-
Notifications
You must be signed in to change notification settings - Fork 11
/
types.go
197 lines (167 loc) · 8.25 KB
/
types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
package v1alpha1
import (
"k8s.io/apimachinery/pkg/api/resource"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
healthcheckconfigv1alpha1 "github.com/gardener/gardener/extensions/pkg/controller/healthcheck/config/v1alpha1"
)
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ControllerConfiguration defines the configuration for the metal provider.
type ControllerConfiguration struct {
metav1.TypeMeta `json:",inline"`
// MachineImages is the list of machine images that are understood by the controller. It maps
// logical names and versions to metal-specific identifiers, i.e. AMIs.
MachineImages []MachineImage `json:"machineImages,omitempty"`
// ETCD is the etcd configuration.
ETCD ETCD `json:"etcd"`
// ClusterAudit is the configuration for cluster auditing.
ClusterAudit ClusterAudit `json:"clusterAudit"`
// AuditToSplunk is the configuration for forwarding audit (and firewall) logs to Splunk.
AuditToSplunk AuditToSplunk `json:"auditToSplunk"`
// Auth is the configuration for metal stack specific user authentication in the cluster.
Auth Auth `json:"auth"`
// AccountingExporter is the configuration for the accounting exporter.
AccountingExporter AccountingExporterConfiguration `json:"accountingExporter,omitempty"`
// HealthCheckConfig is the config for the health check controller
// +optional
HealthCheckConfig *healthcheckconfigv1alpha1.HealthCheckConfig `json:"healthCheckConfig,omitempty"`
// Storage is the configuration for storage.
Storage StorageConfiguration `json:"storage,omitempty"`
// ImagePullSecret provides an opportunity to inject an image pull secret into the resource deployments
ImagePullSecret *ImagePullSecret `json:"imagePullSecret,omitempty"`
}
// MachineImage is a mapping from logical names and versions to GCP-specific identifiers.
type MachineImage struct {
// Name is the logical name of the machine image.
Name string `json:"name"`
// Version is the logical version of the machine image.
Version string `json:"version"`
// Image is the path to the image.
Image string `json:"image"`
}
// ETCD is an etcd configuration.
type ETCD struct {
// ETCDStorage is the etcd storage configuration.
Storage ETCDStorage `json:"storage"`
// ETCDBackup is the etcd backup configuration.
Backup ETCDBackup `json:"backup"`
}
// ETCDStorage is an etcd storage configuration.
type ETCDStorage struct {
// ClassName is the name of the storage class used in etcd-main volume claims.
// +optional
ClassName *string `json:"className,omitempty"`
// Capacity is the storage capacity used in etcd-main volume claims.
// +optional
Capacity *resource.Quantity `json:"capacity,omitempty"`
}
// ETCDBackup is an etcd backup configuration.
type ETCDBackup struct {
// Schedule is the etcd backup schedule.
// +optional
Schedule *string `json:"schedule,omitempty"`
// DeltaSnapshotPeriod is the time for delta snapshots to be made
DeltaSnapshotPeriod *string `json:"deltaSnapshotPeriod,omitempty"`
}
// ClusterAudit is the configuration for cluster auditing.
type ClusterAudit struct {
// Enabled enables collecting of the kube-apiserver audit log.
Enabled bool `json:"enabled"`
}
// AuditToSplunk is the configuration for forwarding audit (and firewall) logs to Splunk.
type AuditToSplunk struct {
// Enabled enables forwarding of the kube-apiserver auditlogto splunk.
Enabled bool `json:"enabled"`
// This defines the default splunk endpoint unless otherwise specified by the cluster user
HECToken string `json:"hecToken"`
Index string `json:"index"`
HECHost string `json:"hecHost"`
HECPort int `json:"hecPort"`
TLSEnabled bool `json:"tlsEnabled"`
HECCAFile string `json:"hecCAFile"`
}
// Auth contains the configuration for metal stack specific user authentication in the cluster.
type Auth struct {
// Enabled enables the deployment of metal stack specific cluster authentication when set to true.
Enabled bool `json:"enabled"`
// ProviderTenant is the name of the provider tenant who has special privileges.
ProviderTenant string `json:"providerTenant"`
}
// AccountingExporterConfiguration contains the configuration for the accounting exporter.
type AccountingExporterConfiguration struct {
// Enabled enables the deployment of the accounting exporter when set to true.
Enabled bool `json:"enabled"`
// NetworkTraffic contains the configuration for accounting network traffic
NetworkTraffic AccountingExporterNetworkTrafficConfiguration `json:"networkTraffic"`
// Client contains the configuration for the accounting exporter client.
Client AccountingExporterClientConfiguration `json:"clientConfig"`
}
// AccountingExporterClientConfiguration contains the configuration for the network traffic accounting.
type AccountingExporterNetworkTrafficConfiguration struct {
// Enabled enables network traffic accounting of the accounting exporter when set to true.
Enabled bool `json:"enabled"`
// InternalNetworks defines the networks for the firewall that are considered internal (which can be accounted differently)
InternalNetworks []string `json:"internalNetworks"`
}
// AccountingExporterClientConfiguration contains the configuration for the accounting exporter client.
type AccountingExporterClientConfiguration struct {
// Hostname is the hostname of the accounting api.
Hostname string `json:"hostname"`
// Port is the port of the accounting api.
Port int `json:"port"`
// CA is the ca certificate used for communicating with the accounting api.
CA string `json:"ca"`
// Cert is the client certificate used for communicating with the accounting api.
Cert string `json:"cert"`
// CertKey is the client certificate key used for communicating with the accounting api.
CertKey string `json:"certKey"`
}
// StorageConfiguration contains the configuration for provider specfic storage solutions.
type StorageConfiguration struct {
// Duros contains the configuration for duros cloud storage
Duros DurosConfiguration `json:"duros"`
}
// DurosConfiguration contains the configuration for lightbits duros storage.
type DurosConfiguration struct {
// Enabled enables duros storage when set to true.
Enabled bool `json:"enabled"`
// PartitionConfig is a map of a partition id to the duros partition configuration
PartitionConfig map[string]DurosPartitionConfiguration `json:"partitionConfig"`
}
// DurosPartitionConfiguration is the configuration for duros for a particular partition
type DurosPartitionConfiguration struct {
// Endpoints is the list of endpoints for the storage data plane and control plane communication
Endpoints []string `json:"endpoints"`
// AdminKey is the key used for generating storage credentials
AdminKey string `json:"adminKey"`
// AdminToken is the token used by the duros-controller to authenticate against the duros API
AdminToken string `json:"adminToken"`
// StorageClasses contain information on the storage classes that the duros-controller creates in the shoot cluster
StorageClasses []DurosSeedStorageClass `json:"storageClasses"`
// APIEndpoint is an optional endpoint used for control plane network communication.
//
// In certain scenarios the data plane network cannot be reached from the duros-controller in the seed
// (i.e. only the shoot is able to reach the storage network).
//
// In these cases, APIEndpoint can be utilized to point to a gRPC proxy such that the storage
// integration can be deployed anyway.
APIEndpoint *string `json:"apiEndpoint,omitempty"`
// APICA is the ca of the client cert to access the grpc-proxy
APICA string `json:"apiCA,omitempty"`
// APICert is the cert of the client cert to access the grpc-proxy
APICert string `json:"apiCert,omitempty"`
// APIKey is the key of the client cert to access the grpc-proxy
APIKey string `json:"apiKey,omitempty"`
}
type DurosSeedStorageClass struct {
// Name is the name of the storage class
Name string `json:"name"`
// ReplicaCount is the amount of replicas in the storage backend for this storage class
ReplicaCount int `json:"replicaCount"`
// Compression enables compression for this storage class
Compression bool `json:"compression"`
}
// ImagePullSecret provides an opportunity to inject an image pull secret into the resource deployments
type ImagePullSecret struct {
// DockerConfigJSON contains the already base64 encoded JSON content for the image pull secret
DockerConfigJSON string `json:"encodedDockerConfigJSON"`
}