/
hosted_controlplane.go
285 lines (235 loc) · 11.8 KB
/
hosted_controlplane.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
package v1beta1
import (
corev1 "k8s.io/api/core/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
)
func init() {
SchemeBuilder.Register(&HostedControlPlane{})
SchemeBuilder.Register(&HostedControlPlaneList{})
}
// HostedControlPlane defines the desired state of HostedControlPlane
// +kubebuilder:resource:path=hostedcontrolplanes,shortName=hcp;hcps,scope=Namespaced,categories=cluster-api
// +kubebuilder:storageversion
// +kubebuilder:subresource:status
// +kubebuilder:object:root=true
type HostedControlPlane struct {
metav1.TypeMeta `json:",inline"`
metav1.ObjectMeta `json:"metadata,omitempty"`
Spec HostedControlPlaneSpec `json:"spec,omitempty"`
Status HostedControlPlaneStatus `json:"status,omitempty"`
}
// HostedControlPlaneSpec defines the desired state of HostedControlPlane
type HostedControlPlaneSpec struct {
// ReleaseImage is the release image applied to the hosted control plane.
ReleaseImage string `json:"releaseImage"`
// channel is an identifier for explicitly requesting that a non-default
// set of updates be applied to this cluster. The default channel will be
// contain stable updates that are appropriate for production clusters.
//
// +optional
Channel string `json:"channel,omitempty"`
PullSecret corev1.LocalObjectReference `json:"pullSecret"`
// IssuerURL is an OIDC issuer URL which is used as the issuer in all
// ServiceAccount tokens generated by the control plane API server. The
// default value is kubernetes.default.svc, which only works for in-cluster
// validation.
IssuerURL string `json:"issuerURL"`
// Networking specifies network configuration for the cluster.
// Temporarily optional for backward compatibility, required in future releases.
// +optional
Networking ClusterNetworking `json:"networking,omitempty"`
SSHKey corev1.LocalObjectReference `json:"sshKey"`
// ClusterID is the unique id that identifies the cluster externally.
// Making it optional here allows us to keep compatibility with previous
// versions of the control-plane-operator that have no knowledge of this
// field.
// +optional
ClusterID string `json:"clusterID,omitempty"`
InfraID string `json:"infraID"`
Platform PlatformSpec `json:"platform"`
DNS DNSSpec `json:"dns"`
// ServiceAccountSigningKey is a reference to a secret containing the private key
// used by the service account token issuer. The secret is expected to contain
// a single key named "key". If not specified, a service account signing key will
// be generated automatically for the cluster.
//
// +optional
ServiceAccountSigningKey *corev1.LocalObjectReference `json:"serviceAccountSigningKey,omitempty"`
// ControllerAvailabilityPolicy specifies the availability policy applied to
// critical control plane components. The default value is SingleReplica.
//
// +optional
// +kubebuilder:default:="SingleReplica"
ControllerAvailabilityPolicy AvailabilityPolicy `json:"controllerAvailabilityPolicy,omitempty"`
// InfrastructureAvailabilityPolicy specifies the availability policy applied
// to infrastructure services which run on cluster nodes. The default value is
// SingleReplica.
//
// +optional
// +kubebuilder:default:="SingleReplica"
InfrastructureAvailabilityPolicy AvailabilityPolicy `json:"infrastructureAvailabilityPolicy,omitempty"`
// FIPS specifies if the nodes for the cluster will be running in FIPS mode
// +optional
FIPS bool `json:"fips"`
// KubeConfig specifies the name and key for the kubeconfig secret
// +optional
KubeConfig *KubeconfigSecretRef `json:"kubeconfig,omitempty"`
// Services defines metadata about how control plane services are published
// in the management cluster.
Services []ServicePublishingStrategyMapping `json:"services"`
// AuditWebhook contains metadata for configuring an audit webhook
// endpoint for a cluster to process cluster audit events. It references
// a secret that contains the webhook information for the audit webhook endpoint.
// It is a secret because if the endpoint has MTLS the kubeconfig will contain client
// keys. This is currently only supported in IBM Cloud. The kubeconfig needs to be stored
// in the secret with a secret key name that corresponds to the constant AuditWebhookKubeconfigKey.
// +optional
AuditWebhook *corev1.LocalObjectReference `json:"auditWebhook,omitempty"`
// Etcd contains metadata about the etcd cluster the hypershift managed Openshift control plane components
// use to store data.
Etcd EtcdSpec `json:"etcd"`
// Configuration embeds resources that correspond to the openshift configuration API:
// https://docs.openshift.com/container-platform/4.7/rest_api/config_apis/config-apis-index.html
// +kubebuilder:validation:Optional
Configuration *ClusterConfiguration `json:"configuration,omitempty"`
// ImageContentSources lists sources/repositories for the release-image content.
// +optional
ImageContentSources []ImageContentSource `json:"imageContentSources,omitempty"`
// AdditionalTrustBundle references a ConfigMap containing a PEM-encoded X.509 certificate bundle
// +optional
AdditionalTrustBundle *corev1.LocalObjectReference `json:"additionalTrustBundle,omitempty"`
// SecretEncryption contains metadata about the kubernetes secret encryption strategy being used for the
// cluster when applicable.
// +optional
SecretEncryption *SecretEncryptionSpec `json:"secretEncryption,omitempty"`
// PausedUntil is a field that can be used to pause reconciliation on a resource.
// Either a date can be provided in RFC3339 format or a boolean. If a date is
// provided: reconciliation is paused on the resource until that date. If the boolean true is
// provided: reconciliation is paused on the resource until the field is removed.
// +optional
PausedUntil *string `json:"pausedUntil,omitempty"`
// OLMCatalogPlacement specifies the placement of OLM catalog components. By default,
// this is set to management and OLM catalog components are deployed onto the management
// cluster. If set to guest, the OLM catalog components will be deployed onto the guest
// cluster.
//
// +kubebuilder:default=management
// +optional
// +immutable
OLMCatalogPlacement OLMCatalogPlacement `json:"olmCatalogPlacement,omitempty"`
// Autoscaling specifies auto-scaling behavior that applies to all NodePools
// associated with the control plane.
//
// +optional
Autoscaling ClusterAutoscaling `json:"autoscaling,omitempty"`
// NodeSelector when specified, must be true for the pods managed by the HostedCluster to be scheduled.
//
// +optional
NodeSelector map[string]string `json:"nodeSelector,omitempty"`
}
// AvailabilityPolicy specifies a high level availability policy for components.
type AvailabilityPolicy string
const (
// HighlyAvailable means components should be resilient to problems across
// fault boundaries as defined by the component to which the policy is
// attached. This usually means running critical workloads with 3 replicas and
// with little or no toleration of disruption of the component.
HighlyAvailable AvailabilityPolicy = "HighlyAvailable"
// SingleReplica means components are not expected to be resilient to problems
// across most fault boundaries associated with high availability. This
// usually means running critical workloads with just 1 replica and with
// toleration of full disruption of the component.
SingleReplica AvailabilityPolicy = "SingleReplica"
)
type KubeconfigSecretRef struct {
Name string `json:"name"`
Key string `json:"key"`
}
type ConditionType string
const (
HostedControlPlaneAvailable ConditionType = "Available"
HostedControlPlaneDegraded ConditionType = "Degraded"
EtcdSnapshotRestored ConditionType = "EtcdSnapshotRestored"
CVOScaledDown ConditionType = "CVOScaledDown"
)
// HostedControlPlaneStatus defines the observed state of HostedControlPlane
type HostedControlPlaneStatus struct {
// Ready denotes that the HostedControlPlane API Server is ready to
// receive requests
// This satisfies CAPI contract https://github.com/kubernetes-sigs/cluster-api/blob/cd3a694deac89d5ebeb888307deaa61487207aa0/controllers/cluster_controller_phases.go#L226-L230
// +kubebuilder:validation:Required
// +kubebuilder:default=false
Ready bool `json:"ready"`
// Initialized denotes whether or not the control plane has
// provided a kubeadm-config.
// Once this condition is marked true, its value is never changed. See the Ready condition for an indication of
// the current readiness of the cluster's control plane.
// This satisfies CAPI contract https://github.com/kubernetes-sigs/cluster-api/blob/cd3a694deac89d5ebeb888307deaa61487207aa0/controllers/cluster_controller_phases.go#L238-L252
// +kubebuilder:validation:Required
// +kubebuilder:default=false
Initialized bool `json:"initialized"`
// ExternalManagedControlPlane indicates to cluster-api that the control plane
// is managed by an external service.
// https://github.com/kubernetes-sigs/cluster-api/blob/65e5385bffd71bf4aad3cf34a537f11b217c7fab/controllers/machine_controller.go#L468
// +kubebuilder:default=true
ExternalManagedControlPlane *bool `json:"externalManagedControlPlane,omitempty"`
// ControlPlaneEndpoint contains the endpoint information by which
// external clients can access the control plane. This is populated
// after the infrastructure is ready.
// +kubebuilder:validation:Optional
ControlPlaneEndpoint APIEndpoint `json:"controlPlaneEndpoint,omitempty"`
// OAuthCallbackURLTemplate contains a template for the URL to use as a callback
// for identity providers. The [identity-provider-name] placeholder must be replaced
// with the name of an identity provider defined on the HostedCluster.
// This is populated after the infrastructure is ready.
// +kubebuilder:validation:Optional
OAuthCallbackURLTemplate string `json:"oauthCallbackURLTemplate,omitempty"`
// versionStatus is the status of the release version applied by the
// hosted control plane operator.
// +optional
VersionStatus *ClusterVersionStatus `json:"versionStatus,omitempty"`
// Version is the semantic version of the release applied by
// the hosted control plane operator
//
// Deprecated: Use versionStatus.desired.version instead.
// +kubebuilder:validation:Optional
Version string `json:"version,omitempty"`
// ReleaseImage is the release image applied to the hosted control plane.
//
// Deprecated: Use versionStatus.desired.image instead.
// +optional
ReleaseImage string `json:"releaseImage,omitempty"`
// lastReleaseImageTransitionTime is the time of the last update to the current
// releaseImage property.
//
// Deprecated: Use versionStatus.history[0].startedTime instead.
// +kubebuilder:validation:Optional
LastReleaseImageTransitionTime *metav1.Time `json:"lastReleaseImageTransitionTime,omitempty"`
// KubeConfig is a reference to the secret containing the default kubeconfig
// for this control plane.
KubeConfig *KubeconfigSecretRef `json:"kubeConfig,omitempty"`
// KubeadminPassword is a reference to the secret containing the initial kubeadmin password
// for the guest cluster.
// +optional
KubeadminPassword *corev1.LocalObjectReference `json:"kubeadminPassword,omitempty"`
// Condition contains details for one aspect of the current state of the HostedControlPlane.
// Current condition types are: "Available"
// +optional
Conditions []metav1.Condition `json:"conditions,omitempty"`
// Platform contains platform-specific status of the HostedCluster
// +optional
Platform *PlatformStatus `json:"platform,omitempty"`
}
type APIEndpoint struct {
// Host is the hostname on which the API server is serving.
Host string `json:"host"`
// Port is the port on which the API server is serving.
Port int32 `json:"port"`
}
// +kubebuilder:object:root=true
// HostedControlPlaneList contains a list of HostedControlPlanes.
type HostedControlPlaneList struct {
metav1.TypeMeta `json:",inline"`
metav1.ListMeta `json:"metadata,omitempty"`
Items []HostedControlPlane `json:"items"`
}