposeStrategy ExposeStrategy `json:"exposeStrategy"`
// Optional: APIServerAllowedIPRanges is a list of IP ranges allowed to access the API server.
// Applicable only if the expose strategy of the cluster is LoadBalancer.
// If not configured, access to the API server is unrestricted.
APIServerAllowedIPRanges *NetworkRanges `json:"apiServerAllowedIPRanges,omitempty"`
// Optional: Component specific overrides that allow customization of control plane components.
ComponentsOverride ComponentSettings `json:"componentsOverride,omitempty"`
// Optional: OIDC specifies the OIDC configuration parameters for enabling authentication mechanism for the cluster.
OIDC OIDCSettings `json:"oidc,omitempty"`
// A map of optional or early-stage features that can be enabled for the user cluster.
// Some feature gates cannot be disabled after being enabled.
// The available feature gates vary based on KKP version, Kubernetes version and Seed configuration.
// Please consult the KKP documentation for specific feature gates.
Features map[string]bool `json:"features,omitempty"`
// Optional: UpdateWindow configures automatic update systems to respect a maintenance window for
// applying OS updates to nodes. This is only respected on Flatcar nodes currently.
UpdateWindow *UpdateWindow `json:"updateWindow,omitempty"`
// Enables the admission plugin `PodSecurityPolicy`. This plugin is deprecated by Kubernetes.
UsePodSecurityPolicyAdmissionPlugin bool `json:"usePodSecurityPolicyAdmissionPlugin,omitempty"`
// Enables the admission plugin `PodNodeSelector`. Needs additional configuration via the `podNodeSelectorAdmissionPluginConfig` field.
UsePodNodeSelectorAdmissionPlugin bool `json:"usePodNodeSelectorAdmissionPlugin,omitempty"`
// Enables the admission plugin `EventRateLimit`. Needs additional configuration via the `eventRateLimitConfig` field.
// This plugin is considered "alpha" by Kubernetes.
UseEventRateLimitAdmissionPlugin bool `json:"useEventRateLimitAdmissionPlugin,omitempty"`
// A list of arbitrary admission plugin names that are passed to kube-apiserver. Must not include admission plugins
// that can be enabled via a separate setting.
AdmissionPlugins []string `json:"admissionPlugins,omitempty"`
// Optional: Provides configuration for the PodNodeSelector admission plugin (needs plugin enabled
// via `usePodNodeSelectorAdmissionPlugin`). It's used by the backend to create a configuration file for this plugin.
// The key:value from this map is converted to <namespace>:<node-selectors-labels> in the file. Use `clusterDefaultNodeSelector`
// as key to configure a default node selector.
PodNodeSelectorAdmissionPluginConfig map[string]string `json:"podNodeSelectorAdmissionPluginConfig,omitempty"`
// Optional: Configures the EventRateLimit admission plugin (if enabled via `useEventRateLimitAdmissionPlugin`)
// to create limits on Kubernetes event generation. The EventRateLimit plugin is capable of comparing and rate limiting incoming
// `Events` based on several configured buckets.
EventRateLimitConfig *EventRateLimitConfig `json:"eventRateLimitConfig,omitempty"`
// Optional: Deploys the UserSSHKeyAgent to the user cluster. This field is immutable.
// If enabled, the agent will be deployed and used to sync user ssh keys attached by users to the cluster.
// No SSH keys will be synced after node creation if this is disabled.
EnableUserSSHKeyAgent *bool `json:"enableUserSSHKeyAgent,omitempty"`
// Optional: Enables operating-system-manager (OSM), which is responsible for creating and managing worker node configuration.
// This field is enabled(true) by default.
EnableOperatingSystemManager *bool `json:"enableOperatingSystemManager,omitempty"`
// KubeLB holds the configuration for the kubeLB component.
// Only available in Enterprise Edition.
KubeLB *KubeLB `json:"kubelb,omitempty"`
// KubernetesDashboard holds the configuration for the kubernetes-dashboard component.
KubernetesDashboard *KubernetesDashboard `json:"kubernetesDashboard,omitempty"`
// Optional: AuditLogging configures Kubernetes API audit logging (https://kubernetes.io/docs/tasks/debug-application-cluster/audit/)
// for the user cluster.
AuditLogging *AuditLoggingSettings `json:"auditLogging,omitempty"`
// Optional: OPAIntegration is a preview feature that enables OPA integration for the cluster.
// Enabling it causes OPA Gatekeeper and its resources to be deployed on the user cluster.
// By default it is disabled.
OPAIntegration *OPAIntegrationSettings `json:"opaIntegration,omitempty"`
// Optional: ServiceAccount contains service account related settings for the user cluster's kube-apiserver.
ServiceAccount *ServiceAccountSettings `json:"serviceAccount,omitempty"`
// Optional: MLA contains monitoring, logging and alerting related settings for the user cluster.
MLA *MLASettings `json:"mla,omitempty"`
// Optional: ApplicationSettings contains the settings relative to the application feature.
ApplicationSettings *ApplicationSettings `json:"applicationSettings,omitempty"`
// Optional: Configures encryption-at-rest for Kubernetes API data. This needs the `encryptionAtRest` feature gate.
EncryptionConfiguration *EncryptionConfiguration `json:"encryptionConfiguration,omitempty"`
// If this is set to true, the cluster will not be reconciled by KKP.
// This indicates that the user needs to do some action to resolve the pause.
// +kubebuilder:default=false
Pause bool `json:"pause,omitempty"`
// PauseReason is the reason why the cluster is not being managed. This field is for informational
// purpose only and can be set by a user or a controller to communicate the reason for pausing the cluster.
PauseReason string `json:"pauseReason,omitempty"`
// Enables more verbose logging in KKP's user-cluster-controller-manager.
DebugLog bool `json:"debugLog,omitempty"`
// Optional: DisableCSIDriver disables the installation of CSI driver on the cluster
// If this is true at the data center then it can't be over-written in the cluster configuration
DisableCSIDriver bool `json:"disableCsiDriver,omitempty"`
// Optional: BackupConfig contains the configuration options for managing the Cluster Backup Velero integration feature.
BackupConfig *BackupConfig `json:"backupConfig,omitempty"`
}
func (c ClusterSpec) IsOperatingSystemManagerEnabled() bool {
return c.EnableOperatingSystemManager == nil || *c.EnableOperatingSystemManager
}
// KubernetesDashboard contains settings for the kubernetes-dashboard component as part of the cluster control plane.
type KubernetesDashboard struct {
// Controls whether kubernetes-dashboard is deployed to the user cluster or not.
// Enabled by default.
Enabled bool `json:"enabled,omitempty"`
}
func (c ClusterSpec) IsKubernetesDashboardEnabled() bool {
return c.KubernetesDashboard == nil || c.KubernetesDashboard.Enabled
}
// KubeLB contains settings for the kubeLB component as part of the cluster control plane. This component is responsible for managing load balancers.
// Only available in Enterprise Edition.
type KubeLB struct {
// Controls whether kubeLB is deployed or not.
Enabled bool `json:"enabled"`
}
func (c ClusterSpec) IsKubeLBEnabled() bool {
return c.KubeLB != nil && c.KubeLB.Enabled
}
// CNIPluginSettings contains the spec of the CNI plugin used by the Cluster.
type CNIPluginSettings struct {
// Type is the CNI plugin type to be used.
Type CNIPluginType `json:"type"`
// Version defines the CNI plugin version to be used. This varies by chosen CNI plugin type.
Version string `json:"version"`
}
// +kubebuilder:validation:Enum=canal;cilium;none
// CNIPluginType defines the type of CNI plugin installed.
// Possible values are `canal`, `cilium` or `none`.
type CNIPluginType string
func (c CNIPluginType) String() string {
return string(c)
}
const (
// CNIPluginTypeCanal corresponds to Canal CNI plugin (i.e. Flannel +
// Calico for policy enforcement).
CNIPluginTypeCanal CNIPluginType = "canal"
// CNIPluginTypeCilium corresponds to Cilium CNI plugin.
CNIPluginTypeCilium CNIPluginType = "cilium"
// CNIPluginTypeNone corresponds to no CNI plugin managed by KKP
// (cluster users are responsible for managing the CNI in the cluster themselves).
CNIPluginTypeNone CNIPluginType = "none"
)
const (
// ClusterFeatureExternalCloudProvider describes the external cloud provider feature. It is
// only supported on a limited set of providers for a specific set of Kube versions. It must
// not be set if its not supported.
ClusterFeatureExternalCloudProvider = "externalCloudProvider"
// ClusterFeatureCCMClusterName sets the cluster-name flag on the external CCM deployment.
// The cluster-name flag is often used for naming cloud resources, such as load balancers.
ClusterFeatureCCMClusterName = "ccmClusterName"
// ClusterFeatureVsphereCSIClusterID sets the cluster-id in the vSphere CSI config to
// the name of the user cluster. Originally, we have been setting cluster-id to the
// vSphere Compute Cluster name (provided via the Datacenter object), however,
// this is supposed to identify the Kubernetes cluster, therefore it must be unique.
// This feature flag is enabled by default for new vSphere clusters, while existing
// vSphere clusters must be migrated manually (preferably by following advice here:
// https://kb.vmware.com/s/article/84446).
ClusterFeatureVsphereCSIClusterID = "vsphereCSIClusterID"
// ClusterFeatureEtcdLauncher enables features related to the experimental etcd-launcher. This includes user-cluster
// etcd scaling, automatic volume recovery and new backup/restore controllers.
ClusterFeatureEtcdLauncher = "etcdLauncher"
// ApiserverNetworkPolicy enables the deployment of network policies that
// restrict the egress traffic from Apiserver pods.
ApiserverNetworkPolicy = "apiserverNetworkPolicy"
// KubeSystemNetworkPolicies enables the deployment of network policies to kube-system namespace that
// restrict traffic from all pods in the namespace.
KubeSystemNetworkPolicies = "kubeSystemNetworkPolicies"
// ClusterFeatureEncryptionAtRest enables the experimental "encryption-at-rest" feature, which allows encrypting
// Kubernetes data in etcd with a user-provided encryption key or KMS service.
ClusterFeatureEncryptionAtRest = "encryptionAtRest"
)
// +kubebuilder:validation:Enum="";SeedResourcesUpToDate;ClusterControllerReconciledSuccessfully;AddonControllerReconciledSuccessfully;AddonInstallerControllerReconciledSuccessfully;BackupControllerReconciledSuccessfully;CloudControllerReconciledSuccessfully;UpdateControllerReconciledSuccessfully;MonitoringControllerReconciledSuccessfully;MachineDeploymentReconciledSuccessfully;MLAControllerReconciledSuccessfully;ClusterInitialized;EtcdClusterInitialized;CSIKubeletMigrationCompleted;ClusterUpdateSuccessful;ClusterUpdateInProgress;CSIKubeletMigrationSuccess;CSIKubeletMigrationInProgress;EncryptionControllerReconciledSuccessfully;IPAMControllerReconciledSuccessfully;
// ClusterConditionType is used to indicate the type of a cluster condition. For all condition
// types, the `true` value must indicate success. All condition types must be registered within
// the `AllClusterConditionTypes` variable.
type ClusterConditionType string
// UpdateWindow allows defining windows for maintenance tasks related to OS updates.
// This is only applied to cluster nodes using Flatcar Linux.
// The reference time for this is the node system time and might differ from
// the user's timezone, which needs to be considered when configuring a window.
type UpdateWindow struct {
// Sets the start time of the update window. This can be a time of day in 24h format, e.g. `22:30`,
// or a day of week plus a time of day, for example `Mon 21:00`. Only short names for week days are supported,
// i.e. `Mon`, `Tue`, `Wed`, `Thu`, `Fri`, `Sat` and `Sun`.
Start string `json:"start,omitempty"`
// Sets the length of the update window beginning with the start time. This needs to be a valid duration
// as parsed by Go's time.ParseDuration (https://pkg.go.dev/time#ParseDuration), e.g. `2h`.
Length string `json:"length,omitempty"`
}
// EncryptionConfiguration configures encryption-at-rest for Kubernetes API data.
type EncryptionConfiguration struct {
// Enables encryption-at-rest on this cluster.
Enabled bool `json:"enabled"`
// +kubebuilder:validation:MinItems=1
// List of resources that will be stored encrypted in etcd.
Resources []string `json:"resources"`
// Configuration for the `secretbox` static key encryption scheme as supported by Kubernetes.
// More info: https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/#providers
Secretbox *SecretboxEncryptionConfiguration `json:"secretbox,omitempty"`
}
// SecretboxEncryptionConfiguration defines static key encryption based on the 'secretbox' solution for Kubernetes.
type SecretboxEncryptionConfiguration struct {
// +kubebuilder:validation:MinItems=1
// List of 'secretbox' encryption keys. The first element of this list is considered
// the "primary" key which will be used for encrypting data while writing it. Additional
// keys will be used for decrypting data while reading it, if keys higher in the list
// did not succeed in decrypting it.
Keys []SecretboxKey `json:"keys"`
}
// SecretboxKey stores a key or key reference for encrypting Kubernetes API data at rest with a static key.
type SecretboxKey struct {
// Identifier of a key, used in various places to refer to the key.
Name string `json:"name"`
// Value contains a 32-byte random key that is base64 encoded. This is the key used
// for encryption. Can be generated via `head -c 32 /dev/urandom | base64`, for example.
Value string `json:"value,omitempty"`
// Instead of passing the sensitive encryption key via the `value` field, a secret can be
// referenced. The key of the secret referenced here needs to hold a key equivalent to the `value` field.
SecretRef *corev1.SecretKeySelector `json:"secretRef,omitempty"`
}
type BackupConfig struct {
BackupStorageLocation *corev1.LocalObjectReference `json:"backupStorageLocation,omitempty"`
}
func (c ClusterSpec) IsClusterBackupEnabled() bool {
return c.BackupConfig != nil &&
c.BackupConfig.BackupStorageLocation != nil &&
c.BackupConfig.BackupStorageLocation.Name != ""
}
const (
// ClusterConditionSeedResourcesUpToDate indicates that all controllers have finished setting up the
// resources for a user clusters that run inside the seed cluster, i.e. this ignores
// the status of cloud provider resources for a given cluster.
ClusterConditionSeedResourcesUpToDate ClusterConditionType = "SeedResourcesUpToDate"
ClusterConditionClusterControllerReconcilingSuccess ClusterConditionType = "ClusterControllerReconciledSuccessfully"
ClusterConditionAddonControllerReconcilingSuccess ClusterConditionType = "AddonControllerReconciledSuccessfully"
ClusterConditionAddonInstallerControllerReconcilingSuccess ClusterConditionType = "AddonInstallerControllerReconciledSuccessfully"
ClusterConditionCloudControllerReconcilingSuccess ClusterConditionType = "CloudControllerReconciledSuccessfully"
ClusterConditionUpdateControllerReconcilingSuccess ClusterConditionType = "UpdateControllerReconciledSuccessfully"
ClusterConditionMonitoringControllerReconcilingSuccess ClusterConditionType = "MonitoringControllerReconciledSuccessfully"
ClusterConditionMachineDeploymentControllerReconcilingSuccess ClusterConditionType = "MachineDeploymentReconciledSuccessfully"
ClusterConditionApplicationInstallationControllerReconcilingSuccess ClusterConditionType = "ApplicationInstallationControllerReconciledSuccessfully"
ClusterConditionKubeLBControllerReconcilingSuccess ClusterConditionType = "KubeLBControllerReconciledSuccessfully"
ClusterConditionCNIControllerReconcilingSuccess ClusterConditionType = "CNIControllerReconciledSuccessfully"
ClusterConditionMLAControllerReconcilingSuccess ClusterConditionType = "MLAControllerReconciledSuccessfully"
ClusterConditionEncryptionControllerReconcilingSuccess ClusterConditionType = "EncryptionControllerReconciledSuccessfully"
ClusterConditionClusterInitialized ClusterConditionType = "ClusterInitialized"
ClusterConditionIPAMControllerReconcilingSuccess ClusterConditionType = "IPAMControllerReconciledSuccessfully"
ClusterConditionClusterBackupControllerReconcilingSuccess ClusterConditionType = "ClusterBackupControllerReconciledSuccessfully"
ClusterConditionEtcdClusterInitialized ClusterConditionType = "EtcdClusterInitialized"
ClusterConditionEncryptionInitialized ClusterConditionType = "EncryptionInitialized"
ClusterConditionUpdateProgress ClusterConditionType = "UpdateProgress"
// ClusterConditionNone is a special value indicating that no cluster condition should be set.
ClusterConditionNone ClusterConditionType = ""
// This condition is met when a CSI migration is ongoing and the CSI
// migration feature gates are activated on the Kubelets of all the nodes.
// When this condition is `true` CSIMigration{provider}Complete can be
// enabled.
ClusterConditionCSIKubeletMigrationCompleted ClusterConditionType = "CSIKubeletMigrationCompleted"
// This condition is used to determine if the CSI addon created by KKP is in use or not.
// This helps in ascertaining if the CSI addon can be removed from the cluster or not.
ClusterConditionCSIAddonInUse ClusterConditionType = "CSIAddonInUse"
ReasonClusterUpdateSuccessful = "ClusterUpdateSuccessful"
ReasonClusterUpdateInProgress = "ClusterUpdateInProgress"
ReasonClusterCSIKubeletMigrationCompleted = "CSIKubeletMigrationSuccess"
ReasonClusterCCMMigrationInProgress = "CSIKubeletMigrationInProgress"
)
var AllClusterConditionTypes = []ClusterConditionType{
ClusterConditionSeedResourcesUpToDate,
ClusterConditionClusterControllerReconcilingSuccess,
ClusterConditionAddonControllerReconcilingSuccess,
ClusterConditionCloudControllerReconcilingSuccess,
ClusterConditionUpdateControllerReconcilingSuccess,
ClusterConditionMonitoringControllerReconcilingSuccess,
}
type ClusterCondition struct {
// Status of the condition, one of True, False, Unknown.
Status corev1.ConditionStatus `json:"status"`
// KubermaticVersion current kubermatic version.
KubermaticVersion string `json:"kubermaticVersion"`
// Last time we got an update on a given condition.
LastHeartbeatTime metav1.Time `json:"lastHeartbeatTime"`
// Last time the condition transit from one status to another.
// +optional
LastTransitionTime metav1.Time `json:"lastTransitionTime,omitempty"`
// (brief) reason for the condition's last transition.
// +optional
Reason string `json:"reason,omitempty"`
// Human readable message indicating details about last transition.
// +optional
Message string `json:"message,omitempty"`
}
// +kubebuilder:validation:Enum=Creating;Updating;Running;Terminating
type ClusterPhase string
// These are the valid phases of a project.
const (
ClusterCreating ClusterPhase = "Creating"
ClusterUpdating ClusterPhase = "Updating"
ClusterRunning ClusterPhase = "Running"
ClusterTerminating ClusterPhase = "Terminating"
)
// ClusterStatus stores status information about a cluster.
type ClusterStatus struct {
// Address contains the IPs/URLs to access the cluster control plane.
// +optional
Address ClusterAddress `json:"address,omitempty"`
// Deprecated: LastUpdated contains the timestamp at which the cluster was last modified.
// It is kept only for KKP 2.20 release to not break the backwards-compatibility and not being set for KKP higher releases.
// +optional
LastUpdated metav1.Time `json:"lastUpdated,omitempty"`
// ExtendedHealth exposes information about the current health state.
// Extends standard health status for new states.
// +optional
ExtendedHealth ExtendedClusterHealth `json:"extendedHealth,omitempty"`
// LastProviderReconciliation is the time when the cloud provider resources
// were last fully reconciled (during normal cluster reconciliation, KKP does
// not re-check things like security groups, networks etc.).
// +optional
LastProviderReconciliation metav1.Time `json:"lastProviderReconciliation,omitempty"`
// NamespaceName defines the namespace the control plane of this cluster is deployed in.
// +optional
NamespaceName string `json:"namespaceName"`
// Versions contains information regarding the current and desired versions
// of the cluster control plane and worker nodes.
// +optional
Versions ClusterVersionsStatus `json:"versions,omitempty"`
// Deprecated: UserName contains the name of the owner of this cluster.
// This field is not actively used and will be removed in the future.
// +optional
UserName string `json:"userName,omitempty"`
// UserEmail contains the email of the owner of this cluster.
// During cluster creation only, this field will be used to bind the `cluster-admin` `ClusterRole` to a cluster owner.
// +optional
UserEmail string `json:"userEmail"`
// ErrorReason contains a error reason in case the controller encountered an error. Will be reset if the error was resolved.
// +optional
ErrorReason *ClusterStatusError `json:"errorReason,omitempty"`
// ErrorMessage contains a default error message in case the controller encountered an error. Will be reset if the error was resolved.
// +optional
ErrorMessage *string `json:"errorMessage,omitempty"`
// Conditions contains conditions the cluster is in, its primary use case is status signaling between controllers or between
// controllers and the API.
// +optional
Conditions map[ClusterConditionType]ClusterCondition `json:"conditions,omitempty"`
// Phase is a description of the current cluster status, summarizing the various conditions,
// possible active updates etc. This field is for informational purpose only and no logic
// should be tied to the phase.
// +optional
Phase ClusterPhase `json:"phase,omitempty"`
// InheritedLabels are labels the cluster inherited from the project. They are read-only for users.
// +optional
InheritedLabels map[string]string `json:"inheritedLabels,omitempty"`
// Encryption describes the status of the encryption-at-rest feature for encrypted data in etcd.
// +optional
Encryption *ClusterEncryptionStatus `json:"encryption,omitempty"`
// ResourceUsage shows the current usage of resources for the cluster.
ResourceUsage *ResourceDetails `json:"resourceUsage,omitempty"`
}
// ClusterVersionsStatus contains information regarding the current and desired versions
// of the cluster control plane and worker nodes.
type ClusterVersionsStatus struct {
// ControlPlane is the currently active cluster version. This can lag behind the apiserver
// version if an update is currently rolling out.
ControlPlane semver.Semver `json:"controlPlane"`
// Apiserver is the currently desired version of the kube-apiserver. During
// upgrades across multiple minor versions (e.g. from 1.20 to 1.23), this will gradually
// be increased by the update-controller until the desired cluster version (spec.version)
// is reached.
Apiserver semver.Semver `json:"apiserver"`
// ControllerManager is the currently desired version of the kube-controller-manager. This
// field behaves the same as the apiserver field.
ControllerManager semver.Semver `json:"controllerManager"`
// Scheduler is the currently desired version of the kube-scheduler. This field behaves the
// same as the apiserver field.
Scheduler semver.Semver `json:"scheduler"`
// OldestNodeVersion is the oldest node version currently in use inside the cluster. This can be
// nil if there are no nodes. This field is primarily for speeding up reconciling, so that
// the controller doesn't have to re-fetch to the usercluster and query its node on every
// reconciliation.
OldestNodeVersion *semver.Semver `json:"oldestNodeVersion,omitempty"`
}
// HasConditionValue returns true if the cluster status has the given condition with the given status.
// It does not verify that the condition has been set by a certain Kubermatic version, it just checks
// the existence.
func (cs *ClusterStatus) HasConditionValue(conditionType ClusterConditionType, conditionStatus corev1.ConditionStatus) bool {
condition, exists := cs.Conditions[conditionType]
if !exists {
return false
}
return condition.Status == conditionStatus
}
// +kubebuilder:validation:Enum=InvalidConfiguration;UnsupportedChange;ReconcileError
type ClusterStatusError string
const (
InvalidConfigurationClusterError ClusterStatusError = "InvalidConfiguration"
UnsupportedChangeClusterError ClusterStatusError = "UnsupportedChange"
ReconcileClusterError ClusterStatusError = "ReconcileError"
)
// ClusterEncryptionStatus holds status information about the encryption-at-rest feature on the user cluster.
type ClusterEncryptionStatus struct {
// The current "primary" key used to encrypt data written to etcd. Secondary keys that can be used for decryption
// (but not encryption) might be configured in the ClusterSpec.
ActiveKey string `json:"activeKey"`
// List of resources currently encrypted.
EncryptedResources []string `json:"encryptedResources"`
// The current phase of the encryption process. Can be one of `Pending`, `Failed`, `Active` or `EncryptionNeeded`.
// The `encryption_controller` logic will process the cluster based on the current phase and issue necessary changes
// to make sure encryption on the cluster is active and updated with what the ClusterSpec defines.
Phase ClusterEncryptionPhase `json:"phase"`
}
// +kubebuilder:validation:Enum=Pending;Failed;Active;EncryptionNeeded
type ClusterEncryptionPhase string
const (
ClusterEncryptionPhasePending ClusterEncryptionPhase = "Pending"
ClusterEncryptionPhaseFailed ClusterEncryptionPhase = "Failed"
ClusterEncryptionPhaseActive ClusterEncryptionPhase = "Active"
ClusterEncryptionPhaseEncryptionNeeded ClusterEncryptionPhase = "EncryptionNeeded"
)
// OIDCSettings contains OIDC configuration parameters for enabling authentication mechanism for the cluster.
type OIDCSettings struct {
IssuerURL string `json:"issuerURL,omitempty"`
ClientID string `json:"clientID,omitempty"`
ClientSecret string `json:"clientSecret,omitempty"`
UsernameClaim string `json:"usernameClaim,omitempty"`
GroupsClaim string `json:"groupsClaim,omitempty"`
RequiredClaim string `json:"requiredClaim,omitempty"`
ExtraScopes string `json:"extraScopes,omitempty"`
UsernamePrefix string `json:"usernamePrefix,omitempty"`
GroupsPrefix string `json:"groupsPrefix,omitempty"`
}
// EventRateLimitConfig configures the `EventRateLimit` admission plugin.
// More info: https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/#eventratelimit
type EventRateLimitConfig struct {
Server *EventRateLimitConfigItem `json:"server,omitempty"`
Namespace *EventRateLimitConfigItem `json:"namespace,omitempty"`
User *EventRateLimitConfigItem `json:"user,omitempty"`
SourceAndObject *EventRateLimitConfigItem `json:"sourceAndObject,omitempty"`
}
type EventRateLimitConfigItem struct {
QPS int32 `json:"qps"`
Burst int32 `json:"burst"`
CacheSize int32 `json:"cacheSize,omitempty"`
}
// OPAIntegrationSettings configures the usage of OPA (Open Policy Agent) Gatekeeper inside the user cluster.
type OPAIntegrationSettings struct {
// Enables OPA Gatekeeper integration.
Enabled bool `json:"enabled,omitempty"`
// +kubebuilder:default=10
// The timeout in seconds that is set for the Gatekeeper validating webhook admission review calls.
// Defaults to `10` (seconds).
WebhookTimeoutSeconds *int32 `json:"webhookTimeoutSeconds,omitempty"`
// Optional: Enables experimental mutation in Gatekeeper.
ExperimentalEnableMutation bool `json:"experimentalEnableMutation,omitempty"`
// Optional: ControllerResources is the resource requirements for user cluster gatekeeper controller.
ControllerResources *corev1.ResourceRequirements `json:"controllerResources,omitempty"`
// Optional: AuditResources is the resource requirements for user cluster gatekeeper audit.
AuditResources *corev1.ResourceRequirements `json:"auditResources,omitempty"`
}
type ServiceAccountSettings struct {
TokenVolumeProjectionEnabled bool `json:"tokenVolumeProjectionEnabled,omitempty"`
// Issuer is the identifier of the service account token issuer
// If this is not specified, it will be set to the URL of apiserver by default
Issuer string `json:"issuer,omitempty"`
// APIAudiences are the Identifiers of the API
// If this is not specified, it will be set to a single element list containing the issuer URL
APIAudiences []string `json:"apiAudiences,omitempty"`
}
type MLASettings struct {
// MonitoringEnabled is the flag for enabling monitoring in user cluster.
MonitoringEnabled bool `json:"monitoringEnabled,omitempty"`
// LoggingEnabled is the flag for enabling logging in user cluster.
LoggingEnabled bool `json:"loggingEnabled,omitempty"`
// MonitoringResources is the resource requirements for user cluster prometheus.
MonitoringResources *corev1.ResourceRequirements `json:"monitoringResources,omitempty"`
// LoggingResources is the resource requirements for user cluster promtail.
LoggingResources *corev1.ResourceRequirements `json:"loggingResources,omitempty"`
// MonitoringReplicas is the number of desired pods of user cluster prometheus deployment.
MonitoringReplicas *int32 `json:"monitoringReplicas,omitempty"`
}
type ApplicationSettings struct {
// CacheSize is the size of the cache used to download application's sources.
CacheSize *resource.Quantity `json:"cacheSize,omitempty"`
}
// +kubebuilder:validation:Enum="";preferred;required
// AntiAffinityType is the type of anti-affinity that should be used. Can be "preferred"
// or "required".
type AntiAffinityType string
const (
AntiAffinityTypePreferred = "preferred"
AntiAffinityTypeRequired = "required"
)
type ComponentSettings struct {
// Apiserver configures kube-apiserver settings.
Apiserver APIServerSettings `json:"apiserver"`
// ControllerManager configures kube-controller-manager settings.
ControllerManager ControllerSettings `json:"controllerManager"`
// Scheduler configures kube-scheduler settings.
Scheduler ControllerSettings `json:"scheduler"`
// Etcd configures the etcd ring used to store Kubernetes data.
Etcd EtcdStatefulSetSettings `json:"etcd"`
// Prometheus configures the Prometheus instance deployed into the cluster control plane.
Prometheus StatefulSetSettings `json:"prometheus"`
// NodePortProxyEnvoy configures the per-cluster nodeport-proxy-envoy that is deployed if
// the `LoadBalancer` expose strategy is used. This is not effective if a different expose
// strategy is configured.
NodePortProxyEnvoy NodeportProxyComponent `json:"nodePortProxyEnvoy"`
// KonnectivityProxy configures konnectivity-server and konnectivity-agent components.
KonnectivityProxy KonnectivityProxySettings `json:"konnectivityProxy,omitempty"`
// UserClusterController configures the KKP usercluster-controller deployed as part of the cluster control plane.
UserClusterController *ControllerSettings `json:"userClusterController,omitempty"`
}
type APIServerSettings struct {
DeploymentSettings `json:",inline"`
EndpointReconcilingDisabled *bool `json:"endpointReconcilingDisabled,omitempty"`
NodePortRange string `json:"nodePortRange,omitempty"`
}
type KonnectivityProxySettings struct {
// Resources configure limits/requests for Konnectivity components.
Resources *corev1.ResourceRequirements `json:"resources,omitempty"`
// KeepaliveTime represents a duration of time to check if the transport is still alive.
// The option is propagated to agents and server.
// Defaults to 1m.
KeepaliveTime string `json:"keepaliveTime,omitempty"`
}
type ControllerSettings struct {
DeploymentSettings `json:",inline"`
LeaderElectionSettings `json:"leaderElection,omitempty"`
}
type DeploymentSettings struct {
Replicas *int32 `json:"replicas,omitempty"`
Resources *corev1.ResourceRequirements `json:"resources,omitempty"`
Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
}
type StatefulSetSettings struct {
Resources *corev1.ResourceRequirements `json:"resources,omitempty"`
}
type EtcdStatefulSetSettings struct {
// ClusterSize is the number of replicas created for etcd. This should be an
// odd number to guarantee consensus, e.g. 3, 5 or 7.
ClusterSize *int32 `json:"clusterSize,omitempty"`
// StorageClass is the Kubernetes StorageClass used for persistent storage
// which stores the etcd WAL and other data persisted across restarts. Defaults to
// `kubermatic-fast` (the global default).
StorageClass string `json:"storageClass,omitempty"`
// DiskSize is the volume size used when creating persistent storage from
// the configured StorageClass. This is inherited from KubermaticConfiguration
// if not set. Defaults to 5Gi.
DiskSize *resource.Quantity `json:"diskSize,omitempty"`
// Resources allows to override the resource requirements for etcd Pods.
Resources *corev1.ResourceRequirements `json:"resources,omitempty"`
// Tolerations allows to override the scheduling tolerations for etcd Pods.
Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
// HostAntiAffinity allows to enforce a certain type of host anti-affinity on etcd
// pods. Options are "preferred" (default) and "required". Please note that
// enforcing anti-affinity via "required" can mean that pods are never scheduled.
HostAntiAffinity AntiAffinityType `json:"hostAntiAffinity,omitempty"`
// ZoneAntiAffinity allows to enforce a certain type of availability zone anti-affinity on etcd
// pods. Options are "preferred" (default) and "required". Please note that
// enforcing anti-affinity via "required" can mean that pods are never scheduled.
ZoneAntiAffinity AntiAffinityType `json:"zoneAntiAffinity,omitempty"`
// NodeSelector is a selector which restricts the set of nodes where etcd Pods can run.
NodeSelector map[string]string `json:"nodeSelector,omitempty"`
}
type LeaderElectionSettings struct {
// LeaseDurationSeconds is the duration in seconds that non-leader candidates
// will wait to force acquire leadership. This is measured against time of
// last observed ack.
// +optional
LeaseDurationSeconds *int32 `json:"leaseDurationSeconds,omitempty"`
// RenewDeadlineSeconds is the duration in seconds that the acting controlplane
// will retry refreshing leadership before giving up.
// +optional
RenewDeadlineSeconds *int32 `json:"renewDeadlineSeconds,omitempty"`
// RetryPeriodSeconds is the duration in seconds the LeaderElector clients
// should wait between tries of actions.
// +optional
RetryPeriodSeconds *int32 `json:"retryPeriodSeconds,omitempty"`
}
// +kubebuilder:validation:Enum="";IPv4;IPv4+IPv6
type IPFamily string
const (
// IPFamilyUnspecified represents unspecified IP address family, which is interpreted as IPv4.
IPFamilyUnspecified IPFamily = ""
// IPFamilyIPv4 represents IPv4-only address family.
IPFamilyIPv4 IPFamily = "IPv4"
// IPFamilyDualStack represents dual-stack address family with IPv4 as the primary address family.
IPFamilyDualStack IPFamily = "IPv4+IPv6"
)
// ClusterNetworkingConfig specifies the different networking
// parameters for a cluster.
type ClusterNetworkingConfig struct {
// Optional: IP family used for cluster networking. Supported values are "", "IPv4" or "IPv4+IPv6".
// Can be omitted / empty if pods and services network ranges are specified.
// In that case it defaults according to the IP families of the provided network ranges.
// If neither ipFamily nor pods & services network ranges are specified, defaults to "IPv4".
// +optional
IPFamily IPFamily `json:"ipFamily,omitempty"`
// The network ranges from which service VIPs are allocated.
// It can contain one IPv4 and/or one IPv6 CIDR.
// If both address families are specified, the first one defines the primary address family.
Services NetworkRanges `json:"services"`
// The network ranges from which POD networks are allocated.
// It can contain one IPv4 and/or one IPv6 CIDR.
// If both address families are specified, the first one defines the primary address family.
Pods NetworkRanges `json:"pods"`
// NodeCIDRMaskSizeIPv4 is the mask size used to address the nodes within provided IPv4 Pods CIDR.
// It has to be larger than the provided IPv4 Pods CIDR. Defaults to 24.
// +optional
NodeCIDRMaskSizeIPv4 *int32 `json:"nodeCidrMaskSizeIPv4,omitempty"`
// NodeCIDRMaskSizeIPv6 is the mask size used to address the nodes within provided IPv6 Pods CIDR.
// It has to be larger than the provided IPv6 Pods CIDR. Defaults to 64.
// +optional
NodeCIDRMaskSizeIPv6 *int32 `json:"nodeCidrMaskSizeIPv6,omitempty"`
// Domain name for services.
DNSDomain string `json:"dnsDomain"`
// +kubebuilder:validation:Enum=ipvs;iptables;ebpf
// +kubebuilder:default=ipvs
// ProxyMode defines the kube-proxy mode ("ipvs" / "iptables" / "ebpf").
// Defaults to "ipvs". "ebpf" disables kube-proxy and requires CNI support.
ProxyMode string `json:"proxyMode"`
// IPVS defines kube-proxy ipvs configuration options
IPVS *IPVSConfiguration `json:"ipvs,omitempty"`
// +kubebuilder:default=true
// NodeLocalDNSCacheEnabled controls whether the NodeLocal DNS Cache feature is enabled.
// Defaults to true.
NodeLocalDNSCacheEnabled *bool `json:"nodeLocalDNSCacheEnabled,omitempty"`
// CoreDNSReplicas is the number of desired pods of user cluster coredns deployment.
CoreDNSReplicas *int32 `json:"coreDNSReplicas,omitempty"`
// Deprecated: KonnectivityEnabled enables konnectivity for controlplane to node network communication.
// As OpenVPN will be removed in the future KKP versions, clusters with konnectivity disabled will not be supported.
// All existing clusters with OpenVPN should migrate to the Konnectivity.
KonnectivityEnabled *bool `json:"konnectivityEnabled,omitempty"`
// TunnelingAgentIP is the address used by the tunneling agents
TunnelingAgentIP string `json:"tunnelingAgentIP,omitempty"`
}
// MachineNetworkingConfig specifies the networking parameters used for IPAM.
type MachineNetworkingConfig struct {
CIDR string `json:"cidr"`
Gateway string `json:"gateway"`
DNSServers []string `json:"dnsServers"`
}
// NetworkRanges represents ranges of network addresses.
type NetworkRanges struct {
CIDRBlocks []string `json:"cidrBlocks"`
}
// ClusterAddress stores access and address information of a cluster.
type ClusterAddress struct {
// URL under which the Apiserver is available
// +optional
URL string `json:"url"`
// Port is the port the API server listens on
// +optional
Port int32 `json:"port"`
// ExternalName is the DNS name for this cluster
// +optional
ExternalName string `json:"externalName"`
// InternalName is the seed cluster internal absolute DNS name to the API server
// +optional
InternalName string `json:"internalURL"`
// AdminToken is the token for the kubeconfig, the user can download
// +optional
AdminToken string `json:"adminToken"`
// IP is the external IP under which the apiserver is available
// +optional
IP string `json:"ip"`
}
// IPVSConfiguration contains ipvs-related configuration details for kube-proxy.
type IPVSConfiguration struct {
// +kubebuilder:default=true
// StrictArp configure arp_ignore and arp_announce to avoid answering ARP queries from kube-ipvs0 interface.
// defaults to true.
StrictArp *bool `json:"strictArp,omitempty"`
}
// CloudSpec stores configuration options for a given cloud provider. Provider specs are mutually exclusive.
type CloudSpec struct {
// DatacenterName states the name of a cloud provider "datacenter" (defined in `Seed` resources)
// this cluster should be deployed into.
DatacenterName string `json:"dc"`
// ProviderName is the name of the cloud provider used for this cluster.
// This must match the given provider spec (e.g. if the providerName is
// "aws", then the `aws` field must be set).
ProviderName string `json:"providerName"`
// Fake is a dummy cloud provider that is only used for testing purposes.
// Do not try to actually use it.
Fake *FakeCloudSpec `json:"fake,omitempty"`
// Digitalocean defines the configuration data of the DigitalOcean cloud provider.
Digitalocean *DigitaloceanCloudSpec `json:"digitalocean,omitempty"`
// BringYourOwn defines the configuration data for a Bring Your Own cluster.
BringYourOwn *BringYourOwnCloudSpec `json:"bringyourown,omitempty"`
// Edge defines the configuration data for an edge cluster.
Edge *EdgeCloudSpec `json:"edge,omitempty"`
// AWS defines the configuration data of the Amazon Web Services(AWS) cloud provider.
AWS *AWSCloudSpec `json:"aws,omitempty"`
// Azure defines the configuration data of the Microsoft Azure cloud.
Azure *AzureCloudSpec `json:"azure,omitempty"`
// Openstack defines the configuration data of an OpenStack cloud.
Openstack *OpenstackCloudSpec `json:"openstack,omitempty"`
// Packet defines the configuration data of a Packet cloud.
Packet *PacketCloudSpec `json:"packet,omitempty"`
// Hetzner defines the configuration data of the Hetzner cloud.
Hetzner *HetznerCloudSpec `json:"hetzner,omitempty"`
// VSphere defines the configuration data of the vSphere.
VSphere *VSphereCloudSpec `json:"vsphere,omitempty"`
// GCP defines the configuration data of the Google Cloud Platform(GCP).
GCP *GCPCloudSpec `json:"gcp,omitempty"`
// Kubevirt defines the configuration data of the KubeVirt.
Kubevirt *KubevirtCloudSpec `json:"kubevirt,omitempty"`
// Alibaba defines the configuration data of the Alibaba.
Alibaba *AlibabaCloudSpec `json:"alibaba,omitempty"`
// Anexia defines the configuration data of the Anexia.
Anexia *AnexiaCloudSpec `json:"anexia,omitempty"`
// Nutanix defines the configuration data of the Nutanix.
Nutanix *NutanixCloudSpec `json:"nutanix,omitempty"`
// VMwareCloudDirector defines the configuration data of the VMware Cloud Director.
VMwareCloudDirector *VMwareCloudDirectorCloudSpec `json:"vmwareclouddirector,omitempty"`
}
// FakeCloudSpec specifies access data for a fake cloud.
type FakeCloudSpec struct {
Token string `json:"token,omitempty"`
}
// DigitaloceanCloudSpec specifies access data to DigitalOcean.
type DigitaloceanCloudSpec struct {