/
configuration.go
498 lines (448 loc) · 27.1 KB
/
configuration.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
/*
Copyright 2020 The Kubermatic Kubernetes Platform contributors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
package v1
import (
"k8c.io/kubermatic/v2/pkg/semver"
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +kubebuilder:validation:Enum=always;externalCloudProvider;inTreeProvider
// ConditionType is the type defining the cluster or datacenter condition that must be met to block a specific version.
type ConditionType string
const (
// AlwaysCondition represent an always true matching condition used while checking provider incompatibilities.
AlwaysCondition ConditionType = "always"
// ExternalCloudProviderCondition is an incompatibility condition that represents the usage of the external Cloud Provider.
ExternalCloudProviderCondition ConditionType = ClusterFeatureExternalCloudProvider
// InTreeCloudProviderCondition is an incompatibility condition that represents the usage of the in-tree Cloud Provider.
InTreeCloudProviderCondition ConditionType = "inTreeProvider"
)
// +kubebuilder:validation:Enum=CREATE;UPGRADE;SUPPORT
// OperationType is the type defining the operations triggering the compatibility check (CREATE or UPDATE).
type OperationType string
const (
// CreateOperation represents the creation of a new cluster.
CreateOperation OperationType = "CREATE"
// UpdateOperation represents the update of an existing cluster.
UpdateOperation OperationType = "UPGRADE"
// SupportOperation represents the possibility to enable a new feature on an existing cluster.
SupportOperation OperationType = "SUPPORT"
)
// +kubebuilder:object:generate=true
// +kubebuilder:object:root=true
// +kubebuilder:printcolumn:JSONPath=".metadata.creationTimestamp",name="Age",type="date"
// KubermaticConfiguration is the configuration required for running Kubermatic.
type KubermaticConfiguration struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec KubermaticConfigurationSpec `json:"spec,omitempty"`
Status KubermaticConfigurationStatus `json:"status,omitempty"`
}
// KubermaticConfigurationStatus stores status information about a KubermaticConfiguration.
type KubermaticConfigurationStatus struct {
// KubermaticVersion current Kubermatic Version.
KubermaticVersion string `json:"kubermaticVersion,omitempty"`
// KubermaticEdition current Kubermatic Edition , i.e. Community Edition or Enterprise Edition.
KubermaticEdition string `json:"kubermaticEdition,omitempty"`
}
// KubermaticConfigurationSpec is the spec for a Kubermatic installation.
type KubermaticConfigurationSpec struct {
// CABundle references a ConfigMap in the same namespace as the KubermaticConfiguration.
// This ConfigMap must contain a ca-bundle.pem with PEM-encoded certificates. This bundle
// automatically synchronized into each seed and each usercluster. APIGroup and Kind are
// currently ignored.
CABundle corev1.TypedLocalObjectReference `json:"caBundle,omitempty"`
// ImagePullSecret is used to authenticate against Docker registries.
ImagePullSecret string `json:"imagePullSecret,omitempty"`
// Auth defines keys and URLs for Dex. These must be defined unless the HeadlessInstallation
// feature gate is set, which will disable the UI/API and its need for an OIDC provider entirely.
// +optional
Auth KubermaticAuthConfiguration `json:"auth"`
// FeatureGates are used to optionally enable certain features.
FeatureGates map[string]bool `json:"featureGates,omitempty"`
// UI configures the dashboard.
UI KubermaticUIConfiguration `json:"ui,omitempty"`
// API configures the frontend REST API used by the dashboard.
API KubermaticAPIConfiguration `json:"api,omitempty"`
// SeedController configures the seed-controller-manager.
SeedController KubermaticSeedControllerConfiguration `json:"seedController,omitempty"`
// MasterController configures the master-controller-manager.
MasterController KubermaticMasterControllerConfiguration `json:"masterController,omitempty"`
// Webhook configures the webhook.
Webhook KubermaticWebhookConfiguration `json:"webhook,omitempty"`
// UserCluster configures various aspects of the user-created clusters.
UserCluster KubermaticUserClusterConfiguration `json:"userCluster,omitempty"`
// ExposeStrategy is the strategy to expose the cluster with.
// Note: The `seed_dns_overwrite` setting of a Seed's datacenter doesn't have any effect
// if this is set to LoadBalancerStrategy.
ExposeStrategy ExposeStrategy `json:"exposeStrategy,omitempty"`
// Ingress contains settings for making the API and UI accessible remotely.
Ingress KubermaticIngressConfiguration `json:"ingress,omitempty"`
// Versions configures the available and default Kubernetes versions and updates.
Versions KubermaticVersioningConfiguration `json:"versions,omitempty"`
// VerticalPodAutoscaler configures the Kubernetes VPA integration.
VerticalPodAutoscaler KubermaticVPAConfiguration `json:"verticalPodAutoscaler,omitempty"`
// Proxy allows to configure Kubermatic to use proxies to talk to the
// world outside of its cluster.
Proxy KubermaticProxyConfiguration `json:"proxy,omitempty"`
}
// KubermaticAuthConfiguration defines keys and URLs for Dex.
type KubermaticAuthConfiguration struct {
ClientID string `json:"clientID,omitempty"`
TokenIssuer string `json:"tokenIssuer,omitempty"`
IssuerRedirectURL string `json:"issuerRedirectURL,omitempty"`
IssuerClientID string `json:"issuerClientID,omitempty"`
IssuerClientSecret string `json:"issuerClientSecret,omitempty"`
IssuerCookieKey string `json:"issuerCookieKey,omitempty"`
ServiceAccountKey string `json:"serviceAccountKey,omitempty"`
SkipTokenIssuerTLSVerify bool `json:"skipTokenIssuerTLSVerify,omitempty"`
}
// KubermaticAPIConfiguration configures the dashboard.
type KubermaticAPIConfiguration struct {
// DockerRepository is the repository containing the Kubermatic REST API image.
DockerRepository string `json:"dockerRepository,omitempty"`
// AccessibleAddons is a list of addons that should be enabled in the API.
AccessibleAddons []string `json:"accessibleAddons,omitempty"`
// PProfEndpoint controls the port the API should listen on to provide pprof
// data. This port is never exposed from the container and only available via port-forwardings.
PProfEndpoint *string `json:"pprofEndpoint,omitempty"`
// Resources describes the requested and maximum allowed CPU/memory usage.
Resources corev1.ResourceRequirements `json:"resources,omitempty"`
// DebugLog enables more verbose logging.
DebugLog bool `json:"debugLog,omitempty"`
// Replicas sets the number of pod replicas for the API deployment.
Replicas *int32 `json:"replicas,omitempty"`
}
// KubermaticUIConfiguration configures the dashboard.
type KubermaticUIConfiguration struct {
// DockerRepository is the repository containing the Kubermatic dashboard image.
DockerRepository string `json:"dockerRepository,omitempty"`
// DockerTag is used to overwrite the dashboard Docker image tag and is only for development
// purposes. This field must not be set in production environments. If DockerTag is specified then
// DockerTagSuffix will be ignored.
// ---
//nolint:staticcheck
//lint:ignore SA5008 omitgenyaml is used by the example-yaml-generator
DockerTag string `json:"dockerTag,omitempty,omitgenyaml"`
// DockerTagSuffix is appended to the KKP version used for referring to the custom dashboard image.
// If left empty, either the `DockerTag` if specified or the original dashboard Docker image tag will be used.
// With DockerTagSuffix the tag becomes <KKP_VERSION:SUFFIX> i.e. "v2.15.0-SUFFIX".
DockerTagSuffix string `json:"dockerTagSuffix,omitempty"`
// Config sets flags for various dashboard features.
Config string `json:"config,omitempty"`
// Resources describes the requested and maximum allowed CPU/memory usage.
Resources corev1.ResourceRequirements `json:"resources,omitempty"`
// Replicas sets the number of pod replicas for the UI deployment.
Replicas *int32 `json:"replicas,omitempty"`
// ExtraVolumeMounts allows to mount additional volumes into the UI container.
ExtraVolumeMounts []corev1.VolumeMount `json:"extraVolumeMounts,omitempty"`
// ExtraVolumes allows to mount additional volumes into the UI container.
ExtraVolumes []corev1.Volume `json:"extraVolumes,omitempty"`
}
// KubermaticSeedControllerConfiguration configures the Kubermatic seed controller-manager.
type KubermaticSeedControllerConfiguration struct {
// DockerRepository is the repository containing the Kubermatic seed-controller-manager image.
DockerRepository string `json:"dockerRepository,omitempty"`
// BackupStoreContainer is the container used for shipping etcd snapshots to a backup location.
BackupStoreContainer string `json:"backupStoreContainer,omitempty"`
// BackupDeleteContainer is the container used for deleting etcd snapshots from a backup location.
BackupDeleteContainer string `json:"backupDeleteContainer,omitempty"`
// Deprecated: BackupCleanupContainer is the container used for removing expired backups from the storage location.
// This field is a no-op and is no longer used. The old backup controller it was used for has been
// removed. Do not set this field.
BackupCleanupContainer string `json:"backupCleanupContainer,omitempty"`
// MaximumParallelReconciles limits the number of cluster reconciliations
// that are active at any given time.
MaximumParallelReconciles int `json:"maximumParallelReconciles,omitempty"`
// PProfEndpoint controls the port the seed-controller-manager should listen on to provide pprof
// data. This port is never exposed from the container and only available via port-forwardings.
PProfEndpoint *string `json:"pprofEndpoint,omitempty"`
// Resources describes the requested and maximum allowed CPU/memory usage.
Resources corev1.ResourceRequirements `json:"resources,omitempty"`
// DebugLog enables more verbose logging.
DebugLog bool `json:"debugLog,omitempty"`
// Replicas sets the number of pod replicas for the seed-controller-manager.
Replicas *int32 `json:"replicas,omitempty"`
}
// KubermaticWebhookConfiguration configures the Kubermatic webhook.
type KubermaticWebhookConfiguration struct {
// DockerRepository is the repository containing the Kubermatic webhook image.
DockerRepository string `json:"dockerRepository,omitempty"`
// PProfEndpoint controls the port the webhook should listen on to provide pprof
// data. This port is never exposed from the container and only available via port-forwardings.
PProfEndpoint *string `json:"pprofEndpoint,omitempty"`
// Resources describes the requested and maximum allowed CPU/memory usage.
Resources corev1.ResourceRequirements `json:"resources,omitempty"`
// DebugLog enables more verbose logging.
DebugLog bool `json:"debugLog,omitempty"`
// Replicas sets the number of pod replicas for the webhook.
Replicas *int32 `json:"replicas,omitempty"`
}
// KubermaticUserClusterConfiguration controls various aspects of the user-created clusters.
type KubermaticUserClusterConfiguration struct {
// KubermaticDockerRepository is the repository containing the Kubermatic user-cluster-controller-manager image.
KubermaticDockerRepository string `json:"kubermaticDockerRepository,omitempty"`
// DNATControllerDockerRepository is the repository containing the
// dnat-controller image.
DNATControllerDockerRepository string `json:"dnatControllerDockerRepository,omitempty"`
// EtcdLauncherDockerRepository is the repository containing the Kubermatic
// etcd-launcher image.
EtcdLauncherDockerRepository string `json:"etcdLauncherDockerRepository,omitempty"`
// OverwriteRegistry specifies a custom Docker registry which will be used for all images
// used for user clusters (user cluster control plane + addons). This also applies to
// the KubermaticDockerRepository and DNATControllerDockerRepository fields.
OverwriteRegistry string `json:"overwriteRegistry,omitempty"`
// Addons controls the optional additions installed into each user cluster.
Addons KubermaticAddonsConfiguration `json:"addons,omitempty"`
// SystemApplications contains configuration for system Applications (such as CNI).
SystemApplications SystemApplicationsConfiguration `json:"systemApplications,omitempty"`
// NodePortRange is the port range for user clusters - this must match the NodePort
// range of the seed cluster.
NodePortRange string `json:"nodePortRange,omitempty"`
// Monitoring can be used to fine-tune to in-cluster Prometheus.
Monitoring KubermaticUserClusterMonitoringConfiguration `json:"monitoring,omitempty"`
// DisableAPIServerEndpointReconciling can be used to toggle the `--endpoint-reconciler-type` flag for
// the Kubernetes API server.
DisableAPIServerEndpointReconciling bool `json:"disableApiserverEndpointReconciling,omitempty"`
// EtcdVolumeSize configures the volume size to use for each etcd pod inside user clusters.
EtcdVolumeSize string `json:"etcdVolumeSize,omitempty"`
// APIServerReplicas configures the replica count for the API-Server deployment inside user clusters.
APIServerReplicas *int32 `json:"apiserverReplicas,omitempty"`
// MachineController configures the Machine Controller
MachineController MachineControllerConfiguration `json:"machineController,omitempty"`
// OperatingSystemManager configures the image repo and the tag version for osm deployment.
OperatingSystemManager OperatingSystemManager `json:"operatingSystemManager,omitempty"`
}
// KubermaticUserClusterMonitoringConfiguration can be used to fine-tune to in-cluster Prometheus.
type KubermaticUserClusterMonitoringConfiguration struct {
// DisableDefaultRules disables the recording and alerting rules.
DisableDefaultRules bool `json:"disableDefaultRules,omitempty"`
// DisableDefaultScrapingConfigs disables the default scraping targets.
DisableDefaultScrapingConfigs bool `json:"disableDefaultScrapingConfigs,omitempty"`
// CustomRules can be used to inject custom recording and alerting rules. This field
// must be a YAML-formatted string with a `group` element at its root, as documented
// on https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/.
// This value is treated as a Go template, which allows to inject dynamic values like
// the internal cluster address or the cluster ID. Refer to pkg/resources/prometheus
// and the documentation for more information on the available fields.
CustomRules string `json:"customRules,omitempty"`
// CustomScrapingConfigs can be used to inject custom scraping rules. This must be a
// YAML-formatted string containing an array of scrape configurations as documented
// on https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config.
// This value is treated as a Go template, which allows to inject dynamic values like
// the internal cluster address or the cluster ID. Refer to pkg/resources/prometheus
// and the documentation for more information on the available fields.
CustomScrapingConfigs string `json:"customScrapingConfigs,omitempty"`
// ScrapeAnnotationPrefix (if set) is used to make the in-cluster Prometheus scrape pods
// inside the user clusters.
ScrapeAnnotationPrefix string `json:"scrapeAnnotationPrefix,omitempty"`
}
// MachineControllerConfiguration configures Machine Controller.
type MachineControllerConfiguration struct {
// ImageRepository is used to override the Machine Controller image repository.
// It is only for development, tests and PoC purposes. This field must not be set in production environments.
ImageRepository string `json:"imageRepository,omitempty"`
// ImageTag is used to override the Machine Controller image.
// It is only for development, tests and PoC purposes. This field must not be set in production environments.
ImageTag string `json:"imageTag,omitempty"`
}
// OperatingSystemManager configures the image repo and the tag version for osm deployment.
type OperatingSystemManager struct {
// ImageRepository is used to override the OperatingSystemManager image repository.
// It is recommended to use this field only for development, tests and PoC purposes. For production environments.
// it is not recommended, to use this field due to compatibility with the overall KKP stack.
ImageRepository string `json:"imageRepository,omitempty"`
// ImageTag is used to override the OperatingSystemManager image.
// It is recommended to use this field only for development, tests and PoC purposes. For production environments.
// it is not recommended, to use this field due to compatibility with the overall KKP stack.
ImageTag string `json:"imageTag,omitempty"`
}
// KubermaticAddonConfiguration describes the addons for a given cluster runtime.
type KubermaticAddonsConfiguration struct {
// Default is the list of addons to be installed by default into each cluster.
// Mutually exclusive with "defaultManifests".
Default []string `json:"default,omitempty"`
// DefaultManifests is a list of addon manifests to install into all clusters.
// Mutually exclusive with "default".
DefaultManifests string `json:"defaultManifests,omitempty"`
// DockerRepository is the repository containing the Docker image containing
// the possible addon manifests.
DockerRepository string `json:"dockerRepository,omitempty"`
// DockerTagSuffix is appended to the tag used for referring to the addons image.
// If left empty, the tag will be the KKP version (e.g. "v2.15.0"), with a
// suffix it becomes "v2.15.0-SUFFIX".
DockerTagSuffix string `json:"dockerTagSuffix,omitempty"`
}
// SystemApplicationsConfiguration contains configuration for system Applications (e.g. CNI).
type SystemApplicationsConfiguration struct {
// HelmRepository specifies OCI repository containing Helm charts of system Applications.
HelmRepository string `json:"helmRepository,omitempty"`
// HelmRegistryConfigFile optionally holds the ref and key in the secret for the OCI registry credential file.
// The value is dockercfg file that follows the same format rules as ~/.docker/config.json
// The Secret must exist in the namespace where KKP is installed (default is "kubermatic").
// The Secret must be annotated with `apps.kubermatic.k8c.io/secret-type:` set to "helm".
HelmRegistryConfigFile *corev1.SecretKeySelector `json:"helmRegistryConfigFile,omitempty"`
}
type KubermaticIngressConfiguration struct {
// Domain is the base domain where the dashboard shall be available. Even with
// a disabled Ingress, this must always be a valid hostname.
Domain string `json:"domain"`
// ClassName is the Ingress resource's class name, used for selecting the appropriate
// ingress controller.
ClassName string `json:"className,omitempty"`
// NamespaceOverride need to be set if a different ingress-controller is used than the KKP default one.
NamespaceOverride string `json:"namespaceOverride,omitempty"`
// Disable will prevent an Ingress from being created at all. This is mostly useful
// during testing. If the Ingress is disabled, the CertificateIssuer setting can also
// be left empty, as no Certificate resource will be created.
Disable bool `json:"disable,omitempty"`
// CertificateIssuer is the name of a cert-manager Issuer or ClusterIssuer (default)
// that will be used to acquire the certificate for the configured domain.
// To use a namespaced Issuer, set the Kind to "Issuer" and manually create the
// matching Issuer in Kubermatic's namespace.
// Setting an empty name disables the automatic creation of certificates and disables
// the TLS settings on the Kubermatic Ingress.
CertificateIssuer corev1.TypedLocalObjectReference `json:"certificateIssuer,omitempty"`
}
// KubermaticMasterControllerConfiguration configures the Kubermatic master controller-manager.
type KubermaticMasterControllerConfiguration struct {
// DockerRepository is the repository containing the Kubermatic master-controller-manager image.
DockerRepository string `json:"dockerRepository,omitempty"`
// ProjectsMigrator configures the migrator for user projects.
ProjectsMigrator KubermaticProjectsMigratorConfiguration `json:"projectsMigrator,omitempty"`
// PProfEndpoint controls the port the master-controller-manager should listen on to provide pprof
// data. This port is never exposed from the container and only available via port-forwardings.
PProfEndpoint *string `json:"pprofEndpoint,omitempty"`
// Resources describes the requested and maximum allowed CPU/memory usage.
Resources corev1.ResourceRequirements `json:"resources,omitempty"`
// DebugLog enables more verbose logging.
DebugLog bool `json:"debugLog,omitempty"`
// Replicas sets the number of pod replicas for the master-controller-manager.
Replicas *int32 `json:"replicas,omitempty"`
}
// KubermaticProjectsMigratorConfiguration configures the Kubermatic master controller-manager.
type KubermaticProjectsMigratorConfiguration struct {
// DryRun makes the migrator only log the actions it would take.
DryRun bool `json:"dryRun,omitempty"`
}
// KubermaticVersioningConfiguration configures the available and default Kubernetes versions.
type KubermaticVersioningConfiguration struct {
// Versions lists the available versions.
Versions []semver.Semver `json:"versions,omitempty"`
// Default is the default version to offer users.
Default *semver.Semver `json:"default,omitempty"`
// Updates is a list of available and automatic upgrades.
// All 'to' versions must be configured in the version list for this orchestrator.
// Each update may optionally be configured to be 'automatic: true', in which case the
// controlplane of all clusters whose version matches the 'from' directive will get
// updated to the 'to' version. If automatic is enabled, the 'to' version must be a
// version and not a version range.
// Also, updates may set 'automaticNodeUpdate: true', in which case Nodes will get
// updates as well. 'automaticNodeUpdate: true' implies 'automatic: true' as well,
// because Nodes may not have a newer version than the controlplane.
Updates []Update `json:"updates,omitempty"`
// ProviderIncompatibilities lists all the Kubernetes version incompatibilities
ProviderIncompatibilities []Incompatibility `json:"providerIncompatibilities,omitempty"`
// ExternalClusters contains the available and default Kubernetes versions and updates for ExternalClusters.
ExternalClusters map[ExternalClusterProviderType]ExternalClusterProviderVersioningConfiguration `json:"externalClusters,omitempty"`
}
// ExternalClusterProviderType is used to indicate ExternalCluster Provider Types.
type ExternalClusterProviderType string
const (
EKSProviderType ExternalClusterProviderType = "eks"
GKEProviderType ExternalClusterProviderType = "gke"
AKSProviderType ExternalClusterProviderType = "aks"
)
// ExternalClusterProviderVersioningConfiguration configures the available and default Kubernetes versions for ExternalCluster Providers.
type ExternalClusterProviderVersioningConfiguration struct {
// Versions lists the available versions.
Versions []semver.Semver `json:"versions,omitempty"`
// Default is the default version to offer users.
Default *semver.Semver `json:"default,omitempty"`
// Updates is a list of available upgrades.
Updates []semver.Semver `json:"updates,omitempty"`
}
// Update represents an update option for a user cluster.
type Update struct {
// From is the version from which an update is allowed. Wildcards are allowed, e.g. "1.18.*".
From string `json:"from,omitempty"`
// To is the version to which an update is allowed.
// Must be a valid version if `automatic` is set to true, e.g. "1.20.13".
// Can be a wildcard otherwise, e.g. "1.20.*".
To string `json:"to,omitempty"`
// Automatic controls whether this update is executed automatically
// for the control plane of all matching user clusters.
// ---
//nolint:staticcheck
//lint:ignore SA5008 omitgenyaml is used by the example-yaml-generator
Automatic *bool `json:"automatic,omitempty,omitgenyaml"`
// Automatic controls whether this update is executed automatically
// for the worker nodes of all matching user clusters.
// ---
//nolint:staticcheck
//lint:ignore SA5008 omitgenyaml is used by the example-yaml-generator
AutomaticNodeUpdate *bool `json:"automaticNodeUpdate,omitempty,omitgenyaml"`
}
// Incompatibility represents a version incompatibility for a user cluster.
type Incompatibility struct {
// Provider to which to apply the compatibility check.
// Empty string matches all providers
// +kubebuilder:validation:Enum="";digitalocean;hetzner;azure;vsphere;aws;openstack;packet;gcp;kubevirt;nutanix;alibaba;anexia;fake;vmwareclouddirector
Provider string `json:"provider,omitempty"`
// Version is the Kubernetes version that must be checked. Wildcards are allowed, e.g. "1.25.*".
Version string `json:"version,omitempty"`
// Condition is the cluster or datacenter condition that must be met to block a specific version
Condition ConditionType `json:"condition,omitempty"`
// Operation is the operation triggering the compatibility check (CREATE or UPDATE)
Operation OperationType `json:"operation,omitempty"`
}
// KubermaticVPAConfiguration configures the Kubernetes VPA.
type KubermaticVPAConfiguration struct {
Recommender KubermaticVPAComponent `json:"recommender,omitempty"`
Updater KubermaticVPAComponent `json:"updater,omitempty"`
AdmissionController KubermaticVPAComponent `json:"admissionController,omitempty"`
}
type KubermaticVPAComponent struct {
// DockerRepository is the repository containing the component's image.
DockerRepository string `json:"dockerRepository,omitempty"`
// Resources describes the requested and maximum allowed CPU/memory usage.
Resources corev1.ResourceRequirements `json:"resources,omitempty"`
}
// KubermaticProxyConfiguration can be used to control how the various
// Kubermatic components reach external services / the Internet. These
// settings are reflected as environment variables for the Kubermatic
// pods.
type KubermaticProxyConfiguration struct {
// HTTP is the full URL to the proxy to use for plaintext HTTP
// connections, e.g. "http://internalproxy.example.com:8080".
HTTP string `json:"http,omitempty"`
// HTTPS is the full URL to the proxy to use for encrypted HTTPS
// connections, e.g. "http://secureinternalproxy.example.com:8080".
HTTPS string `json:"https,omitempty"`
// NoProxy is a comma-separated list of hostnames / network masks
// for which no proxy shall be used. If you make use of proxies,
// this list should contain all local and cluster-internal domains
// and networks, e.g. "10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,mydomain".
// The operator will always prepend the following elements to this
// list if proxying is configured (i.e. HTTP/HTTPS are not empty):
// "127.0.0.1/8", "localhost", ".local", ".local.", "kubernetes", ".default", ".svc"
NoProxy string `json:"noProxy,omitempty"`
}
// +kubebuilder:object:generate=true
// +kubebuilder:object:root=true
// KubermaticConfigurationList is a collection of KubermaticConfigurations.
type KubermaticConfigurationList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []KubermaticConfiguration `json:"items"`
}