-
Notifications
You must be signed in to change notification settings - Fork 11
/
types_cloudprofile.go
120 lines (105 loc) · 4.71 KB
/
types_cloudprofile.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
package metal
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// CloudProfileConfig contains provider-specific configuration that is embedded into Gardener's `CloudProfile`
// resource.
type CloudProfileConfig struct {
metav1.TypeMeta
// MetalControlPlanes is a map of a control plane name to control plane configuration
MetalControlPlanes map[string]MetalControlPlane
}
// MetalControlPlane contains configuration specific for this metal stack control plane
type MetalControlPlane struct {
// Endpoint is the endpoint to the metal-api of the control plane
Endpoint string
// IAMConfig contains the config for all AuthN/AuthZ related components, can be overriden in shoots control plane config
// +optional
IAMConfig *IAMConfig
// Partitions is a map of a region name from the regions defined in the cloud profile to region-specific control plane settings
Partitions map[string]Partition
// FirewallImages is a list of available firewall images in this control plane. When empty, allows all values.
FirewallImages []string
// FirewallControllerVersions is a list of available firewall controller binary versions
FirewallControllerVersions []FirewallControllerVersion
}
// FirewallControllerVersion describes the version of the firewall controller binary
type FirewallControllerVersion struct {
// Version is the version name of the firewall controller
Version string
// URL points to the downloadable binary artifact of the firewall controller
URL string
// Classification defines the state of a version (preview, supported, deprecated)
Classification *VersionClassification
}
// VersionClassification is the logical state of a version according to https://github.com/gardener/gardener/blob/master/docs/operations/versioning.md
type VersionClassification string
const (
// ClassificationPreview indicates that a version has recently been added and not promoted to "Supported" yet.
// ClassificationPreview versions will not be considered for automatic firewallcontroller version updates.
ClassificationPreview VersionClassification = "preview"
// ClassificationSupported indicates that a patch version is the recommended version for a shoot.
// Supported versions are eligible for the automated firewallcontroller version update.
ClassificationSupported VersionClassification = "supported"
// ClassificationDeprecated indicates that a patch version should not be used anymore, should be updated to a new version
// and will eventually expire.
ClassificationDeprecated VersionClassification = "deprecated"
)
// Partition contains configuration specific for this metal stack control plane partition
type Partition struct {
// FirewallTypes is a list of available firewall machine types in this partition. When empty, allows all values.
FirewallTypes []string
}
// IAMConfig contains the config for all AuthN/AuthZ related components
type IAMConfig struct {
IssuerConfig *IssuerConfig
IdmConfig *IDMConfig
GroupConfig *NamespaceGroupConfig
}
// IssuerConfig contains configuration settings for the token issuer.
type IssuerConfig struct {
Url string
ClientId string
}
// IDMConfig contains config for the IDM-System that is used as directory for users and groups
type IDMConfig struct {
Idmtype string
ConnectorConfig *ConnectorConfig
}
// NamespaceGroupConfig for group-rolebinding-controller
type NamespaceGroupConfig struct {
// no action is taken or any namespace in this list
// kube-system,kube-public,kube-node-lease,default
ExcludedNamespaces string
// for each element a RoleBinding is created in any Namespace - ClusterRoles are bound with this name
// admin,edit,view
ExpectedGroupsList string
// Maximum length of namespace-part in clusterGroupname and therefore in the corresponding groupname in the directory.
// 20 chars für AD, given the FITS-naming-conventions
NamespaceMaxLength int
// The created RoleBindings will reference this group (from token).
// oidc:{{ .Namespace }}-{{ .Group }}
ClusterGroupnameTemplate string
// The RoleBindings will created with this name.
// oidc-{{ .Namespace }}-{{ .Group }}
RoleBindingNameTemplate string
}
// ConnectorConfig optional config for the IDM Webhook - if it should be used to automatically create/delete groups/roles in the tenant IDM
type ConnectorConfig struct {
IdmApiUrl string
IdmApiUser string
IdmApiPassword string
IdmSystemId string
IdmAccessCode string
IdmCustomerId string
IdmGroupOU string
IdmGroupnameTemplate string
IdmDomainName string
IdmTenantPrefix string
IdmSubmitter string
IdmJobInfo string
IdmReqSystem string
IdmReqUser string
IdmReqEMail string
}