From 6220341b4a0b7ccbc549b25935de5bad08c98ecf Mon Sep 17 00:00:00 2001 From: Darren Shepherd Date: Sat, 11 Jul 2020 09:09:37 -0700 Subject: [PATCH] Move rke types from rancher/types to ./types --- generate.go | 7 + scripts/boilerplate.go.txt | 16 + types/backup_types.go | 75 +++ types/doc.go | 3 + types/eventratelimit.go | 85 ++++ types/image/mirror.go | 30 ++ types/kdm/doc.go | 3 + types/kdm/kdm.go | 71 +++ types/rke_types.go | 879 +++++++++++++++++++++++++++++++++ types/update_strategy_types.go | 38 ++ 10 files changed, 1207 insertions(+) create mode 100644 generate.go create mode 100644 scripts/boilerplate.go.txt create mode 100644 types/backup_types.go create mode 100644 types/doc.go create mode 100644 types/eventratelimit.go create mode 100644 types/image/mirror.go create mode 100644 types/kdm/doc.go create mode 100644 types/kdm/kdm.go create mode 100644 types/rke_types.go create mode 100644 types/update_strategy_types.go diff --git a/generate.go b/generate.go new file mode 100644 index 000000000..9e18f7234 --- /dev/null +++ b/generate.go @@ -0,0 +1,7 @@ +// +build vendor + +package main + +import ( + _ "k8s.io/gengo/examples/deepcopy-gen" +) diff --git a/scripts/boilerplate.go.txt b/scripts/boilerplate.go.txt new file mode 100644 index 000000000..115ad2059 --- /dev/null +++ b/scripts/boilerplate.go.txt @@ -0,0 +1,16 @@ +/* +Copyright YEAR Rancher Labs, Inc. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + diff --git a/types/backup_types.go b/types/backup_types.go new file mode 100644 index 000000000..6e1456a68 --- /dev/null +++ b/types/backup_types.go @@ -0,0 +1,75 @@ +package types + +import ( + "github.com/rancher/norman/condition" + v1 "k8s.io/api/core/v1" +) + +const ( + BackupConditionCreated condition.Cond = "Created" + BackupConditionCompleted condition.Cond = "Completed" +) + +type BackupConfig struct { + // Enable or disable recurring backups in rancher + Enabled *bool `yaml:"enabled" json:"enabled,omitempty" norman:"default=true"` + // Backup interval in hours + IntervalHours int `yaml:"interval_hours" json:"intervalHours,omitempty" norman:"default=12"` + // Number of backups to keep + Retention int `yaml:"retention" json:"retention,omitempty" norman:"default=6"` + // s3 target + S3BackupConfig *S3BackupConfig `yaml:",omitempty" json:"s3BackupConfig"` + // replace special characters in snapshot names + SafeTimestamp bool `yaml:"safe_timestamp" json:"safeTimestamp,omitempty"` +} + +type S3BackupConfig struct { + // Access key ID + AccessKey string `yaml:"access_key" json:"accessKey,omitempty"` + // Secret access key + SecretKey string `yaml:"secret_key" json:"secretKey,omitempty" norman:"type=password" ` + // name of the bucket to use for backup + BucketName string `yaml:"bucket_name" json:"bucketName,omitempty"` + // AWS Region, AWS spcific + Region string `yaml:"region" json:"region,omitempty"` + // Endpoint is used if this is not an AWS API + Endpoint string `yaml:"endpoint" json:"endpoint"` + // CustomCA is used to connect to custom s3 endpoints + CustomCA string `yaml:"custom_ca" json:"customCa,omitempty"` + // Folder to place the files + Folder string `yaml:"folder" json:"folder,omitempty"` +} + +type EtcdBackupSpec struct { + // cluster ID + ClusterID string `json:"clusterId,omitempty" norman:"required,type=reference[cluster],noupdate"` + // manual backup flag + Manual bool `yaml:"manual" json:"manual,omitempty"` + // actual file name on the target + Filename string `yaml:"filename" json:"filename,omitempty" norman:"noupdate"` + // backupConfig + BackupConfig BackupConfig `yaml:",omitempty" json:"backupConfig,omitempty" norman:"noupdate"` +} + +type EtcdBackupStatus struct { + Conditions []EtcdBackupCondition `json:"conditions"` + // version of k8s in the backup pulled from rke config + KubernetesVersion string `yaml:"kubernetesVersion" json:"kubernetesVersion,omitempty" norman:"noupdate"` + // json + gzipped + base64 backup of the cluster object when the backup was created + ClusterObject string `yaml:"clusterObject" json:"clusterObject,omitempty" norman:"type=password,noupdate"` +} + +type EtcdBackupCondition struct { + // Type of condition. + Type string `json:"type"` + // Status of the condition, one of True, False, Unknown. + Status v1.ConditionStatus `json:"status"` + // The last time this condition was updated. + LastUpdateTime string `json:"lastUpdateTime,omitempty"` + // Last time the condition transitioned from one status to another. + LastTransitionTime string `json:"lastTransitionTime,omitempty"` + // The reason for the condition's last transition. + Reason string `json:"reason,omitempty"` + // Human-readable message indicating details about last transition + Message string `json:"message,omitempty"` +} diff --git a/types/doc.go b/types/doc.go new file mode 100644 index 000000000..281ef8dd8 --- /dev/null +++ b/types/doc.go @@ -0,0 +1,3 @@ +// +k8s:deepcopy-gen=package + +package types diff --git a/types/eventratelimit.go b/types/eventratelimit.go new file mode 100644 index 000000000..f01f12ed7 --- /dev/null +++ b/types/eventratelimit.go @@ -0,0 +1,85 @@ +/* +Copyright 2017 The Kubernetes Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package types + +import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + +// LimitType is the type of the limit (e.g., per-namespace) +type LimitType string + +const ( + // ServerLimitType is a type of limit where there is one bucket shared by + // all of the event queries received by the API Server. + ServerLimitType LimitType = "Server" + // NamespaceLimitType is a type of limit where there is one bucket used by + // each namespace + NamespaceLimitType LimitType = "Namespace" + // UserLimitType is a type of limit where there is one bucket used by each + // user + UserLimitType LimitType = "User" + // SourceAndObjectLimitType is a type of limit where there is one bucket used + // by each combination of source and involved object of the event. + SourceAndObjectLimitType LimitType = "SourceAndObject" +) + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + +// Configuration provides configuration for the EventRateLimit admission +// controller. +type Configuration struct { + metav1.TypeMeta `json:",inline"` + + // limits are the limits to place on event queries received. + // Limits can be placed on events received server-wide, per namespace, + // per user, and per source+object. + // At least one limit is required. + Limits []Limit `json:"limits"` +} + +// Limit is the configuration for a particular limit type +type Limit struct { + // type is the type of limit to which this configuration applies + Type LimitType `json:"type"` + + // qps is the number of event queries per second that are allowed for this + // type of limit. The qps and burst fields are used together to determine if + // a particular event query is accepted. The qps determines how many queries + // are accepted once the burst amount of queries has been exhausted. + QPS int32 `json:"qps"` + + // burst is the burst number of event queries that are allowed for this type + // of limit. The qps and burst fields are used together to determine if a + // particular event query is accepted. The burst determines the maximum size + // of the allowance granted for a particular bucket. For example, if the burst + // is 10 and the qps is 3, then the admission control will accept 10 queries + // before blocking any queries. Every second, 3 more queries will be allowed. + // If some of that allowance is not used, then it will roll over to the next + // second, until the maximum allowance of 10 is reached. + Burst int32 `json:"burst"` + + // cacheSize is the size of the LRU cache for this type of limit. If a bucket + // is evicted from the cache, then the allowance for that bucket is reset. If + // more queries are later received for an evicted bucket, then that bucket + // will re-enter the cache with a clean slate, giving that bucket a full + // allowance of burst queries. + // + // The default cache size is 4096. + // + // If limitType is 'server', then cacheSize is ignored. + // +optional + CacheSize int32 `json:"cacheSize,omitempty"` +} diff --git a/types/image/mirror.go b/types/image/mirror.go new file mode 100644 index 000000000..6321d12d8 --- /dev/null +++ b/types/image/mirror.go @@ -0,0 +1,30 @@ +package image + +import "strings" + +var Mirrors = map[string]string{} + +func Mirror(image string) string { + orig := image + if strings.HasPrefix(image, "weaveworks") { + return image + } + + image = strings.Replace(image, "gcr.io/google_containers", "rancher", 1) + image = strings.Replace(image, "quay.io/coreos/", "rancher/coreos-", 1) + image = strings.Replace(image, "quay.io/calico/", "rancher/calico-", 1) + image = strings.Replace(image, "plugins/docker", "rancher/plugins-docker", 1) + image = strings.Replace(image, "k8s.gcr.io/defaultbackend", "rancher/nginx-ingress-controller-defaultbackend", 1) + image = strings.Replace(image, "k8s.gcr.io/k8s-dns-node-cache", "rancher/k8s-dns-node-cache", 1) + image = strings.Replace(image, "plugins/docker", "rancher/plugins-docker", 1) + image = strings.Replace(image, "kibana", "rancher/kibana", 1) + image = strings.Replace(image, "jenkins/", "rancher/jenkins-", 1) + image = strings.Replace(image, "alpine/git", "rancher/alpine-git", 1) + image = strings.Replace(image, "prom/", "rancher/prom-", 1) + image = strings.Replace(image, "quay.io/pires", "rancher", 1) + image = strings.Replace(image, "coredns/", "rancher/coredns-", 1) + image = strings.Replace(image, "minio/", "rancher/minio-", 1) + + Mirrors[image] = orig + return image +} diff --git a/types/kdm/doc.go b/types/kdm/doc.go new file mode 100644 index 000000000..562513c4f --- /dev/null +++ b/types/kdm/doc.go @@ -0,0 +1,3 @@ +// +k8s:deepcopy-gen=package + +package kdm diff --git a/types/kdm/kdm.go b/types/kdm/kdm.go new file mode 100644 index 000000000..97b450dfe --- /dev/null +++ b/types/kdm/kdm.go @@ -0,0 +1,71 @@ +package kdm + +import ( + "encoding/json" + + v3 "github.com/rancher/rke/types" +) + +const ( + Calico = "calico" + Canal = "canal" + Flannel = "flannel" + Weave = "weave" + CoreDNS = "coreDNS" + KubeDNS = "kubeDNS" + MetricsServer = "metricsServer" + NginxIngress = "nginxIngress" + Nodelocal = "nodelocal" + TemplateKeys = "templateKeys" +) + +// +k8s:deepcopy-gen=false + +type Data struct { + // K8sVersionServiceOptions - service options per k8s version + K8sVersionServiceOptions map[string]v3.KubernetesServicesOptions + K8sVersionRKESystemImages map[string]v3.RKESystemImages + + // Addon Templates per K8s version ("default" where nothing changes for k8s version) + K8sVersionedTemplates map[string]map[string]string + + // K8sVersionInfo - min/max RKE+Rancher versions per k8s version + K8sVersionInfo map[string]v3.K8sVersionInfo + + //Default K8s version for every rancher version + RancherDefaultK8sVersions map[string]string + + //Default K8s version for every rke version + RKEDefaultK8sVersions map[string]string + + K8sVersionDockerInfo map[string][]string + + // K8sVersionWindowsServiceOptions - service options per windows k8s version + K8sVersionWindowsServiceOptions map[string]v3.KubernetesServicesOptions + + CisConfigParams map[string]CisConfigParams + CisBenchmarkVersionInfo map[string]CisBenchmarkVersionInfo + + // K3S specific data, opaque and defined by the config file in kdm + K3S map[string]interface{} `json:"k3s,omitempty"` +} + +func FromData(b []byte) (Data, error) { + d := &Data{} + + if err := json.Unmarshal(b, d); err != nil { + return Data{}, err + } + return *d, nil +} + +type CisBenchmarkVersionInfo struct { + Managed bool `yaml:"managed" json:"managed"` + MinKubernetesVersion string `yaml:"min_kubernetes_version" json:"minKubernetesVersion"` + SkippedChecks map[string]string `yaml:"skipped_checks" json:"skippedChecks"` + NotApplicableChecks map[string]string `yaml:"not_applicable_checks" json:"notApplicableChecks"` +} + +type CisConfigParams struct { + BenchmarkVersion string `yaml:"benchmark_version" json:"benchmarkVersion"` +} diff --git a/types/rke_types.go b/types/rke_types.go new file mode 100644 index 000000000..db5f70b92 --- /dev/null +++ b/types/rke_types.go @@ -0,0 +1,879 @@ +package types + +import ( + v1 "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + apiserverv1alpha1 "k8s.io/apiserver/pkg/apis/apiserver/v1alpha1" + auditv1 "k8s.io/apiserver/pkg/apis/audit/v1" + apiserverconfig "k8s.io/apiserver/pkg/apis/config" +) + +type RancherKubernetesEngineConfig struct { + // Kubernetes nodes + Nodes []RKEConfigNode `yaml:"nodes" json:"nodes,omitempty"` + // Kubernetes components + Services RKEConfigServices `yaml:"services" json:"services,omitempty"` + // Network configuration used in the kubernetes cluster (flannel, calico) + Network NetworkConfig `yaml:"network" json:"network,omitempty"` + // Authentication configuration used in the cluster (default: x509) + Authentication AuthnConfig `yaml:"authentication" json:"authentication,omitempty"` + // YAML manifest for user provided addons to be deployed on the cluster + Addons string `yaml:"addons" json:"addons,omitempty"` + // List of urls or paths for addons + AddonsInclude []string `yaml:"addons_include" json:"addonsInclude,omitempty"` + // List of images used internally for proxy, cert downlaod and kubedns + SystemImages RKESystemImages `yaml:"system_images" json:"systemImages,omitempty"` + // SSH Private Key Path + SSHKeyPath string `yaml:"ssh_key_path" json:"sshKeyPath,omitempty" norman:"nocreate,noupdate"` + // SSH Certificate Path + SSHCertPath string `yaml:"ssh_cert_path" json:"sshCertPath,omitempty" norman:"nocreate,noupdate"` + // SSH Agent Auth enable + SSHAgentAuth bool `yaml:"ssh_agent_auth" json:"sshAgentAuth"` + // Authorization mode configuration used in the cluster + Authorization AuthzConfig `yaml:"authorization" json:"authorization,omitempty"` + // Enable/disable strict docker version checking + IgnoreDockerVersion *bool `yaml:"ignore_docker_version" json:"ignoreDockerVersion" norman:"default=true"` + // Kubernetes version to use (if kubernetes image is specifed, image version takes precedence) + Version string `yaml:"kubernetes_version" json:"kubernetesVersion,omitempty"` + // List of private registries and their credentials + PrivateRegistries []PrivateRegistry `yaml:"private_registries" json:"privateRegistries,omitempty"` + // Ingress controller used in the cluster + Ingress IngressConfig `yaml:"ingress" json:"ingress,omitempty"` + // Cluster Name used in the kube config + ClusterName string `yaml:"cluster_name" json:"clusterName,omitempty"` + // Cloud Provider options + CloudProvider CloudProvider `yaml:"cloud_provider" json:"cloudProvider,omitempty"` + // kubernetes directory path + PrefixPath string `yaml:"prefix_path" json:"prefixPath,omitempty"` + // Timeout in seconds for status check on addon deployment jobs + AddonJobTimeout int `yaml:"addon_job_timeout" json:"addonJobTimeout,omitempty" norman:"default=30"` + // Bastion/Jump Host configuration + BastionHost BastionHost `yaml:"bastion_host" json:"bastionHost,omitempty"` + // Monitoring Config + Monitoring MonitoringConfig `yaml:"monitoring" json:"monitoring,omitempty"` + // RestoreCluster flag + Restore RestoreConfig `yaml:"restore" json:"restore,omitempty"` + // Rotating Certificates Option + RotateCertificates *RotateCertificates `yaml:"rotate_certificates,omitempty" json:"rotateCertificates,omitempty"` + // DNS Config + DNS *DNSConfig `yaml:"dns" json:"dns,omitempty"` + // Upgrade Strategy for the cluster + UpgradeStrategy *NodeUpgradeStrategy `yaml:"upgrade_strategy,omitempty" json:"upgradeStrategy,omitempty"` +} + +func (r *RancherKubernetesEngineConfig) ObjClusterName() string { + return r.ClusterName +} + +type NodeUpgradeStrategy struct { + // MaxUnavailableWorker input can be a number of nodes or a percentage of nodes (example, max_unavailable_worker: 2 OR max_unavailable_worker: 20%) + MaxUnavailableWorker string `yaml:"max_unavailable_worker" json:"maxUnavailableWorker,omitempty" norman:"min=1,default=10%"` + // MaxUnavailableControlplane input can be a number of nodes or a percentage of nodes + MaxUnavailableControlplane string `yaml:"max_unavailable_controlplane" json:"maxUnavailableControlplane,omitempty" norman:"min=1,default=1"` + Drain bool `yaml:"drain" json:"drain,omitempty"` + DrainInput *NodeDrainInput `yaml:"node_drain_input" json:"nodeDrainInput,omitempty"` +} + +type BastionHost struct { + // Address of Bastion Host + Address string `yaml:"address" json:"address,omitempty"` + // SSH Port of Bastion Host + Port string `yaml:"port" json:"port,omitempty"` + // ssh User to Bastion Host + User string `yaml:"user" json:"user,omitempty"` + // SSH Agent Auth enable + SSHAgentAuth bool `yaml:"ssh_agent_auth,omitempty" json:"sshAgentAuth,omitempty"` + // SSH Private Key + SSHKey string `yaml:"ssh_key" json:"sshKey,omitempty" norman:"type=password"` + // SSH Private Key Path + SSHKeyPath string `yaml:"ssh_key_path" json:"sshKeyPath,omitempty"` + // SSH Certificate + SSHCert string `yaml:"ssh_cert" json:"sshCert,omitempty"` + // SSH Certificate Path + SSHCertPath string `yaml:"ssh_cert_path" json:"sshCertPath,omitempty"` +} + +type PrivateRegistry struct { + // URL for the registry + URL string `yaml:"url" json:"url,omitempty"` + // User name for registry acces + User string `yaml:"user" json:"user,omitempty"` + // Password for registry access + Password string `yaml:"password" json:"password,omitempty" norman:"type=password"` + // Default registry + IsDefault bool `yaml:"is_default" json:"isDefault,omitempty"` +} + +type RKESystemImages struct { + // etcd image + Etcd string `yaml:"etcd" json:"etcd,omitempty"` + // Alpine image + Alpine string `yaml:"alpine" json:"alpine,omitempty"` + // rke-nginx-proxy image + NginxProxy string `yaml:"nginx_proxy" json:"nginxProxy,omitempty"` + // rke-cert-deployer image + CertDownloader string `yaml:"cert_downloader" json:"certDownloader,omitempty"` + // rke-service-sidekick image + KubernetesServicesSidecar string `yaml:"kubernetes_services_sidecar" json:"kubernetesServicesSidecar,omitempty"` + // KubeDNS image + KubeDNS string `yaml:"kubedns" json:"kubedns,omitempty"` + // DNSMasq image + DNSmasq string `yaml:"dnsmasq" json:"dnsmasq,omitempty"` + // KubeDNS side car image + KubeDNSSidecar string `yaml:"kubedns_sidecar" json:"kubednsSidecar,omitempty"` + // KubeDNS autoscaler image + KubeDNSAutoscaler string `yaml:"kubedns_autoscaler" json:"kubednsAutoscaler,omitempty"` + // CoreDNS image + CoreDNS string `yaml:"coredns" json:"coredns,omitempty"` + // CoreDNS autoscaler image + CoreDNSAutoscaler string `yaml:"coredns_autoscaler" json:"corednsAutoscaler,omitempty"` + // Nodelocal image + Nodelocal string `yaml:"nodelocal" json:"nodelocal,omitempty"` + // Kubernetes image + Kubernetes string `yaml:"kubernetes" json:"kubernetes,omitempty"` + // Flannel image + Flannel string `yaml:"flannel" json:"flannel,omitempty"` + // Flannel CNI image + FlannelCNI string `yaml:"flannel_cni" json:"flannelCni,omitempty"` + // Calico Node image + CalicoNode string `yaml:"calico_node" json:"calicoNode,omitempty"` + // Calico CNI image + CalicoCNI string `yaml:"calico_cni" json:"calicoCni,omitempty"` + // Calico Controllers image + CalicoControllers string `yaml:"calico_controllers" json:"calicoControllers,omitempty"` + // Calicoctl image + CalicoCtl string `yaml:"calico_ctl" json:"calicoCtl,omitempty"` + //CalicoFlexVol image + CalicoFlexVol string `yaml:"calico_flexvol" json:"calicoFlexVol,omitempty"` + // Canal Node Image + CanalNode string `yaml:"canal_node" json:"canalNode,omitempty"` + // Canal CNI image + CanalCNI string `yaml:"canal_cni" json:"canalCni,omitempty"` + //CanalFlannel image + CanalFlannel string `yaml:"canal_flannel" json:"canalFlannel,omitempty"` + //CanalFlexVol image + CanalFlexVol string `yaml:"canal_flexvol" json:"canalFlexVol,omitempty"` + //Weave Node image + WeaveNode string `yaml:"weave_node" json:"weaveNode,omitempty"` + // Weave CNI image + WeaveCNI string `yaml:"weave_cni" json:"weaveCni,omitempty"` + // Pod infra container image + PodInfraContainer string `yaml:"pod_infra_container" json:"podInfraContainer,omitempty"` + // Ingress Controller image + Ingress string `yaml:"ingress" json:"ingress,omitempty"` + // Ingress Controller Backend image + IngressBackend string `yaml:"ingress_backend" json:"ingressBackend,omitempty"` + // Metrics Server image + MetricsServer string `yaml:"metrics_server" json:"metricsServer,omitempty"` + // Pod infra container image for Windows + WindowsPodInfraContainer string `yaml:"windows_pod_infra_container" json:"windowsPodInfraContainer,omitempty"` +} + +type RKEConfigNode struct { + // Name of the host provisioned via docker machine + NodeName string `yaml:"nodeName,omitempty" json:"nodeName,omitempty" norman:"type=reference[node]"` + // IP or FQDN that is fully resolvable and used for SSH communication + Address string `yaml:"address" json:"address,omitempty"` + // Port used for SSH communication + Port string `yaml:"port" json:"port,omitempty"` + // Optional - Internal address that will be used for components communication + InternalAddress string `yaml:"internal_address" json:"internalAddress,omitempty"` + // Node role in kubernetes cluster (controlplane, worker, or etcd) + Role []string `yaml:"role" json:"role,omitempty" norman:"type=array[enum],options=etcd|worker|controlplane"` + // Optional - Hostname of the node + HostnameOverride string `yaml:"hostname_override" json:"hostnameOverride,omitempty"` + // SSH usesr that will be used by RKE + User string `yaml:"user" json:"user,omitempty"` + // Optional - Docker socket on the node that will be used in tunneling + DockerSocket string `yaml:"docker_socket" json:"dockerSocket,omitempty"` + // SSH Agent Auth enable + SSHAgentAuth bool `yaml:"ssh_agent_auth,omitempty" json:"sshAgentAuth,omitempty"` + // SSH Private Key + SSHKey string `yaml:"ssh_key" json:"sshKey,omitempty" norman:"type=password"` + // SSH Private Key Path + SSHKeyPath string `yaml:"ssh_key_path" json:"sshKeyPath,omitempty"` + // SSH Certificate + SSHCert string `yaml:"ssh_cert" json:"sshCert,omitempty"` + // SSH Certificate Path + SSHCertPath string `yaml:"ssh_cert_path" json:"sshCertPath,omitempty"` + // Node Labels + Labels map[string]string `yaml:"labels" json:"labels,omitempty"` + // Node Taints + Taints []RKETaint `yaml:"taints" json:"taints,omitempty"` +} + +type K8sVersionInfo struct { + MinRKEVersion string `yaml:"min_rke_version" json:"minRKEVersion,omitempty"` + MaxRKEVersion string `yaml:"max_rke_version" json:"maxRKEVersion,omitempty"` + DeprecateRKEVersion string `yaml:"deprecate_rke_version" json:"deprecateRKEVersion,omitempty"` + + MinRancherVersion string `yaml:"min_rancher_version" json:"minRancherVersion,omitempty"` + MaxRancherVersion string `yaml:"max_rancher_version" json:"maxRancherVersion,omitempty"` + DeprecateRancherVersion string `yaml:"deprecate_rancher_version" json:"deprecateRancherVersion,omitempty"` +} + +type RKEConfigServices struct { + // Etcd Service + Etcd ETCDService `yaml:"etcd" json:"etcd,omitempty"` + // KubeAPI Service + KubeAPI KubeAPIService `yaml:"kube-api" json:"kubeApi,omitempty"` + // KubeController Service + KubeController KubeControllerService `yaml:"kube-controller" json:"kubeController,omitempty"` + // Scheduler Service + Scheduler SchedulerService `yaml:"scheduler" json:"scheduler,omitempty"` + // Kubelet Service + Kubelet KubeletService `yaml:"kubelet" json:"kubelet,omitempty"` + // KubeProxy Service + Kubeproxy KubeproxyService `yaml:"kubeproxy" json:"kubeproxy,omitempty"` +} + +type ETCDService struct { + // Base service properties + BaseService `yaml:",inline" json:",inline"` + // List of etcd urls + ExternalURLs []string `yaml:"external_urls" json:"externalUrls,omitempty"` + // External CA certificate + CACert string `yaml:"ca_cert" json:"caCert,omitempty"` + // External Client certificate + Cert string `yaml:"cert" json:"cert,omitempty"` + // External Client key + Key string `yaml:"key" json:"key,omitempty"` + // External etcd prefix + Path string `yaml:"path" json:"path,omitempty"` + // UID to run etcd container as + UID int `yaml:"uid" json:"uid,omitempty"` + // GID to run etcd container as + GID int `yaml:"gid" json:"gid,omitempty"` + + // Etcd Recurring snapshot Service, used by rke only + Snapshot *bool `yaml:"snapshot" json:"snapshot,omitempty" norman:"default=false"` + // Etcd snapshot Retention period + Retention string `yaml:"retention" json:"retention,omitempty" norman:"default=72h"` + // Etcd snapshot Creation period + Creation string `yaml:"creation" json:"creation,omitempty" norman:"default=12h"` + // Backup backend for etcd snapshots + BackupConfig *BackupConfig `yaml:"backup_config" json:"backupConfig,omitempty"` +} + +type KubeAPIService struct { + // Base service properties + BaseService `yaml:",inline" json:",inline"` + // Virtual IP range that will be used by Kubernetes services + ServiceClusterIPRange string `yaml:"service_cluster_ip_range" json:"serviceClusterIpRange,omitempty"` + // Port range for services defined with NodePort type + ServiceNodePortRange string `yaml:"service_node_port_range" json:"serviceNodePortRange,omitempty" norman:"default=30000-32767"` + // Enabled/Disable PodSecurityPolicy + PodSecurityPolicy bool `yaml:"pod_security_policy" json:"podSecurityPolicy,omitempty"` + // Enable/Disable AlwaysPullImages admissions plugin + AlwaysPullImages bool `yaml:"always_pull_images" json:"alwaysPullImages,omitempty"` + // Secrets encryption provider config + SecretsEncryptionConfig *SecretsEncryptionConfig `yaml:"secrets_encryption_config" json:"secretsEncryptionConfig,omitempty"` + // Audit Log Configuration + AuditLog *AuditLog `yaml:"audit_log" json:"auditLog,omitempty"` + // AdmissionConfiguration + AdmissionConfiguration *apiserverv1alpha1.AdmissionConfiguration `yaml:"admission_configuration" json:"admissionConfiguration,omitempty" norman:"type=map[json]"` + // Event Rate Limit configuration + EventRateLimit *EventRateLimit `yaml:"event_rate_limit" json:"eventRateLimit,omitempty"` +} + +type EventRateLimit struct { + Enabled bool `yaml:"enabled" json:"enabled,omitempty"` + Configuration *Configuration `yaml:"configuration" json:"configuration,omitempty" norman:"type=map[json]"` +} + +type AuditLog struct { + Enabled bool `yaml:"enabled" json:"enabled,omitempty"` + Configuration *AuditLogConfig `yaml:"configuration" json:"configuration,omitempty"` +} + +type AuditLogConfig struct { + MaxAge int `yaml:"max_age" json:"maxAge,omitempty"` + MaxBackup int `yaml:"max_backup" json:"maxBackup,omitempty"` + MaxSize int `yaml:"max_size" json:"maxSize,omitempty"` + Path string `yaml:"path" json:"path,omitempty"` + Format string `yaml:"format" json:"format,omitempty"` + Policy *auditv1.Policy `yaml:"policy" json:"policy,omitempty" norman:"type=map[json]"` +} + +type KubeControllerService struct { + // Base service properties + BaseService `yaml:",inline" json:",inline"` + // CIDR Range for Pods in cluster + ClusterCIDR string `yaml:"cluster_cidr" json:"clusterCidr,omitempty"` + // Virtual IP range that will be used by Kubernetes services + ServiceClusterIPRange string `yaml:"service_cluster_ip_range" json:"serviceClusterIpRange,omitempty"` +} + +type KubeletService struct { + // Base service properties + BaseService `yaml:",inline" json:",inline"` + // Domain of the cluster (default: "cluster.local") + ClusterDomain string `yaml:"cluster_domain" json:"clusterDomain,omitempty"` + // The image whose network/ipc namespaces containers in each pod will use + InfraContainerImage string `yaml:"infra_container_image" json:"infraContainerImage,omitempty"` + // Cluster DNS service ip + ClusterDNSServer string `yaml:"cluster_dns_server" json:"clusterDnsServer,omitempty"` + // Fail if swap is enabled + FailSwapOn bool `yaml:"fail_swap_on" json:"failSwapOn,omitempty"` + // Generate per node kubelet serving certificates created using kube-ca + GenerateServingCertificate bool `yaml:"generate_serving_certificate" json:"generateServingCertificate,omitempty"` +} + +type KubeproxyService struct { + // Base service properties + BaseService `yaml:",inline" json:",inline"` +} + +type SchedulerService struct { + // Base service properties + BaseService `yaml:",inline" json:",inline"` +} + +type BaseService struct { + // Docker image of the service + Image string `yaml:"image" json:"image,omitempty"` + // Extra arguments that are added to the services + ExtraArgs map[string]string `yaml:"extra_args" json:"extraArgs,omitempty"` + // Extra binds added to the nodes + ExtraBinds []string `yaml:"extra_binds" json:"extraBinds,omitempty"` + // this is to provide extra env variable to the docker container running kubernetes service + ExtraEnv []string `yaml:"extra_env" json:"extraEnv,omitempty"` +} + +type NetworkConfig struct { + // Network Plugin That will be used in kubernetes cluster + Plugin string `yaml:"plugin" json:"plugin,omitempty" norman:"default=canal"` + // Plugin options to configure network properties + Options map[string]string `yaml:"options" json:"options,omitempty"` + // Set MTU for CNI provider + MTU int `yaml:"mtu" json:"mtu,omitempty"` + // CalicoNetworkProvider + CalicoNetworkProvider *CalicoNetworkProvider `yaml:"calico_network_provider,omitempty" json:"calicoNetworkProvider,omitempty"` + // CanalNetworkProvider + CanalNetworkProvider *CanalNetworkProvider `yaml:"canal_network_provider,omitempty" json:"canalNetworkProvider,omitempty"` + // FlannelNetworkProvider + FlannelNetworkProvider *FlannelNetworkProvider `yaml:"flannel_network_provider,omitempty" json:"flannelNetworkProvider,omitempty"` + // WeaveNetworkProvider + WeaveNetworkProvider *WeaveNetworkProvider `yaml:"weave_network_provider,omitempty" json:"weaveNetworkProvider,omitempty"` + // NodeSelector key pair + NodeSelector map[string]string `yaml:"node_selector" json:"nodeSelector,omitempty"` + // Network plugin daemonset upgrade strategy + UpdateStrategy *DaemonSetUpdateStrategy `yaml:"update_strategy" json:"updateStrategy,omitempty"` +} + +type AuthWebhookConfig struct { + // ConfigFile is a multiline string that represent a custom webhook config file + ConfigFile string `yaml:"config_file" json:"configFile,omitempty"` + // CacheTimeout controls how long to cache authentication decisions + CacheTimeout string `yaml:"cache_timeout" json:"cacheTimeout,omitempty"` +} + +type AuthnConfig struct { + // Authentication strategy that will be used in kubernetes cluster + Strategy string `yaml:"strategy" json:"strategy,omitempty" norman:"default=x509"` + // List of additional hostnames and IPs to include in the api server PKI cert + SANs []string `yaml:"sans" json:"sans,omitempty"` + // Webhook configuration options + Webhook *AuthWebhookConfig `yaml:"webhook" json:"webhook,omitempty"` +} + +type AuthzConfig struct { + // Authorization mode used by kubernetes + Mode string `yaml:"mode" json:"mode,omitempty"` + // Authorization mode options + Options map[string]string `yaml:"options" json:"options,omitempty"` +} + +type IngressConfig struct { + // Ingress controller type used by kubernetes + Provider string `yaml:"provider" json:"provider,omitempty" norman:"default=nginx"` + // Ingress controller options + Options map[string]string `yaml:"options" json:"options,omitempty"` + // NodeSelector key pair + NodeSelector map[string]string `yaml:"node_selector" json:"nodeSelector,omitempty"` + // Ingress controller extra arguments + ExtraArgs map[string]string `yaml:"extra_args" json:"extraArgs,omitempty"` + // DNS Policy + DNSPolicy string `yaml:"dns_policy" json:"dnsPolicy,omitempty"` + // Extra Env vars + ExtraEnvs []ExtraEnv `yaml:"extra_envs" json:"extraEnvs,omitempty" norman:"type=array[json]"` + // Extra volumes + ExtraVolumes []ExtraVolume `yaml:"extra_volumes" json:"extraVolumes,omitempty" norman:"type=array[json]"` + // Extra volume mounts + ExtraVolumeMounts []ExtraVolumeMount `yaml:"extra_volume_mounts" json:"extraVolumeMounts,omitempty" norman:"type=array[json]"` + // nginx daemonset upgrade strategy + UpdateStrategy *DaemonSetUpdateStrategy `yaml:"update_strategy" json:"updateStrategy,omitempty"` +} + +type ExtraEnv struct { + v1.EnvVar +} + +type ExtraVolume struct { + v1.Volume +} + +type ExtraVolumeMount struct { + v1.VolumeMount +} + +type RKEPlan struct { + // List of node Plans + Nodes []RKEConfigNodePlan `json:"nodes,omitempty"` +} + +type RKEConfigNodePlan struct { + // Node address + Address string `json:"address,omitempty"` + // map of named processes that should run on the node + Processes map[string]Process `json:"processes,omitempty"` + // List of portchecks that should be open on the node + PortChecks []PortCheck `json:"portChecks,omitempty"` + // List of files to deploy on the node + Files []File `json:"files,omitempty"` + // Node Annotations + Annotations map[string]string `json:"annotations,omitempty"` + // Node Labels + Labels map[string]string `json:"labels,omitempty"` + // Node Taints + Taints []RKETaint `json:"taints,omitempty"` +} + +type Process struct { + // Process name, this should be the container name + Name string `json:"name,omitempty"` + // Process Entrypoint command + Command []string `json:"command,omitempty"` + // Process args + Args []string `json:"args,omitempty"` + // Environment variables list + Env []string `json:"env,omitempty"` + // Process docker image + Image string `json:"image,omitempty"` + //AuthConfig for image private registry + ImageRegistryAuthConfig string `json:"imageRegistryAuthConfig,omitempty"` + // Process docker image VolumesFrom + VolumesFrom []string `json:"volumesFrom,omitempty"` + // Process docker container bind mounts + Binds []string `json:"binds,omitempty"` + // Process docker container netwotk mode + NetworkMode string `json:"networkMode,omitempty"` + // Process container restart policy + RestartPolicy string `json:"restartPolicy,omitempty"` + // Process container pid mode + PidMode string `json:"pidMode,omitempty"` + // Run process in privileged container + Privileged bool `json:"privileged,omitempty"` + // Process healthcheck + HealthCheck HealthCheck `json:"healthCheck,omitempty"` + // Process docker container Labels + Labels map[string]string `json:"labels,omitempty"` + // Process docker publish container's port to host + Publish []string `json:"publish,omitempty"` + // docker will run the container with this user + User string `json:"user,omitempty"` +} + +type HealthCheck struct { + // Healthcheck URL + URL string `json:"url,omitempty"` +} + +type PortCheck struct { + // Portcheck address to check. + Address string `json:"address,omitempty"` + // Port number + Port int `json:"port,omitempty"` + // Port Protocol + Protocol string `json:"protocol,omitempty"` +} + +type CloudProvider struct { + // Name of the Cloud Provider + Name string `yaml:"name" json:"name,omitempty"` + // AWSCloudProvider + AWSCloudProvider *AWSCloudProvider `yaml:"awsCloudProvider,omitempty" json:"awsCloudProvider,omitempty"` + // AzureCloudProvider + AzureCloudProvider *AzureCloudProvider `yaml:"azureCloudProvider,omitempty" json:"azureCloudProvider,omitempty"` + // OpenstackCloudProvider + OpenstackCloudProvider *OpenstackCloudProvider `yaml:"openstackCloudProvider,omitempty" json:"openstackCloudProvider,omitempty"` + // VsphereCloudProvider + VsphereCloudProvider *VsphereCloudProvider `yaml:"vsphereCloudProvider,omitempty" json:"vsphereCloudProvider,omitempty"` + // CustomCloudProvider is a multiline string that represent a custom cloud config file + CustomCloudProvider string `yaml:"customCloudProvider,omitempty" json:"customCloudProvider,omitempty"` +} + +type CalicoNetworkProvider struct { + // Cloud provider type used with calico + CloudProvider string `json:"cloudProvider"` +} + +type FlannelNetworkProvider struct { + // Alternate cloud interface for flannel + Iface string `json:"iface"` +} + +type CanalNetworkProvider struct { + FlannelNetworkProvider `yaml:",inline" json:",inline"` +} + +type WeaveNetworkProvider struct { + Password string `yaml:"password,omitempty" json:"password,omitempty" norman:"type=password"` +} + +type KubernetesServicesOptions struct { + // Additional options passed to Etcd + Etcd map[string]string `json:"etcd"` + // Additional options passed to KubeAPI + KubeAPI map[string]string `json:"kubeapi"` + // Additional options passed to Kubelet + Kubelet map[string]string `json:"kubelet"` + // Additional options passed to Kubeproxy + Kubeproxy map[string]string `json:"kubeproxy"` + // Additional options passed to KubeController + KubeController map[string]string `json:"kubeController"` + // Additional options passed to Scheduler + Scheduler map[string]string `json:"scheduler"` +} + +// VsphereCloudProvider options +type VsphereCloudProvider struct { + Global GlobalVsphereOpts `json:"global,omitempty" yaml:"global,omitempty" ini:"Global,omitempty"` + VirtualCenter map[string]VirtualCenterConfig `json:"virtualCenter,omitempty" yaml:"virtual_center,omitempty" ini:"VirtualCenter,omitempty"` + Network NetworkVshpereOpts `json:"network,omitempty" yaml:"network,omitempty" ini:"Network,omitempty"` + Disk DiskVsphereOpts `json:"disk,omitempty" yaml:"disk,omitempty" ini:"Disk,omitempty"` + Workspace WorkspaceVsphereOpts `json:"workspace,omitempty" yaml:"workspace,omitempty" ini:"Workspace,omitempty"` +} + +type GlobalVsphereOpts struct { + User string `json:"user,omitempty" yaml:"user,omitempty" ini:"user,omitempty"` + Password string `json:"password,omitempty" yaml:"password,omitempty" ini:"password,omitempty" norman:"type=password"` + VCenterIP string `json:"server,omitempty" yaml:"server,omitempty" ini:"server,omitempty"` + VCenterPort string `json:"port,omitempty" yaml:"port,omitempty" ini:"port,omitempty"` + InsecureFlag bool `json:"insecure-flag,omitempty" yaml:"insecure-flag,omitempty" ini:"insecure-flag,omitempty"` + Datacenter string `json:"datacenter,omitempty" yaml:"datacenter,omitempty" ini:"datacenter,omitempty"` + Datacenters string `json:"datacenters,omitempty" yaml:"datacenters,omitempty" ini:"datacenters,omitempty"` + DefaultDatastore string `json:"datastore,omitempty" yaml:"datastore,omitempty" ini:"datastore,omitempty"` + WorkingDir string `json:"working-dir,omitempty" yaml:"working-dir,omitempty" ini:"working-dir,omitempty"` + RoundTripperCount int `json:"soap-roundtrip-count,omitempty" yaml:"soap-roundtrip-count,omitempty" ini:"soap-roundtrip-count,omitempty"` + VMUUID string `json:"vm-uuid,omitempty" yaml:"vm-uuid,omitempty" ini:"vm-uuid,omitempty"` + VMName string `json:"vm-name,omitempty" yaml:"vm-name,omitempty" ini:"vm-name,omitempty"` +} + +type VirtualCenterConfig struct { + User string `json:"user,omitempty" yaml:"user,omitempty" ini:"user,omitempty"` + Password string `json:"password,omitempty" yaml:"password,omitempty" ini:"password,omitempty" norman:"type=password"` + VCenterPort string `json:"port,omitempty" yaml:"port,omitempty" ini:"port,omitempty"` + Datacenters string `json:"datacenters,omitempty" yaml:"datacenters,omitempty" ini:"datacenters,omitempty"` + RoundTripperCount int `json:"soap-roundtrip-count,omitempty" yaml:"soap-roundtrip-count,omitempty" ini:"soap-roundtrip-count,omitempty"` +} + +type NetworkVshpereOpts struct { + PublicNetwork string `json:"public-network,omitempty" yaml:"public-network,omitempty" ini:"public-network,omitempty"` +} + +type DiskVsphereOpts struct { + SCSIControllerType string `json:"scsicontrollertype,omitempty" yaml:"scsicontrollertype,omitempty" ini:"scsicontrollertype,omitempty"` +} + +type WorkspaceVsphereOpts struct { + VCenterIP string `json:"server,omitempty" yaml:"server,omitempty" ini:"server,omitempty"` + Datacenter string `json:"datacenter,omitempty" yaml:"datacenter,omitempty" ini:"datacenter,omitempty"` + Folder string `json:"folder,omitempty" yaml:"folder,omitempty" ini:"folder,omitempty"` + DefaultDatastore string `json:"default-datastore,omitempty" yaml:"default-datastore,omitempty" ini:"default-datastore,omitempty"` + ResourcePoolPath string `json:"resourcepool-path,omitempty" yaml:"resourcepool-path,omitempty" ini:"resourcepool-path,omitempty"` +} + +// OpenstackCloudProvider options +type OpenstackCloudProvider struct { + Global GlobalOpenstackOpts `json:"global" yaml:"global" ini:"Global,omitempty"` + LoadBalancer LoadBalancerOpenstackOpts `json:"loadBalancer" yaml:"load_balancer" ini:"LoadBalancer,omitempty"` + BlockStorage BlockStorageOpenstackOpts `json:"blockStorage" yaml:"block_storage" ini:"BlockStorage,omitempty"` + Route RouteOpenstackOpts `json:"route" yaml:"route" ini:"Route,omitempty"` + Metadata MetadataOpenstackOpts `json:"metadata" yaml:"metadata" ini:"Metadata,omitempty"` +} + +type GlobalOpenstackOpts struct { + AuthURL string `json:"auth-url" yaml:"auth-url" ini:"auth-url,omitempty"` + Username string `json:"username" yaml:"username" ini:"username,omitempty"` + UserID string `json:"user-id" yaml:"user-id" ini:"user-id,omitempty"` + Password string `json:"password" yaml:"password" ini:"password,omitempty" norman:"type=password"` + TenantID string `json:"tenant-id" yaml:"tenant-id" ini:"tenant-id,omitempty"` + TenantName string `json:"tenant-name" yaml:"tenant-name" ini:"tenant-name,omitempty"` + TrustID string `json:"trust-id" yaml:"trust-id" ini:"trust-id,omitempty"` + DomainID string `json:"domain-id" yaml:"domain-id" ini:"domain-id,omitempty"` + DomainName string `json:"domain-name" yaml:"domain-name" ini:"domain-name,omitempty"` + Region string `json:"region" yaml:"region" ini:"region,omitempty"` + CAFile string `json:"ca-file" yaml:"ca-file" ini:"ca-file,omitempty"` +} + +type LoadBalancerOpenstackOpts struct { + LBVersion string `json:"lb-version" yaml:"lb-version" ini:"lb-version,omitempty"` // overrides autodetection. Only support v2. + UseOctavia bool `json:"use-octavia" yaml:"use-octavia" ini:"use-octavia,omitempty"` // uses Octavia V2 service catalog endpoint + SubnetID string `json:"subnet-id" yaml:"subnet-id" ini:"subnet-id,omitempty"` // overrides autodetection. + FloatingNetworkID string `json:"floating-network-id" yaml:"floating-network-id" ini:"floating-network-id,omitempty"` // If specified, will create floating ip for loadbalancer, or do not create floating ip. + LBMethod string `json:"lb-method" yaml:"lb-method" ini:"lb-method,omitempty"` // default to ROUND_ROBIN. + LBProvider string `json:"lb-provider" yaml:"lb-provider" ini:"lb-provider,omitempty"` + CreateMonitor bool `json:"create-monitor" yaml:"create-monitor" ini:"create-monitor,omitempty"` + MonitorDelay string `json:"monitor-delay" yaml:"monitor-delay" ini:"monitor-delay,omitempty"` + MonitorTimeout string `json:"monitor-timeout" yaml:"monitor-timeout" ini:"monitor-timeout,omitempty"` + MonitorMaxRetries int `json:"monitor-max-retries" yaml:"monitor-max-retries" ini:"monitor-max-retries,omitempty"` + ManageSecurityGroups bool `json:"manage-security-groups" yaml:"manage-security-groups" ini:"manage-security-groups,omitempty"` +} + +type BlockStorageOpenstackOpts struct { + BSVersion string `json:"bs-version" yaml:"bs-version" ini:"bs-version,omitempty"` // overrides autodetection. v1 or v2. Defaults to auto + TrustDevicePath bool `json:"trust-device-path" yaml:"trust-device-path" ini:"trust-device-path,omitempty"` // See Issue #33128 + IgnoreVolumeAZ bool `json:"ignore-volume-az" yaml:"ignore-volume-az" ini:"ignore-volume-az,omitempty"` +} + +type RouteOpenstackOpts struct { + RouterID string `json:"router-id" yaml:"router-id" ini:"router-id,omitempty"` // required +} + +type MetadataOpenstackOpts struct { + SearchOrder string `json:"search-order" yaml:"search-order" ini:"search-order,omitempty"` + RequestTimeout int `json:"request-timeout" yaml:"request-timeout" ini:"request-timeout,omitempty"` +} + +// AzureCloudProvider options +type AzureCloudProvider struct { + // The cloud environment identifier. Takes values from https://github.com/Azure/go-autorest/blob/ec5f4903f77ed9927ac95b19ab8e44ada64c1356/autorest/azure/environments.go#L13 + Cloud string `json:"cloud" yaml:"cloud"` + // The AAD Tenant ID for the Subscription that the cluster is deployed in + TenantID string `json:"tenantId" yaml:"tenantId"` + // The ID of the Azure Subscription that the cluster is deployed in + SubscriptionID string `json:"subscriptionId" yaml:"subscriptionId"` + // The name of the resource group that the cluster is deployed in + ResourceGroup string `json:"resourceGroup" yaml:"resourceGroup"` + // The location of the resource group that the cluster is deployed in + Location string `json:"location" yaml:"location"` + // The name of the VNet that the cluster is deployed in + VnetName string `json:"vnetName" yaml:"vnetName"` + // The name of the resource group that the Vnet is deployed in + VnetResourceGroup string `json:"vnetResourceGroup" yaml:"vnetResourceGroup"` + // The name of the subnet that the cluster is deployed in + SubnetName string `json:"subnetName" yaml:"subnetName"` + // The name of the security group attached to the cluster's subnet + SecurityGroupName string `json:"securityGroupName" yaml:"securityGroupName"` + // (Optional in 1.6) The name of the route table attached to the subnet that the cluster is deployed in + RouteTableName string `json:"routeTableName" yaml:"routeTableName"` + // (Optional) The name of the availability set that should be used as the load balancer backend + // If this is set, the Azure cloudprovider will only add nodes from that availability set to the load + // balancer backend pool. If this is not set, and multiple agent pools (availability sets) are used, then + // the cloudprovider will try to add all nodes to a single backend pool which is forbidden. + // In other words, if you use multiple agent pools (availability sets), you MUST set this field. + PrimaryAvailabilitySetName string `json:"primaryAvailabilitySetName" yaml:"primaryAvailabilitySetName"` + // The type of azure nodes. Candidate valudes are: vmss and standard. + // If not set, it will be default to standard. + VMType string `json:"vmType" yaml:"vmType"` + // The name of the scale set that should be used as the load balancer backend. + // If this is set, the Azure cloudprovider will only add nodes from that scale set to the load + // balancer backend pool. If this is not set, and multiple agent pools (scale sets) are used, then + // the cloudprovider will try to add all nodes to a single backend pool which is forbidden. + // In other words, if you use multiple agent pools (scale sets), you MUST set this field. + PrimaryScaleSetName string `json:"primaryScaleSetName" yaml:"primaryScaleSetName"` + // The ClientID for an AAD application with RBAC access to talk to Azure RM APIs + // This's used for service principal authentication: https://github.com/Azure/aks-engine/blob/master/docs/topics/service-principals.md + AADClientID string `json:"aadClientId" yaml:"aadClientId"` + // The ClientSecret for an AAD application with RBAC access to talk to Azure RM APIs + // This's used for service principal authentication: https://github.com/Azure/aks-engine/blob/master/docs/topics/service-principals.md + AADClientSecret string `json:"aadClientSecret" yaml:"aadClientSecret" norman:"type=password"` + // The path of a client certificate for an AAD application with RBAC access to talk to Azure RM APIs + // This's used for client certificate authentication: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-service-to-service + AADClientCertPath string `json:"aadClientCertPath" yaml:"aadClientCertPath"` + // The password of the client certificate for an AAD application with RBAC access to talk to Azure RM APIs + // This's used for client certificate authentication: https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-protocols-oauth-service-to-service + AADClientCertPassword string `json:"aadClientCertPassword" yaml:"aadClientCertPassword" norman:"type=password"` + // Enable exponential backoff to manage resource request retries + CloudProviderBackoff bool `json:"cloudProviderBackoff" yaml:"cloudProviderBackoff"` + // Backoff retry limit + CloudProviderBackoffRetries int `json:"cloudProviderBackoffRetries" yaml:"cloudProviderBackoffRetries"` + // Backoff exponent + CloudProviderBackoffExponent int `json:"cloudProviderBackoffExponent" yaml:"cloudProviderBackoffExponent"` + // Backoff duration + CloudProviderBackoffDuration int `json:"cloudProviderBackoffDuration" yaml:"cloudProviderBackoffDuration"` + // Backoff jitter + CloudProviderBackoffJitter int `json:"cloudProviderBackoffJitter" yaml:"cloudProviderBackoffJitter"` + // Enable rate limiting + CloudProviderRateLimit bool `json:"cloudProviderRateLimit" yaml:"cloudProviderRateLimit"` + // Rate limit QPS + CloudProviderRateLimitQPS int `json:"cloudProviderRateLimitQPS" yaml:"cloudProviderRateLimitQPS"` + // Rate limit Bucket Size + CloudProviderRateLimitBucket int `json:"cloudProviderRateLimitBucket" yaml:"cloudProviderRateLimitBucket"` + // Use instance metadata service where possible + UseInstanceMetadata bool `json:"useInstanceMetadata" yaml:"useInstanceMetadata"` + // Use managed service identity for the virtual machine to access Azure ARM APIs + // This's used for managed identity authentication: https://docs.microsoft.com/en-us/azure/active-directory/managed-service-identity/overview + // For user-assigned managed identity, need to set the below UserAssignedIdentityID + UseManagedIdentityExtension bool `json:"useManagedIdentityExtension" yaml:"useManagedIdentityExtension"` + // The Client ID of the user assigned MSI which is assigned to the underlying VMs + // This's used for managed identity authentication: https://docs.microsoft.com/en-us/azure/active-directory/managed-service-identity/overview + UserAssignedIdentityID string `json:"userAssignedIdentityID,omitempty" yaml:"userAssignedIdentityID,omitempty"` + // Maximum allowed LoadBalancer Rule Count is the limit enforced by Azure Load balancer, default(0) to 148 + MaximumLoadBalancerRuleCount int `json:"maximumLoadBalancerRuleCount" yaml:"maximumLoadBalancerRuleCount"` + // Sku of Load Balancer and Public IP: `basic` or `standard`, default(blank) to `basic` + LoadBalancerSku string `json:"loadBalancerSku,omitempty" yaml:"loadBalancerSku,omitempty"` + // Excludes master nodes (labeled with `node-role.kubernetes.io/master`) from the backend pool of Azure standard loadbalancer, default(nil) to `true` + // If want adding the master nodes to ALB, this should be set to `false` and remove the `node-role.kubernetes.io/master` label from master nodes + ExcludeMasterFromStandardLB *bool `json:"excludeMasterFromStandardLB,omitempty" yaml:"excludeMasterFromStandardLB,omitempty"` +} + +// AWSCloudProvider options +type AWSCloudProvider struct { + Global GlobalAwsOpts `json:"global" yaml:"global" ini:"Global,omitempty"` + ServiceOverride map[string]ServiceOverride `json:"serviceOverride,omitempty" yaml:"service_override,omitempty" ini:"ServiceOverride,omitempty"` +} + +type ServiceOverride struct { + Service string `json:"service" yaml:"service" ini:"Service,omitempty"` + Region string `json:"region" yaml:"region" ini:"Region,omitempty"` + URL string `json:"url" yaml:"url" ini:"URL,omitempty"` + SigningRegion string `json:"signing-region" yaml:"signing-region" ini:"SigningRegion,omitempty"` + SigningMethod string `json:"signing-method" yaml:"signing-method" ini:"SigningMethod,omitempty"` + SigningName string `json:"signing-name" yaml:"signing-name" ini:"SigningName,omitempty"` +} + +type GlobalAwsOpts struct { + // TODO: Is there any use for this? We can get it from the instance metadata service + // Maybe if we're not running on AWS, e.g. bootstrap; for now it is not very useful + Zone string `json:"zone" yaml:"zone" ini:"Zone,omitempty"` + + // The AWS VPC flag enables the possibility to run the master components + // on a different aws account, on a different cloud provider or on-premises. + // If the flag is set also the KubernetesClusterTag must be provided + VPC string `json:"vpc" yaml:"vpc" ini:"VPC,omitempty"` + // SubnetID enables using a specific subnet to use for ELB's + SubnetID string `json:"subnet-id" yaml:"subnet-id" ini:"SubnetID,omitempty"` + // RouteTableID enables using a specific RouteTable + RouteTableID string `json:"routetable-id" yaml:"routetable-id" ini:"RouteTableID,omitempty"` + + // RoleARN is the IAM role to assume when interaction with AWS APIs. + RoleARN string `json:"role-arn" yaml:"role-arn" ini:"RoleARN,omitempty"` + + // KubernetesClusterTag is the legacy cluster id we'll use to identify our cluster resources + KubernetesClusterTag string `json:"kubernetes-cluster-tag" yaml:"kubernetes-cluster-tag" ini:"KubernetesClusterTag,omitempty"` + // KubernetesClusterID is the cluster id we'll use to identify our cluster resources + KubernetesClusterID string `json:"kubernetes-cluster-id" yaml:"kubernetes-cluster-id" ini:"KubernetesClusterID,omitempty"` + + //The aws provider creates an inbound rule per load balancer on the node security + //group. However, this can run into the AWS security group rule limit of 50 if + //many LoadBalancers are created. + // + //This flag disables the automatic ingress creation. It requires that the user + //has setup a rule that allows inbound traffic on kubelet ports from the + //local VPC subnet (so load balancers can access it). E.g. 10.82.0.0/16 30000-32000. + DisableSecurityGroupIngress bool `json:"disable-security-group-ingress" yaml:"disable-security-group-ingress" ini:"DisableSecurityGroupIngress,omitempty"` + + //AWS has a hard limit of 500 security groups. For large clusters creating a security group for each ELB + //can cause the max number of security groups to be reached. If this is set instead of creating a new + //Security group for each ELB this security group will be used instead. + ElbSecurityGroup string `json:"elb-security-group" yaml:"elb-security-group" ini:"ElbSecurityGroup,omitempty"` + + //During the instantiation of an new AWS cloud provider, the detected region + //is validated against a known set of regions. + // + //In a non-standard, AWS like environment (e.g. Eucalyptus), this check may + //be undesirable. Setting this to true will disable the check and provide + //a warning that the check was skipped. Please note that this is an + //experimental feature and work-in-progress for the moment. If you find + //yourself in an non-AWS cloud and open an issue, please indicate that in the + //issue body. + DisableStrictZoneCheck bool `json:"disable-strict-zone-check" yaml:"disable-strict-zone-check" ini:"DisableStrictZoneCheck,omitempty"` +} + +type MonitoringConfig struct { + // Monitoring server provider + Provider string `yaml:"provider" json:"provider,omitempty" norman:"default=metrics-server"` + // Metrics server options + Options map[string]string `yaml:"options" json:"options,omitempty"` + // NodeSelector key pair + NodeSelector map[string]string `yaml:"node_selector" json:"nodeSelector,omitempty"` + // Update strategy + UpdateStrategy *DeploymentStrategy `yaml:"update_strategy" json:"updateStrategy,omitempty"` + // Number of monitoring addon pods + Replicas *int32 `yaml:"replicas" json:"replicas,omitempty" norman:"default=1"` +} + +type RestoreConfig struct { + Restore bool `yaml:"restore" json:"restore,omitempty"` + SnapshotName string `yaml:"snapshot_name" json:"snapshotName,omitempty"` +} +type RotateCertificates struct { + // Rotate CA Certificates + CACertificates bool `json:"caCertificates,omitempty"` + // Services to rotate their certs + Services []string `json:"services,omitempty" norman:"type=enum,options=etcd|kubelet|kube-apiserver|kube-proxy|kube-scheduler|kube-controller-manager"` +} + +type DNSConfig struct { + // DNS provider + Provider string `yaml:"provider" json:"provider,omitempty"` + // Upstream nameservers + UpstreamNameservers []string `yaml:"upstreamnameservers" json:"upstreamnameservers,omitempty"` + // ReverseCIDRs + ReverseCIDRs []string `yaml:"reversecidrs" json:"reversecidrs,omitempty"` + // Stubdomains + StubDomains map[string][]string `yaml:"stubdomains" json:"stubdomains,omitempty"` + // NodeSelector key pair + NodeSelector map[string]string `yaml:"node_selector" json:"nodeSelector,omitempty"` + // Nodelocal DNS + Nodelocal *Nodelocal `yaml:"nodelocal" json:"nodelocal,omitempy"` + // Update strategy + UpdateStrategy *DeploymentStrategy `yaml:"update_strategy" json:"updateStrategy,omitempty"` + // Autoscaler fields to determine number of dns replicas + LinearAutoscalerParams *LinearAutoscalerParams `yaml:"linear_autoscaler_params" json:"linearAutoscalerParams,omitempty"` +} + +type Nodelocal struct { + // link-local IP for nodelocal DNS + IPAddress string `yaml:"ip_address" json:"ipAddress,omitempy"` + // Nodelocal DNS daemonset upgrade strategy + UpdateStrategy *DaemonSetUpdateStrategy `yaml:"update_strategy" json:"updateStrategy,omitempty"` + // NodeSelector key pair + NodeSelector map[string]string `yaml:"node_selector" json:"nodeSelector,omitempty"` +} + +// LinearAutoscalerParams contains fields expected by the cluster-proportional-autoscaler https://github.com/kubernetes-incubator/cluster-proportional-autoscaler/blob/0c61e63fc81449abdd52315aa27179a17e5d1580/pkg/autoscaler/controller/linearcontroller/linear_controller.go#L50 +type LinearAutoscalerParams struct { + CoresPerReplica float64 `yaml:"cores_per_replica" json:"coresPerReplica,omitempty" norman:"default=128"` + NodesPerReplica float64 `yaml:"nodes_per_replica" json:"nodesPerReplica,omitempty" norman:"default=4"` + Min int `yaml:"min" json:"min,omitempty" norman:"default=1"` + Max int `yaml:"max" json:"max,omitempty"` + PreventSinglePointFailure bool `yaml:"prevent_single_point_failure" json:"preventSinglePointFailure,omitempty" norman:"default=true"` +} + +type RKETaint struct { + Key string `json:"key,omitempty" yaml:"key"` + Value string `json:"value,omitempty" yaml:"value"` + Effect v1.TaintEffect `json:"effect,omitempty" yaml:"effect"` + TimeAdded *metav1.Time `json:"timeAdded,omitempty" yaml:"timeAdded,omitempty"` +} + +type SecretsEncryptionConfig struct { + // Enable/disable secrets encryption provider config + Enabled bool `yaml:"enabled" json:"enabled,omitempty"` + // Custom Encryption Provider configuration object + CustomConfig *apiserverconfig.EncryptionConfiguration `yaml:"custom_config" json:"customConfig,omitempty" norman:"type=map[json]"` +} + +type File struct { + Name string `json:"name,omitempty"` + Contents string `json:"contents,omitempty"` +} + +type NodeDrainInput struct { + // Drain node even if there are pods not managed by a ReplicationController, Job, or DaemonSet + // Drain will not proceed without Force set to true if there are such pods + Force bool `yaml:"force" json:"force,omitempty"` + // If there are DaemonSet-managed pods, drain will not proceed without IgnoreDaemonSets set to true + // (even when set to true, kubectl won't delete pods - so setting default to true) + IgnoreDaemonSets *bool `yaml:"ignore_daemonsets" json:"ignoreDaemonSets,omitempty" norman:"default=true"` + // Continue even if there are pods using emptyDir + DeleteLocalData bool `yaml:"delete_local_data" json:"deleteLocalData,omitempty"` + //Period of time in seconds given to each pod to terminate gracefully. + // If negative, the default value specified in the pod will be used + GracePeriod int `yaml:"grace_period" json:"gracePeriod,omitempty" norman:"default=-1"` + // Time to wait (in seconds) before giving up for one try + Timeout int `yaml:"timeout" json:"timeout" norman:"min=1,max=10800,default=120"` +} diff --git a/types/update_strategy_types.go b/types/update_strategy_types.go new file mode 100644 index 000000000..417301e2e --- /dev/null +++ b/types/update_strategy_types.go @@ -0,0 +1,38 @@ +package types + +import ( + appsv1 "k8s.io/api/apps/v1" +) + +/* All fields in this file are copied over from apps/v1. Referencing k8s fields caused problems because of the "Type" field in +DeploymentStrategy and DaemonSetUpdateStrategy*/ + +// DeploymentStrategy describes how to replace existing pods with new ones. +type DeploymentStrategy struct { + // Type of deployment. Can be "Recreate" or "RollingUpdate". Default is RollingUpdate. + // +optional + Strategy appsv1.DeploymentStrategyType `json:"strategy,omitempty" protobuf:"bytes,1,opt,name=type,casttype=DeploymentStrategyType"` + + // Rolling update config params. Present only if DeploymentStrategyType = + // RollingUpdate. + //--- + // TODO: Update this to follow our convention for oneOf, whatever we decide it + // to be. + // +optional + RollingUpdate *appsv1.RollingUpdateDeployment `json:"rollingUpdate,omitempty" protobuf:"bytes,2,opt,name=rollingUpdate"` +} + +// DaemonSetUpdateStrategy is a struct used to control the update strategy for a DaemonSet. +type DaemonSetUpdateStrategy struct { + // Type of daemon set update. Can be "RollingUpdate" or "OnDelete". Default is RollingUpdate. + // +optional + Strategy appsv1.DaemonSetUpdateStrategyType `json:"strategy,omitempty" protobuf:"bytes,1,opt,name=type"` + + // Rolling update config params. Present only if type = "RollingUpdate". + //--- + // TODO: Update this to follow our convention for oneOf, whatever we decide it + // to be. Same as Deployment `strategy.rollingUpdate`. + // See https://github.com/kubernetes/kubernetes/issues/35345 + // +optional + RollingUpdate *appsv1.RollingUpdateDaemonSet `json:"rollingUpdate,omitempty" protobuf:"bytes,2,opt,name=rollingUpdate"` +}