/
types.go
177 lines (150 loc) · 6.3 KB
/
types.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
package config
import (
"k8s.io/apimachinery/pkg/api/resource"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
healthcheckconfig "github.com/gardener/gardener/extensions/pkg/controller/healthcheck/config"
componentbaseconfig "k8s.io/component-base/config"
)
// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object
// ControllerConfiguration defines the configuration for the metal provider.
type ControllerConfiguration struct {
metav1.TypeMeta
// ClientConnection specifies the kubeconfig file and client connection
// settings for the proxy server to use when communicating with the apiserver.
ClientConnection *componentbaseconfig.ClientConnectionConfiguration
// MachineImages is the list of machine images that are understood by the controller. It maps
// logical names and versions to metal-specific identifiers, i.e. AMIs.
MachineImages []MachineImage
// FirewallInternalPrefixes is a list of prefixes for the firewall-controller
// which will be counted as internal network traffic. this is important for accounting
// networking traffic.
FirewallInternalPrefixes []string
// ETCD is the etcd configuration.
ETCD ETCD
// ClusterAudit is the configuration for cluster auditing.
ClusterAudit ClusterAudit
// AuditToSplunk is the configuration for forwarding audit (and firewall) logs to Splunk.
AuditToSplunk AuditToSplunk
// HealthCheckConfig is the config for the health check controller
HealthCheckConfig *healthcheckconfig.HealthCheckConfig
// Storage is the configuration for storage.
Storage StorageConfiguration
// ImagePullSecret provides an opportunity to inject an image pull secret into the resource deployments
ImagePullSecret *ImagePullSecret
// EgressDestinations is used when the RestrictEgress control plane feature gate is enabled
// and provides additional egress destinations to the kube-apiserver.
//
// It is intended to be configured at least with container registries for the cluster.
EgressDestinations []EgressDest
}
// MachineImage is a mapping from logical names and versions to GCP-specific identifiers.
type MachineImage struct {
// Name is the logical name of the machine image.
Name string
// Version is the logical version of the machine image.
Version string
// Image is the path to the image.
Image string
}
// ETCD is an etcd configuration.
type ETCD struct {
// ETCDStorage is the etcd storage configuration.
Storage ETCDStorage
// ETCDBackup is the etcd backup configuration.
Backup ETCDBackup
}
// ETCDStorage is an etcd storage configuration.
type ETCDStorage struct {
// ClassName is the name of the storage class used in etcd-main volume claims.
ClassName *string
// Capacity is the storage capacity used in etcd-main volume claims.
Capacity *resource.Quantity
}
// ETCDBackup is an etcd backup configuration.
type ETCDBackup struct {
// Schedule is the etcd backup schedule.
Schedule *string
// DeltaSnapshotPeriod is the time for delta snapshots to be made
DeltaSnapshotPeriod *string
}
// ClusterAudit is the configuration for cluster auditing.
type ClusterAudit struct {
// Enabled enables collecting of the kube-apiserver auditlog.
Enabled bool
}
// AuditToSplunk is the configuration for forwarding audit (and firewall) logs to Splunk.
type AuditToSplunk struct {
// Enabled enables forwarding of the kube-apiserver auditlog to splunk.
Enabled bool
// This defines the default splunk endpoint unless otherwise specified by the cluster user
HECToken string
Index string
HECHost string
HECPort int
TLSEnabled bool
HECCAFile string
}
// StorageConfiguration contains the configuration for provider specfic storage solutions.
type StorageConfiguration struct {
// Duros contains the configuration for duros cloud storage
Duros DurosConfiguration
}
// DurosConfiguration contains the configuration for lightbits duros storage.
type DurosConfiguration struct {
// Enabled enables duros storage when set to true.
Enabled bool
// PartitionConfig is a map of a partition id to the duros partition configuration
PartitionConfig map[string]DurosPartitionConfiguration
}
// DurosPartitionConfiguration is the configuration for duros for a particular partition
type DurosPartitionConfiguration struct {
// Endpoints is the list of endpoints for the storage data plane and control plane communication
Endpoints []string
// AdminKey is the key used for generating storage credentials
AdminKey string
// AdminToken is the token used by the duros-controller to authenticate against the duros API
AdminToken string
// StorageClasses contain information on the storage classes that the duros-controller creates in the shoot cluster
StorageClasses []DurosSeedStorageClass
// APIEndpoint is an optional endpoint used for control plane network communication.
//
// In certain scenarios the data plane network cannot be reached from the duros-controller in the seed
// (i.e. only the shoot is able to reach the storage network).
//
// In these cases, APIEndpoint can be utilized to point to a gRPC proxy such that the storage
// integration can be deployed anyway.
APIEndpoint *string
// APICA is the ca of the client cert to access the grpc-proxy
APICA string
// APICert is the cert of the client cert to access the grpc-proxy
APICert string
// APIKey is the key of the client cert to access the grpc-proxy
APIKey string
}
type DurosSeedStorageClass struct {
// Name is the name of the storage class
Name string
// ReplicaCount is the amount of replicas in the storage backend for this storage class
ReplicaCount int
// Compression enables compression for this storage class
Compression bool
// Encryption defines a SC with client side encryption enabled
Encryption bool
}
// ImagePullSecret provides an opportunity to inject an image pull secret into the resource deployments
type ImagePullSecret struct {
// DockerConfigJSON contains the already base64 encoded JSON content for the image pull secret
DockerConfigJSON string
}
type EgressDest struct {
// Description is a description for this egress destination.
Description string
// MatchPattern is the DNS match pattern for this destination. Use either a pattern or a name.
MatchPattern string
// MatchName is the DNS match name for this destination. Use either a pattern or a name.
MatchName string
// Protocol is either TCP or UDP.
Protocol string
// Port is the port for this destination.
Port int
}